Transcript Slide 1
This project is funded by the European Union Projekat finansira Evropska Unija EVALUATING THE SITE SAFETY REPORT PART 1 Ike van der Putte [email protected] This Project is funded by the European Union Project implemented by Human Dynamics Consortium Project implemented by Human Dynamics Consortium Projekat realizuje Human Dynamics Konzorcijum OVERVIEW • Completeness, correctness and credibility check SR • Purpose and definitions in SR • Essential Elements of a SR This Project is funded by the European Union Project implemented by Human Dynamics Consortium Complete, Correct and Credible. • Under “complete” questions for evaluation will verify the presence of the required, essential information that a safety report should contain; and • Under “correct” and “credible” will go questions that would be used to verify the ones in complete (to cross-check them). This Project is funded by the European Union Project implemented by Human Dynamics Consortium • For every “no” checked, the Safety Report would not be acceptable, and should be immediately returned to operator for additional work; • For every “limited” checked, the Safety Report would still be acceptable, but will need further clarification It should be noted that some of the “complete” and “correct” questions might need to be verified during on-site inspection. This Project is funded by the European Union Project implemented by Human Dynamics Consortium In Evaluating and assessment of Safety Reports by the authorities keep the purpose of a SR in mind ! This Project is funded by the European Union Project implemented by Human Dynamics Consortium PURPOSE OF A SAFETY REPORT WHY? Safety reports are intended to demonstrate that: • a major accident prevention policy (MAPP) and a safety management system (SMS) have been put into effect; • major-accident hazards are identified and necessary measures have been taken to prevent such accidents and to limit their consequences for man and the environment; • adequate safety & reliability have been incorporated into the design, construction, operation and maintenance of any installation; • internal emergency plans have been drawn up, supplying information to enable the external emergency plan to be drawn up; • information for land-use planning decisions has been given. This Project is funded by the European Union Project implemented by Human Dynamics Consortium HOW?:The safety report must include the following minimum data and Information that are specified in more detail in Annex II of the Seveso II Directive: • Information on the MAPP and on the SMS • Presentation of the environment of the establishment • Description of the installation(s) • Hazard identification, risk analysis and prevention methods • Measures of protection and intervention to limit the consequences of an accident This Project is funded by the European Union Project implemented by Human Dynamics Consortium WHO?: The safety report must be submitted to the competent authority by the operator. It is up to the operator and within its responsibility to decide on the sufficiency of competence of the people and organisations involved in the preparation of the safety report. Relevant organisations entrusted with such tasks must be named in the safety report. This Project is funded by the European Union Project implemented by Human Dynamics Consortium WHEN? The safety report must be submitted: - in case of a new establishment a reasonable period of time prior to the start of construction or operation; and - without delay after a periodic or necessary review. The safety report must be reviewed and, if necessary, updated: - in a regular period, which is laid down in the respective regulations (min. 5 year) or - at the initiative of the Operator or at the request of the Competent Authority, where justified by new facts, new technical knowledge about safety or about hazard assessment, or - in case of a modification of a site, this means modification of the establishment, the installation, the storage facility, the (chemical) process, the nature of dangerous substance(s) or the quantity of dangerous substance(s). The decision whether these modifications would have an impact on safety and, therefore, would require a review of the safety report should be taken by using a systematic analysis such as for instance a screening method or a rapid ranking tool This Project is funded by the European Union Project implemented by Human Dynamics Consortium SR DEFINITIONS The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. A. “Demonstrate” For this specific purpose, “demonstrate” is intended in its meaning of: “justify” or “argue the case” but not “provide an absolute proof” The Competent Authorities will take the information and conclusions in the report largely as presented, using professional judgement more generally to assess the credibility and logic of the conclusions reached in the report. An extensive in-depth scrutiny or exhaustive examination is not envisaged in most cases. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. • The operator shall expect professional judgment from the assessor of a safety report and should base its demonstration on this assumption. • The demonstration must be “convincing”. This means that the rationale for deciding the completeness of hazard identification and the adequacy of the measures employed should be supported and accompanied by all assumptions made and conclusions drawn. • The demonstration should provide evidence that the process was systematic which means that it followed a fixed and pre-established scope. • The extent to which the demonstration is performed should be proportional to the associated risk. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. B. “Necessary Measures” “Necessary measures” shall be taken in order to prevent, control and limit the consequences of a possible major-accident. • The efficiency and effectiveness of the measures should be proportionate to the risk reduction target (i.e. higher risks require higher risk reduction and, in turn, more stringent measures). • The current state of technical knowledge should be followed. Validated innovative technology might also be used. Relevant national safety requirements must be respected. • There should be a clear link between the adopted measures and the accident scenarios for which they are designed). • Inherent safety should be considered first, when feasible (i.e. hazards should always be removed or reduced at source). This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. C. “Prevent, Control and Limit” • Prevent: to reduce the likelihood of occurrence of the reference scenario (example: automated system to prevent overfilling; sometimes “avoid measures” are regarded to be a