Sean OSullivan Marathon Oil

8/13/2019 Sean OSullivan Marathon Oil

1/19

Achieving Best in Class Performance Standards

Sean OSullivan, Marathon Oil U.K. LLC.

Marathon Oil U.K. LLC


2/19

Why Performance Standards?

Prior to 1988, DoE and certification bodies defined what safety

measures are requiredprescriptive legislation

Prescriptive legislation cannot account for the differences in

hazards etc., between each installation

Doesnt allow for alternative solutions

The Cullen Report led to goal setting

Operators to identify their own Safety Critical Elements

Performance Standards are where Operators define their Safety

Critical Elements and demonstrate how their goals are achieved

Requirement [Offshore Safety Case Regulations, 2005] to define:

Functionality, Availability, Reliability, Survivability and

Interaction/Dependency2Marathon Oil U.K. LLC


3/19

Assessment of Safety Critical Elements

A systematic approach would define each function that is

essential from each hazard assessment as safety critical

It may be more efficient for a team to review the criticalhardware components for preventing / mitigating major hazards

only

Major hazards are defined in Safety Case Regulations (2005):

3

Fires orExplosions

Diving HelicoptersStructuralIntegrity

HAZID HAZOP ERRASmoke &

Gas

Marathon Oil U.K. LLC

e.g.


4/19

Design vs Operational Information

When identifying what the requirements are for each

Performance Standard (PS), the team must consider what

information they are trying to convey.

For an existing asset, this is likely to be the specific requirement

for that asset, as it stands. The information will be used during

maintenance and defect identification.

As part of a design project, performance standards could be used

to define the design

strategy for safety

critical elements.

It is difficult to combine

both in one document.

4Marathon Oil U.K. LLC


5/19

Layout of Performance Standards



6/19

Introductory Information

Important first stage to clarify why each system is Safety Critical

Define purpose, scope and equipment items this standard covers

Can save time later, e.g. distinguishing which ventilation

dampers are Safety Critical Elements

Define where additional information (e.g. drawings) are stored Define contingency arrangementswhat do you do if a failure is

identified



7/19

Functional Criteria

Define the overall purpose(s) of the system, e.g. TEMPSCto

enable the evacuation of all personnel from the platform

Looking to specify only the criteria that are relevant for the

functionality of the system

Consider if, given the function is available and operational, will it

be effective in its purpose can it be relied upon?

Recognise that some systems may be safety related, or primarily

provided for safety, but are not Safety Critical

SMART criteria where possible

Reference numerical criteria where possible, recognise good/best

practice



8/19

Assurance Activities

Important addition to the Performance Standards

Review whether checks are in place to prove that SCEs are

effective

I.e. This is a demonstration that sufficient maintenance and testing is in

place

If not already in place, can cross reference functional criteria with

the maintenance management system such that PMRs can be

flagged as safety critical

It is essential to review the content of each PMR, however it may

not be appropriate to specify the frequency of each PMR



9/19

Verification Activities

Use of an Independent Verifying Body is a legal requirement,

however the Independent Verification Body (IVB) scope isdefined by the operator

The purpose of annual verification is to confirm that the SCEs

are effective:

Do they function as specified

Typically the Minimum Activities of the IVB is definedthe IVB

is invited to continue reviewing information and witnessing

tests until satisfied that we are / are not compliant

By defining the assurance activities and the IVB activities line byline against each functional criteria, we improve clarity of what is

expected and what has been done, e.g. if anomalies are found



10/19

Survivability

PFEER requirement to define in what circumstances the SCE is required

to survive to provide its function Generally, this cannot be influenced after design, however supporting

structures and SCE requirements may reference this

E.g. Lifeboats to survive for 90 minuteslimited ability to testsurvivability criteria.

Assurance by design E.g. F&G system to operate

for 90 minutespartiallyassured by functionality ofthe electrical power system

with 90 minute functionalcriterion for batteryback up



11/19

Reliability / Availability

PFEER requirement to define reliability / availability requirement

Consider whether the Safety Case demands 100% availabilityare suitable contingency arrangements in place in case offailure?

Is 100% availability realistic?

Does your QRA demonstrate that with


12/19

PFEER Availability Assessment

Linking reactive task management to population data for each

equipment itemFailure rate and other reliability measures

Development of fault trees for each safety critical systemHow

does each component influence the overall system?

Although data quality issues are difficult to overcome

By tracking availability over time we can see trends in SCE

performance



13/19

Availability Calculation Source Data

Work orders are given:

A PFEER fault code, identifying the type of failure

Time taken for repair to be completed

Work orders over a given time period are collated and summated

by fault code

Probability of Failure on Demand (PFoD) is determined for each

fault code, then PFoD is used in system specific fault trees to

determine system PFoD

Components with no failures in a period are treated

conservatively, using statistical industry data



14/19

PFoD by Fault Tree


SPECIFICFAILURE A

SPECIFICFAILURE B

SPECIFICFAILURE C

&

OR

SYSTEM

UNABLE TO

ACHIEVE

OBJECTIVE


15/19

0.0%

0.2%

0.4%

0.6%

0.8%

1.0%

1.2%

1.4%

01-Jan-08 To

31-Dec-09

01-Jul-08 To

30-Jun-10

01-Jan-09 To

31-Dec-10

01-Jul-09 To

30-Jun-11

01-Jan-10 To

31-Dec-11

01-Jul-10 To

30-Jun-12

ProbabilityofF

ailureonDema

nd

(P

FoD)

PS04 Isolation PS04 Blowdown

Case studies



16/19

Continuous Improvement

Performance standards are subject to regular review through use

Suggestions for changes and clarifications are welcomed from the

verifier and users

One aspect of the Safety Case Thorough Review is to check the

performance standards

It is perceived that the clarity of the performance standards aids

their review and challenge



17/19

Summary (1/2)

Guidelines for the Management of Safety Critical Elements (2nd

Edition), Energy Institute, give good guidance on the principles ofPerformance Standards, but additional effort in preparation and

use of Performance Standards can yield benefits:

The act of writing Performance Standards is an opportunity for an

Operator to develop their understanding of what equipment isSafety Critical

The layout is crucial and if successful, can drive the outcome to be

easily understood and useful. For example, blank boxes are an

automatic gap analysise.g. Missing function testing routines.

Upfront specification of the complete extent of a Performance

Standard system can save time later.



18/19

Summary (2/2)

Documenting assurance activities is very useful in informing users

of which tasks are safety critical, and defining how equipment istested, particularly if this includes activities over several

maintenance management systems.

Matching verification activities to functional criteria helps clarify

when following up anomalies.

A thorough availability assessment is challenging to get right, but

can be worthwhile in demonstrating adequate performance and

identifying Safety Critical Element performance trends at an early

stage



19/19

Questions?

19Marathon Oil U K LLC

Sean OSullivan Marathon Oil

Documents

Transcript of Sean OSullivan Marathon Oil