Professional Documents
Culture Documents
0
Petroleum Development Oman LLC Effective: Mar-11
Document ID SP-2062
Security Unrestricted
Version 1.0
i Document Authorisation
ii Revision History
The following is a brief summary of the 4 most recent revisions to this document. Details of all
revisions prior to these are held on file by the issuing department.
TABLE OF CONTENTS
i Document Authorisation........................................................................................................ 3
ii Revision History.................................................................................................................... 4
iii Related Business Processes................................................................................................. 4
iv Related Corporate Management Frame Work (CMF) Documents........................................4
1 Introduction........................................................................................................................... 8
1.1 Purpose........................................................................................................................... 8
1.2 General Definitions.......................................................................................................... 8
1.3 Review and Improvement (SP 2062)...............................................................................8
1.4 Deviation from Standard.................................................................................................. 8
2 WHEN ARE HSE CASES REQUIRED?................................................................................9
3 WHAT TYPES OF HSE CASES ARE THERE?...................................................................11
3.1 Asset/Facility HSE Cases at different ORP phases.......................................................11
3.1.1 Identify and Assess......................................................................................12
3.1.2 Select........................................................................................................... 12
3.1.3 Define........................................................................................................... 12
3.1.4 Execute........................................................................................................ 12
3.1.5 Operate........................................................................................................ 13
3.2 Roles and Responsibilities for the HSE Case................................................................13
3.2.1 Sign Off Dates.............................................................................................. 13
3.3 Roles and Responsibilities within the HSE Case...........................................................13
3.4 Workforce Involvement.................................................................................................. 16
3.5 Deliverables................................................................................................................... 16
3.6 Performance Monitoring................................................................................................ 16
3.6.1 Review and Improvement (HSE Cases).......................................................17
3.6.2 Material Change........................................................................................... 17
4 ASSET INTEGRITY - PROCESS SAFETY MANAGEMENT..............................................18
4.1 Process Safety Manual, HSSE Control Framework, Section.........................................18
4.2 Centre for Chemical Process Safety Guidelines for Risk Based Process Safety (CCPS
RBPS)..................................................................................................................................... 18
4.3 Process Safety in Projects............................................................................................. 19
4.4 Critical Drawings............................................................................................................ 19
5 HEMP.................................................................................................................................. 20
5.1 Hazards and Effects Register........................................................................................ 21
6 BOW-TIES.......................................................................................................................... 22
7 SAFETY CRITICAL ELEMENTS......................................................................................... 25
7.1 SCE (Hardware) Barriers............................................................................................... 25
7.2 SCE Selection............................................................................................................... 27
7.3 Performance Standards................................................................................................. 28
7.3.1 Performance Standard Approval..................................................................29
Page 7 SP-2062 Specification for HSE Cases Printed 27/03/11
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Petroleum Development Oman LLC Effective: Mar-11
1 Introduction
An HSE Case provides a documented demonstration that risk reduction philosophies and
measures have been developed and implemented at each phase of the Opportunity
Realisation Process (ORP) to ensure that the risks are tolerable and as low as reasonably
practicable (ALARP) through the systematic application of the Hazards and Effects
Management Process (HEMP) as set out in the PDO HSE Management System (HSE-
MS).
This document should be read in conjunction with the guideline Applying Process Safety in
Projects GU-648 [4].
1.1 Purpose
This purpose of this specification is to establish minimum requirements for the content of
HSE Cases and it shall be used for the development of HSE Input to Concept Select
Reports, Design HSE Cases and Operations HSE Cases.
This specification SHALL [PS] be used for demonstration of the following requirements of
the Process Safety Manual in the Shell HSSE & SP Control Framework [Ref. 7]:
Identify and document Hazards with RAM red and yellow 5A and 5B Process
Safety Risks for existing and new Assets (Requirement 1).
Develop a Statement of Fitness for the Assets (Requirement 7)
Review the Process Safety Risks to the Asset at least annually, in line with 8
Management Review (of the HSSE & SP Management System) (Requirement
20).
This specification contains information on the contents of each type of HSE Case and
gives guidance and examples of information to be contained in specific sections.
Reputation
Severity
Asset
No injury or No No
0 health effect No damage effect impact
Slight injury
Slight Slight Slight
1 or health
damage effect impact
effect
Minor injury
Minor
2 or health
damage
Minor effect Minor impact
effect
Major injury
Moderate Moderate Moderate
3 or health
damage effect impact
effect
PTD or up to Major
4 3 fatalities damage
Major effect major impact
To use the Framework, first relate the decision being considered to the decision context
characteristics on the right hand side of the Framework. Establish a horizontal line across
the Framework at the point that best fits the nature of the decision. The segments of this
horizontal line define the relative weight that should be given to the different decision
making approaches in the ALARP determination. The descriptors on the lefthand side of the
diagram describe the type and extent of consultation that is needed for the selected
decision context and type.
Type B and C decisions shall be taken at higher levels within an organisation than Type A
decisions.
Type A decisions are those involving well-understood hazards and proven solutions. The
lessons learned from past years have been incorporated into authoritative Good Practice.
Reference to the relevant Good Practice, supported by expert judgment, is sufficient to
define the barriers needed to reduce the risks to both tolerable and ALARP.
Type B decisions are those involving less well-understood hazards. Good Practice has to
be supplemented by more detailed analytical methods such as quantified risk assessment
(QRA) particularly to address the uncertainties of novel aspects of design. However, risk-
based analysis cannot be the only approach, as illustrated by the fact that it forms no more
than 40% of a horizontal line through the Type B band.
Type C decisions are those involving hazards that may create societal concerns. The more
technological factors in the ALARP determination need to be conditioned, or viewed in the
context of how the situation will be seen by stakeholders.
The A, B, C groupings are not intended to split the framework into three discrete sections,
but should be used to indicate a continuum of decision context types from a strongly Type A
(technology based) at one extreme to a strongly Type C (judgment based) at the other
extreme. A range of decision-making approaches will contribute, especially to Type B and C
decisions. The background to the Framework is described in [4].
Air transport operations, road transport operations and marine operations with severity 5 or
high level hazards (as defined by the RAM in Figure 2-1) that are PDO operated (owned,
leased or contracted) shall have an Operations HSE Case.
The nature of Transport and Drilling Rig HSE Cases is that they are developed to describe
the hazards and set out controls associated with the respective operation or activity. These
cases are reviewed and updated as they develop, but rarely is there a requirement to
develop a new HSE Case for these activities.
Asset/Facility HSE Cases differ in that new design projects or production stations may
require that a new HSE Case is developed in accordance with this specification.
Asset/Facility HSE Cases are further separated into the following types of HSE Cases:
o Concept Select Report: This demonstrates that there has been a systematic
application of HEMP during the Identify, Assess and Select phases, that the HSE risks
associated with each development option have been identified and assessed, the
lowest risk option has been chosen or that the cost/effort required to adopt the lowest
risk concept is grossly disproportionate to the benefit.
o Design HSE Case: This demonstrates that there has been a further systematic
application of HEMP during the Define and Execute phases, demonstrates that the
severity 5 or high level hazards identified are both tolerable and ALARP and that all
safety critical elements (with associated performance standards) have been identified
and meet the performance standards.
o Operations HSE Case: This describes management of the severity 5 or high level
hazards to ensure that they are tolerable and ALARP, bow-tie diagrams showing the
hazards and the barriers to the hazards, a list of HSE critical tasks, references to
operational management systems and a statement of fitness. This acts as
confirmation that the HSE Case Owner (Director) is satisfied that the arrangements
are in place for the facility to operate safely.
3.1.2 Select
This stage must select the best concept solution for delivering value from the
opportunity and make it clear why one choice was the preferred option.
HSE input into the select phase has potentially the greatest impact. The option
selected to take forward into the define phase must be ALARP. An ALARP
demonstration must be provided in the CSR (see section 14).
3.1.3 Define
The selected concept must be defined technically (scope, cost, schedule) or
commercially (JVA, JOA, country entry) for final investment decision (FID). Note that
the timing of a technical FID may not coincide with a commercial FID.
HSE activities and deliverable at the define stage include a Design HSE Case and
other HEMP Studies.
3.1.4 Execute
The project is to be delivered as a facility consistent with the forecast scope, cost,
schedule and proven performance and has to be accepted by the Owner of
operations (usually the Relevant Director) for use.
During the execute phase the Design HSE Case is refined. The Operations HSE
Case is developed prior to handover to operations. Further HEMP studies are
carried out to support the ALARP Demonstration.
3.1.5 Operate
The project is operating as per expected and is maximising returns to Shareholders
and protecting the License to Operate. The Owner of operations (usually the
relevant Director) has accepted responsibility for continued safe operations.
The Operations HSE Case will contain the ALARP demonstrations for the Operate
phase. This is built and maintained throughout the operate phase, (see section 16).
HSE Project HSE Lead Lead Technical Safety Delivery Team Leader
Case Engineer
Custodi
an Manages HEMP studies, Ensures the HSE Cases
ensures risk tolerability Identifies HEMP studies are developed and
and suitable and robust to assess the hazards maintained for their
ALARP demonstrations and risk associated with assets in accordance
are made the project with latest requirements.
Prepares HSE content of Develops risk reduction Ensures participation in
the CSR and checks strategies, identifies development and
DCAF content all signed safety critical elements awareness and proper
off (SCE) and associated use of the HSE Case by
Coordinates the Performance Satandards the organisation
development of the HSE in conjunction with SCE Validates HEMP studies
Input to the CSR. Technical Authorities and technical accuracy
(TA) of the contents of the
Facilitates that suitable HSE Case
and robust ALARP Co-ordinates review of
demonstrations are HSE critical tasks listings
made. and associated
Reviews and approves Performance Standards
all action items raised for Ensures that revisions
correct detail, action and updates are
party and target date prepared when
Compiles/co-ordinates necessary, adequately
the HSE Case controlled and
distributed
Reviews facility specific
emergency response
plans
Reviews and approves
all action items raised for
correct detail, action
party and target date
N/A N/A
HSE Directorate Technical Safety
Case Engineer
Adminis
Compiles/co-ordinates
trator
the HSE Case and
subsequent reviews and
updates
Supports the HSE Case
Custodian
For Design HSE Cases, workforce involvement can be demonstrated by ensuring that
relevant staff representatives have been involved in the design. This may be done by
ensuring they participate directly in the design activities (HAZIDs, HAZOPs, HEMP
studies) and by participating in project assurance reviews such as Design Reviews, peer
reviews and project Audits.
Operations HSE Cases shall be communicated to the operations and maintenance teams
on site. The focus shall be on what the case means to them and what impact is it likely to
have. In addition, representatives from current operational, engineering, and
maintenance teams and workforce representatives (where applicable) shall be included in
the regular reviews as described in Section 13. This engagement may be demonstrated
by ensuring that the HSE case is reviewed regularly by operations and maintenance staff,
which can be achieved through
job descriptions and staff performance contracts
dedicated communications initiatives
staff onboarding
committees or working groups (e.g. AIPSALT).
For both types of HSE Cases, the details of how workforce involvement has been
achieved shall be described in the HSE Case or in the documentation of the periodic
review of the HSE Case.
3.5 Deliverables
Design and Operations HSE Cases are classified as Essential Records according to CP-
102 Documents & Records Management and shall be maintained on Livelink by the
HSE Case Administrator.
Design and Operations HSE Cases are mandatory deliverables for new projects and
existing assets, as described by the Discipline Control and Assurance Framework (DCAF)
section in SP-2061 Technical Authority System [Ref. 7].
A full description of each element can be obtained in The HSSE & SP Control Framework
[Ref. 6]
Compliance to the detailed requirements of the Process Safety Manual is demonstrated
by signing a Statement of Fitness (SoF). The Statement of Fitness is shown in section 12
and testifies that the hazards have been appropriately managed in accordance with
HEMP and that a suitable and robust ALARP demonstration has been made.
The Statement of Fitness is a requirement of the AI-PSM Application Manual and a
signed SoF shall be included in Design and in Operations HSE Cases, respectively.
For operational assets the SoF shall be signed by Asset Directors, and for new projects
by the Project Manager before handover to operations.
5 HEMP
The hazards and effects management (HEMP) process identifies and asses HSE hazards,
implements control and recovery measures and maintains a documented demonstration
that major HSE risks have been reduced to a level that is as low as reasonably practicable
(ALARP).
HEMP shall be applied to all activities over which PDO has operational control and shall
cover the entire lifecycle of the asset or operation; from concept through to
decommissioning and disposal. Work undertaken by a Contractor and under the
Contractors own management system shall have a requirement for an equivalent HEMP
approach expressly stated in the contract.
HEMP is fundamental to all analysis and assessment elements of the formal HSE activities,
and is at the heart of the HSE management system used in PDO. The HEMP process
comprises four basic steps:
Systematic identification of hazards, threats, unwanted events and their effects
Assessment of the risks against screening criteria, taking into account the
likelihood of unwanted events and the potential severity of the consequences in
terms of effects to people, assets, the environment and reputation of PDO
Implementation of suitable risk reduction measures to control or mitigate the
hazard and its effects
Planning for recovery in the event of a loss of control leading to an unacceptable
effect.
The main objective of HEMP activities is to demonstrate that hazards (and associated risks)
have been identified and where the hazard cannot be eliminated the risks are controlled to a
level that is tolerable and as low as reasonably practicable (ALARP). The HEMP model is
characterised by Figure 5-4.
DOCUMENT
6 BOW-TIES
The Hazards and Effects Register documents that all hazards associated with the facility
and that control and mitigation measures have been identified. Hazards that have been
assessed as being a severity 5 or high risk on the risk assessment matrix (Figure 2-1) are
then modelled further using bow-tie methodology.
The Bow-Tie is a model that represents how a Hazard can be released, escalate, and how it
is controlled. It contains the elements required to effectively manage the Hazard such that
the risks are tolerable and ALARP. Bow-Ties can also be used to support risk management
of non-HSE processes.
For each severity 5 or high level hazard, the bow-tie methodology allows for:
1. Identification of the hazard release, escalation and consequence scenarios
2. Identification of controls, e.g. barriers and escalation factor controls required to
manage the hazards
3. Categorisation of controls into Inherent Safety, Safety Critical Element (hardware)
or Critical activity (procedures, processes, operator action)
4. A clear visual representation to enable the ALARP review to be undertaken
5. An aid in the incident review process if occurrence of such a major incident has
occurred.
The bow-tie is a model that represents how a hazard can be released, escalate and how it
is controlled. Bow-Tie XP is the PDO preferred software tool
The role of a barrier on the bow-tie diagrams is to prevent (Left hand side of BT) or limit
(Right hand side of BT) the consequence of a major incident. Barriers may be:
Hardware Barriers for Severity 5 or High Risk Hazards (HSE) shall be classified as HSE
Critical Elements. Selection of these Barriers shall be in accordance with EP2009-9009
SCE Management Manual [Ref. 10]and is further described in Section 7.
Common barriers or escalation factor controls that appear frequently, e.g. such as those to
do with Operator/Human Error, should be modelled using a separate bow-tie to manage the
single Threat of Operator/Human Error.
See Section 10 ALARP demonstration for further information.
The SCE management manual [Ref. 10] describes the activities and processes for
managing the critical hardware barriers (SCEs) that appear in the MAH bow-ties.
The hardware barriers in Figure 7-6 are depicted with a number of small holes that
represent an integrity failure either in design or operating performance. On their own,
these failures may not be significant but, if the holes line up, there may be no effective
barriers in place between safe operations and escalating consequences, leading to a
major incident.
For example, a loss of containment in a sweet gas facility would not normally be
expected to cause fatalities unless it is ignited. An integrity failure in the process
containment system combined with a failure in the ignition control system could cause an
ignited event, i.e. a fire or explosion. If there are no personnel in the area then this in
itself would not cause fatalities. However, if there are integrity failures in the fire and gas
detection system then the event may not be detected and the process system not
isolated and the event may have the potential to escalate to adjacent inventories. This
would also be the case if an ESD Valve or Blowdown Valve failed to operate on demand.
Finally, if adequate assembly points and EER systems such as emergency telecoms are
not provided or are not suitable, then personnel may not be evacuated quickly enough
and the process release would have the potential to cause fatalities. The example shows
that a number or what on their own would sometimes be considered as minor failures
have combined to produce a Major Accident causing fatalities.
Figure 7-6 shows the importance of maintaining and monitoring and ensuring the
integrity status of all hardware barriers, so that what might be considered to be relatively
Page 39 SP-2062 Specification for HSE Cases Printed 27/03/11
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Petroleum Development Oman LLC Effective: Mar-11
small faults in individual barriers do not combine together in an unforeseen manner that
compromises the ability if the barriers to prevent or control a major incident.
Note that it is not necessary for all barriers to fail to lead to a major incident. For
example, failure of a single barrier such as process containment on a high sour facility
may lead directly to major incident.
Each SCE is attached to a relevant discipline who are designated as the owner of the
associated Performance Standard.
GenericListofSCEs
EP90092009
CouldfailureofthiselementcauseaMAH? ThisitemisaSafetyCriticalElement.
No
CouldfailureofthiselementcontributesubstantiallytoaMAH?
No No
IsthepurposeofthiselementtopreventaMAH?
No
No No
IsthepurposeofthiselementtolimittheeffectsaMAH?
ThisitemisnotaSafetyCriticalElement.
No
No
Examples of the two types of Performance Standard are provided in Appendix 293 and
Appendix 394, respectively.
10 ALARP demonstration
10.1ALARP Definition
ALARP (As Low As Reasonably Practicable) allows a proportional level of effort to be put
into risk reduction once the initial level of risk has been assessed for a particular
operation or process. The ALARP principle is used to determine whether risks are
broadly acceptable, tolerable or intolerable via comparison against company risk criteria.
The use of the ALARP principle requires judgement to determine whether or not risk
levels are as low as reasonably practicable. ALARP can be demonstrated when the
sacrifice (cost, time, effort) required to reduce the risk any further, would be
disproportionate to the risk reduction potentially achieved (the benefit). The term
sacrifice relates to the time, effort and/or cost of the complete implementation and future
maintenance and operation of the particular risk reduction measure in question. Benefit
relates to the level of risk reduction offered by a risk reduction measure. Reasonably
practicable is the balance between the sacrifice and benefit of implementing the risk
reduction measure, or suite of measures.
ALARP justification also requires demonstration that all risk reduction measures
assessed as reasonably practicable have been implemented. The use of reasonably
practicable uses a goal setting approach to risk reduction rather than a prescriptive one.
This is a standard approach for all high risk industries including the oil and gas industry.
ALARP demonstration can be based on a comparison of the suite of barriers and control
measures that are in place, versus those expected to be seen in equivalent assets or
industries. This represents good practice and can be identified as standards for
controlling risk that have been judged and recognised as satisfying a particular set of laws
or regulations. In the absence of a developed regulatory system, company standards,
corporate global standards, best engineering practice and engineering judgement may be
used as a basis for comparison.
For ALARP to be demonstrated, all hazards and risks must have been identified as far as
practicable and assessed against the PDO Risk Assessment Matrix (RAM) (Figure 2-1)
and as described in Section 5. This provides a prioritised listing of hazards. As a
minimum, all Major Accident Hazards (High Risk and Severity 5 hazards) shall be
subjected to Bow-Tie analysis as described in Section 6. This is a qualitative approach to
demonstrating ALARP using the engineering, process, Process Safety and HSE
knowledge and experience of the selected workshop group.
In addition to this approach, ALARP demonstration can employ a combination of
qualitative and quantitative techniques dependent on the novelty, complexity and type of
process or project under assessment. The HSE Cases are assessed in line with the
Framework for risk related decision support in PDO as shown in Figure 2-1 and the level
of risk assessment performed proportional to the level of risk associated with the process
or project.
Refer also to GU-648 Guide for Applying Process Safety in Projects [Ref. 4] and CP-117
Project Engineering Code of Practice [Ref. 6] for further description of ALARP
requirements.
MOST
EFFECTIVE Eliminate Eliminate
Eliminate sources of f lammable gas release
Eliminate
Substitute
Substitute
Eliminate
Substitute theHouse
Compressor hazard
for open arrangement
Substitute
Separation -
Use processes
Separate or from
c ompressors methods with lower
each other risk impact
Isolate/Separate
Separate c ompressors from rest of plant
Isolation / Separation
Separate gas cloud from ignition sources
Engineer
Isolate
PREVENTION Design f or proc ess containment integrity
Engineered
PREVENTION
Safeguards
MITIGATION Gastodetec
Design tion, shutdown,
prevent blowdown
an unwanted
Isolation of ignition sources
event
RECOVERY Design to mitigate harmful consequences
Forced ventilation
Engineer
Organisation Organisational Controls
Organisational Controls
Training, Competency, Communication
Operator training f or Compressor upset conditions
Communication for emergency response
ProceduralNot
Controls -
Procedures
Admin Operating procedures,
assessed in Work instructions, Permits
Procedural Controls -
Maintenance regimes Operating procedures
quantitative
Emergency Response
terms procedures
Emergency response procedures
LEAST PPE
PPE
EFFECTIVE Personal Protective Equipment
Personal Protective Equipment
Protect the person N/ A there is no PPE effec tive against explosion
The strategy selected for managing a hazard will differ depending on the project
phase, and this principle shall form part of the evaluation when making ALARP
demonstrations.
As the opportunity for influencing the facility design is greatest during early design
phases, the focus shall be on elimination or substitution of the hazards. This
typically applies to Identify& Assess and Select phases of the ORP process.
As the project matures into Define and Execute, there is less opportunity to apply
elimination or substitution and hence the predominant hazard management controls
consist of isolation/separation and engineering solutions that can be put in place.
Once a facility becomes operational, the hazard management will largely focus on
the organizational and procedural controls. PPE is generally regarded as the last
principle of hazard management and therefore also the least effective.
as the project develops. In part this is because the cost and difficulty of delivering a
given risk reduction solution increases as the project develops. ALARP
demonstrations must be robust for each of the HSE Cases as per Figure 3-3.
CP-122 Health, Safety and Environment Mgmt System CoP describes application
of the AI-PSM process from CCPS RBPS within PDO to demonstrate compliance to
good engineering practice and to ensure that risk levels are ALARP. This is made
via demonstrating compliance against the 20 Process Elements shown in Appendix
418.
