ZonesCorp COP-EHS03 APPROVED BY: DATE: Z1 SEP2008 CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 2 of 117
REVISION HISTORY
Rev. No. Issue Date Revised Section Revision Description 0 New Document
Copyright
The copyright and all other rights of a like nature in this document are vested in Higher Corporation for Specialized Economic Zones (ZonesCorp), Abu Dhabi, United Arab Emirates. This document is issued as part of the Industrial Sector EHS Regulatory Framework and as guidance to Industrial Sector within the Abu Dhabi Emirates. Any party within Industrial Sector may give copies of the entire EHS Documents or selected parts thereof to their contractors/consultants for implementation of EHS Management Standards. Such copies should carry a statement that they are reproduced by permission of ZonesCorp and an explanatory note on the manner in which the document is to be used.
Disclaimer
No liability whatsoever in contract, tort or otherwise is accepted by ZonesCorp or any party whether or not involved in the preparation of the EHS Management System Documents for any consequences whatsoever resulting directly or indirectly from reliance on or from the use of the ZonesCorp EHS Documents or for any error or omission therein even if such error or omission is caused by a failure to exercise reasonable care.
All administrative queries should be directed to the ZonesCorp EHSMS Administrator HSE Division
Higher Corporation for Specialized Economic Zones P.O. Box: 36000, Abu Dhabi, United Arab Emirates. Telephone: (9712) 5073358 Fax: (9712) 5073564 Internet site: www.zonescorp.com E-mail: hse@zonescorp.com
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 3 of 117
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 4 of 117
1. PURPOSE
This document provides guidance on the Environment Health & Safety (EHS) Risk Assessment and Management Techniques. The Code of Practice set out a generic framework for establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating Risks. This document presents a set of Techniques that shall be used as an integral part of the entity approach to the identification, assessment and management of the EHS Risks during Design / Construction / Operations and Maintenance of Facilities including the Contractor activities. Risk Assessment Methodologies, Techniques, Guidelines, Formats etc. given in this document are for guidance purpose. Entities should judicially use techniques Fit for the Purpose as required by specific Business / Activity / Operation. Environment Agency Abu Dhabi (EAD) being the Competent Authority of EHS Management within Abu Dhabi Emirate has designated Higher Corporation for Specialized Economic Zones ZonesCorp as the EHS Regulatory Authority for the Industrial Sector within Abu Dhabi Emirate. ZonesCorp in its Regulatory Role is the nodal agency for the Entities within Industrial Sector while interacting with the concerned Govt. Agencies (EAD, Civil Defense etc.) for fulfilling the applicable regulatory requirements like EHS Permitting etc. The Higher Corporation for Specialized Economic Zones ZonesCorp being the EHS Regulatory Authority for the Industrial Sector in the Emirate of Abu Dhabi, has established the Environmental, Health & Safety Regulatory Framework Codes of Practice to communicate the requirements of EHS management as a key factor in successful business development to all industries within the Emirate of Abu Dhabi. ZonesCorp considers the establishment of priorities, programmes and practices as vital for integrating good environmental, health & safety management into all entities business. The Industrial Sector EHS Regulatory Framework has been established in line with the requirements of UAE EHS Laws, Regulations and the Abu Dhabi (EAD) EHS Management System Framework Documents for the Industrial Sector. The system is also aligned with other international standards like ISO14001, OHSAS18001 and BS8800 for Occupational Health.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 5 of 117
2. SCOPE
This document is applicable to all Entities within Industrial Sector in Abu Dhabi Emirate. The Industrial Sector includes but is not limited to Entities in Abu Dhabi Industrial Cities (ICADs), Al-Ain Industrial Cities (AAICs), Western Region Industrial Complex, Mussafah Industrial Area and Workers Facilities (Labour Camps) for Industrial Sector within Abu Dhabi Emirate. Wherever possible, and rather than providing detail within this document, reference is made to other, more detailed documents that have been provided in the ZonesCorp EHS Management System. 3. DEFINITIONS 3.1 Accident An uncontrolled / unplanned / undesired / uncontrolled event that results in undesirable consequences to the personnel (injuries/illness) and/or to the assets (damage/loss) or to the neighbouring community and/or to the environment. The term Accident is synonymous with Incident wherever used in ZonesCorp EHS Management Framework 3.2 ALARP (As Low As Reasonably Practicable) a. To reduce a risk to a level which is ALARP involves balancing reduction in risk against the time, trouble, difficulty & cost of achieving it. b. This level represents the point, objectively assessed, at which the time, trouble, difficulty and cost of further reduction measures become unreasonably disproportionate to the additional risk reduction obtained. 3.3 Aspect Element of an organisations activities products or services that can interact with the environment (ISO 14001, 2003) 3.4 Barriers a. Elimination and prevention measures that remove or reduce the likelihood of realising a hazards potential for harm. b. Barriers may be physical (materials, protective devices, segregation, etc.) or non-physical (procedures, inspection, training, drills, etc.) 3.5 COMAH: Control of Major Accident Hazards 3.6 COMAH Report: The Control of Major Accident Hazards Report is a report compiled by a major hazard site entity and submitted to ZonesCorp, as part of the EHSIA process that demonstrates that the entity has taken all steps necessary to prevent major accidents and to reduce their consequences. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 6 of 117
3.7 Consequence The result of an accidental event sequence (fire, explosion, toxic gas dispersion, etc.) that could affect people, the environment, Entitys assets or reputation 3.8 Effect : An adverse impact on people, the environment, Entitys assets or reputation 3.9 EAD: Environmental Agency Abu Dhabi 3.10 EHS: Environment Health & Safety 3.11 EHSIA: Environment Health Safety & Impact Assessment 3.12 EHSMS: EHS Management System 3.13 Entity: Facilities within Industrial Sector including Industrial, Commercial, Residential and Welfare. 3.14 Hazard: The potential to cause harm, including ill health and injury, damage to property, products or the environment; production losses or increased liabilities. 3.15 HRA: Occupational Health Risk Assessment 3.16 HSE Case: A demonstration of how the Entity HSE objectives are being met in a methodical and auditable reference document. A completed Case will provide a reference document to all information relevant to the safety, and health of the operations personnel, environment and resources on an installation. 3.17 HSE Critical Activities a. Activities that are important in preventing events with potential to cause serious harm to people, the environment, Entitys property and/or reputation and can reduce the impact of such an event. b. The definition of serious harm includes the critical, severe and catastrophic categories shown in the Risk Matrix as provided in this document. 3.18 Impact Any change to the environment whether adverse or beneficial, wholly or partially resulting from Entitys facilities, activities, products or services. 3.19 Incident: An uncontrolled / unplanned/undesired / uncontrolled event that results in undesirable consequences to the personnel (injuries/illness) and / or to the assets (damage/loss) or to the neighbouring community and/or to the environment. The term Incident is synonymous with Accident wherever used in ZonesCorp EHS Management Framework CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 7 of 117
3.20 Industrial Sector: Industrial Sector within Abu Dhabi Emirate includes but not limited to Entities (Industrial Units etc.) in Industrial Cities developed by ZonesCorp, Industrial Areas like Mussafah, Mafraq, etc. and Workers Facilities (Labour Camps) for Industrial Sector 3.21 Major Accident: An Uncontrolled Occurrence which leads to severe or catastrophic effects to people, the environment, Entitys reputation or assets. Refer to Risk Matrix 3.22 Major Accident Hazard: A hazard that has the potential to result in a Major Accident 3.23 Manual of Normal Operations (NOM): Defines the limit of safe operation permitted for a particular asset if risk management measures are reduced and/or removed with the objective of maintaining a tolerable level of risk. 3.24 Manual of Emergency Operations (EOM): Considers combinations of hazards and hazardous events caused by the need for simultaneous operation and construction in order to maintain a tolerable level of risk 3.25 Risk: The product of the measure of the likelihood of an occurrence of an undesired event and the potential adverse effects that this event may have on people, the environment, Entitys assets or reputation 3.26 Risk Management Measures: A risk management hierarchy to eliminate, prevent and control HSE risks to a acceptable and ALARP level. 3.27 Self-Regulation is a concept designed to enhance protection of human health and the environment by encouraging the regulated community to voluntarily discover, disclose, correct, and prevent violations of relevant laws. For the purpose of the EHSMS, self-regulation is defined as: Action undertaken by entities to develop and implement an Environment, Health and Safety Management System that complies with the laws and policies of the Emirate of Abu Dhabi and international standards 3.28 Shall: The Term shall as used in this document is intended to describe mandatory requirements. 3.29 Should: The term should is intended to designate optional or practices which ZonesCorp does not consider mandatory, but does recommend that Entities consciously evaluate any deviation from these recommended practices 3.30 SIMOPS: Simultaneous Operations 3.31 Tenant: The Project Proponent/Lease Holder/Concession Agreement Holder/ Owner/Operator of an Entity within the Industrial Sector in Abu Dhabi Emirate 3.32 Top Event: The release of a hazard. The undesired event at the end of the fault tree and at the beginning of the event tree. The centre point in the Bow Tie Diagram. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 8 of 117
3.33 Threats: A possible cause that will potentially release a hazard and produce an incident. Examples include damage caused by thermal (high temperature), chemical (corrosion), biological (bacteria), radiation (ultraviolet), kinetic (fatigue), climatic condition (poor visibility), uncertainty (unknowns) or human factors (competence). 3.34 Task Risk Assessment (TRA): A process of formal identification, assessment and recording of the risks involved in any particular operation so that appropriate controls can be introduced. TRA is synonymous with job safety analysis (JSA). CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 9 of 117
4. EXISTING APPLICABLE LAWS All Tenants shall ensure that their operations comply with all relevant UAE and Abu Dhabi Environmental, Health and Safety laws and regulations. Environmental, Health and Safety regulations in the UAE are gradually being implemented. This Code of Practice has been developed to ensure compliance to or exceed the requirements of all relevant legislative statutes and regulations, specifically including but not limited to: 4.1 Federal EHS Laws and Codes including UAE Standards Industrial Safety & Health Regulations (Emirates Authority for Standardization & Metrology) 4.2 Local Law No. ( ) of 2008 concerning Environment Health & Safety Management System in Abu Dhabi Emirate 4.3 Local Law No. 16 of 2005; Article 14 Establishment or Individual is prohibited to carry out any activity that could adversely affect the lives of human beings and the safety of the environment before obtaining a license from the Agency. 4.4 Local Law No. 21 of 2005 on the Waste Management in Emirate of Abu Dhabi 4.5 Local Law No. 23 of 2005 and the Executive Regulations Regarding the Health Insurance Scheme for the Emirate of Abu Dhabi 4.6 Federal Law No. 1 of 2002 Regarding Organisation & Monitoring the Use of Radiation Resources and Protection 4.7 Federal Law No. 8 of 1980. The Labor Law (as amended 1986) 4.8 Federal Law No. 23 of 1999 Marine Bio-Resources in the UAE 4.9 Federal Law No. 24 of 1999 for the Protection & Development of the Environment 4.10 Regulations / Executive Orders made under the Federal Environment Law a. Federal Bylaw; Protection of Air from Pollution (Ministerial Order # 12 of 2006) b. Federal Bylaw; System for Protected Area Ministerial Decree No. 37 of 2001 concerning the approval of the Executive Orders for Law No. 24. It includes the following Regulations: a. Environmental Impact assessment of Projects 2001 b. Assessment of Environmental Effects of Installations 2001 c. Protection of the Marine Environment 2001 d. Handling Hazardous Materials, Hazardous Wastes & Medical Wastes 2001 e. Pesticides, Agricultural Additives and Fertilizers 2001 CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 10 of 117
4.11 Ministerial Decrees & Decisions: a. Decree No. 50/2003 Basic Regulating Rules for Ionizing Radiation Protection b. Decree No. 55/2004 Basic Regulations for Protection against Ionizing Radiation. c. Decree No. 56/2004 Basic Regulations for Safe Transport of Radioactive Materials d. Decree No. 57/2004 Basic Regulations for Radioactive Waste Management e. Decree No. 214/2004 on Use of Sludge on Land f. Ministerial Order No.32/1982 on the Determination of Preventative Methods and Measures for the Protection of Labor from Risks at Work 4.12 Abu Dhabi Emirate Environment Protection Policies (EEPPs) a. Part 1 Air Quality b. Part 2 Water Quality c. Part 3 Land Quality d. Part 4 Noise e. Part 5 Waste f. Part 6 Hazardous Substances g. Part 7 Occupational and Environmental Health & Safety h. Part 8 Biodiversity and Conservation 4.13 Abu Dhabi Emirate Environment Protection Policies Standards a. Part 1 Air Quality Standard b. Part 2 Water Quality Standard c. Part 3 Land Quality Standard d. Part 4 Noise Quality Standard 4.14 Abu Dhabi Emirate EHS Management System Codes of Practices a. Self Regulation b. Roles & Responsibilities c. Risk Management d. Audits & Inspection e. Emergency Management f. Monitoring and Reporting g. Management Reviews 4.15 EAD Regulations on Hazardous Material & Waste Permit 4.16 Industrial Safety and Health Regulations Occupational Health and Environmental Control SSUAE No. 209 / 1995. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 11 of 117
5. RESPONSIBILITIES 5.1 Competent Authority The Competent Authority (EAD) in cooperation with the Regulatory Authority (ZonesCorp) shall approve the types of entities (targeted entities) that should develop & implement an EHSMS in accordance with the Abu Dhabi Emirate EHS Law. The Competent Authority (EAD) shall set mechanisms for: Reviewing and approving EHSMS developed by Entities to ensure compliance with the requirements of the EHSMS at Abu Dhabi Emirate level. Auditing the EHSMS implemented by different entities. The Competent Authority (EAD) shall promote the importance of implementing the EHSMS. The Competent Authority (EAD) shall be responsible for reporting to the Executive Council the performance of the EHSMS at Abu Dhabi Emirate level. 5.2 Regulatory Authority Regulatory Authority shall administrate, advise and support the EHSMS Framework of Industrial Sector The Regulatory Authority (ZonesCorp) in cooperation with the Competent Authority (EAD) shall: Develop Industrial Sector EHS Policy and Establish EHS Regulatory Framework including Codes of Practice & Guidelines Identify the types of entities that should develop & implement an EHSMS in accordance with the Abu Dhabi Emirate EHS Law Review and approve EHSMS developed by entities in compliance to the requirements of the Abu Dhabi Emirate EHSMS. Audit the EHSMS implemented by different entities. Receive EHS Performance from Industrial Sector Entities Compile and report EHS Performance of Industrial Sector to the Competent Authority (EAD) Promote the importance of implementing the EHSMS 5.3 Entities 5.3.1 Entities shall develop and implement an EHSMS within their areas of jurisdiction to protect their employees, the community and the environment from any adverse impacts arising from their activities. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 12 of 117
5.3.2 Entities shall provide and maintain a safe environment for workers, avoid any risk to human health, avoid adverse impact to environment and prevent environmental pollution. 5.3.3 Entities having an EHSMS are required to audit their System in order to ensure conformance with ZonesCorp EHSMS Requirements. 5.3.4 Entities having established an EHSMS are required to demonstrate self regulation 5.3.5 Entities having an EHSMS are required to submit an annual report to the ZonesCorp / EAD on the performance of their System as per the mechanism set by ZonesCorp. 5.4 Employers Duties 5.4.1 Employers have the ultimate responsibility to ensure the health and safety of their employees. 5.4.2 Employers have a general Duty of Care to take all practicable steps to ensure the safety of their employees while at work, visitors and contractors. In particular, they are required to take all practicable steps to: Provide and maintain a Safe Working Environment; Provide and maintain facilities for the Safety and Health of employees at work; Ensure that machinery and equipment are safe; Ensure that working arrangements are not hazardous to employees; and Ensure a Safe System of Work comprising at least of Procedure, Training, Communication & Supervision is in place Ensure procedures are available to deal with emergencies that may arise while employees are at work. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 13 of 117
6. EHS RISK ASSESSMENT & MANAGEMENT FRAMEWORK 6.1 The framework for carrying out a detailed Environment, Health and Safety Risk Assessment & Management involves the following key stages: a. Hazard Identification; b. Hazard Assessment; c. Exposure Assessment; and d. Risk Characterisation e. Risk Management (Elimination, Substitution, Control etc.). 6.2 This framework provides for a qualitative and/or quantitative estimation of risk, based on an estimated exposure to a workplace hazard or contaminant (or dose), and the likelihood that this will give rise to an adverse affect (i.e. the dose response). 6.3 The Risk Assessment and Management Framework is explained in Figure 6.1 Figure 6.1: Framework for EHS Risk Assessment and Risk Management
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 14 of 117
6.4 Hazard Identification and Risk Assessment involves a series of steps as described below. Figure 6.2 - Four Steps to HSE Risk Evaluation and Management
IDENTIFY ASSESS MANAGE RECORD HSE RISK EVALUATION AND MANAGEMENT IDENTIFY ASSESS MANAGE RECORD HSE RISK EVALUATION AND MANAGEMENT
1. Identification Identification of hazards and aspects to People, Environment, Assets and Reputation (PEAR), based upon consideration of factors such as the physical and chemical properties of the fluids being handled, the arrangement of equipment, operating and maintenance procedures and processing conditions. 2. Assessment Assessment of the risk arising from the hazards and consideration of its tolerability to personnel, the facility, the environment and the Entity reputation. This normally involves a process of definition of initiating events, identification of possible accident sequences, estimation of the probability of occurrence of accident sequences and assessment of the consequences/ impact. The acceptability of the estimated risk must then be judged based upon criteria appropriate to the particular situation. 3. Management Effective management of the risks to an acceptable and ALARP level. This implies that where deemed necessary, the risks will need to be eliminated or reduced. This involves identifying opportunities to reduce the likelihood and/or consequences of an accident. 4. Recording Recording of HSE risk assessment studies and their findings in terms of the risk management measures utilised to manage HSE risks to an acceptable and ALARP level. Recommended method are HSE Case & Hazard & Effect Register
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 15 of 117
7. RISK ASSESSMENT & MANAGEMENT BASIC APPROACH 7.1 The Risk Management Philosophy as outlined in this document provides an overview of EHS Risk Assessment & Management requirements as shall be applied by the Entities 7.2 Section 7 outlines the Risk Assessment & Management Process in detail. 7.3 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment Techniques, Methodologies and the Guidelines for conducting Risk Assessment 7.4 This document and other relevant Code of Practices as listed in Section 6 of this document provide detailed methods, techniques and requirements for specific EHS Risk Assessment categories. 7.5 Entities may develop their own procedures appropriate to their operations/ activities provided that the legal requirements stipulated in Law concerning The Management of Environment, Health and Safety in Abu Dhabi Emirate are met. 7.6 Risk Assessment & Management: The following flowchart shows the steps involved in Risk Management. The Process is explained in further detail in the subsequent sections.
