PTS 60.0401 HSE Hazards and Effects Management Process

1
PETRONAS TECHNICAL STANDARDS
HEALTH, SAFETY AND ENVIRONMENT
HAZARDS AND EFFECTS MANAGEMENT

PROCESS
(GUIDELINE)
PTS 60.0401
JUNE 2006
Rev 1
PTS 60.0401
JUNE 2006
2
PREFACE
Petronas Technical Standards (PTS) are based on the experience acquired during the involvement with
the design, construction, operation and maintenance of processing units and facilities. Where appropriate
they are based on, or reference is made to, national and international standards and codes of practice. The
objective is to set the recommended standard for good technical practice applied by PETRONAS in oil
and gas production facilities, oil refinery, gas processing, chemical plants, marketing facilities or any
other such facility, and thereby to achieve maximum technical and economic benefit from standardisation.
The information set forth in these publications is provided to users for their consideration and decision to
implement. This is of particular importance where PTS may not cover every requirement or diversity of
condition at each locality. The system of PTS is expected to be sufficiently flexible to allow individual
operating units to adapt the information set forth in PTS to their own environment and requirements.
When Contractors or Manufacturers / Suppliers use PTS they shall be solely responsible for the quality of
work and the attainment of the required design and engineering standards. In particular, for those
requirements not specifically covered, the Principal will expect them to follow those design and
engineering practices which will achieve the same level of integrity as reflected in the PTS. If in doubt,
the Contractor or Manufacturer/Supplier shall, without detracting from his own responsibility, consult the
Principal or its technical advisor.
The right to use PTS rests with three categories of users:
1) PETRONAS and its affiliates
2) Other parties who are authorised to use PTS’s subject to appropriate contractual
arrangements.
3) Contractors/subcontractors and Manufacturers/Suppliers under a contract with users

referred to under 1) and 2) which requires that tenders for projects, materials supplied
or generally work performed on behalf of the said users comply with the relevant
standards.
Subject to any particular terms and conditions as may be set forth in specific agreements with users,
PETRONAS disclaims any liability of whatsoever nature for any damage (including injury or death)
suffered by any company or person whomsoever as a result of or in connection with the use, application
or implementation of any PTS, combination of PTS or any part thereof. The benefit of this disclaimer
shall inure in all respects to PETRONAS and/or any company affiliated to PETRONAS that may issue
PTS or require the use of PTS.
Without prejudice to any specific terms in respect to confidentiality under relevant contractual
arrangements, PTS shall not, without the prior written consent of PETRONAS, be disclosed by users to
any company or person whomsoever and the PTS shall be used exclusively for the purpose they have
been provided to the user. They shall be returned after use, including any copies, which shall only be
made by users with the express prior written consent of PETRONAS. The copyright of PTS vests in
PETRONAS. Users shall arrange for PTS to be held in safe custody and PETRONAS may at any time
require information satisfactory to PETRONAS in order to ascertain how users implement this
requirement.
PTS 60.0401
JUNE 2006
3
AMENDMENT RECORD SHEET
Chap. Section Description Issue Date Revision Date Approve

No. No. No. No. by: (initial)
All All PTS 60.0301 1 June0 0 0 IGA

Hazards and 5
Effects
Management
Process
Chap. Section Description Issue Date Revision Date Approve
No. No. No. No. by: (initial)
All All PTS 60.0401 2 June0 1 June IGA

Hazards and 6 06
Effects
Management
Process
PTS 60.0401
JUNE 2006
4
CONTENTS
PREFACE ......................................................................................................................................... 2
AMENDMENT RECORD SHEET................................................................................................ 3
CONTENTS................................................................................................................................... 4
1.1 ELEMENTS OF THE HSE MANAGEMENT SYSTEM.................................................... 5
1.2 TOOLS FOR THE HAZARDS AND EFFECTS MANAGEMENT PROCESS................... 6
2 HAZARDS AND EFFECTS TERMINOLOGY...................................................................... 7
2.1 HAZARDS, EFFECTS AND INCIDENTS......................................................................... 7
2.2 THREATS AND BARRIERS .............................................................................................. 9
2.3 CONSEQUENCES, MITIGATION AND RECOVERY PREPAREDNESS MEASURES... 9
2.4 RISK ................................................................................................................................ 13
2.5 FAULT AND EVENT TREES.......................................................................................... 14
2.6 LIKELIHOOD AND CONSEQUENCE (OR EFFECT).................................................. 14
3 HAZARDS AND EFFECTS MANAGEMENT PROCESS (HEMP) ................................... 15
3.1 THE STEPS IN THE PROCESS...................................................................................... 15
3.2 IMPLEMENTATION OF HEMP .................................................................................... 18
3.3 APPROACHES TO THE HAZARDS AND EFFECTS MANAGEMENT PROCESS....... 21
3.3.1 Experience/judgement................................................................................................. 21
3.3.2 Checklists..................................................................................................................... 22
3.3.3 Codes and Standards .................................................................................................. 22
3.3.4 Structured review techniques...................................................................................... 23
4 STRUCTURED REVIEW TECHNIQUES ........................................................................... 23
4.1 IDENTIFY HAZARDS AND POTENTIAL EFFECTS .................................................... 23
4.2 EVALUATE RISKS.......................................................................................................... 26
4.3 RECORD HAZARDS AND EFFECTS ............................................................................ 35
4.4 COMPARE WITH OBJECTIVES AND PERFORMANCE CRITERIA........................... 36
4.5 ESTABLISH RISK REDUCTION MEASURES ............................................................... 36
APPENDIX I – ACTIVITIES PLANNING AND REVIEW HEMP TOOLS ........................................... 38
APPENDIX II – ASSETS PLANNING AND REVIEW HEMP TOOLS ............................................... 39
APPENDIX III - HAZARDS AND EFFECTS HIERARCHY ................................................................ 43
III.1 Routine Health Hazards and Effects .......................................................................... 43
III.2 Environmental Hazards and Effects ........................................................................... 44
Key to Hazards.......................................................................................................................... 45
APPENDIX IV - STRUCTURED REVIEW TECHNIQUES SUMMARY DESCRIPTION SHEETS .............. 61
APPENDIX V - SEVERITY RATING FOR RISK MATRIX ........................................................ 86
Table V.1 - Example of further definition of consequence - severity rating for risk matrix .... 86
APPENDIX VI ............................................................................................................................. 93
When To Use QRA .................................................................................................................... 93
GLOSSARY .................................................................................................................................... 96
REFERENCES........................................................................................................................... 101
PTS 60.0401
JUNE 2006
5
1. INTRODUCTION
Hazards and Effect Management Process (HEMP) is a portfolio of tools and

techniques available for the management of HSE hazards. This process is
particularly important for those responsible for the management of hazards.
The objectives of this guide are to:
• provide a general overview of the Hazards and Effects Management Process
• describe the tools and techniques most commonly used in PETRONAS
• assist in the selection of the appropriate tools and techniques for Hazards
and Effects Management
• provide guidance on the integrated application of the tools and techniques

and
• outline how the results are to be incorporated within the HSE Management
System.
This document, PTS.60.0401, describes:
• the need, within the context of an HSE Management System, to define both
the techniques and tools commonly in use together with the competencies
required for their effective application
• the more common terminology and concepts used in the analysis of hazards
and effects and the determination of risk
• the stages of the Hazards and Effects Management Process and its role
within the HSE Management System. The role of experience, codes and
standards, checklists and structured techniques are discussed
• in summary the various structured review techniques available in Petronas to

support the process.
1.1 ELEMENTS OF THE HSE MANAGEMENT SYSTEM
The HSE Management System contains the following elements:
• Leadership and Commitment
• Policy and Strategic Objectives
PTS 60.0401
JUNE 2006
6
• Organisation, Responsibilities, Resources, Standards and Documentations
• Hazards and Effects Management Process (HEMP)
• Planning and Procedures
• Implementation and Monitoring
• Assurance
• Management Review
The Hazards and Effects Management Process (HEMP) is central to the

effective implementation of the HSE Management System. The process ensures
that hazards and potential effects are fully evaluated. To achieve this, a number
of tools and techniques are used. These are described in this document.
1.2 TOOLS FOR THE HAZARDS AND EFFECTS MANAGEMENT

PROCESS
1.2.1 Selection of tools
The objectives set out in the HSE Management Systems (HSE MS) and
subsequently the HSE Case effectively become the acceptance criteria for the
risk determined in the hazards and effects management process.
This document is designed to identify, specify and aid the effective selection of
an integrated suite of tools and techniques. Most of these have been in use for
some time. The various tools and techniques have been collated for ease of
reference, to demonstrate their relationship to each other and to describe their
input to the HSE MS and HSE Case. As stated above this document does not
specify when to use the tools, this is done in the documents describing the
business activities. A very broad framework of tools, techniques and guidelines
used in hazards and effects identification and assessment during the life cycle is
provided in Appendices I and II.
Codes, standards, checklists, as well as individual experience and judgement are

in no way replaced by any of these techniques and continue to play a vital role.
PTS 60.0401
JUNE 2006
7
1.2.2 Application and competence
Successful application of a technique is largely dependent on the experience of

the personnel using it. For this reason, familiarity, competence and training are
important factors to be taken into consideration when planning and resourcing
projects and drafting contract specifications. The competence levels required to
operate these techniques effectively may then be identified and the relevant
resources secured.
The application of tools in the hazards and effects management process such as
Environmental Assessment, Health Risk Assessment and QRA will continue to
involve specialists but their output can now be brought together with other
studies in a common HSE Management System. Specialist assistance when
using other tools and techniques may also be necessary. However the successful
application of any tool and technique will always be dependent on the
participation of the staff involved in the activities under study. Most of the tools
described require a multi-disciplinary approach.
Health, Safety and Environmental management is no different from any other

aspect of Petronas business and remains a line responsibility. HSE therefore
falls under the same management system. H, S and E have been considered
together in this document although external reasons may exist for presenting
certain studies separately. For example, when two separate authorities deal with
safety and environmental regulation and require separate submissions.
2 HAZARDS AND EFFECTS TERMINOLOGY
This chapter provides an overview of the more common terminology and

concepts used in the analysis of hazards and effects and the determination of
risk.
A comprehensive list of terms and their definitions is provided in the glossary of

this document.
2.1 HAZARDS, EFFECTS AND INCIDENTS
A hazard is defined as:
'The potential to cause harm, ill health or injury, damage to property, plant,
products or the environment, production losses or increased liabilities'. This
definition can be extended to include social/cultural disruption.
This represents a specific use of the word hazard, which in more common usage
can mean danger, chance or risk. Risk is defined in item 2.4. It is important to
recognise the adopted definition of this basic term and to be consistent when
PTS 60.0401
JUNE 2006
8
using common techniques. Hazards should not be confused with hazardous

activities e.g. drilling, lifting a load with a crane, etc.,. Examples of hazards are:
hydrocarbons under pressure, objects at height, electricity. Appendix III contains
a listing of generic hazards.
The terms 'chronic' and 'acute' are used to differentiate between hazards and
effects associated with continuous discharges and occupational exposure
(prolonged) and those relating to one off events, (health, safety and
environmental incidents) which might include poisoning, oil spills, fires and
explosions.
In environmental terms, 'chronic' effects are sometimes referred to as 'routine'

and are defined as the result of planned emission or discharge to the
environment. Such releases may include flaring of gas, or discharge to sea of
produced water following repeated and prolonged exposure to relatively low
levels or concentrations of a hazardous agent.
The aim is to control all health and environmental hazards and effects within
defined limits. Under health, for example, controls for benzene define levels in
air for long term exposure. For environment, for example, controls for flaring
may include limiting the volume of gas disposed of, defining criteria for the
combustion efficiency and defining environmental quality standards for
combustion products. Similarly, control of noise emission will be based on
noise limits, which will be set for a given location.
An effect in the context of this manual is usually an adverse effect either on the
health or safety of employees or the public. An environmental effect is any
direct or indirect impingement, whether adverse or beneficial, upon the
environment of the activities, products and services of the company. This also
includes impact on social and cultural systems.
The (undesired) release of a hazard is a hazardous event. If the hazardous event

is the first event resulting from the release of a hazard then it is called a 'Top
Event'. This is the undesired event at the end of the fault tree and at the
beginning of an event tree (see item 2.5). In the context of environmental
routine hazards, the undesired event can relate to the breaching of defined
limits, such as oil in water discharged to sea or noise levels in and around
locations, or in the context of health hazards, this relates to exceeding
occupational exposure limits and other standards for the full range of agents
hazardous to health.
An incident is an unplanned event or chain of events, which has the potential to

cause injury, illness and/or damage (loss) to assets, revenue, the environment or
third parties. An incident involves the release of a hazard, which includes the
exceedance of defined limits.
PTS 60.0401
JUNE 2006
9
2.2 THREATS AND BARRIERS
A threat in the context of this document is something that could potentially

cause the release of a hazard i.e. an incident. Examples are corrosion, fatigue
damage, poor visibility, overpressure, lack of knowledge/competence, etc.
To prevent a threat or combination of threats ultimately resulting in the release

of a hazard, some kind of counter measures are necessary. These measures are
called barriers. In the case of corrosion as a threat, for example, appropriate
barriers could be a corrosion-resistant coating, inspection programmes or
corrosion allowances. For overpressure one barrier would be a pressure relief
system. Environmental barriers could include operational controls, e.g. traffic
restrictions for noise, or hardware controls, e.g. provision of water treatment
equipment. Health barriers include, for example local exhaust ventilation (LEV)
and PPE.
Barriers may be physical (shields, isolation, separation, protective devices) or

non-physical (procedures, alarm systems, training, drills).
2.3 CONSEQUENCES, MITIGATION AND RECOVERY PREPAREDNESS

MEASURES
Should the barriers fail to prevent or avoid the release of a hazard then some
kind of counter measures are required to limit the consequences of the
hazardous event or effect. The purpose of these countermeasures is the
mitigation of consequences and to aid in reinstatement. One example of
mitigation is a fixed fire protection system, another would be the evacuation of
personnel from the area. Those measures aimed at reinstating or returning the
situation to normal operating conditions are also called recovery preparedness
measures. All such measures ranging from the first steps in mitigation through
to reinstatement of the operation are termed recovery preparedness measures.
PTS 60.0401
JUNE 2006
10
THREATS ESCALATION
Hazard :
Hydrocarbon gas
under pressure
Examples:
Corrosion Fire
Pressure Vessel
Erosion
Impact
Rupture and Leak
Hazardous
Event
Leak ! Fire
First Hazardous Event

or
Top Event
Inspection Corrosion Detection Detection Plant Detection

Allowance Process ESD Separation and
Shutdown Deluge
Threat Barriers Recovery Preparedness

and Mitigation Measures
CAUSATION CONSEQUENCE
Figure 2.1 Terminology: Acute or incidental release (safety example)
PTS 60.0401
JUNE 2006
11
THREATS ESCALATION
• Ecological damage
• Water supply contamination
• Irrigation contamination
Hazard : • Liabilities
Effluent • Reputation
Examples: Treatment system

• Input Changes Pollution
• Maloperation
• Malfunction
Discharge
Hazardous
Event
Discharge
ppm Limit Exceeded !
Pollution
ppm
ppm
Limit

or
Top Event
Auto Level Procedures Alarm System Divert to Plant Clean-up

Alarm Sampling Shutdown Holding Shutdown Plan
Tanks
Threat Barriers Recovery Preparedness Measures

Figure 2.2 Terminology: Chronic or routine release (environment

example)
PTS 60.0401
JUNE 2006
12
THREATS ESCALATION
Increased risk :
Hazard:
Leukaemia
Toxic vapour
Liabilities
Loss of reputation
Examples:
Corrosion
Handling of toxic chemical
Maloperation
Leaking flanges
Release of benzene
Increased
risk of
leukaemia
Exposure to benzene
exceeding OEL* !
ppm
ppm
Limit

or
Top Event
Vapour Return Procedures Local PPE Biological Epidemiology
System Exhaust Monitoring
Ventilation
* OEL Occupational Exposure Limit
Threat Barriers Recovery Preparedness Measures

