Documente Academic
Documente Profesional
Documente Cultură
0
Effective: Mar-11
Document ID
SP-2062
Document Type
Specification
Security
Unrestricted
Discipline
Owner
Issue Date
Version
31 March 2011
1.0
Keywords: This document is the property of Petroleum Development Oman, LLC. Neither the whole nor
any part of this document may be disclosed to others or reproduced, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, reprographic recording or otherwise)
without prior written consent of the owner.
Page 1
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 2
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Document Authorisation
Page 3
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
ii Revision History
The following is a brief summary of the 4 most recent revisions to this document. Details of all
revisions prior to these are held on file by the issuing department.
Version
No.
Draft
Date
Author
Scope / Remarks
22/02/2011
Karen McConnachie
New document
Page 4
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
TABLE OF CONTENTS
i
ii
iii
iv
Introduction ............................................................................................................................ 8
1.1
Purpose ............................................................................................................................ 8
1.2
1.3
1.4
3.1.1
3.1.2
Select ............................................................................................................ 12
3.1.3
Define ........................................................................................................... 12
3.1.4
Execute ......................................................................................................... 12
3.1.5
Operate ......................................................................................................... 13
3.2
3.2.1
3.3
3.4
3.5
Deliverables .................................................................................................................... 16
3.6
3.6.1
3.6.2
4.2 Centre for Chemical Process Safety Guidelines for Risk Based Process Safety (CCPS
RBPS) ...................................................................................................................................... 18
4.3
4.4
HEMP ................................................................................................................................... 20
5.1
BOW-TIES ........................................................................................................................... 22
7.2
7.3
Page 5
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
9.2
10
10.1
10.2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.3
11
11.1
11.2
Remedial Actions.......................................................................................... 36
11.2.1
11.2.2
12
13
14
14.1
15
15.1
15.2
Format .......................................................................................................... 45
15.2.1
Contents ....................................................................................................... 45
15.2.2
15.2.3
15.2.4
15.2.5
15.2.6
15.3
16
16.1
16.2
Format .......................................................................................................... 49
16.2.1
Contents ....................................................................................................... 49
16.2.2
16.2.3
Page 6
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
16.2.4
16.2.5
16.2.6
16.3
Appendix 1
Appendix 2
Appendix 3
Appendix 4
Appendix 5
Appendix 6
Appendix 7
Appendix 8
Appendix 9
Appendix 10
MOPO ........................................................................................................... 72
Appendix 11
Appendix 12
Page 7
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
1 Introduction
An HSE Case provides a documented demonstration that risk reduction philosophies and
measures have been developed and implemented at each phase of the Opportunity
Realisation Process (ORP) to ensure that the risks are tolerable and as low as reasonably
practicable (ALARP) through the systematic application of the Hazards and Effects
Management Process (HEMP) as set out in the PDO HSE Management System (HSEMS).
This document should be read in conjunction with the guideline Applying Process Safety in
Projects GU-648 [4].
1.1
Purpose
This purpose of this specification is to establish minimum requirements for the content of
HSE Cases and it shall be used for the development of HSE Input to Concept Select
Reports, Design HSE Cases and Operations HSE Cases.
This specification SHALL [PS] be used for demonstration of the following requirements of
the Process Safety Manual in the Shell HSSE & SP Control Framework [Ref. 7]:
Identify and document Hazards with RAM red and yellow 5A and 5B Process
Safety Risks for existing and new Assets (Requirement 1).
Review the Process Safety Risks to the Asset at least annually, in line with 8
Management Review (of the HSSE & SP Management System) (Requirement
20).
This specification contains information on the contents of each type of HSE Case and
gives guidance and examples of information to be contained in specific sections.
Page 8
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Slight injury
or health
effect
Slight
damage
Minor injury
or health
effect
Minor
damage
Major injury
or health
effect
Moderate
damage
PTD or up to
3 fatalities
Major
damage
More than 3
fatalities
massive
damage
Reputation
No injury or
Environment
Asset
People
Severity
No
effect
No
impact
Slight
effect
Slight
impact
Increasing likelihood
B
C
D
Never
Heard of in
Has
Has
Has
heard of in the Industry happened happened happened
the Industry
in PDO or
at the
more than
more than Asset or 1>yr at the
1>yr in the more than
Asset
Industry
1>yr in
PDO
Moderate
effect
Moderate
impact
massive
effect
Massive
impact
Page 9
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 10
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
3.1.2
Select
This stage must select the best concept solution for delivering value from the
opportunity and make it clear why one choice was the preferred option.
HSE input into the select phase has potentially the greatest impact. The option
selected to take forward into the define phase must be ALARP. An ALARP
demonstration must be provided in the CSR (see section 14).
3.1.3
Define
The selected concept must be defined technically (scope, cost, schedule) or
commercially (JVA, JOA, country entry) for final investment decision (FID). Note that
the timing of a technical FID may not coincide with a commercial FID.
HSE activities and deliverable at the define stage include a Design HSE Case and
other HEMP Studies.
3.1.4
Execute
The project is to be delivered as a facility consistent with the forecast scope, cost,
schedule and proven performance and has to be accepted by the Owner of
operations (usually the Relevant Director) for use.
Page 12
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
During the execute phase the Design HSE Case is refined. The Operations HSE
Case is developed prior to handover to operations. Further HEMP studies are
carried out to support the ALARP Demonstration.
3.1.5
Operate
The project is operating as per expected and is maximising returns to Shareholders
and protecting the License to Operate. The Owner of operations (usually the
relevant Director) has accepted responsibility for continued safe operations.
The Operations HSE Case will contain the ALARP demonstrations for the Operate
phase. This is built and maintained throughout the operate phase, (see section 16).
The Concept Select Report Case shall be signed off prior to VAR3.
The Design HSE Case shall be signed off prior to VAR4.
The Design HSE Case during detailed design phase shall be signed off when
completed and prior to the PSUA.
The Operations HSE Case shall be signed off prior to start up.
HSE
Case
Owner
Page 13
Project Manager
Project Manager
Asset Director
Identifies
the
requirement for a HSE
Section in the CSR in
accordance with this
specification
Appoints HSE resource
Identifies
the
requirement for an HSE
Case in accordance with
this specification
Appoints HSE Case
Custodian and assigns
responsibilities
Identifies
the
requirement for an HSE
Case in accordance with
this specification
Initiates
Operations
Case
and
assigns
responsibilities
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
HSE
Case
Custodi
an
Page 14
Revision: 1.0
Effective: Mar-11
Approves outcome of
ALARP multi-disciplinary
reviews
Develops a Statement of
Fitness for the Asset
Approves the Design
HSE Case
Develops a Statement of
Fitness for the Asset
Approves outcome of
HEMP studies
Approves the Operations
HSE CaseAssigns HSE
Critical
Element
ownership
to
the
appropriate
Technical
Authority/HSE Adviser;
Ensures
ongoing
compliance with this
specification
Conducts
periodic
Operations HSE Case
reviews
Ensures
facility
is
operated according to
the Operations HSE
Case
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
HSE
Case
Adminis
trator
Page 15
N/A
N/A
Revision: 1.0
Effective: Mar-11
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
have knowledge of the Major Accident Hazards that have been identified for the
facility where they work
are aware of the controls and barriers in place to manage these MAHs (SCEs,
performance Standards, HSE Critical Tasks, MOPOs)
have knowledge of how these controls are managed (MIE, FSR, assurance
reviews)
For Design HSE Cases, workforce involvement can be demonstrated by ensuring that
relevant staff representatives have been involved in the design. This may be done by
ensuring they participate directly in the design activities (HAZIDs, HAZOPs, HEMP
studies) and by participating in project assurance reviews such as Design Reviews, peer
reviews and project Audits.
Operations HSE Cases shall be communicated to the operations and maintenance teams
on site. The focus shall be on what the case means to them and what impact is it likely to
have.
In addition, representatives from current operational, engineering, and
maintenance teams and workforce representatives (where applicable) shall be included in
the regular reviews as described in Section 13. This engagement may be demonstrated
by ensuring that the HSE case is reviewed regularly by operations and maintenance staff,
which can be achieved through
staff onboarding
For both types of HSE Cases, the details of how workforce involvement has been
achieved shall be described in the HSE Case or in the documentation of the periodic
review of the HSE Case.
3.5 Deliverables
Design and Operations HSE Cases are classified as Essential Records according to CP102 Documents & Records Management and shall be maintained on Livelink by the
HSE Case Administrator.
Design and Operations HSE Cases are mandatory deliverables for new projects and
existing assets, as described by the Discipline Control and Assurance Framework
(DCAF) section in SP-2061 Technical Authority System [Ref. 7].
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
3.6.1
o
o
o
o
Page 17
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
4.1
A full description of each element can be obtained in The HSSE & SP Control Framework
[Ref. 6]
Compliance to the detailed requirements of the Process Safety Manual is demonstrated
by signing a Statement of Fitness (SoF). The Statement of Fitness is shown in section 12
and testifies that the hazards have been appropriately managed in accordance with
HEMP and that a suitable and robust ALARP demonstration has been made.
