• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Rtb wkplace health, safety & risk 2010 v f 01 12-10
 

Rtb wkplace health, safety & risk 2010 v f 01 12-10

on

  • 1,368 views

errrr

errrr

Statistics

Views

Total Views
1,368
Views on SlideShare
1,368
Embed Views
0

Actions

Likes
0
Downloads
52
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • ACCIDENT Investigate accident - process and outcome steered by the preconceptions of the investigator about accident causation Attribute primary cause to shortco mings in the behaviour of the injured person (unsafe acts) Devise a RULE forbidding the recurrence of the unsafe acts Attribute primary cause to shortcomings in the physical environment (unsafe conditions) Devise a TECHNICAL solution to make the conditions safe
  • Notes
  • The International Nuclear Safety Advisory Group (IAEA 1991) has defined safety culture: “ Safety culture is that assembly of characteristics and attitudes in organisations and individuals which establishes that, as an overriding priority, nuclear plant safety issues receive the attention warranted by their significance.” They suggest that “the definition relates Safety Culture to personal attitudes and habits of thought and to the style of organizations.” They go on to say: “ A second proposition then follows, namely that such matters are generally intangible ; that nevertheless such qualities lead to tangible manifestations ; and that a principal requirement is the development of means to use the tangible manifestation to test what is underlying .” my italics] INTERNATIONAL NUCLEAR SAFETY ADVISORY GROUP. Safety culture. Safety Series , 1991, 75-INSAG-4 (IAEA, Vienna)
  • Notes More detailed information about the key requirements of the Regulations is given in the Resource Materials starting at page RM4.
  • Notes More detailed information about the key requirements of these Regulations is given in the Resource Materials starting at page RM7.
  • Notes More detailed information about the key requirements of these Regulations is given in the Resource Materials starting at page RM7.

Rtb wkplace health, safety & risk 2010 v f 01 12-10 Rtb wkplace health, safety & risk 2010 v f 01 12-10 Presentation Transcript

  • Workplace Health, Safety and Risk EC214C
    • Health & safety management,
    • risk assessment and incident investigation
    • (Final Version)
    • Professor Richard Booth
    • December 2010
  • Contact details
    • Prof Richard Booth
    • [email_address]
    • Mobile: 07973 333 289
      • Only in emergency
      • Text messages best ‘first time’
      • Give name; module
  • Module Objectives
    • Principles of health and safety (H&S) management, evolution, effectiveness factors
    • Foundations for risk assessment
    • Assess risks: workplaces, processes, work equipment
      • Basic and advanced methods
    • Incident investigation
  • Module documents
    • Power Point notes
    • BS 8800:1996 ‘Guide to occupational health and safety management systems’, Annex on ‘Risk assessment’
    • ‘ Occupational Safety’ handout
    • ‘ Events and Causal Factors Analysis’ (ECFA) cases
  • Content
    • Module introduction (now)
    • Shortcomings of reactive H&S management
    • Accident causation/prevention:
      • human errors & violations
      • latent and active failures
      • perceptions of risk
  • Content
    • Risk Assessment Foundations
      • H&S management systems
      • H&S ‘culture’ and measurement
    • Risk assessment methodologies
    • Risk decision-making (tolerability)
    • Incident investigation / analysis
    • 40% Assessed Course Work
      • Two pieces
    • 60% two-hour examination
      • Six questions in two equal sections; answer three, at least one from each section
    • May take material out of sequence in order to set ACW soon
    Assessment
  • 2010 ACW (RTB) – advance information (may be an addition)
    • Risk Assessment
    • Prepare a ‘suitable and sufficient’ risk assessment of an activity
      • Must cover both analysis of risks and selection of preventive measures
      • Decide is risk with precautions is tolerable
      • Should satisfy statutory requirements
      • Starting point should be Risk Assessment Annex of BS8800: 1996
      • Choice of activity to be assessed is yours, though consult me as to suitability of your proposal
  • 2010 ACW
    • Risk Assessment: examples
    • Operation, adjustment and maintenance of a (workshop) machine
    • Changing a vehicle’s flat tyre on a motorway hard shoulder
    • Acting as a security officer (bouncer) at a place of entertainment
    • Work at heights:
      • Painting windows on the second floor of a building
      • Mountain rescue (not just issues relating to heights)
    • Work in a ‘confined space’
    • Looking after a toddler or a very elderly and infirm person
    • Managing a school field trip
  • Basic steps in risk assessment Classify work activities Identify hazards Determine risk Decide if risk is tolerable Prepare risk control action plan Review adequacy of action plan
  •  
  •  
  •  
  •  
  •  
  •  
  • Labourer fatally injured in a Quarry Conveyor
    • 18-year old male employed as a labourer. He was sweeping a work area when he slipped on wet floor and fell into conveyor belt that was unguarded and in motion. He was asphyxiated as a result of being drawn into the conveyor
    • Conveyor fixed-guard removed by two fitters weeks before to carry out maintenance work; guard not replaced. Check carried out by a manager on the safety of the conveyor, and fitters told to replace the guard. This they did. Fitters not admonished
    • Conveyor guard was again removed by the same two fitters to carry out maintenance and was not replaced. No subsequent checks were carried out on the conveyor guard before accident
  •  
  • Quarry conveyor – causal factors
    • The deceased
    • Fellow workers
    • Supervisors and managers
    • The Quarry Company
    • Management of safety
      • Risk assessment
    • [Supplier of conveyor (no guard)]
  • Lessons to be learnt
    • Technical shortcomings
    • Human failures: ‘unintended’ errors; risk-taking ‘violations’
    • Active and latent failures
    • Risk assessment
    • Safety procedures
    • Legal issues
  • Traditional, reactive, approach to health & safety management
    • Do nothing until serious harm occurs
    • Search for cause (superficially and with pre-conceptions)
    • Debate: cause unsafe act or unsafe condition?
