810 likes | 999 Views
Major Hazard Facilities Major Accident Identification and Risk Assessment. Overview. This seminar has been developed in the context of the MHF regulations to provide: An overview of MA identification and risk assessment The steps required for MA recording
E N D
Major Hazard FacilitiesMajor Accident Identification and Risk Assessment
Overview • This seminar has been developed in the context of the MHF regulations to provide: • An overview of MA identification and risk assessment • The steps required for MA recording • Examples of major accidents identified • The steps required for a risk assessment • Examples of risk assessment formats
Some Abbreviations and Terms • AFAP - As far as (reasonably) practicable • BLEVE – Boiling liquid expanding vapour explosion • BPCS – Basic process control system • DG - Dangerous goods • Employer - Employer who has management control of the facility • Facility - any building or structure which is classified as an MHF under the regulations • HAZID - Hazard identification • HSR - Health and safety representative • LOC - Loss of containment • LOPA – Layers of protection analysis • MHF - Major hazard facility • MA - Major accident • SIS – Safety instrumented system
Topics Covered In This Presentation • Regulations • Definition - Major accident (MA) • MA identification issues • Approaches to MA identification • MA recording • Pitfalls
Topics Covered In This Presentation • Definition of a risk assessment • Approaches • Risk assessment • Likelihood assessment • Consequences • Risk evaluation and assessment • Summary • Sources of additional information • Review and revision
Regulations Occupational Health and Safety (Safety Standards) Regulations 1994 • Hazard identification (R9.43) • Risk assessment (R9.44) • Risk control (i.e. control measures) (R9.45, S9A 210) • Safety Management System (R9.46) • Safety report (R9.47, S9A 212, 213) • Emergency plan (R9.53) • Consultation
Regulations Occupational Health and Safety (Safety Standards) Regulations 1994 • All reasonably foreseeable hazards at the MHF that may cause a major accident; and • The kinds of major accidents that may occur at the MHF, the likelihood of a major accident occurring and the likely consequences of a major accident. Regulation 9.43 (Hazard identification) states: The employer must identify, in consultation with employees, contractors (as far as is practicable) and HSRs:
Regulations Occupational Health and Safety (Safety Standards) Regulations 1994 Regulation 9.44 (Risk assessment) states: If a hazard or kind of major accident at the MHF is identified under regulation 9.43, the employer must ensure that any risks associated with the hazard or major accident are assessed, in consultation with employees, contractors (as far as is practicable) and HSRs. The employer must ensure that the risk assessment is reviewed: • Within 5 years after the assessment is carried out, and afterwards at intervals of not more than 5 years; and • Before a modification is made to the MHF that may significantly change a risk identified under regulation 9.43; and • When developments in technical knowledge or the assessment of hazards and risks may affect the method at the MHF for assessing hazards and risks; and • If a major accident occurs at the MHF.
Regulations Occupational Health and Safety (Safety Standards) Regulations 1994 Regulation 9.45 (Risk control) states: The employer must, in consultation with employees, contractors (as far as is practicable) and HSRs, ensure that any risk associated with a hazard at the MHF is: • eliminated; or • If it is not practicable to eliminate the risk – reduced as far as practicable. The employer must: • Implement measures at the MHF to minimise the likelihood of a major accident occurring; and • Implement measures to limit the consequences of a major accident if it occurs; and • Protect relevant persons, an at-risk community, and the built and natural environment surrounding the MHF, by establishing an emergency plan and procedures in accordance with regulation 9.53.
Definition Major Accident A major accident is defined in the Regulations as: A sudden occurrence at the facility causing serious danger or harm to: • A relevant person or • An at-risk community or • Property or • The environment whether the danger or harm occurs immediately or at a later time
MA Identification Issues • Unless ALL possible MAs are identified then causal and contributory hazards may be overlooked and risks will not be accurately assessed • Likewise, controls cannot be identified and assessed • Identification of MAs must assume control measures are absent/unavailable/not functional That is: WHAT COULD HAPPEN IF CONTROL MEASURES WERE NOT APPLIED AND MAINTAINED ?