Each of the threat lines in the bow-ties shall be reviewed in turn and the discussion
should cover such questions such as:
o Does industry best practice state what should be done or make any
recommendations?
o Can a benchmark exercise be undertaken against other operators and similar
controls implemented?
o Where are the gaps/shortfalls and what action needs to be taken to address these
gaps/shortfalls? See Section 11.2.
o Is there sufficient quantity and quality of barriers?
o Is there anything else that can be done to further reduce the risk?
Both barrier effectiveness and the number of barriers contribute to the overall
effectiveness of control, although in general, the effectiveness of individual barriers is
more critical.
Page 51 SP-2062 Specification for HSE Cases Printed 27/03/11
The controlled version of this CMF Document resides online in Livelink. Printed copies are UNCONTROLLED.
Revision: 1.0
Petroleum Development Oman LLC Effective: Mar-11
The number, independence and reliability of the control and recovery measures shall
be commensurate with the risk.
By approaching the bow-tie review in this systematic fashion, the barriers can be
challenged in terms of completeness and adequacy and gaps identified and
addressed so that the review team is satisfied that the risks arereduced to ALARP.
The HSE Case process enables an ALARP argument to be formulated although in
isolation, a complete ALARP argument cannot be made. The claims made against
the numbers, quality, performance and location of the barriers must also be verified.
This verification of the safeguards (both hardware and procedural controls) is
performed via AI-PSM audit and the TR-MIE and TI-HBV processes. These
processes substantiate the claims made within the Bow-Ties and MOPO in terms of
barrier integrity and performance.
The ALARP demonstration for such decisions shall be signed by the person developing
the demonstration as well as relevant discipline Technical Authorities.
The decision on whether to take the action shall be dependent on the resulting
score. The multiplication results in a numerical score from 1 (most attractive) to 27
(least attractive).
The result of this iterative process shall be tabulated in the Remedial Action Plan
within the HSE Case.
Score 1 2 3
Cost (over 3 <$50K $50-$500k >$500k
years)
Benefit High Medium Low
Effort Quick fix Simple Fix Complex
2 2 4 6
3 3 6 9
4 4 8 12
6 6 12 18
9 9 18 27
Bowtie Strategy to
Item Action Measure / Reso Action Targe Comments
Achieve the C B E S
no. ref. Description Indicator urce Owner t Date / Status
Action
1 H- Ensure Develop andDeveloped 1 2 1 2 OSO OSS Q10 Closed
compliance of implement and 9
01.005b 12/09/200
speed limits program to
implement
inside NRPS. reinforce program to 9
H- Speed limits awareness of
reinforce PDO
01.003a within NRPS speed limits
awareness conseque
are currently inside NRPS. of speed nce matrix
H- not complied limits inside implement
with. Implement PDO NRPS.
consequence ed. Drive
01.003d
Conduct drive management PDO for road
to further procedures for consequenc safety
H- (within the
communicate speeding. e
01.005d hazards of managemen 4MW).
speeding Install speed t procedures Various
H-04.002 within NRPS. limits signs (if for seeding campaign
not present). implemented s and
. posters
H-10.016
displaying
Speed limits conseque
installed (if nces for
required). breaking
road rules
(includes
speeding).
12 STATEMENT OF FITNESS
A Statement of Fitness is required by CP-117 [Ref. 6] and CP-122 HSE Management
Manual and shall be included in the HSE Case.
A Statement of Fitness shall be developed for the Assets prior to teh pre start up audit for a
project, before starting or commissioning a new Asset or a modification to an existing Asset.
Table 12-6 contains each element of the Statement of Fitness together with a guide to
minimum requirements for demonstrate compliance with each element. Further guidance is
provided in GU-648.
Table 12-6: Statement of Fitness
REQUIREMENT DEMONSTRATION
Process Safety Risks have been HSE Risk studies including HAZOP, HEMP, FERM
identified and documented and are and Bow-Ties have been completed
managed to ALARP ALARP demonstration has been made for the asset
ALARP demonstration includes assessment of
SIMOPS and development of a MOPO
Risk register and Risk Management Plan in place
An Emergency Response Plan addressing each of
the identified Major Accident Hazards has been
developed and is routinely tested
Critical PCAP deliverables
No outstanding unapproved variations to DEM1,
DEM2 or actions from ALARP workshops
Safety Critical Equipment meets its SCEs have been indentified and documented and
Technical Integrity Requirements included in the HSE Case
Performance Standards have been developed for all
identified SCEs and approved by TAs
PCAP in place & followed
TIV Report (assurance and verification of the SCEs)
finalized all punch listed items closed out
Design and Construction of new All requirements of DEM 1 are met a derogation
Assets and modifications to existing register is maintained where DEPs cannot be
Assets meet design and engineering satisfied
requirements Critical documents and drawings are prepared and
approved.
Well Handover Document completed
Process Safety Basic Requirements All applicable PSBRs are met (DEM2)
are met
REQUIREMENT DEMONSTRATION
Inspection Routines are identified and inspection routines are current and uploaded to
loaded into the maintenance SAP
management system (SAP). Asset register is current and uploaded to SAP
CMMS and SCE Management system is populated
and available
Corrosion management plans are in place
Well integrity management is in place
FSR is in place
HSE audit and inspection Level 1, 2 and 3 audits are scheduled and completed
programmes test compliance with the as per the HSE Business Plan
AI-PSM and HSE Case Standards Audit findings are internally communicated to all
levels in the organisation and a RAP developed
13 MANAGEMENT OF CHANGE
All PDO Operations HSE Cases shall be reviewed on an annual basis (by year end) to
ensure that all the following sections of the HSE Case remain true and valid to operations.
It is the responsibility of the Delivery Team Leader as the HSE Case Custodian to ensure
these updates are completed, with support from the HSE Case administrator.
Bow-tie assessment
o Have any new severity 5 or high level risks been identified?
o Are all barriers still valid?
o Have any new barriers been identified?
o Are all barriers correctly categorised (Inherent Safety, SCE, Critical Activity)?
SCE listing
o Is the hardware barrier correctly identified as an SCE?
o Does the barrier have the correct SCE identifier attached?
o Are all the performance standards complete and up to date?
o Has all SCE been entered into the Asset Register?
o Has the task information embedded within the system been added to the HSE
Critical Task information?
Remedial Actions
o Are any of the remedial actions overdue?
o Do any of these open action items compromise safe operations of the plant as
signed in the Statement of Fitness?
Statement of Fitness
o Annual review of the Statement of Fitness to ensure that it is correct and accurately
reflects the status of operations.
o The Statement of Fitness shall be signed off by the HSE Case Custodian after each
review.
Other changes that may trigger a revision to the Operations HSE Case are listed below:
All identified changes to the HSE Case, whether as a result of a periodic review or any of
the other criteria listed above shall be assessed by the HSE Custodian, the Technical Safety
Engineer and the HSE Case administrator (where this is not the TSE). Where relevant, the
change should also be assessed by a discipline Technical Authority.
The roles and responsibilities for changes to the HSE Case and how these changes shall
be recorded are further described in Appendix 417.
Relevant HEMP studies will depend on the nature, size and complexity of the project.
Large and complex projects will typically require a separate ALARP demonstration report to
meet the above requirements.
The Concept Select Report shall contain summaries and/or references to all the above
documents.
15.1Basic Requirements
The Design HSE Case:
15.2Format
The Design HSE Case shall be based on the following structure:
o Contents
o Part 1 Introduction
o Part 2 Concept Select Report Summary
o Part 3 Design Basis & Facilities Description
o Part 4 HEMP and major accident hazard (MAH) assessment (including ALARP
Demonstration, safety critical elements (SCE) and Bow-ties)
o Part 5 Improvement (Remedial Action Plan)
15.2.1 Contents
This part shall contain:
o Document authorisation, identification of the HSE Case Owner, HSE Case
Custodian, and HSE Case Administrator and their responsibilities
o Version control, showing the scope of each revision
o Signed off Statement of Fitness for the Design HSE Case by the HSE Case Owner
(usually the Project Manager).
