Society of Petroleum Engineers , profile picture
Uploaded bySociety of Petroleum Engineers
PPTX, PDF12,949 views

Human Factors in Barrier Thinking

The document discusses the importance of human factors in barrier thinking within safety management strategies, focusing on how human performance affects the effectiveness and independence of safety controls. It emphasizes the need for clear intentions and expectations in human performance and discusses real-world challenges illustrated by the Buncefield fuel storage incident. The document outlines five key challenges to enhance the robustness of human controls in safety operations.

Engineering
Related topics:
Oil and Gas Insights

Embed presentation

Downloaded 38 times
Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 1 Professor Ron McLeod Ron McLeod Ltd. Human Factors in Barrier Thinking
Objectives • Explore the role that human performance has in layers-of- defences strategies • Consider what Independence and Effectiveness mean for Human Factors • Demonstrate how controls reflect an organizations Intentions and Expectations of human behaviour and performance • Illustrate how those Intentions and Expectations can be defeated in the real-world. 2
Content 1. Basic concepts in Barrier Thinking • Bow-Tie Analysis • Criteria for robust barriesr 2. Human Factors in control Independence • Example: Fuel spill during tank filling 3. Human Factors in control Effectiveness • The importance of understanding Intentions and Expectation 4. Lessons from reality: Buncefield 5. Five challenges in assuring human controls 3
Basic Concepts in Barrier Thinking Bow-Tie analysis Criteria for robust barriers
A Conceptual Model Losses EVENT Human Organisational Engineered Threats
Layers of Protection Analysis Standards • IEC 61508, 2003 – Functional safety of electrical. Electronic. Programmable electronic safety-related systems • IEC 61511, 2010 – Functional Safety – Safety Instrumented systems for the process industry sector Good Practices • Process Safety Leadership Group, 2010 – Safety and environmental standards for fuel storage sites • Centre for Chemical Process Safety, 2015 – Guidelines for initiating events and independent protection layers in layers of protection analysis “Human factors appear to dominate ….in all the LOPA studies assessed in this work” (Chambers, et al, 2009)
Bowtie Analysis ConsequenceThreat Hazard Top Event Degradation Factor Barrier • Critical Equipment – Physical structures or equipment that support a control. • Critical Activities – Human tasks necessary to assure the integrity of structural or equipment controls. • Critical Positions – Roles responsible for the performance of Critical Activities. Barrier Barrier Barrier Barrier Degradation Factor Barrier
Current industry initiatives • Chartered Institute of Ergonomics and Human Factors (CIEHF) – White paper: “Human factors in Barrier Thinking” • Expected early 2017 • Centre for Chemical Process Safety (CCPS) – Concept Book: “BowTies for Risk Management” • Energy Institute, EPSC, AICHE, AIDC • Lyondellbasel, Braskem, Linde, ABS, Eni, Phillips66, Shell, BP, BHPBilliton • Expected 2017
Criteria for good barriers Every barrier should be: Specific: Specific actor, specific object, specific goal Effective: It – and it alone - must be capable of blocking the threat Independent: A single failure should not be able to defeat more than one control Capable of being Assured: Be implemented so it is capable of functioning as intended Be in-place, maintained and supported. 9
• An issued Bowtie Analysis is a very strong statement of intent. – It sets out what the organisation intends to do to protect its workers, the public and the environment. • The organisation chooses which controls it intends to rely on. • If controls are not sufficiently robust, they should not be relied on. Note! 10
Human Factors in Control Independence Independence: A single failure should not be able to defeat more than one control 11
A hypothetical Bowtie for tank filling Top Event = Spill of flammable fuel during tank filling Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill
Are the controls specific? Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill - Specific Actor? - Specific Object? - Specific Goal? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill
Human Factors issues in control Independence • Organisational factors can influence all operators – Chain of Command; Incentives; Contracts • Cross-checking by another operator is often not independent • Often, there is no-one else. UK Process Safety Leadership Group “…the intended independence of the checking process may not in fact be achieved . .” Swain & Guttman, 1983 “…the behaviour of an operator and a checker are not independent”.
Level Guage Independent High Level Switch Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill Proactive operator monitoring Tank level alarm and operator response
Are the barriers Effective? What is Intended and what is Expected? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill
Intentions and Expectations • Intentions – Things the proposers intends to ensure are in place for the Barrier to function – Are within the scope of supply of the proposers – Will often be about the design of the work environment and equipment interfaces • Expectations – Are not within the proposers scope of supply. – But must be assumed to be true for a control to be considered effective. – Will often be about organisational arrangements and operational and commercial practices
