Presentation is loading. Please wait.

Presentation is loading. Please wait.

Major Hazard Facilities Control Measures and Adequacy

Similar presentations

Presentation on theme: "Major Hazard Facilities Control Measures and Adequacy"— Presentation transcript:

1 Major Hazard Facilities Control Measures and Adequacy
All aspects of this training seminar are applicable to new facilities

2 Overview The seminar has been developed to provide:
Context with MHF Regulations An overview of what is required An overview of the steps required Examples of control measures and their adequacy

3 Some Abbreviations and Terms
AFAP - As far as (reasonably) practicable DG - Dangerous goods Employer - Employer who has management control of the facility ER or ERP - Emergency response or Emergency response plan Facility - any building or structure at which Schedule 9 materials are present or likely to be present for any purpose HAZID - Hazard identification HAZOP - Hazard and operability study HSR - Health and safety representative LOC - Loss of containment LOPA - Layers of protection analysis

4 Some Abbreviations and Terms
MHF - Major hazard facility MA - Major accident OHS - Occupational health & safety PFD - Probability of failure on demand PSV – Pressure safety valve SMS - Safety management system

5 Topics Covered In This Presentation
Regulations Introduction Regulatory requirements What does this mean? Identify all control measures Development of assessment Control category and examples Hierarchy of controls AFAP

6 Topics Covered In This Presentation
Effectiveness of control measures Control types Opportunities available to reduce risk Assessment and adequacy Sources of additional information Review and revision

7 Regulations Basic outline Hazard identification (R9.43)
Risk assessment (R9.44) Risk control (i.e. control measures) (R9.45, S9A 210) Safety Management System (R9.46) Safety report (R9.47, S9A 212, 213) Emergency plan (R9.53) Consultation The approaches outlined in this seminar are appropriate and relevant for new facilities

8 The controls preventing or mitigating consequences of an MA
Introduction Hazards causing an MA In order to deliver safe operation the Employer needs to understand the relationship between The controls preventing or mitigating consequences of an MA The controls in place and assess their effectiveness and adequacy Longford incident, 1998

9 Introduction At least 23 workers were killed 74 were injured
$800,000,000 (U.S.) estimated property damage A defective, high pressure, steam boiler ruptured High vibrations were heard just before the boiler ruptured The resultant explosion on rupture damaged nearby vessels containing flammables The flammable loss of containment resulted in further fires and explosions Controls DO fail and the consequences can be devastating (Skikda, Algiers, 20 January, 2004)

10 Introduction Control measures are the features of a facility that:
Eliminate Prevent Reduce Mitigate . . . the risks associated with potential MAs They are the means by which the Employer ensures the operation satisfies the Regulations and the AFAP requirement A number of control options maybe considered and applied individually or in combination

11 Introduction In undertaking control measure identification and assessment, the Employer should seek to attain an understanding of: The processes involved in control measure identification/selection and assessment The control measures used to reduce the risk of potential major accidents to AFAP The use of the control hierarchy suggests that a higher level of protection can be provided that will better ensure that the risk is reduced AFAP.

12 Introduction At the end of the controls and adequacy evaluation process, the Employer should know: The identity of all existing and potential control measures The relationships between the hazards, control measures, MAs and outcomes The effectiveness of control measures in managing risk The opportunities that are available to reduce risk The monitoring regime necessary to ensure the ongoing effectiveness of the control measures

13 Regulation Requirements
After the HAZID and Risk Assessment evaluations, the Employer will have identified all of the hazards that can lead to MAs and the controls in place, including independence, reliability, effectiveness, robustness and applicability A determination of the adequacy of the controls in managing the hazards then needs to be undertaken

14 What Does This Mean? The opportunities present that are available to reduce risk need to be assessed, including additional or alternative controls The monitoring regime necessary to ensure the ongoing effectiveness of the control measures for managing the hazards need to be assessed Control measures and adequacy assessment will need to be revised as necessary, using performance monitoring results and other relevant new information Have all control measures been identified and implemented where practicable? Are the control measures working effectively? What improvements are needed to make the control measures more effective? Other relevant new information would be a review of incidents at the site involving MAs, relevant information from other sites, locally or internationally Review and revision is an ongoing big picture important component of the safety report and it is considered to be an important feedback loop into the safety report.

