hemp-leader engagement sopaf gm-1

04

/10

/23

File

Tit

leC

op

yri

gh

t: S

IPC

Implementing the Hazards and Effects Management Process (HEMP)

Downstream Leadership Engagement – GM/GM-1 Pack (SOPAF)

HSSE Risk Management

2

Safety Stuff FirstSafety / Emergency Map

E

E E

E E

E E

E

E

EEE

Koos Speenhoff

E=(Emergency) Exit

Begane grond (niveau Kurzaal)

1 2

Goldbeck1 2 3

Cor Ruys

Jacob PronkLou Bandy

Adama Zijlstra1 2

JacobPronk-foyer

Serre

Sea side

Jacob Maris 1

Jan Toorop

Spiegelzaal

Jacob Maris 2

Restaurant KandinskyKandinsky zaal

4 3

Kurzaal

Kurhausbar

Kurhauscafé

Kurhauscafé

FoyerNoord

AP=Assembly Point / Verzamelpunt AP

Reminder : R

eplace with

local map fo

r each

workshop locatio

n

Reminder : R

eplace with

local map fo

r each

workshop locatio

n

3

After this session you as a leader will:

• Understand the Case for Change (Journey from A to B)

• Understand your role and responsibility in the HEMP process

• Have clear understanding of how Hazards and Effects Management (HEMP) fits into the Shell HSSE Control Framework

• Understand the 7 Practical Steps for completing a HEMP review

• Understand the need for Leaders to be mindful of Business Risks including HSSE, as outlined in the new Shell HSSE Control Framework Manual “Management and Leadership”

• Have enough knowledge to discuss HEMP and ask the right questions

04

/10

/23

File

Tit

leC

op

yri

gh

t: S

IPC

From Point A to B

5

Understanding the Case for Change (Journey from A to B)

Major incidents continue to happen and not only on manufacturing sites

Point A: The case for change

BP Texas City Bitumen Depot OklahomaTank FireBuncefield Explosion Marine

TerminalTrain Derailment – Spill

DistributionCommercial Fuels

Retail

6

0

10

20

30

40

50

60

DS Independent MS Audits 2007 - High Findings By Element

Point A: The case for change

1. HEMP concepts not understood

2. Implementation of HEMP inconsistent or inadequate Inadequate management of

barriers (either not identified or inadequate critical activities and business processes to manage)

Insufficient demonstration that all risks have been identified and managed to ALARP

Hazard & Effects Register either incomplete or out of date

3. No formal HEMP training4. Focus on the process (check

box)5. Lack of consistency and

alignment in auditing programs

7

Point B – DS HEMP and Process

• Clear requirements that are understood

• Common and consistent approach across the businesses

• Network of experts with agreed competency in all businesses

• Risk identified and appropriately managed to control risks

• Common Tolerability and ALARP Process (ALARP = As Low As Reasonably Practicable)

8

Point B and beyond (from 2009)

What Will It Look Like after BTP 1.1?

• Improved HSSE Performance

• Improved HSSE audit results and findings with true continuous improvement in HSSE Risk Management

• Improved DS Process Safety Performance

• Recognized step-change improvement

9

HEMP is a tool to help leaders and managers comply with Group expectations

Group Policy and the Risk Control Framework requires managers to have risk controls in place and employees to apply the controls.

This applies to financial risks, legal risks, business risks and HSSE risks.

HEMP is the umbrella process, for managing H, S,S,E and PS risks in our business

Process SafetyHEMP

BowtieAnalysis

Security Environment

PersonalSafety

&Health

HRA

EIA

HazOp

Fitness to work

PSA

RHA

JHA

STA

HIA

Hazid

QRAFRED GAME

ERP

10

HEMP is an Integral Part of Shell’s Risk Control Framework

• The HEMP is at at the heart of our HSSE Management Systems. It’s where the planning turns into action.

• HSSE Risk Management relies primarily on HEMP and it’s associated tools.

• The specific requirements for application of the HEMP process in Shell are covered in the Shell HSSE Control Framework Manual, “Managing Risk”.

