Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia P. Industrial Risk Management Dept. of Production Engineering and Management Technical University of Crete (TUC), Chania, Greece TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Purpose Of the Study Development and analysis of an integrated model of Safety Management Systems (SMS) in “Seveso” sites for the control of major-accident hazards involving dangerous substances. Linkage of the events of a Fault Tree to SMS and quantification of SMS performance through measuring reliability and performance of system elements and safety related procedures. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

The SMS elements TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

The SMS factors 30 principal organizational and management factors related to the safety management. 16 organizational factors proposed in nuclear safety research and catalogued in five general categories: 1.decision making 2.communications 3.human resource allocation 4.administrative knowledge 5.Culture 14 management & other organizational factors not in taxonomy on the basis of the most important activities in operations with dangerous substances. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

The SMS factors TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA Organizational factors Decision Making: Centralization (CEN), Goal Prioritization (GP), Problem Identification (PI), Organizational Learning (OL), Resource Allocation (RAL) Communications: Communication (COM) (External, Inter/Intra-departmental) Human Resource Allocation: Quality Assessment (QA)/Perf. Evaluation, Personnel Selection (PS), Technical Knowledge (TK), Training Needs (TN) Administrative Knowledge: Coordination of Work (COR), Formalization (F), Organizational Knowledge (ORK), Roles- Responsibilities (RR) Culture: Ownership (OWN), Time Urgency (TU)

The SMS factors TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA Management & other organizational factors (not in taxonomy) Policy/Goals Available Resources Overall Performance Planned Equipment and Procedure Changes Plant Data/Systems Performance Systems Performance Data Equipment and Structures Monitoring Equipment Performance Corrective Maintenance Preventive Maintenance/Test Risk Assessment Criteria (RAC) Accident Scenarios/Consequences Zones/Risk Evaluation (AS/CZ/RE) Preventive, Control & Mitigation Measures (PCMM) Reliability Data/Systems Performance Data

The model action-flow diagram Representation of SMS elements and factors in a model action-flow diagram using the Structured Analysis and Design Technique (SADT). Interconnections between factors and elements and interrelations between elements can be defined and thus action flows can be delineated. Localization of problem areas, discovery of organizational and management weaknesses of a SMS and user guidance to specific actions. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

The system work-flow loops Sequences of actions related to important safety operations. It is postulated that each loop: –Is closed (starts and ends at the same element) –Has a specified target and is operationally independent from other loops –Is discrete in time with specified duration and operates either in parallel or in series with other loops Under these terms, the loops are bound to consist of factors that connect system elements and to show the logical arrangement of actions that should be performed for the safe operation of the system. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

The system work-flow loops Division of loops in: –“Fast response” loops (i.e. those related to safe operations of processes with dangerous substances) –“Slow response” loops (i.e. those related to implementation of training activities) In order for a loop to be meaningful for safety: –All its factors and procedures should be considered operable and not fail on demand (reliability) –Its target should be met within predetermined period of time (effectiveness) There is always one (or more) “controlling mechanisms” to which reliability and effectiveness of the loop is more sensitive. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Analysis of “Seveso” Sites operations in work-flow loops Analysis of “Seveso” sites safety operations in loops with data from an industrial site in Greece. Analysis of SMS operation considering 15 principal loops necessary for the prevention of accidents involving dangerous substances. Identification of organizational factors as underlying causes of SMS failure and contributing to SMS inefficiency. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Quantification of SMS performance Based on SAM approach (Pate-Cornel & Murphy 1996), SMS reliability is measured by linking the probability of each top event (i.e. release of dangerous substance) to work-flow loops. The events (technical, organizational, managerial) identified in a fault tree of an accident scenario (top event) are assumed to be linked to the SMS. Principal feature of the proposed approach is the use of Minimal Cut Sets (MCS = minimal set of events that lead to the undesired top event). The probability of a MCSk is assumed to be influenced by the actions and procedures of the SMS, found in (j) loops, Bjk. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Quantification of SMS performance TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA If a specific top event F is analyzed using FTA, the probability of that top event P(F) can be described by: Each loop Bjk consists of (i) independent factors Oij in series. The conditional probability of a top event F if a factor Oij fails can be expressed by: Given the condition that each loop is operationally independent from others, the probability of a MCSk can be calculated by:

CASE STUDY TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA In the simplest case of two loops influencing a MCSk, the probability of the MCSk can be estimated by the equation: Assuming that: and the probability of the MCSk can be expressed by:

CASE STUDY TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA To further the analysis, the following cases are examined: –Loop B1 is assumed to be a “fast response” loop and loop B2 a “slow response” loop. In this case the MCSk reliability was found to be determined by the reliability of the “fast response” loop when λB1 < λB2. –Both two loops are assumed to be “fast response” loops (tB1, tB2 → 0). The MCSk reliability is then determined by the reliabilities of both loops for t > tB1, tB2: The quantitative results show that the reliability of a MCSk is mostly controlled by the “fast response” loops (tB  0) and thus safety performance is expected to depend more on “fast response” loops.

CASE STUDY Given the condition that each loop Bj consists of (i) independent factors Oij in series the reliability of a loop can be calculated by multiplying the reliabilities for all factors. Using the reliability expressions for each factor, the reliability of a loop Bj during the time interval (0, t) can be expressed by: TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA where λij = constant failure rate of factor Oij; ti = operational time of factor Oij; and n = total number of factors. The above expression shows that the reliability of a loop is controlled by the factors with short duration (ti → 0) and thus safety performance is expected to depend more on these factors.

Example of a loop for the prevention of fuel release TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

CASE STUDY RESULTS TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA Figure presents MCSk reliability (R) with respect to the reliability of critical loops B1 (Ra) and B2 (Rb) with λB1=0.005 hr -1, tB1=4 hrs, λΒ2=0,01 hr -1 and tB2=100 hrs

Conclusions The model action-flow diagram can be used in its own right as a means of identifying organizational and management weaknesses of a SMS. The analysis of important safety operations in work-flow loops shows the applicability and usefulness of the proposed model. The model can be widely used as a decision support tool for safety critical actions in the SMS of any organization. The linkage of events of a fault tree to the SMS help to discover “controlling” organizational factors in the SMS that affect system performance. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA

Conclusions There are indications that fast safety actions influence more SMS performance. There are indications that the “controlling mechanisms” mostly contributing to SMS failure and SMS inefficiency are factors which achieve their tasks in short time. Proposals to future research: –Application of SMS in other activities involving dangerous substances. –Use of quantitative data for better understanding of the impact of organizational factors on performance and reliability of SMS. TUC PAPADAKIS, KOKKINOS & MACHAIRA SRA-E SEPTEMBER 2006 LJUBLJANA, SLOVENIA