15 What Does This Mean? Reported incidents by results involving Schedule 9 materials in Victoria (from VWA) 5 10 15 20 25 30 35 40 45 50 Chemical Exposure Environ Release Explosion Fire LOC First Aid Offsite Onsite No of Incidents Petroleum Utilities Logistics Chemicals & Plastics Historical information provides insight into what has previously occurred (referred to as lag indicator). In what are should MHF controls focus most?

16 What Does This Mean? This accident happened during the filling of a 2000 m3 LPG sphere Its legs collapsed. One person was killed and one seriously injured Failure of maintenance and inspection control? Total Fina Elf, Safety Feedback Notice At the time of the accident, the sphere was approximately 80% full of fresh water. The vessels last hydro-test was 10 years ago and the last inspection of its legs was 5 years ago. Severe corrosion of the legs under the concrete fire protection was the main cause. The corrosion occurred due to water ingress between the concrete and the steel legs. The water protective cap located over the concrete was not sufficient to keep the water out. After the accident, it was verified that the steel legs had thickness reductions of up to 8mm, with pitting holes of up to 10cm2. After analysis and tests, it has been found that the following factors caused the collapse: Water caps over the fire-proofing concrete were of poor design thereby letting water penetrate between the steel beams and the concrete. Vertical cracks in the concrete let water in. Repairs had been done to the concrete, but with poor workmanship. The new concrete had not adhered to the old concrete, again letting water in. The deluge system had been tested with salt water, increasing the possibility of corrosion.

17 Identity of All Control Measures
All of the MAs should be documented in an appropriate format that clearly identifies: The MA (the release modes and the consequences of the release) All hazards that, if realised, can cause an MA The controls in place to manage the hazard and any recommended controls as a result of the HAZID process If the Employer is grouping MAs, then the consequences must be similar. Again, a well formatted hazard register can be used to document the controls for each MA.

18 Identity of All Control Measures
Example, consider a chlorine drum handling operation Hazard: Release of chlorine from chlorine storage drum Incident: Forklift tynes impact on chlorine storage drum Consequence: Release of chlorine liquid into storage drum bund resulting in personnel exposure to chlorine liquid/vapour Potential for serious injury/fatality

19 Identity of All Control Measures
Preventative Controls (Incident Prevention) Mitigation Controls (Incident Mitigation) Design of chlorine storage drum and fork lift lifting mechanisms prevent tynes puncturing cylinder (in accordance with an appropriate standard) and inspected regularly Spill containment bunds (reduces the consequences) Traffic management system/forklift or pedestrian exclusion zones Spill containment procedure, chlorine gas detection & alarms (reduces time for intervention thereby reducing consequences) – procedure inspected and found to be satisfactory Forklift driver training – training is held at the prescribed intervals and records inspected are satisfactory PPE including breathing apparatus (reduces the likelihood of exposure to chlorine) – PPE training is held at prescribed intervals and records validated

20 Identity of All Control Measures
Control measures are not only physical equipment, but may include: Engineered devices (physical barriers such as impact protection bollards) or systems (high integrity trip systems) High-level procedures or detailed operating instructions Information systems (incident reporting systems) Personnel training (i.e. the actions people should take in an emergency) Note that in many cases training is not independent of procedures etc so is not a separate control (ie the training just reinforces what you do according to the procedure)

21 Development of Assessment
It is important to understand how controls are arranged in a manner that eliminate or minimise the hazards leading to an MA occurring, and any interdependence Control measures may be pro-active, in that they eliminate, prevent or reduce the likelihood of incidents They may be reactive, in that they reduce or mitigate the consequences of an MA