1- Leadership and Commitment

2 - Policy and Strategic Objectives

8 - Management Review

Corrective Action 7 - Audit

3 - Organisation, ResponsibilitiesResources and

Standards

Corrective Action

5 - Planning & Procedures

4 - Risk Management(Hazards & Effects Mgt)

6 – Implementation,

Monitoring

6 - Corrective Action

CHECK

PLAN

DOFEEDBACK

HEMP

Shell’s Risk Control Framework

11

5 – Hazard Analysis -Identification of Barriers (Control and Recovery Measures)

7 -Determination and Documentationof ALARP

1 - Identification of Hazards2 - Identification of Threats and Top Event3 - Identification of ConsequencesConsequences (Effects) and Assessment of Risks4 - Identification of Red and Yellow Risks

6 - Maintaining the Integrity of Barriers (Controls & Recovery Measures)

Bowtie or Hazard Control SheetLists of Critical Equipment, Critical Activities, and Critical Processes

Downstream HEMP 7 Step Procedure

Output Documents

Business or Site Remedial Action Plan with actions and resources to fix missing or broken barriers

Hazard and Effects RegisterHandshake 1

Handshake 3

Handshake 2

12

Moving Heavy Equipment Working at Height

Flammable Hydrocarbons

Raised Objects

HAZARD - An agent that has the potential to cause harm to People, damage to Assets, business loss and Impact on the Environment or Reputation (PAER)

Hazards are systematically identified using a standard hazard checklist

Rotating MachineryMoving Vehicles

Chemicals

Step1Hazard Identification

13

Poor Visibility Loss of Control

Failure of CableLoss of Control

CorrosionLoss of Containment

Failure of CraneLoss of Control

THREAT - the occurrence which releases a hazard to cause an effect, e.g. corrosion, operator error, etc.

TOP EVENT - First event to release the hazard, e.g., loss of containment, loss of control, exposure to health hazard, etc.

Moving machinery Loss of Control

Slippery RoadLoss of Control

Chemical ReleaseExposure to Health Hazard

Step 2Identification Of Threats & Top Event

14

CONSEQUENCES (Effects) - the impacts on People, Assets, Environment and Reputation if a Hazard is Released

Fire

Death

Lost Time Injury Legal Action

Fall in Share PriceExplosionDischarges and Emissions

Complaints

Toxic Gas Cloud

Step 3 -

Step 3Identification Of Consequences And Assessment Of Risks

15

• Risk is the likelihood that a specific consequence will occur within a specified period

Risk is therefore a function of the severity of a consequence and the likelihood of the consequence

In using the Shell RAM, we consider the worst credible consequence to People, Assets, Environment and Reputation (PAER) separately

Likelihood is HISTORICAL (has it happened before in The location? The organisation? The industry?)

• Risk rating (ranking) is the resulting position on the RAM

RISK = Consequences X Likelihood

Increasing Consequence

Severity

Increasing Likelihood

of Top Event

Increasing Risk

Step 3Identification Of Consequences And Assessment Of Risks

16

Steps 1 through 4Identification Of Hazards, Threats,Top Event, Consequences And Assessment Of Risks to Determine Red and Yellow Risks

17

• BLUE AREAS of the RAM - Risks are assumed to be at ALARP, if the facility or business has a properly functioning HSSE MS

• YELLOW AREA of the RAM - Site discretion allowing for more qualitative analysis.

– Shell Engineering Standards or Practice, Industry or Government successful Practices (covering Threats to Consequence controls);

– Hazard Control Sheets, Model Bowties etc.

• RED AREA of the RAM – red risks must be analyzed by Bowtie analysis or equivalent (i.e. QRA)

See DS HSSE HEMP Application Procedure

Increasing Risk

Steps 1 through 4Identification Of Hazards, Threats,Top Event, Consequences And Assessment Of Risks to Determine Red and Yellow Risks

18

Step 4Documentation of Hazards and Risks

Output document: Hazard and Effects Register

RISK POTENTIAL Hazard No

Hazard

Location Threats Top Event Consequences P A E R

Control ReferenceALARP Doc.

Comments

1 Ethylene OTU4 OL6

External Corrosion

Internal Corrosion

Impact by traffic

Failure of flanged connections

Failure of seals

Loss of containment

Gas cloud Fire Vapour Cloud

Explosion

3B

4B

4B

4B 5B 5B

3B 3B 3B

3B 3B 3B

HSSE-MS – ER Procedure

, see Bowtie Below Bow Tie

Bow Tie

Include information on past incidents in this column that support risk assessment.

2 Personnelat

Heights

Site wide Not following Work

Procedures

Loss of Control(fall)

Fatality

4D 1C - 2C Bow Tie and Standard ALARP

3 Asbestos Adm. Building

PU3 Unit

Material not identified

Lack of Work

Procedures

Overexposure Illness – lung cancer

4C - - 2C Health Risk Assessment

; ALARP

1 2 2 3 3

4

A Responsible Manager is assigned for each of the Red or Yellow Hazards in the Hazard Register

19

Design Standards Emergency Response Plans

Blast Resistant ModulesAccess Control Antilock Braking System

Load Plan

Community Relations Planning

Step 5 Identification of Barriers Examples of Controls, Recovery Measures

• CONTROLS prevent the threat from releasing the hazard to cause the Top Event.

• RECOVERY MEASURES mitigate the Top Event or the worst credible consequences.

20

Step 5Identification of Barriers (the Control and Recovery Measures)

• CONTROLS prevent the threat from releasing the hazard to cause the Top Event.

• RECOVERY MEASURES mitigate the Top Event or the worst credible consequences.

THREAT

HAZARD

TOP EVENTTOP EVENT

CONSEQUENCE

RECOVERY

CONTROLS

21

Exercise1. Imagine you are the owner of the Nairobi Zoo, and you have the

opportunity to acquire a lion for your zoo.

2. Up until now you have only had sheep and rabbits in your zoo.

3. Identify the Hazard, Top event and Consequence, RAM your Consequence

4. What can go wrong and how can you prevent this from happening?

5. What happens if the Lion Gets out? What do you do?

22

Hazard Threat BarriersTop

EventRecoveryMeasures Consequences

Lion HumanError;

Improper design

etc.

Loss ofControl;

Lion Gets out

Zoo Emergency Response

Plan

Accident, Injuries,Fatalities

Lion at the Zoo

Materials

of Const.;

Zoo Keeper Rounds etc.

23

Documentation of Red Risks in a BOWTIE

Threat1

Threat2

Threat3

HAZARD

Consequence1

Consequence2

Consequence3

TopEvent

ControlsRecovery Measures


24

Documentation of Yellow Risks in a Hazard Control SheetHazard Sheet No. 4 Working at Height

HAZARD SHEET No : 4 Hazard Group: Fall fro m height Hazard Description : Personal injury as a

consequence of a fall from height Location : During work by staff or contractor or at customer location Assessment of hazard : Fall from height while working on asset or fall from height while delivering t o customer tank Threats:

Working on height for cleaning, painting or maintenance and delivery to customer tanks

Unsecured ladder

Control: Safety HSE Critical Activity/ Responsible Position

1.1 Control in design

Not to use ladders for work at height > 1.5 metres

Use of approv ed ladders Vehicles fitted with suitable ladders for delivery

needs Bottom loading at depots

Reseller manager and Contracts management

Resellers Resellers

Distribution Engineering

1.2 Control in operation Signs to be placed during work at height with

scaffolding Driver training Loading / delivery procedures Drivers instructed in safe use of ladders

Contracts Management Resellers Resellers Resellers

1.3 Control in Maintenance Use of approved contractors Use of inspected ladders Vehicle planned maintanance programme

Contracts Management Resellers Resellers

Recovery: Emergency response plans and training

Staff and contractor to use incident case

management Vehicles fitted with first aid kits

Bulk Fuels manager/CRT STL/Resellers

Resellers Resellers

ADDITIONAL RISK REDUCTION MEASURE FOR CONSIDERATION

IS THE MEASURE CREDIBLE /

PRACTICABLE? (Yes / No)

ARE DISPROPORTIONATE

RESOURCES REQUIRED TO IMPLEMENT?