The Statement of Fitness is a requirement of the AI-PSM Application Manual and a
signed SoF shall be included in Design and in Operations HSE Cases, respectively.
For operational assets the SoF shall be signed by Asset Directors, and for new projects
by the Project Manager before handover to operations.
4.2
The CCPS RBPS AI-PSM process is an assurance process containing 20 elements that
describe minimum expected standards and stipulates the requirements for a range of
process related activities ranging from organisational culture, workforce involvement, risk
management, HEMP and audit through to design.
The assurance process includes routine checking, self-assessments and audits, as well
as independent 3rd party verification that the AI-PSM system and practices are consistent
with industry best practice and are controlling process risk to ALARP.
The assurance process also identifies opportunities for improving the management and
control of process risk and therefore, is a key driver for continuous improvement.
1
Page 18
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
HEMP is an integral element of the AI-PSM process and the HSE Case and provides a
clear link between the two processes. Both the AI-PSM and HSE Case processes aim to
identify, control and reduce risk levels to ALARP.
4.3
Page 19
PFS
PEFS
Cause and Effect matrix
Hazardous area classification
Area Layout
Site plan (sub-field layout)
Key plan and Plot plan
Escape routes
Safety equipment layout
Critical valve list (including locked open and locked closed valves)
Fire and Gas layouts.
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
5 HEMP
The hazards and effects management (HEMP) process identifies and asses HSE hazards,
implements control and recovery measures and maintains a documented demonstration
that major HSE risks have been reduced to a level that is as low as reasonably practicable
(ALARP).
HEMP shall be applied to all activities over which PDO has operational control and shall
cover the entire lifecycle of the asset or operation; from concept through to
decommissioning and disposal. Work undertaken by a Contractor and under the
Contractors own management system shall have a requirement for an equivalent HEMP
approach expressly stated in the contract.
HEMP is fundamental to all analysis and assessment elements of the formal HSE activities,
and is at the heart of the HSE management system used in PDO. The HEMP process
comprises four basic steps:
Assessment of the risks against screening criteria, taking into account the
likelihood of unwanted events and the potential severity of the consequences in
terms of effects to people, assets, the environment and reputation of PDO
The main objective of HEMP activities is to demonstrate that hazards (and associated risks)
have been identified and where the hazard cannot be eliminated the risks are controlled to a
level that is tolerable and as low as reasonably practicable (ALARP). The HEMP model is
characterised by Figure 5-1.
Identify
Assess
Control
Recover
DOCUMENT
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 21
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
6 BOW-TIES
The Hazards and Effects Register documents that all hazards associated with the facility
and that control and mitigation measures have been identified. Hazards that have been
assessed as being a severity 5 or high risk on the risk assessment matrix (Figure 2-1) are
then modelled further using bow-tie methodology.
The Bow-Tie is a model that represents how a Hazard can be released, escalate, and how it
is controlled. It contains the elements required to effectively manage the Hazard such that
the risks are tolerable and ALARP. Bow-Ties can also be used to support risk management
of non-HSE processes.
For each severity 5 or high level hazard, the bow-tie methodology allows for:
1. Identification of the hazard release, escalation and consequence scenarios
2. Identification of controls, e.g. barriers and escalation factor controls required to
manage the hazards
3. Categorisation of controls into Inherent Safety, Safety Critical Element (hardware)
or Critical activity (procedures, processes, operator action)
4. A clear visual representation to enable the ALARP review to be undertaken
5. An aid in the incident review process if occurrence of such a major incident has
occurred.
The bow-tie is a model that represents how a hazard can be released, escalate and how it
is controlled. Bow-Tie XP is the PDO preferred software tool
Page 22
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Barrier
Consequence
Escalation
Factor
Escalation
Factor Control
Hazard
HSE
Task
Critical
HSE
Critical
Position
HSE Critical Positions are those that execute HSE Critical Tasks
Major Accident
Hazards (MAH)
Recovery
Measure
Risk
Threat
Threat Control
Tolerable Risk
Top Event
The role of a barrier on the bow-tie diagrams is to prevent (Left hand side of BT) or limit
(Right hand side of BT) the consequence of a major incident. Barriers may be:
Page 23
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hardware Barriers for Severity 5 or High Risk Hazards (HSE) shall be classified as HSE
Critical Elements. Selection of these Barriers shall be in accordance with EP2009-9009
SCE Management Manual [Ref. 10]and is further described in Section 7.
Common barriers or escalation factor controls that appear frequently, e.g. such as those to
do with Operator/Human Error, should be modelled using a separate bow-tie to manage the
single Threat of Operator/Human Error.
See Section 10 ALARP demonstration for further information.
Page 24
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The SCE management manual [Ref. 10] describes the activities and processes for
managing the critical hardware barriers (SCEs) that appear in the MAH bow-ties.
Structural Integrity
Process Containment
Ignition Control
Detection Systems
Protection Systems
Shutdown Systems
Emergency Response
Each SCE belongs to one hazard management barrier. Generally, the Structural Integrity,
Process Containment and Ignition Control SCEs together with some aspects of the
PSD/ESD system, reside on the left hand-side of the bow-tie top event. Failure of any of
these barriers could cause or significantly contribute to a MAH. The remaining SCEs
normally reside on the left hand-side of the bow-tie top event. These SCEs are provided
to control or mitigate the effects of a MAH after it has occurred.
Page 25
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The hardware barriers in Figure 7-1 are depicted with a number of small holes that
represent an integrity failure either in design or operating performance. On their own,
these failures may not be significant but, if the holes line up, there may be no effective
barriers in place between safe operations and escalating consequences, leading to a
major incident.
For example, a loss of containment in a sweet gas facility would not normally be
expected to cause fatalities unless it is ignited. An integrity failure in the process
containment system combined with a failure in the ignition control system could cause an
ignited event, i.e. a fire or explosion. If there are no personnel in the area then this in
itself would not cause fatalities. However, if there are integrity failures in the fire and gas
detection system then the event may not be detected and the process system not
isolated and the event may have the potential to escalate to adjacent inventories. This
would also be the case if an ESD Valve or Blowdown Valve failed to operate on demand.
Finally, if adequate assembly points and EER systems such as emergency telecoms are
not provided or are not suitable, then personnel may not be evacuated quickly enough
and the process release would have the potential to cause fatalities. The example shows
that a number or what on their own would sometimes be considered as minor failures
have combined to produce a Major Accident causing fatalities.
Page 26
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Figure 7-1 shows the importance of maintaining and monitoring and ensuring the
integrity status of all hardware barriers, so that what might be considered to be relatively
small faults in individual barriers do not combine together in an unforeseen manner that
compromises the ability if the barriers to prevent or control a major incident.
Note that it is not necessary for all barriers to fail to lead to a major incident. For
example, failure of a single barrier such as process containment on a high sour facility
may lead directly to major incident.
Each SCE is attached to a relevant discipline who are designated as the owner of the
associated Performance Standard.
Generic List
of SCEs
EP9009-2009
Could failure of
this element
cause a MAH?
No
Ye
s
This item is a
Safety Critical
Element.
No
Could failure of
this element
contribute
substantially to a
MAH?
No
No
This item is
not a Safety
Critical
Element.
Ye
s
No
Ye
s
Is the purpose
of this element
to prevent a
MAH?
No
Is the purpose
of this element
to limit the
effects a
MAH?
No
No
Ye
s
No
No
No
Page 27
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 28
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Standards are formatted to comply with the requirements of SAP-PM and SAP-QM in
terms of minimum assurance tasks, assurance measures, assurance value and units
of measure for the correct allocation to the appropriate level in the asset hierarchy.
Examples of the two types of Performance Standard are provided in Appendix 7 and
Appendix 8, respectively.
7.3.1 Performance Standard Approval
Each performance standard is allocated an owner. The owner is responsible for
ensuring that the content of the performance standard is appropriate and achievable. The
performance standard owner is normally the CFDH for the items covered by the SCE.
However, the CFDH may delegate the review and approval of their performance
standards to the relevant TA2.
Page 29
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The person (position and reference indicator) responsible for performing each task
The method and criteria to verify that the task is performed as required to maintain
barrier effectiveness.
HSE critical tasks should be developed to the level of the party responsible for ensuring that
tasks are completed on time and to the required standard, e.g. Managers, Supervisors and
Specialists the position responsible for ensuring that the task is done and not the person
who is actually undertaking the work.
Bow-tie XP software enables the HSE critical tasks to be linked to the relevant barriers.
Inspections and preventative maintenance activities for hardware SCEs are implemented
via the Maintenance Management System, i.e. SAP. The task information is contained
within the task description in SAP for all SCE barriers and is NOT listed as an HSE critical
task, and is considered part of the hardware barrier itself. This applies to for example
maintenance and calibration of a gas detector.
Implementation tables shall be developed for each HSE Critical Position.
The
implementation tables describe each HSE Critical Task, its supporting business controls
and the business records required to verify that the task is being adequately executed. The
implementation tables also provide a link to relevant barriers (HSE Critical Activities) and
hazards on the Bow-Tie diagrams.
