Concept of System Safety For Petrochemical Industries: Hüseyin Baran AKINBİNGÖL (Baran Akinbingol)

Concept of System Safety for
Petrochemical Industries
Hseyin Baran AKINBNGL

Ministry of Labour and Social Security, TURKEY
Terms of Use
Freedom from danger or the risk of harm; State of low mishap risk; a state where the threat
Safe secure from danger or loss of harm or danger is nonextinent or minimal.
Freedom from those conditions that can cause

The condition of being protected pysical harm death, injury, occupational ilness, damage to or
Safety or loss loss of equipment or property, or damage to the
environment.
An event that has occured and has

Mishap resulted in an outcome with
undesired consequences Mishap risk is a safety metric
that characterizes the level of
danger presented by a system
Precursor to mishaps, and thus
Risk design; potential mishap risk is
potential mishaps identified and caused by hazards that exist
evaluated via hazard within the system design.
Hazard identification and hazard risk
assessment.
Ref: Clifton A. Ericson II, Concise Encyclopedia of System Safety, Wiley (2011)
Terms of Use
Must have a
purpose.
May be broken down Constitutes a complex

into subsystems and combination of resources
related components, the
extent of which depends
on complexity and the
Syste in the form of human
beings, materials,
equipment, hardware,
function(s) being
performed.
m software, facilities, data,
money, and so on.
Is contained
within some form
of hierarchy.
Ref: Benjamin S. Blanchard, System Engneering

Management, 5th Edition, Wiley (2016)
Terms of Use
Natural and
man-made
systems
Closed
Categories
Physical and
and
open-loop
of conceptual
systems
systems
System
Static and
dynamic
Ref: Benjamin S. Blanchard, System
systems
Engneering Management, 5th Edition,
Wiley (2016)
Terms of Use
SYSTEM SAFETY
System
The assurance and management that the system is safe
for all people, environment, and equipment .
(Ref:Nicholas J.Bahr, System Safety Engineering and
Risk Assessment Practical Approach, Second Edition,
CRC Press (2015))
A sub-discipline of systems engineering that applies

scientific, engineering and management principles to
ensure adequate safety, the timely identification of
hazard risk, and initiation of actions to prevent or
control those hazards throughout the life cycle and
within the constraints of operational effectiveness, time,
and cost. (Ref:JeffreyW., Basic Guide to System Safety
Safety , Wiley (2006))
System Safety
System safety is a Design -

for - Safety (DFS) process,
discipline, and culture.
Design for
Safety
System Safety
Basic interrelated goals of system safety;
Proactively prevent product/system accidents and

mishaps
Protect the system and its users, the public, and the
environment from mishaps
Identify and eliminate/control hazards
Design and develop a system presenting minimal mishap risk
Create a safe system by intentionally designing safety into the overall

system fabric
System Safety Process
DEFINE OBJECTIVES
Basic system safety process SYSTEM DESCRIPTION
System safety program plan (SSPP) HAZARD

IDENTIFICATION
Hazard identification HAZARD ANALYSIS
Risk assessment RISK EVALUATION

RISK
MANAGEMENT HAZARD CONTROLS
Risk mitigation
VERIFICATION
Mitigation verification CONTROLS
RISK ACCEPTANCE ?
Risk acceptance
MODIFY
YES NO SYSTEM
Hazard /risk tracking
RATIONALE (Ref:Nicholas J.Bahr,
System Safety
Ref: Clifton A. Ericson II, Concise DOCUMENTED Engineering and Risk
Assessment Practical
Encyclopedia of System Safety, Wiley Approach, Second
PERIODIC SYSTEM
(2011) Edition, CRC Press
REVIEW (2015))
DEFINE OBJECTIVES
DEFINE OBJECTIVES
SYSTEM DESCRIPTION
Define the boundary conditions or
HAZARD
IDENTIFICATION analysis objectives.
HAZARD ANALYSIS That is the scope or level of

protection desired.
RISK EVALUATION
RISK
MANAGEMENT Need to understand what level of
HAZARD CONTROLS
safety is desired at what cost.
VERIFICATION
CONTROLS Need to answer the question
RISK ACCEPTANCE ?
How safe is safe enough? ***
MODIFY
YES NO SYSTEM
(Ref:Nicholas
J.Bahr, System RATIONALE
Safety Engineering DOCUMENTED
and Risk Assessment
Practical Approach, PERIODIC SYSTEM
Second Edition, REVIEW
CRC Press (2015))
DEFINE OBJECTIVES
SYSTEM DESCRIPTION
SYSTEM DESCRIPTION
How the system works and how
HAZARD
IDENTIFICATION the hardware, software, people,
and environment all interact.
HAZARD ANALYSIS
If the system is not described

