This document discusses mechanical integrity and provides an overview of key concepts. It defines mechanical integrity as ensuring equipment is designed, operated, and maintained properly. The document outlines potential threats if integrity is not maintained, such as inappropriate standards, deferred maintenance, or inadequate workmanship. It emphasizes that mechanical integrity requires consideration across the entire asset lifecycle from design through decommissioning. Regulatory compliance is the minimum requirement, with codes and standards requiring supplementation. Maintaining integrity helps ensure safety, reliability, and cost-effectiveness.
1. N.Al-Khirdaji, M.Eng., P.Eng. 1
4.1 Mechanical (Structural)
Integrity - Overview
Mechanical Integrity – An Overview
• Definition, scope, and key elements - hardware and
software issues, peopleware - sound people
management
• Potential threats to technical integrity in a hazardous
environment
• Regulatory requirements – SH&E, OSHA, SEVESO II
• Life cycle implications - design/operation/maintenance,
regulatory/industrial interface, training/staff
development, networking
2. N.Al-Khirdaji, M.Eng., P.Eng. 2
Key Business Objective
• We are in business to make money
• Our objective is to run our plants effectively
– with the absolute minimum downtime, both planned
and unplanned,
– producing quality products at the lowest possible life
cycle cost (LCC).
• To produce with an absolute minimum downtime,
plant availability and reliability must be as high as
possible.
• Equipment which is not operating will not make
money!
Asset Utilization
Equipment
fully functional
Making $
Unscheduled
Maintenance
Planned
Maintenance
Scheduled Repairs Unscheduled Repairs
Maintenance is an integral component of optimum asset performance.
The question is not IF but WHEN we will do the appropriate (what and
how) maintenance.
We make money only when the equipment is operating
3. N.Al-Khirdaji, M.Eng., P.Eng. 3
Pressure Equipment and Piping
Integrity in Context
Technology
Value
Cost Reliability
Safety
Risk
Management
Integrity
Management
Stakeholders
Benefit
• Safety of the Public, Employees and the Environment
• Reliability for Customers and Suppliers
• Cost Minimization While Maintaining Safety and Reliability
Ref: Pipeline Research Council International, Inc (PRCI)
Guidelines for Technical Management
of Chemical Process Safety [CCPS*]
Personnel
Safety &
Health
Process
Safety
Environmental
Control
* [CCPS] - Center for Chemical Process Safety
4. N.Al-Khirdaji, M.Eng., P.Eng. 4
Plant Safety and Reliability
• Inherent safety and operational reliability are
intimately related and closely linked, and are largely
determined during the early design phase.
• Work processes used to deal with process hazard
analysis are similar to those for reliability analysis.
Synergistically merging these two analyses leads to a
safer and more-reliable plant design than would be
likely by performing them separately.
Safety and Reliability
• A Safe Facility is Inherently More Reliable
• A Reliable Facility is Inherently More Safe
• Safety is Good Business
5. N.Al-Khirdaji, M.Eng., P.Eng. 5
Overall Integrity Concept
Mechanical (Structural) Integrity
• Every engineering component, when put in
service, is designed to last a specified period
referred to as Design Life of the component.
• Many factors adversely affect the defined life and
lead to failure/premature retirement of the
component from service. Such factors include:
– Unanticipated stresses (residual, services),
– Operation outside designed limit (excessive
temperature, pressure, load cycling),
– Changes in properties/characteristics of process
streams
– Inappropriate repairs/alterations
– Human errors,, etc.
6. N.Al-Khirdaji, M.Eng., P.Eng. 6
Mechanical Integrity
• The mechanical integrity of pressure equipment
and piping systems can only be achieved when the
following three inter-dependent criteria are
satisfied:
– The pressure vessels/piping systems are designed
correctly for the specified service conditions,
– They are operated within the design envelope
– They are maintained within the design envelope,
• The degradation processes the pressure system is
subject to are understood, monitored, and trended
and the piping system is fit for continued service
Technical Integrity - Definition
• "The technical integrity of a facility is
achieved when, under specified operating
conditions, there is no foreseeable risk of
failure endangering safety of personnel,
environment or asset value".
