Petroleum Development Oman L.L.C.

nebraskaboomOil and Offshore

Nov 8, 2013 (3 years and 5 months ago)

132 views


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
1

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



Petroleum Development Oman L.L.C.


Document
T
itle:

Specification for HSE Cases


Document ID

SP
-
2062

Document Type

Specification

Security

Un
restricted

Discipline

Technical Safety Engineering

Owner

MSE/4


Head of Technical Safety Engineering

Issue Date

31 March 2011

Version

1.0


Keywords:

This document is the property of Petroleum Development Oman, LLC. Neither the whole nor
any part of this document may be disclosed to others or reproduced, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, rep
rographic recording or otherwise)
without prior written consent of the owner.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
2

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


This page was intentionally left blank





Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
3

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


i

Document Authorisation



Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
4

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


ii

Revision History

The following is a brief summary of the 4 most recent revisions to this document.

Details of
all
revisions prior to these are held on file by the issuing department.



Version
No.

Date

Author

Scope / Remarks

Draft

22/02/2011

Karen McConnachie

New document


















iii

Related Business Processes

Code

Business Process

(EPBM 4.0)



iv

Related
Corporate Management Frame Work (CMF)
Documents

The

related CMF Documents

can be retrieved from
the Corporate Business Control
Documentation Register
CMF
.



Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
5

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


TABLE OF CONTENTS

i

Document Authorisation

................................
................................
................................
.........

3

ii

Revision History

................................
................................
................................
.....................

4

iii

Related Business Processes

................................
................................
................................
.

4

iv

Related Corporate Management Frame Work (CMF) Documents

................................
........

4

1

Introduction

................................
................................
................................
............................

8

1.1

Purpose

................................
................................
................................
............................

8

1.2

General Definitions

................................
................................
................................
...........

8

1.3

Review and Improvement (SP 2062)

................................
................................
...............

8

1.4

Deviation from Standard

................................
................................
................................
..

8

2

WHEN ARE HSE CASES REQUIRED?

................................
................................
................

9

3

WHAT TYPES OF HSE CASES ARE THERE?

................................
................................
..

11

3.1

Asset/Facility HSE Cases at different ORP phases

................................
.......................

11

3.1.1

Identify and Assess

................................
................................
......................

12

3.1.2

Select

................................
................................
................................
............

12

3.1.3

Define

................................
................................
................................
...........

12

3.1.4

Execute

................................
................................
................................
.........

12

3.1.5

Operate

................................
................................
................................
.........

13

3.2

Roles and Responsibilities for the HSE Case

................................
................................

13

3.2.1

Sign Off Dates

................................
................................
..............................

13

3.3

Roles and Responsibilities within the HSE Case

................................
...........................

13

3.4

Workforce Involvement

................................
................................
................................
..

16

3.5

Deliverables

................................
................................
................................
....................

16

3.6

Performa
nce Monitoring

................................
................................
................................
.

16

3.6.1

Review and Improvement (HSE Cases)
................................
.......................

17

3.6.2

Material Change

................................
................................
...........................

17

4

ASSE
T INTEGRITY
-

PROCESS SAFETY MANAGEMENT

................................
..............

18

4.1

Process Safety Manual, HSSE Control Framework, Section

................................
........

18

4.2

Centre for Chemical Process Safety Guidelines for Risk Based Process Safety (CCPS
RBPS)

................................
................................
................................
................................
......

18

4.3

Process Safety in Projects

................................
................................
.............................

19

4.4

Critical Drawings

................................
................................
................................
............

19

5

HEMP

................................
................................
................................
................................
...

20

5.1

Hazards and Effects Register

................................
................................
........................

21

6

BOW
-
TIES

................................
................................
................................
...........................

22

7

SAFETY CRITICAL ELEMENTS

................................
................................
.........................

25

7.1

SCE (Hardware) Barriers

................................
................................
...............................

25

7.2

SCE Selection

................................
................................
................................
................

27

7.3

Perfor
mance Standards

................................
................................
................................
.

28


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
6

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


7.3.1

Performance Standard Approval

................................
................................
..

29

8

HSE CRITICAL TASKS

................................
................................
................................
.......

30

9

MATRIX

OF PERMITTED OPERATIONS (MOPO)

................................
............................

31

9.1

Using the MOPO

................................
................................
................................
............

31

9.2

Deviations from the MOPO

................................
................................
............................

31

10

ALARP demonstration

................................
................................
................................
....

32

10.1

A
LARP Definition

................................
................................
..........................

32

10.2

How to Undertake an ALARP Assessment

................................
..................

33

10.2.1

Principles of Hazard Management

................................
...............................

33

10.2.2

Good Engineering Practice

................................
................................
..........

33

10.2.3

Good Engineering Principles

................................
................................
........

34

10.2.4

HEMP Studies

................................
................................
..............................

34

10.2.5

ALARP Review

................................
................................
.............................

34

10.3

Ass
essment of Complex Decisions

................................
..............................

35

11

OPERATE PHASE CONTINUOUS IMPROVEMENT

................................
....................

36

11.1

Drivers for Improvement

................................
................................
...............

36

11.2

Remedial Actions

................................
................................
..........................

36

11.2.1

Qualitative Analysis of RAP Items

................................
................................

37

11.2.2

Interpreting the RAP

................................
................................
.....................

38

12

STATEMENT OF FITNESS

................................
................................
...........................

39

13

M
ANAGEMENT OF CHANGE

................................
................................
.......................

41

14

CONCEPT SELECTION REPORT

................................
................................
................

43

14.1

DCAF Deliverables for Identify, Assess and Select Phases

........................

44

15

DESIGN HSE CASE REQUIREMENTS

................................
................................
........

45

15.1

Basic Requirements

................................
................................
.....................

45

15.2

Format

................................
................................
................................
..........

45

15.2.1

Contents

................................
................................
................................
.......

45

15.2.2

Part
1 Introduction

................................
................................
........................

45

15.2.3

Part 2 CSR ALARP demonstration Summary

................................
..............

46

15.2.4

Part 3 Design Basis & Facility Description

................................
...................

46

15.2.5

Part 4 Hazards & Effects Management Process

................................
..........

46

15.2.6

Part 5 Improvement (Action Plan)

................................
................................

47

15.3

DCAF Deliverables for Define and Execute phases

................................
....

47

16

OPERATIONS HSE CASE REQUIREMENTS

................................
..............................

49

16.1

Basic Requirements

................................
................................
.....................

49

16.2

Format

................................
................................
................................
..........

