keeping bowties alive

84
Keeping Bowties Alive December 2013 Bell Energy, Abu Dhabi

Upload: chandrashekhar-kulkarni

Post on 15-Jan-2017

283 views

Category:

Business


3 download

TRANSCRIPT

Page 1: Keeping Bowties Alive

Keeping Bowties AliveDecember 2013

Bell Energy, Abu Dhabi

Page 2: Keeping Bowties Alive

www.bell-energy.com

Purpose

Understand:

– Generic purpose of Bowties– Common terminologies adopted

Appreciate:

– How Bowties are adopted in Oil & Gas Processes

Be able to:

– Build bowties for a facility / unit– Use Bowties to identify

• HSE Critical Equipment and Systems• HSE Critical Activities• HSE Critical Integrity Activities

– Operationalize Bowties for day-to-day functions

Keep Bowties Live using Electronic HSE Cases

Slide 2

Page 3: Keeping Bowties Alive

Introduction to BowtiesFebruary 2014

Page 4: Keeping Bowties Alive

www.bell-energy.com

Chapter 1 – Elements of Bowtie

Slide 4

Page 5: Keeping Bowties Alive

www.bell-energy.com

Risk Management Preface

Slide 5

HazardIdentification H&ERs

Management through HSE Management

System

PolicyOrganizationProcedures

Performance Measurement

Control of Major Accident Hazards

BOWTIESHSECES

HSECES Performance Standards

HSE Critical Activities & Tasks

Quality Performance Standards

QRA

Page 6: Keeping Bowties Alive

www.bell-energy.com

What is a Bowtie ?

A bowtie is a graphical representation of:

– The relationships between the following• causes of Major Accident Hazards (MAH), • the consequences of MAH• the preventive barriers in between the causes and top event• the mitigation barriers in between the top event and worst consequences• Potential escalations factors leading to barrier failures

– Barriers are linked to:• Hardware - “HSE Critical Equipment and Systems”• Activities & Tasks – “HSE Critical Activities and Tasks”• Integrity of the Hardware – “HSE Critical Integrity Activities”• Quality of the Activities & Tasks – “Quality Performance Standards”• Competent Personnel – “HSE Critical Positions”

– Highlights the crucial connection between barriers and the HSEMS procedures necessary for assuring their ongoing effectiveness

Slide 6

Page 7: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 7

Major Accident HazardMajor accident means an

‘Occurrence’ in the operation of a site which leads to severe or catastrophic consequences including the critical high risk (which corresponds to 3E in the RAM) to people, assets, the environment and/or company reputation

MAH Examples:

1. Pressurized Hydrocarbons2. Toxic Gas

Page 8: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 8

Top Event

What happens when we lose control ?Top Event = Hazardous EventExamples:1. Loss of Containment2. Loss of Structural Stability

Major Accident Hazard

Page 9: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 9

Top Event

Major Accident HazardThreats

What could CAUSE the loss of control ?

Examples:1. Corrosion2. Pressure Build-up

Threats

Threats

Threats

Page 10: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 10

Top Event

Major Accident HazardThreats

How can the EVENT develop ?What are the worst outcomes ?

Examples:1. Jet Fire2. Explosion3. Toxic Gas Dispersion

Threats

Threats

Threats Consequence

Consequence

Page 11: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 11

Top Event

Major Accident Hazard

Threats

Consequence

Consequence

Threat Controls

How do we prevent the threat from realizing into the Top Event ?

Examples:1. Cathodic Protection2. PAHH closing ESD Valve

Barriers should be:1. Independent2. have an HSE Function3. Reliable4. Available on Demand5. Survive6. Have management controls for

ongoing effectiveness

Page 12: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 12

Top Event

Major Accident Hazard

Threats ConsequenceThreat

Controls

How do we recover if the event occurs? How do we limit the severity of the event?Examples:1. HVAC System2. Fire Protection System

Barriers should be:1. Independent2. Solely serve an HSE Function3. Reliable4. Available on Demand5. Survive6. Have management controls for

ongoing effectiveness

RPM

RPM – Recovery PreparednessMeasures

Page 13: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 13

Top Event

Major Accident Hazard

Threats ConsequenceThreat Control

How might controls fail?How could their effectiveness be undermined?Examples:1. Failure to make-up for Corrosion

