Bowties in process safety auditing
Transcript of Bowties in process safety auditing
“Insert” then choose “Picture” – select your picture.Right click your picture and “Send to back”.
The business of sustainability
Bowties in process safety auditingMireille Busque - ERM
The business of sustainability
© Copyright 2015 by ERM Worldwide Limited and/or its affiliates (‘ERM’). All Rights Reserved. No part of this work may be reproduced or transmitted in any form or by any means, without prior written permission of ERM.
The business of sustainability © 2016 ERM
Process Safety Auditing
2
Auditing is a vital part of a PSM program■ Demonstrate compliance with company expectations and processes
■ Ensure suitable safeguarding measures in place
■ Identify deficiencies in compliance or safeguarding measures.
■ Needs to be systematic and independent.
■ Must be relevant to the site hazards
The business of sustainability © 2016 ERM
Different types of audit
3
Compliance-centred■ Regulatory
■ Corporate
■ Management systems
Hazard-centred■ Focussed on particular hazards
■ Safeguards necessary to control hazards
The business of sustainability © 2016 ERM
Audit protocol
4
But developing an audit protocol can be problematic■ Process safety hazards may
vary from site to site or from time to time
■ Consequences of accident may vary and therefore different safeguards required
One size does not fit all for a varied portfolio of assets■ Audit must consider safeguards
important to prevent or mitigate site-specific process safety hazardous events
The business of sustainability
Using Bowties in Process Safety Auditing
So how can you:■ Identify process safety measures relevant to particular sites?
■ Account for local concerns and vulnerabilities?
■ Leave a legacy of increased process safety awareness
© 2016 ERM
The business of sustainability
Location: TOP EVENT
HAZARD
BARRIER 1.2BARRIER - 1.1
THREAT - 1
BARRIER 2.2BARRIER - 2.1
THREAT - 2
BARRIER 3.2BARRIER - 3.1
THREAT - 3
BARRIER
ESCALATION
BARRIER - A.1 BARRIER A.2
CONSEQUENCE - A
BARRIER - B.1 BARRIER B.2
CONSEQUENCE - B
BARRIER
ESCALATION
Some bowtie concepts
The scenario which represents losing control of
the hazard
Various distinct causes of the top
eventRealistic worst-case outcomes of the top event
A physical situation
with a potential for harm
PREVENTION MITIGATION
Measures to prevent a top event due to a
particular threat
Conditions which could cause barrier to fail
Measures to mitigate the
consequences of a top event
6
© 2016 ERM
The business of sustainability © 2016 ERM
Safety Cases
8
Bowtie diagrams have many different uses:
The business of sustainability © 2016 ERM
Deep understanding of barrier operation
9
Bowtie diagrams have many different uses:
RAPID SCCU Facilities: Loss of Containment - U3420 MTBE - L and V
01.03 LPGs (e.g. C3/C4 cuts, Raffinate 1, 2 & 3)
Overpressure Protection System and Relief System
Process Containment
PC007 Relief System (PRV, PSV, etc)
Instrument Protective Function, Instrumented Protection System and Emergency Shutdown Systems (ESD)
Shutdown Systems
SD001 Emergency Shutdown (ESD) Control System
Process Monitoring Control System with operator intervention [Control room operator operates the plant according to standard operating procedures using the information from DCS (SOP)]
Emergency Response
ER009 Process Control & Alarms
Process Equipment and Piping Systems Operated within Specified Safe Operating Limits
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Process Equipment and Piping Systems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Process Upset (e.g. over-pressure, over temperature)
Instrument Protective Function, Instrumented Protection System and Emergency Shutdown Systems (ESD)
Shutdown Systems
SD001 Emergency Shutdown (ESD) Control System
Process Monitoring Control System with operator intervention [Control room operator operates the plant according to standard operating procedures using the information from DCS (SOP)]
Emergency Response
ER009 Process Control & Alarms
Process Equipment and Piping Systems Operated within Specified Safe Operating Limits
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Process Equipment and Piping Systems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Overfilling of Drums
Corrosion Monitoring and RBICorrosion Protection System (N2 blanketing of V-301)
Process Equipment and Piping Systems Operated within Specified Safe Operating Limits (Corrosion Allowance and Material Selection)
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Process Equipment and Piping Systems Designed/ Installed/ Comissioned to Specified Safe Operating Limits (Corrosion Allowance, Material Selection and vessel linings as directed by licensors)
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Internal Corrosion
Corrosion Monitoring and RBIInsulating gasket between dissimilar materialsProcess Equipment and Piping Systems Operated within Specified Safe Operating Limits (Coating Integrity)
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
Process Equipment and Piping Systems Designed/ Installed/ Comissioned to Specified Safe Operating Limits (Coating Integrity)
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
External Corrosion
Periodic statutory inspection of pressure vessels
All flange are fitted with inner ring, spiral wound gasket
Process Containment
PC005 Hydrocarbon Piping
Flange Management ProgramPreventive maintenance of pumps and replacement of seals based on condition of seals
Process Containment
PC003 Rotating Equipment
Seal Leak Detection and Venting System
Process Containment
PC003 Rotating Equipment
Field operator regularly walking around
Emergency Response
ER009 Process Control & Alarms
Process Equipment and Piping Systems Operated within Specified Safe Operating Limits
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
ystems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]
Process Containment
PC001 Pressure Vessels
PC002 Heat Exchangers
PC003 Rotating Equipment
PC005 Hydrocarbon Piping
els, equipment, piping, valves, flanges, seals)
All vehicle movements in process areas are subjected to permit to work system or controlled by procedures if routine
Safety distance between roads and process equipment
Main/Plant Roads Integrity as per Specification
Structural Integrity
SI001 Structures
Area Demarcation between Process and non-Process facilities
Perimeter fence to prevent access to site by unauthorized vehicles
Detection Systems
DS002 Security Systems
Impact Damage (Vehicle)
Piping design to allow flexibility during earthquake activities
Process Containment
PC005 Hydrocarbon Piping
Pile and foundation integrity
Structural Integrity
SI001 Structures
Structure design according to BOD and seismic activities specifications
Structural Integrity
SI001 Structures
Earthquake/ subsidence
Storm drains system
Emergency Response
ER010 Bunding and Drains (Hazardous and Non-hazardous)
Plant Design according to BOD and Environmental Loads Specifications
Emergency Response
ER010 Bunding and Drains (Hazardous and Non-hazardous)
Climate Extremes (eg Heavy Rain, Strong Wind)
Lightning protection system including earthing and bonding for buildings and tall structures as per IEC 62305 (e.g.Telecommunication Tower, flare stack, columns)
Ignition ControlIC005 Electrical Earthing Continuity (Earth Bonding)
Lightning
Integrity of Cranes, Mechanical Handling Equipment and Appliances
Structural Integrity
SI003 Heavy Lift Cranes and Mechanical Handling Equipment
Dedicated Areas with suitable foundation for supporting heavy lifting crane
Lifting Activities are strictly controlled by Permit to Work system
Dropping/ Swinging Objects
Daily visual inspection by field operatorStructures and Foundations Operated within Specified Safe Operating Limits
Structural Integrity
SI001 Structures
Structures and foundations Designed/ Constructed to Specified Safe Operating Limits
Structural Integrity
SI001 Structures
Structural failure for process structures, storage tanks and vessel supports (eg fatigue, corrosion, human error etc)
Entire system is air free using N2 before introducing hydrocarbons
Ignition Control
IC007 Inert Gas
Internal explosion inside vessel during start-up
Steam purge of reactor before opening to atmosphere
Catalyst changing activities
Control of Ignition sources (e.g. Earthing and Bonding Equipment, Vehicle/ Equipment Spark Arrestors, Thermal Insulation for high temperature explosed surfaces)
Ignition ControlIC003 Certified Electrical Equipment
IC005 Electrical Earthing Continuity (Earth Bonding)
IC008 Miscellaneous Ignition Control Components
SI005 Road vehicles
Hazardous Area Classification
Operational control of ignition sources (e.g. Hot Work Permit, Vehicle entry restrictions etc)Ignition Control: Lightning protection system for buildings and tall structures (e.g.Telecommunication Tower, flare stack, columns) as per IEC requirement