49

16.2.1

Contents

................................
................................
................................
.......

49

16.2.2

Part
1 Introduction

................................
................................
........................

50

16.2.3

Part 2 Facility Description

................................
................................
.............

50


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
7

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


16.2.4

Part 3 People, HSE Critical Tasks

................................
................................

50

16.2.5

Part 4 Hazard and Effects Management

................................
......................

50

16.2.6

Part 5 Improvement (Action Plan)

................................
................................

51

16.3

DCAF Deliverables for Execute and Operate Phases

................................
.

51

Appendix 1

Glossary of Definitions, Terms and Abbreviations

................................
.......

53

Appendix 2

Related Business Control Documents and References

...............................

55

Ap
pendix 3

Hazard Inventory Checklist

................................
................................
..........

56

Appendix 4

Example Hazard and Effects Register

................................
.........................

63

Appendix 5

Safety Critical Elements Categories

................................
.............................

64

Appendix 6

Example Safety Critical Elements Register

................................
..................

65

Appendix 7

Example Design Performance Standard

................................
......................

66

Appendix 8

Example Operations Performance Standard (EP 2009
-
9009, Ref.

10)

.......

69

Appendix 9

Example of Implementation Table

................................
................................

70

Appendix 10

MOPO

................................
................................
................................
...........

72

Appendix 11

Operations HSE Case Change Approval

................................
.....................

78

Appendix 12

CCPS RBPS Process Safety Elements

................................
.......................

83




Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
8

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


1

Introduction

An HSE

Case provides a documented demonstration that risk reduction philosophies and
measures have been developed and implemented at each phase of the Opportunity
Realisation Process (ORP) to ensure that the risks are tolerable and as low as reasonably
practicab
le (ALARP) through the systematic application of the Hazards and Effects
Management Process (HEMP) as set out in the PDO HSE Management System (HSE
-
MS).

This document should be read in conjunction with the guideline Applying Process Safety in
Projects GU
-
6
48 [
4
]
.

1.1

Purpose

This purpose of this specification is to establish minimum requirements for the content of
HSE Cases and it
shall

be used for the development of
HS
E Input to Concept Select
Reports
, Design
HSE Cases
and Operations HSE Cases.

This specification SHALL [PS] be used for demonstration of the following requirements
of

the
Process Safety
Manual

in the Shell
HSSE & SP

Control Framewor
k [Ref.
7
]:



Identify and document Hazards with RAM red and yellow 5A and 5B Process
Safety Risks for existing and new Assets

(Requirement 1)
.



Develop a State
ment of Fitness for the Assets

(Requirement 7)



Review the Process Safety Risks to the Asset at least annually, in line with 8
Management Review

(of the HSSE & SP Management System)
(Requirement
20
)
.


This specification contains information on the contents of each type of HSE Case and
gives guidance and examples of information to be contained in specific sections.

1.2

General Definitions

The capitalised term
SHALL [PS]

indicates a process safety requirement
.

The lower case word
shall

indicates a requirement.

The word
should

indicates a recommendation.

1.3

Review and Improvement (SP 2062)

Responsibility for the upkeep of this Specification shall be with the CFDH Technical
Safety Engineering (Owner of this Specifi
cation). Changes to this document shall only be
authorised and approved by the Owner.

Any user of this document who encounters a mistake or confusing entry is requested to
immediately notify the Document Custodian using the form provided in
CP 122
Health,
Safety and Environment Management System
[Ref.
1
].

This document shall be reviewed as necessary by the
Owner
, but not less than every
two
years.

1.4

Deviati
on from Standard

Deviation

to this Specification shall follow the requirements of PR
-
1247 “Project Change
Control & Standards Variance Procedure”, Version 1 31/8/1999.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
9

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


2

WHEN ARE HSE CASES REQUIRED?

HSE Cases are mandatory for all PDO operated (owned, leased

or contracted)
projects/operations containing hazards rated severity five or high risk on the PDO risk
assessment matrix (RAM) as per
Figure
2
-
1

[Re
f.
1
]
.
Hazards to that fall into this category
are referred to as Major Accident Hazards (MAH), and are

typically identified during the
HAZID conducted at the start of concept

phase

of a project
.

However, f
or smaller, less
complex

projects
or modifications to an existing asset where an
Operations HSE Case already exists, it may be suitable to undertake a design review in
place of a Design HSE Case and then update the existing Operations HSE Case.


For
projects that fall into C
ategory C

as per
Figure
2
-
2

overleaf
, both qualitative (bow
-
tie
analysis) and quantitative analysis
(QRA)
are required
to determine the level of risk and to
demonstrate that risks are reduced to tolerable and ALARP
, thus a
Design and Operations
HSE Case must be compiled
.

Guidance and confirmation
shall

be sought from MSE/4 on an individual project basis
.




Figure
2
-
1
: PDO Risk Assessment Matrix

Figure
2
-
2

shows the industry guidelines for a framework for risk rela
ted decision support by
Oil and Gas UK in 1997 (formerly the UK Offshore Operations Association, UKOOA).

Once a new project has been assessed against the risk assessment matrix in
Figure
2
-
1

and found to contain level 5 or high risk hazards, it
shall be categorised as per
the chart in
Figure
2
-
2
.

A
B
C
D
E
Never
heard of in
the Industry
Heard of in
the Industry
Has
happened
in PDO or
more than
1>yr in the
Industry
Has
happened
at the
Asset or
more than
1>yr in
PDO
Has
happened
more than
1>yr at the
Asset
0
No injury or
health effect
No damage
No
effect
No
impact
1
Slight injury
or health
effect
Slight
damage
Slight
effect
Slight
impact
2
Minor injury
or health
effect
Minor
damage
Minor effect
Minor impact
3
Major injury
or health
effect
Moderate
damage
Moderate
effect
Moderate
impact
4
PTD or up to
3 fatalities
Major
damage
Major effect
major impact
5
More than 3
fatalities
massive
damage
massive
effect
Massive
impact
Increasing likelihood
Reputation
Asset
Environment
Consequences
Severity
People


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
10

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



Figure
2
-
2
:
Framework for risk related decision support

in PDO


To use the Framework, first relate the decision being considered to the d
ecision context
characteristics on the
right

hand side of the Framework.


Establish a horizontal line across
the Framework at the point that best fits the nature of the decision. The segments of this
horizontal line define the relative weight that should be given to the different decision
making approaches in the ALARP determi
nation. The descriptors on the
left
hand side of the
diagram describe the type and extent of consultation that is needed for the selected
decision context and type.

Type B and C
decisions
shall

be

taken at higher levels within an organisation than Type A
d
ecisions.

Type A

decisions are those involving well
-
understood hazards and proven solutions. The
lessons learned from past years have been incorporated into authoritative Good Practice.
Reference to the relevant Good Practice, supported by expert judgment
, is sufficient to
define the barriers needed to reduce the risks to both tolerable and ALARP.

Type B

decisions are those involving less well
-
understood hazards. Good Practice has to
be supplemented by more detailed analytical methods such as quantified
risk assessment
(QRA) particularly to address the uncertainties of novel aspects of design. However, risk
-
based analysis cannot be the only approach, as illustrated by the fact that it forms no more
than 40% of a horizontal line through the Type B band.

T
ype C

decisions are those involving hazards th
at may create societal concerns.

The more
technological factors in the ALARP determination need to be “conditioned”, or viewed

in the
context of how the situation will be seen by stakeholders.

The A, B, C gro
upings are not intended to split the framework into three discrete sections,
but should be used to indicate a continuum of decision context types from a strongly Type A
(technology based) at one extreme to a strongly Type C (judgment based) at the other
ex
treme. A range of decision
-
making approaches will contribute, especially to Type B and C
decisions. The background to the Framework is described in
[
4
]
.



Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
11

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


3

WHAT TYP
ES OF HSE CASES ARE THERE?

PDO
activities and
operated facilities
fall into different categories and the different types of
HSE Cases
used to

cover
these are listed below
:

o

Asset/facility:
hydrocarbon gathering/production facilities organised into delivery
teams or hydrocarbon transporting infrastructure and storage facilities. The majority of
PDO HSE Cases fall into this category and the content
shall

meet the requirements of
this HSE Case

Specification

o

Contractor drilling rigs and hoists;
the content
shall
meet the requirements of
International Association of Drilling Contractors (IADC) [
Ref.
4
] and this HSE Case
Specification

o

Air Operations;
the content shall meet the requirements of EP 2005
-
0263 Air
Transportation Standard and this HSE Case Specification

o

Land Transport;
the content shall meet the requirements of EP 2005
-
0261 Road
T
ransportation Standard and this HSE Case Specification


Air transport operations, road transport operations and marine operations with severity 5 or
high level hazards (as defined by the RAM in
Figure
2
-
1
) that are PDO operated (owned,
leased or contracted) shall have an Operations HSE Case.

The nature of Transport and Drilling Rig HSE Cases is that they are developed to describe
the hazards and set out

controls associated with the respective operation or activity. These
cases are reviewed and updated as they develop, but rarely is there a requirement to
develop a new HSE Case for these activities.

Asset/Facility HSE Cases differ in that new design proj
ects or production stations may
require that a new HSE Case is developed in accordance with this specification.

Asset/Facility HSE Cases are further separated into the following types of HSE Cases:

o

Concept Select Report
: This demonstrates that there has b
een a systematic
application of HEMP during the Identify, Assess and Select phases, that the HSE risks
associated with each development option have been identified and assessed, the
lowest risk option has been chosen or that the cost/effort required to ado
pt the lowest
risk concept is grossly disproportionate to the benefit.

o

Design HSE Case
: This demonstrates that there has been a further systematic
application of HEMP during the Define and Execute phases, demonstrates that the
severity 5 or high level haz
ards identified are both tolerable and ALARP and that all
safety critical elements (with associated performance standards) have been identified

and meet the performance standards
.

o

Operations HSE Case
: This describes management of the severity 5 or high le
vel
hazards to ensure that they are tolerable and ALARP,

bow
-
tie diagrams showing the
hazards and the barriers to the hazards,

a list of HSE critical tasks, references to
operational management systems and a statement of fitness. This acts as
confirmation

that the HSE Case Owner (Director) is satisfied that the arrangements
are in place for the facility to operate safely.


3.1

Asset/Facility HSE Cases at different ORP phases

The opportunity realisation process (ORP) is split into 5 phases punctuated by Decisio
n
Gates (Dg1
-
5) and Value Assurance Reviews (VAR1
-
5). Once the need for an HSE Case
has been identified, the type of HSE Case and when it should be compiled needs to be
identified as per
Figure
3
-
1
.

The Identify & Assess; Select; Define; Execute and Operate phases are discussed in the
following sections.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
12

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



Figure
3
-
1
: 5 stages and appli
cable HSE Cases

3.1.1

Identify and Assess

This phase initiates opportunities and demonstrates the feasibility of those
opportunities. Ideas are generated and aligned with business principles and
strategies and potential values established so a decision to fund
and staff further
development of these ideas can be made.

This phase also asks the question as to whether the project has looked sufficiently at
the risks, different development options, realisations and all possible outcomes. Is
there at least one soluti
on that would work in most, perhaps all, of the realisations?
The project must understand what it is going to be taking into the Select phase.

HSE input at this stage is at a high level and includes a preliminary HAZID, HSE
-
SD
Plan and input to the Risk R
egister.

3.1.2

Select

This stage must select the best concept solution for delivering value from the
opportunity and make it clear why one choice was the preferred option.

HSE input into the select phase has potentially the greatest impact. The option
selected
to take forward into the define phase must be ALARP. An ALARP
demonstration must be provided in the CSR (see section 14).

3.1.3

Define

The selected concept must be defined technically (scope, cost, schedule) or
commercially (JVA, JOA, country entry) for final in
vestment decision (FID). Note that
the timing of a technical FID may not coincide with a commercial FID.

HSE activities and deliverable at the define stage include a Design HSE Case and
other HEMP Studies.

3.1.4

Execute

The project is to be delivered as a facil
ity consistent with the forecast scope, cost,
schedule and proven performance and has to be accepted by the Owner of
operations (usually the Relevant Director) for use.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
13

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


During the execute phase the Design HSE Case is refined. The Operations HSE
Case is de
veloped prior to handover to operations. Further HEMP studies are
carried out to support the ALARP Demonstration.

3.1.5

Operate

The project is operating as per expected and is maximising returns to Shareholders
and protecting the License to Operate. The Owner
of operations (usually the
relevant Director) has accepted responsibility for continued safe operations.

The Operations HSE Case will contain the ALARP
demonstrations

for the Operate
phase. This is built and maintained throughout the operate phase, (see se
ction 16).


3.2

Roles and

Responsibilities f
or the HSE Case

Delivery Team Leaders

(DTL):
D
TLs

are responsible for ensuring that the HSE Cases
are
developed and maintained for their assets
and
meet the requirements of this
specification.