separate category as they refer to the total avoidance of a scenario, e.g. in case of the burying of a vessel) • Control: to reduce the extent of the dangerous phenomenon (example: gas detection that reduces intervention time and may prevent major release); • Limit: to reduce the extent of the consequences of a major accident (e.g. through emergency response arrangements, bunding or firewalls). This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should demonstrate that necessary measures to prevent, control and limit the consequences of a possible major accident have been put in place and are fit for purpose. D. “Major Accidents” To qualify an accident as “major accident”, three criteria must be fulfilled: • the accident must be initiated by an “uncontrolled development”; • “one or more dangerous substances” listed in Annex I of the Directive must be involved; • the accident must lead to “serious danger” to human health, the environment, or the property. “serious danger”: • potential life-threatening consequences to one human (on-site or off-site); • potential health-threatening consequences and social disturbance involving a number of humans; • potential harmful consequences to the environment at a certain (larger) extent; • potential severe damage to property (on-site or off-site). This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT Note: Structure is according to ANNEX II SEVESO II; In practice structure of Safety reports is not followed exactly This Project is funded by the European Union Project implemented by Human Dynamics Consortium I. MAPP AND SMS Major Accident Prevention Policy (MAPP), is a “self-commitment” by the operator of a Seveso type establishment to meet the requirements of Article 5. (operator obligations) A safety management system (SMS) is instead a set of activities that ensures that hazards are effectively identified, understood and minimised to a tolerable level. In this sense, it may be regarded as the transposition of the general goals identified in the MAPP into specific objectives and procedures. This Project is funded by the European Union Project implemented by Human Dynamics Consortium MAPP and SMS should address the following issues: 1. organisation and personnel 2. identification and evaluation of major-accident hazards 3. operational control 4. management of change 5. planning for emergencies 6. monitoring performance 7. audit and review This Project is funded by the European Union Project implemented by Human Dynamics Consortium In practice a SMS consists of a compilation of written principles, plans, formal organisation charts, responsibility descriptions, procedural recommendations, instructions, data sets, etc. This does not mean that all of these documents do not have to be available in case of inspections but with respect to the safety report, most of them have the character of “underlying documents”. For the purpose of a safety report, the description of the SMS is of a summarising character and should address all the above seven subsets. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The MAPP is embedded in the overall management system of the company and sets the general goals for the SMS, the latter serving as basis for the risk/hazard analysis (as far as it concerns major accident hazards). This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT Note: Structure is according to ANNEX II SEVESO II; In practice structure of Safety reports is not followed exactly This Project is funded by the European Union Project implemented by Human Dynamics Consortium II. PRESENTATION OF THE ENVIRONMENT OF THE ESTABLISHMENT A. description of the site and its environment including the geographical location, meteorological, geological, hydrographical conditions and, if necessary, its history; B. identification of installations and other activities of the establishment which could present a major accident hazard; C. description of areas where a major accident may occur. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIA.DESCRIPTION OF THE SITE AND ITS ENVIRONMENT (1) The safety report should contain an adequate description of the establishment to enable the authorities to have a clear picture of its purpose, location, activities, hazards, services and technical equipment An introductory section should contain general information on the establishment, i.e.: • purpose of the establishment; • main activities and production; • history and development of the activities, including the status of authorisations for operations already agreed and/or granted, when applicable; • the number of persons working at the establishments (i.e. internal and contractors’ personnel, specifying working times, possibility of visitors, etc.); • general statements characterising the establishment with respect to its main hazards as regards relevant substances and processes. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIA. DESCRIPTION OF THE SITE AND ITS ENVIRONMENT (2) Location The description of the location of the establishment should contain data on topography and accessibility to the site at a sufficient degree of detail ( in line with the extent of the hazards and the vulnerability of the surroundings). The description of the natural environment and the surroundings should demonstrate that the natural environment and surrounding activities have been sufficiently analyzed by the operator to identify both the hazards that they pose to safe operation and the vulnerability of the area to the impact of major accidents. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIA.DESCRIPTION OF THE SITE AND ITS ENVIRONMENT (3) Location/topography The topographic maps submitted should be of an adequate scale and should include the establishment as well as all development in the surrounding area within the impact range of the accidents identified. On such maps the land-use pattern (i.e. industry, agriculture, urban settlements, environmentally sensitive locations, etc.), the location of the most important buildings, infrastructure elements (i.e. hospitals, schools, other industrial sites, motorway and railway networks, stations and marshalling yards, airports, harbours, etc.) and access routes to and from the establishment must be indicated. The land-use pattern of the area surrounding the establishment may be presented according to the specification of the official land-use plan of the greater area. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIA. DESCRIPTION OF THE SITE AND ITS ENVIRONMENT (4) Location/natural environment As the natural environment of an establishment may present potential hazard sources and may influence the development and consequences of an accident, data will be needed for the description of these relevant environmental factors. In general, this type of data includes: meteorological data (wind, thunderstorms, precipitation, stability classes, temperature) geological, hydrological and hydrographical site data (flooding likelyhood, seismic data etc. other site specific natural factors (water quality, sensitive ecosystems, protected natural areas This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIA. DESCRIPTION OF THE SITE AND ITS ENVIRONMENT (5) Location/layout of the establishment The lay-out should adequately identify installations and other activities of the establishment including: • main storage facilities; • process installations; • location of relevant substances and their quantities; • relevant equipment (including vessels and pipes); • spacing of the installations and their main sections; • utilities, services and internal infrastructure equipment • location of key abatement systems; • location of occupied buildings (with an indication of the numbers of persons likely to be present); • other units if relevant for the safety report conclusions This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIB.IDENTIFICATION OF INSTALLATIONS AND OTHER ACTIVITIES OF THE ESTABLISHMENT WHICH COULD PRESENT A MAJOR ACCIDENT HAZARD The installations of an establishment to be submitted to risk analysis have to be possibly selected through a screening method. The selection may follow the use of index methods or threshold criteria for hazardous substances or other suitable methods. The result of this screening process should be indicated in a separate form in the safety report, e.g. a list of the installations and activities of concern or a specific indication in the respective maps. This Project is funded by the European Union Project implemented by Human Dynamics Consortium Additional element SEVESO III, Annex II Safety Report (c) on the basis of available information, identification of neighbouring establishments, as well as sites that fall outside the scope of this Directive, areas and developments that could be the source of, or increase the risk or consequences of a major accident and of domino effects; IIC. Description of areas where a major accident may occur Issue is linked with II/A and IV/B and may be demonstrated together This Project is funded by the European Union Project implemented by Human Dynamics Consortium SUMMARY: CONTENTS OF SAFETY REPORT - DESCRIPTION OF ESTABLISHMENT AND ITS ENVIRONMENT Presentation of the Environment of Establishment (location, meteo data, hydrographical, vulnerable receptors etc : EIA) Identification of Units of the establishment which could present a major accident hazard (Safety Critical Units) Description of the Units (layout, activities, products, safety critical processes, source terms of major-accidents, LOC) Outline of safety procedures in all stages, safety relevant systems and components, fire fighting Dangerous substances ( Inventory of equipment, substance characteristics: SDS / CLP ) References to : EIA, Emergency Plans, regional LUPlans Maps with Land Uses in the environment (the greater area that can be affected by the major accident consequences ) __________________________________________________________________________________ Ref. G. PAPADAKIS - SEVESO SERBIA 24th June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT Note: Structure is according to ANNEX II SEVESO II; In practice structure of Safety reports is not followed exactly This Project is funded by the European Union Project implemented by Human Dynamics Consortium III. DESCRIPTION OF THE INSTALLATIONS “SCREENED OUT” A. description of the main activities and products of the parts of the establishment which are important from the point of view of safety and sources of major-accident risks and conditions under which such a major accident could happen, together with a description of proposed preventive measures; B. description of processes, in particular the operating methods; C. description of dangerous substances This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIIA/B. HAZARDOUS INSTALLATIONS AND ACTIVITIES AND PROCESSES Sufficient information should be provided in the safety report to permit the competent authority to assess the adequacy of the controls in place or foreseen in the hazardous installations identified through the screening process. Reference can be made to other, more detailed documents available to the authority on request and/or on-site (the “underlying documents” already mentioned in the section about the SMS). This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIIA/B. Hazardous installations and activities and processes(2) Description: The description of hazardous activities (processes/storage) and equipment parts shall indicate the purpose and the basic features of the related operations within the establishment which are important to safety and may be sources of major risks. This should cover: a) basic operations; b) chemical reactions, physical and biological conversions and transformations; c) on-site interim storage; d) other storage related activities i.e. loading-unloading, transport including pipe work, etc.; e) discharge, retention, re-use and recycling or disposal of residues and wastes including discharge and treatment of waste gases; f) other process stages, especially treatment and processing operations. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIIC. DANGEROUS SUBSTANCES The safety report should give information on types and quantities of dangerous substances to which the Directive applies at the establishment. The substances can fall into any of the following categories: • raw materials; • intermediate products; • finished products; • by-products, wastes and auxiliary products; • products formed as a result of loss of control of chemical processes. This Project is funded by the European Union Project implemented by Human Dynamics Consortium IIIC. Dangerous Substances (2) For the eligible dangerous substances, data to be provided should include: a) type and origin of the substance (i.e. CAS Number, IUPAC Name b) physical and chemical properties (i.e. characteristic temperatures and pressures, c) toxicological, flammability and explosive characteristics (i.e. toxicity, persistence, irritant effects, d) substance characteristics under loss of control of process or storage conditions (e.g. information on possible transformation into new substances with other properties of toxicity, degradability, etc.) e) others (e.g. corrosion characteristics in particular relating to the containment material, etc.); the latter two only when relevant for the safety report conclusions or specifically addressed there. This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT Note: Structure is according to ANNEX II SEVESO