Figure 2.3 Terminology: Chronic or routine release (health

example)
PTS 60.0401
JUNE 2006
13
FAULT TREE EVENT TREE

(C a u s e s ) (C o n s e q u e n c e s )
e . g . m a lo p e r a t io n
E
e .g . o v e rp re s s u re S
H C
A A
Z L
A e .g .E S D Loss of A
R bypassed gas e . g . d e t e c t o r f a ilu r e T
D c o n ta in m e n t I
O
N
H a z a rd o u s E v e n t
( r e le a s e o f h a z a r d ) e . g . d e lu g e f a ilu r e
e .g . e x p lo s io n
s e q u e n c e o f f a u lt s a n d c a u s e s s e q u e n c e o f e v e n t s a n d f a il u r e s le a d in g
le a d in g t o a h a z a r d o u s e v e n t t o t h e e s c a la t i o n o f a h a z a r d o u s e v e n t
Figure 2.4 Cause consequence diagram (bow tie)
2.4 RISK
'Risk' combines the chance that a specified undesired event will occur and the
severity of the consequences of the event or otherwise is the product of the
probability of occurrence and the severity of the consequences. To determine the
'risk' of a specific 'hazardous event' taking place therefore requires information
on the likelihood of the event taking place and the severity of the adverse
consequences that could be expected to follow from it.
The terms 'probability', 'likelihood', 'frequency' and 'chance' are often used
interchangeably however in the HEMP terminology, the following apply and
should be consistently used:
• likelihood and chance both indicate the possibility of something

happening
PTS 60.0401
JUNE 2006
14
• frequency is a rate, e.g. number of incidents per hour
• probability is a ratio. It indicates the number of chances of something

happening to the total number of chances.
2.5 FAULT AND EVENT TREES
A common way of understanding the possible threats or causes that could lead
to the unplanned release of a hazard is to present them diagrammatically using a
fault tree. In a similar way after the release of a hazard an event tree may be
used to determine and display the potential outcomes or consequences.
Fault Tree Analysis is used to show the sequence of possible threats or causes
that could lead to the release of a hazard. The fault tree leads to a single point
where the undesired event has taken place or where the hazard has been
released. This is known as the Top Event and represents the transition from the
Fault Tree (threats/causes) to the Event Tree (consequence).
The Event Tree is made up of nodes which correspond to the different stages in
an escalating incident sequence. The lines which lead out of each node
correspond to the paths of success or failure in mitigation of the incident.
The whole sequence showing the progression from any cause, (Fault Tree)
through the Top Event to the full range of consequences (Event Tree), for a
single hazard can be represented in a single diagram (often called a 'bow tie') as
shown in Figure 2.4. In a quantitative assessment such as QRA, a number of
hazards will be considered together, however in qualitative assessment it is
normal to consider one hazard or one bow tie.
For qualitative and quantitative risk assessment the same process is used (ie
bow tie) but in QRA, risks are quantified initially per Top Event then summated
for a number of scenarios and hazards.
2.6 LIKELIHOOD AND CONSEQUENCE (OR EFFECT)
The Likelihood of a Top Event occurring may be determined by quantitative

evaluation of the possible threats or from historical data bases.
Lack of good data may limit the development of a fault tree however in some
circumstances the historical frequency of the top event may provide an adequate
time.
PTS 60.0401
JUNE 2006
15
Consequence analysis can be applied to assess HSE aspects for a range of

scenarios and typically involves the use of predictive models. Examples include
the use of:
• physical effects models for predicting the behaviour and loading from
potential hydrocarbon releases (dispersion, fire, radiation, explosion and
smoke) in terms of flammable limits, heat radiation, explosion
overpressure, etc.
• physical consequence models for predicting the consequence of the

effects of hydrocarbon release events (structural damage, vessel integrity
loss, etc.)
• air and water dispersion models for predicting the behaviour of

discharges to the atmosphere or water bodies respectively
3 HAZARDS AND EFFECTS MANAGEMENT PROCESS (HEMP)
3.1 THE STEPS IN THE PROCESS
The Hazards and Effects Management Process (HEMP) was originally

developed to provide a structured approach to the analysis of safety hazards
throughout the life cycle of an installation. The environmental and health risk
assessment processes fulfil a comparable function with respect to environmental
and health hazards at all stages of the life cycle. These assessments are based on
the same concept and have been brought together as HEMP. The process is
applicable to all business processes in the life cycle of an operation from
inception to abandonment. The tools and techniques available are applied in a
logical and rigorous way, setting acceptance criteria and screening against them
as the process proceeds. The arrangements identified as necessary to manage
assessed threats and potential consequences and effects are then incorporated in
the design phase or for existing operations it is necessary to verify that what is
in place is suitable and sufficient. If not, then remedial action is taken and all
necessary procedures are incorporated into the HSE Management System.
The principles of 'identify', 'assess', 'control' and 'recover' are the basis of
HEMP, with the individual stages summarised in the following steps:
1. Identify Hazards and Potential Effects
2. Evaluate Risks
3. Record Hazards and Effects
4. Compare with Objectives and Performance Criteria
PTS 60.0401
JUNE 2006
16
5. Establish Risk Reduction Measures.
Step 1 : Identify hazards and potential effects
Systematically identify the hazards, the threats and potential hazardous events
and effects which may affect, or arise from, a company's operation throughout
the total life cycle of the operation.
Step 2 : Evaluate risks
Systematically evaluate (assess) the risks from the identified hazards against
accepted screening criteria, taking into account the likelihood of occurrence and
the severity of any consequences to employees, assets, the environment and the
public. This includes the risks associated with deviation from limits set for
environmental and occupational health hazards.
Step 3 : Record hazards and effects
Record all those hazards and effects identified as significant in relation to the
screening criteria in one of the following documents:
• HSE MS Activities Catalogue
• HSE Activity Specification Sheets
• Hazards and Effects Register
• HSE Critical Operating Procedures
• Manual of Permitted Operations.
These documents will then be included in Parts 3 and 5 of the HSE MS and
HSE Case.
Step 4 : Compare with objectives and performance criteria
Compare the evaluated risks against the detailed HSE objectives and targets for
the project or installation. For all cases these targets must be maintained and be
consistent with the Company Policy, and Strategic Objectives. Performance
standards at all levels must meet the criteria set in the HSE Case which in turn
must comply with the Company's HSE Management System.
Step 5 : Establish risk reduction measures
PTS 60.0401
JUNE 2006
17
Select, evaluate and implement appropriate measures to reduce or eliminate

risks. Risk reduction measures include those to prevent or control incidence i.e.
reducing the probability of occurrence and to mitigate effects i.e. reducing the
consequences. Mitigation measures include steps to prevent escalation of
developing abnormal situations and to lessen adverse effects on Health, Safety
and the Environment. Risk reduction measures also include recovery
preparedness measures, which address emergency procedures as well as
restoration and compensation procedures to recover.
Revisit Step 3 to record fully the activity/task requirements.
PTS 60.0401
JUNE 2006
18
3.2 IMPLEMENTATION OF HEMP
The Hazards and Effects Management Process can be implemented at any point
in the life cycle of a facility or operation as:
- When planning the development of new facilities, reviewing existing

facilities, or planning for the abandonment and decommissioning of existing
facilities, the focus is on the identification and assessment of hazards and
effects that may be avoided, reduced or eliminated.
- In the operational and maintenance phase, the focus is on control of hazards

and effects by procedures and the development and implementation of
effective recovery preparedness measures.
- In the abandonment and decommissioning stages the focus is directed

towards safe clean up and rehabilitation.
People involved in operational activities however should always be alert to

identify new hazards particularly in non routine operations.
3.2.1 Assets: planning and review
In a new development, the HEMP will normally be iterative, beginning on a

wide basis with little detail and then progressing through the development cycle
as more detail becomes available.
In the review of an existing development a similar iterative approach may be

adopted starting with a wide approach on general issues then converging on
areas of specific concern and more detailed assessments.
This management process is applied to all hazards and potential effects. Those
engaged in design and planning activities who utilises tools, such as HAZOP,
Health Risk Assessment or Environmental Assessment are already familiar with
this approach.
Appendices I and II give an indication of when the tools and techniques are used
during the life cycle of a development and in the development of an HSE Case
for an asset.
The output from the various tools and techniques used in the HEMP in the
planning and review stages of a new development is used primarily to refine the
design by identifying the hazards and threats, removing them if possible and
making the design as inherently safe to operate as practicable. The output
therefore primarily concerns the hardware although the design planning phase
can profoundly affect all subsequent stages of the development.
PTS 60.0401
JUNE 2006
19
PTS 60.0401
JUNE 2006
20
3.2.2 Activities: planning and review
This relates to the preparation for practical physical activities involved in the
implementation of plans. This preparation should involve those carrying out or
supervising the activity. The techniques for the identification and assessment of
hazards used in the planning and review stages are also applicable but in the
operational phase tend to be more focused on procedural aspects rather than
hardware design.
In the implementation or operations phase, planning activities such as the

systematic preparation of Permits to Work and Job Hazard Analysis address all
the steps of the HEMP.
The PTS’ on the basic Permit-to-Work System, 60.2001, and Job Hazard
Analysis, 60.2005, can be used for a team review of the procedure for a repeated
activity or as a one-off review of a new activity.
PTS 60.2115 'General Workplace Practices' contains activity specification

sheets and hazard register sheets for typical HSE activities and hazards
encountered in the workplace.
The Manual of Permitted Operation (MOPO) describes conditions where

specific activities cannot be carried out at the same time and is described in
PTS.60.0303 - Documenting an HSE Management System and HSE Case.
Waste management procedures, described in the PTS 60.3005 - Waste

Management Guide, provide information for the inclusion of waste management
activities.
The output from the various tools and techniques in the HEMP for operational-
type activities will be used in the development and review of working
procedures and form part of the HSE Case for the operation of the facility. For a
significant or new activity, such as a major construction project, a seismic or
drilling campaign or abandonment, the output from the various tools will be
included in an HSE Case.
For a smaller work scope usually confined to one contract, the HSE Case is
sometimes called an HSE Plan or where the work or operational task is one of
many to be undertaken, terms like 'Work Procedure' or 'Work Statement' are
sometimes used. All these descriptions only reflect the scale of the operation.
The most important point is that in their preparation the steps of the Hazards
and Effects Management Process must be followed. That is hazards and
potential effects must be identified and assessed and Control and Recovery
Preparedness measures must be developed and in place ahead of time.
PTS 60.0401
JUNE 2006
21
3.3 APPROACHES TO THE HAZARDS AND EFFECTS MANAGEMENT

PROCESS
Hazards can be identified and assessed in a number of ways. The hazard

identification and assessment process is based on the following:
• experience / judgement
• checklists
• codes and standards
• structural review techniques
Figure 3.1 APPROACHES TO THE HAZARDS AND EFFECTS

MANAGEMENT PROCESS
Structured
Review
Techniques
Increasing level of detail Codes / Standards
Checklists
Experience /
Judgement
IDENTIFY ASSESS
HEMP
RECOVER CONTROL
3.3.1 Experience / judgement
The knowledge of experienced staff provides a sound basis for hazard

identification and assessment. One can draw on experience gained from
different aspects of the PETRONAS’ business in different locations. Practical
PTS 60.0401
JUNE 2006
22
staff experience gained in the field and feedback from incidents, accidents and
near misses is invaluable.
3.3.2 Checklists
These are a useful way of ensuring that known hazards and threats have all been
identified and assessed. The use of checklists, however, must not be allowed to
limit the scope of review. They are normally drawn up from standards and
operational experience and focus on areas where the potential for mistakes is
high or where problems have occurred in the past. Hazard Registers taken from
the life cycle of previous developments are particularly useful as a basis for
checklists. They should be maintained throughout the life of the development
and include both the operational and abandonment phases (Ref. 1).
Table VI.1 is a checklist called the Hazard Hierarchy, which includes health,
safety and environmental hazards previously identified by OPU/JVs. The
checklist approach is used in several techniques such as HAZID, HAZOP and
FIREPRAN, etc.,
3.3.3 Codes and Standards
These reflect collective knowledge and experience, accumulated on the basis of

national or international operations. They generally focus on hazard assessment
and control, since the hazard is inherent and recognisable. Codes and standards
usually contain information on hazards applicable to a particular type of
operation. The designer of a pressure vessel relief system, for example, can use
a PTS or ISO Standard to find detailed guidance on the relief cases that should
be considered. In some cases compliance with prescriptive standards alone will
reduce risk to 'as low as reasonably practicable'. Similarly, the acceptability or
otherwise of emissions or discharges to the environment or release of agents
harmful to health can be assessed by reference to environmental quality
standards and occupational health exposure limits. For environmental and
occupational health, the process begins with an inventory of emissions and
effects agents hazardous to health respectively.
Codes and standards can therefore provide guidance on all four steps of identify,
assess, control and recovery.
Where new or non-standard designs are concerned, especially ones containing

configurations with multiple interfaces, it is unlikely that all the possible
interactions can be identified using codes and standards alone. In more complex
facilities such as offshore process facilities, other hazard management tools will
be required.
PTS 60.0401
JUNE 2006
23
3.3.4 Structured review techniques
The following chapters of this document describe the Structured Review

Techniques and Procedures in current use. Some of these techniques were
initially developed for use in safety management others have been specifically
developed for environmental and occupational health management often using
similar principles as for safety management. One example is HAZID (Hazard
Identification) and another is HAZOP (Hazard and Operability Study). With
interpretation, these techniques are also capable of addressing emissions,
discharges, waste generation and occupational exposure to hazardous
substances, etc. Many of the techniques described also contain screening and
acceptance criteria for Controls.
4 STRUCTURED REVIEW TECHNIQUES
Structured review techniques are available for all phases of the 'identify, assess,
control and recover' process. The recommended techniques are presented in this
chapter under the same headings as used in Chapter 3, i.e.:
• Identify Hazards and Potential Effects
• Evaluate Risks
• Record Hazards and Effects
• Compare with Objectives and Performance Criteria
• Establish Risk Reduction Measures.
4.1 IDENTIFY HAZARDS AND POTENTIAL EFFECTS
The selection of the appropriate techniques depends upon the information

available and the phase of the project or maturity of the operation.
For Petronas facilities, a generic Hazards and Effects Hierarchy has been
generated and is included in Appendix III. This provides a structured listing of
hazards and effects and attributes which can be used as a completeness check
during hazard identification. The hierarchy provides the basis for a
computerised approach to the systematic identification and assessment of
hazards and their effects.
Table 4.1 Techniques for planning and review of assets
Technique DESCRIPTION Reference

HAZID (Hazard A structured brainstorming technique that is PTS 60.2004
PTS 60.0401
JUNE 2006
24
Identification) particularly useful in the early stages of a

development, either as a stand alone exercise
or as part of a more general review. The
'prompt' or 'checklist' approach guides the less
experienced and prompts the experienced.
Success when using the technique depends
upon a properly constructed team being well
managed and having the opportunity to think
beyond the checklist and identify the unusual.
The same technique can be applied for health
hazards associated with the living
environment (e.g. tropical diseases) and
lifestyle (e.g. substance abuse).
Health Risk Is used for identifying and assessing PTS.60.1400
Assessment occupational health hazards and the controls
needed to manage them effectively. Chemical,
physical, biological, ergonomic as well as
psychological aspects of the occupational
environment are included.
Chemical Health Supplements the general guide on Health Risk PTS.60.1400
Hazards Assessment by providing specific additional
advice on assessing risk to health arising from
chemical agents in the work place.
Human Factors Encompasses a number of techniques directed PTS.60.0103
at the assessment of the human element of the
management of hazardous events from design
through to emergency response.
Environmental Includes development of an environmental PTS. 60.3202
Aspect Impact profile which provides information necessary
Assessment to:
Guide(EAIA) Build an environmental description of the area
or location and its environment before
development
Assess the beneficial and/or adverse effects of
the development
Identify mitigation measures
Prepare a plan to enable measures to be
implemented.
Also applicable to ongoing activities
Monitoring Soil Provides guidance on assessing soil and PTS.60.3303
and Groundwater groundwater quality at Petronas locations
Quality from initial desk studies to more detailed site
investigations.
Social Impact Describes the component parts of a social
Assessment impact assessment including relationship to
PTS 60.0401
JUNE 2006
25
the natural environment, cultural and

historical attitudes and sensitivities,
population characteristics and political social
institutions. Means to involve the wider
public are seen as critical.
HAZOP (Hazard One of the most widely accepted and PTS 60.2209
and Operability powerful of the hazard identification and
Study) assessment tools available for reviewing the
design of process facilities. It is carried out in
varying degrees of detail throughout a project
after design checks have been completed.
HAZOP is not a design tool but a
supplementary team checking exercise, which
also includes the operational aspect of a
design. It is unusual to make other than a
subjective assessment of the consequences of
a particular failure scenario during a HAZOP.
The HAZOP technique has been extensively
applied with success by others to areas like
maintenance, drilling, etc.
FIREPRAN To identify deficiencies and opportunities for PTS.60.2302
improvement in order to meet objectives with
respect to fire and explosion management.
FIREPRAN is not suited to complex, compact
integrated facilities..
SAFOP Comprises three components:
(Electrical Safety SAFAN - (Safety Analysis) identification of
and Operability hazards to personnel in the vicinity of
Study) electrical systems
SYSOP – (System Operability) critical
assessment of electrical network and plant
design
OPTAN – (Operational Task Analysis)
analysis of operator actions to determine areas
of potential operator error.
There are few if any tools and techniques, which are limited solely to the
identification of Hazards and Potential Effects. Most include assessment as well
as identification. Indeed techniques, such as Health Risk Assessment and
Environmental Assessment include all four elements, identify, assess, control
and recover.
Inherent in some techniques, such as HAZOP, is a qualitative assessment of risk

based on judgement of threats, such as hardware failure, control system failure,
human error, corrosion, extreme conditions, etc.
PTS 60.0401
JUNE 2006
26
Table 4.2 Techniques primarily for activity planning and review

