SlideShare a Scribd company logo

Human Factors in Barrier Thinking

Download as PPTX, PDF
Society of Petroleum Engineers
Society of Petroleum Engineers

The oil and gas industry places great reliance on layers-of-defenses, or barrier thinking, to protect against process safety incidents. Human performance continues to be the single most widely relied on barrier: whether as a defense in its own right, or in implementing, inspecting, maintaining and supporting engineered defenses. Human error, in its many forms, also continues to be a significant threat to the reliability of engineered and organizational defenses. While approaches to developing and assuring layers of defenses strategies have become increasingly formalized and rigorous in recent years, many organizations struggle to know how to ensure the human defenses they rely on are as robust as they reasonably can be when those strategies are developed and implemented. Drawing on the 2005 explosion and fire at the Buncefield fuel storage site as a case study, the presentation considers issues associated with the independence and effectiveness of human defenses. The key idea SPE members should take away from the lecture is that organizations can improve the strength of their human defenses by being clearer about exactly what it is they expect and intend of human performance to protect against threats. The presentation sets out challenges organizations can use to ensure the human defenses they rely on are as robust and reliable as they reasonably can be.

Engineering
1 of 34
Primary funding is provided by The SPE Foundation through member donations and a contribution from Offshore Europe The Society is grateful to those companies that allow their professionals to serve as lecturers Additional support provided by AIME Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl
Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 2 Professor Ron McLeod Ron McLeod Ltd. Human Factors in Barrier Thinking
Objectives • Explore the role that human performance has in layers-of- defences strategies • Consider what Independence and Effectiveness mean for Human Factors • Demonstrate how controls reflect an organizations Intentions and Expectations of human behaviour and performance • Illustrate how those Intentions and Expectations can be defeated in the real-world. 3
Content 1. Basic concepts in Barrier Thinking • Bow-Tie Analysis • Criteria for robust barriesr 2. Human Factors in control Independence • Example: Fuel spill during tank filling 3. Human Factors in control Effectiveness • The importance of understanding Intentions and Expectation 4. Lessons from reality: Buncefield 5. Five challenges in assuring human controls 4
Basic Concepts in Barrier Thinking Bow-Tie analysis Criteria for robust barriers
A Conceptual Model Losses EVENT Human Organisational Engineered Threats
Layers of Protection Analysis Standards • IEC 61508, 2003 – Functional safety of electrical. Electronic. Programmable electronic safety-related systems • IEC 61511, 2010 – Functional Safety – Safety Instrumented systems for the process industry sector Good Practices • Process Safety Leadership Group, 2010 – Safety and environmental standards for fuel storage sites • Centre for Chemical Process Safety, 2015 – Guidelines for initiating events and independent protection layers in layers of protection analysis “Human factors appear to dominate ….in all the LOPA studies assessed in this work” (Chambers, et al, 2009)
Bowtie Analysis ConsequenceThreat Hazard Top Event Degradation Factor Barrier • Critical Equipment – Physical structures or equipment that support a control. • Critical Activities – Human tasks necessary to assure the integrity of structural or equipment controls. • Critical Positions – Roles responsible for the performance of Critical Activities. Barrier Barrier Barrier Barrier Degradation Factor Barrier
Current industry initiatives • Chartered Institute of Ergonomics and Human Factors (CIEHF) – White paper: “Human factors in Barrier Thinking” • Expected early 2017 • Centre for Chemical Process Safety (CCPS) – Concept Book: “BowTies for Risk Management” • Energy Institute, EPSC, AICHE, AIDC • Lyondellbasel, Braskem, Linde, ABS, Eni, Phillips66, Shell, BP, BHPBilliton • Expected 2017
Criteria for good barriers Every barrier should be: Specific: Specific actor, specific object, specific goal Effective: It – and it alone - must be capable of blocking the threat Independent: A single failure should not be able to defeat more than one control Capable of being Assured: Be implemented so it is capable of functioning as intended Be in-place, maintained and supported. 10
• An issued Bowtie Analysis is a very strong statement of intent. – It sets out what the organisation intends to do to protect its workers, the public and the environment. • The organisation chooses which controls it intends to rely on. • If controls are not sufficiently robust, they should not be relied on. Note! 11
Human Factors in Control Independence Independence: A single failure should not be able to defeat more than one control 12
A hypothetical Bowtie for tank filling Top Event = Spill of flammable fuel during tank filling Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill
Are the controls specific? Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill - Specific Actor? - Specific Object? - Specific Goal? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill
Human Factors issues in control Independence • Organisational factors can influence all operators – Chain of Command; Incentives; Contracts • Cross-checking by another operator is often not independent • Often, there is no-one else. UK Process Safety Leadership Group “…the intended independence of the checking process may not in fact be achieved . .” Swain & Guttman, 1983 “…the behaviour of an operator and a checker are not independent”.
Level Guage Independent High Level Switch Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill Proactive operator monitoring Tank level alarm and operator response
