Framework for Safety Culture
The organization's culture provides the framework for introducing safety
education and safe practices. Organizational culture is not something that
you can photograph or download from the Internet. However, you can see
traces of it, and you can feel it when you enter some workplaces. Here are
some clues that you can use to identify your organization's "culture".
Sampling
and monitoring equipment is available to quantify exposures to
contaminants, noise, radiation, and heat. Correct sampling strategy and
interpretation are essential elements of an industrial hygiene survey.
Confined spaces, ventilation changes, the performance of collection
systems, and pressure relief valves are all items of concern for
exposure evaluation.
Occupational
exposure to chemicals is still considered one of the most wide spread
hazards in industry. The use of engineering controls is the preferred
method of limiting these exposures. Dilution and capture ventilation are
two important methods to control occupational exposure. The design and
position of hoods and vents, and amount of air infiltration can
substantially change exposure conditions. Material Safety Data Sheets
and other documentation provide a basis for predicting adverse effects,
disposal needs, and fire and ignition concerns.
The
selection of appropriate personal protective equipment for exposure
control often requires both an understanding of the limitations of the
equipment, and the expected exposure parameters as determined by an
industrial hygiene evaluation. Engineering controls are considered the preferred method of control, but
personal protective equipment plays an important role for health,
safety, and rescue, especially when using confined space entry
procedures. The potential for misuse or misapplication of these devices
should be evaluated.
The
Occupational Safety and Health Administration, the American Conference
of Governmental Industrial Hygienists, and the National Institute of
Occupational Safety and Health are three organizations which establish
many of the rules governing allowable workplace exposures. Permissible
exposure limits for noise, chemicals, heat, and other workplace
stressors have been established and often include safety factors.
A much simplified statement as to the design intent of this small section of
the plant would be "to continuously circulate cooling water at an initial
temperature of xºC and at a rate of xxx litres per hour". It is
usually at this low level of design intent that a Hazop Study is
directed. The use of the word 'deviation' now becomes more easy to
understand. A deviation or departure from the design intent in the case
of our cooling facility would be a cessation of circulation, or the water being
at too high an initial temperature. Note the difference between a
deviation and its cause. In the case above, failure of the pump
would be a cause, not a deviation.
Language/customs/rituals
Every organization has its own "language" Â\ terms that are part of what goes
on within the nonprofit. These words and ideas also signify the way people
are expected to behave in your workplace and with clients. "Customs" can be
described as the routines for giving and obtaining service, and "rituals"
describe the events that take place on a regular basis, such as an annual
volunteer recognition event, a fundraiser or a board retreat. Is "safety"
part of the language of your nonprofit? Or is safety considered something
that is just the cleaning crew's, building engineer's or safety
coordinator's job?
Being part of a team Â\ group norms
Group norms describe the ways in which people are expected to work together
in groups?what behaviors are OK, what is not OK, and what is completely
taboo. Behavioral expectations are some of the key aspects of organizational
culture. What types of behavior is expected in the realm of safety?
Values and beliefs
Values and beliefs
An organization's mission reflects the nonprofit's core values and beliefs.
Treatment of clients, community outreach and the stewardship of resources
all reflect these values and beliefs. Is safety part of your nonprofit's
value structure? Are people rewarded in a tangible, visible way for
promoting safety and working safely?
Rules of the game
These are the rules that are not written down, but must be understood if a
person is to get along in the organization. These "rules" also indicate what
is considered of value within the organization. Are good safety practices
among the unwritten rules of your nonprofit?
Climate
"Climate" describes the feeling that is conveyed by the physical layout and
the way in which members of the organization interact with each other,
clients, donors and members of the public. How does the physical layout of
your nonprofit make a statement about your commitment to safety? Are safety
concerns evident in the interaction among employees and volunteers and in
staff interaction with clients, donors and members of the public?
The Way Things Are Done Â\ Patterns of Problem Solving
The ways people are "shown the ropes" of the organization including how
problems are identified and solved within the organization illustrate
patterns of problem solving. How are newcomers told about the nonprofit's
commitment to safety? Are new employees briefed on safety procedures? Do
they know that there are consequences for ignoring safety practices or
engaging in unsafe behavior? Are the consequences enforced?
Checklist
Answer "Yes" or "No."