II; In practice structure of Safety reports is not followed exactly This Project is funded by the European Union Project implemented by Human Dynamics Consortium IV. IDENTIFICATION AND ACCIDENTAL RISKS ANALYSIS AND PREVENTION METHODS A. detailed description of the possible major-accident scenarios and their probability or the conditions under which they occur, including a summary of the events that may play a role in triggering each of these scenarios, the causes being internal or external to the installation; B. assessment of the extent and severity of the consequences of identified major accidents, including maps, images or, as appropriate, equivalent descriptions, showing areas that are liable to be affected by those accidents, subject to the provisions of Articles 13(4) and 20; C. description of technical parameters and equipment used for the safety of installations. This Project is funded by the European Union Project implemented by Human Dynamics Consortium RISK ASSESSMENT Risk analysis is teamwork Ideally risk analysis should be done by bringing together experts with different backgrounds: chemicals human error process equipment Risk assessment is a continuous process! This Project is funded by the European Union Project implemented by Human Dynamics Consortium RISK ASSESSMENT System definition Hazard identification Analysis of accident scenarios Scheme for qualitative and quantitative assessments At all steps, risk reducing measures need to be considered Estimation of accident frequencies Consequence analysis and modelling Risk estimation This Project is funded by the European Union Project implemented by Human Dynamics Consortium RISK ANALYSIS – MAIN STEPS Risk Analysis Hazard Identification Hazard & Scenario Analysis Likelihood • • • • • ”What if” Checklists HAZOP Task analysis Index (Dow, Mond) Consequences Risk This Project is funded by the European Union Project implemented by Human Dynamics Consortium HAZARD ANALYSIS: HAZARD LEVEL AND SOURCE TERM Selection of safety critical equipment / Units and identification of Source term : the possible amount of release estimated under realistic conditions (e.g. operat. pressure, release rates, release duration, area where the fuel can be accumulated , etc) The F& E Index (DOW Index), The (Sub)Selection Method of Major Accident Scenarios for QRA (Purple Book/TNO) based on the distance of critical equipment from vulnerable receptors, Rapid ranking methods based on hazard indices and frequencies of past accident The IAEA classification method for chemical hazards HAZID method i.e. checklists, What-if, systematic methods as HAZOP, etc. __________________________________________________________________________________ G. PAPADAKIS - SEVESO SERBIA 24th June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium RISK ANALYSIS – MAIN STEPS Risk Analysis Hazard Identification Hazard & Scenario Analysis Likelihood Consequences Risk This Project is funded by the European Union • Fault tree analysis • • • • • • Event tree analysis Bowties Barrier diagrams Reliability data Human reliability Consequence models Project implemented by Human Dynamics Consortium BOW-TIE SCENARIO Initiating events Major Events Critical Event IE ME And IE AE IE OR IE ME AE IE OR IE AE IE OR CE ME IE And IE AE ME IE OR IE AE IE ME OR IE AE ME IE Fault Tree This Project is funded by the European Union Preventive Barriers Mitigative Barriers Event Tree Project implemented by Human Dynamics Consortium RISK ANALYSIS – MAIN STEPS Risk Analysis Hazard Identification Hazard & Scenario Analysis Likelihood Consequences Identify Safety Barriers Risk This Project is funded by the European Union Project implemented by Human Dynamics Consortium Based on historical data and Guidelines for Process Equipment Reliability Data, Centre for Chemical Process Safety (CCPS) of the AIChE, 1989. Ref. RPS/BKH/PM report REAP 2002 This Project is funded by the European Union Project implemented by Human Dynamics Consortium The main elements in any risk analysis process are as follows: • hazard identification; • accident scenario selection; • scenarios’ likelihood assessment; • scenarios’ consequence assessment; • risk ranking; • reliability and availability of safety systems With regard to the hazard identification, a range of tools exists for systematic assessments, which are selected depending on the complexity of the individual case. The identification of hazards is followed by designation of reference accident scenarios which form the basis for determining whether the safety measures in place or foreseen are appropriate. This Project is funded by the European Union Project implemented by Human Dynamics Consortium For the scenarios’ likelihood and consequence assessment, which are essential steps in the risk analysis process, quite different approaches can be followed. These assessments make use of methodologies that are generally subdivided into different categories, in particular: • qualitative - (semi)quantitative and • deterministic - probabilistic. This Project is funded by the European Union Project implemented by Human Dynamics Consortium Qualitative/ (semi)Quantitative: The likelihood of occurrence and the consequences of a major accident scenario could be assessed either: • in qualitative terms using ranges , for example highly likely to extremely unlikely for likelihood, and very severe to negligible for consequences or • in (semi) quantitative terms by providing numerical figures (e.g. occurrence per year, number of fatalities per year). In general, the choice of either a qualitative or quantitative approach is strongly influenced by the specific safety culture philosophy within each individual Member State. This Project is funded by the European Union Project implemented by Human Dynamics Consortium Deterministic/Probabilistic: The distinction in this respect is more difficult to define. Although the definitions are widely used in several engineering fields, these definitions depend a lot on the specific application and there is not always coherent understanding of them. The deterministic approach is normally associated with consequence-based decision criteria and it is also mostly related to the use of qualitative terms, whereas the probabilistic approach relates more to quantitative elements and is seen as a “risk-based” methodology. This Project is funded by the European Union Project implemented by Human Dynamics Consortium Deterministic/Probabilistic: Project isapproach funded Note:This Hybrid in some countries – Italy/France by the European Union Project implemented by Human Dynamics Consortium A. Description of major-accident scenarios, initiating causes and the conditions under which they occur A structured approach to scenario selection is a crucial