Establish the context Establish the context Establish the context Identity hazards Establish the context Assess risk Establish the context Risk control Esta blis h the cont ext C o n s u l t a t i o n
Esta blis h the cont ext R e v i e w
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 16 of 117
7.7 DEFINE THE SCOPE (ESTABLISH THE CONTEXT) The first step in the risk management process is to define the scope of the risk management activity. The purpose of this step is to establish the parameters of the process including the criteria by which risks will be assessed. Therefore, this step defines the strategic and organizational context in which the remainder of the risk management process operates. This includes: 7.1.1 Defining the external and internal stakeholders and their objectives; 7.1.2 Defining the organizational context - this is the context within which the risk management policy is to be implemented, including what each person's responsibilities are and what resources are required; 7.1.3 Establishing the risk management context including; a. Defining the scope of the specific activity whose risks the process is intended to manage; b. Setting an overall time frame for completion of the process; c. Identifying the resources required and distributing the responsibilities for conducting the remainder of the process; d. Developing the risk evaluation criteria - these may be legal, social or financial; e. Planning the structure of the risk management process into logical elements. 7.8 HAZARDS IDENTIFICATION 7.8.1 EHS Regulations require that hazards are identified in the workplace and that procedures are in place and are used to identify, assess and control hazards: a. Before setting up and using a workplace; b. When planning work processes; c. Before installing, commissioning or erecting plant; d. Whenever changes are made to: The workplace; The system or method of work; The plant used; The chemicals used; e. Whenever new information regarding work processes becomes available. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 17 of 117
7.8.2 Hazard Identification consists of three main components listed below and elaborated in subsequent sub-sections. a. Defining Risk Assessment Objectives; b. Defining EHS Values to be protected; and c. Developing the Conceptual Site/Project Model. 7.8.3 DEFINING RISK ASSESSMENT OBJECTIVES a. Defining the objectives of the risk assessment is one of the most important steps in the risk assessment process, as inappropriate objectives may lead to important issues being excluded from the assessment. b. The objectives of a risk assessment must be clearly defined prior to any work, should be flexible, and may change during the course of the assessment. c. When defining risk assessment objectives, consideration needs to be given to: Why risk assessment is required (project design, EHSIA process, EHSMS development etc); The stage of the investigation (preliminary or detailed) and associated limitations and uncertainties; The environmental values which need to be protected; The health and safety values which need to be protected; Environment, health and safety context; The audience (land owner/occupier, regulator/auditor, planning authorities, public); Management decisions; and Issues for which the risk assessment process cannot be of assistance. d. The objectives of a preliminary assessment may be framed in broad terms. Issues identified in the Projects Conceptual Planning Phase will help target environmental health and safety risks. e. The objectives of a detailed risk assessment should be more specific and tailored to the issues identified at a site. For example, if the preliminary risk assessment shows that only human health risk is an issue of concern, then ecological assessment may not be necessary. Likewise, the screening assessment may identify particular chemicals of concern that the detailed assessment should focus on. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 18 of 117
7.8.4 EHS VALUES TO BE PROTECTED Abu Dhabi Emirate Environment Health & Safety Protection Policies (EEPPs) define the environment, health and safety values, indicators and objectives to be met, and must be referred to when undertaking a risk assessment. a. For establishing a Risk Assessment & Management System, It is extremely important to first establish the environment health and safety values that need to be protected for the site or activity. b. In general, these values will reflect the existing uses of the land and the existing and realistic future uses of the land surrounding the site/project. c. EHS values that are typically relevant for particular projects are listed below. Human Health and Safety Aesthetics Ecological Groundwater and Surface Water Adjacent Land Values 7.8.5 CONCEPTUAL SITE/PROJECT MODEL When developing the Conceptual Site/Project Model for hazard identification, consideration needs to be given to: a. Whether the hazard has a single or multiple source (e.g. pollution and/or contamination of drinking water supply from a chemical spill, vs. particulates in the air arising from diesel engines, wood heaters and tobacco smoke); b. Whether the emissions affects multiple environmental media (e.g. industry emissions contaminating air, soil, water and food); c. Who will be affected by the hazard (e.g. employees, contractors, visitors); d. How do stakeholders perceive the problem? Do different groups have different perceptions? (e.g. a stakeholder group comprised of workers at a facility who are also nearby residents may have complex perceptions); and e. How do the hazards compare to other environmental, health and safety hazards affecting the community? Section 8 elaborates Project Risk Management concepts. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 19 of 117
7.9 EVALUATE (ANALYZE & ASSESS) HAZARDS & ESTABLISH RISK 7.9.1 The main objectives for carrying out a risk assessment are to ensure that human health, assets, and the environment are protected, and that the necessary resources are allocated in a prioritised and defensible manner to ensure that any unacceptable risks identified will be reduced to acceptable levels. 7.9.2 Where risk assessment identifies the potential for exposure to exceed the determined maximum permissible or allowable exposure, then risk management is necessary to reduce the potential risk to human health, the environment or environmental values. 7.9.3 Risk assessment formalises the process of identification of the key issues associated with operating an industry or undertaking an activity in Abu Dhabi Emirate, including the nature of the industry/activity, the potential expected hazards, data gaps, and the level of uncertainty. 7.9.4 All identified hazards shall be subject to an evaluation for risk potential. This means analyzing the hazard for its probability for a loss event to occur, as well as the likely consequences of this event. ZonesCorp recommends, progressively, the use of following three risk assessment methods. Refer to Table 8.1 for brief explanation. a. Qualitative b. Semi-Quantitative c. Quantitative The basis of this process is the Risk Assessment Matrix (refer to Figure 8.1). 7.9.5 A critical element to each level of risk assessment is the development of a Conceptual Site/Project Model that describes the pathways by which exposure from pollution / contaminant / occupational health and safety hazard or incident / accident may occur (section 7.8.5). Refer to Section 8 for details about Project Risk Management. 7.9.6 In general, environmental pollution / contamination is associated with air, noise, water, waste, and land. Occupational health and safety hazards are determined by the nature of the site and the work being performed (e.g. chemical exposure, fire and explosion, lack of oxygen, ionizing radiation, biological hazards, safety hazards, electrical hazards, heat stress, cold exposure, noise and ergonomics), they can be broadly classified as physical, chemical and biological hazards 7.9.7 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment Techniques, Methodologies and the Guidelines for conducting Risk Assessment CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 20 of 117
7.10 RISK MANAGEMENT & RECORDING 7.10.1 Risk assessment and management requires a high degree of objectivity and scientific skill. 7.10.2 Risk Management: To manage the Risk, the entity shall: 7.10.3 Identify the Risks associated with the activities of the organisation and document in the Hazard & Effect Register (detailed in Section 8); and 7.10.4 Evaluate the level of significance of the risk (e.g. Extreme Risk, High Risk, Moderate Risk and Low Risk basing on qualitative assessment, semi- quantitative or quantitative assessment, where appropriate (detailed in Sections 9). 7.10.5 Reduce the Risk at an acceptable and as low as reasonably practicable risk level via means of prevention, mitigation or recovering, where appropriate (detailed in Section 10 & 11 and Appendix 1 & 2). 7.10.6 It is vital that the operational programs and procedures which are assessed against risks are identified and managed. Continuous improvement is the key to future HSE performance. 7.10.7 The identified risks (plus the associated risk level) shall be documented on an Hazard & Effect Register (Appendix 7). The Register shall be reviewed and updated at regular time intervals.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 21 of 117
8. RISK ASSESSMENT METHODOLOGY 8.1 This section outlines the concepts and approach for Risk Assessment including the Project Risk Assessment (Refer to Section 8.14) 8.2 The objective of a risk assessment is to filter the projects with minor acceptable risks from the projects with major non-acceptable risks. It involves consideration of the sources of risk, the consequences and the likelihood that those consequences may occur. 8.3 Risk analysis may be undertaken to various degrees of refinement depending upon the risk information and data available. Analysis techniques include: a. Qualitative assessment; b. Semi-quantitative assessment; and c. Quantitative assessment. 8.4 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment Techniques, Methodologies and the Guidelines for conducting Risk Assessment 8.5 In practice, a qualitative analysis is often used to first obtain a general indication of the level of risk and then a more quantitative analysis is applied to refine the risk. 8.6 A quantitative risk assessment can be undertaken based on statistical analysis when the qualitative assessment does not accurately determine the level of risk for various consequences and probabilities. In the absence of statistical data, an estimate may be made of the degree of the consequence and frequency. 8.7 The risk assessment methodology provided in this code of practice uses a semi-quantitative process for determining risk. The semi-quantitative process estimates the degree of the consequence and probability and assigns a score to each. The score allocated does not have to bear an accurate relationship to the actual magnitude of consequences or likelihood. 8.8 LEVELS OF RISK ASSESSMENT 8.8.1 Some form of risk assessment will be required for all industry or activities that are to be licensed by the Environment Agency and/or others. 8.8.2 Depending on the site circumstances and the stage of the investigation, the risk assessment may involve different levels of assessment, ranging from a simple desktop study through to a detailed assessment as part of a formal EHSIA (Environment, Health and Safety Impact Assessment) process. 8.8.3 The goal of the Tiered approach is to use simple conservative assumptions in preliminary assessments to identify which issues are likely to be most relevant CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 22 of 117
with respect to risk, allowing more detailed (site-specific) risk assessment to focus on these issues. 8.8.4 This approach allows resources to be focused on the more critical issues associated with a site or project in a prioritised and defensible manner to ensure that any unacceptable risks will be reduced to an acceptable level. 8.8.5 EHS Risk Assessments should be performed according to a Tiered Risk Assessment framework described in Table 8.1 below. Table 8.1: Tiered HSE Risk Assessment Methodology TIER DESCRIPTION 1 Tier 1 Qualitative Risk Assessment Tier 1 risk assessment is an initial risk assessment process, based on the Qualitative Risk Assessment Matrix (RAM) Figure 7.1, normally carried out by the Entity or Contractor(s) staffs who are non specialists. It shall be applied to all construction & operation related activities using the Qualitative Risk Assessment Technique. Task Risk Assessment (TRA) must also be carried out for tasks which will require a permit or for other HSE critical tasks carried out outside permit areas, e.g., office or workshops etc. The Tier 1 screening process ensures that requirements for control measures and HSE Management programmes are identified. These should reduce the risk to low on the RAM. Where risks cannot be reduced to low they should be passed through to a more detailed Tier 2 assessment of risk and evaluation of control measures. In principle, all events with a major accident hazard potential shall in accordance with be directly passed to a Tier 2 Quantitative Risk Assessment (QRA). CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 23 of 117
Table 8.1: Tiered HSE Risk Assessment Methodology TIER DESCRIPTION 2 Tier 2 Quantitative Risk Assessment (QRA) Tier 2 risk assessments are all other assessments that are applied to assess the risk. These could be semi-quantitative (i.e. numerical scoring, engineering calculations, or simple modelling) in order to evaluate in greater detail and certainty the key HSE risk issues identified in a Tier 1 risk assessment and to evaluate suitable control procedures and HSE management programmes. When uncertainties exist a reasonable level of conservatism should be applied. Tier 2 risk assessment also includes the use of QRA techniques that may be applied to H, S, or E risks. 8.8.6 In practice, a qualitative analysis is often used to first obtain a general indication of the level of risk and then a more quantitative analysis is applied to refine the risk. 8.8.7 A quantitative risk assessment can be undertaken based on statistical analysis when the qualitative assessment does not accurately determine the level of risk for various consequences and probabilities. In the absence of statistical data, an estimate may be made of the degree of the consequence and frequency. 8.8.8 The risk assessment methodology provided in this code of practice uses a semi-quantitative process for determining risk. 8.8.9 The semi-quantitative process estimates the degree of the consequence and probability and assigns a score to each. The score allocated does not have to bear an accurate relationship to the actual magnitude of consequences or likelihood. 8.9 HAZARD IDENTIFICATION 8.9.1 A key element in identifying and managing hazards in the facility (Entity) is a systematic approach to the identification of hazards and the assessment of the associated risk in order to provide information to aid decision-making on the need to introduce risk reduction measures. 8.9.2 Hazard identification is the process of identifying the concerns that the risk assessment needs to address and establishes a context for the risk assessment. Hazard identification comprises four phases: a. Identification of environment, health and safety hazards and determining whether they are hazards amenable to risk assessment; CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 24 of 117
b. Putting the hazards into their environment, health and safety context (classification and prioritising of problems and hazards); c. Identification of potential interactions between agents; and d. Defining the scope and objectives of the risk assessment. 8.9.3 The hazard identification process should be carried out for each level of assessment. The level of detail required for the Hazard Identification depends on the level of assessment and the quality of the Issue Identification carried out for any preceding assessments. 8.9.4 Hazard Identification should be carried out as part of the initial planning stage prior to design and construction, and then revisited as further information becomes available and the pollution, contamination, and/or human health and safety issues at the site are better understood. If a detailed risk assessment (Stage 3) is required, the Stage 1 and 2 assessments become inputs for the Stage 3 assessment. 8.9.5 Hazard Identification consists of three main components listed below and elaborated in Sections 6 above. d. Defining Risk Assessment Objectives; e. Defining EHS Values to be protected; and f. Developing the Conceptual Site/Project Model. 8.9.6 In general, EHS hazards can be identified from findings on: a. National / International Legislation, Standards; b. HSE Audits / Inspections / Walk Through c. Peer reviews d. Job Safety and Risk Analyses / Task Risk Assessment e. Model Reviews f. P&ID reviews g. Accident/incident and near miss reporting h. Failures of software and hardware systems i. Incidents of human error j. Workplace surveys; k. Incident analysis; l. Personal observations; m. Health & Safety Committee items or discussions; n. Warning labels or sign (including HAZCHEM placard); o. Material Safety Data Sheets; CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 25 of 117
p. Manufacturers manuals or instructions; q. Technical journals; r. Consultants reports. 8.9.7 Recommended Techniques for hazard Identification are listed below and explained in Appendix 3 a. Hazard Analysis (HAZAN) / PHAs b. What ifs c. Hazard identification (HAZID) Studies d. Hazard & Operability (HAZOP) Studies e. Failure Mode & effect Analysis (FMEA) f. Environment Impact Assessment (EIA) g. Fault Tree / Event Tree Analysis 8.9.8 The identified risks (plus the associated risk level) shall be documented on an Hazard & Effect Register (Appendix 7). The Register shall be reviewed and updated at regular time intervals. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 26 of 117
8.10 EVALUATE IMPACTS AND CONSEQUENCES 8.10.1 In order to conduct an initial project risk assessment for screening, impacts (actual and potential) and where applicable potential incident events, are to be identified for each aspect of the project. For example, the risk assessment should be completed for both construction and operation, and potentially for individual elements of the project. 8.10.2 In this semi-quantitative level of analysis, a point score is used which rates the consequences of the impact for each aspect. 8.10.3 For the discharge or emission of a pollutant, evaluating factors such as those listed below should help in the assessment of relative consequence: a. Persistence; b. Toxicity; c. Health effects; d. Concentration of chemical; e. Volume discharged per event; f. Duration of the discharge; g. Proximity to water-bodies; h. Potential dilution; i. The area of land/marine waters affected; and j. Taking into account secondary consequences and existing mitigation measures. 8.10.4 Regarding occupational health and safety, evaluating factors such as those listed below will help in the assessment of relative consequence: a. Health effect (e.g. long / short term effects, fatality, degree of injury / illness, disability); b. Damage to assets (e.g. plant, premises) 8.10.5 The potential consequences must be judged using all available information, this information may include, but not be limited to: a. Control measures in place; written systems of work, permit-to-work procedures for the tasks; b. Monitoring data from within and outside the organisation; c. Tasks being carried out, their duration and frequency and locations; d. Plant, machinery, powered hand tools to be used; CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 27 of 117
e. Size, shape, surface character and weight of materials that may be handled; distance and heights to which materials have to be moved by hand; f. Service used (e.g. compressed gas), substances used or encountered during the work; g. Parties carried out the tasks (training received); and h. Legal requirements. 8.10.6 Table 8.2 provides a consistent method of assessment that can be applied by different personnel and at different times. 8.10.7 For the project screening risk assessment, five levels of severity of consequences have been used insignificant, minor, moderate, major and catastrophic. Refer to Table 8.3 below. The definitions used to assess relative consequences have been adopted from HB 203:2000 as recommended by Abu Dhabi Emirate EHS Management System Framework. 8.11 ESTIMATE PROBABILITY OF OCCURRENCE 8.11.1 The probability of occurrence then needs to be estimated. Table 8.2 below provides likelihood ratings with descriptions for estimating the likelihood of each occurrence. 8.11.2 Frequency descriptions have been split into Environment plus Health and Safety for clearer explanation. 8.11.3 The probability of occurrence from any event, mode of occurrence or failure mechanism should be considered. 8.11.4 In addition to evaluating the frequency for normal operating conditions, the following conditions could be considered: a. Abnormal, start up and shutdown operating conditions; b. Incidents, accidents and potential emergency situations; and c. Current activities and planned future activities. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 28 of 117
Table 8.2: PROBABILITY OF OCCURRENCE Descriptor Likely Frequency Probability Environment Health and Safety Frequent Continuous or will happen frequently. Occurs several times a year at location. 5 Often 5 12 times per year. Occurs several times a year in similar industries in UAE. 4 Likely 1 5 times per year. Has occurred at least once in UAE. 3 Possible Once every 5 years. Has occurred in industry (Worldwide). 2 Rare Less than once every five years. Never encountered in industry. 1 8.12 RISK ESTIMATION 8.12.1 The level of risk is calculated by multiplying the Consequence Score and Probability of Occurrence together: Risk = Consequence Score x Probability of Occurrence 8.12.2 The final outcome is in relative point scores, rather than actual risks. 8.12.3 Note that risk estimations should be carried out assuming a well-managed installation operating under normal conditions. Risk scores do not reflect the highest risks under adverse conditions/worst-case scenarios. 8.13 RISK EVALUATION 8.13.1 The relative risk score estimated as defined in Section 8.9 enables definition between those risks that are significant, and those that are of a lesser nature. This allows a better understanding of the least probable events with high consequence against the highly probable low consequence events. Having established the comparative risk level applicable to individual impacts, it is possible to rank those risks. 8.13.2 Four risk categories have been used: Extreme, High, Moderate, and Low. 8.13.3 Risk Assessment Matrix (RAM) is given in Figure 8.1. The risk matrix provides a method for initially quantifying risks qualitatively (rated as Low, Moderate, High, or Extreme) and semi-quantitatively (with respect to assets lost figures). It is therefore also used as a screening process so that effort can be concentrated on the higher levels of risks. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 29 of 117
8.13.4 For higher-level risks acceptance criteria have been established and these are described in Section. 8.13.5 The Risk Matrix (RAM) is color-coded as follows for ease of use:
COLOUR RISK REQUIREMENT RED Extreme Activity or industry should not proceed in current form BEIGE High Activity or industry should be modified to include remedial planning and action and be subject to detailed EHS Assessment YELLOW Moderate Activity or industry can operate subject to management and / or modification GREEN Low No action required, unless escalation of risk is possible
a. Green Acceptable Risks Recognized and need to be managed by procedures or safe systems of work and reduced further where possible b. Yellow & Beige Area of Concern and ALARP Shall be subject to further semi-quantitative assessment, e.g. bow tie or failure modes analyses (refer to Appendix 3) Risks in this area shall be subject to an ALARP demonstration and may be reduced or managed through design and management control (refer to Appendix 1 & 2) c. Red Unacceptable Must be subject to a full, quantified risk assessment, probably using a specialist contractor, specific modelling and calculation techniques and programs and recognized databases. Refer to Appendix 3 These risks shall preferably be eliminated but if this is not possible will be reduced by design, e.g.: Prevention / Control / Mitigation / EER (Evacuation, Escape & Rescue)
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 30 of 117
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5) Rare (1) 1 2 3 4 5 Possible (2) 2 4 6 8 10 Likely (3) 3 6 9 12 15 Often (4) 4 8 12 16 20 Frequent (5) Almost Certain 5 10 15 20 25 15 25 Extreme Risk 1
Activity or industry should not proceed in current form 8 12 High Risk Activity or industry should be modified to include remedial planning and action and be subject to detailed EHS Assessment 4 6 Moderate Risk Activity or industry can operate subject to management and / or modification 1 3 Low Risk No action required, unless escalation of risk is possible
1: Risk is the multiple of Probability & Severity of Consequence 2: Probability: Refer to Table 8.1 above for getting definition of Probability of Occurrence 3: Consequence: Refer to Table 8.3 for Potential EHS Impact & Potential Incident Consequence Rating
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 31 of 117
TABLE 8.3: POTENTIAL EHS IMPACT AND POTENTIAL INCIDENT CONSEQUENCES RATING Area impacted Insignificant Consequences Minor Consequences Moderate Consequences Major Consequences Catastrophic Consequences ENVIRONMENT Land-based ecosystem Insignificant environmental impact. Occasional damage by erosion, or of flora and fauna. Some disruption to flora or fauna habitats. Minor impacts on fauna/flora and habitat, but no negative impacts on ecosystem function. Limited damage to a minimal area of land of no significant value (i.e. no unique habitats). Temporary damage/ disruption (<1 month) to flora or fauna habitats. Significant changes in flora/ fauna populations and habitat. Disruption to, or some death of, rare flora or fauna, but not resulting in eradication of endangered species. Non-persistent but possibly widespread damage to land: damage that can be remediated without long-term loss; localised persistent damage; or significant temporary damage (<1 year) to ecosystem. Continuous and serious damage by erosion or to flora or fauna. Major disruption to, or frequent death of, rare flora or fauna. Major destruction of significant habitat. Long-term and significant change in population (e.g. eradication of endangered species) or habitat with negative impact on ecosystem function. Widespread destruction to a significant area of land, rare flora and fauna and/or groundwater resource. Aquatic ecosystem Occasional short-term impact and/or Minor impact on aquatic ecosystem, Significant localised impacts but without Significant widespread impact Damage to an extensive portion of CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 32 of 117
TABLE 8.3: POTENTIAL EHS IMPACT AND POTENTIAL INCIDENT CONSEQUENCES RATING Area impacted Insignificant Consequences Minor Consequences Moderate Consequences Major Consequences Catastrophic Consequences disruption to aquatic flora and fauna. including flora, fauna and habitat. No significant impact on water resources. longer-term impact on aquatic ecosystems, and/or short term impacts on water resources. on protected wildlife (e.g. migratory shorebirds, marine plants, fish breeding grounds), or aquatic ecosystems of moderate duration. aquatic ecosystem resulting in severe impacts on aquatic populations and habitats and/or long- term impact on water resources. Atmosphere/waste/other Temporary nuisance from noise, odour, dust, other air emissions, greenhouse gases, vibration, visual impact. Minor use of water, fuels and energy and other natural resources. Results in the generation of significant quantities of non-hazardous wastes. Minor environmental impact due to contained release of pollutant (including odour, dust and noise), fire or explosion with no lasting detrimental effects. No outside assistance required. Significant use of water, fuels and energy and other natural resources. Creation of noise, odour, dust, other controlled/ uncontrolled air emissions, greenhouse gases, vibration, and visual impact at significant nuisance levels. Results in the generation of significant quantities of hazardous wastes. Major environmental impact due to uncontained release, fire or explosion with detrimental effects. Outside assistance required. Catastrophic environmental impact due to uncontained release, fire or explosion with detrimental effects. Outside assistance required. Extensive chronic discharge of persistent hazardous pollutant. Results in the generation of significant quantities of intractable wastes. Cultural heritage Minor repairable Minor repairable Moderate damage to Major damage to Irreparable damage CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 33 of 117
TABLE 8.3: POTENTIAL EHS IMPACT AND POTENTIAL INCIDENT CONSEQUENCES RATING Area impacted Insignificant Consequences Minor Consequences Moderate Consequences Major Consequences Catastrophic Consequences (indigenous and modern) damage to commonplace structures. damage to structures/ items of cultural significance, or minor infringements of cultural values. structures/ items of cultural significance, or significant infringement of cultural values/ sacred locations. structures/ items of cultural significance, or major infringement of cultural values/ sacred locations. to highly valued structures/ items/ locations of cultural significance or sacred value. HEALTH Health Effects Insignificant impact on surrounding communities. Minor complaints or exposure during plant shutdown or maintenance. Maximum occurrence limited to two times per year Ongoing complaints from community. Significant emission or discharge that impacts on surrounding population. Major ongoing long- term health effects likely to surrounding communities and workers.
