ALARP (As Low As Reasonably Practicable)

ALARP

2.0 Introduction

ALARP stands for (As Low As Reasonably Practicable), and is a term used in the analysis of safety-critical and high-integrity systems. The ALARP principle is that the residual risk shall be as low as reasonably practicable, forms part of a Nuclear Safety Justification, is derived from legal requirements in the UK's Health & Safety at Work Act 1974 and is explicitly defined in the Ionising Radiation Regulations 1999.

The ALARP principle is part of a safety culture philosophy and means that a risk is low enough that attempting to make it lower would actually be more costly than any cost likely to come from the risk itself. This is called a tolerable risk. The ALARP principle arises from the fact that it would be possible to spend infinite time, effort and money attempting to reduce a risk to zero. It should not be understood as simply a quantitive measure of benifit against detriment. It is more a best common practice of judgement of the balance of risk and societal benefit.

The ALARP tolerability risk triangle_______

Unacceptable region Task must be avoided or controlled in described manner ALARP region Reduce risk as low as reasonable practicable Insignificant region Additional controls not necessary

Figure 1.______

The meaning and value of the ALARP tolerability risk triangle (see figure 1 above) the triangle represents increasing levels of 'risk' for a particular hazardous activity, as we move from the bottom of the triangle towards the top". The triangle can be divided into three broad regions:

• The zone at the top represents an unacceptable region. For practical purposes, a particular risk falling into that region is regarded as unacceptable, whatever the levels of benefit associated with the activity. Any activity or practice giving rise to risks falling in the uppermost region would, as a matter of principle, be ruled out unless the activity or practice can be modified to reduce the degree of risk so that it falls in one of the regions below, or there are exceptional reasons for the activity or practice to be retained.
• The zone at the bottom represents a broadly acceptable region. Risks falling into the region are generally regarded as insignificant and adequately controlled. Regulators would not usually require further action to reduce risks unless reasonably practicable measures are available. The levels of risk characterising this region are comparable to those that people regard as insignificant or trivial in their daily lives. They are typical of the risk from activities that are inherently not very hazardous or from hazardous activities that can be, or are, readily controlled to produce very low risks. Nonetheless the UK government HSE would take into account that duty holders must reduce risks wherever it is reasonably practicable to do so or where the law so requires it.
• The zone between the unacceptable and the broadly acceptable region is the tolerable region¹. Risks in that region are typical of the risks from activities that people are prepared to tolerate in order to secure benefits, in the expectation that:
• the nature and the level of risks are properly assessed and the results used properly to determine control measures,
• the residual risks are not unduly high and kept as low as reasonably practicable (ALARP),
• the risks are periodically reviewed to ensure that they still meet ALARP criteria.

2.1 ALARP demonstration of requirements

The tools used to demonstrate ALARP will vary depending on the levels of risk. However, the measures in place to prevent or limit major accidents should be described in the safety report and be at least to “Relevant Good Practise”. The assessor will need to focus on these measures to be satisfied they do represent good practice etc. The regulator will regard relevant good practise to have met the (AMN) All Measures Necessaryrequirement when:

• the societal risks can be shown (subject to uncertainty) t be acceptable, e.g. by use of an approximate risk integral [1] (ARI) or other societal risk methodology; and
• no group, or individual, is subject to relatively high individual risks that are not ALARP.

The HSE discussion document R2P2 [2] sets out the UK government HSE’s approach to decisions about ALARP. It is a further development of ideas previously promulgated in the HSE’s Tolerability of Risks from Nuclear Power Stations (TOR) document 1992 which defined three regions in between defining s region of tolerable risk, but only when those risks are ALARP

R2P2 makes some important statements of principle:

Principle 1

"HSE starts with the expectation that suitable controls must be in place to address all significant hazards and that those controls, as a minimum, must implement authoritative good practice irrespective of situation based risk estimates".

Principle 2

"The zone between the unacceptable and broadly acceptable regions is the tolerable region. Risks in that region are typical of the risks from activities that people are prepared to tolerate in order to secure benefits in the expectation that

the nature and level of the risks are properly assessed and the results used properly to determine control measures;

the residual risks are not unduly high and kept as low as reasonably practicable (the ALARP principle); and .

the risks are periodically reviewed to ensure that they still meet the ALARP criteria, for example, by ascertaining whether further or new controls need to be introduced to take into account changes over time, such as new knowledge about the risk or the availability of new techniques for reducing or eliminating risks."

Principle 3

"both the level of individual risks and the societal concerns engendered by the activity or process must be taken into account when deciding whether a risk is acceptable, tolerable or broadly acceptable’ and ‘hazards that give rise to …. individual risks also give rise to societal concerns and the latter often play a far greater role in deciding whether risk is unacceptable or not".

For high hazard sites, societal risks/concerns are normally much more relevant than individual risks, but individual risk must still be addressed. Although R2P2 gives clear guidance on individual risk criteria, it gives only limited guidance on criterion values for societal risks (50 fatalities at less than 1 in 5000 per annum, point on the boundary between the ALARP band and intolerable band).

2.3 Risk Matrices

Risk assessment techniques range from a simple qualitative approach to a detailed quantitative assessment. Fully quantified risk assessments are very costly and time consuming exercises, and there is within the chemical industry resistance to adopt such practices. One method which may help to bridge the gap between purely qualitative and full QRA approaches is to use a risk matrix. This type of approach has been widely used by many operators in their COMAH safety reports.

Risk is interpreted as the combination of consequence (severity) and likelihood (frequency). Both these are minimum requirements of COMAH safety reports (Schedule 4 Part 2). A risk matrix enables this combination to be represented graphically. It is a reasonably quick and easy method to visualise the spread of risk and consequently is commonly used during (or after) hazard identification studies (such as a HAZOP), to screen hazards or to conduct a simple risk analysis. The main advantage of the matrix is its easy representation of different risk levels, and the avoidance of more time consuming quantitative analysis where this is not justified.

The basis for the risk estimate is usually qualitative, although it can be quantitative (for either the consequences or the frequencies or both). The matrix, as illustrated below, typically comprises a square divided into a number of boxes, with each box representing a different underlying risk level.

Risk Matrix (Illustrative)

Likely > 10-2	Intolerable	Intolerable	Intolerable	Intolerable	Intolerable
Unlikely 10-4 - 10-2	Tolerable (Intolerable if Fatality >10-3)	Tolerable (Intolerable if Fatality >10-3)	Intolerable	Intolerable	Intolerable
Very Unlikely 10-6 - 10-4	Tolerable	Tolerable	Tolerable	Tolerable	Intolerable
Remote 10-8 - 10-6	Broadly Acceptable	Broadly Acceptable	Tolerable	Tolerable	Tolerable
	Single Fatality	2-10 Fatalities	11-50 Fatalities	50-100 Fatalities	100+ Fatalities

Figure 2.

Another approach suggested by the UK's Health & Safety Executive’s Methodology and Standards Development Unit (MSDU) is to use a non cumulative fn (frequency, numbers of people killed) plot to visualise the spread of risk and guide the proportionality to be used for examining risk reduction options.

2.4 Proportionate ALARP demonstration

Proportionality is also relevant to the determination of the depth of analysis used to demonstrate ALARP.

With reference to Figure 1, the higher the risk is within the "tolerable if ALARP" region, the greater will be the depth of demonstration required (e.g. Greater effort needed to determine potential risk reduction measures) to show that those risks are ALARP.

2.5 Screening Levels

When deriving and subsequently assessing options, the overriding principle is to ensure the effort expended is proportional to the associated risk. Hence an ALARP issue that is highly influential in terms of any safety applied, merits a far greater consideration than a proposal of marginal benefit.

Screening Matrix (Illustrative)

Associated Risk		Level of Assessment
Minor Safety Implications	Below all Basic Safety Objectives (BSO). Meet all design basis assessment criteria. Meets all safety functions.	Generation of at least design concepts/options perhaps even limited to establishing good practice or procedural changes if appropriate. Brief identification of each option’s benefits and detriments. Selections of the preferred option to be supported by brief engineering judgement and qualitative arguments.

Figure 3.

-----------------------------------------------------------------------------------------------------------------------------------