Project Managers
:

Project Managers are responsible for ensuring that the
Concept
Select Report
and Design HSE Cases
are
developed
and
meet the requirements of this
specification.

Contract Holders
:
For
Air Operations
,
Road Transport

and
Drilling & Hoist Rig
s, it is the
C
ontr
act Holders
that
are responsible for ensuring that their Contractors develop and
maintain HSE Cases that meet the requirements of this specification
.

3.2.1

Sign Off Dates

Sign off dates for the
CSR/
HSE Cases shall be as follows:

o

The
Concept Select Report
Case shall be signed off prior to VAR3.

o

The Design HSE Case shall be signed off prior to VAR4.

o

T
he Design HSE Case during detailed design phase shall be signed off

when
completed

and
prior to
the

PSUA.

o

The Operations HSE Case shall be signed off prior to
start up
.


3.3

Roles and Responsibilities
w
ithin the HSE Case

There are three main roles for developing, implementing and maintaining an HSE Case; the
HSE Case Owner, HSE Case Custodian and the HSE Case Administrator. These roles for
each type of HSE Case are

shown in
Table
3
-
1

and cover new projects and modifications to
existing facilities.

Table
3
-
1
: Roles and responsibilities within an HSE Case


HSE Input to Concept
Select Report (CSR)

Design HSE Case

Operations HSE Case

HSE
Case
Owner

Project Manager




I
dentifies the
requirement for a

HSE
Section in the CSR

in
accordance with this
specification



Appoints HSE resource

Project Manager




Identifies the
requirement for an HSE
Case in accordance with
this specification



Appoints HSE Case
Custodian and assigns
responsibilities

Asset Director




Identifies the
requirement for an HSE
Case in accordance with
this specification



Initiates Operations
Case and assigns
responsibilities


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
14

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



HSE Input to Concept
Select Report (CSR)

Design HSE Case

Operations HSE Case



Approves
the
Concept
Select Report



Approves outcome of
ALARP
multi
-
disciplinary
reviews



Develops a Statement of
Fitness

for the Asset



Approves

the Design
HSE Case



De
velops a Statement of
Fitness

for the Asset




Approves outcome of
HEMP studies



Approves
the Operations
HSE Case
Assigns HSE
Critical Element
ownership to the
appropriate Technical
Authority/HSE Adviser;



Ensures ongoing
compliance with this
specification



Conducts periodic
Operations HSE Case
review
s



Ensures facility is
operated according to
the Operations HSE
Case

HSE
Case
Custodi
an

Project HSE Lead




Manages HEMP studies,
ensures
risk tolerability
and
suitable and robust
ALARP
demonstrations
are made



Prepares HSE content of
the
CSR

and checks
DCAF content all signed
off



Coordinates the
development of the HSE
Input to the CSR.

Lead
Technical Safety
Engineer




Identifies HEMP studies
to assess the hazards
and risk associated with
the project



Develops ris
k reduction
strategies, identifies
safety critical elements
(SCE) and associated
Performance Satandards
in conjunction with SCE
Technical Authorities
(TA)



Facilitates that suitable
and robust ALARP
demonstrations are
made.



Reviews and approves
all action
items raised for

correct detail, action
party and target date




Compiles/co
-
ordinates
the HSE Cas
e

Delivery Team Leader




Ensures the HSE Cases
are developed and
maintained for their
assets in accordance
with latest requirements.



Ensures participation in
development and
awareness
and proper
use of the HSE Case by
the organisation




Validates HEMP studies
and
technical accuracy
of the contents of the
HSE Case




Co
-
ordinates review of
HSE critical tasks listings

and associated
Performa
nce Standards



Ensures that revisions
and updates are
prepared when
necessary, adequately
controlled and distributed



Reviews facility specific
emergency response
plans



Reviews and approves
all action items raised

for
correct detail, action
party and target
date


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
15

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



HSE Input to Concept
Select Report (CSR)

Design HSE Case

Operations HSE Case

HSE
Case
Adminis
trator



N/A



N/A

Directorate Technical Safety
Engineer



Compiles/co
-
ordinates
the HSE Case and
subsequent reviews and
updates



Supports the HSE Case
Custodian





Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
16

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


3.4

Workforce Involvement

The HSE Case shall demonstrate that the workforce
have been part of the development
and review of the HSE Case. Workforce in this context is the front line operations and
maintenance staff that are directly involved in the day
-
to
-
day running of the facilities.

The purpose of this requirement is to ensure

that front line operations and maintenance
staff:



have knowledge of the Major Accident Hazards that have been identified for the
facility where they work




are aware of the
controls and barriers in place to manage the
se MAHs
(SCEs,
performance Standards,

H
SE Critical Tasks, MOPOs)



have knowledge of how these

controls

are managed
(MIE, FSR, assurance
reviews)


For Design HSE Cases, workforce involvement can be demonstrated by ensuring that
relevant staff representatives have been involved in the design. Thi
s may be done by
ensuring they participate directly in the design activities (HAZIDs, HAZOPs, HEMP
studies) and by participating in project assurance reviews such as Design Reviews, peer
reviews and project Audits.

O
perations HSE Cases

shall be communicate
d
to the operations and maintenance teams
on site
. The focus shall be on wh
at
the case
mean
s

to them and what impact is it likely to
have.

In addition,
representatives from current operational, engineering, and
maintenance teams and workforce representat
ives
(where applicable)
shall be included in
the regular reviews as described in Section
13
. This
engagement
may be
demonstrated

by ensuring th
at
th
e HSE case is reviewed regularly
by operations and maintenance staff
,
which can be achieved through



job descriptions

and
staff performance contracts



dedicated communications initiatives



staff onboarding



committees or working groups (e.g. AIPSALT).

For bo
th types of HSE Cases, the details of how workforce involvement has been
achieved
shall be described in the HSE Case or in the document
ation of

the periodic
review of the HSE Case.


3.5

Deliverables

Design and Operations HSE Cases are classified
as Essential
Records according to CP
-
102

Documents & Records Management


and
shall be maintained on Livelink by the
HSE Case Administrator.

Design and Operations
HSE
Cases are mandatory deliverables for new projects and
existing assets
, as described by t
he Discipline Control and Assurance Framework
(DCAF)
section in
SP
-
2061
Technical Authority System

[Ref.
7
]
.


