SAFETY DOCUMENTATION:FOLDERS AND FILES
IEFC WorkshopCERN, March 7, 2012S. Evrard – EN/MEF
How useful is Safety Documentation for the general CERN population and you in particular ?
Acknowledgements: A-P Bernardes, C-H Sala, M. Picard, E. Harrouch, C. Alanzeau, C. Gaignant, E. Macario
Definition and content
S. Evrard - IEFC Workshop - March 7, 2012
2
A Safety File is a set of documents or data related to the assessment of the Safety of equipment, installation, activity, process or project at all stages of its life cycle and the corresponding implementation measures and procedures as well as lessons learned. The CERN Safety Rules define the compulsory content of each Safety file. (memo DG/2011-258)
When combined, the Safety Files of a given facility or system form a Safety Folder. Hence, the Safety Folder shall be understood as the repository where all Safety Files and associated documents are archived.
Content Descriptive part Demonstrative part Operational part Feedback part (now called REM)
Safety File vs Safety Folder
Purpose:Demonstration, by the Project team
to the Licensing authoritythat the Regulations are fulfilled,
from the 2 perspectives: integrity and safety
Scope
S. Evrard - IEFC Workshop - March 7, 2012
3
New facility (ex. HiRadMat) Existing facility (ex. TDC2-TCC2) Equipment (ex. Power Converter) Process (ex. Target Exchange) Activity (ex. Open Days 2013, XTAX table repair in TCC2)
Clear definition of the scope & boundaries of the safety file
Agreement of all stakeholders before starting up (DSO’s, HSE unit, Project Management..)
S. Evrard - IEFC Workshop - March 7, 2012
4
Description of the facility/processWhat is itWhere is it locatedWhat is it made ofHow does it workWhen will it be constructed, operated, dismantledWho is responsible for its construction, operationWith which means will it be constructedWhich steps for its dismantling
Descriptive part
Demonstrative part
S. Evrard - IEFC Workshop - March 7, 2012
5
The demonstrative part is hazard and risk oriented, and addresses the following: Hazard and safety risk identification; Risk evaluation, risk analyses; Risk responses:
Technical risk control measures; Organizational risk control measures.
6
This part is an inventory of all operational documents needed in order to optimize the exploitation of the facility, equipment, activity especially in terms of safety.
These operational documents are of two kinds: Operational instructions and procedures
for operating the facility for maintaining and ensuring its integrity
Organizational structures Project – Operation – Dismantling phases
S. Evrard - IEFC Workshop - March 7, 2012
Operational part
Feedback part
S. Evrard - IEFC Workshop - March 7, 2012
7
The Safety File also includes a part dedicated to Records, Experience and Monitoring (called Retour d’expérience in the French safety terminology)
This part shall receive all the feedbacks linked to the development of the facility, accidents, or incidents and any other new development.
Beyond prejudices
S. Evrard - IEFC Workshop - March 7, 2012
8
The safety file methodology is sometimes criticized: Waste of time Bureaucratic work Job for HSE experts only No time, no resources in our group, project Uninteresting work No added value exercise Only to get my boss happy Will trap dust on a shelf once written I’m asked to write it but no one tells me how
So let’s analyse some down-to-earth examples
9 Overview
S. Evrard - IEFC Workshop - March 7, 2012
TT61 (to former West Area)
TNC (former West Area Neutrino factory WANF)
TCC6
The HiRadMat facility
Study the impact of intense pulsed beams on materials Thermal management (heating) Radiation damage to materials –
change of properties Thermal shock - beam induced
pressure waves
S. Evrard - IEFC Workshop - March 7, 2012
10
We used a structured, systematic and comprehensive examination of all the processes sub-processes and activities to be carried out in the HiRadMat facility in order to identify potential hazards and operability problems (HAZOP).
The analysis was carried out by a suitably qualified team of
experts familiar with all aspects of the operations undergoing study. This team was led by a team leader qualified in the application of the technique, usually a safety professional.
The HSE Unit’s Safety Guidelines for Risk Assessment (EDMS no. 1114042) is a good tool.
