Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Risk Reliability and Safety > Lecture 8 - Process Safety Management > Flashcards

Lecture 8 - Process Safety Management Flashcards

1
Q

What is process safety?

A

Process Safety is a technical and operational discipline focusing on the identification and mitigation of the hazards associated with the physical and chemical properties of the material being processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are process hazards?

A

Process Hazards can expose groups of workers to serious injury or death. They may even expose members of the public. Management systems and safeguards (risk treatment) typically address operational integrity and aim to avoid loss of containment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is process safety management?

A

Process Safety Management is the application of management systems to the design, operation and maintenance of facilities that handle hazardous materials in a sustainable manner to control the identified process hazards over the facility life cycle.

Effective management of process safety can ensure facilities are appropriately designed, correctly operated and adequately maintained to prevent the catastrophic release of hazardous materials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why is process safety management important?

A
  • Accidents related to process safety failures continue to happen across multiple industries with major impacts on people (both employees and the community), the environment and assets.
  • Effective process safety management is key to eliminating these types of outcomes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the elements of process safety management?

A

Refer to slides (layed out in table)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the ALARP Principle?

A

As Low As Reasonably Practicable (ALARP): is a principle that risk reduction should be continued until the incremental sacrifice in doing so is grossly disproportionate to the value of the incremental risk reduction achieved (r2p2)
* ALARP represents “criteria where the test for acceptability or tolerability of a risk is whether it is reasonably practicable to do more to reduce risk” (AS ISO 31010)
* Incremental sacrifice is defined in terms of time, effort, cost or other expenditure of resources.
* Recognized and Generally Accepted Good Engineering Practices (RAGAGEP): is a principle that in addition to ALARP all equipment must be documented to demonstrate that good engineering practice has been applied. This includes application of codes and standards
* The ALARP principle allows regulators to avoid setting prescriptive standards, but rather set goals for duty-holders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the ALARP Triangle

A
  • Intolerable level of risk: high risks which are considered unacceptable. Activities causing such risk would be prohibited or would require further risk reduction.
  • Tolerable level of risk: risks tolerated in order to secure certain benefits. Risk reduction may be implemented if not considered ALARP
  • Broadly acceptable level of risk: risks considered acceptable. If practicable, risk are reduced further to ALARP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you tolerate ALARP risks

A

The zone between the unacceptable and broadly acceptable regions is the tolerable region. Risks in that region are typical of the risks from activities that people are prepared to tolerate in order to secure benefits, in the expectation that:
* the nature and level of the risks are properly assessed and the results used properly to determine control measures.
* the residual risks are not unduly high and kept as low as reasonably practicable (the ALARP principle); and
* the risks are periodically reviewed to ensure that they still meet the ALARP criteria, for example new knowledge about the risk or the availability of new techniques for reducing or eliminating risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the swiss cheese model?

A

The slices of the “Swiss Cheese” model represent the controls in place that modify risk by prevent an initiating event becoming an incident In process safety we typically refer to these controls as “safeguards”, which identifies their role in creating safe outcomes Safeguards are the hardware and human actions that directly prevent or mitigate an incident or impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the bowtie model?

A

Refer to slides (better visual with text)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why do we do risk assessments?

A
  • To understand risk
  • To identify safeguards currently in place (existing controls)
  • To identify gaps between current risk and tolerable risk
  • To identify new safeguards required to meet tolerable risk levels (recommendations)* To know which safeguards are most important and must remain effective (assurance)
  • There are many ways to do this including:
    o HAZID
    o Standard industry checklists
    o What-if?
    o HAZOP
    o HAZOP/LOPA (qualitative)
    o LOPA (quantitative)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why chose layer of protection analysis (LOPA)

