PTS 60.0401 HSE Hazards and Effects Management Process
PTS 60.0401 HSE Hazards and Effects Management Process
PTS 60.0401 HSE Hazards and Effects Management Process
PTS 60.0401
JUNE 2006
Rev 1
PTS 60.0401
JUNE 2006
2
PREFACE
Petronas Technical Standards (PTS) are based on the experience acquired during the involvement with
the design, construction, operation and maintenance of processing units and facilities. Where appropriate
they are based on, or reference is made to, national and international standards and codes of practice. The
objective is to set the recommended standard for good technical practice applied by PETRONAS in oil
and gas production facilities, oil refinery, gas processing, chemical plants, marketing facilities or any
other such facility, and thereby to achieve maximum technical and economic benefit from standardisation.
The information set forth in these publications is provided to users for their consideration and decision to
implement. This is of particular importance where PTS may not cover every requirement or diversity of
condition at each locality. The system of PTS is expected to be sufficiently flexible to allow individual
operating units to adapt the information set forth in PTS to their own environment and requirements.
When Contractors or Manufacturers / Suppliers use PTS they shall be solely responsible for the quality of
work and the attainment of the required design and engineering standards. In particular, for those
requirements not specifically covered, the Principal will expect them to follow those design and
engineering practices which will achieve the same level of integrity as reflected in the PTS. If in doubt,
the Contractor or Manufacturer/Supplier shall, without detracting from his own responsibility, consult the
Principal or its technical advisor.
2) Other parties who are authorised to use PTS’s subject to appropriate contractual
arrangements.
Subject to any particular terms and conditions as may be set forth in specific agreements with users,
PETRONAS disclaims any liability of whatsoever nature for any damage (including injury or death)
suffered by any company or person whomsoever as a result of or in connection with the use, application
or implementation of any PTS, combination of PTS or any part thereof. The benefit of this disclaimer
shall inure in all respects to PETRONAS and/or any company affiliated to PETRONAS that may issue
PTS or require the use of PTS.
Without prejudice to any specific terms in respect to confidentiality under relevant contractual
arrangements, PTS shall not, without the prior written consent of PETRONAS, be disclosed by users to
any company or person whomsoever and the PTS shall be used exclusively for the purpose they have
been provided to the user. They shall be returned after use, including any copies, which shall only be
made by users with the express prior written consent of PETRONAS. The copyright of PTS vests in
PETRONAS. Users shall arrange for PTS to be held in safe custody and PETRONAS may at any time
require information satisfactory to PETRONAS in order to ascertain how users implement this
requirement.
PTS 60.0401
JUNE 2006
3
PTS 60.0401
JUNE 2006
4
CONTENTS
PREFACE ......................................................................................................................................... 2
AMENDMENT RECORD SHEET................................................................................................ 3
CONTENTS................................................................................................................................... 4
1.1 ELEMENTS OF THE HSE MANAGEMENT SYSTEM.................................................... 5
1.2 TOOLS FOR THE HAZARDS AND EFFECTS MANAGEMENT PROCESS................... 6
2 HAZARDS AND EFFECTS TERMINOLOGY...................................................................... 7
2.1 HAZARDS, EFFECTS AND INCIDENTS......................................................................... 7
2.2 THREATS AND BARRIERS .............................................................................................. 9
2.3 CONSEQUENCES, MITIGATION AND RECOVERY PREPAREDNESS MEASURES... 9
2.4 RISK ................................................................................................................................ 13
2.5 FAULT AND EVENT TREES.......................................................................................... 14
2.6 LIKELIHOOD AND CONSEQUENCE (OR EFFECT).................................................. 14
3 HAZARDS AND EFFECTS MANAGEMENT PROCESS (HEMP) ................................... 15
3.1 THE STEPS IN THE PROCESS...................................................................................... 15
3.2 IMPLEMENTATION OF HEMP .................................................................................... 18
3.3 APPROACHES TO THE HAZARDS AND EFFECTS MANAGEMENT PROCESS....... 21
3.3.1 Experience/judgement................................................................................................. 21
3.3.2 Checklists..................................................................................................................... 22
3.3.3 Codes and Standards .................................................................................................. 22
3.3.4 Structured review techniques...................................................................................... 23
4 STRUCTURED REVIEW TECHNIQUES ........................................................................... 23
4.1 IDENTIFY HAZARDS AND POTENTIAL EFFECTS .................................................... 23
4.2 EVALUATE RISKS.......................................................................................................... 26
4.3 RECORD HAZARDS AND EFFECTS ............................................................................ 35
4.4 COMPARE WITH OBJECTIVES AND PERFORMANCE CRITERIA........................... 36
4.5 ESTABLISH RISK REDUCTION MEASURES ............................................................... 36
APPENDIX I – ACTIVITIES PLANNING AND REVIEW HEMP TOOLS ........................................... 38
APPENDIX II – ASSETS PLANNING AND REVIEW HEMP TOOLS ............................................... 39
APPENDIX III - HAZARDS AND EFFECTS HIERARCHY ................................................................ 43
III.1 Routine Health Hazards and Effects .......................................................................... 43
III.2 Environmental Hazards and Effects ........................................................................... 44
Key to Hazards.......................................................................................................................... 45
APPENDIX IV - STRUCTURED REVIEW TECHNIQUES SUMMARY DESCRIPTION SHEETS .............. 61
APPENDIX V - SEVERITY RATING FOR RISK MATRIX ........................................................ 86
Table V.1 - Example of further definition of consequence - severity rating for risk matrix .... 86
APPENDIX VI ............................................................................................................................. 93
When To Use QRA .................................................................................................................... 93
GLOSSARY .................................................................................................................................... 96
REFERENCES........................................................................................................................... 101
PTS 60.0401
JUNE 2006
5
1. INTRODUCTION
• assist in the selection of the appropriate tools and techniques for Hazards
and Effects Management
• outline how the results are to be incorporated within the HSE Management
System.
• the need, within the context of an HSE Management System, to define both
the techniques and tools commonly in use together with the competencies
required for their effective application
• the more common terminology and concepts used in the analysis of hazards
and effects and the determination of risk
• the stages of the Hazards and Effects Management Process and its role
within the HSE Management System. The role of experience, codes and
standards, checklists and structured techniques are discussed
PTS 60.0401
JUNE 2006
6
• Assurance
• Management Review
The objectives set out in the HSE Management Systems (HSE MS) and
subsequently the HSE Case effectively become the acceptance criteria for the
risk determined in the hazards and effects management process.
This document is designed to identify, specify and aid the effective selection of
an integrated suite of tools and techniques. Most of these have been in use for
some time. The various tools and techniques have been collated for ease of
reference, to demonstrate their relationship to each other and to describe their
input to the HSE MS and HSE Case. As stated above this document does not
specify when to use the tools, this is done in the documents describing the
business activities. A very broad framework of tools, techniques and guidelines
used in hazards and effects identification and assessment during the life cycle is
provided in Appendices I and II.
PTS 60.0401
JUNE 2006
7
The application of tools in the hazards and effects management process such as
Environmental Assessment, Health Risk Assessment and QRA will continue to
involve specialists but their output can now be brought together with other
studies in a common HSE Management System. Specialist assistance when
using other tools and techniques may also be necessary. However the successful
application of any tool and technique will always be dependent on the
participation of the staff involved in the activities under study. Most of the tools
described require a multi-disciplinary approach.