MA Identification Issues MAs can be identified in three different areas These are: • Process MAs • MAs arising from concurrent activities • Non-process MAs
MA Identification Issues Process MAs • These are MAs caused by hazards which are associated with upsets in the process, or failure of equipment in the process, etc MAs arising from concurrent activities • Typical concurrent operations which must be considered are: • Major shutdowns/start ups • Other activity on site • Activities adjacent to the facility
MA Identification Issues Non-Process MAs • MAs created by non-process hazards that could cause release of Schedule 9 materials • Non-process hazards may typically include the following: aircraft crashing; dropped objects; extreme environmental conditions (earthquake, cyclone, high winds, lightning); non-process fires (e.g. bush fire); vehicles and road transport; heat stress
MA Identification Issues • Collate appropriate • Facility information • Incident data/histories • To ensure a thorough understanding of : • The nature of the facility • Its environment • Its materials • Its processes
MA Identification Issues • Develop/select a structured method for determining what types of MA can occur: • Loss of containment • Fire • Explosion • Release of stored energy • Where they can occur • Under what circumstances • Define and document any restrictions applied to the above
MA Identification – Tools Usage Examples of tools which might be used include: • Analysis of Schedule 9 materials and DG properties • Use of HAZID techniques • Review of existing hazard identification or risk assessment studies • Analysis of incident history – local, industry, company and applicable global experience
Approach to MA Identification • It may be efficient to treat similar equipment items handling the same Schedule 9 materials together - as often they have similar hazards and controls • Further, to ensure correct mitigation analysis, the equipment grouped together should contain similar materials at similar process conditions, resulting in similar consequences on release
Approach to MA Identification • For consistency of analysis, all MAs should be defined in terms of an initial energy release event • This can be characterised as a loss of control of the Schedule 9 material • As an example, in the case of a hydrocarbon release from one vessel leading to a jet fire that subsequently causes a BLEVE in a second vessel, the MA should be defined in terms of the initial hydrocarbon release from the first vessel
Approach to MA Identification • Review HAZID studies to identify initiating events for each MA • Review to ensure all hazards have been identified • Special checklists should be developed to assist with this process • Further hazards may be identified from: • Discussions with appropriate subject experts • Review of incident data • Review of the records from a similar system
MA Recording • A structured approach is important • It can then link equipment management strategies and systems • Record the key outputs in a register For each MA, the register should record the following information: • Equipment that comprises the MA • Group similar items into one MA • Description • Consequences
MA Recording • Consider all Schedule 9 materials - regardless of quantity • Screen out incidents that do not pose a serious danger or harm to personnel, the community, the environment or property • Screening should only be on the basis of consequence not likelihood • i.e. Events should not be screened out on the basis of likelihood or control measures being active • Consequence modelling should be used as justification for screening decisions • External influences need to be considered, for example, potential for a power failure to cause a plant upset leading to an MA
Example – MA Recording The following are examples of MA recording details
What is Risk? • Regulatory definition (per Part 20 of the Occupational Health and Safety (Safety Standards) Regulations 1994) : “Risk means the probability and consequences of occurrence of injury or illness” • AS/NZS 4360 (Risk Management Standard) “the chance of something happening that will have an impact on objectives” • Risk combines the consequence and the likelihood • RISK = CONSEQUENCE x LIKELIHOOD
Risk Assessment Definition • Any analysis or investigation that contributes to understanding of any or all aspects of the risk of major accidents, including their: • Causes • Likelihood • Consequences • Means of control • Risk evaluation
The Risk Assessment Should… • Ensure a comprehensive and detailed understanding of all aspects for all major accidents and their causes • Be a component of the demonstration of adequacy required in the safety report - e.g. by evaluating the effects of a range of control measures and provide a basis for selection/rejection of measures
Approach • The MHF Regulations respond to this by requiring comprehensive and systematic identification and assessment of hazards • HAZID and Risk Assessment must have participation by employees, as they have important knowledge to contribute together with important learnings • These employees MAY BE the HSRs, but DO NOT HAVE TO BE • However, the HSRs should be consulted in selection of appropriate participants in the process
Hazard Identification Qualitative Assessment Detailed Studies Quantitative Risk Assessment Asset Integrity Studies Likelihood Analysis Consequence Analysis Human Factors Studies Plant Condition Analysis Technology Studies Approach Types of Risk Assessment
