Trends in Industrial Safety>Yellow Book: Physical Effects of releases >Greene Book: Damages to...
Transcript of Trends in Industrial Safety>Yellow Book: Physical Effects of releases >Greene Book: Damages to...
1
Trends in Industrial Safety
Bhopal Gas Tragedy and its Effects on Process SafetyInternational Conference on the 20th Anniversary of the
Bhopal Gas Tragedy
Indian Institute of Technology, Kanpur, IndiaDecember 1 to 3, 2004
C.M. Pietersen MSc.TNO Safety Solutions Consultants BV
General manager
Aspects of industrial Safety
Technical Safety:
• Hazard Identification and SIL Classification according to IEC 61508• Qualitative Risk Evaluation e.g. by using Risk Graphs or- Matrices• Quantitative Risk Analysis as also required by authorities (Location Specific
Risk and Group Risk)
Organisational Safety:
• Organisational factors associated with Safety• Measuring effectiveness from audits en accident analysis studies• The Tripod method for determining the Basic risk factors of an organization
Safety Culture:
• Safety Culture Maturity assessment• Behaviour Safety Programs
2
Safety Management has Evolved
Assurance
1960 1970 1980 1990 2000
Equipment
Human error / factor
Management focusSMS - HSE -MS
Safety Performance
Behavioural
Technical Safety
• Hazard Identification and SIL Classification according to IEC 61508/ 61511
• Qualitative Risk Evaluation e.g. by using Risk Graphs or- Matrices
• Quantitative Risk Analysis as also required by authorities (Location Specific Risk and Group Risk)
3
HAZOP
Objective:
To identify and evaluate the unwanted causes and consequences of foreseeable deviations in the process. This in a structured, and systematic way.
How:
By a multi- disciplinary team in brainstorm sessions Check acceptability of the risks involvedIf necessary, formulate recommendations for improvement.
Alle leidingen rond vat zijn nodes
4
Scenario: Overfilling LPG sphere
Scenario from the HAZOP:
> Overfilling and overpressure LPG sphere
Fit for Purpose Safety: When is risk acceptable?
> Determine the Loss of Containment (LOC) scenario
> Evaluate the consequences and frequency of the LOC scenario
> Determine the required risk reduction
> Deteremine the way to implement the risk reduction (e.g
overfill protection system)
Example: Mexico City disaster 1984 (500 victims)
Mexico City LPG depot
5
Consequences of overfilling
IEC 61508/ 61511 Standards
Risk evaluation in relation tot Safety Instrumeneted systems
SIL Classification/-verification
6
Bow-tie model:‘Barriers’
PREVENT
BEHAVIOUR
ORGANISATION
ENGINEERING
INCIDENT
HAZARDS
MITIGATECONSEQUENCES
Equipment Under Control (EUC)
Safety Instrumented System (SIS)
EUC
Logic SolverSensor Final Element
BPCSProcess
Alarm & Monitoring panels
7
15/01/96
Risk ReductionACTUAL
REMAINING RISKTOLERABLE
RISKINTERMEDIATE
RISKINITIAL RISK
Risk without theaddition of anyProtectivefeatures
INCREASINGRISK
Partial riskcovered bySIS
Total risk reduction
Risk with theaddition of otherrisk reductionfacilities
Partial risk covered by other
risk reduction facilities
NECESSARY MINIMUMRISK REDUCTION
ACTUAL RISK REDUCTION
Risk with theaddition of otherrisk reductionfacilities andIPF function
4
W3 W2 W1C1
C2
C3
C4
a - -
1 a -
2 1 a
2 1 a
3 2 1
3 2 1
4 3 2
na 3
P1
P2
P1
P2
F1
F2
F1
F2
The risk graph for safety
8
TR
Trip Amplifier
s
Safety Interlocks
Process Pipe
Logic Solver
Sensors
SIS = from Pipe to Pipe
Safety Functions
TR
TR
AirVent
Process Pipe
AirVent
Final Elements
solenoid
Fail SafeOutput
Fail SafeOutput
Complete SIS
TYPICAL SIL 2 Type A
Process
Sensors
LOGIC SOLVERSIL 2
FinalElements
Typical SIL 2A_1.0
. T
. T
FO
XEV
XPV
fromDCS
Process PipeFO
.EV
.PV
SAFETY Type A SFF<60%
Type A SFF<60%
SAFETY Type A SFF<60%
Type A SFF<60%
Acceptable,If fail to danger of control valve is not part of the scenario.