Extreme health risk potential for death in community. SAFETY Human Health and Safety Near miss incident or trivial injuries, which may require self- administered first aid. Injured personnel can continue to perform normal duties. Injuries requiring on- site treatment by medical practitioner. Personnel unable to continue to perform duties. Serious injuries requiring off-site treatment by medical practitioner or immediate evacuation to hospital. Potential Single fatality. Multiple fatalities. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 34 of 117
TABLE 8.3: POTENTIAL EHS IMPACT AND POTENTIAL INCIDENT CONSEQUENCES RATING Area impacted Insignificant Consequences Minor Consequences Moderate Consequences Major Consequences Catastrophic Consequences long-term or permanently disabling effects. Production Loss Incident event without causing production loss. Production loss or delay up to one week. Production loss or delay of one week to one month. Production loss or delay for over one month. Loss of licence to operate or ability to produce indefinitely. Total cost of impacts or incident event Financial loss (compensation, fines, cost to repair, plant damage) of less than AED5,000 Financial loss (compensation, fines, cost to repair, plant damage) of AED5,000 - AED50,000. Financial loss (compensation, fines, cost to repair, plant damage) of AED50,000 - AED500,000 Financial loss (compensation, fines, cost to repair, plant damage) of AED500,000 - AED10M. Severe financial penalties or legal liabilities. Financial loss (compensation, fines, cost to repair, plant damage) of greater than AED10M.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 35 of 117
8.14 PROJECT RISK ASSESSMENT Project Risk Management shall be ensured by conducting EHS Impact Assessment along with all other applicable Risk Assessments as outlined in Appendix 3 & 4. The implementation of Risk Assessments Findings / Recommendations is the key to achieve the desired Risk Management 8.14.1 CONCEPTUAL SITE/PROJECT MODEL a. A Conceptual Site/Project Model should be first developed as part of the screening risk assessment, and then revised and improved as more detailed information on the contamination becomes available and the issues and nature of the site are better understood. b. For exposure to occur, a complete pathway must exist between the source of pollution / hazard and the receptor (i.e. the person or ecosystem components potentially affected). Where the exposure pathway is incomplete, there is no exposure and hence no risk via that pathway. An exposure pathway will typically consist of the following elements: Source of pollution or contamination / hazard (e.g. a spill; via the operation of a piece of equipment; the size, shape, surface character and weight of materials that may be handled; distances and heights to which materials have to be moved by hand; the service used such as gas supply); Release mechanism (e.g. migration in soil, leaching to water, emission to air); Retention in the transport medium (e.g. soil, groundwater, surface water, air); Exposure point (e.g. where a person comes in contact with pollution or contamination; an unsafe act / incident / accident regarding occupational health and safety may affect employees and even people who may not be in the workplace all the time (e.g. visitors); Exposure route (e.g. inhalation, ingestion, absorption through the skin). c. When developing the Conceptual Site/Project Model for hazard identification, consideration needs to be given to: Whether the hazard has a single or multiple source (e.g. pollution and/or contamination of drinking water supply from a chemical spill, vs. particulates in the air arising from diesel engines, wood heaters and tobacco smoke); Whether the emissions affects multiple environmental media (e.g. industry emissions contaminating air, soil, water and food); CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 36 of 117
Who will be affected by the hazard (e.g. employees, contractors, visitors); How do stakeholders perceive the problem? Do different groups have different perceptions? (e.g. a stakeholder group comprised of workers at a facility who are also nearby residents may have complex perceptions); and How do the hazards compare to other environmental, health and safety hazards affecting the community? 8.14.2 ENVIRONMENT HEALTH & SAFETY IMPACT ASSESSMENT (EHSIA) a. An EHS Impact Assessment (EHSIA) Report is a living document that considers the full lifecycle of project, facilities and operations. It must address the HSE impacts in each of the life cycle phases i.e. project conception, design, tender, construction, commissioning, operation, decommissioning, abandonment and site restoration of a project. ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide guidance about the requirements for conducting EHS Impact Assessment b. ZonesCorp requires the preparation of EHSIA Reports during the Conceptual design and FEED (Front End Engineering & Design).stage. The report should address the potential impacts associated with the facility throughout the life cycle (design, construction, commissioning, operation, maintenance and de-commissioning) of the project. c. The EHSIA Report must present an overview of anticipated HSE Hazards, impacts and associated levels which are based on analysis of relatively broad HSE information of conceptual technical design and the environment in which the project will be located. d. The report must make recommendations regarding HSE issues that must be addressed throughout the life cycle of the project i.e. issues to be included in the detailed design and studies/analysis that can only be conducted meaningful during or after detailed design. e. The EHS Impact Assessment Report must demonstrate that: All Accident Hazards have been systematically identified and recorded in a Hazard and Effects Register, including Risk Ranking as High, Medium or Low; All Occupational Health Hazards have been systematically identified, risks assessed and suitable action to mitigate these risks and to protect employees from these risks have been taken; Major Accident Hazards (MAH) have been identified, and suitable control, mitigation and recovery measures are proposed and will be implemented; The EHSIA Report must demonstrate that Project Proponent can construct and operate in line with ZonesCorp / EAD Criteria for Risk CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 37 of 117
Tolerability and that risks are As Low As Reasonably Practicable (ALARP); That there is an Implementation Plan that shows how control, mitigation and recovery measures for MAH will be implemented and managed throughout the facility lifecycle; That all HSE Risk including that resulting from Medium and Low Accident Hazards will be managed by the Projects Environment, Health & Safety Management System (EHSMS); That Emergency Response Plans (on-site and off-site where necessary) in relation to Major Accident Hazard have been or will be prepared based on credible emergency scenarios, with necessary stakeholder consultation. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 38 of 117
9. RISK MANAGEMENT AND CONTROL 9.1 RISK MANAGEMENT 9.1.1 Risk Management measures should follow this hierarchy: a. Elimination of the hazard, e.g., adoption of an alternative activity, b. Prevention of incidents (i.e. reduction of the probability of occurrence) c. Control of incidents (i.e. limit the extent and duration of a hazardous event) d. Mitigation of the effects (i.e. reduce the consequences / effects). 9.1.2 The hierarchy of Risk Management include: Order No. Control Example Firstly Eliminate Removing the hazardous piece of equipment out of service. Secondly Substitute Replacing a hazardous substance or process with a less hazardous one, eg substituting a hazardous substance with a non-hazardous substance. Thirdly Isolation Isolating the hazard from the person at risk, eg using a guard or barrier. Fourthly Engineering Redesign a process or piece of equipment to make it less hazardous. Fifthly Administrative Adopting safe work practices or providing appropriate training, instruction or information. Sixthly Personal Protective Equipment The use of personal protective equipment could include using gloves, glasses, earmuffs, aprons, safety footwear, dust masks. 9.1.3 Elimination of the hazard should always be first choice, followed by preventative measures, such as using inherently safer design or adopting safe operating procedures. Mitigation of consequences, e.g., by use of appropriate PPE, should always be last choice. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 39 of 117
9.1.4 Measures to recover from incidents should be provided based on risk assessment and should be developed taking into account possible failures of the control and mitigation measures. Based on the findings of the evaluation, detailed health, safety and environmental objectives and management programmes should be set at appropriate levels. 9.1.5 When the risk is categorised, the management shall identify the corrective action in order to manage the hazard at an acceptable and as low as reasonably practicable (ALARP) risk level. For hazard with low risk, actions may not be required. Refer Fig 9.2. 9.2 RISK CONTROL 9.2.1 Risk control must be achieved using a predetermined hierarchy of controls. The primary aim of risk control is to eliminate the risk, the best way of achieving this being to remove the hazard. If this is not possible the risk must be minimised using one or more of the other control options from the hierarchy. 9.2.2 The risk control measure selected must be the highest possible option in the hierarchy to minimise the risk to the lowest level as reasonably practicable. 9.2.3 In many cases, it will be necessary to use more than one control method. Back-up controls, such as personal protective equipment, should only be used as a last resort or as a support to other control measures. 9.2.4 While the risk control process concentrates on controlling the highest ranked risks first, this does not mean that lower priority risks which can be controlled quickly and easily should not be controlled simultaneously. The best available control measures should be put in place as soon as possible. 9.2.5 In some cases it may be necessary to put temporary controls in place until such time as the proper controls can be instituted. Wherever there is a high risk and the control measures are not immediately available, temporary controls which reduce the risk(s) must be put in place or the activity must cease until adequate controls are implemented. 9.2.6 During the risk assessment process, the effectiveness of existing controls should have been evaluated. The risk control phase must take account of any necessary changes to existing control measures to ensure that the best available protection is afforded. In doing so, it important to check current controls against the hierarchy of risk controls to determine whether the highest option on the list is used. Just because controls have been in place for some time does not mean that they cannot be improved on. As with all stages of the risk management process, consultation is required to ensure that management and staff at all levels can make a contribution to the identification, assessment and control of the risks associated with hazards. 9.2.7 For specific EHS hazards, applicable legislation, codes of practice or standards will provide the information on what controls are to be implemented. ZonesCorp EHS Documents are referred in Section 10 of this document. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 40 of 117
9.2.8 Controlling hazards are critical to the success of reducing the risk of hazards in the workplace. Based on the risk assessment, controls will need to implement to reduce the risk to an acceptable level. Risk Level Corrective Action Time Frame Extreme Immediately High 24 hours Medium 14 days Low 28 days Negligible Not applicable
9.2.9 At least one control method in the corrective action plan is required to be implemented within the specified time frame to reduce the risk to an acceptable level. 9.2.10 Upon the nature of the hazards, control measures shall be identified and implemented (applicable to moderate risk, high risk and extreme risk). The hierarchy of control shall be as follows: a. Elimination of the hazard (where possible); b. Substitution (e.g. use a less hazardous substance / environmentally friendly materials); c. Engineering - for plant and equipment (e.g. exhaust ventilation); d. Procedural (e.g. via improving work methods, housekeeping); and e. Personal protective equipment (PPE) it is the last resort if the above measures are not practicable. 9.2.11 In the evaluation of which measures shall be taken, consideration shall be given to reducing risk to a level deemed ALARP. It is a consideration of the legal requirements, international standard/guideline (e.g. exposure limit for chemicals), balance amongst organizations HSE policy/objectives, public awareness and its tolerance, availability of resources, cost and benefits, the status of scientific and technical knowledge. It shall be noted that the status of the said factors are changed from time to time. 9.2.12 To reduce a risk to an ALARP level (in fact, it is difficult to determine the exact level), it involves balancing reduction in risk to a level, objectively assessed, where the trouble, difficulty and cost of further reduction measures becomes unreasonably disproportionate to the additional risk reduction obtained. To demonstrate ALARP, it requires consideration of different options to ensure the organization gets best reward over the lifetime of the operation. 9.2.13 When the mitigation / recovering measures are identified, an action plan shall be formulated addressing roles and responsibilities, training required for the CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 41 of 117
relevant parties, time frame for completing the actions, the required changes for the EHSMS and its associated documents / procedures, the procedures for quality assurance, monitoring, maintenance and inspection (where appropriate). More importantly, the action plan shall be followed up (e.g. progress) to ensure actions are closed per the plan. 9.2.14 Depending upon the magnitude of risks and the potential consequences of hazards, risk assessment shall be periodically reviewed by competent staff (normally at annual intervals). The review shall verify if the base assumptions have changed since the original design was implemented or since the risks were reviewed previously (e.g. change of legal requirements, public perception, whether the introduction of new technology could reduce the ALARP level, whether the performance of the plant/equipment lived up to the expectation of the original design in terms of accident and equipment uptime). 9.2.15 Safety procedures and risk control measures shall also be reviewed at regular time intervals to ensure their effectiveness and coping with the change in the matters to which they relate. 9.2.16 Figure 9.1 and 9.2 elaborates concepts of Risk Acceptability, ALARP and Hierarchy for Risk Management CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 42 of 117
Figure 9.1: RISK ACCEPTABILITY Broadly Acceptable Region The ALARP region (risk is undertaken only if a benefit is desired) Intolerable region Risk cannot be justified on any grounds Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement made Tolerable if cost of reduction would exceed the improvement gained No need for detailed work to demonstrate ALARP Negligible risk Broadly Acceptable Region The ALARP region (risk is undertaken only if a benefit is desired) Intolerable region Risk cannot be justified on any grounds Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement made Tolerable if cost of reduction would exceed the improvement gained No need for detailed work to demonstrate ALARP Negligible risk
Figure 9.2 - Risk Management Hierarchy (UK Health & Safety Executive) Alarms, guards and shields, fire and blast walls, safety valves, separation, deluge, control of release energy, secondary containment, drain systems, recovery (emergency response, medivac, fire-fighting, clean-up, reinstatement), PPE, etc. OVERVIEW Permanently remove or replace the hazard Reduce the likelihood of the hazard occurring Reduce the consequence and effects of the hazard RISK MANAGEMENT HIERARCHY ELIMINATE PREVENT CONTROL Permanently stop activity or chemical usage, replace chemical with less harmful chemical, etc. Risk assessment, inventory reduction, design standards, protective devices, drills, training, asset integrity (risk based inspection and reliability centred maintenance), incident investigation, HSE audit, competency assurance, etc. EXAMPLES Alarms, guards and shields, fire and blast walls, safety valves, separation, deluge, control of release energy, secondary containment, drain systems, recovery (emergency response, medivac, fire-fighting, clean-up, reinstatement), PPE, etc. OVERVIEW Permanently remove or replace the hazard Reduce the likelihood of the hazard occurring Reduce the consequence and effects of the hazard RISK MANAGEMENT HIERARCHY ELIMINATE PREVENT CONTROL Permanently stop activity or chemical usage, replace chemical with less harmful chemical, etc. Risk assessment, inventory reduction, design standards, protective devices, drills, training, asset integrity (risk based inspection and reliability centred maintenance), incident investigation, HSE audit, competency assurance, etc. EXAMPLES Permanently remove or replace the hazard Reduce the likelihood of the hazard occurring Reduce the consequence and effects of the hazard RISK MANAGEMENT HIERARCHY ELIMINATE PREVENT CONTROL ELIMINATE PREVENT CONTROL Permanently stop activity or chemical usage, replace chemical with less harmful chemical, etc. Risk assessment, inventory reduction, design standards, protective devices, drills, training, asset integrity (risk based inspection and reliability centred maintenance), incident investigation, HSE audit, competency assurance, etc. EXAMPLES
ALARP CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 43 of 117
10. RISK RECORDING Risk Records are always maintained as the LIVE Documents. 10.1 Recordkeeping is essential for effective Risk Management through identifying the responsibilities, setting target dates tracking the recommendations, implementation follow-up, close-out etc. 10.2 Following are the recommended methods for Risk Management Recordkeeping a. HSE Case b. HAZOP / HAZID Recommendations & Close-out Sheets c. Hazard & Effect Register (Appendix 7) d. HSE Impact Assessment Action Plans 10.3 This section outlines the key requirements for HSE Case and Appendix 7 provides guidance for developing the Hazard & Effect Register 10.4 Entities may use any Format for Hazard Management Recordkeeping satisfying or exceeding the requirements of this document. 10.5 HSE CASE A demonstration of how the Entity HSE objectives are being met in a methodical and auditable reference document. A completed Case will provide a reference document to all information relevant to the safety, and health of the operations personnel, environment and resources on an installation An HSE Case may be described in different ways but it is typically done in 7 parts as follows: 10.5.1 Part 1: Management Summary and Introduction This includes a summary of the Case objectives, the main findings and risks, and a brief introduction to the main document. Sometimes the management summary is extracted as an executive document for distribution to senior managers, leaving Part 1 as the Introduction. 10.5.2 Part 2: HSE MS for facility or operation. A description of those elements of the HSE Management System that are directly applicable to the operation or facility. 10.5.3 Part 3: Activities Catalogue A description of those HSE-critical activities which are applicable to the operation of facility. This is recorded at a level, which shows that the controls are in place, and that these are suitable and sufficient for the risks addressed. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 44 of 117