Are the barriers Effective? What is Intended and what is Expected? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill
Intentions and Expectations • Intentions – Things the proposers intends to ensure are in place for the Barrier to function – Are within the scope of supply of the proposers – Will often be about the design of the work environment and equipment interfaces • Expectations – Are not within the proposers scope of supply. – But must be assumed to be true for a control to be considered effective. – Will often be about organisational arrangements and operational and commercial practices
Examples of Intentions Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer • …will be fit for the purpose • …will be set at appropriate levels • …will be effective in attracting the operators’ attention • …will make the operator aware of the problem in good time… • … And that • …operators will know if the alarm is not working… • … “Our intention is that the tank level alarms… Fuel spill
Examples of Expectations Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill • …the alarms will be installed and maintained correctly • …operators will be present and in a fit state to respond • …operators will be trained and competent to know what an alarm means and how to respond • …operators will do what is needed in time… And that • …operators will report known faults • …reported faults will be fixed • ..operators will not initiate a fuel transfer if the alarm system is not working… “Our expectations are that …
After test of HF Independence Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill Using independent data sources Same operator ? + Degradation Factors and their safeguards
Buncefield Fuel Storage Depot - Dec 11 2005 • Sat 10 Dec, 18:50 – Receipt of parcel of unleaded fuel initiated into tank 912 • Sunday 11 Dec, 05:37 – Tank capacity exceeded. Fuel began to spill • 06:00 – Vapour cloud ignited – 250,000l fuel • Fire burned for 5 days – 0 Fatalities – 40 injuries – Major economic and social disturbance Why did it happen? 1. Failure of automatic tank gauging system 2. Failure of independent high-level switch Health and Safety Executive: “Buncefield: Why did it happen? The underlying causes of the explosion and fire at the Buncefield oil storage depot, Hemel Hempstead, Hertfordshire on 11 December 2005”. http://www.hse.gov.uk/comah/investigation-reports.htm. 23
How did the tank level alarms perform at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Tank level sensor does not function Routine Maintenance and testing Fuel spill
There were no alarms… “At 0305 hrs on Sunday 11 December the ATG display …stopped registering the rising level of fuel in the tank..” • The control room operators had nothing to draw their attention to the fact that the alarm had failed • There was a history of repeated failure and unreliability of these alarms • The same control room operators who knew the alarms were unreliable continued to rely on them. It had stuck 14 times during the three months before the incident Intention: “…operators will know if the alarm is not working…” Expectation: “..operators will not initiate a fuel transfer if the alarm system is not working…”
What happened at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill “..the flow rate.. changed from 550 to 900 m3/h without the knowledge of the supervisors.” “The supervisors relied on the alarms to control the filling process.” “The servo-gauge had stuck..” “..was installed without the padlock.”
Proactive operator monitoring Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Fuel spill What is Intended and what is Expected?
Pro-active operator monitoring Examples of intentions • The design of the control room and instrumentation will provide all of the information and controls needed. – Without relying on the tank level sensors. • Operators will be able to access, understand and use the information and controls. • Etc… Examples of expectations • The operators job will be designed to support proactive monitoring – Simultaneous tasks will not interfere with the operator’s ability to monitor the transfer – The operator will not be incentivised to give pro-active monitoring a low priority – Etc.. • Operators will check the progress of the transfer frequently enough and while they have time to intervene, without prompting. • Etc…
Five Human Factors challenges 1. What exactly is the control? – What is intended and what is expected of human performance? 2. Who will be involved? – Who Detects? Who Decides? Who Acts? 3. What information will they need? – Where will they get it? 4. What judgements or decisions will they need to make? – Are they reasonable in the conditions? – Could safety compete with production? 5. What actions will they need to take? – Will they have the time? – How and when will they know they were succesful?
In summary • Considered what Independence and Effectiveness mean for controls that rely on people • Demonstrated that controls reflect the organizations Intentions and Expectations of human performance • Illustrated how those intentions and expectations can be defeated in the real-world. • Suggested 5 challenges to ensure human controls are as robust as they reasonably can be. 30
Challenges and Take-Aways • How many of the controls/barriers your business relies on depend on human performance? – Operations/ Maintenance/ Inspection / Support • Would you know exactly what those controls are? – What is Intended and what is Expected of your people? • How does your business ensure those human controls are as robust as they reasonably can be? – That intentions are actually implemented – That expectations are managed during planning and operations 31
Look our for…. • CIEHF White paper: “Human factors in Barrier Thinking” • Expected early 2017 • CCPS Concept Book: “BowTies for Risk Management” • Expected 2017
Thank you for your attention Any Questions? ron@ronmcleod.com www.ronmcleod.com 33
Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 34 Your Feedback is Important Enter your section in the DL Evaluation Contest by completing the evaluation form for this presentation Visit SPE.org/dl