Job Hazard Identification of potential problems within a PTS.60.2201
Analysis job task that could lead to hazardous
situations. Elimination or reduction of the
hazard by development of safe working
procedures.
Tripod-BETA To facilitate accident or incident investigation PTS.60.0504
and analysis by providing the means to
assemble and manipulate investigation
information into a logical structure consistent
with the Tripod accident causation model and
the hazards and effects model of HSE MS.
Tripod-DELTA The proactive identification of potential latent PTS.60.0503
failures that could lead to hazardous situations
and the development of remedial actions to be
taken to reduce or eliminate such hazards.
4.2 EVALUATE RISKS
Once hazards and threats have been identified, their causes, consequences and
probability can be estimated and the risk determined. Risk assessment may be
on a qualitative or quantitative basis both involving the same steps. Qualitative
methods may be adequate for risk assessments of simple facilities or operations
where the exposure of the workforce, public, environment or the asset is low.
Inherent in many of the techniques mentioned in item 4.1 is a subjective
evaluation of risk. HAZOP and FIREPRAN, for example, require the team to
select the critical items for further study. To do this there must be a risk
assessment, which is based primarily on experience or judgement. The
qualitative or banded assessment of probability and consequence from such an
analysis can be plotted on the Risk Matrix described in PTS.60.0101 Group
HSE Management System Manual and repeated in item 4.2.4. In FIREPRAN,
HAZOP and Health Risk Assessment, this Risk Matrix is used to assist in
decisions regarding risk. In the context of this manual evaluate and assess have
the same meaning.
4.2.1 Scenario development (causes)
The first step in the risk evaluation is to examine the ways in which events may
take place to cause a hazardous event. Causation scenarios may be developed in
simple narrative or use multiple branch fault trees or utilise complex
computerised modelling techniques. The method is entirely dependent on the
area being assessed.
PTS 60.0401
JUNE 2006
27
4.2.2 Probability
The probability of a hazardous event occurring may be determined by evaluation

of the associated possible threats and circumstances or from historical
databases. Once established, the probability of occurrence of each event can be
included in a fault tree.
Historical records provide failure data for various types of event in the fault tree
and event tree including the Top Event. Alternatively, probability can be
generated in a qualitative way by the relative classification of probability into
those shown on the Risk Matrix in item 4.2.4.
4.2.3 Consequence analysis
Consequence analysis can be applied to assess HSE aspects for a range of

consequence scenarios and involves the use of predictive models. Consequence
scenarios may be developed in simple narrative or use multiple branch event
trees or utilise complex computerised modelling techniques.
Examples include the use of physical effects models for assessing the integrity
of structures, for predicting the behaviour of emissions to the atmosphere and
discharge to water and predicting heat loading and explosion overpressure.
Models should only be used when they are validated in a particular application
and their predictive capability is generally accepted. Successful application
requires that they be used by personnel with adequate training and experience.
The results from Physical Effects Modelling usually provide input to other HSE
analyses such as ESSA, FEA and Layout Studies.
In performing consequence analyses it should be recognised that the majority of

models provide only a good approximation of what might happen. It is a
mistake to base design calculations wholly on model results. The designed
system should be capable of withstanding the range of possible anticipated
loadings.
Table 4.3 Techniques for consequence analysis

Physical Effects This encompasses a number of PTS.60.2211
Modelling techniques available for modelling the
effects of hazardous releases such as
explosions, gas dispersion and fire
Layout Offshore Layout Methodology - A No reference
Methodology simplified design tool for identifying
separation requirements when laying out
PTS 60.0401
JUNE 2006
28
an offshore complex
Onshore Layout Methodology as above
for onshore facilities
FEA Fire and Explosion Analysis is a No reference
collective term for the process, which
identifies and evaluates all fire and
explosion hazardous events as a basis for
risk reduction and for preparing
performance criteria for essential safety
systems and the arrangements required
for escape, evacuation and rescue (EER).
ESSA Emergency System Survivability No reference
Analysis. This is part of the FEA and
determines the ability of the emergency
systems to withstand severe accident
conditions. ESSA is part of the FEA
process and provides information, which
is subsequently used in TR/EERA.
TR/EERA Temporary Refuge Escape, Evacuation Shell DEP
and Rescue Analysis of escape to 37.17.10.11
Temporary Refuge (TR), the provisions
within the TR system, and the
Evacuation, Escape and Rescue
provisions. The analysis considers the
major scenarios previously identified and
compares these against respective
acceptance standards highlighting critical
elements and revealing any shortfalls.
Environmental Used to predict the behaviour of Monitoring air
Dispersion contaminants following discharge.
quality and
Models Results are used to evaluate the Atmospheric
significance of emissions and discharges.Emissions
A wide range of models are available and PTS.60.3302
vary in complexity and sophistication. Monitoring water
quality
PTS.60.3301
Risk Assessment These have been developed to evaluate Env. quality
Models for the significance of soil contaminants to standards - soil
Contaminated human and environmental health. and groundwater:
Soil PTS.60.3013
Monitoring Soil
and Groundwater
Quality
PTS.60.3303
Groundwater These have been developed to predict the A range of
PTS 60.0401
JUNE 2006
29
Models behaviour of contaminants in models available

groundwater and focus on the movements
of the contaminants.
These techniques are summarised in Appendix IV.
4.2.4 Determination of risk
Having determined the probability of the different scenarios occurring to cause a

'hazardous event' and having determined the consequences arising from that
event, it is possible to represent the risk graphically using the Risk Matrix
described in PTS.60.0101 Group HSE Management System Manual and
repeated below:
PTS 60.0401
JUNE 2006
30
Table 4.4 Risk matrix
Consequence Increasing Probability
A B C D E
People Assets Environ Reputati Never Heard Incident Happens Happens
ment on heard of of has several several
in incident occurred times per times per
industry in in our year in year in
industry company co. location.
No No No
No effect
injury damage impact
Slight Slight Slight Slight

injury damage effect impact
Minor Minor Minor Limited

injury damage effect impact
Localise Consider
Major Localise
d able
injury d effect
damage impact
Single Major Major Major
fatality damage effect national
Major
Multiple Extensiv Massive
internati
fatalities e damage effect
onal
The matrix need not remain as a static display of risk and measures to be taken.
Over the years tolerance to risk will change therefore the shading in the diagram
will change.
The above matrix gives an indication of risk tolerability but this should relate to
the operation under consideration. An example of how the matrix can be further
defined for a particular operation is included in Appendix V.
4.2.5 Quantitative Risk Assessment (QRA)
QRA is a potentially powerful technique which is described fully in

PTS.60.2210. Appendix VI contains specific examples and guidance of when
Quantitative Risk Assessment is used to its best advantage. Guidelines are
available for undertaking quantitative risk assessment for specific applications
including risers and pipelines.
PTS 60.0401
JUNE 2006
31
These are:
Table 4.5 QRA Techniques for specific applications

ASPIN Pipeline failure risk analysis technique no reference
and data base.
An easy to use quantitative failure risk
assessment tool to compare different
options and conditions during pipeline
design and operation and to assist in
optimising and planning inspection and
maintenance efforts. Simplified version.
RISER Risk Evaluation of Risers. no reference
Assessment of risks of pipeline riser on or
near platforms with comparative risk
analysis to assess the benefits of subsea
valve installation on pipelines.
These quantitative risk assessments should only be used by personnel with

adequate training and experience. It is most important that those familiar with
the operation, the facility or the design are involved in the study particularly
with respect to the input, assumptions and conclusions drawn to ensure that the
model reflects reality.
Assumptions must reflect actual practice including inspection and maintenance

frequencies and techniques, frequency of drills and operating procedures, etc.
QRA provides a structured approach to assessing risk and expresses this

numerically. The main function of QRA is to identify high risk areas and assist
in the comparison of design options and the selection of operations philosophies
with a view to establishing effective and efficient risk management.
QRA assists in the determination of 'how safe is safe enough' by helping to

analyse options to establish whether or not ALARP (As Low As Reasonably
Practicable) has been achieved.
Engineers and decision makers sometimes like to use quantitative risk

assessment to make a decision for them. For this purpose they would like to see
well defined acceptance criteria for risk and a calculation resulting in one
number to tell them whether their design is 'right' or 'wrong'. However, risk
figures, which are based on probabilities, should be used with caution and
comparison against absolute numerical risk criteria avoided where possible.
This is important for a number of reasons.
PTS 60.0401
JUNE 2006
32
First, the accuracy of QRA studies means that the comparison of calculated
numbers with specified numerical criteria must be used with considerable
caution. The inaccuracies are less important in comparisons between various
options analysed in a consistent manner. Nevertheless absolute risk figures may
be required to fulfil legislative requirements and to ascertain whether ALARP
risk levels have been reached.
Secondly, the risk of PETRONAS operations calculated in a QRA is often in the

'Too High' area and nowhere near the 'Negligible' area. This means that
regardless of acceptance criteria set by authorities or others, there is a need to
identify further improvements and to implement them if the cost, time and effort
can be justified.
Thirdly, there is always the temptation to use comparison with absolute risk
criteria as a means to justify not carrying out risk reduction measures, with data
being manipulated solely to meet the criteria. Playing the 'numbers game' in this
way could lead to QRA being used to justify risk levels that could realistically
still be reduced.
Fourthly, using statistical likelihood values carries with them a set of inherent
assumptions which may or may not be appropriate for the operation being
studied.
Expressions like 'acceptably safe' or 'an acceptable risk' should be avoided when
discussing risk. Risks are never acceptable when the benefits of an activity are
perceived to be smaller than the risks. Further, a risk is never considered
acceptable while there are effective alternatives to lower it. If there are no
effective alternatives or the cost of further reduction is disproportionate then it
may be necessary to live with or 'tolerate' the risk.
QRA can be used to assess risk to the company's workforce, assets and
environment as well as risk to the public. At present, QRA or environmental
QRA is confined to 'incidental' or 'acute' hazardous events. In Petronas
operations, the facilities are in many cases sufficiently remote that
considerations of this type of risk to the public do not dominate. In downstream
activities, risk to the public is often the main concern.
The application of QRA is not necessarily limited to large, complex and

expensive studies. It is a technique which can be used relatively quickly and
cheaply to help to structure the solution to problems for which the solution is
not intuitively obvious. Without the quantification of risk in some situations,
there may a danger of allocating scarce resources for little benefit. Risk is often
defined as a function of the chance that a specified undesired event will occur
and the severity of the consequences of the event. For QRA purposes, chance
can be expressed as frequency or probability of an occurrence. If no attempt is
PTS 60.0401
JUNE 2006
33
made to estimate the chance, we may be driven by the consequence into

investing heavily on risk reduction measures which are ineffective. This is
illustrated in Figure 4.1. The risk curve (shaded) indicates the area in which
effective risk reduction measures can be taken.
PTS 60.0401
JUNE 2006
34
Figure 4.1 Determination of risk
On the left side of the curve the consequences are too small to cause concern,
regardless of the probability. On the right side the consequences could be
dramatic but the probability is so low that it would be more effective to invest in
those risk reduction measures which concentrate on the events contributing to
the peak of the risk curve. The above can be easily aligned with the Risk Matrix.
It must be recognised that the public and regulatory authorities are most
interested in high consequence events. In the context of the Risk Matrix this
might be in the 'never heard of incident in Petronas industry' column but
nevertheless risk reduction measures must still be considered.
4.2.6 Screening criteria: limits / standards
PTS 60.0101 Group HSE Management System Manual Chapter 4 describes the
concept of screening risk against criteria set in a qualitative and quantitative
manner together with the use of the ALARP principle, which sets the risk level
as low as reasonably practicable.
Guidelines, which provide environmental limits and standards, include:
PTS.60.3101 Environmental quality standards - water

PTS.60.3102 Environmental quality standards - air
PTS.60.3103 Environmental quality standards - soil and groundwater
PTS 60.0401
JUNE 2006
35
References to occupational exposure limits and standards are listed in Health

Risk Assessment and Ionising Radiation Safety Guide.
4.3 RECORD HAZARDS AND EFFECTS
4.3.1 Records
The documentation relating to the hazards and effects analysis and the
management of hazards and effects is included in Parts 3 and 5 of the HSE MS
and HSE Case described in PTS.60.0303.
In a major project or facility the studies carried out as part of the HEMP are
recorded formally usually via the first draft of the Hazards and Effects Register.
The level of detail addressed increases as familiarity with the project or facility
improves. Different techniques are then applied to identify and assess hazards.
The hazards and control measures identified during the design phase are
recorded for later transfer to the operator of the facility who will be responsible
for the HSE Case.
4.3.2 Hazards and effects register
The hazards and effects information gained from the application of HEMP tools
and techniques is incorporated in the HSE Case in what is called a Hazards and
Effects Register.
The HSE Case has to demonstrate that:
• all hazards, effects and threats have been identified
• the likelihood and consequences of a hazardous event have been

assessed
• that controls to manage potential causes (threat barriers) are in place
• that recovery preparedness measures to mitigate potential consequences

have been taken.
Assembly of the Hazards and Effects Register, which forms part of the HSE
Case, begins at the design and development stage of a project when hazards and
effects from this phase are incorporated. Hazards applicable during the
construction and commissioning phase may be included or listed separately.
Later, hazards encountered in the operations and maintenance phase are
included. The Hazards and Effects Register is a live document and is passed
from phase to phase of a development through to abandonment. When the
design phase is complete, the Hazards and Effects Register is handed over to
PTS 60.0401
JUNE 2006
36
and subsequently maintained by, the operations management of a facility. The

Hazards and Effects Register will subsequently be used in the planning of
abandonment and held on record for a period thereafter.
On completion of the Hazards and Effects Register, the following should be

documented:
• limit of safe operations when barriers / recovery preparedness measures

are reduced, removed or defeated
• limit of safe operations when there are escalation factors which increase
the risk likelihood or consequence
• activities which can and cannot be carried out simultaneously
These should be approved by the MD / CEO.
4.4 COMPARE WITH OBJECTIVES AND PERFORMANCE CRITERIA
The objectives and performance criteria adopted at all levels in the process should
comply with those stated in the Corporate HSE Policy, HSE MS and HSE Case,
respectively (see PTS. 60.0101 Group HSE Management System Manual Chapter 4).
4.5 ESTABLISH RISK REDUCTION MEASURES
4.5.1 General
Risk reduction measures include preventative measures (likelihood reducing) and

mitigatory measures (consequence reducing). The point at which measures may be
classified as prevention, mitigation or recovery can sometimes become unclear
depending on the perspective of what constitutes the hazardous event. Fortunately, in
practice, this makes little or no difference to the process of risk reduction.
Control and recovery aspects form a significant part of design standards. These are not
listed separately in this document.
A number of reference documents describing the controls are frequently used in

applying the HEMP. These are summarised below together with references for full
descriptions.
4.5.2 Control of release of hazards and effects
Some typical control measures are described in the following guidelines:
PTS.60.2115 General Workplace Practices
PTS 60.0401
JUNE 2006
37
PTS.60.2001 Guidelines on Permit to Work (PTW) Systems

PTS.60.3008 Waste Management Guidelines
PTS.60.3005 Monitoring Water Quality
PTS.60.3302 Monitoring Air Quality and Atmospheric Emissions
PTS.60.3303 Monitoring Soil and Groundwater Quality
4.5.3 Recovery preparedness measures
Recovery from the consequences of the release of a hazard requires careful planning.
Even with a comprehensive range of controls in place to prevent the release of hazards
or effects things can still go wrong. It is important that all personnel involved are fully
briefed and drilled as to the response measures planned which may include evacuation
and restoration procedures.
Recovery Preparedness Measures include active, passive and operational (contingency

plans) response arrangements.
In a crude oil separation module, a loss of containment will probably be controlled by

ESD, depressurisation and containment/fire protection devices. These control and
recovery measures have been installed to achieve the HSE objectives that have been set.
They might reduce a worst case occurrence to a single major injury or fatality as
compared with the possible catastrophe that could have occurred with no controls at all
in place.
From an environmental perspective recovery includes site clean up and rehabilitation.

