Add to collection(s) Add to saved
  1. Business
  2. Finance

Principles and Elements of SMS A Review

advertisement 
Principles and Elements of
SMS
A Review
Patrick Hudson
ICAO/Leiden University
April 2006
ICAO Seminar Baku
Structure
•
•
•
•
•
Why SMS?
The principles
Shell’s experience
Implementation experience
Conclusion
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
Why Safety Management
Systems?
• Safety is a right for customers and staff
• Poor safety performance is a sensitive
indicator of poor operations
• “If you can’t manage safety, how can you
show you can manage anything else?”
• Safety management systems are about
getting systematic about the problems
April 2006
ICAO Seminar Baku
Safety Management System
A framework for Safety Management
Security
Policy
Road
Safety
Plan
Alcohol
& Drugs
Policy
Safety
Policy
Policy
Continuous
Improvement
Mgt.
policy
Audit
Plans
Safety
Drills
Process
Safety (HSE Cases)
Task
Structure
No Structure
April 2006
ICAO Seminar Baku
A Pacific
Southwest Airlines
Boeing 727 as it
goes down over
San Diego,
California after a
mid-air collision
with a Cessna in
1978. Onehundred-thirtyseven people along
with 7 on the
ground were killed.
April 2006
ICAO Seminar Baku
Early Safety Management
• Early safety management was an unstructured mixture
of ‘good things’
• Progress was based upon response to accidents
• Measures were outcome based (crashes etc)
• There were no process definitions (how to do it)
• Regulations prescribed exactly what to do (what to do)
• This works very well to start with, but expectations have
been raised over the years, now everyone expects that
every flight is safe
April 2006
ICAO Seminar Baku
Types of Certification
•
•
•
•
•
There are three distinct ways of guaranteeing safety
Type I - Classical ICAO/FAA/JAA certification
Type II - Safety Cases and SMS
Type III - Safety Culture and Good Practice
These different approaches are complementary,
especially II and III
• Types I and II are Imagination Limited
– Can people imagine what might go wrong
– Type III involves doing The Right Thing anyway
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
Why have a Safety Management
System?
• A number of major disasters in the
Petrochemical industry
– Flixborough
– Seveso
– Bhopal
• Nuclear disasters
– Three Mile Island
– Chernobyl
April 2006
ICAO Seminar Baku
Flixborough
1 June 1974
•Modification Control
•Use suitably trained,
educated and
responsible people
April 2006
ICAO Seminar Baku
•Know what you don’t
know
Seveso
July 1976
• Understanding safe
state to leave reactions
• Multiple layers of
protection
• Automated Reaction
stop systems for
exothermic systems
April 2006
ICAO Seminar Baku
Altona
c
c
Longford
25 September 1998
Port
Phillip
Bay
Melbourne
Gooding
Compression (GTC)
Sub-sea Well
Oil Platform
Monotower
Gas Platform
Concrete Structure
Sale
c
Longford
Gas & Oil Processing
Barry Beach
Marine Terminal
Snapper
Barracouta Marlin
Long Island Point
Fractionation Plant,
Crude Oil Tank Farm
and Liquids Jetty
April 2006
ICAO Seminar Baku
• Training needs to
impart and refresh
knowledge.
• Must identify other
hazards and provide
relevant training.
•Corporate
knowledge must be
captured and kept
alive
Piper Alpha
• 1988 the Piper Alpha platform was destroyed
• The platform had just been audited by the
regulator
• Lord Cullen’s report set up a new regime
– Goal Setting
– ISO 9000 type management systems
– Safety Case to provide assurance - a documented proof
that the SMS is both in operation and effective
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
Piper Alpha
• Cost $1,500,000,000
• 167 killed
• Occidental UK went out of business in two
years
April 2006
ICAO Seminar Baku
The Cullen Report
• Cullen investigated the Piper Alpha disaster
• Report was published 1990
• Requirement made for every offshore
facility to have an SMS in place by
November 1992
• Proof by submission of a safety case
• If there was no acceptable safety case the
operation would be shut down immediately
April 2006
ICAO Seminar Baku
Shell International’s Approach
• Shell is the largest operator in the North Sea
- SMS was made mandatory
• Shell decided to get in first rather than wait
• A considered approach was designed
• The requirement for SMS was to be made
world-wide for all Shell Group companies
April 2006
ICAO Seminar Baku
Shell’s Approach - don’t do
everything
• Decision to operate in terms of hazards and
a limited set of events to avoid
• Developed the Bow-tie model (next slides)
• Identification of safety critical activities to
provide assurance
• Getting in first meant that they wouldn’t
have to operate a system foreign to their
culture
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
The Swiss cheese model of
accident causation (Reason)
Some holes due
to active failures
Hazards
Other holes due
to
latent conditions
Losses
Successive layers of defences, barriers, & safeguards
April 2006
ICAO Seminar Baku
SAFETY MANAGEMENT
Based on the Reason Model
World
Hazard/
Risk
Barriers
or Controls
Work &
Organisation
Undesirable
outcome
April 2006
ICAO Seminar Baku
Safety Management Cycle
Leadership and Commi tment
Policy and Strategic Objectives
PLAN
Organisation, Responsibilities
Resources, Standards & Documentation
Hazards and Effects
Management
DO
FEEDBACK
Planning and Procedures
Implementation
Monitoring
Audit
Corrective Action
and Improvement
Management Review
Corrective Action
And Improvement
CHECK
April 2006
Corrective Action
ICAO Seminar Baku
Hazard-based approach
• Construct a generic hazard register
• Assess which are relevant for a particular
operation
• Use a Business Process Model to identify
safety critical processes that allow
management of the hazards
• Construct Bow Ties for control and recovery
April 2006
ICAO Seminar Baku
HEMP
•
•
•
•
•
HEMP - Hazard and Effects Management Process
Identify - What are the hazards?
Assess - how big are those hazards?
Control - how do we control the hazards?
Recover - what if it still goes wrong?
April 2006
ICAO Seminar Baku
Bow-tie Concept
Events and
Circumstances
BARRIERS
H
A
Z
A
R
D
April 2006
Harm to people and
damage to assets
or environment
Undesirable event with
potential for harm or damage
Engineering activities
Maintenance activities
ICAO Seminar
Baku
Operations
activities
C
O
N
S
E
Q
U
E
N
C
E
S
Bow-tie Concept
for a specific threat
Events and
Circumstances
BARRIERS
H
A
Z
A
R
D
April 2006
Harm to people and
damage to assets
or environment
Undesirable event with
potential for harm or damage
Engineering activities
Maintenance activities
ICAO Seminar
Baku
Operations
activities
C
O
N
S
E
Q
U
E
N
C
E
S
RISK ASSESSMENT MATRIX
Potential Consequence of the Incident
Rating
People
Env'ment
Assets
0
No
injury
Zero
Effect
Zero
damage
1
Slight
injury
Slight
Effect
Slight
damage <
US$ 10K
2
Minor
injury
Minor
Effect
3
Serious
injury
4
Single
fatality
5
Multiple
fatality
April 2006
Reputation
A
B
C
Unknown but
possible in
the aviation
industry
Known
in aviation
industry
Happened
in this
company
No Impact
Slight
Impact
Minor
damage <
US$ 50K
Local
Impact
Localised
Effect
Local
damage <
US$ 250K
Industry
Impact
Major
Effect
Major
damage <
US$ 1M
National
Impact
Extensive
damage >
US$ 1M
International
Impact
Massive
Effect
Increasing Probability
ICAO Seminar Baku
D
E
Happened Happened
> 3 x in the > 3 x in this
Company location
Hazard Management and Control
• Bow Ties describe the hazards and the
relevant controls
• Controls are provided by elements in the
business processes
• Top events are a restricted set of unwanted
events, not the final outcomes
April 2006
ICAO Seminar Baku
Bow Ties as Standard
• The Bow Tie is now the standard for the
FAA in the USA
• There are a number of computer packages
for making and maintaining bow ties
• The information needed can be shared
• Local differences are easily accommodated
April 2006
ICAO Seminar Baku
Shell’s HSE MANAGEMENT
putting it together
HSE MS
EP 95-0300
Minimum
Expectations
HAZOP/ HAZID
EIA/SIA/HRA
etc.
EP 95000
Series
Technical advice
Risk Assessment
Matrix
THESIS
Risk Assessment Matrix
0
1
2
3
No health
effect/injury
Slight health
effect/injury
Minor health
effect/injury
Major health
effect/injury
Reputation
Assets
Environment
People
Severity
CONSEQUENCE
No damage
No effect
No impact
Slight
damage
Minor
damage
Localised
damage
Slight effect
Slight impact
Minor effect
Limited
impact
Considerable impact
Localised
effect
4
PTD or 1 to 3 Major
fatalities
damage
Major effect
National
impact
5
Multiple
fatalities
Massive
effect
International
impact
Extensive
damage
A
Never
heard of
in …..
industry
INCREASING LIKELIHOOD
B
C
D
Heard of
in ….
industry
Incident
has
occurred
in our
Company
Happens
several
times per
year in
our
Company
E
Happens
several
times per
year in a
location
Design
standards
Manage for continuous
improvement
Incorporate risk
reduction
measures &
demonstrate
Intolerable
April 2006
ALARP
ICAO Seminar Baku
Group
Guidance
HSE MS “in place”
Job Hazard
Analysis
Permit to
Work System
Contract/
Contractor
Management
Hazardous Situation
Unsafe Act reporting
Workplans
HSE Self
Appraisal
Observation
techniques
Violation
Survey
Site Visits
Trends/
benchmarking
HSE Standards
& Procedures
Incident Investigation
(Tripod Beta)
Competency
Programmes
Audits
Reviews
April 2006
Incident Reporting
ICAO Seminar Baku
Advantages of an SMS
• The SMS provides a structure for measuring in
system audits
• Bow ties provide a structure for operational audits
– Are the barriers there?
– Are the barriers intact and in operation
– Is there sufficient defence- are there single point
trajectories where everything relies on a single defence?
• The analysis of barriers and operations also
provides a basis for incident investigation that is
consistent with the Reason model
April 2006
ICAO Seminar Baku
What does it take?
• Regulators can force implementation, but it is
much easier if you want to do it anyway
• Top management has to be convinced that
implementing an SMS is in their interest
• Shell had to implement in the North Sea, but
decided to make SMS obligatory world-wide in
view of the benefits to Shell group
• BP and ExxonMobil have taken exactly the same
approach with GHSSER and OIMS
• You have to do it yourself
– Hiring consultants can only be as support
April 2006
ICAO Seminar Baku
– An off-the-shelf SMS
will soon fail
April 2006
ICAO Seminar Baku
Conclusion
• Safety management systems turn safety into a
systematic process
• Development can be done with sharing of information
and experience - you don’t compete on safety
• SMS models can be used to unify management, audit
and incident investigation
• SMS does not guarantee everything - to get ahead you
need to develop a safety culture as well - tomorrow
April 2006
ICAO Seminar Baku
April 2006
ICAO Seminar Baku
Related documents
Seminar Assessment Form
Seminar Assessment Form
Academic Seminar: High School BEP Getting Started
Academic Seminar: High School BEP Getting Started
2511- 10th graduation of the Leadership School of the
2511- 10th graduation of the Leadership School of the
ABC Technical Seminar Early Registration Form
ABC Technical Seminar Early Registration Form
ABC Technical Seminar Early Registration Form
ABC Technical Seminar Early Registration Form
Food Inc Socratic Seminar Questions
Food Inc Socratic Seminar Questions
Download
advertisement