Examples of Intentions Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer • …will be fit for the purpose • …will be set at appropriate levels • …will be effective in attracting the operators’ attention • …will make the operator aware of the problem in good time… • … And that • …operators will know if the alarm is not working… • … “Our intention is that the tank level alarms… Fuel spill
Examples of Expectations Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill • …the alarms will be installed and maintained correctly • …operators will be present and in a fit state to respond • …operators will be trained and competent to know what an alarm means and how to respond • …operators will do what is needed in time… And that • …operators will report known faults • …reported faults will be fixed • ..operators will not initiate a fuel transfer if the alarm system is not working… “Our expectations are that …
After test of HF Independence Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill Using independent data sources Same operator ? + Degradation Factors and their safeguards
Buncefield Fuel Storage Depot - Dec 11 2005 • Sat 10 Dec, 18:50 – Receipt of parcel of unleaded fuel initiated into tank 912 • Sunday 11 Dec, 05:37 – Tank capacity exceeded. Fuel began to spill • 06:00 – Vapour cloud ignited – 250,000l fuel • Fire burned for 5 days – 0 Fatalities – 40 injuries – Major economic and social disturbance Why did it happen? 1. Failure of automatic tank gauging system 2. Failure of independent high-level switch Health and Safety Executive: “Buncefield: Why did it happen? The underlying causes of the explosion and fire at the Buncefield oil storage depot, Hemel Hempstead, Hertfordshire on 11 December 2005”. http://www.hse.gov.uk/comah/investigation-reports.htm. 22
How did the tank level alarms perform at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Tank level sensor does not function Routine Maintenance and testing Fuel spill
There were no alarms… “At 0305 hrs on Sunday 11 December the ATG display …stopped registering the rising level of fuel in the tank..” • The control room operators had nothing to draw their attention to the fact that the alarm had failed • There was a history of repeated failure and unreliability of these alarms • The same control room operators who knew the alarms were unreliable continued to rely on them. It had stuck 14 times during the three months before the incident Intention: “…operators will know if the alarm is not working…” Expectation: “..operators will not initiate a fuel transfer if the alarm system is not working…”
What happened at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill “..the flow rate.. changed from 550 to 900 m3/h without the knowledge of the supervisors.” “The supervisors relied on the alarms to control the filling process.” “The servo-gauge had stuck..” “..was installed without the padlock.”
Proactive operator monitoring Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Fuel spill What is Intended and what is Expected?
Pro-active operator monitoring Examples of intentions • The design of the control room and instrumentation will provide all of the information and controls needed. – Without relying on the tank level sensors. • Operators will be able to access, understand and use the information and controls. • Etc… Examples of expectations • The operators job will be designed to support proactive monitoring – Simultaneous tasks will not interfere with the operator’s ability to monitor the transfer – The operator will not be incentivised to give pro-active monitoring a low priority – Etc.. • Operators will check the progress of the transfer frequently enough and while they have time to intervene, without prompting. • Etc…
Five Human Factors challenges 1. What exactly is the control? – What is intended and what is expected of human performance? 2. Who will be involved? – Who Detects? Who Decides? Who Acts? 3. What information will they need? – Where will they get it? 4. What judgements or decisions will they need to make? – Are they reasonable in the conditions? – Could safety compete with production? 5. What actions will they need to take? – Will they have the time? – How and when will they know they were succesful?
In summary • Considered what Independence and Effectiveness mean for controls that rely on people • Demonstrated that controls reflect the organizations Intentions and Expectations of human performance • Illustrated how those intentions and expectations can be defeated in the real-world. • Suggested 5 challenges to ensure human controls are as robust as they reasonably can be. 29
Challenges and Take-Aways • How many of the controls/barriers your business relies on depend on human performance? – Operations/ Maintenance/ Inspection / Support • Would you know exactly what those controls are? – What is Intended and what is Expected of your people? • How does your business ensure those human controls are as robust as they reasonably can be? – That intentions are actually implemented – That expectations are managed during planning and operations 30
Look our for…. • CIEHF White paper: “Human factors in Barrier Thinking” • Expected early 2017 • CCPS Concept Book: “BowTies for Risk Management” • Expected 2017
Thank you for your attention Any Questions? ron@ronmcleod.com www.ronmcleod.com 32
Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 33 Your Feedback is Important Enter your section in the DL Evaluation Contest by completing the evaluation form for this presentation Visit SPE.org/dl