• The expectation of "no foreseeable risk" is
realistic considering the following aspects:
7. N.Al-Khirdaji, M.Eng., P.Eng. 7
Technical Integrity - Definition
– It is under specified operating conditions usually
within the design intent and the operating envelope,
e.g. the maximum allowable operating pressure
(MAWP), not the maximum operating pressure.
– It excludes normal mechanical failures which may
have an effect on "availability" but do not endanger
safety of personnel, environment or asset value.
– It is a system state that should be achieved when
everybody does his/her business right, and that can be
verified by audit.
Technical Integrity
• Technical integrity not only refers to hardware
(mechanical and structural) and software issues, but
also to human issues - sound people management.
• Human factor is one of the most critical components
necessary to achieve technical integrity, and integrate
successfully technologies into the human environment.
• Human issues more specifically refer to the intersection
of knowledge, skill and desire.
– Knowledge is the theoretical paradigm: what to do and why.
– Skill is the how to do.
– Desire is the motivation: want to do.
8. N.Al-Khirdaji, M.Eng., P.Eng. 8
Elements of Mechanical Integrity
The three main elements of mechanical integrity
must be considered in every design:
(a) Fitness-for-service. Encompasses not only suitability
for use as specified, but also fitness for other likely
applications – if this cannot be achieved, measures
must be taken to prevent inappropriate use.
(b) Safety. Must be considered in relation to all likely uses,
not only those specified. Risk analyses and mitigation
procedures are required.
(c) Environmental compliance. Production, operation,
maintenance and disposal should all be included in
requirements for environmental compliance
Technical Integrity - Key Considerations
Key premises of mechanical integrity include:
– Facilities are designed, operated, and maintained
by qualified competent people,
– Identification and/or validation of the current
condition of critical equipment,
– Identifying and understanding the degradation
processes and their impacts on the remaining life
of specific equipment/components/systems,
– Using Risk-based decision making to prioritize
equipment inspection and maintenance.
9. N.Al-Khirdaji, M.Eng., P.Eng. 9
Technical Integrity - Responsibility
• Technical integrity is a common responsibility of
Engineering, Operations and Maintenance
notwithstanding the difference in emphasis:
– Engineering is responsible for defining what
constitutes technical integrity (design intent)
– Operations and Maintenance are responsible for
safeguarding technical integrity.
– Ongoing link between the three disciplines is the
design envelope and the application of an effective
management of change (MOC) program.
Mechanical Integrity
Operation
Design
Maintenance
Mechanical Integrity
Mechanical
Integrity
Design
Maintenance
Operation
Mechanical Integrity
10. N.Al-Khirdaji, M.Eng., P.Eng. 10
Some Relevant Definitions
Safety
Strategy of Accident Prevention
Loss Prevention
Prevention of accidents which result in injury to
humans, damage to the environment, loss of
production, damage to equipment, or loss of
inventory.
Hazard
An inherent physical or chemical characteristic of
a material, system, process or plant that has the
potential for causing harm.
Some Relevant Definitions
Risk
For episodic events, risk is a function of probability
and consequence.
Risk Analysis
Qualitative or Quantitative estimate of risk
Risk Assessment
Results of risk analysis are used to make decisions
11. N.Al-Khirdaji, M.Eng., P.Eng. 11
Technical Integrity – Potential Threats
• The potential threats to mechanical integrity
are in the area of methodology and controls
through:
– The application of inappropriate standards,
– Inappropriate condition assessment,
– Deferred or uncontrolled maintenance and
– Inadequate quality of workmanship
In-Service Degradation
• General types of degradation mechanisms that can
cause failure of pressure equipment and piping:
– General and localized corrosion and erosion
– Environmentally caused cracking
– Metallurgical aging and degradation
– High temperature degradation and brittle fracture
– Mechanical cracking and damage
– Welding and fabrication flaws
• Anything that will cause materials of construction
to degrade and possibly cause failure of pressure
equipment in service
12. N.Al-Khirdaji, M.Eng., P.Eng. 12
Sources of Unreliability
• Inadequate operating procedures
and training
• Ineffective cross functional
team-working
• Lack of measures / targets
• Inconsistent operation
• Lack of training
• Inaccurate initial specifications
• Poor design for operability and
maintainability
• Inadequate Management of Change (MOC)
• Ageing assets
• No / Inadequate strategy
• Inadequate monitoring / knowledge of
asset condition
• Inadequate repair specifications
• Lack of technical skills / training
Operations
30 – 50%
Assets
30 – 40%
Maintenance
10 – 30%
UNRELIABLE
PLANT
Pressurized Systems
Failures Continue to Occur
• However, the reality is that failures, sometimes
catastrophic, continue to occur with significant
consequences.