Inhibitors2. Bypass on an ESD System

RPM

Escalation Factors

RPM – Recovery PreparednessMeasures

Page 14: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 14

Top Event

Major Accident Hazard

Threats ConsequenceThreat Control

How do we make sure controls do not fail

Examples:1. Bypass / Override authorization2. Partial Stroke Testing of ESD

RPM

EFC

Escalation Factors

RPM – Recovery PreparednessMeasures

EFC – Escalation FactorControls

Page 15: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 15

Top Event

Major Accident Hazard

Threats ConsequenceThreat Control

Escalation Factors apply to all barriers (preventive and mitigation)

RPM

EFC

Escalation Factors

Page 16: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 16

Top Event

Major Accident Hazard

Threats Consequence

Barrier Barrier

EFC

Escalation Factors

EFC

Escalation Factors

Tasks Tasks TasksWhat tasks do we do to make sure that controls continue to work?

Page 17: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 17

Top Event

Major Accident Hazard

Threats Consequence

Barrier Barrier

EFC

Escalation Factors

EFC

Escalation Factors

Tasks Tasks TasksWho will perform these Tasks?

Personnel Personnel

Page 18: Keeping Bowties Alive

www.bell-energy.com

Elements of a Bowtie

Slide 18

Tasks Tasks Tasks

What are these tasks:

– Inspection– Repair– Testing– Supervision– Operating within boundary

Who performs these tasks:

– Competent Personnel– Trained in performing these tasks– Experienced– Continuous updating their skills and

knowledge– Know their limits

How to know when to do these tasks

– Performance Standards– RBI, RCM– Vendor Requirements

What to do?

– Job Plans– MAXIMO Data

Is there a procedure

– HSE Critical Activities Catalogue– Inspection & Test Procedures

What competencies are needed?

– Competency Assessments (CAMS)

Page 19: Keeping Bowties Alive

www.bell-energy.com

Bowties

Slide 19

BOWTIE REPRESENTS YOUR MAJOR ACCIDENT HAZARD

MANAGEMENT SYSTEM

Page 20: Keeping Bowties Alive

www.bell-energy.com

Chapter 2 –Common Bowtie

Terminologies

Chapter 1 –Elements of Bowtie

Slide 20

Page 21: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Major Accident Hazards Major accident means an ‘Occurrence’ in the operation of a site which leads to severe or

catastrophic consequences including the critical high risk (which corresponds to 3E in

the RAM) to people, assets, the environment and/or company reputation. The

consequences may be immediate or delayed and may occur outside as well as inside

the site. There will also be a high potential for escalation.

excludes ‘Occupational accidents’ which have bounded, albeit possibly severe or

catastrophic consequences.

– This means that one or more pedestrian fatalities resulting from a road accident on a

site (however regrettable and tragic) would not be defined as a ‘Major Accident’.

– Similarly, one or more fatalities resulting from a fall from a scaffolding platform (again

regrettable and tragic) would not be defined as a ‘Major Accident’.

Slide 21

Page 22: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Risk Risk is the product of the measure of the likelihood of occurrence of an

undesired event and the potential adverse consequences which this event

may have upon:

– People – injury or harm to physical or psychological health

– Assets (or Revenue) – damage to property (assets) or loss of production

– Environment – water, air, soil, animals, plants and social

– Reputation – employees and third parties. This includes the liabilities arising

from injuries and property damage to third parties including the cross

liabilities that may arise between the interdependent Group Companies.

Slide 22

Page 23: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Top Event Specific incident scenario described by a fault tree, for example ‘the 'release'

of a hazard’.

Threat A cause that could potentially release a hazard and produce a hazardous

event.

Threat Controls All measures taken to reduce the probability of release of a hazard. Measures

put in place to block the effect of a threat.

Slide 23

Page 24: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Consequence or Severity Adverse effects or harm which causes the quality of human health or the

environment to be impaired. Basically it is the loss that can be inflicted if the

any hazardous event occurs.