"Safety" is part of the language of the nonprofit.
Safety is part of your nonprofit's value structure.
Safety is considered something that is the cleaning crew's, building
engineer's or safety coordinator's and everyone else's job.
People are rewarded in a tangible, visible way for promoting safety.
Safe practices are part of the unwritten rules of your nonprofit.
Safety concerns are evident in the interaction among staff and volunteers
and in their interaction with clients, donors and members of the public.
New employees are briefed on safety procedures.
New employees know that there are consequences for ignoring safety practices
or engaging in unsafe behavior.
Consequences for ignoring safety practices or engaging in unsafe behavior
are enforced.
Facility
____________________ Area ___________________
Auditor
___________________ Date __________
| Area | Satisfactory | Action Required | Corrective Action (date) |
| Employee Knowledge | |||
| Last date of training | |||
| Normal Operating Procedures | |||
| Emergency Operating Procedures | |||
| Program Administration | |||
| Last audit date | |||
| Written Program | |||
| Boiler Supervisor Assigned | |||
| Records | |||
| Training | |||
| Inspections - Weekly | |||
| Inspections - Internal | |||
| Inspections - External | |||
| Water chemistry records | |||
| Test records | |||
| Relief valve test records | |||
| Fuel tests | |||
| Safeguards | |||
| Engineering Safeguards | |||
| Administrative Safeguards | |||
| Training Safeguards | |||
| Equipment Inspection | |||
| Controls | |||
| Alarms | |||
| Pumps | |||
| Valves | |||
| Blowers | |||
| Insulation | |||
| Area Inspection | |||
| Chemical storage | |||
| No leaks | |||
| Lighting | |||
| No flammable material | |||
| Notes | |||
|
|
|||
INDUSTRIAL HYGIENE
Sampling
and monitoring equipment is available to quantify exposures to
contaminants, noise, radiation, and heat. Correct sampling strategy and
interpretation are essential elements of an industrial hygiene survey.
Confined spaces, ventilation changes, the performance of collection
systems, and pressure relief valves are all items of concern for
exposure evaluation.
Industrial
hygiene is defined as the recognition, evaluation, and control of
workplace hazards. Its origins are based on limiting personal exposures
to chemicals, and have evolved to address the control of most other
workplace hazards including over-exposure to noise, heat, vibration, and
repetitive motion.
Occupational
exposure to chemicals is still considered one of the most wide spread
hazards in industry. The use of engineering controls is the preferred
method of limiting these exposures. Dilution and capture ventilation are
two important methods to control occupational exposure. The design and
position of hoods and vents, and amount of air infiltration can
substantially change exposure conditions. Material Safety Data Sheets
and other documentation provide a basis for predicting adverse effects,
disposal needs, and fire and ignition concerns.The
selection of appropriate personal protective equipment for exposure
control often requires both an understanding of the limitations of the
equipment, and the expected exposure parameters as determined by an
industrial hygiene evaluation. Engineering controls are considered the preferred method of control, but
personal protective equipment plays an important role for health,
safety, and rescue, especially when using confined space entry
procedures. The potential for misuse or misapplication of these devices
should be evaluated.
The
Occupational Safety and Health Administration, the American Conference
of Governmental Industrial Hygienists, and the National Institute of
Occupational Safety and Health are three organizations which establish
many of the rules governing allowable workplace exposures. Permissible
exposure limits for noise, chemicals, heat, and other workplace
stressors have been established and often include safety factors.HAZARD & OPERABILITY STUDIES
INTRODUCTION
The technique of Hazard and Operability Studies, or in more common terms
HAZOPS, has been used and developed over approximately four decades for
'identifying potential hazards and operability problems' caused by 'deviations
from the design intent' of both new and existing process plants. Before
progressing further, it might be as well to clarify some aspects of these
statements.
Potential Hazard AND Operability Problems
You will note the capitalised 'AND' in the heading above. Because of
the high profile of production plant accidents, emphasis is too often placed
upon the identification of hazards to the neglect of potential operability
problems. Yet it is in the latter area that benefits of a Hazop Study are
usually the greatest. To quote an example, a study was commissioned for a
new plant. Some two years previously, and for the first time, a similar
study had been carried out on different plant at the same site which was then
in the process of being designed. Before the latest review commenced, the
Production Manager expressed the hope that the same benefits would accrue as
before, stating that "in his twenty years of experience, never had a new
plant been commissioned with so few problems, and no other plant had ever
achieved its production targets and break-even position in so short a
time".