10.5.4 Part 4: Description of Operation or Asset. A description of the operation or facility, adequate to provide background information to the hazards and effects analysis, to enable a clear understanding of EHS-critical aspects. This will include, for example, safeguarding systems and emergency response capabilities. 10.5.5 Part 5: Hazard and Effects Register a. This contains a demonstration that all hazards and effects have been identified, and the necessary risk evaluation has been carried out and that necessary controls to manage the causes and consequences are in place for those risks identified as significant through a process of ranking. b. Significant environmental effects* will be included if the case is to be used for compliance with ISO-14001, (* For ISO 14001, this will include a description of those 'aspects' which result in environmental effects.) c. Typically, the controls and procedures in place to manage HSE workplace hazards, effects and aspects which occur across the company are described in one place and referred to from the HSE Case. Those responsible on the facility for ensuring that the procedures are followed are identified in the management system in Parts 2 & 3 of the HSE Case. 10.5.6 Part 6: Shortfalls This summarises any shortfalls identified, with a plan to resolve the findings and thereby improve the operation. 10.5.7 Part 7: Statement of Fitness The Statement of Fitness explains that the hazards and effects associated with the installation or operation have been evaluated and measures have been taken to reduce the risks to ALARP, the lowest level that is reasonably practicable. The Statement of Fitness must affirm that conditions are satisfactory to continue the operation. 10.5.8 Detailed guidance on how to prepare HSE or Safety Cases can be found in the following documents: a. Shell EP95-0310 Implementing and Documenting an HSE Management System and HSE Cases (Sept ember 1998) b. Guidance documents by U.K. Health & Safety Executive CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 45 of 117
11. REFERENCES 11.1 Abu Dhabi Emirate EHS Management System Manual 11.2 ZonesCorp Code of Practice on EHS Management System Framework 11.3 ZonesCorp Code of Practice on EHS Compliance Enforcemet 11.4 ZonesCorp Code of Practice on EHS Audits & Inspections 11.5 ZonesCorp Code of Practice on EHS Impact Assessment (EHSIA) 11.6 ZonesCorp Code of Practice on EHS Risk Management 11.7 ZonesCorp Code of Practice on Integrity Assurance & Management 11.8 ZonesCorp Code of Practice on EHS Management of Contractors 11.9 ZonesCorp Code of Practice on EHS Performance Monitoring & Reporting 11.10 ZonesCorp Code of Practice on Waste Management 11.11 Australia/Standards New Zealand HB 203:2000, Environmental Risk Management Principles and Process 2001, Appendix F and 4360: 1999, Risk Management 1999. For Potential EHS Impact and Potential Incident Consequences 11.12 Shell EP95-0310 Implementing and Documenting an HSE Management System and HSE Cases (Sept ember 1998) 11.13 Risk Assessment and other guidance documents by U.K. Health & Safety Executive CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 46 of 117
Appendix 1 RISK ACCEPTANCE CRITERIA CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 47 of 117
RISK ACCEPTANCE CRITERIA This Appendix is provided for guidance purpose only Entities may use any internationally acceptable Risk Acceptance Criteria. In general, risks are expressed in terms of Individual Risk and Risk to a Group (Societal Risk) (Refer to Figure 1). 1. Societal (or Group) Risk Societal or group risk measures the overall risk of an Operation to the Entity, the industry or a community. There are several ways of presenting societal risk, but the measures most used are Potential Loss of Life (PLL) and fN Curve. PLL is defined as the long-term average number of fatalities per year due to a specific cause. The PLL is a measure of the risk to a group of people as a whole and does not provide details on whether a particular category of personnel is more exposed than others. In measuring the effectiveness of various risks reducing measures, it is most appropriate to compare the PLL values. This approach gives an absolute measure of the benefit (or otherwise) of that particular option against a defined base case. fN curve graphically depicts the number of fatalities as a function of the estimated frequency that those fatalities occur. The fN curve is cumulative, i.e. the frequency for N fatalities is the frequency of N or more fatalities. This approach allows to differentiate between High Impact - Low Frequency events and Low Impact - High Frequency, even if the PLL is equivalent. 2. Individual Risk Two measures are used: Location Specific Individual Risk (LSIR) and Individual Risk Per Annum (IRPA). The LSIR measure, expresses the risk exposure to any individual, if initially present, in a particular area for one whole year or for the full duration of the activity. The risk exposure is calculated for all relevant hazards and summed to give the overall risk in particular areas of the plant. In the fatality estimation, the consequences of each outcome from an accidental event are represented by the probability of death for an individual initially present in a particular area of the platform when the event occurs. The IRPA is a person specific individual risk. The Individual Risk Per Annum takes the amount of time a person actually spends in a particular area of the operation into account, e.g. 20% of 12-hour shift working in the Utility area. If risk could be measured by a risk meter carried by individuals, than the risk measured would be the IRPA. IRPA is often used CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 48 of 117
to compare the risk levels between different worker types, since there is a considerable difference in the type of work and hence the risk exposure. 3. Risk Acceptance Criteria Risk Acceptance Criteria has adopted criteria for fN and Individual Risk Per Annum (IRPA). Risk acceptance criteria that shall be applied as a part of the Quantitative Risk Assessment Process are provided in Figures 2 and 3. Figure 1: Risk Measures Individual Risk Individual risk IR is defined as the combined fatal risks to a named individual. IR includes factors such as: Total Risk, the sum of contributions from all hazards exposed to Occupancy, the proportion of time exposed to work hazards Vulnerability, the probability that exposure to the hazard will result in fatality IR (Individual Risk) = Total Risk x Occupancy x Vulnerability
Societal Risk Societal risk is generally used to describe multiple injury accidents / fatalities or to describe risks to unnamed individuals, which could include the public and is usually described by F-N Curves (Frequency vs. Fatalities listed in increasing order of magnitude, 10, 100, 1000 etc.). SR may also be calculated as a single value known as PLL, which is given by the expression: SR = Frequency of hazard occurring x Proportion of time person(s) are exposed x Number of people exposed x Vulnerability Number of people exposed includes workers who are defined as anybody directly or employed by the Contractor(s).
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 49 of 117
Figure 2: Risk Criteria for Individual Risk Broadly Acceptable Region The ALARP region (risk is undertaken only if a benefit is desired) Intolerable region Risk cannot be justified on any grounds Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement made Tolerable if cost of reduction would exceed the improvement gained No need for detailed work to demonstrate ALARP Negligible risk Broadly Acceptable Region The ALARP region (risk is undertaken only if a benefit is desired) Intolerable region Risk cannot be justified on any grounds Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement made Tolerable if cost of reduction would exceed the improvement gained No need for detailed work to demonstrate ALARP Negligible risk
Figure 3: Risk Criteria for Societal Risk
F-N Curve for Societal Fatal Risk 1.00E-08 1.00E-07 1.00E-06 1.00E-05 1.00E-04 1.00E-03 1.00E-02 1.00E-01 1.00E+00 1 10 100 1000 FATALITIES F R E Q U E N C Y
( p e r
y e a r ) Unacceptable Risk Acceptable Risk ALARP 2
ALARP CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 50 of 117
APPENDIX 2 AS LOW AS REASONABLY PRACTICABLE ALARP CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 51 of 117
AS LOW AS REASONABLY PRACTICABLE ALARP ALARP is an abstract concept, which cannot necessarily be expressed, in absolute or quantitative terms. Therefore the following statements are provided as a guide to determining whether a particular risk is being managed to an ALARP level: a. Management decides whether ALARP is achieved, on a case by case basis, for each particular risk. b. For each particular risk ALARP can only be determined by comparing a number of risk management options. c. If risk is not managed in a manner that meets applicable standards and international best practice, ALARP has not been achieved. d. ALARP has not been achieved if for only a small incremental cost, risk could be appreciably reduced. e. There are many quantitative and qualitative tools that may be used to demonstrate that risks are managed to ALARP, e.g. RAM, QRA, HAZOP, HAZID, HAZAN, SWIFT, best industry practice, etc. As a guide to deciding whether risk is managed to ALARP, the following statements can be made about the example in Figure A2: a. Options 1 and 2 are not ALARP as the risk is not managed to applicable standards and risk acceptance criteria. b. Option 3 may be ALARP. However, if for only a small incremental cost, risk could be reduced further as in Option 4, Option 4 would then be ALARP. c. Options 5 may not be ALARP as reduction in risk may not be justified by the additional risk management costs. d. Option 6 is not ALARP since the risk management costs outweigh the reduction in risk. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 52 of 117
Figure A2 - Options Appraisal and Managing Risk to ALARP 1 2 3 4 5 6 Increasing Costs Decreasing Level of Risk Unacceptable Level of Risk Risk Management Options Level of risk that remains when each option is implemented Costs of implementing each option ALARP 1 2 3 4 5 6 Increasing Costs Decreasing Level of Risk Unacceptable Level of Risk Risk Management Options Level of risk that remains when each option is implemented Costs of implementing each option ALARP
Establish the context CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 53 of 117
APPENDIX 3 RISK ASSESSMENT TECHNIQUES CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 54 of 117
RISK ASSESSMENT TECHNIQUES This appendix lists the most commonly used techniques for Risk Evaluation. These are only given as guidelines. Entities may use any Technique suitable to their business activities and satisfying the requirements of this Code of practice
1. Qualitative Risk Assessment: The qualitative approach uses Risk Assessment Matrix (refer to Figure 7.1) as a guide in determining the Risk potential
2. Quantitative Risk Assessment (QRA) uses historical/statistical and failure data along with computer-generated consequence modelling to generate people risk data. From QRAs one will get Individual Risk (IR), public risk and/or Societal Risk (SR)
3. What if. For relatively uncomplicated processes, review the process from raw materials to product. At each handling or processing step, what if questions are formulated and answered, to evaluate the effects of component failures or procedural errors on the process.
4. Checklist. For more complex processes, the what if study can be best organized through the use of a checklist, and assigning certain aspects of the process to the committee members having the greatest experience or skill in evaluating those aspects. Operator practices and job knowledge are audited in the field, the suitability of equipment and materials of construction is studied, the chemistry of the process and the control systems are reviewed, and the operating and maintenance records are audited. Generally, a checklist evaluation of a process precedes use of the more sophisticated methods described below, unless the process has been operated safely for may years and has been subjected to periodic and thorough safety inspections and audits.
5. What-If / Checklist. The what-if / checklist is a broadly based hazard assessment technique that combines the creative thinking of a selected team of specialists with the methodical focus of a prepared checklist. The result is a comprehensive hazard analysis that is extremely useful in training operating personnel on the hazards of the particular operation. The review team is selected to represent a wide range of production, mechanical, technical, and safety disciplines. Each person is given a basic information package regarding the operation to be studied. This package typically includes information on hazards of materials, process technology, procedures, equipment design, instrumentation control, incident experience, and previous hazards reviews. A field tour of the operation also is conducted at this time. The review team methodically examines the operation from receipt of raw material to delivery of the finished product to the customers site. At each step, CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 55 of 117
the group collectively generates a listing of what-if questions regarding the hazards and safety of the operation. When the review team has completed listing its spontaneously generated questions, it systematically goes through a prepared checklist to stimulate additional questions. Subsequently, answers are developed for each question. The review team then works to achieve a consensus on each question and answer. From these answers, a listing of recommendations is developed specifying the need for additional action for study. The recommendations, along with the list of questions and answers, become the key elements of the hazard assessment report. 6. Hazard and Operability Study (HAZOP). HAZOP is a formally structured method of systematically investigating each element of a system for all of the ways in which important parameters can deviate from the intended design conditions to create hazards and operability problems are typically determined by a study of the piping and instrument diagrams (or plant model) by a team of personnel who critically analyze effects of potential problems arising in each pipeline and each vessel of the operation. Pertinent parameters are selected, for example, flow, temperature, pressure, and time. Then the effect of deviations from design conditions of each parameter is examined. A list of key words, for example, more of, less of, part of, are selected for use in describing each potential deviation. The system is evaluated as designed and with deviations noted. All causes of failure are identified. Existing safeguards and protection are identified. An assessment is made weighing the consequences, causes, and protection requirements involved.
7. Failure Mode and Effect Analysis (FMEA). The FMEA is a methodically study of component failures. This review starts with a diagram of the operation, and includes all components that could fails and conceivably affect the safety of the operation. Typical examples are instrument transmitters, controllers, valves, pumps, rota-meters, etc. These components are listed on a data tabulation sheet and individually analyzed for the following: Potential mode of failure, (i.e., open, closed, on, off, leaks, etc.) Consequence of the failure; effect on other components & effects on whole system. Hazard class, (i.e., high, moderate, low) Probability of failure Detection methods; and Remarks/compensating provisions. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 56 of 117
Multiple concurrent failures also are included in the analysis. The last step in the analysis is to analyze the data for each component or multiple component failure and develop a series of recommendations appropriate to risk management.
8. Fault Tree Analysis. A fault tree analysis can be either a qualitative or a quantitative model of all the undesirable outcomes, such as a toxic gas release or explosion that could result from a specific initiating event. It begins with a graphic representative (using logic symbols) of all possible sequences of events that could result in an incident. The resulting diagram looks like a tree with many branches listing the sequential events (failures) for different independent paths to the top event. Probabilities (using failure rate data) are assigned to each event and then used to calculate the probability of occurrence of the undesired event. This technique is particularly useful in evaluating the effect of alternative actions on reducing the probability of occurrence of the undesired event. 9. Task Risk Assessment (TRA): is an accident prevention tool that works by identifying hazards and eliminating or minimizing them before a job is performed, and before they have a chance to become accidents. Also known as Job Safety Analysis 10. ENVIRONMENT HEALTH & SAFETY IMPACT ASSESSMENT (EHSIA) An EHS Impact Assessment (EHSIA) Report is a living document that considers the full lifecycle of project, facilities and operations. It must address the HSE impacts in each of the life cycle phases i.e. project conception, design, tender, construction, commissioning, operation, decommissioning, abandonment and site restoration of a project. ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide guidance about the requirements for conducting EHS Impact Assessment CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 57 of 117
APPENDIX 4 RISK ASSESSMENT METHODOLOGIES CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 58 of 117
RISK ASSESSMENT TECHNIQUES This appendix outlines brief description about methodologies for various techniques used for Tier 1 and Tier 2 Risk Assessment. These are only given as guidelines. Entities may use any Technique suitable to their business activities and satisfying the requirements of this Code of practice. The methodologies are provided for: 1. Qualitative Risk Assessment 2. Task Risk Assessment (TRA) 3. Semi-Qualitative Risk Assessment 4. Quantitative Risk Assessment 5. Environment Risk Assessment 6. Hazard Bow-Tie Model 7. Fire Risk Assessment 8. Occupational Health Risk Assessment 9. Safety Integrity Level (SIL) Analysis 10. Simultaneous Operations (SIMOPS) 11. EHS Impact Assessment
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 59 of 117
A. TIER 1 RISK ASSESSMENT Risk Assessment Matrix (RAM) is given in Section 7. A Tier 1 Risk Assessment of all activities in Entity must be carried out against the RAM. To ensure coverage of all HSE risks, regular screening of all activities should be carried out against the RAM using Qualitative Risk Assessment. This appendix also provide details of how Tier 2 Environmental Risk Assessment, Fire Risk Assessment, and Occupational Health Risk Assessment shall be carried out. However, Tier 1 assessment of these risks can all be carried out through the Qualitative Risk Assessment. The RAM standardizes Tier 1 HSE Risk Assessment within Industrial Sector Entities. The RAM provided in Fig 7.1 shows Risk as the product of Probability (or likelihood) and Severity (or consequence). The severity classes can be evaluated with respect to Environment, Health and Safety. Table 7.3 provides guidance criteria for identifying the Severity of Consequences. A1. QUALITATIVE RISK ASSESSMENT (QRA) The qualitative approach uses Risk Assessment Matrix (refer to Figure 7.1) as a guide in determining the Risk potential. This approach depends on a select team of experienced personnel who are knowledgeable regarding accident, historical loss and failure data associated with the industry, which allows the team to make professional probability/consequence decisions in order to establish a qualified risk level.