See Appendix 9 for an example extract from an Implementation table. Communication of
HSE Critical tasks to affected people in affected position is the responsibility of the HSE
Case Custodian.
Page 30
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The MOPO is a set of matrices that maps operational activities against foreseeable
situations that if or when they arise could compromise safe operating limits these
situations are identified from:
The Threats and Escalation Factors identified as part of the Bow-tie assessments
for severity 5 and high risk hazards.
An assessment of other operations and activities that could contribute to the
escalation of an incident, e.g. continuing with hot work when fire pumps (a safety
critical element (SCE)) are unavailable.
Circumstances that could compromise safe operations are grouped into three categories:
The MOPOs shall identify and differentiate between stop (red) conditions, i.e. operation
NOT permitted and what are proceed with caution (amber) conditions, i.e. continue
following appropriate risk assessment and provide additional controls where necessary. All
other activities in the MOPO that do not require further assessment or controls are denoted
safe to proceed (green).
For developing a new MOPO or reviewing and updating an existing MOPO, refer to
Appendix 10.
Page 31
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
10 ALARP demonstration
10.1 ALARP Definition
ALARP (As Low As Reasonably Practicable) allows a proportional level of effort to be put
into risk reduction once the initial level of risk has been assessed for a particular
operation or process. The ALARP principle is used to determine whether risks are
broadly acceptable, tolerable or intolerable via comparison against company risk criteria.
The use of the ALARP principle requires judgement to determine whether or not risk
levels are as low as reasonably practicable. ALARP can be demonstrated when the
sacrifice (cost, time, effort) required to reduce the risk any further, would be
disproportionate to the risk reduction potentially achieved (the benefit). The term
sacrifice relates to the time, effort and/or cost of the complete implementation and future
maintenance and operation of the particular risk reduction measure in question. Benefit
relates to the level of risk reduction offered by a risk reduction measure. Reasonably
practicable is the balance between the sacrifice and benefit of implementing the risk
reduction measure, or suite of measures.
ALARP justification also requires demonstration that all risk reduction measures
assessed as reasonably practicable have been implemented. The use of reasonably
practicable uses a goal setting approach to risk reduction rather than a prescriptive one.
This is a standard approach for all high risk industries including the oil and gas industry.
ALARP demonstration can be based on a comparison of the suite of barriers and control
measures that are in place, versus those expected to be seen in equivalent assets or
industries. This represents good practice and can be identified as standards for
controlling risk that have been judged and recognised as satisfying a particular set of
laws or regulations. In the absence of a developed regulatory system, company
standards, corporate global standards, best engineering practice and engineering
judgement may be used as a basis for comparison.
For ALARP to be demonstrated, all hazards and risks must have been identified as far as
practicable and assessed against the PDO Risk Assessment Matrix (RAM) (Figure 2-1)
and as described in Section 5. This provides a prioritised listing of hazards. As a
minimum, all Major Accident Hazards (High Risk and Severity 5 hazards) shall be
subjected to Bow-Tie analysis as described in Section 6. This is a qualitative approach to
demonstrating ALARP using the engineering, process, Process Safety and HSE
knowledge and experience of the selected workshop group.
In addition to this approach, ALARP demonstration can employ a combination of
qualitative and quantitative techniques dependent on the novelty, complexity and type of
process or project under assessment. The HSE Cases are assessed in line with the
Framework for risk related decision support in PDO as shown in Figure 2-1 and the level
of risk assessment performed proportional to the level of risk associated with the process
or project.
Refer also to GU-648 Guide for Applying Process Safety in Projects [Ref. 4] and CP117 Project Engineering Code of Practice [Ref. 6] for further description of ALARP
requirements.
Page 32
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
MOST
EFFECTIVE
Eliminate
Eliminate
Eliminate sources of f lammable gas release
Eliminate
Substitute
Eliminate
theHouse
hazard
Substitute
Compressor
for open arrangement
Substitute
Substitute
Separation
-
Isolate/Separate
Use processes
or from
methods
with lower
Separate
c ompressors
each other
Separate c ompressors from rest of plant
Separate
gas
cloud
from
ignition
sources
Isolation / Separation
risk impact
Engineered Safeguards
Engineer
Isolate
Engineer
Organisation
Admin
Procedures
LEAST
EFFECTIVE
PPE
PPE
MITIGATION
Gastodetec
tion, shutdown,
blowdown
PREVENTION
Design
prevent
an unwanted
event
Isolation of ignition sources
RECOVERY Design
to mitigate harmful consequences
Forced ventilation
Organisational Controls
Organisational Controls
Training, Competency,
Communication
Operator training f or Compressor upset conditions
Communication for emergency response
ProceduralNot
Controls
-
Operating
procedures,
Work instructions, Permits
assessed
in
Procedural Controls Maintenance
regimes Operating procedures
quantitative
Emergency Response
procedures
Emergency response procedures
terms
The strategy selected for managing a hazard will differ depending on the project
phase, and this principle shall form part of the evaluation when making ALARP
demonstrations.
As the opportunity for influencing the facility design is greatest during early design
phases, the focus shall be on elimination or substitution of the hazards. This
typically applies to Identify& Assess and Select phases of the ORP process.
As the project matures into Define and Execute, there is less opportunity to apply
elimination or substitution and hence the predominant hazard management controls
consist of isolation/separation and engineering solutions that can be put in place.
Once a facility becomes operational, the hazard management will largely focus on
the organizational and procedural controls. PPE is generally regarded as the last
principle of hazard management and therefore also the least effective.
10.2.2
Page 33
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The scope for eliminating hazards and threats and reducing the scale of
consequences is greatest at the beginning of the project and progressively reduces
as the project develops. In part this is because the cost and difficulty of delivering a
given risk reduction solution increases as the project develops.
ALARP
demonstrations must be robust for each of the HSE Cases as per Figure 3-1.
CP-122 Health, Safety and Environment Mgmt System CoP describes application
of the AI-PSM process from CCPS RBPS within PDO to demonstrate compliance to
good engineering practice and to ensure that risk levels are ALARP. This is made
via demonstrating compliance against the 20 Process Elements shown in Appendix
12.
10.2.3
10.2.4
HEMP Studies
HEMP studies undertaken during the select, define, execute and/or operate phases
of the development are used to assess risk levels and identify any further risk
reduction measures.
Applicable HEMP studies for each project phase are defined in DCAF.
10.2.5
ALARP Review
In assessing the risks associated with the Design or Operations HSE Case hazards,
a qualitative review of the Bow-ties shall be undertaken. The review shall be led by
an experienced facilitator and the review team shall be comprised of experienced
staff from the following areas of expertise:
o
o
o
o
o
o
o
Engineering
Process
HSE
Maintenance
Operations
Management
Asset stakeholders.
Each of the threat lines in the bow-ties shall be reviewed in turn and the discussion
should cover such questions such as:
o
o
o
o
o
Page 34
Does industry best practice state what should be done or make any
recommendations?
Can a benchmark exercise be undertaken against other operators and similar
controls implemented?
Where are the gaps/shortfalls and what action needs to be taken to address these
gaps/shortfalls? See Section 11.2.
Is there sufficient quantity and quality of barriers?
Is there anything else that can be done to further reduce the risk?
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Both barrier effectiveness and the number of barriers contribute to the overall
effectiveness of control, although in general, the effectiveness of individual barriers
is more critical.
The number, independence and reliability of the control and recovery measures shall
be commensurate with the risk.
By approaching the bow-tie review in this systematic fashion, the barriers can be
challenged in terms of completeness and adequacy and gaps identified and
addressed so that the review team is satisfied that the risks arereduced to ALARP.
The HSE Case process enables an ALARP argument to be formulated although in
isolation, a complete ALARP argument cannot be made. The claims made against
the numbers, quality, performance and location of the barriers must also be verified.
This verification of the safeguards (both hardware and procedural controls) is
performed via AI-PSM audit and the TR-MIE and TI-HBV processes. These
processes substantiate the claims made within the Bow-Ties and MOPO in terms of
barrier integrity and performance.
2. ASSESS
a. Options Considered
b. Basis for Selection and Uncertainties
c.
The ALARP demonstration for such decisions shall be signed by the person developing
the demonstration as well as relevant discipline Technical Authorities.
Page 35
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 36
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Score
Cost (over
years)
Benefit
Effort
<$50K
$50-$500k
>$500k
High
Medium
Low
Quick fix
Simple Fix
Complex
Solution Matrix
Cost x Effort
Page 37
12
12
18
18
27
Range
1-4
6-9
12 or greater
Proposed Action
Do
Study
Pass
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Item
no.
1
Action
Description
ref.
H-01.005b
H-01.003a
H-01.003d
H-01.005d
H-04.002
H-10.016
Strategy to
Achieve the
Action
Measure /
Indicator
Ensure
compliance of
speed
limits
inside
NRPS.
Speed
limits
within NRPS are
currently
not
complied with.
Develop
and
implement
program
to
reinforce
awareness
of
speed
limits
inside NRPS.