9
Technical Safety
Quantified Risk Analysis (QRA)
Location Specific Risk
Group Risk
Location Specific Risk
10
Group- or Societal Risk
>Yellow Book: Physical Effects of releases
>Greene Book: Damages to people from the effects
>Purple Book: QRA parameters and data
>Red Book: Failure frequencies and probabilities
TNO Colored Books
11
Plant data
Generic failurerate data
Derive failure cases
Calculate frequencies Calculate consequences
Populationdata
Calculate risks
Assess risks
Meteorologicaldata
Ignition data
QRA scheme
Pressure vessels Failure frequencies(purple book)
Installation G1Instantanious
G2Instantanious
10 min
G3ContinuousØ 10 mm
Pressurevessel
5 x 10-7 5 x 10-7 1 x 10-5
Processvessel
5 x 10-6 5 x 10-6 1 x 10-4
Reactor 5 x 10-6 5 x 10-6 1 x 10-4
12
Organisational Safety
• Organisational factors associated with Safety• Measuring effectiveness from audits en accident
analysis studies• The Tripod method for determining the Basic risk
factors of an organization
HSE MS“fully implemented”
HSE MS“in place”
Measurablerequirements
Non-measurableissues, alertness,imagination, flexibility, expectingthe unexpected
HSEMS
Culture
performance
compliance
A
B
C
Why is ‘good performance’ not enough?
13
SAFETY BY COMMAND
Senior management commitment
Management style
Visible management
Good communication between all levels of employee [management action]
A balance of health and safety and production goals [management prioritisation]
Organisational Factors Associated with a Safety Culture
14
HSE management
JSA/JHATechniques Workplans
Trends/benchmarking
DiagnosticSurveys
ViolationSurvey
Hazardous SituationUnsafe Act reporting
AuditsReviews
Incident Investigation(Tripod Beta)
Incident Reporting
Contract/ContractorManagement
CompetencyProgrammes
Permit toWork System
HSE Assuranceletter
HSE SelfAppraisal
Site Visits
SituationalAwareness
HSE Standards& Procedures
PATHOLOGICAL
REACTIVE
CALCULATIVE
PROACTIVE
GENERATIVE
Safety Culture
chronic uneasesafety seen as a profit centrenew ideas are welcomed
we are serious, but why don’t they do what they’re told?endless discussions to re-classify accidentsSafety is high on the agenda after an accident
the lawyers said it was OKof course we have accidents, it’s a dangerous businesssack the idiot who had the accident
resources are available to fix things before an accidentmanagement is open but still obsessed with statisticsprocedures are “owned” by the workforce
we cracked it!lots and lots of auditsHSE advisers chasing statistics
15
Why Behavioral safety
Safety Improvement tomorrowHuman Behavior
Equipment/Hardware/
Systems/Methods
Ten elements of Safety Culture Maturity®
Visible management commitmentSafety communicationProductivity versus safetyLearning organisationParticipation in safetyHealth & safety resourcesRisk-taking behaviorTrust between management and frontline staffIndustrial relations and job satisfaction Safety training
16
What is behavior safety?
A programme, which becomes a habit, involving…> Analysis of behavior and other causes of accidents> Management (and later workforce) focusing on behaving safely to avoid injury> Observation, intervention, feedback and reinforcement
Some examples:STOP DuPontBehavior safety programs
What is behavior safety?