Recommended

Human Factors in Barrier Thinking
Human Factors in Barrier ThinkingHuman Factors in Barrier Thinking
Human Factors in Barrier ThinkingSociety of Petroleum Engineers
 
ME-OGT4023 - event
ME-OGT4023 - eventME-OGT4023 - event
ME-OGT4023 - eventSeng Jin Hung (Gale)
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditPECB
 
Effective Storage Tank Risk Management
Effective Storage Tank Risk ManagementEffective Storage Tank Risk Management
Effective Storage Tank Risk ManagementDan Felten
 
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...Kevin Perry
 
TQM.pdf
TQM.pdfTQM.pdf
TQM.pdfRanjayKumar83
 
Apics 2013: You Shockproof Value Chain
Apics 2013: You Shockproof Value ChainApics 2013: You Shockproof Value Chain
Apics 2013: You Shockproof Value ChainWilson Perumal and Company
 
Audit Efficiency and Effectiveness
Audit Efficiency and EffectivenessAudit Efficiency and Effectiveness
Audit Efficiency and EffectivenessManny Rosenfeld
 

Recommended

Human Factors in Barrier Thinking
Human Factors in Barrier ThinkingHuman Factors in Barrier Thinking
Human Factors in Barrier ThinkingSociety of Petroleum Engineers
 
ME-OGT4023 - event
ME-OGT4023 - eventME-OGT4023 - event
ME-OGT4023 - eventSeng Jin Hung (Gale)
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditPECB
 
Effective Storage Tank Risk Management
Effective Storage Tank Risk ManagementEffective Storage Tank Risk Management
Effective Storage Tank Risk ManagementDan Felten
 
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...
Hiatt, Jennifer, GHD Services, Spill Plans Made Simple, Avoiding Noncomplianc...Kevin Perry
 
TQM.pdf
TQM.pdfTQM.pdf
TQM.pdfRanjayKumar83
 
Apics 2013: You Shockproof Value Chain
Apics 2013: You Shockproof Value ChainApics 2013: You Shockproof Value Chain
Apics 2013: You Shockproof Value ChainWilson Perumal and Company
 
