SAFETY DOCUMENTATION:
FOLDERS AND FILES
How useful is Safety Documentation for the
general CERN population and you in particular ?
Acknowledgements: A-P Bernardes, C-H Sala, M. Picard, E. Harrouch, C. Alanzeau,
C. Gaignant, E. Macario
S. Evrard – EN/MEF
IEFC Workshop
CERN, March 7, 2012
Definition and content
2
Safety File vs Safety Folder

A Safety File is a set of documents or data related to the assessment of
the Safety of equipment, installation, activity, process or project at all
stages of its life cycle and the corresponding implementation measures
and procedures as well as lessons learned. The CERN Safety Rules define
the compulsory content of each Safety file. (memo DG/2011-258)

When combined, the Safety Files of a given facility or system form a
Safety Folder. Hence, the Safety Folder shall be understood as the
repository where all Safety Files and associated documents are archived.

Content




Descriptive part
Demonstrative part
Operational part
Feedback part (now called REM)
Purpose:
Demonstration, by the Project team
to the Licensing authority
that the Regulations are fulfilled,
from the 2 perspectives:
integrity and safety
S. Evrard - IEFC Workshop - March 7, 2012
Scope
3







New facility (ex. HiRadMat)
Existing facility (ex. TDC2-TCC2)
Equipment (ex. Power Converter)
Process (ex. Target Exchange)
Activity (ex. Open Days 2013, XTAX table repair in TCC2)
Clear definition of the scope & boundaries of the safety
file
Agreement of all stakeholders before starting up (DSO’s,
HSE unit, Project Management..)
S. Evrard - IEFC Workshop - March 7, 2012
Descriptive part
4

Description of the facility/process
 What
is it
 Where is it located
 What is it made of
 How does it work
 When will it be constructed, operated, dismantled
 Who is responsible for its construction, operation
 With which means will it be constructed
 Which steps for its dismantling
S. Evrard - IEFC Workshop - March 7, 2012
Demonstrative part
5

The demonstrative part is hazard and risk oriented,
and addresses the following:
 Hazard
and safety risk identification;
 Risk evaluation, risk analyses;
 Risk responses:
 Technical
risk control measures;
 Organizational risk control measures.
S. Evrard - IEFC Workshop - March 7, 2012
Operational part
6

This part is an inventory of all operational documents
needed in order to optimize the exploitation of the
facility, equipment, activity especially in terms of
safety.

These operational documents are of two kinds:
 Operational instructions


for operating the facility
for maintaining and ensuring its integrity
 Organizational

and procedures
structures
Project – Operation – Dismantling phases
S. Evrard - IEFC Workshop - March 7, 2012
Feedback part
7

The Safety File also includes a part dedicated to
Records, Experience and Monitoring (called Retour
d’expérience in the French safety terminology)

This part shall receive all the feedbacks linked to the
development of the facility, accidents, or incidents
and any other new development.
S. Evrard - IEFC Workshop - March 7, 2012
Beyond prejudices
8

The safety file methodology is sometimes criticized:
Waste of time
 Bureaucratic work
 Job for HSE experts only
 No time, no resources in our group, project
 Uninteresting work
 No added value exercise
 Only to get my boss happy
 Will trap dust on a shelf once written
 I’m asked to write it but no one tells me how


So let’s analyse some down-to-earth examples
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
9
Overview
TNC (former West
Area Neutrino
factory WANF)
TT61 (to former
West Area)

TCC6
Study the impact of intense
pulsed beams on materials

Thermal management (heating)

Radiation damage to materials –
change of properties

Thermal shock - beam induced
pressure waves
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
10
Hazard inventory

We used a structured, systematic and comprehensive
examination of all the processes sub-processes and
activities to be carried out in the HiRadMat facility in order
to identify potential hazards and operability problems
(HAZOP).

The analysis was carried out by a suitably qualified team of
experts familiar with all aspects of the operations
undergoing study. This team was led by a team leader
qualified in the application of the technique, usually a
safety professional.

The HSE Unit’s Safety Guidelines for Risk Assessment
(EDMS no. 1114042) is a good tool.
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
11
Hazard inventory: process identification
Courtesy of M. Picard
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
12
Hazard inventory: process breakdown & basic activities
Subprocess: Test table
transport to cool down
zone
2.2.3
…
Basic Activity 1:
Access in controlled area
…
…
…
2.2.3.1
2.2.3.2
Basic Activity 7:
Preparation crane for
2.2.3.3 remote use
2.2.3.4
…
…
Basic Activity 8:
Remote use of crane
2.2.3.5
…
2.2.3.6
Courtesy of M. Picard
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
13
Hazard inventory: process summary
Processes linked to the operation
Processes linked to the
maintenance
Basic activities
B1 entrance_in_controlled_area
B2 entrance & activity in TNC
B3 exit from TNC
Tested equipment installation in lab
Experimental table installation in TNC
Activated table handling to cooling
area
Cooled table removal from TNC
Containment + experiment separation
from table
Gas and or vacuum connection
TNC relighting
AUG tests
Gas and or vacuum disconnection
Elevator & lifts maintenance
Survey check of the 3 base tables
Air Handling Unit maintenance
Radiation monitoring
maintenance
Fire detection tests
Dump and upstream collimator
exchange
New cable pulling
Plug-in system exchange
Patrol TNC
PR532 maintenance in TJ7
B4 exit from controlled area
B5 Preparation PR-532 for manual use
PR532 annual load test
PR532 repair in TNC
B6 Manual use of PR-532
B7 Preparation PR-532 for remote use
Drain network maintenance
B8 Remote use PR-532
B9 end of work with PR532
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
14
Demonstrative part: risk response example
Risks
Technical
measures
Organisational
measures
Id
Hazards
1.
TNC is a high
radiation
area.
External
exposure
Internal
exposure
Contaminated Environment
dust in TNC
exposure
(from
destructive
work in TNC
radioactive
area)
- Access system
and RP veto for
PPG6907 door.
- Hand foot monitor
control in BA7.
-Ventilation system.
- Alara oriented
design of the
facility.
- Ramses system
- SPS access procedure
in controlled area (EDMS
1138833)
-Safety code F Radiation Safety Manual
- RP supervision
-A6 - The two-person
rule of working
-ALARA principles
2.
Moving crane Collision
and moving
with people
PPG6907 door or
equipment
Door opening procedure
on crane control panel
3.
Moving crane
and lifting
loads
Switch : if door
closed, crane will
stay off
Manual door
opening
Slow motion
handling and safety
perimeter
Collision
with people
or
equipment
Personal measures
- Individual protective
equipment IPE (safety shoes,
auto-saving mask, helmet)
- Individual and operational
dosimeters
- Overshoes
- Depending on the nature of
the work :
-gloves if object handling in
TNC
-overall clothes + individual
breathing mask if
"destructive" work
IPE
-Overhead crane
IPE
handling procedure
(EDMS 1145906)
- Handling by qualified
overhead crane drivers
- Safety Regulation on
mechanical equipment
(SR-M)
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
15

Demonstrative part: risk management example-stray radiation (external exposure)
Design stage:






Technical measures





Access , ventilation and RP sectorization
Ventilation system
Ramses monitoring system
Remote controlled PR532 crane
Organizational measures





Fluka simulations  CV and Ramses design
Dedicated handling means (lifting jig and eyes)
Prefabricated structure (easily removable)
Activated material management plan
Maintenance plan (reduced time in TNC)
Airborne contamination decrease
Frequent radiation survey of TNC tunnel
Dedicated RP training
ALARA, JOLI & DIMR preparation
On-site close RP monitoring
Personal measures

Absolute Filter exchange
Equipment remote handling
Training, IPE, dosimeters, …
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
16
Operation part
Question
Procedure
EDMS
How to get access authorized to
the HiRadMat facility ?
Preparatory steps to take
before accessing to HiRadMat
1154948
How to get access to HiRadMat
Access procedure
1155061
How to escape from the facility ?
Escape procedure
1153056
How to patrol the facility ?
Patrol procedure
1152694
How to deal with activated
material ?
Activated material
management procedure
1146265
How to handle alarms from HRM ? Alarm management procedure
1152693
How to maintain the facility ?
Maintenance plan
1154793
How to deal with incidents ?
Faulty situation and incident
analysis
1154637
How to manage fire risk ?
Fire prevention and fire risk
management
1146217
 User-oriented procedures
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
17
Feedback part

Safety review recommendation: prepare B.846 escape shaft for
emergency situations  Fire Brigade evacuation exercise  new
arrangements like permanent lifting points.

Incident debriefing

Cold smoke accidentally produced in BA7 lift room reached
underground areas. After investigation, cause = geodesy duct
bypassing ventilation containment. Check in all BA’s ongoing.
S. Evrard - IEFC Workshop - March 7, 2012
XTAX table repair in TCC2
18
A Challenging Repair

TAX motor failures: 3/8 are out of order


The TAXs, installed downstream of the primary targets of the North Area, are made
of massive blocks put on motorized tables that can move up/down.
High radiation environment

The TAX blocks intercept about 1019 protons/year  about 6 mSv/h outside the
shielding and probably 30 to 40 mSv/h at the blocks and even higher near the
beam impact point.
S. Evrard - IEFC Workshop - March 7, 2012
XTAX table repair in TCC2
19

A detailed repair procedure and a risk analysis are
prepared

Major remaining risk: PR537 reliability
Technical measures taken: extensive maintenance and spare parts

Optimization steps WDP and DIMR preparation DIMR
link









Design Review: reduce the dose in future interventions
Handle TAX assembly (blocks + table) as a set: no access to
most activated part
PR537 remote control: reduced presence in TCC2
Increase PR537 lifting height: lateral shielding stays in place
Bunker for mechanical work: operators well shielded
Tailor made shielding (100 mm thick steel plate + lead
50mm): dose reduction /80
Optimize table repair sequence: # movements, start with
least activated first
Extensive dry run tests in EHN1: train technicians
Extensive dry run tests in TCC2 : train crane operators
S. Evrard - IEFC Workshop - March 7, 2012
XTAX table repair in TCC2
20
Safety documentation
Work breakdown &
planning
Dose estimate
Risk analysis
1404
Service disjunction
954
Reconnect services
764
RP supervision
583
557
475
Preparatory works
Upstream table repair
Worksite clean-up
293
258
217
155
Downstream table repair
TCC2 dry run
Roof block modification
Roofs handling
Surveys
Dose (uSv)
0
Dose breakdown by activity
39
200
400
600
800
1000
1200
1400
S. Evrard - IEFC Workshop - March 7, 2012
1600
XTAX table repair in TCC2
21

End product (EDMS 1180560)
 Repair
procedure
 Work
breakdown
 Organization breakdown (many groups involved)
 Planning
 WDP
& DIMR
 Risk analysis (overhead crane,…)
 Personnel training sessions
 REX to come

Licensing authority: Committee ALARA Level 3
S. Evrard - IEFC Workshop - March 7, 2012
Roles and responsabilities
22
Team work

TEAM LEADERS


TEAM MEMBERS



Provide support to the project team members in the editorial work of the safety
documentation, especially in terms of methodology;
Participate in the safety reviews.
HSE UNIT EXPERTS



Contribute to the discussions on safety aspects within their range of expertise
throughout the lifecycle of the facility or system;
SAFETY OFFICERS AND GLIMOS


Coordinate the editorial work related to the safety documentation; initiate safety
reviews
Represent the HSE Unit in the discussions on safety aspects throughout the
lifecycle of the facility or system;
Participate in the safety reviews.
DEPARTMENT /PROJECT MANAGEMENT


Ensures that the safety documentation is written and released in due time
Approves the Safety Files.
S. Evrard - IEFC Workshop - March 7, 2012
Timeline: when to start, when to review
23
Start as soon as possible
(study phase)
Deliverables depend on
the phase of the
project/activity
HiRadMat: late start (in
the middle of the project)
induced changes in the
design
For existing facilities, a
safety file can be launched
at several occasions:
equipment renewal,
consolidation, …
Review every 12 months
at least
The project has a
HiRadMat site
memory
Courtesy of P. Bonnal
S. Evrard - IEFC Workshop - March 7, 2012
Added-value exercise
24
Safety aspects

Better knowledge of the facility and associated risks  safety
awareness is improved

Concentrated effort towards safety and documentation of the
project: reviews and discussions with DSO’s, RSO’s. Some external
pairs of eyes shed a new light on “our” project

Procedures checked and validated on-site with actors: team
agreement on the procedures to be followed

Communication channels and knowledge of the facility improved
with all CERN services (FB, CCC, Transport team, users…)

Decision making process during design of the facility, equipment is
facilitated

Update of safety documentation and safety management becomes
easy
S. Evrard - IEFC Workshop - March 7, 2012
Added-value exercise
25
Beyond safety aspects






EDMS documents organized in a structured way also available
in the Web (SharePoint sites)
Tailor-made information for each public (users, experts,….)
Detailed knowledge of your facility is shared by all stakeholders
– increase efficiency
Documented procedures available for repetitive interventions:
resources & planning optimization
Facilitate training of new recruit (knowledge transfer)
Bridge to other tool: maintenance plan (CAMMS), emergency
plan
S. Evrard - IEFC Workshop - March 7, 2012
Keys to success
26





Deal with lack of up to date technical documentation
Secure resources (HiRadMat: 1 FTE year or 4% of the
project resources)
Get commitment of all stakeholders
Get commitment and support of management
Make your safety file a unique & crucial working-tool
for all participants in your project/activity.
S. Evrard - IEFC Workshop - March 7, 2012
Lessons learnt
27

Successful project = deliverables delivered & performance achieved with no
bad impact on persons and on the environment

Balancing the investment in time & money between


scientific and technical performance
safety performance & environment protection

If safety/integrity is correctly embedded into
the conception work, it should not be too painful

If safety/integrity is not taken into account during the conceptual work, then it
may really become a critical issue

Safety engineering support (internal/external) is an asset

Safety aspects exceeding the scope of the safety file: these aspects are
recorded in the safety file and are to be discussed in the proper forum (CSAP).
S. Evrard - IEFC Workshop - March 7, 2012