3.6

Performance Monitoring

Routine perfo
rmance monitoring of HSE
Cases
shall

include:

o

Assurance of Design HSE Cases at VARs

o

Review of Operations HSE Cases during Pre
-
Start

up Audits


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
17

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


o

AI
-
PSM Assurance of Operations HSE Cases

o

Monitoring of Operations HSE Case KPIs

3.6.1

Review and Improvement (HSE Cases)

Once the
Concept

S
e
lect R
e
po
r
t
is signed off, it is not anticipated that any revisions
will be required as further project work will be covered in the Design HSE Case.

The Design HSE

Case may need to go through several revisions during the Define
and Execute phases depending on the nature of the design of the new project.

The Operations HSE
Case
shall

be

reviewed and updated at a maximum interval of
5 years unless any of the following

circumstances occur:

o

As part of a

Material Change
to the Facility, operation or surrounding environment
that may have a potential impact on the risk profile

o

When it cannot be verified that the performance of safety critical elements (SCEs)
meet the perfor
mance standards and/or when mitigation measures have been
employed for extended periods to compensate for this shortfall

o

Prior to any material changes to the organisational arrangements or personnel
levels

o

Following a major incident involving the Facility
or operation, or from lateral
learning from other major incidents applicable to the Facility or operation

o

Enhancements in knowledge or technology that change the basic assumptions on
which the risk tolerability and ALARP demonstrations are based

o

If there i
s a change to any of the signatory parties for the HSE Case, i.e. HSE
Case Owner (Director), HSE Case Custodian (Delivery Team Leader) or HSE
Case Administrator (
Technical Safety Engineer
)


3.6.2

M
aterial
C
hange

A material change is any change that significantly

affects the basis for
original
the
ALARP demonstration

in the HSE Case
.

In practice

this usually includes

changes
that
have the potential to affect the major accident
hazards

or their controls, either
directly or indirectly.

Examples of direct effects ar
e:

o

Significant
modifications or repairs to the

plant or equipment,

either as
single large modifications or multiple smaller modifications.

o

an increase in hydrocarbon inventory,

o

new technology, processes or operational complexity,

o

new types of combined
operations, or new activities in connection with an
installation,

o

new operational risk controls.

Examples of indirect effects are:

o

new ownership or operatorship, introducing a change in the management
system,

o

a major change of contractor, and

o

extension of
the use of the installation or its components beyond the
original design life.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
18

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


4

ASSET INTEGRITY
-

PROCESS SAFETY MANAGEMENT

Assuring the safety of people, assets, the environment and reputation is a core value and
providing assurance that major process saf
ety risks are being managed is a critical aspect
of PDO corporate governance. Asset Integrity


Process Safety Management (AI
-
PSM)
describes the way in which PDO assets are managed so that the process risk is as low as
reasonably practicable (ALARP).

Th
ere are two Process Safety imple
mentation mechanisms within PDO:

1.

The Process Safety Manual of the Shell Group
HSSE Control Framework

[Ref.

6
]

2.

AI
-
PSM as developed
by
Centre for Chemical Process Safety Guidelines for Risk
Based Process Safety (CCPS RBPS)

[Ref.
9
].

4.1

Process Safety Manual, HSSE Control Framework, Section

The HSSE
& SP Control Framework
replaces the
mandatory requirements in EP2005
series, and

includes mandatory Standards, Manuals, Speci
fications and Glossary terms,
and non
-
mandatory Assurance Protocols and Guides.

The Process Safety Manual of the HSSE & SP CF comprises four elements:

1.

Asset Integrity


Process Safety Management Application Manual

2.

Design and Engineering Manual 1 (DEM1
)

3.

Des
ign
and Engineering Manual 2 (DEM2)

4.

O
verride of Safeguarding Systems.


A full description of each element can be obtained in
The HSSE & SP Control Framework

[Ref.
6
]

Compliance to
the detailed
requirements
of the
Process Safety Manual

is
demonstrated
by signing a
Statement of Fitness (SoF).
The Statement of Fitness is shown in section 12
and testifies
that the hazards have been appropriately managed in accordance with
HEMP and that a suitable and robust ALARP demonstration has been made.

The Statement of Fitness is a requirement of the
A
I
-
PSM

Application Manual

and a
signed SoF shall be included in Desi
gn and in Operations HSE Cases, respectively.

For operational assets the SoF shall be signed by Asset Directors, and for new projects
by the Project Manager before handover to operations.

4.2

Centre for Chemical Process Safety Guidelines for Risk Based
Process

Safety (CCPS RBPS)

The
CCPS RBPS
AI
-
PSM process
is an assurance process containing
20 elements

1
that
describe minimum expected standards and stipulates the requirements for a range of
process related activities ranging from organisational culture, workfor
ce involvement, risk
management, HEMP and audit through to design.


The assurance process includes routine checking, self
-
assessments and audits, as well
as independent 3rd party verification that the AI
-
PSM system and practices are consistent
with indust
ry best practice and are controlling process risk to ALARP.

The assurance process also identifies opportunities for improving the management and
control of process risk and therefore, is a key driver for continuous improvement.




1

A description of the
20 AI
-
PSM elements is provided in
Appendix 12
.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
19

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


HEMP is an integral element
of the AI
-
PSM process and the HSE Case and provides a
clear link between the two processes. Both the AI
-
PSM and HSE Case processes aim to
identify, control and reduce risk levels to ALARP.


4.3

Process Safety in Projects

AI
-
PS

requirements
in projects, from project identification through to execution, is
described in “GU
-
648
Guide for Applying Process Safety in Projects


[Ref.
4
]
.

Thi
s guideline extracts
all the relevant information from the existing ORP documentation

that is

necessary to meet the AI
-
PS requirements
at handover. It also provides further
clarity with regards to the assurance processes which underpin the project team’s a
bility
to demonstrate
that
AI
-
PS requirements are met at the end of every project phase.


The main objective of
this guideline is to explain the key
AI
-
PS
objectives and
deliverables
throughout the project phases
that

demonstrat
e

the facility is fit for th
e safe
introduction of
process fluids

and that systems, processes and procedures are in place so
that AI
-
PS can be safeguarded in the subsequent operate phase.

This will allow PDO to make the statement that
“Our Asset is Safe and we know it”
after
each pro
ject phase.

4.4

Critical Drawings

Critical drawings are those drawings which are required to be maintained in order to
support the implementation of critical tasks. Critical drawings are required to ensure that
the risks from MAHs are ALARP.

A list of critic
al drawings shall be made for each facility.
All critical drawings
shall

be
stored
in
a
n easily accessible

database to reflect the current design and status of the
asset (as
-
built status).

This will ensure that all personnel have access to reliable and
up to date information to
allow accurate planning of work operations and activities, management of change and
investigative activities (when an incident has occurred).

