Health Healthand andSafety Safety Executive Executive Energy Sector - EU/UK Regulatory and Legal framework, Safety Cases Kevin Myers Director General Regulation Health and Safety Executive, UK EU-US Joint Conference on OSH Fort Worth, Texas 17-19 September 2015 Background principles • • • 28 Member States in EU • Developed from experience of incidents eg Seveso, Deepwater Horizon • • • Each has its own history and OSH legal framework EU OSH Legislation is largely expressed through “Directives”……. Which are transcribed into National legislation……… And in doing so inevitably reflect history, legal system, philosophy……… So I will cover this through the UK perspective Fundamentals of UK’s OSH system • • A (largely) goal-setting regulatory framework • This outcome-focused approach is underpinned by risk assessment to determine the appropriate controls • The business/employer is responsible for identifying and managing risk and establishing the appropriate control measures - not the Regulator But the important thing is delivery of the controls – not the piece(s) of paper! Energy Sector • • • Traditional OSH activities – working with electricity, falls from height etc – failures are comparably high frequency, but ‘low’ consequence – tend to regulate through core OSH regulations “major hazard” activities - Oil and gas exploration, refining etc - failures are comparably low frequency but high consequence - tend to regulate through ‘safety case’ regimes Emerging technologies – under development?! ‘Traditional’ OSH risks I Covered by a ‘Framework’ Directive setting out general principles of prevention: • • hierarchy of risks – avoid, evaluate, control at source • • • adapt to technical progress • adapt the work to the individual and prioritise collective over individual protective measures developing a coherent overall prevention policy consult/engage with the workforce and provide adequate training workers to co-operate, use machinery and ppe etc correctly and notify employer of shortcomings and /or danger ‘Traditional’ OSH risks II Framework Directive supported by over 20 “Daughter” Directives – either sector or cross-cutting hazard-based • • • • • ppe, manual handling, display screen equipment, vibration, noise, work equipment chemical agents, carcinogens, asbestos, biological agents, explosive atmospheres construction oil and gas extraction mining Major Drivers for Change Technology Risk Management Systems Behavioural Human Factors? Time Time “Safety Case” Regime • • • Businesses need the regulator’s agreement or consent before they can start operation: – Safety Cases/Safety Reports /Licences – Often this includes the regulator’s agreement on aspects of the design, construction and commissioning of the plant as well Dependant on the business/employer demonstrating that the risks are controlled ‘as low as is reasonably practicable’ ALARP. Regulator’s role is to assess and verify that the case for safety has been made and the risks effectively managed and controlled. Inspection • • • • Risk based and targeted Takes account of company performance But also topic-based Primary purpose is to verify that the control measures described in Safety Case/Report actually exist on the ground and are resilient Investigation • • • High public expectations • Learn and share lessons Hold accountable those responsible Establish root causes: – Technical – Managerial – Cultural Hazard Incident Swiss Cheese Model of Defence Hazard Ideal Reality Incident Swiss Cheese Model of Defence Advantages/Disadvantages of Safety Case Regime • • • • • • • No prescription - so flexibility and alternative ways of reaching the desired outcome Enables – indeed encourages - innovation Need for good guidance, industry codes and standards to establish good practice in achieving compliance Need for an on-going dialogue with industry and its involvement in developing and owning guidance and standards The role of the regulator The business value of the safety case It is no guarantee of safe production/operation Key Lessons from UK experience • • • • • • It’s often the routine day to day tasks and activities that go wrong not the unusual/obscure There are no new incidents just new people repeating the same mistakes Tomorrow’s major accident is lurking in the organisation today. A seismic quake is always preceded by warning signs Importance of leading indicators No clear sense of vulnerability. Belief in the infallibility of control system Regulatory Codes can at best only be a imperfect fit to risk management – not a guarantee of safety HSE publication HSG254 • • What can go wrong? • • • What systems are in place to manage those challenges? Where within the facility will these challenges to integrity be most critical? What does success look like? What are the critical activities which must work right to deliver the intended outcome? Thank you for listening!