Specifications for HSE Cases
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Petroleum Development Oman L.L.C.
Document Title: Specification for HSE Cases
Document ID SP-2062
Document Type Specification
Security Unrestricted
Discipline Technical Safety Engineering
Owner MSE/4 – Head of Technical Safety Engineering
Issue Date 31 March 2011
Version 1.0
Keywords: This document is the property of Petroleum Development Oman, LLC. Neither the whole nor any part of this document may be disclosed to others or reproduced, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, reprographic recording or otherwise) without prior written consent of the owner.
Page 1 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
This page was intentionally left blank
Revision: 1.0
Effective: Mar-11
Page 2 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
i Document Authorisation
Revision: 1.0
Effective: Mar-11
Page 3 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
ii Revision History
Revision: 1.0
Effective: Mar-11
The following is a brief summary of the 4 most recent revisions to this document. Details of all revisions prior to these are held on file by the issuing department.
Date Author Scope / Remarks Version
No.
Draft 22/02/2011 Karen McConnachie New document
iii Related Business Processes
Code Business Process (EPBM 4.0)
iv Related Corporate Management Frame Work (CMF)
Documents
The related CMF Documents can be retrieved from the Corporate Business Control
Documentation Register CMF .
Page 4 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
TABLE OF CONTENTS
Review and Improvement (HSE Cases)....................................................... 17
4 ASSET INTEGRITY - PROCESS SAFETY MANAGEMENT .............................................. 18
Process Safety Manual, HSSE Control Framework, Section ........................................ 18
Centre for Chemical Process Safety Guidelines for Risk Based Process Safety (CCPS
Page 5 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Performance Standard Approval .................................................................. 29
How to Undertake an ALARP Assessment .................................................. 33
Principles of Hazard Management ............................................................... 33
Assessment of Complex Decisions .............................................................. 35
OPERATE PHASE CONTINUOUS IMPROVEMENT .................................................... 36
DCAF Deliverables for Identify, Assess and Select Phases ........................ 44
Part 2 CSR ALARP demonstration Summary .............................................. 46
Part 3 Design Basis & Facility Description ................................................... 46
Part 4 Hazards & Effects Management Process .......................................... 46
Part 5 Improvement (Action Plan) ................................................................ 47
DCAF Deliverables for Define and Execute phases .................................... 47
OPERATIONS HSE CASE REQUIREMENTS .............................................................. 49
Page 6 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Part 4 Hazard and Effects Management ...................................................... 50
Part 5 Improvement (Action Plan) ................................................................ 51
DCAF Deliverables for Execute and Operate Phases ................................. 51
Glossary of Definitions, Terms and Abbreviations ....................................... 53
Related Business Control Documents and References ............................... 55
Example Hazard and Effects Register ......................................................... 63
Safety Critical Elements Categories ............................................................. 64
Example Safety Critical Elements Register .................................................. 65
Example Design Performance Standard ...................................................... 66
Example Operations Performance Standard (EP 2009-9009, Ref. 10) ....... 69
Example of Implementation Table ................................................................ 70
Operations HSE Case Change Approval ..................................................... 78
CCPS RBPS Process Safety Elements ....................................................... 83
Page 7 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
1 Introduction
Revision: 1.0
Effective: Mar-11
An HSE Case provides a documented demonstration that risk reduction philosophies and measures have been developed and implemented at each phase of the Opportunity
Realisation Process (ORP) to ensure that the risks are tolerable and as low as reasonably practicable (ALARP) through the systematic application of the Hazards and Effects
Management Process (HEMP) as set out in the PDO HSE Management System (HSE-
MS).
This document should be read in conjunction with the guideline Applying Process Safety in
1.1 Purpose
This purpose of this specification is to establish minimum requirements for the content of
HSE Cases and it shall be used for the development of HSE Input to Concept Select
Reports, Design HSE Cases and Operations HSE Cases.
This specification SHALL [PS] be used for demonstration of the following requirements of
the Process Safety Manual in the Shell HSSE & SP Control Framework [Ref. 7]:
Identify and document Hazards with RAM red and yellow 5A and 5B Process
Safety Risks for existing and new Assets (Requirement 1).
Develop a Statement of Fitness for the Assets (Requirement 7)
Review the Process Safety Risks to the Asset at least annually, in line with 8
Management Review (of the HSSE & SP Management System) (Requirement
20).
This specification contains information on the contents of each type of HSE Case and gives guidance and examples of information to be contained in specific sections.
1.2 General Definitions
The capitalised term SHALL [PS] indicates a process safety requirement.
The lower case word shall indicates a requirement.
The word should indicates a recommendation.
1.3 Review and Improvement (SP 2062)
Responsibility for the upkeep of this Specification shall be with the CFDH Technical
Safety Engineering (Owner of this Specification). Changes to this document shall only be authorised and approved by the Owner.
Any user of this document who encounters a mistake or confusing entry is requested to immediately notify the Document Custodian using the form provided in CP 122 Health,
Safety and Environment Management System [Ref. 1].
This document shall be reviewed as necessary by the Owner, but not less than every two years.
1.4 Deviation from Standard
Deviation to this Specification shall follow the requirements of PR1247 “Project Change
Control & Standards Variance Procedure”, Version 1 31/8/1999.
Page 8 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
2 WHEN ARE HSE CASES REQUIRED?
Revision: 1.0
Effective: Mar-11
HSE Cases are mandatory for all PDO operated (owned, leased or contracted) projects/operations containing hazards rated severity five or high risk on the PDO risk
assessment matrix (RAM) as per Figure 2-1
[Ref. 1]. Hazards to that fall into this category
are referred to as Major Accident Hazards (MAH), and are typically identified during the
HAZID conducted at the start of concept phase of a project.
However, for smaller, less complex projects or modifications to an existing asset where an
Operations HSE Case already exists, it may be suitable to undertake a design review in place of a Design HSE Case and then update the existing Operations HSE Case.
For projects that fall into Category C as per Figure 2-2 overleaf, both qualitative (bow-tie
analysis) and quantitative analysis (QRA) are required to determine the level of risk and to demonstrate that risks are reduced to tolerable and ALARP, thus a Design and Operations
HSE Case must be compiled.
Guidance and confirmation shall be sought from MSE/4 on an individual project basis.
Consequences
0
No injury or health effect
No damage
No effect
No impact
1
2
3
Slight injury or health effect
Minor injury or health effect
Major injury or health effect
4
PTD or up to
3 fatalities
Slight damage
Minor damage
Moderate damage
Major damage
Slight effect
Minor effect Minor impact
Moderate effect
Slight impact
Moderate impact
Major effect major impact
A B
Increasing likelihood
Never heard of in the Industry
Heard of in the Industry
C
Has happened in PDO or more than
1>yr in the
Industry
D
Has happened at the
Asset or more than
1>yr in
PDO
E
Has happened more than
1>yr at the
Asset
5
More than 3 fatalities massive damage massive effect
Massive impact
Figure 2-1: PDO Risk Assessment Matrix
Figure 2-2 shows the industry guidelines for a framework for risk related decision support by
Oil and Gas UK in 1997 (formerly the UK Offshore Operations Association, UKOOA).
Once a new project has been assessed against the risk assessment matrix in Figure 2-1
and found to contain level 5 or high risk hazards, it shall be categorised as per the chart in
Page 9 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Figure 2-2: Framework for risk related decision support in PDO
To use the Framework, first relate the decision being considered to the decision context characteristics on the right hand side of the Framework. Establish a horizontal line across the Framework at the point that best fits the nature of the decision. The segments of this horizontal line define the relative weight that should be given to the different decision making approaches in the ALARP determination. The descriptors on the lefthand side of the diagram describe the type and extent of consultation that is needed for the selected decision context and type.
Type B and C decisions shall be taken at higher levels within an organisation than Type A decisions.
Type A decisions are those involving well-understood hazards and proven solutions. The lessons learned from past years have been incorporated into authoritative Good Practice.
Reference to the relevant Good Practice, supported by expert judgment, is sufficient to define the barriers needed to reduce the risks to both tolerable and ALARP.
Type B decisions are those involving less well-understood hazards. Good Practice has to be supplemented by more detailed analytical methods such as quantified risk assessment
(QRA) particularly to address the uncertainties of novel aspects of design. However, riskbased analysis cannot be the only approach, as illustrated by the fact that it forms no more than 40% of a horizontal line through the Type B band.
Type C decisions are those involving hazards that may create societal concerns. The more technological factors in the ALARP determination need to be “conditioned”, or viewed in the context of how the situation will be seen by stakeholders.
The A, B, C groupings are not intended to split the framework into three discrete sections, but should be used to indicate a continuum of decision context types from a strongly Type A
(technology based) at one extreme to a strongly Type C (judgment based) at the other extreme. A range of decision-making approaches will contribute, especially to Type B and C
decisions. The background to the Framework is described in [4].
Page 10 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
3 WHAT TYPES OF HSE CASES ARE THERE?
Revision: 1.0
Effective: Mar-11
PDO activities and operated facilities fall into different categories and the different types of
HSE Cases used to cover these are listed below: o Asset/facility: hydrocarbon gathering/production facilities organised into delivery teams or hydrocarbon transporting infrastructure and storage facilities. The majority of
PDO HSE Cases fall into this category and the content shall meet the requirements of this HSE Case Specification o Contractor drilling rigs and hoists; the content shall meet the requirements of
International Association of Drilling Contractors (IADC) [Ref. 4] and this HSE Case
Specification o Air Operations; the content shall meet the requirements of EP 2005-0263 Air
Transportation Standard and this HSE Case Specification o Land Transport; the content shall meet the requirements of EP 2005-0261 Road
Transportation Standard and this HSE Case Specification
Air transport operations, road transport operations and marine operations with severity 5 or
high level hazards (as defined by the RAM in Figure 2-1) that are PDO operated (owned,
leased or contracted) shall have an Operations HSE Case.
The nature of Transport and Drilling Rig HSE Cases is that they are developed to describe the hazards and set out controls associated with the respective operation or activity. These cases are reviewed and updated as they develop, but rarely is there a requirement to develop a new HSE Case for these activities.
Asset/Facility HSE Cases differ in that new design projects or production stations may require that a new HSE Case is developed in accordance with this specification.
Asset/Facility HSE Cases are further separated into the following types of HSE Cases: o Concept Select Report : This demonstrates that there has been a systematic application of HEMP during the Identify, Assess and Select phases, that the HSE risks associated with each development option have been identified and assessed, the lowest risk option has been chosen or that the cost/effort required to adopt the lowest risk concept is grossly disproportionate to the benefit. o Design HSE Case : This demonstrates that there has been a further systematic application of HEMP during the Define and Execute phases, demonstrates that the severity 5 or high level hazards identified are both tolerable and ALARP and that all safety critical elements (with associated performance standards) have been identified and meet the performance standards. o Operations HSE Case : This describes management of the severity 5 or high level hazards to ensure that they are tolerable and ALARP, bow-tie diagrams showing the hazards and the barriers to the hazards, a list of HSE critical tasks, references to operational management systems and a statement of fitness. This acts as confirmation that the HSE Case Owner (Director) is satisfied that the arrangements are in place for the facility to operate safely.
3.1 Asset/Facility HSE Cases at different ORP phases
The opportunity realisation process (ORP) is split into 5 phases punctuated by Decision
Gates (Dg1-5) and Value Assurance Reviews (VAR1-5). Once the need for an HSE Case has been identified, the type of HSE Case and when it should be compiled needs to be
The Identify & Assess; Select; Define; Execute and Operate phases are discussed in the following sections.
Page 11 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Figure 3-1: 5 stages and applicable HSE Cases
3.1.1
3.1.2
Identify and Assess
This phase initiates opportunities and demonstrates the feasibility of those opportunities. Ideas are generated and aligned with business principles and strategies and potential values established so a decision to fund and staff further development of these ideas can be made.
This phase also asks the question as to whether the project has looked sufficiently at the risks, different development options, realisations and all possible outcomes. Is there at least one solution that would work in most, perhaps all, of the realisations?
The project must understand what it is going to be taking into the Select phase.
HSE input at this stage is at a high level and includes a preliminary HAZID, HSE-SD
Plan and input to the Risk Register.
Select
This stage must select the best concept solution for delivering value from the opportunity and make it clear why one choice was the preferred option.
HSE input into the select phase has potentially the greatest impact. The option selected to take forward into the define phase must be ALARP. An ALARP demonstration must be provided in the CSR (see section 14).
3.1.3 Define
The selected concept must be defined technically (scope, cost, schedule) or commercially (JVA, JOA, country entry) for final investment decision (FID). Note that the timing of a technical FID may not coincide with a commercial FID.
HSE activities and deliverable at the define stage include a Design HSE Case and other HEMP Studies.
3.1.4 Execute
The project is to be delivered as a facility consistent with the forecast scope, cost, schedule and proven performance and has to be accepted by the Owner of operations (usually the Relevant Director) for use.
Page 12 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
3.1.5
During the execute phase the Design HSE Case is refined. The Operations HSE
Case is developed prior to handover to operations. Further HEMP studies are carried out to support the ALARP Demonstration.
Operate
The project is operating as per expected and is maximising returns to Shareholders and protecting the License to Operate. The Owner of operations (usually the relevant Director) has accepted responsibility for continued safe operations.
The Operations HSE Case will contain the ALARP demonstrations for the Operate phase. This is built and maintained throughout the operate phase, (see section 16).
3.2 Roles and Responsibilities for the HSE Case
Delivery Team Leaders (DTL): DTLs are responsible for ensuring that the HSE Cases are developed and maintained for their assets and meet the requirements of this specification.
Project Managers: Project Managers are responsible for ensuring that the Concept
Select Report and Design HSE Cases are developed and meet the requirements of this specification.
Contract Holders : For Air Operations, Road Transport and Drilling & Hoist Rigs, it is the
Contract Holders that are responsible for ensuring that their Contractors develop and maintain HSE Cases that meet the requirements of this specification.
3.2.1 Sign Off Dates
Sign off dates for the CSR/HSE Cases shall be as follows: o The Concept Select Report Case shall be signed off prior to VAR3. o The Design HSE Case shall be signed off prior to VAR4. o The Design HSE Case during detailed design phase shall be signed off when completed and prior to the PSUA. o The Operations HSE Case shall be signed off prior to start up.
3.3 Roles and Responsibilities within the HSE Case
There are three main roles for developing, implementing and maintaining an HSE Case; the
HSE Case Owner, HSE Case Custodian and the HSE Case Administrator. These roles for
each type of HSE Case are shown in Table 3-1 and cover new projects and modifications to
existing facilities.
Table 3-1: Roles and responsibilities within an HSE Case
HSE Input to Concept
Select Report (CSR)
Design HSE Case Operations HSE Case
HSE
Case
Owner
Project Manager Project Manager Asset Director
Identifies the requirement for a HSE
Section in the CSR in accordance with this specification
Appoints HSE resource
Identifies the requirement for an HSE
Case in accordance with this specification
Appoints HSE Case
Custodian and assigns responsibilities
Identifies the requirement for an HSE
Case in accordance with this specification
Initiates Operations
Case and assigns responsibilities
Page 13 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
HSE
Case
Custodi an
HSE Input to Concept
Select Report (CSR)
Approves the Concept
Select Report
Design HSE Case
Approves outcome of
ALARP multi-disciplinary reviews
Develops a Statement of
Fitness for the Asset
Approves the Design
HSE Case
Operations HSE Case
Develops a Statement of
Fitness for the Asset
Approves outcome of
HEMP studies
Approves the Operations
HSE CaseAssigns HSE
Critical Element ownership to the appropriate Technical
Authority/HSE Adviser;
Ensures ongoing compliance with this specification
Conducts periodic
Operations HSE Case reviews
Ensures facility is operated according to the Operations HSE
Case
Project HSE Lead
Manages HEMP studies, ensures risk tolerability and suitable and robust
ALARP demonstrations are made
Prepares HSE content of the CSR and checks
DCAF content all signed
off
Coordinates the development of the HSE
Input to the CSR.
Lead Technical Safety
Engineer
Identifies HEMP studies to assess the hazards and risk associated with the project
Develops risk reduction strategies,
Technical identifies safety critical elements
(SCE) and associated
Performance Satandards in conjunction with SCE
Authorities
(TA)
Facilitates that suitable and robust ALARP demonstrations are made.
Reviews and approves all action items raised for correct detail, action party and target date
Compiles/co-ordinates the HSE Case
Delivery Team Leader
Ensures the HSE Cases are developed and maintained for their assets in accordance with latest requirements.
Ensures participation in development and awareness and proper use of the HSE Case by the organisation
Validates HEMP studies and technical accuracy of the contents of the
HSE Case
Co-ordinates review of
HSE critical tasks listings and associated
Performance Standards
Ensures that revisions and updates prepared are when necessary, adequately controlled and distributed
Reviews facility specific emergency response plans
Reviews and approves all action items raised for correct detail, action party and target date
Page 14 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
HSE
Case
Adminis trator
HSE Input to Concept
Select Report (CSR)
N/A
Design HSE Case
N/A
Revision: 1.0
Effective: Mar-11
Operations HSE Case
Directorate Technical Safety
Engineer
Compiles/co-ordinates the HSE Case and subsequent reviews and updates
Supports the HSE Case
Custodian
Page 15 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
3.4 Workforce Involvement
Revision: 1.0
Effective: Mar-11
The HSE Case shall demonstrate that the workforce have been part of the development and review of the HSE Case. Workforce in this context is the front line operations and maintenance staff that are directly involved in the day-to-day running of the facilities.
The purpose of this requirement is to ensure that front line operations and maintenance staff:
have knowledge of the Major Accident Hazards that have been identified for the facility where they work
are aware of the controls and barriers in place to manage these MAHs (SCEs, performance Standards, HSE Critical Tasks, MOPOs)
have knowledge of how these controls are managed (MIE, FSR, assurance reviews)
For Design HSE Cases, workforce involvement can be demonstrated by ensuring that relevant staff representatives have been involved in the design. This may be done by ensuring they participate directly in the design activities (HAZIDs, HAZOPs, HEMP studies) and by participating in project assurance reviews such as Design Reviews, peer reviews and project Audits.