    • Solution: rule / technical fix to prevent recurrence
  • Traditional Safety Management ACCIDENT Investigate accident - steered by the preconceptions of the investigator Attribute primary cause to unsafe acts Attribute primary cause to unsafe conditions RULE devised forbidding unsafe acts TECHNICAL solution to make conditions safe
  • Causation debate missed:
    • Single primary accident cause gross over-simplification
    • Contribution of conditions and behaviour in prevention
    • Latent (decision) failures - not just active failures – and also different failure ‘types’
  • Prevention founded on accident investigation
    • Controls devised in this way may:
    • Fail to remedy shortcomings in management systems
    • Conflict with each other
    • Become obsolete
    • Conflict with needs to get job done
    • Be over-zealous (OTT)
  • Time Perception of risk Perceptions of risk and prevention
  • Time Perception of risk Serious accident Perceptions of risk and prevention
  • Time Perception of risk Serious accident Rules and safeguards devised here may be violated when perceptions decay over time Perceptions of risk and prevention
  • Accident causation
    • Multi-causality
    • Active and Latent failures (‘resident pathogens’ metaphor)
    • Events and outcomes; accident ‘triangle’
    • Behaviour in the face of danger
    • Reason’s classification Skill-, rule- and knowledge-based errors, and violations
    • Hazard identification, risk assessment, preventive action
  • Events and Outcomes ws Near miss Hazard Fatality Property damage Major injury Minor injury Event Accident             Incident OUTCOME Environmental damage
  • The Accident Triangle Major or >3 day injury Minor injury Non injury 189 7 1
  • Hale and Hale Model – behaviour in the face of danger Action Presented Information Expected Information Perceived Information Possible Actions Cost / Benefit Decision
  • Human Failure Knowledge- based Rule-based Lapses Slips Exceptional Skill-based (unintended) Errors Situational Mistakes (intended action * ) Routine Violations (intended) * But unintended diagnostic error Reason’s error type classification - ve Safety Culture
  •  
  •  
  •  
  • Mini assignment
    • From your own experience, provide a brief description of an incident associated with each of the Human Failure categories proposed by James Reason
    • Clue: start with incidents then seek to categorise them, not the other way round
    • Some incidents may involve several failure categories
    • Discussion (and hand in if feedback wanted) in one/two weeks
  • Initial Status Review OHS Policy Management Review Planning Checking & corrective action Implementation & operation Continual improvement
  • The Main Elements in HSG65 Organising Planning and Implementing Measuring Performance Policy Reviewing Performance Auditing
  • Management system BS 18004: 2008 Initial Status Review OHS Policy Management Review Planning Checking & corrective action Implementation & operation Continual improvement
  • Safety management & culture
    • Management system crucial, but:
      • Organisation’s safety procedures may look well-considered, but reality: sullen scepticism / false perceptions of risk
      • Critical point: not the apparent adequacy of safety procedures; it’s the perceptions and beliefs that people hold about them
  • Reactive to Proactive - Safety Improvement Stages Risk Indicators Time & Effort Safety Culture Regulation Lead Management Lead People Lead
  • Definition of Safety Culture HSG65 ‘97
    • “ The safety culture .... is product of individual and group values, attitudes , competencies , & patterns of behaviour that determine commitment to, & style & proficiency of, an organisation’s H&S programmes
    • Organisations with a positive safety culture characterised by communications founded on mutual trust , by shared perceptions of the importance of safety and by confidence in the efficacy of preventive measures”
  • British Standard BS8800: 2004
    • “ The extent to which organizations are successful in managing [safety] is heavily influenced by the leadership of [safety] by top management who regard it as a key business objective, and the active involvement of the work force and their representatives ”
  • Safety culture
    • What I think and know about safety
      • Attitudes and beliefs
      • Competence
    • What everybody else thinks about – and knows about – safety
    • What do we do , in practice?
      • Patterns of behaviour
    • (What we do depends on what others say and do)
  • What promotes a positive safety culture?
    • Good communications
    • High level of trust between staff – all levels
    • All staff encouraged to participate / be pro-active in improving safety performance
    • The commitment of everyone to the overall goals of the organization
    • Continual improvement (not ‘step’ change)
    • Safety ‘champions’
    • Care and concern
  • BS8800: 2004
    • Staff committed to aims of organization , & way organization is managed
    • Top management and senior staff demonstrate visible commitment
    • Senior staff / supervisors spend time discussing & promoting safety. Safety is managed with same determination as other key business objectives
    • Safety representatives carry out functions with active support of management
  • Anecdotes – culture
    • Communications in a Train Operating Company
      • Management perceptions
      • Office move
      • Locomotive windscreen wipers
      • Safety briefings
    • Nuclear power stations
    • BREL to privatisation
    • Two cases: rubber factory and catering contractors
  • Measuring safety culture
    • Informal discussions, feedback from briefings / tool box talks
    • Semi-structured questionnaire / interviews with groups / individuals
    • Organizational questionnaires
    • Attitude surveys of personnel within the organization
    • Observations of individual and group behaviours in practice
  • Positive safety culture objectives
    • Employees agree via communications founded on mutual trust that procedures:
      • founded on shared perceptions of hazards and risks
      • necessary and workable
      • will succeed in preventing accidents
      • prepared with consultation
      • subject to continual review
    • Risk Assessment
  • Risk Assessment Law
    • Most UK risk assessment legislation based on EU directives
    • More explicit that underpinning law: Health and Safety at Work Act 1974
    • Every employer: Management of Health and Safety at Work Regulations 1999
    • Hazard-specific Regulations
    • Industry-specific Regulations
  • Management of Health & Safety at Work Regulations
    • regulation 3:
      • reg 3(1) “Every employer shall make a suitable and sufficient assessment of risks to employees and others for the purpose of identifying the measures he needs to take to comply with the requirements and prohibitions imposed upon him … ”
      • reg 3(3) Review assessments: validity; significant change
      • reg 3(4) Five or more employees: record significant findings
  • Hazard-specific regulations
    • The Control of Substances Hazardous to Health Regulations 2005 (CBH)
    • The Noise at Work Regulations 2005
    • The Provision and Use of Work Equipment Regulations 1998 (PUWER)
    • The Supply of Machinery (Safety Regulations) 1992
    • The Manual Handling Operations Regulations 1992
    • The Lifting Operations and Lifting Equipment Regulations 1998
  • Industry-specific regulations
    • Nuclear Installations Regulations 1971
    • Control of Major Accident Hazards (COMAH) 1999 [2005]
    • Offshore Installations (Safety Case) Regulations 1992
    • Railways and Other Guided Transport Systems (Safety) Regulations (ROGS) 2006
    • Construction (Design & Management) Regulations (CDM) 2007
  • Basic steps in risk assessment Classify work activities Identify hazards Determine risk Decide if risk is tolerable Prepare risk control action plan Review adequacy of action plan
  • Key terms
    • Hazard
      • source of potential harm, or situation with potential for harm
    • Risk
      • combination of likelihood and consequences of a specified hazardous event, or
      • statistical probability of a defined hazardous event
  • Types of assessment – note overlap
    • Continuing (dynamic) risk assess-ment (informal; usually no records)
    • Systematic, documented, qualitative assessment of ‘general workplace hazards’ (BS 8800: 1996 BS18004: 2008)
    • Machinery risk assessment (EN 292)
    • Substances and Energies (CBH)
    • ‘ Major hazards’ risk assessment – quantitative (PRA / QRA)
    • Starting point: task or process
    • Risk assessment
    • for ‘General Workplace Hazards’
    • BS 8800: 1996 Annex D
    • Tasks : location; duration; frequency; personnel
    • Controls in place : training; systems work; hardware
    • Machinery; tools : instructions
    • Manual handling : size, shape, weight
    • Substances : physical form; data sheets
    • Measurements : reactive (lagging) monitoring data
    Classify work activities
    • Is there a source of harm?
    • Who (or what) could be harmed?
    • How could harm occur?
    • Hazards prompt-list, eg:
      • Slips / falls: on level or from height
      • Violence
      • Substances: inhaled, ingested, skin absorption
      • Repetitive work (WRULDs)
    Identify hazards
    • Severity of harm
      • Slightly harmful: minor cuts / bruises; temporary discomfort
      • Harmful: concussion, minor fractures; deafness; asthma
      • Extremely harmful: amputations; fatalities; occupational cancer
    • Likelihood of harm
      • Highly unlikely
      • Unlikely
      • Likely
    • Assess adequacy of controls
    Determine risk
    • Frequency / duration of exposure & numbers at risk
    • Failures of services, machine parts, safety devices
    • Protection from PPE
    • Human failures - unintended errors or intentional violations of procedures
    • Rough probability: ‘once in ten years?’ (BS 2004)
    Determine risk
    • Use risk level estimator
    • Risks classified according to estimated likelihood and potential severity of harm
    • Reasonable starting point
    • Numbers may be used to describe risk levels (no greater accuracy)
    Decide if risk is tolerable
  • Risk level Estimator Highly Unlikely Likely Unlikely Harmful Slightly Harmful Extremely Harmful TRIVIAL RISK MODERATE RISK MODERATE RISK MODERATE RISK SUB- STANTIAL RISK INTOLERABLE RISK TOLERABLE RISK TOLERABLE RISK SUB- STANTIAL RISK
    • (Note that risk matrix should strictly be non judgmental)
    • Control effort and urgency proportional to risk level
    • Inventory of actions, in priority order, to devise maintain or improve controls
    Prepare risk control action plan
  • Risk-based control plan RISK LEVEL ACTION (AND TIMESCALE) TRIVIAL No action, no records TOLERABLE No further action necessary: monitor to ensure controls maintained MODERATE Efforts to reduce risk, but costs of prevention should be limited SUBSTANTIAL Urgent efforts to reduce risk: reduction costs may be high INTOLERABLE Work should not be started or continued until risk reduced: no cost constraints for prevention
    • Controls - consider, eg:
    • Eliminate hazards?
    • Protect everyone?
    • Blend of technical controls and procedures?
    • Planned maintenance?
    • PPE should be last resort
    • Pro-active measurement indicators part of plan (leading indicators)
    Prepare risk control action plan
    • New controls: tolerable risk levels?
    • But, new hazards created?
    • Most cost-effective solution?
    • Peoples’ views: need for and practicality of controls?
    • Used in practice, not ignored in face of work pressures?
    • Continual review, and revise if necessary
    Review adequacy of action plan
  • Critique of three-point scales
    • Three point scales
      • Likelihood
      • Severity
    • Can cause problems
      • Disproportionate number “medium”
      • Lack of adequate discrimination
    • Skewed towards less serious outcomes
  • Likelihood of Hazardous Event
    • Rating 1 = Negligible (zero to extremely low)
    • Rating 2 = Very unlikely
    • Rating 3 = Unlikely
    • Rating 4 = Likely
    • Rating 5 = Very likely
    • Rating 6 = Almost certain
    • Remember to rate hazardous event
  • Rate Hazardous Event
    • Important to rate likelihood of hazardous event
      • Not likelihood of the event
      • Not likelihood of someone getting hurt
    • For example
      • Lifting very light load from desk
      • People falling
      • People touching live cables
    • Judgement and knowledge at time
      • Subjective
      • Not absolute (see later)
  • Severity
    • Rating 1 = Minor injury, first aid injury
    • Rating 2 = Lost time accident - up to 3 day
    • Rating 3 = “over 3 day” injury
    • Rating 4 = Major injury
    • Rating 5 = Disabling injury
    • Rating 6 = Fatality
    • Select most likely outcome - not worst case
  • Assessing Risks
    • Both likelihood & severity subjective estimates: might be challenged by ‘wisdom’ of hindsight if things go wrong
    • Calculating risk
      • Multiply likelihood and severity
      • High risk, high priority
      • Reduce to lowest reasonable number
      • Likelihood and severity independent
      • Can band risk
  • Risk Matrix
    • Use matrix
    • Previously only 6 levels of risk (1 to 9)
      • Banded into three bands
    • Now 18
      • Can be banded, eg six bands
  • Risk Matrix Extreme 36 30 24 18 12 6 6 Very high 30 25 20 15 10 5 5 High 24 20 16 12 8 4 4 Low 18 15 12 9 6 3 3 Very low 12 10 8 6 4 2 2 Insignificant 6 5 4 3 2 1 1 Risk levels 6 5 4 3 2 1 Likel ihood Severity
  • Risk Control
    • Two topics
    • Reducing risks – Workplace precautions (RCMs)
    • How RCMs are maintained - Risk Control Systems
  • Deciding on Risk Reduction
    • Depends on two main factors
      • Absolute level of risk
      • How easy it is to reduce the risk
    • Reduce risk
      • So far as is reasonably practicable (ALARP)
      • Used widely in UK legislation
    • The higher the risk the more resources devoted to reducing it
    • Extreme risk - consider stopping task
    • But do not include ‘unforeseeable’ outcomes (despite hindsight)
  •  
  •  
    • Advanced Risk Assessment Methodologies
  • ‘ Advanced’ Risk Assessment
    • ‘ Major Hazard’ industry-specific Regulations (ie, not CDM)
    • Quantification of risk
    • Human / organisational failures crucial – hence detailed ‘Safety Case’
    • Ideal for 1960s technologies
    • Serious concern: programmable electronic systems in process etc control
  • Advanced Risk Assessment Techniques
    • Hazard and Operability Studies (HAZOPS)
    • Failure Modes & Effects Analysis (FMEA)
    • Event Tree Analysis (ETA)
    • Fault Tree Analysis (FTA)
    • Human Reliability Analysis (HRA)
    • Cost Benefit Analysis (CBA)
  • Steps in advanced risk assessment Cost-Benefit Analysis DEFINE SYSTEM IDENTIFY HAZARDS HAZARDOUS EVENTS HAZARDS EVENTS CONTINUING HAZARDS ANALYSE CONSEQUENCES DECIDE RISK CONTROL STRATEGY VERIFY ESTIMATE/ MEASURE RISKS EVALUATE RISKS NO CHANGE (MONITOR) YES NO IS RISK TOLERABLE? Task-based approach HAZOPS FMEA CHECK-LIST Event Tree Analysis Fault Tree Analysis Event Tree Analysis C Hierarchy Risk Matrix or Risk Calculator 1 in 10 ,000 1 in 1m QRA
  •  
  •  
  •  
  •  
  • Hazard and Operability Studies ‘HAZOPS’
    • HAZOPS is a qualitative type of analysis, based on a multi-disciplinary team approach
    • Methodology stimulates the imagination through ‘active’ structured lateral thinking
    • Open ended procedure which relies on ‘brain-storming’
  • Principle of HAZOPS INTENTION DEVIATIONS Possible Causes Potential Consequences
  • HAZOPS Methodology
    • Define objective of the study
    • Principles of examination:
      • Divide process/activity into sections, eg, pipes/ tanks. Identify the precise design intention, eg, flow rate/min
      • Identify how deviations from intention are caused: use of guide words
      • Analyse the consequences for each deviation
  • HAZOPS Methodology
    • Principles of examination:
      • Decide what actions are required to control risks
        • actions to prevent deviations by design (priority), and/or
        • actions to mitigate the consequences
      • Review the system after modifications
  • NO MORE LESS OTHER THAN GUIDE WORDS Principle of HAZOPS INTENTION DEVIATIONS Possible Causes Potential Consequences Inductive logic Deductive logic
    • property words HAZOPS
      • eg. flow, temperature, pressure
    • guide words
      • NO or NOT Complete negation: intentions
      • MORE Quantitative increase
      • LESS Quantitative decrease
      • AS WELL AS Qualitative increase
      • PART OF Qualitative decrease
      • REVERSE Logical opposite: intention
      • OTHER THAN Complete substitution
    possible causes process deviations possible consequences
  • Guide Words Property
    • No
    • More
    • Less
    • As well as
    • Other than
    • Part of
    • Reverse
    • Flow
    • Temperature
    • Pressure
    • Level
    • Composition
    • Etc
  • Typical problems revealed with guide words
    • No Flow
      • Blockage; pump failure, valve closed or jammed; leak; suction vessel empty;
    • Reverse Flow
      • Pump failure; NRV failure or wrongly inserted; wrong routing; delivery over pressurised; pump reversed
    • More Flow
      • Surging; valve stuck open; leak
  • Typical problems revealed with guide words
    • Less Flow
      • Partial pump failure; leak; partial blockage
    • More Temp, More Pressure
      • External fires; blockage; reaction; explosion; valve closed; loss of level in heater; hot ambient temp
    • Less Temp, Less Pressure
      • Heat loss; vaporisation; ambient conditions; rain
  • Typical problems revealed with guide words
    • More Than (Impurities)
      • Ingress of contaminants, eg, water, air, lube oils; corrosion products
    • Part Of (Composition)
      • High or low concentration of mixture; additional reactions in reactor or other location; feed change
    • Other Than (Normal operation)
      • Start-up and shutdown of plant; corrosion; emergencies; failure of power, water, fuel, steam, air or inert gas
  • Exercises Metal cleaning shop
  • Metal cleaning shop Design intention
    • Inside tank ‘T-1’: 300 gallons toluene, heated to constant 80 degrees C
    • Outside tank ‘T-2’: 500 gallons toluene stored under ambient conditions
    • Line between T-1 and T-2: constant flow at 10 gallons/minute
    • Local Extract Ventilation ‘LEV’: constant face velocity = 5 m/sec
  • Divide system into lines & tanks Local Extract Ventilation Design intention: to provide constant face velocity 5m/sec Fan Filters Face velocity 5 m/sec
  • No Flow Power fails Increased None A Consider emergency concentration power supply
  •  
  • HAZOP WORK-SHEET Storage tank T-1 To store flammable reagent at 1.1 bar and 20° C G UIDE W ORD PROPERTY P OSSIBLE C AUSES C ONSEQUENCES A CTION R EQUIRED MORE LEVEL 1. Pump P-1 fails to stop Reagent released Incorporate high level alarm and trip 2. Reverse from process Reagent released Consider check valve Line 2 LESS 3. Pump P-1 cavitates Damage to P-1 Can reagent explode? If pump overheats? 4. Rupture in Line 2 Reagent released Consider alarm and pump shut-down 5. V-3 open Reagent released Consider alarm 6. V-1 open Same Same 7. Tank rupture Same What external events can cause rupture? NO Same as LESS OTHER THAN COM – 8.Wrong reagent Possible reaction Is reagent sampled before POSITION pumping ? AS WELL AS 9.Impu rity in reagent Possible overpressure, if What are the possible volatile impurities? LESS PRESSURE 10. Break in flare or Reagent released Consider low pressure alarm nitrogen lines 11. Loss of nitrogen Tank implodes What i s design vacuum of tank ? 12. CV-2 fails closed Tank implodes 13. PIC fails Tank implodes MORE 14. PIC fails Reagent released via R.valve What is capacity of CV-1 R. valve? 15. CV-1 fails closed Reagent released via Relief 16. V-7 c losed Same as (15) Is V-7 locked open? 17. Overfill tank See (6) Is V-8 locked open?
  • Failure Modes and Effects Analysis ‘FMEA’
    • An inductive technique to identify systematically potential hardware failure modes and analyse their consequences
    • Technique based on reliability technology
    • Analyses risk in semi-quantitative or quantitative form
  • Steps in advanced risk assessment Cost-Benefit Analysis DEFINE SYSTEM IDENTIFY HAZARDS HAZARDOUS EVENTS HAZARDS EVENTS CONTINUING HAZARDS ANALYSE CONSEQUENCES DECIDE RISK CONTROL STRATEGY VERIFY ESTIMATE/ MEASURE RISKS EVALUATE RISKS NO CHANGE (MONITOR) YES NO IS RISK TOLERABLE? Task-based approach HAZOPS FMEA CHECK-LIST Event Tree Analysis Fault Tree Analysis Event Tree Analysis C Hierarchy Risk Matrix or Risk Calculator 1 in 10 ,000 1 in 1m QRA
  •  
  • FMEA analytical procedure
    • Break down system /machine /equipment to component level
    • Describe how many ways a component can fail (failure modes). These include:
      • fail to operate at prescribed time
      • fail to cease operation at prescribed time
      • premature operation
  • FMEA analytical procedure
    • Analyse the effects of each failure mode
    • Determine how serious each failure mode is (ranking order)
    • Decide which failure modes will result in intolerable risks
    • Recommend corrective/ preventive actions to reduce risks by design
  • Example: Chlorine storage system Pressure switch Storage tank Relay Pump Valve PT
  • Details of pressure switch design Pressure Bellows Micro-switch Pivot Spring Beam PRESSURE SWITCH Pressure switch Storage tank Relay Pump Valve PT
  • Details of the transmitter design: Normally Open relay Pressure switch Storage tank Relay Pump Valve PT
  • FMEA: estimation and evaluation of risks A B C D E I II III IV Probability level Medium Medium risk risk High risk High risk RP1 RP1 RP3 RP3 Low risk Low risk RP2 RP2 Medium Medium risk risk Severity Category A B C D E Probability level 10 -1 10 -2 10 -3 10 -4 10 -5 Description I II III IV Severity category Minor Critical Major Catastrophic Degree Functional failure – minor injury/ ill health No major damage or serious injury Major damage and/or potential serious injury Complete system loss and/or potential fatality Description Probability value Frequent Probable Occasional Remote Improbable
  •  
  • FMEA: worksheet
  • FMEA: summary sheet Rank failure modes according to criticality; Decide actions required to reduce risks; Design measures should be considered as a priority
  • Normally open (NO) cam-activated electrical switch Guard Guard closed closed Guard Guard open open Hazard Hazard
  • Normally closed (NC) cam-activated electrical switch Guard Guard closed closed Guard Guard open open Hazard Hazard
  • Cam operated electrical limit switches
  • Event Tree Analysis ‘ETA’
    • Inductive technique to analyse systematically the consequences of an event, action or decision
    • Based on decision trees which uses binary logic
    • Begins with an initiating or triggering event and follows through potential scenarios (outcomes)
    • Technique for the quantification of risks
  • Steps in advanced risk assessment Cost-Benefit Analysis DEFINE SYSTEM IDENTIFY HAZARDS HAZARDOUS EVENTS HAZARDS EVENTS CONTINUING HAZARDS ANALYSE CONSEQUENCES DECIDE RISK CONTROL STRATEGY VERIFY ESTIMATE/ MEASURE RISKS EVALUATE RISKS NO CHANGE (MONITOR) YES NO IS RISK TOLERABLE? Task-based approach HAZOPS FMEA CHECK-LIST Event Tree Analysis Fault Tree Analysis Event Tree Analysis C Hierarchy Risk Matrix or Risk Calculator 1 in 10 ,000 1 in 1m QRA
  • Fire protection system
    • Event Tree can be used to calculate the reliability of the fire protection system
    • The protection system consists of:
      • smoke detector
      • audible alarm
      • drench valve
      • sprinkler (water system)
  •  
  • “ FIRE” “ FIRE” Fails Fails Success Major Major Fire A A B B C C D D E E Initiating event Detector Valve Water  supply  Success Success Alarm Major fire Major fire Possible fatalities Possible fatalities Sprinkler might Sprinkler might work work Evacuation of Evacuation of personnel personnel No sprinkler No sprinkler protection protection
  • Quantification of Event Trees
    • Allocate probability to each event
      • Note binary logic
    • Multiply probabilities along each branch
  • “ FIRE” “ FIRE” Fails Fails Success P = 0.1 P = 0.1 P = 0.90 P = 0.05 P = 0.05 P = 0.95 P = 0.9 P = 0.1 P = 0.1 P = 0.95 P = 0.05 P = 0.05 P=0.731 Evacuation of Evacuation of personnel personnel No sprinkler No sprinkler protection protection P=0.1 Major fire Possible fatalities Sprinkler might work Major Fire A A B B C C D D E E Initiating Event Detector Valve Water  supply  Success Success Alarm
  • Calculation of risk
    • In order to calculate the level of risk, it is essential to estimate the frequency of ‘FIRE’
    • Multiply this frequency by final probability of each branch of tree
    • Can calculate Individual Risk, if the proportion of time exposed & vulnerability known/estimated
  • Major fire Possible fatalities Sprinkler might work Major Fire Initiating Event Detector Valve Water  sprinkler  Alarm ƒ = 0.1/yr ƒ = 0.0731 /yr ƒ = 0.01/yr “ FIRE” “ FIRE” Fails Fails Success P = 0.1 P = 0.1 P = 0.90 P = 0.05 P = 0.05 P = 0.95 P = 0.9 P = 0.1 P = 0.1 P = 0.95 P = 0.05 P = 0.05 Evacuation of Evacuation of personnel personnel No sprinkler No sprinkler protection protection A A B B C C D D E E Success Success
  • Fault Tree Analysis ‘FTA’
    • Deductive technique to identify combinations of events (causes) resulting in particular outcome (loss/accident)
    • Combines hardware failures and human error in the same study
    • Provides systematic basis for qualitative and quantitative measurement of risk
    • Useful technique for accident investigation and analysis
    • One of the most powerful risk management tools
  • Steps in advanced risk assessment Cost-Benefit Analysis DEFINE SYSTEM IDENTIFY HAZARDS HAZARDOUS EVENTS HAZARDS EVENTS CONTINUING HAZARDS ANALYSE CONSEQUENCES DECIDE RISK CONTROL STRATEGY VERIFY ESTIMATE/ MEASURE RISKS EVALUATE RISKS NO CHANGE (MONITOR) YES NO IS RISK TOLERABLE? Task-based approach HAZOPS FMEA CHECK-LIST Event Tree Analysis Fault Tree Analysis Event Tree Analysis C Hierarchy Risk Matrix or Risk Calculator 1 in 10 ,000 1 in 1m QRA
    • FTA
    Explosive concentration Temperature to ignite EXPLOSION Ignition source Energy to ignite AND 1st level 2nd level 3rd level OR OR OR OR TOP EVENT Heated surfaces Naked flame Electro- static Sparks generated
  • The ‘OR’ Gate ARRIVE LATE A WAKE UP LATE X DELAYED EN ROUTE Y INCORRECT TIME Z TOP EVENT (OUTPUT) INPUT EVENTS Event ‘A’ occurs if (at least) one of X OR Y OR Z occurs OR
  • The ‘AND’ Gate Event ‘A’ occurs if both X AND Y occur
  • FTA –lighting system Fuse Switch Bulb 1 Bulb 2 Power Source Room dark Power off Power supply failed Switch open Fuse Blown Both bulbs burned out Bulb 1 burned out Bulb 2 burned out
  • Risk Assessment Methodologies Human Reliability Analysis (HRA) Richard Booth
  • Machine/ P rocess CONTROLS Display H UMAN- M ACHINE I NTERFACE
  • Human error rates
  • Human Error as a function of stress level Error Rate Stress Level Bored Over-excited
  • Hierarchical Task Analysis ‘HTA’ A process of developing a description of a task in terms of operations - things which people should do and plans - statements of conditions when each task/step has to be carried out
    • Hierarchical Task Analysis
    • (HTA)
    Prepare a cup of medium sweet tea Prepare cup and tea bag 1 2 3 4 5 Switch ON kettle Pour boiling water on tea bag Add milk to correct concentration Add one spoon of sugar
  • Example: Wiring three-pin plug
    • Washing machine - no plug + no instructions
    • Old plug, three fuses: 3A, 5A and 13A
    • Three wires: blue, brown + yellow/green
    • Screw driver and Stanley knife
    • Task Analysis ‘HTA’
  •  
  •  
  • Hierarchical Task Analysis ‘HTA’ 0 WIRE A THREE PIN PLUG 1 PREPARE PLUG 2 PREPARE CABLE 3 4 TEST PLUG 2.1 CUT & STRIP OUTER CABLE SHEATH 2.2 2.3 CARRY OUT ASSEMBLY 3.2 3.3 3.4 SELECT AND FIT 13 Amp FUSE 3.5 TIGHTEN CABLE STRIP & REPLACE COVER Plan 0: do in order Plan 2: 1 then 2 then 3 Plan 3: 1,2,3,4 then 5 CUT & STRIP INDIVIDUAL WIRES AS MARKED TERMINATE ALL 3 WIRE STRANDS 3.1 FIT BLUE WIRE IN TERMINAL 1 & TIGHTEN SCREW FIT YELLOW WIRE IN TERMINAL 2 & TIGHTEN SCREW FIT BROWN WIRE IN TERMINAL 3 & TIGHTEN SCREW
  •  
  • Risk Decision-making
  • Tolerability decisions
    • Professional judgement
      • reliance on professionals to make risk decisions
    • Bootstrapping
      • what people tolerated in past: basis for future risk criteria
    • Cost-Benefit Analysis
      • decisions made by comparing costs and benefits of an activity in monetary terms
  • Definitions
    • Risk: Quantified risk assessment
      • Chance / probability something adverse will happen
    • Intolerable risk
      • Risk cannot be justified save in extraordinary circumstances
  • Definitions
    • Tolerable risk
      • Risk society tolerates for benefits in belief that risk properly controlled
    • Acceptable risk
      • Risk regarded by those exposed as not worthy of worry
  • HSE ‘ALARP’ Intolerable Risk Upper Limit Lower Limit Negligible As Low As Reasonably Practicable ‘ALARP’ Broadly acceptable
  • HSE ‘ALARP’ Intolerable Risk Upper Limit: 1 in 1,000 (workers) 1 in 10,000 (public) Risk of death / year Lower Limit: 1 in a million (workers & public) Risk of death / year Negligible As Low As Reasonable Practicable ‘ALARP’ Broadly acceptable
  • Definition
    • Perceived risk
      • Evaluation by an individual of the likelihood of an adverse event and the likely consequences
      • Note: definition of risk close to BS 8800 (1996 & 2004)
  • The Statistics of Risk - presentation of risk data
    • Probability of death expressed as an annual experience
    • Probability of death as a consequence of an activity
    • Relative risk of death from specified exposure compared with no (or lower) exposure
    • Average loss of life expectancy from exposure to a risk
  • Death as an annual experience Cause of Death chance/year All causes Overall average 55-64 men women 35-44 men women 5-14 boys girls Hang gliding Road accidents Gas explosion (home) Electrocution (home) Lightning 1 in 87 1 in 65 1 in 110 1 in 578 1 in 873 1 in 4,400 1 in 6,250 1 in 670 1 in 10,200 1 in 1 million 1 in 1 million 1 in 10 million
  • Death as an annual experience Cause of Death chance/year Work Accidents deep sea fishing extraction oil / gas construction agriculture all manufacturing 1 in 750 1 in 990 1 in 10,200 1 in 13,500 1 in 53,000
  • Death as a consequence of an activity Activity Chance of death Travel for 100,000 km by motor bike by pedal cycle by car by rail by bus by air Balloon (Atlantic) Pregnancy Anaesthesia 1 in 100 1 in 200 1 in 2,200 1 in 9,000 1 in 22,000 1 in 44,000 1 in 3 1 in 13,000 1 in 25,000
  • Average loss of life expectancy as a consequence of an activity Cause Loss of Life Expectancy (days) Being unmarried (male) Smoker (male) Being unmarried (female) Smoker (female) Dangerous job Vehicle accidents Homicide Average job Medical X rays Coffee drinking Reactor accidents Nuclear industry Smoke alarm Mobile coronary-care units 3,500 2,250 1,600 800 300 207 90 74 6 6 0.2 to 2 0.2 -10 -125
  • CBA Rational method
    • CBA only rational basis for making risk tolerability/ acceptability judgements
    • Framework for identifying and quantifying all desirable and undesirable consequences of an activity
  • Cost-benefit model Cost £ Number of accidents Cost prevention - Employer Cost accidents - Employer Total Costs - Employer ‘ Optimum’ performance - Employer
  • Public perceptions: key issues
    • The statistics of risk and l ay estimates of statistical risks
    • Experts’ criticisms of lay risk decisions
    • Risk-averse litigious society
    • Media influence
    • Trust and competence; erosion of public confidence
    • Reminders of risk
    • Costs & benefits (NIMBY)
    • Personal choice & control – risk-taking behaviour
    • Knowledge and Dread
    • Substantial thought: establishment of tolerable risk criteria & establishment of rules for CBA decisions
    • Why are affected work-people / public intolerant of what should be tolerated if not accepted?
    Public perceptions of risk: expert criticisms
  • Lay risk estimates
  • Public perceptions of risk: expert criticisms
    • Public do not make consistent judgements; oscillate, sometimes stressing risks, at other times benefits
    • Do not perceive risk in terms of single-value probabilities, or as a finding from a CBA
    • They do not ‘study issues with any care, let alone quantitative sophistication’
    • Use shortcuts subject to bias
    • Influenced by media campaigns
    • But the public may be ‘right’
    Public perceptions of risk: expert criticisms
  • Media influences
    • Thalidomide (Sunday Times)
    • BSE – vCJD
    • Measles, Mumps, Rubella (MMR vaccine) (Daily Mail)
    • Trust in drug companies; experts challenged – media get away with it
    • More publicity of ‘big’ accidents (road vs rail crashes)
    • Changing opinions or anticipating what public ‘wants’?
  • Risk-averse litigious society
    • What was OK 50 years ago not OK now – Why?
    • ‘ Incompetence’ averse society
    • ‘ School run’
    • Fear of prosecution / civil claims (eg, school trips)
    • Conflict – risk aversion vs ‘Nanny State’
    • Perceptions over time
  • Trust and competence; Erosion of public confidence
    • Historically experts and politicians were trusted
    • But, eg, medical profession):
      • Storing body parts
      • Closing ranks
      • Negligence cases
      • League tables
      • Dr Harold Shipman
    • Serious accidents have occurred after statements stressing extreme improbability of such events
    • Governments have played down seriousness of incidents / ‘new’ hazards
    Trust and competence; Erosion of public confidence
    • Senior professionals have become promoters and apologists
    • Professionals assure public that no significant risk exists, but stress safety precautions
    Trust and competence; Erosion of public confidence
    • For example, an advertise-ment by BNFL:
      • “Despite the fact that radiation from low level waste is negligible, we take no chances. ... we’ve built and use a concrete vault the size of 12 football pitches ...”
    Trust and competence; Erosion of public confidence
    • Ordering of Perceived Risk for 30 Activities and Technologies
    • Public perceptions of risk presented in terms of two factors: degree to which people perceive risk as unknown, and perceived dread of risk
    Measurement: public perceptions of risk
  • Examples
    • Nuclear power & major hazard industries
    • Radon gas
    • Asbestos
    • Electricity Pylons / mobile phones
    • Transport (vehicles, trains etc)
    • Sex offenders; hand guns; dangerous dogs
    • Dangerous sports and recreations
    • Smoking and drugs
  • League Women voters College students Active club members Experts Nuclear power 1 1 8 20 Motor vehicles 2 5 3 1 Handguns 3 2 1 4 Smoking 4 3 4 2 Motorcycles 5 6 2 6 Alcoholic drinks 6 7 5 3 Private aviation 7 15 11 12 Police work 8 8 7 17 Pesticides 9 4 15 8 Surgery 10 11 9 5 Firefighting 11 10 6 18 Large construction 12 14 13 13 Hunting 13 18 10 23 Spray cans 14 13 23 26 Mountain climbing 15 22 12 29 Bicycles 16 24 14 15 Commercial aviation 17 16 18 16 Electricity (non-nuclr) 18 19 19 9 Swimming 19 30 17 10 Contraceptives 20 9 22 11 Skiing 21 25 16 30 X-rays 22 17 24 7 Football 23 26 21 27 Railroads 24 23 20 19 Food preservatives 25 12 28 14 Food colouring 26 20 30 21 Power mowers 27 28 25 28 Antibiotics 28 21 26 24 Home appliances 29 27 27 22 Vaccinations 30 29 29 25
  •  
  • Fragmentiser risk tolerability case study
  • Fragmentiser description and hazards
    • Machine is designed to break scrap into fragments and separate metallic and non-metallic scrap
    • Crane delivers prepared scrap metal onto table and scrap drawn down and into mill via a feed track. Scrap crushed by weight of bogie-track
    • Scrap fragmentised in mill: rotor with 24 hammers strikes scrap as it passes across anvil
    • Scrap falls through grids onto oscillator and to rotary magnetic drum
    • Hazards – ejection of fragments: kinetic energy or explosion in mill (petrol tanks)
  •  
  •  
  •  
  •  
  • Data required or assumed
    • Risk of fatal injury
      • Function of:
        • Zone where fragments fall
        • Number exposed in zone
        • Size of ‘target’
        • Effect of ‘hit’
        • Number of fragments
  • Action: ALARP and intolerable risks
    • Cost of risk control measures (to reduce ejection)
    • Reduction in risk associated with reduced rate of ejection
    • Compare in terms of ‘gross disproportion’
    • Intolerable risk (1 in 10,000 chance fatal): Seven fragments per year – halt work
  • Fragmentiser - perceptions
    • Intolerable for ANY fragments
    • No trust and confidence
    • Reminders: noise; imposing catch fence
    • No benefits
    • No choice
    • How do you persuade?
  • Factors that affect public judgments of risk
    • Trust and competence of experts etc
    • Personal costs and benefits
    • Personal control (eg, driving)
    • Reminders of risk
    • Attitudes generally including ‘political’ views
    • Knowledge and dread
  • Data required or assumed
    • Risk of fatal injury
      • Function of:
        • Zone where fragments fall
        • Number exposed in zone
        • Size of ‘target’
        • Effect of ‘hit’
        • Number of fragments
  • Changing public attitudes
    • May not be possible to gain public support for risky activities: support not compatible with other attitudes
    • Some mismatches remedied if experts adopt a more consistent and open approach, and promote trust and confidence of public
    • Consult early and fully
    • Demonstrate competence (site visits)
  • Changing public attitudes
    • May not be possible to gain public support for risky activities: support not compatible with other attitudes
    • Some mismatches remedied if experts adopt a more consistent and open approach, and promote trust and confidence of public
    • Consult early and fully
    • Demonstrate competence (site visits)
    • Accident investigation and Analysis
  • Accident Analysis - Overview
    • Objectives : To provide familiarity with
    • The purpose of accident investigation and analytical methods
    • The accident investigation process
    • Analytical methods
      • Fault tree analysis (FTA) – covered in risk assessment
      • Events & Causal Factors Analysis
      • Change Analysis
  • Change Analysis: fall in Victoria Square No recognition of changed circumstances /route Walking/observing on ‘autopilot’ Walking/observing on ‘autopilot’ Attention directed to stall produce Market stalls a significant distraction No unusual ‘distractions’ Also, carrying a shoulder bag and rucksack Pedestrians difficult to navigate around Pedestrians few and no effort to navigate around Diversion necessary from normal route (one step to descend) Frankfurt ‘Christmas’ Market in operation No physical barriers for normal route (and no steps) Anxiety about Course Stress state ‘elevated’ Stress state ‘normal’ Result of dealing with arrangements for AI Course at last minute More preoccupied than usual when going to catch (the) train Preoccupied when going to catch a train Indicates that IP (me) was not walking unduly fast, as was the case Time to get to station 35m Time to get to station 30m Comments Accident situation Normal Situation
  • Change Analysis: fall in Victoria Square - consequences Emergency admission to hospital suffering from whiplash injuries three days later Fall on unseen step, and arrival at station bloody and shaken Delegates at AI course impressed by this Change Analysis! Safe arrival at station Situational violation (need to catch the train) Cancelled ambulance despite police advice (and not given necessary treatment) Accept full first aid treatment Comments Accident situation Normal Situation
  • Investigation Purposes
    • In General
      • To understand the failures which gave rise to the exact pattern of events
      • To identify the conditions that have proven inadequate, both in order to:
    • Identify root causes
      • Latent errors versus Active errors
      • Prevent all accidents with common roots
    • To Learn
  • Role of Analytical Investigation - Summary
    • To counteract investigator biases
    • To assist the process of gathering evidence
    • To verify investigation findings
    • To co-ordinate investigative activities
    • To identify root causes
    • To assist the communication of findings
  • Investigator Bias
    • Inappropriate general theories
    • Mind sets
    • Stop rules
    • Hindsight
    • Stakeholder bias
      • eg, litigation (defendant / plaintiff)
      • Eg, prosecution
  • Effects of Inadequate Investigation
    • Incomplete investigations and / or misleading conclusions lead to
      • Inappropriate allocation of resources to preventative measures
      • Danger remaining in the workplace or work practice
    • See earlier notes on ‘traditional’ accident investigation and accident causation
  • Activity Phases in Investigations
    • Critical initial actions
    • Collecting relevant factual information
    • Analysing the information collected
    • Integrating the factual findings and analytical results
    • Reaching valid and meaningful conclusions
    • Establishing reasonable recommendations
    • Reporting result for action
  • Exercise: FLT Fatal Accident
    • Person lies dead on the warehouse floor
    • Tyre track on his body definitely matches FLT
    • FLT driver was taken to hospital in a state of shock
  • Accident Scene Warehouse X Racking Victim FLT Offices
  • Fatality due to FLT collision & FLT Collides with person & Victim Dies Person in the FLT Path FLT Fails to Stop Not aware of Need to Stop Aware but unable to Stop Driver actually Ill Driving Too fast Faulty Brakes Not Aware of Person Thinks person will evade 1 Person Aware of FLT Unaware of FLT Thinks FLT will Evade Unable to move out of way Person actually Ill Person Slips/trip Falls Disabled Time too short & Person Did Not See FLT Person Did Not Hear FLT 2 3 Poor visibility Vision obstructed Not looking Reversing Person Conspicuity Poor visibility Vision obstructed Not looking visually impaired FLT Conspicuity Wearing PPE Noisy place FLT quiet Wearing stereo Hearing impaired FLT Accident Investigation
  • Events and Casual Factors Analysis - Purposes
    • Organises the data and the report
    • Clarifies reasoning
    • Illustrates multiple causes
    • Displays interactions and relationships
    • Illustrates chronology
    • Provides flexibility in interpretation of data
    • Efficient communication tool for A/I teamwork
    • Links specific factors to organisational factors
  • Events and Casual Factors General Format Systemic Factors Contributing Factors Systemic factors Contributing factors Secondary events Primary events
  • ECF Chart Format
    • Events should be organised in chronological order from L to R
    • Events should bear the time where known
    • Events should be enclosed in rectangles, Conditions in ovals
    • Events should be connected with solid lines, Conditions with dashes
    • Anything without valid evidence should be in dashed boxes/ovals
  • ECF Chart Format (cont)
    • The primary sequence of events should be a bold central line
    • Secondary event sequences, contributing and systemic factors should be shown above or below the primary line
    • Break out each significant actor into a parallel primary line (optional)
    • Model: pre-accident > accident > amelioration
  • Events & Conditions Criteria
    • Events should describe occurrences NOT conditions or results
    • Event descriptions should contain one subject and one active verb
    • Conditions are passive and singular
    • Describe events and conditions precisely
    • Events are single discrete occurrences
    • Quantify events and conditions where possible
    • Annotate with the time where known
    • Each event must be derived from the events conditions preceding it
  • Runaway Truck ECFA
  •  
  •  
  •  
  • Labourer fatally injured in a Quarry Conveyor
    • 18-year old male employed as a labourer. He was sweeping a work area when he slipped on wet floor and fell into conveyor belt that was unguarded and in motion. He was asphyxiated as a result of being drawn into the conveyor
    • Conveyor fixed-guard removed by two fitters weeks before to carry out maintenance work; guard not replaced. Check carried out by a manager on the safety of the conveyor, and fitters told to replace the guard. This they did. Fitters not admonished
    • Conveyor guard was again removed by the same two fitters to carry out maintenance and was not replaced. No subsequent checks were carried out on the conveyor guard before accident
  •  
    • ‘ Northern Tower’
    • Accident Investigation
    • Richard Booth
  •  
  •  
  •  
  • Northern Tower: Window Cleaner fatally injured by Roof Hoist Cleaning Machine
    • DP fatally injured when a rail-mounted window cleaning machine ran down a slope and trapped him between cable winding drum and a ventilation duct. He remained alive for 5 mins. He was working alone, and no CCTV. He had stopped machine at top of the incline to re-route electric cable.
    • DP started work with cleaning company. He received only cursory training
    • Equipment had been … delivered to client (who had not assessed the competence of the supplier). The design did not comply with relevant BS: not fitted with brake, and trapping points existed, including fatal trap (not identified by supplier.
    • These shortcomings were also not identified by H&S Inspector who examined equipment
    • Northern Tower: Window Cleaner fatally injured by Roof Hoist Cleaning Machine
    • A young man was fatally injured (the DP) when a rail-mounted window cleaning machine ran down a slope and trapped him between the cable winding drum and a ventilation duct (1645 on 4 April 2008). He remained alive for approximately 5 minutes – he could partially breathe. He was working alone, and there was no CCTV on the roof. He had stopped the machine at the top of the incline to re-route the electric cable to avoid it becoming snagged
    • The DP started work with the cleaning company on 25 March 2008. He had received only cursory training
    • The equipment had been designed, built and delivered to the client (who had not assessed the competence of the supplier, XX Engineering Ltd) in June 2000. The design did not comply with the relevant British Standard in that the equipment was not fitted with a brake, and trapping points existed. In particular, the trap between the ventilation duct and cable drum was not identified by XX Engineering Ltd. Cable snagging was a continual problem. These shortcomings were also not identified by the Government Health and Safety Inspector who examined the equipment in operation on 10 July 2000
  •  
    • Fatal Accident
    • on North Sea Gas Rig
  • Objectives
    • Management of construction projects
    • Safety management procedures for the work
    • Challenges of ensuring high safety standards even in companies with sophisticated systems
  • Objectives
    • From a study of what went wrong in this case:
      • Practical skills in construction safety
      • Practical skills in construction management
      • Don’t take anything for granted!
      • Don’t ‘walk by’ – but diplomatic action!
  • Key immediate events
    • DP replacing corroded stair treads on the Rig
    • Fell into gap between two removed treads
    • Fell circa 5m
    • No fall protection
    • (Other tasks on 11 November)
  •  
  •  
  •  
  •  
  •  
  •  
  • Proximate causal factors
    • Approved P2W (RA) LTA
      • Fall protection
      • (Manual handling)
    • Apparent non-compliance with P2W:
      • Sledgehammer
      • Two treads removed concurrently (routinely?)
  • Note: Key people
    • OIM: Offshore Installation Manager (Oilco)
      • Approves P2Ws
    • AA: Area Authority (Oilco)
      • MIM site inspections
    • PA: Performing Authority
      • First-line supervisor (DP)
  • Note: Key people
    • JD: DP’s supervisor off-shore (UMIC)
    • GA: DP’s ‘supervisor’ on shore (UMIC)
    • Witnesses, including:
      • Planning & monitoring
      • ‘ Eye’ witnesses of events; November 2005
  • Key Oilco systems
    • MIM: Management Information Manual (covers ISSOW)
    • ARAT: Activity Risk Assessment Tool
    • ISSOW: Integrated Safe System of Work (P2W a part)
  • Root causes
    • Arrangements re Oilco and UMIC (a consortium)
      • Overall interface
      • Planning maintenance work
      • Method statements and risk assessments on-shore
      • P2W / risk assessments off-shore
      • Monitoring compliance
  • Overall Interface
    • Contractual arrangements: client and contractor
    • Changes in methods for safety appraisal (Oilco-instigated)
    • Some confusion
  • Planning maintenance work
    • Work needed identified off-shore (DP as PA)
    • Workpack prepared on-shore (GA – UMIC)
    • Workpack approved off-shore (budget) (Oilco)
  • Method statements and risk assessments on-shore
    • Oilco’s ARAT scheme made UMIC’s risk assessments redundant
    • Superficial MS (no explicit RA), but ‘low risk’
    • Communications re precautions LTA
      • Verbal
      • Written
  • P2W / risk assessments off-shore
    • Create plausible assessment from ‘drop-down’ menus
    • Distinction: task description and ‘specific controls’
      • Two-tread removal
    • No consideration by Committee of on-shore Workpack materials
      • Two-man operation
      • MS and precautions
  • P2W / risk assessments off-shore
    • Strategic approach: interfaces and threats to Rig
    • ‘ Low risk’ task
    • No-one on Committee knew task, even JD (off-shore supervisor)
  • Monitoring compliance
    • DP as PA his own ‘supervisor’
    • Oilco AA inspections per MIM not carried out
      • Scope?
    • UMIC checks intermittent
    • All worthless:
      • Sledgehammer
      • Two-tread removal(?)
      • Fall protection
      • Manual handling
  • Uncertainties
    • Approved tools
    • Did supervisors not see risks, or turn blind eye?
    • Events from start of final shift
    • Two-tread removal routine?
      • Was there a distinctive problem on 11 November?
    • Exactly what happened
      • Feet first
      • Head first
  • ECFA
    • Selection of primary and secondary events
    • Causal factors /conditions linking primary and secondary events
      • Showing how risks too high in November as a consequence of secondary events
  •  
  • FTA
    • Top Event: fall 5m onto landing
    • Distinguish clearly between second and third level down
    • OR gate: fall direction leads to distinctive root causes
    • Root causes can be listed at the bottom (at appropriate locations)
  • FTA
    • In risk assessment OR gates predominate
    • Investigation more AND gates (except where uncertainty)
    • AND gates can exaggerate significance of events under the gate
  •  
  • Revision
    • Elements of an OH&S system
    • Safety culture
    • Human failures; slips/lapses violations etc
    • Advanced risk assessment methods
    • Incident investigation
      • Change analysis
      • ECFA
      • FTA
  • Concluding remarks