'The potential to cause harm, ill health or injury, damage to property, plant,
products or the environment, production losses or increased liabilities'. This
definition can be extended to include social/cultural disruption.
This represents a specific use of the word hazard, which in more common usage
can mean danger, chance or risk. Risk is defined in item 2.4. It is important to
recognise the adopted definition of this basic term and to be consistent when
PTS 60.0401
JUNE 2006
8
The terms 'chronic' and 'acute' are used to differentiate between hazards and
effects associated with continuous discharges and occupational exposure
(prolonged) and those relating to one off events, (health, safety and
environmental incidents) which might include poisoning, oil spills, fires and
explosions.
The aim is to control all health and environmental hazards and effects within
defined limits. Under health, for example, controls for benzene define levels in
air for long term exposure. For environment, for example, controls for flaring
may include limiting the volume of gas disposed of, defining criteria for the
combustion efficiency and defining environmental quality standards for
combustion products. Similarly, control of noise emission will be based on
noise limits, which will be set for a given location.
An effect in the context of this manual is usually an adverse effect either on the
health or safety of employees or the public. An environmental effect is any
direct or indirect impingement, whether adverse or beneficial, upon the
environment of the activities, products and services of the company. This also
includes impact on social and cultural systems.
PTS 60.0401
JUNE 2006
9
Should the barriers fail to prevent or avoid the release of a hazard then some
kind of counter measures are required to limit the consequences of the
hazardous event or effect. The purpose of these countermeasures is the
mitigation of consequences and to aid in reinstatement. One example of
mitigation is a fixed fire protection system, another would be the evacuation of
personnel from the area. Those measures aimed at reinstating or returning the
situation to normal operating conditions are also called recovery preparedness
measures. All such measures ranging from the first steps in mitigation through
to reinstatement of the operation are termed recovery preparedness measures.
PTS 60.0401
JUNE 2006
10
THREATS ESCALATION
Hazard :
Hydrocarbon gas
under pressure
Examples:
Corrosion Fire
Pressure Vessel
Erosion
Impact
Hazardous
Event
Leak ! Fire
CAUSATION CONSEQUENCE
PTS 60.0401
JUNE 2006
11
THREATS ESCALATION
• Ecological damage
• Water supply contamination
• Irrigation contamination
Hazard : • Liabilities
Effluent • Reputation
Discharge
Hazardous
Event
Discharge
ppm Limit Exceeded !
Pollution
ppm
ppm
Limit
CAUSATION CONSEQUENCE
PTS 60.0401
JUNE 2006
12
THREATS ESCALATION
Increased risk :
Hazard:
Leukaemia
Toxic vapour
Liabilities
Loss of reputation
Examples:
Corrosion
Handling of toxic chemical
Maloperation
Leaking flanges
Release of benzene
Increased
risk of
leukaemia
Exposure to benzene
exceeding OEL* !
ppm
ppm
Limit
CAUSATION CONSEQUENCE
PTS 60.0401
JUNE 2006
13
e . g . m a lo p e r a t io n
E
e .g . o v e rp re s s u re S
H C
A A
Z L
A e .g .E S D Loss of A
R bypassed gas e . g . d e t e c t o r f a ilu r e T
D c o n ta in m e n t I
O
N
H a z a rd o u s E v e n t
( r e le a s e o f h a z a r d ) e . g . d e lu g e f a ilu r e
e .g . e x p lo s io n
s e q u e n c e o f f a u lt s a n d c a u s e s s e q u e n c e o f e v e n t s a n d f a il u r e s le a d in g
le a d in g t o a h a z a r d o u s e v e n t t o t h e e s c a la t i o n o f a h a z a r d o u s e v e n t
2.4 RISK
'Risk' combines the chance that a specified undesired event will occur and the
severity of the consequences of the event or otherwise is the product of the
probability of occurrence and the severity of the consequences. To determine the
'risk' of a specific 'hazardous event' taking place therefore requires information
on the likelihood of the event taking place and the severity of the adverse
consequences that could be expected to follow from it.
The terms 'probability', 'likelihood', 'frequency' and 'chance' are often used
interchangeably however in the HEMP terminology, the following apply and
should be consistently used:
PTS 60.0401
JUNE 2006
14
A common way of understanding the possible threats or causes that could lead
to the unplanned release of a hazard is to present them diagrammatically using a
fault tree. In a similar way after the release of a hazard an event tree may be
used to determine and display the potential outcomes or consequences.
Fault Tree Analysis is used to show the sequence of possible threats or causes
that could lead to the release of a hazard. The fault tree leads to a single point
where the undesired event has taken place or where the hazard has been
released. This is known as the Top Event and represents the transition from the
Fault Tree (threats/causes) to the Event Tree (consequence).
The Event Tree is made up of nodes which correspond to the different stages in
an escalating incident sequence. The lines which lead out of each node
correspond to the paths of success or failure in mitigation of the incident.
The whole sequence showing the progression from any cause, (Fault Tree)
through the Top Event to the full range of consequences (Event Tree), for a
single hazard can be represented in a single diagram (often called a 'bow tie') as
shown in Figure 2.4. In a quantitative assessment such as QRA, a number of
hazards will be considered together, however in qualitative assessment it is
normal to consider one hazard or one bow tie.
For qualitative and quantitative risk assessment the same process is used (ie
bow tie) but in QRA, risks are quantified initially per Top Event then summated
for a number of scenarios and hazards.
Lack of good data may limit the development of a fault tree however in some
circumstances the historical frequency of the top event may provide an adequate
time.
PTS 60.0401
JUNE 2006
15
• physical effects models for predicting the behaviour and loading from
potential hydrocarbon releases (dispersion, fire, radiation, explosion and
smoke) in terms of flammable limits, heat radiation, explosion
overpressure, etc.
The principles of 'identify', 'assess', 'control' and 'recover' are the basis of
HEMP, with the individual stages summarised in the following steps:
2. Evaluate Risks
PTS 60.0401
JUNE 2006
16
Systematically identify the hazards, the threats and potential hazardous events
and effects which may affect, or arise from, a company's operation throughout
the total life cycle of the operation.
Systematically evaluate (assess) the risks from the identified hazards against
accepted screening criteria, taking into account the likelihood of occurrence and
the severity of any consequences to employees, assets, the environment and the
public. This includes the risks associated with deviation from limits set for
environmental and occupational health hazards.
Record all those hazards and effects identified as significant in relation to the
screening criteria in one of the following documents:
These documents will then be included in Parts 3 and 5 of the HSE MS and
HSE Case.
Compare the evaluated risks against the detailed HSE objectives and targets for
the project or installation. For all cases these targets must be maintained and be
consistent with the Company Policy, and Strategic Objectives. Performance
standards at all levels must meet the criteria set in the HSE Case which in turn
must comply with the Company's HSE Management System.
PTS 60.0401
JUNE 2006
17
PTS 60.0401
JUNE 2006
18
The Hazards and Effects Management Process can be implemented at any point
in the life cycle of a facility or operation as:
This management process is applied to all hazards and potential effects. Those
engaged in design and planning activities who utilises tools, such as HAZOP,
Health Risk Assessment or Environmental Assessment are already familiar with
this approach.
Appendices I and II give an indication of when the tools and techniques are used
during the life cycle of a development and in the development of an HSE Case
for an asset.
