21020-BAB-04101-HS-PR-0005_C1 FINAL

Supplier Document Front Sheet
Supplier Name BUMI ARMADA
Equipment
Tag/WIN No(s):
Supplier Document No: 21020-BAB-04101-HS-PR-0005 Supplier Document
Revision:
C1
Document Title: SAFETY CASE STRATEGY
EnQuest Document Number
Company Project ID Discipline System Document Class Seq. No.
BAB KRA HS 00 STR 0001
Alternative Document No :
Rev Description Date Prepared Checked
Approved
PMT PM
A1 Issued For Joint Review 21/03/14 KJ GWR SW AJS
A2 Issued for Approval 03/07/14 GWR KMcC SW AJS
C1 Approved For Use 03/09/14 GWR KMcC SW AJS
EnQuest Approval of Supplier Document
Code Description of Code
Signature of EnQuest
Package Engineer
Date
A Accepted - Work May Proceed
B Revise and Resubmit - Work May Not Proceed.
D Revise and Resubmit - Work May Proceed.
I Information Only

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 2 of 52
Consultant/
Vendor No
:
KRAKEN FIELD DEVELOPMENT
KRAKEN FPSO
SAFETY CASE STRATEGY
C1 03 Sept 14 Approved For Use GWR KMcC SW AS
A2 03 Jul 14 Issued For Approval GWR KMcC SW AS
A1 21 Mar 14 REISSUED FOR IDC KJ GWR SW AS
R0 24 Jan 14 ISSUED FOR IDC KJ GR AS
Rev Date Description Prepared Checked
PMT PM
APPROVAL

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 3 of 52
Consultant/
Vendor No
:
REVISION CHANGE NOTICES
Revision Location of Changes Brief Description of Change
C1 Revised to Approved For
Use
None
HOLDS TABLE
Location Hold Action By

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 4 of 52
Consultant/
Vendor No
:
TABLE OF CONTENTS
1. INTRODUCTION .........................................................................................................................6
1.1 PURPOSE AND SCOPE..............................................................................................6
1.2 INTERFACES - ENQUEST / BAB / BA UK.................................................................7
1.3 PROJECT BACKGROUND .........................................................................................8
1.4 ABBREVIATIONS........................................................................................................9
1.5 DEFINITIONS.............................................................................................................12
1.6 COMPLIANCE FRAMEWORK ..................................................................................14
1.6.1 General...........................................................................................................14
1.6.2 Legal Background...........................................................................................15
1.6.3 Safety Case Regulations................................................................................15
1.6.4 Content Requirements....................................................................................16
1.7 DEMONSTRATING COMPLIANCE ..........................................................................17
1.8 REFERENCES ...........................................................................................................18
1.8.1 External References.......................................................................................18
1.8.2 Internal References ........................................................................................19
2. SAFETY CASE OBJECTIVES AND SCOPE ...........................................................................20
2.1 SAFETY CASE OBJECTIVES...................................................................................20
2.2 SAFETY CASE SCOPE.............................................................................................20
3. SAFETY CASE ESTABLISHMENT AND MAINTENANCE .....................................................21
3.1 RESPONSIBILITY FOR THE SAFETY CASE ..........................................................21
3.2 SAFETY CASE ESTABLISHMENT...........................................................................21
3.3 WORKFORCE INVOLVEMENT ................................................................................21
3.4 VERIFICATION AND VALIDATION ..........................................................................24
3.5 SAFETY CASE SUBMISSION...................................................................................24
3.6 SAFETY CASE MAINTENANCE...............................................................................24
4. STRUCTURE OF THE SAFETY CASE....................................................................................26
4.1 PART 1: INTRODUCTION & SUMMARY..................................................................26
4.2 PART 2: FIELD AND FACILITY DESCRIPTION ......................................................26
4.3 PART 3: SAFETY MANAGEMENT SYSTEM (SMS)................................................28
4.4 PART 4: COMBINED OPERATIONS ........................................................................28
4.5 PART 5: MAJOR ACCIDENT HAZARD ANALYSIS & MANAGEMENT .................29
4.6 PART 6: PERFORMANCE STANDARDS AND VERIFICATION SCHEME.............30
5. PROJECT MAH MANAGEMENT STRATEGY ........................................................................31
5.1 MAH MANAGEMENT ................................................................................................31
5.2 FORMAL SAFETY ASSESSMENT PROCESS ........................................................31
5.3 HAZARD IDENTIFICATION.......................................................................................36
5.3.1 Major Accident Hazard Risk Register.............................................................36
5.4 RISK ASSESSMENT METHODOLOGY ...................................................................37
5.4.1 Project Risk Management Framework ...........................................................37
5.4.2 Risk Assessment Model .................................................................................38

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 5 of 52
Consultant/
Vendor No
:
5.4.3 Qualitative Risk Assessment..........................................................................40
5.4.4 Quantified Risk Assessment - QRA ...............................................................41
5.4.5 QRA Uncertainty and Sensitivity ....................................................................42
5.5 DEMONSTRATION OF TOLERABLE RISK.............................................................42
5.5.1 Project Risk Acceptance Criteria....................................................................43
5.5.2 Risk Reduction Measures ..............................................................................45
5.6 DEMONSTRATING COMPLIANCE WITH RELEVANT STATUTORY PROVISIONS.
45
5.6.1 ALARP Decision Selection .............................................................................46
5.6.2 ALARP Methodology Overview......................................................................47
5.6.3 Cost Benefit Analysis......................................................................................47
6. HUMAN FACTORS...................................................................................................................48
APPENDIX A TYPICAL SAFETY CASE (TABLE OF CONTENTS) ...............................................50

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 6 of 52
Consultant/
Vendor No
:
1. INTRODUCTION
1.1 PURPOSE AND SCOPE
Pursuant to the United Kingdom’s (UK) Offshore Installations (Safety Case) Regulations,
2005 (SCR05), in particular Regulation 12, this document provides the strategy for, and
guidance on, the development of a Safety Case for Bumi Armada UK Limited (BAUK) (the
duty holder), a subsidiary of Bumi Armada Berhad (BAB). This strategy shall ensure
compliance with the relevant statutory provisions (RSPs) so as to ensure safe operation of
the Kraken offshore facilities throughout life of field.
The purpose of this strategy is to provide guidance to the Kraken workforce including vendors
and 3
rd
parties, giving an insight into safety case regulatory requirements and the
engagement processes that they will be involved with. The strategy maps out the structure
and content of the safety case. The strategy also contains the Major Accident Hazard (MAH)
philosophy. This philosophy shall be applied as the benchmark to conduct the Kraken formal
safety assessment (FSA) studies.
BAB/BAUK acknowledge the importance that the compilation of a Safety Case provides to
the regulatory requirement as a means of demonstrating to their workforce, and the UK
Health and Safety Executive (HSEx) that BAUK, as duty holder, is committed to managing its
operations in a safe and efficient manner, and ensuring that risks from Major Accident
Hazards (MAHs) are identified and measures commensurate are implemented. In so doing,
the BAB Kraken Project Team (BAB Kraken) and BAUK are able to demonstrate that risks
are as low as reasonably practicable (ALARP) in the context of compliance demonstration.
As part of the BAB Kraken Project and BAUK Safety Management System (SMS) the process
of developing the Safety Case involves a systematic review of field source data from where
the MAHs are identified. The philosophy and management that will control the implementation
of the MAH processes are detailed in Section 5.0. As part of this structured approach the
formal safety assessment (FSA) processes will demonstrate the adequacies of the risk
reduction measures implemented, and that these are visible and robust. This review occurs
both during the initial development of the Safety Case, and subsequently as a process of
continuous improvement throughout the life cycle of the Kraken FPSO.
The Safety Case shall be prepared and submitted by the BAB Kraken Project, in association
with the duty holder, BAUK.
Note
1
: The contents of this document must be read in conjunction with all of the project management
and design engineering management philosophies and understood by all managers and all levels of
supervision, as well as any contractors that shall be responsible for developing, documenting and
implementing the relevant safety case process. The following apply:
1. Field Development Plan, Doc No. ENQ-KRA-PM-00-PLA-0001
2. Environmental Statement, Doc No. ENQ-KRA-HS-00-STA-0002
3. Basis of Design, Doc No. ENQ-KRA-PM-00-BOD-0001
4. FPSO Technical Specification, Doc No. ENQ-KRA-PM-00-SPE-0001
5. HSE Design Basis, Doc No. 21020-BAE-07700-HS-RP-7001
6. Structural Design Brief, Doc No. 21015-DEL-10000-ST-RP-0001
7. Mooring System - Design Analysis, Doc No. 21015-APL-79100-MO-RP-0005

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 7 of 52
Consultant/
Vendor No
:
8. STP Buoy - Design Report, Doc No. 21015-APL-79100-MO-RP-0009
9. Naval Architecture & Structural Design Brief, Doc No. 21020-BAE-07000-ST-RP
10. Topsides Structural Basis of Design, Doc No, 21020-BAE-70000-ST-RP-0001
11. HSE Plan, Doc No. 21020-BAB-04101-HS-PR-0001
12. Project Quality Plan, Doc No. 21020-BAB-04101-QA-PR-0002
13. Project Execution Plan, Doc No. 21020-BAB-04100-PM-PL-0001
14. Regulatory Compliance Plan, Doc No, 21020-BAB-04101-QA-PL-0002
15. Verification Strategy, Doc No. 21020-BAB-04101-HS-PL-0005
16. Safety Case Design Notification Doc No. 21020-BAB-04101-HS-PR-0006
Note
2
: In order to ensure understanding and ownership, BAB shall develop an appropriate competency-
based training module for all relevant Project personnel.
1.2 INTERFACES - ENQUEST / BAB / BA UK
BAB, via the subsidiary Armada Kraken PTE Ltd, will procure, design, engineer, construct,
commission and install the Kraken FPSO on location in the UK North Sea. As highlighted in
Figure 1.1, this agreement is contained within the Bareboat Charter Agreement as entered
into between Armada Kraken PTE Ltd and EnQuest Heather Ltd & Partners (EnQuest). BAB
and Bumi Armada Engineering (BAE) will in turn provide the Project process, engineering,
procedures and manpower to Armada Kraken PTE Ltd (AKP).
An Operating & Maintenance Agreement (OMA) is in place between another BAB subsidiary,
namely Bumi Armada UK Ltd and EnQuest for operation of the Kraken FPSO following
successful start-up.
EnQuest is the Field Operator, whilst BAUK is the nominated Kraken Field Duty Holder.
.
Figure 1.1 – Kraken Interfaces