More Related Content

PPTX
Process safety managment
byDoruk Kimyasal Yönetim Sistemeri
 
PPTX
Hazop ppt
bySangeeta Phadke
 
PDF
Mechanical Integrity.pdf
byaashir14
 
PPT
LAYER OF PROTECTION ANALYSIS
byThapa Prakash (TA-1)
 
PDF
PSM Process Safety Management.pdf
byssuser2fc67e
 
PPTX
Plant shutdown
bywillyfellow
 
PPT
HAZOP AND OPERABILITY STUDY
bydamomech92
 
PPTX
Process Safety Management Fundamentals.pptx
byImtiazHussain312057
 
Process safety managment
byDoruk Kimyasal Yönetim Sistemeri
 
Hazop ppt
bySangeeta Phadke
 
Mechanical Integrity.pdf
byaashir14
 
LAYER OF PROTECTION ANALYSIS
byThapa Prakash (TA-1)
 
PSM Process Safety Management.pdf
byssuser2fc67e
 
Plant shutdown
bywillyfellow
 
HAZOP AND OPERABILITY STUDY
bydamomech92
 
Process Safety Management Fundamentals.pptx
byImtiazHussain312057
 

What's hot

PDF
Process Hazard Analysis
byNGE
 
PPTX
Fault Tree Analysis
byWoh Pelam
 
PPTX
Hazard and Operability Study (HAZOP) | Gaurav Singh Rajput
byGaurav Singh Rajput
 
PPTX
Presentation hazop introduction
bySundararajan Thangavelu
 
PPTX
Barrier Thinking - rev 2 May 15.pptx
byPatrickAyan
 
PDF
Hazop Fundamentals Online Training iFluids
byJohn Kingsley
 
PPTX
A real-world introduction to PSM’s 14 Elements
by360factors
 
PDF
Elements of Process Safety Management
byShirazeh arghami
 
PPTX
Hazop Hazard and Operability Study
byAnand kumar
 
PPTX
Process Safety
byConsultivo
 
PPTX
HEMP
byAlliver Revilla
 
PPT
HAZOP.PPT
bywael salah eldin mostafa
 
PDF
Process Safety Management
byTriumvirate Environmental
 
PPT
Reliability centred maintenance
bySHIVAJI CHOUDHURY
 
PDF
THE 14 ELEMENTS OF PROCESS SAFETY MANAGEMENT
bysoginsider
 
PPTX
Process Safety Management in Design, Construction & Commissioning | Lalit K...
byCairn India Limited
 
PDF
Introduction to PSM Online Interactive Training
byJohn Kingsley
 
PPT
Incident investigation and Root Cause Analysis
byHeatherawarens
 
PPT
FMEA
byJitesh Gaurav
 
PPTX
Accident Investigation & RCA
bymadsen720
 
Process Hazard Analysis
byNGE
 
Fault Tree Analysis
byWoh Pelam
 
Hazard and Operability Study (HAZOP) | Gaurav Singh Rajput
byGaurav Singh Rajput
 
Presentation hazop introduction
bySundararajan Thangavelu
 
Barrier Thinking - rev 2 May 15.pptx
byPatrickAyan
 
Hazop Fundamentals Online Training iFluids
byJohn Kingsley
 
A real-world introduction to PSM’s 14 Elements
by360factors
 
Elements of Process Safety Management
byShirazeh arghami
 
Hazop Hazard and Operability Study
byAnand kumar
 
Process Safety
byConsultivo
 
HEMP
byAlliver Revilla
 
HAZOP.PPT
bywael salah eldin mostafa
 
Process Safety Management
byTriumvirate Environmental
 
Reliability centred maintenance
bySHIVAJI CHOUDHURY
 
THE 14 ELEMENTS OF PROCESS SAFETY MANAGEMENT
bysoginsider
 
Process Safety Management in Design, Construction & Commissioning | Lalit K...
byCairn India Limited
 
Introduction to PSM Online Interactive Training
byJohn Kingsley
 
Incident investigation and Root Cause Analysis
byHeatherawarens
 
FMEA
byJitesh Gaurav
 
Accident Investigation & RCA
bymadsen720
 

Similar to Human Factors in Barrier Thinking

PPTX
Human Factors in Barrier Thinking
bySociety of Petroleum Engineers
 
PDF
P-557.pdf
byssuser742279
 
PDF
Bow Tie Risk Analysis
byJohn Kingsley
 
PDF
PERUMIN 31: Bow-tie Risk Analysis
byPERUMIN - Convención Minera
 
PPT
Bowtie analysis slide presentationas.ppt
byMohamadAfiqAmiruddin
 
PPTX
Barrier Thinking - rev 2 May 15.pptx
byPatrickAyan
 
PDF
Keeping Bowties Alive
byChandrashekhar Kulkarni
 
PPTX
“Bow Ties in Risk Management”/Bow Ties- QRA
byMoh Elhagar
 
PDF
Slides from the Back to Basics BowTie Workshop
byPaul McCulloch
 
PPT
2015 Trinity Dublin - Task risk management - hf in process safety
byAndy Brazier
 
PDF
Maling process safety resl S14-J-Wilson.pdf
byssuser742279
 
PPTX
Tcd 2014 onsdag_03 ocean rig_presight_tp i risikoovervaaking
byMintra Trainingportal - Training for the Oil and Gas Industry
 
PDF
Internship Project - Bowtie
byNur Fatin Dariah Mohamad Daud
 
PPTX
Human-Factors-Safety-Moment-Final.pptx
byAliZaminSyed
 
PPTX
ATEX EXPLOSIVE EXPRROF SERGEJ-ARENT.pptx
byMustafaDemirol1
 
PPT
397635690-Bow-Tie-analysis-Incident-Investigation-ppt.ppt
byssuser742279
 
PPTX
Hprct 2011 barrier analysis_upd 2017.08.01
byWilliam R. Corcoran, Ph.D., P.E.
 
PPTX
Management of control room alarms
byAndy Brazier
 
PDF
Bow tie.pdf
byAdarashVats1
 
PDF
Process Safety is a Leadership Issue -Sonya Lee Sept 2012
bySonya Lee
 
Human Factors in Barrier Thinking
bySociety of Petroleum Engineers
 
P-557.pdf
byssuser742279
 
Bow Tie Risk Analysis
byJohn Kingsley
 
PERUMIN 31: Bow-tie Risk Analysis
byPERUMIN - Convención Minera
 
Bowtie analysis slide presentationas.ppt
byMohamadAfiqAmiruddin
 
Barrier Thinking - rev 2 May 15.pptx
byPatrickAyan
 
Keeping Bowties Alive
byChandrashekhar Kulkarni
 
“Bow Ties in Risk Management”/Bow Ties- QRA
byMoh Elhagar
 
Slides from the Back to Basics BowTie Workshop
byPaul McCulloch
 
2015 Trinity Dublin - Task risk management - hf in process safety
byAndy Brazier
 
Maling process safety resl S14-J-Wilson.pdf
byssuser742279
 
Tcd 2014 onsdag_03 ocean rig_presight_tp i risikoovervaaking
byMintra Trainingportal - Training for the Oil and Gas Industry
 
Internship Project - Bowtie
byNur Fatin Dariah Mohamad Daud
 
Human-Factors-Safety-Moment-Final.pptx
byAliZaminSyed
 
ATEX EXPLOSIVE EXPRROF SERGEJ-ARENT.pptx
byMustafaDemirol1
 
397635690-Bow-Tie-analysis-Incident-Investigation-ppt.ppt
byssuser742279
 
Hprct 2011 barrier analysis_upd 2017.08.01
byWilliam R. Corcoran, Ph.D., P.E.
 
Management of control room alarms
byAndy Brazier
 
Bow tie.pdf
byAdarashVats1
 
Process Safety is a Leadership Issue -Sonya Lee Sept 2012
bySonya Lee
 

More from Society of Petroleum Engineers

PDF
Who Owns the Oil? The How and Why of Unitization
bySociety of Petroleum Engineers
 
PPSX
Compositional Simulations that is Truly Compositional - Russell Johns
bySociety of Petroleum Engineers
 
PPTX
A performance-based approach for developing upstream professionals - Salam Sa...
bySociety of Petroleum Engineers
 
PPTX
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
bySociety of Petroleum Engineers
 
PPT
Thriving in a Lower for Longer Environment - Mary Van Domelen
bySociety of Petroleum Engineers
 
PPT
The Fracts of Life - Martin Rylance
bySociety of Petroleum Engineers
 
PPTX
Vulnerability and Management of Water Injectors - Kazeem Lawal
bySociety of Petroleum Engineers
 
PPTX
CO2 in the Subsurface - From EOR to Storage
bySociety of Petroleum Engineers
 
PPTX
Paul Mitchell
bySociety of Petroleum Engineers
 
PPTX
Mark Van Domelen
bySociety of Petroleum Engineers
 
PPSX
Srikanta Mishra
bySociety of Petroleum Engineers
 
PDF
Silviu Livescu
bySociety of Petroleum Engineers
 
PDF
Roberto Aguilera
bySociety of Petroleum Engineers
 
PDF
Robert Hawkes
bySociety of Petroleum Engineers
 
PDF
Leroy Ledgerwood
bySociety of Petroleum Engineers
 
PDF
John Hedengren
bySociety of Petroleum Engineers
 
PDF
Jim Galford
bySociety of Petroleum Engineers
 
PDF
Hank Rawlins
bySociety of Petroleum Engineers
 
PDF
George Stosur
bySociety of Petroleum Engineers
 
PDF
Cosan Ayan
bySociety of Petroleum Engineers
 
Who Owns the Oil? The How and Why of Unitization
bySociety of Petroleum Engineers
 
Compositional Simulations that is Truly Compositional - Russell Johns
bySociety of Petroleum Engineers
 
A performance-based approach for developing upstream professionals - Salam Sa...
bySociety of Petroleum Engineers
 
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
bySociety of Petroleum Engineers
 
Thriving in a Lower for Longer Environment - Mary Van Domelen
bySociety of Petroleum Engineers
 
The Fracts of Life - Martin Rylance
bySociety of Petroleum Engineers
 
Vulnerability and Management of Water Injectors - Kazeem Lawal
bySociety of Petroleum Engineers
 
CO2 in the Subsurface - From EOR to Storage
bySociety of Petroleum Engineers
 
Paul Mitchell
bySociety of Petroleum Engineers
 
Mark Van Domelen
bySociety of Petroleum Engineers
 
Srikanta Mishra
bySociety of Petroleum Engineers
 
Silviu Livescu
bySociety of Petroleum Engineers
 
Roberto Aguilera
bySociety of Petroleum Engineers
 
Robert Hawkes
bySociety of Petroleum Engineers
 
Leroy Ledgerwood
bySociety of Petroleum Engineers
 
John Hedengren
bySociety of Petroleum Engineers
 
Jim Galford
bySociety of Petroleum Engineers
 
Hank Rawlins
bySociety of Petroleum Engineers
 
George Stosur
bySociety of Petroleum Engineers
 
Cosan Ayan
bySociety of Petroleum Engineers
 

Recently uploaded

PPTX
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
PPTX
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
PPTX
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PDF
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
PPT
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
PPTX
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
PPTX
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
PPTX
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PPTX
What Green Hydrogen Is Definition: Hydrogen produced via electrolysis of wate...
byThit57
 
PDF
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
PDF
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PDF
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
PPTX
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
PPTX
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
PPTX
Value engineering and cost analysis with case study
byhp9879098082
 
PPTX
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
Introduction to AI and Applications Module-4.pptx
byKalaiselviSubramania2
 
ISO 13485.2016 Awareness's Training material
byPrakashSivan
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
Integer , Goal and Non linear Programming Model
byOcheriCyril2
 
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
What Green Hydrogen Is Definition: Hydrogen produced via electrolysis of wate...
byThit57
 
Soil Compressibility (Elastic Settlement).pdf
byMahmoodKhalid11
 
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
Value engineering and cost analysis with case study
byhp9879098082
 
Designing Work for Humans, Not Machines: Human-Centered Maintenance Excellence
byMaintWiz Technologies Private Limited
 

Human Factors in Barrier Thinking

  • 1.
    Society of PetroleumEngineers Distinguished Lecturer Program www.spe.org/dl 1 Professor Ron McLeod Ron McLeod Ltd. Human Factors in Barrier Thinking
  • 2.
    Objectives • Explore therole that human performance has in layers-of- defences strategies • Consider what Independence and Effectiveness mean for Human Factors • Demonstrate how controls reflect an organizations Intentions and Expectations of human behaviour and performance • Illustrate how those Intentions and Expectations can be defeated in the real-world. 2
  • 3.
    Content 1. Basic conceptsin Barrier Thinking • Bow-Tie Analysis • Criteria for robust barriesr 2. Human Factors in control Independence • Example: Fuel spill during tank filling 3. Human Factors in control Effectiveness • The importance of understanding Intentions and Expectation 4. Lessons from reality: Buncefield 5. Five challenges in assuring human controls 3
  • 4.
    Basic Concepts inBarrier Thinking Bow-Tie analysis Criteria for robust barriers
  • 5.
  • 6.
    Layers of ProtectionAnalysis Standards • IEC 61508, 2003 – Functional safety of electrical. Electronic. Programmable electronic safety-related systems • IEC 61511, 2010 – Functional Safety – Safety Instrumented systems for the process industry sector Good Practices • Process Safety Leadership Group, 2010 – Safety and environmental standards for fuel storage sites • Centre for Chemical Process Safety, 2015 – Guidelines for initiating events and independent protection layers in layers of protection analysis “Human factors appear to dominate ….in all the LOPA studies assessed in this work” (Chambers, et al, 2009)
  • 7.
    Bowtie Analysis ConsequenceThreat Hazard Top Event Degradation Factor Barrier •Critical Equipment – Physical structures or equipment that support a control. • Critical Activities – Human tasks necessary to assure the integrity of structural or equipment controls. • Critical Positions – Roles responsible for the performance of Critical Activities. Barrier Barrier Barrier Barrier Degradation Factor Barrier
  • 8.
    Current industry initiatives •Chartered Institute of Ergonomics and Human Factors (CIEHF) – White paper: “Human factors in Barrier Thinking” • Expected early 2017 • Centre for Chemical Process Safety (CCPS) – Concept Book: “BowTies for Risk Management” • Energy Institute, EPSC, AICHE, AIDC • Lyondellbasel, Braskem, Linde, ABS, Eni, Phillips66, Shell, BP, BHPBilliton • Expected 2017
  • 9.
    Criteria for goodbarriers Every barrier should be: Specific: Specific actor, specific object, specific goal Effective: It – and it alone - must be capable of blocking the threat Independent: A single failure should not be able to defeat more than one control Capable of being Assured: Be implemented so it is capable of functioning as intended Be in-place, maintained and supported. 9
  • 10.
    • An issuedBowtie Analysis is a very strong statement of intent. – It sets out what the organisation intends to do to protect its workers, the public and the environment. • The organisation chooses which controls it intends to rely on. • If controls are not sufficiently robust, they should not be relied on. Note! 10
  • 11.
    Human Factors inControl Independence Independence: A single failure should not be able to defeat more than one control 11
  • 12.
    A hypothetical Bowtiefor tank filling Top Event = Spill of flammable fuel during tank filling Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill
  • 13.
    Are the controlsspecific? Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill - Specific Actor? - Specific Object? - Specific Goal? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
  • 14.
    Are the controlsIndependent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill
  • 15.
    Human Factors issuesin control Independence • Organisational factors can influence all operators – Chain of Command; Incentives; Contracts • Cross-checking by another operator is often not independent • Often, there is no-one else. UK Process Safety Leadership Group “…the intended independence of the checking process may not in fact be achieved . .” Swain & Guttman, 1983 “…the behaviour of an operator and a checker are not independent”.
  • 16.
    Level Guage Independent High LevelSwitch Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill Proactive operator monitoring Tank level alarm and operator response
  • 17.
    Are the barriersEffective? What is Intended and what is Expected? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill
  • 18.
    Intentions and Expectations •Intentions – Things the proposers intends to ensure are in place for the Barrier to function – Are within the scope of supply of the proposers – Will often be about the design of the work environment and equipment interfaces • Expectations – Are not within the proposers scope of supply. – But must be assumed to be true for a control to be considered effective. – Will often be about organisational arrangements and operational and commercial practices
  • 19.
    Examples of Intentions Tank overfill Flammable Fuel Tanklevel alarms Independent Shut-Off Proactive operator monitoring Transfer • …will be fit for the purpose • …will be set at appropriate levels • …will be effective in attracting the operators’ attention • …will make the operator aware of the problem in good time… • … And that • …operators will know if the alarm is not working… • … “Our intention is that the tank level alarms… Fuel spill