An example in occupational health would be the redeployment of a radiographer who
has exceeded his radiation exposure or a cargo handler who has a back injury.
Documents, which will assist in the development of recovery procedures, include

amongst others:
PTS.60.2306 Emergency Management Plan

PTS.60.1501.01 Medical Emergency Management
PTS.60.2303 Fire Control and Recovery
PTS 60.0401
JUNE 2006
38
APPENDIX I – ACTIVITIES PLANNING AND REVIEW HEMP TOOLS
In the 'Establishment of Business Controls' (ACT-01-06), the controls to manage HSE

risk are addressed in an HSE Case. The broad HSE objectives to be met in the
activities: establishment of business controls (ACT-01-06), 'planning' (ACT-01-08) and
'monitoring/control during execution' (ACT-03-02) are bulletised on the left of the table
below. Some of the tools and techniques available are listed on the right
produce and
explore appraise develop abandon
m aintain
Execute Surveys
Drilling Drilling
Appraisal and
Developm ent
Design
Construction
Comm issioning
Production and
M aintenance
Abandonm ent
Logistics
M ANAG E ACTIVITIES (ACT)

Includes: HSE Case for Specific Activities
Establish Business Controls (ACT-01-06)
eg Prepare HSE Case for specific activities such as: survey, drilling, operations, logistics
• dem onstrate that risks HAZID
associated with the activity G eneric HSE Cases (Under development)
are managed Health Risk Assessm ent
Environmental Assessment
Job Hazard Analysis
Permit-to-W ork
H2 S
Fire Control and Recovery
Safe Handling of Chem icals (SDS)
Human Factors
Emergency Response (including oil spill plans)
Oil Spill Dispersants
Contaminated Soil and G roundwater
Classification of W aste
W aste Managem ent
Prepare Plan (ACT-01-08) eg Prepare Execution Plan
• ensure contracting strategy HAZID
reflects known risks
M onitor and Control Activity Execution (ACT-03-02)
• identify and manage any Environmental Monitoring/Standards
additional hazards and threats Job Hazard Analysis
Tripod BETA
Tripod DELTA
HAZARDS AND EFFECTS REGISTER HSE CASE FOR ACTIVITY
PTS 60.0401
JUNE 2006
39
APPENDIX II – ASSETS PLANNING AND REVIEW HEMP TOOLS
The activities described in this appendix encompass the life cycle of an asset. The HSE
Case which is prepared during the execution of these activities becomes the HSE Case
for the asset and forms part of the Asset Reference Plan. The broad HSE objectives are
bulletised on the left of the table. Some of the tools and techniques available are listed
on the right.
PTS 60.0401
JUNE 2006
40
ACQUIRE OR DIVEST ASSET (A16)

Evaluate/Value Asset or Divestment (A16-01-02)
• identify major hazards HAZID
• identify environmental Environmental Assessment (preliminary)
effects and sensitivities
together with history of past
practices

EVOLVE DEVELOPMENT CONCEPTS (A11)
Make Facility Design Concepts (A11-04-02)
• identify major project HAZID
hazards
Carry out HSE Analysis (A11-04-05)
• obtain assurance of Qualitative comparison of risk based on judgement or
manageability coarse QRA if significant global risks or high level of
innovation
Environmental Assessment, Health Risk Assessment
Evaluate Concepts (A11-05)
• obtain an assessment and QRA (comparative or coarse)
comparison of HSE risks Environmental Assessment (update)
between options
Propose Development Concepts (A11-06)
HAZARDS AND EFFECTS REGISTER
• finalise option selection with QRA (comparative or coarse)

due regard for HSE Environmental Assessment (update)
• review hazards within option HAZID
• obtain agreement for
philosophies of:Operations and
maintenance; Fire and Explosion

DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12)
Prepare Conceptual Design (A12-01) (Validate 'Basis for Design')

• ensure technical integrity of HAZOP (coarse)
basic process
• develop layout to minimise Coarse Layout Methodology
consequences in developing Human Factors Analysis
the 'Project Specification'
• review technical integrity of HAZOP (detailed)
detailed process Instrumented Protection Function (IPF) classification
• minimise risk of escalation
-for offshore and complex Detailed Layout Methodology, Fire and Explosion Analysis
plant Emergency System Survivability Analysis
-for less complex and FIREPRAN
onshore
• ensure adequate provision Escape, Evacuation and Rescue Analysis (use judgement
for escape for less complex plant)
• review overall risks QRA (as necessary)
• minimise construction risks HAZID
• incorporate HSE-specific Health Risk Assessment, Human Factors
requirements Environmental Assessment

HSE CASE FOR ASSET
PTS 60.0401
JUNE 2006
41
DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12) (cont'd)

Prepare Detailed Design (A12-02)
• ensure change does not QRA
impair technical integrity HAZOP
• prepare input for HSE Case Instrumented Protection Function (IPF) classification
for facility see ACT-01-06
Construct and Precommission Facility (A12-03)
• ensure HSE risk managed in Prepare activity HSE Case Plan (see ACT-01-06)
construction
Commission Facility (A12-04)
• verify readiness to startup Pre-startup audit
Abandon Facility (A12-05)
• ensure legal and social Prepare plan (ACT-01-06)
obligations met with respect HAZID
to environment Environmental Assessment (including review of past practices
• decommission and remove and liabilities), Health Risk Assessment
safely with due care for HAZID
health and environment Environmental Assessment, Health Risk Assessment

DESIGN, CONSTRUCT, MODIFY OR ABANDON WELLS (A09)
(as for A12 for Wells)

OPERATE AND MAINTAIN FACILITIES AND WELLS (A71/A72)
(see under HSE Case for Asset)

MANAGE ASSETS (ASS)
(Includes HSE Case for Asset)
Asset Reference Plan (ASS-01-02)
• demonstrate that risks HAZID
associated with asset and its Health Risk Assessment
operation are managed Environmental Assessment
Job Hazard Analysis
Permit-to-Work
IPF classification
H2S
Safe Handling of Chemicals (SDS)
Human Factors
Contaminated Soil and Groundwater
Classification of Waste
Waste Management
Appraise Asset Integrity (ASS-04-02)

• confirm process integrity and Process Hazard Review
containment HAZOP
• compare fire and explosion FIREPRAN
provisions against objectives set
HSE CASE FOR ASSET
PTS 60.0401
JUNE 2006
42
DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12) (cont'd)

Prepare Detailed Design (A12-02)
• ensure change does not QRA
impair technical integrity HAZOP
• prepare input for HSE Case Instrumented Protection Function (IPF) classification
for facility see ACT-01-06
Construct and Precommission Facility (A12-03)
• ensure HSE risk managed in Prepare activity HSE Case Plan (see ACT-01-06)
construction
Commission Facility (A12-04)
• verify readiness to startup Pre-startup audit
Abandon Facility (A12-05)
• ensure legal and social Prepare plan (ACT-01-06)
obligations met with respect HAZID
to environment Environmental Assessment (including review of past practices
• decommission and remove and liabilities), Health Risk Assessment
safely with due care for HAZID
health and environment Environmental Assessment, Health Risk Assessment

DESIGN, CONSTRUCT, MODIFY OR ABANDON WELLS (A09)
(as for A12 for Wells)

OPERATE AND MAINTAIN FACILITIES AND WELLS (A71/A72)
(see under HSE Case for Asset)

MANAGE ASSETS (ASS)
(Includes HSE Case for Asset)
Asset Reference Plan (ASS-01-02)
• demonstrate that risks HAZID
associated with asset and its Health Risk Assessment
operation are managed Environmental Assessment
Job Hazard Analysis
Permit-to-Work
IPF classification
H2S
Safe Handling of Chemicals (SDS)
Human Factors
Contaminated Soil and Groundwater
Classification of Waste
Waste Management
Appraise Asset Integrity (ASS-04-02)

• confirm process integrity and Process Hazard Review
containment HAZOP
• compare fire and explosion FIREPRAN
provisions against objectives set
HSE CASE FOR ASSET
PTS 60.0401
JUNE 2006
43
APPENDIX III - HAZARDS AND EFFECTS HIERARCHY
The Hazards and Effects Hierarchy is a structured list of HSE-related hazards and
effects that may occur in the Petronas business. It can provide a starting point in hazard
identification (the first step of the Hazards and Effects Management Process, HEMP).
Use of the Hazards and Effects Hierarchy as a checklist gives greater assurance that all
hazards and effects have been addressed and identification and initial assessment is
complete.
The Hazards and Effects Hierarchy is a structured checklist. It can be used in different
operations and environments. The hierarchy in the attached Table III.1 is therefore only
included as an example.
The Hazards and Effects Hierarchy, Table III.1, consists of main hazard groups such as
H-01 Hydrocarbons. Under these are sub-groupings, such as H-01.06 Hydrocarbon Gas.
Some examples are given of typical sources of these hazards or locations where they
will be found.
Under the three columns 'Safety', 'Health' and 'Environment' an arbitrary coding has
been given which has been found useful in grouping hazards. The reason for the Health
grouping is explained below. Any other coding or tagging can be used.
No attempt has been made to link the listing of hazards with, for example business
activities or types of facilities, since any one hazard can invariably be present in many
situations. The Hazards and Effects Hierarchy nevertheless lends itself to use as part of
a systematised approach to hazard management.
III.1 ROUTINE HEALTH HAZARDS AND EFFECTS
Health hazards encountered in the work place and by the public are usually
divided into the following five broad groups:
• chemical hazards
• physical hazards such as noise, vibration, ionising radiation
• biological hazards such as micro-organisms
• ergonomic hazards such as manual handling
• psychological hazards such as stress
• life style such as substance abuse
• living environment such as malaria and environmental pollution
PTS 60.0401
JUNE 2006
44
The Hazards and Effects Hierarchy as presented in this appendix can be sorted
to cover all significant health hazards and effects in this order or any other order
that is required.
III.2 ENVIRONMENTAL HAZARDS AND EFFECTS
Effects on the environment may be due to unintentional incidents (eg a fire or

chemical spill) or due to intended often continuous, routine or chronic releases
as part of the operation.
The Hazards and Effects Hierarchy listing, Table III.1, is valid for both
incidental releases and routine releases. As described in item 2.1, a hazardous
event in the case of the routine or chronic release is when defined limits have
been exceeded. A hazardous event in the case of an acute or incidental release is
an occurrence or incident.
Limits should be defined for routine releases, which have an adverse effect on
the environment.
Reviewers often find it easier to think in terms of sources of environmental

effects. To assist in this identification Table III.1 is a checklist of sources, of
environmental hazards and of potential effects. This table can assist in the
identification of hazards and effects when reviewing a proposed development or
operation (ie in the Environmental Assessment process) or when reviewing
effects from the existing operation and preparing reduction plans.
The list is not complete and any further additions to the checklist should be
forwarded to CHSE.
Currently, three types of environmental hazards have been identified:
• hazards associated with discharges or emissions
• hazards/effects from use of natural resources
• hazards causing effects from presence.
It is not always possible to pinpoint a genuine hazard causing the effect, e.g.
resource use can result from a number of activities.
PTS 60.0401
JUNE 2006
45
KEY TO HAZARDS
Table III.1 Hazards and effects hierarchy
Safety Hazards Health Hazards Environmental Hazards

F = Flammable B = Biological Agent D= Discharge Hazards
MH = Major Hazard C = Chemical Agent R = Use of Natural Resources
Se = Security Hazard E = Ergonomic Agent Pr = Presence
WP = Work Practice P = Physical Agent
LS = Life Style Agent
Psy = Psychological Agent
M = Medical Issue
Hazard Hazard Safety Health Enviro Sources

Number Description
H-01 Hydrocarbons
H-01.01 Crude oil under MH C D Flowlines, pipelines,
pressure pressure vessels and piping
H-01.02 Hydrocarbons in MH D Oil wells especially during
formation well drilling and re-entry /
workover operations
H-01.03 LPGs (e.g. Propane) MH C D Process fractionating
equipment, storage tanks,
transport trucks and rail
cars
H-01.04 LNGs MH C D Cryogenic plants, tankers
H-01.05 Condensate, NGL MH C D Gas wells, gas pipelines,
gas separation vessels
H-01.06 Hydrocarbon gas MH C D Oil/gas separators, gas
processing plants,
compressors, gas pipelines
H-01.07 Crude oil at low MH C D Oil storage tanks
pressures
H-01.08 Wax F C D Filter separators, well
tubulars, pipelines
H-01.09 Coal F P R Fuel source, mining
activities
H -02 Refined Hydrocarbons
H -02.01 Lube and Seal oil C D Engines and rotating
equipment
H -02.02 Hydraulic oil C D Hydraulic pistons,
hydraulic reservoirs and
pumps
H -02.03 Diesel fuel C D Vehicle fuelling stations,
vehicle maintenance
H -02.04 Petroleum F C D Vehicle fuelling stations,
spirit/gasoline vehicle maintenance
H-03 Other flammable materials
H-03.01 Cellulosic materials F Packing materials, wood
planks, paper rubbish
H-03.02 Pyrophoric material F C D Metal scale from vessels in
sour service, scale on
filters in sour service, iron
PTS 60.0401
JUNE 2006
46

Number Description
sponge sweetening units
H-04 Explosives
H-04.01 Detonators WP C Seismic Operations,
pipeline construction
H-04.02 Conventional MH C Pr Seismic Operations,
explosive material pipeline construction
H-04.03 Perforating gun MH Well completion activities
charges associated with drilling rigs
and workover operations
H-05 Pressure Hazards
H-05.01 Bottled gases under WP Welding and metal cutting
pressure operations, laboratory gas
sources
H-05.02 Water under WP Water disposal, water
pressure in floods and injection
pipeworks operations, strength testing
of pipeworks, well
fracturing and treatments
H-05.03 Non-hydrocarbon MH Purging and leak testing of
gas under pressure facilities
in pipeworks
H-05.04 Air under high WP Seismic air guns and
pressure related piping
H-05.05 Hyperbaric WP P Undersea operations
Operations (diving)
H-05.06 Decompression WP P Undersea operations
(diving)
H-06 Hazards associated with differences in height
H-06.01 Personnel at height MH Work involving
>2m scaffolding, suspended
access, ladders, platforms,
excavations, towers, stacks,
roofing, working
overboard, working on
H-06.02 Personnel at height WP monkey board
<2m Slippery/uneven surfaces,
climbing/descending stairs,
H-06.03 Overhead equipment MH obstructions, loose grating
Objects falling while being
lifted/handled or working
at a height over people,
equipment or process
systems, elevated work
H-06.04 Personnel under MH platforms, slung loads
water Objects falling on to divers
H-06.05 Personnel below WP from operations overhead
grade Pipeline trenches,
excavations, repairing
buried facilities
H-07 Objects under induced stress
H-07.01 Objects under WP Guy & support cables,
tension anchor chains, tow & barge
PTS 60.0401
JUNE 2006
47

Number Description
tie-off ropes, slings
H-07.02 Objects under WP Spring-loaded devices such
compression as relief valves and
actuators and hydraulically
operated devices
H-08 Dynamic situation hazards
H-08.01 On land transport WP Driving to and from
(driving) locations and camps,
transporting materials,
supplies and products,
seismic operations, moving
drilling rigs and workover
rigs
H-08.02 On water transport WP Boat transport to and from
(boating) locations and camps,
transporting materials,
supplies and products,
marine seismic operations,
barges moving drilling rigs
and workover rigs
H-08 Dynamic situation hazards (cont’d)
H-08.03 In air transport MH Helicopter and fixed wing
(flying) travel to and from locations
and camps, transporting
materials, supplies and
products
H-08.04 Boat collision MH Shipping lane traffic,
hazard to other product transport vessels,
vessels and offshore supply and maintenance
structures barges and boats, drifting
boats
H-08.05 WP Engines, motors,

Equipment with compressors, drill stems,
moving or rotating thrusters on Drill Ships
parts
H-08.06 WP Workshop, construction
Use of hazardous sites, maintenance sites,
hand tools (grinding, rotating equipment
H-08.07 sawing) WP Galley, seismic line
Use of knives, clearing, grubbing
machetes and other operations
H-08.08 sharp objects WP Basket transfer, rope
Transfer from boat transfer
to offshore platform
H-09 Environmental Hazards
H-09.01 Weather WP Winds, temperature
extremes, rain, etc
H-09.02 Sea state/river MH Waves, tides or other sea
currents states, river currents
H-09.03 Tectonic MH Earthquakes or other earth
movement activity
PTS 60.0401
JUNE 2006
48

Number Description
H-10 Hot surfaces
H-10.01 Process piping and WP P Oilwell piping, piping in
equipment between fractionation systems,
60 and 150 deg. C glycol regeneration
H-10.02 Process piping and MH P Hot oil piping, piping
equipment over 150 associated with stills and
deg. C reboilers
H-10.03 Engine and turbine WP P Power generation, gas
exhaust systems compression, refrigeration
compression, engine driven
equipment such as forklifts
H-10.04 Steam piping WP P Sulphur plants, power
boilers, waste heat
recovery systems, heat
tracing and jackets
H-11 Hot fluids
H-11.01 Temperatures WP P Glycol regeneration, low
between 100 and quality steam systems,
150 deg. C cooling oils, galley
H-11.02 Temperatures MH P Power boilers, steam
greater than 150 generators, sulphur plants,
deg. C waste heat recovery units,
hot oil heating systems,
regeneration gases used
with catalysts and
desiccants
H-12 Cold surfaces
H-12.01 Process piping MH P Cold ambient climate,
between -25 deg. C Joule-Thomson expansions
and -80 deg. C (process and leaks),
propane refrigeration
systems, LPG gas plants
H-12.02 Process piping less MH P Cryogenic plants, LNG
than - -80 deg. C plants, LNG storage
vessels including tankers,
vapour lines off liquid
nitrogen storage
H-13 Cold fluids
H-13.01 Oceans, seas and P North Sea, Arctic Ocean
lakes less than 10
deg. C
H-14 Open flame
H-14.01 Heaters with fire F P D Glycol reboilers, amine
tube reboilers, salt bath heaters,
water bath heaters (line
heaters)
H-14.02 Direct fired furnaces F P D Hot oil furnace, Claus plant
reaction furnace, catalyst
and desiccant regeneration
gas heaters, incinerators,
power boilers
H-14.03 Flares P D Pressure relief and
PTS 60.0401
JUNE 2006
49

Number Description
blowdown systems
H-15 Electricity
H-15.01 Voltage > 50 to 440 MH Power cables, temporary
V in cables electrical lines on
construction sites
H-15.02 Voltage > 50 to 440 WP Electric motors, electric
V in equipment switchgear, power
generation, welding
machines, transformer
secondary
H-15.03 Voltage >440 V MH Overhead power lines,
power generation,
transformer primary, large
electrical motors
H-15.04 Lightning discharge WP Major lightning-prone
H-15.05 Electrostatic energy WP areas
Non-metallic storage
vessels and piping, product
transfer hoses, wiping rags,
unearthed equipment,
aluminium/steel, high
velocity gas discharges
H-16 Electromagnetic radiation
H-16.01 Ultraviolet radiation P Arc welding, sunshine
H-16.02 Infra-red radiation P Flares
H-16.03 Microwaves P Galley
H-16.04 Lasers P Instrumentation, surveying
H-16.05 E/M radiation: high P Transformers, power
voltage ac cables cables
H-17 Ionising radiation - open source
H-17.01 Alpha, beta - open P D Well logging, radiography,
source densitometers, interface
instruments
H-17.02 Gamma rays - open P D Well logging, radiography
source
H-17.03 Neutron - open P D Well logging
source
H-17.04 Naturally occurring P D Scales in tubulars, vessels
ionising radiation and process plant fluids
(especially in C3 reflux
streams)
H-18 Ionising radiation - closed source
H-18.01 Alpha, beta - closed P Well logging, radiography,
source densitometers, interface
instruments
H-18.02 Gamma rays - P Well logging, radiography
closed source
H-18.03 Neutron - closed P Well logging
source
H-19 Asphyxiates
H-19.01 Insufficient oxygen C Confined spaces, tanks
atmospheres
PTS 60.0401
JUNE 2006
50