Audit Efficiency and Effectiveness
Audit Efficiency and EffectivenessAudit Efficiency and Effectiveness
Audit Efficiency and EffectivenessManny Rosenfeld
 
TQM
TQMTQM
TQMinfotechspecial
 
Workshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John HeathcoteWorkshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John HeathcoteAssociation for Project Management
 
TQM-review-lecture-.pdf
TQM-review-lecture-.pdfTQM-review-lecture-.pdf
TQM-review-lecture-.pdfYuvarajvadivelan
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010Safwat Elmansy
 
Improving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training ProgramsImproving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training ProgramsGSE Systems, Inc.
 
An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...Lloyd's Register Energy
 
TQM.ppt
TQM.pptTQM.ppt
TQM.pptchaitanyachavan30
 
Business Continuity as a Career
Business Continuity as a CareerBusiness Continuity as a Career
Business Continuity as a CareerBonnie Canal
 
Operations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing AssetsOperations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing AssetsAdvisian
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010Rhea Dela Cruz
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management SystemDennis J Morgan
 
Tqm
TqmTqm
Tqmrupesh jaiswal
 
Environmental audit
Environmental auditEnvironmental audit
Environmental auditSAGAR DODHIA
 
Llb i el u 4.3 environment audit
Llb i el u 4.3 environment auditLlb i el u 4.3 environment audit
Llb i el u 4.3 environment auditRai University
 
TQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality GurusTQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality GurusHarishCN12
 
TQM PPT.ppt
TQM PPT.pptTQM PPT.ppt
TQM PPT.pptfarjanamita3
 
124-ge6757-tqm.ppt
124-ge6757-tqm.ppt124-ge6757-tqm.ppt
124-ge6757-tqm.pptStAnnesCETMECHDepart
 
2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTX2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTXKatie Roek
 
Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting American Electric Power
 
Topic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard PreventionTopic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard PreventionCairn India Limited
 
Who Owns the Oil? The How and Why of Unitization
Who Owns the Oil? The How and Why of UnitizationWho Owns the Oil? The How and Why of Unitization
Who Owns the Oil? The How and Why of UnitizationSociety of Petroleum Engineers
 
Compositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell JohnsCompositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell JohnsSociety of Petroleum Engineers
 

More Related Content

Similar to Human Factors in Barrier Thinking

Workshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John HeathcoteWorkshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John HeathcoteAssociation for Project Management
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010Safwat Elmansy
 
Improving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training ProgramsImproving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training ProgramsGSE Systems, Inc.
 
An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...Lloyd's Register Energy
 
Business Continuity as a Career
Business Continuity as a CareerBusiness Continuity as a Career
Business Continuity as a CareerBonnie Canal
 
Operations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing AssetsOperations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing AssetsAdvisian
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010Rhea Dela Cruz
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management SystemDennis J Morgan
 
Environmental audit
Environmental auditEnvironmental audit
Environmental auditSAGAR DODHIA
 
Llb i el u 4.3 environment audit
Llb i el u 4.3 environment auditLlb i el u 4.3 environment audit
Llb i el u 4.3 environment auditRai University
 
TQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality GurusTQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality GurusHarishCN12
 
2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTX2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTXKatie Roek
 
Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting American Electric Power
 
Topic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard PreventionTopic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard PreventionCairn India Limited
 

Similar to Human Factors in Barrier Thinking (20)

TQM
TQMTQM
TQM
 
Workshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John HeathcoteWorkshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
Workshop E, Extending the benefits life cycle: ISO 55000 by John Heathcote
 
TQM-review-lecture-.pdf
TQM-review-lecture-.pdfTQM-review-lecture-.pdf
TQM-review-lecture-.pdf
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010
 
Improving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training ProgramsImproving Operational Performance With Smarter, Cost-Effective Training Programs
Improving Operational Performance With Smarter, Cost-Effective Training Programs
 
An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...An Organisation-wide Investigation into the Human Factors-Related Causes of H...
An Organisation-wide Investigation into the Human Factors-Related Causes of H...
 