Operations HSE Cases shall be communicated to the operations and maintenance teams on site. The focus shall be on what the case means to them and what impact is it likely to have. In addition, representatives from current operational, engineering, and maintenance teams and workforce representatives (where applicable) shall be included in
the regular reviews as described in Section 13. This engagement may be demonstrated
by ensuring that the HSE case is reviewed regularly by operations and maintenance staff, which can be achieved through
job descriptions and staff performance contracts
dedicated communications initiatives
staff onboarding
committees or working groups (e.g. AIPSALT).
For both types of HSE Cases, the details of how workforce involvement has been achieved shall be described in the HSE Case or in the documentation of the periodic review of the HSE Case.
3.5 Deliverables
Design and Operations HSE Cases are classified as Essential Records according to CP-
102 “Documents & Records Management” and shall be maintained on Livelink by the
HSE Case Administrator.
Design and Operations HSE Cases are mandatory deliverables for new projects and existing assets, as described by the Discipline Control and Assurance Framework
(DCAF) section in SP-2061 Technical Authority System [Ref. 7].
3.6 Performance Monitoring
Routine performance monitoring of HSE Cases shall include: o Assurance of Design HSE Cases at VARs o Review of Operations HSE Cases during Pre-Start up Audits
Page 16 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
3.6.1 o AI-PSM Assurance of Operations HSE Cases o Monitoring of Operations HSE Case KPIs
Review and Improvement (HSE Cases)
Once the Concept Select Report is signed off, it is not anticipated that any revisions will be required as further project work will be covered in the Design HSE Case.
The Design HSE Case may need to go through several revisions during the Define and Execute phases depending on the nature of the design of the new project.
The Operations HSE Case shall be reviewed and updated at a maximum interval of
5 years unless any of the following circumstances occur: o As part of a Material Change to the Facility, operation or surrounding environment that may have a potential impact on the risk profile o When it cannot be verified that the performance of safety critical elements (SCEs) meet the performance standards and/or when mitigation measures have been employed for extended periods to compensate for this shortfall o Prior to any material changes to the organisational arrangements or personnel levels o Following a major incident involving the Facility or operation, or from lateral learning from other major incidents applicable to the Facility or operation o Enhancements in knowledge or technology that change the basic assumptions on which the risk tolerability and ALARP demonstrations are based o If there is a change to any of the signatory parties for the HSE Case, i.e. HSE
Case Owner (Director), HSE Case Custodian (Delivery Team Leader) or HSE
Case Administrator (Technical Safety Engineer)
3.6.2 Material Change
A material change is any change that significantly affects the basis for original the
ALARP demonstration in the HSE Case. In practice this usually includes changes that have the potential to affect the major accident hazards or their controls, either directly or indirectly.
Examples of direct effects are: o Significant modifications or repairs to the plant or equipment, either as single large modifications or multiple smaller modifications.
o an increase in hydrocarbon inventory, o new technology, processes or operational complexity, o new types of combined operations, or new activities in connection with an installation, o new operational risk controls.
Examples of indirect effects are: o new ownership or operatorship, introducing a change in the management system, o a major change of contractor, and o extension of the use of the installation or its components beyond the original design life.
Page 17 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
4 ASSET INTEGRITY - PROCESS SAFETY MANAGEMENT
Assuring the safety of people, assets, the environment and reputation is a core value and providing assurance that major process safety risks are being managed is a critical aspect of PDO corporate governance. Asset Integrity – Process Safety Management (AI-PSM) describes the way in which PDO assets are managed so that the process risk is as low as reasonably practicable (ALARP).
There are two Process Safety implementation mechanisms within PDO:
1. The Process Safety Manual of the Shell Group HSSE Control Framework [Ref. 6]
2. AI-PSM as developed by Centre for Chemical Process Safety Guidelines for Risk
Based Process Safety (CCPS RBPS) [Ref. 9].
4.1 Process Safety Manual, HSSE Control Framework, Section
The HSSE & SP Control Framework replaces the mandatory requirements in EP2005 series, and includes mandatory Standards, Manuals, Specifications and Glossary terms, and non-mandatory Assurance Protocols and Guides.
The Process Safety Manual of the HSSE & SP CF comprises four elements:
1. Asset Integrity – Process Safety Management Application Manual
2. Design and Engineering Manual 1 (DEM1)
3. Design and Engineering Manual 2 (DEM2)
4. Override of Safeguarding Systems.
A full description of each element can be obtained in The HSSE & SP Control Framework
Compliance to the detailed requirements of the Process Safety Manual is demonstrated by signing a Statement of Fitness (SoF). The Statement of Fitness is shown in section 12 and testifies that the hazards have been appropriately managed in accordance with
HEMP and that a suitable and robust ALARP demonstration has been made.
The Statement of Fitness is a requirement of the AI-PSM Application Manual and a signed SoF shall be included in Design and in Operations HSE Cases, respectively.
For operational assets the SoF shall be signed by Asset Directors, and for new projects by the Project Manager before handover to operations.
4.2 Centre for Chemical Process Safety Guidelines for Risk Based
Process Safety (CCPS RBPS)
The CCPS RBPS AI-PSM process is an assurance process containing 20 elements 1 that describe minimum expected standards and stipulates the requirements for a range of process related activities ranging from organisational culture, workforce involvement, risk management, HEMP and audit through to design.
The assurance process includes routine checking, self-assessments and audits, as well as independent 3rd party verification that the AI-PSM system and practices are consistent with industry best practice and are controlling process risk to ALARP.
The assurance process also identifies opportunities for improving the management and control of process risk and therefore, is a key driver for continuous improvement.
1
A description of the 20 AI-PSM elements is provided in Appendix 12.
Page 18 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
HEMP is an integral element of the AI-PSM process and the HSE Case and provides a clear link between the two processes. Both the AI-PSM and HSE Case processes aim to identify, control and reduce risk levels to ALARP.
4.3 Process Safety in Projects
AI-PS requirements in projects, from project identification through to execution, is
described in “GU-648 Guide for Applying Process Safety in Projects” [Ref. 4].
This guideline extracts all the relevant information from the existing ORP documentation that is necessary to meet the AI-PS requirements at handover. It also provides further clarity with regards to the assurance processes which underpin the project team’s ability to demonstrate that AI-PS requirements are met at the end of every project phase.
The main objective of this guideline is to explain the key AI-PS objectives and deliverables throughout the project phases that demonstrate the facility is fit for the safe introduction of process fluids and that systems, processes and procedures are in place so that AI-PS can be safeguarded in the subsequent operate phase.
This will allow PDO to make the statement that “Our Asset is Safe and we know it” after each project phase.
4.4 Critical Drawings
Critical drawings are those drawings which are required to be maintained in order to support the implementation of critical tasks. Critical drawings are required to ensure that the risks from MAHs are ALARP.
A list of critical drawings shall be made for each facility. All critical drawings shall be stored in an easily accessible database to reflect the current design and status of the asset (as-built status).
This will ensure that all personnel have access to reliable and up to date information to allow accurate planning of work operations and activities, management of change and investigative activities (when an incident has occurred).
Critical drawings include, but are not limited to: o PFS o PEFS o Cause and Effect matrix o Hazardous area classification o Area Layout o Site plan (sub-field layout) o Key plan and Plot plan o Escape routes o Safety equipment layout o Critical valve list (including locked open and locked closed valves) o Fire and Gas layouts.
Page 19 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
5 HEMP
The hazards and effects management (HEMP) process identifies and asses HSE hazards, implements control and recovery measures and maintains a documented demonstration that major HSE risks have been reduced to a level that is as low as reasonably practicable
(ALARP).
HEMP shall be applied to all activities over which PDO has operational control and shall cover the entire lifecycle of the asset or operation; from concept through to decommissioning and disposal. Work undertaken by a Contractor and under the
Contractor’s own management system shall have a requirement for an equivalent HEMP approach expressly stated in the contract.
HEMP is fundamental to all analysis and assessment elements of the formal HSE activities, and is at the heart of the HSE management system used in PDO. The HEMP process comprises four basic steps:
Systematic identification of hazards, threats, unwanted events and their effects
Assessment of the risks against screening criteria, taking into account the likelihood of unwanted events and the potential severity of the consequences in terms of effects to people, assets, the environment and reputation of PDO
Implementation of suitable risk reduction measures to control or mitigate the hazard and its effects
Planning for recovery in the event of a loss of control leading to an unacceptable effect.
The main objective of HEMP activities is to demonstrate that hazards (and associated risks) have been identified and where the hazard cannot be eliminated the risks are controlled to a level that is tolerable and as low as reasonably practicable (ALARP). The HEMP model is
RISKS TOLERABILITY & ALARP
Identify Assess Control Recover
DOCUMENT
Figure 5-1: HEMP Model
HEMP studies shall be performed by staff who are knowledgeable about the facility and operations and who are competent in the HEMP techniques necessary. The studies shall be planned and implemented in a timely manner to enable the results to be incorporated without incurring avoidable rework and costs. The studies should be documented such that key information and decisions made are transparent and available for future reference.
Recommendations arising from HEMP studies shall be recorded in an appropriate action tracking system.
Page 20 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
5.1 Hazards and Effects Register
Revision: 1.0
Effective: Mar-11
Hazards and their effects on people, the environment, the assets and the reputation of
PDO shall be systematically identified and listed for the full lifecycle of the asset and operations.
The hazards are identified in a Hazard Identification (HAZID) meeting, and the outcome of this meeting is used to develop the Hazards and Effects Register.
PDO use a checklist of potential hazards to populate the Hazards and Effects Register. It is recommended that a multi-disciplinary team facilitated by an experienced person go through the list of hazards and identify those relevant to the specific facility/asset/ operation under consideration. Ideally the team should be made up of Management,
Operations, HSE, Maintenance and Engineering Disciplines (Concept, Detailed Design as appropriate) personnel.
The PDO Risk Assessment Matrix in Figure 2-1 shall be used to assess the hazards and
their severity and frequency of occurrence. The experience of the team will be used to brainstorm hazards known to have been realised from previous experience or thinking whether it is a credible hazard that could occur within PDO operations. This is a subjective process and care must be taken not to over-complicate the process by thinking of multiple events, double jeopardy events or highly unlikely events.
Examples of credible scenarios could include major leak from oil storage tank at MAF, leak at a Booster station on the main oil line, leak from offtake tanker hose, loss of containment from on-plot processing facilities, loss of containment of H2S (affecting both onsite personnel and the general public). Consequences from such incidents usually cover injury/fatalities, fires/explosions, environmental impact, loss of facility and negative impacts on reputation.
For low and medium risk hazards, the controls for the hazards, i.e. permit to work, job safety assessment, operating procedures, competence assessments, tool box talks, etc., are discussed and then added to the Hazards and Effects Register.
Hazards that have been assessed as being a severity 5 or high risk on the risk assessment matrix are then modelled further using bow-tie methodology as described in next section.
See Appendix 3 for the full checklist of potential hazards, and an example of a Hazard
and Effects Register is provided in Appendix 4.
Page 21 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
6 BOW-TIES
Revision: 1.0
Effective: Mar-11
The Hazards and Effects Register documents that all hazards associated with the facility and that control and mitigation measures have been identified. Hazards that have been
assessed as being a severity 5 or high risk on the risk assessment matrix (Figure 2-1) are
then modelled further using bow-tie methodology.
The Bow-Tie is a model that represents how a Hazard can be released, escalate, and how it is controlled. It contains the elements required to effectively manage the Hazard such that the risks are tolerable and ALARP. Bow-Ties can also be used to support risk management of non-HSE processes.
For each severity 5 or high level hazard, the bow-tie methodology allows for:
1. Identification of the hazard release, escalation and consequence scenarios
2. Identification of controls, e.g. barriers and escalation factor controls required to manage the hazards
3. Categorisation of controls into Inherent Safety, Safety Critical Element (hardware) or Critical activity (procedures, processes, operator action)
4. A clear visual representation to enable the ALARP review to be undertaken
5. An aid in the incident review process if occurrence of such a major incident has occurred.
The bow-tie is a model that represents how a hazard can be released, escalate and how it is controlled. ‘Bow-Tie XP’ is the PDO preferred software tool
Figure 6-1: Generic bow-tie model
Page 22 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Table 6-1: HEMP definitions and Bow-tie terminology
ALARP
Barrier
Consequence
Top Event
As Low As Reasonably Practicable (Risk) means that having reviewed all practical alternatives for Major Accident Hazard elimination, Threat Controls and Recovery Measures, further reduction in risk would involve disproportionate cost or resources for the risk reduction achieved.
Barriers prevent or reduce the probability of each Threat (left hand side of the bow-tie), limit the extent of, of provide immediate recovery from the Consequences (right hand side of the bow-tie). Barriers may be hardware, such as safety systems
(e.g. F&G ESD, etc) or management systems and procedures.
Consequences in the bow-tie are a direct result of the Top Event occurring. Indirect consequences, if applicable shall be modelled in a separate bow-tie, Can include potential consequences that have not been heard of in the industry.
Factors that defeat, or reduce the effectiveness of a Barrier Escalation
Factor
Escalation
Factor
Hazard
Threat
Control
Threat Control
Tolerable Risk
Measures put into place to prevent or mitigate the effects of
Escalation Factors.
Any situation with the potential for harm to people, environment, asset or reputation e.g. hydrocarbons under pressure, dropped load.
HSE
Task
Critical An HSE Critical Task develops, implements or maintains the effectiveness and integrity of a Barrier or Escalation Control
Factor in Bow-Ties for Severity 5 or High Risk Hazards. HSE
Critical Positions are those that execute HSE Critical Tasks
HSE
Position
Critical HSE Critical Positions are those that execute HSE Critical Tasks
Major Accident
Hazards (MAH)
Hazards that are classed as High Risk (Red) or severity 5 on the
PDO Risk Assessment Matrix. This means any situation with the potential for major consequences (harm) to people, environment, asset and reputation if released.
Recovery
Measure
Risk
Any measure put in place to manage Consequences and assist recovery from a Top Event.
The likelihood of a Top Event combined with the severity of the
Consequences (The risk is from the Hazard to people, environment, asset and reputation).
Any action or mechanism that could bring about the unplanned release of a hazard.
Any measure put in place to prevent a Threat being successful.
Tolerable Risks are those that have been reduced to a level where they comply with the applicable laws and regulations, standards, strategic objectives and other agreed Tolerability
Criteria.
The first thing that happens when a hazard is released.
Individual bow-ties shall have a single Top Event.
The role of a barrier on the bow-tie diagrams is to prevent (Left hand side of BT) or limit
(Right hand side of BT) the consequence of a major incident. Barriers may be:
Page 23 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
1. Design (inherent) features, e.g. separation distances, reduction of process pressures, minimisation of leak sources, etc. (depicted blue on the bow-tie).
2. Safety Critical Elements (hardware and logic software), e.g. Process Containment
Systems, Pressure Relief Valves, ESD, Fire and Gas Detection, Escape & Evacuation
Systems, Breathing Protection, etc. (depicted green on the bow-tie)
3. Operational Safety Processes, e.g. valve lock out/tag out, breaking containment procedures, permit to work, etc. (depicted yellow on the bow-tie)
4. Operational Intervention Tasks, e.g. Plant Monitoring, Alarm Response, Shutdown, etc.
(depicted yellow on the bow-tie)
Barriers shall be:
1. Effective in preventing the Top Event or Consequence
2. Able to prevent a specific Threat from releasing the Hazard
3. Verifiable – how shall the effectiveness of the barrier be confirmed?
4. Independent of other barriers in the same Threat line, e.g. no ‘common mode failure’.
Hardware Barriers for Severity 5 or High Risk Hazards (HSE) shall be classified as HSE
Critical Elements. Selection of these Barriers shall be in accordance with EP2009-9009
SCE Management Manual [Ref. 10]and is further described in Section 7.
Common barriers or escalation factor controls that appear frequently, e.g. such as those to do with Operator/Human Error, should be modelled using a separate bow-tie to manage the single Thr eat of ‘Operator/Human Error’.
See Section 10 ‘ALARP demonstration’ for further information.
Page 24 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
7 SAFETY CRITICAL ELEMENTS
Revision: 1.0
Effective: Mar-11
A Safety Critical Element (SCE) is any item of hardware, system or logic software the failure of which could cause a major Accident Hazard (MAH) or whose purpose is to prevent or mitigate the effects of a MAH. SCEs groups are categorised according to Shell EP2009-
9009 ‘Safety Critical Element Management Manual’ [Ref. 10]. These groups or barriers
(see section 7.1) contain the definitions of those items that may be classed as safety critical
on any given facility.
Safety Critical Elements shall be selected from these groups during the bow-tie development process. The bowtie diagrams show the SCEs as ‘barriers’ to the MAH. A deliverable of the Bow-Tie development process is a list of SCEs applicable to the facility.
This list shall be further developed as part of a SCE identification process that defines the safety critical components of each SCE barrier.
The role of a barrier on the bow-tie diagrams is to prevent or limit the consequence of a major incident. Barriers may be:
1. Design (inherent) features, e.g. separation distances, reduction of process pressures, minimisation of leak sources, etc.
2. Safety Critical Elements (hardware and logic software), e.g. Process Containment
Systems, Pressure Relief Valves, ESD, Fire and Gas Detection, Escape & Evacuation
Systems, Breathing Protection, etc.
3. Operational Safety Processes, e.g. valve lock out/tag out, breaking containment procedures, permit to work, etc.
4. Operational Intervention Tasks, e.g. Plant Monitoring, Alarm Response, Shutdown, etc.
The SCE management manual [Ref. 10] describes the activities and processes for
managing the critical hardware barriers (SCEs) that appear in the MAH bow-ties.
