1 / 49

European Best Practice for industrial Disaster Risk Management (iDRM)

European Best Practice for industrial Disaster Risk Management (iDRM). Christian Jochum (chr.jochum@t-online.de) InWEnt Senior Advisor (www.inwent.org) Director of Centre, European Process Safety Centre (www.epsc.org) Chairman, German Commission on Process Safety (www.kas-bmu.de)

sherri
Download Presentation

European Best Practice for industrial Disaster Risk Management (iDRM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. European Best Practice for industrial Disaster Risk Management (iDRM) Christian Jochum (chr.jochum@t-online.de) InWEnt Senior Advisor (www.inwent.org) Director of Centre, European Process Safety Centre (www.epsc.org) Chairman, German Commission on Process Safety (www.kas-bmu.de) India, September 2010

  2. Professional Profile Christian Jochum • Born 1943 in Frankfurt a.M./Germany • PhD in Chemistry, certified Safety Engineer • Honorary Professor at Frankfurt University • 28 years experience in large chemical/pharmaceutical company (Hoechst AG) • 1969 – 1979 Pharmaceutical research and pilot plant operations • 1979 – 1997 Safety department (Site and Corporate Safety Director and „Major Accident Officer“ since 1987) • EHS – and crisis management consulting for different types of businesses and administration since 1997 • Commission on Process Safety (formerly Major Hazard Commission) at the German Federal Minister for the Environment (Chairman since 1998) • European Process Safety Centre (Rugby/UK): Director of Centre since 2007 • InWEnt Senior Advisor since 2009

  3. EPSC (European Process Safety Centre) • Industry funded association of major chemical companies in Europe. • Approx. 40 contributing enterprises • Dedicated to sharing and improving best practice in Chemical Process Safety • Study groups on • Safety Critical Systems (inc. IEC 61511) • Buncefield type facilities overfill protection • Layer of Protection Analysis (LOPA) • Auditing • Process Safety Incident and KPI reporting • ATEX • Senior Management Commitment • Work in conjunction with European Commission on implementation and upgrading Seveso 2 Directive • Partnerships with CEFIC (European Chemical Industry Council) and U.S. Center for Chemical Process Safety (CCPS) www.epsc.org

  4. Commission on Process Safety (Kommission fuer Anlagensicherheit [KAS]) • Mandated by the Federal Emission Control Act • Advises government as well as plant operators and state and local authorities on process safety • 32 members with different professional and educational background representing different stakeholders (“Round Table”) • Any group needs “allies” to win votes • Consensus intended, but majority decisions possible • About 55 guidelines issued on different topics, e.g. • Land Use Planning (Safety distances) • Risk evaluation and perception • Emergency Planning • Industrial parks • Provisions against terrorist attacks on chemical plants • All publications of the Commission are available (partly in English) at • www.kas-bmu.de

  5. Outline iDRM Approach in Europe 1 2 Risk Management Principles 3 Best Practice of Emergency Management 4 Conclusions

  6. The drivers for Process Safety and industrial Disaster Risk Management (iDRM) in Europe are Lessons learnt (Bhopal, Seveso, Toulouse, Texas City, Buncefield, ...) Ethical dimension (Responsible Care (R)) Seveso 2, OSHA PSM National Standards Industry benchmarking (Major Hazard record of industry) Economics (Business Continuity)

  7. iDRM basic principle Crisis management assessment should cover all parts of emergency- and crisis- management ... • identify hazards comprehensively • avoid or control risks • communicate remaining risks • mitigate consequences • remediate damages • restore trust ... pursuing the goal to define and train as much as possible in advance

  8. Outline iDRM Approach in Europe 1 2 Risk Management Principles 3 Best Practice of Emergency Management 4 Conclusions

  9. Prevention This map is common, you will see it again Risk is a combination of HAZARD Severity and FREQUENCY or LIKELIHOOD Mitigation

  10. Risk Review Requirements The risk review process has to be determined • by all relevant stakeholders/departments of the organisation • in writing (company guideline) • shared with authorities etc. • defining the risk review team (multi-disciplinary including operator level) • defining milestones for and different levels of risk review (e.g. Design phase, pre-commissioning, pre-start up, changes, etc)

  11. Design, Build and Operate How the project mgr. understood it How it was planned by the engineer How it was implemented by the technicians How the consultant interpreted it What the client ordered What the client really wanted What was charged To the client What was subject of the service agreement How it was documented How it was eventually built

  12. Hazard Identification Operation hazards • eg. „classical“ EHS-hazards, loss of production, ... All hazards have to be identified comprehensively and systematically ... Network hazards • eg. failure of utilities, supplies, transportation ... Environmental hazards • eg. natural hazards, adjacent plants and traffic ways, ... Environmental vulnerability • eg. densely populated areas/buildings, natural reserves, ... Terrorist threats • eg. plant vulnerability, neighbourhood/environment sensitivity, company image, ... ... by e.g. “What if”, checklists, HAZOP, FMEA etc.

  13. Risk Assessment Risk is a combination of hazardSeverity and Likelihood or frequency, often expressed as R=f(S,L) • Severity may be determined by • Gas dispersion in combination with criteria for human effects such as: • ERPGs (Emergency Response Planning Guidelines) • AEGLs (Acute Exposure Guideline Levels) • Explosion Overpressure and Fire radiation effects using tools such as: • TNO methodology • FLACS • Likelihood may be estimated by • expert opinion/experience • databases for failure frequencies • (semi-) quantitative assessments (risk graph, fault or event trees etc.) • Assessment of safety barriers and mitigation (e.g. “bow tie” diagram, Layer of Protection Analysis = LOPA)

  14. ‘Bow Tie’ Diagram

  15. Community Emergency Response Plant Emergency Response Physical Protection e.g. Relief Devices Safety Instrumented System preventative action Critical Alarms and Operator intervention Basic Process Control System, Operating Discipline / Supervision Plant Design integrity The LOPA “Onion”

  16. Protection Layer Concept

  17. LOPA criteria -1- Initiating events • Control system failures • Human error • Piping and equipment failures • Interruption of utilities (e.g. Cooling) Independent layers of protection • Basic Process Control System (possibly) • Alarm and operator response • Relief systems • Safety Instrumented Systems • Other qualifying Safety Related Protection Systems • Need to independent, effective, tested, audited

  18. LOPA criteria -2- Conditional Modifiers • Weather conditions • Probability of ignition • Probability of ignition leading to explosion • Probability that person(s) will be exposed • Probability that an exposed person will suffer a particular harm • May be difficult to justify and evaluate Mitigation (right hand side of bow tie) • Fire protection • Emergency Response • Water curtains • Secondary and tertiary containment • etc

  19. ‘Tolerable’ frequencies for events • What risk can we tolerate? • Frequency for an event of a given severity (injury, environmental insult etc.) • Users need to specify but aim to meet or exceed (do better than) regulator requirements • The chosen tolerability becomes the target for risk management sometimes called ‘Risk Governance’ for the company (usually Individual or Societal Risk) • Data and guidance available for injury/fatality and environmental effects

  20. Tolerability Data (Fatalities) (Buncefield LOPA Guidance Dec 2009, final report from U.K. HSE) ALARP = As Low as Reasonably Practicable

  21. Example Risk Evaluation Criteria 1.E-02 1.E-03 1.E-04 1.E-05 Government or Corporate Evaluation Criteria 1.E-06 1.E-07 Frequency of N or more Serious Injuries 1.E-08 1.E-09 Business Evaluation Criteria 1.E-10 1.E-11 1.E-12 1 10 100 1,000 10,000 (N) Number of Potential Fatalities

  22. Categories for Environmental Risk (U.K. Environment Agency) Heading and introduction from Section 3.7 in “IPPC H1: Integrated Pollution Prevention and Control (IPPC) and Environmental Assessment and Appraisal of BAT”, Version 6 July 20

  23. Typical Environmental Tolerability Criteria

  24. Example for Risk Calculation

  25. 10-3 Frequency in 1/a Societal Risk not acceptable  10-5 10-7 Societal Risk acceptable 10-9 10-11 1 10 100 fatalities http://www.sfk-taa.de/publikationen/andere/DNV_14102005.pdf Land Use Planning example from Netherlands - Individual Risk (fatality) 10-6 1/a - In addition Societal Risk as criterion - Definition of thresholds for overpressure, heat radiation and toxicity

  26. Risk Assessment has to be adopted to the needs LEVEL 1: PROCESS HAZARDS ANALYSIS Should be done by plant based people They then have a better understanding of the risks and possibly how they may be reduced LEVEL 2: RISK REVIEW Specialist help from e.g. Process Engineering or Process safety function at site – should include Plant based people in the team Level 1: PROCESS HAZARD ANALYSIS LEVEL 3: ENHANCED RISK REVIEW Specialist help from e.g. Process Engineering or Process Safety function within Corporate – should include Site and Plant based people in the team Level 2: RISK REVIEW Level 3 ENHANCED RISK REVIEW LEVEL 4: QUANTITATIVE RISK ASSESSMENT Specialist help from external expertise. Owner needs to define scope and data and critique the outcome. L4:QRA

  27. Measuring Process Safety Performance: Process Safety Indicators (PSI) reporting levels Large loss of primary containment (LOPC) event Small loss of primary containment event Challenges to the safety system Operating discipline & management system

  28. Thresholds for Loss of Containment becoming a PSI Cefic (European Chemical Industry Council) suggestion based on GHS classification

  29. Outline iDRM Approach in Europe 1 2 Risk Management Principles 3 Best Practice of Emergency Management 4 Conclusions

  30. Management of Remaining Risks Communicate remaining risks • to staff (operating procedures, training, drills, …) • to external stakeholders (customers, neighbours, authorities – but careful regarding security risks!) Mitigate consequences • Internal emergency planning (above all organisation, equipment, drills) • Cooperation with external services (neighbouring plants, public services) Important: ability to react fast! The bigger a corporation, the higher the expectations even for small sites

  31. Crisis Management Systems: can the unpredictable be planned? Define as much as possible in advance, because ... • ... crisis always happen at the wrong time and place • ... your regular organisation is not sufficient to handle crisis • ... all resources of the whole company have to be available in due time • ... public, media and authorities expect professional handling of crisis, too

  32. Emergency Response The basic principle: the faster and more effective the initial response, the smaller the consequences for men, environment and economy. • Provide the infrastructure for fast response (fire brigade, emergency control room, availability of key personnel, etc.) • Encourage immediate reporting of incidents (not to wait until own efforts failed ...), do not blame for false alarms • If the fire brigade is (partly) staffed by operators be aware of the risks of understaffed production • Better start with a higher level of alarm (worst case assumption) and grade it down later than vice versa • Notify and involve public fire brigades and authorities as soon as possible • Analyse every incident and the response to improve the emergency organisation without blaming anyone

  33. Mock Drills Major incidents hopefully become less frequent. This makes drills even more important ... • ... to train seldom used procedures • ... to reduce mental stress during incidents • ... to optimise emergency- and crisis- management • ... to make sure that necessary resources are available

  34. Emergency Response The basic principle: the faster and more effective the initial response, the smaller the consequences for men, environment and economy. • Provide the infrastructure for fast response (fire brigade, emergency control room, availability of key personnel, etc.) • Encourage immediate reporting of incidents (not to wait until own efforts failed ...), do not blame for false alarms • If the fire brigade is (partly) staffed by operators be aware of the risks of understaffed production • Better start with a higher level of alarm (worst case assumption) and grade it down later than vice versa • Notify and involve public fire brigades and authorities as soon as possible • Analyse every incident and the response to improve the emergency organisation without blaming anyone

  35. emergency call fire alarm system Emergency Response Workflow: Example Industrial Park Frankfurt-Hoechst (Sanofi-Aventis/Infraserv Höchst) incident dispatchof task forces

  36. Categorisation of the incident Emergency Manager warning procedures Notification to local and state authorities safety regulations sirens radio announcements by police dep. Emergency response management group automated telephone messages dark page Emergency Response Workflow: Example Industrial Park Frankfurt-Hoechst (this and following slides: courtesy of Infraserv Höchst and Sanofi-Aventis)

  37. Integrated Command Centre Hoechst Industrial park (Frankfurt/Germany)

  38. Integrated Dispatch and Command Center 24 hours crewed by 5 Dispatchers

  39. ELR Arbeitsplatz

  40. Site Fire Brigade with 2 Fire Stations within the Industrial Park

  41. Warning Procedures – Warning of Neighborhood • Warning of affected areas by • 17 external sirens in 4 groups • Radio announcements • Automated telephone messages to hospitals, day care centers or schools

  42. Scene of Incident Emergency Response Committee Emergency Manager Site Incident Manager Documentation Fire Brigade (site) Emergency Manager3-5 Secretary Environmental control Emergency Manager 2 Company Representative (company affected by incident) Site Security Communications Fire Brigade (site) Plant Manager Toxicology Occupational Physician Occupational Physician Additional Experts Environmental Protection Public Fire Brigade Site Security Public Fire Brigade Police Plant Safety Police Crisis management group Operational Structure

  43. The Role of Authorities The cooperation between authorities and companies at an incident depends on their cooperation before the incident. • Open communication about risks and safety measures on a regular basis (e.g. in a local or regional committee) builds up trust which is urgently needed during emergency response • Authorities need to know about the possible scenarios for major accidents to do their own preparations • Authorities should have clear rules about their responsibilities in handling major incidents to avoid conflicts between the different agencies (e.g. labour safety, environment, civil protection, police etc.) • Mitigation of consequences should come first, legal prosecution of individuals responsible for the incident later

  44. Neighbours, Journalists and Environmentalists The basic issue: Neighbours and the general public share the risks of industrial sites, but not necessarily the benefits. • Communication of relevant risks has to be done openly and in an adequate form (“not scientific”) prior to incidents (e.g. “neighbourhood councils”, brochures, ...) • to build up trust in the competence of the company to handle risks • to enable the neighbours to react adequately during an incident • The response of neighbours etc. to incidents is strongly influenced by the company´s response to requests and complaints prior to the incident • Fast and open information after an incident is crucial • Fears and worries of neighbours etc. have to be taken seriously even if they are based on emotions rather than science • On the long term, conflicts with neighbours etc. endangers the “licence to operate”

  45. Crisis Communication Sometimes crisis communication becomes a crisis of communication!

  46. Outline iDRM Approach in Europe 1 2 Risk Management Principles 3 Best Practice of Emergency Management 4 Conclusions

  47. Conclusions • Investing in safe and eco-efficient plants pays off at least on the long term • The (remaining) risks of industrial plants can be assessed and are the basis for scenarios for emergency planning • The knowledge and experience of the operators should be used by all means • Risks should be communicated as well as benefits to all stakeholders, esp. the neighbours • The resources for emergency response (manpower, equipment, communications, organisation etc) have to be planned in advance and readily available in case of an incident. People usually accept the risk of a chemical/pharmaceutical plant, but not incompetence in handling it • Authorities should involve themselves actively in emergency planning, balancing this out with their law enforcement duties • Combined efforts will definitely lead to safer and more accepted plants, as the figures from Germany may show

  48. Development of Accidents in Germany since 1950 „Arbeitsunfälle“ = occupational accidents „Wegeunfälle“ = acc. on the way to work

  49. Thank you for your attention!... and special thanks to Richard Gowland, EPSC Technical Director, who contributed a number of slides

More Related