bowties in process safety auditing

“Insert” then choose “Picture” – select your picture.Right click your picture and “Send to back”.

The business of sustainability

Bowties in process safety auditingMireille Busque - ERM


© Copyright 2015 by ERM Worldwide Limited and/or its affiliates (‘ERM’). All Rights Reserved. No part of this work may be reproduced or transmitted in any form or by any means, without prior written permission of ERM.

The business of sustainability © 2016 ERM

Process Safety Auditing

2

Auditing is a vital part of a PSM program■ Demonstrate compliance with company expectations and processes

■ Ensure suitable safeguarding measures in place

■ Identify deficiencies in compliance or safeguarding measures.

■ Needs to be systematic and independent.

■ Must be relevant to the site hazards


Different types of audit

3

Compliance-centred■ Regulatory

■ Corporate

■ Management systems

Hazard-centred■ Focussed on particular hazards

■ Safeguards necessary to control hazards


Audit protocol

4

But developing an audit protocol can be problematic■ Process safety hazards may

vary from site to site or from time to time

■ Consequences of accident may vary and therefore different safeguards required

One size does not fit all for a varied portfolio of assets■ Audit must consider safeguards

important to prevent or mitigate site-specific process safety hazardous events


Using Bowties in Process Safety Auditing

So how can you:■ Identify process safety measures relevant to particular sites?

■ Account for local concerns and vulnerabilities?

■ Leave a legacy of increased process safety awareness

© 2016 ERM


Location: TOP EVENT

HAZARD

BARRIER 1.2BARRIER - 1.1

THREAT - 1


THREAT - 2


THREAT - 3

BARRIER

ESCALATION

BARRIER - A.1 BARRIER A.2

CONSEQUENCE - A

BARRIER - B.1 BARRIER B.2

CONSEQUENCE - B

BARRIER

ESCALATION

Some bowtie concepts

The scenario which represents losing control of

the hazard

Various distinct causes of the top

eventRealistic worst-case outcomes of the top event

A physical situation

with a potential for harm

PREVENTION MITIGATION

Measures to prevent a top event due to a

particular threat

Conditions which could cause barrier to fail

Measures to mitigate the

consequences of a top event

6

© 2016 ERM


Safety Cases

8

Bowtie diagrams have many different uses:


Deep understanding of barrier operation

9


RAPID SCCU Facilities: Loss of Containment - U3420 MTBE - L and V

01.03 LPGs (e.g. C3/C4 cuts, Raffinate 1, 2 & 3)

Overpressure Protection System and Relief System

Process Containment

PC007 Relief System (PRV, PSV, etc)

Instrument Protective Function, Instrumented Protection System and Emergency Shutdown Systems (ESD)

Shutdown Systems

SD001 Emergency Shutdown (ESD) Control System

Process Monitoring Control System with operator intervention [Control room operator operates the plant according to standard operating procedures using the information from DCS (SOP)]

Emergency Response

ER009 Process Control & Alarms

Process Equipment and Piping Systems Operated within Specified Safe Operating Limits

Process Containment

PC001 Pressure Vessels

PC002 Heat Exchangers

PC003 Rotating Equipment

PC005 Hydrocarbon Piping

Process Equipment and Piping Systems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]

Process Containment





Process Upset (e.g. over-pressure, over temperature)

Instrument Protective Function, Instrumented Protection System and Emergency Shutdown Systems (ESD)

Shutdown Systems


Process Monitoring Control System with operator intervention [Control room operator operates the plant according to standard operating procedures using the information from DCS (SOP)]

Emergency Response



Process Containment





Process Equipment and Piping Systems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]

Process Containment





Overfilling of Drums

Corrosion Monitoring and RBICorrosion Protection System (N2 blanketing of V-301)

Process Equipment and Piping Systems Operated within Specified Safe Operating Limits (Corrosion Allowance and Material Selection)

Process Containment





Process Equipment and Piping Systems Designed/ Installed/ Comissioned to Specified Safe Operating Limits (Corrosion Allowance, Material Selection and vessel linings as directed by licensors)

Process Containment





Internal Corrosion

Corrosion Monitoring and RBIInsulating gasket between dissimilar materialsProcess Equipment and Piping Systems Operated within Specified Safe Operating Limits (Coating Integrity)

Process Containment





Process Equipment and Piping Systems Designed/ Installed/ Comissioned to Specified Safe Operating Limits (Coating Integrity)

Process Containment





External Corrosion

Periodic statutory inspection of pressure vessels

All flange are fitted with inner ring, spiral wound gasket

Process Containment


Flange Management ProgramPreventive maintenance of pumps and replacement of seals based on condition of seals

Process Containment


Seal Leak Detection and Venting System

Process Containment


Field operator regularly walking around

Emergency Response



Process Containment





ystems Designed/ Installed/ Commissioned to Specified Safe Operating Limits [Design Basis]

Process Containment





els, equipment, piping, valves, flanges, seals)

All vehicle movements in process areas are subjected to permit to work system or controlled by procedures if routine

Safety distance between roads and process equipment

Main/Plant Roads Integrity as per Specification

Structural Integrity

SI001 Structures

Area Demarcation between Process and non-Process facilities

Perimeter fence to prevent access to site by unauthorized vehicles

Detection Systems

DS002 Security Systems

Impact Damage (Vehicle)

Piping design to allow flexibility during earthquake activities

Process Containment


Pile and foundation integrity


SI001 Structures

Structure design according to BOD and seismic activities specifications


SI001 Structures

Earthquake/ subsidence

Storm drains system

Emergency Response

ER010 Bunding and Drains (Hazardous and Non-hazardous)

Plant Design according to BOD and Environmental Loads Specifications

Emergency Response


Climate Extremes (eg Heavy Rain, Strong Wind)

Lightning protection system including earthing and bonding for buildings and tall structures as per IEC 62305 (e.g.Telecommunication Tower, flare stack, columns)

Ignition ControlIC005 Electrical Earthing Continuity (Earth Bonding)

Lightning

Integrity of Cranes, Mechanical Handling Equipment and Appliances


SI003 Heavy Lift Cranes and Mechanical Handling Equipment

Dedicated Areas with suitable foundation for supporting heavy lifting crane

Lifting Activities are strictly controlled by Permit to Work system

Dropping/ Swinging Objects

Daily visual inspection by field operatorStructures and Foundations Operated within Specified Safe Operating Limits


SI001 Structures

Structures and foundations Designed/ Constructed to Specified Safe Operating Limits


SI001 Structures

Structural failure for process structures, storage tanks and vessel supports (eg fatigue, corrosion, human error etc)

Entire system is air free using N2 before introducing hydrocarbons

Ignition Control

IC007 Inert Gas

Internal explosion inside vessel during start-up

Steam purge of reactor before opening to atmosphere

Catalyst changing activities

Control of Ignition sources (e.g. Earthing and Bonding Equipment, Vehicle/ Equipment Spark Arrestors, Thermal Insulation for high temperature explosed surfaces)

Ignition ControlIC003 Certified Electrical Equipment

IC005 Electrical Earthing Continuity (Earth Bonding)

IC008 Miscellaneous Ignition Control Components

SI005 Road vehicles

Hazardous Area Classification

Operational control of ignition sources (e.g. Hot Work Permit, Vehicle entry restrictions etc)Ignition Control: Lightning protection system for buildings and tall structures (e.g.Telecommunication Tower, flare stack, columns) as per IEC requirement

Ignition ControlIC005 Electrical Earthing Continuity (Earth Bonding)

Flame/Flammable Gas Detectors to initiate Alarms with operator to verify and initiate shutdown if appropriate

Detection Systems

DS001 Fire & Gas Detection

Detection by field operator and use of Manual Call Points with operator acknowledgement (no detection equipment)

Emergency Response

ER004 Communication Systems

Emergency Shutdown System

Shutdown Systems


SD006 Emergency Shutdown Valves (ESDV)

SD009 Utility Air

Passive Fire Protection System (Fire proofing for steel structures supporting HC vessels and piperacks)

Protection Systems

PS006 Passive Fire Protection

Firewater Spray System (including Ring Main/Other Distribution System, Deluge valves and Water Spray System)

Protection Systems

PS001 Deluge Systems

PS005 Firewater Ringmain and Other Distribution Systems

PS009 Sprinkler Systems

Manual/Portable Firefighting Equipment operated by MTBE emergency response team (including fire hydrants, fire water monitors, mobile foam cart)

Emergency Response

ER008 Manual Fire Fighting Equipment

Centralized Emergency Fire Services (CEFS) and external agencies response team

Emergency Power System and UPS

Emergency Response

ER005 Uninterruptable Power Supply (UPS)

ER007 Emergency Power

Escape evacuation and rescue facilities including escape route, emergency lighting and wind sock

Emergency Response

ER001 Temporary Refuge/ Primary Muster Areas

ER002 Escape & Evacuation Routes

ER003 Emergency/ Escape Lighting

Emergency telecommunication system (e.g. dedicated hotline, PAGA)

Emergency Response


Fire/ explosion escalation mitigated by safety distance between process units and manned populated areas

Occupied buildings (OSB) designed for blast load and fire

Protection Systems

PS002 Explosion Protection including Blast Barriers and Venting Provisions

ER001 Temporary Refuge/ Primary Muster Areas

Fire/ Explosion/ leading to onsite/ offsite personnel injuries/ fatalitie

Flame/Flammable Gas Detectors to initiate Alarms with operator to verify and initiate shutdown if appropriate

Detection Systems

DS001 Fire & Gas Detection

Detection by field operator and use of Manual Call Points with operator acknowledgement (no detection equipment)

Emergency Response


Emergency Shutdown System

Shutdown Systems


SD006 Emergency Shutdown Valves (ESDV)

SD009 Utility Air

Centralized Emergency Fire Services (CEFS) and external agencies response team

Emergency Power System and UPS

Emergency Response

ER005 Uninterruptable Power Supply (UPS)

ER007 Emergency Power

Spill Containment and Accidential Chemical Containment (ACC) Drainage System

Emergency Response


Waste Water Treatment facilities

Environmental Impact

TBE - L and V

& 3)

, Vehicle/ Equipment Spark Arrestors, Thermal Insulation for high temperature explosed surfaces)

Ignition Control

IC003 Certified Electrical Equipment

IC005 Electrical Earthing Continuity (Earth Bonding)

IC008 Miscellaneous Ignition Control Components

SI005 Road vehicles

Hazardous Area Classification

Operational control of ignition sources (e.g. Hot Work Permit, Vehicle entry restrictions etc)

Ignition Control: Lightning protection system for buildings and tall structures (e.g.Telecommunication Tow

Ignition

IC005 Electrical Earthing Contin

Flame/Flammable Gas Detectors to init

Dete

■ Part of design process■ Understand hazards■ Identify Safety Critical

Elements■ Identify Safety Critical Tasks■ Capture actions and

recommendations■ ALARP demonstration

© 2016 ERM


Loca

tion

: TO

P EV

ENT

HA

ZAR

DB

AR

RIE

R 1

.2

BA

RR

IER

- 1

.1

THR

EAT

- 1

BA

RR

IER

2.2

BA

RR

IER

- 2

.1

THR

EAT

- 2

BA

RR

IER

3.2

BA

RR

IER

- 3

.1

THR

EAT

- 3

BA

RR

IER

- A

.1

BA

RR

IER

A.2

CON

SEQ

UEN

CE -

A

BA

RR

IER

- B

.1

BA

RR

IER

B.2

CON

SEQ

UEN

CE -

B

Communicating hazard management

10


■ Senior Leaders■ High-level overview■ Conversation-starter for

site visits■ Context for process

safety KPI

■ Workforce■ Hazard overview■ Operational risk

assessment■ Permit risk assessment


Bowtie use in various industries

11

"Bowtie is one of many barrier risk models available to assist the identification and management of risk and it is this particular model we have found (and are still finding) useful".

“We are improving our riskmanagement process through theobjective centred ‘bow tie’ approach.”

ERM is also using bowties with clients in:■ Food production■ Manufacturing■ Road transport■ Upstream O&G■ Downstream O&G■ Chemicals


Bowties provide all information necessary to develop a focussed audit protocol

Using Bowties in Process Safety Auditing

Location: TOP EVENT

HAZARD


THREAT - 1


THREAT - 2


THREAT - 3

BARRIER

ESCALATION

BARRIER - A.1 BARRIER A.2

CONSEQUENCE - A

BARRIER - B.1 BARRIER B.2

CONSEQUENCE - B

BARRIER

ESCALATION

© 2016 ERM


For each barrier on a bowtie …

Using bowties …

13

Does it actually exist?

Is it in good

order?Is it

appropriate for the hazard

Is there evidence of a maintenance

program?

Is the responsible

person competent?

© 2016 ERM


Typical application

14

Techniques typically applied to:■ Large organisations with many sites having similar hazards■ Single sites with a range of hazards■ Sites which are at an early stage of process safety maturity

May have generic bowties for large organisations■ Generic bowties must be made local – what’s different here?

May need to develop bowties where none exist■ Hazard Identification■ Develop bowties for a couple of hazards

Developing bowties in a workshop is the first part of the audit !■ Gaps or deficiencies often become apparent without even looking at the

site.


Typical application

15

HAZID and bowtie workshop■ Provides insight to audit team to

identify areas to investigate further

■ Takes site team on a journey of discovery, rather than just presenting findings

■ Bowtie is useful for site to use in training and for raising process safety awareness

Audit process split between■ Process safety safeguards

■ equipment and tasks■ Management systems

■ eg MoC, PTW


Audit output

16

Findings around:■ Control strategy

■ Have you got the right controls?

■ Overall control effectiveness■ Do the controls actually work?■ Do people know what they have to do to make

controls effectiveness?

■ Management systems■ Do these support the effectiveness of controls?

Greater understanding of process safety hazards and the measures necessary to manage them effectively


Typical Site Audit – 4-5 days

2.5 days

2 days


Advantages of method

18

Focussed:On those systems,

tasks and equipment of direct importance to managing process

Flexible:To allow the auditor to

follow areas of particular concern at

each site

Educative:Allows sites to understand why findings are important and the

potential outcomes of weaknesses


Application of method

19

ERM engaged in major programme with manufacturing organisation■ Sites on all continents

■ Variety of hazards

■ Differing levels of maturity

Successful program delivering■ Understanding of process safety

issues across portfolio

■ Increased process safety awareness across sites


Available guidance on bowties

20


Questions

bowties in process safety auditing

Documents