22 Development of Assessment
Control measures may be considered as “barriers” and are located between the intrinsic hazards that could lead to an MA Control measures can also reduce the harm that may be caused to people and property in the event of an MA Hazards can result in an MA harming people or property only if controls have failed to function as intended, or have been bypassed/defeated

23 Development of Assessment
1st barrier 2nd barrier 3rd barrier

24 Development of Assessment
There are methods for the control assessment process The size, complexity and knowledge of the MHF could determine which approach to use Several methods can be used, e.g.: LOPA Fault tree and event tree Risk matrix

25 Control Measure Hierarchy
The hierarchy of controls & effectiveness guidelines Control type Effectiveness Effectiveness 100% Eliminate Hazard Increasing Reliability Decreasing Reliability 90% Minimize hazard Physical controls 50% Procedures Effectiveness measure is an indication only. Actual effectiveness will depend on many factors. 30% Personnel Skills & Training

26 Control Measure Hierarchy
Elimination/substitution controls Prevention controls Reduction controls Mitigation controls Eliminate – Do we need to use a raw ingredient to the process that is toxic Prevention measures Standards such as Australian Standards are the starting point, not the end point. A corporate engineering standard may require two full size PSVs instead of a single one. Reduction measures – reducing time frame for shut down of a systems after a leak has been detected; improving early detection of a fire scenario and applying fire protection faster Mitigation measure – reduce the severity once the event has occurred. Fire fighting system.

27 Control Measure Hierarchy
Control Category Control Example Elimination controls Equipment removal Physical barriers such as mounding of LPG sphere Decommissioning Facility layout – increasing separation distances Plant design procedures They eliminate the underlying hazard and are therefore the most effective category of control measure. If practicable they should be selected in preference to any other type, as their existence removes the need for other controls.

28 Control Measure Hierarchy
Control Category Control Example Substitution controls Replacement of a hazardous material with a non-hazardous substitute (E.g. Replace chlorine with sodium hypochlorite) Systems to prevent incompatible materials on the site at the same time

29 Control Measure Hierarchy
Control Category Control Example Prevention Process alarms and notification systems Independent flow/level/pressure/temperature indicators with a defined response Engineering standards Safety process systems (safety integrity systems), pressure relief valves These controls are intended to remove certain causes of incidents or reduce their likelihood. The corresponding hazard remains, but the frequency of incidents involving the hazard is lowered. For example the introduction of a regular maintenance programs can prevent the development of hazards Prevention control (active) An active control is required to move from one state to another in response to a change in a measurable process property (for example, temperature or pressure) or a signal from another source (such as a push button or switch) These controls generally comprise: A sensor of some type (instrument, mechanical or human) A decision making process (logic solver, relay, spring) An action (automatic, mechanical or human)

30 Control Measure Hierarchy
Control Category Control Example Prevention Operating procedures and instructions Personnel skill, training and competency Plant inspection Equipment testing and repair Change management process Maintenance procedures Quality specifications Permit to work

31 Control Measure Hierarchy
Control Category Control Example Reduction Separation distances Shutdown and isolation systems Gas detection with leak isolation action Bunding and other containment systems Drainage These are intended to limit the scale and consequence of an incident.

32 Control Measure Hierarchy
Control Category Control Example Mitigation Fire fighting systems Emergency response plans Plant evacuation alarms Passive fire protection (thermal insulation on bullets, spheres) These controls take effect in response to an incident. They are the last line of defence but are very necessary

33 AFAP It is the risk assessment that provides the information necessary to test this requirement, and this information must be included in the safety report The risk assessment must address hazards and risk both individually and cumulatively Consequently the demonstration that risks are eliminated or reduced to AFAP may need to be made for control measures individually, in groups and as a whole AFAP is required by the OHS/MHF regulations. Individual control measures are effective in their own right. Sufficient control measures to reduce the risk of the scenario to AFAP.