TQM.ppt
TQM.pptTQM.ppt
TQM.ppt
 
Business Continuity as a Career
Business Continuity as a CareerBusiness Continuity as a Career
Business Continuity as a Career
 
Operations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing AssetsOperations Excellence in the Management of Ageing Assets
Operations Excellence in the Management of Ageing Assets
 
Tqm review-lecture-2010
Tqm review-lecture-2010Tqm review-lecture-2010
Tqm review-lecture-2010
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management System
 
Tqm
TqmTqm
Tqm
 
Environmental audit
Environmental auditEnvironmental audit
Environmental audit
 
Llb i el u 4.3 environment audit
Llb i el u 4.3 environment auditLlb i el u 4.3 environment audit
Llb i el u 4.3 environment audit
 
TQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality GurusTQM - Concepts & Applicability. Quality Gurus
TQM - Concepts & Applicability. Quality Gurus
 
TQM PPT.ppt
TQM PPT.pptTQM PPT.ppt
TQM PPT.ppt
 
124-ge6757-tqm.ppt
124-ge6757-tqm.ppt124-ge6757-tqm.ppt
124-ge6757-tqm.ppt
 
2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTX2014 Real Estate Inst (Otte Roek).PPTX
2014 Real Estate Inst (Otte Roek).PPTX
 
Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting Integrated Reporting: The (R)evolution of Corporate Reporting
Integrated Reporting: The (R)evolution of Corporate Reporting
 
Topic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard PreventionTopic: Role of Leadership in Major Accident Hazard Prevention
Topic: Role of Leadership in Major Accident Hazard Prevention
 

More from Society of Petroleum Engineers

Compositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell JohnsCompositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell JohnsSociety of Petroleum Engineers
 
A performance-based approach for developing upstream professionals - Salam Sa...
A performance-based approach for developing upstream professionals - Salam Sa...A performance-based approach for developing upstream professionals - Salam Sa...
A performance-based approach for developing upstream professionals - Salam Sa...Society of Petroleum Engineers
 
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...Society of Petroleum Engineers
 
Thriving in a Lower for Longer Environment - Mary Van Domelen
Thriving in a Lower for Longer Environment - Mary Van DomelenThriving in a Lower for Longer Environment - Mary Van Domelen
Thriving in a Lower for Longer Environment - Mary Van DomelenSociety of Petroleum Engineers
 
Vulnerability and Management of Water Injectors - Kazeem Lawal
Vulnerability and Management of Water Injectors - Kazeem LawalVulnerability and Management of Water Injectors - Kazeem Lawal
Vulnerability and Management of Water Injectors - Kazeem LawalSociety of Petroleum Engineers
 

More from Society of Petroleum Engineers (20)

Who Owns the Oil? The How and Why of Unitization
Who Owns the Oil? The How and Why of UnitizationWho Owns the Oil? The How and Why of Unitization
Who Owns the Oil? The How and Why of Unitization
 
Compositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell JohnsCompositional Simulations that is Truly Compositional - Russell Johns
Compositional Simulations that is Truly Compositional - Russell Johns
 
A performance-based approach for developing upstream professionals - Salam Sa...
A performance-based approach for developing upstream professionals - Salam Sa...A performance-based approach for developing upstream professionals - Salam Sa...
A performance-based approach for developing upstream professionals - Salam Sa...
 
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
Asphaltene Gradients, Connectivity and Tar Mats All Treated by Simple Chemist...
 