Number Description
H-19.02 Excessive CO2 C D Areas with CO2 fire
fighting systems such as
turbine enclosures
H-19.03 Drowning C Working overboard,
marine seismic operations,
water transport
H-19.04 Excessive N2 C N2 purged vessels
H-19.05 Halon C D Areas with halon fire
fighting systems such as
turbine enclosures and
electrical switchgear and
battery rooms
H-19.06 Smoke C D Welding/burning
operations, fires
H-20 Toxic gas
H-20.01 H2S (hydrogen MH C D Sour gas production,
sulphide, sour gas) bacterial activity in
stagnant water, confined
spaces in sour operations
H-20.02 Exhaust fumes C D Sleeping in cars with
running engines, heating
devices, car garage
H-20.03 SO2 C D Component of H2S flare
and incinerator flue gas
H-20.04 Benzene C D Component of crude oil,
concentrated in glycol vent
emissions and Wemco
H-20.05 Chlorine MH C D units
Water treatment facilities
H-20.06 Welding fumes C Construction and metal
fabrication/repair, welding
toxic metals (galvanised
steel, cadmium-coated
steel), metal cutting,
grinding
H-20.07 Tobacco smoke LS Accommodation, office
buildings, inside cars,
boats, helicopters,
aeroplanes
H-20.08 CFCs D Air conditioning,
refrigeration, aerosol
sprays
H-21 Toxic liquid
H-21.01 Mercury C D Electrical switches, gas
filters
H-21.02 PCBs C D Transformer cooling oils
H-21.03 Biocide C D Water treatment systems
(gluteraldehyde)
H-21.04 Methanol C D Gas drying and hydrate
control
H-21.05 Brines C D Hydrocarbon production,
well kill fluid, packer fluids
PTS 60.0401
JUNE 2006
51

Number Description
H-21.06 Glycols C D
Gas drying and hydrate
H-21.07 Degreasers C D control
(terpenes) Maintenance shops
H-21.08 Isocyanates C D
H-21.09 Sulphanol C D Two-pack paint systems
H-21.10 Amines C D Gas sweetening
H-21.11 Corrosion inhibitors C D Gas sweetening
Additive to pipelines and
oil/gas wells, chromates,
H-21.12 Scale inhibitors C D phosphates
Cooling and injection
H-21.13 Liquid mud C D water additive
H-21.14 additives W C D Drilling fluid additive
Odorant additives Custody transfer facilities
H-21.15 (mercaptans) LS for gas, LPG and LNG
Alcohol-containing
beverages
H-21.16 Recreational drugs WP LS
H-21.17 Used engine oils C D Used engine oils
(polycyclicaromatic
hydrocarbons)
H-21.18 Carbon tetrachloride C Plant laboratory
H-21.19 Grey and/or Black Septic systems, camps,
Water detergents
H-22 Toxic solid
H-22.01 Asbestos C D Thermal insulation and
construction materials, old
roofing (encountered
during removal)
H-22.02 Man-made mineral C D Thermal insulation and
fibre construction material
H-22.03 Cement dust C D Oil well and gas well
cementing, civil
construction
H-22.04 Sodium hypochlorite C D Drilling fluid additive
H-22.05 Powdered mud C D Drilling fluid additive
additives
H-22.06 Sulphur dust C D Sulphur recovery plants
H-22.07 Pig trash C D Pipeline cleaning
H-22.08 Oil-based muds C D operations
H-22.09 Pseudo-oil-based C D Oil and gas well drilling
muds Oil and gas well drilling
H-22.10 Water-based muds C D
H-22.11 Cement slurries C D Oil and gas well drilling
Oil and gas well drilling,
H-22.12 Dusts C plant construction
Cutting brickwork and
concrete, driving on
unpaved roads, carpenter
shops, grit blasting, sand
PTS 60.0401
JUNE 2006
52

Number Description
blasting, catalyst (dumping,
screening, removal,
drumming)
H-22.13 Cadmium C D Welding fumes, handling
compounds and coated bolts
other heavy metals
H-22.14 Oil based sludges C D Oil storage tank cleaning
H-23 Corrosive substances
H-23.01 Hydrofluoric acid WP C D Well stimulation
H-23.02 Hydrofluoric acid WP C D Well stimulation
H-23.03 Sulphuric acid C D Wet batteries, regenerant
for reverse osmosis water
makers
H-23.04 Caustic soda C D Drilling fluid additive
(sodium hydroxide)
H-24 Biological hazards
H-24.01 Poisonous plants B Natural environment
(poison ivy and oak,
stinging nettles,
nightshade)
H-24.02 Large animals (dogs, B Natural environment
cats, rats, African
wild animals)
H-24.03 Small animals B Natural environment
(snakes, scorpions,
lizards),
H-24.04 Food-borne bacteria B Contaminated food
(eg E. Coli)
H-24.05 Water-borne B Cooling systems, domestic
bacteria (eg water systems
legionella)
H-24.06 Parasitic insects (pin B Improperly cleaned food,
worms, bed bugs, hands, clothing, living sites
lice, fleas) (pin worms, bed bugs, lice,
fleas )
H-24.07 Disease transmitting B Natural environment
insects (mosquitoes-
malaria and yellow
fever, ticks-lime
disease, fleas-
plague)
H-24.08 Cold and Flu Virus B Other people
H-24.09 Human Immune B Contaminated blood, blood
deficiency Virus products and other body
(HIV) fluids
H-24.10 Other Other people
Communicable
Diseases
H-25 Ergonomic hazards
H-25.01 Manual materials E Pipe handling on drill
handling floor, sack handling in sack
store, manoeuvring
PTS 60.0401
JUNE 2006
53

Number Description
equipment in awkward
H-25.02 Damaging noise W P Pr locations
Releases from relief valves,
H-25.03 Loud steady noise > pressure control valves
85 dBA P Pr Engine rooms, compressor
rooms, drilling brake, air
H-25.04 Heat stress (high P tools
ambient Near flare, on the monkey
temperatures) board under certain
conditions, in open
exposed areas in certain
H-25.05 Cold stress (low P regions of the world during
ambient summer
temperatures) Open areas in winter in
H-25.06 High humidity P Pr cold climates, refrigerated
storage areas
Climates where sweat
evaporation rates are too
low to cool the human
H-25.07 Vibration P body, personal protective
clothing
Hand-tool vibration,
maintenance and
H-25.08 Workstations E Pr construction worker,
boating
Poorly designed office
H-25.09 Lighting P furniture and poorly laid
out workstations
Work areas requiring
H-25.10 Incompatible hand E intense light, glare, lack of
controls contrast, insufficient light
Controls poorly positioned
in workplace requiring
workers to exert excessive
force, lacking proper
labels, hand-operated
control valves, for example
in driller house, heavy
machinery, control rooms
H-25.11 Awkward location E Machinery difficult to
of workplaces and maintain regularly due to
machinery their awkward positioning,
for example valves in an
usually high or low
H-25.12 Mismatch of work to E position
physical abilities Requiring older workers to
maintain a high physical
level of activity over the
course of an 8/12 hour day,
heavy construction work
performed by slight
H-25.13 Mismatch of work to E individuals
PTS 60.0401
JUNE 2006
54

Number Description
cognitive abilities Requiring individuals to
monitor a process without
trying to reduce their
boredom by giving them a
higher task load, asking a
worker to supervise
something he/she is not
H-25.14 Long and irregular E qualified
working hours/shifts Offshore locations utilising
long shift cycles, overtime,
night shifts, rollover
shiftsY
H-25.15 Poor organisation E
and job design Ambiguity of job
requirements, unclear
reporting relationships,
over/under supervision,
H-25.16 Work planning E poor operator/contractor
issues interfaces
Work overload, unrealistic
targets, lack of clear
H-25.17 Indoor climate (too E planning, poor
hot/ cold/ dry/ communications
humid, draughty) Uncomfortable climate for
permanently manned areas
H-26 Psychological hazards
H-26.01 Living on the Psy Homesickness, missing
job/away from family and social events,
family unable to be involved in
community, feeling of
isolation and losing chunks
of life. Drifting away from
spouse and family,
development of different
interests and friends,
threatened by spouse's
independence, wind-down
period at start of break.
Inability to support spouse
in domestic crisis. Difficult
to turn off in leisure time
H-26.02 Working and living Psy Awareness that mistakes
on a live plant can be catastrophic,
vulnerable to the mistakes
of others, responsible for
the safety of others.
Awareness of difficulty of
escape in an emergency.
Awareness of risks in
helicopter travel, adverse
weather.ç
H-26.03 Post traumatic stress Psy Serious incidents, injuries
PTS 60.0401
JUNE 2006
55

Number Description
to self and others
H-27 Security related Hazards
H-27.01 Piracy Se
H-27.02 Assault Se
H-27.03 Sabotage Se
H-27.04 Crisis (military Se
action, civil
disturbances,
terrorism)
H-27.05 Theft, pilferage Se
H-28 Use of Natural Resources
H-28.01 Land R Installation sites, drilling
locations, seismic clearing,
pipeline right-of-ways
H-28.02 Water R Cooling water
H-28.03 Air R Discharges from turbines,
combustion engines (cars,
trucks, pump and
compressor drivers)
H-28.04 Trees, vegetation R Installation sites, seismic
clearing, pipeline right-of-
ways, drilling locations
H-28.05 Gravel R Borrow pits, road
construction
H-29 Medical
H-29.01 Medical unfitness M Personnel for the task
H-29.02 Motion sickness M Sea state / crew on marine
operations
PTS 60.0401
JUNE 2006
56
Table III.2 Checklist of sources - hazards - effects
Source* ROUTINE POTENTIAL EFFECTS

HAZARDS
Flare CH4 global warming/climate change/atmospheric
ozone increase
SOx acid deposition, water and soil acidification
NOx atmospheric ozone increase/acid deposition
N2O global warming/stratosphere ozone
depletion/climate change
CO2 global warming/climate change
CO health damage
noise nuisance/health damage
light nuisance/health effects
H2S health damage/odour nuisance
odorous compounds nuisance/odour
particulates health damage/ecological damage/soot
deposition
radiation health damage/ecological
heat nuisance/ecological damage
trace toxics - metals ecological/health damage
- PAH
Energy CH4 global warming/climate change/atmospheric

generating ozone increase
equipment
- turbines SOx acid deposition, water and soil acidification,
global cooling
- boilers/heaters NOx atmospheric ozone increase/acid
deposition/fertilisation
- furnaces N2O Global warming/stratosphere ozone
depletion/climate change
- transport CO2 global warming/climate change
(diesel, gasoline)
- drilling, etc CO health damage
noise nuisance/health damage/wildlife damage
light nuisance/health damage/wildlife damage
odorous compounds nuisance/odour
particulates/dust ecological damage/health damage/soot
deposition
radiation ecological/health damage
PAH ecological/health damage
H2S nuisance, health damage, ecological damage
heat health damage, ecological damage
PTS 60.0401
JUNE 2006
57

HAZARDS
PCB health damage, ecological damage
Trace toxics (eg health damage, ecological damage
catalysts, heavy
metals, chemicals)
Venting CH4 global warming/climate change/atmospheric

- tanker loading ozone increase
- Production VOC/CxHx atmospheric ozone increase/health
- pressure relief damage/ecological damage
- glycol venting Specific Chemicals Health damage/ecological damage
Refrigeration CFC global warming/climate change/stratosphere

Fire ozone depletion
extinguishers
halons global warming/climate change/stratosphere
ozone depletion
Fugitives CH4 global warming/climate change/atmospheric
- valves, pumps, ozone increase
etc.
VOC/CxHx/specifi global warming/climate change/atmospheric
c chemicals ozone increase/ health damage/ ecological
damage
Water oil Floating layer/unfit for drinking

recreation/tainting of fish/biological damage
- water based soluble tainting of fish, damage to aquatic organisms,
mud organics/dissolved unfit for drinking, recreation, irrigation,
- oil based mud HC/BTEX livestock.
- aqueous heavy metals accumulation in biota and sediments, adverse
effluents site effects on organisms, unfit for drinking,
drains recreation, irrigation, livestock
- produced salts biological damage
water
- storm water barite (mud), smothering/damage to sea bed and biota
run off drilling fluids,
drilling cuttings
- cooling water nutrients eutrophication
- tank bottom odour nuisance
water
chemicals/corrosion damage to aquatic organisms
inhibitors/biocides/
fungicides
PTS 60.0401
JUNE 2006
58

HAZARDS
volume of water to increased water table, flooding, change in
land riverflow
fresh water decreased salinity
discharge
suspended solids decreased transparency, damage to coral reefs,
damage to and bottom organisms, recreation,
habitat
soil/ erosion smothering, damage to vegetation
sediments
PAH damage to aquatic organisms, water not fit for
drinking, irrigation, livestock
Grease water not fit for recreation, damage to bottom
sediments
salts/brine increased salinity, damage to aquatic organisms,
water unfit for drinking, recreation, irrigation,
livestock
acids/caustics damage to aquatic organisms
temperature change change in oxygen concentration, damage to
aquatic organisms, increased growth/blooms
detergents eutrophication/toxicity
Black water pathogens health damage

wash
and / or grey anoxia biological damage
water (sewage (deoxygenation)
and
water) nutrients eutrophication
specific chemicalsdamage to aquatic organisms water unfit for
drinking, recreation, irrigation, livestock
odorous compounds nuisance odour/smell
Sacrificial heavy metals damage to aquatic organisms, water unfit for

anodes drinking, recreation, irrigation, livestock
Detonators noise/pressure damage to aquatic organisms/repellent
waves
Chemicals paints biological toxic or chronic damage/global
warming
solvents health/biological toxic or chronic damage/global
warming
cleaners biological toxic or chronic damage
Soil oil/hydrocarbons soil contamination; ground water contamination
PTS 60.0401
JUNE 2006
59

HAZARDS
- oil sludges
- tank bottom heavy metals soil contamination
sludges
- oil based muds
- water based chemicals soil contaminations; groundwater
muds contamination; smothering
- drilled cuttings
- contaminated specific chemicals soil contamination; groundwater contamination;
soil smothering
Eroded Materials soil sediments smothering, biological damage

Solid/liquid hazardous wastes soil contamination; groundwater contamination;
wastes, medical toxic substances health damage
waste, spent
catalyst
Household, organic and specific soil contamination; groundwater contamination
food/kitchen and wastes pathogens damage to health
office waste
Land farming oil/hydrocarbons soil contamination; groundwater contamination
heavy metals damage to health
chemical additives
Heavy vehicles soil compaction changing surface hydrology; changing sub-
surface hydrology; reduced plant growth;
erosion
Vibrating vibrations nuisance/animal repellent
equipment
Human resources presence of socio/cultural effects; employment in-/decrease;
workforce with influence on local population/demography;
different demands on local resources/surfaces
socio/cultural
background during
construction and
operation;
community
intrusion
Need for land land take by: soil erosion, destruction of habitat
- seismic changing surface hydrology
- drilling removal of vegetation
change land use, change in natural relief
- field change in accessibility
development, tank
forms
PTS 60.0401
JUNE 2006
60

HAZARDS
- access routes damage to natural habitat
- camps, offices, visual impact
warehouses
Need for energy energy take loss of energy resources

Heaters/boilers
power generation
steam generation
Vehicles/transport
cooling
Need for water water take damage to wetlands
- Cooling
- Process
- drinking water
- waste waters Draw down of ground water level/damage to
- Irrigation water well users
- recharge/pressure Impact on downstream users
maintenance
Need for gravel / sand take damage to habitat/vegetation/crops

gravel/sand - drill pads
- access roads
- camp base / Visual impact/land scarring
leveling
- facility change to surface hydrology
construction
- recovery and Change in natural relief
replacement
Need for use of non Depletion of raw materials
consumables renewable raw
materials
* Any indented (-) are covered by all aspects in the adjacent columns.
PTS 60.0401
JUNE 2006
61
APPENDIX IV - STRUCTURED REVIEW TECHNIQUES SUMMARY

DESCRIPTION SHEETS
Title Assets* Activities

*
ASPIN *
Emergency Systems Survivability Analysis (ESSA) *
Environmental Assessment (EA) *
Explosion Protection Review (EPR) *
Fire and Explosion Analysis (FEA) *
FIREPRAN * *
HAZID *
HAZOP * *
Health Risk Assessment (HRA) * *
Job Hazard Analysis * *
Physical Effects Modelling (PEM) *
Process Hazard Review (PHR) * *
Platform Layout Methodology (PLM) * *
RISER *
Smoke Ingress Analysis (SIA) *
SAFOP *
Structural Consequence Analysis (SCA) *
Temporary Refuge/Escape Evacuation and Rescue Analysis *