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 8 of 52
Consultant/
Vendor No
:
Enquest are responsible for the Design, Installation, Maintenance and Provision of:
• Kraken reservoir / downhole & drilling / wells
• Subsea including all jewellery and controls (with Subsea/Topsides Interface)
• Pipelines & Risers (with Subsea/Topsides Interface)
• Shuttle Tanker Charters
Armada Kraken PTE & BAUK the Duty Holder are responsible for the Kraken FPSO EPIC,
Operations & Maintenance of the following:
• Tanker conversion to FPSO, including Accommodation & Marine Systems
• STP Buoy, FPSO Mooring & Turret Systems
• Platform topsides including Process, Utilities & Safety Systems
• Import of well stream fluids, fuel gas and production processing on-board the FPSO.
• Control and Instrumentation command with all Subsea, Pipeline and Riser facilities (Refer
to Enquest Subsea/Topsides Interfaces)
• Tanker Offloading Operations.
All of the design and operational data for EnQuest entity will be provided for inclusion within
the respective safety case sections.
1.3 PROJECT BACKGROUND
The Kraken Field is located in the UK Continental Shelf (UKCS) block 9/02b, approximately
400 km north east of Aberdeen in a nominal water depth of 116m.
Following the field development plan submission to the Department of Energy and Climate
Change (DECC), the Kraken field development consists of the provision of subsea and FPSO
production facilities to deliver stabilized oil to a shuttle tanker from 25 wells (14 producers and
11 water injectors). The Kraken product is heavy oil with a gravity of approximately 13.7° API.
The development of the Kraken field requires multiple drilling/production centres, which will
be subsea developments tied back to the FPSO. The FPSO shall be specifically considered
to be a harsh environment production facility. Artificial lift is required in the form of water
driven Hydraulic Submersible Pumps (HSPs) in each production well supplied with power
fluid from the FPSO. Water injection is required for reservoir pressure support, voidage
replacement and to sweep the oil to the producers.
As a result of the low Gas Oil Ratio (GOR), associated gas and crude will be used for power
generation, with the possibility of import gas in later life. Gas import via a dedicated import
pipeline tied into an existing 3rd Party trunk line is a future possibility and therefore included.
The heavy oil forms a strong viscous emulsion with water; however, this will be managed with
the HSP power fluid which mixes with the crude oil at the well head producing more
favourable separation of oil and water phases.
BAB Kraken will base the FPSO on the existing tanker PRISCO ALCOR (the Tanker), which
shall undergo an extensive conversion programme for conversion to the FPSO role. The
FPSO shall sail under its own power from conversion yard in Singapore to a port in Northern

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 9 of 52
Consultant/
Vendor No
:
Europe (Rotterdam) and then will be towed from the port to the field for hook-up and
installation.
Figure 1.1 – Kraken Field Location
1.4 ABBREVIATIONS
ACoP - Approved Codes of Practice
AIMS - Asset Integrity Management System
ALARP - As Low as Reasonably Practicable
APOSC - HSE Assessment Principals for Offshore Safety Cases
BAB - Bumi Armada Berhad
BAB Kraken - Bumi Armada Berhad Kraken Project Team
BAUK - Bumi Armada UK Operations Team
CAA - Civil Aviation Authority
CAP - Civil Aviation Practice

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Page : Page 10 of 52
Consultant/
Vendor No
:
CBA - Cost Benefit Analysis
COLREG - Collision Regulations
CON - Combined Operations Notification
DCR - Design and Construction Regulations
DECC - Department of Energy and Climate Change
DNV - Det Norske Veritas
ER - Emergency Response
EU - European Union
FPSO - Floating Production Storage Offloading
FSA - Formal Safety Assessment
GASCET - Guidance for the Topic Assessment of the MAH Aspects of Safety Cases
GOR - Gas Oil Ratio
HAZID - Hazard Identification
HAZOP - Hazard and Operability Study
HFA - Human Failure Analysis
HFE - Human Factors Engineering
HSC - Health and Safety Commission
HSEx - UK Health and Safety Executive
HSP - Hydraulic Submersible Pumps
HSWA - Health and Safety at Work Act
IALA - International Association of Lighthouse Authorities
IDC - Interdisciplinary Check
ICAF - Implied Cost of Averting a Single Fatality
ICP - Independent Competent Person
IEC - International Electrotechnical Commission
ILO - International Labour Organization
IMO - International Marine Organization
ISM - International Safety Management
ISO - International Standards Organization
IVB - Independent Verification Body
LOLER - Lifting Operations and Lifting Equipment Regulations, 1998
MAE - Major Accident Event
MAH - Major Accident Hazards
MAPD - Major Accident Prevention Document
MAR - Management and Administration Regulations
MARPOL - International Convention for the Prevention of Pollution from Ships
MEE - Major Environmental Event
MHSWR - Management of Health and Safety at Work Regulations, 1999
MOC - Management of Change
MS - Management System

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
OHSAS - Occupational Health and Safety Assessment Series
OIS - HSE Topic Guidance Offshore Information Sheets
OSRSCR - Safety Representatives & Safety Committees Regulations
PFEER - Prevention of Fire & Explosion, and Emergency Response Regulations
PS - Performance Standards
PSR - Pipeline Safety Regulations
PTW - Permit to Work
PUWER - Provision and Use of Working Equipment Regulations, 1998
RSP - Relevant Statutory Provisions
QRA - Qualitative / Quantitative Risk Assessment
SCE - Safety Critical Elements
SCR05 - Offshore Installations (Safety Case) Regulations, 2005
SCR92 - Offshore Installations (Safety Case) Regulations, 1992
SCTA - Safety Critical Task Analysis
SFAIRP - So Far As Is Reasonably Practicable
SMS - Safety Management System
SOLAS - Safety of Life at Sea
TA - Technical Authority
TR - Temporary Refuge
TRI - Temporary Refuge Integrity
UK - United Kingdom
UKCS - UK Continental Shelf

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
1.5 DEFINITIONS
ALARP The concept of “reasonably practicable” involves weighing the risk
against the cost in terms of the time, investment and resource needed
to eliminate or further reduce it. Thus, ALARP does not represent a
fixed risk value, but describes the level to which one expects to see
workplace risks controlled.
BAB Kraken BAB entity responsible for the design, build, commissioning and
hand-over of the Kraken FPSO.
BAUK BAB entity responsible for operation of the Kraken FPSO following
commissioning and hand-over from BAB Kraken Project.
Barrier A functional grouping of safeguards and controls selected to prevent,
or limit the effect of, a Major Accident or Environmental Event (MAE /
MEE). Each barrier typically includes a mix of facilities (equipment),
processes (documented and ‘custom & practice’) and people
(personal skills and their application). The selected combination of
these ensures the barrier will be suitable, sufficient and available to
deliver its expected risk reduction.
A barrier is the high level functional group (e.g. fire suppression) and
can be divided into separate safety critical systems (e.g. deluge
system), and further sub-divided into safety critical elements (which
will generally be the tagged items representing the lowest level to
which the barrier can sensibly be sub-divided).
Cost Benefit Analysis CBA is the numerical assessment of the costs of implementing a
design change or modification and the likely reduction in fatalities that
this would be expected to achieve.
Combined Operations Performing two or more operations concurrently which could bring
about an undesired event or set of circumstances if not adequately
managed. Could include, but not be limited to the following:
• A vessel undertaking a non-routine operations within the facility’s
500m zone;
• Subsea umbilicals, risers and flowlines (SURF) operations;
• Field developments with multi-vessel/contractor operations.
Combined operations often involve several companies (duty holder,
contractors, subcontractors, & vendors), multi-disciplined workforces
and a wide range of daily (24-hour) routine & non-routine activities.
Duty Holder Refers to the legal entity on which duties are placed by the SCR05 in
respect of offshore installations, in particular the preparation of the
safety case. In relation to a fixed production installation, the duty
holder is the operator. The operator in turn is the person appointed by
the licensee to manage and control directly, or by any other person,
the execution of the main functions of a production installation.
Grossly Disproportionate If a risk reducing measure is practicable and it cannot be shown that
the cost of the measure is grossly disproportionate to the benefit
gained, then the measure is considered reasonably practicable and
should be implemented.
Major Accident Hazard Identified from the field source data and is a hazard which has the

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
potential to result in a Major Accident Event (MAE).
Major Accident Event a) a fire, explosion or the release of a dangerous substance
involving death or serious personal injury to persons on the
installation or engaged in an activity on or in connection with it;
b) any event involving major damage to the structure of the
installation or plant affixed thereto or any loss in the stability of
the installation;
c) the collision of a helicopter with the installation;
d) the failure of life support systems for diving operations in
connection with the installation, the detachment of a diving bell
used for such operations or the trapping of a diver in a diving bell
or other subsea chamber used for such operations; or
e) any other event arising from a work activity involving death or
serious personal injury to five or more persons on the installation
or engaged in an activity in connection with it
Major Hazard Facilities Operational facilities which have the potential to cause a major
accident due to storage, handling, processing or transport of
hazardous or toxic materials or other activities carried out on the site
including but not limited to offshore installations, onshore terminals or
storage installations, high pressure transmission pipelines conveying
flammable or hazardous materials, etc.
Performance Standards A measurable description, usually in qualitative & quantitative terms,
of the performance required of a barrier, safety critical system/
element and which may apply to facilities, processes or people.
Relevant Statutory
Provisions
Means the relevant statutory provisions (as defined in section 53(1) of
the Health & Safety at Work Act (HSWA)) which apply to or in relation
to installations or activities on or in connection with them;
The expression ‘relevant statutory provisions’ (RSPs) is used in the
HSWA to mean Part I of that Act, the health and safety regulations
made under it, and the existing statutory provisions defined in it. The
RSPs that apply to or in relation to offshore installations or connected
activities include:
(a) Part 1 of the HSW Act;
(b) Regulations made under the Act which contain a provision
applying them offshore, including MHSWR, MAR, PFEER, DCR,
PSR and PUWER; and
(c) Remaining provisions of older offshore-specific health and safety
legislation, such as OSRSCR and the provisions on safety zones
under the Petroleum Act 1987.23
The expression is used in primarily in regulation 12 regarding the
demonstrations to be contained in a safety case. Similar use occurs
in Schedules 1, 4 and 6 specifying the contents of notifications. The
expression is also used in regulation 5 setting out the duties of
licensees.
Safety Critical Element Safety-critical elements” (SCEs) means such parts of an installation
and such of its plant (including computer programmes), or any part
thereof –
(a) the failure of which could cause or contribute substantially to; or
(b) a purpose of which is to prevent, or limit the effect of, a major