A
  • Identification of most important safeguards (especially when there are lots available)
    o E.g. for a particular scenario there may be multiple alarms, trips based on different process parameters, mechanical protection systems, multiple mitigation systems
  • Identification of required safeguard performance
  • Enable development of a maintenance system which prioritises the most important safeguards
  • Enable the workforce to understand risks and respond appropriately to safeguards
    o E.g. what action do I need to take on alarm initiation? do I need additional safeguards in place if this safeguard is unavailable?
  • Update safeguard information as part of a management of change process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHat is LOPA

A
  • Layer of Protection Analysis (LOPA) is a semi-quantitative risk assessment tool for analysing and assessing the risks of the scenarios with higher consequence of concern (e.g. major incident
    events)
    o Single cause–consequence scenarios are identified and analysed
    o Risk is compared against company’s risk tolerance criteria
    o If risk unacceptable, additional independent protection layers are identified and suggested for implementation
    —-
  • Consequences of LOPA scenarios are the same as those on the company’s risk matrix
    o Typically, consequence development does not end at loss of containment, but continues to potential harm to personnel / environment
    —-
  • If one layer fails, the remaining layers are expected to continue to provide protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can LOPA be?

A

A LOPA can be:
* QUALITATIVE – using order of magnitude estimates for risk reduction factors
* QUANTITATIVE – using calculated risk reduction factors e.g. Probability of Failure on Demand (PFD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WHat are IPLs

A

Independent Protection Layer (IPL)
* A layer of protection that will independently prevent an unsafe scenario from progressing to its stated consequence regardless
of the initiating event or the performance of another layer of
protection.

  • Examples include:
    o “Interlocks”
    o Alarms and Operator Intervention
    o Relief Systems
    o Containment Systems
    o Safety Instrumented Systems (SIS)
    o Other Safety Related Protection Systems
    o Basic Process Control system (BPCS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are layers of protection

A

Refer to slide (for better visual)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How are LOPA results used?

A
  • LOPA will assess the risk reduction effectiveness of the existing
    safeguards as IPLs
    o Is the safeguard independent and proven to respond quickly enough to prevent the scenario developing?
  • LOPA will identify if there are any gaps that need to be filled to achieve the required risk tolerance criteria
  • If additional safeguards are required, LOPA can help determine the type of safeguard required, e.g. mechanical protection device or if a Safety Instrumented System (SIS) is required and if yes, the required risk reduction factor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

LOPA vs QRA

A
  • Both LOPA and Quantitative Risk Assessment (QRA) compare risk against a tolerable risk criteria* Whilst a LOPA looks at each cause consequence scenario individually and considers how many people could be impacted by the scenario, it does not consider the risk that each type of worker group would be exposed to
    o LOPA does not account for maintenance and operations personnel spending different amounts of time at the same location, it just considers how many people might be there and impacted by the consequence
19
Q

What is the QRA Process?

A

QRA process:
o Considers cumulative effect of toxic releases, leaks and ignitiono Determines the risk at specific locations if a worker were present
24 hours a day / 365 days a year (Location Specific Individual Risk, LSIR)
o Considers the amount of time a worker spends in each locationo Calculates the Individual Risk Per Annum (IRPA) of each worker group
o Can be used to calculate Societal Risk (risks affecting multiple individuals) on and off the facility
o IRPA and Societal Risk have to be at, or below, the tolerable risk
criteria for the facility

20
Q

What are the advantages of LOPA?

A

Advantages
* Opportunity to quantify
* Assistance in QRA
* Lack of independence is usually easy to detect
* Clear indication of most cost effective way to close gaps
* Easy to mandate a corporate method to gain consistency
* Compatible with ‘Bow Tie’ analysis

21
Q

What are the disadvantages of LPOA?

A

Disadvantages
* Demand for reliability data
* Inappropriate for complex event sequences with multiple root causes
o Designed for single cause-consequence scenarios* Does not easily deal with non-IPL safety measures* Human factors difficult to incorporate
* Over-reliance on standardized values for probability and frequency estimates that may not always be appropriate
* Time consuming
* Lots of arguments
* Too many easy targets for “experts”?
* Multiple initiators for a single scenario - problems if you have lots and lots!

22
Q

What is the LOPA Process?

A

Identify (and assess) the
* Risk tolerance criteria
* Scenario
* Initiating events
* Enabling events
* Conditional modifiers
* Protection layers
* Overall conclusions

23
Q

What is the risk tolerance criteria?

A

Tolerable LOPA scenario risk:
* A risk level which as assigned to a studied event which meets managerial, corporate or legal requirements.
* This level is used as the target to be achieved for the hazardous scenario being studied.
* This target can be derived for
o Injury
o Environmental effect
o Financial impact

24
Q

How do you define consequences?

A
  • Usually done as part of the HAZOP scenario using a risk matrix (qualitative / semi quantitative)
25
Q

How do you determine likeihood?

A
  • Likelihood of risk occurring with the identified consequence is
    determined through consideration of:
    o Initiating Event Frequency
    o Risk reduction factors from:
     Enabling Conditions
     Conditional Modifiers
     Existing Safeguards
  • Risk reduction factors must be directly related to the HAZOP
    scenario being assessed
26
Q

What is the risk reduction factor?

A
  • The potential reduction in likelihood or consequences provided by the presence of a safeguard or IPL
27
Q

What is a scenario?

A

Describe the ultimate consequence - injury, environmental effect etc. Assuming:
 something can initiate it… and
 no safeguards/layers of protection are in place… and
 full hazard of the scenario occurs…
Remember that a scenario may have several different initiating causes and an initiating cause may lead to more than one scenario

28
Q

How do select the initiating events?

A
  • External initiating events, e.g.
    o Ambient temperature – hot or cold
    o Bushfire
  • Equipment related initiating events, e.g.
    o Failure of a control loop
    o Blockage of pipe
    o Leakage in heat exchanger
    o Pump / compressor failure
  • Human failure-related initiating events e.g.
    o Opening / closing valves
    o Instrumentation failure prompting inappropriate operator response
29
Q

What are the basic rules for initiating events

A
  • HAZOP studies can be used to identify initiating events
  • Initiating events are single events, but may be modified by the probability of an Enabling Event and/or Conditional Modifier occurring.
  • Process control software should not be an initiating event.
  • Failure of a safeguard is not normally an initiating event unless the failure causes an unexpected process condition
    o E.g. PSV lifts in normal operation can be a cause of Misdirected Flow* A Basic Process Control System (BPCS) is not treated as a safeguard initially, therefore failure of a BPCS is a credible scenario.
30
Q

What does it mean by enabling events?

A
  • When or what needs to occur for the initiating event to progress
    The purpose of employing the enabling condition is to consider conditions that are necessary for an abnormal situation to proceed to a consequence of concern.
31
Q

What are conditional modifiers?

A

These are conditions that MUST be TRUE for the hazard scenario to fully develop

32
Q

What are the rules for recording safeguards?

A
  • Document safeguards in the order in which they would happen as the scenario develops * For example, if spurious closure of a valve on the liquid outlet of a vessel occurs resulting in increasing level in a vessel with potential to over-pressure the vessel resulting in loss of containment, potential ignition with resulting fire and potential harm to personnel, safeguard order is:
    1. Flow control valve on the inlet acts to reduce flow into the vessel
    2. High level alarm in vessel and operator response to troubleshoot issue
    3. High-high level trip of upstream process feeding the vessel
    4. Pressure relief device sized for liquid overfill diverting fluid to a flare designed for liquids5. Fire and gas detection systems, associated general alarm and operator response to evacuate area
    6. Fusible bulb or operator triggered deluge system
    7. Passive fire protection to ensure the supporting structure remains viable for the time required for personnel to escape to a safe location
33
Q

Why is not every safeguard is an IPL?