• Failures are costly, particularly when they involve
consequential damage and when they reduce
operating times.
– In recent studies of fracture in the USA and Europe, the
total loss to the gross economic product of advanced
nations has been estimated to be 4% of GNP.
– They also place at risk operating personnel and
surrounding populations.
13. N.Al-Khirdaji, M.Eng., P.Eng. 13
Some Key Accidents
1984 PEMEX - Mexico City
Over 650 dead
1984 Bhopal – India
Over 2000 immediate
dead, plus many more
from the effects
All Failures Have Causes
• Failures are not random chance events. All failures
have causes, and remedies. We should continue to
identify gaps in our process design, engineering,
fabrication, installation, operation, and maintenance
activities in a timely manner and to take appropriate
measures to prevent failures.
• Failure of an engineering component or structure can
be regarded as arising from incomplete, inaccurate,
or inappropriate information on, or consideration /
handling of, one or more stages of the design.
14. N.Al-Khirdaji, M.Eng., P.Eng. 14
Know the Condition of the Facilities
Knowing the details is the essence of being thorough
Causes of Premature Fracture Influenced
by Corrosion of a Pressure Component
Tensile stress at metal surface
- Heat treatment
- Fabrication and assembly
Pre-existing flaws
Protective systems
Corrosion fatigue
(cyclic loading)
Stress-corrosion cracking
(metallurgical susceptibility,
static tensile loading)
Hydrogen
stress cracking
(static tensile
Loading)
Tensile
overload
Localized
corrosion
General
corrosion
PREMATURE FRACTURE
Hydrogen
embrittlement
Service
Loading Environment
Pressure component
15. N.Al-Khirdaji, M.Eng., P.Eng. 15
Pressure Vessels & Piping Failure
Pressure vessels and
piping failures occur
in plants around the
world, resulting at
times in catastrophic
consequences and
loss of life.
The origin of the initiating defect (115mm long crack at the fillet weld)
was thought to be hydrogen cracking in the HAZ of the fillet weld.
Root Causes of Plant Catastrophes
People:
• Fail to detect problems in
reams of data
• Are required to make
hasty interventions
• May be unable to make
consistent responses
• May be unable to
communicate well
When the root causes of the categories “Equipment” and “Process”
are considered, 80% of all incidents are due to human error!
17. N.Al-Khirdaji, M.Eng., P.Eng. 17
Analysis of Equipment Failures
Cause Hum Mech Inst Elec Des Cor Eros Cold Oth U/K Tot %
EQUIP
Column 0 2 0 0 0 0 0 0 0 0 2 0
Compr 1 1 1 0 0 0 1 0 0 0 4 1
Heater 29 20 8 0 4 2 0 0 0 16 79 1
2
H.Exch 8 22 0 0 0 5 0 0 0 0 35 5
Pipeline 12 5 0 0 1 5 0 0 0 0 26 4
Piping 102 67 5 0 26 26 1 1 0 7 235 36
Pump 3 47 1 0 1 1 0 0 0 3 56 9
Tank 32 9 6 0 2 4 0 9 0 12 74 11
Transp 12 1 0 0 0 1 0 0 0 1 15 2
Vessel 47 16 6 2 11 4 0 0 0 5 91 14
Other 12 3 0 2 4 0 0 1 0 4 26 4
U/K 0 0 0 0 0 0 0 0 0 10 10 2
TOTAL 258 193 27 4 49 48 2 11 1 60 653
39 30 4 1 8 7 0 2 0 9
PERCENT
Governing Regulations, Codes
And Standards
• All aspects of plant design, construction and
operation are subject to regulations that must be
complied with.