This technique is a system for structured brainstorming of all HSE Risks arising from the activities of a particular department or section. The essential features are: a. All the activities at the facility should be considered for evaluation of risk. b. As a minimum, the following items shall be considered during a GRA study: Hazards associated with the process or facility being reviewed. Evaluation of any previous process or near-miss incidents. Applicable engineering and administrative controls. Consequences of failure of control measures. Facility site. Human factors c. Risks are evaluated against the RAM. d. The assessment is carried out at a brainstorming session involving a facilitator, department or section Heads, the first line Supervisor/ CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 60 of 117
Engineer(s) or experienced employees of equivalent calibre who are responsible for the activities and employees who carry out the activities. e. The findings are systematically recorded with agreed control measures and HSE management programmes. Recommended action items shall be tracked and closed out. f. Risks which cannot be reduced to low on the RAM are passed to Tier 2 for further evaluation and recommendation of suitable control measures. g. The exercise is repeated annually. h. Where TRA is also required, e.g. for tasks requiring a permit, the results of the assessment should be made available to those responsible for the TRA. Sub-Contractor(s) and Consultant(s) who carry out Tier 1 risk assessments, e.g., as part of EHSIAs, should use methods which are compatible with the requirements of this document.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 61 of 117
A2. TASK RISK ASSESSMENT 1. Purpose This section provides is to provide guidance on how to conduct a Task Risk Assessment (TRA). 2. Background: TRA is a. An accident prevention tool that works by identifying hazards and eliminating or minimizing them before a job is performed, and before they have a chance to become accidents. b. An important part of HRA in that it is the basis for managing workplace activities hazardous to peoples health. c. The basis for managing HSE critical activities through individual constituent tasks associated with workplace operations. 3. Roles and Responsibilities 3.1 Who Performs a Task Risk Assessment? a. TRA is normally a team exercise involving three to five people. b. The composition of the team depends on the individual task being reviewed. Operations & Maintenance Personnel should be involved in the TRA. If the task is to be carried out in a live operating facility a representative of the EHS should be in the team. c. The person involved in leading the analysis should have a level of technical competence relevant to the job to be analysed, as well as be a competent in the TRA process. d. The leader may decide to invite additional people with specific discipline expertise to participate. e. Tasks of greater complexity may involve HSE staff. f. If the task is large or particularly complex, a specialist Facilitator may be brought in to lead the TRA. 3.2 Implementation of the Task Risk Assessment Process a. It is the overall responsibility of the facility management that TRA is applied as and when required. b. It is the responsibility of the facility management to ensure that adequate and competent staff and competent TRA Facilitator(s) are available as and when required for scheduled task risk assessment sessions. . c. The section head or equivalent responsible for the work that is subject to a task risk assessment is responsible for initiating the TRA. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 62 of 117
d. The responsible job supervisor or equivalent will normally conduct the TRA using a team of people who will be involved in the work and who can offer the necessary expertise to evaluate the risks arising. e. In some cases others with specialist knowledge or experience may need to join the assessment team. f. If the task is too complex for the supervisor to handle, it is the Department Managers (or equivalent) responsibility to assemble a team and assign a competent TRA Facilitator. g. It is important to ensure that the agreed recommendations from a TRA are supported adequately. Ultimately all recommendations made by the individual or team need to be accepted by the concerned Manager (or equivalent) and in place before the task are carried out. h. It is the responsibility of the Section Head (or equivalent) that the findings and recommendations of the TRA are implemented. i. If the TRA has been conducted in preparation of a Permit to Work, it is the person accountable for issuing the work permit that is responsible for verifying whether the findings and recommendations of the TRA have been implemented. j. If needed, those involved in conducting the TRA shall be trained and guided in the technique. It is the responsibility of facility management that such training is provided, including training for facilitation skills (e.g. for the TRA Facilitator). 4. When to Apply a Task Risk Assessment a. TRA is appropriate for any HSE critical task where the hazards need to be identified, assessed and controlled. b. A TRA must be available as a condition of the issuance of a permit to work. However, TRA may also be appropriate for tasks not carried under permit, e.g. tasks in the office, workshops etc. c. During Qualitative risk assessments, the need for TRA may be identified. If so, the results of the Qualitative risk assessment should be made available to the TRA. d. The TRA can be applied to non-routine tasks. The most common areas of application are indicated in Table 1. e. Routine tasks do not require a new TRA to be carried out every time but the existing TRA should be reviewed each time to ensure that there are no changes in task, personnel or environment which may require a revision and all personnel involved in the task should familiarize themselves with the contents of the TRA. f. TRA should be thoroughly reviewed when major changes are carried out or at least once a year. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 63 of 117
g. See section 1 of Table for details on application of TRA in the facility. Table 1: Application of TRA TYPE OF TASK DESCRIPTION Routine Tasks which have potential for serious personal injury / illness, or environmental impact, or equipment damage Tasks possibly conflicting with other activities Tasks being carried out in unusual circumstances Jobs in which minor or major accidents have previously occurred As verification of the hazard control measures in place of an established work procedure Non-Routine New jobs that have never been done previously, or jobs that are done infrequently
Jobs with steps that have been altered from the original job steps 5. How to Conduct a Task Risk Assessment See the flowchart for conducting a TRA, Figure 1. The steps on the flowchart are numbered and discussed below. The TRA Worksheet shown in Figure 2 is used to record the findings of the TRA session. Step 1 Initiating the TRA Determine the task to be analysed, establish the scope of work and the objectives of the TRA. Convene and select appropriate attendees and brief the TRA team. The scope of work should include the task to be analysed and the range of operating environments to be considered. The scope of work should also include a clear description of the geographical area in which the task is to take place. The above details are recorded in the top half of the TRA Worksheet. Step 2 Breaking Down the Task Break down the task into its basic steps, describing what is to be done and in what sequence. If the TRA is applied to an existing task, this information can often be found in the present work procedure. In defining the steps a balance must be made between too much and too little detail. As a general rule, the demarcation between steps will be marked by some change in CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 64 of 117
activity or location, which would result in different hazard potential or exposure. As a rule of thumb, the total number of steps should not exceed 15. If more than 15 steps are identified and it is not feasible to merge some steps without losing detail, it is recommended to split the task and conduct a TRA for the separate tasks. Each step description should clearly provide a statement of what is to be done, without giving details on how it s done and by whom. Record the steps on the TRA Worksheet. Step 3 Identify Hazard Potential The most important activity in a TRA is the identification of the hazard potential associated with each of the individual steps. Examine each basic step for hazards that could be present as a result of the task itself or of the work environment. At the same time, consider departures from expected circumstances that could release or expose the hazard. TRA requires a systematic approach, based on a structured set of questions (see Table 2) or a checklist (see Table 3). Record the hazard potential on the TRA Worksheet. Step 4 Identify Consequences Establish whether people, environment, assets or reputation can be harmed. For some task steps it may be necessary to look at one or two of these consequence measures, e.g. people or environment. If more than one consequence measure is to be considered; only the consequence with the highest Severity rating should be described. The severity ratings shall be taken from the Risk Assessment Matrix (RAM). Describe the consequences on the TRA Worksheet, and assign the associated Severity category under S on the worksheet. Step 5 Determine Risk Determine the risk associated with the job step being analysed. In order to estimate the risk, both the consequences and probability of a hazard potential need to be reviewed. The consequences have already been determined see Step 4. The probability can now be assigned for the specific consequences recorded in the previous step, using the RAM (Fig 7.1), i.e., assigning the probability as improbable, remote, occasional, probable or frequent. For the purposes of TRA these probability categories should be interpreted as follows:
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 65 of 117
Table 2- Probability of Occurrence Descriptor Likely Frequency Probability Environment Health and Safety Frequent Continuous or will happen frequently. Occurs several times a year at location. 5 Often 5 12 times per year. Occurs several times a year in similar industries in UAE. 4 Likely 1 5 times per year. Has occurred at least once in UAE. 3 Possible Once every 5 years. Has occurred in industry (Worldwide). 2 Rare Less than once every five years. Never encountered in industry. 1 The probability category is recorded under P on the worksheet. With the probability (P) and consequences (S) known, the risk can be assigned I. Step 6 Identify Control Measures Use the RAM to determine whether the risk identified is High, Medium (ALARP) or Low. For job steps that can be associated with High and Medium risk it is necessary to identify potential risk reducing measures, and to assess the effectiveness of these control measures. Each hazard and potential incident should be examined and control measures identified. A useful hierarchy of solutions, ranked in order of effectiveness, is shown in Table 4. A distinction has been made between preventative measures (how can the consequences/ accident be prevented?) and mitigating measures (how can the consequences be minimised?). Note: If the task analysed indicates that a significant number of steps can be associated with High or Medium risk, the control measures should be reviewed by looking at the entire task and the overall risks involved. If the task described involves a number of high risks, a change in the entire task may be more appropriate than controlling each hazard individually.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 66 of 117
Step 7 Determine Residual Risk Determine the risk level, assuming all of the control measure(s) identified in Step 6 are in place, this is known as the Residual Risk. The residual risk is estimated using the same principles as applied for determining the initial risk (see steps 4 and 5 above), except that the control measures is assumed to be implemented. In general, the control measures can reduce the consequences (S) or the probability (P). The residual risk is then assessed in terms of High, Medium (ALARP) or Low risk. In the event the risk is still High or Medium, other or additional control measures will need to be contemplated. Step 8 Implement Control Measure(s) Once an appropriate control measure has been identified, it may be necessary to assign an action in order to ensure implementation. The action as well as the responsible party is recorded on the TRA Worksheet. Step 9 Recording of TRA The completed TRA Worksheets should be accompanied by a summary report, detailing: The scope of work. Venue and time of the TRA session(s). Position/ qualifications of team members. Assumptions made. Summary of actions. Abbreviations used. A copy of the summary should be available at the workplace for use as a site reference. Where a programme of Task Risk Assessments has been undertaken, the results should be filed in an appropriate reference manual. Additional controls identified during TRA should be incorporated into written work instructions to ensure that they are applied on all repeat work. Permit to work should not be issued unless and until all of the safeguards identified in the TRA can be shown to be in place. Step 10 Review and Update of TRA If the TRA fails to identify all significant factors or hazards, the way in which the task is done may differ from that identified in the original TRA. Therefore it is important to review and update the original TRA after the job has been completed, to review its relevance as well as to ensure that the experience and CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 67 of 117
information gained by doing the job remains available to others who may be required to perform the same or similar jobs. When reviewing the TRA on completion of the job, the following should be considered: Changes to job circumstances. Changes to the environment, specifications, or tools and equipment can cause job steps to be added, deleted or modified. Changes in job steps can introduce new hazards requiring new solutions. Unforeseen hazards. Once a job has commenced, additional unforeseen hazards may present themselves so that solutions have to be developed on the job. These job-developed solutions need to be included in the revised TRA. External influences and interfaces. When conducting a TRA it is often difficult to identify all of the possible external factors that impact on the job and to assess the interface with other jobs and people in the immediate vicinity. Feedback of this type can be invaluable to people planning similar jobs in the future. For a regularly repeated task, the risk assessed procedure would be the subject of training and periodic review to ensure it is still valid. Retaining the documented TRA will allow future users to understand the reasoning behind the specified controls. In subsequent use, if the responsible Engineer has determined that there has been no change in conditions, it is not necessary to repeat the TRA itself but only to maintain the controls as originally developed. Nevertheless, the TRA should be revalidated at least every 3 years, to ensure that the conditions have not changed and the control measures are still adequate. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 68 of 117
Figure 1: Task Risk Assessment Initiation- Identify Task Scope and TRA Objectives Breakdown Task into Basic Steps Identify Hazard Potential Identify Consequences Determine Risk Risk High or Medium Identify Control or Recovery Measures Identify Residual Risk Risk High or Medium Identify Action/ Responsible Person Work Can Proceed 1 2 3 4 5 6 7 8 Yes No Yes No Recording of TRA 9 Update TRA 10 P r e - T a s k
R e v i e w T a s k
E x e c u t i o n P o s t - T a s k
R e v i e w A n a l y s i s
F o r
A l l
S t e p s For All Steps
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 69 of 117
Table 2: Questions to Identify Hazard Potential
No. EXAMPLE QUESTION 1 Can the employee be struck by or contacted by anything while doing this job step? 2 Can the employee strike against or make injurious contact with anything? 3 Can he be caught in, on or between anything? 4 Can the employee strain or overexert? 5 Can the employee slip or trip on anything. Can he fall in any way? 6 Can the employee be exposed to any injurious conditions such as g, heat, fumes, pressure, chemicals, asbestos, etc.? 7 Can the employee injure a fellow employee? 8 Can damage to equipment occur? 9 Can pollution of the environment occur? 10 When is the task to be executed, could it be carried out at a more appropriate time (e.g. during shutdown)? 11 Where is the task to be performed, could it be carried out in a safer location? 12 Are there any simultaneous operations which have a significant safety impact on the task (e.g. other tasks occurring as part of the same work scope, or other work in the adjacent area)? 13 What hazardous materials are involved (e.g. chemicals, combustibles, inert gas) within the system being worked on or within the area worked in? 14 What hazards are introduced by tools and equipment to be used? 15 What hazards are introduced by the specific circumstances of the job to be performed (e.g. day / night, exposure to weather, in a shutdown, simultaneous operations, etc.)? 16 Are there any location related hazards (e.g. working at height, in confined spaces, below ground, etc.)? 17 Are there any installation related hazards (e.g. pressurised systems, extreme temperatures, etc.)? 18 Are there any adjacent areas (e.g. below, above, to the side) on which this task may have an impact? 19 Are there any safety systems involved whose function / availability may be impaired? 20 Does the task affect emergency response or (e.g. restricting emergency exits, etc.) or require a dedicated emergency contingency plan?
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 70 of 117
Table 3: Hazard Checklist
HAZARD CATEGORY HAZARDS CONSEQUENCES /EFFECTS Chemical Dust Particulars Vapour/gas (toxic or flammable) Liquid (toxic or flammable) Solid Respiratory disease Occupational disease Poisoning, oxygen deficiency, fire/explosion, burns Dermatitis, poisoning, fire/explosion, burns Fire/explosion, burns Physical Noise Ionising radiation Slips, trips and falls Compressed gas Temperature Manual handling Explosion Confined space Reduced hearing capability Cancer Bruise, fractured bone, fatality Eye damage, tissue damage Burns (cold and hot), fire Chronic back injury, general injury Fatality, fire Oxygen deficiency, poisoning Mechanical Rotating machinery Mechanical lifting Operation of vehicles Permanent disability Cuts, bruising, abrasions Fatality, damage to equipment Electrical Static Voltage > 30 volts Shock, fire, explosion Shock, burns, fatality Biological Microbiological organisms Viruses Illness Illness, fatality Ergonomic Moving and lifting equipment Machinery design Workstation layout Control room design Process plant design Equipment damage, injury Inadequate use, injury Tiredness, headache, fatigue Inadequate control of plant Inadequate operation of plant Psychological Shift patters Work organisation Fatigue, stress, lacking motivation Inefficient work patterns Environment Humidity Fatigue CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 71 of 117
HAZARD CATEGORY HAZARDS CONSEQUENCES /EFFECTS Temperature Lighting Population Space Inability to work efficiently Eye strain, headache Fatigue Inefficient work patterns Natural Earthquake Rain/ snow Lightning Winds (hurricane) Structural and equipment damage, fire / explosion Structural and equipment damage, flooding Structural and equipment damage, fire / explosion Structural and equipment damage
Table 4: Examples of Control Measures
TYPE EXAMPLE CONTROL MEASURE P r e v e n t a t i v e
m e a s u r e s
1. Eliminating the hazard (e.g. relocating the task to a less hazardous environment) 2. Substitution (e.g. using a less hazardous material or process) 3. Reducing the frequency of a hazardous task 4. Enclosing/ isolating the hazard through physical barriers (e.g. guards, distance, spades, isolation) 5. Guarding/ segregating people 6. Additional procedures Additional supervision 7. Additional training 8. Instructions/ information (handouts/signs) 9. Use of (additional) personal protective equipment M i t i g a t i n g
m e a s u r e s
1. Use of (additional) personal protective equipment 2. Secondary containment 3. (Additional) detection and alarm systems 4. Escape and rescue equipment/ facilities 5. Emergency procedures
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS05 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 72 of 117
Figure 2: Task Risk Assessment Worksheet
TASK RISK ASSESSMENT WORKSHEET TASK DESCRIPTION WORK ORDER NO. TRA TEAM MEMBERS DATE BASELINE RISK RESIDUAL RISK STEP NO. DESCRIPTION OF TASK STEP HAZARD CONSEQUENCES PEOPLE, ENVIRONMENT, ASSETS, REPUTATION CONTROLS PREVENT, DETECT, CONTROL, MITIGATE S P R ADDITIONAL CONTROL MEASURES / ACTIONS RESP. PARTY S P R
Reviewed By: Section Head or Equivalent Approved by: Dept. Manager or Equivalent Name: Sign: Date:
Name: Sign: Date: S: Severity, P: Probability, R: Risk From The Risk Assessment Matrix (Fig. 8.1)
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 73 of 117
B. TIER 2: RISK ASSESSMENT Tier 2 risk assessments are all other assessments that are applied to assess the risk. These could be semi-quantitative (i.e. numerical scoring, engineering calculations, or simple modelling) in order to evaluate in greater detail and certainty the key HSE risk issues identified in a Tier 1 risk assessment and to evaluate suitable control procedures and HSE management programmes. When uncertainties exist a reasonable level of conservatism should be applied. B1. SEMI-QUANTITATIVE RISK ASSESSMENT
The semi-quantitative approach also depends on a select team of experienced personnel who have access to accident, historical and failure data to make professional probability decisions. Semi-quantitative assessments determine consequences based upon in-house use of hazard/probability tables which further support the risk matrix. The probability categories relate to the theoretically calculated chance of major incidents happening. They do not relate to actual events as experienced on specific plants, locations or companies.
B2. QUANTITATIVE RISK ASSESSMENT (QRA) Quantitative Risk Assessment (QRA) uses historical/statistical and failure data along with computer-generated consequence modelling to generate people risk data. From QRAs one will get Individual Risk (IR), public risk and/or Societal Risk (SR).
ZonesCorp does not stipulate QRA as a requirement for every Facility or operation with the aim to numerically quantify overall individual or people risk levels. The decision to conduct QRA is often driven by complexity, nature, severity of risks identified and/or the need to better define risk tolerability.