Causes • From the HAZID and MA evaluation process, pick an MA for evaluation • From the hazard register, retrieve all the hazards that can lead to the MA being realised • In a structured approach, list all of the controls currently in place to prevent each of the hazards that lead to the MA being realised • Examine critically all of the controls currently in place designed to prevent the hazard being realised
Causes • As an example, from hazard register, MA - A26 Ignition of materials (MA - A26)
Hazard Scenario 1 Ignition of materials (MA - A26) Hazard Scenario 2 Hazard Scenario 3, etc Causes List all possible causes of the accident (identified during HAZID study)
Hazard Scenario 1 Prevention control C1-1 Prevention control C1-2 Ignition of materials (MA - A26) Hazard Scenario 2 Prevention control C2-1 Prevention control C3-1 Hazard Scenario 3, etc Causes List all prevention controls for the accident (identified during HAZID study)
Likelihood Assessment • Likelihood analysis can involve a range of approaches, depending on the organisation’s knowledge, data recording systems and culture • This knowledge can range from: • In-house data - existing data recording systems and operational experience • Reviewing external information from failure rate data sources • Both are valid, however, the use of in-house data can provide added value as it is reflective of the management approaches and systems in place
Likelihood Assessment • A “Likelihood” is an expression of the chance of something happening in the future - e.g. Catastrophic vessel failure, one chance in a million per year (1 x 10-6/year) • “Frequency” is similar to likelihood, but refers to historical data on actual occurrences
Likelihood Assessment Likelihood Analysis can use: • Historical • Site historical data • Generic failure rate data • Assessment • Workshops (operators and maintenance personnel) • Fault trees • Event trees • Assessment of human error
Likelihood Assessment – Qualitative Approach • A qualitative approach can be used for assessment of likelihood • This is based upon agreed scales for interpretation purposes and for ease of consistency • For example, reducing orders of magnitude of occurrence • It also avoids the sometimes more complicated issue of using frequency numbers, which can be difficult on occasions for people to interpret
Likelihood Assessment – Fault Trees • A fault tree is a graphical representation of the logical relationship between a particular system, accident or other undesired event, typically called the top event, and the primary cause events • In a fault tree analysis the state of the system is to find and evaluate the mechanisms influencing a particular failure scenario
Likelihood Assessment – Fault Trees • A fault tree is constructed by defining a top event and then defining the cause events and the logical relations between these cause events • This is based on: • Equipment failure rates • Design and operational error rates • Human errors • Analysis of design safety systems and their intended function
Process vessel over pressured AND Pressure rises PSV does not relieve AND OR Process pressure rises Control fails high Set point too high Fouling inlet or outlet PSV too small PSV stuck closed Likelihood Assessment – Fault Trees Example
Likelihood Assessment – Generic Failure Rate Data • This information can be obtained from: • American Institute of Chemical Engineers Process Equipment Reliability Data • Loss Prevention in the Process Industries • E&P Forum • UK Health and Safety Executive data • and other published reports (Refer to Sources of Additional Information slides for references)
Likelihood Assessment – Human Error • Human error needs to be considered in any analysis of likelihood of failure scenarios • The interaction between pending failure scenarios, actions to be taken by people and the success of those actions needs to be carefully evaluated in any safety assessment evaluation • Some key issues of note include: • Identifying particular issue • Procedures developed for handling the issue • Complexity of thought processing information required
Likelihood Assessment – Event Trees • Used to determine the likelihood of potential consequences after the hazard has been realised • It starts with a particular event and then defines the possible consequences which could occur • Each branching point on the tree represents a controlling point, incorporating the likelihood of success or failure, leading to specific scenarios • Such scenarios could be: • Fire • Explosion • Toxic gas cloud • Information can then used to estimate the frequency of the outcome for each scenario
Likelihood Assessment – Event Trees Event tree example – LPG Pipeline Release
Consequences • Most scenarios will involve at least one of the following outcomes: • Loss of containment • Reactive chemistry • Injury/illness • Facility reliability • Community impacts • Moving vehicle incidents • Ineffective corrective action • Failure to share learnings
Consequences • Consequence evaluation estimates the potential effects of hazard scenarios • The consequences can be evaluated with specific consequence modelling approaches • These approaches include: • Physical events modelling (explosion, fire, toxic gas consequence modelling programs) • Occupied building impact assessment
Consequences - Qualitative Evaluation • A qualitative evaluation is based upon a descriptive representation of the likely outcome for each event • This requires selecting a specific category rating system that is consistent with corporate culture