safety and environmental risk assessments of industrial activities

7/23/2019 Safety and Environmental Risk Assessments of Industrial Activities

http://slidepdf.com/reader/full/safety-and-environmental-risk-assessments-of-industrial-activities 1/4

a report by

TNO

Sa f e t y a nd En v i r onmen ta l R i s k

A s s e s smen t s o f I n d u s t r i a l A c t i v i t i e s

Most research in this field is assigned by industries

working with dangerous chemicals. Activities include:

•

accident investigation;• process safety studies (hazard and operability study

(HazOp), layer of protection analysis (LOPA));

• reliability assessments (failure mode and effects

analysis (FMEA), failure mode effect and

criticality analysis (FMECA), fault-tree analyses);

• safety audits and second opinions;

• quantitative risk assessments (QRAs); and

• development and sale of safety-related software

tools.

A c c i d e n t I n v e s t i g a t i o n

Typically, an investigation would involve:

• a site visit – photographs and samples taken;

• retrieval of relevant schematics such as plant lay-

out, patent information and documentation

(PI&D) and operational procedures;

• interviews with personnel involved in the

accident (if possible);

• screening of maintenance history;

• preparation of fact-findings report;

• discussion and brainstorming session to identify

possible causes and to define further actions;• more in-depth interviews, analyses and/or

simulation to find evidence for assumptions;

• presentation of the findings to parties involved,

e.g. the board of management and/or

governmental institutions; and

• final reporting.

S a f e t y o f C h e m i c a l

P r o c e s s e s

HazOp

The HazOp method is a qualitative safety assessment

technique. The method entails the investigation of the

effects of deviations from the design intention for a

process facility. This is done by a team of experts in

different areas such as engineering, operations,

maintenance, safety and chemistry. The team is guided

in a structured brainstorming process, by a leader who

provides structure by using a set of guide-words to

examine deviations from normal process conditions at

various key points (nodes) throughout the process. The

guide-words are applied to the relevant processparameters (e.g. flow, temperature, pressure,

composition) in order to identify the causes and

consequences of deviations in these parameters from

their intended values. Finally, the identification of

unintended (or unacceptable) consequences results in

recommendations for improvement of the process.

These may comprise design modifications, procedural

requirements, modifications in documentation, further

investigations, etc.

LOPA

A more quantitative method to assess the safety of

processes is the LOPA. This method is based on the

identification of potential accident scenarios. A

particular scenario will only take place if certain

undesired initiating events (e.g. overpressure,

operator failure) occur and if layers of protection

(independent protection layers (IPL)) fail or are

absent. In LOPA, the following types of IPLs

are defined:

• process design;

•basic process control system (BPCS);

• critical alarms and human interventions;

• safety instrumented functions (SIF);

• safety instrumented systems (SIS) or emergency

shutdown (ESD);

• physical protection (relief devices);

• post-release physical protection (walls, dikes);

• plant emergency response; and

• community emergency response.

These IPLs are tailored to the prevention of scenarios

resulting from undesired process events (e.g. too high

pressure). In order to be able to deal with accidentscenarios that are a result of degradation mechanisms

(corrosion, erosion, fatigue), TNO added an extra

layer of protection immediately after ‘process design’

called ‘integrity’.

Proces s Sa fe ty for the Oi l and Gas Indus t ry

B U S I N E S S B R I E F I N G : E X P L O R A T I O N & P R O D U C T I O N : T H E O I L & G A S R E V I E W 2 0 0 4

1

Technology & Services



A scenario is unleashed once an undesired, initiating

event has occurred (sometimes subject to enabling

conditions). Initiating events and enabling conditions

are assigned a probability of occurrence (in one year).

To prevent a scenario from occurring, only one layer

of protection is required. For a scenario to occur, all

IPLs should fail. In a LOPA all IPLs are assigned a

probability of failure on demand (PFD). Information

from other studies, in particular HazOps, is very

useful during a LOPA.

R e l i a b i l i t y A s s e s s m e n t , F M E ( C ) A a n d

F a u l t - t r e e A n a l y s i s

Reliability of a system or a component is determined

by its design, materials used, environment, operation

and maintenance, and can be expressed in measurable

units by the:

• average lifetime;

• average number of failures per unit of time

(frequency of failures);

• probability that a system, or a part of a system, will

function at a certain time point; and

• availability during a certain time period.

When assessing the reliability of a system, several

steps have to be taken such as:

• system description;

•

investigation of failure possibilities by FMEA or alternative procedure;

• determination of failure probabilities (by means of

event trees and fault trees or Markov modelling);

• analysis of critical items; and

• comparison of results with acceptance criteria.

The most challenging point in the reliability

assessment is the determination of failure

probabilities, especially if there is the possibility that

human error is involved. The approach in general is

to make use of (in order of preference):

• own data as generated by the system itself or

similar systems;

• own data for comparable systems;

• literature data; and

• expert judgement.

FME(C)A

FMEA, or FMECA, is alongside HazOp as one of

the most widely used techniques for screening a

design on possible failures or shortcomings under

practical circumstances. The difference between thetwo techniques is that FMECA is applied mostly on

systems, components or parts with a certain

function, while HazOp is used for processes. The

essence of FMEA is that for a system, or part of it,

the functions are defined. For each function the

possible failure modes are determined and

subsequently categorised on effect and/or

consequence, likelihood of occurrence and the

possibility of observation of the failure. The

magnitude of effect, likelihood and observation

possibility are ranked according to a system with

numbers that may vary from one to five or one to

10. The description of the ranking numbers is

mostly specific for a system. The analysis is carried

out by a team of experts, chaired and assisted by an

independent chairman and scribe respectively. The

result is a set of the so-called reverse polish notation

(RPN)-numbers, which are a multiplication of the

ranking numbers given for effect, likelihood and

observation. RPN-numbers with a value higher

than a pre-determined threshold should result in

actions to improve the design.

F a u l t - t r e e A n a l y s i s

Fault-tree analysis focuses on one particular accident

or main system failure (top event), and provides a

method for determining causes of that event. The

fault tree is a graphical model that displays the

various combinations of equipment failures (minimal

cut sets), dependent failures and human failures that

can result in the top event of interest. Boolean logic

rules are used to determine the minimal cut sets.

Quantification of the minimal cut sets is possible by

various means, e.g. direct estimation of the basicevent probability, kinetic theory, Markov processes

or Monte Carlo simulation. The construction of a

fault tree is carried out by means of standard symbols

such as ‘and gates’, ‘or gates’ and ‘basic events’. A

very large and complicated fault-tree can be analysed

by a dedicated computer program, which in practice

is seldom necessary.

S a f e t y A u d i t s a n d S e c o n d O p i n i o n s

TNO is frequently asked to perform second opinions

and safety audits. Required activities may varyconsiderably, depending on the questions to be

answered, but generally involve application of a

selection of the various ‘safety tools’ available at TNO,

some of which are described below. Again, if required,

expertise from other TNO institutes can be used.

• Second opinion on safety report or accident

prevention policy (document review), sometimes

involving recalculation of safety risks (QRAs).

• Evaluation of work procedures (document study

as well as observations on site).

• Safety assessment of installations (document and

drawings review, qualitative or quantitative

safety studies).


2




Process Sa fe ty for the Oi l and Gas Industry

• Audit of safety management systems (document

review, interviews, questionnaires, observations,

Deming-circle evaluation).

Q u a n t i t a t i v e R i s k A s s e s s m e n t s a n d

S a f e t y - r e l a t e d S o f t w a r e

Industrial pollution control and industrial risk

management are major topics in the environmental

policy of the EU. Recent directives such as the

integrated Pollution Prevention and Control

directive (IPPC 96/61/EC) and Seveso II

(96/82/EC) are important examples of the

implementation of this policy. QRAs are often

important requirements under these regulations.

Typically, results of a QRA are applied to areas like:

•

environmental licences;• land-use planning – where extension of housing or

industry is possible and where it should be avoided;

• prioritising accident scenarios for which

emergency preparedness planning should be

considered; and

• prioritising possibilities for risk reduction.

TNO has developed several software products for this

purpose called EFFECTS, DAMAGE, RISK-

CURVES, FACTS and FRIENDS.

EFFECTS

Directives like Seveso II in the EU and US

Department of Labor Occupational Safety and Health

Administration (OSHA) guidelines in the US require

the assessment of the potential impact of releases of

flammable or toxic substances. TNO has responded

to this need by developing EFFECTS, a program that

comprises up-to-date models for the quantification of

physical behaviour after the release of both flammable

and toxic materials. The danger of a release of

hazardous materials is ever-present in the chemical

and petrochemical industry and in oil and gasproduction installations and chemical product storage.

Predicting the effects of such releases can be of vital

importance to people, companies, authorities and

emergency response organisations. A geographic

information system (GIS) functionality has recently

been implemented in the EFFECTS software.

DAMAGE

When hazardous materials are released into the

environment, they can cause damage to people and

properties. TNO’s software tool DAMAGE predictsthe consequences of these releases. It is developed for

all those who are responsible for safe handling and

storage of dangerous goods. DAMAGE contains

models for heat radiation, explosions and toxic effects.

RISKCURVES

Expanding industrial operations and densely

populated areas, sometimes close to an industrial

site, increases the need for tailor-made risk

assessments and risk evaluations. For more than a

decade RISKCURVES has been, and still is, the

leading software tool to perform complex QRAs.

RISKCURVES contains many features and

options such as individual, societal and transport

risk calculations, analyses of these risks, links to and

from geographical information systems (GIS), risk

contours, report generator etc. Based on the

Yel low and Green Books, RISKCURVES

provides a sound scientific basis to perform QRAs.

FACTS

In the late 1970s, TNO created FACTS, a databasecontaining information about serious industrial

accidents involving hazardous materials which

caused, or could have caused, severe damage and

danger. The information stored in FACTS is

obtained from professional sources, such as

accident reports made by companies, government

agencies or from publications in technical

periodicals and other literature. Of course,

information from a number of sources is

confidential. TNO treats this information with

strict anonymity.

FACTS is the most comprehensive database of its

kind available on the market today. More than

18,000 accidents recorded in FACTS are available

for the purpose of risk analyses, risk and safety

management, damage prevention, emergency

response and training. You can also select accidents

that occurred during activities or processes similar

to those performed in your own company or

organisation. Lessons learned from the past now

help to improve actual safety.

FRIENDS

FRIENDS is a handy mini database on CD-ROM

offering summaries of more than 18,000 industrial

accidents with hazardous materials. The summaries

contain information such as the involved

chemicals, the (type of) location, the activity, the

year of occurrence the number of injuries and

fatalities, etc. FRIENDS contains a powerful

database explorer that optimises the selection

process for accident information by specifying

simple or highly complex search profiles.

The result is that FRIENDS gives a customised

summary of accidents, which is needed for analysis,

training or prevention purposes. FRIENDS is

updated yearly.


3



Re s ea r ch and

Dev e l opmen t

Currently, research and development (R&D) is

focused on:

• improvement of QRA effect models;

• improvement of safety and emergency prepared-

ness in tunnels and underground structures;

• integration of technical and organisational safety

assessments;

• integration of safety with business; and

• assessment of the reliability and the proper

functioning of software in safety instrumented

systems. ■

For further information about TNO, please e-mail:

[email protected]


4


safety and environmental risk assessments of industrial activities

Documents