Critical drawings include, but are not limited to:

o

PFS

o

PEFS

o

Cause and Effect matrix

o

Haza
rdous area classification

o

Area Layout

o

Site plan (sub
-
field layout)

o

Key plan and Plot plan

o

Escape routes

o

Safety equipment layout

o

Critical valve list (including locked open and locked closed valves)

o

Fire and Gas layouts.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
20

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


5

HEMP

The hazards and effects manageme
nt (HEMP) process identifies and asses HSE hazards,
implements control and recovery measures and maintains a documented demonstration
that major HSE risks have been reduced to a level that is as low as reaso
n
ably practicable
(ALARP).

HEMP

shall

be applied to all activities over which PDO has operational control and shall
cover the entire lifecycle of the asset or operation; from concept
through

to
decommissioning and disposal. Work undertaken by a Contractor and under the
Contractor’s own manag
ement system shall have a requirement for an equivalent HEMP
approach expressly stated in the contract.

HEMP is fundamental to all analysis and assessment elements of the formal HSE activities,
and is at the heart of the HSE management system used in PDO.

The HEMP process
comprises four basic steps:



Systematic identification of hazards, threats, unwanted events and their effects



Assessment of the risks against screening criteria, taking into account the
likelihood of unwanted events and the potential sever
ity of the consequences in
terms of effects to people, assets, the environment and reputation of PDO



Implementation of suitable risk reduction measures to control or mitigate the
hazard and its effects



Planning for recovery in the event of a loss of contro
l leading to an unacceptable
effect.

The main objective of HEMP activities is to demonstrate that hazards (and associated risks)
have been identified and where the hazard cannot be eliminated the risks are controlled to a
level that is tolerable and as low as reasonably practicable (ALARP).
The HEMP model is
characterised by
Figure
5
-
1
.




Figure
5
-
1
:
HEMP Model

HEMP studies shall be perf
ormed by staff who are knowledgeable about the facility and
operations and who are competent in the HEMP techniques necessary. The studies shall
be planned and implemented

in a

timely
manner
to enable the results to be incorporated
without incurring
avoidable rework and costs. The studies should be documented such that
key information and decisions made are transparent and available for future reference.
Recommendations arising from HEMP studies shall be recorded in an appropriate action
tracking sy
stem.

Identify
Control
Assess
RISKS TOLERABILITY & ALARP
Recover
DOCUMENT

Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
21

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


5.1

Hazards and Effects Register

Hazards and their effects on people, the environment, the assets and the reputation of
PDO shall be systematically identified and listed for the full lifecycle of the asset and
operations.

The hazards are identified in a
Hazard Identification (HAZID) meeting, and the outcome
of this meeting is used to develop the
Hazards and Effects Register
.

PDO use a checklist of potential hazards
to populate the Hazards and Effects Register.
It
is recommended that a multi
-
disciplinar
y team facilitated by an experienced person go
through the list of hazards and identify those relevant to the specific facility/asset/
operation under consideration. Ideally the team should be made up of Management,
Operations, HSE, Maintenance and Engine
ering

Disciplines

(Concept, Detailed Design
as appropriate) personnel.

The
PDO R
isk
A
ssessment
M
atrix
in
Figure
2
-
1


shall

be used to assess the ha
zards and
their severity and frequency of occurrence. The experience of the team will be use
d to

brainstorm hazards known to have been realised from previous experience or thinking
whether it is a credible hazard that could occur within PDO operations. T
his is a
subjective process and care must be taken not to over
-
complicate the process by thinking
of multiple events, double jeopardy events or highly unlikely events.

Examples of credible scenarios could include major leak from oil storage tank at MAF,
le
ak at a Booster station on the main oil line, leak from offtake tanker hose, loss of
containment from on
-
plot processing facilities, loss of containment of H2S (affecting both
onsite personnel and the general public). Consequences from such incidents usua
lly
cover injury/fatalities, fires/explosions, environmental impact, loss of facility and negative
impacts on reputation.

For low and medium risk hazards, the controls for the hazards, i.e. permit to work, job
safety assessment, operating procedures, compe
tence assessments, tool box talks, etc.,
are discussed and then added to the Hazards and Effects Register.

Hazards that have been assessed as being a severity 5 or high risk on the risk
assessment matrix are then modelled further usi
ng bow
-
tie methodolog
y as described in
next section.

See
Appendix 3

for the full

checklist of potential hazards, and an e
xample
of a
Hazard
and Effects Register is provided in
Appendix 4
.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
22

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


6

BOW
-
TIES

The Hazards and Effects Register documents that all hazards associated with the facility
and that control and mitigation measures
have been identified. Hazards that have been
assessed as being a severity 5 or

high risk on the risk assessment matrix (
Figure
2
-
1
) are
then modelled further using bow
-
tie methodology.

The Bow
-
Tie is a model that represents how
a Hazard can be released, escalate, and how it
is

controlled. It contains the elements required to effectively manage the Hazard such that
the risks

are tolerable and ALARP.

Bow
-
Ties can also be used to support risk management
of non
-
HSE

processes.


For e
ach severity 5 or high level hazard, the bow
-
tie methodology allows for:

1.

Identification of the hazard release, escalation and consequence scenarios

2.

Identification of controls, e.g. barriers and escalation factor controls required to
manage the hazards

3.

Cate
gorisation of controls into Inherent Safety, Safety Critical Element (hardware)
or Critical activity (procedures, processes, operator action)

4.

A clear visual representation to enable the ALARP review to be undertaken

5.

An aid in the incident review process if

occurrence of such a major incident has
occurred.


The bow
-
tie is a model that represents how a hazard can be released, escalate and how it
is controlled.

‘Bow
-
Tie XP’ is
the PDO preferred
software
tool



Figure
6
-
1
:
Generic bow
-
tie model






Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
23

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


T
able
6
-
1
:
HEMP definitions and
Bow
-
tie terminology

ALARP

As Low As Reasonably Practicable (Risk) means that having
reviewed all practical alternatives for Major
Accident Hazard
elimination, Threat Controls and Recovery Measures, further
reduction in risk would involve disproportionate cost or resources
for the risk reduction achieved.

Barrier

Barriers prevent or reduce the probability of each Threat (left
hand
side of the bow
-
tie), limit the extent of, of provide
immediate recovery from the Consequences (right hand side of
the bow
-
tie).

Barriers may be hardware, such as safety systems
(e.g. F&G ESD, etc) or management systems and procedures.