Deviation from design intent
To deal firstly with 'design intent', all industrial plant is designed with
an overall purpose in mind. It may be to produce a certain tonnage per
year of a particular chemical, to manufacture a specified number of cars, to
process and dispose of a certain volume of effluent per annum, etc. That
could be said to be the main design intent of the plant, but in the vast
majority of cases it would also be understood that an important subsidiary
intent would be to conduct the operation in the safest and most efficient
manner possible.
With this in mind equipment is designed and constructed which, when it is
all assembled and working together, will achieve the desired goals.
However, in order to do so, each item of equipment, each pump and length of
pipework, will need to consistently function in a particular manner. It
is this manner which could be classified as the 'design intent' for that
particular item. To illustrate, imagine that as part of the overall
production requirement we needed a cooling water facility. For this we
would almost certainly have cooling water circuit pipework in which would be
installed a pump as very roughly illustrated below.
Industries in which the technique is employed
Hazops were initially 'invented' by ICI in the United Kingdom, but the
technique only started to be more widely used within the chemical process
industry after the Flixborough disaster in 1974. This chemical plant
explosion killed twenty eight people and injured scores of others, many of
those being members of the public living nearby. Through the general
exchange of ideas and personnel, the system was then adopted by the petroleum
industry, which has a similar potential for major disasters. This was
then followed by the food and water industries, where the hazard potential is
as great, but of a different nature, the concerns being more to do with
contamination rather than explosions or chemical releases.
The reasons for such widespread use of Hazops
Safety and reliability in the design of plant initially relies upon the
application of various codes of practise, or design codes and standards.
These represent the accumulation of knowledge and experience of both individual
experts and the industry as a whole. Such application is usually backed
up by the experience of the engineers involved, who might well have been
previously concerned with the design, commissioning or operation of similar
plant.
However, it is considered that although codes of practise are extremely
valuable, it is important to supplement them with an imaginative anticipation
of deviations which might occur because of, for example, equipment malfunction
or operator error. In addition, most companies will admit to the fact
that for a new plant, design personnel are under pressure to keep the project
on schedule. This pressure always results in errors and
oversights. The Hazop Study is an opportunity to correct these before
such changes become too expensive, or 'impossible' to accomplish.
Although no statistics are available to verify the claim, it is believed
that the Hazop methodology is perhaps the most widely used aid to loss
prevention. The reason for this can most probably be summarised as
follows:
- It is easy to learn.
- It can be easily adapted to almost all the operations that are carried out within process industries.
- No special level of academic qualification is required. One does not need to be a university graduate to participate in a study.
THE BASIC CONCEPT
Essentially the Hazops procedure involves taking a full description of a
process and systematically questioning every part of it to establish how
deviations from the design intent can arise. Once identified, an
assessment is made as to whether such deviations and their consequences can
have a negative effect upon the safe and efficient operation of the
plant. If considered necessary, action is then taken to remedy the
situation.
This critical analysis is applied in a structured way by the Hazop team, and
it relies upon them releasing their imagination in an effort to discover
credible causes of deviations. In practice, many of the causes will be
fairly obvious, such as pump failure causing a loss of circulation in the
cooling water facility mentioned above. However, the great advantage of
the technique is that it encourages the team to consider other less obvious
ways in which a deviation may occur, however unlikely they may seem at first
consideration. In this way the study becomes much more than a mechanistic
check-list type of review. The result is that there is a good chance that
potential failures and problems will be identified which had not previously
been experienced in the type of plant being studied.
Keywords
An essential feature in this process of questioning and systematic analysis
is the use of keywords to focus the attention of the team upon deviations and
their possible causes. These keywords are divided into two sub-sets:
- Primary Keywords which focus attention upon a particular aspect of the design intent or an associated process condition or parameter.
- Secondary Keywords which, when combined with a primary keyword, suggest possible deviations.
The entire technique of Hazops revolves around the effective use of these
keywords, so their meaning and use must be clearly understood by the
team. Examples of often used keywords are listed below.