Conduct drive to
further
communicate
hazards
of
speeding within
NRPS.
PDO
consequence
management
procedures for
seeding
Install
speed implemented.
limits signs (if not
present).
Speed limits
installed
(if
required).
Implement PDO
consequence
management
procedures
for
speeding.
Developed
and
implement
program
to
reinforce
awareness of
speed limits
inside NRPS.
C B E
2 OSO
OSS
Q109 Closed
12/09/2009
PDO
consequen
ce matrix
implemente
d. Drive for
road safety
(within the
4MW).
Various
campaigns
and
posters
displaying
consequen
ces
for
breaking
road rules
(includes
speeding).
TITLE
SCOPE/COMMENTS
Action No
Bow-Tie Ref
Reference number of the Bow-Tie diagram where the action was raised
Action Description
Description of action
A qualitative assessment of the HSE benefit from implementation, derived using the
Qualitative ALARP matrix (Section 0)
Action Resource
Action Owner
Target Date
Date at which the target will be reached and action completed. Timescales can be
revised at the annual review stage of the action plan. If an action is no longer
applicable and/or the target cannot be met, clear reasoning and steps to resolve
must be given.
Comments/Risks
Page 38
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
12 STATEMENT OF FITNESS
A Statement of Fitness is required by CP-117 [Ref. 6] and CP-122 HSE Management
Manual and shall be included in the HSE Case.
A Statement of Fitness shall be developed for the Assets prior to teh pre start up audit for a
project, before starting or commissioning a new Asset or a modification to an existing Asset.
Table 12-1 contains each element of the Statement of Fitness together with a guide to
minimum requirements for demonstrate compliance with each element. Further guidance is
provided in GU-648.
Table 12-1: Statement of Fitness
REQUIREMENT
DEMONSTRATION
its
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
DEMONSTRATION
Page 40
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
13 MANAGEMENT OF CHANGE
All PDO Operations HSE Cases shall be reviewed on an annual basis (by year end) to
ensure that all the following sections of the HSE Case remain true and valid to operations.
It is the responsibility of the Delivery Team Leader as the HSE Case Custodian to ensure
these updates are completed, with support from the HSE Case administrator.
Bow-tie assessment
o
o
o
o
SCE listing
o
o
o
o
o
Remedial Actions
o
o
Statement of Fitness
o
o
Annual review of the Statement of Fitness to ensure that it is correct and accurately
reflects the status of operations.
The Statement of Fitness shall be signed off by the HSE Case Custodian after each
review.
Other changes that may trigger a revision to the Operations HSE Case are listed below:
o
o
Page 41
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Following a major incident involving the Facility or operation, or from lateral learning
from other major incidents applicable to the Facility or operation
Enhancements in knowledge or technology that change the basic assumptions on
which the risk tolerability and ALARP demonstrations are based
Updated HEMP study findings/results
If there is a change to any of the signatory parties for the HSE Case, i.e. HSE Case
Owner (Director), HSE Case Custodian (Delivery Team Leader) or HSE Case
Administrator (Technical Safety Engineer)
All identified changes to the HSE Case, whether as a result of a periodic review or any of
the other criteria listed above shall be assessed by the HSE Custodian, the Technical
Safety Engineer and the HSE Case administrator (where this is not the TSE). Where
relevant, the change should also be assessed by a discipline Technical Authority.
The roles and responsibilities for changes to the HSE Case and how these changes shall
be recorded are further described in Appendix 11.
Page 42
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
o
o
o
Relevant HEMP studies will depend on the nature, size and complexity of the project.
Large and complex projects will typically require a separate ALARP demonstration report to
meet the above requirements.
Page 43
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
The Concept Select Report shall contain summaries and/or references to all the above
documents.
Page 44
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
o
o
o
15.2 Format
The Design HSE Case shall be based on the following structure:
o
o
o
Contents
Part 1 Introduction
Part 2 Concept Select Report Summary
o
o
o
15.2.1
Contents
This part shall contain:
o
o
o
15.2.2
Part 1 Introduction
Part 1 shall:
Page 45
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
15.2.4
o
o
o
o
o
o
15.2.5
A detailed description of the chosen concept, including site selection, plant layout,
material selection, etc., including a project overview to show boundaries of the
HSE Case
A description of all of the safety critical elements and any other safety systems
provided.
A list of all DEPs, codes, standards and specifications used in the design
A summary description and reference to, the Operations and HSSE Philosophies,
including manning strategies and philosophies
A list of identified HSE risks from the Project Risk Register.
A list of the MAH associated with the facilities
A Variance Register, or reference to it, providing justification why the engineering
standards or specifications for the project deviate from applicable Design
Engineering practices (DEP)
A list of all safety critical elements (SCE) - defined as hardware barriers on the
bow-ties (in accordance with EP2009-9009)
Part 4 Hazards & Effects Management Process
Part 4 shall contain:
o
o
o
Page 46
A Hazard and Effects Register containing details of all severity 5 and high risk
hazards and an assessment of each hazard including the key assumptions
(assessed using the PDO risk assessment matrix in Figure 2-1)
Bow-Tie diagrams for severity 5 and high risk hazards, with barriers categorised as
inherent safety, safety critical element (SCE), procedural control and remedial
action/shortfall
ALARP Demonstration, to state how the qualitative Bow-Tie assessment has been
reviewed to ensure all applicable measures to reduce risk to tolerable and ALARP
have been assessed and implemented
Details of utilised HSE Risk Tolerability, Acceptance Criteria, and ALARP
Framework
Summaries of the philosophies and measures implemented during the Design
phase to reduce residual risks to ALARP
Summary of HEMP studies undertaken since the Concept Select Report, e.g.
Hazard Identification studies (HAZID), Hazard and Operability studies (HAZOP),
Instrumented Protective Function (IPF), plant layout study, Quantified Risk
Assessment (QRA), Health Risk Assessment (HRA) Human Factors Engineering
(HFE), consequence modelling, EER Assessment, etc.
SP-2062 Specification for HSE Cases
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
15.2.6
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Consult DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)
Page 48
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Is required to demonstrate how severity 5 or high level hazards are managed during
operations to ensure that the risk is tolerable and ALARP
Shall describe how the relevant management systems (asset integrity, Maintenance
Integrity Execution, competence and permit to work, etc.) implement the
requirements of the PDO HSE-MS and the AI-PSM systems, including management
of medium hazards
Shall be accepted and signed off by the relevant Director (in the Statement of
Fitness)
16.2 Format
The Operations HSE Case shall be based on the following structure:
o
o
o
o
o
o
16.2.1
Contents
This part shall contain:
o
o
o
Page 49
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Part 1 Introduction
Part 1 shall:
o
o
o
o
16.2.3
o
o
o
16.2.4
o
o
16.2.5
A brief description of the HSE Critical Task and link to the specifications
and procedures, documenting how the HSE Critical Task is implemented
The means by which the HSE Critical Task is assured e.g. PTW forms, FAIR
Reports, etc.
A summary of the HSE Competency assurance system and links for further
information
Page 50
A Hazards and Effects Register containing all hazards identified for the
facility/operations are to be listed and assessed using the PDO risk assessment
matrix (Figure 2-1). The severity 5 and high risk hazards contain references to the
relevant Bow-Tie diagrams
Bow-Tie diagrams for severity 5 and high risk hazards, with barriers categorised as
inherent safety, safety critical element (SCE), procedural control and remedial
action/shortfall
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
ALARP Demonstration, to state how the qualitative Bow-Tie assessment has been
reviewed to ensure all applicable measures to reduce risks to tolerable and ALARP
levels have been assessed and implemented see Section 10.2.5.
Summary of HEMP studies undertaken since the Design HSE Case, e.g. Hazard
Identification studies (HAZID), Hazard and Operability studies (HAZOP),
Instrumented Protective Function (IPF), plant layout study, Quantified Risk
Assessment (QRA), SIMOPS QRA, Human Factors Engineering (HFE),
consequence modelling, etc.
A matrix of permitted operations (MOPO) to define the operating envelope and
safe operating limits for the facility and provide guidance on action required in
event of abnormal situations. Situations mapped shall cover:
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Environmental Permit
Health Hazards Exposure Monitoring Plan
Health Risk Assessment report
Medical facilities Assessment
Job type Health Risk Assessment
Emergency Response Plan
Security Management Plan
Consulted DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)The Operations HSE Case shallcontain summaries and/or references to all
the above documents. The following DCAF documents will be incorporated into the
Operations HSE Case, either within the main body or as an appendix.
o
o
o
o
Page 52
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Appendix 1
Revision: 1.0
Effective: Mar-11
Acronym
Definition
AI-PSM
ALARP
CFDH
CSR
DCAF
DEP
DG
Decision Gate
FEED
FERM
FID
GHG
Greenhouse gas
HAZID
Hazard Identification
HAZOP
HBV
HEMP
HFE
HSE
HSE-MS
HSSE
IADC
IPF
JOA
JVA
KPI
MAH
Major accident hazard - Any situation with the potential for major consequences (harm) to
people, environment, asset and reputation if released (severity 5 or high risk hazard)
MIE
MOPO
ORP
PEFS
PSBR
PSUA
Pre-start up audit
PTW
Permit to Work
QRA
RAM
Recovery measure
Any measure put in place to manage consequences and assist recovery from a top event
Risk
The likelihood of a Top Event combined with the severity of the Consequences (The risk is
from the Hazard to people, environment, asset and reputation).