Consequence

Conseq
uences in the bow
-
tie are a direct result of the Top Event
occurring. Indirect consequences, if applicable shall be modelled
in a separate bow
-
tie, Can include potential consequences that
have not been heard of in the industry.

Escalation
Factor

Factors

that defeat, or reduce the effectiveness of a Barrier

Escalation
Factor

Control

M
easures put into place to prevent or mitigate the effects of
Escalation Factors.

Hazard

Any situation with the potential for harm to people, environment,
asset or
reputation e.g. hydrocarbons under pressure, dropped
load
.

HSE Critical
Task

An HSE Critical Task develops, implements or maintains the
effectiveness and integrity of a Barrier or Escalation Control
Factor in Bow
-
Ties for Severity 5 or High Risk Hazards.
HSE
Critical Positions are those that execute HSE Critical Tasks

HSE Critical
Position

HSE Critical Positions are those that execute HSE Critical Tasks

Major Accident
Hazards

(MAH)

Hazards that are classed as High Risk (Red) or severity 5 on
the

PDO Risk Assessment Matrix
. This means a
ny situation with the
potential for major consequences (harm) to people, environment,
asset and reputation if released
.

Recovery
Measure

Any measure put in place to manage Consequences and assist
recovery from a
Top Event
.

Risk

The likelihood of a Top Event combined with the severity of the
Consequences (The risk is from the Hazard to people,
environment, asset and reputation).

Threat

Any action or mechanism that could bring about the unplanned
release of a haza
rd
.

Threat Control

Any measure put in place to prevent a Threat being successful
.

Tolerable Risk

Tolerable Risks are those that have been reduced to a level
where they comply with the applicable laws and regulations,
standards, strategic objectives and o
ther agreed Tolerability
Criter
ia.

Top Event

The first thing that happens when a hazard is released.
Individual bow
-
ties shall have a single Top Event.


The role of a barrier on the bow
-
tie diagrams is to prevent
(
Left
hand side of BT)
or limit
(
Right

hand side of BT)
the consequence of a major incident. Barriers may be:


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
24

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


1.

Design (inherent) features, e.g. separation distances, reduction of process pressures,
minimisation of leak sources, etc.

(depicted blue on the bow
-
tie).

2.

Safety Critical Elements
(hardware and logic software), e.g. Process Containment
Systems, Pressure Relief Valves, ESD, Fire and Gas Detection, Escape & Evacuation
Systems, Breathing Protection, etc.

(depicted green on the bow
-
tie)

3.

Operational Safety Processes, e.g. valve lock out/
tag out, breaking containment
procedures, permit to work, etc.

(depicted yellow on the bow
-
tie)

4.

Operational Intervention Tasks, e.g. Plant Monitoring, Alarm Response, Shutdown, etc.

(depicted yellow on the bow
-
tie)


Barriers shall be:

1.

Effective in preventi
ng the Top Event or Consequence

2.

Able to prevent a specific Threat from releasing the Hazard

3.

Verifiable


how shall the
effectiveness of the barrier be confirmed
?

4.

Independent of other barriers in the same Threat line
,

e.g. no ‘common mode failure’
.


Hardware Barriers for Severity 5 or High Risk Hazards (HSE) shall be classified as HSE
Critical

Elements.

Selection of these Barriers shall be in accordance with
EP2009
-
9009
SCE Management Manual

[Ref.
10
]
and is further described in Section
7
.

Common barriers or escalation factor controls that appear frequently, e.g. such as those to
do with Operator/Human Error, should be modelled using a separate bow
-
tie to manage the
single Thr
eat of ‘Operator/Human Error’.

See Section
10


ALARP
demonstration
’ for further information.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
25

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


7

SAFETY CRITICAL ELEMENTS

A Safety Critical Element (SCE) is any item of hardware, system or logic software the failure
of which could cause a major Accident Hazard (MAH) or whose purpose is to prevent or
m
itigate the effects of a MAH.

SCEs groups are categorised according to Shell EP2009
-
9009 ‘Safety Critical Element Management Manual’ [Ref.
10
].

These groups or barriers
(see section
7.1
) contain the definitions of those ite
ms that may be classed as safety critical
on any given facility.

Safety Critical Elements shall be selected from these groups during the bow
-
tie
development process. The bow
-
tie diagrams show the SCEs as ‘barriers’ to the MAH.


A
deliverable of the Bow
-
Tie

development process is a list of SCEs applicable to the facility.

This list shall be further developed as part of a SCE identification process that defines the
safety critical components of each SCE barrier.

The role of a barrier on the bow
-
tie diagrams
is to prevent or limit the consequence of a
major incident. Barriers may be:

1.

Design (inherent) features, e.g. separation distances, reduction of process pressures,
minimisation of leak sources, etc.

2.

Safety Critical Elements (hardware and logic software),
e.g. Process Containment
Systems, Pressure Relief Valves, ESD, Fire and Gas Detection, Escape & Evacuation
Systems, Breathing Protection, etc.

3.

Operational Safety Processes, e.g. valve lock out/tag out, breaking containment
procedures, permit to work, etc.

4.

Operational Intervention Tasks, e.g. Plant Monitoring, Alarm Response, Shutdown, etc.


The SCE management manual [Ref.
10
] describes the activities

and processes for
managing the critical hardware barriers (SCEs) that appear in the MAH bow
-
ties.

7.1

SCE (Hardware) Barriers

Each SCE is grouped under one of 8 hazard management barriers, as depicted in the
Swiss Cheese Model (
Figure
7
-
1
).

The hazard management barriers are as follows:



Structural Integrity



Process Containment



Ignition Control



Detection Systems



Protection Systems



Shutdown Systems



Emergency Response



Life Saving Equipment

Each SCE belongs to one hazard management barrier. Generally, the Structural Integrity,
Process Containment and Ignition Control SCEs together with some aspects of the
PSD/ESD system, reside on the left hand
-
side of

the bow
-
tie top event. Failure of any of
these barriers could cause or significantly contribute to a MAH.

The remaining SCEs
normally reside on the left hand
-
side of the bow
-
tie top event.


These SCEs are provided
to control or mitigate the effects of a
MAH after it has occurred.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
26

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



Figure
7
-
1
:
SCE
Hardware

Barriers and SCE Groups


The hardware barriers in
Figure
7
-
1

are depicted with a number of small holes that
represent an integrity failure either in design or operating performance. On their own,
these failures may not be significant but, if the holes

line up, there may be no effective
barriers in place between safe operations and escalating consequences, leading to a
major incident.

