1.CCPS RBPS

Process Safety Management
Eng. Ashraf Elsayed

+201005819430
a.elsayed@Khalda-eg.com
https://www.linkedin.com/in/ashraf-elsayed-7b8698b4
Process safety VS personal safety
Personnel (Occupational ) Safety Process Safety (MAH)

Look at ISO-45001 Look at PSMS
prevention of injuries prevention or mitigation of catastrophic failures;

for major hazard industry due to large amounts of
dangerous chemicals & dust
Slips, trips, falls, chemical contact, safe driving, electricity, Fires, explosions, toxic gas releases significant loss of life,
flammable material not associated with MAH, contact with property or environmental
high temp. or hazardous substances, pressure, fire/open
flame, work at hight, confined space, asphyxiate, security .
High Frequency, Low Severity. (easy to predict) Low Frequency (difficult to predict), High Severity
Safegaurds: PPE, PTW, machine gaurding, fire precautions, Safegaurds: plant technical control (SRV, Interlock, alarms,
equipment checks, managing slips and trips. maint., inspection, training, procedures) and robust PSMS
What is PSM?
• A blend of engineering and management skills focused on
preventing catastrophic accidents and near misses,
particularly structural collapse, explosions, fires and toxic gas
releases associated with loss of containment of energy or
dangerous substances such as chemicals and petroleum
products
CCPS/AIChemE
What is PSM?
• A management system that is focused on prevention ,
mitigation , response and restoration from catastrophic
releases of chemicals or energy from a facility
RBPS
• The application of management principles and systems to
the identification, understanding and control of process
hazards to prevent process safety incidents
What is PSM?
• Managing the integrity of hazardous operating systems

and processes by applying good design principles,
engineering, and operating and maintenance practices
What is PSM?
• The proactive and systematic identification,
evaluation, and mitigation or prevention of
chemical releases that could occur as a result of
failures in process, procedures, or equipment.
• PSM applies to most industrial processes

containing 10,000 pounds (4535.9 kg) of
hazardous material
2/18/2021 6
MAWP
Major accident hazard (MAH)
• An “uncontrolled occurrence” in the operation of a site which can lead to

severe or catastrophic consequences to people, assets, environment and/or
reputation
• There will generally be a high potential for escalation
The definition of major accident specifically excludes “occupational accidents”,

which could also have severe or catastrophic consequences
Why developing a PSMS?
Moral reasons
– Avoidance of incidents and disasters.!
Legal/compliance reasons
– legal requirement. !!
– corporate requirement (company standards).
Financial reasons. !!!
– Avoids losses associated with disasters.
Pillar 1: Commit To Process safety
E1 Process Safety Culture .
E2 Compliance With standards.
E3 Process Safety Competency.
E4 Workforce Involvement.
E5 Stakeholder outreach.
WHAT IS PROCESS SAFETY CULTURE
The group values and behaviors that determine the

manner in which process safety is managed
"How we do things,"
"How we behave when no one is watching."
Process Safety Culture
• Many incidents are due to inadequate leadership and poor

organizational structure while we still focus on physical
controls, engineering solutions and design improvements
If you do not believe the messenger,

you will not believe the message
Ways To Understand organization’s
process safety culture
 Analyzing employee safety attitude and management leadership
and commitment.
 Making random observations of work practices and attention to
safety.
 Analyzing audit results, which can reveal the degree of the care in
conduct of process safety activities.
 Analyzing incident root cause trends to identify systemic issues.
indications of a weak process safety
culture.
"It's not my job,“
"I only do what I'm told to do,"
"We'll take shortcuts if necessary to get the job done," or
"This process safety stuff is costing too much money"

Weak Culture Sound Culture
Assigns little value to process Integrates safe operations into the
safety. organization's core values.
Assign minimal resources to focus on potential failures and controls
controlling residual risk. provide resources proportional to the
Overlooks the weak signals of perceived risk.
safety problems. learning from past experience to prevent
accepts poor performance. future problems.
Relies on management to identify continuously improve performance.
hazards and controls. Employees are involved in identifying
hazards without management involvement.
What Went Wrong??
• Failure of an “O-ring” seal in

the fuel rocket led to flames
cut into main liquid fuel tank
Root Causes
• O-rings failed
• Technical failure
• O-Ring Erosions Previous warnings 1985
• Untested conditions (Low Temperatures)
• Pressure to launch
• Miscommunication
Known Potential Problems
• Very low ambient temperatures recognized as concern by Tiokol Co.
– O-ring performance at this temperature not understood
• NASA officials pressured Tiokol Co. to withdraw its concerns (take off
Engineering hat and wear management hat)
• Upper officials at NASA were unaware of these discussions and
ignorantly approved launch
Lessons Learned
• Communication is key
• Only operate in tested conditions
• Safety over schedule
What Is Standards ?
Should provide access to applicable standards, codes and regulations

that affect process safety management system element.
What Is Standards ?
• Standard is a set of technical definitions and guidelines

• or a “how-to” instructions for designers and manufacturers.
• Standard serves as a common language for defining quality
and establishing safety criteria for the product.
• E.g. ASTM, API, ISO
Why standard required?
• Standard Built confidence about product quality , cost

of production will reduce as you can produce in bulk for
global markets.
What is the Code?
• A CODE is a standard adopted by governmental bodies and

become legally enforceable, or when it has been
incorporated into a business contract.
• ASME Codes are legally enforceable in many US states.
Whereas, in the other part of the world they are not legally
enforceable but such countries have their own similar codes.
What is the Code?
• requirements will only be mandatory

if The Code is adopted as law by a
regulatory body
• Otherwise, Code will serve as
generally accepted guidelines for
design, fabrication, construction, and
installation,
• e,.g. ASME Boiler and Pressure Vessel
Code, BS, DIN etc.
Why Code required?
• Code Provides a set of rules that

specify the minimum acceptable
level of safety & Quality for
manufactured, fabricated, or
constructed goods.
• Codes also refer out to standards or
specifications for the specific details
on additional requirements that are
not specified in the Code
What is a Specification?
• Specifications provide specific/additional requirements for

the materials, components or services that are beyond the
code or standard requirements generated by private
companies
• For Example, if you want A106 Gr B pipe with Maximum
carbon of 0.23% against standard requirements of 0.3% Max,
you have to specify your requirement in your specification or
Purchase Order.
Why Specification required?
• allow purchaser to include special

requirements as per design and service
condition
• Must meet requirements
– Examples- Product specification, Shell
DEP & EIL Specification
Difference Between Code, Standard, and
Specification in Piping.
COMPLIANCE WITH STANDARDS
Is the standard mandatory or not?

What is the difference between code & standard?
Best practice  standard (API, ASME, ANSI, NFPA)  law (eg. OSHA PSM)
conformance to standards helps a company to:

 Operate and maintain a safe facility
 Minimize legal liability.
 Conform with insurance company
COMPLIANCE WITH STANDARDS
Code: accepted rules that tell you what you need to do

Standards provide the “how to” executing codes
Specifications: outline the requirements of a specific company or product.
Regulations: which can incorporate codes and standards, are mandated by a
government body and required, by law, to be complied with.
Trained vs Competent
• Trained
- Have received instruction or drill
• Competent:
- Qualified and Having adequate ability to Perform

activities right and safely with minimal supervision
to a recognised standards and procedures.
Competency is a combination of knowledge, skills
(practical and thinking) and experience .
The role of competence in safe working
Training in how to do the job safely

‒ standard operating procedures (tank dipping);
‒ non-standard operating procedures (isolation,
shut-down, MOC);
‒ Emergency procedures (first aid).
The role of competence in safe working
Benefits of Competency
‒ Understand the job so work safely.
‒ Train to standards.
‒ Right first time.
‒ Career development
‒ Make better decisions during abnormal situation.
‒ New workers understand faster
‒ fewer mistakes and higher productivity.
Process Safety Competency management
Training matrix / framework :

Process Safety Competency Framework
Assess Process
Safety Competency Build emergency
Establish policy
as an ongoing management skills
process
Determine
minimum Process Maintain and Gain ownership and
Safety Competency develop skills commitment
standards
Continually
Recruit workers Analyse skill gaps
development
E2 Compliance With Standards.
E5 Stakeholder Outreach.
Workforce Involvement
− What is ‘consulting’ and ‘informing’?

− How do you consult with workers?
Key term
Consultation
The two-way exchange of

information between employer
and worker.
Benefits and limitations of consulting
Limitations Benefits
• Workers feeling valued  co-operative
 adhered to procedures
• Not all matters can be consulted
on. • Improves relationships.
• Takes time. • Demonstrates commitment to PSM
• Poor consultation is worse than • Gains co-operation from workers.
no consultation!
• Use workers’ practical knowledge
about workplace hazards & risks.
• Improves safety culture
When consultation is needed
 Introducing changes that affect HSE (new
plant/processes/work methods)
 Implementing new technology.!
 Appointing safety advisers (ERP).
 Development of training plans.
 Reviewing HSE performance.
 Learning lessons from incidents.
 discuss new ideas, hazards & controls
Types of consultation
Field Safety Departmental Safety circles
committees meetings Informal group of
Formal group of Formal HSE workers with rep.
Workers and discussions allow issuing safety
management workers to voice problems, actions
representatives. concerns. then escalated
Discussion Email and web

groups forums
Volunteers Helps engagement.
interested in a any
topic.
Activity
− Why is the committee is ineffective?

