Professional Documents
Culture Documents
Prescriptive legislation cannot account for the differences in hazards etc., between each installation
Doesnt allow for alternative solutions
Performance Standards are where Operators define their Safety Critical Elements and demonstrate how their goals are achieved Requirement [Offshore Safety Case Regulations, 2005] to define:
Functionality, Availability, Reliability, Survivability and Interaction/Dependency
Marathon Oil U.K. LLC
HAZID
HAZOP
ERRA
It may be more efficient for a team to review the critical hardware components for preventing / mitigating major hazards only Major hazards are defined in Safety Case Regulations (2005): Fires or Explosions
Diving
Helicopters
Structural Integrity
Introductory Information
Important first stage to clarify why each system is Safety Critical Define purpose, scope and equipment items this standard covers Can save time later, e.g. distinguishing which ventilation dampers are Safety Critical Elements Define where additional information (e.g. drawings) are stored Define contingency arrangements what do you do if a failure is identified
Functional Criteria
Define the overall purpose(s) of the system, e.g. TEMPSC to enable the evacuation of all personnel from the platform
Looking to specify only the criteria that are relevant for the functionality of the system
Consider if, given the function is available and operational, will it be effective in its purpose can it be relied upon? Recognise that some systems may be safety related, or primarily provided for safety, but are not Safety Critical
Assurance Activities
Important addition to the Performance Standards Review whether checks are in place to prove that SCEs are effective
I.e. This is a demonstration that sufficient maintenance and testing is in place
If not already in place, can cross reference functional criteria with the maintenance management system such that PMRs can be flagged as safety critical It is essential to review the content of each PMR, however it may not be appropriate to specify the frequency of each PMR
Verification Activities
Use of an Independent Verifying Body is a legal requirement, however the Independent Verification Body (IVB) scope is defined by the operator The purpose of annual verification is to confirm that the SCEs are effective:
Do they function as specified
Typically the Minimum Activities of the IVB is defined the IVB is invited to continue reviewing information and witnessing tests until satisfied that we are / are not compliant
By defining the assurance activities and the IVB activities line by line against each functional criteria, we improve clarity of what is expected and what has been done, e.g. if anomalies are found
Survivability
PFEER requirement to define in what circumstances the SCE is required to survive to provide its function Generally, this cannot be influenced after design, however supporting structures and SCE requirements may reference this E.g. Lifeboats to survive for 90 minutes limited ability to test survivability criteria. Assurance by design E.g. F&G system to operate for 90 minutes partially assured by functionality of the electrical power system with 90 minute functional criterion for battery back up
10
Reliability / Availability
PFEER requirement to define reliability / availability requirement Consider whether the Safety Case demands 100% availability are suitable contingency arrangements in place in case of failure?
99.9% ?
Does your QRA demonstrate that with <100% availability the overall risk is acceptable? Can you measure or calculate availability? E.g. for key systems where some failures are expected Particularly useful for systems with many components
Marathon Oil U.K. LLC
99.99% ?
11
Development of fault trees for each safety critical system How does each component influence the overall system?
Although data quality issues are difficult to overcome
12
Work orders over a given time period are collated and summated by fault code
Probability of Failure on Demand (PFoD) is determined for each fault code, then PFoD is used in system specific fault trees to determine system PFoD Components with no failures in a period are treated conservatively, using statistical industry data
13
SPECIFIC FAILURE A
&
SPECIFIC FAILURE B
OR
SPECIFIC FAILURE C
14
Case studies
Probability of Failure on Demand (PFoD)
1.4% 1.2%
1.0%
0.8% 0.6% 0.4% 0.2% 0.0% 01-Jan-08 To 01-Jul-08 To 01-Jan-09 To 01-Jul-09 To 01-Jan-10 To 01-Jul-10 To 31-Dec-09 30-Jun-10 31-Dec-10 30-Jun-11 31-Dec-11 30-Jun-12
PS04 Isolation
PS04 Blowdown
15
Continuous Improvement
Performance standards are subject to regular review through use Suggestions for changes and clarifications are welcomed from the verifier and users One aspect of the Safety Case Thorough Review is to check the performance standards
It is perceived that the clarity of the performance standards aids their review and challenge
16
Summary (1/2)
Guidelines for the Management of Safety Critical Elements (2nd Edition), Energy Institute, give good guidance on the principles of Performance Standards, but additional effort in preparation and use of Performance Standards can yield benefits: The act of writing Performance Standards is an opportunity for an Operator to develop their understanding of what equipment is Safety Critical The layout is crucial and if successful, can drive the outcome to be easily understood and useful. For example, blank boxes are an automatic gap analysis e.g. Missing function testing routines. Upfront specification of the complete extent of a Performance Standard system can save time later.
Marathon Oil U.K. LLC
17
Summary (2/2)
Documenting assurance activities is very useful in informing users of which tasks are safety critical, and defining how equipment is tested, particularly if this includes activities over several maintenance management systems. Matching verification activities to functional criteria helps clarify when following up anomalies. A thorough availability assessment is challenging to get right, but can be worthwhile in demonstrating adequate performance and identifying Safety Critical Element performance trends at an early stage
18
Questions?
19