• Full compliance with regulatory requirements is
the minimum level of compliance.
• Codes and regulations cannot cover every detail
and aspect of plant design and operation even
though these codes and regulations are continually
updated and clarified with interpretations and
bulletins.
18. N.Al-Khirdaji, M.Eng., P.Eng. 18
OSHA 29 CFR 1910.119 Elements
Mechanical Integrity - OSHA
29 CFR 1910.119(j)
What is Mechanical Integrity?
Activities to provide assurance that mechanical
equipment is designed, fabricated, procured,
installed, and maintained in a manner
appropriate for its intended application.
19. N.Al-Khirdaji, M.Eng., P.Eng. 19
Integrity Management (IM)
The application of Qualified Standards,
by Competent People,
using appropriate Processes and Procedures
throughout the plant Life Cycle - from design
through to decommissioning.
38
Key Activities to Cover in a
Mechanical Integrity Program
• Engineering (design)
• Material acquisition, stores, and issue
• Fabrication
• Construction/installation
• Inspection and testing
• Contractor management
• Repair
20. N.Al-Khirdaji, M.Eng., P.Eng. 20
Integration of Corrosion Metrics Into
the Integrity Process
Projections
Physical
Modeling
Predictable
Logical
useable
Inherent Initial
Material and
Manufacturing
Quality with
Quantifying
Damage Impact
ENGINEERING
Monitoring
Measurable
Definable
Reliable
Detectable
Relative
Qualifying
And
Quantifying
Measures
INSPECTION
Actions
Appropriate
Feasible
Accessible
Decisive
Reasonable
Practical
Decisions and
Tools,
Guidelines,
And Repairs
With Options
MAINTENANCE
Informative
Statistical
Practical
Realistic
Reasonable
Quantifiable
Risk, Cost,
And
Readiness
Measurands
With
A/C Flow
MANAGEMENT
Asset Integrity Enhancements*
* FAIR+MS – Shell Global Solutions
21. N.Al-Khirdaji, M.Eng., P.Eng. 21
Integrity Management Plan
Project Construction
QA/QC Records
Operating
Guidelines
Industry
Experience
Process Flow
Drawings
Corrosion Manuals
- Process Description
- Operating limitations/Constraints
- Failure Modes and Mechanisms
- Corrosion Circuits
- Criticality Assessment
- Inspection Guidelines
- Corrosion Monitoring Guidelines
Inspection Database
- Design Data and Material Specs
- NDE and Inspection Records
- Corrosion Rates
- Onstream/Offstream Inspection Dates
- Inspection Job Instructions
Corrosion Monitoring Database
- Process Information
- Corrosion Monitoring Devices
- Stream Analyses
- High/Low Alarm Setpoints
- Trending Displays
Turnaround Inspection & Maintenance On-stream Inspection Program
Lab
Analyses
Process
Computer
Risk-Based Inspection
Rigorous system for managing pressure equipment risks
- Anticipate future problems
- Identify Future risks and opportunities
Knowledge & Understanding
• Design (& Change) envelope
• Service conditions
• Damage mechanisms
• Inspection / maintenance history
• Failure mechanisms / rates
• Defects types & characteristics
• Criticality
• Probability of Detection
• Impacts of failure
Probability
of Failure
Consequence
of Failure
RISK
Optimum Inspection
Plan
Design & Operations
Implications
23. N.Al-Khirdaji, M.Eng., P.Eng. 23
Engineered Safety - 1
• Engineered safety is a core technology and is a
corner stone of technical integrity.