Ignition ControlIC005 Electrical Earthing Continuity (Earth Bonding)
Flame/Flammable Gas Detectors to initiate Alarms with operator to verify and initiate shutdown if appropriate
Detection Systems
DS001 Fire & Gas Detection
Detection by field operator and use of Manual Call Points with operator acknowledgement (no detection equipment)
Emergency Response
ER004 Communication Systems
Emergency Shutdown System
Shutdown Systems
SD001 Emergency Shutdown (ESD) Control System
SD006 Emergency Shutdown Valves (ESDV)
SD009 Utility Air
Passive Fire Protection System (Fire proofing for steel structures supporting HC vessels and piperacks)
Protection Systems
PS006 Passive Fire Protection
Firewater Spray System (including Ring Main/Other Distribution System, Deluge valves and Water Spray System)
Protection Systems
PS001 Deluge Systems
PS005 Firewater Ringmain and Other Distribution Systems
PS009 Sprinkler Systems
Manual/Portable Firefighting Equipment operated by MTBE emergency response team (including fire hydrants, fire water monitors, mobile foam cart)
Emergency Response
ER008 Manual Fire Fighting Equipment
Centralized Emergency Fire Services (CEFS) and external agencies response team
Emergency Power System and UPS
Emergency Response
ER005 Uninterruptable Power Supply (UPS)
ER007 Emergency Power
Escape evacuation and rescue facilities including escape route, emergency lighting and wind sock
Emergency Response
ER001 Temporary Refuge/ Primary Muster Areas
ER002 Escape & Evacuation Routes
ER003 Emergency/ Escape Lighting
Emergency telecommunication system (e.g. dedicated hotline, PAGA)
Emergency Response
ER004 Communication Systems
Fire/ explosion escalation mitigated by safety distance between process units and manned populated areas
Occupied buildings (OSB) designed for blast load and fire
Protection Systems
PS002 Explosion Protection including Blast Barriers and Venting Provisions
ER001 Temporary Refuge/ Primary Muster Areas
Fire/ Explosion/ leading to onsite/ offsite personnel injuries/ fatalitie
Flame/Flammable Gas Detectors to initiate Alarms with operator to verify and initiate shutdown if appropriate
Detection Systems
DS001 Fire & Gas Detection
Detection by field operator and use of Manual Call Points with operator acknowledgement (no detection equipment)
Emergency Response
ER004 Communication Systems
Emergency Shutdown System
Shutdown Systems
SD001 Emergency Shutdown (ESD) Control System
SD006 Emergency Shutdown Valves (ESDV)
SD009 Utility Air
Centralized Emergency Fire Services (CEFS) and external agencies response team
Emergency Power System and UPS
Emergency Response
ER005 Uninterruptable Power Supply (UPS)
ER007 Emergency Power
Spill Containment and Accidential Chemical Containment (ACC) Drainage System
Emergency Response
ER010 Bunding and Drains (Hazardous and Non-hazardous)
Waste Water Treatment facilities
Environmental Impact
TBE - L and V
& 3)
, Vehicle/ Equipment Spark Arrestors, Thermal Insulation for high temperature explosed surfaces)
Ignition Control
IC003 Certified Electrical Equipment
IC005 Electrical Earthing Continuity (Earth Bonding)
IC008 Miscellaneous Ignition Control Components
SI005 Road vehicles
Hazardous Area Classification
Operational control of ignition sources (e.g. Hot Work Permit, Vehicle entry restrictions etc)
Ignition Control: Lightning protection system for buildings and tall structures (e.g.Telecommunication Tow
Ignition
IC005 Electrical Earthing Contin
Flame/Flammable Gas Detectors to init
Dete
■ Part of design process■ Understand hazards■ Identify Safety Critical
Elements■ Identify Safety Critical Tasks■ Capture actions and
recommendations■ ALARP demonstration
© 2016 ERM
The business of sustainability © 2016 ERM
Loca
tion
: TO
P EV
ENT
HA
ZAR
DB
AR
RIE
R 1
.2
BA
RR
IER
- 1
.1
THR
EAT
- 1
BA
RR
IER
2.2
BA
RR
IER
- 2
.1
THR
EAT
- 2
BA
RR
IER
3.2
BA
RR
IER
- 3
.1
THR
EAT
- 3
BA
RR
IER
- A
.1
BA
RR
IER
A.2
CON
SEQ
UEN
CE -
A
BA
RR
IER
- B
.1
BA
RR
IER
B.2
CON
SEQ
UEN
CE -
B
Communicating hazard management
10
Bowtie diagrams have many different uses:
■ Senior Leaders■ High-level overview■ Conversation-starter for
site visits■ Context for process
safety KPI
■ Workforce■ Hazard overview■ Operational risk
assessment■ Permit risk assessment
The business of sustainability © 2016 ERM
Bowtie use in various industries
11
"Bowtie is one of many barrier risk models available to assist the identification and management of risk and it is this particular model we have found (and are still finding) useful".
“We are improving our riskmanagement process through theobjective centred ‘bow tie’ approach.”
ERM is also using bowties with clients in:■ Food production■ Manufacturing■ Road transport■ Upstream O&G■ Downstream O&G■ Chemicals
The business of sustainability
Bowties provide all information necessary to develop a focussed audit protocol
Using Bowties in Process Safety Auditing
Location: TOP EVENT
HAZARD
BARRIER 1.2BARRIER - 1.1
THREAT - 1
BARRIER 2.2BARRIER - 2.1
THREAT - 2
BARRIER 3.2BARRIER - 3.1
THREAT - 3
BARRIER
ESCALATION
BARRIER - A.1 BARRIER A.2
CONSEQUENCE - A
BARRIER - B.1 BARRIER B.2
CONSEQUENCE - B
BARRIER
ESCALATION
© 2016 ERM
The business of sustainability
For each barrier on a bowtie …
Using bowties …
13
Does it actually exist?
Is it in good
order?Is it
appropriate for the hazard
Is there evidence of a maintenance
program?
Is the responsible
person competent?
© 2016 ERM
The business of sustainability © 2016 ERM
Typical application
14
Techniques typically applied to:■ Large organisations with many sites having similar hazards■ Single sites with a range of hazards■ Sites which are at an early stage of process safety maturity
May have generic bowties for large organisations■ Generic bowties must be made local – what’s different here?
May need to develop bowties where none exist■ Hazard Identification■ Develop bowties for a couple of hazards
Developing bowties in a workshop is the first part of the audit !■ Gaps or deficiencies often become apparent without even looking at the
site.
The business of sustainability © 2016 ERM
Typical application
15
HAZID and bowtie workshop■ Provides insight to audit team to
identify areas to investigate further
■ Takes site team on a journey of discovery, rather than just presenting findings
■ Bowtie is useful for site to use in training and for raising process safety awareness
Audit process split between■ Process safety safeguards
■ equipment and tasks■ Management systems
■ eg MoC, PTW
The business of sustainability © 2016 ERM
Audit output
16
Findings around:■ Control strategy
■ Have you got the right controls?
■ Overall control effectiveness■ Do the controls actually work?■ Do people know what they have to do to make
controls effectiveness?
■ Management systems■ Do these support the effectiveness of controls?
Greater understanding of process safety hazards and the measures necessary to manage them effectively
The business of sustainability © 2016 ERM
Typical Site Audit – 4-5 days
2.5 days
2 days
The business of sustainability © 2016 ERM
Advantages of method
18
Focussed:On those systems,
tasks and equipment of direct importance to managing process
Flexible:To allow the auditor to
follow areas of particular concern at
each site
Educative:Allows sites to understand why findings are important and the
potential outcomes of weaknesses
The business of sustainability © 2016 ERM
Application of method
19
ERM engaged in major programme with manufacturing organisation■ Sites on all continents
■ Variety of hazards
■ Differing levels of maturity
Successful program delivering■ Understanding of process safety
issues across portfolio
■ Increased process safety awareness across sites
The business of sustainability © 2016 ERM
Available guidance on bowties
20
The business of sustainability © 2016 ERM
Questions