step in the overall analysis. The safety report should, therefore, outline the principles and procedures followed (SMS) to determine the scenarios. In doing so, events which are documented in accident databases, near-miss recording, safety alerts and similar literature must be reviewed when drawing up the list of scenarios and appropriate lessons learnt incorporated. This Project is funded by the European Union Project implemented by Human Dynamics Consortium A major-accident scenario for the purposes of the safety report usually describes the form of the loss of containment specified by its technical type e.g.: • vessel rupture • pipe rupture • vessel leak, etc. and the triggered event, namely: • fire • explosion • release of hazardous substance(s) This Project is funded by the European Union Project implemented by Human Dynamics Consortium The “bow-tie” diagram is can be used as one of the methods to describe major-accident scenarios to include underlying causes: The centre of the diagram is the loss of containment event i.e. the “top event”. The bow-tie left depicts the overall possible causes, which could lead to the occurrence of the top event. The vertical bars refer to the measures that are put in place to prevent the release of dangerous substances by including also measures to control escalation factors. The bow-tie right side describes the development of possible outcomes resulting from the top event. The vertical bars in the bow-tie right side refer to the measures to prevent that the top event could cause harm too the men, the environment and the installations. This Project is funded by the European Union Project implemented by Human Dynamics Consortium MATTE If potential release scenarios of a substance which could give rise to a major-accident to the environment (MATTE) are identified during the hazard identification process, further assessment of the risk to the environment must be carried out Examples of receptors which may be classified as having high damage potential include: • Rivers or aquifers used for public supply; • Ecologically sensitive areas; • Residential areas; • Land used for agricultural purposes; • High quality waters used for fishing; • Waters with aquatic ecosystems of particular value; • Waters used extensively for recreational purposes; • Rivers where water is abstracted for agricultural or horticultural purposes. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The following non-exhaustive list provides the most relevant event types that describe the consequences of the top event development (outcome): • pool fire • flash fire • tank fire • jet fire • VCE (vapour cloud explosion) • toxic cloud • BLEVE (boiling liquid expanding vapour explosion) • soil/air/water pollution This Project is funded by the European Union A point to note is that these events may occur in • process units • storage units • pipe work • loading/unloading facilities • on-site transport of hazardous substances. Project implemented by Human Dynamics Consortium The safety report must demonstrate that, of these possible scenario elements, the relevant scenarios were chosen. The selection may follow strategies such as: • event likelihood • consequences • how comprehensive or representative the scenario is. This Project is funded by the European Union Project implemented by Human Dynamics Consortium It is necessary to consider the causes of the potential accident; the most relevant of these are: Operational causes (malfunctions, technical failures, ignition, kock-on effects etc) Internal causes may be related to fires, explosions or releases of dangerous substances at installations within the establishment affecting other installations leading to a disruption of normal operation (e.g. the fracture of a water pipe leading to a disruption in the cooling capacity on site). External causes (fire, explosions toxic release of neighboring plants –Domino Effects; Natural hazards-NATECH; transportation and transport off site etc. Plant security (intentional acts) Other accident causes (related to design, construction and safety Management) This Project is funded by the European Union Project implemented by Human Dynamics Consortium NOTE SEVESO III ANNEX II – Safety Report Identification and accidental risks analysis and prevention methods: (a) detailed description of the possible major-accident scenarios and their probability or the conditions under which they occur including a summary of the events which may play a role in triggering each of these scenarios, the causes being internal or external to the installation; including in particular: (i) operational causes; (ii) external causes, such as those related to domino effects, sites that fall outside the scope of this Directive, areas and developments that could be the source of, or increase the risk or consequences of a major accident; (iii) natural causes, for example earthquakes or floods; This Project is funded by the European Union Project implemented by Human Dynamics Consortium The “top event” and the related causes constitute what is often called the “fault tree” or left-hand side of the “bow-tie”. In the picture below this is shown in a schematic form: This Project is funded by the European Union Project implemented by Human Dynamics Consortium Active/passive /mixed measures, including behaviour and hardware The following picture shows the schematic role of measures in the fault tree This Project is funded by the European Union Project implemented by Human Dynamics Consortium PREVENTIVE AND MITIGATIVE BARRIERS PB1 Workers Solvent S Temperature Control Temperature control prevents the formation of toxic fumes PB1 Solvent S Containment System Workers Containment reduces the exposure of workers to the toxic fumes This Project is funded by the European Union Project implemented by Human Dynamics Consortium BOW-TIE SCENARIO Initiating events Major Events Critical Event IE ME And IE AE IE OR IE ME AE IE OR IE AE IE OR CE ME IE And IE AE ME IE OR IE AE IE ME OR IE AE ME IE Fault Tree This Project is funded by the European Union Preventive Barriers Mitigative Barriers Event Tree Project implemented by Human Dynamics Consortium WHAT ARE BARRIERS? Barriers can be passive material barriers: container, dike, fence, behavioural barriers: Keep away from, do not interfere with Barriers can be active Active barriers follow a sequence: ”Detect – Diagnose – Act” Active barriers can consist of any combination of Hardware Software Lifeware (human action, behaviour) This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLES OF PASSIVE BARRIERS Probability of Failure on Demand (PFD) Dike 10-2 – 10-3 Fireproofing 10-2 – 10-3 Blast-wall or bunker Flame or Detonation arrestor 10-2 – 10-3 10-1 – 10-3 Probability of Failure on Demand (PFD): A value that indicates the probability of a system failing to respond to a demand. The average probability of a system failing to respond to a demand in a specified time interval is referred as PFDavg. This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLES OF ACTIVE BARRIERS 1IEC - International Electrotechnical Commission, develops electric, electronic and electrotechnical international standards Pressure relief valve Water spray, deluges, foam systems Basic Process Control System Safety Instrumented Function (SIF) - reliability depends on Safety Integrity Level (SIL) according to IEC1 61511 This Project is funded by the European Union Probability of Failure on Demand (PFD) 10-1 – 10-5 1 – 10-1 10-1 – 10-2 SIL 1:10-1 – 10-2 SIL 2:10-2 – 10-3 SIL 3:10-3 – 10-4 Project implemented by Human Dynamics Consortium PFD of each component of Safety Instrumented System (SIS) need to include in Safety Integrity Level (SIL) calculation This Project is funded by the European Union Project implemented by Human Dynamics Consortium HUMAN RESPONSE AS A BARRIER Responses can be skill-, rule-, and/or knowledge based Skill based: routine, highly practiced tasks and responses I.e. steering a car Rule based: responses covered by procedures and training I.e. obeying traffic rules Knowledge based: responses to novel situations I.e. finding the way to a new destination Skill- and rule based responses can be relatively fast and reliable, knowledge based responses are slow and not so reliable This Project is funded by the European Union Project implemented by Human Dynamics Consortium THE FOLLOWING ARE NOT BARRIERS, BUT FUNCTIONS OF SAFETY MANAGEMENT : Training and education. provides the competence to respond properly Procedures paperwork is not a barrier, only the response itself Maintenance and inspection necessary to ensure functioning of primary barriers over time Communications and instructions they influence barrier reliability a lot! This Project is funded by the European Union Project implemented by Human Dynamics Consortium WORST CASE SCENARIOS (WCS) IN THE SAFETY REPORT The WCS s should be limited to a reasonable amount The criteria for choosing the WCS in a SR are expected to be determined by the Competent Authority (assessing the SR) Criteria for WCS can include and address The most safety critical equipment The most critical releases from equipment rupture (probabilistic or deterministic approach i.e. releases with a probability higher than a set value or releases with the maximum inventory and worst phenomenon involved Catastrophic ruptures of equipment and FBR (full bore rupture) of pipes (smaller releases should be determined) __________________________________________________________________________________ Ref. G. Papadakis SEVESO SERVIA June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLE WORST CASE SCENARIOS SELECTION VIA HAZARD IDENTIFICATION (1) MAJOR-ACCIDENT HAZID: Site breakdown into areas/processes Major Hazards associated fire/explosion toxic release large spill Frequency and consequence allocation Team based approach This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLE WORST CASE SCENARIOS SELECTION VIA HAZARD IDENTIFICATION (2) Definitions of Frequency Categories Category Definition High (H) Event has occurred or is expected to occur several times during lifetime of site (20-30 years) Intermediate (I) Event may occur once during lifetime of site Low (L) Event is not expected to occur during lifetime of the site but may occur once during operations of all existing similar sites Remote (R) Event is unlikely to occur throughout all similar sites within a 100 year period of operation at the current level This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLE WORST CASE SCENARIOS SELECTION VIA HAZARD IDENTIFICATION (3) Definitions of Consequence Categories Category Definition Catastrophic (C) Death, irreversible environmental damage or system loss Severe (S) Severe injury, severe occupational illness, long-term environmental damage or major system damage Minor (M) Minor injury, minor occupational illness, short-term environmental damage or minor system damage Negligible (N) Negligible/no injuries, negligible/no occupational illness, negligible/no environmental damage or negligible/no system damage This Project is funded by the European Union Project implemented by Human Dynamics Consortium WORST CASE SCENARIOS SELECTION VIA HAZARD IDENTIFICATION (4) Aggregation - basis for risk assessment Frequency Consequence Catastrophic (C) Severe (S) Minor (M) Negligible (N) High (H) 1 1 2 3 Intermediate (I) 1 1 2 3 Low (L) 1 2 3 3 Remote (R) 2 3 3 3 1. 2. 3. Indicates a Category 1 (Major-Accident) hazard Indicates a Category 2 (Intermediate Risk) hazard Indicates a Category 3 (Low Risk) hazard This Project is funded by the European Union Project implemented by Human Dynamics Consortium Example Worst Case Scenarios selection for further evaluation (5) Following the initial selection process, all category 1 (major-accident) hazards Should be grouped by hazard type, e.g. toxic release or flammable release. A representative worst case is selected from each hazard group for further evaluation. The representative worst case is the category 1 hazard with the worst consequence can be referred to as the worst credible case. (normally used for consequence assessments and LUP) Category 2 hazard with catastrophic consequences: This selected scenario can be referred to as the worst possible case. The high frequency/less significant consequence hazards represent the worst probable case for a site. This Project is funded by the European Union Project implemented by Human Dynamics Consortium B. Assessment of the extent and severity of the consequences of identified major accidents Within a safety report, the consequence assessment for people and environment will be used for two different types of decision processes: 1. Consequence assessment to prevent major-accident hazards and to mitigate accident consequences, or to evaluate the efficiency and adequacy of the protective measures taken. 