The output from the various tools and techniques used in the HEMP in the
planning and review stages of a new development is used primarily to refine the
design by identifying the hazards and threats, removing them if possible and
making the design as inherently safe to operate as practicable. The output
therefore primarily concerns the hardware although the design planning phase
can profoundly affect all subsequent stages of the development.
PTS 60.0401
JUNE 2006
19
PTS 60.0401
JUNE 2006
20
This relates to the preparation for practical physical activities involved in the
implementation of plans. This preparation should involve those carrying out or
supervising the activity. The techniques for the identification and assessment of
hazards used in the planning and review stages are also applicable but in the
operational phase tend to be more focused on procedural aspects rather than
hardware design.
The PTS’ on the basic Permit-to-Work System, 60.2001, and Job Hazard
Analysis, 60.2005, can be used for a team review of the procedure for a repeated
activity or as a one-off review of a new activity.
The output from the various tools and techniques in the HEMP for operational-
type activities will be used in the development and review of working
procedures and form part of the HSE Case for the operation of the facility. For a
significant or new activity, such as a major construction project, a seismic or
drilling campaign or abandonment, the output from the various tools will be
included in an HSE Case.
For a smaller work scope usually confined to one contract, the HSE Case is
sometimes called an HSE Plan or where the work or operational task is one of
many to be undertaken, terms like 'Work Procedure' or 'Work Statement' are
sometimes used. All these descriptions only reflect the scale of the operation.
The most important point is that in their preparation the steps of the Hazards
and Effects Management Process must be followed. That is hazards and
potential effects must be identified and assessed and Control and Recovery
Preparedness measures must be developed and in place ahead of time.
PTS 60.0401
JUNE 2006
21
• experience / judgement
• checklists
Structured
Review
Techniques
Increasing level of detail Codes / Standards
Checklists
Experience /
Judgement
IDENTIFY ASSESS
HEMP
RECOVER CONTROL
PTS 60.0401
JUNE 2006
22
staff experience gained in the field and feedback from incidents, accidents and
near misses is invaluable.
3.3.2 Checklists
These are a useful way of ensuring that known hazards and threats have all been
identified and assessed. The use of checklists, however, must not be allowed to
limit the scope of review. They are normally drawn up from standards and
operational experience and focus on areas where the potential for mistakes is
high or where problems have occurred in the past. Hazard Registers taken from
the life cycle of previous developments are particularly useful as a basis for
checklists. They should be maintained throughout the life of the development
and include both the operational and abandonment phases (Ref. 1).
Table VI.1 is a checklist called the Hazard Hierarchy, which includes health,
safety and environmental hazards previously identified by OPU/JVs. The
checklist approach is used in several techniques such as HAZID, HAZOP and
FIREPRAN, etc.,
Codes and standards can therefore provide guidance on all four steps of identify,
assess, control and recovery.
PTS 60.0401
JUNE 2006
23
Structured review techniques are available for all phases of the 'identify, assess,
control and recover' process. The recommended techniques are presented in this
chapter under the same headings as used in Chapter 3, i.e.:
• Evaluate Risks
For Petronas facilities, a generic Hazards and Effects Hierarchy has been
generated and is included in Appendix III. This provides a structured listing of
hazards and effects and attributes which can be used as a completeness check
during hazard identification. The hierarchy provides the basis for a
computerised approach to the systematic identification and assessment of
hazards and their effects.
PTS 60.0401
JUNE 2006
24
PTS 60.0401
JUNE 2006
25
There are few if any tools and techniques, which are limited solely to the
identification of Hazards and Potential Effects. Most include assessment as well
as identification. Indeed techniques, such as Health Risk Assessment and
Environmental Assessment include all four elements, identify, assess, control
and recover.
PTS 60.0401
JUNE 2006
26
Once hazards and threats have been identified, their causes, consequences and
probability can be estimated and the risk determined. Risk assessment may be
on a qualitative or quantitative basis both involving the same steps. Qualitative
methods may be adequate for risk assessments of simple facilities or operations
where the exposure of the workforce, public, environment or the asset is low.
Inherent in many of the techniques mentioned in item 4.1 is a subjective
evaluation of risk. HAZOP and FIREPRAN, for example, require the team to
select the critical items for further study. To do this there must be a risk
assessment, which is based primarily on experience or judgement. The
qualitative or banded assessment of probability and consequence from such an
analysis can be plotted on the Risk Matrix described in PTS.60.0101 Group
HSE Management System Manual and repeated in item 4.2.4. In FIREPRAN,
HAZOP and Health Risk Assessment, this Risk Matrix is used to assist in
decisions regarding risk. In the context of this manual evaluate and assess have
the same meaning.
The first step in the risk evaluation is to examine the ways in which events may
take place to cause a hazardous event. Causation scenarios may be developed in
simple narrative or use multiple branch fault trees or utilise complex
computerised modelling techniques. The method is entirely dependent on the
area being assessed.
PTS 60.0401
JUNE 2006
27
4.2.2 Probability
Historical records provide failure data for various types of event in the fault tree
and event tree including the Top Event. Alternatively, probability can be
generated in a qualitative way by the relative classification of probability into
those shown on the Risk Matrix in item 4.2.4.
Examples include the use of physical effects models for assessing the integrity
of structures, for predicting the behaviour of emissions to the atmosphere and
discharge to water and predicting heat loading and explosion overpressure.
Models should only be used when they are validated in a particular application
and their predictive capability is generally accepted. Successful application
requires that they be used by personnel with adequate training and experience.
The results from Physical Effects Modelling usually provide input to other HSE
analyses such as ESSA, FEA and Layout Studies.
PTS 60.0401
JUNE 2006
28
an offshore complex
Onshore Layout Methodology as above
for onshore facilities
FEA Fire and Explosion Analysis is a No reference
collective term for the process, which
identifies and evaluates all fire and
explosion hazardous events as a basis for
risk reduction and for preparing
performance criteria for essential safety
systems and the arrangements required
for escape, evacuation and rescue (EER).
ESSA Emergency System Survivability No reference
Analysis. This is part of the FEA and
determines the ability of the emergency
systems to withstand severe accident
conditions. ESSA is part of the FEA
process and provides information, which
is subsequently used in TR/EERA.
TR/EERA Temporary Refuge Escape, Evacuation Shell DEP
and Rescue Analysis of escape to 37.17.10.11
Temporary Refuge (TR), the provisions
within the TR system, and the
Evacuation, Escape and Rescue
provisions. The analysis considers the
major scenarios previously identified and
compares these against respective
acceptance standards highlighting critical
elements and revealing any shortfalls.
Environmental Used to predict the behaviour of Monitoring air
Dispersion contaminants following discharge.
quality and
Models Results are used to evaluate the Atmospheric
significance of emissions and discharges.Emissions
A wide range of models are available and PTS.60.3302
vary in complexity and sophistication. Monitoring water
quality
PTS.60.3301
Risk Assessment These have been developed to evaluate Env. quality
Models for the significance of soil contaminants to standards - soil
Contaminated human and environmental health. and groundwater:
Soil PTS.60.3013
Monitoring Soil
and Groundwater
Quality
PTS.60.3303
Groundwater These have been developed to predict the A range of
PTS 60.0401
JUNE 2006
29
PTS 60.0401
JUNE 2006
30
A B C D E
People Assets Environ Reputati Never Heard Incident Happens Happens
ment on heard of of has several several
in incident occurred times per times per
industry in in our year in year in
industry company co. location.
No No No
No effect
injury damage impact
The matrix need not remain as a static display of risk and measures to be taken.
Over the years tolerance to risk will change therefore the shading in the diagram
will change.
The above matrix gives an indication of risk tolerability but this should relate to
the operation under consideration. An example of how the matrix can be further
defined for a particular operation is included in Appendix V.
PTS 60.0401
JUNE 2006
31
These are:
PTS 60.0401
JUNE 2006
32
First, the accuracy of QRA studies means that the comparison of calculated
numbers with specified numerical criteria must be used with considerable
caution. The inaccuracies are less important in comparisons between various
options analysed in a consistent manner. Nevertheless absolute risk figures may
be required to fulfil legislative requirements and to ascertain whether ALARP
risk levels have been reached.
Thirdly, there is always the temptation to use comparison with absolute risk
criteria as a means to justify not carrying out risk reduction measures, with data
being manipulated solely to meet the criteria. Playing the 'numbers game' in this
way could lead to QRA being used to justify risk levels that could realistically
still be reduced.
Fourthly, using statistical likelihood values carries with them a set of inherent
assumptions which may or may not be appropriate for the operation being
studied.
Expressions like 'acceptably safe' or 'an acceptable risk' should be avoided when
discussing risk. Risks are never acceptable when the benefits of an activity are
perceived to be smaller than the risks. Further, a risk is never considered
acceptable while there are effective alternatives to lower it. If there are no
effective alternatives or the cost of further reduction is disproportionate then it
may be necessary to live with or 'tolerate' the risk.
QRA can be used to assess risk to the company's workforce, assets and
environment as well as risk to the public. At present, QRA or environmental
QRA is confined to 'incidental' or 'acute' hazardous events. In Petronas
operations, the facilities are in many cases sufficiently remote that
considerations of this type of risk to the public do not dominate. In downstream
activities, risk to the public is often the main concern.
PTS 60.0401
JUNE 2006
33
PTS 60.0401
JUNE 2006
34
On the left side of the curve the consequences are too small to cause concern,
regardless of the probability. On the right side the consequences could be
dramatic but the probability is so low that it would be more effective to invest in
those risk reduction measures which concentrate on the events contributing to
the peak of the risk curve. The above can be easily aligned with the Risk Matrix.
It must be recognised that the public and regulatory authorities are most
interested in high consequence events. In the context of the Risk Matrix this
might be in the 'never heard of incident in Petronas industry' column but
nevertheless risk reduction measures must still be considered.
PTS 60.0101 Group HSE Management System Manual Chapter 4 describes the
concept of screening risk against criteria set in a qualitative and quantitative
manner together with the use of the ALARP principle, which sets the risk level
as low as reasonably practicable.
PTS 60.0401
JUNE 2006
35
4.3.1 Records
The documentation relating to the hazards and effects analysis and the
management of hazards and effects is included in Parts 3 and 5 of the HSE MS
and HSE Case described in PTS.60.0303.
In a major project or facility the studies carried out as part of the HEMP are
recorded formally usually via the first draft of the Hazards and Effects Register.
The level of detail addressed increases as familiarity with the project or facility
improves. Different techniques are then applied to identify and assess hazards.
The hazards and control measures identified during the design phase are
recorded for later transfer to the operator of the facility who will be responsible
for the HSE Case.
The hazards and effects information gained from the application of HEMP tools
and techniques is incorporated in the HSE Case in what is called a Hazards and
Effects Register.
Assembly of the Hazards and Effects Register, which forms part of the HSE
Case, begins at the design and development stage of a project when hazards and
effects from this phase are incorporated. Hazards applicable during the
construction and commissioning phase may be included or listed separately.
Later, hazards encountered in the operations and maintenance phase are
included. The Hazards and Effects Register is a live document and is passed
from phase to phase of a development through to abandonment. When the
design phase is complete, the Hazards and Effects Register is handed over to
PTS 60.0401
JUNE 2006
36
• limit of safe operations when there are escalation factors which increase
the risk likelihood or consequence
The objectives and performance criteria adopted at all levels in the process should
comply with those stated in the Corporate HSE Policy, HSE MS and HSE Case,
respectively (see PTS. 60.0101 Group HSE Management System Manual Chapter 4).
4.5.1 General
Control and recovery aspects form a significant part of design standards. These are not
listed separately in this document.
PTS 60.0401
JUNE 2006
37
Recovery from the consequences of the release of a hazard requires careful planning.
Even with a comprehensive range of controls in place to prevent the release of hazards
or effects things can still go wrong. It is important that all personnel involved are fully
briefed and drilled as to the response measures planned which may include evacuation
and restoration procedures.
PTS 60.0401
JUNE 2006
38
produce and
explore appraise develop abandon
m aintain
Execute Surveys
Drilling Drilling
Appraisal and
Developm ent
Design
Construction
Comm issioning
Production and
M aintenance
Abandonm ent
Logistics
PTS 60.0401
JUNE 2006
39
The activities described in this appendix encompass the life cycle of an asset. The HSE
Case which is prepared during the execution of these activities becomes the HSE Case
for the asset and forms part of the Asset Reference Plan. The broad HSE objectives are
bulletised on the left of the table. Some of the tools and techniques available are listed
on the right.
PTS 60.0401
JUNE 2006
40
EVOLVE DEVELOPMENT CONCEPTS (A11)
Make Facility Design Concepts (A11-04-02)
• identify major project HAZID
hazards
Carry out HSE Analysis (A11-04-05)
• obtain assurance of Qualitative comparison of risk based on judgement or
manageability coarse QRA if significant global risks or high level of
innovation
Environmental Assessment, Health Risk Assessment
Evaluate Concepts (A11-05)
• obtain an assessment and QRA (comparative or coarse)
comparison of HSE risks Environmental Assessment (update)
between options
Propose Development Concepts (A11-06)
HAZARDS AND EFFECTS REGISTER
DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12)
HSE CASE FOR ASSET
PTS 60.0401
JUNE 2006
41
DESIGN, CONSTRUCT, MODIFY OR ABANDON WELLS (A09)
(as for A12 for Wells)
HAZARDS AND EFFECTS REGISTER
OPERATE AND MAINTAIN FACILITIES AND WELLS (A71/A72)
(see under HSE Case for Asset)
MANAGE ASSETS (ASS)
(Includes HSE Case for Asset)
Asset Reference Plan (ASS-01-02)
• demonstrate that risks HAZID
associated with asset and its Health Risk Assessment
operation are managed Environmental Assessment
Job Hazard Analysis
Permit-to-Work
IPF classification
H2S
Fire Control and Recovery
Safe Handling of Chemicals (SDS)
Human Factors
Emergency Response (including oil spill plans)
Oil Spill Dispersants
Contaminated Soil and Groundwater
Classification of Waste
Waste Management
PTS 60.0401
JUNE 2006
42
DESIGN, CONSTRUCT, MODIFY OR ABANDON WELLS (A09)
(as for A12 for Wells)
HAZARDS AND EFFECTS REGISTER
OPERATE AND MAINTAIN FACILITIES AND WELLS (A71/A72)
(see under HSE Case for Asset)
MANAGE ASSETS (ASS)
(Includes HSE Case for Asset)
Asset Reference Plan (ASS-01-02)
• demonstrate that risks HAZID
associated with asset and its Health Risk Assessment
operation are managed Environmental Assessment
Job Hazard Analysis
Permit-to-Work
IPF classification
H2S
Fire Control and Recovery
Safe Handling of Chemicals (SDS)
Human Factors
Emergency Response (including oil spill plans)
Oil Spill Dispersants
Contaminated Soil and Groundwater
Classification of Waste
Waste Management
PTS 60.0401
JUNE 2006
43
The Hazards and Effects Hierarchy is a structured list of HSE-related hazards and
effects that may occur in the Petronas business. It can provide a starting point in hazard
identification (the first step of the Hazards and Effects Management Process, HEMP).
Use of the Hazards and Effects Hierarchy as a checklist gives greater assurance that all
hazards and effects have been addressed and identification and initial assessment is
complete.
The Hazards and Effects Hierarchy is a structured checklist. It can be used in different
operations and environments. The hierarchy in the attached Table III.1 is therefore only
included as an example.
The Hazards and Effects Hierarchy, Table III.1, consists of main hazard groups such as
H-01 Hydrocarbons. Under these are sub-groupings, such as H-01.06 Hydrocarbon Gas.
Some examples are given of typical sources of these hazards or locations where they
will be found.
Under the three columns 'Safety', 'Health' and 'Environment' an arbitrary coding has
been given which has been found useful in grouping hazards. The reason for the Health
grouping is explained below. Any other coding or tagging can be used.
No attempt has been made to link the listing of hazards with, for example business
activities or types of facilities, since any one hazard can invariably be present in many
situations. The Hazards and Effects Hierarchy nevertheless lends itself to use as part of
a systematised approach to hazard management.
Health hazards encountered in the work place and by the public are usually
divided into the following five broad groups:
• chemical hazards
PTS 60.0401
JUNE 2006
44
The Hazards and Effects Hierarchy as presented in this appendix can be sorted
to cover all significant health hazards and effects in this order or any other order
that is required.
The Hazards and Effects Hierarchy listing, Table III.1, is valid for both
incidental releases and routine releases. As described in item 2.1, a hazardous
event in the case of the routine or chronic release is when defined limits have
been exceeded. A hazardous event in the case of an acute or incidental release is
an occurrence or incident.
Limits should be defined for routine releases, which have an adverse effect on
the environment.
The list is not complete and any further additions to the checklist should be
forwarded to CHSE.
It is not always possible to pinpoint a genuine hazard causing the effect, e.g.
resource use can result from a number of activities.
PTS 60.0401
JUNE 2006
45
KEY TO HAZARDS
PTS 60.0401
JUNE 2006
46
PTS 60.0401
JUNE 2006
47
PTS 60.0401
JUNE 2006
48
PTS 60.0401
JUNE 2006
49
PTS 60.0401
JUNE 2006
50
PTS 60.0401
JUNE 2006
51
H-21.06 Glycols C D
Gas drying and hydrate
H-21.07 Degreasers C D control
(terpenes) Maintenance shops
H-21.08 Isocyanates C D
H-21.09 Sulphanol C D Two-pack paint systems
H-21.10 Amines C D Gas sweetening
H-21.11 Corrosion inhibitors C D Gas sweetening
Additive to pipelines and
oil/gas wells, chromates,
H-21.12 Scale inhibitors C D phosphates
Cooling and injection
H-21.13 Liquid mud C D water additive
H-21.14 additives W C D Drilling fluid additive
Odorant additives Custody transfer facilities
H-21.15 (mercaptans) LS for gas, LPG and LNG
Alcohol-containing
beverages
H-21.16 Recreational drugs WP LS
H-21.17 Used engine oils C D Used engine oils
(polycyclicaromatic
hydrocarbons)
H-21.18 Carbon tetrachloride C Plant laboratory
H-21.19 Grey and/or Black Septic systems, camps,
Water detergents
H-22 Toxic solid
H-22.01 Asbestos C D Thermal insulation and
construction materials, old
roofing (encountered
during removal)
H-22.02 Man-made mineral C D Thermal insulation and
fibre construction material
H-22.03 Cement dust C D Oil well and gas well
cementing, civil
construction
H-22.04 Sodium hypochlorite C D Drilling fluid additive
H-22.05 Powdered mud C D Drilling fluid additive
additives
H-22.06 Sulphur dust C D Sulphur recovery plants
H-22.07 Pig trash C D Pipeline cleaning
H-22.08 Oil-based muds C D operations
H-22.09 Pseudo-oil-based C D Oil and gas well drilling
muds Oil and gas well drilling
H-22.10 Water-based muds C D
H-22.11 Cement slurries C D Oil and gas well drilling
Oil and gas well drilling,
H-22.12 Dusts C plant construction
Cutting brickwork and
concrete, driving on
unpaved roads, carpenter
shops, grit blasting, sand
PTS 60.0401
JUNE 2006
52
PTS 60.0401
JUNE 2006
53
PTS 60.0401
JUNE 2006
54
PTS 60.0401
JUNE 2006
55
PTS 60.0401
JUNE 2006
56
PTS 60.0401
JUNE 2006
57
PTS 60.0401
JUNE 2006
58
PTS 60.0401
JUNE 2006
59
PTS 60.0401
JUNE 2006
60
* Any indented (-) are covered by all aspects in the adjacent columns.
PTS 60.0401
JUNE 2006
61
FIREPRAN * *
HAZID *
HAZOP * *
RISER *
SAFOP *
Tripod-BETA *
Tripod-DELTA *
PTS 60.0401
JUNE 2006
62
ASSETS* Used primarily in planning, design, longer term review and preparation
of HSE Cases for assets.
Objective
It is a tool that is situated between a full Quantitative Risk Assessment (QRA) and
simple risk ranking/scoring methods, less complicated and expensive than the former
and more quantitative (and therefore more accurate) than the latter. It is intended as a
decision support tool and does not specify acceptance criteria for risk levels. It can, for
example, identify the effect of use of inspection pigging and a leak detection system on
risk levels.
Method
The methodology is based on the generally applied risk analysis technique whereby the
probability of a failure, expressed in terms of expected failure frequency, is multiplied
by the consequence of such a failure to arrive at risk. Failure risk is determined
cumulatively over a given longer period of time as well as on a yearly basis.
1. Identify the possible failure causes and derive potential failure frequencies.
2. Identify the most likely failure type distribution
3. Identify the consequences of pipeline failure
4. Combine parts 1 and 3 to derive risk levels
pipeline fluids (those covered are: crude oil, natural gas, sour natural gas, NGL, fuel
gas, gas oil/diesel, kerosene/naphtha/gasoline, LPG, ethylene, propylene and two-
phase oil/gas fluids)
PTS 60.0401
JUNE 2006
63
Deliverables (output)
Safety, environmental and economic risk comparison assessments that can be used in
support of pipeline design and operation decisions. ASPIN can be used in the
development of HSE Cases as part of the HSE MS including input into Hazards and
Effects Register.
ASPIN identifies and assesses all potential major hazards, evaluates the risks and the
effectiveness of the various measures to reduce the risks to the lowest practicable level.
Objective
Method
Identification of all the safety and emergency systems. Assessment of the criticality of
each system with respect to preventing escalation, protecting the Temporary Refuge(s)
(TR(s)) and enabling escape/evacuation. The critical systems are then assessed to
determine their vulnerability to explosions and fires.
Information required
Detailed information on the type and layout of safety and emergency systems for
example ESD power systems and emergency communications. Fire and explosion
scenario data from the Explosion Protection Review (EPR) and Fire and Explosion
Analysis (FEA).
Deliverables
PTS 60.0401
JUNE 2006
64
Overlap
ESSA is a part of the FEA process and provides information which is subsequently
used in the Temporary Refuge/Escape, Evacuation and Rescue Analysis (TR/EERA).
Objective
Method
Information required
Site and potential waste product descriptions, project description including process
materials and sources, materials of construction, project schedule and both strategic and
local economic benefits.
Deliverables
Environmental Statement
Overlap
PTS 60.0401
JUNE 2006
65
Further information
Objective
Determination of worst case scenarios for explosions which then define the limits
required for designing offshore installations to withstand accidental vapour cloud
explosions.
Method
Explosion overpressure prediction models are used to determine the worst case peak
internal explosion overpressure and an estimate of the overpressure external to the
source module. The Thornton model SCOPE is used to determine the worst case peak
confined internal overpressure and an estimate of the overpressure external to the
source area. This information is then used to assess the capacity of the blast walls,
floors, ceilings and other structural components as well as the effects of the external
explosion.
Information required
Information on the area geometry, equipment layout and structure design. Worst case
assumptions are generally made on gas concentrations, gas volumes and ignition source
locations.
Deliverables
Explosion overpressure for each module with the associated effects on the module
structure and an indication of the capacity of the module to withstand the explosion.
Recommendations to reduce or contain the explosion overpressure.
Overlap
EPR is effectively a stand alone technique but is part of the Fire and Explosion Analysis
(FEA) process.
Further Information
PTS 60.0401
JUNE 2006
66
Objective
A general term for a process which identifies and evaluates all fire and explosion
hazardous events as a basis for risk reduction and for preparing performance criteria for
essential safety systems and the arrangements required for Escape, Evacuation and
Rescue (EER).
Method
The location and type of all potential fires (and explosions) are identified. The
capability of the existing or required fire protection (and explosion relief) measures are
established together with the corresponding performance standards. Estimates of the
damage potential of each event are made. The FEA process is a fundamental part of
developing an installation Quantitative Risk Assessment (QRA) model and can either
be undertaken as part of the QRA or as a stand alone exercise providing input to the
QRA.
Information required
Deliverables
All potential fire and explosion events are identified and a number subjected to more
detailed evaluation. Requirements for the essential safety systems to manage fire and
explosions and for EER are identified.
Overlap
ESSA, EPR, SIA, SCA, FIREPRAN are all components of the FEA as necessary. The
FEA utilises PEM.
Further Information
FIREPRAN
Objective
PTS 60.0401
JUNE 2006
67
2. the fire and explosion control and recovery preparedness measures in place.
3. the capability to meet the performance standards set and satisfy the objectives
and criteria set for the management of fire and explosion hazards.
Method
Information required
Process flow schemes, plot plans, plant layouts and hazardous area drawings
Fire system and fire water piping drawings, fire areas, equipment layout, fire and
blast walls and passive fire protection drawings
Deliverables
This technique permits the identification of hazards as well as potential, related fire and
explosion scenarios. It assists line management in the process of developing realistic,
cost effective, control and recovery measures which can be justified in terms of
reducing risks to personnel, environment, assets and production, to tolerable levels.
Deliverables take the form of a hazards and effects register, fire and explosion scenario
development sheets and a set of recommendations for actions needed to achieve
tolerable risk levels.
Overlap
PTS 60.0401
JUNE 2006
68
Further Information
Objective
Method
Information pack on project, its potential scope and environmental issues. All available
conceptual and preliminary drawings and development plans.
Deliverables (output)
Input of major hazards identified to Hazards and Effects Register together with
recommendations in priority order.
Further Information
Objective
PTS 60.0401
JUNE 2006
69
To identify the Hazards, Effects and Operability problems relating to the process design
and intended method of plant operation which must be removed or managed in the
operation.
Coarse HAZOP - Early study to identify basic flaws in design which would be
costly to correct later.
Main HAZOP - Primary vehicle for identification of hazards, effects and operability
problems. Held when the front end engineering design is almost complete so that
systems can be covered in detail.
Health and environmental aspects must be included on the same basis as safety.
Method
PTS 60.0401
JUNE 2006
70
Coarse HAZOP - Basic layouts, process flow schemes (PFS) and any
operating/control philosophies that are available.
Main HAZOP - Process and Utility Process Engineering Flow Schemes, (PEFS,
UEFS) Operating and Control Philosophies, Cause and Effect Diagrams, Process
Safeguarding Drawings, line lists, alarm and trip settings.
Final HAZOP EFS and Vendor drawings, data, previous HAZOP findings and
responses and any design changes since last HAZOP.
Deliverables (output)
Coarse HAZOP - Recommendations for adjustment to design options, QRA studies and
other supporting investigations. A risk ranking may be given to assist in prioritising the
actions. This list may be incorporated into the Hazards and Effects register for the
project.
Overlap
HAZOP is a stand alone process hazard and operability problem identification and
assessment (qualitative) tool.
Further Information
Objective
PTS 60.0401
JUNE 2006
71
The identification of health hazards in the workplace and subsequent evaluation of risk
to health, taking account of existing control measures. Where appropriate, the need for
further measures to control exposure is identified.
Method
Step 3 : For each job type gather information on agents and their harmful effects;
nature and degree of exposure; screening and performance criteria
Step 4 : Evaluate the risk to health (assign severity rating and exposure rating)
Information required
Deliverables
HRA, as a tool for use as party of a company's HEMP, assists to identify, evaluate and
control health risks related to the company's operations to a level 'as low as reasonably
practicable'. The recommendations emerging from the HRA provide the input into the
HSE Management System to ensure ongoing control of health risks and continual
improvement in health performance.
Further information:
PTS 60.0401
JUNE 2006
72
Objective
Identification of potential problems within a job task that could lead to hazardous
situations
PTS 60.0401
JUNE 2006
73
Method
The method is derived from Task Analysis. It is a structured step-by-step team analysis
of the job. Initially the job is broken down into individual steps which are then analysed
sequentially to identify potential injuries to personnel, damage to equipment and
pollution of the environment. The controls and preventative measures are considered
and if found to be inadequate remedial recommendations are made. Consideration is
also given to the establishment of recovery measures if necessary.
Information required
Job description, plans and drawings. Historical records of accidents and near misses.
Team members with technical competence relevant to the job being analysed.
Deliverables
Overlap
Job Hazard Analysis is a stand alone technique but is often used in configuration with
PTW system.
Further Information
PTS 60.0401
JUNE 2006
74
Objective
Method
The physical effects, such as dispersion, explosion over pressures and heat radiation are
calculated as input to assess potential extent of loss of life or damage. Use of step-by-
step modelling allows potential escalation scenarios to be assessed.
Information required
Deliverables
Overlap
Input data for Physical Effects Modeling can be generated from hazard identification
techniques contained in FIREPRAN, QRA and HAZOP. Physical effects modeling
may be used as an aid to Quantitative Risk Assessment, (QRA), FIREPRAN, PHR,
Plant Layout Methodology (PLM) and Fire and Explosion Analysis (FEA). Output from
physical effects modeling will provide input to physical response assessment (eg SCA)
and consequent modeling.
Further Information
PTS 60.0401
JUNE 2006
75
Objective
An assessment of the safety status of existing process plant. It is intended for use when
a plant has been in operation for a considerable time and/or has undergone equipment
modifications and operation changes. It is used to provide an HSE Assurance report for
ongoing operations in advance of major modifications or for life extension evaluations.
Method
PHR is an 'expert review' led by an experienced leader, containing design engineers but
heavily weighted towards plant operators and maintenance staff. The review primarily
focuses on potential causes of 'loss of containment'. The study progresses through the
plant looking at each major equipment items, applying a leader's checklist (aide-
mémoire) of causes of loss of containment. The current design and operation of the
plant is assessed and a critical examination made of the revision history to identify any
causes of release resulting from changes to the design and operation of the equipment
item since commissioning. The team also reviews any hazards arising from variations
(due to the age of the plant) from current design or operating standards.
Information required
The technique assumes that most of the drawings are near to current status. The
meetings are normally held on the plant with regular site visits to check any details not
'as built' on drawings. The latest version of the Process Engineering Flow Schemes
(PEFS) is used as the major study document to ensure complete coverage of the scope
of the study. Additional information required includes the cause and effect diagrams
and the full revision history and incident reports for the plant together with changes in
the operating envelope and operation/maintenance procedures. The expertise of the
team is of critical importance. Where data are incomplete the PHR technique is
applicable but success relies heavily on the study team containing operating staff with
considerable depth of experience and knowledge of the plant throughout its operating
life.
Deliverables
A report showing the identified hazards, their causes and the concern of the team
together with recommendations for any remedial action including, if appropriate, more
detailed HAZOP in discrete areas.
Overlap
PTS 60.0401
JUNE 2006
76
PTS 60.0401
JUNE 2006
77
Objective
Method
Establishment of the 'functional shape' of the facility with due regard to safety and
operational constraints
A structured approach is used to select layout preferences based on the inherent active
and reactive behaviour characteristics of equipment items with due regard for
separation distances and physical barriers
Information required
Facility layout drawings and any available information from physical effect and
consequence modelling.
Deliverables
Overlap
RISER
Objective
Method
The method is based on the following steps (using the information required described
below):
PTS 60.0401
JUNE 2006
78
failure frequency estimation (using a standard historical data set modified where
needed to allow for local factors)
consequence modelling (from release rate calculations using models for dispersion,
jet fires, explosions, etc)
Information required
Deliverables
Overlap
Input data from hazard identification techniques such as FIREPRAN, Quantitative Risk
Assessment (QRA) and Hazard and Operability Studies (HAZOP).
Output data are used in Quantitative Risk Assessment (QRA), FIREPRAN, Plant
Layout Methodology (PLM) and Fire and Explosion Analysis (FEA).
Objective
Method
PTS 60.0401
JUNE 2006
79
SYSOP - Examination is made of the control systems, the main items of plant and
their auxiliaries in relation to any limitations and their effects on the overall system
operability.
OPTAN - Considers probable tasks to be under taken during normal and upset
conditions. The usability of equipment and clarity of instructions are reviewed with
the aim of reducing the potential for human error as low as is reasonably
practicable.
Information required
Detailed electrical system design and layout drawings, control circuit diagrams, system
designs and functional specifications, and electrical system operating and emergency
procedures.
Deliverables
Report detailing the findings of the audit and where necessary making
recommendations categorised as 'Strongly Recommended', 'Advice' or call for further
information 'Information Required'.
Overlap
SAFOP is a stand alone technique but it has some overlap with Job Hazard Analysis
PTS. 60.2005, Human Factors Analysis PTS.60.0103 and Procedural HAZOP. PTS
60.2209
Objective
Determination of the rate of build-up of gases and smoke in and around designated
Temporary Refuges (TRs) and the effect this will have on TR integrity and the ability of
occupants to survive. The SIA is an integral part of Escape Evacuation and Rescue
Analysis/Temporary Refuge (EERA/TR) but is so significant that it has been
documented separately.
Method
Input on the type size and duration of potential fires is taken from the Fire and
Explosion Analysis (FEA). Each scenario will then be analysed to determine the
concentration of smoke and gases at the boundary of the TR and subsequently the build-
up inside and around the TR. Consideration is given to the dilution and dispersion
effects that may occur between the fire source and the TR. Assessment is also made of
PTS 60.0401
JUNE 2006
80
the leak paths and any localised over or under pressures caused by wind effects in order
to determine the rate of ingress to the TR. If available, actual installation test data are
used to increase the realism of the SIA.
Information required
Installation layout drawings, details of TR construction and the details of the fire
scenarios from the FEA. Leak test data for the TR.
PTS 60.0401
JUNE 2006
81
Deliverables
Identification of scenarios that have the potential to effect significantly the TR in terms
of smoke or gas ingress at build-up rates which would impair TR integrity or impact on
the emergency response capability.
Overlap
Further Information
Objective
Method
Coarse analysis is based on determining the time to failure of the structure from linear
elastic techniques. This analysis determines those structures which are critical and
which should be the subject of more detailed analysis.
Detailed analysis is based on non-linear analysis methods. These allow the true collapse
load of the structure to be estimated by modelling elastic-plastic behaviour of the
structure at elevated temperatures. The USFOS analysis program may be used for these
studies.
Information required
Details of potential fires from FEA, data on the type and layout of existing fire
protection facilities. Detailed structural drawings.
Deliverables
Report on the ability of the structure to withstand the fire scenarios identified. This will
reveal if there exists the potential exists for fire to lead to progressive collapse of the
structure or loss of the TR within the required endurance period. If necessary
recommendations for remedial actions and distribution of protective equipment should
be made.
Overlap
PTS 60.0401
JUNE 2006
82
Input data is required from Fire and Explosion Analysis (FEA) and physical effects
modelling. SCA may be used in QRA.
Further Information
TEMPORARY REFUGE/ESCAPE, EVACUATION AND RESCUE ANALYSIS
(TR/EERA)
Objective
Analysis of escape to TR, the provisions within the TR system, and Evacuation, Escape
and Rescue with respect to the major scenarios previously identified for comparison
against respective acceptance standards highlighting critical elements and revealing any
shortfalls.
Method
a goal analysis which considers how the goals for the EER process will be satisfied
in likely EER situations as a basis for determining the adequacy of the proposed
arrangements
an escape and evacuation time analysis which considers the time needed to
complete all phases of the EER process under conditions which may be present
when there is a need for EER
Information required
Detailed information on the TR/EERA provisions and details of the major hazard
scenarios identified. Details of installation layout including muster stations, refuges,
evacuation points and escape to sea facilities. Input data from Fire and Explosion
Analysis (FEA), Smoke Ingress Analysis (SIA) and Emergency Systems Survivability
Analysis (ESSA).
Deliverables
A formal record of the EER facilities and arrangements with details of the direct and
escalated impact of the identified hazard scenarios coupled with considerations on the
likelihood of their occurrence.
Overlap
PTS 60.0401
JUNE 2006
83
Input data required from FEA, SIA and ESSA. The results of the TR/EERA may be
used in the QRA.
PTS 60.0401
JUNE 2006
84
TRIPOD-BETA
Objective
Method
A PC tool which provides the means to record information from the investigation,
linking related information on events, people, damage, locations, etc. Information is
transferred to a screen where it can be manipulated and linked as nodes in a BETA tree.
Nodes are classified, the connecting logic tested and anomalies flagged for amendment.
Nodes are assigned General Failure Type (GFT) / Basic Risk Factor (BRF)
classifications.
