Anda di halaman 1dari 53

Petrofac Emirates LLC

HSE Design Strategy

HSE in Oil & Gas Conference Abu Dhabi June 2012

HSE Design Strategy Approach

Safe Risk-Based Approach:
Minimize frequency and consequences of gas releases Minimize possibility of injury to personnel Minimize impact on environment Minimize damages to facilities Save company reputation

Reduce probability of incidents provide suitable control systems Process control, ESD systems, Corrosion Control, Isolation Provide adequate control measures to cope with residual risks Project specific HSE engineering approach will be generally spelled out in Project HSE Plan / Philosophy to meet client specific contract HSE requirements Petrofac BMS / Petrofac Emirates QMS procedures and standards will guide our safety engineers to deliver HSE design on projects

HSE Design Strategy Objectives

Full compliance with:
UAE Legislative requirements Company / ADNOC HSEMS Company HSE Policies & Procedures ADNOC Codes of Practice Applicable international codes and standards

Achieve demonstrable level of ALARP with regards to P, E, A, R Identify hazards and put in place appropriate controls, procedures and emergency response systems Inherently safe design of facilities Use industry best practices in the design Implement past industries lessons learnt into design Minimize degradation to local environment air quality, flora, fauna

Inherent Safe Design Specific Attention

Plant Layouts Equipment Layouts Hazardous Area Classification Equipment Design Drains, Vents & Flares Equipment / Plant Isolation Control & Other Buildings Requirements Escape & Evacuation Means

HSE Risk Management

Risk Management Approach:
Identify Evaluate Manage Review

Residual Hazard Management (RHM) Process Methodology identify and try to minimize the risk AT SOURCE + PASSIVE PREVENTION

RHM Process Rules

Rule No. 1 Risk Based Approach:

RHM Process Rules

Rule no. 2 Hierarchy of Risk Reduction Measures:

RHM Process Rules

Rule no. 3 Effectiveness of Protection Systems:

HSE Design Methodology for Projects


HSE Design Methodology for Projects


Step 1a Identify Causes & Likelihood

Seek ways to reduce likelihood Put in place effective design & preventive measures Establish minimum performance requirements Assign criticality & follow up throughout the lifecycle of the plant

Possible causes of incidents:

Human error in operation / maintenance Unauthorized disassembly / operation Incorrect assembly / reassembly Deterioration due to internal (corrosion, erosion) or external environmental conditions Overloading / Extreme Loads Accidents, Impacts, Dropped Objects, Fires, Explosions Monitoring / Control System Failure Mechanical failure of a component / joint / weld Plant startup / shutdown Design Error

Step 1a Identify Causes & Likelihood

Studies to be performed:
Safety Layout Study HAZID / ENVID / OHID Study What-If Analysis SIMOPS Study - by HSSE group Bow-Tie Analysis HAZOP Study SIL Assessment Study Failure Modes & Effects Analysis (FMEA) Job Safety Analysis (JSA) by HSSE group Task & Activity Analysis by HSSE group Environmental Baseline Study Environmental Emissions & Effluents Study / Emissions & Effluents Summary

HSE Design Methodology for Projects


Step 1b Analyze Severity & Consequences

Seek ways to minimize severity & consequences of events Put in place effective detection, control & mitigation measures Establish minimum performance requirements Assign criticality & follow up throughout the lifecycle of the plant

Characteristics to be considered:
Location of initial failure and the resultant effects Hydrocarbon release rates, frequencies, durations & total released quantities Spread & accumulation of any oil or liquid fuel releases Kinetic energy & location of dropped objects Location & severity of explosion overpressures Location & severity of heat / flames resulting from process / other fires Spread, density & toxicity of smoke from different fires Particular dangers & severity of access to hazardous areas Height & Weight of tall structures & areas onto which they may collapse

Step 1b Analyze Severity & Consequences

Studies to be performed:
Hydrocarbon Release Analysis Blowout Analysis Impact Analysis (including Dropped Object Study) Hydrocarbon Liquid & Gas Dispersion Analysis Fire & Explosion Hazard Analysis (FEHA) Environmental Event Definition Immediate Effects Analysis

Fire & Explosion Hazard Analysis (FEHA)

Quantify the severity of credible and extreme events in terms of overall size, variation with time, duration, heat and blast loadings and smoke effects Components:
Ignition Probability Analysis Computational Fluids Dynamics (CFD) Modeling Physical Effects Modeling (PEM) Flare / Vent Dispersion & Radiation Study Fire Risk Assessment (FRA) Smoke & Gas Ingress Assessment Heat Radiation Contours Blast Study Blast Overpressure / Explosion Contours Building Location Risk Assessment Consequence Analysis Fault Tree Analysis

HSE Design Methodology for Projects


Step 1c Escalation & Evacuation Analysis

Identify potential routes to escalation, together with the effects that could lead to evacuation Rigorously examine each hazard / group of hazards could they realistically arise? Draw event tree primary routes to escalation, probability, sequence, timings, characteristics of event progression, each event consequences Determine overall risk picture / need for protection

Factors to be considered:
Potential for & routes to escalation which would require evacuation (LOC of wells, LOC from pipelines / flowlines, LOC of well control during critical drilling activities / workover, LOC of major HC / toxic inventory H2S, Diesel fuel, separators, chemical storage, etc, Loss of integrity, etc) Impairment of accommodation, muster areas, control rooms Routes for progressive escalation Time at which escalation / impairment could occur Exposure of escape & evacuation routes / evacuation systems, etc.

Step 1c Escalation & Evacuation Analysis

Studies to be performed:
Egress, Escape, Evacuation and Rescue Analysis (EEERA) Emergency Systems Vulnerability & Survivability Analysis (ESSA) Muster & Temporary Refuge Analysis Emergency Preparedness Analysis by HSSE group Pollution Prevention & Control Report Safety Case Emergency Preparedness Action Plan Emergency Response Plan Spill Prevention & Control Plan Spillage Response Plan

Documents / Plans to be developed:

HSE Design Methodology for Projects


Step 1d Exposure Analysis / Risk Assessment

Likelihood and consequences of all hazards and effects are evaluated (qualitatively and/or quantitatively) to demonstrate compliance to ALARP principle Studies to be performed:
Screening Level Risk Assessment (SLRA) Temporary Building Risk Assessment Environmental Risk Assessment (ERA) Quantitative Risk Assessment (QRA) Pipeline Risk Assessment Preliminary Construction Risk Assessment Preliminary Operation & Maintenance Risk Assessment Preliminary Health Risk Assessment Preliminary Demolition Risk Assessment

Quantitative Risk Assessment (QRA)

QRA Assumption Register HAZID What could go wrong Scenario Definition Where & How often things could go wrong Plant Sectionalizing & Inventory Calculation Event Tree Analysis What could contribute to the accident Consequence Modeling Severity of accident & possible consequences Risk Calculation & Sensitivity Analysis Risk Assessment compare risk levels with tolerability criteria Identify practical Risk Reduction Measures

HSE Design Methodology for Projects


Step 2 Eliminate / Minimize Hazards At Source

Systematic approach will continue using outputs from all the HSE studies carried out For every identified hazard / hazardous activity try to design out:
Fewer processing steps Use permanently installed equipment to avoid heavy lifts associated with transient plant Arrangement of drilling / workover facilities / pipe storage to avoid lifts over top deck Location of HP gas plant to avoid explosion arising from confined gas release, etc Minimization of processing, by exporting partially processed / lower specification fluids

Step 2 Eliminate / Minimize Hazards At Source

For every identified cause seek ways to make failure inherently less likely to occur (through inherent strength, reliability, longevity, simplicity of design:
Minimize potential for human error Increase plant / component reliability to minimize disassembly Inherent plant resistance to external / internal deterioration Inherent plant strength to withstand unintentional overload / extreme & accidental events Corrosion resistant materials Minimize number of instruments in process plant Avoid relief valves design plant for maximum anticipated pressure, etc Increased design tolerances greater longevity, absorb process deviations / overloads Minimize number of hazardous activities / requirements to enter hazardous areas (diving, confined space entry, working at height, working over side / water, etc)

Step 2 Eliminate / Minimize Hazards At Source

Examine severity of consequences for opportunities to minimize them at source & limit their potential damage (where possible):
Minimize HC release rates by limitation of potential hole sizes (instrument impulse line) / avoiding HP processing / reduction of vessel numbers / capacity / diameters / piping lengths Minimize explosion overpressures by minimizing the distances to vent areas Maximize ventilation (reduce the gas cloud size) Minimize type / frequency of activities requiring scaffolding in process areas Optimize the layout of process plant / piping / support facilities (minimize explosion overpressures) Minimize elevation / weight of lifts Minimize sources of ignition in process / production areas

Step 2 Eliminate / Minimize Hazards At Source

Make changes in layout or the way people operate to reduce their exposure:
Avoid exposing accommodation, TRS, muster points, CRs to flames, smoke or blast Locate HP gas and liquids away from other major flammable inventories (oil processing, fuel storage, etc) Minimize activities requiring personnel on elevated platforms / areas where they might be exposed / trapped by incident effects Control ignited liquid spills to not impact critical plant / process areas Optimize layout avoid routine / extraordinary heavy lifts over the live plant Locate large LP / atmospheric liquid inventories at lower level / in the spar to avoid exposure of tanks / vessels / structures to fire from beneath Provide plant / structure with sufficient inherent strength to withstand the effects of an initial event Avoid location of processing / drain systems in enclosed areas

HSE Design Methodology for Projects


Step 3 Adopt Strategy to Manage Each Hazards

Four types of strategies will be applied sequentially until adequate defense in depth has been provided:
Strategy to Prevent Strategy to Control the Severity limit the magnitude of the event Strategy to Mitigate the Effects / Reduce Escalation Strategy for Emergency Response, Evacuation & Recovery

Decisions will be complex, considering:

Practicality to ensure that events without protection do not occur in the lifetime of the installation Practicality of counteracting the effects of more severe events with ensuring the effective emergency response Risk of strategy failures on P, A, E, R Minimum design / operating standards, infrastructure and facilities provided Any specific policies and procedures Environmental consequences of an uncontrolled event

Step 3 Adopt Strategy to Manage Each Hazards

Review and update existing philosophies / strategies, or develop new ones where required:
HSE & Loss Prevention Philosophy Fire, Explosion & Toxic Release Strategy ESD & Blowdown Philosophy Drain & Vent Philosophy F&G Detection Philosophy Passive / Active Fire Protection Philosophy Vibration, Noise Control & Noise Mitigation Philosophy Boat Landing / Helicopter Approach Philosophy Egress, Escape, Evacuation & Rescue Strategy (EEERS) BAT Assessment Study ALARP Demonstration Strategy

Strategy to Prevent
It is not absolute there will always be potential for human error, mechanical failure or any type of other failures It is viable if every cause has been identified, is fully understood and effective measures are put in place for the lifetime of the facility Studies and possible causes of incidents listed under the Step 1a are critical inputs to the decision

Strategy to Control Severity

Next strategy is to control or limit the magnitude of events Process is started by reduction at source Addition of further systems to detect and then control the event will reduce the severity to make it unlikely to kill or cause escalation Analysis of severity (Step 1b) will indicate which variables within the possible scenarios may reduce the severity (detection and control options)

Strategy to Mitigate Effects / Reduce Escalation

Assessment of immediate consequences (Step 1b) will show which people and parts of the plant could be exposed to the consequences Assessment of potential routes to escalation (Step 1c) will indicate the ways plant is likely to fail: Major loss of life Critical failure (e.g. vessel rupture) Major loss of HC inventory Loss of critical safety / emergency systems needed to control the hazard Loss of primary structure, etc

After optimizing the design to minimize the exposure (Step 1d), a Mitigation strategy will be adopted to protect people, plant and environment

Strategy for Emergency Response, Evacuation & Recovery

When everything practical has been done by design to control the escalation and mitigate the consequences of an unwanted event, finally consider if anything else is needed to limit the exposure of people and environment and protect their evacuation defense in depth in case of an extreme event and/or failure of all the previous strategies Facilities to muster and evacuate are always provided, but this strategy aim is to reduce the dependence on them to an absolute minimum Where they are critical, make decision and use the equipment within the timescale and effects of the event confirmed by the studies on Step 1c

HSE Design Methodology for Projects


Step 4 Select Systems

Many systems (particularly Prevention systems) will be selected based on the requirements of applicable codes & standards, with long term assurance of plant integrity (by corrosion control & inspection), supported by operational controls and operators competence. Other systems will be selected to minimize the potential for failure (particularly human error) and to minimize maintenance (with the associated exposure to people) fewer tasks to make mistakes, fewer people exposed.

Passive Systems
First choice act upon hazard simply by their presence most reliable, require only inspection & maintenance Failure modes long-term deterioration, physical damage, removal Examples corrosion allowances, bunds, blast walls, fireproofing

Active Systems
Second choice require mechanical / electrical plant or control signals in order to work Susceptible to failure and downtime - less reliable (particularly where their failure may be unrevealed), require inspection, testing & maintenance Susceptible to human error and/or omission cause increased number of personnel and activity on the plant Examples HIPPS systems, depressurization systems, F&G detection systems, active fire protection systems, etc

Operational Systems
Third choice depend primarily upon people to initiate the system / carry out the whole function Least reliable, require sufficient trained people to be on the plant for their operation, with the associated minimum competence and procedures Effectiveness wholly dependent on the operator who decides their activation Examples manual settings of choke valves, visual detection of oil leaks, manual initiation of ESD systems, etc

External Systems
Final choice depend on correct reaction of people beyond the company itself and its direct workforce Further room for errors due to longer communication lines and frequent changes of people involved Effectiveness dependent upon effective contracts and audit Examples industrial fire fighters, isolation of third party feeder pipeline, external medical services, etc

HSE Design Methodology for Projects


Step 5 Setting System Performance Standards

Once the systems are selected set the performance standards for all critical safety / emergency systems, competencies and procedures Performance standards reflecting minimum level of performance that must be achieved during the lifetime of the facility will be set. Will address role, functionality, criticality (quality, availability, reliability) and survivability, with respect to hazards to which they are assigned Role - Will be defined before any other parameter. Example: - role of a depressurization system is not only to meet a particular depressurization rate according to a particular code / standard, but also to prevent vessel rupture in a high pressure condensate fire or to reduce the duration of a gas fire so that it cannot cause critical escalation

Step 5 Setting System Performance Standards

Functionality will define the minimum performance necessary to fulfill the role, but will not define how this will be achieved. Failure to achieve it will require repair / replacement Examples:
Sensitivity and response time of gas detectors Weather limitations and response time of rescue systems Application rate of fire water to keep vessel temperature down to a specific figure

Criticality will determine how reliable and available the system must be In case of prevention measures, will indicate the goal in terms of reducing the likelihood of the event For all other systems will determine the target success rate for the system (two components reliability and availability)

Step 5 Setting System Performance Standards

Reliability will be verified by functional testing at predetermined intervals Availability is defined by maximum allowable downtime in a fixed period Exceedance of these limits will require further operational risk reduction measures, including shutdown Where required success rate cannot be achieved by a simple or conventional system, performance will be enhanced by increased reserves of strength, duplication or redundancy Existing criticality systems will be used (e.g. for competence, corrosion management, structural integrity, instrumented safety systems, etc) and will be integrated into an overall system for the facility management

Step 5 Setting System Performance Standards

Example - a F&G detection system may have 85% probability of detection of small events, but 99% probability of detection of incidents with the potential to escalate or kill. This is achieved through the assurance of adequate coverage, testing of panel and detectors at predetermined intervals, clear definition of tolerable failure rates and limits for the duration of lockouts and obstructions such as scaffolding, which may impair effectiveness Survivability - will be expressed in terms of the severity of the event that it should survive. A system must have sufficient strength / protection / redundancy to fulfill its role and meet the required functional standards in order to operate and maintain its integrity during or after an event Examples A fire and gas detection system does not need to survive a fire or explosion, as it should already have fulfilled its role in the incipient stages of the event A separator and connected piping and instruments may have to maintain its integrity when exposed to a 0.5 bar explosion overpressure An ESD valve actuator and power supplies may have to be fail safe or protected from a jet fire until it has closed

HSE Design Methodology for Projects


Step 6 Demonstration of Adequacy

Final step is to demonstrate system adequacy Purpose to show that design is good enough to go to the next phases of the project: Design safety expectations have been achieved Project goals are met Risk acceptability criteria are satisfied and risk are reduced at least to ALARP level Standards used on Process Safety / Integrity Management are fully respected All Company / National Regulations will be satisfied during the next phases of project

Step 6 Demonstration of Adequacy

Elements: Concept selection process has explored inherently safer options Project has chosen a concept in which risks can be minimized and managed effectively Overall process to identify, understand and manage hazards is complete Project has made a comprehensive attempt to identify and consider all practical means to minimize risks from residual hazards at source Three primary decisions on each MAH have been documented together with all the potentially better options and reasons for their non-selection: Selection of strategy for management of each MAH Choice of systems to implement this strategy Setting of realistically achievable performance standards for each system

Step 6 Demonstration of Adequacy

Studies / Workshops to be performed: FIREPRAN Formal Safety Assessment (FSA) Peer Review ALARP Demonstration (including CBA) PHSER

ALARP Demonstration
Scope demonstrate compliance with ALARP principle Company/ ADNOC risk tolerability criteria for individual risk of fatality will be applied

ALARP Demonstration (including Cost Benefit Analysis)

Unacceptable region

Risk cannot be justified


Demonstrate that all risks are both tolerable and reduced to ALARP CBA will be used where decisions are not clear from qualitative reviews, in order to compare the costs for different options and identify the point at which the cost of risk reduction becomes grossly disproportionate.

As Low As Reasonably Practicable

Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement gained Tolerable if cost of reduction would exceed the improvement gained

Broadly acceptable region

(No need for detailed working to demonstrate ALARP)

Necessary to maintain assurance that risk remains at this level Negligible Risk

Specific Challenges
Is it good enough? Are codes and standards adopted suitable for the hazards and particular conditions on this facility? Have good international best practice been applied? Has there been suitable expert input? What is particularly dangerous, difficult or novel and how have the hazards been managed? What design safety factors have been applied to process and structures and how will they change with time? Has the rigorous process of safer design been followed? Why are not more corrosion resisting materials used? Why are so many people needed to operate and maintain it? For every hazard has there been an adequate examination of causes, probability, severity, immediate consequences and potential for escalation to a major accident? To what extent have the project safety goals been met?

Specific Challenges
Has there been a rigorous process to identify all possible options to reduce risks at source by design, and have all the opportunities been implemented where practicable? Why is the protection not further up the passive / active / procedural hierarchy? Is there any specific individual activity needed to build, operate, maintain, inspect, repair or decommission the installation that is unusually dangerous, even with the best possible operational controls? Are there any groups of people who are highly exposed to serious hazards? Does the amount of hazardous activity, processing, simultaneous operations and exposure of personnel make any part of lifecycle unusually dangerous? Are there large numbers of people working on or near the facilities and exposed to major accidents which could realistically occur and from which they could not escape or be protected? Are the future operations happy with the risks on the facility, the proposed hazard management strategies, the systems provided and the dependence upon them to operate it safely? Do the facilities meet the used guidelines on risk acceptability?