For example, a loss of containment in a sweet gas facility would not normally be
expected to cause fatalities unless it
is ignited. An integrity failure in the process
containment system combined with a failure in the ignition control system could cause an
ignited event, i.e. a fire or explosion. If there are no personnel in the area then this in
itself would not cause fata
lities. However, if there are integrity failures in the fire and gas
detection system then the event may not be detected and the process system not
isolated and the event may have the potential to escalate to adjacent inventories. This
would also be the ca
se if an ESD Valve or Blowdown Valve failed to operate on demand.
Finally, if adequate assembly points and EER systems such as emergency telecoms are
not provided or are not suitable, then personnel may not be evacuated quickly enough
and the process relea
se would have the potential to cause fatalities. The example shows
that a number or what on their own would sometimes be considered as ‘minor failures’
have combined to produce a Major Accident causing fatalities.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
27

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


Figure
7
-
1

shows the importance of maintaining and monitoring and ensuring the
integrity status of all hardware barriers, so that what might be considered to be relatively
small faults in indi
vidual barriers do not combine together in an unforeseen manner that
compromises the ability if the barriers to prevent or control a major incident.

Note that it is not necessary for all barriers to fail to lead to a major incident. For
example, failure o
f a single barrier such as process containment on a high sour facility
may lead directly to major incident.

Each SCE is attached to a relevant discipline who are designated as the owner of the
associated Performance Standard.

7.2

SCE Selection

SCEs
should be
colour coded green
on the Bow
-
tie
and the specific SCE category
de
n
oted beneath the barrier

that appears in the Bow
-
tie.

The process for selection of SCEs starts with a review of the

generic list of SCE’s
provided in the SCE Management Manual [Ref
.

10
] to identify those
SCEs
that
are

applicable to the
f
acilities,
for each of the

identified Major Hazards.
The list of selected
SCEs shall be reviewed and agree
d by the relevant discipline engineers during the define
phase.

Figure
7
-
2

depicts

the proce
ss for the selection of SCE’s.

The HSE Case

shall

contain a list of the SCE
s

identified in the bow
-
tie diagrams as per
the table
provided in
Appendix 5
.

The HSE Case

shall

contain a table showing each SCE
again
st

the
MAH
bow
-
ties where
they appear as hardware barriers
, and

an example is shown
for the
SCE group

‘P
rocess
C
ontai
nment’
in

Appendix

6
.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
28

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.



Figure
7
-
2
:
Selection
Process for Safety Critical Elements



7.3

Performance Standards

A Performance Standard is a

statement, which can be expressed in qualitative or
quantitative terms, of the functional performance required of a
SCE
, and which is used as
the basis for managing
the risk from the Major Hazards.


Defining and ensuring
compliance with suitable Performance Standards provides assurance that the SCE is and
will remain a barrier to the identified MAH.

Generally, the SCEs and Performance Standards follow a one
-
to
-
one
relationship where
each SCE has its own Performance Standard.

Performance Standards are used as the basis for design and technical (operational)
integrity verification and are expressed in terms of functionality, availability, reliability,
survivability an
d dependencies/interactions with other SCEs.

Functionality

Functionality is an expression used to define what the system or equipment is required to
achieve in order to ensure design integrity.

Reliability and Availability

Reliability is defined as the req
uired probability that the system or equipment will operate
on demand, when required.

Availability is defined as the extent to which the system or equipment is required in order
to retain its functional integrity.

Is the purpose
of this element
to
prevent

a
MAH?

Could failure of
this element
cause

a MAH?

Could failure of
this element
contribute

substantially to a
MAH?

Is the purpose
of this element
to
limit the
effects

a
MAH?

This item
is

a
Safety Critic
al
Element
.

This item is
not
a
Safety
Critical
Element.

No

No

No


No

No


No

No


Ye
s

No


Ye
s

No


Ye
s

No


Ye
s

No


Generic List
of SCEs

EP9009
-
2009


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
29

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


Survivability

Survivability defines the ex
ternal loading events such as fires, explosions or extreme
weather, associated with the various MAHs against which the system or equipment is
required to retain its functional integrity.

Dependencies and Interactions

This is used to identify other systems
or equipment that are critical to the functionality of
the primary system or equipment. By identifying these dependencies and interactions it
is ensured that all interfaces have been covered.


There are two types of Performance standards;



Design Performan
ce Standards
. Design Performance Standards must be developed
during the Define phase. They shall provide a list of key functional criteria to which
the SCE must comply with during the design. In practice the content of the
performance standards will be la
rgely taken from the design and engineering
standards that apply to the item or SCE.

However, other information may be taken
from the basis for design, the design philosophies, or the results of workshops and
HEMP Studies such as HAZID/HAZOP, Design Revie
w, Layout Reviews, Fire &
Explosion Analysis, QRA, IPF, SAFOP, etc.

The Design Performance Standards will mature further during the execute phase and
will check that the SCEs have been constructed as designed. The existing QA/QC
procedures and practices s
hould be used to support the Design Performance
Standards. The design must take into account operational demands so that
suitability can be ensured into the operate phase.

The Design Performance Standards will evolve into Operate phase Performance
Standar
ds at the end of the execute phase before handover.



Operations Performance Standards
. The Operate phase Performance Standards for
SCE’s should evolve from the Design Performance Standards. These Performance
Standards are formatted to comply with the req
uirements of SAP
-
PM and SAP
-
QM in
terms of minimum assurance tasks, assurance measures, assurance value and units
of measure for the correct allocation to the appropriate level in the asset hierarchy.

Examples of the two types of Performance Standard are p
rovided in
Appendix 7

and
Appendix 8
,
respectively.

7.3.1

Performance Standard Approval

Each performance standard is allocated an ‘owner’.


The owner is responsible for
ensuring that the content of the performance standard is appropriate and achievable. The
performance standard owner is normally the CFDH for the items covered by the SCE.
However, the CFDH may delegate the review and approval
of their performance
standards to the relevant TA2.


Petroleum Development Oman LLC

Revision:

1.0

Effective:

Mar
-
11


Page
30

SP
-
2062 Specification for HSE Cases

Printed
09/11/13

The controlled version of this CMF Document resides
online in Livelink
®
.

Printed copies are UNCONTROLLED.


8

HSE CRITICAL TASKS

An HSE Critical Tasks
is one that is in place to
develop, implement or maintain the
effectiveness and integrity of a Barrier, Escalation Factor Control or Recovery Measure
Control in
the MAH bow
-
ties.

An HSE Critical Position
are those
that execute HSE critical tasks.

The minimum information required for a HSE critical task shall be: