You are on page 1of 26

Classification: Internal

Status: Draft

Forebygging av storulykker verifikasjonsmetodikk


Entreprenrseminar om risiko for storulykker,
Petroleumstilsynet 16.oktober, 2008

Liv Slvberg
Sektorleder Sikkerhetsteknologi
StatoilHydro ASA

Safety barriers
functionality and
condition vital to prevent
major accidents

Technical Condition Safety (TTS) in StatoilHydro

StatoilHydros goal:
Plants and installations shall have a
technical condition and be operated in
such a way that accidents and dangerous
incidents do not take place.

Role of safety systems:


Shall function as barriers essential to
avoid incidents and hazardous situations
developing into major accidents.
Prevent loss of lives, loss of assets, and
harm to the environment.
Ensure safe operation.

How to monitor safety performance?


Traditional safety performance indicators:
Lost Time Injury Frequency (LTIF)
Total Recordable Injuries (TRIF)
Number of potential serious incidents (SIF)

Reflects normally minor incidents and injuries


Mechanisms and causes leading to a major accident are often quite different

Traditional performance indicators do not give representative picture of


risk for major accidents !

Technical Condition Safety (TTS) in StatoilHydro


Mandate given by Statoil Board Meeting:

cu
o
f
TS

risk
l
a
t
den
i
c
c
or a
j
a
s-M

Review, map and describe the technical


condition of safety barriers and safety
systems

Verification system and scheme


Performance Indicators

System for monitoring of the risk level


and the safety condition of the barriers
MR7

Ensure experience transfer between


entities and disciplines

TTS Methodology

Typical Event Three Major Accident


Gas detection
ESD / Isolation
Hot surfaces
Hot work
Area classification

Layout, structure
Emergency power
Emergency lighting
Alarms/
communication
Escape ways
Evacuation means

Layout
Blast walls
Relief panels
Deluge

Mitigate
explosion

Ignition source
control

Escape Evacuation
Explosion

Leak

Escape

Technical safety systems and barriers are in TTSEvacuation


Ignition
Rescue
grouped
into 22 Performance Fire
Standards
Fire / Explosion

Prevent leakages
Design
Materials
Inspection
Operation and
maintenance
Process safety

Reduce gas
cloud
Ventilation
Gas detection
ESD
Blowdown
Drain

Escalation
Prevent
escalation
Fire detection
Deluge / firewater
Passive fire
protection
Fire walls
ESD/ blowdown
Drain

End event
depends on:
- Functionality
- Reliability
- Vulnerability

TECHNICAL SAFETY CONDITION (TTS) IN STATOILHYDRO


Performance Standards - TR1055 (offshore) and TR2237 (onshore)
PS:

Description:

PS:

Description:

Layout and arrangement - onshore

12

Process safety (PSD, PSV, HIPPS)

Containment, Prevent leakages

13

PA, alarm and communication

Natural- and mechanical ventilation

14

Escape ways and evacuation

Gas detection

15

Explosion barriers - offshore

Emergency shutdown (ESD)

16

Offshore Cranes offshore

Open drain system

Ignition source control

17

Drilling and Well Intervention Barriers offshore

Fire detection

18

Ballast Water and Position Keeping - offshore

Blowdown and flare

19

Ship Collisions Barriers - offshore

Active fire fighting

20

Structural Integrity - offshore

10

Passive fire protection (PFP)

22

Alarm Management

11

Emergency power and lighting

16B

Drilling hoisting systems offshore

TTS Performance Standard Checklist Example


PS 9 Active Fire Fighting
Id No.

F3

Performance Requirement:

Weight:

Deluge Systems
Provide a quick and reliable firewater supply to the applicable deluge/water spray system with a
rate sufficient to cover the minimum demand for the applicable area and at pressures within the
nozzle pressure range requirement.
Where applicable, provide foam (AFFF) concentrate according to the specification for the
F E
D C B A
applicable foam type.

Id No. Examination Activity


F 3.1

F 3.2

Rating

Check that the deluge valve arrangement and


interfaces can be function tested without
release of water into the fire area, i.e. block
valve installed on downstream side.
V/I/D/
Findings
T
Check that the system has a pressure sensor
(PSH) downstream the valve initiates ESD and
has the proper interface with CCR display.
V/I/D/
T

Result

/ observations

Note

Technical Safety Condition in StatoilHydro


Rating - Definition of Grades
F

Unacceptable
condition

Minimum
acceptable
level
Significant
deficiencies

Reference
level

Some
deficiencies

Above the
reference
level

10

TTS Offshore Plant - Example Results

Ytelsesstandard

Oversikt over karakterer


PS1 CONT
PS2 VENT
PS3 GDET
PS4 ESD
PS5 DREN
PS6 IGN
PS7 FDET
PS8 BD
PS9 FFW
PS10 PFP
PS11 EMP
PS12 PRS
PS13 COMM
PS14 ESEV
PS15 EXPL
PS16 CRAN
PS16B DRIL HOIST
PS17 DRIL
PS19 COLL
PS20 STRU
TOTAL

F
E
D
C
B
A

80

60

40

20
0
20
Prosentv is fordeling

40

60

80

11

Technical Safety Condition in StatoilHydro


TTS Basic Indicator
The average value for each
Performance Standard is calculated
using the numerical values for the
grades A-F (+3/-5)

TTS Basic indicator is calculated as


the weighted average of the
relevant Performance Standards

The weights for each Performance


Standard has been set taking into
consideration its effect on the PLL
(Potential Loss of Lives) value

A = Above the reference level +3


B = Reference level
+2
C = Some deficiencies
+1
D = Minimum acceptable level 0
E = Significant deficiencies
-2
F = Unacceptable condition
-5

12

TTS Basic Indicator Example results


Anlegg A
Anlegg B
Anlegg C
Anlegg D
Etc.

-5 = Unacceptable condition (F)


-2 = Significant deficiencies (E)
0 = Minimum acceptable level (D)
+1 = Some deficiencies (C)
+2 = Reference level (B)
+3 = Above the reference level (A)

13

Technical Safety Condition in StatoilHydro


Verification work process

StatoilHydro governing document requires that safety system verifications shall


be performed regularly at all defined facilities onshore and offshore.
Full verifications of new plants when they come into operation followed by
reviews every 5 year custom made.

Performed by a dedicated verification team 10-12 persons


Comprises of system experts - independent of the operational unit subject to
verification.

Personnel from operational unit subject takes part assisting the independent
verification team.

Each verification typically takes place over a period of 4-5 weeks.


Workshop after verification with system owners and management to establish
closure plan / responsibilities.

14

Technical Safety Condition in StatoilHydro


Verification work process

Work performed during facility survey:


Check of relevant design and operations documentation, e.g. drawings,
system descriptions, operational procedures, maintenance procedures,
maintenance programmes
Interviews/conversation with relevant personnel:
Technical accountable personnel
Operators
Maintenance personnel
Management

Deviations from the Performance Standards identified during the review are
recorded as findings.

15

Technical Safety Condition in StatoilHydro


Follow-up of Findings

Findings are prioritised according to how serious they are in terms of major
accident risk and regulatory requirements.

Follow-up of findings - identifying and implementing corrective measures is the


responsibility of the operating unit subject to verification.

Important - systematic work process for the follow up of TTS-findings and


the establishing of corrective actions
Corrective actions to close TTS findings implemented in project/maintenance
plans

Management involvement is a pre-requisite for progress in closing findings.


Status is available in StatoilHydros Performance Management System (MiS).
The number of open findings and actions overdue is monitored on the CEOs
scorecard

16

TTS Observations and Actions


Findings without actions and actions overdue

Progress on closure, example


TTS Observations and Actions
1200
1000
800
600
400
200
0
Jan

Feb

Mar

Apr

May

Jun

Jul

Aug

Sep Oct

Nov Dec

17

Technical Safety Condition in StatoilHydro


Summary

The Performance Standards define StatoilHydros


Best Practice for Technical Safety Integrity

The method is useful and identifies:


Condition of technical safety barriers
Areas of improvement
Comparison between facilities
KPIs Tools for Management Follow up

Continous improvement areas:


Quality and precision in verification execution
Establish and carry out corrective actions

Competence building - exchange of experience /

knowledge between experts and operations personnel


and between facilities

Management focus on condition of barriers and closure


of findings is essential

18

Overvking av storulykkesrisiko videre utvikling


TTS verifiserer og mler tilstanden p de
tekniske barrierene

Faktorer relatert til menneske og


organisasjon (MO) bidrar til :

ca. 50 % av ulykkene i industrien

Umiddel bar
9 %

ca. 70 % av olje/gasslekkasjene

Norsk sokkel har flere gasslekkasjer med

Pr o s e s s
11 %
L a t e n t e f e il
44 %
D e s ig n
4 %

rsak i MO enn Britisk sokkel (ref Ptils


RNNS-prosjekt).

rsakene til Snorre hendelsen var svikt i MO


forhold, noen T

Det er behov for verkty til mle tilstand


p MO-barrierene/ de operasjonelle
barrierene.

Teknisk
32 %

n = ca.100, lekkasje >0.1 kg/s


Plattformer norsk sokkel
2001-2005

19

Operasjonell Tilstand Sikkerhet - OTS


OTS er et verkty under utvikling for mle tilstand/ godhet p de
operasjonelle sikkerhetsbarrierene

OTS har fokus p finne proaktive indikatorer som kan peke p


svakheter i de organisatoriske og menneskelige forhold fr en
hendelse skjer:
Faktorer som kan initiere en hendelse
Faktorer som svekker MO som barriere

Fokus i OTS (som i TTS) er p storulykkesrisiko


Bygges opp ihht TTS-systematikk
OTS komplementr til TTS. Sammen vil det dekke hele MTO-

begrepet (Menneske, Teknologi, Organisasjon) og interaksjonen


mellom M, O og T

20

Sikkerhetsbarrierer i et hendelses scenario

Initierende hendelse

PEOPLE

TTS

OTS
TECHNOLOGY

Colleague
check
Maintenance

Job
planning

Risk
Influencing
Factors

ORGANISATION

Hendelse
(e.g. gass
lekkasje)

Gas
detection Passive fire
protection
Escape
ways

21

OTS struktur
Hendelseskategori (DFU)

Gasslekkasje.

Identifisere
relevant atferd

Oppgaveanalyse - identifiserer feilhandlinger


(initierende hendelse/barrieresvikt).

Arbeidspraksis, Kompetanse, Prosedyrer og dokumentasjon


Forhold som
Kommunikasjon, Ledelse, Styring av endringer, Fysisk
pvirker atferden
arbeidsmilj, Arbeidstidsfaktorer.
Ytelseskrav

Hvert av forholdene over brytes ned til mer konkrete


krav som vurderes p en skala fra A til F.

Sjekklister

Ett sett av sjekkpunkt for hvert krav.


Fylles ut basert p ulike metoder og data.

22

Feilhandlinger for kritiske trinn


OTS sjekker faktorer som pvirker initierende hendelse og barrieresvikt
Initierende hendelse

Barrierefunksjoner
Deteksjon av
feilmontering av
flenser/bolter

Feilmontering av
flenser/bolter ifm
vedlikehold

Slutthendelser

Deteksjon av
lekkasje fr normal
produksjon

Sikker tilstand
Lekkasje
avdekket

Egenkontroll
av arbeid
Tredjeparts
kontroll av
arbeid
Lekkasjetest

Feilhandlinger som kan fre til


- Initierende hendelser
- Barrieresvikt

Lekkasje av
hydrokarboner

23

De viktigste risikopvirkende faktorene (RIF)


OTS har fra hendelsesrapportering kombinert med eksisterende forskning
identifisert de viktigste forholdene som pvirker sannsynligheten for
feilhandlinger i vr bransje:

1.
2.
3.
4.
5.
6.
7.
8.

Arbeidspraksis
Kompetanse
Prosedyrer og dokumentasjon
Kommunikasjon
Ledelse
Fysisk arbeidsmilj
Arbeidstidsfaktorer
Styring av endringer

24

Arbeidspraksis: Eksempel p ytelseskrav og sjekkpunkt


Oppsummering av
vurderingen. Begrunnelse
for karakteren som er
gitt.

Ytelseskrav
A1.2

Klargjring av hydrokarbonfrende systemer og utstyr skal gjres iht. krav i styrende dokumentasjon

Ref.
Sjekkpunkt
A1.2.3 Blir ndvendige drifts- og sikkerhetsforberedelser
gjennomfrt iht. AT og gjeldende prosedyrer?
Omrdetekniker
Utfrende fagperson
A1.2.4 Blir opp- og nedkjringsprosedyrer for anlegget /
aktiviteter benyttet ifm. nedstengning av prosessen?
A1.2.5 Isolering med isoleringsventiler
Hvordan gjres dette?
Er det etablert faste rutiner/prosedyrer?
Benyttes V&B-pakke?
I hvor stor grad forutsetter dette god systemforstelse?

Sjekkpunkt

Krav
Observasjon
WR1154 3.6.1

WD0537 3.1

Ref. til krav i regelverk og


styrende dokumentasjon

Karakter

Kilde

25

Gjennomfring av OTS verifikasjon - pilotstudie

5 dager

Rapport oversendt
anlegget

Arbeidsmte
OTSteam og
anleggsle
delsen

Oppflging

Ressursbruk: - Driftsenheten 2 ukeverk.


- OTS personell: 8 personer i 4 uker

26

OTS utviklings prosjekt status, erfaringer, videre arbeid

To piloter gjennomfrt (landanlegg), en tredje pilot (offshore) pgr


Oppgaveanalyse B&B og Marine hendelser pgr (via NFR-prosjekt)
Erfaringer med metodikken etter 2 piloter
sensitiv - pilotene beskriver to anlegg med ulike sikkerhetsprofiler
plitelige vurderinger - krysspeiling mellom ulike datakilder og mellom observatrer
ker funnenes troverdighet
gjennomgangene resulterer i konkrete anbefalinger og forbedringsforslag
en del sjekkpunkt er overlappende opprydding og forenkling pgr

Erfaringer med arbeidsform


30-40 intervjuersamhandling i OTS-teamet svrt viktig for god kartlegging
teamets sammensetning viktig (teknisk sikkerhet, human factors, driftserfaring)

Videre arbeid
oppsummering av resultat fra metodeutvikling og piloter Q1 2009
beslutning vedrrende eventuelt videre lp i Q1 2009

You might also like