RISK EVALUATION
accurately, then the safety
RISK
MANAGEMENT analysis and control program
HAZARD CONTROLS
will be flawed.
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
(Ref:Nicholas
and Risk Assessment
CRC Press (2015))
DEFINE OBJECTIVES
HAZARD IDENTIFICATION
SYSTEM DESCRIPTION
Crucial part of the system safety
HAZARD
IDENTIFICATION process.
HAZARD ANALYSIS It really is impossible to safeguard a

system or control risks adequately
RISK EVALUATION
without first identifying the hazards.
RISK
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
(Ref:Nicholas
and Risk Assessment
CRC Press (2015))
DEFINE OBJECTIVES
HAZARD ANALYSIS
SYSTEM DESCRIPTION
HAZARD
IDENTIFICATION A technique for studying the
cause/consequence relation of the
HAZARD ANALYSIS
hazard potential in a system.
RISK EVALUATION
RISK
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED
(Ref:Nicholas J.Bahr, System Safety
PERIODIC SYSTEM Engineering and Risk Assessment Practical
REVIEW Approach, Second Edition, CRC Press
(2015))
DEFINE OBJECTIVES
RISK EVALUTION
SYSTEM DESCRIPTION
HAZARD
IDENTIFICATION To control hazards occurrence or
mitigate their effects.
HAZARD ANALYSIS
RISK EVALUATION
RISK With the information about
MANAGEMENT HAZARD CONTROLS relationship between hazard
cause and effect the associated
VERIFICATION risks are then ranked, and
CONTROLS
engineering management is better
RISK ACCEPTANCE ? able to determine which risks are
worth controlling and which
MODIFY
YES NO SYSTEM risks require less attention.
RATIONALE
DOCUMENTED
PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

REVIEW Engineering and Risk Assessment Practical
Approach, Second Edition, CRC Press (2015))
DEFINE OBJECTIVES
HAZARD CONTROLS
SYSTEM DESCRIPTION
HAZARD
IDENTIFICATION Controls fall into two broad
categories: engineering controls
HAZARD ANALYSIS
and management controls.
RISK EVALUATION
RISK
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

DEFINE OBJECTIVES
HAZARD CONTROLS
SYSTEM DESCRIPTION
HAZARD
IDENTIFICATION Engineering controls are changes
in the hardware that either
HAZARD ANALYSIS
eliminate the hazards or mitigate
RISK EVALUATION
their risks.
RISK
MANAGEMENT HAZARD CONTROLS -Adding a relief valve to a 2000
psi oxygen system,
VERIFICATION -Building a berm around an oil
CONTROLS
storage tank,
RISK ACCEPTANCE ? -Using only hermetically sealed
switches in an explosive
MODIFY
YES NO SYSTEM environment,
-Putting in hard stops in rotating
RATIONALE
DOCUMENTED machinery to prevent
overtorquing
PERIODIC SYSTEM
REVIEW (Ref:Nicholas J.Bahr, System Safety Engineering and Risk
Assessment Practical Approach, Second Edition, CRC Press (2015))
DEFINE OBJECTIVES
HAZARD CONTROLS
SYSTEM DESCRIPTION
Management controls are
HAZARD
IDENTIFICATION changes made to the organization
itself.
HAZARD ANALYSIS
Developing and implementing a

RISK EVALUATION
plant safety plan is a good
RISK
MANAGEMENT method of applying management
HAZARD CONTROLS
controls to hazards.
VERIFICATION
CONTROLS -Safety representatives,
RISK ACCEPTANCE ?
Middle-management reviews,
Safety implications or assigning
MODIFY signature authority to safety
YES NO SYSTEM
engineers for all engineering
RATIONALE change orders and drawings,
DOCUMENTED
-Processes and procedures also
PERIODIC SYSTEM are included in the management
REVIEW
control area
DEFINE OBJECTIVES
VERIFICATION CONTROLS
SYSTEM DESCRIPTION
HAZARD Usually accomplished through

IDENTIFICATION the company or engineering
HAZARD ANALYSIS
management structure.
RISK EVALUATION The most frequent means is

RISK inspection.
An effective method of hazard
VERIFICATION
CONTROLS
control verification is the use of a
closed-loop tracking and
RISK ACCEPTANCE ? resolution process.
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

DEFINE OBJECTIVES
RISK ACCEPTANCE?
SYSTEM DESCRIPTION
Management must make the
HAZARD formal decisions of which risks
IDENTIFICATION
they are willing to accept and
HAZARD ANALYSIS which ones they will not.
RISK EVALUATION Part of the risk acceptance

RISK process is a methodical decision-
MANAGEMENT HAZARD CONTROLS making approach.
VERIFICATION
CONTROLS For unacceptable risks system
must be modified and the hazard
RISK ACCEPTANCE ?
identification process must be
(Ref:Nicholas MODIFY followed once again.
J.Bahr, System YES NO SYSTEM
Safety
Engineering and
RATIONALE For acceptable risks good
Risk Assessment
Practical
DOCUMENTED documentation with written
Approach, Second
PERIODIC SYSTEM rationale is imperative to protect
Edition, CRC
Press (2015)) REVIEW against liability claims.
DEFINE OBJECTIVES
MODIFY SYSTEM
SYSTEM DESCRIPTION
For the unacceptable risks
HAZARD system must be modified to
IDENTIFICATION
reduce the risk.
HAZARD ANALYSIS
The process of hazard
RISK EVALUATION identification starts again to
RISK make sure that the modifications
MANAGEMENT HAZARD CONTROLS dont obviate any safety controls
VERIFICATION
and that they truly reduce the
CONTROLS risk to an acceptable level.
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

DEFINE OBJECTIVES
RATIONALE DOCUMENTED
SYSTEM DESCRIPTION
Risk acceptance criteria (how
HAZARD and why) should be documented
IDENTIFICATION
properly.
HAZARD ANALYSIS
RISK EVALUATION
RISK
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

DEFINE OBJECTIVES
PERIODIC SYSTEM REVIEW
SYSTEM DESCRIPTION
Engineering and management
HAZARD organizations periodically review
IDENTIFICATION
the safety program, engineering
HAZARD ANALYSIS processes, management
organizations, and product field
RISK EVALUATION use.
RISK
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

DEFINE OBJECTIVES
DEFINE OBJECTIVES
SYSTEM DESCRIPTION
HAZARD
IDENTIFICATION
Need to answer the
HAZARD ANALYSIS
question How safe
RISK
RISK EVALUATION is safe enough? ***
VERIFICATION
CONTROLS
RISK ACCEPTANCE ?
MODIFY
YES NO SYSTEM
RATIONALE
DOCUMENTED

How Safe is Safe Enough?
The insurance industry, Question: How safe is safe
enough?
Actuarial tables are based on the cost of an accident.
Question: How much am I willing to spend to protect

myself from accidents (including lawsuits and lost business
revenue)?
2010 BP Deepwater Horizon offshore oil platform explosion

and oil spill: $40 billion
(Ref:Nicholas J.Bahr, System Safety Engineering and Risk Assessment Practical Approach, Second Edition, CRC Press (2015))
The MHIDAS (Major Hazard Incident DAta Service) database
Amount Damage Accident

Year Substance Country Origin
(tonnes) (MM US$) type
1964 Crude oil Japan >99.999 284,5 Release-fire Warehouse
1974 Crude oil Japan 8,000 392,3 Release Warehouse
NO6 fuel
1981 USA 350 359,9 Release Transport
oil
Release-
1986 Crude oil Greece >10,000 359,6 Warehouse
explosion
Explosion-
1987 Butane USA ? 353,6 Process
fire
1989 Crude oil Nigeria ? 322,2 Fire Process
1991 Gas Germany ? 278,6 Explosion Commercial
Explosion-
1992 Gas France ? 394,3 Process
fire
Ref: Sergio Carol, Juan-Antonio Vilchez, Joaquim Casal, Updating the economic cost of large-scale industrial
accidents Application to the historical analysis of accidents, Journal of Loss Prevention in the Process Industries 13
(2000) 4955
RAFINERIES PETROCHEMICALS
1972-1976 1972-1976
1977-1981 1977-1981
1982-1986 1982-1986
1987-1991 1987-1991
1992-1996 1992-1996
1997-2001 1997-2001
2002-2006 2002-2006
2007-2011 2007-2011
0 500 1000 1500 2000 0 500 1000 1500 2000 2500 3000 3500 4000
Two examples of sectors showing property damage losses in millions of 2011 USD over
5-year periods, according to Marsh,1 The 100 Largest Losses 1972-2011.
Ref: Hans J Pasman, Risk Analysis and Control for Industrial_Processes Gas, Oil and Chemicals: A System Perspective for Assessing and Avoiding
Low-Probability,High-Consequence Events, Elseiver (2015)
Business Interruption by Safety Problem
A 1-week shutdown of an aluminum smelter

can translate into up to 9 months of lost
production, due to the operational nature of
the plant.
Union Carbide profits from the 1950s UCs Fortune 500 rank based on corporate
when they became owner of the Bhopal revenue (The Bhopal disaster took place in
plant until 2001 when it was acquired by 1984)
Dow Chemical Company
Ref: Hans J Pasman, Risk Analysis and Control for Industrial_Processes Gas, Oil and Chemicals: A System Perspective for Assessing and Avoiding
Low-Probability,High-Consequence Events, Elseiver (2015)
How Safe is Safe Enough? - ALARP
Magnitute of Risk
-Intolerable levels of risk

cost) -Adverse risk are intolerable irrespective of the
(Risk reduction regardless of benefits
-Mitigation measures are essential at any cost if
Intolerable activity is to continue
disproportion) -As low as reasonably practicable

reduction until gross -A level of risk that is tolerable and cannot be
practice+risk reduced further without expenditure of costs
disproportionate to the benefit gained or where
Risk the solution is impractical to implement
(Relevant good
Increasing
ALARP
ice)
pract
good -Ideal levels of risk
vant -Risks are negligible or so small that they
(Rele
can be managed by routine procedures and
(Ref:Nicholas J.Bahr, System
Safety Engineering and Risk
able no additional risk treatment measures are
Toler needed
Approach, Second Edition,
CRC Press (2015))
BLACK SWAN EVENT
Creterias:
1.Surprising
2.Have a sudden and severe impact
3. Might have been foreseen
EXAMPLES OF BLACK SWAN EVENTS (ACCIDENTS) IN
PETROCHEMICAL INDUSTRY
Fire/Explosion Two people were killed and 76 injured in an

Event date 06/13/2013 explosion and fire at a petrochemical plant.
Location Geismar, Louisiana,US The fire burned for more than three hours.
The plant produces ethylene and propylene.
Value US$510,000,000 The explosion prompted the evacuation of about
300 people.
Restart is expected in April 2014, incorporating an
expansion of the units capacity by about 50%.
Fire/Explosion Five people were killed and two seriously
Event date 04/23/2004 injured following an explosion at a plastics plant
Location Illiopolis, Illinois, US producing 200 million barrels per year of
specialty grade PVC.
Value US$150,000,000 The highway was shut and local residents
vacuated. The explosion occurred in a reactor
where vinyl chloride and vinyl acetate were
being mixed.
Up to 75% of the plant was destroyed in the
explosion.
The explosion was felt eight kilometers away.
Ref: Energy Practice; The 100 Largest Losses 1974-2013 Large property damage losses in the Hydrocarbon Industry 23rd Edition,
pages 25,26 (2014)
Procedures
Process Analysis
Design
Management
Training
Operator Error
Supervision
Inspection
Manufacture/Construction
Maintenance
Other
Not Identified
0 5 10 15 20 25 30
Specific causes attributed to human/ organizational factors in the accidents of the petrochemical
sector.
Ref: Zoe Nivolianitou, Statistical analysis of major accidents in petrochemical industry notified to the major accident reporting
system (MARS), Journal of Hazardous Materials A137 (2006) 17)
Safety Management System (SMS) and
System Safety
SMS is a sustainable, formal and structured, enterprise-wide

safety program that appropriately manages safety risk
comprehensively of products and the systems that produce them.
Relation Between SMS and System Safety
System safety is the process of identifying, evaluating, and controlling hazards

and risks.
SMS is the enterprise-level management structure that oversees that system
safety process.
System safety is a subset of SMSs.
SMS is the superstructure or the infrastructure to appropriately manage your
safety.
System Safety
SMS is a sustainable, formal and structured, enterprise-wide safety program that

appropriately manages safety risk comprehensively of products and the systems
that produce them.
System safety (engineering) is a combination of management and

systems engineering practices applied to the evaluation and reduction
of risk in a system and its operation.
Safety Management System (SMS) is a sustainable, formal and

structured, enterprise-wide safety program that appropriately manages
safety risk comprehensively of products and the systems that produce
them.
System Safety
Safety
governance
Safety
Safety
Safety culture Management
organization
System
System
Safety
(Programme)
(Ref:Nicholas J.Bahr, System Safety Engineering
and Risk Assessment Practical Approach, Second
Edition, CRC Press (2015))
Safety Management System Regulations
Regulation Process Safety Management of Highly Control of major-accident hazards
Hazardous Chemicals involving dangerous substances,
amending and subsequently
repealing Council Directive
Application United States of America (USA) European Union (EU)
Year of enacted 1990 1982
Reason for Series of Catastrophic Chemical After Seveso Accident (1976)

Accidents (after 1980s)
Safety 14 Elements are defined 7 Elements are defined
Management
System
The year of last 2000 2012
modification
Abbrevation PSM Standard Seveso/COMAH Directive
Ref: The 2nd coloum, https://www.osha.gov/Publications/osha3132.html and the 3rd one DIRECTIVE 2012/18/EU OF The European
Parliament and of The Council of 4 July 2012, on the control of major-accident hazards involving dangerous substances, amending and
subsequently repealing Council Directive 96/82/EC
The Comparision of Elements with Safety Management
System Regulations and System Safety (Programme)
https://www.osha.gov/Publications/osha3132.ht
ml
Elements PSM Seveso/COMAH System Safety (Programme)

of SMS Directive
1. Employee Participation Organisation and Personnel Hazard identification and risk management
2. Process Safety Information Identification and Evaluation of System for managing requirements and changes
Major Hazards
3. Process Hazard Analysis Operational Control Document control
4. Operating Procedures Management of Change Record control and information management
5. Training Planning for Emergencies Procurement of goods and services
6. Contractors Monitoring Performance Management of contracted goods and services
7. Pre-start up Safety Review Audit and Review Supply chain traceability of goods and services
8. Mechanical Integrity Internal audit
9. How Work Permit Incident/accident investigation
10. Management of Change Analysis and monitoring
11. Incident Investigation Emergency management and response

procedures
12. Emergency Planning and Medical issues
Response
13. Compliance Audits Human factors
14. Trade Secrets Measuring equipment and calibration

Ref: The 2nd coloum, https://www.osha.gov/Publications/osha3132.html ,the 3rd one DIRECTIVE 2012/18/EU OF The European Parliament and of The Council of 4 July 2012, on the control of major-
accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC, the 4th one Ref:Nicholas J.Bahr, System Safety Engineering and Risk Assessment
Elements of System Safety (Programme) and Comparision with
SMS Regulations (PSM&Seveso)
Hazard identification and risk management:

Closed-loop process that identifies and evaluates hazards and prioritizes the corresponding risks
so that that can be adequately managed.
Human factors:The tool to ensure that the humanmachine interface is accounted for and
ensuring that the SMS appropriately accounts for how people actually work.
System Safety:Hazard identification and risk management,

Human Factors
PSM Seveso
Elements of Identification
Process Safety and Evaluation
Information and of Major
Process Hazard Hazards Ref:Nicholas J.Bahr,
System Safety
Analysis Engineering and Risk
Approach, Second
Edition, CRC Press
(2015))
Document control:
Companys system for configuration control of system design and operation.
Record control and information management: Closed-loop process that records how decisions
are made and carried out and information is managed. It records how safety decisions and safety
corrective actions are validated to be appropriate and verified to be in place. It also documents all
safety compliance for internal and external compliance.
System Safety:Document Control, Record control and information management,

Equipment maintenance, Measuring equipment and calibration
PSM Seveso
-Operating
Procedures
-How Work Operational
Permit
-Mechanical
Control
Integrity Ref:Nicholas J.Bahr,
- Pre-start up System Safety
Engineering and Risk
Safety Review
Approach, Second
Edition, CRC Press
(2015))
Measuring equipment and calibration: Discusses how control equipment of the system life
cycle is defined and ensured to be within specification, especially as it relates to system safety.
Equipment maintenance: The system that ensures that equipment is maintained according to
the appropriate periodicity, including scheduled, unscheduled, and emergency maintenance. It
should also include design for ease of maintainability.
System Safety:Document Control, Record control and information management,

Equipment maintenance, Measuring equipment and calibration
PSM Seveso
-Operating
Procedures
-How Work Operational
Permit
-Mechanical
Control
Integrity Ref:Nicholas J.Bahr,
- Pre-start up System Safety
Safety Review
Approach, Second
Edition, CRC Press
(2015))
Procurement of goods and services: The formal procurement program and process for goods
and services and managing their procurement risks.
Management of contracted goods and services: The system that performs day-to-day
management of outside vendors and members of their supply chain (contractor and
subcontractor management) and ensures that they employ appropriate SMS techniques (within
their contractor and subcontractor activities) to ensure adequate system safety protocols are in
place.
Supply chain traceability of goods and services: The program that actively documents how
contracted goods and services are managed through the entire supply chain and demonstrates
appropriate system safety protocols.
System Safety: Procurement of goods and services, Management of contracted goods and services , Supply chain traceability of goods and services
PSM Seveso
-Employee
Participation Organisation
-Training and Personnel Ref:Nicholas J.Bahr,
-Contractors System Safety
-Trade Secrets Engineering and Risk
Approach, Second
Edition, CRC Press
(2015))
System for managing requirements and changes: The closed-loop
process that documents how requirements and changes in system design,
operation, and other aspects of the system life cycle are documented.
It also includes process controls to production.
It works hand in hand with document and record control.
System Safety: System for managing requirements and changes
PSM Seveso
Management of
Management of Change
Change
Ref:Nicholas J.Bahr,
System Safety
Approach, Second
Edition, CRC Press
(2015))
Analysis and monitoring :The approach to evaluating and trending safety
and risk profiles over time. This includes regulatory compliance, safety
performance indicators, and appropriate process controls and asset
management.
System Safety: Analysis and monitoring
PSM Seveso
Management of
Management of Change
Change
System Safety
Approach, Second
Edition, CRC Press
(2015))
Incident/accident investigation: Defines how incidents, notifiable
occurrences, and accidents are investigated and evaluated for corrective
action.
System Safety: Incident/accident investigation
PSM Seveso
Monitoring
Incident Performance
Investigation
System Safety
Approach, Second
Edition, CRC Press
(2015))
Emergency management and response procedures: Describes how the company
will respond to and manage an emergency event.
Medical issues: The system that ensures that employee medical safeguards are in
place and that employees are working in a healthy environment.
Environmental protection and occupational health are described here.
System Safety: Emergency management and response
Procedures, Medical Issues
PSM Seveso
-Emergency - Planning for

Planning and
Response Emergencies
System Safety
Approach, Second
Edition, CRC Press
(2015))
Internal audit:The process of independently reviewing programs to ensure that
system safety protocols are in place and followed.
System Safety: Internal Audit
PSM Seveso
- Compliance - Audit and

Audits Review
System Safety
Approach, Second
Edition, CRC Press
(2015))
System safety Program Plan (SSPP) and Safety Report (SR)
System safety Program Plan (SSPP): The formal document that describes the
SMS and how all the pieces fit together and operate within the company. It also
includes general engineering and operational system safety requirements.
System Safety: Internal Audit
PSM Seveso
- Compliance - Audit and

Audits Review
System Safety
Approach, Second
Edition, CRC Press
(2015))
Proposals For The Petrochemical Industries
in the Concept of System Safety
1. Need to Determine the Risk Target considering the Black

Swan Events:
. Large impacts and are hard to predict.

. Few directly relevant data to form a basis for probabilistic
risk assessment.
Solution: New methodologies should be developed!
Ref: Ming Yang, Risk assessment of rare events, Journal of Loss Prevention in the Process Industries 42 (2016) 6-13
1. Need to Determine the Risk Target considering the Black
Swan Events:
Perform the
Hierarchical Update the
Bayesian priors and
Approach to estimate the
predict the probability of
number of the Blak
precursors in swan
the next year
Develop the Is new
Event tree for Collect Risk precusor N End
estimation data o
the rare event precursor Estimate available
to identify data Perform the ?
mutual conseque
precursors information nce of the
analysis to Black
identify the Swan
most based on Y
informative the e
precursor identified s
precursor
Ref: Ming Yang, Risk assessment of rare events, Journal of Loss Prevention in the Process Industries 42 (2016) 6-13
2. Need to Calibrate risk matrices for
process safety:
Risk matrices = severity and likelihood
Risk levels denote numerical values of risk.
To define appropriate risk reduction

requirements:
. Risk matrices must be calibrated with

reference to appropriate numerical risk
tolerance criteria,
or
. Process safety target levels.
Ref: Paul Baybutt, Calibration of risk matrices for process safety, Journal of Loss Prevention in the Process Industries 38 (2015) 163-168)

process safety:
Calibration is susceptible to various pitfalls.
They relate to the nature of risk tolerance criteria and

the nature of the events to which they are applied.
The pitfalls are described and guidance is provided to

help ensure calibration is performed correctly.
The guidance was derived by applying key concepts in

the field of risk tolerance criteria to risk matrices and
their use in process safety.
2.Need to Calibrate risk matrices for process
safety:
Use of risk matrices finds favor;
. Simple to understand,
. Not require specialized expertise,
. Are graphically appealing.
But;
. No industry or government standards for risk matrices for process safety.
Consequently, risk matrices are constructed intuitively but arbitrarily.
Companies develop and use their own risk matrices.
Poorly designed risk matrices;

. difficult risk ranking,
. risk estimates illsuited for decision making.
In particular, there are pitfalls in the allocation and calibration process for
Journal of Loss Prevention in the Process risk matrices38that
Industries often163-168;
(2015) are unrecognized
Calibration of risk matrices for process
2. Need to Calibrate risk matrices for process safety:
Calibration procedure for individual risk to people (Also in

Seveso/COMAH)
Step 1: Select a reference risk tolerance criterion for the type of casualty of
interest
Step 2: Make a conservative estimate of the maximum number of

hazard scenarios that contribute to the risk of casualty for any
particular exposed person (each hazard scenario may be considered as a sub-
system)
Step 3: Allocate the overall facility individual casualty risk

tolerance criterion to hazard scenarios (overall facility may be
considered as system)
Step 4: Use this criterion as an anchor value to determine the

required risk reduction for casualty scenarios with other
likelihoods
process safety:
Calibration procedure for group risk to people (Also

in Seveso/COMAH)
Step 1: Select a reference risk tolerance criterion for the type

of casualty of interest
Step 2: Allocate group risk tolerance criterion to hazard

scenarios (each hazard scenario may be considered as a
sub-system)
Step 3: Use this criterion as an anchor value to determine the

required risk reduction for fatality scenarios with other
likelihoods (overall facility may be considered as system)
Journal of Loss Prevention in the Process Industries 38 (2015) 163-168; Calibration of risk matrices for process
3. Need to Correct False Facts in Hazard Identification
Methodologies:
. Hazard and Operability Analysis
. Preliminary Hazard Analysis
. Subsystem Hazard Analysis
. Operating and Support Hazard Analysis
. Health Hazard Assessment
. Safety Requirements/Criteria Analysis
. Fault Tree Analysis
. Event Tree Analysis
. Failure Mode and Effects Analysis
. .
Ref:Clifton A. Ericson II, Hazard Analysis Techniques for System Safety, Wiley 2005
3. Need to Correct of False Facts in Hazard Identification

Hazard and Operability Analysis (HAZOP) - IEC 61882 (2016)
HAZOP Technique for systems;

involving the treatment of a fluid medium or other material
flow in the process industries
But;
The technique is widely used for design verification in the
operation phase of process.
Ref:Clifton A. Ericson II, Hazard Analysis Techniques for System Safety, Wiley 2005
3. Need to Correct False Facts in Hazard Identification

Hazard and Operability Analysis (HAZOP) - IEC 61882 (2016)
. The design intent forms a baseline for the examination and should be accurate
and correct, as far as possible.
. The verification of design intent (see IEC 61160) is outside of the scope of
the HAZOP study, but the study leader should ascertain that it is accurate and
correct to allow the study to proceed.
. A HAZOP study can only consider those parts that appear on the design
representation. Activities and operations which do not appear on the
representation might not always be considered.
Ref: Hazard and operability studies (HAZOP studies) Application guide, IEC 61882, Clause 4.3.2 Design requirements and design
intent (2016) )
4. Need to develop global accident modelling research

techniques and develop a common use database
Accident modelling;
. Is a methodology used to relate the causes and
effects of events that lead to accidents,
. This modelling effectively seeks to answer two
main questions:
(i) Why does an accident occur,
(ii) How does it occur.
Ref: Ali Al-shanini, Accident modelling and analysis in process industries, Journal of Loss Prevention in the Process Industries 32
(2014) 319-334
4. Need to develop global accident modelling research

techniques and develop a common use database
. e-MARS (EU)
. ZEMA in Germany
. ARIA in France
. AEA technology MHIDAS database in UK
. TNO FACTS database in The Netherlands
Ref: Zoe Nivolianitou, Statistical analysis of major accidents in petrochemical industry notified to the major accident reporting
system (MARS) , Journal of Hazardous Materials A137 (2006) 17
5. Need to define system design processes including

maintenance, control and the other parameters
. Design
The design of the system will determine its structure and
which of the list of potential components which perform the
same function will be selected.
Ref: Andrews John, System design and maintenance modelling for safety in extended life operation, Reliability Engineering and
System Safety, 163 (2017) 95108

. Design
System structure: Determine how vulnerable the system is to the
failure of its components.
For safety critical systems, it is undesirable for a single
component failure to result in system failure.
Component selection: Usually be several options as to the

component type selected to fulfil a specified function.
Each component selection will imply different performance
metrics, maintenance requirements and costs.
System Safety, 163 (2017) 95108

Maintenance strategy
. Inspection/testing: Does not alter the state of any component.
It simply reveals the component's condition and enables
decisions to be made regarding the requirement to do work.
. Servicing is carried out to reduce the rate of failure rate of a

component or sub-system.
Includes activities such as the replacement of lubricants and
filters and the painting of metal structures.
System Safety, 163 (2017) 95108

. Andrews 2017; developed an integrated Petri net

and Bayesian network modelling approach for
modelling the effects that the design and
maintenance options have on the system
performance.
System Safety, 163 (2017) 95108
5. Need to define system design processes including maintenance, control

and the other parameters
. The method has advantages over the traditionally used methods of fault tree
and event tree analysis and is capable of accounting for the following
features:
i. any distribution of degradation, failure and repair time can be accommodated.

ii. dependencies between the component conditions.
iii. highly complex maintenance strategies.
iv. different design and maintenance options can be specified within a single
model.
v. several system performance parameters can be predicted within a single
model.
System Safety, 163 (2017) 95108
Thank you for your patience,
Hseyin Baran AKINBNGL

Labour Inspector (Health and Safety)
A Class Occupational Safety Expert
Chemical Engineer
IIW&EWF Welding Engineer
TWI Painting Inspector
NDT Inspector (UT)
baranakinbingol@hotmail.com

Concept of System Safety For Petrochemical Industries: Hüseyin Baran AKINBİNGÖL (Baran Akinbingol)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Concept of System Safety For Petrochemical Industries: Hüseyin Baran AKINBİNGÖL (Baran Akinbingol)

Uploaded by

Copyright:

Available Formats

Concept of System Safety for

Hseyin Baran AKINBNGL

Freedom from those conditions that can cause

An event that has occured and has

May be broken down Constitutes a complex

Ref: Benjamin S. Blanchard, System Engneering

A sub-discipline of systems engineering that applies

System safety is a Design -

Proactively prevent product/system accidents and

Identify and eliminate/control hazards

Design and develop a system presenting minimal mishap risk

Create a safe system by intentionally designing safety into the overall

Basic system safety process SYSTEM DESCRIPTION

System safety program plan (SSPP) HAZARD

Hazard identification HAZARD ANALYSIS

Risk assessment RISK EVALUATION

HAZARD ANALYSIS That is the scope or level of

If the system is not described

HAZARD ANALYSIS It really is impossible to safeguard a

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

Developing and implementing a

HAZARD Usually accomplished through

RISK EVALUATION The most frequent means is

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

RISK EVALUATION Part of the risk acceptance

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

PERIODIC SYSTEM (Ref:Nicholas J.Bahr, System Safety

Actuarial tables are based on the cost of an accident.

Question: How much am I willing to spend to protect

2010 BP Deepwater Horizon offshore oil platform explosion

Amount Damage Accident

Business Interruption by Safety Problem

A 1-week shutdown of an aluminum smelter

-Intolerable levels of risk

disproportion) -As low as reasonably practicable

BLACK SWAN EVENT

Fire/Explosion Two people were killed and 76 injured in an

SMS is a sustainable, formal and structured, enterprise-wide

System safety is the process of identifying, evaluating, and controlling hazards

SMS is a sustainable, formal and structured, enterprise-wide safety program that

System safety (engineering) is a combination of management and

Safety Management System (SMS) is a sustainable, formal and

Year of enacted 1990 1982

Reason for Series of Catastrophic Chemical After Seveso Accident (1976)

Elements PSM Seveso/COMAH System Safety (Programme)

9. How Work Permit Incident/accident investigation

10. Management of Change Analysis and monitoring

11. Incident Investigation Emergency management and response

14. Trade Secrets Measuring equipment and calibration

Hazard identification and risk management:

System Safety:Hazard identification and risk management,

System Safety:Document Control, Record control and information management,

System Safety:Document Control, Record control and information management,

System Safety: System for managing requirements and changes

System Safety: Analysis and monitoring

System Safety: Incident/accident investigation

-Emergency - Planning for

System Safety: Internal Audit

- Compliance - Audit and

System Safety: Internal Audit