Note: Whichever propriety quantification methodology is used, Entity shall ensure it: Has an established track record Is broadly recognized within industry Is a development of a methodology with an established track record Has in-built quality assurance processes Ensures that assumptions made are recorded, justified and validated Reports against Dolphin acceptance criteria Uses recognized databases CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 74 of 117
1. Purpose This section describes the general principles of Quantitative Risk Assessment (QRA) and how it may be applied at Entity assets and Contractor(s) work areas. QRA is normally carried out by specialists, frequently employed by Consultant(s) and Contractor(s). 2. Background QRA is the means by which the risk associated with a hazard can be expressed as a numerical value, based on the hazards frequency and consequence. This numerical value can be compared to other risks from other hazards that are calculated in the same manner. QRA allows for the comparison of risk reduction options for a particular hazard on an equivalent basis, as well as allowing for the comparison of risks that are generated from separate and unique hazards (i.e. fire and explosion risks versus transport accidents). Because QRA represents risk as numerical values, standard mathematic functions can also be applied to the results of the quantification. The sum of all risks for all hazards at a facility gives an indication of the overall risk for that facility, while the sum of all risks in each particular area of the facility give an indication as to which locations or equipment sections are the most hazardous. It is important to contrast QRA with qualitative risk assessment, such as Tier 1 method (RAM). Neither is a better means of evaluating risk than the other, and either or both can be a valid means of evaluation of a particular risk. Both methods use the same basic steps of hazard identification, consequence assessment and exposure assessment in order to characterize risk. The primary differences in the methods are the level of complexity in these steps, as well as the level of experience and expertise of the personnel carrying out the assessment and a commensurate increase in the resources required to complete the exercise. Typically, qualitative risk assessment is used as a screening tool prior to the completion of a quantitative assessment. The result of this increasing use of QRA in the design/review process has contributed not only to increase safety through Risk-Based Design but also to improve cost effectiveness and savings in many areas. QRA can be applied to any type of hazardous event that has the potential to cause major or catastrophic damage (e.g. loss of life) including (among others): a. Fire and explosions; b. Chemical releases (routine and non-routine); c. Environmental releases; d. Electrocution; e. Road transport accidents; CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 75 of 117
f. Dropped objects; g. Falls, crushing and drowning; etc., Terminology used in evaluation of the hazards that make up these activities may vary, but the process used is valid for all of them. It is important to note that the use of QRA is valid for many types of incident. QRA is frequently associated with fire and explosion incidents, but while these types of incidents are very visible and dramatic, they account for a relatively small number of the fatalities which have occurred. 3. When to Apply Quantitative Risk Assessment The objective of any QRA is quantification of risk into a numerical value so that comparisons of risks and controls can be performed objectively. Particular examples where QRA would be applied include: a. The evaluation of risk reduction options where the relative effectiveness of the options is not obvious ; b. When the exposure of the workforce, public or strategic value of the asset is high, and risk reduction measures are to be evaluated ; c. When novel technology is involved resulting in a perceived high level of risk for which no historical data is available; d. When a demonstration that risks are being managed to a level which is as low as reasonably practicable (ALARP) is required; e. The application of QRA need not be limited to large, complex and expensive studies, however. It is a technique that can be applied quickly and inexpensively to help structure the solution to problems for which the solution is not intuitively obvious. QRA shall be used for evaluating the risks to people from fatalities, risk to assets from loss or significant damage and identify risk hot spots to provide input into the EHSIA Reports (COP-EHS04 EHS Impact Assessment) in order to facilitate a hierarchy of control for risk management at a facility. QRA is a Tier 2 methodology. QRA shall be used or all high Risks as defined by the RAM presented in Section 7 Fig 7.1. Medium risks may also be subject to QRA in order to add value to an ALARP evaluation. In accordance with the tiered risk assessment approach presented in Section 8 the RAM shall be used as a Tier 1 screening tool for determining the requirement for a QRA. In particular all Major Accident Hazards (MAH) should be subject to QRA For new projects and existing operations the results of QRA should be compared for defeminising risk acceptability (Section 8)
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 76 of 117
4. QRA Methodology Overview The QRA methodology is described in Table 1 below and depicted in Figure Table 1: Five Steps of a QRA Step Description 1 Hazard Identification The hazard identification consists of a qualitative review of possible accidents that may occur, based on previous accident experience or judgement where necessary. There are several formal techniques for this, which are useful in their own right to give a qualitative appreciation of the range and magnitude of hazards and indicate appropriate mitigation measures. Formal approaches include Hazard Identification (HAZID), Hazard & Operability studies (HAZOP), and Failure Mode and Effect Analysis (FMEA). In the context of QRA, hazard identification uses similar techniques, but has a more precise purpose - selecting a list of possible accidental scenarios that shall be further analysed quantitatively. Sometimes checklists are used. However, the most powerful tools for identification of events that may create incidents are imagination combined with experience. For this reason, a brainstorming session with those personnel involved in the design and operation of a process is often effective in determining a list of top events. 2 Frequency Estimation Once the potential accidental scenarios have been identified, frequency analysis estimates how likely it is for the scenarios to occur. The frequencies are usually obtained from statistical analysis of previous accident experience. In some occasions the statistical data cannot be applied directly to the selected accidental scenarios, in which case theoretical modelling may be required in particular the use of Fault Tree Analysis (FTA) and occasionally Event Tree Analysis (ETA). However, if historical data is not available or only available for facilities operating in different circumstances, or FTA cannot be applied, it is necessary to rely on the opinion of experts to interpret data for comparable equipment in order to make the best estimation. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 77 of 117
Table 1: Five Steps of a QRA Step Description 3 Consequence Analysis In parallel with the frequency estimation, consequence analysis evaluates the resulting effects if the accidents occur, and their impact on personnel, equipment and structures, the environment or business. Estimation of the consequences of each possible event often requires some form of computer modelling, but may be based on accident experience or judgements if appropriate. Physical effects from the release of hydrocarbons or toxic material such as dispersion, explosion over-pressures and heat radiation have to be calculated to assess whether escalation is a realistic possibility and the extent of the damage following the escalation. Important factors such as leakage rate and time dependence need to be calculated during consequence assessment prior to the determination of actual damages to people, assets and the environment. Often ETA is used to structure the possible outcomes of accidental scenarios. E.g. if ignited a flammable gas release can result in a jet fire, flash fire or explosion, depending on factors such as timing of ignition (immediate or delayed) and the degree of confinement in the area where the release occurred. ETA can help to organise the outcomes as a function of the parameters. 4 Risk Estimation Once the frequency and consequence for each scenario are determined as statistical quantities, potential loss for each scenario can be calculated as the product of the frequency and consequence values. Total potential loss can also be determined as the sum of the potential loss for each discreet scenario. Various forms of risk presentation may be used (risk measures); as further described in Appendix A. In general, risks are expressed in terms of Individual Risk and risk to a group (Societal Risk). CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 78 of 117
Table 1: Five Steps of a QRA Step Description 5 Risk Assessment Up to this point, the process has been purely technical, and is known as risk analysis. The next stage is to introduce criteria, which are yardsticks to indicate whether the risks are acceptable, or to make some other judgement about their significance. Risk assessment is the process of comparing the level of risk against a set of criteria as well as the identification of major risk contributors. The purpose of risk assessment is to develop mitigation measures for unacceptable generators of risk, as well as to reduce the overall level of risk to As Low As Reasonably Practical (ALARP). The ZonesCorp risk criteria are discussed in Appendix A. In order to make the risks acceptable; risk reduction measures may need to be implemented. The benefits from these measures can be evaluated by repeating the QRA with them in place, thus introducing an iterative loop into the process. The economic costs of the measures can be compared with their risk benefits using cost-benefit analysis. It is important to note that quantification of risk is an engineering exercise, but evaluation of ALARP is a management exercise. Ranking of options on the basis of the criteria considered important can be done objectively, but only management can make the value judgments required in selection of the criteria and determine the end points of practicability. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 79 of 117
Figure 1: QRA Methodology
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 80 of 117
C. OTHER EHS RISK ASSESSMENT TECHNIQUES
Depending on the nature of an activity or operation such as new projects, additional or complementary EHS Assessments or studies may be undertaken or referenced in support of risk management requirements.
This includes environment risk assessment, health risk assessment, escape, evacuation and rescue studies, fire and explosion risk assessment or modelling etc. Subsequent sections elaborates various types of Risk Assessments C1. ENVIRONMENT RISK ASSESSMENT 1. Purpose This section describes the general principles of Environmental Risk Assessment (ERA) and how it may be applied to entity assets and Contractor (s) work areas. 2. Background ERA is a measure of the potential threats to the environment and combines the probability that an event will lead to environmental degradation, with the severity of that degradation. ERA is an important tool for evaluating the potential consequences of an action or activity on the environment and for allowing informed decisions to be made on the magnitude of environmental risk. ERA allows a proactive approach to be taken to environmental management, rather than a reactive one focusing only on remedial measures. ERA is now widely recognised as an essential tool for businesses to incorporate environmental issues into their management systems. ERA is a key and integral component of sustainable development that is the need to ensure that activities carried out by society today do not compromise the ability of future generations to meet their needs. Sustainable development is recognised worldwide as a guiding principle that should be incorporated into all development decisions which could potentially impact on the environment. ERA is also linked to the Precautionary Principle which was adopted internationally by world governments at the United Nations Rio Conference in 1992. This principle states: Where there are threats of serious or irreversible damage, lack of full scientific certainty shall not be used as a reason for postponing costeffective measures to prevent environmental degradation. 3. When to Apply Environmental Risk Assessment In general, it shall be used for all the assets and Contractor(s) work areas, which are likely to have significant impacts on the environment and should be used in conjunction with EHS Impact Assessment. ZC-COP-EHS04 CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 81 of 117
ERA is integral part of the EHSIA reporting In particular ERA support an Environmental Impact Assessment (EIA) required as part of an EHSIA Report. ERA can also provide essential input on environmental risks for Pollution Prevention and Control (PPC) assessments. 4. ERA Methodology Environmental Risk Assessment includes a Tiered ERA methodology based on a source-pathway-receptor model. An underlying principle which should be borne in mind during problem formulation and throughout the risk assessment is the connection between the source (of the hazard), the pathway, the receptor and the impact. If any of these components is missing, then there is no need to take the risk assessment any further. Refer to Table 1 below for explanation about Tiered Approach Table 1: Tiered Environmental Risk Assessment DESCRIPTION Tier 1 of the ERA is consistent with Tier 1 of the tiered HSE risk assessment framework as explained above. In environmental assessments it is common to review accidental releases as well as continuous (routine) emissions; this is contrast with safety assessments where the focus is on accidental type of incidents. The ZonesCorp RAM is only suitable for the assessment of non-routine (accidental) events that have the potential to cause harm to the environment. Use of the RAM for routine releases will result in low risk determination. The process of legal screening is therefore particularly important to ensure that routine environmental events are correctly incorporated at this level and passed to a Tier 2 assessment. Routine events with the potential to cause harm to the environment shall be risk assessed using an alternative and complementary qualitative approach. If the initial Tier 1 assessment based on a worst case scenario indicates no cause for concern, more detailed analysis will not be needed. This allows detailed quantification of risks to be focused on those risks likely to be of most significance. Tier 2 of the ERA can be semi-quantitative (utilising simple quantitative calculations and models where appropriate) to further evaluate and assess significant environmental risks determined from the Tier 1 risk assessment. The hazard scoring and ranking methodology should be defined. A Tier 2 ERA can also be more detailed and be consistent with the requirements of a QRA utilising environmental end points as opposed to the human fatalities end point often associated with a QRA. There are many quantitative ERA techniques provided by US EPA and UK Environment Agency that may be used to address specific issues such as contaminated land ERA, exposure modelling assessments, etc. Any quantitative assessment process should be scoped and boundary conditions agreed before commencement. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 82 of 117
For the Tier 1 as well as any of the Tier 2 EAR methods a five stage approach is adopted, Refer to Table 2
Table 2: Five Steps of an ERA Step Description 1 Hazard Identification Hazard in the context of ERA is defined as a property or situation that in particular circumstances could lead to harm. The identification of hazards at each stage of the risk assessment process is of key importance in establishing the breadth of the overall assessment. It is also important that both primary and secondary hazards are identified during the process. 2 Identification of Consequences The potential consequences that may arise from a particular hazard depend upon the inherent nature of the hazard. The full range of potential consequences should be considered at this stage, without taking into account the likelihood (probability) of these consequences. This allows a broad view of potential environmental impacts to be examined initially, even though some may eventually be rejected as not significant due to low probability. 3 Magnitude of Consequences The consequences of a particular hazard may be actual or potential harm to human health, property or the natural environment. There are various ways of assessing the magnitude of consequences, depending on whether they are being considered as part of a risk screening process or a detailed risk assessment. Whichever stage in the process, the following issues need to be considered: Spatial scale of the consequences. Temporal scale of the consequences. The time of onset of the consequences. 4 Probability of Consequences The probability of a particular consequence being realised has three components: The probability of the hazard occurring. The probability of sensitive receptors being exposed to the hazard. The probability of harm resulting from exposure to the hazard. 5 Significance of Risk Having established the probability and magnitude of the consequences that might arise as a result of a particular hazard, it is then necessary to put the risk into context by applying value judgements. This may be, for example, through reference to environmental quality standards or toxicological thresholds. Significance assessments become increasingly difficult where there are no quantifiable limits of acceptability, such as in the case of the intrinsic ecological value of a particular habitat. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 83 of 117
Guidance on Risk Assessment of Environmental Impacts is given in ZonesCorp COP on EHS Impact Assessment. These criteria shall be used by the Entities. 5. Environmental Risk Management The appraisal of environmental risk management options shall be integrated and performed in conjunction with HSE Risk Management. Environmental risk management options appraisal shall be consistent with ZonesCorp COP on Pollution Prevention and Control. The options appraisal and risk acceptance processes shall ensure that environmental risks are managed in accordance with: a. Legal Requirements. If the ERA demonstrates that a legal environmental standard may be breached (including environmental standards defined in any ZonesCorp Codes of Practice(s) then the risk must be considered as unacceptable. In such cases, risk reduction measures will be needed. Where no legal standard exists, it will often be helpful to define environmental targets, ultimately leading to continuous improvements. b. Best Available Techniques (BAT). The BAT principle requires the selection of pollution control techniques which achieve an appropriate balance between the environmental benefits they bring and the costs to implement them. Importantly, the application of BAT and the estimation of risk associated with a particular activity can change over time, as new techniques in pollution reduction become available at reasonable cost. BAT also considers other types of environmental control, such as the use of environmental management and staff training. c. Best Practicable Environmental Option (BPEO). Where an industrial activity releases pollutants to more than one environmental medium i.e. to the air, water or land, it is important to identify control procedures which minimise the impact on the environment as a whole. Selection of BPEO addresses this cross media impact issue by analysing the effects of different control strategies to ensure that solution of one environmental problem does not lead to problems in another medium. BPEO and BAT can be considered to be equivalent to ALARP. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 84 of 117
C2. CONTROL OF MAJOR ACCIDENT HAZARDS (COMAH) A COMAH Report is required for all projects, entities, facilities or operations in which Major Accident Hazards are deemed to occur. If it concluded that no Major Accident Hazards occur, then it must be demonstrated that this has been concluded following thorough screening of the Hazard and Effects Register (see appendix 7). The COMAH Report must demonstrate for the Major Accident Hazards as identified in the Hazards and Effects Register (see appendix 7): a. That these have been analysed in detail, inclusive of accident scenarios and the quantified risk pertaining to each of these. b. How the Major Accident Hazards will be controlled, managed and mitigated to ALARP in accordance with principles of ZonesCorp Risk Management Standards as defined in this Document & CoP on EHSIA. c. That the overall risk levels of the project, site or operation are acceptable or ALARP i.e. within the ZonesCorp criteria for risk tolerability d. How the Entity plans to respond to emergencies concerning the full range of possible accidents that involve the Major Accident Hazards (on site and off-site where necessary). e. A demonstration of how the Major Accident Hazards will be addressed via the EHSMS The COMAH Reports should a. Identify hazards / hazardous events b. Define major Accidents Scenarios c. Assess Risk d. Demonstrate Tolerable & ALARP Risk e. Provide Control, Mitigation and Recovery Plans f. Demonstrate how controls are managed via EHSMS g. Provide evidence of Independent Verification Entities need to establish Procedures to prepare a COMAH Report where required. Each COMAH Report shall be subject to thorough verification of correctness and full coverage. This verification must be completed prior to submitting the COMAH Report to ZonesCorp as part of the EHSIA Report (refer to ZonesCorp CoP on EHSIA)). CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 85 of 117
C3. THE HAZARD BOW-TIE MODEL The Hazard 'Bow-tie' Model describes the basic Hazard - Top Event - Consequence sequence and is shown in Figure 1 below. This highlights the point that it is the hazard that can have undesirable consequences and must be managed. This involves understanding both causation, ie how the hazard may be released, as well as consequence, i.e. what could possibly result if the hazard is in fact released.
Figure 1: Hazard Analysis The BOW-TIE The model states that for a hazard at a location there are a number of causes (threats) that will release the hazard (top event) and that if a hazard is released that there are a number of possible outcomes (consequences). To manage the hazard fully requires that all threats are suitably and sufficiently controlled (barriers) and that suitable and sufficient measures are in place for all consequences possible and foreseeable (recovery preparedness measures). TERMINOLOGY USED IN THE BOW-TIE MODEL The starting point of the Hazard Bow-Tie Model is the hazard; where the term hazard is used it also includes environmental effects and agents affecting the health. This generally involves identifying the potential for harm (some form of energy) to people, assets, the environment and reputation. Once the hazard has been identified CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 86 of 117
its significance in terms of risk must be assessed and reviewed. Is the operation necessary? Can the hazard be eliminated? Assuming that there is no alternative and that the hazard is an intrinsic part of the operation, then the hazard must be managed. Firstly, by considering the causation path to the point where the hazard could first be released, and then by consideration of the range of possible consequences through to the worst case scenario. The causation path relates to release mechanisms, or threats, such as erosion, corrosion, human error (competence), physical causes, etc. The first consequence of a released hazard is termed the 'top event' from reference to Quantitative Risk Assessment techniques. For example, for a hydrocarbon hazard the top event is often loss of containment. To reduce the probability of this top event occurring each and every 'threat' should be controlled by putting into place effective and appropriate 'threat barriers' or 'controls', as shown in Figure 2. Figure 2 - Control of a Threat
Many environmental effects and health hazards can be considered in the same way. In this case, the top event is often a deviation from defined control limits, for example, exceeding environmental discharge limits, or exceeding occupational health exposure limits. Environmental effect can be seen as a 'top event', often the result of an activity whose significance (in terms of potential harm to the environment) was not properly considered or controlled at the outset. Example - deforestation leads to erosion, which in turn leads to silting of streams and damage to aquatic life. What was the root cause of the impact or effect? How can the lessons from this causation sequence be used to prevent a recurrence? Potential damage to the company's reputation can be addressed in the same way. On the consequence side of the 'Bow-tie', i.e. once the hazard has been released, what are the potential consequences or effects? These can be seen as a series of possible outcomes or events of increasingly lower probability of occurrence. Such consequences will include at one end a top event and at the other a disastrous event CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 87 of 117
in terms of human and/or environmental loss or damage, asset loss, damage to the corporate reputation or some combination. In considering this chain of events, measures aimed at reducing the probability and mitigating each consequence should be considered. These are termed 'recovery preparedness measures' or more simply 'Recovery Measures', as shown in Figure3. Figure 3 - Recovery preparedness for a possible consequence
It is then important to consider those conditions that can prevent barriers or recovery preparedness measures from being effective, escalation factors, e.g. safeguard systems being out of action. Controls, or escalation factor controls, can be put in place to ensure that the probability of the escalation factor affecting the barrier or recovery preparedness measure is minimised, CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 88 of 117
C4. FIRE RISK ASSESSMENT 1. Purpose This section describes the general principles of Fire Risk Assessment (FRA) and how it may be applied in the Construction and Operation & Maintenance phases. 2. Background Fire Risk Assessment (FRA) is an important qualitative technique for analysing fire potential in any location and is effective in both identifying ways to enhance fire prevention and fire control. ZonesCorp CoP on Fire Risk Assessment provides a common standard for carrying out FRA. The objective of an FRA is to determine the chance of a fire occurring and the dangers from fire that the workplace poses to the people who use it. The FRA can be carried out as part of a more general risk assessment or as a specific exercise. 3. When to Apply Fire Risk Assessment In general, the requirement for an FRA applies to all places where people work, open areas, plant and buildings including offices and warehouses. It also covers storage of flammable liquids and liquefied petroleum gases in fixed systems and containers. It is not specifically intended to deal with FRA for major hazards, although many of the principles are common. An FRA is required on major hazard sites for buildings and other facilities that are not specifically a major hazard. 4. FRA Methodology FRA constitutes a qualitative Tier 2 risk assessment in accordance with the tiered HSE Risk Assessment Framework presented in Section x. The FRA must be thoroughly planned including: Who will be involved? When it will take place? When the tour of the workplace will take place? How responsibilities for any changes will be assigned? How any changes will be communicated to those who need to know? Table 1 provides a summary of the FRA process. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 89 of 117
Table 1: Five Steps of an FRA
Step Description 1 Identify potential fire hazards in the workplace. 2 Decide who (e.g. employees, contractors, visitors.) might be in danger in the event of a fire and note their location. 3 Evaluate the risks arising from the hazards and decide whether the existing fire precautions are adequate, or whether more should be done to prevent fires (preferable) or to reduce their potential effects. 4 Record the findings of Steps 1-3 and details of any action taken to prevent fires, or reduce their potential effects. Ensure that employees and other affected personnel are told about the findings 5 Keep the assessment under review and revise it when necessary. FRA is essentially a matter of applying informed common sense. The objective is to identify those things that could be reasonably expected to lead to danger. It is important to concentrate on significant hazards and ignore the trivial. The FRA shall be carried out in a practical and systematic way. It shall take the whole of the workplace into account, including outdoor locations and any rooms or areas that are rarely used. If the workplace is small, it may be possible to assess it as a whole. In larger workplaces, the workplace shall be divided into a series of assessment areas of manageable size. Natural boundaries and clear nomenclature should be used as appropriate, e.g. Process Areas, Offices, Stores, Workshops, etc. Further details of the FRA requirements and methodology are provided in ZonesCorp CoP on Fire Risk Assessment (COP-FE01). CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 90 of 117
C5. OCCUPATIONAL HEALTH RISK ASSESSMENT 1. Purpose This section describes the general principles of Occupational Health Risk Assessment (OHRA) and how it may be applied in Project and Operations & Maintenance phases. 2. Background OHRA is the primary method for classification of the level of occupational health risk and setting of control implementation priorities. OHRA is the systematic identification of health hazards in the workplace and subsequent evaluation of health risks. This process takes existing control measures into account and identifies and recommends further preventive or control actions where appropriate. When applied systematically within an organisation, OHRA can be used as a management tool to assist in: a. Comprehensive identification of work place health hazards for risk assessments; b. Prioritising the implementation of OHRAs, focusing first on those activities involving the greatest potential risk to health; c. Prioritising the implementation of additional control measures, where necessary, to minimise the health risk to ALARP; d. Including OHRA as an integral component of introducing new, or changes to existing, plants/processes/activities to ensure health hazards are adequately controlled before the new/revised operation commences; e. Educating staff on the health hazards, risks and measures of control appropriate to their tasks; f. Determining appropriate records on staff exposures to health hazards which, when combined with health surveillance records, can be used to identify health trends and problem areas for action, to fulfil legal requirements and to safeguard the Entity against unforeseen liabilities; g. Developing the means for promoting continual improvement in occupational health standards and performance; h. Promoting the well-being of the workforce. 3. When to Apply Occupational Health Risk Assessment See Table 1 for details on application of OHRA. When introducing new tasks or activities that could introduce hazards, Health Risk Assessment shall be applied to identify, assess and control the hazards. Sometimes HRA is conducted in combination with a Task Risk Assessment. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 91 of 117
Similarly HRA can be applied to manage health hazards the risk associated with any potentially hazardous existing activities and jobs. A programme for implementing OHRA as part of the Entity EHS Management System should be established, in which the roles and responsibilities of line managers, specialist advisers, supervisors and workforce are defined. Next a structure for implementation must be established, as indicated in Table 1. Table 1: Implementation Program for OHRA Step Description 1 Define Management's Role and Responsibilities and Allocate Appropriate Resources 2 Define Structure for Implementation Divide the organisation into manageable assessment units, these being dependent on the size and nature of the operation. Select and appoint Assessment Teams and Team Leaders to carry out the OHRAs, taking into account competencies required. Identify job types within the Assessment Units which contain staff groups with similar exposure profiles, e.g. operators, drivers, maintenance personnel. Identify tasks carried out by each Job Type and all associated hazardous agents so that the nature of exposure to those agents can be assessed during actual operations. Decide whether a generic approach to OHRA is appropriate, whereby similar operations within a plant or at different locations can be assessed collectively. 4. OHRA Methodology The process of OHRA can be broken down into several steps, see Table 2. The OHRA methodology described in ZC COP on EHSIA is not presented in the form of a tiered risk assessment approach. However, a tiered approach is entirely consistent with the HRA methodology proposed by ZonesCorp, and the Entity shall ensure that OHRAs are performed in accordance with the tiered HSE risk assessment framework presented in Table 2. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 92 of 117
Table 2: Tiered Health Risk Assessment TIER DESCRIPTION 1 Tier 1 OHRA shall be through the use of Risk Assessment Matrix (RAM) provided in Section 7 Fig 7.3. Jobs / activities with a Medium of High risk shall be subject to a Tier 2 risk assessment. 2 Initially a Tier 2 OHRA shall utilise the risk assessment method, which involves a simple quantitative scoring system for health risk ranking. Remedial controls shall be identified for high and medium risks. The extent of remedial controls shall be proportional to the level of risk. ALARP principles shall govern the extent of remedial controls for medium risks. For all High risk hazards the HRA shall include a more quantitative risk assessment. A more detailed assessment may also be needed for activities that are perceived to be high risk by employees. An illustration of this may be occupational exposures to H 2 S.