7.1 SCE (Hardware) Barriers
Each SCE is grouped under one of 8 hazard management barriers, as depicted in the
Swiss Cheese Model (Figure 7-1). The hazard management barriers are as follows:
Structural Integrity
Process Containment
Ignition Control
Detection Systems
Protection Systems
Shutdown Systems
Emergency Response
Life Saving Equipment
Each SCE belongs to one hazard management barrier. Generally, the Structural Integrity,
Process Containment and Ignition Control SCEs together with some aspects of the
PSD/ESD system, reside on the left hand-side of the bow-tie top event. Failure of any of these barriers could cause or significantly contribute to a MAH. The remaining SCEs normally reside on the left hand-side of the bow-tie top event. These SCEs are provided to control or mitigate the effects of a MAH after it has occurred.
Page 25 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Figure 7-1: SCE Hardware Barriers and SCE Groups
The hardware barriers in Figure 7-1 are depicted with a number of small holes that
represent an integrity failure either in design or operating performance. On their own, these failures may not be significant but, if the holes line up, there may be no effective barriers in place between safe operations and escalating consequences, leading to a major incident.
For example, a loss of containment in a sweet gas facility would not normally be expected to cause fatalities unless it is ignited. An integrity failure in the process containment system combined with a failure in the ignition control system could cause an ignited event, i.e. a fire or explosion. If there are no personnel in the area then this in itself would not cause fatalities. However, if there are integrity failures in the fire and gas detection system then the event may not be detected and the process system not isolated and the event may have the potential to escalate to adjacent inventories. This would also be the case if an ESD Valve or Blowdown Valve failed to operate on demand.
Finally, if adequate assembly points and EER systems such as emergency telecoms are not provided or are not suitable, then personnel may not be evacuated quickly enough and the process release would have the potential to cause fatalities. The example shows that a number or what on their own would sometimes be considered as ‘minor failures’ have combined to produce a Major Accident causing fatalities.
Page 26 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Figure 7-1 shows the importance of maintaining and monitoring and ensuring the
integrity status of all hardware barriers, so that what might be considered to be relatively small faults in individual barriers do not combine together in an unforeseen manner that compromises the ability if the barriers to prevent or control a major incident.
Note that it is not necessary for all barriers to fail to lead to a major incident. For example, failure of a single barrier such as process containment on a high sour facility may lead directly to major incident.
Each SCE is attached to a relevant discipline who are designated as the owner of the associated Performance Standard.
7.2 SCE Selection
SCEs should be colour coded green on the Bow-tie and the specific SCE category denoted beneath the barrier that appears in the Bow-tie.
The process for selection of SCEs starts with a review of the generic list of SCE’s
provided in the SCE Management Manual [Ref. 10] to identify those SCEs that are
applicable to the facilities, for each of the identified Major Hazards. The list of selected
SCEs shall be reviewed and agreed by the relevant discipline engineers during the define phase.
ss for the selection of SCE’s.
The HSE Case shall contain a list of the SCEs identified in the bow-tie diagrams as per
the table provided in Appendix 5.
The HSE Case shall contain a table showing each SCE against the MAH bow-ties where they appear as hardware barriers, and an example is shown for the SCE group ‘Process
Contai
Page 27 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Generic List of SCEs
EP9009-2009
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Could failure of this element cause a MAH?
Ye s
This item is a
Safety Critical
Element .
No
Could failure of this element contribute substantially to a
MAH?
No
Ye s
Is the purpose of this element to prevent a
MAH?
Ye s
This item is not a Safety
Critical
Element.
No
Is the purpose of this element to limit the effects a
MAH?
No
Figure 7-2: Selection Process for Safety Critical Elements
Ye s
7.3 Performance Standards
A Performance Standard is a statement, which can be expressed in qualitative or quantitative terms, of the functional performance required of a SCE, and which is used as the basis for managing the risk from the Major Hazards. Defining and ensuring compliance with suitable Performance Standards provides assurance that the SCE is and will remain a barrier to the identified MAH.
Generally, the SCEs and Performance Standards follow a one-to-one relationship where each SCE has its own Performance Standard.
Performance Standards are used as the basis for design and technical (operational) integrity verification and are expressed in terms of functionality, availability, reliability, survivability and dependencies/interactions with other SCEs.
Functionality
Functionality is an expression used to define what the system or equipment is required to achieve in order to ensure design integrity.
Reliability and Availability
Reliability is defined as the required probability that the system or equipment will operate on demand, when required.
Availability is defined as the extent to which the system or equipment is required in order to retain its functional integrity.
Page 28 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Survivability
Survivability defines the external loading events such as fires, explosions or extreme weather, associated with the various MAHs against which the system or equipment is required to retain its functional integrity.
Dependencies and Interactions
This is used to identify other systems or equipment that are critical to the functionality of the primary system or equipment. By identifying these dependencies and interactions it is ensured that all interfaces have been covered.
There are two types of Performance standards;
Design Performance Standards. Design Performance Standards must be developed during the Define phase. They shall provide a list of key functional criteria to which the SCE must comply with during the design. In practice the content of the performance standards will be largely taken from the design and engineering standards that apply to the item or SCE. However, other information may be taken from the basis for design, the design philosophies, or the results of workshops and
HEMP Studies such as HAZID/HAZOP, Design Review, Layout Reviews, Fire &
Explosion Analysis, QRA, IPF, SAFOP, etc.
The Design Performance Standards will mature further during the execute phase and will check that the SCEs have been constructed as designed. The existing QA/QC procedures and practices should be used to support the Design Performance
Standards. The design must take into account operational demands so that suitability can be ensured into the operate phase.
The Design Performance Standards will evolve into Operate phase Performance
Standards at the end of the execute phase before handover.
Operations Performance Standards. The Operate phase Performance Standards for
SCE’s should evolve from the Design Performance Standards. These Performance
Standards are formatted to comply with the requirements of SAP-PM and SAP-QM in terms of minimum assurance tasks, assurance measures, assurance value and units of measure for the correct allocation to the appropriate level in the asset hierarchy.
Examples of the two types of Performance Standard are provided in Appendix 7 and
7.3.1 Performance Standard Approval
Each performance standard is allocated an ‘owner’. The owner is responsible for ensuring that the content of the performance standard is appropriate and achievable. The performance standard owner is normally the CFDH for the items covered by the SCE.
However, the CFDH may delegate the review and approval of their performance standards to the relevant TA2.
Page 29 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
8 HSE CRITICAL TASKS
Revision: 1.0
Effective: Mar-11
An HSE Critical Tasks is one that is in place to develop, implement or maintain the effectiveness and integrity of a Barrier, Escalation Factor Control or Recovery Measure
Control in the MAH bow-ties.
An HSE Critical Position are those that execute HSE critical tasks.
The minimum information required for a HSE critical task shall be:
The description and purpose of the HSE critical task required
The person (position and reference indicator) responsible for performing each task
Reference to supporting documentation, e.g. work instructions, SAP, procedure, etc
The method and criteria to verify that the task is performed as required to maintain barrier effectiveness.
HSE critical tasks should be developed to the level of the party responsible for ensuring that tasks are completed on time and to the required standard, e.g. Managers, Supervisors and
Specialists – the position responsible for ensuring that the task is done and not the person who is actually undertaking the work.
Bow-tie XP software enables the HSE critical tasks to be linked to the relevant barriers.
Inspections and preventative maintenance activities for hardware SCEs are implemented via the Maintenance Management System, i.e. SAP. The task information is contained within the task description in SAP for all SCE barriers and is NOT listed as an HSE critical task, and is considered part of the hardware barrier itself. This applies to for example maintenance and calibration of a gas detector.
Implementation tables shall be developed for each HSE Critical Position. The implementation tables describe each HSE Critical Task, its supporting business controls and the business records required to verify that the task is being adequately executed. The implementation tables also provide a link to relevant barriers (HSE Critical Activities) and hazards on the Bow-Tie diagrams.
See Appendix 9 for an example extract from an Implementation table. Communication of
HSE Critical tasks to affected people in affected position is the responsibility of the HSE
Case Custodian.
Page 30 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
9 MATRIX OF PERMITTED OPERATIONS (MOPO)
Revision: 1.0
Effective: Mar-11
A matrix of permitted operations (MOPO) is an information tool to assist Supervisors and
Line Managers during the planning and coordination of operations and activities by providing useful information on:
The operation or activity operating envelope and safe operating limits.
Actions(s) to take if/when certain situations arise that could compromise safe operations.
The MOPO is a set of matrices that maps operational activities against foreseeable situations that if or when they arise could compromise safe operating limits – these situations are identified from:
The Threats and Escalation Factors identified as part of the Bow-tie assessments for severity 5 and high risk hazards.
An assessment of other operations and activities that could contribute to the escalation of an incident, e.g. continuing with hot work when fire pumps (a safety critical element (SCE)) are unavailable.
Circumstances that could compromise safe operations are grouped into three categories:
Simultaneous operations (SIMOPs), where large work parties under different management structures carry out work which results in hazards that may impact the other. e.g. removal or overhaul of equipment and/or production and/or construction and/or drilling in the same area (MOPO entitled SIMOPs MOPO)
External influences, e.g. extreme weather, visibility, security issues (MOPO entitled
Adverse Weather MOPO)
Inactive safeguards; i.e. SCE unavailability or impairment, e.g. ESD systems, firefighting systems (MOPO entitled SEC Impairment MOPO).
The MOPOs shall identify and differentiate between ‘stop’ (red) conditions, i.e. operation
NOT permitted and what are ‘proceed with caution’ (amber) conditions, i.e. continue following appropriate risk assessment and provide additional controls where necessary. All other activities in the MOPO that do not require further assessment or controls are denoted
‘safe to proceed’ (green).
For developing a new MOPO or reviewing and updating an existing MOPO, refer to
9.1 Using the MOPO
Copies of the MOPO shall be readily available in a suitable format (poster size, laminated, etc) and displayed in the control room and other operational and job planning
/coordination areas.
The MOPO shall be referred to during both routine work planning and coordination and in responding to unforeseen conditions.
9.2 Deviations from the MOPO
In event of a situation arising where the preferred option is contrary to that given in the
MOPO, this shall be assessed and approved by the Delivery Team Leader and relevant discipline authority as defined in DCAF. In the event of a SCE being impacted, relevant discipline authorities shall also be consulted using the FSR process.
Page 31 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
10 ALARP demonstration
Revision: 1.0
Effective: Mar-11
10.1 ALARP Definition
ALARP (As Low As Reasonably Practicable) allows a proportional level of effort to be put into risk reduction once the initial level of risk has been assessed for a particular operation or process. The ALARP principle is used to determine whether risks are broadly acceptable, tolerable or intolerable via comparison against company risk criteria.
The use of the ALARP principle requires judgement to determine whether or not risk levels are as low as reasonably practicable. ALARP can be demonstrated when the sacrifice (cost, time, effort) required to reduce the risk any further, would be disproportionate to the risk reduction potentially achieved (the benefit). The term
‘sacrifice’ relates to the time, effort and/or cost of the complete implementation and future maintenance and operation of the particular risk reduction measure in question. ‘Benefit’ relates to the level of risk reduction offered by a risk reduction measure. ‘Reasonably practicable’ is the balance between the sacrifice and benefit of implementing the risk reduction measure, or suite of measures.
ALARP justification also requires demonstration that all risk reduction measures assessed as reasonably practicable have been implemented. The use of ‘reasonably pr acticable’ uses a goal setting approach to risk reduction rather than a prescriptive one.
This is a standard approach for all high risk industries including the oil and gas industry.
ALARP demonstration can be based on a comparison of the suite of barriers and control measures that are in place, versus those expected to be seen in equivalent assets or industries. This represents ‘good practice’ and can be identified as standards for controlling risk that have been judged and recognised as satisfying a particular set of laws or regulations. In the absence of a developed regulatory system, company standards, corporate global standards, best engineering practice and engineering judgement may be used as a basis for comparison.
For ALARP to be demonstrated, all hazards and risks must have been identified as far as
practicable and assessed against the PDO Risk Assessment Matrix (RAM) (Figure 2-1)
and as described in Section 5. This provides a prioritised listing of hazards. As a
minimum, all Major Accident Hazards (High Risk and Severity 5 hazards) shall be
subjected to Bow-Tie analysis as described in Section 6. This is a qualitative approach to
demonstrating ALARP using the engineering, process, Process Safety and HSE knowledge and experience of the selected workshop group.
In addition to this approach, ALARP demonstration can employ a combination of qualitative and quantitative techniques dependent on the novelty, complexity and type of process or project under assessment. The HSE Cases are assessed in line with the
Framework for risk related decision support in PDO as shown in Figure 2-1 and the level
of risk assessment performed proportional to the level of risk associated with the process or project.
Refer also to GU-
648 “Guide for Applying Process Safety in Projects” [Ref. 4] and CP-
117 “Project Engineering Code of Practice” [Ref. 6] for further description of ALARP
requirements.
Page 32 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
10.2 How to Undertake an ALARP Assessment
10.2.1
Revision: 1.0
Effective: Mar-11
Principles of Hazard Management
The hazard management hierarchy as shown in Ошибка! Источник ссылки не найден.
is used to manage HSE risks and shall be referenced when demonstrating
ALARP. .
Nevertheless, all hazard management controls should be considered at each stage of the development.
Eliminate –
Eliminate –
Eliminate the hazard
10.2.2
Use processes or methods with lower risk impact
Isolation / Separation –
Engineered Safeguards –
Engineered Safeguards –
PREVENTION Design to prevent an unwanted event
RECOVERY Design to mitigate harmful consequences
Organisational Controls –
Training, Competency, Communication
–
Procedural Controls quantitative terms
Personal Protective Equipment
Protect the person
–
N/ A
– there is no PPE effective against explosion
Figure 10-1: Hazard Management Hierarchy
The strategy selected for managing a hazard will differ depending on the project phase, and this principle shall form part of the evaluation when making ALARP demonstrations.
As the opportunity for influencing the facility design is greatest during early design phases, the focus shall be on elimination or substitution of the hazards. This typically applies to Identify& Assess and Select phases of the ORP process.
As the project matures into Define and Execute, there is less opportunity to apply elimination or substitution and hence the predominant hazard management controls consist of isolation/separation and engineering solutions that can be put in place.
Once a facility becomes operational, the hazard management will largely focus on the organizational and procedural controls. PPE is generally regarded as the last principle of hazard management and therefore also the least effective.
Good Engineering Practice
In most situations, deciding whether HSE risks have been reduced to ALARP involves a comparison between the control measures a project is proposing and the measures PDO would normally expect to see in such circumstances i.e. the requirements of relevant good practice captured in Company specifications and procedures listed in GU-611.
Page 33 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
10.2.3
10.2.4
The scope for eliminating hazards and threats and reducing the scale of consequences is greatest at the beginning of the project and progressively reduces as the project develops. In part this is because the cost and difficulty of delivering a given risk reduction solution increases as the project develops. ALARP
demonstrations must be robust for each of the HSE Cases as per Figure 3-1.
CP-122 “Health, Safety and Environment Mgmt System – CoP” describes application of the AI-PSM process from CCPS RBPS within PDO to demonstrate compliance to good engineering practice and to ensure that risk levels are ALARP. This is made
via demonstrating compliance against the 20 Process Elements shown in Appendix
Good Engineering Principles
Company specifications and engineering standards should be followed unless there is sound justification, and then consideration given to whether there is any more that can be done to reduce the risk. If there is more that can be done, these further measures need to be assessed by comparing the risk reduction with the cost and effort involved in further reducing it.
Simply following standards does not in itself demonstrate ALARP, particularly for more complex or novel projects, where additional considerations shall be made.
HEMP Studies
HEMP studies undertaken during the select, define, execute and/or operate phases of the development are used to assess risk levels and identify any further risk reduction measures.
Applicable HEMP studies for each project phase are defined in DCAF.
10.2.5 ALARP Review
In assessing the risks associated with the Design or Operations HSE Case hazards, a qualitative review of the Bow-ties shall be undertaken. The review shall be led by an experienced facilitator and the review team shall be comprised of experienced staff from the following areas of expertise: o Engineering o Process o HSE o Maintenance o Operations o Management o Asset stakeholders.
Each of the threat lines in the bow-ties shall be reviewed in turn and the discussion should cover such questions such as: o Does industry best practice state what should be done or make any recommendations? o Can a benchmark exercise be undertaken against other operators and similar controls implemented? o Where are the gaps/shortfalls and what action needs to be taken to address these
gaps/shortfalls? See Section 11.2.
o Is there sufficient quantity and quality of barriers? o Is there anything else that can be done to further reduce the risk?
Page 34 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Both barrier effectiveness and the number of barriers contribute to the overall effectiveness of control, although in general, the effectiveness of individual barriers is more critical.
The number, independence and reliability of the control and recovery measures shall be commensurate with the risk.
By approaching the bow-tie review in this systematic fashion, the barriers can be challenged in terms of completeness and adequacy and gaps identified and addressed so that the review team is satisfied that the risks arereduced to ALARP.
The HSE Case process enables an ALARP argument to be formulated although in isolation, a complete ALARP argument cannot be made. The claims made against the numbers, quality, performance and location of the barriers must also be verified.
This verification of the safeguards (both hardware and procedural controls) is performed via AI-PSM audit and the TR-MIE and TI-HBV processes. These processes substantiate the claims made within the Bow-Ties and MOPO in terms of barrier integrity and performance.
10.3 Assessment of Complex Decisions
Demonstrating ALARP shall involve consideration of fundamentally different options to provide assurance that the Company gets the best value for money over the lifetime of the facility. The assessment of fundamentally different options normally takes place in the identify, assess and select phases.
Assessment of complex decisions requires consideration of all the hard and soft issues related to a range of options and should reflect a decision taken at the right level in the organisation with full knowledge of all the options and their associated risks and costs.
The following structure is recommended for documenting ALARP demonstration for complex project decisions:
1. IDENTIFY a. Problem Definition b. HSE Issues and Potential Risk c. HSE Standard & Tolerability Criteria
2. ASSESS a. Options Considered b. Basis for Selection and Uncertainties c. Justification for Chosen Option
3. CONTROL & EVALUATION a. Residual HSE Risks b. Recommendation for Next Project Phase c. Requirements for the Operations HSE Plan/Case
The ALARP demonstration for such decisions shall be signed by the person developing the demonstration as well as relevant discipline Technical Authorities.
Page 35 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
11 OPERATE PHASE CONTINUOUS IMPROVEMENT
Revision: 1.0
Effective: Mar-11
11.1 Drivers for Improvement
Key Performance Indicators (KPIs) have been established for the AI-PSM programme within PDO. AI-PSM KPIs consist of: o A set of KPIs defined by Operational and Functional Leadership, collected on a uniform basis at all assets (Corporate KPIs). o Any additional asset-specific KPIs targeted at the key risks of that asset.
Typical AI-PSM KPIs include: o Number of Process Safety incidents reported YTD. o Number of Process Safety near misses reported YTD. o Percentage compliance with Level 2/3 audit schedule. o Number of deviations/non-compliance with PTW discovered during worksite visits (in the quarter). o Number of approved waivers, forces and safeguarding overrides in place. o Safety Critical Element corrective maintenance compliance. o Safety Critical Element preventive maintenance compliance. o Number of overdue actions arising from Process Safety studies (HAZOP, OBRA,
FERM, TI-HBV, PSBR, Incident investigations, LEVEL 1/2/3 AI-PSM audits, PSUA). o Number of SCEs that failed to meet Performance Standard (per quarter).
11.2 Remedial Actions
Action items can be raised during compilation of a new HSE Case or review and update of an existing HSE Case. These areas for improvement in the systems or controls in place to manage Major Accident Hazards need to be addressed to ensure that operations continue to be maintained at ALARP.
All action items raised shall be reviewed and approved by the action party and the HSE
Case Custodian prior to be entered into the HSE Case and the action tracking system
(FIM) for close out. The HSE Case Administrator is responsible for ensuring that actions are closed out in a timely manner. The HSE Case Custodian has overall responsibility for ensuring all technical information within the action close out is correct and complete.
Target dates are dictated by the most reasonably practicable timescale within which the actions can be completed. Items in the remedial action plan (RAP) must be rectified in accordance with the timescales set out. Where an action is not to be taken because the cost and resources required to complete the action are not considered reasonably practicable in view of the benefits gained in risk reduction (ALARP evaluation), this is stated in the RAP.
Page 36 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
11.2.1
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Qualitative Analysis of RAP Items
Risk reduction measures, and in particular those warranting the implementation of additional safeguards, shall be compared against a simplistic cost benefit matrix, as
detailed in the ‘Cost, Benefit, Effort Multiplier’ in Table 11-1. This results in each of
the potential risk reduction measures being categorised as: o Do - Implement the option o Study - Investigate the option further and implement if practicable o Pass – Review category to confirm rating, if still assessed as Pass, record decision making process and do not invest further effort. Review in future for practicability.
The decision on whether to take the action shall be dependent on the resulting score. The multiplication results in a numerical score from 1 (most attractive) to 27
(least attractive).
The result of this iterative process shall be tabulated in the Remedial Action Plan within the HSE Case.
Table 11-1: Cost * Benefit * Effort Multiplier
Score
Cost (over 3 years)
Benefit
Effort
1
<$50K
High
Quick fix
2
$50-$500k
Medium
Simple Fix
3
>$500k
Low
Complex
Solution Matrix
Cost x Effort
H Benefit
1
M Benefit
2
L Benefit
3
1 1 2 3
4
6
9
2
3
4
6
9
2
3
4
6
8
12
18
6
9
12
18
27
Sample Score Assignments
Range
1-4
6-9
12 or greater
Proposed Action
Do
Study
Pass
Page 37 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
11.2.2
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Interpreting the RAP
The remedial actions shall be included in a table as described below so that actions and targets appear in a consistent format.
Table 11-2: Example Remedial Action Plan
Item no.
1
Bowtie ref.
Action
Description
Strategy to
Achieve the
Action
Measure /
Indicator
C B E S
Reso urce
Action
Owner
Target
Date
Comments
/ Status
H-01.005b
H-01.003a
H-01.003d
H-01.005d
H-04.002
H-10.016
Ensure compliance of speed limits inside NRPS.
Speed limits within NRPS are currently not complied with.
Develop implement program reinforce and to awareness speed inside NRPS. of limits
Conduct drive to further communicate hazards of speeding within
NRPS.
Implement PDO consequence management procedures for speeding.
Install speed limits signs (if not present).
Developed and implement program to reinforce awareness of speed limits inside NRPS.
PDO consequence management procedures for seeding implemented.
Speed limits installed (if required).
1 2 1 2 OSO OSS Q1’09 Closed
12/09/2009
PDO consequen ce matrix implemente d. Drive for road safety
(within the
4MW).
Various campaigns and posters displaying consequen ces for breaking road rules
(includes speeding).
Table 11-3: Interpreting the RAP
TITLE
Action No
Bow-Tie Ref
SCOPE/COMMENTS
Sequential action number or FIM reference
Reference number of the Bow-Tie diagram where the action was raised
Action Description Description of action
C
B
A qualitative assessment of the cost of implementation, derived using the Qualitative
A qualitative assessment of the HSE benefit from implementation, derived using the
Qualitative ALARP matrix (Section 0)
E
S
A qualitative assessment of the effort of implementation, derived using the
Qualitative ALARP matrix (Section 0)
A qualitative score derived using the Qualitative ALARP matrix (Section 0)
Action Resource
Action Owner
The person responsible for carrying out the action
The individual who is accountable for the completion of the action.
Date Action Was
Logged
The date when the action was raised.
Target Date
Comments/Risks
Date at which the target will be reached and action completed. Timescales can be revised at the annual review stage of the action plan. If an action is no longer applicable and/or the target cannot be met, clear reasoning and steps to resolve must be given.
Opportunities and risks if action is not undertaken.
Page 38 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
12 STATEMENT OF FITNESS
A Statement of Fitness is required by CP-117 [Ref. 6] and CP-122
“HSE Management
Manual” and shall be included in the HSE Case.
A Statement of Fitness shall be developed for the Assets prior to teh pre start up audit for a project, before starting or commissioning a new Asset or a modification to an existing Asset.
Table 12-1 contains each element of the Statement of Fitness together with a guide to
minimum requirements for demonstrate compliance with each element. Further guidance is provided in GU-648.
Table 12-1: Statement of Fitness
REQUIREMENT DEMONSTRATION
Process Safety Risks have been identified and documented and are managed to ALARP
HSE Risk studies including HAZOP, HEMP, FERM and Bow-Ties have been completed
ALARP demonstration has been made for the asset
ALARP demonstration includes assessment of
SIMOPS and development of a MOPO
Risk register and Risk Management Plan in place
An Emergency Response Plan addressing each of the identified Major Accident Hazards has been developed and is routinely tested
Critical PCAP deliverables
No outstanding unapproved variations to DEM1,
DEM2 or actions from ALARP workshops
Employees or Contractors executing
HSE Critical Activities are competent and fit to work
Operator competence assurance plans with HSE critical roles indentified in job descriptions
Personnel in HSE Critical roles are fit to work
TA approval framework is in place (DCAF or similar)
Safety Critical Equipment meets its
Technical Integrity Requirements
SCEs have been indentified and documented and included in the HSE Case
Performance Standards have been developed for all identified SCEs and approved by TAs
PCAP in place & followed
TIV Report (assurance and verification of the SCEs) finalized – all punch listed items closed out
Design and Construction of new Assets and modifications to existing Assets meet design and engineering requirements
All requirements of DEM 1 are met – a derogation register is maintained where DEPs cannot be satisfied
Critical documents and drawings are prepared and approved.
Well Handover Document completed
Process Safety Basic Requirements are met
All applicable PSBRs are met (DEM2)
Procedures are in place to operate
Safety Critical Elements within its
Operational Limits.
The Asset Register, Safety Critical
Elements (SCEs), SCE related
Performance Standards (PSs) acceptance criteria and Maintenance /
Operations procedures are in place
Integrity operating envelopes and Alarm Catalogues are completed
Protection Device (Trip) settings in place, including wells
Operations Procedures in place
Performance Standards and maintenance/ inspection routines are current and uploaded to SAP
Page 39 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
REQUIREMENT DEMONSTRATION
Inspection Routines are identified and loaded into the maintenance management system (SAP).
Asset register is current and uploaded to SAP
CMMS and SCE Management system is populated and available
Corrosion management plans are in place
Well integrity management is in place
FSR is in place
Modifications are complete and have been managed via the Management of
Change process (PR-1001)
Management of Change (MOC) Process is documented
Staff in HSE Critical Positions are trained and a log maintained
MOC procedures are in place and used
A change register is maintained
HSE audit and inspection programmes test compliance with the AI-PSM and
HSE Case Standards
Level 1, 2 and 3 audits are scheduled and completed as per the HSE Business Plan
Audit findings are internally communicated to all levels in the organisation and a RAP developed
Page 40 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
13 MANAGEMENT OF CHANGE
Revision: 1.0
Effective: Mar-11
All PDO Operations HSE Cases shall be reviewed on an annual basis (by year end) to ensure that all the following sections of the HSE Case remain true and valid to operations.
It is the responsibility of the Delivery Team Leader as the HSE Case Custodian to ensure these updates are completed, with support from the HSE Case administrator.
Bow-tie assessment o Have any new severity 5 or high level risks been identified? o Are all barriers still valid? o Have any new barriers been identified? o Are all barriers correctly categorised (Inherent Safety, SCE, Critical Activity)?
SCE listing o Is the hardware barrier correctly identified as an SCE? o Does the barrier have the correct SCE identifier attached? o Are all the performance standards complete and up to date? o Has all SCE been entered into the Asset Register? o Has the task information embedded within the system been added to the HSE
Critical Task information?
HSE Critical Tasks o Has there been any Directorate/Departmental re-organisation? o Are all the reference indicators and positions still current? o Have all personnel signed off to say they are aware of their tasks (annual requirement) and that their assigned tasks are correct?
Remedial Actions o Are any of the remedial actions overdue? o Do any of these open action items compromise safe operations of the plant as signed in the Statement of Fitness?
Statement of Fitness o Annual review of the Statement of Fitness to ensure that it is correct and accurately reflects the status of operations. o The Statement of Fitness shall be signed off by the HSE Case Custodian after each review.
Other changes that may trigger a revision to the Operations HSE Case are listed below: o As part of a Material Change to the Facility, operation or surrounding environment that may have a potential impact on the risk profile o When it cannot be verified that the performance of safety critical elements (SCEs) meet the performance standards and/or when mitigation measures have been employed for extended periods to compensate for this shortfall o Prior to any material changes to the organisational arrangements or personnel levels
Page 41 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11 o Following a major incident involving the Facility or operation, or from lateral learning from other major incidents applicable to the Facility or operation o Enhancements in knowledge or technology that change the basic assumptions on which the risk tolerability and ALARP demonstrations are based o Updated HEMP study findings/results o If there is a change to any of the signatory parties for the HSE Case, i.e. HSE Case
Owner (Director), HSE Case Custodian (Delivery Team Leader) or HSE Case
Administrator (Technical Safety Engineer)
All identified changes to the HSE Case, whether as a result of a periodic review or any of the other criteria listed above shall be assessed by the HSE Custodian, the Technical
Safety Engineer and the HSE Case administrator (where this is not the TSE). Where relevant, the change should also be assessed by a discipline Technical Authority.
The roles and responsibilities for changes to the HSE Case and how these changes shall
be recorded are further described in Appendix 11.
Page 42 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
14 CONCEPT SELECTION REPORT
The Concept Selection report forms the basis for the engineering activities in the Define phase. It clarifies the context in which the selection decision has been made, the data that have been used, the alternatives that have been studied, and the values and trade- offs between alternatives.
The purpose of the HSE content of the Concept Selection report is to:
1. Demonstrate that there has been a systematic application of HEMP during the
Identify & Assess and Select Concept phases of the ORP [18] for each option being considered;
2. Confirm that the lowest risk option have been actively sought and selected; or alternatively, demonstrate that the cost/effort required to adopt the lowest risk concept is grossly disproportionate to the benefit (ALARP).
The HSE content of the Concept Selection report shall include: o Reference to descriptions of the options being considered; o A Hazards and Effects Register in accordance with EP Tool ‘Hazards and Effects
Register’ [14] for each development option considered; o Summary of the risk profiles associated with each option; o A summary of the HEMP studies and key assumptions that have been made in the
Hazard identification and risk assessments studies; o Summaries of the philosophies and measures implemented during this phase to reduce residual risks to ALARP o The justification that the selected option shall present the lowest overall risks, or alternatively, the ALARP demonstration showing that the cost/effort required to adopt the lowest risk concept is grossly disproportionate to the benefit; o Any issues that may have an impact on the risk profile and so need to be addressed during the Define and Execute phases. o Summary of rejected options with a description of reason for not pursuing the respective options. o SIMOPS considerations for Sour projects
Relevant HEMP studies will depend on the nature, size and complexity of the project.
Large and complex projects will typically require a separate ALARP demonstration report to meet the above requirements.
Page 43 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
14.1 DCAF Deliverables for Identify, Assess and Select Phases
Revision: 1.0
Effective: Mar-11
Individual components of the Concept Select Report are required deliverables under the
Discipline Controls and Assurance Framework (DCAF). The Concept Select Report is itself a required DCAF deliverable.
The full list of HSE DCAF deliverables for the Select phase which should be produced and signed off individually by the relevant competent person/Technical Authority is given below. Ensure DCAF is consulted for latest version of specified deliverables and the
Discipline Authority Manual (TAs): o ALARP Demonstration Report o HEMP Findings and Close out Report o HAZID Report o Concept Risk Assessment Report (i.e. the Qualitative Risk Assessment (QRA)) o Preliminary Hazard and Effects Register o Greenhouse Gas (GHG) and Energy Efficiency Report o Fire and Explosion Assessment o Sustainable Development Strategy o Regulatory Compliance and Permitting Plan o HSSE and SP (Social Policy) Plan o HSSE and SP Philosophy Document
The Concept Select Report shall contain summaries and/or references to all the above documents.
Page 44 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
15 DESIGN HSE CASE REQUIREMENTS
Revision: 1.0
Effective: Mar-11
The Concept Select Report is the starting point for developing the Design HSE Case as it describes the Identify & Assess and Select phases in detail.
The Design HSE Case focuses on the chosen concept through the Define and Execute phases and is a DCAF Deliverable. It must be signed off by the project management prior to VAR4 (for FEED) and prior to the Pre-Start Up Audit for HSE Cases at the end of detailed design. The final design HSE Case is used as part of the ALARP demonstration in the
Operations HSE Case.
15.1 Basic Requirements
The Design HSE Case: o Is required to demonstrate that there has been a systematic application of HEMP during the Define and Execute phases and that the risk has been actively and systematically reduced to ALARP o shall incorporate any design changes made during the Define and Execute phases that impact severity 5 or high level hazards and updating the risk tolerability and
ALARP demonstrations o shall
incorporate a full list of safety critical elements (SCEs) with relevant performance standards (SCEs shall be identified in accordance with EP2009-9009) o shall
be signed off by the Project Manager o shall
be used to develop the Operations HSE Case prior to the pre-start up audit
(PSUA) and subsequent operate phase
15.2 Format
The Design HSE Case shall be based on the following structure: o Contents o Part 1 Introduction o Part 2
Concept Select Report
Summary o Part 3 Design Basis & Facilities Description o Part 4 HEMP and major accident hazard (MAH) assessment (including ALARP
Demonstration, safety critical elements (SCE) and Bow-ties) o Part 5 Improvement (Remedial Action Plan)
15.2.1 Contents
This part shall contain: o Document authorisation, identification of the HSE Case Owner, HSE Case
Custodian, and HSE Case Administrator and their responsibilities o Version control, showing the scope of each revision o Signed off Statement of Fitness for the Design HSE Case by the HSE Case Owner
(usually the Project Manager).
The Statement of Fitness is signed on the understanding that all remedial actions outlined in Part 5 of the Design HSE Case are, or will be, closed out effectively by their action target dates.
15.2.2 Part 1 Introduction
Part 1 shall:
Page 45 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
15.2.3 o Describe the scope of the Design HSE Case o State the relationship with the HSE Management System (HSE-MS) Manual, CP-
122 o Provide a summary of the change control process applied trhough the various stages of the project. o Include a project summary
Part 2 CSR ALARP demonstration Summary
Part 2 shall contain a summary of the ALARP demonstration in the Concept Select
Report which describes the process from the Identify & Assess phase to the Select phase and the selection of the chosen concept. This includes a list of supporting safety studies undertaken.
15.2.4 Part 3 Design Basis & Facility Description
Part 3 shall contain: o A detailed description of the chosen concept, including site selection, plant layout, material selection, etc., including a project overview to show boundaries of the
HSE Case o A description of all of the safety critical elements and any other safety systems provided. o A list of all DEPs, codes, standards and specifications used in the design o A summary description and reference to, the Operations and HSSE Philosophies, including manning strategies and philosophies o A list of identified HSE risks from the Project Risk Register. o A list of the MAH associated with the facilities o A Variance Register, or reference to it, providing justification why the engineering standards or specifications for the project deviate from applicable Design
Engineering practices (DEP) o A list of all safety critical elements (SCE) - defined as hardware barriers on the bow-ties (in accordance with EP2009-9009)
15.2.5 Part 4 Hazards & Effects Management Process
Part 4 shall contain: o A Hazard and Effects Register containing details of all severity 5 and high risk hazards and an assessment of each hazard including the key assumptions
(assessed using the PDO risk assessment matrix in Figure 2-1)
o Bow-Tie diagrams for severity 5 and high risk hazards, with barriers categorised as inherent safety, safety critical element (SCE), procedural control and remedial action/shortfall o ALARP Demonstration, to state how the qualitative Bow-Tie assessment has been reviewed to ensure all applicable measures to reduce risk to tolerable and ALARP have been assessed and implemented o Details of utilised HSE Risk Tolerability, Acceptance Criteria, and ALARP
Framework o Summaries of the philosophies and measures implemented during the Design phase to reduce residual risks to ALARP o Summary of HEMP studies undertaken since the Concept Select Report, e.g.
Hazard Identification studies (HAZID), Hazard and Operability studies (HAZOP),
Instrumented Protective Function (IPF), plant layout study, Quantified Risk
Assessment (QRA), Health Risk Assessment (HRA) Human Factors Engineering
(HFE), consequence modelling, EER Assessment, etc.
Page 46 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11 o A summary of practical risk reduction measures and their implementation unless demonstrated not reasonably practicable. These may be represented on ALARP
Worksheets. o Any issues that may have an impact on the risk profile and so need to be addressed during the Operate phase
15.2.6
See Sections 5, 6 and 10 for more details on undertaking HEMP, Bow- Ties and
ALARP Demonstrations, respectively.
Part 5 Improvement (Action Plan)
Part 5 shall contain an action plan that is SMART (specific, measurable, agreed, realistic and timely) which lists all the actions to be carried forward to, and dealt with, in the Operations HSE Case.
All remedial action items arising from review and update of the HSE Case shall be accepted by the appropriate action parties and approved by the HSE Case
Custodian (Delivery Team Leader).
Following approval, the action items shall then be entered into the PDO action tracking system to be formally tracked and closed out. At the time of issue of this
Specification, the Fountain Incident Management (FIM) system is used for tracking actions from HSE Cases.
See Section 11 for more details on continuous improvement.
15.3 DCAF Deliverables for Define and Execute phases
Many of the individual components of the Design HSE Case are required deliverables under the Discipline Controls and Assurance Framework (DCAF) (note that the Design
HSE Case is a required deliverable in itself).
Some deliverables may simply require an update of the DCAF deliverable from I/A and
Select phase. The Design HSE Case shall contain summaries of, and/or references to, the following HSE DCAF deliverables for the Define and Execute phases: o ALARP Demonstration Report (Final) o HEMP Findings and Close out Report (updated) o HAZID Report (updated) o Concept Risk Assessment Report (i.e. the Qualitative Risk Assessment (QRA) updated) o Hazard and Effects Register (Updated) o Greenhouse Gas (GHG) and Energy Efficiency Report o Facilities Layout Rational o Living Quarters Specification and temporary refuge where applicable, e.g. Sour projects. o Performance Standards for Safety Critical Elements o Impact Assessment Implementation (including Baseline studies) o Fire and Explosion Assessment (updated) o Sustainable Development Plan (Updated) o HSSE and SP (Social Policy) Plan o HSSE and SP Philosophies Document (updated) o Environmental Permit o Health Hazards Exposure Monitoring o Medical facilities Assessment o Matrix of Permitted Operations (MOPO) – part of the Design HSE Case.
Page 47 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Consult DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)
Page 48 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
16 OPERATIONS HSE CASE REQUIREMENTS
Revision: 1.0
Effective: Mar-11
The Operations HSE Case focuses on the Operate phase of the project and covers safe and continuous operation of the facility. It ensures that all procedural (operational, maintenance and inspection) controls are in place to ensure that the facility remains within pre-set design limits and specifications (as per the Design HSE Case where relevant).
For new projects, the Design HSE Case will usually be the starting point for developing the
Operations HSE Case.
For brownfield projects, the Design HSE Case serves as the starting point for updating the existing Operations HSE Case.
The Operations HSE Case shall be signed by HSE Case Owner, Custodian and
Administrator prior to the Start-Up of the facility.
16.1 Basic Requirements
The Operations HSE Case: o Is required to demonstrate how severity 5 or high level hazards are managed during operations to ensure that the risk is tolerable and ALARP o Shall describe how the relevant management systems (asset integrity, Maintenance
Integrity Execution, competence and permit to work, etc.) implement the requirements of the PDO HSE-MS and the AI-PSM systems, including management of medium hazards o Shall be accepted and signed off by the relevant Director (in the Statement of
Fitness)
16.2 Format
The Operations HSE Case shall be based on the following structure: o Contents (including the Statement of Fitness) o Part 1 Introduction o Part 2 Facility Description o Part 3 People, HSE critical tasks o Part 4 HEMP and major accident hazard (MAH) assessment (including ALARP
Demonstration, safety critical elements (SCE) and Bow-ties) o Part 5 Improvement (Action Plan)
16.2.1 Contents
This part shall contain: o Document authorisation, identification of the HSE Case Owner, HSE Case
Custodian, and HSE Case Administrator and their responsibilities o Version control, showing the scope of each revision o Signed off Statement of Fitness of the Operations HSE Case by the HSE Case
Owner (the relevant Director).
The Statement of Fitness is signed on the understanding that all remedial actions outlined in Part 5 are, or will be, closed out effectively by their action target dates.
Page 49 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
16.2.2
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Part 1 Introduction
Part 1 shall: o Describe the scope of the HSE Case o State the relationship with the HSE Management System (HSE-MS) Manual, CP-
122 o State the purpose of the Operations HSE Case in relation to different users and where relevant information can be found within the document o Summarise the change control process to be applied to the HSE Case and the mandatory review and update requirements.
16.2.3 Part 2 Facility Description
Part 2 shall contain: o A detailed description of the facility, including plant layout, material selection, safety system, process systems, utilities, etc., including a project overview to show boundaries of the HSE Case o A description and reference to, the Operations and HSSE Philosophies, including manning strategies and philosophies o A list of the MAHs associated with the facilitiesA list of all safety critical elements
(SCE) – defined as hardware barriers on the bow-ties (in accordance with EP2009-
9009) o A list of major changes to the HSE Case since its inception
16.2.4 Part 3 People, HSE Critical Tasks
Part 3 shall contain: o Normal operation facility manning levels and listing of key positions o An organogram showing the organisational structure and highlighting all personnel within the Operations HSE Case who hold an HSE Critical Position, i.e. they have
HSE critical tasks assigned to them o Tables arranged by HSE Critical Position identifying for each HSE Critical Task:
Where the HSE Critical Task fits into the Bow-ties e.g., Facilities/
Equipment and Hazards/Barriers
A brief description of the HSE Critical Task and link to the specifications and procedures, documenting how the HSE Critical Task is implemented
The means by which the HSE Critical Task is assured e.g. PTW forms, FAIR
Reports, etc. o A summary of the HSE Competency assurance system and links for further information
16.2.5 Part 4 Hazard and Effects Management
Part 4 shall contain: o A Hazards and Effects Register containing all hazards identified for the facility/operations are to be listed and assessed using the PDO risk assessment
matrix (Figure 2-1). The severity 5 and high risk hazards contain references to the
relevant Bow-Tie diagrams o Bow-Tie diagrams for severity 5 and high risk hazards, with barriers categorised as inherent safety, safety critical element (SCE), procedural control and remedial action/shortfall
Page 50 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
16.2.6 o ALARP Demonstration, to state how the qualitative Bow-Tie assessment has been reviewed to ensure all applicable measures to reduce risks to tolerable and ALARP levels have been assessed and implemented
o Summary of HEMP studies undertaken since the Design HSE Case, e.g. Hazard
Identification studies (HAZID), Hazard and Operability studies (HAZOP),
Instrumented Protective Function (IPF), plant layout study, Quantified Risk
Assessment (QRA), SIMOPS QRA, Human Factors Engineering (HFE), consequence modelling, etc. o A matrix of permitted operations (MOPO) to define the operating envelope and safe operating limits for the facility and provide guidance on action required in event of abnormal situations. Situations mapped shall cover:
Adverse weather conditions
Simultaneous operations (SIMOPs)
Safety critical element (SCE) and critical manpower unavailability
See Appendix 10 for details on MOPO requirements.
Part 5 Improvement (Action Plan)
Part 5 shall contain an action plan that is SMART (specific, measurable, agreed, realistic and timely) which lists all the actions raised during the development of the
Operations HSE Case.
All action items shall be entered into the PDO action tracking system to be formally tracked and closed out once they have been fully approved by the HSE Case
Custodian. At the time of issue of this Specification, Fountain Incident Management
(FIM) is used for tracking actions from PDO HSE Cases.
Part 5 also contains a brief description of how the Operations HSE Case is continually improved through the use of annual HSE Plans, HSE Case key performance indicators (KPIs) and audit and review.
See Section 11 for more details on continuous improvement.
16.3 DCAF Deliverables for Execute and Operate Phases
Many of the individual components of the Operations HSE Case are required deliverables under the Discipline Controls and Assurance Framework (DCAF) (note that the
Operations HSE Case is a required deliverable in itself).
The full list of HSE DCAF deliverables for the later Execute and Operate phases which should be produced and signed off individually by the relevant competent person/Technical Authority are: o ALARP Demonstration (Bow-ties for qualitative ALARP demonstration) o HEMP Findings and Close out Report (updated) o HAZID/HAZOP Reports (updated) o Concept Risk Assessment Report, i.e. the Qualitative Risk Assessment (QRA) updated o Hazard and Effects Register (updated) o Greenhouse Gas (GHG) and Energy Efficiency Plan o Performance Standards for Safety Critical Elements o Impact Assessment o Fire and Explosion Assessment (updated) o Sustainable Development Plan (Updated) o HSSE and SP (Social Policy) Plan (updated) o HSSE and SP Philosophies Document (updated)
Page 51 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11 o Environmental Permit o Health Hazards Exposure Monitoring Plan o Health Risk Assessment report o Medical facilities Assessment o Job type Health Risk Assessment o Emergency Response Plan o Security Management Plan
Consulted DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)The Operations HSE Case shallcontain summaries and/or references to all the above documents. The following DCAF documents will be incorporated into the
Operations HSE Case, either within the main body or as an appendix. o Statement of Fitness (within the Operation HSE Case) o Matrix of Permitted Operations (MOPO) (within the Operations HSE Case) o Asset Register (updated) (Appendix) o Safety Critical Element Register (Appendix)
Page 52 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Appendix 1 Glossary of Definitions, Terms and Abbreviations
FERM
FID
GHG
HAZID
HAZOP
HBV
HEMP
HFE
HSE
Acronym
AI-PSM
ALARP
CFDH
CSR
DCAF
DEP
DG
FEED
HSE-MS
HSSE
IADC
IPF
JOA
JVA
KPI
MAH
MIE
MOPO
ORP
PEFS
PSBR
PSUA
PTW
QRA
RAM
Recovery measure
Risk
SCE
SIEP
SMART
Definition
Asset Integrity - Process Safety Management
As low as reasonably practicable
Corporate Functional Discipline Head
Concept Selection Report
Discipline Controls and Assurance Framework
Design engineering practise
Decision Gate
Front End Engineering and Design
Fire and Explosion Risk Management study
Final investment decision
Greenhouse gas
Hazard Identification
Hazard and operability study
Hardware Barrier Verification
Hazards and Effects Management Process
Human Factors Engineering
Health, Safety and Environmental
Health, Safety and Environmental Management System
Health, Safety, Security and Environmental
International Association of Drilling Contractors
Instrumented protective function
Joint Operating Agreement
Joint Venture Agreement
Key performance indicator
Major accident hazard - Any situation with the potential for major consequences (harm) to people, environment, asset and reputation if released (severity 5 or high risk hazard)
Maintenance Integrity Execution
Matrix of permitted operations
Opportunity Realisation Process
Process engineering flow schematics
Process safety basic requirements
Pre-start up audit
Permit to Work
Quantitative Risk Assessment
Risk assessment matrix
Any measure put in place to manage consequences and assist recovery from a top event
The likelihood of a Top Event combined with the severity of the Consequences (The risk is from the Hazard to people, environment, asset and reputation).
Safety Critical Element
Shell International Exploration and Production
Specific, measurable, agreed, realistic and time-constrained
Page 53 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Acronym
SP
TA
Threat
Threat control
Tolerable risk
Top event
TR-HBV
TR-MIE
UKOOA
VAR
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Definition
Social policy
Technical Authority
Any action or mechanism that could bring about the unplanned release of a hazard
Any measure put in place to prevent a Threat being successful
Tolerable Risks are those that have been reduced to a level where they comply with the applicable laws and regulations, standards, strategic objectives and other agreed
Tolerability Criteria.
The first thing that happens when a hazard is released (also known as first consequence)
Total Reliability - Hardware Barrier Verification
Total Reliability - Maintenance integrity Execution
UK Offshore Operators Association
Value Assurance Review
Page 54 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Appendix 2 Related Business Control Documents and
References
1. CP-122 - Health, Safety and Environment Management System – CoP, Version 4,
22/04/02
2. Shell Yellow Guide, Risk Assessment Matrix, Issue 3.0, March 2006
3. A Framework for Risk-related Decision Support, UKOOA, 1999 http://www.ukooa.co.uk/
4. GU-648 - Guide for Applying Process Safety in Projects, Rev 1.0, 15th December 2010
5. International Association of Drilling Contractors (IADC) Drilling Contractors, Health,
Safety and Environment Case Guidelines for Land Drilling Contractors, Issue 1.0.1, 27
July 2009. Click Here for latest version of this document.
6. CP-117 - Project Engineering Code of Practice, Rev 4.0, 11 January 2011
7. SP-2061 - Functional Technical Directorates, Technical Authority System, Revision 2.0,
Jun-10
8. Shell Group HSSE & SP Control Framework, Section 03, “Process Safety Manual”. http://sww.manuals.shell.com/HSSE/
9. “Guidelines for Risk Based Process Safety”. Center for Chemical Process Safety, 978-
0-470-16569-0, 2007. http://www.knovel.com/web/portal/browse/display?_EXT_KNOVEL_DISPLAY_bookid=1
794
10. Safety Critical Element Management Manual, Second Edition, EP2009-9009, Feb 2009.
Click Here for all Operational Excellence documentation on Shell Wiki.
Page 55 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Appendix 3 Hazard Inventory Checklist
Revision: 1.0
Effective: Mar-11
Ref. No
H-01
H-01.001
H-01.002
H-01.003
H-01.004
H-01.005
H-01.006
H-01.007
H-01.008
H-02
H-02.001
H-02.002
H-02.003
H-02.007
H-02.008
H-02.009
H-02.010
H-03
H-03.001
H-03.002
H-03.003
H-03.004
H-04
H-04.001
H-02.004
H-02.005
H-02.006
H-04.002
H-04.003
H-04.004
H-04.005
H-05
Hazard Name
Hydrocarbons (Unrefined)
Liquid Natural Gases (LNGs)
Condensate
Hydrocarbon gas
Coal
Crude (oil)
Hydrocarbons from Shale
Oil Sands
Other Hydrocarbon source
Hydrocarbons (Refined)
Liquefied Petroleum Gases
(e.g. Propane)
Gasoline's (Napthas)
Possible Source
Cryogenic plants, tankers.
Storage tanks, gas wells, gas pipelines, gas separation vessels.
Reservoirs, wells, oil/gas separators, gas processing plants, compressors, gas pipelines.
Mining activities, boiler fuel source.
Reservoirs, wells, pipelines, pressure vessels, storage tanks.
Mining activities, extracted oil shale deposits.
Tar sands, bituminous sands (clay, sand, water, bitumen).
Sub sea gas hydrates.
Kerosenes / Jet Fuels
Gas Oils (Diesel Fuels / Heating
Oils)
Heavy Fuel Oils
Vehicle fuelling stations, vehicle maintenance.
Lubricating Oil Base Stocks
Aromatic Extracts
Shipping fuel, bunkers, heating systems, storage tanks.
Engines and rotating equipment, hydraulic pistons, hydraulic reservoirs and pumps.
Heavy fuels, petroleum pitches and resins, rubber and plastics, naphtha.
Filter separators, well tubulars, pipelines. Waxes and Related Products
Bitumen's
Derivatives and Bitumen
Petroleum Coke
Explosives
Detonators
Road construction.
Furnaces, boilers
Commercial Explosive Material
Shaped Charges
Military Ordnance
Seismic operations, pipeline construction.
Seismic operations, blasting, construction, firework displays.
Well completion activities, demolition.
Spent munitions, UXB, land mines, depleted uranium rounds, improvised explosive devices.
Pressure
Process fractionating equipment, storage tanks, transport trucks and rail cars.
Vehicle fuelling stations, vehicle maintenance.
Aircraft, portable stoves, portable lanterns, heating systems, storage tanks.
Gas under Pressure
Liquid under Pressure
Vacuum
Hyperbaric Operations
Hypobaric Operations
Differences in Height
Welding bottles, laboratory gas, pipe-works, air lines, air brakes, air guns, diving operations (air tanks).
Water disposal, water floods and injection operations, strength testing of pipe works, well fracturing and treatments.
Tanks, accumulators.
Diving operations.
Working at high altitude (generally >2000m).
Page 56 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Ref. No
H-05.001
H-07.003
H-07.004
H-07.005
H-08
H-08.001
H-08.002
H-08.003
H-08.004
H-08.005
H-09
H-05.003
H-05.004
H-06
H-06.001
H-06.002
H-07
H-07.001
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
H-05.002
H-07.002
H-9.001
H-9.002
H-10
H-10.001
Hazard Name
Personnel at Height >2m
Personnel at Height 0m<2m
Objects Overhead
Possible Source
Working on scaffolding, suspended access, ladders, platforms, excavations, towers, stacks, roofing, working overboard, working on monkey board.
Slippery/uneven surfaces, climbing/descending stairs, obstructions, loose grating.
Objects falling while being lifted/handled or working at a height over people, equipment or process systems, elevated work platforms, slung loads, hoists.
Pipeline trenches, excavations, repairing buried facilities. Ground / Slope Stability
Objects under Induced Stress
Objects under Tension
Objects under Compression
Voltage > 50v
Electrostatic Energy
Guy and support cables, anchor chains, tow & barge tie-off ropes, slings.
Spring-loaded devices such as relief valves and actuators and hydraulically operated devices.
Dynamic Situations
Land Transport (Driving)
Water Transport (Boating)
Air Transport (Flying)
Equipment with Moving or
Rotating Parts
Using Hand Tools
Natural Environment
Weather Conditions
Driving to and from locations and camps, transporting materials, supplies and products, seismic field operations, moving drilling rigs and work over rigs.
Boat transport to and from locations and camps, transporting materials, supplies and products, marine seismic operations, barges moving drilling rigs and work over rigs, boat collision.
Helicopter and fixed wing travel to and from locations and camps, transporting materials, supplies and products.
Engines, motors, compressors, drill stems, rotary table, thrusters on DP ships.
Galley, seismic line clearing, grubbing operations.
Marine / Water Conditions
Tectonic / Land Effects
Fire
Lightning
Winds, temperature extremes, rain, storms.
Physical impact of waves, tides or other sea states, river currents, floods, tsunami.
Earthquakes, landslips or other earth movement activity.
Natural wild fire potential, forests, grasslands.
Working in open spaces, close to power lines, close to trees, near seismic spreads.
Electricity
Power cables, temporary electrical lines, electric motors, electric switchgear, power generation, welding machines, transformers, overhead power lines, office equipment, and domestic equipment. Consider AC, DC, current, single and three phase.
Contact between storage vessels and piping, product transfer hoses, wiping rags, unearthed equipment, high velocity gas discharges, offimce carpets, door handles.
Physical
X rays <10nm (ionising) Medical scanners, inspection.
Page 57 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Ref. No
H-10.002
H-10.003
H-10.004
H-10.005
H-10.006
H-10.007
H-10.008
H-10.009
H-10.010
H-10.011
H-10.012
H-10.013
H-10.014
H-10.015
H-10.016
H-10.017
H-10.018
H-10.019
H-11
H-11.001
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Hazard Name
Ultra Violet Light (UV) -
Wavelength 100 - 400 nm (Non
Ionising)
Visible Light - Wavelength 400 -
780 nm (Non Ionising)
Infra Red (IR) - Wavelength 400
- 1400 nm (Non Ionising)
Microwaves (750 - 2500nm)
Lasers - Wavelength: 100 - 1000 nm (Non Ionising)
Radio Wave / Microwave
Radiation - Wavelength: 1 mm -
30 km (Non ionising)
Extremely Low Frequency
Magnetic Radiation (ELF) -
Wavelength: > 30 km
Possible Source
Sunlight, arc welding.
Arc welding, sunshine, flood lighting, night lights.
Flares, laser pointers.
Domestic, industrial catering equipment.
Instrumentation, surveying, metal cutting.
Telecoms, mobile phones.
Transformers, power cables.
Alpha, Beta Particles
Gamma Rays
Neutron Radiation
Naturally Occurring Ionising
Radiation (NORM)
Noise
Vibration
Cold Temperature Differentials
Hot Temperature Differentials
Humidity
Cellulosic Materials
Pyrophoric Materials
Well logging, radiography, densitometers, interface instruments.
Well logging, radiography.
Nuclear reactors, well logging.
Scales in tubulars, vessels and process plant fluids
(especially in C3 reflux streams), cosmic radiation
(international air travel), radon gas (granites), mining activity oil/gas/coal/mineral sands, phosphates, recycled scrap steel.
Both impact (acute) and background (chronic), releases from relief valves, pressure control valves, engine rooms, compressor rooms, drilling brake, air tools.
Hand / whole body vibration, hand power tools, maintenance and construction worker, boating, motion sickness.
Process piping, storage vessels, tankers, vapour lines, crogenic plants, cold stores / walk in refrigerators, arctic climates, seas < 10oC.
Near flare, on the monkey board, in open exposed areas, summer heat, process piping, steam outlets, exhausts, confined closed spaces, glycol regeneration, steam generators, hot oil heating systems, regeneration gases.
Climates where sweat evaporation rates are too low to cool the human body, personal protective clothing, lack of moisture (cold dry climates).
Packing materials, wood planks, paper rubbish
Metal scale from vessels in sour service, scale on filters in sour service, iron sponge sweetening units
Toxic Atmosphere/Medium
Oxygen concentration in air (in balance)
Breach of oxygen / nitrogen balance. Confined spaces, tanks, nitrogen deluge systems, Oxygen depleting deluge systems
Page 58 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
H-12.016
H-12.017
H-12.018
H-12.019
H-12.104
H-12.105
H-12.108
H-12.115
H-12.116
H-12.119
H-12.130
H-12.132
H-12.133
H-12.136
H-12.141
H-12.142
H-12.143
Ref. No
H-11.002
H-11.003
H-11.004
H-12
H-12.010
H-12.011
H-12.012
H-12.013
H-12.014
H-12.015
H-12.144
H-12.145
H-12.146
H-12.153
Toxics in air (CO, H2S, heavy metals etc)
Particulates in Air / Dusts
Water
Hazard Name
Chemical Substances
Possible Source
Welding/burning operations, blanking systems that are toxic, exhaust pipes, faulty heating devices, poorly vented workshops, condensate vapours, sour gas gantries, fuelling points, aluminium oxides.
Smoke, soot, diesel fumes, cutting brickwork and concrete, driving on unpaved roads, carpenter shops, grit blasting, sand blasting, catalyst (dumping, screening, removal, drumming), mineral fibres, powdered mud additives, sulphure recovery plants.
Risk of drowning in rivers, creeks, swimming pools.
Note: If required a detailed Level 3 Hazard listing is provided in EP Guideline ‘Explanatory Text to the Hazard
Inventory’ [2].
Additives
Asbestos all Forms
Brines
Butanes
Degreasers
Glycols
Halons
Nickel Catalysts
Paints & Thinners
Polychlorinated
(PCBs)
Ammonia
Biphenyls
Ammonium Bifluoride
Benzene
Calcium Bromide
Calcium Chloride
Chlorine
Diisopropanolamine LFG90
Ethane
Ethanol
Ethylene
Gluteraldehyde
Hexane
Hydrogen
Hydrogen
(Hydrochloric Acid)
Hydrogen
(Hydroflouric Acid)
Hydrogen Sulphide
Mercury
Chloride
Fluoride
CAS# 1332-21-4, CAS# 12001-28-4.
Hydrocarbon production, well kill fluid, packer fluids.
Bottled gases.
Maintenance shops (halogenated & non-halogenated).
MEG, TEG used for dehydration of natural gases. Used as antifreeze.
Fire fighting equipment, refrigerants
CAS# 7440-02-0.
Two-pack paint systems (isocyanates).
Transformer oils (NB, approx. 50 congeners each with a separate CAS number.).
CAS# 7664-41-7.
CAS# 1341-49-7.
CAS# 71-43-2.
CAS# 7789-41-5.
CAS# 10043-53-4.
CAS# 7782-50-5.
Hand cleaning gel. CAS# 110-97-4.
CAS# 74-84-0.
CAS# 64-17-5.
CAS# 74-85-1.
Cleaning agent. CAS# 111-30-8
CAS# 110-54-3 (Chem-SBP containing n-hexane >5%).
CAS# 1333-74-0.
CAS# 7647-01-0.
CAS# 7664-39-3.
CAS# 7783-06-4.
CAS# 7439-97-6.
Page 59 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Ref. No
H-12.154
H-12.163
H-12.170
H-12-176
H-12.180
H-12.182
H-12.183
H-12.184
H-13
H-13.001
H-13.002
H-13.003
H-13.004
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
H-13.005
H-13.006
H-13.007
H-13.008
H-14
H-14.001
H-14.002
H-14.003
H-15
H-15.001
Hazard Name
Methanol
Nitric Acid
Phosphoric Acid
Propane
Sodium Hydroxide
Sodium Hypochlorite
Sulphur
Sulphuric acid
Biological
Possible Source
CAS# 67-56-1.
CAS# 7697-37-2.
CAS# 7664-38-2.
CAS# 74-98-6.
CAS# 1310-73-2.
Disinfecting agent (e.g. bleach), CAS# 7681-52-9.
7704-34-9.
CAS# 7664-93-9.
Note: If required a detailed Level 3 Hazard listing is provided in EP Guideline ‘Explanatory Text to the Hazard
Inventory’ [2].
Ivy, deadly nightshade, fungi.
Dogs, cats, wild animals, snakes, rats.
Plants
Animals & Reptiles
Insects, Spiders, Scorpions,
Bees
Arthropods insects, spiders, scorpions, stinging bees.
Bacteria
Contaminated food, water. Includes WHO A15-A19; A20-28;
A30-49; A50-A64; A65-69; A70-74.
Protozoa, Mycoses and other
Parasitical Diseases (includes
'other')
Virus
Fungal Growths
Lifestyle Factors
Includes WHO Classification A00 to A09; A75-79; B35-49;
B50-64; B65-83; B85-89; B90-94; B99.
Contaminated blood, blood products and other body fluids.
Metal working fluids containing fungal growth.
Choices relating to smoking, alcohol / drug use, diet, physical exercise, sexual behaviours.
Ergonomic
Workspace
Physically Demanding Task
Human Machine Interface
Awkward, difficult or uncomfortable working conditions, inadequate lighting, noise, etc.
Lack of knowledge or unrealistic expectations about the physical abilities of the workforce (e.g. differences between males and females in reach, strength, endurance), medical unfitness.
Inability of the workforce to detect and comprehend the feedback (visual and auditory) provided about machine/equipment identification and status during normal and abnormal situations, thus leading to human error.
Psychological
Organisation, Systems and
Culture
Poor leadership, lack of clarity about organisational objectives and structure, bureaucratic procedures; formality of hierarchy, inability to talk openly to manager; lack of support by colleagues, complex, new or unreliable systems e.g. IT, inadequate tools to perform job, information overload or under-communication, career stagnation and uncertainty, under-promotion / overpromotion, limited opportunities for learning or development.
Page 60 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Ref. No
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
H-16
H-16.001
H-16.002
H-16.003
H-16.004
H-16.005
H-16.006
H-15.002
H-15.003
H-15.004
H-15.005
H-15.006
H-15.007
H-15.008
H-16.007
H-17
Hazard Name
Job Demands
Experience of Change
Reward and Recognition
Diversity & Inclusiveness
Litigation & Liability
Critical Incidents at Work
Personal Issues External to
Work
Possible Source
Work overload/under load (boredom); lack of control over work content or process; frequent deadlines; unclear or conflicting roles and responsibilities; poor work/life balance; Lack of training; travel requirements; badly designed shift patterns and rosters; long or unpredictable hours.
Frequent changes to organization and/or job; tele-working, virtual teams; outsourcing and globalisation; introduction of new systems; poor management and communication; not understanding changing priorities; job insecurity; expatriation and repatriation.
Poorly understood reward policies; perceived inequity; mismatch of individual expectations; lack of transparency/communication in assessment and reward process; poorly managed performance management process; poor status, pay and conditions.
Discrimination, bullying and harassment; lack of inclusiveness and isolation; problems working with people from different cultures and backgrounds; interpersonal issues with manager and/or colleagues.
Concern about personal liability resulting from actions; difficulties in delivering due to legal constraints; fear of prosecution; unpredictability of legal process; length of legal processes involving the individual e.g. as witness in a tribunal or court case.
Witnessing or being involved in a serious incident; natural disasters and terrorist attacks; travel fears and incidents.
Physical and mental health issues; substance abuse and recovery; conflicting demands of work and home; domestic issues involving family; lack of social support; care of dependants; financial issues; housing and travel.
Security
Armed Conflict
Terrorism
Violent Crime
Organised Crime
Militant Activism
Civil Unrest
Theft of Sensitive Information
Environmental Aspects1
War, Armed Insurrection, Insurgent Groups against legal governments.
Unprovoked violent attacks against general public, authorities.
Assault, violence against an individual.
Large scale criminal manipulation of Company operations, extortion, kidnap, piracy, Mafia, white collar, cyber hacker.
Pressure Groups, Single Issue Zealots, violet or threatening protests against Company, people, assets.
Breakdown of social order, riots, lawlessness, absence of government authority.
Deliberate, targeted espionage and loss of commercially sensitive information, documents, plans, financials, telephone conversations, email loss, senior management itineries.
Note: If required an example of a more detailed Level 3
Hazard listing is provided in EP Guideline ‘Explanatory Text to the Hazard Inventory’ [2].
Page 61 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Ref. No
H-17.001
H-17.002
H-17.003
H-17.004
H-18
H-18.001
H-18.002
H-18.003
H-18.004
H-18.005
H-18.006
H-99
H-99.000
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Hazard Name
Resource Use
Discharge to Water
Discharge to Land
Emissions to Air
Possible Source
Consumption of materials, water, land, raw materials, air, energy, steam, process chemicals, Habitat removal, ecological degradation.
Produced Water. Regular drainage of liquids including sewage systems (grey/black water), water outfalls, & overflows to surface waters; seepage of liquids to groundwater.
Waste disposal including domestic, industrial (inc. Pig trash, oil based tank sludges, medical & hazardous chemicals, used engine oils etc).
Discharge of chemicals to air (deluge systems), venting, fugitive emissions, flare stacks, exhaust, dusts, particulates, smoke (normal and abnormal operations).
Social Performance
Procurement Philosophy
Revenue Streams
Land Take
Temporary Project (e.g. construction)
(Lack of) Engagement
Conflicting Use for Resources
Supply chain management, local purchasing, employment and labour.
Revenue transparency and revenue streams, equity, socioeconomic changes, corruption.
Land right entitlement, resettlement, loss/change of livelihood.
Change in make up of population, boom-bust, social services, large workforces, disturbance impacts, archaeological sites or artefacts, cultural and sacred sites.
Changes in power relations, community decision-making structures and skills, high expectations, vulnerable groups, conflict, human rights, perceived health and environmental impacts.
High prices paid for local commodities, use of local labour and talent, use of local accommodation, transportation, and infrastructure.
Emergency response
Emergency Response Response to any emergency
Page 62 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Appendix 4 Example Hazard and Effects Register
Hazard
ID
Hazard Activity Threats Controls
H-01.01 Crude oil under pressure
Loading
Crude at the SBM
Integrity
Failure: hose, flange, piping.
Programme of equipment inspections:
Floating Hose – daily
Underwater hose- 6 mths
SBM topsides- daily
Submarine pipeline- 5 yearly
Pipeline pigging -5 yearly
Corrosion protection:
Impressed current Anodes
Replacement:
Change-out equipment on a time & condition basis
Oil Spill
Anchor
Handling
Ship’s Anchors lashed & checked
Restricted area defined
Pipeline route area under observation
Damaged
Pipeline
Vessel collision with
SBM
1. Engine use procedure
2.
Foc’sle watchkeeper
3. Tug assistance available
Top
Event
Consequence
Localised environmental impact
Localised environmental impact
Damaged
SBM
Localised environmental impact
Risk Ranking
P E A R
Recovery Measures
- C3 C2 C2 1. Oil spill contingency
2. Pollution control capability
3. Radio controlled
ESD from vessel
4. 3 yearly MOSAG oil spill audit
-
-
C3 B3 C2 1. SBM/ PL redundancy
2. OSR capability
3. Continuous diving capability
C3 B3 C2 1. Spare SBM
2. SBM Redundancy
3. Critical SBM spares available
Page 63 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
Appendix 5 Safety Critical Elements Categories
Revision: 1.0
Effective: Mar-11
Those SCEs in the SCE Management Manual relevant only to offshore facilities have been omitted.
SCE
CODE
SI001
SI002
SI003
SI005
SI008
PC001
PC002
PC003
PC004
PC005
PC006
PC007
PC008
PC009
IC001
IC002
IC003
IC005
IC006
IC007
IC008
IC009
DS001
DS002
DS003
PS001
PS002
SCE DESCRIPTION
SCE
CODE
Foundation Structures PS004
Topsides & Surface Structures PS005
Mechanical
Equipment
Handling PS006
Road Vehicles
Drilling Systems
Pressure Vessels
Heat Exchangers
Rotating Equipment
Onshore Tanks
PS007
PS008
PS009
PS010
PS011
PS012
Piping Systems
Pipelines
Relief Systems
Well Containment
Fired Heaters
Hazardous Area Ventilation
Non-Hazardous
Ventilation
Area
PS013
SD001
SD002
SD003
SD004
SD005
SD006
Certified Electrical Equipment SD008
Earth Bonding SD009
Fuel Gas Purge Systems ER001
Inert Gas Blanket Systems
Miscellaneous Ignition Control
Components
ER002
ER003
Flare Tip Ignition Systems ER004
Fire & Gas Detection Systems ER005
Security Systems
Water in Condensate (gas dew point) Measurement
ER007
ER010
Deluge Systems LS001
Fire and Explosion Protection -
SCE DESCRIPTION
Firewater Pumps
Firewater Ringmain
Passive Fire Protection
Gaseous Fire Protection Systems
Fine Water Spray Systems
Sprinkler Systems
Power Management Systems
Fixed Foam Systems
Sand Filters
Chemical Injection Systems
ESD Systems
Depressurisation Systems
HIPPS Systems
Operational Well Isolation
Pipeline Isolation Valves
Process ESDVs
Drilling Well Control
Utility Air
Temporary Refuge/Muster Areas
Escape & Evacuation Routes
Emergency/ Escape Lighting
Communications Systems
Uninterruptible Power Supply
Emergency Power
Drain Systems
Personal Survival Equipment
(PSE) Drain Systems
Page 64 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Appendix 6 Example Safety Critical Elements Register
Revision: 1.0
Effective: Mar-11
SCE GROUP
SAFETY CRITICAL
ELEMENT
Process
Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003
Equipment
Rotating
PC004 Tanks
PC005 Piping Systems
PC006 Pipelines
PC007 Relief System
PC008 Well Containment
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Page 65 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Appendix 7 Example Design Performance Standard
BARRIER REFERENCE PROCESS CONTAINMENT
SCE GROUP PC001 Pressure Vessels
Assigned TA
Review #
Mechanical Static
SCE GOAL To maintain integrity of the pressure envelope Date
Function
No.
1
Functional
Criteria
Performance criteria Assurance Verification
To maintain the pressure envelope for conditions within design basis
1.1 Pressure Vessel External Inspection
There shall be no unacceptable flaws in the Pressure Vessel as defined within the Inspection
Management Process.
* There shall be no unacceptable cracks in the vessel or supports.
* There shall be no unacceptable corrosion in the vessel, flanges, bolting and supports
* There shall be no unacceptable visible damage (gouges, dents, deformations, arc strikes) to vessel or supports.
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
Approved Flare Relief and blowdown Study.
Approved/checked calculations for relief devices.
Approved specification and data sheets.
HAZOP review.
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
Review flare relief and blowdown study and
10% sample review of relief device calculations, specifications, vendor data sheets and supplier quality field inspection reports to check that performance criteria has been achieved.
1.2 Pressure Vessel Internal Inspection
There shall be no unacceptable internal flaws in the Pressure Vessel as defined within the Inspection
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.** Management Process.
* There shall be no unacceptable cracks in the vessel.
* There shall be no unacceptable corrosion inside the vessel.
PCAP/DCAF Driven
* There shall be no unacceptable visible damage (gouges, dents, deformations, arc strikes) to vessel.
TIVP/AIPSM Driven
OE/Flawless Driven
Page 66 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
2
To prevent a release of hazardous materials
1.3 Key Documents
The latest piping and instrument drawing(s) on which the pressure vessel appears shall accurately represent the vessel configuration and design conditions.
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
1.4 Wall Thickness
There shall be no Pressure Vessel with a wall thickness less than its design.
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
1.5 Attachments
No bolting is missing or loose.
No valves or instruments are loose or damaged.
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
2.1 Loss of containment
There shall be no unacceptable leaks, weeps or seeps from the main body of the vessel nozzles, or mechanical connectors onto the vessel.
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
RELIABILITY / AVAILABILITY
Function
No.
System /Sub System Performance criteria Basis and Assurance
Revision: 1.0
Effective: Mar-11
Verification
Page 67 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Function
No.
Hazardous Event Performance criteria
Petroleum Development Oman LLC
SURVIVABILITY
Revision: 1.0
Effective: Mar-11
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
Basis and Assurance
These should be tasks/activities in a scheduled assurance event specified in a
Company process/procedure.**
PCAP/DCAF Driven
TIVP/AIPSM Driven
OE/Flawless Driven
Verification
Page 68 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
Appendix 8
Example Operations Performance Standard (EP 2009-9009, Ref. 10)
Revision: 1.0
Effective: Mar-11
Page 69 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
Appendix 9 Example of Implementation Table
Revision: 1.0
Effective: Mar-11
The table below provides guidance on interpreting the HSE Critical Task implementation tables.
This framework has been developed to set out the HSE Critical Task implementation tables in a consistent and user-friendly format.
Table 16-1: Implementation Table Guidance
TITLE
Task ref.
DESCRIPTION
HSE Critical Task reference number as developed in BowTieXP software in accordance with PDO activity model:
Project Engineering (e.g. 1.01)
Technical Integrity Management (e.g. 2.01)
Occupational Health (e.g. 3.01)
Operate Surface Assets (e.g. 4.01)
Communication (e.g. 5.01)
Organisation (e.g. 6.01)
Competence Assurance (e.g. 7.01)
Bow-Ties Bow-Tie diagram/s on which activity appears e.g. H-01.001.
Threats/Consequences Threat or consequence line/s on which HSE Critical Task appears e.g. internal corrosion, ignited release
HSE Critical Activities HSE Critical Activity (yellow barriers) for which HSE Critical Task is carried out to ensure barrier is in place and functional.
Task Description
Documentation
Verification
Brief description of HSE Critical Task
Supporting documentation for HSE Critical Task
Document/audit control to provide assurance HSE Critical Task has been carried out.
Page 70 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
Table 16-2: Example Implementation Table
3.1.1. South Operations Manager (OSO)
Task
Ref.
4.29
4.49
6.03
Bow-Ties
Threats/
Consequences
Human error H-01.003a
H-01.003b
H-01.003c
H-01.003d
H-01.005a
H-01.005b
H-01.005c
H-01.005d
H-04.002
H-10.016
H-01.003a
H-01.003b
H-01.003c
H-01.005a
H-01.005b
H-01.005c
H-01.005d
H-10.016
H-01.003a
H-01.003b
H-01.003c
H-01.003d
H-01.005b
H-01.005c
H-01.005d
H-10.016
Sabotage/ 3rd party interference
Lack of manpower/ resources
HSE Critical Activities (Bow-
Tie Barriers)
Consequence management
(disciplinary procedures) for non-compliance
Asset Security Plan
ROP presence
Man Power Model/ERROS -
Estimated Resources
Required on Site
Task Description
Ensure asset security plan appropriate for location risks is established and implemented.
• CP-126 Personnel and
Asset Security
This should include dialogue and interface with the ROP.
• PL-10 Security &
Emergency
Policy
Response
Asset Security Plan
Ensure the Manpower model is implemented for • GU-4884 Planning and Manpower report
Nimr operations Scheduling Guidelines
Documentation Verification
Implement company consequence management
• Plant Operations Manual
Disciplinary reports procedure for non compliance
• PR-1029 Competence
Assurance and
Assessment
Page 71 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
Appendix 10 MOPO
Revision: 1.0
Effective: Mar-11
The team to develop or review the MOPO shall consist of operations, maintenance, HSE and management personnel who are familiar with the operation of, and the activities required, at the facility/asset.
The team shall be lead by an experienced facilitator and shall:
Identify Threats and Escalation Factors in the Bow-ties that could compromise safe operating limits.
Identify other operations and activities that could compromise safe operating limits.
Develop the MOPO under the appropriate headings of SIMOPs, External Influences and
Inactive SCE
Identify the ‘stops’ and ‘proceed with cautions’ using the red/amber traffic light system.
Provide supporting guidance notes for the ‘proceed with cautions’ that will assist Supervisors etc if/when the situation arises.
Collectively review the matrices and ensure they reflect current practise and give clear guidance for action to be taken under the specific circumstances.
A number of assumptions are used in the template MOPO:
The SIMOPs MOPO shall assume that two or more major activities, e.g. production, drilling, are simultaneously being performed in the same location/area.
The Impaired SCE MOPO shall assume that the operation is in the vicinity of, or within the area affected by, the impaired SCE.
The Impaired SCE MOPO shall define the minimum level failure mode assessed as having an impact on one or more of the high level activities/operations. Failure modes below this level shall be subject to risk assessment and remedial action in accordance with EP2009-9009.
When SCEs are in test mode, alternative controls shall be put in place to ensure that their functionality is provided. Testing of these systems is not generally considered ‘impairment’ for purposes of this MOPO.
In case multiple barriers are unavailable/impaired, the combined effect of the simultaneous failure on the activities shall be subject to risk assessment.
Additional controls required as indicated in the MOPOs (coloured amber) shall be listed. Wok shall only be carried out under the formal control of the Permit to Work (PTW) system, including component elements such as plant isolation certificates, vessel entry certificates, hot work permits, etc. All applicable procedures and work instructions relating to the work to be undertaken shall be complied with.
In certain cases, the specific operation is not directly impacted by the barrier that is impaired, but consideration shall be given to proceeding with non-essential work that could increase the risk.
Where necessary, the requirement for undertaking risk assessment shall be noted. Measures shall be taken to maintains risks at ALARP and the effectiveness of the measures shall be verified. All actions involving bypassing the safeguarding systems shall be authorised by the Production Delivery
Team Leader who shallprepare individual procedures for all tasks not covered by existing procedures and consult relevant discipline technical authority.
Examples of the three MOPOs (Adverse Weather, SIMOPs, and SCE Impairment) follow. These shall be used as guidance for construction of a new MOPO or for review of an existing MOPO. The notes within the MOPO are intended to support rather than supersede the specific risk assessments required, particularly for SCE Impairment where FSR and CMPT processes shall be applied. For a
MOPO to be effective it must provide clear concise information to the Operator of immediate action to be taken under the specified conditions, e.g. if working at height is ongoing and wind speed increases, he needs to be able to quickly see when to stop the activity in question.
Page 72 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
MOPO – NOTES TO ACCOMPANY THE EXAMPLE MOPOs
NO. REQUIREMENT
Revision: 1.0
Effective: Mar-11
1
2
3
4
5
6
7
8
9
10
Operation specific. Subject to well engineering procedures; refer to WECO HSE case.
Loading and unloading pigs not permitted in adverse weather conditions.
Subject to task-based risk assessment.
Subject to appropriate risk assessment and PDO Journey Management Procedures.
Continued work subject to heat stress evaluation. Schedule work during cooler part of day. Provide forced ventilation, shaded areas and cold water (not iced). Summer working hours and extended lunch breaks apply.
Simultaneous drilling and production operations permitted subject to compliance with minimum separation distances between live wells and flowlines and drilling operations in accordance with WECO HSE Case.
Simultaneous drilling and production operations not permitted inside separation distances.
Permitted subject to pigging procedures (maximum flow rate for pigging operations).
Grit blasting/jet washing not permitted on live systems.
Venting permitted outside the sterile area only.
Permitted subject to risk assessment with specified controls or mitigation in place.
MOPO – ADVERSE WEATHER CONDITIONS
ADVERSE WEATHER CONDITION
ACTIVITY/OPERATION
Drilling
Well Services
Operate Wells/Flowlines
Operate Pipelines
Pigging (future)
QA MPS Operation
GT operation
BFW Heater Start-up (Plant Start-up)
HRSG Start-up (Plant Start-up)
Steam Distribution Plant Start-up
Oil & Gas Plant Start-up
PGC/Plant unit Start-up
Operate Steam Plant
Operate Oil & Gas Plant
APO Operation
N2/He Leak Testing
Working Outdoors
Sampling
Radiography
Vehicle Movement on-plot
Vehicle Movement off-plot
Road Maintenance/ Grading
Grit Blasting / HP Water Jet
Lifting/Crane Operations
Fork Lift Truck Operations
High Noise Generating Activities
Excavation Activities
Y
3
Work at Height (outside permanent structures) N
Working on Tall Structures 3
Zone 1 Area Work
Zone 2 Area Work
Breaching Maintenance
Non-Breaching Maintenance
Y
Y
3
Y
3
3
3
N
3
Class A Permit Work
Class B Permit Work
HRSG entry
Confined Space Entry
Flaring
Local Venting
Draining to open systems
Chemical unloading
Chemical Disposal by Vac Truck
Construction Activities
Y
3
Y
3
Y
Y
Y
Y
3
3
Y
Y
Y
Y
3
3
Y
3
Y
Y
Y
Y
2
Y
Y
Y
1
1
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
2
Y
Y
N
1
1
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
N
3
N
N
N
N
N
N
N
2
Y
Y
N
1
1
Y
Y
3
Y
Y
Y
Y
N
N
N
4
N
N
N
N
Y
Y
Y
N
Y
Y
Y
Y
N
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
1
1
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
Y
Y
N
1
1
Y
Y
Page 73 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
2
Y
Y
N
1
1
Y
Y
5
5
5
5
5
5
5
5
Y
5
5
5
5
Y
5
5
5
5
5
5
5
5
5
Y
Y
Y
5
5
5
5
Y
5
5
5
5
5
Y
Y
5
1
1
Y
Y
MOPO – SIMOPs
Petroleum Development Oman LLC
Revision: 1.0
Effective: Mar-11
ACTIVITY/OPERATION
Drilling
Well Services
Operate Wells/Flowlines
Operate Pipelines
Pigging (future)
QA MPS Operation
GT operation
BFW Heater Startup (plant startup)
Y
HRSG Startup (plant startup)
Steam Distribution Plant start-up
Oil & Gas Plant start-up
PGC/Plant unit Startup
Operate Steam Plant
Operate Oil & Gas Plant
Y
Y
APO Operation
N2/He Leak Testing
Working Outdoors
Sampling
Radiography
Vehicle Movement on-plot
Y
Y
Vehicle Movement off-plot Y
Road Maintenance/ Grading Y
Grit Blasting / HP Water Jet Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
6
6
Y
Lifting/Crane Operations
Fork Lift Truck Operations
High Noise Generating
Activities
Excavation Activities
Y
Y
Y
Y
Work at Height (outside permanent structures)
Y
Working on Tall Structures Y
Zone 1 Area Work
Zone 2 Area Work
Breaching Maintenance
Non-Breaching
Maintenance
Y
Y
Y
Y
Class A Permit Work
Class B Permit Work
HRSG entry
Confined Space Entry
Flaring
Local Venting
Draining to open systems
Chemical unloading
Chemical Disposal by Vac
Truck
Construction Activities
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y Y
Y
Y
Y
Y Y
Y
Y
Y
Y
8
Y
Y
Y
Y
Y
Y
Y Y
N Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
N Y
Y Y
Y
Y
Y
Y
Y
Y
Y
3
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
N
Y
Y
Y
Y
Y
Y
8
N
Y
Y
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
7
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
N
Y
Y
Y
Y
Y
Y
8
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
6
Y
Y
Y
N
N
N
N
N
N
N
N
Y
Y
Y
N
N
N
Y
N
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Y
Y
Y
Y
Y
Y
Y Y
N N
Y
Y
Y
Y
Y
Y
Y
N N
Y Y
Y
Y
Y
Y
N N
N N
N N
Y Y
N N
N N
N N
N N
N N
N N
N N
N N
N N
N N
N N
Y
Y
Y
Y
Y Y
N N
N N
N N
Y
Y Y
Y
Y
Y
Y
Y Y
N N
Y
Y
Y
Y
Y
Y
Y
Y
N N
Y Y
Y
Y
Y
Y
N N
N N
N N
Y Y
N N
N N
N N
N N
N N
N N
N N
N N
N N
N N
N N
Y
Y
Y
Y
Y Y
N N
N N
N N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
8
Y
Y
N
Y
Y
N
N
N
N
Y
Y
N
N
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
8
Y
Y
Y
Y Y
N N
Y
Y
Y
Y
Y
Y
Y
Y
8
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
N N
N Y
Y Y
N N
N N
Y N
N
N
N
N
N
Y
N
N
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
N
N
Y
Y
Y
N
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y N
N N
Y N
N N
Y N
N
N
Y
N
N
Y
Y
Y
Y
Y Y
N N
N N
Y N
N
N
N
N
Y
Y
N
N
Y
Y
Y
Y
Y Y
N N
N N
Y Y
Y Y
N N
Y Y
N N
Y Y
Y
Y
Y
Y
Y
Y
Y
Y Y
N N
N N
Y Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N Y
Y Y
Y Y
N Y
Y Y
N Y
Y Y
Y
Y
Y
Y
Y Y
N Y
N Y
Y Y
Y
Y
N
N
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
N
N
N
N
N
Y
N
Y
N
N
N
N
Y
Y
Y
Y
Y
Y
Y
Y Y
N N
Y Y
N N
Y Y
Y
Y
Y
Y
Y N
N N
N N
N N
Y
Y
Y
Y
N Y
Y Y
N
N N
N Y
N Y
N Y
Y Y
N N
N N
N N
N N
N Y
N
N N
N Y
N Y
N Y
N Y
N Y
N Y
N N
N N
N N
N N
N Y
Y
Y Y
N N
N N
Y N
Y
Y
N
Y
Y
Y
Y
Y Y
N N
N N
N N
Y
Y
N N
N Y
9
Y
Y
Y
Y
N
N N
Y
N N
N N
N N
Page 74 SP-2062 Specification for HSE Cases
The controlled version of this CMF Document resides online in Livelink ®. Printed copies are UNCONTROLLED.
Printed 11/04/20
Petroleum Development Oman LLC
MOPO – SCE & CRITICAL MANPOWER IMPAIRMENT/UNAVAILABILITY
ACTIVITY/OPERATION
Revision: 1.0
Effective: Mar-11
IMPAIRED/UNAVAILABLE SCE
SCE GROUP SCE FAILURE MODE
SI002
Structures cranes mechanical
Civil
/
Structural Support
SI003 Heavy lift and handling
PC001 - PC006
Process
Containment
PC007 Relief
System
PC008
PC009
Operational
Containment
Heaters
System)
Well
Fired
(Burner
Management
IC003 Certified
Electrical
Equipment
Observed or detected structural defect resulting in increased risk of MAH
Observed or detected structural/mechanical defect resulting in increased risk of MAH due to dropped load
Uncontrolled release of process fluids resulting in increased risk of MAH
Unavailability of relief at design flow rate resulting in increased risk of MAH due to overpressure
Uncontrolled release of well fluid resulting in increased risk of MAH
Unavailability of
BMS/IPS resulting in increased risk of MAH
IC005
Bonding
IC006
Purge
IC007
IC007 Gas
Blanket System -
Loss to individual equipment
Gas
Blanket System -
Total loss
IC009
Earth
Fuel Gas
Ignition
System
DS001
Flare
Control
Fire and
Gas - Total loss
Certified electrical equipment fails to meet
PS requirement resulting in increased risk of ignition
Earth bonding fails to meet PS requirement resulting in increased risk of ignition
Inability to provide required fuel gas purge flow to flare header resulting in air ingress to flare
Total loss of gas blanket system resulting in increased risk of ignition
Inability to provide required gas blanket flow individual equipment resulting in increased risk of ignition
Loss of primary & secondary flare ignition systems resulting in flare out
Total loss of F&G detection system
N
Y
N
N
N
N
N
N
N
N
N
N
N
10
Y
N
10
Y
Y
10
Y
N
N
10
N
N
N
Y
N
N
N
N
N
10
N
N
N
10 10 10 10 10 10 10 10 10 10
N
10
Y
10
10
Y
Y
10
Y
10
N
10
N
10
Y
10
Y
Y
Y
Y
Y
Y
Y
Y
10
10
N
N
10
10
Y
Y
Y
Y
Y
Y
10
10
Y
N
10
10
Y
Y
Y
Y
Y
Y
10
10
Y
N
10
10
Y
Y
Y
Y
Y
Y
10
10
Y
N
10
10
Y
10
10
Y
Y
Y
N
10
Y
N
10
10
Y
Y
Y
Y
10
10
N
10
Y
N
10
10
Y
10
N
Y
Y
Y
10
10
Y
N
10
10
Y
Y
Y
Y
Y
Y
10
Page 75 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
ACTIVITY/OPERATION
Revision: 1.0
Effective: Mar-11
DS001 Fire and
Gas - Local or partial loss
DS002 Security
Systems
PS013 Chemical
Injection System
Loss of F&G detection end element resulting in impaired local functionality e.g. 2ooN in voted system & 1ooN in non-voted systems
Loss of access control to facilities
N
10
Inability to provide required chemical injection flow
10
Total loss of ESD system N
10 10 10
Y
Y
10
10
Y
Y
Y
Y
Y
10 10 10 10 10 10 10
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
SD001 ESD
System - Total loss
SD001 ESD
System - Local or partial loss
SD002
Depressurisation
System - Total loss
SD002
Depressurisation
System - Local or partial loss
SD004
Operational Well
Isolation
ER001 Temp
Refuge/ Muster
Areas
ER002 Escape/
Evacuation
Routes
ER003
Emergency/
Escape Lighting
ER004
Communication
Systems - Loss of
GA
ER004
Communication
Systems - Loss of
ER communications
ER005
Uninterrupted
Power
(UPS)
Supply
Local or partial loss of
ESD system
Total loss of EDP system
Local or partial loss of
EDP system
SD006 Process
ESDV
Inability to isolate steam injection well or annulus resulting in potential back flow of HC
Inability of ESD end element adequately valve to isolate processes resulting in potential escalation of
MAH
Primary muster area impaired
Escape/
Loss
Inability of to provide emergency power supply to essential systems
ER communication system including radios and landlines evacuation routes impaired
Emergency/
Lighting impaired
Loss of escape
GA communication system
N
N
N
N
N
10
10
10
N
N
N
N
10
N
10
Y
10
10
10
10
N
N
N
N
10
N
N
N
10
10
10
10
10
10
10
N
10
N
10
Y
10
10
10
10
10
10
10
N
10
N
10
Y
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
10
10
10
10
10
10
10
10
10
10
10
Y
Page 76 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
ACTIVITY/OPERATION
Revision: 1.0
Effective: Mar-11
ER010
System
Drains
LS001 Personal
Survival
Equipment
Personal monitors
-
LS001 Personal
Survival
Equipment
Escape sets
-
LS001 Personal
Survival
Equipment
Rescue BA sets
-
LS001 Personal
Survival
Equipment
Chemical PPE
-
LS001 Personal
Survival
Equipment -
Safety showers/eye wash stations
Inability to provide secondary containment for HC/chemicals spills resulting in potential escalation of MAH
Personal H2S monitors below minimum level or faulty
Portable BA Sets below minimum level or faulty
(Escape Sets)
Portable BA Sets below minimum level (SCBA &
Rescue Sets)
Insufficient number or inadequate type of
Chemical PPE available
Safety showers/eye wash stations not available or inoperable
CRITICAL MANPOWER
UNAVAILABILITY
HSE
Position
ER - Team
Members
ER - QA Fire
Brigade
LECC
Critical
ER - First Aider
Competent persons not available to fill HSE
Critical Position
Competent persons not available to fill ER team member position
QA fire brigade not available for extended period
Insufficient number of first aiders available onsite
Competent persons not available to fill LECC positions or LECC not available
N
N
N
N
10
10
N
N
10 10 10
N
N
N
Y
Y
N
N
10 10
10 10
N N
Y
10 10 10
10 10 10
10 10 10
10
10
Y
Y
Y
Y
Y
Y
Y
Y
10 10 10
10 10 10
Y
Y
10 10 10
Y
N
N
N
Y
Y
N
N
N N N N N N
10 10 10 10 10 10 10
10 10 10 10 10 10 10
N
Y
N
N
N
Y
Y
N
N
Y
N
N
N
Y
Y
N
N
Y
N
N
N
Y
Y
N
N
Y
N
N
N
Y
Y
N
N
10
N
N
N
N
N
N
N
Y
N
N
N
Y
Y
N
N
Page 77 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Appendix 11 Operations HSE Case Change Approval
Revision: 1.0
Effective: Mar-11
This appendix details the process for identifying, assessing and implementing changes to
Operations HSE Cases to ensure that the hazards and risks associated with Major Accident
Hazards (MAHs) are maintained as low as reasonably practicable (ALARP).
This procedure is mandatory for Operations HSE Cases in PDO but may also be used for
Design HSE Cases.
It is to be used by all parties who may be responsible for initiating a change that may have an effect on the underlying assumptions or information presented in a HSE Case.
A suitable system to ensure that the Steps described in this procedure are followed is provided by the proforma ‘HSE Case Change Approval Form’ at the end of this Appendix
RACI Matrix
Roles & Responsibilities
Task
1. Identify Change
2. Assess Impact of Change and
Develop Workscope
3. Perform Workscope
4. Prepare HSE Case Changes
5. Review proposed HSE Case
Changes
6. Approve Changes
7. Publish Changes
(R)
(A)
(C)
(I)
C
R
A
R
R
R
R
C
C
C
I
C
C
I
A
C
C
A
A
A
A
C
I
C
C
I
I
I
R
C
C
I
C
I
I
R
I
I
I
I
-
I
Responsible: The party responsible for executing the task and obtaining parties involvement
Accountable Party accountable for approval
Consult
Informed
Party responsible for contributing when consulted
Party informed of outcome
Role
Originator
Individual or group who identifies the need for change(s). This function describes a variety of roles:
- Asset (management, supervision or operations);
- Workforce;
- Technical Authorities (TAs);
- Discipline engineers;
- Contractors.
Responsibilities
Identifies and summarises need for change(s)
Discusses potential change with MSE/4 Dept. to determine whether it will affect the HSE Case or its underlying assumptions
Identifies relevant Stakeholders, with advice from
MSE/4 Dept.
Contributes to preparing text change(s) as required
Reviewing and approval of proposed change(s)
Page 78 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Action Parties
Petroleum Development Oman LLC
Role
Technical Safety Engineer
HSE Case Custodian (Delivery Team
Leader / Asset Representative)
Technical Authorities
Revision: 1.0
Effective: Mar-11
Responsibilities
Assesses the impact of the change(s) on the HSE
Case and its underlying assumptions
Supports the HSE Case by providing management, technical support, knowledge and authoring
Ensures appropriate description of the change(s) in the HSE Case
Liaises with other TAs as appropriate
Once the change has been agreed, logs the change in the HSE Case MOC register
Maintains an up to date version of the HSE Case
MOC register
Advise on impact of change(s)
Provide information on actions required
Provide input to HSE Case update
Propose change(s) resulting from, for example, changes to the operation of the asset or other changes raised by personnel associated with the asset
Review change(s) as a Stakeholder
Contribute to text change(s) in the HSE Case
Check proposed change(s) and co-ordinating workforce involvement
Ensure that the information contained in the HSE
Case reflects the current status of the asset and it’s operating practices
Propose change(s) resulting from, for example, change(s) to the engineering or operation of the
Asset or other change(s) raised as a result of issues in their discipline
Review change(s) as a Stakeholder
Contribute to text change(s) in the HSE Case
Check proposed change(s) and co-ordinating involvement of other TAs
Provide specialist knowledge and expertise
Review and approve text change(s) in the HSE
Case
Stakeholder
A person or person(s) who may be called upon to contribute to/consult on the assessment of change(s) required, or who may need to be advised of the potential change(s) to the HSE Case.
This function describes a variety of roles:
- Asset (management, supervision or operations);
- Workforce;
- Technical Authorities (TAs);
- Discipline engineers;
- Contractors.
Page 79 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
HSE Case Change Approval Form
HSE Case Change Approval Form Ref.:
Step 1: Identify Change
Asset/Facility: Yibal Originator: A N Other Date raised:
Details of proposed change(s) (summary of the change(s) – use continuation sheet if required):
Revision: 1.0
Effective: Mar-11
GD/2008/01
24/07/2010
Step 2: Assess Impact of Change(s) and Develop Workscope
Significant
Change?
Justification:
(Yes/No)
Details of Stakeholder engagement:
Description of assessment and statement of required work activities:
Step 3: Perform Workscope (record the summary of outcomes for Step 3):
Step 4 & 5: HSE Case Changes (record summary of changes – use continuation sheet if required for detailed changes):
Part: Section: Heading: Comments:
Immediate publication of change required? (Yes/No)
Justification
Step 6: Approve Changes ( signatories as required) a. Originator b. Technical
Authority
Name:
Name: c. HSE Case
Custodian
Name: d. Technical
Safety
Engineer
Name:
Signature:
Signature:
Signature:
Signature:
Date:
Date:
Date:
Date:
Step 7: Publish Change
Date
Completed:
Rev
Number:
Name: Signature
Page 80 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Step 1: Identify Change(s)
Revision: 1.0
Effective: Mar-11
As soon as it is practicable, discuss the potential change(s) with the Asset Technical Safety
Engineer to determine whether the proposed change(s) will affect the HSE Case or its underlying assumptions.
Any proposed changes (e.g. engineering, procedural, organisational) that have an impact on the risk profile of the Facility or Activity, shall be managed in accordance with this
Procedure (including an ALARP Demonstration) and the HSE Case shall be updated accordingly.
The possible changes that might affect the HSE Case and its underlying assumptions are
Step 2: Assess Impact of Change(s) and Develop Workscope
a) Determine whether the proposed changes(s) will affect the Case content or its underlying assumptions. If it is agreed that there is no effect on the Case or its supporting studies, no further action is required. b) Where it is agreed by there is an effect on the Case, develop workscope with relevant Stakeholders. c) Ensure that the workscope includes review and update, as required, to: i. HEMP Studies and ALARP justification; ii. QRA Studies; iii. Bow-Tie assessments; iv. HSE Critical Element and Performance Standards; v. HSE Critical Task listings. d) Agree and record actions with originator, action parties and Stakeholders. e) Summarise details of the HSE Case Change Approval Form f) Logs the HSE Case change in the HSE Case MOC register. The register should ensure that all changes to the HSE Case are grouped together for review and to allow assessment of cumulative effects or risk.
Step 3: Perform Workscope
a) Perform agreed workscope as identified in 2b above.
b) Representatives from the current operational, engineering and maintenance teams, and workforce involvement representatives shall actively participate in performing the workscope as appropriate. c) Review outcomes for actions to determine final impact. d) Consult with Stakeholders on effect on HSE Case (where appropriate). e) Complete change(s) to relevant supporting studies or other associated documents/processes/drawings etc.
Step 4: Prepare HSE Case Change(s)
a) Prepare change(s) to HSE Case in consultation with action parties and
Stakeholders.
Page 81 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Step 5: Review Proposed HSE Case Change(s)
Revision: 1.0
Effective: Mar-11 a) Issue the HSE Case Change Approval Form with proposed change(s) to the HSE
Case to relevant action parties and Stakeholders for comment/review. b) Amend proposed change(s) as required reflect any comments received. On the
HSE Case Change Approval Form annotate which sections of the HSE Case have been changed. c) Determine need for immediate publication of change(s). Consider whether change is significant and needs immediate update. Also consider cumulative effects of changes to date.
Step 6: Approve Change(s)
a) Gain acceptance of proposed change(s) from relevant parties, including sign-off of
HSE Case Custodian (obtain signatures). b) Update status of HSE Case Change Approval Form in the HSE Case MOC
Register including ‘Date Agreed’. c) If applicable, update FIM to record any changes that affect any open items still under review (e.g. Change to HSE Case Remedial Action Plan).
Step 7: Publish Change(s)
a) Make change(s) to HSE Case. b) Publish HSE Case on Livelink / issue to document copy holders. c) Update status of Update status of HSE Case Change Approval Form in the Change
Register including ‘Date Completed’.
Ref. Description
GD/2008/01 Revision of Yibal HSE
Case to address internal / external audit findings and issues raised at workforce reviews.
Structure and content changed to reflect PDO adoption of EP2005-
0310-ST.
Yibal team involved in engagement workshops, bow tie review workshops, ALARP workshops, and roll out sessions
Yes
HSE Case MOC Register
Significant change?
Yes/No
FCP No. (if applicable)
Date raised n/a
Date agreed
Date completed
01/01/2008 01/01/2008 01/10/2008
Page 82 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
Appendix 12 CCPS RBPS Process Safety Elements
Revision: 1.0
Effective: Mar-11
The AI-PSM process within PDO identifies 20 elements from the Centre for Chemical Process
Safety Guidelines for Risk Based Process Safety (CCPS RBPS) which describes minimum expected standards and stipulates the requirements for a range of process related activities ranging from organisational culture, workforce involvement, risk management, HEMP and audit through to design.
ELEMEN
T
NUMBER
AI-PSM ASSURANCE
ELEMENT
ELEMENT AIMS AND OBJECTIVES
1
2
3
4
5
6
7
8
9
Process
Culture
Workforce
Involvement
Stakeholder
Outreach
Process Knowledge
Management
Hazards and Effects
Management
Process (HEMP)
Operating
Procedures
Safety
Compliance with
Standards
Corporate Process
Safety Competency
Permit to Work
To establish and reinforce high standards of process safety performance through the organisational norms for employee and contractor values and behaviours at all levels in the organisation.
To ensure that the facility conforms to the applicable standards, codes and regulations so that the facility operates in a safe and legal fashion.
A key aspect of demonstrating commitment to process safety, the process safety competency element is about developing, sustaining and enhancing organisational competency. This is different to individual competency assurance (which is covered in element 12). The key concern here is the concept of the ‘learning’ or ‘transformational’ organisation
Personnel at all levels of the organisation should have roles, responsibilities and opportunities to effectively contribute to process safety programmes. This element ensures that a system is developed for enabling the participation of operators, technicians and contractors in the development and implementation of process safety activities through employee participation
To ensure that internal and external stakeholders to the organisation are identified, and that their information needs are understood and adequately met.
To enable risk assessment and risk-based process safety.
Understanding process risk depends on having accurate process knowledge, and without an understanding of process risk, process safety can never be assured.
To enable risk assessment and risk-based process safety.
Understanding process risk depends on correctly and completely identifying the hazards associated with the operation, and accurately assessing the risks posed by those hazards. Without an understanding of process risk, process safety can never be assured.
A consistent high level of human performance is essential for a successful process safety programme. Up to date clear operating procedures assure that the intended and proven methods and techniques are applied consistently.
To ensure that the risks associated with non-routine work are managed in a systematic way through the application of a permit-to-work system and operations / maintenance procedures (which are described in the previous element)
Page 83 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
Petroleum Development Oman LLC
ELEMEN
T
NUMBER
AI-PSM ASSURANCE
ELEMENT
ELEMENT AIMS AND OBJECTIVES
10
11
12
13
14
15
16
17
18
19
20
Revision: 1.0
Effective: Mar-11
Technical Integrity
Contractor
Management
Training
Performance
Assurance
Management
Change
Operational
Readiness
Conduct
Operations
Emergency
Management
Incident
Investigation
Measurement
Metrics
Auditing and of of and
To ensure that equipment is properly designed, fabricated, installed and maintained in accordance with recognised standards and codes, and that it fulfils its design intent and remains fit for purpose until removed from operation
To ensure that contracted services do not add to or increase process safety risk by ensuring familiarity with process safety risks and a formalised process to manage contractor activities from a process safety (as well as commercial) point-of-view.
A consistent high level of human performance is essential for a successful process safety programme. Training and performance assurance provides confidence and demonstration that work tasks will be consistently completed to the required standard, and that personnel have the knowledge and ability to respond appropriately to non-routine situations.
To ensure that changes made to plant equipment or technology, or to the Organisation operating the equipment, do not result in the inadvertent introduction of new hazards and risks, or unknowingly increase the risk from existing hazards.
To ensure that equipment is safe to start-up and operate, and that the activities necessary to ensure continued fitness for service have been put in place. It covers start up of new equipment, modified equipment and existing equipment restarting after a plant shutdown
To create an organisation that demonstrates excellence in the performance of every task, and has zero tolerance for deviations.
To reduce the consequences of a major accident and to save lives, protect property and the environment.
To learn from incidents and near misses and to prevent them from recurring. Identifying and correcting systemic incident causes will not only help prevent a repeat of that incident but by strengthening the AI-PSM management system can prevent other incidents.
To provide a means for near-real-time monitoring of the performance of the AI-PSM system, and so indicate whether process risk is being managed as low as reasonably practicable and in line with company criteria for tolerable risk.
To reduce risk by systematically and pro-actively identifying strengths and weaknesses in the implementation of AI-PSM.
Management
Review
Continuous
Improvement and
To ensure that the defined AI-PSM activities produce the desired results throughout the facility lifecycle.
Page 84 SP-2062 Specification for HSE Cases Printed 11/04/20
The controlled version of this CMF Document resides online in Livelink
®. Printed copies are UNCONTROLLED.