Recovery Preparedness Measures All technical, operational and organisational measures that limit the chain of

consequences arising from the first hazardous event (or 'top event'). These

can

– reduce the likelihood that the first hazardous event or 'top event' will develop

into further consequences and

– provide lifesaving capabilities should the 'top event' develop further.

Slide 24

Page 25: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Escalation An increase in the consequences of a hazardous event.

Escalation Factors Conditions that lead to increased risk due to loss of controls or loss of

recovery capabilities (mitigation or lifesaving). Escalation factors include

abnormal operating conditions, e.g. maintenance mode, operating outside

design envelope; environmental variations, e.g. extreme weather and tidal

conditions; failure of barriers, e.g. maintenance failure, due to explosion or

fire, introduction of ignition source; human error, e.g. lapses, rule violations;

no barrier provided, e.g. not possible or too expensive. Escalation Factors

may concurrently affect the control and/or recovery of more than one hazard.

Slide 25

Page 26: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

Escalation Factor Controls Measures put in place to block or mitigate the effects of escalation factors.

Types include guards or shields (coatings, inhibitors, shutdowns), separation

(time and space), reduction in inventory, control of energy release (lower

speeds, safety valves, different fuel source) and non-physical or

administrative (procedures, warnings, training, drills)

Slide 26

Page 27: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

HSEMS The company structure, responsibilities, practices, procedures, processes and

resources for implementing health, safety and environmental management.

HSE Critical Activities Activities that are important in preventing events with potential to cause

serious harm to people, the environment or property or which can reduce the

impact of such an event. Note: The definition of serious harm includes the

CRITICAL, SEVERE AND CATASTROPHIC categories

Slide 27

Page 28: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

HSECES Parts of an installation and such of its structures, plant equipment and

systems (including computer programmes) or any part thereof, the failure of

which could cause or contribute substantially to; or a purpose of which is to

prevent or limit the effect of a major accident.

HSE Critical Integrity Activities Activities associated with the integrity of HSECESs. Activities such as design,

construction, installation, commissioning, operation, modification, repair,

inspection, testing or examination associated with assuring the integrity of a

HSECES.

Slide 28

Page 29: Keeping Bowties Alive

www.bell-energy.com

Common Terminologies

HSECES Performance Standards A statement which can be expressed in qualitative or quantitative terms, of the

performance required of a system, item of equipment or computer programme

and which is used as the basis for verification throughout the life cycle of the

installation.

Quality Performance Standards It is a demonstration that the procedures developed for HSE Critical Integrity

Activities are suitable and are undertaken by Competent Person in a manner

that assures the integrity of the HSECES.

Slide 29

Page 30: Keeping Bowties Alive

www.bell-energy.com

Chapter 3 –Bowties

and HSEMS

Chapter 2 –Common Bowtie

Terminologies

Chapter 1 –Elements of

Bowtie

Slide 30

Page 31: Keeping Bowties Alive

www.bell-energy.com

Bowties and HSEMS

The HSE Management System has policies, plans and procedures

Includes list of activities associated with Low, Medium and High risk

hazardsHSEMS

BowtiesHSE Critical Activities, Critical Integrity Activities

• Activity Catalogue• Tasks Specification

Sheets• Job Plans• Quality Performance

StandardsJudgement,Experience, Risk Analysis for non routine operations

• Procedures• Responsibilities• Performance• Competencies

Judgement & Experience

• Generic Procedures / Competencies

Slide 31

Page 32: Keeping Bowties Alive

www.bell-energy.com

Filtering Activities

H&ERs

Tasks Tasks Tasks Tasks Tasks Tasks Tasks

Tasks Tasks Tasks

All activities arising from the control of low, medium and high risk hazards will be part of the HSEMS.