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
accident;
The term SCEs is an important component of the provisions relating
to verification schemes. Any structure, plant, equipment, system
(including computer software) or component part whose failure could
cause or contribute substantially to a major accident is safety critical,
as is any which is intended to prevent or limit the effect of a major
accident. Identifying an item as safety critical should follow from
identifying major accident hazards as required by Regulation 12
(SCR05).
Note: Safety critical elements can be grouped into barriers.
1.6 COMPLIANCE FRAMEWORK
1.6.1 General
The Kraken FPSO will operate inside the UKCS and is therefore required to comply with the
legislative requirements of the UK sector. The identified Kraken Project compliance
framework is illustrated in Figure 1.2.
Figure 1.2 – Offshore Legislative Framework
Note
1
: A Regulatory Compliance Plan and a Register of Applicable Legislation shall be developed for
the Kraken Project.
Note
2
: DNV Classification contributes to the case for safety; however BAB recognize that adherence to
classification code is not sufficient as the benchmark for a case safety and UK SCR05 sets the
overarching precedence.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
In comparison to SCR92, which required a demonstration that risks to people from MAHs had
been reduced to the lowest level i.e. reasonably practicable (ALARP), SCR05 requires a
demonstration that major accident risks are, or will be, controlled to ensure compliance with
the RSPs. Refer to Section 1.6.3 for a breakdown of SCR05 requirements.
1.6.2 Legal Background
The Health and Safety at Work etc. Act 1974 (HSWA) is the principal source of health and
safety legislation in the UK. The Act requires employers to ensure so far as is reasonably
practicable (“SFAIRP”) the health, safety and welfare at work of employees, and others.
Note: The meaning of SFAIRP has been the subject of legal judgment in the UK courts (Edwards v
National Coal Board 1949).
The HSWA is supported by regulatory requirements, many of which require assessment of
risk. For example, the Management of Health and Safety at Work Regulations 1999
(MHSWR) Regulation 3, requires a suitable and sufficient assessment of risk for the purpose
of identifying measures needed to comply with the RSPs.
1.6.3 Safety Case Regulations
SCR05 requires duty holders to demonstrate that measures have been, or will be, taken to
reduce risk to persons affected by hazards, which have the potential to cause a major
accident, to the lowest level i.e. ALARP. This means that the duty holder has to show through
reasoned and supported arguments that there is nothing else that could reasonably be done
to reduce risks further.
Many of the requirements within the RSPs are qualified by phrases SFAIRP, ALARP or even,
“appropriate with a view to”. Where legal duties use these qualifying phrases, they call for
similar tests to be applied. Wherever such wording is used this means a duty holder has to
show, through reasoned and supported arguments, that there is nothing else that could
reasonably be done to reduce risks further.
Note: Bab Kraken/BAUK has a legal obligation to comply with legislation within the confines of the goal
setting regime. HSE acceptance is required for all safety cases plus material revisions to safety cases.
Acceptance is not defined in the Regulations, but its meaning follows Principle 4 of the HSC policy
statement on permissioning regimes.
HSE will accept a safety case or a revision under these Regulations when duty holders demonstrate
and describe specified matters to HSE’s satisfaction. Acceptance will be based on HSE’s judgement
that the arrangements and measures described in the safety case taken as a whole are likely to achieve
compliance if implemented as described. To give acceptance HSE does not need to be satisfied that
compliance will be achieved - this confirmation will be made by post-acceptance programmes of
inspection and enforcement, based on the accepted safety case. Acceptance does not guarantee the
safety of the installation or its operations.
In making an acceptance decision HSE will take a considered view on which elements of a particular
safety case should be examined in greater depth and which need not. The key criterion will be whether
a safety case contains sufficient information to enable HSE to make a decision on acceptance. This
provides flexibility in the assessment process. HSE’s Assessment principles for offshore safety cases
(APOSC) provide a detailed list of principles that need to be addressed to ensure the safety case
includes the relevant information. Safety case handling and assessment manual - principles and
procedures (SCHAM) sets out HSE’s approach to assessing safety cases and gives an insight as to
how and why decisions are reached by HSE.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
The HSEx may inspect the FPSO prior to arrival in the field at Rotterdam. However, the HSEx may not
inspect the FPSO until after it is operational. The HSEx have indicated during meetings held in March /
April 2014 that they will conduct inspections during the first two years of operation of the FPSO.
1.6.4 Content Requirements
Schedule 2 of the SCR05 sets out the content requirements of the safety case:
1. Name and address of the operator of the installation.
2. Description of the extent to which the duty holder has taken into account any matters
raised by the HSEx in relation to the Design Notification.
3. A summary of workforce involvement, specifically that of the safety representatives for
the installation pursuant to the requirements of The Offshore Installations (Safety
Representatives and Safety Committees) Regulations 1989.
4. A description, with suitable diagrams, of:
a. Main and secondary structure of the installation and its materials;
b. Process plant;
c. Layout and configuration of plant;
d. Connections to any pipeline or installation; and
e. Any wells connected or to be connected to the installation.
5. A suitable plan of the location of the installation and of anything connected to it, and
particulars of:
a. The meteorological and oceanographic conditions to which the installation may
foreseeably be subjected; and
b. The properties of the sea-bed and subsoil at its location.
6. Particulars of the types of operation, and activities in connection with an operation, which
the installation is capable of performing.
7. The maximum number of persons:
a. Expected to be on the installation at any time; and
b. For whom accommodation is to be provided.
8. Particulars of the plant and arrangements for the control of well operations, including
those to:
a. Control pressure in a well;
b. Prevent the uncontrolled release of hazardous substances; and
c. Minimise the effects of damage to subsea equipment by drilling equipment.
9. A description of any pipeline with the potential to cause a major accident, including:
a. The fluid which it conveys;
b. Its dimensions and layout;
c. It’s contained volume at declared maximum allowable operating pressure; and
d. any apparatus and works intended to secure safety,
together with a summary of the document prepared in compliance with the
requirements of the Pipelines Safety Regulations 1996.
10. A description of how the duty holder has ensured, or will ensure, compliance with the
requirements of the PFEER Regulations.
11. A description of arrangements made for protecting persons on the installation from toxic
gas at all times other than during any period while they may need to remain on the
installation following an incident which is beyond immediate control.
12. A description of the measures taken or to be taken or the arrangements made or to be
made for the protection of persons on the installation from hazards of explosion, fire,
heat, smoke, toxic gas or fumes during any period while they may need to remain on the

