major hazard facilities control measures and adequacy l.
Skip this Video
Loading SlideShow in 5 Seconds..
Major Hazard Facilities Control Measures and Adequacy PowerPoint Presentation
Download Presentation
Major Hazard Facilities Control Measures and Adequacy

Loading in 2 Seconds...

play fullscreen
1 / 77

Major Hazard Facilities Control Measures and Adequacy - PowerPoint PPT Presentation

  • Uploaded on

Major Hazard Facilities Control Measures and Adequacy. Overview. The seminar has been developed to provide: Context with MHF Regulations An overview of what is required An overview of the steps required Examples of control measures and their adequacy. Some Abbreviations and Terms.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Major Hazard Facilities Control Measures and Adequacy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

The seminar has been developed to provide:

  • Context with MHF Regulations
  • An overview of what is required
  • An overview of the steps required
  • Examples of control measures and their adequacy
some abbreviations and terms
Some Abbreviations and Terms
  • AFAP - As far as (reasonably) practicable
  • DG - Dangerous goods
  • Employer - Employer who has management control of the facility
  • ER or ERP - Emergency response or Emergency response plan
  • Facility - any building or structure at which Schedule 9 materials are present or likely to be present for any purpose
  • HAZID - Hazard identification
  • HAZOP - Hazard and operability study
  • HSR - Health and safety representative
  • LOC - Loss of containment
  • LOPA - Layers of protection analysis
some abbreviations and terms4
Some Abbreviations and Terms
  • MHF - Major hazard facility
  • MA - Major accident
  • OHS - Occupational health & safety
  • PFD - Probability of failure on demand
  • PSV – Pressure safety valve
  • SMS - Safety management system
topics covered in this presentation
Topics Covered In This Presentation
  • Regulations
  • Introduction
  • Regulatory requirements
  • What does this mean?
  • Identify all control measures
  • Development of assessment
  • Control category and examples
  • Hierarchy of controls
  • AFAP
topics covered in this presentation6
Topics Covered In This Presentation
  • Effectiveness of control measures
  • Control types
  • Opportunities available to reduce risk
  • Assessment and adequacy
  • Sources of additional information
  • Review and revision

Basic outline

  • Hazard identification (R9.43)
  • Risk assessment (R9.44)
  • Risk control (i.e. control measures) (R9.45, S9A 210)
  • Safety Management System (R9.46)
  • Safety report (R9.47, S9A 212, 213)
  • Emergency plan (R9.53)
  • Consultation

Hazards causing an MA

The controls preventing or mitigating consequences of an MA

The controls in place and assess their effectiveness and adequacy


In order to deliver safe operation the Employer needs to understand the relationship between

  • At least 23 workers were killed
  • 74 were injured
  • $800,000,000 (U.S.) estimated property damage

Controls DO fail and the consequences can be devastating

(Skikda, Algiers, 20 January, 2004)

  • Control measures are the features of a facility that:
    • Eliminate
    • Prevent
    • Reduce
    • Mitigate

. . . the risks associated with potential MAs

  • They are the means by which the Employer ensures the operation satisfies the Regulations and the AFAP requirement
  • A number of control options maybe considered and applied individually or in combination
  • In undertaking control measure identification and assessment, the Employer should seek to attain an understanding of:
    • The processes involved in control measure identification/selection and assessment
    • The control measures used to reduce the risk of potential major accidents to AFAP
  • At the end of the controls and adequacy evaluation process, the Employer should know:
    • The identity of all existing and potential control measures
    • The relationships between the hazards, control measures, MAs and outcomes
    • The effectiveness of control measures in managing risk
    • The opportunities that are available to reduce risk
    • The monitoring regime necessary to ensure the ongoing effectiveness of the control measures
regulation requirements
Regulation Requirements
  • After the HAZID and Risk Assessment evaluations, the Employer will have identified all of the hazards that can lead to MAs and the controls in place, including independence, reliability, effectiveness, robustness and applicability
  • A determination of the adequacy of the controls in managing the hazards then needs to be undertaken
what does this mean
What Does This Mean?
  • The opportunities present that are available to reduce risk need to be assessed, including additional or alternative controls
  • The monitoring regime necessary to ensure the ongoing effectiveness of the control measures for managing the hazards need to be assessed
  • Control measures and adequacy assessment will need to be revised as necessary, using performance monitoring results and other relevant new information
what does this mean15








No of Incidents


Chemicals & Plastics








First Aid



First Aid







What Does This Mean?

Reported incidents by results involving Schedule 9 materials in Victoria (from VWA)

what does this mean16
What Does This Mean?
  • This accident happened during the filling of a 2000 m3 LPG sphere
  • Its legs collapsed.
  • One person was killed and one seriously injured
identity of all control measures
Identity of All Control Measures
  • All of the MAs should be documented in an appropriate format that clearly identifies:
    • The MA (the release modes and the consequences of the release)
    • All hazards that, if realised, can cause an MA
    • The controls in place to manage the hazard and any recommended controls as a result of the HAZID process
identity of all control measures18
Identity of All Control Measures

Example, consider a chlorine drum handling operation

identity of all control measures20
Identity of All Control Measures
  • Control measures are not only physical equipment, but may include:
    • Engineered devices (physical barriers such as impact protection bollards) or systems (high integrity trip systems)
    • High-level procedures or detailed operating instructions
    • Information systems (incident reporting systems)
    • Personnel training (i.e. the actions people should take in an emergency)
development of assessment
Development of Assessment
  • It is important to understand how controls are arranged in a manner that eliminate or minimise the hazards leading to an MA occurring, and any interdependence
  • Control measures may be pro-active, in that they eliminate, prevent or reduce the likelihood of incidents
  • They may be reactive, in that they reduce or mitigate the consequences of an MA
development of assessment22
Development of Assessment
  • Control measures may be considered as “barriers” and are located between the intrinsic hazards that could lead to an MA
  • Control measures can also reduce the harm that may be caused to people and property in the event of an MA
  • Hazards can result in an MA harming people or property only if controls have failed to function as intended, or have been bypassed/defeated
development of assessment23
Development of Assessment

1st barrier

2nd barrier

3rd barrier

development of assessment24
Development of Assessment
  • There are methods for the control assessment process
  • The size, complexity and knowledge of the MHF could determine which approach to use
  • Several methods can be used, e.g.:
    • LOPA
    • Fault tree and event tree
    • Risk matrix
control measure hierarchy




Increasing Reliability

Eliminate Hazard


Minimize hazard


Physical controls



Decreasing Reliability

Personnel Skills &Training


Control Measure Hierarchy

The hierarchy of controls & effectiveness guidelines

control measure hierarchy26
Control Measure Hierarchy
  • Elimination/substitution controls
  • Prevention controls
  • Reduction controls
  • Mitigation controls
  • It is the risk assessment that provides the information necessary to test this requirement, and this information must be included in the safety report
  • The risk assessment must address hazards and risk both individually and cumulatively
  • Consequently the demonstration that risks are eliminated or reduced to AFAP may need to be made for control measures individually, in groups and as a whole
  • The AFAP approach is not simply about satisfying a single criterion of whether the risk of an MA is less than a specific number or position on a risk matrix
  • It is about evaluation of all controls, their proportionality for controlling the risk of an MA occurring and if additional controls can reasonably have an effect on reducing the risk of an MA further
  • The likelihood of the hazard or risk actually occurring
    • That is, the probability that someone could be injured or harmed through the work being done
  • The degree of harm that would result if the hazard or risk occurred
    • For example fatality, multiple injuries, medical or first aid treatment, long or short term health effects
  • The availability and suitability of ways to eliminate or reduce the hazard or risk
  • What is known, or ought reasonably be known, about the hazard or risk and any ways of eliminating or reducing it
  • The cost of eliminating or reducing the hazard or risk
    • That is, control measures should be implemented unless the risk is insignificant compared with the cost of implementing the measures
  • The balance between benefits in terms of reduced risk and the costs of further control measures will play a part in achieving and demonstrating AFAP
  • Every safety report will need to develop an approach as to how the AFAP argument is to be applied to the facility
  • The AFAP approach then needs to be applied consistently to every MA in order for demonstration of adequacy to be satisfied
afap cost benefit rejecting controls



(Risk Reduction)


Should be implemented. Little analysis required unless rejected.

More detailed justification required to reject


More detailed justification required to reject (lower priority)

Simple justification to reject

Sacrifice (cost, time, effort and inconvenience)


AFAP – Cost/Benefit & Rejecting Controls
effectiveness of control measures
Effectiveness of Control Measures
  • There are controls and safeguards
  • A control is considered to be a device, system, or action that is capable of preventing a cause from proceeding to its undesired consequence, independent of the initiating event or the action of any other layer of protection associated with the scenario
  • A safeguard is any device, system or action that would likely interrupt the chain of events following an initiating event
effectiveness of control measures40

Preventing the consequences when it functions as designed


For the initiating event



Of the components of any other control already claimed for the same scenario


The reliability, effectiveness and independence of a control must be auditable

Effectiveness of Control Measures

To be considered a control, it must be:

effectiveness of control measures41
Effectiveness of Control Measures
  • As an example, consider an employee action to read a level gauge and a pressure gauge - both taken off the same tapping point
  • Is a single tapping point for two different information streams applicable, independent and reliable?
  • Will the employee reliably report the correct information?
effectiveness of control measures42





Effectiveness of Control Measures

These have been built into a system - but are they:

The answer - NO

effectiveness of control measures43
Effectiveness of Control Measures
  • Every designer, Employer and manager desires to have controls that are:
    • Robust
    • Reliable
    • Can survive harsh environments
    • Not dependent upon rigorous inspection and testing regimes that involve manpower and cost
  • Unfortunately this is not reality
effectiveness of control measures44
Effectiveness of Control Measures

Controls do fail and accidents occur as a result

Result of a fire at a bulk storage facility – was there adequate separation and fire protection?

effectiveness of control measures45
Effectiveness of Control Measures
  • Impact on:
  • Environment
  • People
  • Business interruption
  • Cost of inventory
  • Reputation
  • Legal cost
effectiveness of control measures46
Effectiveness of Control Measures

A good management system

effectiveness of control measures47
Effectiveness of Control Measures

With adequate risk control measures

effectiveness of control measures48
Effectiveness of Control Measures

Reduces the risk of loss

effectiveness of control measures49
Effectiveness of Control Measures
  • These controls are important to analyse in a structured manner so that their effectiveness can be assessed
  • For this to occur the Employer needs to know:
    • What type
    • How many
    • How reliable are the controls
    • Are there sufficient to reduce MA risk to AFAP?
  • Each control needs to be fit for purpose and designed into the system as independent
control types
Control Types
  • In each evaluation the type of service being evaluated needs to be taken into consideration critically to ensure the control type is effective and will perform its intended duty
  • For example consider an instrumented level gauge with high level and high high level independent alarms for controlling the level in a process tower
  • The alarms are not tested and the high high level is known to be in fault mode
    • Is this control reliable, effective and applicable?
control types51
Control Types

Controls need to be service and situation dependent in

order to be suitable

  • For example, having a rupture disc in place where the inlet can foul – in this circumstance the correct pressure will not be seen by the rupture disc
    • Such a control would not be suitable for the service
  • Bund in service for flammable liquid storage tanks which has major penetrations
    • This control would not be suitable as it cannot satisfy AS1940
control types52
Control Types
  • The following is an animated description of the US Chemical Safety Board, Animation of BP Texas City Refinery Accident, October 27, 2005
  • This can be found at the following website

control types human controls
Control Types – Human Controls
  • Such controls involve reliance on employees to take action to prevent an undesirable consequence in response to alarms or following a routine check of the system
  • Human performance is usually considered less reliable than engineering controls
  • Not crediting human actions under well defined conditions is considered to be unduly penalising the Employer
control types human controls54
Control Types – Human Controls

Human controls should have the following requirements:

  • The indication for action required by an employee must be detectable
  • The action must always be:
    • Available for the employee
    • Clear to the employee even under emergency conditions
    • Simple and straight forward to understand
    • Repeatable by any similarly trained/competent employee
control types human controls55
Control Types – Human Controls
  • The time available to take action must be adequate
  • Employees should not be expected to perform other tasks at the same time – there needs to be clear priorities
  • The employee is capable of taking the action required under all conditions expected to be reasonably present
  • Training for the required action is performed regularly and is documented
  • Indication and action should normally be independent of any other system already accredited
control types human controls56
Control Types – Human Controls

Examples of reduction (human) controls

Taken from “Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001”

opportunities available to reduce risk
Opportunities Available to Reduce Risk

The effectiveness of control measures in managing risk

  • Each control, to be classified as a legitimate control against an MA (i.e. implemented, functional, independent, monitored and audited) must be evaluated in a structured format
  • To ensure proper management of the MAs, each control must be fully independent of the other controls listed
    • there must be no failure that can deactivate two or more controls (e.g. common cause failure)
opportunities available to reduce risk58
Opportunities Available to Reduce Risk
  • The question people ask is, how many controls are required to reduce a MA to AFAP?
  • This will depend on:
    • The circumstances
    • The process being analysed together with the mix of independent controls
  • One approach used is to have a qualitative evaluation that requires three independent controls to be in place before AFAP can be achieved
opportunities available to reduce risk59
Opportunities Available to Reduce Risk
  • Risk is based on the following equation:
  • Risk = ∑(Fi x Ci) =(F1 x C1) + (F2 x C2) +.....(Fn x Cn)
  • Where
  • Fi is the Frequency or likelihood of event i, and
  • Ci is the consequence of event i
  • Risk reduction can be implemented by changing either the frequency of the MA occurring or the magnitude of the consequence of the MA
opportunities available to reduce risk60
Opportunities Available to Reduce Risk
  • For evaluation of control measures, there are several issues that need to be considered

Existing MHF Facility

  • During a risk evaluation process for an existing facility, it would be very unusual to achieve a reduction in the worst case consequences of an MA
  • Reducing the frequency or likelihood of the event occurring is generally the only option available
opportunities available to reduce risk61
Opportunities Available to Reduce Risk

New MHF Facility

  • For a new facility, both components of the risk equation can be reduced
  • Several issues can be explored when designing a new facility
  • The first point of examination is to focus on the hierarchy of controls
    • Can we eliminate the hazard so it is not a problem?
  • The second area to examine is substitution
    • Use of alternative non Schedule 9 or DG materials
opportunities available to reduce risk62
Opportunities Available to Reduce Risk

Elimination Controls

  • The effectiveness of an elimination control is considered to be 100%
  • The risk from an event occurring is reduced to zero
  • This is the optimal type of control
  • If an Employer cannot reduce the risk to an acceptable level, the feasibility of shutting down plant equipment/processes, substituting non-hazardous substances for hazardous substances should be considered
opportunities available to reduce risk63
Opportunities Available to Reduce Risk

Prevention controls

  • The effectiveness of prevention controls is based on their Probability to Fail on Demand (PFD)
  • PFDs can be determined from site specific maintenance/inspection data and incident data
  • In the absence of site specific data, PFDs can be referenced from worldwide failure rate data publications such as OREDA, E&P Forum, etc
opportunities available to reduce risk64
Opportunities Available to Reduce Risk

Reduction controls

  • Assessing the effectiveness of reduction controls is a lot more subjective than assessing the effectiveness of elimination or prevention controls
  • There are many variables that affect the integrity/effectiveness of such controls
  • These cover
    • Reliability of instrumentation
    • Inspection and testing frequency requirements
    • Effectiveness of testing programs and feedback on opportunities for improvement
    • Frequency of training employees
opportunities available to reduce risk65
Opportunities Available to Reduce Risk

Reduction controls

  • For example, an operating procedure can be a highly effective reduction control provided it is readily available, regularly referenced and frequently reviewed and there is independent verification of its output
  • The same argument holds for a change management process
  • Human factors evaluations should be used to determine the reliability of an operating procedure if it is critical to the activity
opportunities available to reduce risk66
Opportunities Available to Reduce Risk

Training/competency controls

  • The effectiveness of training controls is not easily assessed
  • Training programs that are:
    • Specific to the task at hand
    • Competency assessed
    • Revisited via re-fresher training courses
  • Are likely to be highly effective with confirmation being available through human factors evaluations
opportunities available to reduce risk67
Opportunities Available to Reduce Risk
  • Where elimination or substitution cannot be achieved then a combination of controls is preferred
    • This provides a balance
    • The failure of a single control should not lead to the MA occurring
assessment and adequacy
Assessment and Adequacy
  • There are a number of approaches that can be used to undertake an assessment of an MA’s controls to determine if the AFAP argument is satisfied
  • These include
    • LOPA
    • Fault and event tree analysis
    • Risk analysis using a matrix approach
  • The approach to use will depend on the complexity of the MA and the culture of the organisation
assessment and adequacy69
Assessment and Adequacy
  • Less complex and smaller operations could use a risk matrix type approach
  • A more complex operation such as a refinery or gas processing plant could use all three approaches
  • When determining effectiveness of control measures, the following issues will also need to be considered:
    • Independence
    • Functionality
    • Survivability
    • Reliability
    • Availability
assessment and adequacy70
Assessment and Adequacy
  • Cost benefit analyses can be undertaken to determine the viability of each proposed recommendation for further risk reduction
  • This is a valid approach and at some point, depending on the circumstances involved, the cost of reducing risk further becomes costly compared to the benefit gained
  • Controls that are rejected need to be documented including the reason why
  • The definition of a “critical control” is hard to define as various interpretations can be provided
  • This could, in some circumstances, skew thinking to the detriment of other controls
  • For the purpose of MA controls and adequacy evaluation, all controls that prevent or minimise the potential for an MA to occur should be appropriately evaluated
assessment and adequacy71
Assessment and Adequacy
  • In essence there will have been a determination made on every MA covering:
    • What controls are in place?
    • What other controls are in place?
    • Is there only one control in place or is there a proportionality of controls available to achieve AFAP?
    • Is the risk adequately controlled?
    • Are additional controls required?
assessment and adequacy72
Assessment and Adequacy
  • Are they effective?
  • Would alternative controls be more suitable and effective for preventing or reducing the MA?
  • What testing regime is required for maintaining the control performance?
  • Is the testing regime adequate for every control?
    • For example, if some controls are tested every 12 months, what improvement would there be if testing was undertaken every 3 months?
assessment and adequacy73
Assessment and Adequacy
  • Are the controls audited and their performance evaluated against appropriate criteria?
  • How are failures reported?
  • What is the corrective action process in place?
  • Is there verification of the entire process?
assessment and adequacy74
Assessment and Adequacy
  • A safety management process will need to be developed for the facility (i.e. SMS)
  • This will enable the performance of all control measures for every MA to be evaluated for effectiveness and opportunities for improvement identified
sources of additional information
Sources of Additional Information
  • Major Hazard Facility Guidance Material – Comcare website
  • WorkSafe Victoria Guidance Material – WorkSafe website
  • Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001
  • Hazard Identification and Risk Assessment, Geoff Wells, 1996
  • Classification of Hazardous Locations, A.W. Cox, F.P. Lees and M.L. Ang, IChemE, 1993
sources of additional information76
Sources of Additional Information
  • Guidelines for Process Equipment Reliability Data, Center for Chemical Process Safety of the American Institute of Chemical Engineers, 1989
  • Loss Prevention in the Process Industries , F. P. Lees, Appendix 14/5, 2nd Edition, Butterworth Heinemann
  • IEC 61511-3 Ed. 1.0 E - 2003 - Functional safety - Safety instrumented systems for the process industry