• It includes the following major components:
1. Safety in Design
- Quality Control in Design
- Inherent Safety
2. Safeguarding
3. Technical Safety Audits and Reviews
4. Pre-Startup Audits and Reviews
5. Procedures And Controls
Engineered Safety - 2
6. Management Systems
7. Risk Assessment
8. Due Diligence
9. Fitness-For-Service Assessment (Engineering
Critical Assessment)
10. Technology Management
– Regulatory/industrial interface
– Training/staff development
– Gate-keeping and Networking
24. N.Al-Khirdaji, M.Eng., P.Eng. 24
Safeguarding Systems
• The term “safeguarding” is used to describe the
process of identifying and mitigating Process
hazards to prevent uncontrolled loss of containment
that could result in injury to personnel and release of
toxic or harmful substances.
• Safeguarding Systems consist of pressure relieving
devices (PRD’s); instruments; valves; insulation;
size restrictions on specific equipment; metallurgy;
procedures; etc.
• Therefore, “safeguarding” includes all the
protective devices and systems installed to protect
against loss of containment.
Layers of Protection in a System
• Any physical device can - and will, at some point -
fail
• Systems must be designed to withstand failures
• Failure protection is layered:
– Basic equipment protection
– Basic control system architecture
– Fail-safe design
– Operators and engineers
– Administrative procedures
Increasing Robustness
25. N.Al-Khirdaji, M.Eng., P.Eng. 25
Layers of Protection
In layers of protection, “hard barriers” are more reliable than “soft
barriers”, but all rely on people.
Layers of Protection for Typical Process
26. N.Al-Khirdaji, M.Eng., P.Eng. 26
The Swiss Cheese Model of System
Accidents
Ideally, each defensive layer would be intact. In reality, however, they
are more like slices of Swiss cheese, having many holes. These holes are
continually opening, shutting, and shifting their location. The presence of
holes in any one "slice" does not normally cause a bad outcome.
Usually, this can happen only
when the holes in many layers
momentarily line up to permit
a trajectory of accident
opportunity bringing hazards
into damaging contact with
victims.
The Swiss cheese model of how defences, barriers, and
safeguards may be penetrated by an accident trajectory
The Swiss Cheese Model of System
Accidents
• Latent conditions as the term suggests may lie
dormant within the system for many years before they
combine with active failures and local triggers to
create an accident opportunity.
• Unlike active failures, whose specific forms are often
hard to foresee, latent conditions can be identified and
remedied before an adverse event occurs.
Understanding this leads to proactive rather than
reactive risk management.
27. N.Al-Khirdaji, M.Eng., P.Eng. 27
Over/Under Pressure Relief
Required for System Safety
The general-purpose tank car
was being steam cleaned in
preparation for maintenance.
The job was still in progress at
the end of the shift so the
employee cleaning the car
decided to block in the steam.
The railcar had no vacuum relief so as it cooled, the steam
condensed and the car imploded.
This incident demonstrates the need for ensuring that
systems are adequately designed and that their pressures are
controlled within design parameters.
Safeguarding: Operation of
Engineering Systems to Reduce Risk
• Many “engineering” failures involve, at least
in part, an operations failure…consider the
reactor failure at Three Mile Island:
– The main feedwater pumps failed; a pressure
relief valve automatically opened, but stuck
open. Signals failed to show that the valve was
stuck open.
– Because of either administrative or human
error, a critical valve in the emergency
feedwater system was left closed, delaying the
operation of that system for 8 minutes.
28. N.Al-Khirdaji, M.Eng., P.Eng. 28
Pressure Systems Risk
RISK
Probability of failure consequence of failure
Susceptibility
factor
Severity
factor
Internal corrosion
External corrosion
Fatigue
Stress Corrosion Cracking
Third party damage
Sabotage/pilferage
Loss of ground support
Risk to life
Damage to asset
Loss of production
Cost of failure
Environmental effects
Public image
Probability of Failure (PoF)
Knowledge of materials and service conditions tells us what failure
mode to expect
Degradation
Mechanism
Damage
Loads vs.