− What would you change?
Why include workers?
‒ Better understanding  better solutions.
‒ Less resistance. !
Engagement should be audited by:

‒ No. of schedule meetings against
the plan.
‒ No. of attendance
‒ The rate of completion of arising
actions
E2 Compliance With Standards.
E5 Stakeholder Outreach.
Who is the Stakeholder ?
people and organizations who may affect, be affected by, or perceive
themselves to be affected by, the decision or activity
STAKEHOLDERS EXAMPLES
• Project managers, representing the business and shareholders
• Local authority regulators. Environmental protection officers. The NGOs
for public participation processes
• Design engineers of relevant disciplines. Frequently, these will be process
engineers, control and instrumentation specialists, electrical engineers
• Process and environmental safety officers. Fire prevention officers
• Commissioning engineers, Production managers
• Union or staff representatives. Safety officers
• Design contractors and equipment suppliers
• Risk insurance companies.
What should the company do towards Stakeholder ?
• Engaging them in process safety discussions,

• Provide them with accurate process safety information about the
company and facility’s products, processes, plans, hazards, and risks.
information to Stakeholder !
During normal operations

• Potential incidents.
• Possible alarms.
• Action to be taken.
During an incident
• Information on the event.
• May be assisted by authorities.
UNDERSTAND HAZARDS AND RISK
The FOUNDATION of a RBPS.

An organization can use this information to
allocate resources effectively.
Pillar 2: UNDERSTAND HAZARD AND RISK
License To Operate
E6 Process Knowledge Management.
E7 Hazard Identification & Risk Analysis.

Licence to operate
• operators Supply a ‘safety case’ to regulators to run process :

− MAH identified.
− Control measures.
− Risks controlled to ALARP.
Major accident prevention policy (MAPP)
UK regulation 2015 (COMAH): high hazard

installations operator to produce a (MAPP)
Contains:
• Identification of MAH;
• Control measures;
• ERP (on and off site);
• Monitoring process;
• Auditing process;
• Roles and responsibilities.
HSE case general structure and content for
EGPC
1- Facility description
2- Leadership and commitment
3- HSE MS
4- Hazard identification and risk assessment
5- Emergency response plan
6- Hazardous substance and chemical management

7- Incident investigation
License To Operate

Process Knowledge Management
(process safety information)
PSM information is necessary for learning and safe operation

and maintenance of process plant and should be:
• Documented (paper or electronic format),
• reliable;
• current; and
• easily available. !
Internal Sources of process
safety information
• safety data sheets (SDS); • process control systems;

• process & equipment design basis; • relief system design;
• engineering drawings and • fire detection and protection
calculations plans.
• standards operating procedures • Written technical documents
(SOPs) with safe limits ; and specs
• inspection, audit and investigation • specs for design, fabrication,
reports; and installation
• maintenance records; • operation and maintenance
manuals
External Sources of process
safety information
Information to the organisation:

• UK (HSE);
• US (OSHA);
• Trade associations/professional bodies eg (UK-IChemE), AIChE.
• (BS);
• European standards;
• (ILO);
process safety information contains
A. Process Chemical Hazards.
B. Process Technology.
C. Process Equipment.
2/18/2021 61
A- Process Chemical Hazards
Information Shall Consist of at least the following:
• Toxicity information
• Permissible Exposure Limits (PEL)
• Physical Data
• Reactivity Data
• Corrosivity Data, and

• Thermal and chemical stability data, and hazardous effects of
inadvertent mixing of different materials.
Safety Data Sheets

https://www.osha.gov/Publications/OSHA3514.html
2/18/2021 62
B- Process Technology.
• A block flow diagram or simplified process flow diagram,

• Process chemistry,
• Maximum intended inventory,
• Safe upper and lower limits for such items as temperatures,
pressures, flows or compositions, and
• An evaluation of the consequences of deviations, including
those affecting the safety and health of employees.
2/18/2021 63
C- Process Equipment
• Materials of construction,
• Piping and Instrument diagrams (P&IDs),
• Hazardous Area Classification
• Relief system design and design basis,
• Ventilation system design,
• Design codes and standards employed,
• Material and energy balances for processes
• Safety systems (e.g., interlocks, detection, or
suppression systems)
2/18/2021 64
License To Operate

Hazard Vs Risk
What is “hazard” and “risk”?
How do we determine the level of risk?

Key terms
Hazard
Something has the potential or

the possibility to cause harm.
Risk
The combination of the likelihood

of a harm to occur, and the
severity of that harm.
Or the probability of hazard to
cause harm
H&S
Economic
Social Impact
Key terms
Process hazard
analysis (PHA)
A systematic analysis of the
hazards (and their potential
causes and consequences)
relevant to a particular process.
This may use one or more
specific techniques such as
HAZOP, What-if or FMEA.
Why use of risk assessment?
PHA is the Core of the PSM.
• Identifies hazards
• Evaluates risks by considering the likelihood and severity of

harm occurring.
• Identifies Risk controls, which reduce the risk to an

organization’s acceptable level or risk tolerance.
General risk assessments
Five steps
Basic risk assessment process

follows the HSE’s :
for less complex operations
No risk estimation considered

Risk considered for people only
Adapted from INDG163: Five

steps to risk assessment
Advanced risk assessments
Adapted from: Offshore Information Sheet 3/2006

- Guidance on Risk Assessment for Offshore
Installations
PHA Methods
Qualitative (Q)
– Determined as low,
medium or high.
Semi-Quantitative (SQ)
proportionality
– Determined within
ranges.
Quantitative (QRA)
– Fully calculated based
on data (objective).
PHA tools or techniques
Qualitative Quantitative (FERA)
• HAZID * Flare radiation and vent dispersion analysis
• HAZOP * FTA (SIL Verification)
• what-if/checklist * ETA (probability analysis)
• checklist analysis * Modelling (consequence analysis)
• what-if analysis
• FMEA
Semi-Quantitative
# FMECA
# LOPA (SIL assessment)
Technique Selection
complexity regulation age of the

process
Hazards/ Affected
previous
potential people
incident
risk level
Qualitative Semi-Quantitative Quantitative
For less complex and low risk For less complex installation For complex and high risk
installation with clear and smaller workforces installation (offshore, refinery) ,
standards and benchmarks for regulatory requirement (safety
design and risk reduction case), design (ISD, layout,
fire/blast wall), SIL verification
straightforward, requires less requires more detailed data for
data, easily lead mng. to take modeling
action
Experience/ judgment based accepted based numerical Full quantification using known
estimation of frequency and values where frequency and data, equations PFD to get
severity (words or numerical) severity are quantified realistic/meaningful numerical
with no quantitative meaning , within ranges. estimation
eg. Low, medium, high
If not adequate use SQ. If not adequate use QRA. it is more objective than Q
e.g. HAZOP e.g. Adding SIS interlock to e.g. to establish probability of
avoid H-C carry over to flare failure of safety critical
elements
PHA timing
change is easy
change is
difficult
HAZARD & RISK
• Hazard may be serious but the risk from it may be small.

Eg. In UK, 1 in 60 million person/year has been killed by
transport of flammable chemical
RISK MATRIX
• Should use owner’s matrix even it is wrong
• Matrix 5*5 (most common)
• if risk assessment is to be done during the study, the team needs an agreed
approach covering:
1. whether all problems will be assessed (time-consuming) or only the high-
severity ones.
2. how it will be done (Some companies choose to assess the risk at three
stages: Unmitigated; After safeguards; After actions).
3. when it will be done.
RISK RANKING MATRIX
Frequency of severity
occurrence
(1) catastrophic (2) critical (3) marginal (4) negligible
(A) frequent 1A 2A 3A 4A
(B) probable 1B 2B 3B 4B
(C) occasional 1C 2C 3C 4C
(D) remote 1D 2D 3D 4D
(E) Improbable 1E 2E 3E 4E
Risk categories: high serious medium low

Notes:
• Recommendation required for high and serious risk levels
• Recommendation at team discretion for medium and low risk levels
RISK ASSESSMENT MATRIX
2/18/2021 82
RISK ASSESSMENT MATRIX
2/18/2021 83
EXAMPLE
Threat Example Barrier Example Top Event Example Barrier Example Consequence Example
 Over pressure  Design standard  Loss of containment  F&G detection  Explosion
 Construction standard  Alarm  Death
 hydrotest  Blowdown
 layout  Active protection
 Pressure alarm  Passive protection
 Pressure shutdown  EER
 SRV
 Maintenance
 inspection
fire from ice
Valero McKee refinery- Texas 2007
• Occurred after water leaked through a
valve, froze, and cracked an out-of-service
section of piping, causing a release of high-
pressure liquid propane
• Seriously burned three people, shut down
a major oil refinery for two months, and
contributed to gasoline shortages hundreds
of miles away in Denver
• Incident could have had worse impact of
chlorine release if LPG spheres would have
been damaged
Exercise/Bowtie analysis
• Watch video clip
• Build a bowtie diagram, by identifying the threats,
consequences and barriers
ALARP
(as low as is reasonably practicable)
• Cannot reduce all risk to zero.

• Introduce controls to reduce risk to lowest level achievable
without incurring disproportionate costs:
‒ some flexibility in how to achieve;
‒ balance risk vs cost/time/effort.
• O&G Guidance and best practice provides information on
what is considered ALARP.
Intolerable
Unacceptable
Disproportionality Factor Tolerable
ALARP
Broadly
acceptable
individual risks
Maintenance worker = 2 x 10-5 / year

(1 fatality in 50,000 years)
Well intervention = 6.1 x 10-5 / year

(1 fatality in 16,393 years)
The overall potential loss of life = 1.17 x 10-2 / year

( 1 fatality in 85 years of operation)
Exercise/Cost – Benefit Analysis
Which one Is reasonable?

• To spend $1m to prevent 5 staff suffering bruised knees
• To spend $1m to prevent a major explosion capable of killing
150 people
What-if analysis (Hazard realisation)
• Assessor uses unstructured questions to identify the true

potential of the incident.
e.g. Hazard realisation: Loss of containment;
Hazard: flammable liquid
Potential event (consequences) :

fire/explosion/damage/injury/fatality
What-If with MOC
• Used to examining the impacts of proposed changes in
(MOC)
• If so, the Adequacy of existing safeguards is Weighed against

the Probability & Severity of the scenario to determine
whether Modifications should be Recommended or ????
What-If Example
What-if? A major hydrocarbon release from piping of gas compressor is ignited

and exploded in a canteen during the main mealtime
Consequences: 34 workers are lost, compressor destroyed
Causes?
• No PM or planned Inspection
• No detection or warning of HC release
• No water from deluge system (system under maint.)
• No fire-fighting equipment
• Long release duration Recommendations
• No EER
• No trained response team
• Poor response by personnel
• Lack of management decisions
• FMEA
Semi-Quantitative
# FMECA
Checklist
• using a list of prepared questions about the Design &
Operation of the facility.
• Questions should be Updated Regularly and are usually

answered:
“ Yes” or “No”.
• Used to Identify common hazards Through Compliance with
established Practices & Standards.
NOT helpful in identifying new hazards.
Checklist Questions
 Is process equipment properly supported?
 Are the procedures complete?
 Is it possible to distinguish between different alarms?
 Is pressure relief provided?
 Is the vessel free from external corrosion?
 Are sources of ignition controlled?
 Is lube oil provided?
 Is alignment completed?
What-If/Checklist
Brainstorming of What-If & Structured features of Checklist.
Structured Brainstorming
• FMEA
Semi-Quantitative
# FMECA
HAZID
• Multidisciplinary team approach.
• Brainstorming process structured by keywords
• By walkthrough or table desk using software.
• Identifies process and non-process hazards
(manual handling, transport)
• Feed the risk assessment process.
• Top-down study (consequence driven)
HAZID
• Done at conceptual study feasibility for a new project
• Has standard guidewords
• Not focus on process
• It is risk assessment without P&ID
• Need layout, PFD, process simulation, technical report about wells, reservoir,
fluids.
• Focus on transportation, plane, ship traffic , backfire, earthquake, flooding,
lightning, heavy rain, soil problem, fishing people closed to platform, high
way (flare) , pipe corrosion allowance in crowded area.
THE REQUIRED INFORMATION
• PLOT PLAN
• Basis of design: P, T, Q, composition (wax, asphaltine, sand)
• Process description: flow direction
• Operating philosophy: how to operate
• Isolation philosophy: DBB, spec blind, single
• Maintenance philosophy: how to isolate, vent, drain .
• Sparing philosophy:
• Control philosophy: by SIS, HIPPS, SRV
• Emergency shut down and blowdown philosophy :
HAZID
Some HAZID actions
• Confirm checking the percentage of LEL% before attempting to start the
flare after blow off
• Consider installing thermos-couple to detect flare pilot blow off.
• Consider install gas detection system
• Provide inspection plan for all equipment
• Confirm that electrical equipment are EX type in skimmers area
• Consider installing standard road crossings for underground piping
• Consider installing Cathodic Protection for storage tanks
• Consider installing drainage network
• fix evaporation pond lining problem
Some HAZID actions
• Provide hazardous area classification map
• Survey earthing cables inside the facility
• Remove unused cables and repair damaged cable trays
• install a flame arrestor on the open vents on storage tanks
• Review changing top loading to skimmers to available nozzle.
• Expedite asbestos removal by specialist company
• Identify required emergency lighting
• Install automatic F.F system for tanks
• Install the required walkways
HAZOP ASSUMPTIONS
1. The design is final so the HAZOP is not a design review, but it will review
design elements
2. That most problems are missed due to the complex nature of the system,
rather than the lack of knowledge of the design team.
3. Problem can only arise when there is a deviation from the expected
norm.
HAZOP IS ASSURANCE
• I need to assure that the engineering company made the

design as per code, standard and company requirement.
Not using the HAZOP to till me how to make the
engineering.
HAZOP STUDY
It is a structured qualitative analysis technique of a Design elements &
Operation of a system (either planned, existing, modifications and
procedures such as commissioning, decommissioning, emergency
operations, and incident investigation) with a Multidisciplinary Team
(brainstorming) to Identify Potential process hazards and operating
problems.
using a set of guidewords , parameters , deviations (no flow, high
pressure, or reverse reaction) to discover what deviations from the
intention of the design can occur and what their causes and
consequences may be.
HAZOP OBJECTIVES
• For identifying causes and the consequences of perceived maloperation of

equipment and associated operator interfaces .
• Check the safety of a design
• Check the maintainability and operability of a design
• Decide whether and where to build
• Develop a list of questions to ask a supplier
• Check operating & safety procedures
• Improve the safety of an existing facility
• Used to ensure maximum compliance with regulations.
HAZOP TEAM
Team Size
• A HAZOP team usually consists of 5 – 8
plus a facilitator and scribe.
2/18/2021
113
Core Members
• Independent HAZOP Chairman / Leader / Facilitator
• HAZOP Secretary / Scribe / recorder
• Process Designer Engineer / Project Engineer / Project Manager - ensure that the
objectives of the project are recognized throughout the study. These may include
commercial as well as technical constraints on the plant;
• Independent Process Engineer - provide expertise on the process design and intended
operation of the plant.
• Operations and/or Maintenance Engineer- experience of operating issues on similar
equipment.
• Instrument (Control Systems) Engineer - has a far wider involvement in the plant design
and operation than the other 'specialist' engineers.
• Process Safety Engineer - For many studies the process safety engineer is included in
2/18/2021
the core team.
114
PART-TIME MEMBERS
• Vendor's Representatives
• Machinery Specialists
• Civil/Structural Engineers
• Specialist Engineers (piping, instrumentation, electrical,
corrosion, etc)
2/18/2021
11
SCRIBE
• Typing
• Scribe and leader could be one person (not recommended)
• preferable to be process eng.: As he get hard copy of P&ID, design intent description,
open soft copy (layout, P&ID)
• hear from leader only
• Issue the draft report to the leader
• Remind the leader if forgot any guide word in any node
• Take side notes if required
• Help in nodes determination
• Prepare software
• Prepare documents
• Prepare TOR
HAZOP SOFTWARE
• PHA-PRO: for HAZID, HAZOP, LOPA

• Open PHA
• ISO GRAPH HAZOP, FAULT TREE, SIL
• DNV use PHA WORKS
• ABS consulting use LEADER
LEADER
• For inhouse: at least from outside the department
• Not logic to be from the engineering company
• Expert in HAZOP technique
• Better to have technical experience
• Can manage the time: stop long debate, voting, make decision and put action
• Skilled and confident to lead and manage the team and the discussion:
• Aware of HSE and PSM, risk assessment
• instruct all participants that they must come to the HAZOP prepared
PROCESS SAFETY INFORMATION
• Piping and Instrument Diagrams (P&ID’s)
• Cause & Effect Diagrams MANDATORY
• detailed design (design intention)
• SDS
• Process Flow Diagrams (PFD)
• Plot layout
• Process description including all operating cases
• Safety philosophy OPTIONAL
• operating procedures
• the reports of earlier hazard studies
• 11 operating range (envelope)
intended
PHA Techniques
Hazard and operability study (HAZOP)
2/18/2021 120
HAZOP Guidewords (IEC 61882)
PARAMETER GUIDEWORD EXAMPLES OF POTENTIAL CAUSES
Flow No/Less Closed block valve, XXV or control valve fails closed, blocked filters, blocked outlets
from vessels, HP/LP interfaces, equipment failure (sparing), hydrate/wax blockages,
ice (low points and dead legs) diverted flow, turndown.
More Control valve fails open, blowby, HP/LP interfaces, added flow.
Reverse/ Misdirected Compressors or pumps stop, suction design pressure, HP/LP interfaces, low
upstream pressure, high downstream pressure.
Pressure High Fire, blocked in volume (piping/solar radiation, heaters/heating medium), high P
across XXV’s, high P across control valves.
Low Blowdown, low pressure trips (start-up overrides), de-pressuring/re-pressuring
before/after maintenance.
Temperature High Compressor discharge, blocked pump discharge, blocked in volume (piping/solar
radiation, heaters/heating medium), high flaring rates (including radiation effects),
steam.
Low High P across control valves, blowdown temperatures, low climatic
temperatures/freezing.
Level High Blocked liquid outlet (gas and liquid relief).
Low Low points, blocked bridles, draining.
121
HAZOP Guidewords (IEC 61882) - Continued
PARAMETER GUIDEWORD EXAMPLES OF POTENTIAL CAUSES
Composition Change Water, CO2, H2S, sand
Corrosion More Under insulation, low points, acid gases, water
Erosion More Flowlines, velocities, high P across control valves, sand
Deposition More Wax, hydrates, ice, scale, asphaltines.
Services Failure Air, hydraulics, electrical power, control valves, XXV’s, motors.
Start-up and Problems and High P across XXV’s, low temperatures across control valves, gas source availability,
Shutdown Requirements ESD, trips.
Maintenance and Problems and High operating pressures, double block and bleed valves, single block valves, leak
Inspection Requirements testing, de-pressuring, draining, purging, man-entry/spading, location of check valves,
location of purge points, re-pressuring.
Environmental Leaking valves, power consumption.
Other Any other issues or concerns.
122
HAZOP WORKSHOP
2/18/2021 123
SIL Selection and Verification Process
HAZOP
SIFs Identification
SIL Determination
SIFs Requirement Identification
SIL Verification
SIL Selection & Verification - Petrosafe Oct. 2018 - Eng.

124
Mohamed Mesbah
Key terms
Probability of failure Safety integrity
on demand (PFD) level (SIL)
This is the probability that a This is related to the concept of safety
component will fail to perform its integrity which is the average probability
safety function at the time it is of a SIS performing its function (under the
needed. stated conditions for a required period to
time). The SIL is then used to specify the
safety integrity requirements that the SIS
needs to have. There are four levels in the
SIL system, 1 being the lowest and 4 the
highest.
Failure rate
Safety Integrity Levels (SIL) for
Instrumentation
Increasing probability of failure to perform (its

safety functions) on demand (PFD)
SIL4 SIL3 SIL2 SIL1
SIL is an index of tolerability of failure to perform

SIL required depends on estimated risk reduction needed for
acceptability/tolerability
SIL4 has highest integrity (highest probability that will perform when
needed, e.g. where major accident potential)
Safety Integrity Levels (SIL)
• Four levels defined in IEC 61508 & IEC
61511
Safety Probability of Probability of Risk

Integrity Failure on Success on Reduction
Level (SIL) Demand (PFD) Demand Factor (RRF)
4 10-4 - 10-5 99.99 - 99.999% 10,000 - 100,000
3 10-3 - 10-4 99.9 - 99.99% 1,000 - 10,000
2 10-2 - 10-3 99 - 99.9% 100 - 1,000
1 10-1 - 10-2 90 - 99% 10 - 100
FTA
• Used to identify causes for an assumed failure (top event)
• Top down approach
Cause 1
Cause 2
Fault/Failure
Cause 3 or top event
Cause 4
Cause 5
FTA
• used to determine the probability of occurrence for an
undesirable event.
• Probability of occurrence values are Assigned to the Lowest

events in the tree in order to obtain the probability of
occurrence of the top event.
2/18/2021
130
FTA
Why FTA is Carried Out?
• Identify the cause of a failure.

• Monitor and control safety performance of a complex system.
• To identify the effects of human errors .
• Minimize and optimize resources.
2/18/2021
131
FTA
AND GATE
X X
FTA
OR GATE
+
Event Tree Analysis (ETA)
Can be fully quantified:
Useful for MAH assessment
• Top down approach, Start with the initiating or top event
(disaster).
• Draw a “tree”.
• For each mitigating control (component) draw potential success or
failure as a “branch”.
• Determine the probability of a “safe” outcome.
Used to evaluate the effectiveness of mitigation measures that will
operate after the event
ETA
Outcome1
Safe/danger
Outcome 2
Fault/Failure Outcome 3
or top event
Outcome 4
Outcome 5
Failure Mode Effect Analysis (FMEA)
• FMEA
Semi-Quantitative
# FMECA
FMEA vs FMECA
 A FMEA becomes a FMECA (Failure Modes and Effects and
Criticality Analysis) when a Criticality Ranking is included for
each failure mode and effect.
 A criticality ranking is the same as a risk ranking.
2/18/2021 138
What can FMECA be used for?
Is an Engineering analysis
• Thoroughly Analyzes product Designs or Manufacturing
processes.
• Early in the product development process.
• Finds and corrects weaknesses before the product gets into
the hands of the customer.
2/18/2021 139
FMEA
• For PHA purposes, usually it is conducted at the Equipment
level, e.g., valves, pumps, lines, etc.
• For RCM purposes, usually it is conducted at the equipment
Component level, e.g., motor, shaft, impeller, casing, seal,
bearings, etc. for a pump, ensuring product operation is safe
and reliable with good interfaces between adjacent
components.
2/18/2021 140
What can FMECA be used for?
• Assist in selecting design alternatives with high reliability and

high safety potential
• Develop early criteria for test planning for equipment
• Provide a basis for maintenance planning (pm)
• Provide a basis for quantitative reliability and availability
analyses (RCM).
• Analysis of Control Systems.
Failure Mode Effect Analysis (FMEA)
Requires a multidisciplinary team to identify:
• failure modes (ways it can fail);
• Effects/consequence;
• severity;
• cause;
• occurrence (how often)
• detection (what control in place to detect before failure happens -
the probability of failure without detection (its decrease is healthy)
• determine risk priority number (severity × occurrence × detection);
• actions to mitigate.
FMEA
• Failure Mode: The loss of function (e.g., open, closed, on, off,
leaks, etc.) of system components, Typically process
Equipment, are considered to Determine whether existing
safeguards are adequate.
• Failure Cause: cause the failure (design, installation, use,

corrosion, pressure, load, etc.)
• Safeguard: protection in the system that will reduce either the

likelihood or the consequence of a failure (mitigating action)
Function
Failure Mode
Failure Causes
Consider Safegaurds
FMEA
Effect
the consequence of the failure on the system or end user.
Example: if the car brakes failed to stop the car, potentially

resulting in accident.
2/18/2021 145
FMEA
Controls
“Controls” are the methods or actions currently planned, or are
already in place, to reduce or eliminate the risk associated with
each potential cause.
• Controls can be the methods to Prevent or Detect the cause
during product development, or actions to detect a problem
during service Before it becomes catastrophic.
2/18/2021 146
Detection rating
1 Detected by self test.
2 Easily detected by standards visual inspection or ATE.
3 Symptom can be detected. The technician would know exactly what the source of the
failure is.
4 Symptom can be detected at test bench. There are more than 2-4 possible candidates
for the technician to find out the sources of failure mode.
5 Symptom can be detected at test bench. There are more than 5-10 possible candidates
6 Symptom can be detected at test bench. There are more than 10 possible candidates
7 The symptom can be detected, and it required considerable engineering
knowledge/resource to determine the source / cause.
8 The symptom can be detected by the design control, but no way to determine the
source / cause of failure mode.
9 Very Remote. Very remote chance the Design Control will detect a potential
cause/mechanism and subsequent failure mode. Theoretically the defect can be
detected, but high chance would be ignored by the operators.
10 Absolute uncertainty. Design Control will not and /or cannot detect a potential
cause/mechanism and subsequent failure mode; or there is no Design Control.
FMECA/ pressure switch
FMECA/ Tank level switch high
High
level
Sensor
trips
inlet
feed
Hierarchy of Control Barriers
• According to sequence
• According to type or form
• According to 3 Ps
Mitigation
Active vs Passive
• Active is a device or system that changes from one state into
another in response to a change in process activity. For example,
a pressure relief device is an active IPL (Independent Protection
Layer).
• Passive can achieve its risk reducing function without the
requirement to take any action or change the state of the system.
For example, Tank Dikes (Berm Wall).
Hierarchy of Control Barriers According to
sequence
Loss
Swiss Cheese Model (barrier model, hazard realization)

Hierarchy of Control Barriers According to 3 Ps
Layers of protection
EER
F&G
LAYERS OF PROTECTION
The LOPA “Onion”
COMMUNITY EMERGENCY RESPONSE
• Independent Protection PLANT EMERGENCY RESPONSE
Layers (IPL) is like an

onion skin. MITIGATION
Mechanical , physical Systems
• Each layer is independent SRV, Fire and Gas Systems
Release physical protection(dike)
operation.
PREVENTION
• The failure of one layer Safety Critical Process Alarms
does not affect the next. Safety Instrumented Systems
Basic Process Control Systems

Non-safety Process alarms
Operator intervention
Process Design
• Cheaper, safer plants, or wealth and safety at work: (1984) IChemE
• Improving Chemical Engineering Practices: (1989)
• Critical Aspects of Safety and Loss Prevention (1990)
• Plant Design for Safety – a user-friendly approach (1991)
• Lessons from Disaster – How Organisations Have No Memory and
Accidents Recur (1993) IChemE
• Learning from Accidents (1994/2001)
• Dispelling Chemical Engineering Myths (1996)
• Process Plants – a handbook for inherently safer design (1998)
• What Went Wrong? Case Histories of Process Plant Disasters (1998)
• Still Going Wrong: Case Histories of Process Plant Disasters and How They Could Have Been
Avoided (2003)
• Hazop and Hazan 4th ed (1999)
• By Accident… a Life Preventing them in industry (2000)
• An Engineer's View of Human Error 3rd ed (2001) IChemE,
• What Went Wrong?: Case Histories of Process Plant Disasters and How They Could Have Been
Avoided 5th ed (2009) Butterworth-Heinemann/IChemE
• Trevor Kletz, Paul Chung, Eamon Broomfield and Chaim Shen-Orr (1995) Computer Control and
Human Error IChemE,
• Inherently Safer Design 2nd ed, 2010
Hierarchy of Risk Controls – Trevor Kletz
Inherent safety
Build safety in at design stage.
Elimination
Remove a hazard, minimise inventories.
Substitution
Lower hazard alternative.
Engineering controls
Segregation/spacing of process plant.
Administrative controls
Procedural/behavioural.
Could a better design have helped?
How could a
better design Would it be possible
have avoided to eliminate the
this disaster hazard altogether?
or reduce its
impact?
• Position risers inside jacket structure
• Location of boat landing on lee side of
platform
• Larger separation distance between platforms
• Consider subsea isolation valves to reduce
hydrocarbon inventory during release
• Relocation and fire proofing of risers to
prevent escalation
• Improved availability of evacuation means
Inherently safer design – what is it?
• The intent of inherently safer design is to eliminate a hazard
completely or reduce its magnitude significantly
• Thereby eliminating / reducing the need for safety systems
(‘engineered controls’) and procedures (‘administrative
controls’)
• This hazard elimination or reduction would be accomplished
by means that were inherent in the design and process and
thus permanent and inseparable from them
EMSMS
Paste not
powder
Stages of safety
Appraise Select Define Execute Operate
Effectiveness in Risk
Reduction
Inherent Safety
Engineered
Safety
Procedural
Safety
Research Phase Engineering Phase Operating Phase
Conception Approval Startup

~ 4 years 25+ years
Pillar 3: MANAGE RISK
E8 Operating procedures.
E9 Safe Work Practices.
E10 Asset Integrity & Reliability.
E11 Contractor Management.
E12 Training.
E13 Management Of Change.
E14 Operational Readiness.
E15 Conduct Of Operation
E16 Emergency Management.
Safe operating envelope (SOE)
• Procedures depends on SOE/limits
• Defines boundaries of a controlled reaction.
• The conditions which keep the process under
control.
• Deviate this ‘envelope’ is unsafe PRV vs PSV
• Typical parameters used to define boundary:
‒ pressure;
‒ temperature;
‒ flow rate.
SOE
Key terms
Safety
instrumentation
system (SIS)
The system for connections and
equipment that operates
automatically the process
controls, for example valves that
maintain the process in the SOE.
loss of the safety envelope can be detected
by:
• product out of specification;
• Product quantity;
• feedstock raw material consumption;
WHAT IS OPERATING PROCEDURES
It is a written instructions (stored electronically and paper)

that:
(1) List the task steps and
(2) How the steps are to be performed.
Purpose of standards operating procedures
(SOPs)
• Perform safe work and keep asset integrity (within the SOE) and how to
avoid or correct deviation.
• Inform operator about the process safety hazards (material), consequences.
• Describe the control system.
Produce safe not only produce

Types of Procedures
Operating procedures: activities involve producing a product.
SOP
Maintenance procedures: activities involve testing, inspecting,
calibrating, maintaining, or repairing equipment.
Safe work procedures: activities supplemented with permits to
fill the gap between the other two sets of procedures
Emergency procedures: EER
Types of SOPs
• Responding to alarms, tripping and emergencies.
• Normal operations (tank dipping, chemical handling);
• Responding to abnormal operations (feed fluctuation, valve failure, pump
failure)
• Filling/emptying/charging of vessels, pipelines and reactors.
• Plant and equipment maintenance (SRV calibration).
• Plant and equipment changes.
• Start-up/shut-down.
• special situations (temporary operation with a specific equipment item
out of service) !
Who is involved in developing SOPs?
• Design/engineering team.
• Operators.
• Maintenance team
• Contractors.
Reasons for involving operators in the
writing of SOPs
• It creates a sense of ownership.
• Involving operators increases acceptance and following of
procedures.
• To ensure the procedure matches what is done.
• It reduces the likelihood for errors occurring.
NB - Not every relevant operator will be able to participate in the
drafting as there is a limitation of the effectiveness of individual
Performance.
What should be included within SOPs?
• Purpose of the operation/process.
• Equipment/materials being used.
• Process steps – who, what, where, how, why.
• Hazards and risks:
- controls required and order in which applied.
• Use illustration (Pictures, photos, drawings, flowcharts, checklists).
• Authorisation of workers to undertake procedure.
• PPE requirements.
• spare parts.
Requirements for procedures to be
understood
• Revise the procedure until it’s clear and easily followed.
• Include operators to reduce the likelihood of error.
• Involve someone not familiar with the procedure to

demonstrate it can be followed.
• Explain ‘what’ ‘how’, ‘why’.

Ensuring SOPs remain current and accurate
• Review procedures and actual practice .

• Checking and monitoring of the SIS to ensure the process is
operating as intended.
• Review of procedures after any MOC.
Limitations of SOPs
• Time pressure.
• Workload.
• Staffing levels.
• Training.
• Supervision.
• Technical issues limit the SOP effectiveness. !
• Difficult to select the appropriate SOP from large
documents.
Consequences of deviating from SOPs
• No outcome.
• Major disaster.
ALARMS
Importance of responding to alarms
• Operators should be trained, confident to take the
required actions in the event of an alarm activating
• Should reduce unplanned downtime, increase levels of
process safety, improve operator effectiveness and
process performance
Alarms
• Assist the operator to identify abnormal, hazardous and
unsafe plant conditions.
• Operators must be able to identify, understand and respond
to alarms appropriately.
Alarms design should consider:

‒ Do they require an operator response?
‒ How are they presented to the operator? !
Three Mile Island Incident 1979
nuclear power plant-USA
• Mechanical and electrical failures followed by pilot operated valve stuck open.
• Poor design of operator interface, saturation of alarms confused operator for 2.5
hrs. to understand the problem.
• Showed > 100 alarms in the first few minutes of accident, no system to suppress
unimportant signals.
• Some key indicators were hard to be seen
• Meltdown of the nuclear reactor due to loss of coolant results in release of
radioactive gas to environment
• 2 million people were exposed to the gas, no deaths, injuries or adverse health
effects, $25 million was paid in insurance settlements to people who then
agreed not to discuss their injuries in ongoing litigation.
• Clean-up started in 1979 ended in 1993 costs $1 billion.
BP Texas city refinery 2005
• Tired and poorly trained operators
• Control room operator positions were downsized and workloads
were increased.
• 4 process safety coordinator positions for the ISOM and other
process units were not filled prior to the incident.
• Operator fatigue and lack of training and supervision causes the
unsafe start up.
• Alarms were either not recognized or prioritized below others;
eventually leading to the blow down drum filling, overflow causing
UCVE
E12 Training.
Key term
Permit-to-work
system
A formal, documented procedure that
forms part of a safe system of work. It is
commonly used for high-risk work and it
documents measures to reduce risks, such
as isolations. It is used to ensure that the
correct precautions are in place and that
all those who need to know about the
work are informed.
Purpose of PTW
• part of SSOW.
• Used in high-risk activities. !
• Communicates hazards and controls to user.
• Links to:
‒ risk assessment and task/JSA (used to identify hazards
and plan precautions);
‒ method statement (procedures).
Key features of a PTW
• Assesses and controls interfaces with adjacent plant and
workers (SIMOPS). !
• Usually contains:
‒ scope of work (job, equipment, location)
‒ duration of work (date and time the permit validity);
‒ identification of hazards (RA);
‒ isolations (LOTO);
‒ links to other permits;
‒ Controls (PPE), emergency controls and specific controls (gas test);
‒ permit acceptance and cancellations.
‒ clearance/return to service
Interfaces with adjacent plant/ SIMOPS
• Permit issuer must consider potential impact of work on

adjacent plant equipment.
• Can be achieved by issuing permits from a central issuing
authority or location.
Interfaces with contractors
• PTW protects contractors and workers.

• Contractors may need to take induction training.
• Permits should always be issued by the organisation not the
contractors.
Types of PTW
– isolation; !
– hot work; !!
– cold work; !!!
– Electrical (HV);
– confined space. !!!!
Circumstances when a PTW is NOT
required
• Routine activities do not fall under the permit types
(control tuning , topping up oil and water, inspection,
surveying, visitors, work in workshop)
Electronic PTW
Reducing the paperwork so it is fast .

Must be sure that a suitable system (protected electronic
signatures) is in place to:
• prevent unauthorised issue or acceptance;
• permits cannot be issued without a site visit.
 continue
Electronic PTW
• Systems in place to prevent permits already issued from being altered

without the alterations being communicated to all concerned;
• Copy to be display at the job site;
• Training to ensure that operators assess the specific job and do not rely
on ‘cutting and pasting’ from other permits;
• Back-up systems available in case of a software failure or power outage.
Importance of shift handover
Importance of safe shift handover
• Transfer of critical information ! to the incoming shift to avoid
destructive consequences (Piper Alpha).
Two-way communication and joint responsibility
• Joint responsibility of both outgoing and incoming shift leaders.
Competence
• Workers carrying out shift handovers must:
- have the right level of technical knowledge, expertise;
- be able to communicate effectively.
Shift handover requirements
Shift handover must be:
• given the highest priority;
• conducted face to face;
• using accurate verbal and written communication (handover log);
• based on information needs of incoming staff (eg. sprinkler system
was not working or critical spares shortage);
• given as much time as necessary.
Information shared at shift handover
• operational status;
• emergency situations or incidents;
• Safety issues (safety system not operating/bypassed);
• maintenance activities underway/planned;
• PTW details, especially those still open;
• operational issues for the incoming shift (eg production
plans);
• planned receipt of hazardous material;
• any drills or exercises planned;
• physical demonstration of plant state (Piper alpha)
E12 Training.
Key terms
Asset Asset integrity
An item of equipment or an area The ability of an asset to operate

of production plant as intended effectively and
efficiently over its entire life span
without harming people or
environment.
Integrity @ Design stage
• Consideration of standards
Example: Availability & reliability?
‒ ISO standards;
‒ welding standards; eg. Pressure equipment
‒ pressure ratings.
Integrity @ Design stage
Asset Isolations, maintainability and ease of inspection should
be included at the design stage
Double block and bleed DBB:
the process of isolating a chemical or process line by

closing and locking or tagging two inline valves and
opening a drain/vent line between them.
This ensures that any leaks are to a safe location and not
the open end of the line where work is carried out.
Consequences of failing to manage the
integrity of assets
• Damaged, wearing or defective
equipment can fail and cause leaks.
• Equipment failure and impact plant
safety and productivity.
• Safety systems may fail to operate.
• Breakdown maintenance is expensive
and less effective than preventative
maintenance.
Key term
ATEX
Approved equipment for use in an explosive
atmosphere (vapor or dust).
ATEX
ATMOSPHERE EXPLOSION
hazard location Suitable equipment
(area classification)
Selection of equipment for the operating
environment
should Consider :
• flammable atmospheres (vapour or dust)  ATEX .
• wet conditions;
• harsh environments (eg salty atmospheres); Indoor &
• corrosive chemicals. outdoor
Asset integrity through the lifecycle
Phases
1. Design
4. Operations
Safety and integrity.!
Operate within design intent;
2. Procurement, installation and maintenance and inspection.!!!!
testing 5. Modifications
Build completed correctly, FAT. !! Planned and assessed first.!!!!!
3. Commissioning 6. Decommissioning
standards checked and signed off, Safe removal from operations.!!!!!!
SAT.!!!
Maintenance documentation
• Maintenance records retention.

• Some are legally required, eg the
records of pressure systems.
• Can be paper or electronic, must be
traceable.
Risk-based maintenance and inspection
strategies
Three types
• Breakdown maintenance  reactive
• Condition monitoring.!
• Planned preventive maintenance  proactive
MUST retain records for all!

Key term
Safety-critical element (SCE)
“systems or equipment (including computer programmes)

whose function is to prevent, or limit the effect of MAH or
whose failure could cause a MAH.”
Source: The Offshore Installations (Safety Case) Regulations 2005

Exercise/ SCE
Reasons for performance standards
for safety critical elements
• To ensure the safety of an asset.
• To ensure that SCE will perform according to the design.
• Each SCE is assessed (inspection/testing) and

interdependencies/interactions examined.
Continue
Reasons for performance standards
• Managing the hazard through

the plant life cycle.
• Provide assurance that critical

risk control systems (SCE) will
remain function for their
intended purpose.
The FARSI model for defining performance
standards
Performance
standards (PS) FARSI
A model for
an agreed standards against performance
which actual performance is standards,
measured. Various models are
stand for
used for setting performance
standards eg, ‘FARSI’ model.
SCE Functionality
• what task is suppose to do – to what
standards – how performance can be
measured
• eg fire fighting system functionality: the
required water flow rate to extinguish
flammable events through cooling and
smothering fires.
SCE Availability
• The time the SCE is available to perform
under the expected conditions
• eg. fire fighting system is available as long

as H-C exists.
SCE Reliability
• How likely is it to operate (or fail to operate) on demand
• Often expressed by PFD or MTBF values.
• Active systems (pump, switch, valve, controls, etc) can be assigned
target values, eg no more than 1% downtime (PFD) (99%
Reliability).
• Reliability is not used for passive protection or structure
• SIL value used to specify safety integrity needs for SISs.
• eg. fire fighting system to respond on demand.

SCE Survivability
• Operate under specified conditions (emergency; fire or bad weather)
till being controlled without degradation the total safety of installation.
Eg.
 fire fighting system Survive Until flammable events have been

extinguished.
 Ballast wall to survive explosion,
 Offshore installation to survive severe weather conditions
 Fire resistant cable for fire alarm and control system shall survive fire
for designed time .
SCE Interdependencies
• Do other systems require to be functional for SCE to operate?
Eg. If the fire fighting pump availability need to be 100%, so in case of
power off, a generator should be considered and in case of the pump
maintenance, a back-up pump should be considered
 Fire/smoke detection system have a dependency on ‘emergency
power’.
 ESD system has a dependency on power.
E12 Training.
Scale of contractor use within the process
industries
A ‘contractor’ is an individual or organisation paid to deliver a
service without being directly employed as .
• additional manpower and labour;
• specialist skills, eg designers, welders, diving, catering etc.
Give examples of contractors in your workplace.

Contractor selection
• Experience & References from previous clients.
• trained in specific safety requirements (offshore);
• His health and safety policy;
• quality of their risk assessments;
• suitability of method statements; !
• accident history, including near-miss reporting;  Continued

Contractor selection
• Enforcement history and prosecutions;
• Health and safety performance monitoring (KPI);
• Qualifications of all workers (certificates);
• Membership of a professional body or trade association;
• Selection and management of subcontractors;
• Insurance cover;
• Communications with clients;
Periodic review of contractor safety
performance
‒ meetings  performance and accidents. !
‒ Work site inspections  compliance with
documentation (RA), standards including housekeeping
Contractor Induction !
Client to advise contractors on site-specific hazards and
procedures, at the tender stage and at site including:
• sign in/out procedures; • PPE requirements;

• emergency procedures; !! • PTW requirements;
• accident reporting • specific site hazards; !!!!
procedures;
• near miss and hazard
• site rules; !!! reporting.
Contractor supervision
Ownership of contractor activities:
• Include contractors in risk assessments, TBT and SSOW
• Clearly identified person
responsible for approval and
day-to-day contractor management.
• Contractors should know who their
client contact is.
Auditing contractor performance
• Before work starts:
‒ initial assessment of paperwork (method statement).
• During the work:

‒ monitoring working practices.
• After completion:
‒ review performance, including accident history.
Handover plant, equipment and building
from contractor to client
• Information handed over includes:
‒ as-built drawings.
‒ operation and maintenance manuals;
‒ layout plans, including location of services;
‒ design specifications;
Siting of contractor accommodation
Siting of contractor accommodation
Process operators should evaluate all newly sited structures
under MOC and include in the PHA.
Temporary accommodation
should be based on exclusion
zones for areas where explosions
are possible.
All occupied trailers should be
located outside of vulnerable
areas.
E12 Training & Performance Assurance.
Training & Performance Assurance
• Each employee involved in operation must be trained in
process and operating procedures.
• Training on safety and health hazards of the process,
emergency operations including shutdown, and safe
work practices that apply to the employee's job tasks.
2/18/2021 236
Refresher Training
• Refresher training shall be provided at least every three
years, and more often if necessary, to each employee
involved in operating a process to assure that the
employee understands and adheres to the current
operating procedures of the process.
• Training Documentation
2/18/2021 237
PERFORMANCE ASSURANCE
ongoing process to assure that workers demonstrate that

they have understood the training and can apply it in
practical situations.
identify where additional training is required.

MOC statistics
• Poor Change Control is the major cause in over 20% of major process
incidents, and a contributing cause to many more
• Catastrophic MOC incidents:
– 1974 Flixborough (Nypro): 28 deaths
– 1984 Bhopal India (Union Carbide): +22000 deaths
– 1989 Pasadena Texas (Phillips Petroleum): 23 deaths and 132 injuries
– 1990 Cincinnati Ohio (BASF): 2 deaths
– 2000 Mina Ahmadi Refinery (KNPC): 5 deaths
– 2005 Texas City Refinery (BP): 15 fatalities (all contractors) and
170 injuries
Management Of Change !
Management of change (MOC)
a management control approach to make sure that proposed changes are
properly addressed and authorised to avoid a large potential consequences .
• Formally documented process.
• Authorisation workflow before implementation (eg. removal of

a safety critical device through a senior manager).
• Ensures relevant safety (and process) considerations have been

made by hazard and risk analysis.
The MOC process
Produce document detailing changes
Carry out risk assessment
Get authorisation for changes
Document changes in MOC file
Consult and inform those affected

MOC
These written procedures must ensure that the following
considerations are addressed prior to any change:
• The technical basis for the proposed change,
(Flixborough Disaster)
• Impact of the change on employee safety and health,
• Modifications to operating procedures,
• Necessary time period for the change, and
• Authorization requirements for the proposed change.
2/18/2021 243
Temporary Changes
 Limited
 Not intended to be permanent
 Consider time limit
 Include operational test
Emergency Change
 Change that MUST be completed before

approvals because of immediate
danger to life, property,
environment, reputation
Exclude:
Changes that do not introduce hazards
• Instrument loop tuning

• Like for like replacements (replacement in kind)
– including personnel changes with the
same competence level
• Well established documented, & understood
activities
– allowable adjustment for normal operations
Technical Authority
• Responsible to confirm
– Basis for change (standards, codes)
– Hazards are controlled to ALARP
– Safeguards & design input
– Scope of training for affected personnel
focuses on ensuring the safe start-up of processes. This element
addresses startups from all types of shut down conditions and
considers the shut down duration.
It is also considers the type of work that may have been

conducted on the process (e.g., possibly involving line-breaking)
during the shutdown period to help focus the readiness review
prior to startup.
OPERATIONAL READINESS (PSSR)
It is intended to supply a final review of a change to ensure

process safety activities have been completed prior to adding
any hazardous chemicals to new or modified equipment prior to
startup.
PSSR is required for
 new plant, facility or equipment.
 change has been made to an existing facility or process that impacts
process safety information, (this could include a change to the
chemistry or the equipment).
 Existing processes that have been administratively shut down for other
reasons, ranging from minor, short-term shutdowns for maintenance,
to extended shutdowns for turnarounds or due to lack of demand for
the product or availability of raw materials.
Maintenance here means any work that requires equipment isolating

or blinding or dismantling or removing, or entering for any reason
2/18/2021 252
PSSR Considerations
• Any modification to meet MOC.
• Construction of new facilities as per design.
• PHA has been performed for new facilities and
recommendations have been resolved.
• Mechanical preparation (flange mng.).
• Pressure testing and gauge control setting.
• Tightness testing. !
• Chemical & Physical cleaning instructions.
 continue
• Mechanical restoration (close drain, test, sampling points and
remove blinds).
• Machinery run-in.
• Electrical testing/functional tests/energising.!!
• Instruments calibration and functional test.
• Testing of blow down, ESD,PRV, trips and alarms
• Safety systems all operational.
• Loading of chemicals and catalyst.
 continue
• Heaters drying.
• Verification of mechanical completion (Vessel internals)
• Communications
• Required training
• Safety, operating, maintenance, and emergency procedures
are in place and are adequate;
2/18/2021 255
Pre-Start Up Safety Review (PSSR)
XXXXX package 2??-X-???? for the XXXXXX

Start-Up:- Introduction of Process Gas. Or something else
Scope:- This review applies specifically to the pipework and equipment /

systems required to allow the introduction of XXXXXX process gas into the
XXXX Package as defined for the purpose of commissioning and start-up. The
review also includes processes and procedures necessary to support safe
introduction process gas to support the safe operation for this specific Plant
and equipment.
Checklist
CONDUCT OF OERATIONS
Execution of operational and management tasks in a

structured manner
It is looking for excellence in the performance of every task

and minimizes variations in performance.
Workers are expected to perform their duties with alertness,

full knowledge, sound judgment, and accountability.
Accident 1
1 fatality and 46 injuries
In 1997 there was an explosion and fire in a hydrocracking unit in a
refinery in California. A pipe in the unit ruptured releasing a flammable
mixture of H-C and H2, which ignited resulting in a fire and explosion.
Causes: excess temperature in one of the hydrocracking reactors than

the shut down temperature (800ºF).
The reactor and the pipe which ruptured were believed to have
reached a temperature greater than 1400ºF.
Accident 1
1 fatality and 46 injuries
Previous temperature deviations had occurred, but the system
had not been shut down.
This led operators to believe that these deviations were

acceptable.
Also, some of these temperature deviations were not

investigated, and recommendations from those investigated
were not all implemented.
Accident 2
9 injuries
In 1998 an explosion followed the release of flammable chemicals
from a 2000 US gallon batch reactor into a building in a specialty
chemical plant in New Jersey.
Operators were unable to control the temperature of the batch,
and the runaway reaction partially vented through the reactor
manway into the production building and chemicals were released
into the surrounding community.
It is believed that the initial temperature of the batch was higher
than normal, making it more difficult for operators to control the
batch temperature with the available cooling.
Accident 2
9 injuries
In 8 of the previous 32 batches produced, operators had Difficulty
in controlling the batch temperature. The temperature rise were
beyond the limits specified by the procedure.
In some cases exceeded the maximum shut down temperature

(300ºF) and the operators were able to recontrol without a
runaway reaction.
These temperature deviations were not investigated, and no action

was taken in response to them.
Common point
In both different incidents, the process had exceeded specified
safe operating limits during operations before the incident.
The abnormal conditions became accepted – this is called

“normalization of deviation.”
These warning signs were either not investigated, or actions

recommended were not implemented.
Conduct of Operations summary
(1) Say what you intend to do (procedures), and

(2) Do what you say.
Eg. if your operating procedures say to shut down if a critical

safety parameter exceeds a specified value, you must always
take this action!
recommendations
• Know what the critical safety process parameters are for your
plant, know the consequences of exceeding them, and
How to control.
• Always take the required actions if critical safety parameters
are violated and report it to management for investigation .
What are your plant’s critical safety control limits?

Emergency management includes
(1) planning for possible emergencies,
(2) providing resources to execute the plan,
(3) practicing and continuously improving the plan,
(4) training or informing employees, contractors, neighbors, and
local authorities on what to do, how they will be notified, and
how to report an emergency, and
(5) effectively communicating with stakeholders in the event an
incident does occur. The scope of the emergency element
extends well beyond "putting out the fire."
This element
- focuses on three aspects of emergency planning and response:
• Protecting people, including people who are onsite, offsite, and
emergency responders.
• Responding to catastrophic accidents involving explosions, large releases of
chemicals, or other large releases of energy.
• Communicating with stakeholders, including neighbors and the media.
- does not address accidents caused by natural disasters or attack, public

demonstrations, sabotage.
- does not address business continuity planning, recovery, or requirements to

preserve forensic evidence that may be useful in an incident investigation.
Purpose of an emergency plan !
To control and manage response to foreseeable emergencies.
Last barrier
Development of an emergency plan
• Sometimes a legal requirement (eg MAPP).
• Identify foreseeable scenarios (hazard) and response (control).
• Select people (on-site and off-site) to develop the plan in steps.
• Determine resources needed (roles, responsibilities).
• Evaluate external emergency response. !
• Consider on-site and off-site medical response.
• Identify if an off-site plan is needed. !!
emergency plan
Foreseeable emergencies
Depending on the organisation

• First aid/medical (virus).
• Fire/explosion.
QRA
• Loss of containment/toxic release.
• Outbreak of disease.
• One lost in desert
Specialists to develop the plan
On-site
• Engineers.
• Workers (process experts).
• Specialists (health and safety, etc.).
Off-site !
• Regulators.
• Local authorities and councils.
• Water companies and authorities.
• Utility companies.
• Emergency services including the police and fire service.
Required Resources examples!
• Emergency control room ECC.
• First aid equipment.
• AED and evacuation chair.
• Spill and release response kits.
• Telephone and radios.
• Site maps and drain plans.
• SDS.
• Computer and printer.
• F&G system
• Medical system
• Drawings
• alarm system,
• emergency lighting
Availability of external emergency
response (including medical)
• in case of :
‒ isolated location;
‒ long response times.
‒ special hazards, eg chemicals
So may need:
- Adequate on-site emergency first aid.
- Advanced trauma care
- Rescue team with BA
On-site and off-site plans
• On-site and off-site plans may be required in law:

‒ on-site developed and managed by the
organisation;
‒ off-site developed and managed (and
implemented) by the authorities (only for high
hazard installation).
Both plans should have actions for immediate

response and long term recovery response
Content of an emergency plan
Depending on legal requirements but to include:
• systems for alerting workers, neighbouring facilities
and emergency services;
• responsibilities in the event of an emergency;
• expertise of teams involved in response (internal and
external);
• evacuation/shelter arrangements;
• emergency shutdown of plant and services;
• consideration of vulnerable people (disabled);
• systems for accounting for workers (roll-call).
• reporting procedures,
• evacuation,
Content of an emergency plan
• re-entry procedures,
• isolation procedures,
• MSDS,
• protection of vital equipment.,
• emergency control centre, !
• personnel notification,
• control of visitors and contractors,
• roles and responsibilities,
• emergency alarm system
Information management and media
liaison
Information and communications
• Real time information about the incident (events, decisions):
‒ Paper log or whiteboard.
• Hazard information (SDS).
• Casualty information.
• External reports to regulators.
• Media liaison:
‒ need media training;
‒ usually a prepared statement.
Theoretical training
Table-top exercises:
Used to simulate an emergency to validate plans, develops
staff Process Safety Competency by practicing roles and tests
procedures
• Trainer-led exercise.
• Many scenarios can carried out in accelerated time.
• Discuss possible actions as per roles.
• Respond ‘in theory’.
• Identify gaps or deficiencies.
Practical testing of response
• Fire/emergency evacuation drill:
‒ trigger alarm;
‒ test workers and response team, roll-call and fire
wardens.
• Response team drill:
‒ practical false scenarios; e.g. tanker spillage
‒ led by trainer;
‒ test actual response; e.g. wear BA
‒ Improve skills and confidence
• Full-site response drill: !
‒ full-site evacuation and test.
Process Safety Competency of response
team and commanders
• Incident commanders need:
• leadership experience under pressure;
• knowledge of plant; !
• good communications skills. !!
• Response team members:
• Site experience.
• practical skills:
‒ first aid, fire-fighting, rescue, BA, etc.
Incident command system ICS
organization Chart
Provision of information to the public !
During normal operations

• Potential incidents.
• Possible alarms.
During an incident
• Information on the event.
• May be assisted by authorities.
LEARN FROM EXPERIENCE
The least expensive ways to learn from experience are to:

(1) Apply best practices to make the most effective use of available
resources,
(2) Correct deficiencies exposed by internal incidents and near misses
(3) Apply lessons learned from other organizations.
Pillar 4: LEARN FROM EXPERIENCE
E17 Incident Investigation.

E18 Measurement and & Metrics.
E19 Auditing.
E20 Management Review & Continuous Improvement
.
Who should lead Incident Investigation
incident investigation should be by trained Personnel (RCA

techniques).
incident with potential greater consequences  Investigation

multidisciplinary team .
incident with potential lower consequences individual or a
two-person.
Who should lead Incident Investigation
incidents involving significant human injuries or regulatory impact,

the investigation should be managed by legal department.
communications to the media and other external organizations

should be by the public affairs.
Incident Investigation
Organisational learning
Think about incidents you have been involved in:
− What was the most significant injury/harm?
− What had the greatest potential for injury?
− Do you think you learnt from the potentially serious
event?
HSG245 incident
investigation
Learning lessons
• Investigate based on the potential and the actual consequences.
• Do not downplay the incident as a “near miss”.
• Incidents not investigated, could happen again
with more serious consequences
eg. chemical reaction causes pipes to heat up:
If ignored  chemical release and serious injuries.
Serious
Causes of chemical process incidents
1. Management system failures After 1980
2. Technology failures
Before 1980
3. Human failures
4. External circumstances and natural phenomena
Immediate and root causes
Immediate cause Root cause

Underlying
Unsafe act or condition
circumstances that
that lead directly to the
allowed immediate cause
consequences .
to happen.
eg organization &
eg PPE, spillage, removed management systems
guard, noise failures
(lack/inadequate).
causes
A flammable liquid has overflowed from a vessel

during the filling operation via a pump where it is metered in
based on the transfer time and pump speed.
- Suggest causes for the incident.

Causes
 Pump changed for a higher rate.
 Poor MOC process.
 Failure of LAH.
 No automatic cut off.
 Operator error.
 Poor initial risk assessment.
 Process changes, eg bigger batches than design.
Reasons & Benefits for investigating incidents
• Identify root causes.
• Prevent reoccurrence (main purpose).
• Update risk assessments by learning from past experience.
• Document the details for future use (not rely on memories).
• Meet legal requirements.
• Enable trends (statistics & benchmarking).
• Demonstrates a desire to improve and learn lessons (improve morale).
• Any disciplinary actions will be fair.
• Provide information to insurance company, enforcing authority,
(civil claims), stakeholders, public, etc.
• Workers will feel valued.
• Determine economic losses
Retention of corporate knowledge
Avoidance of “corporate amnesia”:

– retain information formally;
– lessons learnt;
– decisions;
– designs, etc.
Lessons learnt and benchmarking
Findings of incident investigations.

Lessons learnt
Striving for continual improvement .
Comparing an organisation against:

• another organisation;
Benchmarking • a national standards, eg accident statistics
publication;
• an operational standards.

E18 Measurement & Metrics.
E19 Auditing.
E20 Management Review & Continuous Improvement.
What Metrics ?
The metrics are indicators to measure performance of the

RBPS elements.
This element addresses which indicators to consider, how
often to collect data, and what to do with the information to
help ensure responsive, effective RBPS management system
operation.
A combination of leading and lagging indicators are used to
provide a complete picture of process safety effectiveness.
Key terms
Leading indicators Lagging indicators
Proactive measurements of Reactive measures that look at

conditions that monitor process failures, such as the number of
safety (a few critical risk control injuries, near misses and spills
systems ) before something goes which are reported, or excursions
wrong and to see if things are where plant is operated outside of
operating as intended. the intended operational envelope.
PSI (KPI, KLI): Checks to determine how well the site is managing PS.
Leading and lagging PSI
Measure barrier defects (holes), Maintain barrier strength

events and consequences of ie. Activities to maintain
incident risk control systems
Leading and lagging PSI
Leading indicators Lagging indicators

– Proactive (predictive) – Measures of failure.
measures of conditions. – Can not prevent the
– Identify problems before incident
harm occurs.
– Can prevent the incident
A combination of leading and lagging indicators is often the

best way to provide a complete picture of process safety
effectiveness
Development and implementation of
process safety indicators (PSI)
• Determine what can go wrong (scenarios).
• Identify the risk controls to prevent such incidents and
establish lagging indicators to measure its failure.
• Identify the critical elements for each risk control system
and develop leading indicators to monitor whether these
are working.
• Monitor and review indicators.
References on process safety metrics
• OGP (International Association of Oil & Gas Producers), ”Process Safety
– Recommended Practice on Key Performance Indicators”, Report. No.
456, November 2011
• Health & Safety Executive, “Developing process safety indicators - a
step-by-step guide for chemical and major hazard industries”, HSG 254,
first edition, 2006
• ANSI/API RP 754, Process Safety Performance Indicators for the
Refining and Petrochemical Industries, Second Edition
• Center for Chemical Process Safety (CCPS), “Guidelines for Process
Safety Metrics”
• CCPS “Process Safety Leading Indicators Industry Survey”,
http://www.aiche.org/sites/default/files/docs/pages/leading-indicator-
survey_0.pdf

E18 Measurement and & Metrics.
E19 Auditing.
E20 Management Review & Continuous Improvement.
Key term
Auditing
A systematic, proactive,
objective, critical evaluation of
how well an organisation’s PSM
elements are performing against
identified standards by examining
evidence.
Auditing compliance
What is the 1st thing you will consider
while planning for the new year?
Audits:
• To comply with external certification
bodies (OSHA PSM, EPA RMP, CCPS) and
internal best practice or HSE system;
• check controls are in place and working;
• identify areas continual improvement.
• A report of audit findings shall be
developed to the management
Audit Frequency
• The OSHA process safety

management Standard
requires compliance audits
of all covered facilities every
three years.
Esso Longford Gas Plant -1998
Explosion 2 Killed, 8 injured
Summary
On 25 September 1998 gas explosion occurred at the Esso

natural gas plant at Longford in the Australian state of Victoria.,
killing two workers and injuring eight with losses $1.3 billion.
Gas supplies to the state of Victoria were affected for two
weeks.
Summary
LPG is extracted by means of a shell and tube H.EX, in which
heated "lean oil" and cold "rich oil" (oil which has absorbed
LPG) are pumped into the H.EX, cooling the lean oil and heating
the rich oil.
Event Description
During the morning of Friday 25 September 1998, a pump

supplying heated lean oil to heat H.EX had tripped out for four
hours.
A H.EX experiences a range of temperatures throughout the
vessel. Temperatures normally ranged from 60 °C to 230 °C.
Investigators estimated that, due to the failure of the lean oil
pump, parts of H.EX experienced temperatures as low as −48 °C.
Ice had formed on the unit. When the lean oil pump resumed
operation at 230 °C - the temperature differential caused a
brittle fracture in the H.EX.
Event Description
About 10 ton of H-C vapor were released and ignited from a

heaters 170 m away and exploded.
Esso blamed the accident on panel worker negligence.

Event Description
The findings of the Royal Commission, found Esso fully

responsible for the accident:
The causes of the accident is a failure to provide and maintain a
working environment that was safe and without risks to health.
This constituted a breach of Section 21 of the Occupational
Health and Safety Act 1985.
Other findings of the Royal Commission
included
• the Longford plant was poorly designed, and made isolation
of dangerous vapors and materials very difficult;
• inadequate training of personnel in normal operating
procedures of a hazardous process;
• excessive alarm and warning systems had caused workers to
become desensitized to possible hazardous occurrences;
• the relocation of plant engineers to Melbourne had reduced
the quality of supervision at the plant;
• poor communication between shifts meant that the pump
shutdown was not communicated to the following shift.
Certain managerial shortcomings were
also identified
• the company had neglected to commission a HAZOP of the
H.EX system.
• Esso's two reporting system (from operators to
supervisors to management) meant that a previous similar
incident (on 28 August) were not reported to the
appropriate parties;
• the company's "safety culture" was more oriented towards
preventing lost time due to accidents or injuries, rather
than protection of workers and their health.
Lessons learned
• Where cold temperatures are possible, correct metallurgy
should be installed to prevent embrittlement
• MOC is necessary for both plant and personnel changes
• Through identification of hazards allows for adequate
controls to be identified and implemented
• Alarm flooding adversely affect on the management of
response

E18 Measurement & Metrics.
E19 Auditing.
E20 Management Review & Continuous Improvement
.
MANAGEMENT REVIEW &
Continuous Improvement
It is a formal periodic evaluation of whether PSM management

systems are performing as intended and are producing the desired results.
Done by the top management against standards (e.g. OSHA PSM) to ensure
its effectiveness and take strategic decisions to fill the gap between day-to-
day work activities and periodic formal audits and assessing opportunities for
improvement and the need for changes to the PSM System, including the
policy and objectives.
The Management Review shall meet the requirements of the standards

FREQUENCY OF THE MANAGEMENT
REVIEW
• Management Reviews of the HSSE MS shall take place on an
annual basis as a minimum and the Asset Risk Profile shall be
updated.
• the Council and/or the HSE Management Rep. can call for an
extra session if necessary
Example Schedule for Management
Reviews
Month Topic (Element)
January Operations (15)
February Knowledge (6), Management of Change (13)
March Asset Integrity (10)
April Procedures (8)
May Outreach (5), Emergency (16)
June Contractors (11)
July Culture (1), Involvement (4)
August Incidents (17)
September Safe Work (9), Readiness (14)
October Competency (3), Training (12)
November Standards (2), Risk (7)
December Metrics (18), Audits (19), Management Review (20)
management review will systematically
include
• Results of audits, self assessments, inspections and incident investigations;
• Accidents & Incidents analysis.
• The HSSE concerns of employees, contractors and external stakeholders.
• Review of compliance with current legal requirements;
• Process performance and its conformity to the HSE Policies.
• A follow up of the previous decisions.
• A review of the HSE Policies & Objectives, its effectiveness, performance indicators.
• Changes that could impact the HSE management systems, company strategies, clients needs, changing
circumstances.
• The provision of adequate resources and competent personnel for HSE critical positions to achieve HSSE targets
objectives and strategies;
• The suitability, adequacy and effectiveness of training efforts.
• Continued adequacy of controls to manage risks to ALARP;
• Review MOC procedures and effectiveness.
• Measuremental monitoring results.
• Any recommendations for improvement.
FOLLOW UP ON DECISIONS

1.CCPS RBPS

Uploaded by

Copyright:

Available Formats

1.CCPS RBPS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1.CCPS RBPS

Uploaded by

Copyright:

Available Formats

Process Safety Management

Eng. Ashraf Elsayed

Personnel (Occupational ) Safety Process Safety (MAH)

prevention of injuries prevention or mitigation of catastrophic failures;

• Managing the integrity of hazardous operating systems

• PSM applies to most industrial processes

• An “uncontrolled occurrence” in the operation of a site which can lead to

The definition of major accident specifically excludes “occupational accidents”,

E1 Process Safety Culture .

E2 Compliance With standards.

E3 Process Safety Competency.

The group values and behaviors that determine the

• Many incidents are due to inadequate leadership and poor

If you do not believe the messenger,

"I only do what I'm told to do,"

"We'll take shortcuts if necessary to get the job done," or

"This process safety stuff is costing too much money"

• Failure of an “O-ring” seal in

E1 Process Safety Culture .

E2 Compliance With standards.

E3 Process Safety Competency.

Should provide access to applicable standards, codes and regulations

• Standard is a set of technical definitions and guidelines

• Standard Built confidence about product quality , cost

• A CODE is a standard adopted by governmental bodies and

• requirements will only be mandatory

• Code Provides a set of rules that

• Specifications provide specific/additional requirements for

• allow purchaser to include special

Is the standard mandatory or not?

conformance to standards helps a company to:

Code: accepted rules that tell you what you need to do

E1 Process Safety Culture .

E2 Compliance With standards.

E3 Process Safety Competency.

- Qualified and Having adequate ability to Perform

Training in how to do the job safely

Training matrix / framework :

E1 Process Safety Culture .

E2 Compliance With Standards.

E3 Process Safety Competency.

− What is ‘consulting’ and ‘informing’?

The two-way exchange of

Discussion Email and web

− Why is the committee is ineffective?

Engagement should be audited by:

E1 Process Safety Culture .

E2 Compliance With Standards.

E3 Process Safety Competency.

• Engaging them in process safety discussions,

During normal operations

The FOUNDATION of a RBPS.

E6 Process Knowledge Management.

E7 Hazard Identification & Risk Analysis.

• operators Supply a ‘safety case’ to regulators to run process :

UK regulation 2015 (COMAH): high hazard

2- Leadership and commitment

4- Hazard identification and risk assessment

5- Emergency response plan