Thriving in a Lower for Longer Environment - Mary Van Domelen
Thriving in a Lower for Longer Environment - Mary Van DomelenThriving in a Lower for Longer Environment - Mary Van Domelen
Thriving in a Lower for Longer Environment - Mary Van Domelen
 
The Fracts of Life - Martin Rylance
The Fracts of Life - Martin RylanceThe Fracts of Life - Martin Rylance
The Fracts of Life - Martin Rylance
 
Vulnerability and Management of Water Injectors - Kazeem Lawal
Vulnerability and Management of Water Injectors - Kazeem LawalVulnerability and Management of Water Injectors - Kazeem Lawal
Vulnerability and Management of Water Injectors - Kazeem Lawal
 
CO2 in the Subsurface - From EOR to Storage
CO2 in the Subsurface - From EOR to StorageCO2 in the Subsurface - From EOR to Storage
CO2 in the Subsurface - From EOR to Storage
 
Paul Mitchell
Paul MitchellPaul Mitchell
Paul Mitchell
 
Mark Van Domelen
Mark Van DomelenMark Van Domelen
Mark Van Domelen
 
Srikanta Mishra
Srikanta MishraSrikanta Mishra
Srikanta Mishra
 
Silviu Livescu
Silviu LivescuSilviu Livescu
Silviu Livescu
 
Roberto Aguilera
Roberto AguileraRoberto Aguilera
Roberto Aguilera
 
Robert Hawkes
Robert HawkesRobert Hawkes
Robert Hawkes
 
Leroy Ledgerwood
Leroy LedgerwoodLeroy Ledgerwood
Leroy Ledgerwood
 
John Hedengren
John HedengrenJohn Hedengren
John Hedengren
 
Jim Galford
Jim GalfordJim Galford
Jim Galford
 
Hank Rawlins
Hank RawlinsHank Rawlins
Hank Rawlins
 
George Stosur
George StosurGeorge Stosur
George Stosur
 
Cosan Ayan
Cosan AyanCosan Ayan
Cosan Ayan
 

Recently uploaded

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 

Human Factors in Barrier Thinking

  • 1. Primary funding is provided by The SPE Foundation through member donations and a contribution from Offshore Europe The Society is grateful to those companies that allow their professionals to serve as lecturers Additional support provided by AIME Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl
  • 2. Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 2 Professor Ron McLeod Ron McLeod Ltd. Human Factors in Barrier Thinking
  • 3. Objectives • Explore the role that human performance has in layers-of- defences strategies • Consider what Independence and Effectiveness mean for Human Factors • Demonstrate how controls reflect an organizations Intentions and Expectations of human behaviour and performance • Illustrate how those Intentions and Expectations can be defeated in the real-world. 3
  • 4. Content 1. Basic concepts in Barrier Thinking • Bow-Tie Analysis • Criteria for robust barriesr 2. Human Factors in control Independence • Example: Fuel spill during tank filling 3. Human Factors in control Effectiveness • The importance of understanding Intentions and Expectation 4. Lessons from reality: Buncefield 5. Five challenges in assuring human controls 4
  • 5. Basic Concepts in Barrier Thinking Bow-Tie analysis Criteria for robust barriers
  • 7. Layers of Protection Analysis Standards • IEC 61508, 2003 – Functional safety of electrical. Electronic. Programmable electronic safety-related systems • IEC 61511, 2010 – Functional Safety – Safety Instrumented systems for the process industry sector Good Practices • Process Safety Leadership Group, 2010 – Safety and environmental standards for fuel storage sites • Centre for Chemical Process Safety, 2015 – Guidelines for initiating events and independent protection layers in layers of protection analysis “Human factors appear to dominate ….in all the LOPA studies assessed in this work” (Chambers, et al, 2009)
  • 8. Bowtie Analysis ConsequenceThreat Hazard Top Event Degradation Factor Barrier • Critical Equipment – Physical structures or equipment that support a control. • Critical Activities – Human tasks necessary to assure the integrity of structural or equipment controls. • Critical Positions – Roles responsible for the performance of Critical Activities. Barrier Barrier Barrier Barrier Degradation Factor Barrier
  • 9. Current industry initiatives • Chartered Institute of Ergonomics and Human Factors (CIEHF) – White paper: “Human factors in Barrier Thinking” • Expected early 2017 • Centre for Chemical Process Safety (CCPS) – Concept Book: “BowTies for Risk Management” • Energy Institute, EPSC, AICHE, AIDC • Lyondellbasel, Braskem, Linde, ABS, Eni, Phillips66, Shell, BP, BHPBilliton • Expected 2017
  • 10. Criteria for good barriers Every barrier should be: Specific: Specific actor, specific object, specific goal Effective: It – and it alone - must be capable of blocking the threat Independent: A single failure should not be able to defeat more than one control Capable of being Assured: Be implemented so it is capable of functioning as intended Be in-place, maintained and supported. 10
  • 11. • An issued Bowtie Analysis is a very strong statement of intent. – It sets out what the organisation intends to do to protect its workers, the public and the environment. • The organisation chooses which controls it intends to rely on. • If controls are not sufficiently robust, they should not be relied on. Note! 11
  • 12. Human Factors in Control Independence Independence: A single failure should not be able to defeat more than one control 12
  • 13. A hypothetical Bowtie for tank filling Top Event = Spill of flammable fuel during tank filling Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill
  • 14. Are the controls specific? Fuel spill Tank overfill Flammable Fuel Transfer plan Fuel level displayed in control room High Level Alarm High-High Level Alarm Independent Shut-off Experienced operator monitors fill - Specific Actor? - Specific Object? - Specific Goal? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
  • 15. Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill
  • 16. Human Factors issues in control Independence • Organisational factors can influence all operators – Chain of Command; Incentives; Contracts • Cross-checking by another operator is often not independent • Often, there is no-one else. UK Process Safety Leadership Group “…the intended independence of the checking process may not in fact be achieved . .” Swain & Guttman, 1983 “…the behaviour of an operator and a checker are not independent”.
  • 17. Level Guage Independent High Level Switch Are the controls Independent? Fuel spill Tank overfill Flammable Fuel Transfer plan High Level Alarm High-High Level Alarm Independent Shut-off Fuel level displayed in control room Experienced operator monitors fill Proactive operator monitoring Tank level alarm and operator response
  • 18. Are the barriers Effective? What is Intended and what is Expected? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill
  • 19. Intentions and Expectations • Intentions – Things the proposers intends to ensure are in place for the Barrier to function – Are within the scope of supply of the proposers – Will often be about the design of the work environment and equipment interfaces • Expectations – Are not within the proposers scope of supply. – But must be assumed to be true for a control to be considered effective. – Will often be about organisational arrangements and operational and commercial practices
  • 20. Examples of Intentions Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer • …will be fit for the purpose • …will be set at appropriate levels • …will be effective in attracting the operators’ attention • …will make the operator aware of the problem in good time… • … And that • …operators will know if the alarm is not working… • … “Our intention is that the tank level alarms… Fuel spill
  • 21. Examples of Expectations Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Fuel spill • …the alarms will be installed and maintained correctly • …operators will be present and in a fit state to respond • …operators will be trained and competent to know what an alarm means and how to respond • …operators will do what is needed in time… And that • …operators will report known faults • …reported faults will be fixed • ..operators will not initiate a fuel transfer if the alarm system is not working… “Our expectations are that …
  • 22. After test of HF Independence Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill Using independent data sources Same operator ? + Degradation Factors and their safeguards
  • 23. Buncefield Fuel Storage Depot - Dec 11 2005 • Sat 10 Dec, 18:50 – Receipt of parcel of unleaded fuel initiated into tank 912 • Sunday 11 Dec, 05:37 – Tank capacity exceeded. Fuel began to spill • 06:00 – Vapour cloud ignited – 250,000l fuel • Fire burned for 5 days – 0 Fatalities – 40 injuries – Major economic and social disturbance Why did it happen? 1. Failure of automatic tank gauging system 2. Failure of independent high-level switch Health and Safety Executive: “Buncefield: Why did it happen? The underlying causes of the explosion and fire at the Buncefield oil storage depot, Hemel Hempstead, Hertfordshire on 11 December 2005”. http://www.hse.gov.uk/comah/investigation-reports.htm. 23