Strength
Failure Mode
Inspection PoF Consequences
• Corrosion
• Fatigue
• Erosion
• Creep
• Pitting
• Cracks
• Wall loss
• Embrittlement
• Geometry
• Material type
• Stress intensity
• Remaining wall
• Pinhole leak
• Brittle fracture
• Burst
• …..
RISK
29. N.Al-Khirdaji, M.Eng., P.Eng. 29
Design and Operate for Safety
RISK = CONSEQUENCE * PROBABILITY
– Identify Potential Hazards and Events
– Minimize Frequency of Initiation
– Maximize Probability of Benign
Termination
– Minimize Consequence of Harmful
Termination
Typical Plant High-Risk Items - 1
• Inherent design or materials shortfalls (avoidable)
– Inadequate or no post weld stress relief
– Material not suitable for service
– Material’s aged properties differs from manufacturers
data sheet
– Design incorporates localized highly strained area
– Incorrect heat treatment
– Formation of crevices inherent in the design
– Inability to clean equipment effectively, e.g. heat
exchangers
– Dissimilar metal welds in critical areas of unit
30. N.Al-Khirdaji, M.Eng., P.Eng. 30
Typical Plant High-Risk Items - 2
• Inability to effectively inspect equipment (no
access for inspection).
• Inappropriate corrosion protection, passivation,
inhibitors
• Inspection tasks were often not aligned with
degradation mechanism
• Inadequate plant change control
• Improper maintenance/repair practices
• The root cause of failures was frequently not well
understood & remedial actions tended to address
symptom rather than cause
Corrosion Management
Feedback
Corrosion Risk
Assessment
Risk-Based
Inspection
Planning
Implementing
Gathering Data
Analyzing
Reporting
Corrective
Action
Inputs; Categories; Ranking Systems
What; When; Where; How
Scheduling Integration; Work Procedures; Criteria
Reporting Rules; Written Schemes of Examination
Execution of Inspection and Monitoring
Inspection Tools Including Opportunity-based Inspection
Failure Analysis; Assessment; Trending; Prediction
Non-Conformances Reporting Routes
Increase dosage rates/change chemical package;
Incorporate/modify cathodic protection; Apply maintenance
coating; Replace components/change material of construction;
Reassess monitoring/inspection requirements/ frequency)
31. N.Al-Khirdaji, M.Eng., P.Eng. 31
Weld Cracks in Pressure Equipment
Cracks in welds of
Pressure Equipment
Fabrication
welding material
Loads
specified monitored
Stress/Fatigue
SCFs, Ke
Fatigue
curves
NDT
NDT
sufficient
New
validation
Maintenance Schedule Based on Crack
Length vs. Fatigue Life Curves
Catastrophic failure
Repair needed
Inspection
Maintenance schedules can be developed from crack length vs.
fatigue life (a-N) curves.
Critical crack length acr is determined based on KIc and maximum
design stress
The time till repair is determined
considering an appropriate factor
of safety i.e., ar = acr/(FS).
Remaining loading cycles before
repair are determined from ai and
ar
acr
ar
ai
Loading cycles, N
32. N.Al-Khirdaji, M.Eng., P.Eng. 32
Safety Management – Focus Areas
Safety Management
Installation
Design
Operation
Maintenance
Organizational Culture
Leadership
Information
Procedures
Man-machine interface
Behaviour
Education
Training
Motivation
Commitment
Personnel
Government Public
64
Mechanical Integrity - Paragraph (j)
Regulatory Intent
• Replace the “breakdown” maintenance philosophy
with an on-going equipment integrity philosophy
that ensures that process equipment and
instrumentation are designed, constructed,
installed, and maintained to minimize the risk of
hazardous releases.
• A strong mechanical integrity program and proper
operations form the first line of defense against
accidental releases from process equipment
33. N.Al-Khirdaji, M.Eng., P.Eng. 33
NBIC - 2004 Report of Violation
1.1%
470
Repairs and Alterations
9.4%
3,900
Pressure Vessels 3,900
19.9%
8,205
Pressure-Relieving Devices for
Boilers
17.7%
7,300
Boiler Components
2.4%
983
Boiler Manufacturing Data
Report/Nameplate
19.4%
8,042
Boiler Piping and Other Systems
30.1%
12,423
Boiler Controls
% of Total Violations
Category Number of Violations
Risk Tolerability – ALARP*
Run/Repair/Replace Decision
Generally Tolerable
or
Negligible Risk
Tolerable if it can
be demonstrated that
the risk is ALARP (i.e. not
reasonable to lower it further)
Not
Tolerable
Risk Levels
Retire/
Replace
Repair/
Rerate
Continue
to
Run
Economic
Determination
Technical
Determination
*ALARP = As Low As Reasonably Practicable
Increasing
risk
34. N.Al-Khirdaji, M.Eng., P.Eng. 34
Human Failures
Human Failures
Violations Errors
Mistakes Skill-based
errors
Knowledge-
based
mistakes
Slips of
action
Exceptional Situational Routine
Rule-based
mistakes
Lapses of
memory
Human Factors
• Human factors refer to environmental, organizational
and job factors, and human and individual
characteristics which influence behaviour at work in a
way which can affect health and safety (HSE, 1999).
- The job: task, workload, procedures, environment,
ergonomics.
- The individual: competence, skills, risk perception,
personality, attitudes.
- The organisation: culture, leadership,
communication, work pattern, resources.
35. N.Al-Khirdaji, M.Eng., P.Eng. 35
Probability of Human Error
1 - 10-1
Process involving creative thinking, unfamiliar, complex operations
where time is short and stress is high.
10-1
Highly complex task, considerable stress, little time available.
10-2
Errors of omission where dependence is placed on situation and memory.
Complex, unfamiliar task with little feedback and some distraction.
10-3
Errors of commission such as pressing the wrong button or reading the
wrong display. Reasonably complex tasks, little time available, some
cues necessary.
10-4
Errors in regularly performed, commonplace simple tasks with
Minimum stress.
10-5
Extraordinary errors - those for which it is difficult to conceive how they
could occur. Stress free, with powerful cues pointing to success.
Human
Error
Probability
Type of Human Behaviour
Source: Comer P J and Kirwan B J, A “Reliability Study of a Platform Blowdown System …..”
Human Factors in Accidents
• Human Factors are the weakest link in any
process or procedure.
• Human Factors is a buzz word in industry
these days, but it has been around in the airline
world for a long while now.
• Human Factors has its origins in the Industrial
Revolution and emerged as a full-fledged
discipline during World War II.
36. N.Al-Khirdaji, M.Eng., P.Eng. 36
Human Factors in Accidents
“We shall understand accidents when
we understand human nature”
Kay (Accidents: Some facts and theories, 1971)
Human Factor
Human performance:
The intersection of knowledge, skill and motivation
Knowledge Skill
Motivation
K S
M
37. N.Al-Khirdaji, M.Eng., P.Eng. 37
Hazard Identification Process
The identification of system hazards is one of the most challenging
tasks of safety engineering. There is a wide choice of identification
methods and techniques e.g. HAZOP, What If, etc.
Most hazard identification techniques depended on the input factors
summarized in the Figure below:
Hazard analysis
technique
Hazard
identification
Hazard
list
Accident
scenarios
Design
documentation
Previous
hazard list
Previous experience
(checklist, incident reports..)
Functional system &
Domain description
Hazard Identification Techniques
Complement Each Other
• There is no one technique that can claim to produce
complete identification of all hazards. Best industry
practice dictates the use of a combination of hazard
identification techniques.
• The use of two or more techniques such as FMEA
and HAZOP, will complement each other.
– FMEA starts with the failure mode of a component
and examines the effects of that fault.
– HAZOP starts with a deviation from normal system
operation and examines how that deviation might
occur and the consequences should such a deviation
occur.
38. N.Al-Khirdaji, M.Eng., P.Eng. 38
HAZOP Process
CAUSE
EFFECT
Start
Point
Single
Deviation
Direction of Process Direction of Process
HAZOP: Working from the fault in both directions,
to determine possible causes and effects
Fault Tree Analysis & Event Tree
Analysis Complement Each Other
FTA - Working from the hazard to identify individual causes
ETA - Working from the hazard to identify the consequences
Individual Causes Consequences
Start
Point
Single
Deviation
FAULT TREE ANALYSIS EVENT TREE ANALYSIS
Direction of Process Direction of Process
39. N.Al-Khirdaji, M.Eng., P.Eng. 39
Criteria for a “Best Practice”
• The Practice is a Proven Technique, Having Been
Applied Successfully, and has led to a Measurable
Improvement in Integrity (i.e. it is not Just
Theoretical –these are Practical Tools and Strategies)
• The Practice is Peer-Reviewed as being Applicable
Across a Number of Installations
• Ideally, the Practice will be Pro-Active in Managing
the Installation Integrity –Although Consequence
Mitigation will Also be Considered
Pressure Equipment Integrity Pyramid
Essential Elements
OEMI Teams
CCDs & IOWs
RBI
ESP Ensure Safe Production
Risk Based Inspection
Corrosion Control Documents
Integrity Operating Windows
Operations - Engineering -
Maintenance - Inspection
40. N.Al-Khirdaji, M.Eng., P.Eng. 40
HAZOP Flow Diagram
Divide System Into
Study Nodes
Select Node
Apply
All Specialized
Guide Words In Turn
Any Hazard/Operating
Problems?
Need More Information
Record the Consequences
and Causes and Suggest
Remedies
No
Not Sure
Yes
Management of Catastrophic Precursors
• Precursors are signals that illuminate system failure
points with potential for future catastrophic loss.
• Precursors are expressed as:
– accidents (relatively strong signals), or
– near-misses (weak signals).
• In both instances, precursors are valuable learning
opportunities that can be used to project future
calamities and mitigate future risk exposure
41. N.Al-Khirdaji, M.Eng., P.Eng. 41
Precursor Four Severity Levels
There is roughly a ten-fold difference in the occurrence
rates between the precursor levels of severity
4
(1000)
3
(100)
2
(10)
1
1. Consequential events
2. Near misses (10)
3. Compromises (100) - latent barrier
vulnerabilities
4. Infractions and deviations (1000)
anomalies & vulnerabilities at low level.
Root Cause Analysis of Precursors
Business
As
Usual
Precursor
Root
Cause
Analysis
Corrective
Action
Ignorance
And/Or
Denial
Identify and analyze the precursors and take corrective action to
prevent the downstream consequential adverse event.
A precursor is a previous similar situation/event with severe
consequences, if it had included (or not included) some other small
set of conditions, a consequential adverse event would have occurred
42. N.Al-Khirdaji, M.Eng., P.Eng. 42
Potential Consequences
of a Major Loss
• Reduced share price.
• Public relations issues.
• Significant loss of life (employees and public).
• Environmental damage.
• Business interruption.
• Increased regulatory involvement
Overpressure Estimation Procedure
The TNT Method
1. Determine the energy release in terms of
equivalent mass of TNT. (The energy equivalent
of TNT is 1120 cal/gm).
2. Determine the scaled distance Zc from the blast
centre to the target structure as follows:
Zc = r/(WTNT )1/3
Zc = scaled distance
r = actual distance, m
WTNT = equivalent mass of TNT, kg
3. Read the overpressure from the following chart.
43. N.Al-Khirdaji, M.Eng., P.Eng. 43
Overpressure vs. Scaled Distance
Peak Side-on Overpressure versus
Scaled Distance for TNT Explosions
Lethality Threshold
(Lung Damage)
Eardrum Rupture
Threshold
Sonic Boom glass Breakage
Typical Pressure
for Glass Breakage
Minor Damage to
House Structures
Lower Limit of
Serious Structure Damage
Nearly Complete
Destruction of House
Probable Total
Destruction of
Buildings
Scaled Distance (Z) = m/(kg)1/3
0.1 1.0 10 100 1000
Overpressure,
kPa
1,000
100
10
1
0.1