1 1Identify at risk behaviors and definesafe behavior
2Observation of behaviors and feedback
3Data gathering and creating score carts 4
Steering team: shop floor & staff personell
Results to steering team
Analyses of observations to SHE cie
5SHE committee/ MT team
Observationsresults
ABC analyses and action implementation
17
Emerging Level 1
Managing Level 2
Continuallyimproving
Level 5
Safety culture maturity model
Involving Level 3
Cooperating Level 4
Develop management commitment
Realise the importance of frontline staff and develop personal responsibility
Engage all staff to develop cooperation and commitment to improving safety
Develop consistency and fight complacencyIm
proving safet
y cultu
re
Increasin
g consis
tency
Accident analysis
“Missed Opportunities”
Trevor Kletz: (4/12/2000, Singapore):We find only a single cause (often last one in chain)We find only the immediate causesWe list human error in a too general wayWe list causes we can do little aboutWe do not share our lessonsWe forget the lessons
18
Learning from incidents
Six steps for effective learning from incidents
www.safety-sc.com
Necessary steps
1. Detection of a SHE incident2. Reporting of the incident3. (Tripod) analysis of the incident4. Establishing of the learning effects5. Implementation of the learning effects6. Checking the effectiveness of the implementation
19
Step 4: Establishing learning effects
DRIVERSstandards,
policiesMETHODS
e.g. planning, coordination, control
RESOURCESe.g. time, money, people, materials WORKING
ENVIRONMENTincidents
INTENTIONSManagement
ACTIONSSupervisors
CONSEQUENCESOperational staff
1: Single-loop learning2: Double-loop learning3: Triple-loop learning
1
23
Learning loops
• Single-loop learning affects the way operational goals are achieved:
- Without changing the goals, methods or resources.
- It can be described as doing the same things better. It is visible
in modifications of a task protocol, working instructions or
procedures.
• Double-loop learning affects norms and organizational targets:
- It can be described as doing things in a better way. Such
changes are visible as changes in resources and methods used.
• Triple-loop learning affects the drivers (policies and values) of an organization on a high level.
- It can be described as doing other things.
20
Learning on various organizational levels
Corporate SHE&M
BG 1 or regional Group
BG 2 or regional Group
Site X Site Y
Site A
Site B
LearningFrom incidents
Learning from incidents
Learning from incidents
Learning from incidentsFrom incidents
Learning on various organizational levels
• Learning can take place on several levels (see figure):a. on site level;b. on regional, BU / BG level, i.e. for groups of plants/sites that have
similar activities and use similar technologies;c. on corporate level, i.e. for the whole or for several BG’s.
• Site level: over the shifts, the learning process varies, depending on:
1. quality of information given (see communication)2. support given by the (SHE-)manager3. involvement felt (“can it happen to me?”)
• Other levels: effective learning become more complex. On higher organizational levels, learning can only take place based on selected issues that are shared by a larger number of units within the organization and that are controlled by a higher organizational level
21
Tripod accident investigation
Measure fore effectiveness of Safety Management Measure for vulnerability for Human Factor problemsManagement of Human Factor ProblemsControl the Controllable
The Prevention BRFs> Design (DE)> Tools & Equipment (TE)> Maintenance (MM)> Housekeeping (HK)> Error Enforcing Conditions (EC)> Procedures (PR)> Training (TR)> Communication (CO)> Incompatible Goals (IG)> Organisation (OR)
The Mitigation BRF
> Defences (DF)
Tripod Basic Risk Factors (BRFs)
22
0
25
50
75
100
DE TE MM HK EC PR TR CO IG OR DF
Mean score forIndustrial sector
'State of the art'
Best 25%
Worst 25%
Disastrous
Company 1Company 2
BRF
Measure of control
High
Low
Tripod Condition Survey
Bow-tie model
PREVENT
BEHAVIOUR
ORGANISATION
ENGINEERING
INCIDENT
HAZARDS
MITIGATECONSEQUENCES
23
HET diagram as part of the Bow-tie
Event/ Consequence Target
Control
Latent Failure
Precondition
Active failure
Defence
Latent Failure
Precondition
Acitivefailure
Hazard Event/ Consequence
Event/ Consequence Target
Control
Latent Failure
Precondition
Active failure
Defence
Latent Failure
Precondition
Acitivefailure
Hazard
Closing Remarks
>Technical Safety is ‘ only’ starting point
>Technical safety is undermined by Human Factors as a result of the Safety Culture and the related behavior.
>A mature HSE system includes Organizational and Safety Culture aspects
>Constant feedback from detailed accident analysis studies is required.