Slide 32

Page 33: Keeping Bowties Alive

www.bell-energy.com

Classification of Activities

Slide 33

TasksTasks

All routine tasks (low and medium) are managed by

the existing HSEMS Procedures

Examples:

Housekeeping

Lock Out Tag Out

TasksTasks

Hazardous Activities may be HSE Critical Activities but

are not HSE Critical Integrity Activities

Examples:

Confined Space Entry

Working at height

TasksTasks

HSE Critical Integrity Activities only relate

to HSECESs

Examples:

Partial Stroke Testing

Detector Calibration

Acceptance Tests

Page 34: Keeping Bowties Alive

www.bell-energy.com

Chapter 4 –Fault Tree, Event Tree Approach

Chapter 2 –Common Bowtie

Terminologies

Chapter 3 –Bowties and

HSEMS

Chapter 1 –Elements of

Bowtie

Slide 34

Page 35: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 35

A bowtie is well understood as a Fault Tree to the Left Hand Side and Event Tree

on the Right Hand Side

Page 36: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 36

ORPT Failure

PCV FailureSignal Failure

Leads to pressure control loop failure (Basic Process Control System BPCS)

E-2

PLCS-1

PSV

ESD Valve

PAHPAHH

PCV

PT

P-13

THREAT: OVERPRESSURIZATION

Page 37: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 37

ORPT Failure

PCV FailureSignal Failure

ORPAH Failure

Operator fails to control pressure

No time for operator action

E-2

PLCS-1

PSV

ESD Valve

PAHPAHH

PCV

PT

P-13

PAH is a barrier (HSECES: Process Alarms) – This is effective only if operator knows what to do, can react appropriately to panic situation and has rehearsed this in an Operator Training Simulator. If there is no time for operator action, this barrier fails.

Page 38: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 38

ORPT Failure

PCV FailureSignal Failure

ORPAH Failure

Operator fails to control pressure

No time for operator action

ORPAHH Failure

PLC FailureESDV Failure

E-2

PLCS-1

PSV

ESD Valve

PAHPAHH

PCV

PT

P-13

These are related to HSECES: Instrumented Protective Function. Can fail due to design errors, lack of testing

Page 39: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 39

ORPT Failure

PCV FailureSignal Failure

ORPAH Failure

Operator fails to control pressure

No time for operator action

ORPAHH Failure

PLC FailureESDV Failure

ORPSV fails to lift / relieve

Vessel integrity failure

E-2

PLCS-1

PSV

ESD Valve

PAHPAHH

PCV

PT

P-13

PSV is related to HSECES: Pressure Relief. Vessel Integrity is related to HSECES: Hydrocarbon Containment

Page 40: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 40

AND

ORPT Failure

PCV FailureSignal Failure

ORPAH Failure

Operator fails to control pressure

No time for operator action

ORPAHH Failure

PLC FailureESDV Failure

ORPSV fails to lift / relieve

Vessel integrity failure

When the threat occurs AND all barriers fail, the Top Event is realized

Page 41: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 41

AND

ORPT Failure

PCV FailureSignal Failure

ORPAH Failure

Operator fails to control pressure

No time for operator action

ORPAHH Failure

PLC FailureESDV Failure

ORPSV fails to lift / relieve

Vessel integrity failure

This could lead to loss of Containment (eg. Hydrocarbon Containment)

LOC

Page 42: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 42

No Ignition

Ignition Control

LOC

Immediate Ignition

Delayed Ignition

Page 43: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 43

No Ignition

Ignition Control

LOC

Immediate Ignition

Success

Gas Detection, ESD, Blowdown

Failure

Delayed Ignition

Page 44: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 44

No Ignition

Ignition Control

LOC

Immediate Ignition

Success

Gas Detection, ESD, Blowdown

Flame Detection ESD,

Blowdown

Failure

Delayed Ignition

Toxic Gas Dispersion

(short distance)

Toxic Gas Dispersion

(large distance)

Success

Failure

Flash Fire / VCE

Page 45: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 45

No Ignition

Ignition Control

LOC

Immediate Ignition

Success

Gas Detection, ESD, Blowdown

Flame Detection ESD,

Blowdown

Failure

Delayed Ignition

Toxic Gas Dispersion

(short distance)

Toxic Gas Dispersion

(large distance)