(Yes / No) 1. All working at heights > 1.5 metres scaffolds or platforms to be used

Yes No

2. Review of contracts for HSSE content Yes No 3. Introduce Ladder checks Yes No 4. Proactively encourage customers to provide safe access to storage tanks

Yes No

5. Ban the use of portable ladders in the organisation

No Yes

Is the Risk ALARP? – Y/N

No

Comments: Based on the examples of addition control measures above items 1-4 are achievable and would represent ALARP once implemented. Item 5 is currently not practicable due to the widespread use of portable ladders during maintenance / delivery.

TEAM MEMBERS METHOD USED

Expertise Name x Experience/Judgment HSE: Cost-Benefit Engineering: Quant. Assessment Operations: Other Other:

Similar elements as documented in the bowtie… a paper bowtie!!


25

EXAMPLE: Follow the step by step approach of BowTie Analysis for “Falling From Height”

Output document: Bowtie or Hazard Control Sheet

BowTie Analysis for “Falling From Height”

• Maintenance and repair of instrumentation of an above ground vessel in a process area from a scaffold.

• While carrying out a similar activity last year, another company location experienced an incident where a scaffold partially collapsed causing the contractor to fall resulting in fatal injuries.

The Hazard Release Scenario

27

BowTie DEVELOPMENT –STEP BY STEP

Identify ThreatsHuman errorWindObstaclesSlippery surfaces Poor job design Etc.

Identify ConsequencesFatality RAM: P4C

Identify Top EventLoss of Control (Fall)

Identify HazardsPersonnel at height

Identify• Hazards

• Top Events

• Consequences

• Threats

• Controls

• Recovery Measures

• HSE Critical Activities

Evaluate and document

• The Validity and effectiveness of the

Barriers for each threat and consequence

(ALARP).

• List all actions in a Remedial Action Plan

that are required to achieve ALARP.

28


Identify Controls in place

Design of Non-slip surfaces, railings and guards

Operation: Follow procedures for working at heights (e.g. non-slip boots, wearing fall protection, etc.)

Identify Recovery Measures in place

Design: Platforms at approved intervals and/or fall arrest

Operation: First Aid

System: Implement Emergency Response

Identify• Hazards

• Top Events

• Consequences

• Threats

• Controls






(ALARP).



29



Assess quality of controls and recovery measures

Assess overall level of Barriers - #, type, quality, confidence

Identify shortfalls of Barriers, assign teams to develop more barriers

Document and integrate Barriers and HSE Critical Activities to HSE mgmt system and business processes (I.e. MOC, Integrity management, HTA etc.)

Identify• Hazards

• Top Events

• Consequences

• Threats

• Controls






(ALARP).



30

Personnel InjuryFatality

P4D

HeightPersonnel at

Height

Bad WeatherWind

Bad WeatherWind

Slippery Work

Surfaces

Slippery Work

Surfaces

Poor Work Platform

Poor Work Platform

Proper work Surfaces

Follow Permit requirements (tie -off, stop work in bad

weather)

Warning signs

Inspection

Design; Scaffolds

Work Planning process

Non -Slip Surfaces

Non -Slip Boots Design -

Platforms; Fall Arrest

equipFirst aid;

ERP

Work Planning process

Loss of

Control(Fall)

Example “Falling From Height”

Follow Permit

(tie -off, stop work in bad

weather)

requirements

31

Output document: Lists of HSSE Critical Equipment, Critical Activities, and Critical Processes in the BowTie

HSSE Critical Activities

HSSE Critical Equipment

HSSE Critical Processes

Threat1

Threat2

Threat3

HAZARD

Consequence1

Consequence2

Consequence3

TopEvent

ControlsRecovery Measures

Step 6Maintaining The Integrity Of Controls And Recovery Measures

Each Barrier (i.e. Control or Recovery Measure) must have at least one HSSE Critical Activity

32


Output document: Lists of Critical Equipment, Critical Activities, and Critical

Processes

HSSE Critical Activities ensure that Controls and Recovery Measures function properly to prevent the Top Event and the Consequences.

HSSE Critical Equipment must be maintained to ensure proper function.

HSSE Critical Activities are assigned to a responsible position!

33

HSSE CRITICAL PROCESSES Contain Critical Activities or Maintain Critical Equipment that are frequently identified during the Hazards Analysis process

A small number of HSSE Critical Processes effectively maintain a large number of HSSE Critical Activities and HSSE Critical Equipment

• HSSE Compliance Management

• GAME (EI, ME, ESP), DGAME, LGAME

• Management of Change (MOC)

• Permit to Work

• Emergency Management System

• PPE Management

• Contractor HSSE Management

• Security Management

• Document Management

• Competency Management


34

Step 7Determination of ALARP

Reducing risks to ALARP

• Reducing risks to a level at which the cost and effort (time and trouble) of further risk reduction are grossly disproportionate to the risk reduction achieved.

Testing tolerability

• Step 1 to 6 of the process are completed i.e barriers must be identified and assessed, with actions to address failed or missing barriers

• Meeting laws and regulations, company standards, and the HSE premises for new projects or modifications.

••

••

Risk CostALARP?

Risk Tolerability Criterion

Not tolerable ALARP Disproportionate

35

Step 7Demonstrating ALARP involves answering the following questions

1. Is there more that can be done to further reduce the risk?

2. Is what can be done to further reduce the risk, reasonably practical?

••

••

Risk CostALARP?

Risk Tolerability Criterion

Not tolerable ALARP Disproportionate

36

ALARP

Determination

And

Documentation

2) Apply current Shell Engineering (e.g. DEP, EGGS), Industry Standards and Regulatory Codes

YES

YES

NO

1) Eliminate or reduce the Hazard

a) Hazard Control Sheetsb) Hazard Bowties (model or specific)c) Residual Risk

(LOPA or QRA)

3) Apply Risk-Based

Approach

-

Can the Hazard be eliminated or reduced?

Is there an acceptable Standard?

NO

Step 7Demonstrating ALARP for DS – Decision Flow

37

Step 7Achieving ALARP: ‘When is enough, enough?’ • Eliminate or reduce the hazard

• Apply an existing standard or an industry work practice

• Risk based approach using an existing Model Bow Tie or Hazard Control Sheet

• Risk based approach creating a new Bow Tie

• Risk based approach creating a new Bow Tie with layers of Protection Analysis (LOPA) or an other analysis tool

• Document the ALARP determination

38

Step 7Achieving ALARP for Downstream RAM Ranking

Type of Assessment

Assessment Options ALARP Demonstration

Blues Qualitative Hierarchy of control HSSE MS

Yellow Qualitative Shell, Gov and Ind. StdsHierarchy of control

with Hazard Control Sheets

withMini BowTies if required

Apply Recognized Practice+

Consider further risk reduction measures

Document ALARP

Red Qualitative / Quantitative

Hierarchy of control with

Model Bow Ties or Process/activity specific

Bowtieswith LOPA/QRA with

Cost Benefit Analysis if required



Document ALARP

RAM Ranking

Type of Assessment

Assessment Options ALARP Demonstration

Blues Qualitative Hierarchy of control HSSE MS

Yellow Qualitative Shell, Gov and Ind. StdsHierarchy of control





Document ALARP

Red Qualitative / Quantitative







Document ALARP

RAM Ranking

RAM Ranking

RAM Ranking

Type of Assessment

Type of Assessment

Type of Assessment

Assessment OptionsAssessment OptionsAssessment Options ALARP DemonstrationALARP DemonstrationALARP Demonstration

BluesBluesBlues QualitativeQualitative Hierarchy of controlHierarchy of control HSSE MSHSSE MS

YellowYellowYellow QualitativeQualitative Shell, Gov and Ind. StdsHierarchy of control



Shell, Gov and Ind. StdsHierarchy of control





Document ALARP



Document ALARP

RedRedRed Qualitative / QuantitativeQualitative / Quantitative









39

Bowtie or Hazard Control SheetLists of Critical Equipment, Critical Activities, and Critical Processes

Output Documents

Business or Site Remedial Action Plan with actions and resources to fix missing or broken barriers

Hazard and Effects Register

Handshake 1

Handshake 3

Handshake 2

Downstream HEMP ProcedureManagement Handshakes

Step 1 to 4 Hazard identification & risk assessment

Step 5 – Hazard Analysis

Step 6 & 7 Critical Activities, ALARP and Remedial Actions

Approve & Accept Hazards & Risk Rank

Approve & Accept Barriers to Manage Risk to ALARP

Approve & Accept Responsibility for Installing Missing or Failed Barriers

• HEMP Updates• Initial study

(creation)• New Hazard• 5 year review

40

BTP 1.1 Implementation Expectations for Your CoB HSSE Staff

• Engage and Train CoB leaders and Staff

• Assess and close gaps to New DS HEMP procedure and Guidance

• Engage and work with DS HEMP Expertise Center (HEC) to develop tools and solutions to close CoB specific HEMP gaps

• Support HEMP Practitioners

• Support other BTP 1.1 project initiatives, e.g. model bow tie, common hazard list

• Complete 2008-09 Milestones for BTP 1.1

HSE

Man

ager

CoB

HEM

P Fo

cal P

oint

CoB

HEM

P pr

actit

ione

rs

41

• CoB Leaders Engagement Training Q3 2008 to Q1 2009

• HEMP Skills Training for key CoB HSSE Staff Q2 2008 to Q2 2009

• CoB Specific Implementation Plan Developed Q4 2008

• CoB Specific Gap Assessment to DS HEMP Procedure and HSE Control Framework Risk Documents Q1 2009 to Q2 2009

• Closing the Gaps to the HSSE Control Framework “Managing Risk” manual and the DS HEMP Procedure Q2 2009 to Q4 2012

BTP 1.1 Implementation Milestones and Timetable

42

Next Steps… Implementation!!West Africa Implementation

• HEMP Practitioners accredited for each OU (Training completed early August)

• Appoint Focal-Point per Region (Moustapha Seye for West Africa)

• Run training workshops for HEMP Team. Timing: Sept/Oct.

• In liaison with Team, revise and update OU Hazard Register (and obtain S&O Mgr approval): Handshake #1. Timing: Oct/Nov.

• Identify Yellow/Red Hazards and allocate to specific Mgrs. Timing:Oct/Nov.

• In conjunction with Team above, carry out further analysis of Yellow/Red Hazards and demonstrate ALARP: Handshake #2 for CoBs Timing: Dec – Feb09

• Using same Team, identify CEB, CHB, Critical Activities, link to competency, develop RAP and obtain approval of responsible line mgr: Handshake #3 Timing:Jan - Apr

• As part of above, implement Depot HSE Case. Timing: Oct08 – Jun09.

• Roll-out Depot HSE Case and its demonstration. Timing:Mar – Aug 2009.

43

Ending this session you as a leader should:

• Understand the Case for Change (Journey from A to B)

• Understand your role and responsibility in the HSSE Risk Management process

• Have clear understanding of how Hazards and Effects Management (HEMP) fits into the Shell HSSE Control Framework

• Understand the 7 Practical Steps for completing a HEMP review

• Understand the need for Leaders to be mindful of Business Risks including HSSE, as outlined in the new Shell HSSE Control Framework Manual “Management and Leadership”

• Have enough knowledge to discuss HEMP and ask the right questions

44

A final question

• What will be your first practical step in the journey from A to B?

45

The End

46

Additional Background Information for use as required

47

Exercise : Exercise : The Angry BullThe Angry Bull

Exercise : Exercise : The Angry BullThe Angry Bull

x

x

xx

x xxx

x

x

x

x

x

xx

x

xx

xx

x

x

x

x

xx

x

49

Glossary of HEMP Terms

• Hazard

• Threat

• Top Event

• Consequence

• Likelihood

• Risk

• Tolerable

• ALARP

• Hazard and Effects Register

• Bowtie

• Hazard or Activity Control Sheet

• Business or Site Remedial Action Plan

Know the terms to ask the right questions!

• Barrier

• Control

• Recovery Measure

• Escalation Factor

• Escalation Factor Control

• HSSE Critical Equipment

• HSSE Critical Activity

• HSSE Critical Process

50

Glossary of HEMP Terms (1)

• Hazard - The potential to cause harm, including ill health and injury, damage to property, products, production losses or increased liabilities, the environment or reputation.

• Threat - Threats are the ways in which a hazard can be released to cause an incident, e.g. corrosion, operator error, exposure to health hazards, etc.

• Top Event – The way in which a hazard can be ‘released’ to do harm is via a ‘top event’.

• Consequence – Consequences are the final results of hazards being released, but not being controlled.

• Likelihood - Estimated on the basis of experience and or evidence that a certain outcome has previously occurred

• Risk - A term, which combines the chance that a specified undesired event will occur and the severity of the consequences of the event

51


• Tolerable - Expresses the level of risk deemed tolerable for a given period or phase of activities. May be expressed qualitatively or represented quantitatively..

• ALARP - Once tolerability criteria is met, to reduce a risk to a level that is as low as reasonably practicable involves balancing reduction in risk against the time, trouble, difficulty and cost of achieving it. Reducing Risks to ALARP means reducing them to a level at which the cost and effort (time and trouble) of further risk reduction are grossly disproportionate to the risk reduction achieved.

• Business or Site Remedial Action Plan – Prioritised plan to close the gaps (e.g., missing barriers) to achieve ALARP.

52


• Barrier - Barriers can be either hardware barriers that are implemented via design, or administrative (procedural and/or human system) barriers that are part of the HSSE-MS of the unit or the site. All barriers have the role of risk reduction. The name “barrier” is used as a common name for control and/or recovery measure and/or escalation factor control.

• Control – All barriers in the main line of the bowtie on the left hand side, i.e. from the Threats to the Top Event, to reduce the risk that the threat will release the hazard.

• Recovery Measures - All barriers in the main line of the bowtie on the right hand side, i.e. from the Top Event to the Consequences, to reduce the risk that the release leads to the consequences, or in other words – to mitigate the consequences.

53

Glossary of HEMP Terms (4)• Escalation Factors - Escalation Factors may render

a Control or Recovery Measure useless

• Escalation Factor Controls - Escalation Factor Controls reduce the risk that the escalation factors affect the effectiveness of the Controls or Recovery Measures.

• Critical Equipment is equipment that is necessary for the effectiveness of a barrier (i.e. trip systems, relief valves etc.)

• Critical Activities - Critical Activities maintain the validity of a Barrier (sometimes referred to as “HSSE” Critical Activities or Tasks). It is important that the activities be documented at a level where accountability for the activity can be realistically placed with a single individual.

• Critical Activities may belongs to one of the HSSE Critical Processes. (e.g. MOC, Competency, ERP, Technical Integrity)

54

Glossary of HEMP Terms (5)• Hazard and Effects Register - A Hazard management

communication document that demonstrates that Hazards have been identified, risks assessed, are being properly controlled and that recovery measures are in place in the event control is ever lost.

• Bowtie – Pictorial representation of how a Hazard can be hypothetically released and further developed into a number of consequences. The left hand side of the diagram is constructed from the threats associated with the Hazard, the controls associated with each threat and any factors that escalate likelihood. The right hand side of the diagram is constructed from the consequence analysis and involves escalation factors and recovery measures.

• Hazard Control Sheet - A sheet used to document the outputs of a specific hazard controls and recovery analysis resulting in the detailed list of control and recovery barriers that need to be in place to manage the risk of release of the hazard to ALARP.

55

Process Safety and HEMP: Indicators

• From Lagging to Leading indicators

– All Threat and consequence barriers failed:

• RAM3/4+ ( and spills, non compliances/ complaints etc.)

• API

– All threat barriers failed

• LOPC (Loss of Primary Containment)

– Not all threat barriers failed

• Failed Barriers

– The integrity of certain barriers is reduced

• Overdues and non compliances with critical processes

• Near Miss reporting / Safety observations

in the field

API

RAM3/ 4

RAM5

LOPC

Failed barriers

Compliance w ith HSE Critical Processes

Chronic unease

Recommended Business or Site Specific Dashboard Items

Missing barriers

Maintainbarriers

Small Deviations

56

HEMP : HSSE Critical Business Processes Remaining Critical Processes:

• Document Mgt (Incl Procedures)

• Emergency Mgt

• HSSE Compliance Mgt

• Contractor HSE Mgt

• PPE Mgt

• Security Mgt

• Competency Mgt (HSSE Level 2)

HSSE Critical process are those processes that contain critical activities that are frequently identified during the Hazards Analysis process. Key Attributes:

• Have a Site Process Owner (* SPO for MOC and GAME modules - a member of the site leadership team

• Have focused audits/ reviews of one or more (existing) KPIs of the process - these are leading indicators for process safety

• Is described as a work process - normally a collection of procedures, work plans, data collection, tools, etc.

“Keep it in the Pipes” – Our AI/ PS Focus :

• MOC*

• Linkage to GAME-EI, RCM, IPF, ME*, DGAME, LGAME etc. (Mechanical integrity)

• Linkage to GAME-ESP*

• Competency Mgt (HSSE Level 1)

• Permit to work PTW (Process Isolation)

57

Activity 1a Understanding the Case for Change (slide 4)

Answer this question: ‘Why do major incidents continue to happen?’

• Discuss in pairs.

• Write down each reason (max 4) on a post-it .

• Match with the cases for change below by sticking post-its on a poster with the following points:

1. HEMP not understood2. HEMP not implemented sufficiently3. No formal HEMP training4. Focus on the process (check box)5. Lack of consistency and alignment in auditing programs6. Other

The goal of this activity is to enforce the idea that improving implementation of HEMP will make a change. Believing a better system would have made the difference.

58

Activity 1b Understanding the Case for Change (slide 10)

Continue activity 1: only do this activity if there were post-its in the ‘other’ category

Answer the question:

Are there any ‘other reasons’ which couldn’t be placed behind one of the ‘case for change’ bullets, that can be linked to one of the steps in the HEMP procedure?

– Was the hazard, threat, top event, consequence, barrier identified?

– Was the barrier maintained?

The goal of this activity is to connect more of the posted reasons (reasons that participants gave for the disasters) to things that can be identified in HEMP.

59

Activity 2Blue, yellow and red risks (slide 15)

Answer the question: ‘What would be a blue risk, a yellow risk and a red risk.’

• Each participant thinks of an example individually.

• The facilitator will asks the group for two or three examples within each ‘color’. He will write the examples (in the right cell) on the Risks poster.

• The facilitator will then discusses the implications (next slide).

The examples on the risk poster are used later when discussion ALARP

The goal of this activity is to link risks with the risks the participants encounter in the workplace.

60

Activity 3 Demonstration ALARP (slide 32)

• The facilitator will pick an example from the poster: ‘what three things can be done to further reduce the risk?’

• Discuss this questions in pairs.

• The facilitator will ask the group to give an example what would be reasonable and what won’t.

What risk would not be tolerable? What risk is? Point out in ‘Risk’ poster (with examples from participants).

61

Activity 4 Discussion (slide 39)

Time for questions and group discussion.

The goal of this activity is discuss or answer questions you or fellow participants have, focusing on the main learning goals of this course.

62

Activity 5 First step from A to B (slide 40)

Answer this question: What will be your first practical step in the journey from A to B?

• The practical step may be large or small.

• Think about this a minute.

• The session will end by letting each participant share their answer. By doing this, you should end the session with a whole list of actions that can be taken to achieve the goal.

The goal of this activity is to link what you have learned with the workplace. Translate what you have learned into something you can do ‘tomorrow’.

63

Cases for change poster

1. HEMP not understood

2. HEMP not implemented sufficiently

3. No formal HEMP training

4. Focus on the process (check box)

5. Lack of consistency and alignment in auditing programs

6. Other

64

Risks poster