  • 24. How did the tank level alarms perform at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Tank level sensor does not function Routine Maintenance and testing Fuel spill
  • 25. There were no alarms… “At 0305 hrs on Sunday 11 December the ATG display …stopped registering the rising level of fuel in the tank..” • The control room operators had nothing to draw their attention to the fact that the alarm had failed • There was a history of repeated failure and unreliability of these alarms • The same control room operators who knew the alarms were unreliable continued to rely on them. It had stuck 14 times during the three months before the incident Intention: “…operators will know if the alarm is not working…” Expectation: “..operators will not initiate a fuel transfer if the alarm system is not working…”
  • 26. What happened at Buncefield? Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Unexpected change to plan Communications with supplier Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Tank level sensor does not function Regular Routine Maintenance and testing Independent shut-off does not function Regular Routine Maintenance and testing Fuel spill “..the flow rate.. changed from 550 to 900 m3/h without the knowledge of the supervisors.” “The supervisors relied on the alarms to control the filling process.” “The servo-gauge had stuck..” “..was installed without the padlock.”
  • 27. Proactive operator monitoring Tank overfill Flammable Fuel Tank level alarms Independent Shut-Off Proactive operator monitoring Transfer Operator does not monitor proactively Job design and work arrangements allow effective proactive monitoring Operators understand safety critical nature of operation Fuel spill What is Intended and what is Expected?
  • 28. Pro-active operator monitoring Examples of intentions • The design of the control room and instrumentation will provide all of the information and controls needed. – Without relying on the tank level sensors. • Operators will be able to access, understand and use the information and controls. • Etc… Examples of expectations • The operators job will be designed to support proactive monitoring – Simultaneous tasks will not interfere with the operator’s ability to monitor the transfer – The operator will not be incentivised to give pro-active monitoring a low priority – Etc.. • Operators will check the progress of the transfer frequently enough and while they have time to intervene, without prompting. • Etc…
  • 29. Five Human Factors challenges 1. What exactly is the control? – What is intended and what is expected of human performance? 2. Who will be involved? – Who Detects? Who Decides? Who Acts? 3. What information will they need? – Where will they get it? 4. What judgements or decisions will they need to make? – Are they reasonable in the conditions? – Could safety compete with production? 5. What actions will they need to take? – Will they have the time? – How and when will they know they were succesful?
  • 30. In summary • Considered what Independence and Effectiveness mean for controls that rely on people • Demonstrated that controls reflect the organizations Intentions and Expectations of human performance • Illustrated how those intentions and expectations can be defeated in the real-world. • Suggested 5 challenges to ensure human controls are as robust as they reasonably can be. 30
  • 31. Challenges and Take-Aways • How many of the controls/barriers your business relies on depend on human performance? – Operations/ Maintenance/ Inspection / Support • Would you know exactly what those controls are? – What is Intended and what is Expected of your people? • How does your business ensure those human controls are as robust as they reasonably can be? – That intentions are actually implemented – That expectations are managed during planning and operations 31
  • 32. Look our for…. • CIEHF White paper: “Human factors in Barrier Thinking” • Expected early 2017 • CCPS Concept Book: “BowTies for Risk Management” • Expected 2017
  • 33. Thank you for your attention Any Questions? ron@ronmcleod.com www.ronmcleod.com 33
  • 34. Society of Petroleum Engineers Distinguished Lecturer Program www.spe.org/dl 34 Your Feedback is Important Enter your section in the DL Evaluation Contest by completing the evaluation form for this presentation Visit SPE.org/dl