The Statement of Fitness is signed on the understanding that all remedial actions
outlined in Part 5 of the Design HSE Case are, or will be, closed out effectively by
their action target dates.
See Sections 5, 6 and 10 for more details on undertaking HEMP, Bow- Ties and
ALARP Demonstrations, respectively.
Consult DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)
16.1Basic Requirements
The Operations HSE Case:
o Is required to demonstrate how severity 5 or high level hazards are managed during
operations to ensure that the risk is tolerable and ALARP
o Shall describe how the relevant management systems (asset integrity, Maintenance
Integrity Execution, competence and permit to work, etc.) implement the
requirements of the PDO HSE-MS and the AI-PSM systems, including management
of medium hazards
o Shall be accepted and signed off by the relevant Director (in the Statement of
Fitness)
16.2Format
The Operations HSE Case shall be based on the following structure:
o Contents (including the Statement of Fitness)
o Part 1 Introduction
o Part 2 Facility Description
o Part 3 People, HSE critical tasks
o Part 4 HEMP and major accident hazard (MAH) assessment (including ALARP
Demonstration, safety critical elements (SCE) and Bow-ties)
o Part 5 Improvement (Action Plan)
16.2.1 Contents
This part shall contain:
o Document authorisation, identification of the HSE Case Owner, HSE Case
Custodian, and HSE Case Administrator and their responsibilities
o Version control, showing the scope of each revision
o Signed off Statement of Fitness of the Operations HSE Case by the HSE Case
Owner (the relevant Director).
The Statement of Fitness is signed on the understanding that all remedial actions
outlined in Part 5 are, or will be, closed out effectively by their action target dates.
reviewed to ensure all applicable measures to reduce risks to tolerable and ALARP
levels have been assessed and implemented see Section 10.2.5.
o Summary of HEMP studies undertaken since the Design HSE Case, e.g. Hazard
Identification studies (HAZID), Hazard and Operability studies (HAZOP),
Instrumented Protective Function (IPF), plant layout study, Quantified Risk
Assessment (QRA), SIMOPS QRA, Human Factors Engineering (HFE),
consequence modelling, etc.
o A matrix of permitted operations (MOPO) to define the operating envelope and
safe operating limits for the facility and provide guidance on action required in
event of abnormal situations. Situations mapped shall cover:
Adverse weather conditions
Simultaneous operations (SIMOPs)
Safety critical element (SCE) and critical manpower unavailability
Consulted DCAF for latest version of specified deliverables and the Discipline Authority
Manual (TAs)The Operations HSE Case shallcontain summaries and/or references to all
the above documents. The following DCAF documents will be incorporated into the
Operations HSE Case, either within the main body or as an appendix.
o Statement of Fitness (within the Operation HSE Case)
o Matrix of Permitted Operations (MOPO) (within the Operations HSE Case)
o Asset Register (updated) (Appendix)
o Safety Critical Element Register (Appendix)
Acronym Definition
SP Social policy
TA Technical Authority
Threat Any action or mechanism that could bring about the unplanned release of a hazard
Threat control Any measure put in place to prevent a Threat being successful
Tolerable Risks are those that have been reduced to a level where they comply with the
Tolerable risk applicable laws and regulations, standards, strategic objectives and other agreed
Tolerability Criteria.
Top event The first thing that happens when a hazard is released (also known as first consequence)
TR-HBV Total Reliability - Hardware Barrier Verification
TR-MIE Total Reliability - Maintenance integrity Execution
UKOOA UK Offshore Operators Association
VAR Value Assurance Review
Appendix 26
Appendix 27Appendix 28Appendix 29 Appendix 30 Programme of Appendix 34 Appendix 35 L Appendix
Appendix
36
Appendix
37
Appendix
1. 38Oil 39
spill
H- Crud Loa Integrity equipment inspections: Oil ocalised - C C C contingency
e d Fail Floating Hose daily S environm 2. Pollution control
i ure: Underwater hose- 6 mths pil ental capability
o n hos SBM topsides- daily l impact 3. Radio controlled
i g e, ESD from vessel
Submarine pipeline- 5 yearly
l flan 4. 3 yearly MOSAG
ge, Pipeline pigging -5 yearly oil spill audit
C
u r pipin Appendix 31 Corrosion protection:
n u g. Impressed current Anodes
d d
e e Appendix 32 Replacement:
r Change-out equipment on a time &
a condition basis
p t
r
e t
s h
s e
u
r S
e B
M
Appendix 40
Appendix 41Appendix 42Appendix 43 Ships Anchors lashed & checked Appendix 44 Appendix 45 L Appendix
Appendix
46
Appendix
47
Appendix
1. 48SBM/
49PL
Anchor Restricted area defined Dama ocalised - C B C redundancy
Han Pipeline route area under ge environm 2. OSR capability
dling observation d ental 3. Continuous diving
Pi impact capability
pe
lin
e
Appendix 50
Appendix 51Appendix 52Appendix 531. Engine use procedure Appendix 54 Appendix 55 L Appendix
Appendix
56
Appendix
57
Appendix
1. 58Spare
59 SBM
Vessel 2. Focsle watchkeeper Dama ocalised - C B C 2. SBM Redundancy
colli 3. Tug assistance available ge environm 3. Critical SBM
sion d ental spares available
with S impact
SB B
M M
APPENDIX 62 APPENDIX 64
SCE SCE
C APPENDIX 63 SCE C APPENDIX 65 SCE
O DESCRIPTION O DESCRIPTION
D D
E E
Appendix 122
Appendix 123 Hazar Appendix 124
Appendix 125 Pipeline
IC001 dous Area Ventilation SD00 Isolation Valves
5
Appendix 126
Appendix 127 Non- Appendix 128
Appendix 129 Process
IC002 Hazardous Area SD00 ESDVs
Ventilation 6
Appendix 130
Appendix 131 Certifi Appendix 132
Appendix 133 Drilling
IC003 ed Electrical SD00 Well Control
Equipment 8
Appendix 134
Appendix 135 Earth Appendix 136
Appendix 137 Utility Air
IC005 Bonding SD00
9
Appendix 138
Appendix 139 Fuel Appendix 140
Appendix 141 Temporar
IC006 Gas Purge Systems ER00 y Refuge/Muster Areas
1
Appendix 142
Appendix 143 Inert Appendix 144
Appendix 145 Escape &
IC007 Gas Blanket Systems ER00 Evacuation Routes
2
Appendix 146
Appendix 147 Miscel Appendix 148
Appendix 149 Emergen
IC008 laneous Ignition ER00 cy/ Escape Lighting
Control Components 3
Appendix 150
Appendix 151 Flare Appendix 152
Appendix 153 Communi
IC009 Tip Ignition Systems ER00 cations Systems
4
Appendix 154
Appendix 155 Fire & Appendix 156
Appendix 157 Uninterru
DS00 Gas Detection ER00 ptible Power Supply
1 Systems 5
Appendix 158
Appendix 159 Securi Appendix 160
Appendix 161 Emergen
DS00 ty Systems ER00 cy Power
2 7
Appendix 162
Appendix 163 Water Appendix 164
Appendix 165 Drain
DS00 in Condensate (gas ER01 Systems
3 dew point) 0
Measurement
Appendix 166
Appendix 167 Delug Appendix 168
Appendix 169 Personal
PS00 e Systems LS00 Survival Equipment (PSE)
1 1 Drain Systems
Appendix 170
Appendix 171 Fire Appendix 172
Appendix 173
PS00 and Explosion -
2 Protection
Appendix 177
Appendix 178
Appendix 179
Appendix 180
Appendix 181
Appendix 182
Appendix 183
Appendix 184
Appendix 185
Appendix 186
Appendix 187
H-01.005d
H-01.003b
H-01.003d
H-01.005b
H-01.003a
H-01.003c
H-01.005a
H-01.005c
H-04.002
H-10.016
H-99.001
APPENDIX 175
APPENDIX 176 S
SCE AFETY
GRO CRITICAL
UP ELEMENT
Appendix 215 P
AppendixAppendix
216 217
Appendix 218
Appendix 219 AppendixAppendix
Appendix 220 221 222 AppendixAppendix
Appendix 223 224 225
Appendix 226
C003 Rotating
- - - - - - -
Equipment
Appendix 177
Appendix 178
Appendix 179
Appendix 180
Appendix 181
Appendix 182
Appendix 183
Appendix 184
Appendix 185
Appendix 186
Appendix 187
H-01.005d
H-01.003b
H-01.003d
H-01.005b
H-01.003a
H-01.003c
H-01.005a
H-01.005c
H-04.002
H-10.016
H-99.001
APPENDIX 175
APPENDIX 176 S
SCE AFETY
GRO CRITICAL
UP ELEMENT
Appendix 267 P
AppendixAppendix
268 269
Appendix 270
Appendix 271 AppendixAppendix
Appendix 272 273 AppendixAppendix
274 275 Appendix
276 277
Appendix 278
C007 Relief
- - - - -
System
Appendix 280 P
Appendix 281
Appendix 282
Appendix 283 AppendixAppendix
Appendix 284 285 286
Appendix 287
Appendix 288
Appendix 289
Appendix 290
Appendix 291
C008 Well
- - - - - - - - - -
Containment
Appendix 292
Appendix 298 S
Appendix 299 PC001 Pressure Vessels Appendix 300 Review # Appendix 301
CE GROUP
Appendix 302 S
Appendix 303 To maintain integrity of the pressure envelope Appendix 304 Date Appendix 305
CE GOAL
Appendix 306
Functi
Appendix 307
o Appendix 310 Ve
Functional Appendix 308 Performance criteria Appendix 309 Assurance
n rification
Criteria
N
o.
Appendix 311Appendix 312 Appendix 313 1.1 Pressure Vessel External Inspection Appendix 315 These should be Appendix 323 Re
1 To maintain tasks/activities in a scheduled view flare
the Appendix 314 There shall be no unacceptable flaws in the Pressure Vessel as defined within assurance event specified in a relief and
pressur the Inspection Management Process. Company process/procedure.** blowdown
e * There shall be no unacceptable cracks in the vessel or supports. study and
envelop * There shall be no unacceptable corrosion in the vessel, flanges, bolting and supports Appendix 316 Approved Flare Relief 10% sample
e for * There shall be no unacceptable visible damage (gouges, dents, deformations, arc strikes) and blowdown Study. review of
conditio to vessel or supports. relief device
Appendix 317 Approved/checked
ns calculations for relief devices. calculations,
within specifications
design Appendix 318 Approved specification , vendor data
basis and data sheets. sheets and
supplier
Appendix 319 HAZOP review. quality field
Appendix 320 PCAP/DCAF Driven inspection
reports to
Appendix 321 TIVP/AIPSM Driven check that
performance
Appendix 322 OE/Flawless Driven criteria has
been
achieved.
Appendix 326 1.2 Pressure Vessel Internal Inspection Appendix 327 These should be
There shall be no unacceptable internal flaws in the Pressure Vessel as defined within the tasks/activities in a scheduled
Inspection Management Process. assurance event specified in a
* There shall be no unacceptable cracks in the vessel. Company process/procedure.**
* There shall be no unacceptable corrosion inside the vessel. Appendix 331
* There shall be no unacceptable visible damage (gouges, dents, deformations, arc strikes) Appendix 328 PCAP/DCAF Driven
to vessel. Appendix 329 TIVP/AIPSM Driven
Appendix 330 OE/Flawless Driven
Appendix 365
Functi
Appendix 366 Sys
o Appendix 369 Ve
tem /Sub Appendix 367 Performance criteria Appendix 368 Basis and Assurance
n rification
System
N
o.
Appendix 379
Functi
o Appendix 380 Haz Appendix 383 Ve
Appendix 381 Performance criteria Appendix 382 Basis and Assurance
n ardous Event rification
N
o.
Appendix 384 Appendix 385 Appendix 386 Appendix 387 These should be Appendix 391
tasks/activities in a scheduled
assurance event specified in a
Company process/procedure.**
Appendix 388 PCAP/DCAF Driven
Appendix 389 TIVP/AIPSM Driven
Appendix 392
Appendix 393
Appendix 394 Example Operations Performance Standard (EP 2009-9009, Ref. 10)
Appendix 395
Appendix 396
4.29 Implement company consequence management Plant Operations Manual Disciplinary reports
procedure for non compliance
H-01.003a Human error Consequence management PR-1029 Competence
H-01.003b (disciplinary procedures) for Assurance and
H-01.003c non-compliance Assessment
H-01.003d
H-01.005a
H-01.005b
H-01.005c
H-01.005d
H-04.002
H-10.016
4.49 Ensure asset security plan appropriate for CP-126 Personnel and Asset Security Plan
location risks is established and implemented. Asset Security
H-01.003a Sabotage/ 3rd party Asset Security Plan This should include dialogue and interface with
H-01.003b interference ROP presence the ROP. PL-10 Security &
H-01.003c Emergency Response
H-01.005a Policy
H-01.005b
H-01.005c
H-01.005d
H-10.016
6.03 Ensure the Manpower model is implemented for GU-4884 Planning and Manpower report
Nimr operations Scheduling Guidelines
H-01.003a Lack of manpower/ Man Power Model/ERROS -
H-01.003b resources Estimated Resources
H-01.003c Required on Site
H-01.003d
H-01.005b
H-01.005c
H-01.005d
H-10.016
Additional controls required as indicated in the MOPOs (coloured amber) shall be listed. Wok shall
only be carried out under the formal control of the Permit to Work (PTW) system, including component
elements such as plant isolation certificates, vessel entry certificates, hot work permits, etc. All
applicable procedures and work instructions relating to the work to be undertaken shall be complied
with.
In certain cases, the specific operation is not directly impacted by the barrier that is impaired, but
consideration shall be given to proceeding with non-essential work that could increase the risk.
Where necessary, the requirement for undertaking risk assessment shall be noted. Measures shall be
taken to maintains risks at ALARP and the effectiveness of the measures shall be verified. All actions
involving bypassing the safeguarding systems shall be authorised by the Production Delivery Team
Leader who shallprepare individual procedures for all tasks not covered by existing procedures and
consult relevant discipline technical authority.
Examples of the three MOPOs (Adverse Weather, SIMOPs, and SCE Impairment) follow. These shall
be used as guidance for construction of a new MOPO or for review of an existing MOPO. The notes
within the MOPO are intended to support rather than supersede the specific risk assessments
required, particularly for SCE Impairment where FSR and CMPT processes shall be applied. For a
MOPO to be effective it must provide clear concise information to the Operator of immediate action to
be taken under the specified conditions, e.g. if working at height is ongoing and wind speed increases,
he needs to be able to quickly see when to stop the activity in question.
VISIBILITYHEAVY MIST -
FLOODINGHEAVY RAIN -
HIGH AMBIENT
WIND >20 KTS
SEVERELY
SEVERELY
TEMP >50 C
VISIBILITY
NIGHT TIME
LIGHTNING
REDUCED
REDUCED
WORKING
& WADI
ACTIVITY/OPERATION
Drilling 1 1 1 1 1 1 1
MOPO SIMOPs
MAINTENANCENON-BREACHING
JETGRIT BLASTING / HP WATER
STRUCTURESWORKING ON TALL
CONSTRUCTION ACTIVITIES
OPERATE OIL & GAS PLANT
BREACHING MAINTENANCE
PGC/PLANT UNIT START-UP
EXCAVATION ACTIVITIES
CHEMICAL UNLOADING
WORKING OUTDOORS
N2/HE LEAK TESTING
OPERATE PIPELINES
QA MPS OPERATION
WORK AT HEIGHT
APO OPERATION
WELL SERVICES
LOCAL VENTING
GT OPERATION
RADIOGRAPHY
HRSG ENTRY
SAMPLING
DRILLING
FLARING
ACTIVITY/OPERATION
Drilling
Well Services 6
Operate Wells/Flowlines 6 6
Operate Pipelines Y Y Y
Pigging (future) Y Y Y 7
QA MPS Operation Y Y Y Y Y
GT operation Y Y Y Y Y Y
BFW Heater Startup (plant
Y Y Y Y Y Y Y
startup)
HRSG Startup (plant
Y Y Y Y Y Y Y Y
startup)
Steam Distribution Plant
Y Y Y Y Y Y Y Y Y
start-up
Oil & Gas Plant start-up Y Y Y Y Y Y Y Y Y Y
PGC/Plant unit Startup Y Y Y Y Y Y Y Y Y Y Y
Operate Steam Plant Y Y Y Y Y Y Y Y Y Y Y Y
Operate Oil & Gas Plant Y Y Y Y Y Y Y Y Y Y Y Y Y
APO Operation Y Y Y Y Y Y Y Y Y Y Y Y Y Y
N2/He Leak Testing Y Y Y N N Y Y N N N N N N N N
Working Outdoors Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N
Sampling Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y
Radiography Y Y Y Y Y Y Y N N N N N Y Y Y N N N
Vehicle Movement on-plot Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y N N
Vehicle Movement off-plot Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y Y
Road Maintenance/
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Grading
Grit Blasting / HP Water
Y Y 8 8 8 Y Y N N N N N 8 8 8 N N N N N N Y
Jet
Lifting/Crane Operations Y Y N N Y Y Y N N N N N Y Y Y N N N N N N Y N
Fork Lift Truck Operations Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N
High Noise Generating
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y
Activities
Excavation Activities Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N N Y
Work at Height (outside
Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y Y Y
permanent structures)
Working on Tall Structures Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y Y Y Y
Zone 1 Area Work Y Y 3 3 3 Y Y N N N N N 3 3 3 N Y Y N N N N N N N Y N N N
Zone 2 Area Work Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y Y Y Y Y N
Breaching Maintenance Y Y N N N Y Y N N N N N Y Y Y N Y Y N N N N N N N Y N N N N N
Non-Breaching
Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y Y Y Y Y N Y N
Maintenance
Class A Permit Work Y Y 3 3 3 Y Y N N N N N 3 3 3 N Y 3 N Y Y Y N N Y Y Y Y Y N Y N N
Class B Permit Work Y Y Y Y 3 Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y Y Y Y Y N Y N Y Y
HRSG entry Y Y Y Y Y Y N N N N N N Y Y Y N Y Y N Y Y Y N N Y N Y Y Y N Y N Y Y Y
Confined Space Entry Y Y Y Y Y Y Y N N N N N Y Y Y N Y Y N Y Y Y N N Y N Y Y Y N Y N Y Y Y Y
Flaring Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N N N Y Y Y Y Y Y Y
Local Venting Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N N Y N N N N N N N Y N N N N N N N N N N N 9
Draining to open systems Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N N Y N N N N N N N Y N N N N N N N N N N N Y Y
Chemical unloading Y Y Y Y Y Y Y N N N N Y Y Y Y N Y Y N Y Y Y N N Y Y N N N N N N N N N Y N Y N N
Chemical Disposal by Vac
Y Y Y Y Y Y Y N N N N Y Y Y Y N Y Y N Y Y Y N N Y Y N Y Y N N N N N N Y N Y N N N
Truck
Construction Activities Y Y Y Y Y Y Y N N N N Y Y Y Y N Y Y N Y Y Y N N Y Y Y Y Y N Y N Y N Y Y Y Y N N N N
(SAMPLING,VENTING,DRAININBREAKING HC-CONTAINMENT
LIFTING AND HOISTING OVER
PRESSURE/LEAK TESTING
OPERATE EQUIPMENT /
TANKERS, LOADING/
GENERAL ACTIVITIES
(INCLUDING HRSG)
OPERATE FACILTY
START-UP PLANT
OPERATE PLANT
HC EQUIPMENT
HOT WORK
SYSTEM
SYSTEM
G)
Structural Support in increased risk of MAH
SI003 Heavy lift Observed or detected Y Y Y Y Y N Y Y Y Y Y Y
cranes and structural/mechanical
mechanical defect resulting in
handling increased risk of MAH
due to dropped load
PC001 - PC006 Uncontrolled release of N N N 10 10 N N N N N N N
Process process fluids resulting in
Containment increased risk of MAH
PC007 Relief Unavailability of relief at N 10 N 10 Y 10 10 10 10 10 10 10
System design flow rate resulting
in increased risk of MAH
due to overpressure
PC008 Uncontrolled release of N Y N Y Y 10 10 10 10 10 10 10
Operational Well well fluid resulting in
Containment increased risk of MAH
PC009 Fired Unavailability of N Y N Y Y Y Y Y Y Y Y Y
Heaters (Burner BMS/IPS resulting in
Management increased risk of MAH
System)
IC003 Certified Certified electrical N 10 N 10 Y Y Y Y 10 Y 10 Y
Electrical equipment fails to meet
Equipment PS requirement resulting
in increased risk of
ignition
IC005 Earth Earth bonding fails to N Y 10 Y Y Y Y Y 10 Y N Y
Bonding meet PS requirement
resulting in increased
risk of ignition
IC006 Fuel Gas Inability to provide N N N 10 Y Y Y Y Y Y Y Y
Purge required fuel gas purge
flow to flare header
resulting in air ingress to
flare
IC007 Gas Total loss of gas blanket N N N N Y Y Y Y Y 10 Y Y
Blanket System - system resulting in
Total loss increased risk of ignition
IC007 Gas Inability to provide N 10 N 10 Y Y Y Y Y 10 Y Y
Blanket System - required gas blanket flow
Loss to individual individual equipment
equipment resulting in increased
risk of ignition
IC009 Flare Loss of primary & N N 10 10 10 10 10 10 10 10 10 10
Ignition Control secondary flare ignition
System systems resulting in flare
out
DS001 Fire and Total loss of F&G N N N N 10 10 10 10 N N 10 10
Gas - Total loss detection system
ACTIVITY/OPERATION
(SAMPLING,VENTING,DRAININBREAKING HC-CONTAINMENT
LIFTING AND HOISTING OVER
PRESSURE/LEAK TESTING
OPERATE EQUIPMENT /
TANKERS, LOADING/
GENERAL ACTIVITIES
(INCLUDING HRSG)
OPERATE FACILTY
START-UP PLANT
OPERATE PLANT
HC EQUIPMENT
HOT WORK
SYSTEM
SYSTEM
G)
DS002 Security Loss of access control to 10 Y 10 Y Y Y Y Y Y Y Y Y
Systems facilities
PS013 Chemical Inability to provide 10 Y 10 Y Y Y Y Y Y Y Y Y
Injection System required chemical
injection flow
SD001 ESD Total loss of ESD system N N N N N 10 10 10 10 10 10 10
System - Total
loss
SD001 ESD Local or partial loss of N 10 10 10 10 10 10 10 10 10 10 10
System - Local or ESD system
partial loss
SD002 Total loss of EDP system N N N N N 10 10 10 10 10 10 10
Depressurisation
System - Total
loss
SD002 Local or partial loss of N 10 N 10 10 10 10 10 10 10 10 10
Depressurisation EDP system
System - Local or
partial loss
SD004 Inability to isolate steam N Y N Y Y 10 10 10 10 10 10 10
Operational Well injection well or annulus
Isolation resulting in potential
back flow of HC
SD006 Process Inability of ESD end N 10 10 10 10 10 10 10 10 10 10 10
ESDV element valve to
adequately isolate
processes resulting in
potential escalation of
MAH
ER001 Temp Primary muster area 10 10 10 10 10 10 10 10 10 10 10 10
Refuge/ Muster impaired
Areas
ER002 Escape/ Escape/ evacuation 10 10 10 10 10 10 10 10 10 10 10 10
Evacuation routes impaired
Routes
ER003 Emergency/ escape 10 10 10 10 10 10 10 10 10 10 10 10
Emergency/ Lighting impaired
Escape Lighting
ER004 Loss of GA N N 10 10 10 10 10 10 10 10 10 10
Communication communication system
Systems - Loss of
GA
ER004 Loss of ER N N 10 10 10 10 10 10 10 10 10 10
Communication communication system
Systems - Loss of including radios and
ER landlines
communications
ER005 Inability to provide N N 10 10 10 Y Y Y Y Y Y Y
Uninterrupted emergency power supply
Power Supply to essential systems
(UPS)
ACTIVITY/OPERATION
(SAMPLING,VENTING,DRAININBREAKING HC-CONTAINMENT
LIFTING AND HOISTING OVER
PRESSURE/LEAK TESTING
OPERATE EQUIPMENT /
TANKERS, LOADING/
GENERAL ACTIVITIES
(INCLUDING HRSG)
OPERATE FACILTY
START-UP PLANT
OPERATE PLANT
HC EQUIPMENT
HOT WORK
SYSTEM
SYSTEM
G)
Survival below minimum level or
Equipment - faulty
Personal monitors
LS001 Personal Portable BA Sets below N N 10 10 10 N N N N N N N
Survival minimum level or faulty
Equipment - (Escape Sets)
Escape sets
LS001 Personal Portable BA Sets below N N 10 10 10 N N N N N N N
Survival minimum level (SCBA &
Equipment - Rescue Sets)
Rescue BA sets
LS001 Personal Insufficient number or 10 Y 10 Y Y Y Y Y Y Y N Y
Survival inadequate type of
Equipment - Chemical PPE available
Chemical PPE
LS001 Personal Safety showers/eye 10 Y 10 Y Y Y Y Y Y Y N Y
Survival wash stations not
Equipment - available or inoperable
Safety
showers/eye wash
stations
CRITICAL MANPOWER
UNAVAILABILITY
HSE Critical Competent persons not N N 10 10 10 N N N N N N N
Position available to fill HSE
Critical Position
ER - Team Competent persons not N N 10 10 10 N N N N N N N
Members available to fill ER team
member position
ER - QA Fire QA fire brigade not 10 10 Y Y Y 10 10 10 10 10 10 10
Brigade available for extended
period
ER - First Aider Insufficient number of 10 10 Y Y Y 10 10 10 10 10 10 10
first aiders available on-
site
LECC Competent persons not N N 10 10 10 N N N N N N N
available to fill LECC
positions or LECC not
available
Custodian
Engineer/ HSE Case
Authorities
Stakeholders
Action Parties
Originator
HSE Case
Technical
Custodian Technical Safety
Task
1. Identify Change C C A I R -
2. Assess Impact of Change and R C C I C I
Develop Workscope
3. Perform Workscope A C C C C R
4. Prepare HSE Case Changes R I A I I I
5. Review proposed HSE Case R C A C C I
Changes
6. Approve Changes R C A C I I
7. Publish Changes R I A I I I
(R) Responsible: The party responsible for executing the task and obtaining parties
involvement
(A) Accountable Party accountable for approval
(C) Consult Party responsible for contributing when consulted
(I) Informed Party informed of outcome
Role Responsibilities
Originator Identifies and summarises need for change(s)
Individual or group who identifies the Discusses potential change with MSE/4 Dept. to
need for change(s). This function determine whether it will affect the HSE Case or its
describes a variety of roles: underlying assumptions
- Asset (management, Identifies relevant Stakeholders, with advice from
supervision or operations); MSE/4 Dept.
- Workforce;
Contributes to preparing text change(s) as required
- Technical Authorities (TAs);
Reviewing and approval of proposed change(s)
- Discipline engineers;
- Contractors.
Role Responsibilities
Technical Safety Engineer Assesses the impact of the change(s) on the HSE
Case and its underlying assumptions
Supports the HSE Case by providing management,
technical support, knowledge and authoring
Ensures appropriate description of the change(s) in
the HSE Case
Liaises with other TAs as appropriate
Once the change has been agreed, logs the
change in the HSE Case MOC register
Maintains an up to date version of the HSE Case
MOC register
Action Parties Advise on impact of change(s)
Provide information on actions required
Provide input to HSE Case update
HSE Case Custodian (Delivery Team Propose change(s) resulting from, for example,
Leader / Asset Representative) changes to the operation of the asset or other
changes raised by personnel associated with the
asset
Review change(s) as a Stakeholder
Contribute to text change(s) in the HSE Case
Check proposed change(s) and co-ordinating
workforce involvement
Ensure that the information contained in the HSE
Case reflects the current status of the asset and its
operating practices
Technical Authorities Propose change(s) resulting from, for example,
change(s) to the engineering or operation of the
Asset or other change(s) raised as a result of
issues in their discipline
Review change(s) as a Stakeholder
Contribute to text change(s) in the HSE Case
Check proposed change(s) and co-ordinating
involvement of other TAs
Stakeholder Provide specialist knowledge and expertise
A person or person(s) who may be called Review and approve text change(s) in the HSE
upon to contribute to/consult on the Case
assessment of change(s) required, or
who may need to be advised of the
potential change(s) to the HSE Case.
This function describes a variety of roles:
- Asset (management,
supervision or operations);
- Workforce;
- Technical Authorities (TAs);
- Discipline engineers;
- Contractors.
Step 3: Perform Workscope (record the summary of outcomes for Step 3):
Step 4 & 5: HSE Case Changes (record summary of changes use continuation sheet if required for detailed changes):
Part: Section: Heading: Comments:
a) Issue the HSE Case Change Approval Form with proposed change(s) to the HSE
Case to relevant action parties and Stakeholders for comment/review.
b) Amend proposed change(s) as required reflect any comments received. On the
HSE Case Change Approval Form annotate which sections of the HSE Case have
been changed.
c) Determine need for immediate publication of change(s). Consider whether change
is significant and needs immediate update. Also consider cumulative effects of
changes to date.
ELEMEN
T AI-PSM ASSURANCE
ELEMENT AIMS AND OBJECTIVES
NUMBE ELEMENT
R
ELEMEN
T AI-PSM ASSURANCE
ELEMENT AIMS AND OBJECTIVES
NUMBE ELEMENT
R
ELEMEN
T AI-PSM ASSURANCE
ELEMENT AIMS AND OBJECTIVES
NUMBE ELEMENT
R
Management
To ensure that the defined AI-PSM activities produce the
Review and
20 desired results throughout the facility lifecycle.
Continuous
Improvement