Hazard inventory
The HiRadMat facility
S. Evrard - IEFC Workshop - March 7, 2012
11 Hazard inventory: process identification
Courtesy of M. Picard
The HiRadMat facility
S. Evrard - IEFC Workshop - March 7, 2012
12 Hazard inventory: process breakdown & basic activities
The HiRadMat facility
…
Basic Activity 7:Preparation crane
for remote use
…
Basic Activity 8:Remote use of
crane
…
…
…
Subprocess: Test table transport to cool down zone2.2.3
Basic Activity 1:Access in controlled
area2.2.3.1
2.2.3.2
2.2.3.4
2.2.3.5
2.2.3.3
…2.2.3.6
…
Courtesy of M. Picard
S. Evrard - IEFC Workshop - March 7, 2012
13 Hazard inventory: process summary
Processes linked to the operation
Processes linked to the maintenance Basic activities
Tested equipment installation in lab TNC relighting B1 entrance_in_controlled_area Experimental table installation in TNC AUG tests B2 entrance & activity in TNC Activated table handling to cooling area PR532 maintenance in TJ7 B3 exit from TNC
Cooled table removal from TNC PR532 annual load test B4 exit from controlled area Containment + experiment separation from table PR532 repair in TNC B5 Preparation PR-532 for manual use
Gas and or vacuum connection Drain network maintenance B6 Manual use of PR-532
Gas and or vacuum disconnection Elevator & lifts maintenance B7 Preparation PR-532 for remote use
Survey check of the 3 base tables Air Handling Unit maintenance B8 Remote use PR-532
New cable pulling Radiation monitoring maintenance
B9 end of work with PR532
Plug-in system exchange Fire detection tests
Patrol TNC Dump and upstream collimator exchange
The HiRadMat facility
14 Demonstrative part: risk response example
Id Hazards RisksTechnical measures
Organisational measures
Personal measures
1. TNC is a high radiation area.
Contaminated dust in TNC (from destructive work in TNC radioactive area)
External exposureInternal exposureEnvironment exposure
- Access system and RP veto for PPG6907 door.- Hand foot monitor control in BA7.-Ventilation system.- Alara oriented design of the facility.- Ramses system
- SPS access procedure in controlled area (EDMS 1138833)-Safety code F - Radiation Safety Manual- RP supervision-A6 - The two-person rule of working-ALARA principles
- Individual protective equipment IPE (safety shoes, auto-saving mask, helmet) - Individual and operational dosimeters- Overshoes- Depending on the nature of the work :-gloves if object handling in TNC-overall clothes + individual breathing mask if "destructive" work
2. Moving crane and moving PPG6907 door
Collision with people or equipment
Switch : if door closed, crane will stay offManual door opening
Door opening procedure on crane control panel
IPE
3. Moving crane and lifting loads
Collision with people or equipment
Slow motion handling and safety perimeter
-Overhead crane handling procedure (EDMS 1145906)- Handling by qualified overhead crane drivers- Safety Regulation on mechanical equipment (SR-M)
IPE
The HiRadMat facility
S. Evrard - IEFC Workshop - March 7, 2012
15 Demonstrative part: risk management example-stray radiation (external exposure)
Design stage: Fluka simulations CV and Ramses design Dedicated handling means (lifting jig and eyes) Prefabricated structure (easily removable) Activated material management plan Maintenance plan (reduced time in TNC)
Technical measures Access , ventilation and RP sectorization Ventilation system Ramses monitoring system Remote controlled PR532 crane
Organizational measures Frequent radiation survey of TNC tunnel Dedicated RP training ALARA, JOLI & DIMR preparation On-site close RP monitoring
Personal measures Training, IPE, dosimeters, … S. Evrard - IEFC Workshop - March 7, 2012
Airborne contamination decrease
Equipment remote handlingAbsolute Filter exchange
The HiRadMat facility
16
Question Procedure EDMS
How to get access authorized to the HiRadMat facility ?
Preparatory steps to take before accessing to HiRadMat
1154948
How to get access to HiRadMat Access procedure 1155061
How to escape from the facility ? Escape procedure 1153056
How to patrol the facility ? Patrol procedure 1152694
How to deal with activated material ?
Activated material management procedure
1146265
How to handle alarms from HRM ? Alarm management procedure 1152693
How to maintain the facility ? Maintenance plan 1154793
How to deal with incidents ? Faulty situation and incident analysis
1154637
How to manage fire risk ? Fire prevention and fire risk management
1146217
Operation part
S. Evrard - IEFC Workshop - March 7, 2012
The HiRadMat facility
User-oriented procedures
The HiRadMat facility
S. Evrard - IEFC Workshop - March 7, 2012
17
Safety review recommendation: prepare B.846 escape shaft for emergency situations Fire Brigade evacuation exercise new arrangements like permanent lifting points.
Incident debriefing Cold smoke accidentally produced in BA7 lift room reached
underground areas. After investigation, cause = geodesy duct bypassing ventilation containment. Check in all BA’s ongoing.
Feedback part
XTAX table repair in TCC2
S. Evrard - IEFC Workshop - March 7, 2012
18 A Challenging Repair
TAX motor failures: 3/8 are out of order The TAXs, installed downstream of the primary targets of the North Area, are made
of massive blocks put on motorized tables that can move up/down. High radiation environment
The TAX blocks intercept about 1019 protons/year about 6 mSv/h outside the shielding and probably 30 to 40 mSv/h at the blocks and even higher near the beam impact point.
S. Evrard - IEFC Workshop - March 7, 2012
19
XTAX table repair in TCC2
A detailed repair procedure and a risk analysis are prepared Major remaining risk: PR537 reliability
Technical measures taken: extensive maintenance and spare parts
Optimization steps WDP and DIMR preparation DIMR link Design Review: reduce the dose in future interventions Handle TAX assembly (blocks + table) as a set: no access to
most activated part PR537 remote control: reduced presence in TCC2 Increase PR537 lifting height: lateral shielding stays in place Bunker for mechanical work: operators well shielded Tailor made shielding (100 mm thick steel plate + lead
50mm): dose reduction /80 Optimize table repair sequence: # movements, start with
least activated first Extensive dry run tests in EHN1: train technicians Extensive dry run tests in TCC2 : train crane operators
S. Evrard - IEFC Workshop - March 7, 2012
20 Safety documentation
Work breakdown & planning Dose estimate Risk analysis
XTAX table repair in TCC2
Surveys
Roofs handling
Roof block modification
TCC2 dry run
Downstream table repair
Worksite clean-up
Upstream table repair
Preparatory works
RP supervision
Reconnect services
Service disjunction
0 200 400 600 800 1000 1200 1400 1600
39.3333333333333
155
217.333333333334
258.333333333333
292.733333333333
475
556.733333333335
583.333333333334
763.823333333334
953.516666666667
1403.51666666667
Dose breakdown by activity
Dose (uSv)
S. Evrard - IEFC Workshop - March 7, 2012
21
End product (EDMS 1180560) Repair procedure
Work breakdown Organization breakdown (many groups involved) Planning
WDP & DIMR Risk analysis (overhead crane,…) Personnel training sessions REX to come
Licensing authority: Committee ALARA Level 3
XTAX table repair in TCC2
Roles and responsabilities
S. Evrard - IEFC Workshop - March 7, 2012
22 Team work
TEAM LEADERS Coordinate the editorial work related to the safety documentation; initiate safety reviews
TEAM MEMBERS Contribute to the discussions on safety aspects within their range of expertise
throughout the lifecycle of the facility or system; SAFETY OFFICERS AND GLIMOS
Provide support to the project team members in the editorial work of the safety documentation, especially in terms of methodology;
Participate in the safety reviews. HSE UNIT EXPERTS
Represent the HSE Unit in the discussions on safety aspects throughout the lifecycle of the facility or system;
Participate in the safety reviews. DEPARTMENT /PROJECT MANAGEMENT
Ensures that the safety documentation is written and released in due time Approves the Safety Files.
Timeline: when to start, when to review23
HiRadMat site
Start as soon as possible (study phase)
Deliverables depend on the phase of the project/activity
HiRadMat: late start (in the middle of the project) induced changes in the design
For existing facilities, a safety file can be launched at several occasions: equipment renewal, consolidation, …
Review every 12 months at least
The project has a memory
Courtesy of P. Bonnal
S. Evrard - IEFC Workshop - March 7, 2012
Added-value exercise
S. Evrard - IEFC Workshop - March 7, 2012
24
Better knowledge of the facility and associated risks safety awareness is improved
Concentrated effort towards safety and documentation of the project: reviews and discussions with DSO’s, RSO’s. Some external pairs of eyes shed a new light on “our” project
Procedures checked and validated on-site with actors: team agreement on the procedures to be followed
Communication channels and knowledge of the facility improved with all CERN services (FB, CCC, Transport team, users…)
Decision making process during design of the facility, equipment is facilitated
Update of safety documentation and safety management becomes easy
Safety aspects
Added-value exercise
S. Evrard - IEFC Workshop - March 7, 2012
25
EDMS documents organized in a structured way also available in the Web (SharePoint sites)
Tailor-made information for each public (users, experts,….) Detailed knowledge of your facility is shared by all stakeholders
– increase efficiency Documented procedures available for repetitive interventions:
resources & planning optimization Facilitate training of new recruit (knowledge transfer) Bridge to other tool: maintenance plan (CAMMS), emergency
plan
Beyond safety aspects
Keys to success
S. Evrard - IEFC Workshop - March 7, 2012
26
Deal with lack of up to date technical documentation Secure resources (HiRadMat: 1 FTE year or 4% of the
project resources) Get commitment of all stakeholders Get commitment and support of management Make your safety file a unique & crucial working-tool
for all participants in your project/activity.
Lessons learnt
S. Evrard - IEFC Workshop - March 7, 2012
27
Successful project = deliverables delivered & performance achieved with no bad impact on persons and on the environment
Balancing the investment in time & money between scientific and technical performance safety performance & environment protection
If safety/integrity is correctly embedded intothe conception work, it should not be too painful
If safety/integrity is not taken into account during the conceptual work, then it may really become a critical issue
Safety engineering support (internal/external) is an asset
Safety aspects exceeding the scope of the safety file: these aspects are recorded in the safety file and are to be discussed in the proper forum (CSAP).