Safety Critical Elements
Safety Critical Elements (SCEs) are the equipment and systems that provide the basis of risk management associated with Major Accident Hazards (MAHs). Safety Critical Elements are any part of the installation, plant or computer programmes the failure of which will either cause or contribute to a major accident, or the purpose of which is to prevent or limit the effect of a major accident.
The SCE Management Processes only deal with facility hardware and equipment related software or logic systems and do not include HS&E business process (HSE management systems), processes and procedures.
Major accidents are fires, explosions or releases of dangerous substances that cause death or serious injury; major damage to the pipe rack structure of plant or loss of stability; or any other event involving death or serious injury to one or more people.
A Performance Standard is a qualitative or quantitative statement of the performance required of a system or item of equipment in order for it to satisfactorily fulfil its purpose.
It is a requirement that Performance Standards should be established for all SCEs.
The Role of Safety and Environmental Critical Elements in Managing HS&E HAZARDS
It is necessary to identify SCEs to ensure that there is a clear understanding of what systems and structures are important in managing the risks associated with Major Accidents and Major Environmental Hazards and to establish systems which allow the performance of SCEs to be established throughout their lifecycle.
Once the SCE has been identified it is necessary to define its critical function in terms of a Performance Standard. Based on the Performance Standard, assurance tasks can be defined in the maintenance system to ensure that the required performance is confirmed. By analysing the data in the maintenance system confidence can be gained that all the SCEs required to manage Major Accidents and Major Environmental Hazards are functioning correctly. Alternatively, corrective actions can be taken to restore the integrity of the systems if deficiencies are identified.
For example, in Europe all fertilizer plants fall under Seveso legislation that requires a documented Security Report and Environment Plan or equivalent Safety Case report to be developed and maintained for each facility – wherever it operates. As a part of this process the Major Accident Events and Major Environmental Hazards and the barriers required to prevent or manage these hazards are identified and assessed.
akh.deocamdata.ro and UreaKnowHow.com work together to document various incidents in ammonia and urea plants and organize this information in a structured manner in Fertilizer Industry Operational Risks Database (FIORDA). In FIORDA for each Major Accident or Environmental Hazard the team is looking to document the Prevention and Mitigation safeguards and to provide additional recommendation where required. The goal is to support operators to assess their existing plants and projects and to identify if additional improvements are to be implemented in order to prevent a potential incident that may impact safety, environment or production.
The role of barriers in preventing or limiting the consequences of a Major Accident or Environmental Hazard is often depicted in the so called “Swiss Cheese Model” shown in Figure 1. It shows the SCEs represented as the following types of generic barriers between safe operations and Major Accidents.
Figure 1. “Swiss Cheese Model”
Each barrier will consist of one or more of the SCEs as per Table 1
Safety and Environmental Critical Elements
|Shutdown Systems (Isolation and Blowdown)|
Table 1 – Integrity Barriers and SCEs
Each barrier is shown in Figure 1 with a number of small holes in it that represent some degradation of the barrier performance or integrity. On their own these degradations may not be significant but if the holes line up there may be no effective barriers in place between safe operations and Major Accidents.
It is worth noting that it is not necessary for all 8 barriers to fail to lead to a Major Accident. Failure of a single barrier such as Structural Integrity or Process Containment barrier can lead directly to a Major Accident. Most barriers rely on people at various stages in their lifecycle e.g. design, construction, commissioning or operation and maintenance, recognising this potential for people to cause on or all the barriers to fail is important.
Figure 2 Failure of integrity barriers leading to major accidents
Also, failure of Process Containment and Ignition Control leads to a different consequence than just loss of containment. Once these barriers have failed, failure of the remaining barriers is likely to lead to worsening consequences.
How to identify the Safety Critical Elements?
To identify Safety Critical Elements, the first step is to identify what are the major accident events that may occur in a fertilizer plant. Site operation experience has to be applied and external consultants may be involved during this phase.
The second step is to assess what the prevention and mitigation barriers are that would prevent a major accident or would limit the effects of the aftermath on a case by case basis.
A workflow has been presented in a previous article and can be downloaded from akh.deocamdata.ro download section.
Step 1. Identify the major accident events on the installation
This is carried out using a series of hazard identification techniques, involving both qualitative and quantitative methods.
Qualitative techniques include studies like:
- Hazard Identification Studies (HAZID)
- Hazardous Operation Studies (HAZOP)
- Risk Assessment Workshops
- Simultaneous Operation studies (SIMOPS)
- Control Hazardous Studies (CHAZOP)
Semi-quantitative techniques include studies like:
- Layer of Protection Analysis (LOPA)
Quantitative techniques include studies like:
- Quantitative Risk Analysis (QRA)
The results from this process are generally recorded in a Hazard Register or Risk Register similar with the one developed by FIORDA which documents all the potential major accident event scenarios on an installation and should be documented in the Security Report of the Safety Case for the installation.
Step 2: Identification of equipment and systems that can prevent or help recover from a major accident
The issue of ‘how deep to dig’ is the one to be addressed before the identification process can begin. Approaches vary, but SCEs need to be defined at an appropriate level, such that they have a direct linkage to MAHs, and it is also clear whether or not an equipment item forms part of one or more SCEs.
Following the qualitative techniques listed above a series of safeguards would be identified for each individual case as prevention and mitigation barriers for major accidents. This is the first step in identification of SCEs.
Figure 3. Prevention barriers documented in FIORDA
Figure 4. Mitigation barriers documented in FIORDA
Figure 5. Additional recommendation based on local experience or provided by FIORDA team
In some cases, operators may utilise lists of equipment, extracted from their computerised maintenance management systems (CMMS), as the starting point for assessing which of the items on the list are safety critical.
A team approach to SCE selection is usual as it is unlikely that a single person would have enough technical appreciation of the major accident analyses and detailed knowledge of the installation. Starting from the complete list of equipment the team should assess each item in turn and form a view as to whether it could prevent or help recover from a major accident.
The outcome of these deliberations should be recorded giving the reasons why an item has or has not been identified as safety critical and with reference to the relevant major accident hazard.