Major Hazard Facilities - Hazard Identification (presentation)
advertisement
Major Hazard Facilities Hazard Identification Overview This seminar has been split into two sections 1. Hazard Identification 2. Major Accident Identification and Risk Assessment The • • • • seminar has been developed to provide Context with MHF Regulations An overview of what is required An overview of the steps required Examples of hazards identified 2 Some Abbreviations and Terms • • • • • • • • • • • AFAP - As far as (reasonably) practicable DG - Dangerous goods Employer - Employer who has management control of the facility Facility - any building or structure at which Schedule 1 materials are present or likely to be present for any purpose FMEA/FMECA - Failure modes and effects analysis/ Failure modes and effects criticality analysis FTA - Fault tree analysis HAZID - Hazard identification HAZOP - Hazard and operability study HSR - Health and safety representative LOC - Loss of containment LOPA – Layers of protection analysis 3 Some Abbreviations and Terms • • • • • • • MHF - Major hazard facility MA - Major accident OHS - Occupational health & safety PFD – Process Flow Diagram P&ID – Piping and Instrumentation Diagram PSV – Pressure safety valve SMS - Safety management system 4 Topics Covered In This Presentation • • • • • • • • • • Regulations Definition – Hazard Introduction HAZID Requirements HAZID Approach Consultation Conducting the HAZID Overview of HAZID techniques Review and Revision Sources of Additional Information 5 Regulations Basic outline • • • • • • • Hazard identification (R9.43) Risk assessment (R9.44) Risk control (i.e. control measures) (R9.45, S9A 210) Safety Management System (R9.46) Safety report (R9.47, S9A 212, 213) Emergency plan (R9.53) Consultation 6 Regulations Regulation 9.43 (Hazard identification) states: The employer must identify, in consultation with employees, contractors (as far as is practicable) and HSRs: a) All reasonably foreseeable hazards at the MHF that may cause a major accident; and b) The kinds of major accidents that may occur at the MHF, the likelihood of a major accident occurring and the likely consequences of a major accident. 7 Definition Hazard Regulatory definition per Part 20 of the Occupational Health and Safety (Safety Standards) Regulations 1994 : “A hazard means the potential to cause injury or illness” Interpreted: Any activity, procedure, plant, process, substance, situation or other circumstance that has the potential to cause harm. 8 Introduction • • • • HAZID is critical to safety duties and the safety report Employer must identify all major accidents and their related causes using a systematic and documented HAZID approach The process must be transparent HAZID results must be reflected in risk assessment, SMS, adoption of control measures and safety report 9 Introduction An example - Gramercy Alumina Refinery, US Department of Labor Report ID No. 16-00352, 5 July 1999 at 5am 10 Introduction Were the hazards identified? 11 Introduction • • HAZID process must be ongoing to ensure existing hazards are known, and New hazards recognised before they are introduced: - Prior to modification of facility Prior to change in SMS or workforce Before and during abnormal operations, troubleshooting Plant condition monitoring, early warning signals Employee feedback from routine participation in work After an incident 12 Introduction • Information from accident investigations can be useful as input to determine contributing causes Emergency Preparation 7% 5% 2% 12% Quality Assurance 4% 1% Other Training Industry Guidance 5% 1% 4% 4% 8% Incident Investigation Employee Participation Facility Siting Internal Auditing and Oversight Safe Work Practices Management of Change 7% 4% Engineering Design & Review Maintenance Procedures 5% HAZCOM 8% Operator Training Operating Procedures 13% 10% Process Hazard Analysis Process Safety Information 13 HAZID Requirements • • A systematic, transparent and comprehensive HAZID process should be used based on a comprehensive and accurate description of the facility MAs and the underlying hazards should not be disregarded simply because: - They appear to be very unlikely They have not happened previously They are considered to be adequately controlled by existing measures 14 HAZID Requirements The risk diagram can be useful for illustrating this aspect, as shown below Relative Frequency of Occurrence Increasing risk Breakdowns Public criticism Staff Protest pickets complaints Personal injury Industrial stoppage Maintenance OH&S Safety Report Influence High technology and high hazard system failures Class actions Market collapse Fatality (fatalities) Fire & Catastrophic Explosion Consequence Severity 15 HAZID Requirements Exclusions • • The HAZID process (for MHF compliance) is not intended to identify all personnel safety concerns Many industrial incidents are caused by personnel safety breaches, such as the following: - Person falls from height Electrocution Trips/slips Contact with moving machinery etc 16 HAZID Requirements Exclusions • These are generally incidents that do not relate to the storage or processing of Schedule 9 materials and are covered by other parts of an Employer’s safety management system for a facility such as: - Permit to work Confined space entry and management Working at heights Work place safety assessments etc 17 HAZID Approach • What can go wrong? • What incidents or scenarios could arise as a result of things going wrong? • What could cause or could contribute to these incidents? 18 HAZID Approach • • • Considers all operating modes of the facility, and all activities that are expected to occur Human and system interfaces together with engineering issues Dynamic process to stay ahead of any changes in the facility that could erode the safe operating envelope or could introduce new hazards 19 HAZID Approach The HAZID approach is required to: • • • • • • Be team-based Use a a process that is systematic Be pro-active in searching for hazards Assess all hazards Analyse existing controls and barriers - preventative and mitigative Consider size and complexity in selecting approach to use 20 HAZID Approach • • Consideration needs to be given in selecting the HAZID technique Some issues to take into account are: - Life cycle phase of plant Complexity and size Type of Process or activity covering: o o Engineering or procedural Mechanical, process, or activity focussed 21 HAZID Approach Life Cycle Phases of a Project Concept • Design • Construction • Commission The HAZID approach can be used in the first stages of the life cycle phase of a project Prior to design phase, little information will be available and the HAZID approach will need to be undertaken on flow diagrams Assumptions will need to be transparent and documented Production Decommission Disposal 22 HAZID Approach Complexity and Size • The complexity and size of a facility includes the number of activities or systems, the number of pieces of equipment, the type of process, and the range of potential outcomes • Some HAZID techniques may get bogged down when they are applied to complex processes • For example, event tree and fault tree analyses can become time consuming and difficult to structure effectively • However, simple techniques may not provide sufficient focus to reach consensus, or confidence in the identification of hazards Conclusion: Start with simple techniques and build in complexity as required 23 HAZID Approach Type of Process or Activity • Where activities are procedural or human error is dominant then task analysis may be appropriate (e.g. task analysis, procedural HAZOP, etc) • Where knowledge of the failure modes of equipment is critical (e.g. control equipment, etc) then FMEA may be appropriate 24 HAZID Approach Type of Process or Activity • Where the facility is readily shown on a process flow diagram or a process and instrumentation diagram, then HAZOP may be used • Where multiple failures need to be combined to cause an accident, or multiple outcomes are possible then fault tree analysis and event tree analysis may be beneficial 25 Consultation • The MHF Regulations require Employers to consult with employees in relation to: - Identification of major hazards and potential major accidents Risk assessment Adoption of control measures Establishment and implementation of a safety management system - Development of the safety report 26 Consultation • • • Consultation is also required in relation to the roles that the Employer defines for employees The adequacy of the consultation process is a key step in decision-making with regards to the granting of licences A teamwork approach between the Employer, HSRs and employees is strongly advocated for the safety report development process as a whole 27 Consultation • • Employees have a significant effect on the safety of operations, as a result of their behaviour, attitude and competence in the conduct of their safety-related roles The involvement of the employees in the identification of hazards and control measures enhances: Their awareness of these issues and Is critical to the achievement of safe operation in practice 28 Conducting the HAZID HAZID Team Selection • • • • The team selection for the area or plant is critical to the whole hazard identification process Personnel with suitable skills and experience should be available to cover all issues for discussion within the HAZID process A well managed, formalised approach with appropriate documentation is required Team selection and training in methodology used is to be provided 29 Conducting the HAZID HAZID Team Selection • • • Facilitated multi-disciplinary team based approach Suitably qualified and experienced independent person to facilitate Suitably experienced and qualified personnel for the process, operations and equipment involved 30 Conducting the HAZID HAZID Team Selection • These employees MAY BE the HSRs but DO NOT HAVE TO BE • However, the HSRs should be consulted in selection of appropriate persons - this process must be documented and be transparent No single person can conduct a HAZID A team approach will be most effective • • 31 Conducting the HAZID HAZID Study Team The typical study team would comprise: • Study facilitator • Technical secretary • Operations management • HSR/Operations representative • Project engineer or project design engineer for new projects • Process engineer • Maintenance representative • Instrument electrical representative Note: the above team make up is indicative only 32 Conducting the HAZID HAZID Planning The following steps are required: • • • • • Planning and preparation Defining the boundaries and provide system description Divide plant into logical groups Review P&IDs and process schematics to ensure accuracy Optimise HAZID process by means of preplanning work involving relevant stakeholders (operations, maintenance, technical and safety personnel) 33 Conducting the HAZID – Consider the Past, Present and Future Historical conditions Existing conditions What has gone wrong in the past? Root Cause Historical Records Process Experience Near Misses What could go wrong currently? HAZID Workshop HAZOP Study Scenario Definitions Checklists Identified Hazards What could go wrong due to change? Future conditions Change Management What-If Judgement Prediction unforeseeable 34 Conducting the HAZID It is tempting to disregard “Non-Credible” Scenarios BUT • • “Non-credible” scenarios have happened to others Worst cases are important to emergency planning 35 It happened to someone else … Aftermath of an explosion (U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, SIERRA CHEMICAL COMPANY REPORT NO. 98-001-I-NV, January 1988) 36 Conducting the HAZID Issues for consideration • • • • • • • • Equipment can be off-line Safety devices can be disabled or fail to operate Several tasks may be concurrent Procedures are not always followed People are not always available How we act is not always how we plan to act Things can take twice as long as planned Abnormal conditions can cross section limits – Power failure 37 Conducting the HAZID – HAZID Process System description Define boundary Divide system into sections Analyse each section • • • • • • asset or equipment failure external events process operational deviations hazards associated with all materials human activities which could contribute to incidents interactions with other sections of the facility Existing studies Selected methods Systematically record all hazards Independent check Hazard Register Revisit after risk assessment 38 Conducting the HAZID Meeting Venue • • • • • • Hold on site if possible Avoid interruptions if possible Schedule within the normal work pattern, or within the safety report activities Meetings less than 3 hours are not effective Meetings that last all day are also not effective, however practicalities may require all day meetings Don’t underestimate the time required 39 Conducting the HAZID Recording Detail • The level of detail is important for: • • - Clarity Transparency and - Traceability A system (hazard register) is required for keeping track of the process for each analysed section of the facility The items to be recorded are: - Study team System being evaluated Identified hazard scenario Consequences of the hazard being realised Controls in place to prevent hazard being realised and their adequacy Opportunity for additional controls 40 HAZID Techniques - Overview Increasing effort required • Checklists - questions to assist in hazard identification • Brainstorming - whatever anyone can think of • What If Analysis - possible outcomes of change • HAZOP - identifies “process plant” type incidents • FMEA/FMECA - equipment failure causes • Task Analysis – maintenance activities, procedures • Fault Tree Analysis - combinations of failures 41 Checklists • • • • Simple set of prompts or checklist questions to assist in hazard identification Can be used in combination with any other techniques, such as “What If” Can be developed progressively to capture corporate learning of organisation Particularly useful in early analysis of change within projects 42 Checklists Initiating Events General Causes Initiating Causes Overfills And Spills Improper Operation Operating Error Inadequate / Incorrect Procedure Failure To Follow Procedure Outside Operating Envelope Inadequate Training Vessel/Tanker Shell Failure Corrosion Wet H2S Cracking General Process Cooling Water Steam / Condensate Service Water Mechanical Impact Missiles Crane Vehicles 43 Checklists Advantages • Highly valuable as a cross check review tool following application of other techniques • Useful as a shop floor tool to review continued compliance with SMS Disadvantages • • • Tends to stifle creative thinking Used alone introduces the potential of limiting study to already known hazards - no new hazard types are identified Checklists on their own will rarely be able to satisfy regulatory requirements 44 Brainstorm • • • • Team based exercise Based on the principle that several experts with different backgrounds can interact and identify more problems when working together Can be applied with many other techniques to vary the balance between free flowing thought and structure Can be effective at identifying obscure hazards which other techniques may miss 45 Brainstorm Advantages • Useful starting point for many HAZID techniques to focus a group’s ideas, especially at the project’s concept phase • Facilitates active participation and input • Allows employees experience to surface readily • Enables “thinking outside the square” • Very useful at early stages of a project or study Disadvantages • Less rigorous and systematic than other techniques • High risk of missing hazards unless combined with other tools • Caution required to avoid overlooking the detail • Relies on experience and competency of facilitator 46 What If • • • What if analysis is an early method of identifying hazards Brainstorming approach that uses broad, loosely structured questioning to postulate potential upsets that may result in an incident or system performance problems It can be used for almost every type of analysis situation, especially those dominated by relatively simple failure scenarios 47 What If • • • • Normally the study leader will develop a list of questions to consider at the study session This list needs to be developed before the study session Further questions may be considered during the session Checklists may be used to minimise the likelihood of omitting some areas 48 What If Example of a What If report for a single assessed item 49 What If Advantages • Useful for hazard identification early in the process, such as when only PFDs are available • What If studies may also be more beneficial than HAZOPs where the project being examined is not a typical steady state process, though HAZOP methodologies do exist for batch and sequence processes Disadvantages • Inability to identify pre-release conditions • Apparent lack of rigour • Checklists are used extensively which can provide tunnel vision, thereby running the risk of overlooking possible initiating events 50 HAZOP • • • • • A HAZOP study is a widely used method for the identification of hazards A HAZOP is a rigorous and highly structured hazard identification tool It is normally applied when PFDs and P&IDs are available The plant/process under investigation is split into study nodes and lines and equipment are reviewed on a node by node basis Guideword and deviation lists are applied to process parameters to develop possible deviations from the design intent HAZOP results in a very a systematic assessment of hazards 51 HAZOP Example of a HAZOP report for a single assessed item 52 HAZOP Advantages • Will identify hazards, and events leading to an accident, release or other undesired event • Systematic and rigorous process • The systematic approach goes some way to ensuring all hazards are considered Disadvantages • HAZOPs are most effective when conducted using P&IDs, though they can be done with PFDs • Requires significant resource commitment • HAZOPs are time consuming • The HAZOP process is quite monotonous and maintaining participant interest can be a challenge 53 FMEA/FMECA • • • Objective is to systematically address all possible failure modes and the associated effects on a technical system The underlying equipment and components of the system are analysed in order to eliminate, mitigate or reduce the failure or the failure effect Best suited for mechanical and electrical hardware systems evaluations 54 FMEA/FMECA Example of an FMEA/FMCEA report for a single assessed item Potential Failure Mode Potential Effects of Failure Potential Causes of Failure Comments Recommendations Open indicator switch failed Wrong indication of valve back to control system causing possible incorrect controller action to be taken Wear and tear Commissioning and test procedures must ensure that all diverter equipment indicators are correctly wired to the diverter control system The integrity of the position indicators for the Diverter system equipment is critical to the logic of the control system. It is recommended that the position indicators are discretely function tested prior to commencement of each program 55 FMEA/FMECA Advantages • Generally applied to solve a specific problem or set of problems • FMEA/FMECA was primarily considered to be a tool or process to assist in designing a technical system to a higher level of reliability • Designed correction or mitigation techniques can be implemented so that failure possibilities can be eliminated or minimized Disadvantages • It is very time consuming and needs specialist skills from different backgrounds to obtain maximum effect • Very hard to assess operational risks within an FMEA/FMECA (like they can be within a HAZOP or What if study) 56 Task Analysis • • • • Technique which analyses human interactions with the tasks they perform, the tools they use and the plant, process or work environment Approach breaks down a task into individual steps and analyses each step for the presence of potential hazards Used widely to manage known injury related tasks in workplace Excellent tool for hazard identification related to human tasks 57 Task Analysis Disadvantages • Does not address plant process deviations which are not related to human interaction Caution • Relies on multi-disciplined input with specific input of person who normally carries out the task • Often assumed to be the only tool of hazard identification or risk assessment, as it is used generally at the shop floor 58 Fault Tree Analysis • • • • Graphical technique approach Provides a systematic description of the combinations of possible occurrences in a system which can result in an identified undesirable outcome (top event) This method combines hardware failures and human failures Uses logic gates to define modes of interaction (ANDs/ ORs) 59 Fault Tree Analysis Process vessel over pressured AND Pressure rises PSV does not relieve AND Process pressure rises OR Control fails high Fouling inlet or outlet PSV too small Set point too high PSV stuck closed 60 Fault Tree Analysis Advantages • Quantitative - defines probabilities to each event which can be used to calculate the probability of the top event • Easy to read and understand hazard profile • Easily expanded to bow tie diagram by addition of event tree Disadvantages • Need to have identified the top event first • More difficult than other techniques to document • Fault trees can become rather complex • Time consuming approach • Quantitative data needed to perform properly 61 Review and Revision The following are examples of when a HAZID revision should occur Organizational changes New projects HAZID Revision Incident investigation results Process or condition monitoring changes Abnormal conditions through design envelope changes 62 Sources of Additional Information • • • Loss Prevention In The Process Industries, Second Edition, Reed Educational and Professional Publishing, F. P Lees,1996 Guidelines for Hazard Analysis, Hazardous Industry Planning Advisory Paper No.6, NSW Department of Planning, June 1992 HAZOP and HAZANs, Notes on the Identification and Assessment of Hazards, Second Edition, Trevor Kletz, The Institution of Chemical Engineers, 1986 63 Sources of Additional Information • • • • • Guidelines for Hazard Evaluation Procedures, Second Edition, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 1992 Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001 Hazard Identification and Risk Assessment, Geoff Wells, The Institution of Chemical Engineers, 19. MIL-STD-1629A, 1980 Failure Modes and Effects Analysis, J. Moubray, RCM II, 2000 64 Questions? 65