A
  • The qualitative assessment of likelihood made in a HAZOP can consider all safeguards* In a LOPA, credit can only be taken for Independent Protection Layers (IPLs)
  • Each safety layer must be independent of other protection layers
  • Failure of one layer must not result in the failure of another layer
  • Layers must have acceptable reliability (i.e. Probability of Failure on Demand, PFD)
  • If a layer is an administrative procedure, it must have written procedures, performance standardsand auditability
34
Q

What is the general rule of independence?

A

To be Independent, a layer of protection shall prevent an unsafe
scenario from progressing regardless of the initiating event or the
performance of another layer of protection.

35
Q

What are the rules for selecting IPLs?

A

Refer to slides for image (slide 54)

36
Q

What are the considerations for alarms and operator interventions

A
  • Must be independent of the BPCS if the BPCS already provides a trip (logic solver may be shared if it has proven reliability and separated channels)
    o Different loops
    o Different Power supplies (if UPS used for “active switching to safe state - mention this)
  • Accurate Fail Safe (power, signal etc) condition decided and implemented (look for it on P&ID)
  • Written procedure in which the Operator must be trained
  • Procedure must interrupt chain of events
  • Operator must have time to respond
  • Audited - tested – recorded
  • If an operator error is the initiating event, care is needed if we want to consider the same operator responding to a resulting alarm. This needs to be argued carefully
    o Many practitioners will not allow an alarm as an IPL in this case
  • Single manned control rooms present challenges
37
Q

How is LOPA risk quantification acheived?

A
  • Risk quantification is achieved by multiplying probabilities along the LOPA chain
  • The final probability is the conditional probability of a specified outcome, given that the initiating event has occurred.
  • When a quantitative risk is required, then this conditional probability is multiplied by the primary initiating frequency
38
Q

When do you need an IPL?

A

Refer to slides (better visual)

39
Q

What are the risk reducation options and what needs to be considered?

A
  • If, at the end of a LOPA for a specific initiating event there is a gap between the tolerable risk and the estimated event frequency, then other IPLs, including a Safety Instrumented System (SIS), may be required

We need to consider:
* How much risk reduction is required* What IPLs are available
* If a SIS is selected, whether a single SIS or a combination of SIS can achieve that risk reduction
* The implications of the required risk
reduction on the design, operation and maintenance of the SIS (including determining the optimum testing intervals)

40
Q

What is functional safety?

A

A SIS is 100% functionally safe if all random, common cause and systematic failuresdo not lead to malfunctioning of the safety system and do not result in harm to personnel, damage to the environment or loss of equipment or production
* 100% functional safety does not exist, but risk reduction is possible
* The risk reduction required to achieve the tolerable risk level can be specified as the Probability of Failure on Demand (PFD)
* The PFD can be used to determine the required Safety Integrity Levels (SIL)
* Required SIL dictates the rigor required at every stage of the safety life-cycle

41
Q

What is SIL - Low Demand?

A
  • Target failure measures for a safety function operating in low demand mode of operation
  • Low demand mode is when the safety function is only performed on demand and demand frequency is no more than once per year
42
Q

What is SIL - High or Continuous Demand?

A
  • Target failure measures for a safety function operating in high
    demand mode of operation or continuous mode of operation
    – High demand mode is when the safety function is only performed on demand and demand frequency is greater than once per year
  • Continuous demand mode is where the safety function retains the EUC in a safe state as part of normal operations
43
Q

Why is using generic values when performing LOPA good?

A
  • In performing LOPA, values used are usually drawn from generic sources, company standards and team “best” estimates.
    o The initiating event frequencies are order of magnitude estimates based on risk matrix likelihood scales.
    o Probabilities of failure on demand for the IPLs are typically generic values.
    o Many companies have their own tables for how much risk reduction can be claimed for an existing IPL or assumed for one that is recommended to fill an IPL gap
    o Multiple IPLs may be needed to close a gap

Risk Reliability and Safety (38 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions