The document explains the concept of bowties, which visually represent the relationship between the causes and consequences of major accident hazards, particularly in the oil and gas industry. It describes the essential components such as threats, top events, and barriers, as well as the importance of operationalizing these systems for effective risk management. Additionally, the document outlines common terminologies, advantages, and potential disadvantages associated with bowties.

1. Keeping Bowties Alive
December 2013
Bell Energy, Abu Dhabi

2. www.bell-energy.com
Purpose
 Understand:
– Generic purpose of Bowties
– Common terminologies adopted
 Appreciate:
– How Bowties are adopted in Oil & Gas Processes
 Be able to:
– Build bowties for a facility / unit
– Use Bowties to identify
• HSE Critical Equipment and Systems
• HSE Critical Activities
• HSE Critical Integrity Activities
– Operationalize Bowties for day-to-day functions
 Keep Bowties Live using Electronic HSE Cases
Slide 2

3. Introduction to Bowties
February 2014

4. www.bell-energy.com
Chapter 1
– Elements
of Bowtie
Slide 4

5. www.bell-energy.com
Risk Management Preface
Slide 5
Hazard
Identification
H&ERs
Management through
HSE Management
System
Policy
Organization
Procedures
Performance
Measurement
Control of Major
Accident Hazards
BOWTIES
HSECES
HSECES Performance
Standards
HSE Critical Activities &
Tasks
Quality Performance
Standards
QRA

6. www.bell-energy.com
What is a Bowtie ?
 A bowtie is a graphical representation of:
– The relationships between the following
• causes of Major Accident Hazards (MAH),
• the consequences of MAH
• the preventive barriers in between the causes and top event
• the mitigation barriers in between the top event and worst consequences
• Potential escalations factors leading to barrier failures
– Barriers are linked to:
• Hardware - “HSE Critical Equipment and Systems”
• Activities & Tasks – “HSE Critical Activities and Tasks”
• Integrity of the Hardware – “HSE Critical Integrity Activities”
• Quality of the Activities & Tasks – “Quality Performance Standards”
• Competent Personnel – “HSE Critical Positions”
– Highlights the crucial connection between barriers and the HSEMS procedures
necessary for assuring their ongoing effectiveness
Slide 6

7. www.bell-energy.com
Elements of a Bowtie
Slide 7
Major Accident
HazardMajor accident means an
‘Occurrence’ in the operation of
a site which leads to severe or
catastrophic consequences
including the critical high risk
(which corresponds to 3E in the
RAM) to people, assets, the
environment and/or company
reputation
MAH Examples:
1. Pressurized Hydrocarbons
2. Toxic Gas

8. www.bell-energy.com
Elements of a Bowtie
Slide 8
Top
Event
What happens when we lose
control ?
Top Event = Hazardous Event
Examples:
1. Loss of Containment
2. Loss of Structural Stability
Major Accident
Hazard

9. www.bell-energy.com
Elements of a Bowtie
Slide 9
Top
Event
Major Accident
HazardThreats
What could CAUSE the loss of
control ?
Examples:
1. Corrosion
2. Pressure Build-up
Threats
Threats
Threats

10. www.bell-energy.com
Elements of a Bowtie
Slide 10
Top
Event
Major Accident
HazardThreats
How can the EVENT develop ?
What are the worst outcomes ?
Examples:
1. Jet Fire
2. Explosion
3. Toxic Gas Dispersion
Threats
Threats
Threats Consequence
Consequence

11. www.bell-energy.com
Elements of a Bowtie
Slide 11
Top
Event
Major Accident
Hazard
Threats
Consequence
Consequence
Threat
Controls
How do we prevent the threat from
realizing into the Top Event ?
Examples:
1. Cathodic Protection
2. PAHH closing ESD Valve
Barriers should be:
1. Independent
2. have an HSE Function
3. Reliable
4. Available on Demand
5. Survive
6. Have management controls for
ongoing effectiveness

12. www.bell-energy.com
Elements of a Bowtie
Slide 12
Top
Event
Major Accident
Hazard
Threats Consequence
Threat
Controls
How do we recover if the event
occurs? How do we limit the
severity of the event?
Examples:
1. HVAC System
2. Fire Protection System
Barriers should be:
1. Independent
2. Solely serve an HSE Function
3. Reliable
4. Available on Demand
5. Survive
6. Have management controls for
ongoing effectiveness
RPM
RPM – Recovery Preparedness
Measures

13. www.bell-energy.com
Elements of a Bowtie
Slide 13
Top
Event
Major Accident
Hazard
Threats Consequence
Threat
Control
How might controls fail?
How could their effectiveness be
undermined?
Examples:
1. Failure to make-up for Corrosion
Inhibitors
2. Bypass on an ESD System
RPM
Escalation
Factors
RPM – Recovery Preparedness
Measures

14. www.bell-energy.com
Elements of a Bowtie
Slide 14
Top
Event
Major Accident
Hazard
Threats Consequence
Threat
Control
How do we make sure controls do
not fail
Examples:
1. Bypass / Override authorization
2. Partial Stroke Testing of ESD
RPM
EFC
Escalation
Factors
RPM – Recovery Preparedness
Measures
EFC – Escalation
Factor
Controls

15. www.bell-energy.com
Elements of a Bowtie
Slide 15
Top
Event
Major Accident
Hazard
Threats Consequence
Threat
Control
Escalation Factors apply to all
barriers (preventive and mitigation)
RPM
EFC
Escalation
Factors

16. www.bell-energy.com
Elements of a Bowtie
Slide 16
Top
Event
Major Accident
Hazard
Threats Consequence
Barrier Barrier
EFC
Escalation
Factors
EFC
Escalation
Factors
Tasks Tasks TasksWhat tasks do we do to
make sure that controls
continue to work?

17. www.bell-energy.com
Elements of a Bowtie
Slide 17
Top
Event
Major Accident
Hazard
Threats Consequence
Barrier Barrier
EFC
Escalation
Factors
EFC
Escalation
Factors
Tasks Tasks TasksWho will perform these
Tasks?
Personnel Personnel

18. www.bell-energy.com
Elements of a Bowtie
Slide 18
Tasks Tasks Tasks
 What are these tasks:
– Inspection
– Repair
– Testing
– Supervision
– Operating within boundary
 Who performs these tasks:
– Competent Personnel
– Trained in performing these tasks
– Experienced
– Continuous updating their skills and
knowledge
– Know their limits
 How to know when to do these tasks
– Performance Standards
– RBI, RCM
– Vendor Requirements
 What to do?
– Job Plans
– MAXIMO Data
 Is there a procedure
– HSE Critical Activities Catalogue
– Inspection & Test Procedures
 What competencies are needed?
– Competency Assessments (CAMS)

19. www.bell-energy.com
Bowties
Slide 19
BOWTIE REPRESENTS YOUR
MAJOR ACCIDENT HAZARD
MANAGEMENT SYSTEM

20. www.bell-energy.com
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 1 –
Elements
of Bowtie
Slide 20

21. www.bell-energy.com
Common Terminologies
 Major Accident Hazards
 Major accident means an ‘Occurrence’ in the operation of a site which leads to severe or
catastrophic consequences including the critical high risk (which corresponds to 3E in
the RAM) to people, assets, the environment and/or company reputation. The
consequences may be immediate or delayed and may occur outside as well as inside
the site. There will also be a high potential for escalation.
 excludes ‘Occupational accidents’ which have bounded, albeit possibly severe or
catastrophic consequences.
– This means that one or more pedestrian fatalities resulting from a road accident on a
site (however regrettable and tragic) would not be defined as a ‘Major Accident’.
– Similarly, one or more fatalities resulting from a fall from a scaffolding platform (again
regrettable and tragic) would not be defined as a ‘Major Accident’.
Slide 21

22. www.bell-energy.com
Common Terminologies
 Risk
 Risk is the product of the measure of the likelihood of occurrence of an
undesired event and the potential adverse consequences which this event
may have upon:
– People – injury or harm to physical or psychological health
– Assets (or Revenue) – damage to property (assets) or loss of production
– Environment – water, air, soil, animals, plants and social
– Reputation – employees and third parties. This includes the liabilities arising
from injuries and property damage to third parties including the cross
liabilities that may arise between the interdependent Group Companies.
Slide 22

23. www.bell-energy.com
Common Terminologies
 Top Event
 Specific incident scenario described by a fault tree, for example ‘the 'release'
of a hazard’.
 Threat
 A cause that could potentially release a hazard and produce a hazardous
event.
 Threat Controls
 All measures taken to reduce the probability of release of a hazard. Measures
put in place to block the effect of a threat.
Slide 23

24. www.bell-energy.com
Common Terminologies
 Consequence or Severity
 Adverse effects or harm which causes the quality of human health or the
environment to be impaired. Basically it is the loss that can be inflicted if the
any hazardous event occurs.
 Recovery Preparedness Measures
 All technical, operational and organisational measures that limit the chain of
consequences arising from the first hazardous event (or 'top event'). These
can
– reduce the likelihood that the first hazardous event or 'top event' will develop
into further consequences and
– provide lifesaving capabilities should the 'top event' develop further.
Slide 24

25. www.bell-energy.com
Common Terminologies
 Escalation
 An increase in the consequences of a hazardous event.
 Escalation Factors
 Conditions that lead to increased risk due to loss of controls or loss of
recovery capabilities (mitigation or lifesaving). Escalation factors include
abnormal operating conditions, e.g. maintenance mode, operating outside
design envelope; environmental variations, e.g. extreme weather and tidal
conditions; failure of barriers, e.g. maintenance failure, due to explosion or
fire, introduction of ignition source; human error, e.g. lapses, rule violations;
no barrier provided, e.g. not possible or too expensive. Escalation Factors
may concurrently affect the control and/or recovery of more than one hazard.
Slide 25

26. www.bell-energy.com
Common Terminologies
 Escalation Factor Controls
 Measures put in place to block or mitigate the effects of escalation factors.
Types include guards or shields (coatings, inhibitors, shutdowns), separation
(time and space), reduction in inventory, control of energy release (lower
speeds, safety valves, different fuel source) and non-physical or
administrative (procedures, warnings, training, drills)
Slide 26

27. www.bell-energy.com
Common Terminologies
 HSEMS
 The company structure, responsibilities, practices, procedures, processes and
resources for implementing health, safety and environmental management.
 HSE Critical Activities
 Activities that are important in preventing events with potential to cause
serious harm to people, the environment or property or which can reduce the
impact of such an event. Note: The definition of serious harm includes the
CRITICAL, SEVERE AND CATASTROPHIC categories
Slide 27

28. www.bell-energy.com
Common Terminologies
 HSECES
 Parts of an installation and such of its structures, plant equipment and
systems (including computer programmes) or any part thereof, the failure of
which could cause or contribute substantially to; or a purpose of which is to
prevent or limit the effect of a major accident.
 HSE Critical Integrity Activities
 Activities associated with the integrity of HSECESs. Activities such as design,
construction, installation, commissioning, operation, modification, repair,
inspection, testing or examination associated with assuring the integrity of a
HSECES.
Slide 28

29. www.bell-energy.com
Common Terminologies
 HSECES Performance Standards
 A statement which can be expressed in qualitative or quantitative terms, of the
performance required of a system, item of equipment or computer programme
and which is used as the basis for verification throughout the life cycle of the
installation.
 Quality Performance Standards
 It is a demonstration that the procedures developed for HSE Critical Integrity
Activities are suitable and are undertaken by Competent Person in a manner
that assures the integrity of the HSECES.
Slide 29

30. www.bell-energy.com
Chapter 3 –
Bowties
and HSEMS
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 1 –
Elements of
Bowtie
Slide 30

31. www.bell-energy.com
Bowties and HSEMS
 The HSE Management System has policies, plans and procedures
 Includes list of activities associated with Low, Medium and High risk
hazards
HSEMS
Bowties
HSE Critical
Activities,
Critical Integrity
Activities
• Activity Catalogue
• Tasks Specification
Sheets
• Job Plans
• Quality Performance
Standards
Judgement,
Experience,
Risk Analysis
for non routine
operations
• Procedures
• Responsibilities
• Performance
• Competencies
Judgement &
Experience
• Generic Procedures
/ Competencies
Slide 31

32. www.bell-energy.com
Filtering Activities
H&ERs
Tasks Tasks Tasks Tasks Tasks Tasks Tasks
Tasks Tasks Tasks
All activities arising from the control of low, medium and
high risk hazards will be part of the HSEMS.
Slide 32

33. www.bell-energy.com
Classification of Activities
Slide 33
Tasks
Tasks
All routine tasks (low and
medium) are managed by
the existing HSEMS
Procedures
Examples:
Housekeeping
Lock Out Tag Out
Tasks
Tasks
Hazardous Activities may be
HSE Critical Activities but
are not HSE Critical Integrity
Activities
Examples:
Confined Space Entry
Working at height
Tasks
Tasks
HSE Critical Integrity
Activities only relate
to HSECESs
Examples:
Partial Stroke Testing
Detector Calibration
Acceptance Tests

34. www.bell-energy.com
Chapter 4 –
Fault Tree,
Event Tree
Approach
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 3 –
Bowties and
HSEMS
Chapter 1 –
Elements of
Bowtie
Slide 34

35. www.bell-energy.com
Another Look at the Bowtie
Slide 35
A bowtie is well understood as a Fault Tree to the Left Hand Side and Event Tree
on the Right Hand Side

36. www.bell-energy.com
Another Look at the Bowtie
Slide 36
OR
PT Failure
PCV Failure
Signal Failure
Leads to pressure control
loop failure (Basic Process
Control System BPCS)
E-2
PLC
S-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
THREAT:
OVERPRESSURIZATION

37. www.bell-energy.com
Another Look at the Bowtie
Slide 37
OR
PT Failure
PCV Failure
Signal Failure
OR
PAH Failure
Operator fails to
control pressure
No time for
operator action
E-2
PLC
S-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
PAH is a barrier (HSECES:
Process Alarms) – This is
effective only if operator knows
what to do, can react
appropriately to panic situation
and has rehearsed this in an
Operator Training Simulator. If
there is no time for operator
action, this barrier fails.

38. www.bell-energy.com
Another Look at the Bowtie
Slide 38
OR
PT Failure
PCV Failure
Signal Failure
OR
PAH Failure
Operator fails to
control pressure
No time for
operator action
OR
PAHH Failure
PLC Failure
ESDV Failure
E-2
PLC
S-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
These are related to HSECES:
Instrumented Protective
Function. Can fail due to
design errors, lack of testing

39. www.bell-energy.com
Another Look at the Bowtie
Slide 39
OR
PT Failure
PCV Failure
Signal Failure
OR
PAH Failure
Operator fails to
control pressure
No time for
operator action
OR
PAHH Failure
PLC Failure
ESDV Failure
OR
PSV fails to
lift / relieve
Vessel integrity
failure E-2
PLC
S-1
PSV
ESD Valve
PAHPAHH
PCV
PT
P-13
PSV is related to HSECES:
Pressure Relief. Vessel
Integrity is related to
HSECES: Hydrocarbon
Containment

40. www.bell-energy.com
Another Look at the Bowtie
Slide 40
AND
OR
PT Failure
PCV Failure
Signal Failure
OR
PAH Failure
Operator fails to
control pressure
No time for
operator action
OR
PAHH Failure
PLC Failure
ESDV Failure
OR
PSV fails to
lift / relieve
Vessel integrity
failure
When the threat occurs AND
all barriers fail, the Top Event
is realized

41. www.bell-energy.com
Another Look at the Bowtie
Slide 41
AND
OR
PT Failure
PCV Failure
Signal Failure
OR
PAH Failure
Operator fails to
control pressure
No time for
operator action
OR
PAHH Failure
PLC Failure
ESDV Failure
OR
PSV fails to
lift / relieve
Vessel integrity
failure
This could lead to loss of
Containment (eg.
Hydrocarbon Containment)
LOC

42. www.bell-energy.com
Another Look at the Bowtie
Slide 42
No Ignition
Ignition
Control
LOC
Immediate
Ignition
Delayed
Ignition

43. www.bell-energy.com
Another Look at the Bowtie
Slide 43
No Ignition
Ignition
Control
LOC
Immediate
Ignition
Success
Gas Detection,
ESD, Blowdown
Failure
Delayed
Ignition

44. www.bell-energy.com
Another Look at the Bowtie
Slide 44
No Ignition
Ignition
Control
LOC
Immediate
Ignition
Success
Gas Detection,
ESD, Blowdown
Flame
Detection ESD,
Blowdown
Failure
Delayed
Ignition
Toxic Gas
Dispersion
(short distance)
Toxic Gas
Dispersion
(large distance)
Success
Failure
Flash Fire / VCE

45. www.bell-energy.com
Another Look at the Bowtie
Slide 45
No Ignition
Ignition
Control
LOC
Immediate
Ignition
Success
Gas Detection,
ESD, Blowdown
Flame
Detection ESD,
Blowdown
Failure
Delayed
Ignition
Toxic Gas
Dispersion
(short distance)
Toxic Gas
Dispersion
(large distance)
Short Duration
Jet Fire
Success
Failure
Long Duration
Jet Fire
Flash Fire / VCE

46. www.bell-energy.com
Another Look at the Bowtie
Slide 46
HVAC
System
LOC
SCBA MEDEVAC /
ERP
Toxic Gas
Dispersion
(short distance)
Fatalities

47. www.bell-energy.com
Another Look at the Bowtie
Slide 47
HVAC
System
LOC
SCBA MEDEVAC /
ERP
Toxic Gas
Dispersion
(short distance)
Fatalities
Fatalities /
Asset Damage
Passive Fire
Protection
Deluge
System
Jet Fire

48. www.bell-energy.com
Another Look at the Bowtie
HVAC
System
LOC
SCBA MEDEVAC /
ERP
Toxic Gas
Dispersion
(short distance)
Fatalities
Flash Fire / VCE
Fatalities /
Asset Damage
Blast
Resistant
MEDEVAC /
ERP
Fatalities /
Asset Damage
Passive Fire
Protection
Deluge
System
Jet Fire

49. www.bell-energy.com
Chapter 5 –
Benefits of
Bowties
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 3 –
Bowties and
HSEMS
Chapter 4 –
Fault Tree,
Event Tree
Approach
Chapter 1 –
Elements of
Bowtie
Slide 49

50. www.bell-energy.com
Benefits of Bowties
 Logical Structured Approach
 Direct link between the Barriers and the Management System
 Forces us to think if the barriers are adequate and effective
 Helps in identifying Gaps in Management Systems that can be identified as
“deficiencies”
 Deficiencies can be associated with Procedures, Organizational
Improvements, Competency, Barrier Effectiveness
Slide 50

51. www.bell-energy.com
Benefits of Bowties
 Provides an “Auditable Trail” of the Hazards & Effects Management Process
(HEMP)
 Helps in ALARP Demonstration
 Can be “Operationalized”
 Can be used in Quantifying Risks
 Helps in Demonstrating Compliance to CORPORATE and REGULATORS
Slide 51

52. www.bell-energy.com
Disadvantages of Bowties
 Bowties are not “intelligent” and is only a recording tool
 Anything and everything put into a Bowtie can look like a barrier
 It needs a good understanding of the methodology, risk management process
to be able to identify barriers that are independent
 Can be misleading if the context is not understood
 Solution: During the workshop, we will define the elements of the bowtie
comprehensively so that it can be understood by a person who was not
present in the workshop.
Slide 52

53. www.bell-energy.com
Chapter 6 –
How to use
Bowties
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 3 –
Bowties and
HSEMS
Chapter 4 –
Fault Tree,
Event Tree
Approach
Chapter 5 –
Benefits of
Bowties
Chapter 1 –
Elements of
Bowtie
Slide 53

54. www.bell-energy.com
How to use Bowties
 Concept / FEED Stage
– The Bowties are used to identify and select barriers (HSECESs)
• Eg. HIPPS versus Inherent Pressure Design
• Fire Proofing versus Separation Distance
• Blast Proofing etc.
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of
barriers required to reduce the risks to ALARP is determined
• Eg. Additional Shutdown Valves to isolate sections
– These barriers are included in the Bowties
– The Safety Function of the barriers are decided
• The FEED Engineer develops the design
• The Safety Function of the HSECES is determined based on the Bowties eg. Whether
to initiate ESD on Gas Detector or Flame Detection, whether to activate deluge
automatically or manually etc.
– HSECES Performance Standards are developed for FEED phase
Slide 54

55. www.bell-energy.com
How to use Bowties
 Detailed Engineering & EPC Phase
– The Bowties are reviewed to identify any new barriers (HSECESs)
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of
barriers required to reduce the risks to ALARP is determined
– The EPC Phase HSE Critical Integrity Activities and Tasks are determined
• Eg. Factory Acceptance Tests, Site Acceptance Tests, Material Requisitions,
Datasheets and Specifications, Independent Verification & Third Party Inspections etc.
– HSECES Performance Standards are developed for EPC phase
– Quality Performance Standards are developed for the HSE Critical Integrity
Activities and Tasks
Slide 55

56. www.bell-energy.com
How to use Bowties
 Operations Phase
– If required, retrospective Bowties are developed
– Through sufficient and suitable risk assessments (eg. QRA, FRA), the number of
barriers required to reduce the risks to ALARP is determined
– The Operations Phase HSE Critical Integrity Activities and Tasks are determined
• Eg. Inspections, Maintenance, Testing, Verification, Management of Change.
– HSECES Performance Standards are developed for Operations phase
– Quality Performance Standards are developed for the HSE Critical Integrity
Activities and Tasks
Slide 56

57. www.bell-energy.com
How to use Bowties
 There is more in the Operations Phase….
– HSECES Tags are identified
– These tags can be then included in MAXIMO / SAP system
– Job Plans for the HSE Critical Integrity Activities are developed
– A verification scheme is prepared to ensure that the HSECESs are within their
integrity boundary
– Competency Matrix is developed
– The HSECES effectiveness / degradation is determined
– MOPO is prepared based on unavailability of HSECESs
Slide 57

58. www.bell-energy.com
How to use Bowties
 As a Plant Operator, the Bowtie can be used:
– Checks the health of all barriers
– What to do if a barrier is not available
– What “layers or protection” do we have and are they adequate
– Interfaces with Contractor works or other projects
– Permit to Work system
Slide 58
To achieve this you need to maintain the
Bowtie as a “Live Document” preferably
through an Electronic HSE Case

59. www.bell-energy.com
Other Applications of Bowties
 Incident Investigation
 Audits
 Managing KPIs
Slide 59

60. www.bell-energy.com
Exercise 1 –
Drawing a
simple
Bowtie
Chapter 2 –
Common
Bowtie
Terminologies
Chapter 3 –
Bowties and
HSEMS
Chapter 4 –
Fault Tree,
Event Tree
Approach
Chapter 5 –
Benefits of
Bowties
Chapter 6 –
How to use
Bowties
Chapter 1 –
Elements of
Bowtie
Slide 60

61. Risk Management using Bowties
February 2014

62. www.bell-energy.com
Chapter 1 –
Preparing for
Developing
Bowties
Slide 62

63. www.bell-energy.com
Team Composition
 Workforce Involvement is very important aspect of Bowtie development
 The Team should be composed of
– Operations
– Maintenance, Reliability & Integrity
– Process, Mechanical, Instrumentation
– Process Safety, Environment & Health
Slide 63

64. www.bell-energy.com
Bowtie Inputs and Outputs
Slide 64

65. www.bell-energy.com
Steps to develop Bowties

66. www.bell-energy.com
Steps to develop Bowties

67. www.bell-energy.com
Steps to develop Bowties

68. www.bell-energy.com
Steps to develop Bowties

69. www.bell-energy.com
Chapter 2 –
Parent & Unit
Level Bowties
Chapter 1 –
Preparing for
Developing
Bowties
Slide 69

70. www.bell-energy.com
Parent & Unit Bowties
 This method is similar to the Parent-Child bowtie concept used by Shell
 Parent Bowtie is also termed as “Best Practice Bowtie” which is developed for
the Major Accident Hazards of the entire plant
 Then the Parent Bowtie is reviewed and updated when applied to each units
 Helps in identifying the superparent, parent and child HSECES tags
 Example is presented in the Software Demonstration
Slide 70

71. www.bell-energy.com
Chapter 3 –
Barrier
Hierarchy,
Effectiveness
Analysis
Chapter 2 –
Parent &
Unit Level
Bowties
Chapter 1 –
Preparing for
Developing
Bowties
Slide 71

72. www.bell-energy.com
Critical Alarms, Safety
Instrumented Systems
Pressure Relief Valves, Rupture
Discs
Bunds, Dikes
Deluge system, Fire sprinklers, Gas
Detection and Alarms
Plant Emergency Response
Offsite Emergency Response
Layers of Protection & Barrier Hierarchy
Slide 72
Process Design
Basic Process Control System
Inherent Safety
Features
Process Safety
Loss
Prevention
Emergency
Response

73. www.bell-energy.com
Barrier Effectiveness
 Barrier Effectiveness Measures
– Functionality / Effectiveness – The barrier functionality / effectiveness is the
ability to perform a specified function under given technical, environmental, and
operational conditions.
• It deals with the effect the barrier has on the event or the accident sequence
• Determining the effectiveness is related to determining the “possible degree of
fulfillment” of the specified function
• Eg. if the function is to pump water, a functional requirement may be that the output of
water must be between 100 and 110 litres per minute. The actual functionality of a
barrier may be less than the specified functionality due to design constraints,
degradation, operational conditions,
– Reliability / Availability – The barrier reliability/availability is the ability to
perform a function with an actual functionality and response time while needed,
or on demand.
• Corresponds to Safety Availability / Safety Integrity requirements (IEC 61511)
• All necessary signals must be detectable when barrier activation is required.
• Active barriers must be fail-safe, and either self-testing or tested regularly.
Slide 73

74. www.bell-energy.com
Barrier Effectiveness
 Performance of safety barriers
– Response Time – The response time is defined differently for different types of
barriers. It is generally defined as the time required for the barrier to complete it’s
safety function
• Eg. For ESD System the “Response Time” is the time required to close the valve such
that the flow is stopped
• Similarly, the “Response Time” for deluge system is the time to deliver the specified
amount of water (and not the time until the fire is extinguished)
– Robustness / Survivability – Barrier robustness is the ability to resist given
accident loads and function as specified during accident sequences.
• Eg. Survivability of Valve Solenoid to Jet Fire scenarios
• Able to withstand extreme events, such as fire, flooding, etc.
• The barrier shall not be disabled by the activation of another barrier.
• Two barriers shall not be affected by a (single) common cause.
Slide 74

75. www.bell-energy.com
Barrier Effectiveness
 Performance of safety barriers
– Triggering Event / Condition – The triggering event or condition is the event or
condition that triggers the activation of a barrier.
• Eg. Initiating events are important to decide the total scope of the barrier safety
function.
– Adequacy – Able to prevent all accidents within the design basis.
• Meet requirements set by appropriate standards and norms.
• Capacity must not be exceeded by changes to the primary system.
• If a barrier is inadequate, additional barriers must be established.
Slide 75

76. www.bell-energy.com
General Barrier Effectiveness Ratings
 The General Barrier Effectiveness Ratings are based on the following
parameters:
– Field Experience of the “Functionality” of the Barrier based on:
• Status of the required inspections / tests as per schedule as required by the
Performance Standard
• Status of the hardware when it is tested
• The amount of time it requires repair to pass
– Findings of the Site Audits on the management of HSECES
– Status of Audit Actions
– Availability and adequacy of Competent Personnel to perform the job
– Level of training and continuing education they receive
– Past Incidents related to the functionality of the HSECES
– Is the HSECES in place
– Reliability
– Human Dependency
– Any survivability issues
Slide 76

77. www.bell-energy.com
Barrier Effectiveness Template
Slide 77
Barrier Title:
Bowtie Ref:
Yes No Unknown
2.1. Is the barrier amongst an "Instrumented Protective Function"
2.2. Does it have a SIL rating greater than SIL 1
3. Human Factors
4. Processes
4.1. Is this barrier management process audited?
4.2. Have the identified action items been completed or alternative
4.3. Is the impletementation on schedule
4.4. Is the process used uniformly
5. Personnel
5.1. Is the concerned staff training up-to-date
5.2. Is the concerned staff job profile adequate for the barrier management
5.3. Is the concerned staff competent in performing the action
3.2. Clearly defined task, defined operating procedures, operator is trained
and experienced, or errors conceivable, but very unlikely.
3.3. Operating under stress, multi-tasking, complex procedures, difficult to
operate, operator is trained, or errors possible.
3.4. Operating under high stress, complex or unclear procedures, inadequate
training, or errors quite possible.
3.4. Personnel unfamiliar with the task, very complex procedures, no
training, errors might well be expected, or emergency situation
NOT EFFECTIVEEFFECTIVEVERY EFFECTIVE
1.8. Is the barrier operating beyond it's design life?
1.9. Is the barrier designed as per an obsolete standard?
2. Is the barrier reliable?
3.1. No human involvement, simple instructions, easy to operate, intuitive,
proven operator performance, or consequences of errors limited by design.
1.2. Has the barrier been maintained as per the Performance Standard?
1.3. Has the barrier been tested as per the Performance Standard?
1.4. Has the barrier been inspected as per the Performance Standard?
1.5. Has the barrier undergone any form of degradation?
1.6. Has the barrier failed any tests?
1.7. Does the barrier require to be repaired very often?
1. Is the barrier in place and being used ?
1.1. Has the barrier been "inhibited" during normal operation?
In Place ?
Reliable ?
Human Factors
?
Processes ?
Personnel ?

78. www.bell-energy.com
Barrier Adequacy
 Barrier Adequacy is based on two requirements
 Prescriptive Requirements (to meet as minimum)
 Goal Setting Requirements (to meet ALARP)
Slide 78

79. www.bell-energy.com
Chapter 4 –
HSE Critical
Integrity
Activities &
Tasks
Chapter 2 –
Parent & Unit
Level Bowties
Chapter 3 –
Barrier Hierarchy,
Effectiveness
Analysis
Chapter 1 –
Preparing for
Developing
Bowties
Slide 79

80. www.bell-energy.com
HSE Critical Integrity Activities
Slide 80
activity
activity
activity
activity
activity
activity
activity
activity activity
activity
activity
activity activity
activity
activity
activity
All Activities are not HSE Critical Integrity Activities. On those
that are for ensuring the integrity of HSECESs are. However all
other activities related to HSE are part of HSEMS
HSE Critical Integrity Activities are dynamically affected during
the facility operations eg. Interfacing with other projects

81. www.bell-energy.com
HSE Critical Integrity Activities
Slide 81
activity
activity
activity
activity
activity
activity
activity
activity activity
activity
activity
activity activity
activity
activity
activity
activity
activity
activity
activity
activity activity activity
activity
activity
activity
Covered by HSEIA
Contractor Activities (Simultaneous Activities / Operations)

82. www.bell-energy.com
HSE Critical Integrity Activities
Slide 82
HSECES
Bowtie Analysis
Performance Standards
Responsibility
Performance
IndicatorsINPUT
Competencies
Required
Task 1
Task 2
Task 3
OUTPUT
HSE
Critical
Integrity
Activity
In THESIS, the above relationship can be
built for each HSECES

83. www.bell-energy.com
Level of Detail in HSE Critical Integrity Activities
 The general rules are:
– HSE Critical Integrity Activities should be specific and fit for purpose
– Activities should be documented at a level where accountability for the activity
can be realistically placed with a single individual.
– for efficiency, activities which are the responsibility of one person should be
grouped together as one activity if possible
– The activity should be based on quality management principles
– It should documents working practices & controls in use
– It should results in a ‘measurable’ activity
 It should be presented in the form of an “Activity Specification Sheet”
– Who performs the activity / task
– Brief description of the activity / task
– What prompts the activity / task
– What assures that the activity / task is performed correctly
– How to know that the activity / task is complete
– How frequently should the activity / task be performed
Slide 83

84. www.bell-energy.com
Slide 84
Thank you for your Attention
United Arab Emirates
Bell Energy,
8th Floor, 801
Noura Al Majid Bldg.
Electra Street, Abu Dhabi
Tel: +971 2 6761932
Email: uaeoffice@bell-energy.net
Branches:
Cleveland, USA
Brisbane, Australia
Warrington, UK
Pune, India
Toronto, Canada