Table 3: Five Steps of an HRA Step Description 1 For each Job Type Gather Information on: Agents and their harmful effects; Nature and degree of exposure to the agents; and Screening and performance criteria against which to evaluate the risk to health. These include: exposure limits and specifications for engineering, procedural, personal protective equipment and emergency (recovery) control measures. 2 Evaluate the Risk to Health based on a Tier 1 or Tier 2 method. The Assessment Team should make a judgement on: Severity of the possible ill-health effect from over-exposure to the agent to give a Hazard Rating. The greater the severity, the more stringent the measures required for controlling exposure. Chance of over-exposure to the agent to give an Exposure Rating, taking into account the effectiveness of existing control measures. Risk to health by combining the above Ratings in a matrix. Also take into account the number of people exposed. The overall conclusion of the OHRA should be recorded indicating whether or not action is necessary to reduce the risk to health. 3 Decide on the Remedial Action, including priorities, responsible persons and target dates. Take into account the 'hierarchy of controls' and the CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 93 of 117
Step Description concept ALARP. In addition, determine the need for: Periodic exposure measurement/routine exposure monitoring. Health surveillance. Routine maintenance of controls. Provision of information, instruction and training to ensure staffs are familiar with the health hazards, potential risks and measures of control relevant to their tasks. 4 Record the Occupational Health Risk Assessment. It is important that: An individual's Medical Record is linked to the OHRA to create a work history of exposure; Staffs are informed of the results and record that the information has been made available. 5 Review the Health Risk Assessment to ensure ongoing control, including: Follow-up of action items; Periodic Assessment Review to ensure that the OHRA remains valid; Audit of all steps in the process. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 94 of 117
C6. SAFETY INTEGRITY LEVEL ASSESSMENT 1. Purpose This section provides guidance on the general principles of Safety Integrity Level (SIL) assessment and how it may be used by the Entity and Contractor (s). 2. Background Safety Integrity Level (SIL) is a measurement of the availability/reliability of instrument-based safety devices. Examples of instrument based safety systems include process shutdowns (High Level etc.) and gas and fire detectors. Systems which generate alarms only are not suitable for SIL assessment as they rely on operator intervention in order to achieve any protective function. SIL is defined and discussed in IEC standards 61508 and 61511. SIL assessment comprises two distinct stages. a. A risk based review of the protection system and is used to define the required SIL. b. A failure mode and reliability type review of the instrument based safety system, this is used to demonstrate the SIL that the system can achieve. Maintenance, inspection, test and calibration schedules can have a direct effect on the SIL that a system can be credited with. SIL is expressed as a number between 1 and 4 which corresponds with a target probability of failure on demand. For systems which are activated infrequently, the SIL categories are as follows: Table 1: Safety Integrity Levels SIL Probability of Failure on Demand 4 10 -5 to < 10 -4
3 10 -4 to < 10 -3
2 10 -3 to < 10 -2
1 10 -2 to < 10 -1
The purpose of the exercise is to ensure that the system design and maintenance is sufficient for it to meet the target SIL and therefore to provide the required level of protection. There are many methods which can be used in the first stage of a SIL assessment such as risk matrices, calibrated risk graph and layer of protection analysis (LOPA). Recommended techniques for the process industries are described in IEC 61511..
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 95 of 117
An example of a calibrated risk graph is shown in Figure 1.
Figure 1: Example Calibrated Risk Graph
SIL assessment is often carried out in a team based workshop format but may also be carried out by individuals working alone. It is essential that full understanding of the function of the instrument based safety system is achieved before conducting part i of the SIL study. Completing part ii of the SIL study requires data relating to the failure rates of the system components usually consisting of at least a detector, a logic system and an end device. For example a high level trip would typically consist of a level switch, a PLC and an ESD valve. 3. When to Apply SIL Assessment SIL assessment is normally applied during design of new facilities, modification of existing facilities or the preparation of maintenance, inspection, test and calibration schedules. Within the Entity, SIL assessment may usually be carried out by external specialists but the Entity concerned staff may be involved in the assessment after appropriate training. The team leader should ensure that the implications of system failure are fully explored. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 96 of 117
C7. SIMOPS SIMULTANEOUS OPERATIONS Simultaneous operations (SIMOPS) studies will be carried out where there is scope for interaction to occur between hazardous activities, and the intent is to carry out these activities concurrently. An example of SIMOPS is simultaneous construction and commissioning. The purpose of these studies will be: a. To identify the SIMOPS areas & the additional levels of risk being introduced b. To assess the acceptability of additional risks and to identify risk reduction methods, which shall be built into the design and operational controls. c. To agree the division of roles and responsibilities d. To define lines of communication. e. To agree Permit to Work (PTW) requirements f. To agree emergency response requirements g. To define and plan training requirements h. To determine a SIMOPS matrix of permitted, prohibited and restricted simultaneous activities Findings and recommendations from the SIMOPS studies should be used to develop the Simultaneous Operations Procedures. C8. EHS IMPACT ASSESSMENT (EHSIA) a. An EHS Impact Assessment (EHSIA) Report is a living document that considers the full lifecycle of project, facilities and operations. It must address the HSE impacts in each of the life cycle phases i.e. project conception, design, tender, construction, commissioning, operation, decommissioning, abandonment and site restoration of a project. ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide guidance about the requirements for conducting EHS Impact Assessment b. ZonesCorp requires the preparation of EHSIA Reports during the Conceptual design and FEED (Front End Engineering & Design).stage. The report should address the potential impacts associated with the facility throughout the life cycle (design, construction, commissioning, operation, maintenance and de-commissioning) of the project. c. The EHSIA Report must present an overview of anticipated HSE Hazards, impacts and associated levels which are based on analysis of relatively broad HSE information of conceptual technical design and the environment in which the project will be located. d. The report must make recommendations regarding HSE issues that must be addressed throughout the life cycle of the project i.e. issues to be included in the detailed design and studies/analysis that can only be conducted meaningful during or after detailed design. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 97 of 117
APPENDIX 5 GUIDANCE FOR SELECTION OF RISK ASSESSMENT METHODOLOGY CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 98 of 117
SELECTION OF THE PROPER RISK ASSESSMENT METHODOLOGY This appendix recommends criteria for selection of suitable Risk Assessment Techniques. Details about specific methodology as adopted for the Risk Assessment should be finalized by Risk Assessment Team. The selection of methodology shall consider the complexity of the process, known hazards, stage of the project, etc. The Risk Assessment team leader in consultation with the team members will decide on the type of analysis to be carried out in a particular system or modification. Selection Criteria: When a hazard evaluation is proposed for a particular system, the methodology selected to conduct the said evaluation depends on the stage or phase of the project and the type of evaluation that needs to be carried out. Generally recommended, when a project is still in its conceptual phase, the Preliminary Hazard Analysis Technique will be utilized. As the project proceeds, and before the final P&IDs are developed, the designers could keep on applying a continuous What if type of methodology, in the same way that a programmer debugs a computer program. Once the final P&IDs are elaborated and are available, a formal HAZOP should be conducted. This sequence of methodologies will provide a high degree of reliability regarding Hazard Identification. HAZOP study is required for high hazard and complete processes. If Quantification of Risk is required, then a formal QRA (Quantitative Risk Analysis) using the FTA (Fault Tree Analysis Technique could be the best choice to proceed with the complete evaluation of a specific system. Depending on the above criteria, other methodologies (such as the ones outlined below) shall be used for conducting the Risk Assessment: a. What if? b. Checklist c. What if / Checklist d. Failure Mode and Effects Analysis (FMEA) e. Fault Tree Analysis (FTA) f. Process Hazard Review (PHR) g. Hazard Identification study (HAZID) h. Hazard and Operability Study (HAZOP) i. Quantitative Risk Assessment j. Qualitative Risk Assessment CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 99 of 117
APPLICATION OF RISK ASSESSMENT TECHNIQUES A Roadmap for Initiating HSE Risk Assessment towards applying recommended hazard identification and risk assessment methods and techniques is given in Table below: LIFECYCLE PHASE HAZARD IDENTIFICATION OR RISK MANAGEMENT PROCESS RECOMMENDED TECHNIQUE / TOOL For New Facilities, Activities, Products and Services Conceptual Design Preliminary and coarse HSE risk evaluation and management exercise as part of New Project feasibility process. HAZID Tier 1 Risk Assessment (Risk Assessment Matrix) Engineering Design (Front End & Detailed) Increasingly detailed HSE risk evaluation and management process in accordance with EHSIA Reporting requirements. HAZID (update) HAZOP SIL Assessment Tier 2 Risk Assessment (EHSIA QRA, ERA, HRA, FRA) For Existing Facilities, Activities, Products and Services Operational Conduct comprehensive HSE risk evaluation and management on all existing facilities, activities, products and services. This shall be performed in accordance with EHSIA Reporting requirements. HAZID Tier 1 Risk Assessment (Risk Assessment Matrix), e.g. Qualitative RA Tier 2 Risk Assessment (EHSIA QRA, FRA, ERA, HRA) Operational Periodic review and update of hazard assessments and risk assessments in accordance with periods defined. HAZID (update) Tier 1 Risk Assessment (Risk Assessment Matrix) e.g. Qualitative RA Tier 2 Risk Assessment (QRA, FRA, ERA, HRA) (update)
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 100 of 117
LIFECYCLE PHASE HAZARD IDENTIFICATION OR RISK MANAGEMENT PROCESS TECHNIQUE / TOOL Operational Identifying additional activities which should be subject to a Permit-to-Work system. Hazard assessment, possibly including a Qualitative RA/TRA Operational Application of Permit-to-Work system in natural gas distribution network, in order to control the risk associated with planned activities being routine or non-routine. TRA should be available for all tasks covered by a work permit. Operational Work tasks carried out outside the permit system but which are HSE critical e.g. in the office or workshops TRA Operational Application of hazard identification and risk management in order to manage new hazards introduced by plant modifications, organizational changes, and changes to systems and procedures. A EHSIA Report shall be submitted by Entity when major plant modifications, significantly alter or add new HSE hazards and risks. HAZID HAZOP SIL Assessment Tier 1 Risk Assessment (RA) e.g. Qualitative RA Tier 2 Risk Assessment (EHSIA, QRA, FRA, HRA, ERA, TRA) Operational Introducing new tasks or activities that could introduce hazards. TRA OHRA Qualitative RA or other approved technique De-Commissioning De- Commissioning Conduct comprehensive HSE risk evaluation and management for facilities, activities, products and services that will be decommissioned.
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 101 of 117
LIFECYCLE PHASE HAZARD IDENTIFICATION OR RISK MANAGEMENT PROCESS TECHNIQUE / TOOL General Tendering / Procurement Initiate HSE Risk Evaluation and management as part of the Contract phase involving planning and invitation to tender. Tier 1 Risk Assessment (Risk Assessment Matrix) e.g. Qualitative RA Construction Apply hazard and risk assessment in order to manage the risk associated with any potentially hazardous activities and jobs. TRA OHRA Qualitative RA or other approved technique
LEGEND: QRA Quantitative Risk Assessment / FRA Fire Risk Assessment / TRA Task Risk Assessment / RA Risk Assessment / OHRA Occupational Health Risk Assessment / EHSIA Environment Health & safety Impact Assessment / HAZID Hazard Identification / HAZOP hazard & operability Study / SIL Safety Integrity Level Assessment CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 102 of 117
APPENDIX 6 RISK ASSESSMENT GUIDELINES CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 103 of 117
RISK ASSESSMENT GUIDELINES
The guidelines/formats presented in this Appendix are for recommended use and explanation purpose only. Entities may use techniques, formats, methodologies, formats etc. suitable to their business/activities and satisfying the requirements of this Code of Practice This Appendix presents the basic guidelines about a. How to conduct the Qualitative Risk Assessment through the use of Risk Assessment Matrix (RAM) b. A format recommended for conducting and recording the risk assessment for various activities, This also includes the potential hazards, possible controls, estimation of risk (through RAM) and any required action or follow-up c. Recommended format for Hazards Recording including the explanation of various terms and requirements.
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 104 of 117
RISK ASSESSMENT GUIDELINES Step 1- Consider the Consequences Step 2 Consider the Likelihood Step 3 Calculate the Risk What are the consequences of this incident occurring? Consider what could reasonably have happened as well as what actually happened. Look at the descriptions and choose the most suitable Consequences. What is the likelihood of the consequence identified in step 1 happening? Consider this without new or interim controls in place. Look at the descriptions and choose the most suitable Likelihood 1. Take Step 1 rating and select the correct column 2. Take Step 2 rating and select the correct line 3. Circle the risk score where the two ratings cross on the matrix below. E=Extreme, H=High, M=Medium, L=Low, N=Negligible 4. Risk Score = ..
CONSEQUENCES LIKELIHOOD
Consequences Description Likelihood Description CONSEQUENCES Ins Min Mod Maj Cats Catastrophic Multiple Fatalities 1 Less than once every five years. Never encountered in industry 1 N N N L L Major Single Fatality 2 Once every 5 years. Has occurred in industry (Worldwide). 2 N L L M M Moderate Lost Time Injury 3 1 5 times per year. Has occurred at least once in UAE. 3 N L M M E Minor Medical Treatment 4 5 12 times per year Occurs several times a year in similar industries in UAE 4 L M M E E Insignificant First Aid case 5 Continuous or will happen frequently. Occurs several times a year at location L I K E L I H O O D
5 L M E E E CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 105 of 117
EHS RISK ASSESSMENT RECOMMENDED FORMAT To be completed for work activities in high-risk facilities (e.g. flammable storage or workshop) Facility Supervisor: Date of assessment: Facility location: Faculty/Unit/Area: Others involved in assessment:
Note to supervisor on consultation: Occupational health and safety legislation requires that staff involved in the work activity must be consulted during risk assessments when decisions are made about the measures to be taken to eliminate or control OHS risks and when risk assessments are reviewed.
STEP 1: DESCRIBE THE HAZARDOUS ACTIVITY/TASK Activity/Task Name.
Describe the task - You may find it useful to observe/consider the task and list the steps involved.
STEP 2: IDENTIFY THE HAZARDS
a) Are you using (Tick boxes [] where applicable) [ ] plant/equipment [ ] ionising radiation sources or equipment 2,3
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 106 of 117
b) Does the task involve (Tick boxes [ ] where applicable) [ ] using tools/equipment with moving part(s) [ ] using tools/equipment that vibrate [ ] electrical wiring 3
[ ] hazardous waste (biological or chemical) [ ] working with animals/insects [ ] working with fungi/bacteria/viruses [ ] exposure to bodily fluids [ ] fieldwork 2
[ ] clinical/industrial placement [ ] working at a height [ ] working with lasers, microwaves or ultraviolet light [ ] working in isolation for extended periods [ ] working in a confined space [ ] manual handling: repetitive or awkward movements [ ] manual handling: lifting or moving awkward or heavy objects [ ] violent or volatile clients/interviewees
c) Is there (Tick boxes [ ] where applicable) [ ] noise 2
[ ] dust/fumes/vapours/gases [ ] extreme temperatures [ ] a risk of fire/explosion [ ] slippery surfaces/trip hazards [ ] poor ventilation/air quality [ ] a work area that is not suited for the task
[ ] other
1 Specific risk assessment must be completed for hazardous substances and dangerous goods see Step 3 2 Specific control measures must be put in place for these hazards see Step 3 3 Specific licences may be required for these hazards see Step 3 STEP 3: EXISTING CONTROL MEASURES
a) Note strategies already in place to minimize the likelihood and/or severity of harm or loss. [ ] guarding/barriers [ ] biosafety cabinet [ ] fume cupboard/local exhaust ventilation [ ] lifting equipment/trolleys [ ] regular maintenance of equipment [ ] supervision [ ] training/information/instruction [ ] Safe Work Method Statement (SWMS) [ ] Personal Protective Equipment - gloves, boots, eye protection, hardhat, facemask, hearing protection, protective clothing b) Note any specific risk assessments or licenses. [ ] chemical risk assessment (hazardous substances and dangerous goods) [ ] certification/licenses for operators of equipment [ ] test and tag plug-in electrical equipment
[ ] monitor exposure levels (sound /substance/radiation) [ ] UTS Fieldwork Guidelines for overnight excursions in the field [ ] Biosafety Committee assessment for genetic manipulation, cytotoxins, pathogens, imported biological material, ionising radiation sources [ ] equipment licenses (pressure vessels, radiation equipment) c) Note any emergency response systems. [ ] first aid kit [ ] chemical spill kit [ ] extended first aid kit [ ] evacuation/fire control [ ] safety shower [ ] eye wash station [ ] emergency stop button [ ] remote communication mechanism
[ ] other risk control measures
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 107 of 117
STEP 4: ESTIMATED RISK LEVEL Rate the level of risk, based on the LIKELIHOOD of harm or loss occurring and the CONSEQUENCE of that harm or loss, by marking the risk matrix below. When doing this, consider: The harm or loss (to people, physical environment, or the University) that might be caused by the hazards listed, & The existing controls measures listed above
Is a Safe Work Method Statement required? [ ] Yes [ ] No Safe Work Method Statements must be completed for all high risk tasks. Extreme Risk tasks must not be carried out.
STEP 5: ACTION REQUIRED TO FURTHER CONTROL THE RISK Are there any further actions required to reduce risk? [ ] YES [ ] NO (Go to Step 6) If risk can be further reduced to a practicable level, then note further actions required. Base these on the priorities listed to the right. Also list any specific assessments required.
Refer to the example controls listed earlier. Also consider: Redesigning the workplace or activity Replacing the hazard with something less hazardous
Once the actions are complete, sign and date the form.
Further Actions Required Date Completed Signed
STEP 6: ARE THE RISKS CONTROLLED? To be signed when actions are completed as noted in Step 5. Name Supervisors signature Date
File the completed assessment form in the EHS Risk Management Manual of each facility. 1. Eliminate the hazard
2. Keep the hazard and people apart 3. Change work method 4. Use personal protective equipment CONSEQUENCE Insignificant Minor Moderate Major Catastrophic Almost certain High High Extreme Extreme Extreme Likely Medium High High Extreme Extreme Possible Low Medium High Extreme Extreme Unlikely Low Low Medium High Extreme L I K E L I H O O D
Rare Low Low Medium High High
CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 108 of 117
HAZARD REGISTER RECOMMENDED FORMAT Facility: System: Plant/Process Unit: Equipment: Tag No. OPERATIONAL PHASE FEED EPC Construction Commissioning Operation SIMOPS Normal Other HAZARDS EVENTS AND OUTCOME HAZARD (1) INITIATING EVENT (2) ESCALATING EVENT (3) INCIENT OUTCOME (4)
Ignition Prevention System Relief Systems (PSV, Overpressure etc.) Storage Tanks Roatating Machnery Ezport Pipeline Integrity/Protection Riser and Pipelines Integrity/Protection Corrossion Monitoring Structural Integrity Hydrocarbon Containing Equipment Ventilation and Pressurisation (HVAC etc) Process Shutdown Helideck High Speed Machnery Trips Other (Please State) CONTROL Emergency Shutddown System Welhead Control System Hazardous Drainage Fire and Gas System Flammable gas Detection Manual Alarm Call Point Fire Detection Toxic Gas Detection EDP (Flare) ESDVs Other (Please State) MITIGATION Passive Fire Protection Blast Protection and Fire Partions impact Protection Active Fire Protection Emergency Power Systems Other (please State) ESCAPE EVACUATION AND RESCUE Escape, Evacuation and Rescue Emergency Comms and Telecoms PA/GA System Emergency Lighting Escape and Evacuation Routes Personal Protective Equipment (PPE) Other (Please State) CONSEQUENCE RATING LIKELIHOOD RATING CONSEQUENCE X LIKELIHOOD=RISK RANKING Personnel: Personnel: Personnel: Plant/Process Unit Operations: Plant/Process Unit Operations: Plant/Process Unit Operations: Environment: Environment: Environment: Public: Public: Public: Note: From the Consequence Table 7.3 (Section 7) select a consequence ranking value for each of the parameters and record these values in their respective box. Note: From the Likelihood Table 7.2 (Section 7) select a consequence ranking value for each of the parameters and record these values in their respective box. Note: Based on the Consequence & Likelihood values, proceed & record the product of both in their respective boxes. The largest value is used to detrmine the Risk ranking for this hazard. Figure 7.1 Risk Assessment matrix CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 109 of 117
HAZARD REGISTER EXPLANATORY INFORMATION Hazardous Groups Initiating Events Escalating Events Incident Outcomes General hazards Equipment Failure Human Errors Propagating Factors Phenomena Containment (loss of) Failure Control/Safety Systems Failure Design Equipment failure Fires Control/Safety System Failure Construction, fabrication Pool fires on Demand Process Upsets: Operations - Safety critical system failure Jet fires Process deviations Testing and inspection Ignition Sources Flash fires Structural Integrity Temperature Furnaces, incinerators Explosions Equipment Failure Pressure External Events Vehicles, internal combustion BLEVEs Dropped Objects Flow rate Extreme weather conditions engines drivers Fireballs Environmental (Impact from Concentration Earthquakes Electrical switches and contacts Vapour cloud explosions Natural Hazards) Phase/state change Exposure to third-parties events Static electricity Physical explosions Environmental (Impact to/on) Impurities Vandalism/sabotage Hot surfaces Dust explosions Occupational Incidents Reaction rate/heat of reaction Impact Matches, cigarettes, lighters, Condensed phase detonations Smoke/Heat (Flux) open flames Missiles Non-process Fire/Explosion Spontaneous Reaction Extreme Physical Conditions Ionising Radiation Polymerisation High temperature Management System failures Consequences Heat Radiation Runaway reaction Low temperature, freezing, (Construction/Operations Effect analysis Internal explosion cryogenic Phase Only) - Toxic effects Offshore Decomposition Temperature cycling - Thermal effects Helicopter Crash High pressures Human Errors - Overpressure effects Ship Collision Containment Failures Low pressures, vacuum Omission, commission Missile effects Pipes, tanks, vessels, Pressure cycling Fault diagnosis, decision-making Building damage assessments Specific Hazards gasket/seals Vibration/liquid hammering - Building occupants/personnel As identified Equipment malfunction Corrosion Domino Effects - Building structure Pumps, valves, instruments, Erosion Other containment failures, - Building contents sensors, interlocks Cracking releases Controls, communications, Creep rupture life support systems, Loss of utilities Fatigue failure External Conditions records/data Electricity, water, refrigeration, Fracture Degree of confinement/
inert gas, air, heat transfer openness Environmental Contamination fluids, ventilation Weather Marine Visibility Atmosphere Land Structural failure Fatalities and/ or Serious Injuries Offsite Damage or Impact CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 110 of 117
APPENDIX 7
GUIDANCE FOR PREPARING A HAZARDS AND EFFECTS REGISTER CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 111 of 117
1. INTRODUCTION
This appendix provides guidance on recording the results of the analysis made of each hazard or effect present in a facility or operation in a Hazards and Effects Register. 2. WHAT IS A HAZARDS AND EFFECTS REGISTER? A Hazards and Effects Register is a quality record which demonstrates that all the hazards and effects (in terms of the objectives established for COMAH Report) have been identified, are understood, and are being properly controlled. It demonstrates that the facility, 'as built' and 'as will be operated', or the operation 'as planned', is adequately controlled and that preparations are in place to handle any consequence that could result, if control is ever lost. It is kept current throughout the life-cycle of a project, eg from design, through operations to decommissioning. The purpose of the Hazards and Effects Register is to present in a clear and concise form, the results of the analysis made of each hazard or effect present in, or resulting from, the facility or operation. 3. WHO SHOULD PREPARE THE HAZARDS AND EFFECTS REGISTER? Hazards and Effects can be identified and assessed by multi-disciplinary Working Groups with numbers drawn from relevant disciplines. Each group should meet as needed to assess one or more hazards or effects. Facilitation during the process of building the Hazards and Effects record is usually needed. The meetings should therefore be facilitated by a member of an HSE Management System team, or line person familiar with the Hazards and Effects Management Process (HEMP), and should be attended by personnel who are knowledgeable of the location, area or operation in which the hazards and effects are to be addressed (e.g. gas plant operations, maintenance, seismic survey, etc). The identification and analysis of some hazards and effects may require specialist input. Ideally Major Accident Hazards and effects for which control is largely provided by location, layout, design and provision of hardware should be identified and analyzed and properly recorded during the design and construction stages of a project. For existing facilities, the current situation and condition may need to be re-assessed and recorded. Some hazards and effects, or event scenarios, may be such that risks can only be reliably evaluated by specialist structured analysis techniques. Appropriate specialists, in-house or contracted, may be needed to apply these techniques properly and cost effectively. A summary of the results of these analyses should be recorded in the Hazards and Effects Register in the same way as for other analysis results. No hazard analysis process can guarantee the identification and control of all hazards and effects, but a multi-discipline team has the potential to provide the best possible results. Additionally, when teams are actively involved in analyzing CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 112 of 117
their activities and tasks the improvement initiatives that result are much more likely to be owned by them. The quality of the output from a team exercise comes not only from the experience and expertise of the team members but also from the association of ideas triggered by personal interactions. The role of the team leader is critical in facilitating this process. 4. WHAT NEEDS TO BE RECORDED FOR EACH HAZARD OR EFFECT? Each hazard or effect identified as being encountered or involved with a facility or operation (subject to the scope and objectives established for the COMAH Report) should be recorded together with the associated assessments, control and recovery measures in place or required to be in place and an evaluation of risks. The form of recording is not as important as the need for completeness of the information recorded. Entities may choose to use a format that is compatible with their management systems and satisfy or exceed the requirements of these guidelines. 4.1 Hazard description Describe the hazard (agent or effect) identified for which information is to be recorded by broad groupings (e.g. hydrocarbons, elevated objects, high pressure fluids, extreme temperatures, biological hazards, toxic substances, land take) and sub-groups, (e.g. high pressure gas, oil, hot surfaces, specific bacteria or parasites). Assessment of hazard This describes where and when the hazard is most likely to be encountered and the possible hazardous events that could result from loss of control (in terms of the specific hazard's potential to cause harm, including ill health and injury, damage to property, plant or the environment, production losses, increased liabilities, or damage to reputation). 4.2 Top event Describe here the event or situation that represents the release of the hazard or deviation from defined control limits (continuous exposures or continuous discharges). If this event or situation can be prevented by active controls (see 4.5 - threat controls) no scenario can develop which could lead to a consequence or effect as defined by COMAH Report objectives. 4.3 Locations associated with hazard and acceptance criteria List the locations where the hazard (or effect) is present. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 113 of 117
For each location, define the acceptance criteria. Criteria may include a range of considerations or values that may be defined in both qualitative and quantitative terms. Acceptance Criteria also define what is deemed suitable and sufficient control of threats and suitable and sufficient recovery preparedness. For example in drilling operations a stipulated number of barriers or controls (usually 2 or 3) are required to be in place before an operation may proceed. This specified number of controls is the acceptance criterion for the particular hazard and location under review. To illustrate this point, an example set of acceptance criteria is provided in Table 1 below.
TABLE 1 - AN EXAMPLE SET OF ACCEPTANCE CRITERIA Controls Intolerable Risk Hazards Incorporate Risk Reduction Measures Zone Hazards Low Risk Hazards Threat Barriers Minimum of 3 independent effective barriers to be in place for each identified threat Minimum of 2 independent effective barriers to be in place for each identified threat Minimum of 1 independent effective barrier to be in place for each identified threat Recovery Preparedness Measures Minimum of 3 independent effective recovery preparedness measures required for each identified consequence (including one to detect automatically occurrence of top event, and one other to prevent automatically further escalation) Minimum of 2 independent effective recovery preparedness measures required for each identified consequence (one to detect occurrence of top event and other to prevent further escalation) Minimum of 1 independent effective recovery preparedness measure required for each identified consequence Escalation Factor Controls Minimum of 2 independent effective control for each identified escalation factor Minimum of 1 independent effective control for each identified escalation factor Minimum of 1 procedure for each identified escalation factor
4.4 Threats and Controls Identify and describe the possible causes of release of the hazard or deviation from control limits, resulting in the top event defined in 4.3. These are threats. Hazards, threats and top events are logically related. For example: CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 114 of 117
HAZARD THREAT TOP EVENT 'oil under pressure' (in piping) 'corrosion' 'loss of containment' elevated load inadequate sling strength fall to lower level oil in effluent water instrument failure exceeded control limits
Describe the likelihood or frequency that the threats release the hazard. This may be done either quantitatively if sufficient data is available, by reference to incidents in similar facilities or operations or based on the judgment of experienced personnel. These likelihood(s) or frequencies should be expressed in terms which can be related to the acceptance criteria described in 4.4. For each threat describe the threat controls, commonly referred to as barriers. These are pro-active and prevent threats from releasing the hazard or causing deviation from control limits. Barriers include, guards or shields, separation, energy reduction or administrative controls, and specific controls, procedures, work instructions, design, competence, standards, control systems, etc. Any shortfalls in meeting acceptance criteria should be highlighted and recorded, see 4.10. A cross reference should be provided to the HSE-critical activities or tasks providing or maintaining these threat controls. 4.5 Consequences and Risk Assessment Describe the possible consequences or potential effects that could result if the hazard is released or control limits are exceeded. Consequences or effects are logical and credible outcomes of scenarios starting with the top event which follow different escalation sequences according to the availability and (in)effectiveness of recovery measures. Loss of containment (Top Event) of hydrocarbon gas could result in, for example, rapid detection, shutdown, limitation of volume, no ignition and consequently a minor release to the atmosphere. Alternatively it could result in, for example, failure or delay in detection, continued release, ignition, explosion and consequently major damage, injuries or fatalities, etc.. Assess the risks associated with each of the possible consequences. As a minimum the worst case, most severe consequences should be determined both with all available recovery measures in place and working, and with all possible recovery measures not available or not working. The likelihood (probability or frequency) element of risk should also be assessed. Some risks or complex scenarios may require the application of structured review techniques by specialists, for example, health risk assessments, quantitative CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 115 of 117
(safety) risk assessments or environmental assessments. However, many hazards can be adequately assessed by appropriately experienced staff by comparisons, reference to statistics or judgment. Risks may be expressed quantitatively, if the assessment method is quantitative, but for most hazards a qualitative risk assessment may be adequate. The risk matrix is considered a useful way of presenting the risks for most hazards. Risks to people, assets, the environment and company reputation should be assessed separately. A leak or spill may be of little direct consequence for people, but may be of greater consequence for the environment. 4.6 Recovery Preparedness Measures Describe the recovery preparedness measures that are required to meet the acceptance criteria. These are the technical, operational and organizational measures which are needed to prevent a top event from developing further, hence mitigating the consequences or effects and recovering a degree of control. These recovery preparedness measures are essentially reactive as they respond to a situation which has occurred and are intended to block further development of the accident scenario and to provide for emergency management. Recovery preparedness measures include active systems which detect and abate incidents (for example, gas and fire detection, shutdowns, sprinkler systems, etc); passive systems which contain (or restrict) an incident and provide protection for people and essential equipment (for example, fire and blast walls, protective coatings, drain systems, tank bunds, catchment basins, etc); and operational and organizational systems for emergency management (for example, contingency planning, training, drills, Medevac, firefighting, oil spill response, etc). Any shortfalls in meeting acceptance criteria should be highlighted and recorded, see 4.10. A cross reference should be provided to the HSE-critical activities or tasks providing or maintaining these recovery measures. 4.7 Escalation factors and controls Describe the factors or conditions which could lead to loss of barriers or loss of recovery preparedness measures. These factors escalate the probability of a top event and/or escalate the likelihood or severity of consequences or effects if the top event occurs. Escalation factors include: Abnormal operating conditions, for example, concurrent construction or maintenance, operating outside the design envelope, etc; Environmental variations, for example, high winds, waves, tides or rainfall; CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 116 of 117
Failure of controls, for example, improper maintenance, damage as a result of another event (fire, explosion, etc) introduction of an ignition source, etc; Human error, for example, lapses, rule violations, etc; or Absence of controls (threat controls and recovery measures) due to technical feasibility, policy (burn-down philosophy) or excessive cost. Health and human factor aspects e.g. alcohol, drugs and inappropriate working schedules.
Describe for each escalation factor the controls that should be in place to 'stand- in' for the defeated barrier or recovery preparedness measure. Many escalation factor controls will be similar to threat controls, see 4.5. Other significant controls on escalation factors such as concurrent activities (production/drilling operations/construction/ maintenance), operations outside the design envelope, severe weather, etc are limitation of activities in accordance with the Manual of Permitted Operations (MOPO) and issue of permits to work (PTW), which are a means of implementing the MOPO. Escalation controls which are dependent on the MOPO should be highlighted for later verification of MOPO coverage. Any shortfalls in escalation controls should be highlighted and recorded, see 4.10. A cross reference should be provided to the HSE-critical activities or tasks providing or maintaining the escalation controls. 4.8 Reference documents List and number all the documents, procedures, standards, specifications, studies, assessments, etc used or referred to in developing the information entered for the hazard or effect being recorded. Barriers, recovery preparedness measures and escalation controls should be cross-referenced to these references. 4.9 Deficiencies Record all the shortfalls or deficiencies identified with respect to management of the hazard or effect being recorded as noted in 4.5, 4.7 and 4.8. These shortfalls should later be collated in the COMAH Report summary of shortfalls and remedial actions and an action plan, priority rating, action party and timing assigned and agreed. Typical types of shortfalls are summarized in Table 2. 4.10 Manual of Permitted Operations (MOPO) Having identified and evaluated hazards, and put in place controls and recovery measures to maintain risk levels to acceptable or ALARP, it is vital to understand the limits of safe operation, i.e. where the operating envelope is. When should the decision be made to stop? It is crucial that an operation be stopped in time to avoid all types of losses whether human, environmental or asset related. CODE OF PRACTICE EHS RISK MANAGEMENT
Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008 Industrial Sector Environment Health & Safety Regulatory Framework Page 117 of 117
This understanding of where the operating envelope is can be greatly assisted if we consider the effect that threats and escalation factors have upon the risk of the operation. Threats and escalation factors include: Multiple activities such as any combination of maintenance, production, construction, production, drilling, well work-over or other operations taking place concurrently External influences such as inclement weather Inactive safeguards such as the testing of an emergency system or the bypassing of a control system In all such cases we wish to understand how the risk of the operation is increased and what additional measures are needed to manage the increased risk such that it still remains acceptable or ALARP. The MOPO is aimed at doing just this; at showing where the boundary of the operating envelope is. It is imperative that the MOPO be a permitted operations manual and not a prohibited operations manual since the latter leads to the possible interpretation that anything not specifically prohibited is allowed. This is certainly not the intention TABLE 2 - TYPICAL SHORTFALL TYPES Shortfall Type Recommendations Shortfall in meeting external standards Includes codes, legislation, industry standards Shortfall in meeting current company standards
Includes procedures, guidelines, entity standards, specifications, procedures, work instructions Area for improvement in the medium to long term Often related to controls assessed as ineffective Implementation shortfall Often related to controls assessed as ineffective Consider for lateral application in the Entity An area for improvement that the review team thinks would benefit other activities Also applies to the corporate HSE MS A hazard shortfall that may have resulted due to a shortfall in the corporate management system Failure to meet threat control or consequence recovery acceptance criteria Any time there is a failure to meet acceptance criteria Failure to meet risk tolerability criteria Any consequence that plots in the intolerable area on the risk matrix Area requiring further and / or more rigorous analysis The review team cannot properly assess the hazard; for example, effect of H2S release on nearby community.