Professional Documents
Culture Documents
Oss 121
Oss 121
DNV-OSS-121
CLASSIFICATION BASED ON
PERFORMANCE CRITERIA DETER-
MINED FROM RISK ASSESSMENT
METHODOLOGY
MAY 2001
© Det Norske Veritas. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including
photocopying and recording, without the prior written consent of Det Norske Veritas.
If any person suffers loss or damage which is proved to have been caused by any negligent act or omission of Det Norske Veritas, then Det Norske Veritas shall pay compensation to such person
for his proved direct loss or damage. However, the compensation shall not exceed an amount equal to ten times the fee charged for the service in question, provided that the maximum compen-
sation shall never exceed USD 2 million.
In this provision "Det Norske Veritas" shall mean the Foundation Det Norske Veritas as well as all its subsidiaries, directors, officers, employees, agents and any other acting on behalf of Det
Norske Veritas.
Offshore Service Specification DNV-OSS-121, May 2001
Contents – Page 3
CONTENTS
SECTION 1
INTRODUCTION
that the results can be presented as risks. Risk analysis is some- — if they failed, could cause or contribute substantially to a
times known as risk estimation or risk quantification. major hazard affecting safety or integrity of the installa-
tion; or
109 Risk assessment is a systematic analysis of the risks from — are intended to prevent or limit the effect of a major haz-
hazardous activities and making a rational evaluation of their ard.
significance by comparison against predetermined standards,
target risk levels or other risk acceptance criteria. Risk assess- Safety-critical elements include measures for prevention, de-
ment is used to determine risk management priorities. tection, control, mitigation (including personnel protection) of
hazards.
110 Risk acceptance criteria are standards by which the re-
sults of the risk assessment can be measured. The acceptance 112 Verification is examination, testing, audit or review to
criteria represent the acceptable level of safety and integrity of confirm that an activity, a product, or a service, is in accord-
ance with specified requirements.
the installation. They relate quantitative risk estimates to qual-
itative value judgements about the significance of the risks. For DNV classification, this normally includes verification of
the design, manufacturing, construction, installation, commis-
111 Safety-critical elements are parts of the installation, or sioning and in-service condition of safety-critical elements
plant, which are essential to maintain the safety and integrity such that they fulfil the requirements of the performance stand-
of the installation. This includes any items which: ards.
SECTION 2
DESIGN PRINCIPLES AND RISK ASSESSMENT METHODOLOGY
A 100 Introduction 103 The results of the hazard identification and any relevant
assumptions shall be documented.
101 This section states the design principles and require-
ments for risk assessment that are to be applied for award of C 200 Risk analysis
DNV classification.
201 The identified hazards can be ranked based on combina-
102 Risks shall be assessed in accordance with recognised tion of likely frequency and consequence. Insignificant risks
methods and shall be performed by qualified and competent may be eliminated from further evaluation provided that rele-
persons with the necessary understanding of risk, and the risk vant assumptions are documented.
assessment process.
Guidance note:
103 The risk assessment methodology and tools, assump- Risks shall not be subdivided such that individual risk elements
tions, and system boundary limits shall be clearly documented. appear trivial, whereas collectively still representing a substan-
Sensitivity analysis to examine how the results may vary as tial risk.
significant individual assumptions are changed shall be used to
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
document the uncertainties of the identified risks. This docu-
mentation shall be subject to DNV approval. Consideration of frequency includes identification of initiating
events, and combinations of events, which could lead to a haz-
ard. The likelihood of occurrence of such events can be found
from historical or other appropriate data.
B. Design Principles
The consequences of the hazards shall include analysis of the
B 100 General effects of accidents or accidental events on the safety of per-
101 The following principles shall apply in addition to the sonnel and integrity of the installation.
identified requirements from risk assessment: 202 The availability and vulnerability of key prevention and
protection systems shall be assessed with respect to required
1) The installation shall be designed and constructed with functionality against each of the identified hazards. Any signif-
sufficient integrity to withstand operational and environ- icant findings shall be consistent with assumptions made in
mental loading throughout the installation lifecycle. other parts of the risk analysis and assessment.
2) Systems and structures shall be designed with suitable 203 The hazards remaining after the screening exercise are
functionality and survivability for prevention, detection, termed significant major hazards. The selection of significant
control and mitigation of foreseeable accident events af- major hazards, including assumptions made as part of the rank-
fecting the installation. ing process, shall be documented.
3) Escalation to plant and areas, which are not affected by the Guidance note:
initiating event, shall be avoided. Tools such as HAZOPs, fault trees and engineering judgement
4) Effective escape, shelter and evacuation facilities shall be may be effectively applied to screen out hazards that are trivial or
provided to safeguard all personnel, as far as practicable, of minor significance. This includes hazards and escalations
at all times when the installation is manned. which are extremely unlikely to occur (e.g. due to the effective-
ness of prevention measures in place), or which will have minor
consequence to personnel or property.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
C. Risk Assessment
Guidance note:
C 100 Hazard identification Note that the screening exercise can also be useful for early opti-
misation of prevention and protection measures against major
101 Hazards with the potential to threaten safety of person- hazards prior to performing the risk assessment.
nel or integrity of the installation shall be identified. The haz-
ard identification should include all normal expected states of ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
the installation, such as operation, maintenance, and shutdown.
204 The basis for the risk ranking, including assumptions re-
Guidance note: lated to functioning of safety systems and exclusion of low sig-
Typical hazard identification techniques include e.g. HAZOPs, nificance risks shall be subject to DNV approval.
FMEA, safety reviews, etc.
---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
C 300 Risk assessment
301 The risks from significant major hazards shall be as-
102 A typical, but not necessarily exhaustive, list of hazards sessed and considered together in order to show:
includes:
— the annual safety risk for typical personnel groups on the
— loss of well containment (blowout etc.) installation (individual risk)
— hydrocarbon releases with potential to result in fires, ex- — the annual loss of integrity risk for the installation
plosions, or toxic hazards — the relative contribution of different hazards to the total
— release of other toxic or hazardous substances calculated risks.
— collisions
— helicopter crash 302 The annual risks shall be assessed against predefined
— structural and or foundation failure risk acceptance criteria (see 400). If necessary, risk reduction
— stability and buoyancy measures shall be applied in order to meet the acceptance cri-
— dropped objects teria.
303 The results of the risk analysis and evaluation shall be 103 The performance standards shall reflect any relevant li-
documented and subject to DNV approval. fecycle requirements of the critical element.
C 400 Acceptance criteria 104 The performance standard shall also reflect any interac-
tion or dependence between safety-critical elements for a par-
401 DNV Rules for Classification have been developed over ticular major accident scenario.
many years in order to give an acceptable level of safety and
integrity for design, construction and ongoing condition of the 105 Performance standards shall be documented and ap-
installation. Classification based on risk assessment tech- proved by DNV.
niques is expected to achieve at least the equivalent level of
safety as class based on prescriptive DNV rules.
In cases where deviations from the rules are justified on the ba- F. Risk Reduction
sis of risk assessment, this must be shown as resulting in an ac-
ceptable level of safety on the installation. This shall be F 100 General
demonstrated through fulfilment of agreed acceptance criteria.
101 The results of hazard identification and evaluation
402 The owner or operator shall define the acceptance crite-
present a good opportunity for targeted risk reduction. In as-
ria before performing the risk analysis. The criteria should take signing classification, DNV expects that such risk reduction
into account both the probability and consequences of signifi- will be undertaken wherever significant and practicable oppor-
cant major accident events. Meeting the acceptance criteria
tunities are identified.
will establish the basis for identification of safety-critical ele-
ments and selection of performance standards. 102 Hazard identification and evaluation is most effectively
403 Acceptance criteria shall be approved by DNV. initiated at concept design stage where risks can be avoided or
reduced.
For existing installations where this is not possible, hazard
identification and evaluation should be used to address hazards
D. Safety-Critical Elements and optimising the protection measures to manage them. In or-
der of importance, this means measures to prevent, detect, con-
D 100 General trol and mitigate against hazards.
101 Once the acceptance criteria have been fulfilled, the Guidance note:
safety-critical elements and performance standards shall be re-
Identified hazards can be avoided through e.g.:
corded for input to classification.
- removal of the source of a hazard (without introducing new
102 Safety-critical elements are defined in Sec.1 B111, and sources of hazard)
include all components or systems upon which the safety of the - breaking the sequence of events leading to realisation of a
installation depends. This includes all means for the preven- hazard.
tion, detection, control and mitigation of risk from major haz-
ards. Where hazards cannot be avoided, installation design and opera-
tion should aim to reduce the likelihood of hazards occurring
103 Safety-critical elements should be identified from, and where practicable, e.g. by:
shall be fully consistent with, the major hazard scenarios con- - reduction in number of leak sources (flanges, instruments,
sidered in the assessment. Identification of elements should valves, etc.)
also include input from good engineering judgement. - removal or relocation of ignition sources
The selection of items as safety-critical shall be based on con- - simplifying operations, avoiding complex or illogical proce-
sequence of failure. dures and inter-relationships between systems
- selection of better materials
104 The safety-critical elements shall be recorded and shall - mechanical integrity/protection
be subject to DNV approval. - reducing the probability of external initiating events, e.g. lift-
ing operations, etc.
- reduction in inventory, pressure, temperature
- use of less hazardous materials, process or technology.
E. Performance Standards
The consequences of hazards should be controlled and mitigated
E 100 General with the aim of reducing risk to personnel where practicable, e.g.
through:
101 Performance standards shall be established for the safe-
ty-critical elements. The performance standards shall be such - relocation of equipment, improved layout
that the safety-critical elements are suitable for fulfilment of - provision of physical barriers, distance separation, fire walls,
etc.
the acceptance criteria as demonstrated in the assessment.
- provision of detection and protection systems
102 The performance standards shall be suitably described, - provision of means to escape and evacuate.
normally in quantified terms, so as to be verifiable for the safe-
ty-critical elements. ---e-n-d---of---G-u-i-d-a-n-c-e---n-o-t-e---
SECTION 3
VERIFICATION, CLASS ENTRY
SECTION 4
VERIFICATION, MAINTENANCE OF CLASS