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
installation following an incident which is beyond immediate control and for enabling such
persons to be evacuated from the installation where necessary, including provision for:
a. Temporary refuge;
b. Routes from locations where persons may be present to temporary refuge and
for egress therefrom to points from where the installation may be evacuated;
c. Means of evacuation at those points; and
d. Facilities within temporary refuge for the monitoring and control of the incident
and for organising evacuation.
13. A description of the main requirements in the specification for the design of the
installation and its plant, which shall include:
a. Any limits for safe operation or use specified therein;
b. A description of how the duty holder has ensured, or will ensure, compliance with
the requirements of the Offshore Installations & Wells (Design & Construction,
etc.) Regulations 1996;
c. A description of how the duty holder has ensured, or will ensure, the suitability of
the safety-critical elements; and
d. A description of how the duty holder:
i. where he is also the operator in relation to a pipeline, has ensured, or will
ensure, compliance with the Pipelines Safety Regulations 1996; or
ii. where he is not also the operator in relation to a pipeline, has co-
operated or will co-operate with the operator in relation to a pipeline to
ensure compliance with the Pipelines Safety Regulations 1996.
14. Particulars of any combined operations which may involve the installation, including:
a. A summary of the arrangements in place for co-ordinating the management
systems of all duty holders involved in any such combined operation;
b. A summary of the arrangements in place for a joint review of the safety aspects
of any such combined operation by all duty holders involved, which shall include
the identification of hazards with the potential to cause a major accident and the
assessment of risks which may arise during any such combined operation;
c. The plant likely to be used during any such combined operation; and
d. The likely impact any such combined operation may have on the installations
involved.
1.7 DEMONSTRATING COMPLIANCE
In the context of duty holdership, and based on the requirements for regulatory compliance
(refer Section 1.6); BAB Kraken and BAUK recognize that a key element of the project and
operations safety management systems is ensuring compliance with the relevant statutory
provisions (in accordance with SCR05, Regulation 12). The focus of the systems must thus
be on the management processes (initially during the project phase and later during the
operations phase) by which both parties can reach the conclusion that all measures that
could be applied to reduce risk, from each of the identified major accident hazards (MAHs),
are appropriate and that nothing more could be done.
Compliance demonstration within the Safety Case must therefore validate fulfilment of the
relevant statutory provisions (RSPs) and establish that risks are tolerable - through
application of relevant good practice, professional judgement, experience, etc., and where
necessary supported by reference to the use of appropriate risk assessment techniques.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
The management processes described in the demonstration of compliance must also show
how, in the context of duty holdership, that BAB Kraken and BAUK have considered an
integrated picture whilst assessing risk and not merely a partial view i.e. not considering each
hazard in isolation, but rather across the whole system.
1.8 REFERENCES
1.8.1 External References
HSWA Health and Safety at Work Act, 1974
SCR05 The Offshore Installations (Safety Case) Regulations, 2005
HSE L30 A Guide to the Offshore Installations (Safety Case) Regulations 2005
MAR
The Offshore Installation & Pipelines Works (Management &
Administration) Regulations, 1995
PFEER
The Offshore Installations (Prevention of Fire & Explosion, and
Emergency Response) Regulations 1995
DCR
The Offshore Installations and Wells (Design & Construction, etc.)
Regulations,1996
OSRSCR
The Offshore Installations (Safety Representatives & Safety
Committees) Regulations, 1989
PSR Pipeline Safety Regulations, 1996
SOLAS Safety of Life at Sea Regulations 2002 with 2010 amendments
PUWER Provision and Use of Work Equipment Regulations 1998.
LOLER Lifting Operations and Lifting Equipment Regulations 1998.
NOISE Noise at Work Regulations 2005
IPPC
Environmental Protection The Offshore Combustion Installations
(Prevention and Control of Pollution) Regulations 2013
DNV-OSS-102
Rules for Classification of Floating Production, Storage and Loading
Units, 2010
HSE OIS
No.2/2006
Offshore Installations (Safety Case) Regulations 2005 Regulation 12
Demonstrating compliance with the Relevant Statutory Provisions
HSE OIS
No.3/2006
Guidance on Risk Assessment for Offshore Installations
HSE OIS
No.11/2007
Offshore Installations (Safety Case) Regulations 2005 HSE’s
involvement in the design and construction process (including
processing of design notifications.
APOSC Assessment Principles for Offshore Safety Cases (APOSC)
GASCET
Guidance for the Topic Assessment of Major Accident Hazards
aspects of Safety Cases
SCHAM Safety Case Handling and Assessment Manual
R2P2 Reducing Risks, Protecting People – HSE’s Decision Making Process
Note: Always refer to the most recent edition of the reference works listed above.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
1.8.2 Internal References
21020-BAB-04101-HS-PL-0001 Verification Scheme
21020-BAB-04101-HS-PL-0003 Verification Strategy Project Phase
21020-BAB-04101-HS-PL-0004 Human Factors Implementation Plan
21020-BAB-04101-HS-PR-0001 Project HSE Plan
21020-BAB-04101-HS-PR-0003 Environmental Management Plan
21020-BAB-04101-HS-PR-0006 Design Notification
21020-BAB-04101-PM-PL-0001 Project Execution Plan
21020-BAB-04101-PM-PR-1002 Project Management of Change Procedure
21020-BAB-04101-PM-PRM-7113 Project Risk Management Procedure
21020-BAB-04101-QA-PL-0002 Regulatory Compliance Plan
21020-BAB-04101-QA-PR-0002 Project Quality Plan
21020-BAB-04101-QA-PR-0003 Project Audit Procedure
21020-BAB-04106-PM-RL-0002 Change Register
21020-BAB-06800-PM-PR-0001 Interface Management Procedure
21020-BAB-07000-PM-PL-0002 Engineering Execution Plan
21020-BAE-07700-HS-RP-7001 Project HSE Design Basis
Note: Always refer to the most recent edition of the reference works listed above.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
2. SAFETY CASE OBJECTIVES AND SCOPE
2.1 SAFETY CASE OBJECTIVES
The purpose of the Safety Case is to communicate a clear, comprehensive and defensible
argument that the design and operation of the offshore facility has systematically and
comprehensively considered safety.
The Safety Case provides confidence to both the duty holder and HSEx that the duty holder
has the ability and means to control major accident risks effectively. The Safety Case
provides an extra level of regulatory control on top of regulations such as PFEER and DCR,
justified by the major accident potential of the offshore activities within scope.
The Safety Case shall be prepared pursuant to SCR05 Regulation 12:
(1) The duty holder shall, subject to paragraphs (2) and (3) below, include in the safety case sufficient
particulars to demonstrate that:
(a) his management system is adequate to ensure—
(i) that the RSPs will, in respect of matters within his control, be complied with; and
(ii) the satisfactory management of arrangements with contractors and subcontractors;
(b) BAB Kraken Project & BAUK has established adequate arrangements for audit and for the
making of reports thereof;
(c) all hazards with the potential to cause a major accident have been identified; and
(d) all major accident risks have been evaluated and measures have been, or will be, taken to
control those risks to ensure that the relevant statutory provisions will be complied with.
(2) Paragraph (1) shall only require the particulars in the safety case to demonstrate the matters
referred to in that paragraph to the extent that it is reasonable to expect that BAB Kraken Project and
BAUK the duty holder to address them at the time of sending the safety case to the Executive.
(3) In this regulation, “audit” means systematic assessment of the adequacy of the management system
to achieve the purpose referred to in paragraph (1)(a) carried out by persons who are sufficiently
independent of the system (but who may be employed by the duty holder) to ensure that such
assessment is objective.
2.2 SAFETY CASE SCOPE
The Kraken Safety Case shall be a single volume standalone document sufficient to meet the
contents (refer to Section 1.6.4) and level of detail requirements of the SCR05 i.e. the Kraken
Safety Case shall be sufficiently comprehensive without the need to refer the reader to
documents external to the Safety Case in order to meet the objectives stated above.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
3. SAFETY CASE ESTABLISHMENT AND MAINTENANCE
3.1 RESPONSIBILITY FOR THE SAFETY CASE
The Kraken Safety Case is a key project deliverable. Upon completion of the Project Phase,
responsibility shall be transferred to Bumi Armada UK Limited. The work to establish the
Kraken Operational Safety Case shall be led by the BAB Kraken Project Safety Case
Manager.
3.2 SAFETY CASE ESTABLISHMENT
The Project activities leading up to the development of the Kraken Safety Case and thereby
ensuring the safe and efficient operation of the Kraken FPSO are illustrated in Figure 3.1. The
activities to develop the Safety Case are integrally linked and the process is not viewed as
linear. Because of this overlap, linkages shall be constructed throughout the Safety Case
process allowing the document to have a consistent integrated overall structure with a logical
flow.
The major accident hazard management strategy employed by BAB Kraken and BAUK
throughout the Project is discussed in detail within Section 5 of this document.
3.3 WORKFORCE INVOLVEMENT
The work to establish and maintain the Safety Case is viewed as a multi-disciplinary activity,
involving personnel from engineering and operations within BAB Kraken Project and BAUK.
The work shall also require involvement and input from various other parties such as the
Client (Licensee), Class Society and the selected Independent Verification Body (IVB).
In compliance with the requirements of the SCR05 (pursuant to the requirements of the
OSRSCR, 1989), BAB Kraken Project and BAUK shall ensure that there is effective
consultation with, and participation by the Kraken workforce, external contractors, vendors
and 3
rd
parties during the preparation, revision and review of the Kraken Safety Case and
supporting studies. This will ensure that the workforce understands the risks and hazards to
which they may be exposed and that they are knowledgeable and informed on:
• Risk controls,
• Risk control effectiveness & vulnerabilities, and
• The importance of monitoring risk control measure degradation.
The workforce including operations shall be continuously involved in the formal hazard
management processes e.g. HAZID, HAZOP and SIL, Design and Layout / HFE Reviews and
IDC review processes.
The 3rd parties, including consultants similar to DNV GL, external contractors and vendors
will be engaged through attendance at workforce engagement workshops.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Further workforce engagement workshops shall be scheduled as further personnel mobilize
to the project. This will be extended to include any additional 3rd parties, Construction,
Commissioning and Operations personnel.
In accordance with OSRSCR Reg.23 Safety representatives will be appointed and consulted
on the preparation, review and subsequent revision of the Kraken Safety Case. This will
ensure continuation of workforce involvement into the operational phase of the Kraken field
where documents will also be available and accessible for them under OSRSCR Reg.18.
BAB Kraken Project and BAUK personnel shall manage and own the preparation, workforce
involvement & maintenance of the Kraken Safety Case.
Note: The above commitment does not preclude individual studies, integral to the understanding of risk
and on which the Safety Case may be based, from being performed by consultants or contractors.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 3.1 - Project Activities Leading to a Safe Functional Design (Safety Case) – Hazard Management
IMPROVE
PLAN
IDENTIFY
ASSESS
MITIGATE
MANAGE
MANAGEMENT
SYSTEM
KRAKEN PROJECT TIME LINE
PROJECT
ESTABLISHMENT
PROJECT
PLANNING
PROJECT
EXECUTION
OPERATION
ESTABLISH
CONTEXT
FSA: HAZARD ID &
RISK ASSESSMENT
VERIFICATION
SAFETY CASE MONITOR & AUDIT
FSA: ACTION
TRACKER / ALARP /
RISK ACCEPTANCE
CRITERIA
MAJOR ACCIDENT HAZARD MANAGEMENT STRATEGY
FSA:
SAFETY STUDIES
ONGOING HAZARD
IDENTIFICATION &
RISK
EVALUATION
COMPLIANCE
REQUIREMENTS
OPERATIONAL
CONTROL
BARRIER MS
BASIS OF DESIGN
UK REGULATORY
REQUIREMENTS
RESOURCES &
COMPETENCY
PROJECT
CHARTER
AIMSPROJECT
EXECUTION PLAN
MOC PROCESS

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
3.4 VERIFICATION AND VALIDATION
A project specific Verification Scheme shall be established covering all types of verification
related to the Safety Case. Examples of typical verification methods that will be applied in the
different project phases are as follows:
• Design & Construction Phase:-
- Design reviews - Constructability reviews
- Use of TAs in IDC process - Contractor audits
- Audits by Authorities (UK HSE) - Inspections by Flag Administration
- Inspection by Class Society (DNV) - Inspection by Client (EnQuest)
- Workforce involvement & input - Notarized Bodies
- HAZID, HAZOPS, ENVID - IVB Body involvement & input
• Operations Phase:-
- Company inspections & audits - Audits by Authorities (UK HSE)
- Inspections by Flag Administration - Inspection by Class Society (DNV)
- Inspection by Client (EnQuest) - Use of certificates (e.g. Flag/Class)
- Verification through maintenance - Operation experience & analysis
- Workforce involvement & input - IVB Body involvement & input
3.5 SAFETY CASE SUBMISSION
In accordance with the requirements of SCR05, the operational safety case shall be
submitted to HSEx at least 6 months prior to commencing operation. The safety case must be
accepted by HSEx before the Kraken FPSO can operate. In reaching a decision about the
acceptability, the HSEx shall assess the content of the safety case in accordance with
assessment principles for offshore safety cases (APOSC).
The activities at the offshore facility must be conducted in accordance with the safety case,
as accepted by HSEx.
3.6 SAFETY CASE MAINTENANCE
Regulation 13 of the SCR05 sets out the requirements for the thorough review of the safety
case as either when directed to do so by the Executive, or in the absence of such a direction,
within 5 years of the Executive having accepted the current safety case (or the date of the
previous review).
Regulation 14 of the SCR05 notes the need to review the safety case prior to the
requirements of Regulation 13 should changes be proposed to the Facility with activities at
the offshore facility no longer to be conducted in accordance with the safety case as accepted
by the Executive.
The Kraken Safety Case shall be a living document and once accepted by HSEx shall be
maintained and updated by BAUK throughout the life cycle of the Kraken FPSO. As per the

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
requirements of SCR05, the Kraken Safety Case shall be revised at least once every 5 years
and in the event of a material change in circumstances, including but not limited to, major
modifications to the Facility, management systems, organisation, operations, activities or the
environment. Due account shall also be taken of technological advances that may present
improved techniques for risk reduction or render current techniques obsolete.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
4. STRUCTURE OF THE SAFETY CASE
The Kraken Safety Case shall have 6 Parts, as illustrated in Figure 4.1.
4.1 PART 1: INTRODUCTION & SUMMARY
Part 1 shall clearly state the purpose, scope and objectives of the Safety Case and include
the name and address of Bumi Armada UK Limited as the operator (and Duty Holder) of the
Kraken FPSO as well as a brief description of the Facility – marine & topsides, manning, etc.
Part 1 shall provide an introduction to all further Parts of the Safety Case, briefly summarizing
the intent of each so that the reader knows where to find information in the Safety Case. Part
1 shall further detail the requirements for maintaining and updating the Safety Case, as well
as necessary compliance with UKCS regulatory requirements with which offshore activities
must comply.
Part 1 shall lastly provide a summary description of the major accident hazard, assumptions
and risk prevention and mitigation measures, and a summary of the key safety features of the
installation, its operations and the overall assessed risk to people in support of the ALARP
principle are identified and measures commensurate to demonstrate the risks are as low as
reasonably practicable in the context of compliance demonstration to ensure compliance with
the RSPs as a justification for operation.
4.2 PART 2: FIELD AND FACILITY DESCRIPTION
Part 2 shall describe the FPSO, its intent, design basis and operational aspects. It shall
contain information on the field location and relevant environmental conditions, manning
levels, detail of the arrangement and layout of the Facility, process overview, hazardous
substances and inventories, general arrangements and the implemented technical control
measures (safety critical systems & elements) including those required for emergency escape
and evacuation. Part 2 shall also contain details from the Licensee (Client) on the wells and
reservoirs and a description of the pipelines connected to the Facility including a summary of
the Pipeline Major Accident Prevention Document (MAPD).
The purpose of the facility description is to provide sufficient factual information to gain an
understanding of the major accident events identified and assessed in the formal safety
assessments, the technical arrangements for managing the risks of these major accident
events and the interactions between these risk control measures and the safety management
system. The information provided shall be sufficient to gain a full appreciation of the major
accident hazards and risk management strategies identified and implemented.
Part 2 shall also highlight any novel or unusual conditions, engineering solutions or
technologies encountered and/or used at/on the Facility.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 4.1 - Structure of the Safety Case
Part 3 Part 4 Part 6
Introduction
• Introduction to Safety
Case,
• Description of
regulatory framework,
• Workforce (safety rep)
involvement, and
• Justification for
Operation
• Field location & conditions
• BoD (metocean data)
• Manning
• Facility & equipment description
• Process description
• Control, safety & emergency
systems (technical barriers) (PFEER
Reg.4)
• Description of wells and reservoirs
• Description of pipeline (PSR)
Field & Facility
Description
Safety
Management
• SMS -
organizational
& operational
barriers
MAH Analysis &
Management
• Summary of FSAs
and description of
ALARP process
PS & Verification
Scheme
• Identification of SCE and
systems
• Bow-tie diagrams
• Development of
Performance Standards
• Verification Scheme (IVB
and ICP)
• Compliance with design
intent
Part 1 Part 2
Combined
Operations
Part 5
• Generic aspects of
combined
operations (review,
meetings, MOC,
PTW, ER, etc)
Kraken Safety Case

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
4.3 PART 3: SAFETY MANAGEMENT SYSTEM (SMS)
Part 3 shall describe the BAUK Safety Management System (inclusive of health and
environmental management) and the control the system will impose to ensure that the Facility
is operated safely and how the system shall continue to ensure that all measures applied to
reduce risk shall remain appropriate and effective. Part 3 shall also describe how offshore
management will take full responsibility for the safety of the Facility.
The BAUK safety management system is dynamic and will be shown to be able to readily
respond to changes in legislation, operating environment (including organizational and
economic changes), reservoir, process or any other physical conditions.
Part 3 shall not include the entire SMS but shall provide sufficient information to describe the
major aspects of the SMS and explain how these aspects contribute to reducing the risk to
the health and safety of persons on or near the Facility.
All information pertaining to the SMS within Part 3 shall be relevant to the information
contained in Part 2 i.e. appropriate to the Facility and associated activities. The content and
level of detail shall be adequate to gain an appreciation of the relevant plans, procedures and
processes implemented.
4.4 PART 4: COMBINED OPERATIONS
Part 4 of the Safety Case shall cover the generic aspects of expected periods of Combined
Operations. Generic aspects include the requirement for kick-off meetings, work-specific
dossiers, risk assessments and work reviews, development of hierarchies of control and
reporting lines, development of interface/bridging documents, and day-to-day management of
the activities, which includes communication, management of change (MOC), permit to work
(PTW) and emergency response (ER) systems.
The purpose of Part 4 is not describe the above activities in detail but to provide sufficient
understanding of the processes that will be employed to ensure effective management of the
combined operations from start to close-out.
Note: Respective periods of Combined Operations shall be brought to the attention of HSEx. In
accordance with Regulation 10 of the SCR05, BAUK will be required to submit a Combined Operations
Notification (CON) Procedure at least 21 days in advance of a combined operation. However, should
the proposed combined operation exceed the scope of the existing accepted safety case, BAUK will be
required to submit a safety case revision under Regulation 14(2). This must be accepted by HSEx prior
to the necessary CON being submitted.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
4.5 PART 5: MAJOR ACCIDENT HAZARD ANALYSIS & MANAGEMENT
A key subject of the Safety Case is a discussion of the:
• Formal safety assessments conducted for the Kraken FPSO activities; and
• Demonstration of the compliance process (as discussed in Section 1.6).
This detail is documented in Part 5, which describes the major accident hazards and
demonstrates the compliance process, which includes the following key activities:
• Evaluation of the consequences of the identified hazards,
• Identification and consideration of a range of potential measures for further risk reduction;
• Systematic analysis of each of the identified measures and a view formed on the safety
benefit associated with each of them;
• Evaluation of the reasonable practicability of the identified measures;
• The implementation (or planned implementation) of the identified reasonably practicable
measures;
• Recording of the process and results; and a
• Description and assessment of the emergency response arrangements
Part 5 also describes the specific BAB Kraken/BAUK risk tolerability criteria and safety goals.
This part of the safety case must demonstrate that every effort has been taken to reduce risk
to as low as reasonably practicable and that the process of controlling risks, to ensure
regulatory compliance, has been an iterative one i.e. that both parties have revisited the
compliance process above a number of times.
Note: This will support BAUK’s provision that major accident risks are and will continue to be controlled
to ensure regulatory compliance.
The concept of ALARP is central to compliance with the safety case regime, allowing BAB
Kraken/BAUK to set their goals for safety performance and also allowing HSEx to accept or
reject BAB Kraken/BAUK’s arrangements under the Safety Case.
Note: The results and conclusions within Part 5 are dependent upon the requirements of the RSPs
being met, and equipment, facilities and procedures being properly maintained and implemented.
Part 5 of the Safety Case is thus key to illustrating to HSEx that:
• All hazards with the potential to cause a major accident have been identified;
• All major accident risks have been evaluated; and,
• Measures have been, or will be, taken to control the major accident risks to ensure
compliance with the RSPs (i.e. compliance demonstration)
Section 5 of this Safety Case Strategy lays out the structure of how BAB Kraken and BAUK
shall implement the FSA processes and conclude the above, and is considered absolutely
essential to understanding the requirements of SCR05.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
4.6 PART 6: PERFORMANCE STANDARDS AND VERIFICATION SCHEME
The Safety Case shall identify the safety critical elements (SCEs) of the Facility and
appropriate performance standards shall be defined for the operation of the safety critical
aspects as per the requirements of the SCR05.
SCEs are measures which have been put in place to prevent, detect, control or mitigate the
hazardous affects associated with a major accident hazard, and will also facilitate with the
escape and survival of personnel following a major accident event.
Performance standards, by definition, are associated with the identified barriers (safety critical
systems / elements) that form the basis for managing the risk of an MAE. The performance
standards are the parameters against which the barriers are assessed to ensure they reduce
risk to ALARP. Performance Standards facilitate the transition from the theoretical to the
practical in the MAE risk management process.
Part 6 shall detail how the performance standards enable BAUK to measure, monitor and test
the effectiveness of each control measure (via monitoring, audit, review and maintenance)
and take corrective action based on deviations or trends.
The assurance activities for the safety critical elements ensure the upkeep of the Facility and
that the SCEs continue to deliver the required performance throughout their design life. The
Verification Scheme developed shall state the performance criteria to be met during
inspection and tests and contingency measures to be introduced should the SCE fail to
deliver the required performance. The discussion in Part 5 shall thus centre on the identified
Verification Scheme and assurance activities to be undertaken by the Independent
Verification Body (IVB) and Independent Competent Person(s) (ICP).
Figure 4.2 -Schematic representation of the role of Safety Critical Systems/Elements
Note: An overview of SCE, and specifically how they relate to inherently safer design measures as well
as protective systems, is provided within the project HSE Design Basis. Information on the
development of detailed Performance Standards for identified SCE is contained within the Verification
Strategy.
ConsequencesThreats Hazard Release
Elimination / prevention
barriers
Control / mitigation
barriers
Elimination Prevention Reduction Mitigation

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
5. PROJECT MAH MANAGEMENT STRATEGY
The objective and structure of this Section is to summarise
the Kraken MAH Management Strategy (MAHMS). As per
Section 3 - Figure 3.1 - this strategy will be implemented
throughout the Kraken Project.
5.1 MAH MANAGEMENT
The key aims of the MAHMS are to ensure:
• All hazards are identified, analysed and understood.
• The principles of inherent safety are implemented as
appropriate.
• An appropriate combination of prevention, detection,
control and mitigation systems are implemented and
maintained throughout the lifecycle of the facility.
• As a minimum, the design complies with relevant
regulations, codes and standards and is in line with good
engineering practice.
• Risks are tolerable and at a level that is demonstrably
ALARP in the context of compliance demonstration with
relevant statutory provisions.
Figure 3.1 – Project Execution Extract
5.2 FORMAL SAFETY ASSESSMENT PROCESS
As per Section 4.5, the FSA process shall underpin Part 5 of the Safety Case and provide
evidence of the:
• Likelihood of potential MAHs and the range of possible outcomes;
• Magnitude & severity of the consequences arising from MAHs for the range of possible
outcomes;
• Clear linkages between Kraken FPSO activities, the potential MAHs, control measures
and the associated consequences and risk.
The typical studies are illustrated in Figures 5.1 and 5.2.
Note: The formal safety assessments will relate to major accident hazards only.
PROJECT EXECUTION
FSA: HAZARD ID &
RISK ASSESSMENT
VERIFICATION
SAFETY CASE
FSA: ACTION TRACKER
/ ALARP / CBA
MAHMS
FSA: SAFETY STUDIES
BARRIER MS

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Typical studies and workshops for Kraken will include amongst others the following:
• Historical review of incidents involving floating offshore units.
• HAZIDs (topside/subsea/marine/vendor systems).
• HAZOPs (topside/subsea/marine/vendor systems).
• Safety Integrity Level (SIL) assessment/ Layer of Protection Analysis (LOPA).
• Gas dispersion studies.
• Fault and Event Trees
• Bow Ties
• Qualitative Risk Assessment
• Quantitative Risk Assessments (QRA)
• Fire and explosion assessments including blast overpressure events.
• Helicopter Crash (In-Flight, Helideck & FPSO)
• Ship collision analyses.
• Dropped objects studies for FPSO and subsea impact events.
• ALARP workshops involving operations personnel.
• PFEER studies using experts in this area.
• Vulnerability / survivability / reliability / availability studies based on previous experience,
knowledge and reasonably foreseeable events.
• Escape, evacuation and rescue analyses (EERA).
• TR Integrity analysis (TRIA)
• Emergency systems survivability analyses (ESSA).
• Major Accident Prevention Document (MAPD).
As per section 6.0, human factors engineering (HFE) processes and assessments shall be
performed during the applicable FSA processes, including HAZID, HAZOP, SIL assessment,
layout and model reviews. Safety critical task analysis (SCTA) and human failure
assessment (HFA) shall be implemented and performed by HFE specialists.
With respect to consequence analysis (refer Table 5.1), quantitative estimates of
consequence will be produced for MAHs through consequence modelling. Risk assessments
will also consider escalation i.e. the possibility of the event intensifying or the possibility of
one event triggering another as well as considering the most likely events.
Note: Consideration of escalation will be linked with emergency response arrangements as per the
requirements of PFEER.
Table 5.1 – Modelled Consequences
Pool fires (including sea fires) Dropped objects
Jet fires Ships collision impact
Confined and partially confined explosions Loss of structural stability
Probabilistic explosion (CFD) Loss of hull integrity
Flash fires Helicopter crash (in-flight, helideck & FPSO)
Toxic releases and their effects Impact to Escape, Evacuation Rescue &
Recovery
Gas dispersion (flammable or toxic) Plume dispersion
Flare radiation & dispersion F&G mapping

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
The FSAs will consider existing control measures and how these will influence risk as well as
their potential to experience common mode failure. The FSAs will also consider how reliable
controls are and how effective they might be for a particular situation (e.g. emergency system
survivability analysis during a major accident event).

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 5.1 – Formal Safety Assessment Process
HAZARD IDENTIFICATION
MAH RISK
REGISTER
LAYOUT REVIEW HAZOPHAZID/ENVID/HRA SIL
SAFETY STUDIES
NHHA (e.g. helicopter / ship collision,
dropped object and structural failure)
assesses the risk of ‘physical’ accident
events that could harm personnel on
the Facility.
NON HYDROCARBON
HAZARD ANALYSIS
FIRE AND EXPLOSION RISK
ASSESSMENT
ESCAPE TEMP REFUGE EVAC
& RESCUE ANALYSIS
EMERGENCY SYSTEMS
SURVIVABILITY ASESSMENT
QUANTITATIVE RISK
ANALYSIS
FERA is used to assess the consequences
of fire and explosion events on the Facility
and to evaluate the potential of event
escalation leading to impairment of the
critical structures and equipment on the
Facility.
ETRERA considers the provisions
for escape, muster, evacuation and
rescue of personnel on the Facility.
ETRERA assesses the availability
and integrity of the EER facilities to
ensure that in the event of an
unwanted event, personnel can
escape and muster and that the
evacuation and rescue facilities are
available, when required.
ESSA identifies the emergency systems
on the facility and assesses the ability
of these systems to withstand MAEs for
a sufficient time to allow these systems
to complete their functions. For
example, a gas detector to alert
personnel of a gas leak before a fire or
explosion event occurs.
SAFETY CASE
SCEs (barriers) & PS
ALARP STUDY

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 5.2 – Kraken Safety Case FSA Process
SAFETY STUDIES
NHHA FERA EERA & TRIA ESSA
QRA
HRA
NOISE & VIBRATION
HFE
RADIATION & DISPERSION
SAFETY CASE
SCS / SCE and PS
ALARP STUDY
HAZARD IDENTIFICATION
LAYOUT REVIEW HAZID/ENVID/HRA SILHAZOP
MAH RISK
REGISTER

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
5.3 HAZARD IDENTIFICATION
Major accident hazards are those hazards that have the potential to result in major accident
events (MAEs) i.e. the high consequence / low frequency events. These hazards, if realized,
have the capability to cause multiple fatalities and/or impairment of the defined safety
functions upon an installation.
5.3.1 Major Accident Hazard Risk Register
An initial MAH Risk Register was compiled during the early engineering phase of the Kraken
Project. On completion of the Hazard Identification (HAZID) Workshop, the findings from the
workshop will be consolidated within the MAH Risk Register. This Register shall then
continue to be developed in parallel to the risk assessment process - informing it and being
informed by it. Figure 5.3 outlines the process for developing the risk register process.
Figure 5.3 – MAH Risk Register Processes

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
The MAH Risk Register details the major accidents hazards associated with the asset design,
including their causes and potential escalation events. The Register also specifies the safety
critical design measures in place to either help prevent, detect, control or mitigate the
hazardous affects associated with the identified major accident hazards.
The MAH Risk Register will be supported by “bowtie” diagrams. These diagrams provide a
diagrammatical representation of the MAE by identifying and defining the following:
• All threats/causes which could lead to the identified MAE being realized.
• All barriers in place to help prevent, detect, control or mitigate the resulting MAH/MAE;
• The major accident hazard.
The MAH Register & bowties are used to illustrate the relationships between each MAH and
allows an assessment to be made as to whether adequate preventive, detection, control and
mitigation controls are in place to prevent the hazard from being realised or to manage the
hazard. The assessment further identifies actions that may be required in areas where the
controls are not considered sufficient.
5.4 RISK ASSESSMENT METHODOLOGY
5.4.1 Project Risk Management Framework
The systematic analysis of options for reasonable practicability shall make reference to
relevant good practice and sound engineering judgement. Where appropriate, this will be
supported by reference to suitable and sufficient risk assessment. If a measure appears
practicable and the cost of the measure is not grossly disproportionate to the benefit gained,
then the measure is reasonably practicable and shall be implemented.
The “Framework for Risk Related Decision Support” – Oil & Gas UK will be applied to support
the risk related decision-making process and for recording and demonstrating the robustness
of the decision.
These same guidelines will support decision-makers when assessing the relative importance
of codes and standards, good practice, engineering judgement, risk analysis, cost benefit
analysis and company and societal values when making decisions. The framework aims to
encourage the development of transparent decision making processes, thereby helping duty
holders meet their regulatory obligations.
In conjunction with the Oil & Gas UK guidelines the framework of the decision making
process is shown in Figure 5.4.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 5.4 - Risk Related Decision Support Framework Diagram
5.4.2 Risk Assessment Model
During development of the MAH Risk Register, where Project risks have been identified for
further more detailed assessment, the rigour of the assessment will be proportionate to the
following:
• The level of estimated risk (and its proximity to the limits of tolerability); and
• The complexity of the problem and/or difficulty in answering the question of whether more
needs to be done to reduce the risk.
As illustrated in Figure 5.5, risk assessment will progress through specific stages (qualitative,
semi-quantitative or quantitative assessments) to provide an appropriate demonstration that
the risk is being managed.
Figure 5.5 – Proportionate Risk Assessment

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Qualitative (Q) in which frequency & severity are determined purely qualitatively.
Semi-quantitative (SQ) in which frequency & severity are approximately quantified within ranges.
Quantified risk assessment (QRA) in which full quantification occurs.
Note: These stages may be modified according to the complexity of the decision that the risk
assessment is being used to inform e.g.: it may occasionally be possible to use qualitative risk
assessment in extremely high risk situations, where it is obvious that the risk is so high that risk
reduction is essential. Great care must also be taken when attempting to justify something that is a
significant deviation from existing codes, standards or good practice.
Evaluation of a major accident risk will therefore be based upon the proportionate level of risk
and the complexity of the problem. Most importantly, the risk assessment undertaken will
provide an input in to the decision making process and those responsible for such decision
making will be shown to be suitably qualified, experienced and of sufficient seniority to be
competent and accountable for their actions.
The lower levels of assessment (Q and SQ) are considered most appropriate for screening
for hazards and events that need to be analysed in greater detail i.e. to assist in determining
the events to be included in the representative set for more detailed assessment.
For the Kraken Project, the approach to deciding the appropriate level of detail will be to start
with a qualitative approach and to elect for more detail whenever it becomes apparent that
the current level is unable to offer the following:
• Required understanding of the risks.
• Discrimination between the risks of different events.
• Assistance in deciding whether more needs to be done (making compliance judgements).
A robust risk management process will underpin the management of all safety issues
identified for the Kraken Field. This process, initiated in the earliest phase of the Project, will
be continued throughout the lifecycle of the Project.
Note: Kraken hazards identified through the risk management process shall be assessed both
individually and cumulatively.
The Kraken Project approach to risk management is outlined in Figure 5.6. The process
adopted combines the activities needed to comply with SCR05, MAR, PFEER and DCR into
a lifecycle approach for hazard management.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Establish The Context Of The Risk
Assessment
Define The Activities To Be Done
Identify The Hazards Associated
With The Activities
Evaluate The Likelihood Of The
Hazards Coming To Fruition
Compare The Risks (Likelihood x
Consequences) With The BAUK
Risk Criteria
Is The Risk
ALARP/Broadly
Acceptable?
Instigate The
Next Level Of
Protection
Identify The Consequences Of The
Hazards Coming To Fruition
Perform The Activities
Yes
RegularlyMonitorAuditAndReview
Consult,InformandEducateTheStakeholdersRegardingtheRiskAssessment
No
Figure 5.6 – Kraken Project Risk Management Process
5.4.3 Qualitative Risk Assessment
The source of the concept of the tolerability of risk is the HSEx’s decision making progress
guidance “R2P2”. The above figure as well as the guidance provided in “R2P2” shall be used
to support risk management decisions. The Kraken Project has defined the boundaries
between the three risk regions within a risk tolerability matrix (refer Table 5.2). The tolerability
matrix is based primarily on ISO17776 and is used to describe what the credible outcome of
the hazardous event is in terms of consequence (people, environment, value or reputation)
and how likely it is.
All residual risks identified for the Kraken Project shall be evaluated against this risk
tolerability matrix. Evaluations using this table shall be conducted by an appropriately
experienced group to ensure hazards are correctly ranked.
The outcome of the risk ranking process shall be used to determine the appropriate hazard
management approach and shall assist in the prioritisation of risk management efforts.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Table 5.2 – Project Risk Tolerability Matrix Criteria
Residual Risk Region Summary
Intolerable High Risk (red region)
Activities/operations that give rise to residual risk
(i.e. those that remain after the control measures
have been applied) within the intolerable risk
region of the matrix are unacceptable.
Tolerable if ALARP Medium Risk (yellow region)
Activities/operations will be allowed to operate
subject to confirmation that the cost of an
additional control measure is grossly
disproportionate compared to the risk reduction
afforded by the additional control measure.
Broadly Acceptable (Low Risk) (green region)
Activities/operations may be operated without
further consideration to the provision of additional
control measures.
5.4.4 Quantified Risk Assessment - QRA
SCR05 has removed the specific requirements for QRA and the approach supported by
HSEx OIS 3/2006 has been adopted, where an initial assessment of the likely minimum
approach to risk assessment has been performed. The Kraken FPSO has been assessed in
the category:
• Large integrated platforms in the northern North Sea or large nodal platforms in the
southern North Sea are likely to have a combination of complexity and risk level requiring
QRA;
SCR92 tended to focus the attention of a duty holder on the extensive use of detailed QRA,
frequently prepared by a specialist contractor on their behalf. This approach has been useful
for advancing the understanding of risk on offshore installations, or from activities in
connection with them. However, now that this understanding is more mature, risk assessment
must increasingly focus on where it can add value (e.g. in evaluation of risk reduction options)
rather than provided as an “off-the-shelf” assessment. Thus any risk assessment should
answer the fundamental question of whether there is anything more that can be done to
reduce the risk, while adding value.
A detailed QRA will be undertaken for the Kraken Project by a 3rd party risk specialist. The
QRA shall not be an “off-the-shelf-assessment but shall focus on the unique characteristics of
the heavy crude process streams and the very limited gas inventory.
In line with guidance set out by the HSEx, QRA results shall be expressed in terms of the
following:
• IRPA - Individual Risk Per Annum, this is the chance of an individual becoming a fatality.
An IRPA of 1.00E-03 would mean for each individual, every year, there is a 1 in 1000
chance of a fatal accident.
• PLL - Potential Loss of Life, this is the product of all the IRPAs. PLL is related to IRPA by
the relationship IRPA = PLL x fraction of time an individual is offshore per year/POB.
• Temporary Refuge (TR) Impairment - This is the chance per year that the TR will be
unable to perform in the way stated in the safety case. It is represented as a frequency

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
per year, with an upper bound of no higher than 1.00E-03. In other words no more than
once in every 1000 years would there be an event that would prevent the TR from
functioning as described in the safety case.
5.4.5 QRA Uncertainty and Sensitivity
The quality of the modelling and data will affect the robustness of the numerical estimate and
the uncertainties. This will be borne in mind by BAB Kraken and BAUK when using the
estimate in risk management decisions.
Note: The use of numerical estimates of risk, by themselves, can be misleading and can result in
decisions that either do not meet adequate levels of safety, or overestimate the real risks. In general an
approach that uses information from engineering and operational analysis, supplemented where
appropriate by QRA, will lead to more robust decisions.
5.5 DEMONSTRATION OF TOLERABLE RISK
Figure 5.7 illustrates the concept of the tolerability of risk. The triangle which is based on
guidance by the HSEx represents increasing levels of risk for a particular hazardous activity
as we move from the bottom of the triangle towards the top.
The red zone at the top of the triangle represents the unacceptable risk region. Risks in this
region are not tolerated no matter what the level of benefit is. The lightly shaded zone at the
bottom of the triangle represents the broadly acceptable risk region. The levels of risk
characterising this region are comparable to those that people regard as insignificant or trivial
in their daily lives. The zone between the unacceptable and broadly acceptable regions is
the tolerable region. Risks lying in this region are typically those that people are prepared to
tolerate in order to secure some benefit, in the expectations that:
• The nature and level of the risks are properly assessed and the results used properly to
determine control measures.
• The residual risks are not unduly high and kept as low as reasonably practicable.
• The risks are periodically reviewed to ensure that they still meet the ALARP criteria, for
example, by ascertaining whether further or new control measures need to be introduced
to take into account changes over time, such as new knowledge about the risk or the
availability of new techniques for reducing or eliminating risks.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 5.7 - HSE Framework for Tolerability of Risk
5.5.1 Project Risk Acceptance Criteria
In order to ensure a Project design solution that ensures risks are ALARP and in accordance
with the requirements to demonstrate regulatory compliance, BAB identified project-specific
risk acceptance criteria (RAC) during the early establishment of the Kraken Project. These
criteria apply when judging the tolerability of risk to persons for the Kraken Project. The
Project RAC are illustrated in Figure 5.8 and are based on Industry benchmark, and HSEx
guidance (R2P2 and OIS 3/2006), which are underpinned by NORSOK Z013 and the Oil &
Gas UK Fire & Explosion Guidelines 2007.
• Individual risk (IRPA) to any worker group above 5.00E-04 per annum shall be
considered intolerable and fundamental risk reduction improvements are required
• Individual risk below (IRPA) 5.00E-04 but above 1.00E-05 per annum for any worker
group shall be considered tolerable if it can be demonstrated that the risks are as low as
reasonably practicable
• Individual risk (IRPA) below 1.00E-05 per annum for any worker shall be considered as
broadly acceptable and no further improvements are considered necessary provide
documented control measures are in place and maintained.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 5.8 – Risk Acceptance Criteria for Kraken Development
Table 5.3 – Risk Frequency Distribution
Risk Frequency
1.00E-03 OR 1 x 10
-3
1 in 1,000 years 1 in 1,000 chance per year
5.00E-04 OR 5 x 10
-4
1.00E-04 OR 1 x 10
-4
1.00E-05 OR 1 x 10
-5
Although there is no specific requirement to estimate group risk, guidance provided within
HSE APOSC indicates a need for the duty holder to demonstrate TR integrity (TRI), which
could be considered as a measure of societal risk. The requirement adopted for the Kraken
Project is to demonstrate that the frequency, with which accidental events (any MAH
consequence category) will result in a loss of TRI, within the minimum stated endurance time,
does not exceed the order of 1.00E-04.
As for individual risk this frequency must be reduced to a lower level wherever reasonably
practicable and where the frequency is close to 1.00E-03 (refer Table 5.3), acceptance that
further risk reduction measures are ‘grossly disproportionate’ should be on the basis of a very
rigorous demonstration.
An acceptable level of risk can be identified within the ALARP framework (refer Figure 5.8),
which identifies the acceptable frequency of exceedance of the severity of the design or
dimensioning scenarios. Typically this frequency of exceedance will be of the order of 1.00E-
IRPA 1X10
-5
IRPA 5X10
-4

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
04 to 1.00E-05 per year depending on the risk to people on board, impact on the SCEs and
the overall individual risk including that from other hazards.
Following NORSOK Z013, ISO 19901-3: 2003 uses a threshold probability of exceedance
level (1.00E-04 per year) below which individual contributing scenarios need not be
considered further if the impact on personnel is low enough (i.e. numbers of personnel
affected). Events with probabilities above this level are considered to be ‘top event, and
require further analysis to determine the size and extent of the resulting loading and
subsequent effects.
BAB Kraken and BAUK propose a similar approach. An event which impinges directly on the
Temporary Refuge will require a probability of exceedance > 1.00E-05 per year. Events
directly affecting other regions where a barrier may be present to prevent impingement on the
TR are considered if the probability of exceedance is greater than 1.00E-04 per year.
Reducing risks to ALARP will be demonstrated in all cases, both through the justification of
the choice of design scenarios and from a determination of the impairment frequency of the
safety critical elements (SCEs) under the fire loads.
5.5.2 Risk Reduction Measures
The main purpose of the risk assessment process is to decide if more needs to be done.
Where there is scope to reduce the risks to personnel an appropriate technique shall be
applied to decide if the measure is reasonable. Assessing which risk reduction measures
should be incorporated into the design will be based on established principles of engineering
safety; the project Hazard Management contained in this document, HSE Design Basis, best
practice and where appropriate the project compliance demonstration (ALARP) process.
5.6 DEMONSTRATING COMPLIANCE WITH RELEVANT STATUTORY
PROVISIONS.
The application of the ALARP process is one portion of the key element of the BAUK SMS to
ensure that all measures that could be applied to each of the identified major accident
hazards are appropriate. The ALARP process is encompassed into the requirements to
demonstrate compliance with the relevant statutory provisions.
For the purposes of SCR05 Regulation 12 compliance with the relevant statutory provisions
shall be demonstrated. As duty holder BAUK recognizes the process shall be a key element
of their safety management system. This will result from the description of the management
process by which BAUK has reached the conclusion that all the measures that could be
applied to reduce risks from each of the identified major accident hazards are appropriate and
that nothing more can be done.
The compliance demonstration with relevant statutory provisions shall establish that risks are
tolerable - through application of relevant good practice, professional judgement, experience
etc. and where necessary supported by reference to the use of appropriate risk assessment
techniques. Following this BAUK shall consider whether the relevant legal test has been
satisfied, for example have the risks been reduced so far as is reasonably practicable. This
involves looking to see if there are ways in which remaining risks can be further reduced.
To demonstrate compliance with the relevant statutory provision for each major accident
hazard identified for the installation, the demonstration shall contain elements of the following
process:

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
• Identification and consideration of a range of potential measures for further risk reduction,
• Systematic analysis of each of the identified measures and a view formed on the safety
benefit associated with each of them,
• Evaluation of the reasonable practicability of the identified measures,
• The implementation (or planned implementation) of the identified reasonably practicable
measures,
• Recording of the process and results, and these are summarised in the safety case.
The systematic analysis of options for reasonable practicability shall make reference to
relevant good practice and sound engineering judgement. Again, where appropriate this
should be supported by reference to appropriate use of risk assessment techniques. If a
measure appears practicable and the cost of the measure is not grossly disproportionate to
the benefit gained, then the measure is reasonably practicable and should be implemented.
The management process described in the demonstration of compliance with the relevant
statutory provisions should also show that a duty holder has considered the integrated picture
when assessing risk and not a partial view from considering each hazard in isolation, rather
than across the whole system.
The safety case shall show that the process of ensuring risks are controlled to ensure
regulatory compliance has been an iterative one in which it has been necessary for a duty
holder to go through the process a number of times. This will support BAUK’s provision in
providing a convincing demonstration that major accident risks are controlled to ensure
regulatory compliance.
Reducing a risk to ALARP further involves balancing achievable risk reduction with the cost
and implementation of the risk reduction measure. ALARP can be demonstrated by showing
that the residual risk (after implementation of controls) is broadly acceptable (as per figure
5.8), requiring no further controls, or that the cost of additional risk reduction measures is
grossly disproportionate to the risk benefit gained i.e.
- where DF is the disproportionate factor.
For the Kraken Project, and in line with the Executive, the costs are considered to be grossly
disproportionate to the improvement gained if the implied cost of averting a single fatality
(ICAF) is ≥ £6,000,000.00.
5.6.1 ALARP Decision Selection
The decision to conduct an ALARP assessment shall be made by the Technical Safety TA in
consultation with project personnel and discipline leaders. All ALARP assessment decisions,
including those that require a greater degree of risk assessment than an ALARP worksheet
and those that do not require an ALARP review, shall be recorded for auditing purposes. A
register of ALARP decisions shall be maintained by project technical safety and shall be
incorporated into a close-out report.
This may involve an overall ALARP project register and a FPSO specific ALARP Register
(where major engineering change to the FPSO can be recorded).
Costs
Benefits
> 1x DF

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
5.6.2 ALARP Methodology Overview
The ALARP methodology shall adhere to the main steps for risk assessment. Technical
Safety shall develop a Risk Assessment / ALARP Procedure to support the Compliance
Demonstration. For the purposes of this, these steps have been divided into the following
main stages:
• Identification of the design issue, the risks of that issue and the tolerability criteria.
• Assess the options, the selection basis, the uncertainties and the chosen option.
• Risk Conclusion / Evaluation which outlines the residual risks generated and further
requirements / confirmations.
The ALARP procedure will be developed to contain the management processes including
ALARP worksheets and supporting registers.
5.6.3 Cost Benefit Analysis
Having identified potential additional risk reduction measures, their practicality shall be
assessed. One technique to achieve this shall be Cost Benefit Analysis (CBA). CBA is the
numerical assessment of the costs of implementing a design change or modification and the
likely reduction in fatalities that this would be expected to achieve. It suffers from the same
problems as QRA when used as an input to decision making and therefore it should be used
cautiously in support of qualitative or engineering arguments.
In making this assessment there is a need to set criteria on the value of a life or implied cost
of averting a statistical fatality (ICAF). For Kraken, the following shall be used as guidance
for risk based decision making using CBA:
• HSE principles for Cost Benefit Analysis (CBA) in support of ALARP decisions.
• Health and Safety Executive, Reducing Risks Protecting People (R2P2), HSE Decision
Making Process.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
6. HUMAN FACTORS
BAB Kraken Project and BAUK’s goal is to reduce the potential for human error in the design
and operation of the Kraken facilities, and so demonstrate that the risks to personnel and the
environment posed by Human Factors are ALARP.
In accordance with the Human Factors Implementation Plan, Human factors will be
addressed during the design (and operation) of the Kraken FPSO in order to identify operator
& maintenance needs and requirements throughout the lifecycle of the FPSO’s systems, with
the goal being to minimize human error and maximise human and total system safety and
effectiveness. This will be accomplished through the following:
• Analysis of design requirements and development of a lessons learned register - positive
& negative - of previous designs that should be carried forward or should be changed/
improved;
• Development of HFE design criteria & guidelines to apply human factors principles;
• Appropriate analyses & requests for operator and/or maintainer input to derive task
requirements and needs; and
• Application of logical and practical human-system interface design.
The various HFE high level activities to be performed are identified in Figure 6.1.
By virtue of workforce involvement in various design reviews, the plant will, as far as
reasonably practicable, be designed to provide sufficient space and access for operation,
maintenance, escape & evacuation, and fire fighting activities. All mainstream valves on
cargo handling equipment will be accessible or operable from permanent access platforms.
Local status indicators, valve operators, emergency valves, sample points, purge and drain
points will similarly be accessible from permanent decking.
With regards handling of motors, pump heads, tube bundles, valves, etc., extensive
consideration will be given to mechanical handling and methods of transport to ensure that
equipment is fit for purpose and appropriate to the task, in accordance with the requirements
of the Lifting Operations and Lifting Equipment Regulations.
As a general requirement adequate valves and spade isolation points will be provided to
allow equipment to be worked on while production continues, and to allow partial operation
under most conditions.
The objective will be to “design-in” safety and operability and to “design-out” potential
incidents that might arise from people’s interaction with equipment. Further consideration will
the provision of good information, clear procedures, memory aids, training, clear objectives,
avoiding distractions and a working environment which minimises fatigue, ill health, etc.
Risk assessment and human factors for the Kraken FPSO is further outlined within the HSE
Design Basis. Please refer to this document for further details.

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
Figure 6.1 Human Factors Engineering Activities
KRAKEN PROJECT TIME LINE
FEED: Defining DD: Design
Development
DD: 3D Design PRE-OPERATION
TECHNICAL
SPECIFICATIONS
DESIGN
ANALYSIS
EARLY DESIGN
ANALYSIS
DESIGN
REVIEWS
PROVIDE
SUPPORT
CRITICAL TASK
REVIEWS
Analysis
IMPLEMENTATION
PLAN
SAFETY CRITICAL
PROCEDURES
ISSUE REGISTER
& ACTION PLAN
OPERATIONS
Analysis
Review
Support Monitor,
measure,
implement,
validate
DESIGN
ANALYSIS
MANAGEMENT
OF CHANGE
CAUSAL ANALYSIS
(incidents)
LESSONS
LEARNED
LAYOUT
REVIEWS
CONSTRUCTION
PLAN
PRE-COMMISSION
REVIEWS
REVIEW OF
STANDARDS
INSPECTIONS /
AUDITS

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
APPENDIX A TYPICAL SAFETY CASE (TABLE OF CONTENTS)
1. INTRODUCTION AND SUMMARY
1.1. Purpose of the Safety Case
1.2. Safety Case Structure
1.3. Safety Case Objectives, Purpose & Scope
1.4. Safety Case Ownership and Distribution
1.5. Responsibilities, Maintenance of and Review
1.6. Name And Address of the Operator
1.7. The Kraken Field
1.8. FPSO Facility Design Overview
1.9. FPSO Facility Operations Overview
1.10. Risk Management and Control Overview
1.11. Review and Improvement Plan
1.12. Justification for Continued Operations
2. FIELD AND FACILITY DESCRIPTION
2.1. Overview
2.2. Environmental Conditions
2.3. Design and Development History
2.4. Operational Limits
2.5. Facility Structure
2.6. Facility Equipment and Area layout
2.7. Reservoir and Wells
2.8. Pipelines and Risers
2.9. Marine Systems
2.10. Process Systems
2.11. Turret & Mooring Systems
2.12. Utility Systems
2.13. Control and Communications
2.14. Safety Systems
2.15. Evacuation, Escape and Rescue
2.16. Operations and Logistics
2.17. Hazardous Substances and Inventories

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
2.18. Occupational Health and Safety
3. SAFETY MANAGEMENT SYSTEM
3.1. Introduction and Description
3.2. Management Policy and Principals
3.3. Health and Safety Organization
3.4. Regulatory and Compliance Management
3.5. Operational Risk Management
3.6. Planning and Implementation
3.7. Training and Competence Management
3.8. Communication and Consultation Management
3.9. Procurement and Contractor Management
3.10. Health and Welfare Management
3.11. Operational Management and Control Procedures
3.12. Emergency and Crises Management
3.13. Performance and Audit Management
3.14. Incident / Non-Conformance Management
3.15. Continuous Improvement Management
3.16. Experience Transfer
4. COMBINED OPERATIONS
4.1. Introduction
4.2. Description of Facilities
4.3. Management of Combined Operations
4.4. Simultaneous Operations
4.5. Risk Assessments & Work Reviews
4.6. Hierarchy of Controls
4.7. Development of Interface/Bridging Documents
4.8. Verification Schemes for COMOPS
5. MAJOR ACCIDENT HAZARD ANALYSIS AND MANAGEMENT
5.1. Introduction
5.2. Hazard (Formal Safety Assessment) Methodology
5.3. Evaluation of Hazard Management Systems
5.4. TR Integrity & EER Assessment results
5.5. QRA Results
5.6. Safety Critical Elements and Performance Standards

Doc. No : 21020-BAB-04101-HS-PR-0005
Rev No : C1
Consultant/
Vendor No
:
5.7. Demonstration of ALARP
5.8. Major Accident Prevention Document Summary
5.9. Major Accident Hazard Sheets
6. VERIFICATION
6.1. Verification
6.2. Classification

21020-BAB-04101-HS-PR-0005_C1 FINAL

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 21020-BAB-04101-HS-PR-0005_C1 FINAL

Similar to 21020-BAB-04101-HS-PR-0005_C1 FINAL (20)

21020-BAB-04101-HS-PR-0005_C1 FINAL