SCE
SIEP
SMART
Page 53
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Acronym
Definition
SP
Social policy
TA
Technical Authority
Threat
Any action or mechanism that could bring about the unplanned release of a hazard
Threat control
Tolerable risk
Tolerable Risks are those that have been reduced to a level where they comply with the
applicable laws and regulations, standards, strategic objectives and other agreed
Tolerability Criteria.
Top event
The first thing that happens when a hazard is released (also known as first consequence)
TR-HBV
TR-MIE
UKOOA
VAR
Page 54
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Appendix 2
Related Business
References
Control
Documents
and
Decision
Support,
UKOOA,
1999
4. GU-648 - Guide for Applying Process Safety in Projects, Rev 1.0, 15th December 2010
5. International Association of Drilling Contractors (IADC) Drilling Contractors, Health,
Safety and Environment Case Guidelines for Land Drilling Contractors, Issue 1.0.1, 27
July 2009. Click Here for latest version of this document.
6. CP-117 - Project Engineering Code of Practice, Rev 4.0, 11 January 2011
7. SP-2061 - Functional Technical Directorates, Technical Authority System, Revision 2.0,
Jun-10
8. Shell Group HSSE & SP Control Framework, Section 03, Process Safety Manual.
http://sww.manuals.shell.com/HSSE/
9. Guidelines for Risk Based Process Safety. Center for Chemical Process Safety, 9780-470-16569-0, 2007.
http://www.knovel.com/web/portal/browse/display?_EXT_KNOVEL_DISPLAY_bookid=1
794
10. Safety Critical Element Management Manual, Second Edition, EP2009-9009, Feb 2009.
Click Here for all Operational Excellence documentation on Shell Wiki.
Page 55
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Appendix 3
Ref. No
Hazard Name
Possible Source
H-01
Hydrocarbons (Unrefined)
H-01.001
H-01.002
Condensate
H-01.003
Hydrocarbon gas
H-01.004
H-01.005
H-01.006
H-01.007
H-01.008
Coal
Crude (oil)
Hydrocarbons from Shale
Oil Sands
Other Hydrocarbon source
H-02
Hydrocarbons (Refined)
H-02.001
Liquefied Petroleum
(e.g. Propane)
H-02.002
Gasoline's (Napthas)
H-02.003
H-02.004
H-02.005
H-02.006
H-02.007
Aromatic Extracts
H-02.008
H-02.009
Bitumen's
Derivatives
Road construction.
H-02.010
Petroleum Coke
and
Gases
Bitumen
portable
lanterns,
heating
Furnaces, boilers
H-03
Explosives
H-03.001
Detonators
H-03.002
Seismic operations,
displays.
H-03.003
Shaped Charges
H-03.004
Military Ordnance
H-04
blasting,
construction,
firework
Pressure
H-04.001
H-04.002
H-04.003
Vacuum
Tanks, accumulators.
H-04.004
Hyperbaric Operations
Diving operations.
H-04.005
Hypobaric Operations
H-05
Differences in Height
Page 56
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
Possible Source
H-05.001
H-05.002
Slippery/uneven surfaces,
obstructions, loose grating.
H-05.003
Objects Overhead
H-05.004
H-06
climbing/descending
stairs,
H-06.001
Guy and support cables, anchor chains, tow & barge tie-off
ropes, slings.
H-06.002
H-07
Dynamic Situations
Land Transport (Driving)
H-07.002
H-07.003
H-07.004
Equipment with
Rotating Parts
H-07.005
H-07.001
H-08
Moving
or
Natural Environment
H-08.001
Weather Conditions
H-08.002
H-08.003
H-08.004
Fire
H-08.005
Lightning
H-09
Electricity
H-9.001
H-9.002
Electrostatic Energy
H-10
H-10.001
Page 57
Physical
X rays <10nm (ionising)
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
H-10.002
H-10.003
H-10.004
H-10.005
H-10.006
H-10.007
H-10.008
Extremely
Low
Frequency
Magnetic Radiation (ELF) Wavelength: > 30 km
H-10.009
Well logging,
instruments.
H-10.010
Gamma Rays
H-10.011
Neutron Radiation
H-10.012
Naturally Occurring
Radiation (NORM)
H-10.013
Noise
H-10.014
Vibration
H-10.015
H-10.016
H-10.017
Humidity
H-10.018
Cellulosic Materials
H-10.019
Pyrophoric Materials
H-11
H-11.001
Page 58
Possible Source
Ionising
radiography,
densitometers,
interface
Toxic Atmosphere/Medium
Oxygen concentration in air (in
balance)
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
Possible Source
H-11.002
H-11.003
H-11.004
Water
Chemical Substances
H-12
H-12.010
Additives
H-12.011
H-12.012
Brines
H-12.013
Butanes
Bottled gases.
H-12.014
Degreasers
H-12.015
Glycols
H-12.016
Halons
H-12.017
Nickel Catalysts
CAS# 7440-02-0.
H-12.018
H-12.019
Polychlorinated
(PCBs)
H-12.104
Ammonia
CAS# 7664-41-7.
H-12.105
Ammonium Bifluoride
CAS# 1341-49-7.
H-12.108
Benzene
CAS# 71-43-2.
H-12.115
Calcium Bromide
CAS# 7789-41-5.
H-12.116
Calcium Chloride
CAS# 10043-53-4.
H-12.119
Chlorine
CAS# 7782-50-5.
H-12.130
Diisopropanolamine LFG90
H-12.132
Ethane
CAS# 74-84-0.
H-12.133
Ethanol
CAS# 64-17-5.
H-12.136
Ethylene
CAS# 74-85-1.
H-12.141
Gluteraldehyde
H-12.142
Hexane
H-12.143
Hydrogen
CAS# 1333-74-0.
H-12.144
Hydrogen
(Hydrochloric Acid)
Chloride
H-12.145
Hydrogen
(Hydroflouric Acid)
Fluoride
H-12.146
Hydrogen Sulphide
CAS# 7783-06-4.
H-12.153
Mercury
CAS# 7439-97-6.
Page 59
Biphenyls
CAS# 7647-01-0.
CAS# 7664-39-3.
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
Possible Source
H-12.154
Methanol
CAS# 67-56-1.
H-12.163
Nitric Acid
CAS# 7697-37-2.
H-12.170
Phosphoric Acid
CAS# 7664-38-2.
H-12-176
Propane
CAS# 74-98-6.
H-12.180
Sodium Hydroxide
CAS# 1310-73-2.
H-12.182
Sodium Hypochlorite
H-12.183
Sulphur
7704-34-9.
H-12.184
Sulphuric acid
CAS# 7664-93-9.
Biological
H-13.001
Plants
H-13.002
H-13.003
Insects,
Bees
H-13.004
Bacteria
H-13.005
H-13.006
Virus
H-13.007
Fungal Growths
H-13.008
Lifestyle Factors
H-13
Spiders,
Scorpions,
H-14
Ergonomic
H-14.001
Workspace
H-14.002
H-14.003
H-15
H-15.001
Page 60
Psychological
Organisation,
Culture
Systems
and
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
Possible Source
Job Demands
Experience of Change
H-15.006
H-15.007
H-15.008
Personal
Work
H-16
Security
H-15.002
H-15.003
H-15.004
H-15.005
Issues
External
to
H-16.001
Armed Conflict
H-16.002
Terrorism
Unprovoked
authorities.
H-16.003
Violent Crime
H-16.004
Organised Crime
H-16.005
Militant Activism
H-16.006
Civil Unrest
H-16.007
Environmental Aspects1
H-17
Page 61
violent
attacks
against
general
public,
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Hazard Name
Possible Source
Resource Use
H-17.002
Discharge to Water
H-17.003
Discharge to Land
H-17.004
Emissions to Air
H-17.001
H-18
Social Performance
H-18.001
Procurement Philosophy
H-18.002
Revenue Streams
H-18.003
Land Take
Land right
livelihood.
H-18.004
Temporary
Project
construction)
(e.g.
entitlement, resettlement,
loss/change
of
H-18.005
H-18.006
H-99
Emergency response
H-99.000
Emergency Response
Page 62
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Appendix 4
Hazard
ID
H-01.01
Hazard
Crude oil
under
pressure
Loading
Crude at
the SBM
Threats
Integrity
Failure: hose,
flange, piping.
Controls
Top
Event
Oil Spill
Risk Ranking
Consequence
Localised
environmental
impact
Recovery Measures
P
C3
C2
C2
Corrosion protection:
1.
Oil spill
contingency
2.
Pollution control
capability
3.
Radio controlled
ESD from vessel
4.
1.
SBM/ PL
redundancy
2.
OSR capability
3.
Continuous diving
capability
1.
