Process Safety

Management Standards
Comparison
OSHA / CCPS / Energy Institute PSM
Elements
CCPS RBPS PSM
 CCPS RBPS PSM
• 1st pillar - commit to process safety
–Management commitment, based on strong leadership and solid
commitment
–A workforce that is convinced that the organization fully supports
safety as a core value will tend to do the right things, in the right
ways, at the right times, even when no one is looking
–This behavior should be embedded in the company culture
• 2nd pillar - understand hazards and risk
• – Process safety risks can only be managed if hazards are known,
• risks are understood and if barriers are identified and defined
 CCPS RBPS PSM
• 3rd pillar - manage risk • 4th pillar - learn from
experience
–Focuses on three issues:
– Focuses on three issues:
• Operating and maintaining
• Organizations must be ready to
processes that pose the risk
turn their mistakes – and those
• Managing changes to those of others – into opportunities to
processes to ensure that the risk improve process safety efforts
remains tolerable
• Correct deficiencies exposed by
• Preparing for, responding to and internal incidents and near
managing incidents that do occur misses
• Apply lessons learned from
other
organizations.
 Hardware
Barrier
Concept
“IOGP 544”
Hardware Barrier
Hierarchy of
shutdown -
example
SIL Levels According IEC 61508 / IEC 61511
PHA (PH&RA) Methods
• Qualitative (Q)
– Determined as low,
• medium or high.
• Semi-Quantitative (SQ)
– Determined within ranges.
• Quantitative (QRA)
– Fully calculated based on data (objective).
 Qualitative Semi-Quantitative Quantitative
For less complex and low risk For less complex installation For complex and high risk
installation with clear and smaller workforces installation (offshore, refinery) ,
standards and benchmarks for regulatory requirement (safety
design and risk reduction case), design (ISD, layout,
fire/blast wall), SIL verification
straightforward, requires less requires more detailed data for
data, easily lead mng. to take
modeling
action
Experience/ judgment based accepted based numerical Full quantification using known
estimation of frequency and values where frequency and data, equations PFD to get
severity (words or numerical) severity are quantified realistic/meaningful numerical
with no quantitative meaning , within ranges. estimation
eg. Low, medium, high
If not adequate use SQ. If not adequate use QRA. it is more objective than Q
e.g. HAZOP e.g. Adding SIS interlock to e.g. to establish probability of
avoid H-C carry over to flare failure of safety critical
elements
Process hazard analysis (PHA)
 PHA techniques
Qualitative Quantitative (QRA, FERA by 3d) model)
• HAZID * Flare radiation and vent dispersion analysis
• HAZOP * FTA (SIL Verification)
• what-if/checklist * ETA (probability analysis)
• checklist analysis * Modelling (consequence analysis)
• what-if analysis
• FMEA

Semi-Quantitative
# FMECA
# LOPA (SIL assessment)
 PHA timing

change is easy

change is
difficult
ALARP
(as low as is
reasonably
practicable)
Cannot reduce all risk to zero.

Introduce controls to reduce risk to lowest level achievable

without incurring disproportionate costs:

‒ some flexibility in how to achieve;

‒ balance risk vs cost/time/effort.

 Catastrophic Bankruptcy
Cost – Benefit

E
EXPENDITUR
R I S
K ALARP REGION Analysis

EFFORT Probability
1 2 3 4 5
A

Consequence
HIGH
B
C MEDIUM

D
E LOW
 UK ALARP
FATALITY RISK CRITERIA
Hazard identification (HAZID)
• Multidisciplinary team
approach.
• Brainstormingprocess.
• May involve a walkthrough.
• Identifies hazards to feed the
risk assessment process.
• Top-down study
• Structured by keywords
 HAZID
Aim:
– Identify hazards and their associated Methodology:
risk.
– Input to hazards and risk register
– Applies checklists or guidewords (e.g.
Application: ref. ISO 17776)
–Used early in an engineering project
phase (appraisal, concept selection, and – Requires brainstorming workshop(s)
perhaps FEED)
– Can also be applied for analyzing – Risk matrices used
hazardous operations and activities – Bowtie analysis can be used as
– Applied to determine hazards at a high analysis and recording tool
level, i.e. not detailed as in a HAZOP review
HAZID
22
 HAZOP
• Multidisciplinary team approach.
• Bottom-up study (cause driven)
• Breaks process into nodes .
• parameters :
− pressure, flow, temperature, etc.
• guidewords :
− Low, high, more, less, no, reverse.
• Deviations “Combine guidewords with parameters‘’:
− more flow, less flow, no flow, etc.
• Identify potential causes and controls.
 2. Cause & Effect
Documentations to be reviewed prior HAZOP:

P&ID# NOTES
N O T E S : -

EFFECTS
S y m b o l s : -

V#1
X = S e q u e n t i al ac t i o n

PTION
T = T i m e d e l a y e d ac t i o n
S / W = S o f t w ar e
N o t e s : -
1) T: T h e t i m e t a k e n t o ac t i v at e t h e E S D l i m i t s w i t c h
2 ) S t at u s c o l u m n is t h e t h e s t at u s o f t h e d e v i c e w h e n t h e c au s e is ac t i v at e d

E S D V # 1 E m e r g e n c y S . D P / B ( L o c a l )

E S D V # 2 E m e r g e n c y S . D P / B ( L o c a l )
E S D V , s # 1 & # 2 E m e r g e n c y S h u t d o w n P / B
( c o n t r o l r o o m )

F W K O D ( O i l ) L T H

F W K O D ( O i l ) L T L

F W K O D ( O i l ) L T L L

F W K O D L S L ( O I L )

F W K O D L S L L ( O

F W K O D L

F W

SIL Selection & Verification - Petrosafe

Oct. 2018 - Eng. Mohamed Mesbah
 HAZOP METHODOLOGY
Deviation Cause Consequence Safeguards Risk ranking Action/
Recomme
ndations
P S R

e.g. Potential Consequences Any existing Based on Actions/

Flow/No cause of the of the cause and devices that Judgment of recommenda
deviation the deviation prevent the Hazop team tions to
itself cause or Probability & remove the
make its Severity of cause or
consequeces consequences mitigate the
less painful provide risk conse-
rating quences
 HAZOP Guidewords (IEC 61882)
PARAMETER GUIDEWORD EXAMPLES OF POTENTIAL CAUSES
Flow No/Less Closed block valve, XXV or control valve fails closed, blocked filters, blocked outlets
from vessels, HP/LP interfaces, equipment failure (sparing), hydrate/wax blockages, ice (low points
and dead legs) diverted flow, turndown.
More Control valve fails open, blowby, HP/LP interfaces, added flow.
Reverse/ Misdirected Compressors or pumps stop, suction design pressure, HP/LP interfaces, low
upstream pressure, high downstream pressure.
Pressure High Fire, blocked in volume (piping/solar radiation, heaters/heating medium), high P
across XXV’s, high P across control valves.
Low Blowdown, low pressure trips (start-up overrides), de-pressuring/re-pressuring
before/after maintenance.
Temperature High Compressor discharge, blocked pump discharge, blocked in volume (piping/solar
radiation, heaters/heating medium), high flaring rates (including radiation effects),
steam.
Low High P across control valves, blowdown temperatures, low climatic
temperatures/freezing.
Level High Blocked liquid outlet (gas and liquid relief).
Low Low points, blocked bridles, draining.
26
 HAZOP Guidewords (IEC 61882) - Continued
PARAMETER GUIDEWORD EXAMPLES OF POTENTIAL CAUSES
Composition Change Water, CO2, H2S, sand
Corrosion More Under insulation, low points, acid gases, water
Erosion More Flowlines, velocities, high P across control valves, sand
Deposition More Wax, hydrates, ice, scale, asphaltines.
Services Failure Air, hydraulics, electrical power, control valves, XXV’s, motors.
Start-up and Problems and High P across XXV’s, low temperatures across control valves, gas source
Shutdown Requirements availability,
ESD, trips.
Maintenance and Problems and High operating pressures, double block and bleed valves, single block valves,
Inspection Requirements leak
testing, de-pressuring, draining, purging, man-entry/spading, location of check
valves, location of purge points, re-pressuring.
Environmental Leaking valves, power consumption.
Other Any other issues or concerns. 27
HAZOP WORKSHOP
 Event Tree Analysis (ETA)
Can be fully quantified:
Useful for MAH assessment
• Top down approach, Start with the initiating or top event
(disaster).
• Determine the probability of a “safe” outcome.
Used to evaluate the effectiveness of mitigation measures that will
operate after the event
Failure Mode
Effect
Analysis
(FMEA)
 FMEA vs FMECA
▪ A FMEA becomes a FMECA (Failure Modes and Effects and
Criticality Analysis) when a Criticality Ranking (risk ranking)
is included for each failure mode and effect.
Quantitative risk assessment
• A quantitative risk assessment (QRA) is • QRA is a powerful tool when
used to determine the frequency,
consequence and total risk connected to
reviewing design/engineering
the various hazards associated with the alternatives, e.g.
operation of a facility – Location of plant / installation
• fully quantitative, which allows
assessment against specific risk criteria – Lay-out of installation
• Mainly concernedwith fatalities – Use of firewalls / blast walls
• Objectives: – Different emergency isolation
– Sometimes QRA is a regulatory philosophy
requirement. E.g. often QRA is an implicit
requirement as part of a safety case
development

Prepared by: Ali Ahmed Elkhallal

Quantitative risk assessment

3
3
When to conduct which study – good
practice

3
4
 Safe operating envelope (SOE)
• Procedures depends on SOE/limits
• Defines boundaries of a controlled reaction.
• The conditions which keep the process under
control.
• Deviate this ‘envelope’ is unsafe PRV vs PSV
• Typical parameters used to define boundary: 3
5
‒ pressure;
‒ temperature;
‒ flow rate.
SOE

3
6
 Key terms
Leading indicators Lagging indicators

Proactive measurements of Reactive measures that look at

conditions that monitor process failures, such as the number of
safety (a few critical risk control injuries, near misses and spills
systems ) before something goes which are reported, or excursions
wrong and to see if things are where plant is operated outside of
operating as intended. the intended operational envelope.

PSI (KPI, KLI): Checks to determine how well the site is managing PS.
 Leading and lagging PSI

Measure barrier defects (holes), Maintain barrier strength

events and consequences of ie. Activities to maintain
incident risk control systems
 Leading and lagging PSI
Leading indicators Lagging indicators
– Proactive (predictive) – Measures of failure.
measures of conditions. – Can not prevent the
– Identify problems before incident
harm occurs.
– Can prevent the incident

A combination of leading and lagging indicators is often the

best way to provide a complete picture of process safety
effectiveness
 Example lagging metrics (OSHA)
• Injury and/or incident reports related to process safety:
– Recordable injuries and first-aid incidents due to loss of primary
• containment
– Number of incidents vs. number of incidents with formal reports
– Status of incident investigations
• Loss of primary containment:
– Number of incidents 4
0

– Severity of incident
– Whether there was primary or secondary containment
– Cause and location of the incident
 Example leading metrics (OSHA) (1)
• Management of change • Process hazard analysis
(MOC): (PHA):
– Overdue MOCs – PHA actions open
– Approved MOCs – PHAs overdue
– Open MOCs – PHAs completed
– MOCs performed per period (e.g. – Scheduled vs. completed PHAs
each month) – Status of PHA/incident
• Preventative maintenance recommendations
(PM): – Status of scheduled PHA revalidations
– Completion rates
– Open items
– Overdue safety critical PMs
– Number of inspections
 Example leading metrics (OSHA) (2)
• Mechanical Integrity (MI): • Safety action item.
– Number of inspections scheduled E.g. follow-up on PHA, incident
(relief valve, piping, pressure vessel, investigation, MOC, or compliance
storage tank) audit recommendations. It may also
– Status of variance requests include planned inspections, tests,
maintenance activities, training, or
– Routine inspections other safety-related activities
– Number of overdue work orders – Past action items
• Training: – Initiated vs. completed items
– Safety/refresher training completed – Open action items
– Training planned vs. completed
– Training exceptions
– Contractor training.
Four tier approach –
(based on API RP 754)

• Tiers 1 and 2 are more lagging and

cover asset integrity (LOPC) major
and less severe incidents – referred
to as Process Safety Event (PSE)
• Tiers 3 and 4 mostly provide leading
measures. The indicators are
intended to be much more specific
to a company’s own management
system and often will be specific to a
particular activity or to an individual
asset, facility or plant
 • A Tier 1 PSE is a loss of primary containment (LOPC) with the
greatest
• consequence
• A Tier 1 PSE is an unplanned or uncontrolled release of any
material, including non- toxic and non-flammable materials

9. Tier 1 (e.g. steam, hot condensate, nitrogen, compressed CO2 or

compressed air), from a process that results in one or more of
the consequences listed below:
• An employee, contractor or subcontractor ‘days away from work’

– (based injury and/or fatality

• A hospital admission and/or fatality of a third-party
• An officially declared community evacuation or community

on API shelter-in-place
• A fire or explosion resulting in greater than or equal to $100,000
of direct cost to the
• Company
RP 754) • A pressure relief device (PRD) discharge to atmosphere whether
directly or via a downstream destructive device that results in (1)
liquid carryover, (2) discharge to a potentially unsafe location, (3) an
onsite shelter-in-place, or (4) public protective measures– A release
of material greater than the threshold quantities described in API PR
754 in any one-hour period
 • A Tier 2 Process Safety Event (PSE) is an LOPC with lesser
consequence
• A Tier 2 PSE is an unplanned or uncontrolled release of any
material, including non-toxic and non-flammable materials (e.g.
steam, hot condensate, nitrogen, compressed CO2 or compressed
air), from a process that results in one or more of the consequences
10. Tier 2 – listed below and is not reported in Tier 1:
• An employee, contractor or subcontractor recordable injury
(based on • A fire or explosion resulting in greater than or equal to
$2,500 of direct cost to the Company
API RP 754) • A pressure relief device (PRD) discharge to atmosphere whether
directly or via a downstream destructive device that results in (1) liquid
carryover, (2) discharge to a potentially unsafe location, (3) an onsite
shelter-in-place, or (4) public protective measures (e.g., road closure)
and a PRD discharge quantity greater than the threshold quantities in
• A release of material greater than the threshold quantities described
in API PR 754 in any one-hour period

45
 • Types of KPIs implemented
at Tier 3 could include
• A Tier 3 indicator records numerical data or other
11. Tier an operational situation, parameters related to:
• Demands on safety systems,
typically considered a
3– near miss.
e.g.
• pressurerelief devices
(based • Consequences that do not
• Safe operating limit excursions
• Primary containment
meet the criteria for a
on API reportable Tier 1 or Tier 2
inspection or testing results
outside acceptable limits
event • LOPC below Tier 2 thresholds
RP 754) • No actual consequences, but • Near misses with potential
the recognition that, in other for LOPC
circumstances, further barriers • Asset integrity/process
could have been breached and safety audit findings
indicating barrier
a Tier 1 or Tier 2 event could
weaknesses
have happened • Non-compliances with asset
integrity or
• process safety standards or
legislation
 12. Tier 4 –(based on API RP 754)
• Measures can be focused on barriers
such as:
– Engineering and inherently safe design
– Equipment maintenance, inspection and testing
A Tier 4 KPI – Process hazard and major incident risk
These KPIs are assessments
represents
typically more
leading and pro-
performance of – Quality of, and adherence to, operating
the individual risk procedures
active because control barriers,
they reflect
or its – Facility management of change
activities of the
company directly
components, – Contractor capability and management
within a facility’s – Audit improvement actions
associated with
management
maintaining and – Asset integrity
system, and
improving its risk
control barriers
operating – Workforceand management training and
discipline development
– Technical competence assessment and assurance