2. Consequence assessment for external emergency planning and land use planning around establishments For 1 mostly qualitative; For 2 mostly modelling This Project is funded by the European Union Project implemented by Human Dynamics Consortium Modelling the consequences of major accidents is based on several inputs such as for instance: • the physical and hazardous properties of the substances in question (flammability, toxicology, etc.) • emission potential (thermal radiation, overpressure) • release characteristics (amount, phases, conditions, etc.) and • weather conditions. The foundation of modelling of this type is again a specific set of reference scenarios. In this case it is the right side of the “bow-tie” that serves as the starting point. This part of the bow-tie is usually called the “event tree”: This Project is funded by the European Union Project implemented by Human Dynamics Consortium For the purpose of safety report scenarios the End points indicated may be used. Hazard Endpoint value Toxic load ERPG - 2 or AEGL-2 Heat radiation 1.6 8 or 39 kW/m2 Explosion pressure 0.1 or 0.05 bar The Emergency Response Planning Guideline (ERPG) values are intended to provide estimates of concentration ranges where one reasonably might anticipate observing adverse effects as described in the definitions for ERPG-1, ERPG-2, and ERPG-3 (= life threatening) as a consequence of exposure up to 1 hr to the specific substance. AEGL = Acute exposure guideline levels (1 – 3) This Project is funded by the European Union Project implemented by Human Dynamics Consortium CONSEQUENCE EVENT TREE FOR A FLAMMABLE PRESSURELIQUEFIED GAS – INSTANTANEOUS RUPTURE Chart Title Pressureliquefied Gas Instantaneous Tank Rupture Immediate ignition BLEVE Instantaneous Cloud/ Pool Evaporation Dispersion Near miss This Project is funded by the European Union Ignition and detonation Explosion Delayed Ignition Flash fire Project implemented by Human Dynamics Consortium EXAMPLE BLEVE This Project is funded by the European Union Project implemented by Human Dynamics Consortium Results of this modelling exercise are expressed in terms of severity of (potential) impact. For safety reports, potential impact is commonly defined in terms of human health, although relative property or environmental damage may also be presented. Two main approaches are used to measure severity of impact: • the damage probit curve (impact related to a probability that certain damage (physiological or material) will occur) • fixed damage thresholds. ( links specific impacts, such as the onset of death or serious injury, to specific level and time of exposure). Threshold levels for accidental airborne releases of toxic substances, static or dynamic thermal radiation, and overpressure have been calculated by various expert groups This Project is funded by the European Union Project implemented by Human Dynamics Consortium This Project is funded by the European Union Project implemented by Human Dynamics Consortium HARMONISED MODEL NETHERLANDS SAFETI Dutch study revealed that different QRA software packages often give very different results. Safeti has been selected as the QRA model for the Netherlands The risk tool SAFETI calculates the individual risk (risk at specific location) and societal risk (risk to overall population) of accidental releases of toxic or flammable chemicals to the atmosphere. This calculation includes consequence modelling (discharge and atmospheric dispersion, toxic effects, flammable effects) and subsequent risk modelling. This Project is funded by the European Union Project implemented by Human Dynamics Consortium This Project is funded by the European Union Project implemented by Human Dynamics Consortium Individual risk contours around a hazardous establishment and the area affected by an individual accident scenario. (ref Jongejan et al 2010) This Project is funded by the European Union Project implemented by Human Dynamics Consortium The Dutch societal risk criterion for hazardous establishments and a fictitious FN-curve. The Dutch societal risk criterion of 10−3/n2 per installation per year was initially developed for LPGfuelling stations. It was later applied to all Seveso establishments. This Project is funded by the European Union Project implemented by Human Dynamics Consortium HARMONISED MODEL NETHERLANDS SAFETI STEL 35 ppm IDLH 500 ppm STEL = Short term exposure limit IDLH = Immediate Dangerous to Life and Health This Project is funded by the European Union Project implemented by Human Dynamics Consortium HARMONISED MODEL NETHERLANDS SAFETI Source:QRA’s FOR DUTCH INSTALLATIONS IChemE SYMPOSIUM SERIES NO. 153 2007 This Project is funded by the European Union Project implemented by Human Dynamics Consortium This Project is funded by the European Union Project implemented by Human Dynamics Consortium This Project is funded by the European Union Project implemented by Human Dynamics Consortium Ref. Robert Plarina Netherlands Ministry of Environment This Project is funded by the European Union Project implemented by Human Dynamics Consortium Applicable to type of facility Effect studied Criteria corresponding to first deaths Criteria corresponding to first irreversible effects BLEVE Liquefied flammable gases Thermal Radiation 5 KW/m2 3 kW/m2 UVCE Liquefied flammable gases Overpressure 140 mbar 50 mbar Total instantaneous LOC Vessels with toxic gases (liquefied or not) Toxic Dose Based on LC1 and exposure time Based on IDLH and exposure time Catastrophic rupture of the largest pipeline Q highest mass out low Toxic gas installations (containment designed to resist external damage or internal reaction) Toxic Dose Based on LC1 and exposure time Based on IDLH and exposure time Fire in the largest tank Explosion of the gas phase in fixed roof tanks Fireball and projection of burning product due to boilover Large vessels containing flammable liquids Thermal Radiation Overpressure Missile projection 5 KW/m2 3 kW/m2 140 mbar 50 mbar Explosion of the largest mass of explosive present or explosion due to a reaction Storage or use of explosives Thermal Radiation Overpressure Missile projection 5 KW/m2 3 kW/m2 140 mbar 50 mbar Scenario __________________________________________________________________________________ Ref. G. Papadakis SEVESO SERVIA June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLE OF CONSEQUENCE ZONES CRITERIA (LPG) Type of Consequence DOMINO effects 37.5 KW/m2 700 mbar Serious and non recoverable damage to the structures and the walls of buildings ZONE I ( Internal Zone) Protection Zone of Response Teams ZONE I 15 KW/m2 350 mbar Damage to the structures and the external walls ZONE ΙΙ (Intermediate Zone ) Protection of Public – Serious Consequences ZONE ΙΙ 6 KW/m2 140 mbar Damage to the doors and windows, light ruptures in walls ZONE ΙΙΙ (External Zone) Protection of Public – Considerable Consequences ZONE ΙΙΙ 3 KW/m2 50 mbar __________________________________________________________________________________ Ref G. Papadakis SEVESO SERVIA June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium EXAMPLE OF CONSEQUENCE ZONES CRITERIA (TOXIC CLOUD) Type of Consequence ZONE I ( Internal Zone) Protection Zone of Response Teams ZONE ΙΙ (Intermediate Zone ) Protection of Public – Serious Consequences ZONE ΙΙΙ (External Zone) Protection of Public – Considerable Consequences DOMINO effects -ZONE I LC50 ZONE ΙΙ LC1 ZONE ΙΙΙ IDLH __________________________________________________________________________________ Ref. G. Papadakis SEVESO SERVIA June 2013 This Project is funded by the European Union Project implemented by Human Dynamics Consortium RISK MANAGEMENT IN EUROPE “Generic distances” based on environmental impact in general (noise, smell, dust, etc.). Consequence based (”deterministic” or ”Qualitative”) Safety distances are based on the extent of consequences (effects) of distinct accident scenarios (“worst case” or ”reference” scenarios). Risk based (”probabilistic” or ”Quantitative”) Quantitative risk analysis (QRA) includes an analysis of all relevant accident scenarios with respect to consequences and likelihood (expected frequency), and results in calculated values of individual risk and societal risk, which can be compared with acceptance criteria. This Project is funded by the European Union Project implemented by Human Dynamics Consortium NOTE SEVESO III ANNEX II – Safety Report Identification and accidental risks analysis and prevention methods: (c) review of past accidents and incidents with the same substances and processes used, consideration of lessons learned from these, and explicit reference to specific measures taken to prevent such accidents; This Project is funded by the European Union Project implemented by Human Dynamics Consortium C. Description of technical parameters and equipment used for the safety of installations The safety report should discuss general criteria assumed (i.e. best available technology, good engineering practice, quantitative risk criteria) and include reliability of components, functional calculations, compliance declarations etc Prevention, control and mitigation measures of a hazardous installation may include: • process control system including back ups; • fire and explosion protection systems vapour screens, emergency catch pots or collection vessels, and emergency shut-of valves; • alarm systems including gas detection; • automatic shut down systems etc. This Project is funded by the European Union Project implemented by Human Dynamics Consortium ESSENTIAL ELEMENTS OF A SAFETY REPORT Note: Structure is according to ANNEX II SEVESO II; In practice structure of Safety reports is not followed exactly This Project is funded by the European Union Project implemented by Human Dynamics Consortium V. MEASURES OF PROTECTION AND INTERVENTION TO LIMIT THE CONSEQUENCES OF AN ACCIDENT A. description of the equipment installed in the plant to limit the consequences of major accidents; B. organization of alert and intervention; C. description of resources that can be mobilised, internal or external; D. summary of elements described in a, B, and C above necessary for drawing up the internal emergency plan prepared in compliance with Article 11. This Project is funded by the European Union Project implemented by Human Dynamics Consortium The safety report should also clearly include information which identifies any key mitigation measures resulting from the analysis that are necessary to limit the consequences of major accidents, as referred to in Annex II, part V of the Directive, namely: • description of the equipment installed in the plant to limit the consequences of major accidents; • organisation of alert and intervention; • description of resources that can be mobilised, internal or external; • summary of elements described above necessary for drawing up the internal emergency plan. This Project is funded by the European Union Project implemented by Human Dynamics Consortium A. Description of equipment A description of equipment installed in the plant to limit the consequences of major accidents should be provided. This list should include an adequate description of the circumstances under which the equipment is intended for use. NOTE SEVESO III ANNEX II – Safety Report (a) description of the equipment installed in the plant to limit the consequences of major accidents for human health and environment, including for example detection/protection systems, technical devices for limiting the size of accidental releases, including water spray; vapour screens; emergency catch pots or collection vessels; shut-off- valves; inerting systems; fire water retention; This Project is funded by the European Union Project implemented by Human Dynamics Consortium B. Organisation of alert and intervention The organisation for alert and intervention should be adequately described. This description should include: • organisation, responsibilities, and procedures for emergency response; • training and information for personnel and emergency response crews; • activation of warnings and alarms for site personnel, external authorities, neighbouring installations, and where necessary for the public; • identification of installations which need protection or rescue interventions; • identification of rescue & escape routes, emergency refuges, sheltered buildings, and control centres; • provision for shut-off of processes, utilities and plants with the potential to aggravate the consequences. This Project is funded by the European Union Project implemented by Human Dynamics Consortium C. Description of resources that can be mobilised The report should contain an adequate description of all relevant resources which will need to be mobilised in the event of a major accident. This report should include: • activation of external emergency response and co-ordination with internal response; • mutual aid agreements with neighbouring operators and mobilisation of external resources; • resources available on-site or by agreement (i.e. technical, organizational, informational, first aid, specialized medical services, etc.). NOTE SEVESO III ANNEX II – Safety Report (d) description of any technical and non-technical measures relevant for the reduction of the impact of a major accident This Project is funded by the European Union Project implemented by Human Dynamics Consortium References Guidelines on a Major Accident Prevention Policy and Safety Management System,as required by Council Directive 96/82/EC (SEVESO II). Neil Mitchison & Sam Porter (Eds.) ISBN92-828-4664-4 Guidance on the preparation of a Safety Report to meet the requirements of Directive 96/82/EC as amended by Directive 2003/105/EC (SEVESO II). Luciano Fabbri, Michael Struckl and Maureen Wood (Eds.), 2005. ISBN 92-79-01301-7 Planning for Emergencies Involving Dangerous Substances for Slovenia. Final Report. Contract no: SL-0081.0011.01. 28 February 2012. I.van der Putte: Regional Environment Accession Project (REAP). Nethconsult/BKH Consulting Engineers/RPS. Subcontractors: AEA Technology, URS/Dames & Moore, EPCE, Project Management Group, REC Hungary This Project is funded by the European Union Project implemented by Human Dynamics Consortium