Spare SBM
2.
SBM Redundancy
3.
Replacement:
Change-out equipment on a time &
condition basis
Anchor
Handling
Damaged
Pipeline
Localised
environmental
impact
C3
B3
C2
Page 63
1.
2.
Focsle watchkeeper
3.
Damaged
SBM
Localised
environmental
impact
C3
B3
C2
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
Appendix 5
Those SCEs in the SCE Management Manual relevant only to offshore facilities have been
omitted.
SCE
CODE
SCE
CODE
SCE DESCRIPTION
SCE DESCRIPTION
SI001
Foundation Structures
PS004
Firewater Pumps
SI002
PS005
Firewater Ringmain
SI003
Mechanical
Equipment
PS006
SI005
Road Vehicles
PS007
SI008
Drilling Systems
PS008
PC001
Pressure Vessels
PS009
Sprinkler Systems
PC002
Heat Exchangers
PS010
PC003
Rotating Equipment
PS011
PC004
Onshore Tanks
PS012
Sand Filters
PC005
Piping Systems
PS013
PC006
Pipelines
SD001
ESD Systems
PC007
Relief Systems
SD002
Depressurisation Systems
PC008
Well Containment
SD003
HIPPS Systems
PC009
Fired Heaters
SD004
IC001
SD005
IC002
Non-Hazardous
Ventilation
SD006
Process ESDVs
IC003
SD008
IC005
Earth Bonding
SD009
Utility Air
IC006
ER001
IC007
ER002
IC008
ER003
IC009
ER004
Communications Systems
DS001
ER005
DS002
Security Systems
ER007
Emergency Power
DS003
ER010
Drain Systems
PS001
Deluge Systems
LS001
Personal
Survival
(PSE) Drain Systems
PS002
Page 64
Handling
Area
Equipment
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 65
PC003
Equipment
PC004 Tanks
PC006 Pipelines
Rotating
Gas
H-99.001
Emergency
MAH
Preparedness Measures
H-10.016
High Pressure Steam - Steam
Generation & Steam Injection
H-01.005d
Ambient
at
Oil
Crude
Conditions - FWKO, CWT &
Storage Tanks
H-04.002
Water Under Pressure
H-01.005c
Crude Oil Under Pressure - off
plot
(Production
H-01.005a
Producers
Oil
Phase)
Fired
H-01.003c
Gas
Hydrocarbon
uncontrolled flaring/venting
H-01.003b
Hydrocarbon Gas - off plot
H-01.003d
Hydrocarbon
Heater
Process
Containment
SAFETY CRITICAL
ELEMENT
H-01.003a
Hydrocarbon Gas - on plot
SCE GROUP
H-01.005b
Crude Oil Under Pressure - on
plot
Appendix 6
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
Appendix 7
Assigned TA
SCE GROUP
SCE GOAL
Function
No.
Functional
Criteria
Review #
Date
Performance criteria
Assurance
Mechanical Static
HAZOP review.
To maintain the
pressure
envelope for
conditions within
design basis
PCAP/DCAF Driven
TIVP/AIPSM Driven
Verification
OE/Flawless Driven
1.2 Pressure Vessel Internal Inspection
These should be tasks/activities in a
There shall be no unacceptable internal flaws in the Pressure Vessel as defined within the Inspection scheduled assurance event specified in a
Management Process.
Company process/procedure.**
* There shall be no unacceptable cracks in the vessel.
PCAP/DCAF Driven
* There shall be no unacceptable corrosion inside the vessel.
* There shall be no unacceptable visible damage (gouges, dents, deformations, arc strikes) to vessel. TIVP/AIPSM Driven
OE/Flawless Driven
Page 66
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
1.5 Attachments
No bolting is missing or loose.
No valves or instruments are loose or damaged.
To prevent a
release of
hazardous
materials
RELIABILITY / AVAILABILITY
Function
No.
Page 67
Verification
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
Hazardous Event
Performance criteria
Verification
Page 68
Printed 24/11/14
Appendix 8
Page 69
Revision: 1.0
Effective: Mar-11
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
Appendix 9
The table below provides guidance on interpreting the HSE Critical Task implementation tables.
This framework has been developed to set out the HSE Critical Task implementation tables in a
consistent and user-friendly format.
Table 16-1: Implementation Table Guidance
TITLE
DESCRIPTION
Task ref.
Bow-Ties
Threats/Consequences
HSE Critical Activity (yellow barriers) for which HSE Critical Task is
carried out to ensure barrier is in place and functional.
Task Description
Documentation
Verification
Page 70
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Threats/
Consequences
Task Description
Documentation
Verification
4.29
H-01.003a
H-01.003b
H-01.003c
H-01.003d
H-01.005a
H-01.005b
H-01.005c
H-01.005d
H-04.002
H-10.016
Human error
4.49
H-01.003a
H-01.003b
H-01.003c
H-01.005a
H-01.005b
H-01.005c
H-01.005d
H-10.016
6.03
H-01.003a
H-01.003b
H-01.003c
H-01.003d
H-01.005b
H-01.005c
H-01.005d
H-10.016
Lack of manpower/ Man Power Model/ERROS - Ensure the Manpower model is implemented for GU-4884 Planning and Manpower report
Nimr operations
Scheduling Guidelines
resources
Estimated Resources
Required on Site
Page 71
Consequence management Implement company consequence management Plant Operations Manual Disciplinary reports
(disciplinary procedures) for procedure for non compliance
PR-1029 Competence
non-compliance
Assurance
and
Assessment
Ensure asset security plan appropriate for CP-126 Personnel and Asset Security Plan
location risks is established and implemented. Asset Security
This should include dialogue and interface with
PL-10
Security
&
the ROP.
Emergency
Response
Policy
Printed 24/11/14
Appendix 10
Revision: 1.0
Effective: Mar-11
MOPO
The team to develop or review the MOPO shall consist of operations, maintenance, HSE and
management personnel who are familiar with the operation of, and the activities required, at the
facility/asset.
The team shall be lead by an experienced facilitator and shall:
Identify Threats and Escalation Factors in the Bow-ties that could compromise safe operating
limits.
Identify other operations and activities that could compromise safe operating limits.
Develop the MOPO under the appropriate headings of SIMOPs, External Influences and
Inactive SCE
Identify the stops and proceed with cautions using the red/amber traffic light system.
Provide supporting guidance notes for the proceed with cautions that will assist Supervisors
etc if/when the situation arises.
Collectively review the matrices and ensure they reflect current practise and give clear
guidance for action to be taken under the specific circumstances.
The SIMOPs MOPO shall assume that two or more major activities, e.g. production, drilling,
are simultaneously being performed in the same location/area.
The Impaired SCE MOPO shall assume that the operation is in the vicinity of, or within the
area affected by, the impaired SCE.
The Impaired SCE MOPO shall define the minimum level failure mode assessed as having an
impact on one or more of the high level activities/operations. Failure modes below this level
shall be subject to risk assessment and remedial action in accordance with EP2009-9009.
When SCEs are in test mode, alternative controls shall be put in place to ensure that their
functionality is provided. Testing of these systems is not generally considered impairment for
purposes of this MOPO.
In case multiple barriers are unavailable/impaired, the combined effect of the simultaneous
failure on the activities shall be subject to risk assessment.
Additional controls required as indicated in the MOPOs (coloured amber) shall be listed. Wok shall
only be carried out under the formal control of the Permit to Work (PTW) system, including component
elements such as plant isolation certificates, vessel entry certificates, hot work permits, etc. All
applicable procedures and work instructions relating to the work to be undertaken shall be complied
with.
In certain cases, the specific operation is not directly impacted by the barrier that is impaired, but
consideration shall be given to proceeding with non-essential work that could increase the risk.
Where necessary, the requirement for undertaking risk assessment shall be noted. Measures shall
be taken to maintains risks at ALARP and the effectiveness of the measures shall be verified. All
actions involving bypassing the safeguarding systems shall be authorised by the Production Delivery
Team Leader who shallprepare individual procedures for all tasks not covered by existing procedures
and consult relevant discipline technical authority.
Examples of the three MOPOs (Adverse Weather, SIMOPs, and SCE Impairment) follow. These shall
be used as guidance for construction of a new MOPO or for review of an existing MOPO. The notes
within the MOPO are intended to support rather than supersede the specific risk assessments
required, particularly for SCE Impairment where FSR and CMPT processes shall be applied. For a
MOPO to be effective it must provide clear concise information to the Operator of immediate action to
be taken under the specified conditions, e.g. if working at height is ongoing and wind speed increases,
he needs to be able to quickly see when to stop the activity in question.
Page 72
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
REQUIREMENT
Operation specific. Subject to well engineering procedures; refer to WECO HSE case.
Continued work subject to heat stress evaluation. Schedule work during cooler part of day. Provide forced
ventilation, shaded areas and cold water (not iced). Summer working hours and extended lunch breaks apply.
Simultaneous drilling and production operations permitted subject to compliance with minimum separation
distances between live wells and flowlines and drilling operations in accordance with WECO HSE Case.
Simultaneous drilling and production operations not permitted inside separation distances.
Permitted subject to pigging procedures (maximum flow rate for pigging operations).
10
Page 73
NIGHT TIME
WORKING
LIGHTNING
HIGH AMBIENT
TEMP >50 C
Drilling
Well Services
Operate Wells/Flowlines
Operate Pipelines
Pigging (future)
QA MPS Operation
GT operation
BFW Heater Start-up (Plant Start-up)
HRSG Start-up (Plant Start-up)
Steam Distribution Plant Start-up
Oil & Gas Plant Start-up
PGC/Plant unit Start-up
Operate Steam Plant
Operate Oil & Gas Plant
APO Operation
N2/He Leak Testing
Working Outdoors
Sampling
Radiography
Vehicle Movement on-plot
Vehicle Movement off-plot
Road Maintenance/ Grading
Grit Blasting / HP Water Jet
Lifting/Crane Operations
Fork Lift Truck Operations
High Noise Generating Activities
Excavation Activities
Work at Height (outside permanent structures)
Working on Tall Structures
Zone 1 Area Work
Zone 2 Area Work
Breaching Maintenance
Non-Breaching Maintenance
Class A Permit Work
Class B Permit Work
HRSG entry
Confined Space Entry
Flaring
Local Venting
Draining to open systems
Chemical unloading
Chemical Disposal by Vac Truck
Construction Activities
HEAVY SHAMAL
ACTIVITY/OPERATION
1
1
Y
Y
2
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
3
Y
3
3
3
3
N
3
Y
3
N
3
Y
Y
3
Y
Y
Y
Y
Y
Y
3
Y
3
3
3
1
1
Y
Y
N
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
1
1
Y
Y
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
4
N
N
N
N
Y
N
N
N
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
N
3
1
1
Y
Y
2
Y
Y
N
N
N
N
N
Y
Y
Y
N
3
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
1
1
Y
Y
2
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
1
1
Y
Y
2
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
N
N
N
N
N
1
1
Y
Y
5
Y
Y
5
5
5
5
5
Y
Y
Y
5
5
5
5
Y
Y
5
5
5
5
5
5
5
5
5
5
5
5
5
5
5
5
Y
5
5
5
5
5
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Page 74
WORKING OUTDOORS
SAMPLING
RADIOGRAPHY
VEHICLE
PLOT
ROAD
GRADING
LIFTING/CRANE OPERATIONS
WORKING
STRUCTURES
NON-BREACHING
MAINTENANCE
HRSG ENTRY
FLARING
LOCAL VENTING
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
8
N
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
Y
Y
Y
8
N
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
Y
Y
Y
8
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Y
N
Y
Y
Y
N
N
N
Y
Y
Y
Y
Y
N
Y
Y
N
Y
Y
Y
N
N
N
Y
Y
Y
Y
Y
N
Y
Y
N
Y
Y
Y
N
N
N
Y
Y
Y
Y
N
Y
Y
N
Y
Y
Y
N
N
N
Y
Y
Y
N
Y
Y
N
Y
Y
Y
N
N
N
Y
Y
N
Y
Y
Y
Y
Y
Y
8
Y
Y
Y
N
Y
Y
Y
Y
Y
Y
8
Y
Y
N
Y
Y
Y
Y
Y
Y
8
Y
Y
N
N
N
N
Y
Y
N
N
N
Y
N
Y
Y
Y
N
N
Y
N
N
N
Y
N
N
Y
N
Y
Y
N
N
N
Y
Y
N
N
Y
Y
N
N
Y
Y
Y
Y
N
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
N
Y
3
Y
N
Y
3
Y
N
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
Y
3
Y
Y
Y
3
Y
Y
Y
3
Y
Y
N
N
N
N
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Y
N
Y
N
Y
N
Y
N
Y
N
Y
N
N
N
N
N
N
N
N
N
Y
N
Y
N
Y
Y
Y
Y
Y
N
Y
N
Y
N
Y
N
N
Y
N
N
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
3
3
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Y
Y
Y
Y
N
N
N
N
Y
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
Y
Y
Y
N
N
N
N
N
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
3
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Y
N
N
N
Y
Y
Y
Y
Y
N
N
Y
3
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Y
N
N
N
Y
Y
Y
Y
Y
N
N
Y
Y
Y
Y
Y
Y
N
N
Y
Y
Y
Y
Y
Y
N
N
Y
N
N
N
N
Y
N
N
N
N
N
N
N
Y
N
N
N
Y
Y
Y
Y
Y
N
N
Y
Y
Y
N
N
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
Y
Y
Y
Y
N
N
N
N
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
N
N
N
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
Y
N
N
N
N
Y
Y
Y
Y
N
N
N
Y
Y
Y
Y
N
N
N
Y
Y
Y
N
N
N
Y
Y
N
N
Y
Y
N
N
N
9
Y
Y
Y
N
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
ON
WORK AT HEIGHT
EXCAVATION ACTIVITIES
LIFT
FORK
OPERATIONS
STARTUP
HRSG
STARTUP)
HEATER
BFW
(PLANT STARTUP)
GT OPERATION
MOVEMENT
CONSTRUCTION ACTIVITIES
APO OPERATION
CHEMICAL UNLOADING
BREACHING MAINTENANCE
TALL
NOISE
HIGH
ACTIVITIES
Y
Y
TRUCK
QA MPS OPERATION
7
Y
Y
MAINTENANCE/
PIGGING (FUTURE)
Y
Y
Y
Y
OFF-
OPERATE PIPELINES
6
Y
Y
Y
Y
(PLANT
OPERATE WELLS/FLOWLINES
6
6
Y
Y
Y
Y
STARTUP
WELL SERVICES
Drilling
Well Services
Operate Wells/Flowlines
Operate Pipelines
Pigging (future)
QA MPS Operation
GT operation
BFW Heater Startup (plant
startup)
HRSG
Startup
(plant
startup)
Steam Distribution Plant
start-up
Oil & Gas Plant start-up
PGC/Plant unit Startup
Operate Steam Plant
Operate Oil & Gas Plant
APO Operation
N2/He Leak Testing
Working Outdoors
Sampling
Radiography
Vehicle Movement on-plot
Vehicle Movement off-plot
Road Maintenance/ Grading
Grit Blasting / HP Water Jet
Lifting/Crane Operations
Fork Lift Truck Operations
High Noise
Generating
Activities
Excavation Activities
Work at Height (outside
permanent structures)
Working on Tall Structures
Zone 1 Area Work
Zone 2 Area Work
Breaching Maintenance
Non-Breaching
Maintenance
Class A Permit Work
Class B Permit Work
HRSG entry
Confined Space Entry
Flaring
Local Venting
Draining to open systems
Chemical unloading
Chemical Disposal by Vac
Truck
Construction Activities
DRILLING
ACTIVITY/OPERATION
GENERATING
MOPO SIMOPs
Printed 24/11/14
Revision: 1.0
Effective: Mar-11
ENTRY
CONFINED SAPCE
(INCLUDING HRSG)
BREAKING HC-CONTAINMENT
(SAMPLING,VENTING,DRAININ
G)
PRESSURE/LEAK TESTING
ACTIVITIES
GENERAL
(MAINTENANCE, INSPECTION,
PAINTING, COLD WORK)
Observed or detected
structural defect resulting
in increased risk of MAH
Observed or detected
structural/mechanical
defect
resulting
in
increased risk of MAH
due to dropped load
Uncontrolled release of
process fluids resulting in
increased risk of MAH
Unavailability of relief at
design flow rate resulting
in increased risk of MAH
due to overpressure
Uncontrolled release of
well fluid resulting in
increased risk of MAH
Unavailability
of
BMS/IPS resulting in
increased risk of MAH
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
Certified
electrical
equipment fails to meet
PS requirement resulting
in increased risk of
ignition
Earth bonding fails to
meet PS requirement
resulting in increased risk
of ignition
Inability
to
provide
required fuel gas purge
flow to flare header
resulting in air ingress to
flare
Total loss of gas blanket
system
resulting
in
increased risk of ignition
Inability
to
provide
required gas blanket flow
individual
equipment
resulting in increased risk
of ignition
Loss of primary &
secondary flare ignition
systems resulting in flare
out
Total loss of F&G
detection system
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
HOT WORK
OPERATE FACILTY
SI002
Civil
Structures
/
Structural Support
SI003 Heavy lift
cranes
and
mechanical
handling
OPERATE
SYSTEM
START-UP PLANT
SCE GROUP
START-UP
SYSTEM
OPERATE PLANT
EQUIPMENT
EQUIPMENT
ACTIVITY/OPERATION
IMPAIRED/UNAVAILABLE SCE
PC001 - PC006
Process
Containment
PC007
Relief
System
PC008
Operational Well
Containment
PC009
Fired
Heaters
(Burner
Management
System)
IC003
Certified
Electrical
Equipment
IC005
Bonding
Earth
IC007
Gas
Blanket System Total loss
IC007
Gas
Blanket System Loss to individual
equipment
IC009
Ignition
System
Flare
Control
Page 75
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
Escape/
evacuation
routes impaired
10
10
10
10
10
10
10
10
10
10
10
10
Emergency/
escape
Lighting impaired
10
10
10
10
10
10
10
10
10
10
10
10
Loss
of
GA
communication system
10
10
10
10
10
10
10
10
10
10
Loss
of
ER
communication system
including radios and
landlines
10
10
10
10
10
10
10
10
10
10
Inability
to
provide
emergency power supply
to essential systems
10
10
10
SD001
ESD
System - Total
loss
SD001
ESD
System - Local or
partial loss
SD002
Depressurisation
System - Total
loss
SD002
Depressurisation
System - Local or
partial loss
SD004
Operational Well
Isolation
SD006
ESDV
Process
ER001
Temp
Refuge/
Muster
Areas
ER002
Escape/
Evacuation
Routes
ER003
Emergency/
Escape Lighting
ER004
Communication
Systems - Loss of
GA
ER004
Communication
Systems - Loss of
ER
communications
ER005