Short Duration Jet FireSuccess

Failure Long Duration Jet Fire

Flash Fire / VCE

Page 46: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 46

HVAC System

LOC

SCBA MEDEVAC / ERP

Toxic Gas Dispersion

(short distance)Fatalities

Page 47: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

Slide 47

HVAC System

LOC

SCBA MEDEVAC / ERP

Toxic Gas Dispersion

(short distance)Fatalities

Fatalities / Asset Damage

Passive Fire Protection

Deluge System

Jet Fire

Page 48: Keeping Bowties Alive

www.bell-energy.com

Another Look at the Bowtie

HVAC System

LOC

SCBA MEDEVAC / ERP

Toxic Gas Dispersion

(short distance)Fatalities

Flash Fire / VCE Fatalities / Asset Damage

Blast Resistant

MEDEVAC / ERP

Fatalities / Asset Damage

Passive Fire Protection

Deluge System

Jet Fire

Page 49: Keeping Bowties Alive

www.bell-energy.com

Chapter 5 –Benefits of

Bowties

Chapter 2 –Common Bowtie

Terminologies

Chapter 3 –Bowties and

HSEMS

Chapter 4 –Fault Tree, Event Tree Approach

Chapter 1 –Elements of

Bowtie

Slide 49

Page 50: Keeping Bowties Alive

www.bell-energy.com

Benefits of Bowties

Logical Structured Approach

Direct link between the Barriers and the Management System

Forces us to think if the barriers are adequate and effective

Helps in identifying Gaps in Management Systems that can be identified as

“deficiencies”

Deficiencies can be associated with Procedures, Organizational

Improvements, Competency, Barrier Effectiveness

Slide 50

Page 51: Keeping Bowties Alive

www.bell-energy.com

Benefits of Bowties

Provides an “Auditable Trail” of the Hazards & Effects Management Process

(HEMP)

Helps in ALARP Demonstration

Can be “Operationalized”

Can be used in Quantifying Risks

Helps in Demonstrating Compliance to CORPORATE and REGULATORS

Slide 51

Page 52: Keeping Bowties Alive

www.bell-energy.com

Disadvantages of Bowties

Bowties are not “intelligent” and is only a recording tool

Anything and everything put into a Bowtie can look like a barrier

It needs a good understanding of the methodology, risk management process

to be able to identify barriers that are independent

Can be misleading if the context is not understood

Solution: During the workshop, we will define the elements of the bowtie

comprehensively so that it can be understood by a person who was not

present in the workshop.

Slide 52

Page 53: Keeping Bowties Alive

www.bell-energy.com

Chapter 6 –How to use

Bowties

Chapter 2 –Common Bowtie

Terminologies

Chapter 3 –Bowties and

HSEMS

Chapter 4 –Fault Tree, Event Tree Approach

Chapter 5 –Benefits of

Bowties

Chapter 1 –Elements of

Bowtie

Slide 53

Page 54: Keeping Bowties Alive

www.bell-energy.com

How to use Bowties

Concept / FEED Stage

– The Bowties are used to identify and select barriers (HSECESs)• Eg. HIPPS versus Inherent Pressure Design• Fire Proofing versus Separation Distance• Blast Proofing etc.

– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined

• Eg. Additional Shutdown Valves to isolate sections

– These barriers are included in the Bowties

– The Safety Function of the barriers are decided• The FEED Engineer develops the design• The Safety Function of the HSECES is determined based on the Bowties eg. Whether

to initiate ESD on Gas Detector or Flame Detection, whether to activate deluge automatically or manually etc.

– HSECES Performance Standards are developed for FEED phase

Slide 54

Page 55: Keeping Bowties Alive

www.bell-energy.com

How to use Bowties

Detailed Engineering & EPC Phase

– The Bowties are reviewed to identify any new barriers (HSECESs)

– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined

– The EPC Phase HSE Critical Integrity Activities and Tasks are determined• Eg. Factory Acceptance Tests, Site Acceptance Tests, Material Requisitions,

Datasheets and Specifications, Independent Verification & Third Party Inspections etc.