34 AFAP The AFAP approach is not simply about satisfying a single criterion of whether the risk of an MA is less than a specific number or position on a risk matrix It is about evaluation of all controls, their proportionality for controlling the risk of an MA occurring and if additional controls can reasonably have an effect on reducing the risk of an MA further In AFAP think most about the controls rather than the risk (e.g. off the risk matrix). The reason the risk might look low on the risk matrix is that it assumes the controls are implemented and effective. What would the risk be if that was not the case?

35 AFAP The likelihood of the hazard or risk actually occurring
That is, the probability that someone could be injured or harmed through the work being done The degree of harm that would result if the hazard or risk occurred For example fatality, multiple injuries, medical or first aid treatment, long or short term health effects The availability and suitability of ways to eliminate or reduce the hazard or risk The risk assessment considers both likelihood and consequence – so by followng a good risk assessment process, you will automatically be making decisions based on both likelihood and consequences (risk) rather than either one alone. It is expected that all available and suitable controls are implemented where practicable.

36 AFAP What is known, or ought reasonably be known, about the hazard or risk and any ways of eliminating or reducing it The cost of eliminating or reducing the hazard or risk That is, control measures should be implemented unless the risk is insignificant compared with the cost of implementing the measures Workshops help to ensure that appropriate knowledge and experience on ways to reduce the risk are considered (So long as the right people are in the workshop) Cost can be a significant factor in the practicability argument. Care should be taken on ruling out control measures on the basis of cost alone. Cost-benefit analysis can be used to help justify rejection of control measures.

37 AFAP The balance between benefits in terms of reduced risk and the costs of further control measures will play a part in achieving and demonstrating AFAP Every safety report will need to develop an approach as to how the AFAP argument is to be applied to the facility The AFAP approach then needs to be applied consistently to every MA in order for demonstration of adequacy to be satisfied

38 AFAP – Cost/Benefit & Rejecting Controls
Low High Benefit (Risk Reduction) Should be implemented. Little analysis required unless rejected. More detailed justification required to reject More detailed justification required to reject (lower priority) Simple justification to reject Sacrifice (cost, time, effort and inconvenience)

39 Effectiveness of Control Measures
There are controls and safeguards A control is considered to be a device, system, or action that is capable of preventing a cause from proceeding to its undesired consequence, independent of the initiating event or the action of any other layer of protection associated with the scenario A safeguard is any device, system or action that would likely interrupt the chain of events following an initiating event It is difficult to quantify the effectiveness of safeguards due to lack of data, uncertainty as to independence or effectiveness or other factors. The distinction between a control and a safeguard is important to understand. In this presentation we shall only be discussing controls. Examples of controls vs safeguards – discuss.

40 Effectiveness of Control Measures
To be considered a control, it must be: Independent Of the components of any other control already claimed for the same scenario Reliable The reliability, effectiveness and independence of a control must be auditable Effective For the initiating event Applicable Preventing the consequences when it functions as designed

41 Effectiveness of Control Measures
As an example, consider an employee action to read a level gauge and a pressure gauge - both taken off the same tapping point Is a single tapping point for two different information streams applicable, independent and reliable? Will the employee reliably report the correct information?

42 Effectiveness of Control Measures
These have been built into a system - but are they: Independent The answer - NO Reliable Effective The controls provided are not independent as it is inappropriate to have a level reading taken off a pressure reading tapping point. They should be taken off two separate tapping points, one where the level can be correctly read and the pressure tapping point taken off at a point where it reads pressure only Applicable

43 Effectiveness of Control Measures
Every designer, Employer and manager desires to have controls that are: Robust Reliable Can survive harsh environments Not dependent upon rigorous inspection and testing regimes that involve manpower and cost Unfortunately this is not reality

44 Effectiveness of Control Measures
Controls do fail and accidents occur as a result Result of a fire at a bulk storage facility – was there adequate separation and fire protection? Presenter to discuss separation distances between tanks. In this fire scenario from Guam, the fire pumps did not operate. Note the total destruction of 3 tanks and serious damage to at least another 2 In an ideal world tanks could be spaced far enough apart so as a tank top fire in one tank will not spread or damage another tank – the escalation hazard could be eliminated from this scenario. In reality there needs to be a compromise as space can be at a premium. The quality, type and reliability of fire protection systems then become important. It is very important to get it right as when a hazard does occur, the results could be very expensive

45 Effectiveness of Control Measures
Impact on: Environment People Business interruption Cost of inventory Reputation Legal cost This is from the Orion refinery crude oil tank fire. The tank is approximately 75m in diameter and it was (at that time) the largest tank fire successfully extinguished. Not the red glow around the circumference on top of the tank shell. Large volume foam cannons were used to extinguish the fire.

46 Effectiveness of Control Measures
A good management system

47 Effectiveness of Control Measures
With adequate risk control measures

48 Effectiveness of Control Measures
Reduces the risk of loss

49 Effectiveness of Control Measures
These controls are important to analyse in a structured manner so that their effectiveness can be assessed For this to occur the Employer needs to know: What type How many How reliable are the controls Are there sufficient to reduce MA risk to AFAP? Each control needs to be fit for purpose and designed into the system as independent

50 Control Types In each evaluation the type of service being evaluated needs to be taken into consideration critically to ensure the control type is effective and will perform its intended duty For example consider an instrumented level gauge with high level and high high level independent alarms for controlling the level in a process tower The alarms are not tested and the high high level is known to be in fault mode Is this control reliable, effective and applicable? Speaker to discuss

51 Control Types Controls need to be service and situation dependent in
order to be suitable For example, having a rupture disc in place where the inlet can foul – in this circumstance the correct pressure will not be seen by the rupture disc Such a control would not be suitable for the service Bund in service for flammable liquid storage tanks which has major penetrations This control would not be suitable as it cannot satisfy AS1940

52 Control Types The following is an animated description of the US Chemical Safety Board, Animation of BP Texas City Refinery Accident, October 27, 2005 This can be found at the following website This presentation last for approximately 7 minutes Invite the audience to comment and discuss the effectiveness of the controls in this situation Emphasise that do not place trust in systems that are not maintained. If it is not maintained then it may as well not be there

53 Control Types – Human Controls
Such controls involve reliance on employees to take action to prevent an undesirable consequence in response to alarms or following a routine check of the system Human performance is usually considered less reliable than engineering controls Not crediting human actions under well defined conditions is considered to be unduly penalising the Employer

54 Control Types – Human Controls
Human controls should have the following requirements: The indication for action required by an employee must be detectable The action must always be: Available for the employee Clear to the employee even under emergency conditions Simple and straight forward to understand Repeatable by any similarly trained/competent employee Procedures available and accessible, adequate time to complete the tasks, training and refresher training completed

55 Control Types – Human Controls
The time available to take action must be adequate Employees should not be expected to perform other tasks at the same time – there needs to be clear priorities The employee is capable of taking the action required under all conditions expected to be reasonably present Training for the required action is performed regularly and is documented Indication and action should normally be independent of any other system already accredited

56 Control Types – Human Controls
Examples of reduction (human) controls Human Control Comments Human action with 10 minutes response time Simple well documented action with clear and reliable indications that action is required Human response to BPCS indication or alarm with 40 minutes response time Human action with 40 minutes response time Simple well documented action with clear and reliable indications that the action is required For example, within 10 minutes of high pressure alarm, technician opens vent valve. Note the time frames quoted are similar. Human factors analysis methods can be used to refine these results further Taken from “Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001”

57 Opportunities Available to Reduce Risk
The effectiveness of control measures in managing risk Each control, to be classified as a legitimate control against an MA (i.e. implemented, functional, independent, monitored and audited) must be evaluated in a structured format To ensure proper management of the MAs, each control must be fully independent of the other controls listed there must be no failure that can deactivate two or more controls (e.g. common cause failure)

58 Opportunities Available to Reduce Risk
The question people ask is, how many controls are required to reduce a MA to AFAP? This will depend on: The circumstances The process being analysed together with the mix of independent controls One approach used is to have a qualitative evaluation that requires three independent controls to be in place before AFAP can be achieved The last comment is just an example of a criteria that may be applied. By no means should this be considered a requirement for every situation.

59 Opportunities Available to Reduce Risk
Risk is based on the following equation: Risk = ∑(Fi x Ci) =(F1 x C1) + (F2 x C2) (Fn x Cn) Where Fi is the Frequency or likelihood of event i, and Ci is the consequence of event i Risk reduction can be implemented by changing either the frequency of the MA occurring or the magnitude of the consequence of the MA For MA scenarios, reducing likelihood is often the only available means to reduce the risk.

60 Opportunities Available to Reduce Risk
For evaluation of control measures, there are several issues that need to be considered Existing MHF Facility During a risk evaluation process for an existing facility, it would be very unusual to achieve a reduction in the worst case consequences of an MA Reducing the frequency or likelihood of the event occurring is generally the only option available The facility is designed to provide chlorine dosing to treat water supplies. Chlorine has been chosen by the water authority for a number of reasons. The chlorine will be a constant in the risk equation as it cannot be eliminated or substituted for an alternative. Thus to reduce the risk (Risk = F x C) the only component of the equation that can be altered is the frequency (F).

61 Opportunities Available to Reduce Risk
New MHF Facility For a new facility, both components of the risk equation can be reduced Several issues can be explored when designing a new facility The first point of examination is to focus on the hierarchy of controls Can we eliminate the hazard so it is not a problem? The second area to examine is substitution Use of alternative non Schedule 9 or DG materials As an example, cooling towers for a plant are being dosed with chlorine. The chlorine can be substituted for sodium hypochlorite, eliminating the chlorine storage and handling hazards. However, care needs to be taken to carefully evaluate the sodium hypochlorite hazards introduced through the substitution. As another example, consider a Greenfield site requiring large fire protection cooling water requirements. Can this need be reduced by looking at facility spacing and interspacing between storage tanks/systems?

62 Opportunities Available to Reduce Risk
Elimination Controls The effectiveness of an elimination control is considered to be 100% The risk from an event occurring is reduced to zero This is the optimal type of control If an Employer cannot reduce the risk to an acceptable level, the feasibility of shutting down plant equipment/processes, substituting non-hazardous substances for hazardous substances should be considered

63 Opportunities Available to Reduce Risk
Prevention controls The effectiveness of prevention controls is based on their Probability to Fail on Demand (PFD) PFDs can be determined from site specific maintenance/inspection data and incident data In the absence of site specific data, PFDs can be referenced from worldwide failure rate data publications such as OREDA, E&P Forum, etc Further references are provided in the Sources of Additional Information section

64 Opportunities Available to Reduce Risk
Reduction controls Assessing the effectiveness of reduction controls is a lot more subjective than assessing the effectiveness of elimination or prevention controls There are many variables that affect the integrity/effectiveness of such controls These cover Reliability of instrumentation Inspection and testing frequency requirements Effectiveness of testing programs and feedback on opportunities for improvement Frequency of training employees

65 Opportunities Available to Reduce Risk
Reduction controls For example, an operating procedure can be a highly effective reduction control provided it is readily available, regularly referenced and frequently reviewed and there is independent verification of its output The same argument holds for a change management process Human factors evaluations should be used to determine the reliability of an operating procedure if it is critical to the activity In specific circumstances, operating procedures and training maybe the only controls which are feasible to satisfy AFAP. This is particularly relevant to operations which are batch activities and undertaken relatively infrequently such as ordnance manufacturing. Audience invited to provide further examples. Where procedures or human factors controls are the only type available, detailed human factors analysis should be seriously considered.

66 Opportunities Available to Reduce Risk
Training/competency controls The effectiveness of training controls is not easily assessed Training programs that are: Specific to the task at hand Competency assessed Revisited via re-fresher training courses Are likely to be highly effective with confirmation being available through human factors evaluations Training controls are based on a specific action being taken when it is supposed to be taken. Normally training is not considered as a control. It is a requirement to ensure the effectiveness of procedural or human factors controls is maintained.

67 Opportunities Available to Reduce Risk
Where elimination or substitution cannot be achieved then a combination of controls is preferred This provides a balance The failure of a single control should not lead to the MA occurring Diversity. Not reliance on a single type of control.

68 Assessment and Adequacy
There are a number of approaches that can be used to undertake an assessment of an MA’s controls to determine if the AFAP argument is satisfied These include LOPA Fault and event tree analysis Risk analysis using a matrix approach The approach to use will depend on the complexity of the MA and the culture of the organisation

69 Assessment and Adequacy
Less complex and smaller operations could use a risk matrix type approach A more complex operation such as a refinery or gas processing plant could use all three approaches When determining effectiveness of control measures, the following issues will also need to be considered: Independence Functionality Survivability Reliability Availability Speaker to emphasise this is not the only approach

70 Assessment and Adequacy
Cost benefit analyses can be undertaken to determine the viability of each proposed recommendation for further risk reduction This is a valid approach and at some point, depending on the circumstances involved, the cost of reducing risk further becomes costly compared to the benefit gained Controls that are rejected need to be documented including the reason why The definition of a “critical control” is hard to define as various interpretations can be provided This could, in some circumstances, skew thinking to the detriment of other controls For the purpose of MA controls and adequacy evaluation, all controls that prevent or minimise the potential for an MA to occur should be appropriately evaluated It is acknowledged that as a LOPA assessment, if a control is given a three orders of magnitude reduction, such a control will be perceived more important than a control which is only given one order of magnitude reduction. On balance this could be perceived as more important than others. However, all controls that maintain an MA to AFAP are all important and should be treated this way accordingly. The proportionality of controls is also to be kept in perspective.

71 Assessment and Adequacy
In essence there will have been a determination made on every MA covering: What controls are in place? What other controls are in place? Is there only one control in place or is there a proportionality of controls available to achieve AFAP? Is the risk adequately controlled? Are additional controls required?

72 Assessment and Adequacy
Are they effective? Would alternative controls be more suitable and effective for preventing or reducing the MA? What testing regime is required for maintaining the control performance? Is the testing regime adequate for every control? For example, if some controls are tested every 12 months, what improvement would there be if testing was undertaken every 3 months? It is acknowledged there will be a trade off between cost of testing and any benefit, together with any increase of risk due to human error whilst testing (revealed and unrevealed failure potential)

73 Assessment and Adequacy
Are the controls audited and their performance evaluated against appropriate criteria? How are failures reported? What is the corrective action process in place? Is there verification of the entire process?

74 Assessment and Adequacy
A safety management process will need to be developed for the facility (i.e. SMS) This will enable the performance of all control measures for every MA to be evaluated for effectiveness and opportunities for improvement identified

75 Sources of Additional Information
Major Hazard Facility Guidance Material – Comcare website WorkSafe Victoria Guidance Material – WorkSafe website Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001 Hazard Identification and Risk Assessment, Geoff Wells, 1996 Classification of Hazardous Locations, A.W. Cox, F.P. Lees and M.L. Ang, IChemE, 1993 The information list is not exhaustive however it does contain the major references that an experienced person would use.

76 Sources of Additional Information
Guidelines for Process Equipment Reliability Data, Center for Chemical Process Safety of the American Institute of Chemical Engineers, 1989 Loss Prevention in the Process Industries , F. P. Lees, Appendix 14/5, 2nd Edition, Butterworth Heinemann IEC Ed. 1.0 E Functional safety - Safety instrumented systems for the process industry

77 Questions?

Download ppt "Major Hazard Facilities Control Measures and Adequacy"

Similar presentations

Ads by Google