  • 20.
    Examples of Expectations Tank overfill Flammable Fuel Tanklevel alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill • …the alarms will be installed and maintained correctly • …operators will be present and in a fit state to respond • …operators will be trained and competent to know what an alarm means and how to respond • …operators will do what is needed in time… And that • …operators will report known faults • …reported faults will be fixed • ..operators will not initiate a fuel transfer if the alarm system is not working… “Our expectations are that …
  • 21.
    After test ofHF Independence Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill Using independent data sources Same operator ? + Degradation Factors and their safeguards
  • 22.
    Buncefield Fuel Storage Depot- Dec 11 2005 • Sat 10 Dec, 18:50 – Receipt of parcel of unleaded fuel initiated into tank 912 • Sunday 11 Dec, 05:37 – Tank capacity exceeded. Fuel began to spill • 06:00 – Vapour cloud ignited – 250,000l fuel • Fire burned for 5 days – 0 Fatalities – 40 injuries – Major economic and social disturbance Why did it happen? 1. Failure of automatic tank gauging system 2. Failure of independent high-level switch Health and Safety Executive: “Buncefield: Why did it happen? The underlying causes of the explosion and fire at the Buncefield oil storage depot, Hemel Hempstead, Hertfordshire on 11 December 2005”. http://www.hse.gov.uk/comah/investigation-reports.htm. 22
  • 23.
    How did thetank level alarms perform at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Tank level sensor does not function Routine Maintenance and testing Fuel spill
  • 24.
    There were noalarms… “At 0305 hrs on Sunday 11 December the ATG display …stopped registering the rising level of fuel in the tank..” • The control room operators had nothing to draw their attention to the fact that the alarm had failed • There was a history of repeated failure and unreliability of these alarms • The same control room operators who knew the alarms were unreliable continued to rely on them. It had stuck 14 times during the three months before the incident Intention: “…operators will know if the alarm is not working…” Expectation: “..operators will not initiate a fuel transfer if the alarm system is not working…”
  • 25.
    What happened atBuncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill “..the flow rate.. changed from 550 to 900 m3/h without the knowledge of the supervisors.” “The supervisors relied on the alarms to control the filling process.” “The servo-gauge had stuck..” “..was installed without the padlock.”
  • 26.
    Proactive operator monitoring Tank overfill Flammable Fuel Tanklevel alarms Independent Shut-Off Proactive operator monitoring Transfer Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Fuel spill What is Intended and what is Expected?
  • 27.
    Pro-active operator monitoring Examplesof intentions • The design of the control room and instrumentation will provide all of the information and controls needed. – Without relying on the tank level sensors. • Operators will be able to access, understand and use the information and controls. • Etc… Examples of expectations • The operators job will be designed to support proactive monitoring – Simultaneous tasks will not interfere with the operator’s ability to monitor the transfer – The operator will not be incentivised to give pro-active monitoring a low priority – Etc.. • Operators will check the progress of the transfer frequently enough and while they have time to intervene, without prompting. • Etc…
  • 28.
    Five Human Factorschallenges 1. What exactly is the control? – What is intended and what is expected of human performance? 2. Who will be involved? – Who Detects? Who Decides? Who Acts? 3. What information will they need? – Where will they get it? 4. What judgements or decisions will they need to make? – Are they reasonable in the conditions? – Could safety compete with production? 5. What actions will they need to take? – Will they have the time? – How and when will they know they were succesful?
  • 29.
    In summary • Consideredwhat Independence and Effectiveness mean for controls that rely on people • Demonstrated that controls reflect the organizations Intentions and Expectations of human performance • Illustrated how those intentions and expectations can be defeated in the real-world. • Suggested 5 challenges to ensure human controls are as robust as they reasonably can be. 29
  • 30.
    Challenges and Take-Aways •How many of the controls/barriers your business relies on depend on human performance? – Operations/ Maintenance/ Inspection / Support • Would you know exactly what those controls are? – What is Intended and what is Expected of your people? • How does your business ensure those human controls are as robust as they reasonably can be? – That intentions are actually implemented – That expectations are managed during planning and operations 30
  • 31.
    Look our for…. •CIEHF White paper: “Human factors in Barrier Thinking” • Expected early 2017 • CCPS Concept Book: “BowTies for Risk Management” • Expected 2017
  • 32.
    Thank you foryour attention Any Questions? ron@ronmcleod.com www.ronmcleod.com 32
  • 33.
    Society of PetroleumEngineers Distinguished Lecturer Program www.spe.org/dl 33 Your Feedback is Important Enter your section in the DL Evaluation Contest by completing the evaluation form for this presentation Visit SPE.org/dl