– HSECES Performance Standards are developed for EPC phase

– Quality Performance Standards are developed for the HSE Critical Integrity Activities and Tasks

Slide 55

Page 56: Keeping Bowties Alive

www.bell-energy.com

How to use Bowties

Operations Phase

– If required, retrospective Bowties are developed

– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of barriers required to reduce the risks to ALARP is determined

– The Operations Phase HSE Critical Integrity Activities and Tasks are determined• Eg. Inspections, Maintenance, Testing, Verification, Management of Change.

– HSECES Performance Standards are developed for Operations phase

– Quality Performance Standards are developed for the HSE Critical Integrity Activities and Tasks

Slide 56

Page 57: Keeping Bowties Alive

www.bell-energy.com

How to use Bowties

There is more in the Operations Phase….

– HSECES Tags are identified

– These tags can be then included in MAXIMO / SAP system

– Job Plans for the HSE Critical Integrity Activities are developed

– A verification scheme is prepared to ensure that the HSECESs are within their integrity boundary

– Competency Matrix is developed

– The HSECES effectiveness / degradation is determined

– MOPO is prepared based on unavailability of HSECESs

Slide 57

Page 58: Keeping Bowties Alive

www.bell-energy.com

How to use Bowties

As a Plant Operator, the Bowtie can be used:

– Checks the health of all barriers

– What to do if a barrier is not available

– What “layers or protection” do we have and are they adequate

– Interfaces with Contractor works or other projects

– Permit to Work system

Slide 58

To achieve this you need to maintain the Bowtie as a “Live Document” preferably

through an Electronic HSE Case

Page 59: Keeping Bowties Alive

www.bell-energy.com

Other Applications of Bowties

Incident Investigation

Audits

Managing KPIs

Slide 59

Page 60: Keeping Bowties Alive

www.bell-energy.com

Exercise 1 –Drawing a

simple Bowtie

Chapter 2 –Common Bowtie

Terminologies

Chapter 3 –Bowties and

HSEMS

Chapter 4 –Fault Tree, Event Tree Approach

Chapter 5 –Benefits of

Bowties

Chapter 6 –How to use

Bowties

Chapter 1 –Elements of

Bowtie

Slide 60

Page 61: Keeping Bowties Alive

Risk Management using BowtiesFebruary 2014

Page 62: Keeping Bowties Alive

www.bell-energy.com

Chapter 1 –Preparing for Developing

Bowties

Slide 62

Page 63: Keeping Bowties Alive

www.bell-energy.com

Team Composition

Workforce Involvement is very important aspect of Bowtie development

The Team should be composed of

– Operations

– Maintenance, Reliability & Integrity

– Process, Mechanical, Instrumentation

– Process Safety, Environment & Health

Slide 63

Page 64: Keeping Bowties Alive

www.bell-energy.com

Bowtie Inputs and Outputs

Slide 64

Page 65: Keeping Bowties Alive

www.bell-energy.com

Steps to develop Bowties

Page 66: Keeping Bowties Alive

www.bell-energy.com

Steps to develop Bowties

Page 67: Keeping Bowties Alive

www.bell-energy.com

Steps to develop Bowties

Page 68: Keeping Bowties Alive

www.bell-energy.com

Steps to develop Bowties

Page 69: Keeping Bowties Alive

www.bell-energy.com

Chapter 2 –Parent & Unit Level Bowties

Chapter 1 –Preparing for Developing

Bowties

Slide 69

Page 70: Keeping Bowties Alive

www.bell-energy.com

Parent & Unit Bowties

This method is similar to the Parent-Child bowtie concept used by Shell

Parent Bowtie is also termed as “Best Practice Bowtie” which is developed for the Major Accident Hazards of the entire plant

Then the Parent Bowtie is reviewed and updated when applied to each units

Helps in identifying the superparent, parent and child HSECES tags

Example is presented in the Software Demonstration

Slide 70

Page 71: Keeping Bowties Alive

www.bell-energy.com

Chapter 3 –Barrier

Hierarchy, Effectiveness

Analysis

Chapter 2 –Parent &

Unit Level Bowties

Chapter 1 –Preparing for Developing

Bowties

Slide 71

Page 72: Keeping Bowties Alive

www.bell-energy.com

Critical Alarms, Safety Instrumented Systems

Pressure Relief Valves, Rupture Discs

Bunds, Dikes

Deluge system, Fire sprinklers, Gas Detection and Alarms

Plant Emergency Response

Offsite Emergency Response

Layers of Protection & Barrier Hierarchy

Slide 72

Process Design

Basic Process Control System

Inherent Safety Features

Process Safety

Loss Prevention

Emergency Response

Page 73: Keeping Bowties Alive

www.bell-energy.com

Barrier Effectiveness

Barrier Effectiveness Measures

– Functionality / Effectiveness – The barrier functionality / effectiveness is the ability to perform a specified function under given technical, environmental, and operational conditions.

• It deals with the effect the barrier has on the event or the accident sequence• Determining the effectiveness is related to determining the “possible degree of

fulfillment” of the specified function• Eg. if the function is to pump water, a functional requirement may be that the output of

water must be between 100 and 110 litres per minute. The actual functionality of a barrier may be less than the specified functionality due to design constraints, degradation, operational conditions,

– Reliability / Availability – The barrier reliability/availability is the ability to perform a function with an actual functionality and response time while needed, or on demand.

• Corresponds to Safety Availability / Safety Integrity requirements (IEC 61511)• All necessary signals must be detectable when barrier activation is required.• Active barriers must be fail-safe, and either self-testing or tested regularly.

Slide 73

Page 74: Keeping Bowties Alive

www.bell-energy.com

Barrier Effectiveness

Performance of safety barriers

– Response Time – The response time is defined differently for different types of barriers. It is generally defined as the time required for the barrier to complete it’s safety function

• Eg. For ESD System the “Response Time” is the time required to close the valve such that the flow is stopped

• Similarly, the “Response Time” for deluge system is the time to deliver the specified amount of water (and not the time until the fire is extinguished)

– Robustness / Survivability – Barrier robustness is the ability to resist given accident loads and function as specified during accident sequences.

• Eg. Survivability of Valve Solenoid to Jet Fire scenarios• Able to withstand extreme events, such as fire, flooding, etc.• The barrier shall not be disabled by the activation of another barrier.• Two barriers shall not be affected by a (single) common cause.

Slide 74

Page 75: Keeping Bowties Alive

www.bell-energy.com

Barrier Effectiveness

Performance of safety barriers

– Triggering Event / Condition – The triggering event or condition is the event or condition that triggers the activation of a barrier.

• Eg. Initiating events are important to decide the total scope of the barrier safety function.

– Adequacy – Able to prevent all accidents within the design basis.• Meet requirements set by appropriate standards and norms.• Capacity must not be exceeded by changes to the primary system.• If a barrier is inadequate, additional barriers must be established.

Slide 75

Page 76: Keeping Bowties Alive

www.bell-energy.com

General Barrier Effectiveness Ratings

The General Barrier Effectiveness Ratings are based on the following parameters:– Field Experience of the “Functionality” of the Barrier based on:

• Status of the required inspections / tests as per schedule as required by the Performance Standard

• Status of the hardware when it is tested• The amount of time it requires repair to pass

– Findings of the Site Audits on the management of HSECES– Status of Audit Actions– Availability and adequacy of Competent Personnel to perform the job– Level of training and continuing education they receive– Past Incidents related to the functionality of the HSECES– Is the HSECES in place– Reliability– Human Dependency– Any survivability issues

Slide 76

Page 77: Keeping Bowties Alive

www.bell-energy.com

Barrier Effectiveness Template

Slide 77

Barrier Title:Bowtie Ref:

Yes No Unknown

2.1. Is the barrier amongst an "Instrumented Protective Function"2.2. Does it have a SIL rating greater than SIL 1

3. Human Factors

4. Processes4.1. Is this barrier management process audited?4.2. Have the identified action items been completed or alternative4.3. Is the impletementation on schedule4.4. Is the process used uniformly

5. Personnel5.1. Is the concerned staff training up-to-date5.2. Is the concerned staff job profile adequate for the barrier management5.3. Is the concerned staff competent in performing the action

3.2. Clearly defined task, defined operating procedures, operator is trained and experienced, or errors conceivable, but very unlikely.3.3. Operating under stress, multi-tasking, complex procedures, difficult to operate, operator is trained, or errors possible.3.4. Operating under high stress, complex or unclear procedures, inadequate training, or errors quite possible.

3.4. Personnel unfamiliar with the task, very complex procedures, no training, errors might well be expected, or emergency situation

NOT EFFECTIVEEFFECTIVEVERY EFFECTIVE

1.8. Is the barrier operating beyond it's design life?1.9. Is the barrier designed as per an obsolete standard?

2. Is the barrier reliable?

3.1. No human involvement, simple instructions, easy to operate, intuitive, proven operator performance, or consequences of errors limited by design.

1.2. Has the barrier been maintained as per the Performance Standard?1.3. Has the barrier been tested as per the Performance Standard?1.4. Has the barrier been inspected as per the Performance Standard?1.5. Has the barrier undergone any form of degradation?1.6. Has the barrier failed any tests?1.7. Does the barrier require to be repaired very often?

1. Is the barrier in place and being used ?1.1. Has the barrier been "inhibited" during normal operation?

In Place ?

Reliable ?

Human Factors ?

Processes ?

Personnel ?

Page 78: Keeping Bowties Alive

www.bell-energy.com

Barrier Adequacy

Barrier Adequacy is based on two requirements

Prescriptive Requirements (to meet as minimum)

Goal Setting Requirements (to meet ALARP)

Slide 78

Page 79: Keeping Bowties Alive

www.bell-energy.com

Chapter 4 –HSE Critical

Integrity Activities &

Tasks

Chapter 2 –Parent & Unit Level Bowties

Chapter 3 –Barrier Hierarchy,

Effectiveness Analysis

Chapter 1 –Preparing for Developing

Bowties

Slide 79

Page 80: Keeping Bowties Alive

www.bell-energy.com

HSE Critical Integrity Activities

Slide 80

activity

activity

activity

activity

activity

activity

activity

activity activity

activity

activity

activity activity

activity

activity

activity

All Activities are not HSE Critical Integrity Activities. On those that are for ensuring the integrity of HSECESs are. However all

other activities related to HSE are part of HSEMS

HSE Critical Integrity Activities are dynamically affected during the facility operations eg. Interfacing with other projects

Page 81: Keeping Bowties Alive

www.bell-energy.com

HSE Critical Integrity Activities

Slide 81

activity

activity

activity

activity

activity

activity

activity

activity activity

activity

activity

activity activity

activity

activity

activity

activity

activity

activity

activity

activity activity activity

activity

activity activity

Covered by HSEIA

Contractor Activities (Simultaneous Activities / Operations)

Page 82: Keeping Bowties Alive

www.bell-energy.com

HSE Critical Integrity Activities

Slide 82

HSECES

Bowtie Analysis

Performance Standards

Responsibility

PerformanceIndicatorsINPUT

Competencies Required

Task 1

Task 2

Task 3

OUTPUT

HSE CriticalIntegrityActivity

In THESIS, the above relationship can be built for each HSECES

Page 83: Keeping Bowties Alive

www.bell-energy.com

Level of Detail in HSE Critical Integrity Activities

The general rules are:– HSE Critical Integrity Activities should be specific and fit for purpose– Activities should be documented at a level where accountability for the activity

can be realistically placed with a single individual. – for efficiency, activities which are the responsibility of one person should be

grouped together as one activity if possible– The activity should be based on quality management principles– It should documents working practices & controls in use – It should results in a ‘measurable’ activity

It should be presented in the form of an “Activity Specification Sheet”

– Who performs the activity / task– Brief description of the activity / task– What prompts the activity / task– What assures that the activity / task is performed correctly– How to know that the activity / task is complete– How frequently should the activity / task be performed

Slide 83

Page 84: Keeping Bowties Alive

www.bell-energy.comSlide 84

Thank you for your Attention

United Arab Emirates

Bell Energy, 8th Floor, 801Noura Al Majid Bldg.Electra Street, Abu DhabiTel: +971 2 6761932Email: [email protected]

Branches:

Cleveland, USABrisbane, AustraliaWarrington, UKPune, IndiaToronto, Canada