Primary Keywords
These reflect both the process design intent and operational aspects of the
plant being studied. Typical process oriented words might be as
follows. The list below is purely illustrative, as the words employed in
a review will depend upon the plant being studied.
| Flow | Temperature | |
| Pressure | Level | |
| Separate (settle, filter, centrifuge) | Composition | |
| React | Mix | |
| Reduce (grind, crush, etc.) | Absorb | |
| Corrode | Erode |
Note that some words may be included which appear at first glance to be
completely unrelated to any reasonable interpretation of the design intent of a
process. For example, one may question the use of the word Corrode, on
the assumption that no one would intend that corrosion should occur. Bear
in mind, however, that most plant is designed with a certain life span in mind,
and implicit in the design intent is that corrosion should not occur, or if it
is expected, it should not exceed a certain rate. An increased corrosion
rate in such circumstances would be a deviation from the design intent.
Remembering that the technique is called Hazard & Operability
Studies, added to the above might be relevant operational words such as:
| Isolate | Drain | |
| Vent | Purge | |
| Inspect | Maintain | |
| Start-up | Shutdown |
This latter type of Primary Keyword is sometimes either overlooked or given
secondary importance. This can result in the plant operator having, for
example, to devise impromptu and sometimes hazardous means of taking a
non-essential item of equipment off-line for running repairs because no secure
means of isolation has been provided. Alternatively, it may be discovered
that it is necessary to shut down the entire plant just to re-calibrate or
replace a pressure gauge. Or perhaps during commissioning it is found
that the plant cannot be brought on-stream because no provision for safe manual
override of the safety system trips has been provided.
Secondary Keywords
As mentioned above, when applied in conjunction with a Primary Keyword,
these suggest potential deviations or problems. They tend to be a standard set
as listed below:
| Word | Meaning | |
|---|---|---|
| No | The design intent does not occur (e.g. Flow/No), or the operational aspect is not achievable (Isolate/No) | |
| Less | A quantitative decrease in the design intent occurs (e.g. Pressure/Less) | |
| More | A quantitative increase in the design intent occurs (e.g. Temperature/More) | |
| Reverse | The opposite of the design intent occurs (e.g. Flow/Reverse) | |
| Also | The design intent is completely fulfilled, but in addition some other related activity occurs (e.g. Flow/Also indicating contamination in a product stream, or Level/Also meaning material in a tank or vessel which should not be there) | |
| Other | The activity occurs, but not in the way intended (e.g. Flow/Other could indicate a leak or product flowing where it should not, or Composition/Other might suggest unexpected proportions in a feedstock) | |
| Fluctuation | The design intention is achieved only part of the time (e.g. an air-lock in a pipeline might result in Flow/Fluctuation) | |
| Early | Usually used when studying sequential operations, this would indicate that a step is started at the wrong time or done out of sequence | |
| Late | As for Early |
It should be noted that not all combinations of Primary/Secondary words are
appropriate. For example, Temperature/No (absolute zero or -273ºC !)
or Pressure/Reverse could be considered as meaningless.
HAZOP STUDY METHODOLOGY
In simple terms, the Hazop study process involves applying in a systematic
way all relevant keyword combinations to the plant in question in an effort to
uncover potential problems. The results are recorded in columnar format
under the following headings:
| DEVIATION | CAUSE | CONSEQUENCE | SAFEGUARDS | ACTION |
In considering the information to be recorded in each of these columns, it
may be helpful to take as an example the simple schematic below. Note
that this is purely representational, and not intended to illustrate an actual
system.
Cause
Potential causes which would result in the deviation occurring. (e.g. "Strainer S1 blockage due to impurities in Dosing Tank T1" might be a cause of Flow/No).
Potential causes which would result in the deviation occurring. (e.g. "Strainer S1 blockage due to impurities in Dosing Tank T1" might be a cause of Flow/No).
Consequence
The consequences which would arise, both from the effect of the deviation (e.g. "Loss of dosing results in incomplete separation in V1") and, if appropriate, from the cause itself (e.g. "Cavitation in Pump P1, with possible damage if prolonged").
The consequences which would arise, both from the effect of the deviation (e.g. "Loss of dosing results in incomplete separation in V1") and, if appropriate, from the cause itself (e.g. "Cavitation in Pump P1, with possible damage if prolonged").
Always be explicit in recording the consequences. Do not
assume that the reader at some later date will be fully aware of the
significance of a statement such as "No dosing chemical to Mixer". It
is much better to add the explanation as set out above.
When assessing the consequences, one should not take any credit
for protective systems or instruments which are already included in the
design. For example, suppose the team had identified a cause of Flow/No
(in a system which has nothing to do with the one illustrated above) as being
spurious closure of an actuated valve. It is noticed that there is valve
position indication within the Central Control Room, with a software alarm on
spurious closure. They may be tempted to curtail consideration of the
problem immediately, recording something to the effect of "Minimal
consequences, alarm would allow operator to take immediate remedial
action". However, had they investigated further they might have
found that the result of that spurious valve closure would be over pressure of
an upstream system, leading to a loss of containment and risk of fire if the
cause is not rectified within three minutes. It only then becomes
apparent how inadequate is the protection afforded by this software alarm.
Safeguards
Any existing protective devices which either prevent the cause or safeguard against the adverse consequences would be recorded in this column. For example, you may consider recording "Local pressure gauge in discharge from pump might indicate problem was arising". Note that safeguards need not be restricted to hardware… where appropriate, credit can be taken for procedural aspects such as regular plant inspections (if you are sure that they will actually be carried out!).
Any existing protective devices which either prevent the cause or safeguard against the adverse consequences would be recorded in this column. For example, you may consider recording "Local pressure gauge in discharge from pump might indicate problem was arising". Note that safeguards need not be restricted to hardware… where appropriate, credit can be taken for procedural aspects such as regular plant inspections (if you are sure that they will actually be carried out!).
Action
Where a credible cause results in a negative consequence, it must be decided whether some action should be taken. It is at this stage that consequences and associated safeguards are considered. If it is deemed that the protective measures are adequate, then no action need be taken, and words to that effect are recorded in the Action column.
Where a credible cause results in a negative consequence, it must be decided whether some action should be taken. It is at this stage that consequences and associated safeguards are considered. If it is deemed that the protective measures are adequate, then no action need be taken, and words to that effect are recorded in the Action column.
Actions fall into two groups:
- Actions that remove the cause.
- Actions that mitigate or eliminate the consequences.
Whereas the former is to be preferred, it is not always
possible, especially when dealing with equipment malfunction. However,
always investigate removing the cause first, and only where necessary mitigate
the consequences. For example, to return to the "Strainer S1
blockage due to impurities etc." entry referred to above, we might
approach the problem in a number of ways:
- Ensure that impurities cannot get into T1 by fitting a strainer in the road tanker offloading line.
- Consider carefully whether a strainer is required in the suction to the pump. Will particulate matter pass through the pump without causing any damage, and is it necessary to ensure that no such matter gets into V1. If we can dispense with the strainer altogether, we have removed the cause of the problem.
- Fit a differential pressure gauge across the strainer, with perhaps a high dP alarm to give clear indication that a total blockage is imminent.
- Fit a duplex strainer, with a regular schedule of changeover and cleaning of the standby unit.
Three notes of caution need to be borne in mind when
formulating actions. Do not automatically opt for an engineered solution,
adding additional instrumentation, alarms, trips, etc. Due regard must be
taken of the reliability of such devices, and their potential for spurious
operation causing unnecessary plant down-time. In addition, the increased
operational cost in terms of maintenance, regular calibration, etc. should also
be considered (the lifetime cost of a simple instrument will be at least twice
its purchase price… for more complex instrumentation this figure will be
significantly greater). It is not unknown for an over-engineered solution
to be less reliable than the original design because of inadequate testing and
maintenance.
Finally, always take into account the level of training and
experience of the personnel who will be operating the plant. Actions
which call for elaborate and sophisticated protective systems are wasted, as
well as being inherently dangerous, if operators do not, and never will,
understand how they function. It is not unknown for such devices to be
disabled, either deliberately or in error, because no one knows how to maintain
or calibrate them.
Considering all Keywords - The Hazop procedure
Having gone through the operations involved in recording a
single deviation, these can now be put into the context of the actual study
meeting procedure. From the flow diagram below it can be seen that it is
very much an iterative process, applying in a structured and systematic way the
relevant keyword combinations in order to identify potential problems.
No comments:
Post a Comment