(TR/EERA)
Tripod-BETA *
Tripod-DELTA *
PTS 60.0401
JUNE 2006
62
ASSETS* Used primarily in planning, design, longer term review and preparation
of HSE Cases for assets.
ACTIVITIES* Used primarily for developing and reviewing operational-type

procedures, systems and preparing activity HSE Cases, plans or method
statements, eg seismic drilling, construction and commissioning, and
production and maintenance.
ASPIN
Objective
To provide an easy-to-use quantitative failure risk assessment tool to compare different

options and conditions during pipeline design and operation and to assist in optimising
and planning inspection and maintenance efforts.
It is a tool that is situated between a full Quantitative Risk Assessment (QRA) and
simple risk ranking/scoring methods, less complicated and expensive than the former
and more quantitative (and therefore more accurate) than the latter. It is intended as a
decision support tool and does not specify acceptance criteria for risk levels. It can, for
example, identify the effect of use of inspection pigging and a leak detection system on
risk levels.
Method
The methodology is based on the generally applied risk analysis technique whereby the
probability of a failure, expressed in terms of expected failure frequency, is multiplied
by the consequence of such a failure to arrive at risk. Failure risk is determined
cumulatively over a given longer period of time as well as on a yearly basis.
The method is structured in four main parts:
1. Identify the possible failure causes and derive potential failure frequencies.
2. Identify the most likely failure type distribution
3. Identify the consequences of pipeline failure
4. Combine parts 1 and 3 to derive risk levels
Information required (input)
pipeline fluids (those covered are: crude oil, natural gas, sour natural gas, NGL, fuel
gas, gas oil/diesel, kerosene/naphtha/gasoline, LPG, ethylene, propylene and two-
phase oil/gas fluids)
impact failure statistics and failure frequencies
PTS 60.0401
JUNE 2006
63
construction/material defect failure statistics and failure frequencies
corrosion statistics or estimated possible mechanisms/expected time to first failure

(wall thickness, critical defect depth, inspection surveys, actual corrosion data),
annual corrosion failure frequencies
Deliverables (output)
Safety, environmental and economic risk comparison assessments that can be used in
support of pipeline design and operation decisions. ASPIN can be used in the
development of HSE Cases as part of the HSE MS including input into Hazards and
Effects Register.
ASPIN identifies and assesses all potential major hazards, evaluates the risks and the
effectiveness of the various measures to reduce the risks to the lowest practicable level.
EMERGENCY SYSTEMS SURVIVABILITY ANALYSIS (ESSA)
Objective
Determination of the ability of the emergency systems to withstand severe accident

conditions. If performance criteria for essential safety systems are developed as part of
the process which evaluates fires and explosions an ESSA as a separate exercise may
not be required.
Method
Identification of all the safety and emergency systems. Assessment of the criticality of
each system with respect to preventing escalation, protecting the Temporary Refuge(s)
(TR(s)) and enabling escape/evacuation. The critical systems are then assessed to
determine their vulnerability to explosions and fires.
Information required
Detailed information on the type and layout of safety and emergency systems for
example ESD power systems and emergency communications. Fire and explosion
scenario data from the Explosion Protection Review (EPR) and Fire and Explosion
Analysis (FEA).
Deliverables
Identification of critical emergency equipment and system locations. An assessment of

the vulnerability of the critical systems during direct and escalated events.
PTS 60.0401
JUNE 2006
64
Overlap
ESSA is a part of the FEA process and provides information which is subsequently
used in the Temporary Refuge/Escape, Evacuation and Rescue Analysis (TR/EERA).
ENVIRONMENTAL ASSESSMENT (EA)
Objective
To predict the significant chemical, biological and socio-economic effects of an activity

and to make recommendations on activities, sites, techniques and technologies to be
adopted in order to maximise the positive, and minimise the negative effects.
Method
Acquisition of environmental description in terms of abiotic, biotic and human

environments
Identify project environmental hazards and characterise the environment
Evaluate the magnitude and significance of environmental effects
Determination of any environmental control and recovery management

requirements.
Site and potential waste product descriptions, project description including process
materials and sources, materials of construction, project schedule and both strategic and
local economic benefits.
Deliverables
Environmental Statement
Agreed adjustment to design options
Mitigation and recovery measures during operations
Environmental report covering suggested monitoring programmes and

environmental management systems. This report can be used as the basis for public
meetings and exhibitions if required.
Overlap
PTS 60.0401
JUNE 2006
65
Environmental Assessment (EP 95-0370) describes the Hazards and Effects

Management Process (HEMP) as it applies to environmental matters throughout the life
cycle of a development.
Further information
HSE Manual, PTS 60.3002 Environment Impact Assessment
EXPLOSION PROTECTION REVIEW (EPR)
Objective
Determination of worst case scenarios for explosions which then define the limits
required for designing offshore installations to withstand accidental vapour cloud
explosions.
Method
Explosion overpressure prediction models are used to determine the worst case peak
internal explosion overpressure and an estimate of the overpressure external to the
source module. The Thornton model SCOPE is used to determine the worst case peak
confined internal overpressure and an estimate of the overpressure external to the
source area. This information is then used to assess the capacity of the blast walls,
floors, ceilings and other structural components as well as the effects of the external
explosion.
Information on the area geometry, equipment layout and structure design. Worst case
assumptions are generally made on gas concentrations, gas volumes and ignition source
locations.
Deliverables
Explosion overpressure for each module with the associated effects on the module
structure and an indication of the capacity of the module to withstand the explosion.
Recommendations to reduce or contain the explosion overpressure.
Overlap
EPR is effectively a stand alone technique but is part of the Fire and Explosion Analysis
(FEA) process.
Further Information
PTS 60.0401
JUNE 2006
66
FIRE AND EXPLOSION ANALYSIS (FEA)
Objective
A general term for a process which identifies and evaluates all fire and explosion
hazardous events as a basis for risk reduction and for preparing performance criteria for
essential safety systems and the arrangements required for Escape, Evacuation and
Rescue (EER).
Method
The location and type of all potential fires (and explosions) are identified. The
capability of the existing or required fire protection (and explosion relief) measures are
established together with the corresponding performance standards. Estimates of the
damage potential of each event are made. The FEA process is a fundamental part of
developing an installation Quantitative Risk Assessment (QRA) model and can either
be undertaken as part of the QRA or as a stand alone exercise providing input to the
QRA.
Detailed information on plant layout, fire areas, hazardous areas, flammable

inventories, fire and safety equipment layout, passive fire protection location, fire water
piping runs and any other pertinent data.
Deliverables
All potential fire and explosion events are identified and a number subjected to more
detailed evaluation. Requirements for the essential safety systems to manage fire and
explosions and for EER are identified.
Overlap
ESSA, EPR, SIA, SCA, FIREPRAN are all components of the FEA as necessary. The
FEA utilises PEM.
Further Information
There is not a specific guideline on FEA. It is a collective term describing a process,

which utilises a number of techniques including PEM.
FIREPRAN
Objective
PTS 60.0401
JUNE 2006
67
A structured review technique for the review and assessment of:
1. hydrocarbon release and combustion related risks in a facility
2. the fire and explosion control and recovery preparedness measures in place.
3. the capability to meet the performance standards set and satisfy the objectives
and criteria set for the management of fire and explosion hazards.
To identify deficiencies and opportunities for improvement in order to meet objectives

with respect to fire and explosion management. FIREPRAN is not suited to complex,
compact integrated facilities.
Method
A multi-disciplined team uses a structured HEMP compatible approach to identify

hazards related to hydrocarbon releases and explosions and develops a hazards and
effects hierarchy. The hazard control measures and related hazardous events mitigation
and recovery measures are recorded in a hazards and effects register. Potential fire and
explosion scenarios are developed enabling review of the resources needed to respond
effectively to these incidents. Resources needed to respond effectively to fire and
explosion hazardous event scenarios are compared with those already in place. Results
are presented with opportunities for improved risk reduction measures as appropriate to
plant criticality.
Process flow schemes, plot plans, plant layouts and hazardous area drawings
Fire system and fire water piping drawings, fire areas, equipment layout, fire and
blast walls and passive fire protection drawings
Operating and maintenance philosophies
Deliverables
This technique permits the identification of hazards as well as potential, related fire and
explosion scenarios. It assists line management in the process of developing realistic,
cost effective, control and recovery measures which can be justified in terms of
reducing risks to personnel, environment, assets and production, to tolerable levels.
Deliverables take the form of a hazards and effects register, fire and explosion scenario
development sheets and a set of recommendations for actions needed to achieve
tolerable risk levels.
Overlap
PTS 60.0401
JUNE 2006
68
HAZOP, QRA (for complex studies).
Further Information
Group HSE MS Manual, PTS.60.0101

FIREPRAN, PTS.60.2302.
HAZID (Hazard Identification)
Objective
To identify at an early stage in a green or brownfield project or development plan the

major Hazards which must be removed or managed.
Method
A multi-disciplined team review of the overall project development proposal (including

infrastructure) plant design and operation together with its impact on the local
environment. The study uses a step-by-step methodology and a checklist of guide words
to identify hazards and assess the influence these hazards may have on the project
development strategy and design philosophy. The scope will encompass both current
and future life cycle issues.
Information pack on project, its potential scope and environmental issues. All available
conceptual and preliminary drawings and development plans.
Input of major hazards identified to Hazards and Effects Register together with
recommendations in priority order.
An initial statement on hazard manageability and assurance needs.
Further Information
Group HSE MS Manual, PTS 60.0101

HAZID, PTS.60.2004
HAZOP (Hazard and Operability Study)
Objective
PTS 60.0401
JUNE 2006
69
To identify the Hazards, Effects and Operability problems relating to the process design
and intended method of plant operation which must be removed or managed in the
operation.
Coarse HAZOP - Early study to identify basic flaws in design which would be
costly to correct later.
Main HAZOP - Primary vehicle for identification of hazards, effects and operability
problems. Held when the front end engineering design is almost complete so that
systems can be covered in detail.
Final HAZOP - Coverage of those systems not sufficiently developed for

consideration in the Main HAZOP, particularly vendor data, and a formal review of
action responses to previous HAZOPs.
Procedural HAZOP - Identification of hazards and operability problems arising

from procedures such as commissioning, maintenance and other non-continuous
procedures.
Health and environmental aspects must be included on the same basis as safety.
Method
A multi-disciplined team review using a structured step-by-step methodology with the

application of parameter and guide word combinations to sections (nodes) of the system
to identify hazards and operability problems normally with a facility but also with
procedures.
Coarse HAZOP - Large nodes concentrating on major issues, requires a team of

experienced senior engineers. The recommendations from a Coarse HAZOP may
involve significant changes to the design.
Main HAZOP - Rigorous application of the technique to relatively small nodes,

requires a team of experienced engineers with extensive project experience.
Final HAZOP - Rigorous application of the technique to relatively small nodes,

requires similar team as for Main HAZOP with the addition of vendor
representatives. At this stage recommendations should be concentrated on 'will it
work' rather than 'it would improve the safety of design to have'.
Procedural HAZOP - Application of specialised guide words to operating

procedures, requires a team similar to that for main HAZOP with greater emphasis
on operational personnel.
PTS 60.0401
JUNE 2006
70
Coarse HAZOP - Basic layouts, process flow schemes (PFS) and any
operating/control philosophies that are available.
Main HAZOP - Process and Utility Process Engineering Flow Schemes, (PEFS,
UEFS) Operating and Control Philosophies, Cause and Effect Diagrams, Process
Safeguarding Drawings, line lists, alarm and trip settings.
Final HAZOP EFS and Vendor drawings, data, previous HAZOP findings and
responses and any design changes since last HAZOP.
Procedural HAZOP - As for Main HAZOP and Operating Procedures.
Coarse HAZOP - Recommendations for adjustment to design options, QRA studies and
other supporting investigations. A risk ranking may be given to assist in prioritising the
actions. This list may be incorporated into the Hazards and Effects register for the
project.
Main HAZOP - Recommendations to amend the design to remove or reduce hazards

and operability problems. Categorisation of the recommendations into approximate risk
groups to assist in prioritising the actions. This list should be used to update the Hazard
register for the project.
Procedural HAZOP - Recommendations to amend the procedures to remove or reduce

hazards and operating problems. This will allow Safety Critical Procedures/Operations
to be identified.
Overlap
HAZOP is a stand alone process hazard and operability problem identification and
assessment (qualitative) tool.
Further Information

HAZOP, PTS.60.2209
HEALTH RISK ASSESSMENT (HRA)
Objective
PTS 60.0401
JUNE 2006
71
The identification of health hazards in the workplace and subsequent evaluation of risk
to health, taking account of existing control measures. Where appropriate, the need for
further measures to control exposure is identified.
Method
HRA consists of a number of steps:
Step 1 : Define management's role and responsibilities and allocate resources
Step 2 : Define structure for implementation (identify assessment units; assessment

team; job types; tasks; hazardous agents)
Step 3 : For each job type gather information on agents and their harmful effects;
nature and degree of exposure; screening and performance criteria
Step 4 : Evaluate the risk to health (assign severity rating and exposure rating)
Step 5 : Decide on remedial action
Step 6 : Record the health risk assessment
Step 7 : Review the health risk assessment.
Detailed information on hazards and effects (e.g. toxic properties of chemicals);

exposures (eg exposure levels to toxic chemicals); performance of existing controls;
information from health surveillance records, etc.
Deliverables
HRA, as a tool for use as party of a company's HEMP, assists to identify, evaluate and
control health risks related to the company's operations to a level 'as low as reasonably
practicable'. The recommendations emerging from the HRA provide the input into the
HSE Management System to ensure ongoing control of health risks and continual
improvement in health performance.
Further information:
Group HSE MS Manual, PTS60.0101

Health Risk Assessment; PTS 60.1400
JOB HAZARD ANALYSIS (JHA)
PTS 60.0401
JUNE 2006
72
Objective
Identification of potential problems within a job task that could lead to hazardous
situations
Elimination or reduction of the hazard by development of safe working procedures
PTS 60.0401
JUNE 2006
73
Method
The method is derived from Task Analysis. It is a structured step-by-step team analysis
of the job. Initially the job is broken down into individual steps which are then analysed
sequentially to identify potential injuries to personnel, damage to equipment and
pollution of the environment. The controls and preventative measures are considered
and if found to be inadequate remedial recommendations are made. Consideration is
also given to the establishment of recovery measures if necessary.
Job description, plans and drawings. Historical records of accidents and near misses.
Team members with technical competence relevant to the job being analysed.
Deliverables
Step-by-step analysis of each job highlighting potential departures from normal

practice, with associated hazards and recommendations for remedial action. The
analysis also identifies the accident prevention responsibilities for key personnel. The
report can also be used as the basis for the development/ modification of
operating/working procedures.
Overlap
Job Hazard Analysis is a stand alone technique but is often used in configuration with
PTW system.
Further Information

Job Hazard Analysis, PTS. 60.2005
PTS 60.0401
JUNE 2006
74
PHYSICAL EFFECTS MODELLING (PEM)
Objective
To model the physical behaviour of the potential release of a hazardous fluid or

substance and subsequent related events to determine a measure of the effect, in terms
of loading, on people, the environment and assets for each potential outcome.
Method
The physical effects, such as dispersion, explosion over pressures and heat radiation are
calculated as input to assess potential extent of loss of life or damage. Use of step-by-
step modelling allows potential escalation scenarios to be assessed.
Detailed information on: physical properties, such as density and toxicity;

environmental factors, such as wind velocity, humidity ambient temperature, and
geometrical obstructions, confinement, etc. Information on process flows and any
mitigating measures, such as inventory ESD or blowdown systems. Access to
sophisticated consequence modelling computer programs, eg FRED, HG SYSTEMS
and SCOPE.
Deliverables
Data on the potential consequential loadings of previously identified hazardous

scenarios with respect to the potential effects to personnel, the environment and the
facilities.
Overlap
Input data for Physical Effects Modeling can be generated from hazard identification
techniques contained in FIREPRAN, QRA and HAZOP. Physical effects modeling
may be used as an aid to Quantitative Risk Assessment, (QRA), FIREPRAN, PHR,
Plant Layout Methodology (PLM) and Fire and Explosion Analysis (FEA). Output from
physical effects modeling will provide input to physical response assessment (eg SCA)
and consequent modeling.
Further Information
Group HSE MS Manual., PTS 60.0101

Physical Effects Modeling, PTS 60.2211
PTS 60.0401
JUNE 2006
75
PROCESS HAZARD REVIEW (PHR)
Objective
An assessment of the safety status of existing process plant. It is intended for use when
a plant has been in operation for a considerable time and/or has undergone equipment
modifications and operation changes. It is used to provide an HSE Assurance report for
ongoing operations in advance of major modifications or for life extension evaluations.
Method
PHR is an 'expert review' led by an experienced leader, containing design engineers but
heavily weighted towards plant operators and maintenance staff. The review primarily
focuses on potential causes of 'loss of containment'. The study progresses through the
plant looking at each major equipment items, applying a leader's checklist (aide-
mémoire) of causes of loss of containment. The current design and operation of the
plant is assessed and a critical examination made of the revision history to identify any
causes of release resulting from changes to the design and operation of the equipment
item since commissioning. The team also reviews any hazards arising from variations
(due to the age of the plant) from current design or operating standards.
The technique assumes that most of the drawings are near to current status. The
meetings are normally held on the plant with regular site visits to check any details not
'as built' on drawings. The latest version of the Process Engineering Flow Schemes
(PEFS) is used as the major study document to ensure complete coverage of the scope
of the study. Additional information required includes the cause and effect diagrams
and the full revision history and incident reports for the plant together with changes in
the operating envelope and operation/maintenance procedures. The expertise of the
team is of critical importance. Where data are incomplete the PHR technique is
applicable but success relies heavily on the study team containing operating staff with
considerable depth of experience and knowledge of the plant throughout its operating
life.
Deliverables
A report showing the identified hazards, their causes and the concern of the team
together with recommendations for any remedial action including, if appropriate, more
detailed HAZOP in discrete areas.
Overlap
HAZOP, PTS 60.2209

FIREPRAN, PTS 60.2302
PTS 60.0401
JUNE 2006
76
HSE Assurance Guideline, PTS 60.0301
PTS 60.0401
JUNE 2006
77
PLATFORM LAYOUT METHODOLOGY (PLM)
Objective
Provision of an auditable framework within which the essential processes in the

development of an offshore platform topsides layout can be structured.
Method
Establishment of the 'functional shape' of the facility with due regard to safety and
operational constraints
A structured approach is used to select layout preferences based on the inherent active
and reactive behaviour characteristics of equipment items with due regard for
separation distances and physical barriers
Consideration of previously identified hazardous scenarios to identify those which are

highly likely to reach adjacent areas of the facility.
Facility layout drawings and any available information from physical effect and
consequence modelling.
Deliverables
A structured auditable description of the development of an offshore platform topsides

layout.
Overlap
Input data from PEM and consequence modeling.
RISER
Objective
Assessment of risks of pipeline riser on or near platforms with comparative risk

analysis to assess the benefits of subsea valve installation on pipelines.
Method
The method is based on the following steps (using the information required described
below):
PTS 60.0401
JUNE 2006
78
definition of release cases using clear selection rules
failure frequency estimation (using a standard historical data set modified where
needed to allow for local factors)
consequence modelling (from release rate calculations using models for dispersion,
jet fires, explosions, etc)
impact assessment (determination of fatalities/damage and probabilities followed by

event tree analysis)
risk calculation (determination of total risk for the riser system).
Platform and pipeline engineering data, personnel numbers and distribution,

environmental data and evacuation systems.
Deliverables
Data on the comparative risk expressed as Potential Loss of Life (PLL)
Overlap
Input data from hazard identification techniques such as FIREPRAN, Quantitative Risk
Assessment (QRA) and Hazard and Operability Studies (HAZOP).
Output data are used in Quantitative Risk Assessment (QRA), FIREPRAN, Plant
Layout Methodology (PLM) and Fire and Explosion Analysis (FEA).
SAFOP (Electrical Safety and Operability Study)
Objective
Identification of potential hazards to personnel in the vicinity of electrical systems.

Critical assessment of electrical network and plant design and analysis of operator
actions to determine areas of potential operator error. Making recommendations to
eliminate or reduce risks.
Method
A multi-disciplined team and a structured step by step methodology are used.
SAFAN - Hazards present in construction, commissioning and operation of

electrical systems are examined in relation to the safety of personnel in the vicinity.
PTS 60.0401
JUNE 2006
79
SYSOP - Examination is made of the control systems, the main items of plant and
their auxiliaries in relation to any limitations and their effects on the overall system
operability.
OPTAN - Considers probable tasks to be under taken during normal and upset
conditions. The usability of equipment and clarity of instructions are reviewed with
the aim of reducing the potential for human error as low as is reasonably
practicable.
Detailed electrical system design and layout drawings, control circuit diagrams, system
designs and functional specifications, and electrical system operating and emergency
procedures.
Deliverables
Report detailing the findings of the audit and where necessary making
recommendations categorised as 'Strongly Recommended', 'Advice' or call for further
information 'Information Required'.
Overlap
SAFOP is a stand alone technique but it has some overlap with Job Hazard Analysis
PTS. 60.2005, Human Factors Analysis PTS.60.0103 and Procedural HAZOP. PTS
60.2209
SMOKE INGRESS ANALYSIS (SIA)
Objective
Determination of the rate of build-up of gases and smoke in and around designated
Temporary Refuges (TRs) and the effect this will have on TR integrity and the ability of
occupants to survive. The SIA is an integral part of Escape Evacuation and Rescue
Analysis/Temporary Refuge (EERA/TR) but is so significant that it has been
documented separately.
Method
Input on the type size and duration of potential fires is taken from the Fire and
Explosion Analysis (FEA). Each scenario will then be analysed to determine the
concentration of smoke and gases at the boundary of the TR and subsequently the build-
up inside and around the TR. Consideration is given to the dilution and dispersion
effects that may occur between the fire source and the TR. Assessment is also made of
PTS 60.0401
JUNE 2006
80
the leak paths and any localised over or under pressures caused by wind effects in order
to determine the rate of ingress to the TR. If available, actual installation test data are
used to increase the realism of the SIA.
Installation layout drawings, details of TR construction and the details of the fire
scenarios from the FEA. Leak test data for the TR.
PTS 60.0401
JUNE 2006
81
Deliverables
Identification of scenarios that have the potential to effect significantly the TR in terms
of smoke or gas ingress at build-up rates which would impair TR integrity or impact on
the emergency response capability.
Overlap
The results from the SIA are be used in TR/EERA analyses.
Further Information
STRUCTURAL CONSEQUENCE ANALYSIS (SCA)
Objective
Assessment of the response of a structure under fire conditions. Determination of the

extent of any failure under fire loading and, if necessary, proposal of remedial
measures.
Method
Coarse analysis is based on determining the time to failure of the structure from linear
elastic techniques. This analysis determines those structures which are critical and
which should be the subject of more detailed analysis.
Detailed analysis is based on non-linear analysis methods. These allow the true collapse
load of the structure to be estimated by modelling elastic-plastic behaviour of the
structure at elevated temperatures. The USFOS analysis program may be used for these
studies.
Details of potential fires from FEA, data on the type and layout of existing fire
protection facilities. Detailed structural drawings.
Deliverables
Report on the ability of the structure to withstand the fire scenarios identified. This will
reveal if there exists the potential exists for fire to lead to progressive collapse of the
structure or loss of the TR within the required endurance period. If necessary
recommendations for remedial actions and distribution of protective equipment should
be made.
Overlap
PTS 60.0401
JUNE 2006
82
Input data is required from Fire and Explosion Analysis (FEA) and physical effects
modelling. SCA may be used in QRA.
Further Information
TEMPORARY REFUGE/ESCAPE, EVACUATION AND RESCUE ANALYSIS
(TR/EERA)
Objective
Analysis of escape to TR, the provisions within the TR system, and Evacuation, Escape
and Rescue with respect to the major scenarios previously identified for comparison
against respective acceptance standards highlighting critical elements and revealing any
shortfalls.
Method
The EERA/TRA comprises three related elements:
a goal analysis which considers how the goals for the EER process will be satisfied
in likely EER situations as a basis for determining the adequacy of the proposed
arrangements
an escape and evacuation time analysis which considers the time needed to
complete all phases of the EER process under conditions which may be present
when there is a need for EER
a TR impairment analysis to determine the frequency that the TR and related

evacuation facilities will be impaired.
Detailed information on the TR/EERA provisions and details of the major hazard
scenarios identified. Details of installation layout including muster stations, refuges,
evacuation points and escape to sea facilities. Input data from Fire and Explosion
Analysis (FEA), Smoke Ingress Analysis (SIA) and Emergency Systems Survivability
Analysis (ESSA).
Deliverables
A formal record of the EER facilities and arrangements with details of the direct and
escalated impact of the identified hazard scenarios coupled with considerations on the
likelihood of their occurrence.
Overlap
PTS 60.0401
JUNE 2006
83
Input data required from FEA, SIA and ESSA. The results of the TR/EERA may be
used in the QRA.
PTS 60.0401
JUNE 2006
84
TRIPOD-BETA
Objective
To facilitate accident or incident investigation and analysis by providing the means to

assemble and manipulate investigation information into a logical structure consistent
with the Tripod accident causation model and the hazards and effects model of SMS
(HSE MS).
Method
A PC tool which provides the means to record information from the investigation,
linking related information on events, people, damage, locations, etc. Information is
transferred to a screen where it can be manipulated and linked as nodes in a BETA tree.
Nodes are classified, the connecting logic tested and anomalies flagged for amendment.
Nodes are assigned General Failure Type (GFT) / Basic Risk Factor (BRF)
classifications.
Accident or incident investigation data.
Deliverables
A draft report for final editing, presenting salient details of the events, actual and
potential damage, failures and identified causes
A BETA tree diagram
GFT profile for the accident/incident.
Overlap
Tripod-BETA is a stand-alone technique.
Further Information
TRIPOD-DELTA
Objective
PTS 60.0401
JUNE 2006
85
The proactive identification of potential latent failures that could lead to hazardous
situations and the development of remedial actions to be taken to reduce or eliminate
such hazards.
Used where there are few incidents providing information on causation therefore tries
to avoid 'requiring incidents to improve'.
Method
Development of indicator question database. These are used in the form of yes/no
answer questions to reveal the presence of General Failure Types (GFT) / Basic Risk
Factor (BRF) in the operation or organisation
Tripod-DELTA Profiling-derivation of checklists based on the indicator questions,

answering of indicator questions, analysis of answers. Results are presented as a Failure
State Profile. The analysis identifies those areas where remedial action is required.
Access to personnel with detailed working knowledge of the operation or organisation

being analysed.
Deliverables
The Failure State Profile indicates the extent to which each of the 11 GFT/BRFs is
present in the system under study. This allows remedial actions to be prioritised.
Overlap
Tripod-DELTA is a stand alone technique.
Further Information
Group HSE MS Manual, PTS60.0101
PTS 60.0401
JUNE 2006
86
APPENDIX V - SEVERITY RATING FOR RISK MATRIX
Table V.1 - Example of further definition of consequence - severity rating

for risk matrix
Severity People Assets*, Equipment

Injury Health
Potenti Definition Potential Definition Potential Definition
al Impact Impact
Impact
0 No No injury No injury No injury No damage No damage
injury or damage or damage to
to health to health equipment
1 Slight Not Slight Not Slight No
injury detrimental injury affecting damage disruption
to work minimum
individual performan cost of
employabili ce or repair
ty or to the causing
performanc disability
e of present - Agents
work not
hazardous
to health
2 Minor Detrimental Minor Affecting Minor Possible
injury to the injury/ work damage brief
performanc illness performan disruption
e of present ce, such of the
work, such as process;
as restriction isolation of
curtailment to equipment
of activities activities for repair
or some (Restricte
calendar d Work
days to Case) or a
recover need to
fully, take a few
maximum calendar
one week days to
recover
fully -
Agents
which
have
limited
PTS 60.0401
JUNE 2006
87
health
effects
which are
reversible,
eg
irritants,
many
food
poisoning
bacteria
3 Major Leading to Major Resulting Localised Plant partly
injury permanent injury/ in damage down;
partial illness permanent process can
disablement partial (possibly)
or unfitness disability be restarted.
for work or or
detrimental affecting
to work
performanc performan
e of work ce in the
over longer
extended term, such
period, such as a
as long prolonged
term absence
absence from work
- Agents
capable of
irreversibl
e damage
without
serious
disability,
e.g. noise,
poorly
designed
manual
handling
tasks
4 Single Alternativel Permanen - Agents Major Partial loss
fatality y victim t total which are damage of plant;
with disability capable of plant shut
permanent or fatality irreversibl down for at
total (small e damage most two
disablement exposed with weeks
PTS 60.0401
JUNE 2006
88
or unfitness populatio serious

for work. n) disability
Also or death,
includes the eg
possibility corrosives
of multiple , known
fatalities human
(maximum carcinoge
3) in close ns
succession
due to the
incident,
e.g.
explosion
5 Multipl May Multiple -Agents Extensive Total loss of
e include four fatalities with damage the plant;
fatalitie fatalities in potential extensive
s close to cause damage
succession multiple
due to the fatalities,
incident, or eg
multiple chemicals
fatalities with acute
(four or toxic
more) each effects (eg
at different hydrogen
points sulphide,
and/or with carbon
different monoxide
activities¦ ), known
human
carcinoge
ns,
* Assets are understood as referring to: the oil and gas reservoirs, production facilities,
pipelines, money, capital, and other OPU/ JVs and third party property
PTS 60.0401
JUNE 2006
89
Table V.1 Example of further definition of consequence - severity rating for risk
matrix (continued)
Severity Environment Reputation

Potential Definition Oil Contamination Potential Definition
Impact per incident (litres) Impact
Sensitive Offshore
areas
0 No effect No Several No impact No public
environmen awareness
tal risk, no
financial
consequenc
es
1 Slight Negligible <10 0-100 Slight Public
effect financial impact awareness
consequenc of the
es, local incident*
environmen may exist;
tal risk there is no
within the public
fence and concern
within
systems
2 Minor Contaminati <100 100 - Limited Some local
effect on, damage 1,000 impact public
sufficiently concern;
large to some
affect the complaints
environmen received;
t, single slight local
exceedance media
of statutory and/or local
or political
prescribed attention
criteria, with
single potentially
complaint, negative
no aspects for
permanent OPU
effect on the operations
environmen
t
3 Localise Limited loss 100 - 1,000- Considera Regional
d effect of 1,000 10,000 ble impact public
PTS 60.0401
JUNE 2006
90
discharges concern;
of known numerous
toxicity, complaints;
repeated extensive
exceedance negative
of statutory attention in
or local media;
prescribed slight
limit and national
beyond media
fence/neigh and/or
borhood local/region
al political
attention
with
possible
negative
stance of
local
government
and/or
action
groups
4 Major Severe 1000 - 10,000 - National National
effect environmen 10,000 100,000 impact public
tal damage, concern;
the Opco is continuing
required to complaints;
take extensive
extensive negative
measures to attention in
restore the national
contaminate media
d and/or
environmen regional/nat
t to its ional
original politics with
state. potentially
Extended restrictive
exceedance measures
of statutory and/or
or impact on
prescribed grant of
limit licences;
mobilisation
PTS 60.0401
JUNE 2006
91
of action
groups
5 Massive Persistent >10,000 >100,000 Internation Internationa
effect severe al impact l public
environmen attention;
tal damage extensive
or severe negative
nuisance attention in
extending internationa
over a large l media and
area. In national/inte
terms of rnational
commercial politics;
or potential to
recreational harm access
use or to new
nature areas, grants
conservancy of licences
, a major and/or tax
economic legislation;
loss for the concerted
Opco. pressure by
Constant action
high groups;
exceedance adverse
of statutory effects in
or OPUs in
prescribed other
limit countries
The above table is an example for crude oil contamination. For other chemical
discharge criteria, environmental experts should be consulted.
Incidents relating to air, noise, small, light and soil vibrations should be addressed on
the basis of expert judgment and, in the case of uncertainty, local expertise may be
called in.
* 'Incident' as used in Severity level 1 must be seen as the source of the concern for all
severity levels. It is defined in the glossary but recognise it includes an
environmental problem, an event or chain of events which has caused or could have
caused spills, leaks, complaints, public concern, issue debates, failing to follow
commitments and so forth.
PTS 60.0401
JUNE 2006
92
'Public' must be seen as encompassing a wide range including 'opinion formers', e.g.
environmental scientists; groups; politicians; authorities (of various types); media
(scientific general)
PTS 60.0401
JUNE 2006
93
APPENDIX VI
WHEN TO USE QRA
Quantified Risk Assessment (QRA) is used to:
• assist in reducing risks
This is done by identifying areas of high risk or identifying areas where risk can be
further reduced.
• assist in option selection by ranking options in terms of risk
• assess the cost-effectiveness of risk-reducing measures
• assist in the demonstration and achievement of ALARP
• act as an aid to communication with the workforce and third parties regarding their
impact on risk and their exposure to risk
• indicate whether or not risks are tolerable
• comply with legislation and company policy.
Guidance is given below which addresses the cases when QRA is likely to be of benefit
and when it is not. Each individual case should be treated on its merits. Further advice
is given in PTS.60.2210
VI.1 PROJECTS FOR WHICH QRA IS LIKELY TO BE BENEFICIAL
VI.1.1 Project identification phase - comparative coarse QRA
All projects onshore or offshore for which several options have been identified which
are considered to have significantly different risks. A risk assessment should be
undertaken early in a project development (in some cases this may be during the
prospect stage, if for instance, novel technology is used). A comparison of risks
associated with, for example, onshore versus offshore processing, manned versus
unmanned facilities, platform versus subsea installation, location and operating strategy
of onshore installations, etc may be effectively studied using QRA.
PTS 60.0401
JUNE 2006
94
VI.1.2 Definition phase - project specification - detailed QRA
During the definition phase, a more detailed risk assessment may be required to:
(i) assist with final major decision-making with respect to design options
(ii) provide a basis for further design optimisation during completion of conceptual
engineering and detailed engineering and (ultimately) to reach risk levels
regarded as As Low As Reasonably Practicable (ALARP)
(iii) confirm to senior management, shareholders and the Regulator that risk criteria
will be achieved.
At the end of detailed engineering, ie when all optimisation has been completed, the
risk assessment is issued in the form of a final report for input to the HSE Case. This is
intended to demonstrate that the risk criteria have been achieved and this risk is as low
as reasonably practicable.
The above is particularly applicable to:
• all offshore permanently manned installations
This is the case unless the layout is so well spaced-out that the workforce is for the
majority of the time outside the maximum effect area of the high pressure
hydrocarbon production/process facilities and the risk of escalation is considered
to be negligible.
• onshore plants
This is where the public is within the maximum effect radius and/or where the
plant is complex and the hydrocarbon processing equipment cannot be spaced to
minimise the risk of escalation.
• studies to compare transport and manning philosophy options
If the option under development has significantly different operating philosophies

to those considered during the comparative QRA in the project identification
phase.
VI.1.3 Operations Phase
EXISTING FACILITIES
Any facility or operation which is considered to be safety critical and for which there
are doubts as to whether or not the risks have been reduced to as low as reasonably
PTS 60.0401
JUNE 2006
95
practicable. A QRA study would assist in the identification of high-risk areas and the
ranking of risk reduction measures, identify the need for modifying the operating
philosophy (e.g. MOPO), and increase the awareness of the workforce of the risks they
are exposed to and have influence over.
UPGRADES TO EXISTING FACILITIES
Plant modifications which will result in significant risks during construction and/ or
which are expected to increase significantly the risk level during operations. The need
for an additional or revalidated risk assessment at the time of proposed upgrades or
refurbishments has to be considered. In cases where the proposals are viewed as having
a minimal impact on safety or asset integrity, no additional work will be necessary.
However, for some modifications the earlier risk assessment will require reviewing and
additional risk assessment may be required.
VI.2 PROJECTS FOR WHICH QRA IS NOT LIKELY TO BE BENEFICIAL
QRA would not usually be used for Not Normally Manned offshore installations and
onshore facilities, except in connection with the determination of the operating
philosophy unless:
• the equipment spacing allows escalation
• the facility has a high strategic or asset value
• there are environmental concerns
• the public is in permanently occupied areas within the maximum effect radius
• it is a legal requirement
• several expensive risk reduction measures have been identified whose relative
effectiveness is not obvious.
In other cases, physical effects modelling combined with other non-quantitative

methodologies may be sufficient to manage the hazards.
PTS 60.0401
JUNE 2006
96
GLOSSARY
For the purposes of these HSE Guidelines, the following definitions apply.
acceptance Expresses the level of health, safety and/or environmental

criteria performance deemed acceptable for a given period or phase of
activities. They may be defined both in quantitative and
qualitative terms.
accident An 'incident' where the potential for harm is realised.
activity Work to be carried out as part of a process characterised by a set
of specific inputs and tasks that produce a set of outputs to meet
customer requirements.
activity The documentation of an activity outlining its hazard management
specification objectives, the methods to achieve the objectives, the business
sheet controls to ensure achievement of the objectives and the person
accountable for achievement of the objectives.
acute effect An effect that occurs suddenly and or in a short time following
exposure.
As Low As This is level, objectively assessed, where the time, effort,
Reasonably difficulty and cost of further reduction measures becomes
Practicable disproportionate to the additional risk reduction from the
(ALARP) incremental efforts.
assessment (or The process of analysing and evaluating hazards involving both
evaluation) causal and consequence analysis leading to the determination of
likelihood and risk.
barrier A measure put in place to prevent the release of a hazard. Barriers
may be physical (shields, isolation, separation, protective devices)
or non-physical (procedures, warnings, training, drills).
'bow-tie' A pictorial representation of the management of a hazard and its
diagram effects towards minimizing the consequence(s) arising from its
“loss of control or containment” or a hazardous event. The left
hand side of the diagram is constructed from the fault tree (causal)
analysis and involve those threats associated with the hazard, the
controls associated with each threat and any factors that escalate
likelihood. The right hand side of the diagram is constructed from
the hazard event tree (consequence) analysis and involves
escalation factors and recovery preparedness measures. The
centre of the bow tie is commonly referred to as the ‘top event’.
causal analysis The process of determining potential combinations of
circumstances leading to a top event.
chronic release The continuous or ongoing release of a hazard normally in the
form of a discharge, emission or exposure.
company An organisation engaged, as principal or contractor, directly or
indirectly, in the exploration for and production of oil and/or gas.
For bodies or establishments with more than one site, a single site
PTS 60.0401
JUNE 2006
97
may be defined as a company.

cost benefit The means used to assess the relative cost and benefit of a number
analysis of risk reduction alternatives. The ranking of the risk reduction
alternatives evaluated is usually shown graphically
critical Activities that have been identified by the Hazards and Effects
activities Management Process as vital to ensure asset integrity, prevent
incidents, and/or mitigate adverse HSE effects.
defences All controls, barriers and recovery preparedness measures, in
place to manage a hazard before and after its release, loss of
control / containment or hazardous event.
environment The surroundings and conditions in which a company operates or
which it may affect, including living systems (human and other).
environmental The result of a direct or indirect impingement of the activities,
effect products and services of the company upon the environment,
whether adverse or beneficial.
environmental A documented evaluation of the environmental significance of the
effects effects of the company's activities, products and services (existing
evaluation and planned).
escalation An increase in the consequences of a hazardous event.
escalation Measures put in place to block or mitigate the effects of escalation
control factors. Types include guards or shields (coatings, inhibitors,
shutdowns), separation (time and space), reduction in inventory,
control of energy release (lower speeds, safety valves, different
fuel source) and non-physical or administrative (procedures,
warnings, training, drills).
escalation factor A condition that leads to increased risk associated with the loss of
controls or loss of recovery capabilities (mitigation or life saving).
Escalation factors include: abnormal operating conditions, e.g.
maintenance mode, operating outside design envelope;
environmental variations, e.g. extreme weather and tidal
conditions; failure of barriers, e.g. maintenance failure, result of a
prior event like explosion or fire, introduction of an ignition
source; human error, e.g. lapses, violations; no barrier provided,
e.g. not possible or too expensive. Escalation Factors may
concurrently affect the control and/or recovery of more than one
hazard.
evaluation see 'assessment'
event An occurrence or situation represented as a node in event and
fault trees (e.g. gas leak, status of gas detection system, status of
ESD system).
event tree A tree-like diagram consisting of nodes and connecting lines used
to formulate potential escalation scenarios. The nodes correspond
to the different stages in an escalating incident sequence, and the
two lines which lead out of the nodes correspond to the paths of
success or failure in mitigation of the incident. Event tree analysis
PTS 60.0401
JUNE 2006
98
evaluates the potential outcomes following a hypothetical top

event. With event trees one looks 'forward' in time to determine
what could occur, e.g. consequence of an event.
fault tree A tree-like diagram showing how hardware faults and human
errors combine using 'and/or' logic to cause system failures. When
quantified, fault trees allow system failure probability to be
calculated. With fault trees one looks 'backwards' in time to
determine what has to happen for an event to occur.
hazard The potential to cause harm, including ill health and injury,
damage to property, products or the environment; production
losses or increased liabilities.
hazard analysis The systematic process of developing an understanding of a
hazard through hazard identification, assessment and risk
determination.
hazard The process whereby the results of an analysis of a hazard are
assessment considered against either judgment, standards, or criteria which
have been developed as a basis for decision making.
hazardous event The 'release' of a hazard. The undesired event at the end of the
fault tree and at the beginning of an event tree. The centre point in
a Hazard 'Bow-Tie' where one hazardous event is followed by
others, then the 'Top Event' is the first hazardous event. (see Top
Event) Hazardous events include: Loss of Containment, Structural
Failure, Dropped Objects, Exceeding Occupational Exposure
Limit, Loss of Control, Falls to Same Level, Falls to Lower Level,
Oxygen Deficiency, Loss of Separation, Electrical Shock, and
Explosion.
Hazards and The structured hazard analysis methodology involving hazard
Effects Identification, Assessment, Control and Recovery and comparison
Management with screening and performance criteria. To manage a hazard
Process completely requires that all four steps must be in place and
(HEMP) recorded.
Hazards and A hazard management communication document which
Effects Register demonstrates that hazards have been identified, assessed, are
being properly controlled with recovery measures in place in the
event loss of control situation.
Health, Safety The company structure, responsibilities, practices, procedures,
and processes and resources for managing health, safety and
Environment environmental in the business.
Management
System (HSE
MS)
Health, Safety The broad goals, arising from the HSE policy, that a company sets
and itself to achieve, and which should be quantified wherever
Environment practicable.
(HSE) An objective means a goal the organisation wishes to achieve over
PTS 60.0401
JUNE 2006
99
strategic the long-term. It provides a basis for assessing / measuring

objectives progress and achievements. Strategies provide the framework for
plans to achieve the objectives used as a screen for possible plans.
Health, Safety A statement of the intentions and principles of action by the
and company regarding its health, safety and environmental effects,
Environment giving rise to its strategic and detailed objectives.
(HSE) Policy
HMSO Her Majesty Stationery Office
HSE Case A demonstration of how the Company HSE objectives are being
met in a methodical and auditable reference document. A
completed Case will provide a reference document to all
information relevant to the safety and health of the operation's
personnel, environment and resources on an installation.
incident An unplanned event or chain of events, which has the potential to
cause an injury, illness and/or damage (loss) to assets, the
environment or third parties. (The word 'accident' is used to
denote an incident, where the injury, illness and/or damage is
realized i.e. happened /occurred. In this manual, the Term
‘incident’ embraces the concept of ‘accident’ and ‘near miss’) An
incident involves the release of a hazard.
initiating factor the agent that causes the hazard’s release / loss of control
likelihood The process of estimating the probability / chance of an event.
analysis Also referred to as probability analysis.
mitigation Measures taken to reduce / minimize the consequences associated
with a hazardous event. Mitigation measures include:
'active' systems intended to detect and abate incidents (gas, fire,
and smoke alarms, shutdowns, deluge)
'passive' systems intended to guarantee the primary functions (fire
and blast walls, protective coatings, drain systems) and
'operational' systems intended for emergency management
(contingency plans, training, drills).
performance the measurable standards set to assess an activity or system
criteria element (Some companies may refer to performance criteria as
goals or targets.)
performance Comparative, quantitative measures of actual events, against
indicator previously specified targets, which provide a qualitative
indication of future projected performance based on current
achievement.
physical effects The estimation of the magnitude of a potential 'top event' using
modelling mathematical models and correlations. The models and
correlations are typically design tools, such as: dispersion, fire-
heat flux and temperature versus time, explosion overpressures
and structural response.
prevention Complete elimination a threat, escalation factor or a hazard.
procedure A documented series of steps to be carried out in a logical order
PTS 60.0401
JUNE 2006
100
for a defined operation or in a given situation

process A logical sequence of inter-related activities.
Quantitative Quantitative evaluation of the risk associated with a system
Risk design, irrespective from human, hardware or software failures, or
Assessment environmental events, or from combinations of such
(QRA) failures/events.
recovery All technical, operational and organisational measures that limit
preparedness the chain of consequences arising from the first hazardous event
measures (or 'top event') or recover from the loss of control situation. These
(sometimes can
'recovery 1) reduce the likelihood that the first hazardous event or 'top
measures') event' will develop into further consequences and
2) provide life saving capabilities should the 'top event' develop
further
risk A term which combines the chance that a specified undesired
event will occur and the severity of the consequences of the event.
risk A rating used to derive an appreciation of the relative risk from a
classification hazard. The Risk Matrix may be used to assist to determine this
rating. Both the relative probability and the potential consequence
are categorised by 5 point scales. The product of the two is the
risk classification.
risk matrix The matrix portraying risk as the product of probability and
consequence, used as the basis for qualitative risk determination.
Considerations for the assessment of probability are shown on the
horizontal axis. Considerations for the assessment of consequence
are shown on the vertical axis. Four consequence categories are
included: impact on people, assets, environment and reputation.
Plotting the intersection of the two considerations on the matrix
provides an estimate of the risk.
routine release See 'chronic release'.
safe A condition in which all hazards inherent in an operation have
either been eliminated or are controlled such that their associated
risks are both below a tolerable threshold and are reduced to a
level which is as low as reasonably practicable.
screening The values or standards against which the significance of the
criteria identified hazard or effect can be judged. They should be based on
sound scientific and technical information and may be developed
by the company and industry bodies, or provided by the
regulators.
shortfall An area for improvement.
statement of An affirmation by the asset holder that (HSE) conditions are
fitness satisfactory to continue operation.
task A set pattern of operations, which alone, or together with other
tasks, may be used to achieve a goal.
threat A cause that can cause the release a hazard to produce an incident.
PTS 60.0401
JUNE 2006
101
Threat classes include damage caused by: thermal (high

temperature), chemical (corrosion), biological (bacteria), radiation
(ultraviolet), kinetic (fatigue), electrical (high voltage), climatic
condition (poor visibility), uncertainty (unknowns) or human
factors (competence).
threat barrier Measures put in place to block the effect of a threat. Types
include guards or shields (coatings, inhibitors, shutdowns),
separation (time and space), reduction in inventory, control of
energy release (lower speeds, safety valves, different fuel source)
and administrative (procedures, warnings, training, drills).
tolerability Expresses the level of risk deemed tolerable / acceptable to the
criteria company for a given period or phase of activities. May be
expressed qualitatively or represented quantitatively on the Risk
Matrix by shaded areas.
top event The 'release' of a hazard. The undesired event at the end of the
fault tree and at the beginning of an event tree. The centre point in
a 'Bow-Tie' Diagram.
worst case The worst possible HSE consequence in terms of harm resulting
consequence from a hazardous event. For this to occur, all critical defences in
place must have failed.
REFERENCES
1 Health Risk Assessment, PTS 60.1400.
2 Chemical Management Program, PTS 60.1502.
3 Ionising Radiation, PTS 60.1507.02
4 Medical Emergency Management, PTS 60.1501.01.
5 Standards for Clinical Services, E&P Forum.
6 Group HSE MS Manual, PTS 60.0101
7 ISBN 0 11 8859889 Successful Health and Safety Management, UK Health and

Safety Executive, HMSO, 1991.
8 Incident Investigation, PTS 60.0501
PTS 60.0401
JUNE 2006

PTS 60.0401 HSE Hazards and Effects Management Process

Uploaded by

Copyright:

Available Formats

PTS 60.0401 HSE Hazards and Effects Management Process

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PTS 60.0401 HSE Hazards and Effects Management Process

Uploaded by

Copyright:

Available Formats

1

PETRONAS TECHNICAL STANDARDS

HEALTH, SAFETY AND ENVIRONMENT

HAZARDS AND EFFECTS MANAGEMENT

The right to use PTS rests with three categories of users:

1) PETRONAS and its affiliates

3) Contractors/subcontractors and Manufacturers/Suppliers under a contract with users

AMENDMENT RECORD SHEET

Chap. Section Description Issue Date Revision Date Approve

All All PTS 60.0301 1 June0 0 0 IGA

All All PTS 60.0401 2 June0 1 June IGA

Hazards and Effect Management Process (HEMP) is a portfolio of tools and

The objectives of this guide are to:

• provide a general overview of the Hazards and Effects Management Process

• describe the tools and techniques most commonly used in PETRONAS

• provide guidance on the integrated application of the tools and techniques

This document, PTS.60.0401, describes:

• in summary the various structured review techniques available in Petronas to

1.1 ELEMENTS OF THE HSE MANAGEMENT SYSTEM

The HSE Management System contains the following elements:

• Leadership and Commitment

• Policy and Strategic Objectives

• Organisation, Responsibilities, Resources, Standards and Documentations

• Hazards and Effects Management Process (HEMP)

• Planning and Procedures

• Implementation and Monitoring

The Hazards and Effects Management Process (HEMP) is central to the

1.2 TOOLS FOR THE HAZARDS AND EFFECTS MANAGEMENT

1.2.1 Selection of tools

Codes, standards, checklists, as well as individual experience and judgement are

1.2.2 Application and competence

Successful application of a technique is largely dependent on the experience of

Health, Safety and Environmental management is no different from any other

2 HAZARDS AND EFFECTS TERMINOLOGY

This chapter provides an overview of the more common terminology and

A comprehensive list of terms and their definitions is provided in the glossary of

2.1 HAZARDS, EFFECTS AND INCIDENTS

A hazard is defined as:

using common techniques. Hazards should not be confused with hazardous

In environmental terms, 'chronic' effects are sometimes referred to as 'routine'

The (undesired) release of a hazard is a hazardous event. If the hazardous event

An incident is an unplanned event or chain of events, which has the potential to

2.2 THREATS AND BARRIERS

A threat in the context of this document is something that could potentially

To prevent a threat or combination of threats ultimately resulting in the release

Barriers may be physical (shields, isolation, separation, protective devices) or

2.3 CONSEQUENCES, MITIGATION AND RECOVERY PREPAREDNESS

Rupture and Leak

First Hazardous Event

Inspection Corrosion Detection Detection Plant Detection

Threat Barriers Recovery Preparedness

Figure 2.1 Terminology: Acute or incidental release (safety example)

Examples: Treatment system

First Hazardous Event

Auto Level Procedures Alarm System Divert to Plant Clean-up

Threat Barriers Recovery Preparedness Measures

Figure 2.2 Terminology: Chronic or routine release (environment

First Hazardous Event

* OEL Occupational Exposure Limit