Information required
Deliverables
A draft report for final editing, presenting salient details of the events, actual and
potential damage, failures and identified causes
Overlap
Further Information
TRIPOD-DELTA
Objective
PTS 60.0401
JUNE 2006
85
The proactive identification of potential latent failures that could lead to hazardous
situations and the development of remedial actions to be taken to reduce or eliminate
such hazards.
Used where there are few incidents providing information on causation therefore tries
to avoid 'requiring incidents to improve'.
Method
Development of indicator question database. These are used in the form of yes/no
answer questions to reveal the presence of General Failure Types (GFT) / Basic Risk
Factor (BRF) in the operation or organisation
Information required
Deliverables
The Failure State Profile indicates the extent to which each of the 11 GFT/BRFs is
present in the system under study. This allows remedial actions to be prioritised.
Overlap
Further Information
PTS 60.0401
JUNE 2006
86
PTS 60.0401
JUNE 2006
87
health
effects
which are
reversible,
eg
irritants,
many
food
poisoning
bacteria
3 Major Leading to Major Resulting Localised Plant partly
injury permanent injury/ in damage down;
partial illness permanent process can
disablement partial (possibly)
or unfitness disability be restarted.
for work or or
detrimental affecting
to work
performanc performan
e of work ce in the
over longer
extended term, such
period, such as a
as long prolonged
term absence
absence from work
- Agents
capable of
irreversibl
e damage
without
serious
disability,
e.g. noise,
poorly
designed
manual
handling
tasks
4 Single Alternativel Permanen - Agents Major Partial loss
fatality y victim t total which are damage of plant;
with disability capable of plant shut
permanent or fatality irreversibl down for at
total (small e damage most two
disablement exposed with weeks
PTS 60.0401
JUNE 2006
88
* Assets are understood as referring to: the oil and gas reservoirs, production facilities,
pipelines, money, capital, and other OPU/ JVs and third party property
PTS 60.0401
JUNE 2006
89
Table V.1 Example of further definition of consequence - severity rating for risk
matrix (continued)
PTS 60.0401
JUNE 2006
90
discharges concern;
of known numerous
toxicity, complaints;
repeated extensive
exceedance negative
of statutory attention in
or local media;
prescribed slight
limit and national
beyond media
fence/neigh and/or
borhood local/region
al political
attention
with
possible
negative
stance of
local
government
and/or
action
groups
4 Major Severe 1000 - 10,000 - National National
effect environmen 10,000 100,000 impact public
tal damage, concern;
the Opco is continuing
required to complaints;
take extensive
extensive negative
measures to attention in
restore the national
contaminate media
d and/or
environmen regional/nat
t to its ional
original politics with
state. potentially
Extended restrictive
exceedance measures
of statutory and/or
or impact on
prescribed grant of
limit licences;
mobilisation
PTS 60.0401
JUNE 2006
91
of action
groups
5 Massive Persistent >10,000 >100,000 Internation Internationa
effect severe al impact l public
environmen attention;
tal damage extensive
or severe negative
nuisance attention in
extending internationa
over a large l media and
area. In national/inte
terms of rnational
commercial politics;
or potential to
recreational harm access
use or to new
nature areas, grants
conservancy of licences
, a major and/or tax
economic legislation;
loss for the concerted
Opco. pressure by
Constant action
high groups;
exceedance adverse
of statutory effects in
or OPUs in
prescribed other
limit countries
The above table is an example for crude oil contamination. For other chemical
discharge criteria, environmental experts should be consulted.
Incidents relating to air, noise, small, light and soil vibrations should be addressed on
the basis of expert judgment and, in the case of uncertainty, local expertise may be
called in.
* 'Incident' as used in Severity level 1 must be seen as the source of the concern for all
severity levels. It is defined in the glossary but recognise it includes an
environmental problem, an event or chain of events which has caused or could have
caused spills, leaks, complaints, public concern, issue debates, failing to follow
commitments and so forth.
PTS 60.0401
JUNE 2006
92
'Public' must be seen as encompassing a wide range including 'opinion formers', e.g.
environmental scientists; groups; politicians; authorities (of various types); media
(scientific general)
PTS 60.0401
JUNE 2006
93
APPENDIX VI
This is done by identifying areas of high risk or identifying areas where risk can be
further reduced.
• act as an aid to communication with the workforce and third parties regarding their
impact on risk and their exposure to risk
Guidance is given below which addresses the cases when QRA is likely to be of benefit
and when it is not. Each individual case should be treated on its merits. Further advice
is given in PTS.60.2210
All projects onshore or offshore for which several options have been identified which
are considered to have significantly different risks. A risk assessment should be
undertaken early in a project development (in some cases this may be during the
prospect stage, if for instance, novel technology is used). A comparison of risks
associated with, for example, onshore versus offshore processing, manned versus
unmanned facilities, platform versus subsea installation, location and operating strategy
of onshore installations, etc may be effectively studied using QRA.
PTS 60.0401
JUNE 2006
94
During the definition phase, a more detailed risk assessment may be required to:
(i) assist with final major decision-making with respect to design options
(ii) provide a basis for further design optimisation during completion of conceptual
engineering and detailed engineering and (ultimately) to reach risk levels
regarded as As Low As Reasonably Practicable (ALARP)
(iii) confirm to senior management, shareholders and the Regulator that risk criteria
will be achieved.
At the end of detailed engineering, ie when all optimisation has been completed, the
risk assessment is issued in the form of a final report for input to the HSE Case. This is
intended to demonstrate that the risk criteria have been achieved and this risk is as low
as reasonably practicable.
This is the case unless the layout is so well spaced-out that the workforce is for the
majority of the time outside the maximum effect area of the high pressure
hydrocarbon production/process facilities and the risk of escalation is considered
to be negligible.
• onshore plants
This is where the public is within the maximum effect radius and/or where the
plant is complex and the hydrocarbon processing equipment cannot be spaced to
minimise the risk of escalation.
EXISTING FACILITIES
Any facility or operation which is considered to be safety critical and for which there
are doubts as to whether or not the risks have been reduced to as low as reasonably
PTS 60.0401
JUNE 2006
95
practicable. A QRA study would assist in the identification of high-risk areas and the
ranking of risk reduction measures, identify the need for modifying the operating
philosophy (e.g. MOPO), and increase the awareness of the workforce of the risks they
are exposed to and have influence over.
Plant modifications which will result in significant risks during construction and/ or
which are expected to increase significantly the risk level during operations. The need
for an additional or revalidated risk assessment at the time of proposed upgrades or
refurbishments has to be considered. In cases where the proposals are viewed as having
a minimal impact on safety or asset integrity, no additional work will be necessary.
However, for some modifications the earlier risk assessment will require reviewing and
additional risk assessment may be required.
QRA would not usually be used for Not Normally Manned offshore installations and
onshore facilities, except in connection with the determination of the operating
philosophy unless:
• the public is in permanently occupied areas within the maximum effect radius
• it is a legal requirement
• several expensive risk reduction measures have been identified whose relative
effectiveness is not obvious.
PTS 60.0401
JUNE 2006
96
GLOSSARY
For the purposes of these HSE Guidelines, the following definitions apply.
PTS 60.0401
JUNE 2006
97
PTS 60.0401
JUNE 2006
98
PTS 60.0401
JUNE 2006
99
PTS 60.0401
JUNE 2006
100
PTS 60.0401
JUNE 2006
101
REFERENCES
PTS 60.0401
JUNE 2006