Updated Technical Safety

SHORT COURSE FOR INDUSTRY
Recent and historical incidents have highlighted the importance of having a

clear understanding of the principles of process safety management
throughout an organisation. This must include staff at all levels from board
members through engineers and other technical staff to plant and shift
managers and supervisors.
This intensive course covers the safety engineering fundamentals and aims
to provide a core understanding for analysing and mitigating process safety
hazards during design and operation of oil and gas facilities.
Learning outcome
Get involved in safety reviews such as HAZOP, HAZID, design and

constructability reviews
Understanding of hazards faced in industry and prevention and

mitigation strategies
Understand the key process safety requirements at each stage in the

life cycle of process plant from conceptual design through to operation,
maintenance and modification
Who will benefit
Managers, Supervisors, Engineers, Safety Personnel, and others

involved in the design
Operators and Maintenance Personnel of major process plant
Graduates and Chemical Engineers interested in developing a career

in Technical Safety
Anyone who would like to develop an understanding of Technical

Safety Engineering
Cost
1500GHC including VAT , discounts of 5% available if company
books more than one person. Course will take place at Royal Nick
Hotel, Tema. http://www.royalnickhotel.com
Dates will be confirmed when numbers are sufficient to hold course.
To take part please send mail to director@sheqfoundation.org
FUNDAMENTALS OF PROCESS SAFETY

( Technical Safety)
Fundamentals of Process Safety Course Outline
Day 1 Morning Session : Introduction To Technical Safety, Legislation,
Past Incidents, Risk Management, & Process Safety Common
Hazards
Afternoon session Hazard Identification focusing on HAZOP, HAZID,
Human Factors, Plant Layout And Equipment Spacing & BOWTIES,
Day 2 Morning Session : Hazard Assessment focusing on Quantitative
Risk Assessment, Layers Of Protection Analysis, Dropped Object
Studies, Consequence Modeling, Ship Impact Studies, Flare Radiation
Modeling, Explosion Modeling
Afternoon session Hazard Mitigation focusing on Fire Protection
(active & passive),F&G Detection , Safety Instruments Systems, ESD,
Hazardous Area classification, Flare, Ignition Control, Drainage,
HVAC, Overpressure Protection, Maintenance SCE Performance
Standards & Emergency Response
Day 3 Morning Session : Inherent Safety Principles, Technical Integrity,
Safety Cases, Management of Change , Process Safety Indicators,
BP , SHELL, TOTAL & WOODSIDE Technical Safety Process
Afternoon session Case Study BP Texas Refinery Explosion
Course Review and Summary
Course Director Mrs Ella Tieku is a seasoned Technical Safety
Engineer with working experience obtained working on projects with
SHELL, WOODSIDE, BP, TULLOW and TOTAL. She has over 12 years
in the Oil & Gas Industry working on various projects including the
SHELL BONGA project, TULLOW Jubilee Project. She is a graduate of
University of Bradford, UK and holds an MEng in Chemical
Engineering and also the NEBOSH General and Oil & Gas Certificate.
She is also the Executive Director of SHEQ Foundation.
EVERYONE IS RESPONSIBLE FOR SAFETY

In the oil industry EVERYONE is responsible for safety
From the lab technician to the cleaner to the managing director
Nobody wants to be involved with a major accident
Nobody wants to see their fellow coworkers injured or killed as a result of their work
Nobody wants to see their jobs or business destroyed
TWO ASPECTS OF SAFETY

There are two aspects of safety
Process Safety
Personal Safety
Process Safety:
Process safety hazards can give rise to major
accidents involving the release of potentially
flammable, reactive, explosive or toxic
materials, the release of energy (such as fires
and explosions), or both. These are events that
have the potential to lead to multiple fatalities
and/or major environmental damage. Process
safety management ensures there are Adequate
Barriers to MAEs.
Personal Safety:
Incidents that have the potential to
injure one person and generally occur
due to individual work habits.
Occupational incidents
slips/trips/falls, struck-by incidents,
physical strains, electrocution.
Generally OHS are avoided by
wearing PPEs & following
procedures.
An effective personal safety

management system DOES NOT
prevent major accidents events!
PROCESS SAFETY VS PERSONAL SAFETY
PROCESS SAFETY VS PERSONAL SAFETY

PROCESS SAFETY
PERSONAL SAFETY
FEYZIN FRANCE, 1966

Draining operation valves freezes
Release from a propane sphere
Ignition source: car engine
Flash fire, jet fire and BLEVE of

adjacent spheres, fireball
18 dead, 81 injured
Minor damage to buildings within 400 m
FLIXBOROUGH, ENGLAND 1974

Accident occurred on June 1, 1974
A vapor cloud explosion destroyed
the Nypro cyclohexane oxidation
plant
28 fatalities
Deficient Management of Change
procedure
MEXICO CITY 1984

Marketing terminal owned by
Pemex
LPG explosion caused by leak
at a marketing terminal pipeline
that was fed from distant source
allowing major VCE.
Numerous BLEVEs.
Over 650 fatalities, most of
which were in the neighboring
communities from shrapnel.
BHOPAL 1984
Pesticide plant owned by Union
Carbide.
Methyl isocyanate release from a
15,000 gallon intermediate product
storage tank following water ingress
to the tank.
Over 2000 immediate casualties;
100,000 injuries.
Significant damage to livestock and
crops.
Long-term health effects difficult to
evaluate.
It is estimated that as of 1994
upwards of 50,000 people remained
partially or totally disabled.
Plant closed.
9
PIPER ALPHA 1988, UK

Operated by Occidental Petroleum
Located in North Sea, generated
almost 10 percent of UK oil revenues
226 people on the structure
Maintenance work being performed
On July 6, 1988, platform burned to
the sea, killing 167 people, including
two attempting rescue
Generated significant regulatory
response, including extensive
requirements for Safety Cases in
the UK
10
PHILIPS , PASADENA, TEXAS 1989

Phillips Petroleum, Petrochemical plant
(ethylene)
A seal blew out on an ethylene loop reactor,
releasing ethylene-isobutane, a compound
used in making plastics.
A massive unconfined vapor cloud explosion
and fire resulted.
23 fatalities, 132 injuries
Deficient contractor safety guidelines (unaware
of the design of the valve on the reactor and
unsupervised as they made live repairs.
As a result a chair was established at Texas
A&M starting the Mary K. OConnor process
safety center.
11
BP TEXAS CITY, 2005

BP Refinery
March 23, 2005
Vapor Cloud Explosion.
15 Fatalities, ~200 injuries.
Overpressure wave broke windows >5
miles.
Included multiple PSM gaps in
mechanical integrity, PSI, design data,
MOC, facility siting, incident
investigation, PHA, auditing, & PSSR
12
BUNCEFIELD 2005
Failure of overfill detection
Spill of 300 tons during 25

minutes
Ignition of cloud at firefighting

pumps
Devastating explosion
43 minor injuries, major
environmental pollution, 630
businesses affected
13
IOC OIL DEPOT, JAIPUR, INDIA ON 29 OCT.2009

The fire broke out when petrol
was being transferred from the
depot to a pipeline and soon got
out of control. A leak in the
pipeline is suspected to have
started the incident.
12+ people died.
150+ injured.
More than 8,000,000 liters
petroleum products burnt.
Environmental impact, beyond
imagination!
14
INCIDENTS THAT DEFINE PROCESS SAFETY
15
PSM REGULATION FROM THE UK AND USA

SEVESO II (COMAH) UK
Process Description
Surrounding Environment
Management System
Policy
Organisation
Processes
Risk Assessment
Permit To Work
Moc
Performance Measurement
Audit & Review
Major Hazard Identification
Major Hazard Risk Assessment
Safety & Environment
Demonstration Of:
Prevention
Control
Mitigation
Emergency Response Plans
Onsite & Offsite
Safety Report
OSHA 1910.119 (USA)
SAFETY CASE (UK)
Employee Participation
Training
Process Hazard Analysis
Mechanical Integrity
Process Safety Information
Operating Procedures
Hot Work Permit
Management Of Change
Pre Start-up Review
Emergency Planning &
Response
Incident Investigation
Contractors
Compliance Audits
Trade Secrets
Platform Description
Reservoir Description
Management System
Policy
Organisation
Processes
Risk Assessment
Permit To Work
Moc
Performance Measurement
Audit & Review
Major Hazard Identification
Major Hazard Risk Assessment
Demonstration Of:
Prevention
Control
Mitigation
Evacuation Rescue & Recovery
Safety Case
Does this look familiar? How do these compare? Differences?

16
OSHA PSM ELEMENTS

OSHA 1910.119 (USA)
Employee Participation
Training - BP Texas Refinery fire
Process Hazard Analysis
Mechanical Integrity -Humber RefineryCatastrophic Failure of
De-Ethanizer Overhead Pipe
Process Safety Information
Operating Procedures - Feyzin LPG Disaster
Hot Work Permit - Piper Alpha
Management Of Change - Flixborough
Pre Start-up Review BP Texas Refinery fire
Emergency Planning & Response Piper Alpha
Incident Investigation
Contractors
Compliance Audits
Trade Secrets
17
PROCESS SAFETY COMMON HAZARDS
Spec breaks at the wrong location

Material of construction not specified for minimum temperatures expected
Not meeting code requirement for area
Wrong piping and fittings
Tanks and Vessels Not Meeting Regulatory Requirements
Sizing Secondary Containment Improperly
Equipment Not Spaced Properly
Forgetting Buried Lines at Production Facilities
Not Installing any measures for Corrosion Control
High temperature weakening, particularly with plastic construction
materials
High stress due to dilatation or bad supporting
Corrosion (uniform, Pitting, Crevice, Stress Cracking, Galvanic)
Equipment Ageing
Erosion of internals due to sand or high velocities of the fluid
18
Runaway reactions
TYPES OF RISK EXPOSURES

R i s k a n d U n c e r t a i n ty i n B u s i n e s s
B u s in e s s R is k s
( M a n a g e m e n t S c ie n c e s )
S o c ia l
C h a n g e s in c o n s u m e r ta s te s
L a b o u r u n re s t
P r o d u c tio n
C h a n g e in u n e x p e c te d c o s t s
R e s tr ic tio n s o n s u p p ly o f r a w m a te r ia l s
M a rk e tin g
L o s s o f m a rk e ts to c o m p e tito r s
E c o n o m ic
In fla tio n
M o n e ta r y a n d fis c a l p o lic y
P u re R is k s
( R is k M a n a g e m e n t )
P e rs o n a l
D e a th
S ic k n e s s
P o litic a l
N a tu r e
W ar
P o litic a l u n r e s t
F lo o d in g
E a r t h q u a k e , . ..
F in a n c ia l
B a d d e b ts
S o c ia l D e v ia tio n s
F ra u d
T h e ft
M a jo r A c c id e n t E v e n ts
B r e a k d o w n o f p la n t
E x p l o s i o n , f i r e , t o x ic e m i s s i o n
M a jo r R is k s
L a c k o f k n o w le d g e
U n e fo r e s e e n s n a g s in n e w p r o c e s s e s
19
RISK MANAGEMENT
Just like in industrial investment, risk management is a
project requiring resources and resulting in a Return of
Investment being the avoidance of loss and the
improved reliability/operability of process units
Risk Management required:
But there are some constraints
To make a safe and reliable plant
Budget limitations
No accidents with damage to people

or assets
Lack of resources
Time constraints
No spills with damage to

environment
Lack of knowledge
No business interruption accidents
Lack of information
20
WHY IS RISK MANAGEMENT REQUIRED ?
Accidents can often be avoided by sound risk

management
Studies have proven that the confidence of the
stakeholders is proportional to their belief in the
companies capability to manage the risks
Ignorance is not tolerated anymore as just
another point of view
Risk management is a legal obligation
For pure economical reasons : managing risk =
managing a profitable and sustainable business
21
WHY DO WE SOMETIMES AVOID RISK MANAGEMENT
Risk Management can be frustrating:

Uncertainty is inherent to risk. Risk Management is management of
uncertainties. Investing in risk management does not guarantee that no
accidents will happen.
If no accidents happen the efforts will be seen as a waste of time and
money. It is only when the accident happens that it becomes obvious
how you could have avoided it.
In particular when you will remain in place for a

short period of time it is attractive to take the risk
and to boost the short term financial profits.
22
RISK MANAGEMENT HIERARCHY
23
HOW RISK IS MANAGED
PRE-EVENT
EMERGENCY RESPONSE
POST-EVENT
MAH
EVENT
CAUSE
SEVERITY
CONSEQUENCE
MUSTER,
EVACUATION & ESCAPE
RESCUE &
RECOVERY
Initiating Events
Gradual Deterioration
Mechanical Failure
Accidental Overload
Extreme Conditions
Human Error
ELIMINATE
PREVENT
Shaping Factors
Release (size, ...)
Ignition (delayed, )
Explosion (strength, )
Energy
Detection Success
DETECT &
CONTROL
Mitigating Factors
Environmental Conditions
Manning
Escalation
Impairment
Human Factors
MITIGATE
Success Factors
Procedural Arrangements
Drills & Training
Lifesaving Equipment
Rescue & Recovery
Arrangements
RESCUE
CRITICAL MEASURES (PEOPLE, PROCESSES & PLANT)
Reducing Effectiveness
24
RISK MANAGEMENT PROCESS SUMMARY

QUANTITATIVE
Risk Management Process

HAZARD IDENTIFICATION
[HAZOP][HAZID][LAYOUT REVIEW] [BOWTIE][ FMEA] [HRA]
HAZARD ASSESSMENT
[[FRA][EETRA][QRA][ALARP][DO][LOPA]
Sources of Information
Legislation & Regulations
International Codes & Standards,
Industry Standards, Company
Standards
HAZARD MITIGATION
[F&G][[IGNCONTROL][AFP][PFP][BLOWDOWN][FLARE]
[DOP]
New/ Major Facilities

Brownfield / Sites
Safety Cases, Hazard Registers, Site
Standards, Procedures, PTW
HSE Bulletins, Toolbox meetings
Task Risk Assessment -Qualitative

Health Risk Assessment
Workgroup Non-Routine Activity

Inspection checklists,
Induction handbooks,
Incident Report feedback,
Job Start meetings
Risk Potential Matrix
Routine Activity by
Individuals and Workgroups
25
QUALITATIVE
END OF MORNING SECTION DAY 1
We Have Looked At Introduction To Technical

Safety, Legislation, Past Incidents, Process Safety
Common Hazards And Concept Of Risk
Management.
26
HAZARD IDENTIFICATION HAZID 1
27
28

SAMPLE HAZID Checklist
Lifting/tugging operations & dropped object or released energy
Marine vessel collision, including 3rd party or loss of stability
Helicopter, crane, vehicle collision
Structural failure (including seismic)
Gas/air pressure release
Process upset, (flow no, more, less, reverse, misrouted; pressure, high / low / surge / vacuum; temperature, high/low; composition, other), startup/shutdown, HP/LP interface
Process/pipeline/well loss of containment
Process start-up/shutdown, maintenance, isolation
H2S/toxic-vapours/asphyxiation
Other loss of containment (including fluids mis-routed & venting)
Ignition/fire/explosion causes, consequences, escalation
Thermal radiation, hot surfaces, extreme cold
Ionising radiation
Electrical
Helicopter transit
Noise
Chemical/Dust exposure
Ground disturbance/collapse
Environmental release/spill/discharge/venting/disposal hazards
Slips, trips, and falls from height
Machinery/rotating equipment/missiles/vibration
Adverse weather
29
HAZARD IDENTIFICATION HAZOP 1

REQUIREMENTS
NODES
HAZOP Team
Process description
PID
Documentation
DEVIATION
Likely
Report
Unlikely
Very unlikely
Extremely
unlikely
Remote
Moderate
RECOMMENDATIONS
Serious
Major
Catastrophic
Disastrous
CAUSES
POTENTIAL
RISK
RESIDUAL
RISK
UNDESIRED
EVENT
EFFECTS
IMPACT
SAFEGUARDS
30

Preparation for HAZOP
process design
chemistry
S o ft w a te r
V e n t
E m e rg e n c y
A V 1
v e n t
1 0 0 %
H S
6 0 0 m m
F T
F A L
F I
P la n t
a ir
s u p p ly
D ry
a ir
A c r y la m id e
S to ra g e
M ixe r
T a n k
T I
L A L
E le c t r ic a l
L SH
h e a te r
A ir
d r ie r
T o
P u m p
p r e p a r a t io n
p la n t
F Q
L T
P a c k a g e
C O
U S T IB L E
L I
P a c k a g e
IN E R T
A V 2
W
T T
T T
T A H
P I
W
F L A M
B L E
a te r
a te r
A V 3
V e n t to
F i lt e r
a tm o s p h e re
C o n tro l
u n it
R A
N G E
N R V
V e n t
S o ft
W
T o
U F L
a te r
d r a in
S e a l
p o t
A d d it iv e
L F L
0
%
1 0 0 %
%
A c r y la m id e
D e liv e r y
H o s e
T ru c k
O X ID A N T
substance properties
equipment design
operating procedures
31
a te r
A ir

The team investigates process parameters deviations
32

SOME TYPICAL CAUSES IDENTIFIED DURING
HAZOPS
HIGH TEMPERATURE due to
Control failure
Cooling failure
External fire
LOW TEMPERATURE due to

External temperature (icing, plugging)
Sudden depressurisation of liquefied gases
HIGH LEVEL and OVERFLOW due to

Control failure
Outlet isolated or blocked
OVERPRESSURE due to
Control failure
Cooling failure (distillation condenser)
Overheating (external fire, ambient temperature, )
Vent plugging (polymers, crystallisation,)
Badly designed collecting network (back pressure)
Badly designed pressure limitation devices
Connection of vessels at different pressure
PRESSURE LOWERING UNDER VACUUM due to

Vent plugging
Under cooling (ambient temperature, strong
rain)
Distillation column boiler failure
Watering by fire fighting
MECHANICAL RISKS due to
Low temperature weakening of not resilient
construction materials
High temperature weakening, particularly
with plastic construction materials
High stress due to dilatation or bad
supporting
Cavitation
Water hammer
Vibration
33
HAZARD IDENTIFICATION BOWTIES 1
Bow-tie diagrams to visualise major scenario, barriers and SCEs
34
HAZARD IDENTIFICATION BOWTIES 2
Barrier
Recovery
Measure
Barrier
Mechanical
Failure
Barrier
Barrier
Helicopter
crash
Barrier
Pilot Error
Helideck
Consequence 1
Fire
Helicopter Operations
Contaminated
Fuel
Barrier
BARRIERS:
Prevent MAE from
occurring
Recovery
Measure
Recovery
Measure
Recovery
Measure
Recovery
Measure
Recovery
Measure
Injury
Consequence 1
Fatality
Major equipment
Structural1
Consequence
Damage
RECOVERY MEASURES:
Prevent or reduce the
consequence of MAE
INHERENT DESIGN FEATURES + SAFETY CRITICAL ELEMENTS

35
(Layout, Structural Integrity)
(Procedures, Equipment, Tasks)
HAZARD IDENTIFICATION LAYOUT 1

The objectives of layout design are:
Segregation of different risks;
To permit access for firefighting and emergency services;
To minimize involvement of adjacent facilities in a fire and hence prevent further equipment failures;
To ensure that critical emergency facilities are not subjected to fire damage;
To minimize vulnerable pipework;
To limit exposure;
To ensure safe control room design;
To ensure security.
The following topics should be considered in early plot layout:
Location of process areas and storage areas
Location of people and minimization of potential exposure
Site roads and traffic
Congestion (e.g. overlapping hazard zones, difficult access, possible confinement of vapour release, etc.);
TLocation of control rooms, offices and other permanent and temporary buildings;
Drainage and containment, Effluents, sewers
Fire fighting including fire breaks in process areas and access for fire fighting
Emergency
Security
36

Layout Review Brownfield Projects
Considering layout and escape routes, access to Equipment,

also ensuring the hazardous area zoning of the platform is not
compromised
37

Hazard Identification - Layout Review Greenfield Projects
For Greenfield projects layout is a bit easier as you are
starting with a clean sheet.
Layout must prevent fires and explosions in areas with
hydrocarbons (process area, risers etc) escalating to less
hazardous and safe areas
Create a safety gradient on the topsides layout from
safe areas (accommodation) through to areas with
maximum hydrocarbon risk by distance
As much as possible (large) liquid hydrocarbon containing
vessels should be located at lower elevations, HP gas
equipment at upper levels.
Reduce the probability of flammable gas build-up and the
increased likelihood of an explosion
Prevent escalation of fires and explosions
38
HAZARD IDENTIFICATION HUMAN FACTORS

Need to consider the guys who are going to
maintain and operate equipment etc
Work Environment
Organizational Structure
(lighting, noise, chemical exposures, climate)(job design, communication, task)
Individual Constraints
(age, size, training, skills, intelligence)
Sensory Information
Action
Human
TASK
Controls
Displays
Output
Input
Machine
39
HAZARD IDENTIFICATION EXAMPLE 1

Design Flaw
(construction material)
Hazards and their causes

Scenario 1
Low temperature
(brittle fraction)
Scenario 2
External loads
(heat radiation, blast,)
Scenario 3
Wrong manipulation
(operator error)
Scenario 4
Fatigue
Scenario 5
LPG
Leak
Mechanical failure
(valve, gasket, flange,..)
Scenario 6
Scenario 7
Overpressure
Scenario 8
Overfilling
Corrosion
40
External impact
(missiles, collision,)
Scenario 9
Scenario 10
Undesired
event : major
leak
HAZARD IDENTIFICATION EXAMPLE 2
HAZOP Accident scenario :
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.2 = 7.28 10-8/yr

Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.5 = 1.82 10-7/yr
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 1 = 3.64 10-7/yr

Probability of fatality
Medium Leak (35 mm)

= 5.2 x 10-5/yr
Probability of Wind
Direction
= 0.07
Probability of Ignition
= 0.1
0.5
Leak
Deviation :
other than
water
Cause : error
during41
water
drain operation
Undesired
event : 10 kg/s
LPG to
atmosphere
Effects : LPG cloud with

distance to LFL = 200 m,
risk of flash fire
Impact : fatal injuries

to people outside
within 200 m radius
0.2
END OF SESSION DAY 1
VIDEO animations of these two incidents

PIPER ALPHA & FEZIN
Relief valves and rupture disks are part of an emergency pressure relief system. Its design
must not only prevent equipment overpressure, it must also make certain that material
discharged does not lead to personnel injury. The system needs to ensure that there is no
fire, explosion, or toxic material exposure hazard from the material released through a
relief valve or rupture disk.
Plant modifications include new platforms, vessels, piping and a variety of other additions.
Potential exposure to effluent from existing and new pressure relief devices must be
included in your management of change process.
Drain, vent and sample valves from equipment or piping as well as vessel overflows can
have similar hazards. Any material which could be released from process equipment,
including pressure relief valves or rupture disks, must discharge to a safe location.
Any open pipe has the potential for an unexpected discharge. The release could occur for
a variety of reasons and will often be a surprise Use extra caution when working around
them expect the unexpected !
42
HAZARD ASSESSMENT CONSEQUENCE ANAL. 1

CONSEQUENCE ANALYSIS
RELEASE (Discharge)
gas
liquid or two-phase
DISPERSION (H2S, SO2, CO2, ...)
gas, pool vaporisation
liquid or two-phase (droplets, aerosol)
FIRE
gas (Jet Fire)
liquid or two-phase (Jet Fire, Pool Fire, BLEVE)
EXPLOSION (Vapour Cloud Explosion)
Gas
liquid or two-phase (aerosol)
43
44

Modeling - How do we do it?
Identify Isolatable Inventories
size / volume hydrocarbon
composition
Assume hole size and use design
condition to calculate leak rate and
subsequent fire sizes based on ign
prb.
Types of fires scenarios
Jet ignited releases of high
pressure gas streams
Spray ignited releases of 2
phase or liquid streams
Flash / Vapour Cloud Explosion
(VCE) delayed ignition of a gas
cloud
Pool / Sea Surface ignited
releases of low pressure streams
accumulated on plated deck
45

PARAMETERS
Vessel Pressure (P)
Vessel Temperature (T)
Composition (MW)
Hole size
Liquid release rate (pool fires)
RESULTS
Release rate (kg/s)
Release velocity (m/s)
T after expansion
Flash (liquid fraction)
Droplet diameter (mm)
WEATHER PARAMETERS
Ambient Temperature: Ta
Humidity: H
Wind speed: VW
Roughness (surface nature: sea, flat land, open countryside,
urban area,... ): Z
Atmosphere Stability: Pasquill's classification
46

DISPERSION
Used to ensure no gases or exhaust fumes or smoke can reach
the helideck or crane cab, HVAC for switch rooms and
accommodation during normal operations
Based on isolatable inventories utilised for fire modelling
What happens if the flare ignition fails, can the gas reach the
accommodation block before shutdown of the HVAC
The use of wind rose to determine predominant wind direction
47

FIRES ( JET AND POOL)
Effects
Heat released - thermal effects
Products of combustion - toxic release
Consequence
exposition effect = consequence
Effects of fires will depend on

Liquid properties
Flammability characteristics (LFL)
Thermodynamics properties
(heat of combustion, latent heat of vaporisation)
quantity of liquid or gas
Atmospheric condition i.e. Wind, Relative, humidity etc
48

25mm Release at Time t = 0
SHELL FRED v 4.0

Consequence modelling software
Hole of 2mm, 10mm, 25mm and 50mm in diameter
Flame sizes, extent of isopleths of interest (37.5 kw/m2, 12
kW/m2 or 6.3 kW/m2)
25mm Release at Time t = 2 min
25mm Release at Time t = 10 min
49

EXPLOSION
An explosion is a rapid combustion of a mixture
of flammable gas or vapour with a suitable
supporter of combustion, most commonly air.
Explosion modeling
Explosion overpressures
Blast loading
Blast and structural interaction
Structural vulnerability assessment
When new equipment and pipework is added to the
platform it has to be designed for blast, sometime
the new equipment will increase explosion
overpressures as it blocks explosion vents, all
these need to be checked.
50
HAZARD ASSESSMENT - CONSEQUENCE ANAL. 9

Overpressure
Level (mbar)
70
150
200
300
500
Within cloud
Damage
Roof of cone-roof tank collapsed
Damage to above-ground telephone and public address systems
Piping, instruments and cables hit by debris, causing limited damage
Instrument windows and gauges broken
Breakage of gauge glasses
Extensive minor damage due to debris
Some fire heaters moved and pipes broken
Exposed pipework and fire hydrants damaged
Missile damageInstrument and power lines severed
Failure of hold-down on half-full conventional storage tank
Cooling tower badly damaged
Failure of hold-down bolts on most storage tanks
Collapse of steel stacks
Fire heaters overturned
Pipework by movement of large or distortion of pipe supports
Substations severely damaged
All above ground wrecked
Transformer power lines severed
Some columns overturned or destroyed
Failure of bracing on spheres
Reactors, horizontal vessels and exchangers overturned
Loss of power to motors
USACE CDL
Superficial Damage
Moderate Damage
Heavy Damage
Hazardous Failure
Blowout
Description of Component Damage

Component has no visible permanent damage
Component has some permanent deflection. It
is generally repairable, if necessary, although
replacement may be more economical and
aesthetic
Component has not failed, but it has significant
permanent deflections causing it to be
unrepairable
Component has failed, and debris velocities
range from insignificant to very significant
Component is overwhelmed by the blast load
causing debris with significant velocities
51
HAZARD ASSESSMENT - CONSEQUENCE ANAL. 10

240 mbarg
100 mbarg
Impact of blast
overpressure on
reinforced concrete
frame building
300 mbarg
52

How this Information is used
Layout reviews
Equipment - provide separation and
segregation
Escape ways
Fire Protection Philosophy and Study
Fire zones
BOD Sheets
Use of AFP and PFP
Used in QRA model
Potential target of fires

People
Material, structures
Environment (residue of combustion)
Fire size and duration - potential to cause escalation

structural failure
equipment failure / BLEVE
impairment of escape routes
fatalities
53

SUMMARY OF CONSEQUENCE ANALYSIS OUTCOMES
54
HAZARD ASSESSMENT FLARE RADIATION 1

Flare height determines the radiation levels on the
platform and this has to be considered in the design.
Minimise atmospheric emissions.
Dispersion of hydrocarbon and toxic gases from an
unignited flare.
The impact of heat radiation on equipment and
personnel.
The potential for liquid carry-over to the flare.
Integrity of the flare system seal/purge arrangements.
Also consider crane driver in the crane cab offshore
When new equipment is placed offshore you have to
consider the effect of the flare on new equipment.
55
HAZARD ASSESSMENT FLARE RADIATION 2

A flaring event is normally unplanned and likely to happen during a process upset. Heat
radiation on various parts of the platform have to be calculated for the worst case flow rate
to ensure that personnel will be expose to high temperatures and result in injuries.
56
HAZARD ASSESSMENT SHIP IMPACT STUDY

Offshore platforms are located around
shipping lanes and therefore in designing the
platforms/ FPSO you ought to consider what
will happen if it is impacted by a ship.
You cant design for every scenario, but you
can determine which member can result in
total collapse of platform and perhaps
strengthen them for anticipated loads .
You can also provide ship impact protection
for the platform legs. Risers should also be
protected ideally you don't want to offload
cargo where the risers are.
57
HAZARD ASSESSMENT - LOPA

LOPA( Layers of Protection Analysis) is a tool to determine the SIL (Safety Integrity Level) of
a SIF( Safety Instrumented Function) and evaluates the other protection layers individually by
looking at the risk mitigation they lead to. Any layer of protection could be small, or
significant, but overall the total risk reduction strategy should deliver an acceptable risk.
Independent Protection Layers are often depicted as an onion skin.
Each layer is independent in terms of operation.
The failure of one layer does not affect the next.
Designed to prevent the hazardous event, or mitigate the consequences of the event.
58
HAZARD ASSESSMENT SIS 1

What is a Safety Instrumented System (SIS) &
Safety Instrumented Function (SIF) ?
Process
A SIS have several Safety Instrumented Functions to

mitigate several process hazards.
SIF is a Safety Instrumented Function with a specified
Safety Integrity Level which is necessary to achieve
functional safety.
SIF is a function to be implemented by a SIS which is
intended to automatically achieve or maintain a safe
state for the process with respect to a specific
hazardous event. (IEC61511 ISA SP 84.01)
SIF
Process
Output
Input
SIS
Program
Safety
valves
Transmitters
Sensors
SV
Logic solver
Final
Elements
Typical applications for SIS

ESD - Emergency Shut Down System
HIPPS - High Integrity Pressure Protection System
WHCP - Well Head Control Panel
SIS
Logic
Solver
Sensors
Final elements
59

SIF Safety Instrumented Function , its the
individual loops that make up your SIS
including any hardware software and final
control element .
Traditional names:
Emergency Shutdown System
Critical Control Systems
Protective Instrumented Systems
Equipment Protection Systems
Safety Critical Systems
Interlocks
Do I need a SIS , maybe , maybe not?
60

M
I
T
I
G
A
T
I
O
N
P
R
E
V
E
N
T
I
O
N
Plant and
Emergency
Response
Emergency Response Layer
Blast wall
Dike
Fireproof
Passive Protection Layer
Relief valve,
Rupture disk
Active Protection Layer

Emergency Shut Down
SIS
Safety layer
Trip Level Alarm
Process Shutdown
Operator
Intervention
Process alarm
Basic
Process
Control
System
Process
value
Inherently Safer
Design
Normal behaviour
Process Control Layer
Process Design Layer

61
HAZARD ASSESSMENT DROPPED OBJECT
Items can be dropped on people , process

and subsea pipelines
Dropped object protection can be
recommended if the likelihood of dropping
on equipment is high but following ISD
principles the crane should not lift over lift
equipment and pipelines.
62
HAZARD ASSESSMENT - ESCAPE AND RESCUE

Need to know how to escape in an
Emergency, where to go,
Whose in charge etc.
How long to get to muster point
63
HAZARD ASSESSMENT QRA1

Sometimes We Have To Quantify The Risk , Using Past Equipment Failure And Leaks To Give Us
Likelihoods And Probabilities Of Failure. Lots Of Assumptions Are Used And They Have To Be Reasonable
R
equired
Input
Data
For
a
TRA
Study
Assumptions.
Process Design &Equipment
Lay Out Data &
Manning Data
& Structural
Plot Data
Meteo Data
Operating Procedures
Compositions
Operating
Conditions
Substance
Properties
Ignition Data
Lifting Data
Trafic Transport data
Leak Frequency
Data & Reliability
Data
64
HAZARD ASSESSMENT QRA 2

Equipment leak Frequency &
Hole Size Distribution
Evacuation-Rescue.xls
Evacuation & Rescue
Event Trees
Cargo.xls
Cargo Offload
Release rate & Fire
Modelling
Evacuation &
Rescue Fatality
Probabilities
Parts Count.xls
Parts Count
Leak Frequency &
Hole Size
Distribution Data
Leak
Frequency
per Event
Ship Collision.xls
Ship Collision Risk
Assessment
Process Events.xls
Total PLL for each
event
Fire Modelling
Event Trees
Run Button and raw
results
Ship Collision
Area Risks
Cargo Fire
Area Risks
Process Event
Area Risks
Enfield
Results.xls
Area and Event
Risks for all worker
groups.
IRPAs
PLL
Area and Event Risks
Manning
Distribution
for each
worker group
Manning Distribution.xls
Distribution of each worker
group
Worker Group
Manning
Levels and
Exposure
Others.xls
Cargo Tank Fire
Engine Room Fire
Structural Integrity /
Stability
Occupational
Pilot Transfer
Helicopter Transport
FRC Operations
65
Event Tree Analysis Example

The probability of occurrence of the
consequences for a given process accident
scenario (starting from the undesired event)
can be derived using a Event Tree Analysis
approach .Documents the sequence of events
66
D W
V E R G
K A T O E N
U N D
N A T I E P R
O JE C T
N IE U
W E C
R E S S O R S
P T U
N IE
U W E C
O M P
R E S S O R
P TU
O JE C
P R
2 T
P L AT F O R M O P
3 T
G F - 6 5 0 3A
G F - 6 5 0 3B
C -6 0 0 1 A
B E S T A A
N D
O P V A N G I N S T A L L A T IE
P C - 60 0 1 B
B E S
P P 9 0 3A
M F 9 05
R E C Y C LE A & B
P C 6 00 1C
M S9 41
M S 9 11
M S 9 10
O P SL AG &
O P S LA G
E LE K T R IS C H
O N D E R H O U D
O N D E R S T A T IO N 2
T R A N S FO R M A T O R E N
A D M IN I S T R A T I E F G E B O U W
K A T A LIS A T O R
L A B O R A T O R IU M
A C T IV E R IN G
Z . 20 0.00 0
M EN G T A N KS
214600
AA R DE W E G
O .7 4 5 .9 0 0
O .6 5 2 .6 0 0
B A AN
B A AN 1 5
O U D E O O S T E R W E E LS E S T E E N W E G (=V R O E G E R E G E M E E N T E W E G )
B U R E L E N C O N S T R U C T IE
L O SP LA AT S V O O R V R AC H T W AG E N S
T T 21 8
M S1 8 5
AS2 03
T T 14 3
AS1 0 8
M S1 19 3
T T 1 19 3
A S1 03
A S1 02
V E R Z A M E L P LA A TS
A FV AL S T O F FEN
O .5 8 8 .0 0 0
PP1 63 A &B
P P 16 4
18 m x 32 m
B AAN 1 4
M S 1 10 1
M S 1 19 2
HO O F D
P P 2 28 A & B
Z .1 4 7 .7 5 0
B A A N 2B
Z .1 3 4 . 7 5 0
B AA N 2
B AA N 2
Z .1 4 7 .7 5 0
Z .1 4 7 .7 5 0
O PS L AG P LA A TS
H U LP S T O F F E N
P C 98 0 A
HF
9 02 B
H F
90 2A
PC 98 2A
M F 14 2D
M F 2 4 2G
M F 2 42 H
M F1 42 E
R E A KT O R G E B O U W
M F1 4 2F
M F 24 2K
M F 91 4
M F 14 2C
M F 14 2B
M F1 4 2A
M S 1 12 5 A ,B O F C
BA AN 1 3
O N DE R S T A T. R 8
O .38 8.00 0
P C 98 2B
E LE K T R IS C H
O N D E R S T A T IO N R 2 .
Z U IV E R IN G R E A K T O R T O P P R O D U K T
M S 9 01
M S 1 72
M S 2 6 5
M S 1 73
M S 2 6 6
A S 1 13 1
G F 1 10 5
O .6 5 2 .6 0 0
M S 11 10
M S 9 08
T R A N S F O 'S
A FV AL S T O F FEN
S TE L C O N D A L S
(S T E L L I N G M A T E R IA A L )
18 m x32 m
Potential Loss of life PLL
18 m x 24 m
B AAN 1 5
G E BO U W
Z U U R D O S E R IN G
P C 98 0B
O N D E R S T A T IO N R 2
G Z1 24 2
M S 1 2 42
BA AN 12
P R O D U KT
T R A N S F O T R 9 + O N D E R S T A T IO N R 0 9
O PS L A G TA N KS
P R O D U C T AF V A L
(2x 2 4, 5m 3 )
T R A N S F O 'S T R 2 A & B
A FV AL S T O F FEN
18 m x 24 m
M S 11 26 A /B
AF V AL W A TE R
M E E T S T A T AI OF NV A L W O A NT DE ER R H O U D S G E B O U W
M E E T S T A T IO N
B A A N 1
6 m
M A G A Z IJ N ( B O O G L O O D S )
M F -9 0 6 A
6 m
B A A N 2
STO O M KE TE L S
E .3 5 0 . 0 0 0
M S 6 03
K
& O P L O S M ID D E L
P P 90 5A B C
Z .1 7 0 . 0 5 0
Z . 1 7 3 .3 0 0
ET H YL E EN
Z U IV E R I N G V A N M O N O M E E R
P P 9 68
M S 1 24 0
M E ET S TA TIO N
B U L K S T A T IO N 3
K O N T R O L EG EBO U W
S O L V E N T H E R W IN N IN G
G Z 12 41
V O E D IN G S K A B E L S 3 6 k V E L E C T R A B E L
E S 1 01
O .4 9 0 .0 0 0
G E BO UW
E X T R A K T IE
M S1 21 0
0 .4 2 0 .5 0 0
M S 12 46
M S1 19 0
P P 96 0
M F 90 6B
P D 93 2
M S 94 6
A S1 04
A S2 01
M S9 40
E LE K T R IS C H
O N D E R S T A T IO N R 1
O .5 8 8 .0 0 0
M S6 32
M S 9 03
W A T ER TA NK
V R IJE H O O G T E : 4 3 00
B AA N 1
Z .1 7 3 . 3 0 0
M A G A Z IJ N ( B O O G L O O D S )
Z .1 0 3 .7 5 0
M F -11 00
T A 1 19 2
BA AN 1 4
V E R Z AM E LPU T
B A AN 1
M S 6 0 1 N /P
B AAN 1
A AN N E M E RS P A R K
M F 14 0
M F 1 27
B AA N 3
P D 16 2A &B
M S1 37
S I L O 'S M S 6 3 0 M S 6 3 1
M S 5 00 6 A /B
K O N T R O LE G E BO U W
B AAN 1 0
A
E S 10 0
M S 95 0
P C 6 0 1 F /J
M S 6 0 2 R /Y
Z . 6 2 .6 0 0
M F 12 2B
Z . 1 0 3 .7 5 0
M S1 13 1
M S 5 0 0 1 A /D
E L E K T R IS C H
O N D E R S T A T IO N 1
M S6 1 3
M F14 1 B
M S 11 30
TR A N FO R M AT O R E N
M S 6 18
M S 1 11
M S1 1 0
BA AN 13
M F 5 0 1 E /F
P C 9 0 1 A -B
A
M S 9 51
A C T IV E R I N G
B A AN 4
M F1 22 A
M F14 1 A
M S 1 01
B AA N 3
M S 1 50
O . 4 9 0 .0 0 0
M A ST ER B AT C H
K O N T R O LE G E B O U W
G S 51 4 H
KO ELTO R EN S
HF 1 2 40
M F 5 0 1 A /D
K A T A L IS A T O R
S O C IA A L
G E B O U W
100m
M S 92 1
M F 12 9
Z .1 0 3 .7 5 0
B AA N
H YD R A N T
H Y D R A N T
G S 5 1 4 G
E XT R U D E R G E B O U W 2
50m
P R O P IO N Z U U R -O P S LA G T A N K
M S 1 19
G T 9 01
O .3 8 8 .0 0 0
G T 92 0
B AA N 1 2
P R O D U KT O P S LA G
D
G T 93 0
HF 9 0 1A
M S9 02
T R A N S F O 'S
H F 9 0 1B
M S 60 07
P R O DU K T O P SL A G
C
B AA N 3
T R A N S F O 'S
P C 5 05 H
P C 5 05 I
D
T T 50 2F
LO S P LA A T S V O O R V RA C H T W A G E N S
M S 10 5
M F 9 06 C
M S 9 36
P C 5 03 J
M S 6 00 3
P C 50 6
M S 6 07
C
H E R W I N N IN G
P C 5 03 I
BAA N 1 0
M S9 47
P C 6 01 L
P C 6 21 C
+ N IE U W E E X T R U D E R " H "
P C 6 21 B
K
0
P C 6 01 K
F P 9 01 B
B A A N 3 Z. 1 0 3 .7 5 0
LO S P LA A T S V O O R V R A C H T W A G E N S
N IE U W E X T R U D E R G E B O U W
P C 6 21 A
A
B
LO SP L AAT S VO O R V R AC H T W AG EN S
BAA N 1 9
0 .9 7 .0 0 0
M S41 0
M R 4 0 4 A /B
M R 40 0 3
M S 60 1Q
B 5 01
G EK L EU R D PR O DU KT
M S 4 07
0 .1 6 7 .0 0 0
R EA C T O R EN
R E A CTO R D
L
E E N H E ID
AF V A L W A TE R
0m
TO EVO ER
H YD R A N T
M F 50 1
M
RU B B ER
LU C H T & K O E L-
M F 11 2 B
B A A N 13 B
IN S T A L L A T IE
A
M S 4 20
F I L T E R IN S T A L L A T I E ( 5 + 1 R E S .)
PO E D E R O P S LA G
P A R K
A N T I-O X Y D A N T
S E AK T PI EC 4 0 53 B
E X T R U D E R G EB O U W 1
BAA N 1 8
0 .4 0 . 0 0 0
B AA N 17
W .2 0 .0 0 0
W .7 . 4 0 0
B AAN 16
M S 60 3
D
P C 4 05
S .10 8.50 0
0 . 2 8 0 .0 0 0
P C 50 7
L
P P 9 03 B
F P 9 01 A
PU T
P C4 00 4
M S 92 0
K A T O E N N A T IE P R O J E C T
P R O D U K T O P S LA G
EN M EN G E R S
H YD R A N T
M S
4 1 0E
P C 50 1
TR AN SF O R M A TO RE N
TR AN S F O "F"
P T U 2 P R O JE C T (C O M P R E S S O R E N )
T A A N D
M S 60 2
M F 91 2
M R 40 4E
V E R P A K K IN G
B E Z IN K V IJ V E R
O N D E RS T. P8
EL .3 2 5 0
3 T
BE ST A AND E
P I J P EN B RU G
( E L .8 45 0 )
O ND E R H O U D
3 T
O M P
P R O J E C
M S 60 1
R EA CT O R E
LE K O LIE
2 T
4 T
3 T
BEST AAN DE ST A AL CO NST RU CT I E
M F1 12 A
O P S L AG P L AA T S
T A LK
D O S E R ING
M E N G IN G
4 m
R E E D S
O R Y
R 4
M S1 60
P R E S S
E N M E N G ER S
M S 41 9
H YD R A N T
(R E E D S V E R G U N D )
M S 92 5
C O M
T T - 6 5 0 3
F -6 5 0 3 C
P C - 6 01
P R O D U K T O P S LA G
M S 61 4
M S 41 9
M S 4 07 B
R E AC TO R C
M R 4 0 4
C
O N D E R S T A T IO N
M S 5 03
W .1 0 .0 0 0
A
M S6 0 9
P C 10 03
M S6 50 2
TR AN S FO T R 1 4
R E C IR C U L A T IE
P C 10 02 B
R E C IR C U L A T IE
214700
BA AN 1 0
M S6 50 1
)
O .5 8 8 .0 0 0
O O G )
M S - 6 50 2 ( L A A G
80 00
P A R K IN G C O N S T R U C T I E
M F 12 1 B
6 m
B AAN 14
M S6 50 3
O O G )
M S - 6 50 4 ( L A A G
AF D A K
M S - 6 50 3 ( H
O PSL A G P L.
R U B B E R S N IJ M A C H IN E
S -6 0 1 W
M S - 6 0 1 V
B AA N 1 3B
M A G A Z IJ N
M F1 21 A
Overpressure contours
W A A K V LA M
A F W E R K IN G S G E B O U W
S- 6 0 1 U
M S - 6 0 1 T
A F W E R K IN G S G E B O U W
E .4 4 3 7 4 5
E E N H E ID
0 1R
M S - 6 0 1S
O .3 5 1 .0 0 0
M S -6
LU C H T
M S 6 01
B -7 3
AA N N EM ER S
M S 6 20
B -7 2
AW W
M S 91 1
M S - 6 50 1 ( H
P R O D U K T M A G A Z IJN
M A G A Z IJ N
H Y D R A N T (M O E T V E R P LA A TS T W O R D E N )
M S 6 0 3 M /N
M S6 50 4
B
C
B AA N 1 1
M F 6 0 3 A /F
E
A
M S 3 10
M S 9 16
PC 60 3
B A A N 4 Z . 5 0 .0 0 0
0.28 0.00 0
P R O DU KT O P S LAG
M S 10 1
P C 1 00 1
P R O D U K T
M A G A ZI JN 1
CO M PR ES S O R EN
M S 6 13
M S 1 03 B
Z . 5 0 .0 0 0
P C 1 00 2A
Z .4 . 5 0 0
G Z 1 2 39
P R O D U KT
M A G A Z IJ N 2
P A R K ING
A W W
G Y 65 4
M F 10 2
B E Z I N K V IJ V E R
M S 1 01 B
W ATE R K A N O N HY D R AN T
B A AN 4
P R O D U K T M A G A Z IJ N 2
LU C H T & KO EL -
PU T
B
AA R DG AS
M S6 0 7
M S 6 0 7
P R O D U K T M A G A Z IJ N 1
M S 12 04
LA A D S T A T IE
BA A N 13
B U LK LA A D S T A T IO N 2
O PV AN G P U T B LU S W A TER
A
M S 1 20 5
P A R K E E R -E N LA A D P L A A T S
B A A N 5 B ZA . A4 . N5 0 5 0
VO O R V RA C H T W A G E N S
H Y D R AN T
M S 9 13
M S 42 4
K A S S E IS T E N E N
G E B O U W V E R B IN D I N G S G R U G T U S S E N F C A E N K T N
M S 6 13 J
S PO O R W E G
80 00
K A S T E L W E G (= G E M E E N T E W E G )
1 40 m m
K A S S E IS T E N E N
M S 61 4C
M S 6 04
B U L K LA A D S T A T IO N 1
R E G E N W A TE R
G Y 90 2
H YD RA N T
A W W % % c30 0m m ST A DS W A T E R
W A TE R K AN O N H Y D R A N T
TO O R T S
A AR D G A S
A W W % % c30 0m m S T AD S W AT ER
K A S T E L W E G (=G E M E E N T E W E G )
214800
80 00
QRA RESULTS
QRA : (Quantitative Risk Assessment)
LSIR CONTOURS ON LAY-OUT MAPS
IRPA TABLES ASSOCIATED WITH EXPOSED WORKERS CATEGORIES
AND PUBLIC
PLL TABLES
S T A A N P L A A T S C IT E R N E
Z .1 9 6 .5 0 0
B A AN 1
Z .1 9 6 . 5 0 0
B A A N 1
Z . 1 9 6 .5 0 0
B AA N 1
Z .1 9 6 .5 0 0
A D M IN IS T R A T IE F G E B O U W
P A R K IN G
R E FT ER & BU R E LE N
S O C IA A L
G E B O U W
ETH YL E E N
A F S L U IT V A L V E N
L A B O R A T O R IU M
P O R T IE R S
P A R K IN G
LO G E
P A R K ING
P A R K ING
V O E D IN G S K A B E L S 3 6 k V E L E C T R A B E L
P A R K IN G
R 5 0m
O . 8 5 0 .0 0 0
O . 8 0 0 .0 0 0
O . 7 5 0 .0 0 0
O . 7 0 0 .0 0 0
O . 6 5 0 .0 0 0
R 5 0m
O . 6 0 0 .0 0 0
O . 5 5 0 .0 0 0
O . 5 0 0 .0 0 0
O . 4 5 0 .0 0 0
O . 4 0 0 .0 0 0
O . 3 5 0 .0 0 0
O O . . 330 000. 0. 0 0000
NA AR S C HE L D E % % c2 0"
G E C O N T R O L E E R DE L O Z IN G
O . 2 7 3 .0 0 0
O . 2 5 0 .0 0 0
O . 2 0 0 .0 0 0
O . 1 5 0 .0 0 0
O . 1 0 0 .0 0 0
O . 05 0.0 00
S E K T IE 4
00 0.00 0
O . 05 0.0 00
S E K T IE 1
SC HELD E
150100
150200
150300
150400
150500
150600
150700
150800
150900
151000
Individual Risk contours
1
0
-5
1
0
-6
67
END OF MORNING SESSION DAY 2

We have looked at Hazard Assessment focusing on quantitative risk
assessment, layers of protection analysis, dropped object studies,
consequence modeling, ship impact studies, escape and rescue and
Flare radiation modeling
68
HAZARD MITIGATION FIRE & GAS DETECTION 1

Fire and gas detection is required to Safeguard Life and Property.
Provide Early Warning of Hazardous Conditions.
Provide Opportunity for Evacuation and Notification from Re-entry
Provide Time for Intervention and Correction.
Trigger Facility Protection Systems i.e. Ventilation, Water Mist, Fire Suppression
69

Provide rapid and reliable indication of the occurrence of a hazardous event involving fire and/or
loss of containment of flammable or toxic inventories to :
Emergency Shutdown (ESD 1) of affected Fire Zone ( on confirmed gas detection or fire
detection )
Initiate Alarms
Trigger emergency isolation and depressurisation of hydrocarbon inventories
Initiate fire water deluge system (fire, sometimes toxic or flammable gas)
Initiate CO2 or INERGEN or FMC 200 fixed fire extinguishing systems
Trip power generation and electrical equipment
Increase ventilation in enclosures
Close dampers in HVAC air intakes
70

Types of detectors
Smoke Detectors (Optical/ Ionisation)
Heat Detectors ( FT/ RoR)
Flame Detectors (UV/ UVIR/ IR/IR2/IR3)
Hydrocarbon Gas Leak Detectors ( Line of sight , ultrasonic)
Toxic Gas Detectors
Open Path Gas leak Detectors
VESDA
The use of fire and gas mapping to ensure coverage is adequate
71

For gas detectors - sensors should be placed as close as possible to potential
leak sources.
Seals and flanges, fittings and welds
Expansion joints and gaskets
Engine combustion
Storage, loading and unloading areas
Runoff areas
For flame detectors -there are various types and the type of detector determines the
position
72
HAZARD MITIGATION FIRE PROTECTION 1

Active fire protection objectives are achieved
by reduction of the fire effects through:
cooling of the hydrocarbon equipment
shielding against radiation
fire suppression
Active fire protection is activated:
By Fire and Gas detection logic
(automatically)
manually (local and remote)
Active fire protection ( fire pumps,
ringmain, deluge valves and nozzles).
Type of protection depends on required
duty this may be to extinguish the fire,
control the fire or provide exposure
protection.
73

Types of AFP include:
water deluge
foam
water mist / steam
dry powder
inert gas (Inergen), CO2
DAN FE
X- 03 0 1
DAN FA
P- 03 0 3
L AR G E M O NI TO R
X- 0 3 22
X- 0 314
X- 03 13
X- 0 31 2
DAN FB
h elid ec k m on it o r s
X- 031 7
X- 0 3 28
X- 03 1 5
X- 0 3 18
X- 0 32 8
X- 0 31 6
P- 03 05
P - 0 30 6
X- 032 7
DA N FF SYS TE M
X- 03 2 5
X- 03 2 6
DAN FC
X- 0 3 2 2
P - 0 30 1
P- 0 30 2
X- 0 32 3
L ARG E M O NI TO R
P- 0 3 03
P - 0 3 04
XV- 035 25 5
XV- 0 35 35 4
X V- 0 3 5 35 3
XV- 03 53 5 1
XV- 035 25 6
XV- 03 520 6
XV- 0 35 3 52
XV- 035 205
XV- 035 203

XV- 0 35 20 1
XV- 03 52 0 4
XV- 0 3 520 2
DAN FF SYSTEM
DAN F F
DA N FF SYS TEM
74

Types include:
water deluge
foam
water mist / steam
dry powder
inert gas (Inergen), CO2
Carbon dioxide supply Carbon Dioxide is a colourless, odourless, electrically non conductive inert gas agent for extinguishing fire
CO2 extinguishes fire by lowering the concentrations of oxygen in air to the point where combustion stops
CO2 being dangerous to personnel, it should be used in unoccupied spaces
Foam extinguishes fire in four ways: Smothering fire and preventing air from mixing with flammable vapours
Control and reduction of flammable gas release
Separating flames from fuel surface
Providing some cooling effect for fuel and adjacent metal surfaces
75

Passive fire protection -Fireproofing to prevent failure
of structures and equipments. Coating applied to the
wall of vessel (mineral or organic-based).
Resist to flames and slow down heat transfer to the
wall ( fire walls, chartek, blast wall, fire blankets)
Design for blast possible explosion overpressure
Fire Barriers / Partitions between areas e.g.

Process / Non Process :
The duration of the required stability and integrity
Coatings on Bulkheads - For A / H / JF ( with wire

mesh )
Prefabricated GRP Panels - For A / H / JF
Prefabricated Panels with insulation - For A /
H / Not JF
A = 60 minutes
H = 120 minutes
J = J-class is not a standard fire rating. SEV
specification retains H capabilities of 120 minutes
Critical Structural Members / Risers / Flare

Structure / Supports
Intumescent or Cementious coatings - For H / JF
( with wire mesh)
Standard Fire Curves

Temperature vs. Time
Risers / ESDV's / Equipment / Panels

GRP Cast Sections for risers and boxes for
ESDV
Intumescent half shells
1 200
1 000
Jet fire
Hydrocarbon fire
800
Penetrations :
Seals suitable
for For A / H / JF
Cellulosic fire
600
J 45/ H60, 0.3

bar Blast wall
400
200
10
20
30
40
50
60
minutes
76
HAZARD MITIGATION EMERGENCY SHUTDOWN 1

Emergency shutdown system contains different levels (process, emergency, fire & gas and if
required ultimate safety system), each of them consisting in a set of safety loops. Safety loops
consist of field sensors, logic solvers and final elements (e.g. valves).
The main purposes of ESD systems are:
To limit the loss of containment, by isolating hydrocarbon production and processing.
To protect personnel, e.g. smoke and gas detection in the HVAC intakes of Buildings.
To prevent ignition by elimination of potential sources of ignition.
To reduce flammable or toxic inventory by depressurisation through the EDP system.
ESD system shall take into account the requirements that may arise during other possible (and
likely to occur) abnormal or down-graded configurations.
New hazards can appear as a consequence of the loss of essential utilities such as essential
power, air, hydraulics, etc. These new hazards shall be identified, mitigated ad the associated
risks shall be assessed.
77
HAZARD MITIGATION EMERGENCY SHUTDOWN 2

In the event of a process upset that can lead to loss of containment or hydrocarbon leak we need to
shutdown the process unit and sometimes the platform immediately so the event does not escalate to other
areas of the Platform.
78
HAZARD MITIGATION OVERPRESSURE

Most of the plant is pressurised so what happens during an over pressure event. Design of
relief disposal dependent on relief requirements (e.g. fire, overpressure by gas , overfilling by
liquid, reaction runaway).
Relief devices are installed and during an overpressure event they open and allow the
gas to go to the flare thus preventing over pressure of equipment. Process engineers have
to size these devices for the equipment they are protecting.
A flare or vent system consists of:

Relieving devices in the Process systems (PSV, BDV, Bursting discs,)
Headers for collection of relieved effluents
Knock out (KO) Drum to segregate gas and liquid phases
Sealing devices to prevent air ingress (purge gas, seals) or Designed to
Sustain internal explosion
Disposal devices for the gas and liquid (Flare tip, liquid burners, burn pit,)
79
HAZARD MITIGATION OVERPRESSURE

RELIEVING DEVICES
Relief valves
Rupture disk
Explosion vents, hatches, or panels
Pressure/vacuum relief valves
Open vent pipe (cannot be blocked off)
Floating roof, lifter roof or weak roof-to-shell seam (atmospheric tanks)
Self-closing manhole cover or weak gauge hatch
Hydraulic accumulators (liquid thermal expansion relief only)
80
HAZARD MITIGATION UNDERPRESSURE

Flare safety precautions should include:
Use of a automatic flame monitoring device to warn of flameout conditions.
Provision of a liquid knock out (KO) drum, which is equipped with high level
alarms to
Warn of an excessive accumulation of liquid.
Prevention of the introduction vapors into the system when it is not
operational.
81
HAZARD MITIGATION DRAINAGE 1

Function Of Drainage Systems
SAFETY
Minimise uncontrolled spillage
Minimise the risk of ignition (evacuation of flammable liquids away from ignition
sources)
Prevent escalation of a fire across the installation (containment and evacuation

of flammable liquids)
ENVIRONMENT
Minimise direct discharge of polluted streams by channelling

treatment units
to appropriate
Key Features For Safety Of Drainage
Architecture of network to prevent cross-contamination
Gas seals and fire breaks to prevent migration

Closed Drains Are Connected To:
Hydrocarbon equipment under PRESSURE
Equipment handling TOXIC fluids (intentional release to atmosphere not

acceptable)
82
Open drains are ATMOSPHERIC systems

Potential Hazards in drainage systems
Spread of gas and fire (transmission of explosive atm near ignition sources)
Over pressurisation (blockage, RPT, drainage under excess pressure, gas blow-by..)
Vacuum
Cross contamination
Overflow
Higher corrosion rates
Confined space entry, heavy gas accumulation in drum pits
Main causes
Poor Design
Mal-operation
Inadequate segregation
Less interest than other process systems and profitable production systems
83

DIKING AND BUNDING
Tank needs to be surrounded by a bund wall or dike in order
to prevent uncontrolled liquid spillage.
A bund is an embankment or wall of brick, stone, concrete or
other impervious material, which forms the perimeter and
floor of a compound and provides a barrier to retain liquid.
Since the bund is the main part of a spill containment system,
he whole system (or bunded area) is colloquially referred to as
the bund.
Bunds should be designed to contain spillages and leaks of
liquids used, stored or processed above ground and to
facilitate clean-up operations.
As well as being used to prevent pollution of the receiving
environment, bunds are also used for fire protection, product
recovery and process Isolation.
Containment pool is deemed counter-productive since a
potential pool fire resulting from one single tank Failure will
also be affecting all the other intact tanks installed inside the
pool (risk of BLEVE). This hazard should be avoided by
installation of a spillage collection system directing any
leakages to a safe location away from where a bullet farm is
located.
84
HAZARD MITIGATION IGNITION CONTROL 1

Due to the flammable nature of oil and gas ignition control is very important because if there is no ignition source there
will be no explosion or fires.
Precautions:
> Avoiding flammable substances (replacement technologies)
> Inerting (addition of nitrogen, carbon dioxide etc.)
> Limitation of the concentration by means of ventilation
Ignition sources identification:

Apparatus which, separately or jointly, are intended for the
generation, conversion of energy capable of causing an
explosion through their own potential sources of ignition
Measures to limit the effect of explosions to a safe degree:

> Explosion pressure resistant construction
> Explosion relief devices
> Explosion suppression by means of extinguishers, deluge, etc
85
HAZARD MITIGATION IGNITION CONTROL 2

According to Standard EN 1127-1, 13 types of
ignition sources :
Hot surfaces
Flames & hot gases
Mechanically generated sparks
Electrical apparatus
Stray electrical currents, Cathode corrosion
protection
Static electricity
Lightning
Electromagnetic fields
Electromagnetic radiation
Ionising radiation
Ultrasonic
Adiabatic compression, shock waves, gas
flows
Chemical reactions
When handling a number of different flammable

fluids, classification to be based on the most
volatile fluid anticipated.
Keep in mind that it does not address scenarios

of major releases under catastrophic failures
(ex rupture of a pressure vessel), but do not
forget scenarios of operation and maintenance
of equipment.
Do not forget drain traps on process decks

(potential Zones 0 & 1).
Reduce risks through design improvements by

reducing release sources, by grouping
equipment and by optimizing ventilation.
Avoid non hazardous area surrounded by

hazardous areas (unless ventilation protected
enclosure).
Once minimum extent is determined, utilize

distinct landmarks for the actual boundaries, to
permit easy identification by operators.
Ref ATEX directives implementation guide
86
HAZARD MITIGATION HAZ. AREA CLASSIF. 1

Hazardous Area Classification
Reduce to an acceptable level the probability of coincidence of a flammable atmosphere and an ignition source, by
means of:
Segregation of hydrocarbon sources and ignition sources,
Selection of equipment with the potential to cause ignition:
Zone 0.
In which ignitable concentrations of flammable gases or vapours are present continuously, or in which ignitable
concentrations of flammable gases or vapours are present for long periods of time.
Zone 1.
In which ignitable concentrations of flammable gases or vapours are likely to exist under normal operating conditions. (for
a full definition refer to API RP 505).
Zone 2.
In which ignitable concentrations of flammable gases or vapours are not likely to occur in normal operation, and if they do
occur will exist only for a short period (for a full definition refer to API RP 505).
87

IDENTIFICATION
OF
LEAK SOURCES
CODE
(IP15, API 505,)
FREQUENCY
OF RELEASE
FLUID CLASS
AND
CATEGORY
CLASSIFICATION AND EXTENT

OF HAZARDOUS AREAS
GRADE OF
RELEASE
Continuous grade release:

Within tanks, above liquid interface, temperature >
flashpoint
sumps
GAS
BUOYANCY
EXTENT
OF
ZONES
TYPE OF
VENTILATION
Secondary grade release:

Flanges & piping connections, valves, tapings
PSV, vents, sample points, which in normal operation
do not generate release to atm
Most pumps, compressors,
Primary grade release:

Sample points,
No release sources:
PSV discharge,
Pressure vessels, atm tanks, welded pipe, sealed drums,
vents
Pig launchers & receivers,
sumps
Some pumps, compressors, filters (if releases are part of
88
normal operation)

The lowest temperature at which, when mixed with air at normal pressure and as a consequence of
chemical reactions initiated on account solely of temperature, the substance will ignite and burn in
the absence of any initiating source of spark or flame.
Classified : All hydrocarbons handled at a temperature above their flashpoint are liable to generate
hazardous areas, or whose flashpoint is below 37.8C (ref API 505 & NFPA 497)
Unclassified : Liquid hydrocarbons with a flashpoint > 100C
Temperature class
89

Flammability limits change with
Inerts
Temperature
Pressure
90
HAZARD MITIGATION HVAC & VENTILATION 1

HVAC unit usually is placed between the
helideck and the roof of the quarters for
offshore units.
The living quarters and electrical switch
rooms also requires a ventilation system ,
in the event of a gas release or fire the
HVAC damper shut off preventing gas
ingress.
Note normally you will have fire and gas
detectors at HVAC inlets to detect gas
and shutdown damper especially if HVAC
inlet is in close proximity to the process
area.
91
HAZARD MITIGATION HVAC & VENTILATION 2
Adequate ventilation = open area :
At least 12 air changes/hr with no stagnant

areas.
Ventilation air can be taken from a nonhazardous area, or an external Zone 2 area,
but must not be drawn from either Zone 0 or
Zone 1 area.
Dilution ventilation (of enclosed areas) :
Ventilation at such a rate that the probability

of formation of a flammable atmosphere is
so low that the area can be considered nonhazardous (i.e. gas concentration < 20%
LFL).
92
HAZARD MITIGATION -SAFETY CRITICAL ELEMENT 1
SCEs are the principal elements constituting the barriers

They can relate to equipment, processes or people
SCEs shall be managed so as to provide the positive assurance that they are effectively operable on demand,
they perform as expected and they have some capacity to survive incidents.
Safety Critical Elements (SCE) are any part of the installation or plant: whose failure will either cause or
contribute to a major accident the purpose of which is to prevent or limit the effect of a major accident
93
HAZARD MITIGATION -SAFETY CRITICAL ELEMENT 2

SCEs should have performance standards
PS Description Identifies System, linkage to MAE/Bow-Tie, Scope (Individual SCEs e.g.
Shut Down Valves) and PS Goal (e.g. Isolation of Hydrocarbons).
Function Performance Standard (Isolation of Hydrocarbons), Performance Criteria (e.g.
Leakage Criteria or closure time referenced against a standard) & Assurance Task (e.g. Valve
Function & Leak Test) via maintenance activities (e.g. AMOS, maximo, SAP) to help
demonstrate that the critical systems achieve the performance standard with the required
reliability throughout their life of service.
Reliability/Availability, Survivability & Interdependency Level of performance (e.g.
ESDV should achieve 100% reliability/availability of service) and interdependency (e.g. ESDV
links with ESD system).
94
HAZARD MITIGATION - EMERGENCY RESPONSE

No fire trucks offshore just the trained fire fighting team but cant fight a major fire
95
END OF AFTERNOON SESSION DAY 2

We Have Looked At Hazard Mitigation focusing on Fire
protection (active & passive),F&G detection , Safety
Instruments Systems, ESD, Hazardous Area
classification, Flare, Ignition Control, Drainage, HVAC,
Overpressure Protection, Maintenance SCE
Performance standards, Emergency Response
96
TECHNICAL INTEGRITY
Technical Integrity (TI) is all about management of SCE ( HAZARD MITIGATION MEASURES)
Risk Control Dimensions
Hydrocarbo
n
Leak
A
Safe
Operation
Shutdown
Systems
Z
A
R
D
S
Prevention Barrier
A
Plant
Design
Inspection
and
Maintenance
Permit to
work
D Plant change
management
Thickness
Ignition
Control
PM checks
mment
Equip. online
Fire & Blast
walls
location
Condition
monitoring
Defined &
understood
scope of
work
Hazards
identified,
risk
assessed &
Controls in
place
Work
authorised
Risk
assessment
for potential
impacts
Authorised
management of
change
Case to
operate
Mitigation Barrier
Staff
Competence
E Operational
B Inspection & C Permit to D Plant Change

Plant
8Design
Dimensions
of Integrity
Maintenance
Management
Work Monitoring
Mech
Integrity
Major
Accident
Procedures
Operations
Proedures
Standardsd
Operating
Procedures
Periodical
review done
Temporary
procedures
for changed
situations
risk assessed.
G
F
Alarms &
Instruments
Staff
Competence
Role specific
competency
criteria for
process safety
Periodic
inputs
for
updating
Periodic
assessment
Each Barrier is important

Concurrent failure in barriers can result in Near Miss or MAE
Significant Failing in just one critical barrier sometimes is sufficient to cause incident
Continuous monitoring & testing of Barriers is needed through suitable tools
Emergency
arrangements
Alarms &
Instruments
Fire & Gas

alarms
Routine
monitng of
alarms / trips
Defined
procedure
for
management
of inhibits /
overrides
C
O
N
S
E
Q
U
E
N
C
E
S
Emergency
Arrangements
Periodic
testing of
ESD / trips and
emergency
systems
Periodic Mock
drills of ERP
Emergency
procedures
updated
97
ESTABLISH DESIGN INTEGRITY

Establish Design Integrity and Safeguard it during Operations
Project Phase Establish Integrity by identifying MAE, SCE
( Safety Critical Elements) producing Performance
Standards(PS) all contributing to the establishment of
Technical Integrity (TI).
In the operation phase, safeguard integrity by maintaining

equipment, reviewing, verifying and assuring integrity using
performance standards, corrective action should be closed
out appropriately all leading to maintaining TI.
Technical
TechnicalIntegrity
IntegrityManagement
Management
MAXIMO
MAJOR ACCIDENT EVENTS

(MAE)
98
SAFEGUARD TECHNICAL INTEGRITY

WHAT
HOW
WHO
Audit
Corporate Audit
Audit Program
Status Judgement
MA
Class
Verification
Regulator
Verify
Peer/Third Party
Verification
Maintenance
Inspection
Testing
Compliance
Review
KPI
Effectiveness
Review
Asset Manager
/
ICP
KPI/Target
Verification
Competency
Assurance
Operator
Maintainer
Risk Overview
Risk Overview
Status Judgement
MOC
Standards
,
Regulations
,
& Class Compliance
Status
Report
Technical
Authority / OPS
Manager
Status Judgement
Monitor
Critical Information
Engineering TI
Maintenance
Status
Processes
Inspection
Compliance
Safety
Action
Monitor Compliance
Case
Morning
Tracking
MOC
Performance
SC Equipment
Audit
and
call
Standard
Maintenanc
Trip
Process
& e Condition
Surveillance
Compliance
Classification etc
Status Judgement
Process
Change
Management
System
Procedure
BOD ,/
Technical Stds
Operating Envelope
CTO
Production
Accounting
System
Risk
Management
Incident
Investigation
Management
Competency
Management
System
Maintenance
Management Sys
Technical Integrity Process
Permit
to work
Regulations
Legislation
Technical
Integrity / Safety
Engineer
Process Owner
Implementer
Gap
99
KPIS FOR BARRIERS - LAGGING AND LEADING

LAGGING (from near misses
incidents)
Outcome indicator
(Outcome is the
desired performance that the barrier is

designed to deliver
Reactive monitoring that discovers

weaknesses in the barrier in near
miss or actual
Reveal actual failure of significant
control barrier
Reveal holes in cheese following
near-miss or actual process safety
incident
LEADING (audits in AMOS)

1. Process indicator (Process is the
planned activity to test the functional
deliverability of the barrier )
2. Pro active monitoring that catches

weaknesses in routine PM checks
3. Reveal likelihood of failure of
significant control barrier in a
routine systematic check
Detect holes in cheese
during planned routine checks
Both are Important

Interdependent
Compliment each other; giving full range of control
Leading KPIs are more Important for Senior Management
100
SUGGESTED LEADING KPIS
1. Number of
deviations
from codes &
Standards
____________
2. Number of
plant
modifications
done to
improve
process
safety
Safe
Operation
Inspection &
Maintenance
1. % of
process
safety PM
checks
completed on
time
____________
2 % of process
safety PM
checks
with
identified
gaps to
performance
standard.
Permit to
Work
1. % of Permits
(sampled)
where
hazards
identified and
control
measures
specified
2. % of permit
(sampled)
with controls
verified on
site.
Operating
Procedures
1. % of
Operating
Procedures
periodically
updated as
per plan
-------------------2. % of
Operating
Procedures
requiring
significant
modification
Staff
Competence
Inspection &
Maintenance
Alarms &
Instruments
1. % of staff in
technical role
with verified
. process
safety
awareness
-------------------2. % of staff in
Process
safety
management
role with .
. verified
competency
criteria
1. % of inhibits
(sampled)
executed as per
specified
procedure
--------------------2. No of inhibits
in place as % of
total final control
elements
_____________
3.No of standing
alarms per
panel
LOC
Escalation
Barriers
Prevention
Barriers
Lagging KPIs
Plant
Design
Plant Change
1.Management
% of changes
risk
assessed, &
approved
before
installation
___________
2. % of audited
MOC
meeting
MOC
procedure
_____________
3.% MOC s
closed out in
10% of the
execution time
HAZARD
Plant
Design
Permit to
Work
Plant Change
Management
No of leaks
Operating
Procedures
Staff
Competence
Alarms &
Instruments
Emergency
Arrangements
% of persons
who (sampled)
participated in
an emergency
exercise in the
last 6 months.
----------------------2. % of
Emergency
Shutdown
valves /BDVs &
process trips
tested, as per
schedule
1.
CONSEQUENCES
Leading KPIs
Major
Accident
Event
No of MAEs
Emergency
Arrangements
Number of Process safety near misses, Loss of containment incidents, fires, explosions with root cause linked to deficiency in this dimension
INHERENT SAFETY
But are design should be Inherently Safe in the first place
1 . Minimise use smaller
2 . Substitute
quantities of hazardous
substances
substance
replace a material with a less hazardous
Gas
Hot Oil
Gas
THE BASICS
Fewer hazards
Fewer causes
Reduced severity
Fewer consequences
3 . Moderate
Hot
Water
use a less hazardous
condition, a less hazardous form of a

material, or facilities that minimise the
impact of a hazardous material or
energy
4 . Simplify design facilities that eliminate unnecessary
complexity and make operating errors less likely and that are more
forgiving of errors which are made
barg
barg
102
INHERENT SAFETY RISK REDUCTION MEASURES

Process Design
Alternative chemical process
(chemicals used, )
Reduction of operating pressure
Reduction of operating temperature
Reduction of area congestion
Selection of construction materials
Some critical cooling systems
Automatic action SIS
Interlocks independent from DCS
PCV to flare
Heat cutout interlock
Feed cutout interlock
UPS systems
Emergency power generator
HIPPS
Limitation of Released Quantity
Reduction of product inventory
Remote operated isolation valves
(ESD system)
Blowdown system
Flow orifices
Excess flow valves
Mitigating & Protective measures

Diking
Water curtains
AFP (Sprinkler/deluge systems)
Foam application systems
Restricting flow orifices
Excess flow valves
PFP(Blast/fire resisting structures
blast/fire walls, reinforced control
rooms)
Control of ignition sources
Emergency shutdown systems
Containment systems (containment
inside building)
Flange protection
Devices influencing the direction of
leaks.
Explosion suppression systems
Inhibitor or killing agent injection
systems
Detection systems (gas, liquid, smoke,
fire,...) with operator intervention
Physical protection
Safety valves to flare
Rupture disks to flare
Vacuum breakers
Blowdown systems
Reduction of Leak
Frequencies
Enhanced inspection
plan (mechanical
integrity)
Full containment
design
Corrosion allowance
Corrosion risk
management
Safety Critical
Procedures (with high
reliability level in
execution)
103
MANAGEMENT OF CHANGE (MOC)

Establish and implement written procedures
to manage changes to process chemicals,
technology, equipment, and procedures; and
to facilities that affect a covered process
Inventory
Equipment unavailability, changes or new
installation
Instrumentation changes or program changes
(DCS)
Changes to operating parameters
Procedure changes SOP, ITPM, Emergency
Temporary changes
Does not apply to replacement in kind
Address prior to any change:
Technical basis for the change

Impact of change on safety and health
Modifications to operating procedures
Necessary time period for the change
Authorization requirements for the
change
Update process safety information
accordingly.
Update operating procedures and
practices accordingly.
Train employees affected by the change
prior to making the change
104
WHY HAVE A SAFETY CASE
Major Industrial Disasters

Flixborough, UK, 1974 Explosion 28 workers killed
(happened on a weekend so plant was minimal manned)
Piper Alpha 167 killed in 1988
Clapham Junction Rail disaster (35 fatalities)
Phillips 66 Texas
All disasters above had Common Findings & Recommendations
Conclusion : Prescriptive approach not appropriate- move

to a goal based approach, described in a Safety Case.
Prescriptive regime does not require identification and
understanding of hazards. Involve workforce awareness
of hazard management.
Petrobras P-36 Brazil, 2001
Temsah Platform Egypt, 2004
High Platform Mumbai, 2005
Texas City Texas 2005
105
TYPICAL CONTENTS OF A SAFETY CASE
Operations Safety CASE
Part 1
Introduction
and
Management
Summary
Part 2
EHS
Management
System
Description-
Part 3
Facility
Description
Part 4
Formal
Safety
Assessments
& Hazards
and Effects
Analysis
Part 5
Management
of SCEs
Part 6
Remedial
Action
Plan
Part 7
Conclusions
106
MAJOR ACCIDENT EVENTS

Helicopter Crash
Cargo Tank Explosion
Surface Blowout
HC Releases Fires /Explosions
Structural Damage
Ship Collisions
Turret Failure
Projectile / Missile impact
Dropped Objects
Subsea Release
Natural Hazards
Toxiic Release
107
BP TECHNICAL SAFETY
PROCESS
108
WOODSIDE TECHNICAL SAFETY PROCESS
109
TOTAL TECHNICAL SAFETY PROCESS
110
Inherent Hazard category

Pressure
- Pressurized Fluids and Gases,
- Compressed Air, High Pressure
Steam
Possible hazard scenario
Example Safety
consequences
- Unplanned release of
hydrocarbons
- Equipment failure release
pressurized drilling foam
- Possible multiple fatalities if the

release ignites immediately
- Injury or death to persons
standing close to location of
equipment failure.
- Unplanned release of reservoir

fracturing acid.
- Severe injury or death of

individuals close to the location of
the release.
- Unplanned release of nitrogen
- Minor consequences unless

person is in a confined space
when/where the release occurs
leading to potential fatality
Stored Energy
- Suspended Load, Hydraulic
Systems
- Hurst high pressure hydraulic

hose
- Injury to personnel in the vicinity

to the failure.
Biological Agents
- Laboratories, Sewers,
Contaminated Water, Cooling
Equipment, Bio-treaters
- Poisonous work atmosphere
- Person is poisoned
Hand Tools
- Hammers, Bolsters, Drills, Chisels,
Flogging Spanners
- Misuse of hand tools
- Injury to person using the hand

tool
Chemicals
- Corrosive, Toxic (acute or chronic),
Harmful, Irritant,
Oxidizing, Flammable (incl mists and
dusts),
Sensitizing, Dangerous for the
Environment
Asphyxiants
- Nitrogen, Carbon Dioxide, Halon,
Light hydrocarbon
gases
111
Example Safety
consequences
Operation of Vehicles
- Fork Lift trucks, Cranes, JCBs,
Piling Rigs, Rail Cars, Rail Engines,
Tractors/Trailers, Low loaders,
Lorries, Ground Loading,
Underground services,
Overhead cables
- Accident in harbour while

transporting equipment by lorry
- Injury to driver and others in the

vicinity of accident
Drowning
- Waves, Tides, Currents,
Entanglement, Slippery Surfaces
- Man overboard
- Fatality if person not recovered

quickly
Confined Spaces
- Storage Tanks, Ducting, Main
Separators, Voids, Sumps,
Excavations, Exposure to High/Low
working Temperatures
- Entry to vessel for visual

inspection which has not been
purged of gas
- Injury or death form Asphyxiation
Ignition Sources (including static) /

Fire
- Grinding, Cutting, Drilling, Welding,
Static, Earthing,
- Adjacent Process Vents/Drains,
Residual Hydrocarbon
- Waste material catches fire from

sparks from a grinding operation
- Equipment damage and

personnel injury if fire not
extinguished immediately
- Collapse of an excavation during

construction of a mud pit for an
onshore drilling program
- Fatalities
- Explosion in mud room while

filling hoppers
- Fatalities or serious injury
Excavations
- Contaminated soil, buried services,
un-shored sides
Explosion (Implosion)
- Chemical, Pressure, (Vacuum),
Dusts, Mists, Low Ignition Energy
Materials (e.g. Hydrogen
112
Example Safety consequences
Fall of Person from Height

- Rigging, Suspended Cradles,
Ladders, Scaffolds
- Derrick man falls while handling

pipe
- Fatality
Electricity
- Cabinets, Switchrooms,
Transformers
- Person doing tests on live

electrical equipment
- Fatality by electrocution
- Items from an equipment basket

fall while being moved by crane
- Injury or fatality from being struck

by the falling object
- Complex task being undertaken

at night without adequate lighting
- Injury to person undertaking task

because of misinterpretation of
readings on gauges causing wrong
action
- Slip while going to work station
- Injury
- Person leans against a piece of

hot pipe which has no insulation
- Burn injury
- Poor lifting technique used when

moving heavy boxes of spares
- Back injury
Fall of Objects/Material from Height

- Tools, Debris, Equipment
Lighting
- Intense, Poor, Lasers
Trip or Fall on same level

- Uneven/Slippery Surface, Poor
Housekeeping, Ice
Contact with Hot / Cold Surface
- Adjacent Equipment, Insulation,
Cryogenic, Auto-refrigerant
Manual Handling
- Lifting, Carrying, Pushing, Pulling
113
Example Safety consequences
Noise
- Piling Rigs, Compressors, Pumps,
Fans
- Work location adjacent to

numerous pumps and
compressors on full load
- Long term hearing injury
Incorrect Posture
- Confined Spaces, Poor Balance,
Use of Computer
- Cramped temp office location

with data entry computer terminal
- Injury due to excessive time at

computer entering data
- Use of percussive chisel to

remove sea fastenings
- White finger caused by excessive

use of percussive tools
Use of Machinery
- Moving Parts, Dangerous Parts,
Entanglement, Tripping
- Using hand drill to make fixing

holes in some temporary
equipment
- Loose clothing gets caught in drill

and causes serious arm injury
Radiation
- Nucleonics, Gamma Rays, LSA
Scale, Weld Flash,
Thermal Radiation (flares)
- Assisting welder finish sea

fastenings
- Welding flash causes temp.

blindness
- Load gets snagged in adjacent

equipment when being lifted
- Strop breaks and the load falls on

a person in the vicinity causing
severe injuries
Vibration
- Percussive Tools, Heavy Plant
Mechanical Lifting
- Cranes, Hoist
114
115
116
SAFETY CRITICAL MEASURES

8. Community emergency response
7. Site emergency response
Safety Critical Measures
6. Effect mitigating measures (watercurtain,

site layout, reinforced structures,)
5. Physical protection (relief systems,)
4. Automatic action SIS
3. Critical alarms or tasks/procedures with

operator supervision and manual intervention
2. Basic controls & process alarms with

operator intervention
1. Inherent safe process design
117
TYPICAL SAFETY SYSTEMS

S a fe ty S y s te m s
G e n e r a l D e s ig n
L ayo ut
H A ZO P S &
D E s ig n R e v ie w s
C o m m a n d & C o n tro l
C om m and
C
E
C
E
o m m u n ic a
m e rg e n c y
o n tro l R o o
r g o n im ic s ,
C o n t r o l & M it ig a t io n
tio n s
Power & U PS
m
e tc .
P ro c e s s C o n tro l
& A la r m s
S e g r e g a tio n
& I s o la t io n
F & G D e t e c t io n
ES D
B lo w d o w n
A c t iv e F ire
P r o t e c t io n
P a s s iv e F ire
P r o t e c t io n
F ir e B a r r ie r s
& P e n e t r a t io n s
M a t e r ia ls H a n d lin g
P r o t e c t io n
H a z a rd o u s A re a
C la s s if ic a t io n
G a lle y F ir e
P r o t e c t io n S y s t e m s
H a b it a b ility
H V AC
E m e r g e n c y L ig h t in g
E s c a p e & E v a c u a t io n
E s c a p e R o u te s
L if e b o a ts
L if e r a f ts
L a d d e r s & C h u te s , e tc
L if e ja c k e ts
L if e b u o y s
P e r s o n a l P r o t e c tiv e
E q u ip m e n t
P y r o t e c h n ic s
E P IR B S
H e lid e c k C r a s h
R e s c u e K it
R e c o v e ry
H e lid e c k w a v e - o ff
E m e rg e n c y P o w e r
A c t iv e F ir e P ro t e c t io n
118
SAFETY CRITICAL MEASURES
Safety Critical Measures are items such as procedures, equipment, instrumentation

or any other assets that are vital or critical in the loss prevention strategy of an
industrial site.
Safety Critical Measures will interrupt the propagation or will lower the probability of
the propagation of an initiating event (accident cause) to unwanted consequences
(major accident)[1]
Multiple Safety Critical Measures can be taken to reduce the risk of a specific
accident scenario
The identification of Safety Critical Measures is done using systematic and
structured risk based brainstorming techniques (see Section 2 on Hazard
Identification)
Safety Critical Measures can be active[2] or passive[3] systems
119
Hazard Mitigation Design Safety 9b

SCE example
Scenario
6 inch feed line from LPG sphere
Consequence potential
Safety Critical Measure
Major leak probability control valve
: Vapour cloud explosion due to major leak at control valve in

: Catastrophic (estimation using TOTAL risk matrix)
: Automated ESD system rated SIL2 (PFD=10E-2)
: 1.25E-4/yr (source : CHARAD 5) for 1 inch leak
Upon failure of ESD system :

formation of major flammable vapour cloud with potential catastrophic impact
in case of ignition*
Upon success of ESD system
:
formation of limited flammable vapour cloud with limited in case of ignition*
LPG sphere
Logic solver
Gas detection
ESD system
Control valve
120
CASE STUDY BP TEXAS REFINERY EXPLOSION

As you watch the video
-Identify the safety critical element( EQUIPMENT/ PROCEDURES / PEOPLE) that failed for this accident to happen
121
Texas City Explosion

Hazard Management Diagram
Relief and
Blowdown
System
Learning from
the Past
Control, Alarm &
Shutdown system
Inherent Design
Plant Layout
Effective
Supervision
/ Leadership
Operations
Procedures
Maintenance
& Inspection
Work Control
Audit & Self

Regulation
Training &
Competency
Communication
Active & Passive

Fire Protection
Investigation &
Lessons
Learned
Support to Next
of Kin & Injured
Escape /
Access
Management
of Change
HAZARD
Normal
Hydrocarbon
Inventory in
Raffinate
Splitter
Rescue &
Recovery
HAZARD
REALIZATION
Loss of
containment
Ignition
Explosion
Multiple fatalities
and injuries
Inventory
increased
Proximity
of nonessential
personnel
to hazard
Flare not
used
No up to
date relief
study design
basis
unclear
Capacity
of
blowdown
drum
exceeded
Operate
outside
envelop
No failsafe
shutdown
No mass
balance
or
attention
to other
data
Lost
process
control
Faulty
high level
alarm not
reported
Previous
incidents
& upsets
not
reported
Admin.
rather
than ISD
solutions
Hierarchy
of control
not
applied
Procedure
s not
followed
Steps not
signed off
Use of
local
practices
Failure to
recognize
hazard to
trailers from
start-up
People not
notified of startup
Multiple
sources of
ignition in
adjacent areas
Inadequate
HAZID skills
Lack of
underpinnin
g knowledge
Failure to
follow
procedures
Confusion
over who was
in charge
No
verification on
procedures in
use
Absent from
unit at critical
times
Pre-start-up
review not
performed
Procedural
compliance not
checked
Supervisor
offsite
No interventions
Inadequate
KPIs for process
safety
No effective
handover
between
shifts
Unit alarm
not sounded
No / incomplete
MOCs for trailer
siting
Blowdown
drum modified
without rigorous
MOC
Active &
passive fire
protection
Emergency
response by site
and external
authorities
Hospitalization
Access & escape
route diversity
Access to scene

Updated Technical Safety

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Updated Technical Safety

Загружено:

Авторское право:

Доступные форматы

SHORT COURSE FOR INDUSTRY

Recent and historical incidents have highlighted the importance of having a

Get involved in safety reviews such as HAZOP, HAZID, design and

Understanding of hazards faced in industry and prevention and

Understand the key process safety requirements at each stage in the

Managers, Supervisors, Engineers, Safety Personnel, and others

Operators and Maintenance Personnel of major process plant

Graduates and Chemical Engineers interested in developing a career

Anyone who would like to develop an understanding of Technical

FUNDAMENTALS OF PROCESS SAFETY

EVERYONE IS RESPONSIBLE FOR SAFETY

TWO ASPECTS OF SAFETY

An effective personal safety

PROCESS SAFETY VS PERSONAL SAFETY

PROCESS SAFETY VS PERSONAL SAFETY

FEYZIN FRANCE, 1966

Ignition source: car engine

Flash fire, jet fire and BLEVE of

FLIXBOROUGH, ENGLAND 1974

MEXICO CITY 1984

PIPER ALPHA 1988, UK

PHILIPS , PASADENA, TEXAS 1989

BP TEXAS CITY, 2005

Spill of 300 tons during 25

Ignition of cloud at firefighting

IOC OIL DEPOT, JAIPUR, INDIA ON 29 OCT.2009

INCIDENTS THAT DEFINE PROCESS SAFETY

PSM REGULATION FROM THE UK AND USA

OSHA 1910.119 (USA)

SAFETY CASE (UK)

Does this look familiar? How do these compare? Differences?

OSHA PSM ELEMENTS

PROCESS SAFETY COMMON HAZARDS

Spec breaks at the wrong location

TYPES OF RISK EXPOSURES

But there are some constraints

To make a safe and reliable plant

No accidents with damage to people

No spills with damage to

No business interruption accidents

WHY IS RISK MANAGEMENT REQUIRED ?

Accidents can often be avoided by sound risk

WHY DO WE SOMETIMES AVOID RISK MANAGEMENT

Risk Management can be frustrating:

In particular when you will remain in place for a

RISK MANAGEMENT HIERARCHY

HOW RISK IS MANAGED

CRITICAL MEASURES (PEOPLE, PROCESSES & PLANT)

RISK MANAGEMENT PROCESS SUMMARY

Risk Management Process

New/ Major Facilities

Task Risk Assessment -Qualitative

Workgroup Non-Routine Activity

Risk Potential Matrix

END OF MORNING SECTION DAY 1

We Have Looked At Introduction To Technical

HAZARD IDENTIFICATION HAZID 1

HAZARD IDENTIFICATION HAZID 2

HAZARD IDENTIFICATION HAZID 3

HAZARD IDENTIFICATION HAZOP 1

HAZARD IDENTIFICATION HAZOP 2

HAZARD IDENTIFICATION HAZOP 3