Uninterrupted
Power
Supply
(UPS)
Page 76
OPERATE PLANT
/
EQUIPMENT
OPERATE
SYSTEM
START-UP PLANT
EQUIPMENT
DS002
Security
Systems
PS013 Chemical
Injection System
ENTRY
10
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
CONFINED SAPCE
(INCLUDING HRSG)
10
HOT WORK
10
BREAKING HC-CONTAINMENT
(SAMPLING,VENTING,DRAININ
G)
10
PRESSURE/LEAK TESTING
OPERATE FACILTY
10
START-UP
SYSTEM
ACTIVITIES
GENERAL
(MAINTENANCE, INSPECTION,
PAINTING, COLD WORK)
ACTIVITY/OPERATION
Revision: 1.0
Effective: Mar-11
ER010
System
Drains
LS001 Personal
Survival
Equipment
Personal monitors
LS001 Personal
Survival
Equipment
Escape sets
LS001 Personal
Survival
Equipment
Rescue BA sets
LS001 Personal
Survival
Equipment
Chemical PPE
LS001 Personal
Survival
Equipment
Safety
showers/eye wash
stations
ENTRY
CONFINED SAPCE
(INCLUDING HRSG)
HOT WORK
BREAKING HC-CONTAINMENT
(SAMPLING,VENTING,DRAININ
G)
PRESSURE/LEAK TESTING
ACTIVITIES
GENERAL
(MAINTENANCE, INSPECTION,
PAINTING, COLD WORK)
OPERATE FACILTY
OPERATE PLANT
EQUIPMENT
OPERATE
SYSTEM
START-UP PLANT
START-UP
SYSTEM
EQUIPMENT
ACTIVITY/OPERATION
Inability
to
provide
secondary containment
for HC/chemicals spills
resulting in potential
escalation of MAH
Personal H2S monitors
below minimum level or
faulty
10
10
10
10
10
10
10
10
10
10
10
10
10
Insufficient number or
inadequate
type
of
Chemical PPE available
10
10
Safety
showers/eye
wash
stations
not
available or inoperable
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
CRITICAL MANPOWER
UNAVAILABILITY
HSE
Position
Critical
ER
Members
Team
ER - QA
Brigade
Fire
ER - First Aider
LECC
Page 77
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Appendix 11
This appendix details the process for identifying, assessing and implementing changes to
Operations HSE Cases to ensure that the hazards and risks associated with Major Accident
Hazards (MAHs) are maintained as low as reasonably practicable (ALARP).
This procedure is mandatory for Operations HSE Cases in PDO but may also be used for
Design HSE Cases.
It is to be used by all parties who may be responsible for initiating a change that may have an
effect on the underlying assumptions or information presented in a HSE Case.
A suitable system to ensure that the Steps described in this procedure are followed is provided
by the proforma HSE Case Change Approval Form at the end of this Appendix
RACI Matrix
3. Perform Workscope
6. Approve Changes
7. Publish Changes
5. Review proposed
Changes
HSE
Case
Originator
Action Parties
Case
HSE
Custodian
1. Identify Change
Task
Stakeholders
Technical
Authorities
Technical Safety
HSE
Engineer/
Case Custodian
(R)
Responsible:
The party responsible for executing the task and obtaining parties
involvement
(A)
Accountable
(C)
Consult
(I)
Informed
Role
Responsibilities
Originator
Asset (management,
supervision or operations);
Workforce;
Discipline engineers;
Contractors.
Page 78
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Responsibilities
Stakeholder
Action Parties
Technical Authorities
Asset (management,
supervision or operations);
Workforce;
Discipline engineers;
Contractors.
Page 79
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
Ref.:
GD/2008/01
Originator:
Yibal
A N Other
Date raised:
24/07/2010
Details of proposed change(s) (summary of the change(s) use continuation sheet if required):
Justification:
(Yes/No)
Details of Stakeholder engagement:
Step 3: Perform Workscope (record the summary of outcomes for Step 3):
Step 4 & 5: HSE Case Changes (record summary of changes use continuation sheet if required for detailed changes):
Part:
Section:
Heading:
Comments:
Justification
Name:
Signature:
Date:
b. Technical
Authority
Name:
Signature:
Date:
c. HSE Case
Custodian
Name:
Signature:
Date:
d. Technical
Safety
Engineer
Name:
Signature:
Date:
Page 80
Rev
Number:
Name:
Signature
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
As soon as it is practicable, discuss the potential change(s) with the Asset Technical Safety
Engineer to determine whether the proposed change(s) will affect the HSE Case or its
underlying assumptions.
Any proposed changes (e.g. engineering, procedural, organisational) that have an impact
on the risk profile of the Facility or Activity, shall be managed in accordance with this
Procedure (including an ALARP Demonstration) and the HSE Case shall be updated
accordingly.
The possible changes that might affect the HSE Case and its underlying assumptions are
those listed in Section 13.
Step 2: Assess Impact of Change(s) and Develop Workscope
a) Determine whether the proposed changes(s) will affect the Case content or its
underlying assumptions. If it is agreed that there is no effect on the Case or its
supporting studies, no further action is required.
b) Where it is agreed by there is an effect on the Case, develop workscope with
relevant Stakeholders.
c) Ensure that the workscope includes review and update, as required, to:
i.
ii.
QRA Studies;
iii.
Bow-Tie assessments;
iv.
v.
d) Agree and record actions with originator, action parties and Stakeholders.
e) Summarise details of the HSE Case Change Approval Form
f)
Logs the HSE Case change in the HSE Case MOC register. The register should
ensure that all changes to the HSE Case are grouped together for review and to
allow assessment of cumulative effects or risk.
supporting
studies
or
other
associated
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Effective: Mar-11
a) Issue the HSE Case Change Approval Form with proposed change(s) to the HSE
Case to relevant action parties and Stakeholders for comment/review.
b) Amend proposed change(s) as required reflect any comments received. On the
HSE Case Change Approval Form annotate which sections of the HSE Case have
been changed.
c) Determine need for immediate publication of change(s). Consider whether change
is significant and needs immediate update. Also consider cumulative effects of
changes to date.
Step 6: Approve Change(s)
a) Gain acceptance of proposed change(s) from relevant parties, including sign-off of
HSE Case Custodian (obtain signatures).
b) Update status of HSE Case Change Approval Form in the HSE Case MOC
Register including Date Agreed.
c) If applicable, update FIM to record any changes that affect any open items still
under review (e.g. Change to HSE Case Remedial Action Plan).
Step 7: Publish Change(s)
a) Make change(s) to HSE Case.
b) Publish HSE Case on Livelink / issue to document copy holders.
c) Update status of Update status of HSE Case Change Approval Form in the Change
Register including Date Completed.
HSE Case MOC Register
Ref.
Description
Significant
change?
Yes/No
Date
raised
Date
agreed
Date
completed
GD/2008/01
Yes
n/a
01/01/2008
01/01/2008
01/10/2008
Page 82
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Appendix 12
Revision: 1.0
Effective: Mar-11
The AI-PSM process within PDO identifies 20 elements from the Centre for Chemical Process
Safety Guidelines for Risk Based Process Safety (CCPS RBPS) which describes minimum
expected standards and stipulates the requirements for a range of process related activities
ranging from organisational culture, workforce involvement, risk management, HEMP and audit
through to design.
ELEMEN
T
NUMBER
AI-PSM ASSURANCE
ELEMENT
Process
Culture
Compliance
Standards
Corporate Process
Safety Competency
Workforce
Involvement
Stakeholder
Outreach
Process Knowledge
Management
Operating
Procedures
Permit to Work
Page 83
Safety
with
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
AI-PSM ASSURANCE
ELEMENT
10
Technical Integrity
11
Contractor
Management
Training
Performance
Assurance
and
12
13
Management
Change
of
14
Operational
Readiness
15
Conduct
Operations
16
Emergency
Management
17
Incident
Investigation
18
Measurement
Metrics
19
Auditing
20
Management
Review
Continuous
Improvement
Page 84
of
and
and
Revision: 1.0
Effective: Mar-11
Printed 24/11/14
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.