Assessing risk controls using bow-ties Eric Marsden <eric.marsden@risk-engineering.org>
causes impacts top event preventive barriers protective barriers 2 / 21 Concept
2 / 21 event tree impacts top event fault tree causes no fl ow to receiver no fl ow from component B no fl ow into component B component B blocks fl ow no fl ow no fl ow from com- from com- ponent A1 ponent A2 no fl ow from component no fl ow from component A1 blocks A2 blocks source1 source2 fl ow fl ow Concept
barrier efgectiveness ▷ Probably originated in ICI (a UK chemical company) in the late 1970s • based on notions of defence in depth, fault tree analysis, event-tree analysis and Reason’s Swiss cheese accident causation model ▷ Royal Dutch Shell was fjrst major company to integrate bow-ties into business practices ▷ Gained popularity as an intuitive graphical manner of presenting accident scenarios and explaining importance of barriers 3 / 21 History ▷ A graphical and mostly qualitative method to assess risk and analyze
4 / 21 Concept
5 / 21 Start by identifying the hazard and the top event (typically some form of loss of control or loss of containment) Example: ▷ Hazard: mechanical energy of train during trackside works ▷ Top event: trackside worker struck by train Hazard Knot = hazardous event. Wh t What we don’t want to d ’t t t happen HAZ01 - Trackside Works (Trackside (Trackside Worker Struck/Crushed by Train)
6 / 21 Threats and preventive controls Driver/track machine Competence Health & Wellness Regular Train / machine operator error Random D&A testing assurance Program briefings/induction operating procedures Worker error - Work Group inattention Fenced areas/barriers Hi Vi vest Medical standards Staff vigilance Use of train horn Supervision Unsafe / Inappropriate system Competence Engineering work Safe working method Safety inspections / Job safety analysis of work employed by assurance rules statements audits workers HAZ01 - Trackside Works (Trackside Worker Struck/Crushed Inappropriate lighting Engineering work Train lights by Train) rules Competence assurance, Train crew Signal Passed at Signal sighting Health & Wellness training, Train danger Catch/trap points Train stop committee Program operating procedures ......
7 / 21 Threats and preventive controls 5.4.4.5 Propane Dropped / Fallen Object Cylinders only moved when Fork lift truck drivers are strapped in purpose designed trained and have their pallets (Company Handling) competence assessed Hazardous Site: W-4.2.06 (Prod) W-4.1.03 (Prod) Failure of Stored cylinders Vehicle Impact LPG storage area designed to LPG cylinders are designed to Fork lift truck drivers are HSE Guidelines to minimise BS5045 Part 2 as trained and have their vehicle impact possibility Transportable Gas containers competence assessed W-1.1.06 (Design) W-2.3.01 (Tan) W-4.1.03 (Prod)
8 / 21 Consequences and mitigation controls First aid provisions Communication and Fatality Emergency Plan Emergency protection and training and training command control command control HAZ01 - Trackside Works (Trackside Worker Struck/Crushed by Train) y ) Communication and Communication and First aid provisions First aid provisions Injury Injury Emergency protection Emergency Plan command control and training
9 / 21 Consequences and mitigation controls 5.4.4.5 Propane Fire / Explosion LPG storage area designed to Quantity of LPG stored limited PTW System and Safe System No smoking policy and HSE Guidelines to minimise in accordance with HSE of work minimise ignition monitoring to minimise B5 B5 B3 B4 ignition sources Guidelines sources on site unnecessary combustibles W-1.1.02 (Design) W-2.1.02 W-2.3.08 W-2.4.01 (Prod) W-5.2.01 (Prod F) Electrical Equipment Design - Electrical Hazardous Site: Classification Failure of Stored W-1.1.02 (Design) cylinders Task Related Ignition Sources Operator Intervention - Work Permit W-2.4.01 (Prod) Electrical Storm - lightning Copy of Design - Electrical Classification W-1.1.02 (Design)
risk by defeating or reducing the efgectiveness of controls ▷ Controls are seldom 100% efgective ▷ An escalation factor cannot directly cause the top event or consequence • it increases the likelihood that the scenario will progress because the associated control will be degraded or fail 10 / 21 Escalation factors ▷ Escalation factor: a condition that leads to increased
conditions which reduce the efgectiveness of other controls ▷ Tiough notion is in theory recursive (escalation factor controls can be themselves afgected by escalation factors), recommended to stay with one level of escalation factor controls 11 / 21 Escalation factor controls ▷ Escalation factor control: a control that manages the
12 / 21 Example: poor contractor performance
13 / 21 Example: work in confjned space Fatalities Use of correct PPE Stand-by at Entrance First Aiders Field ER Plans Working inside Working in Enclosed PTW for Working in Inspection by Site Inspection by enclosed spaces Space Procedures Enclosed Spaces Contractor Company Discipline Super. HSE Coordinator HSE Coordinator HSE Coordinator B4 HSE Coordinator Discipline Super. Const Manager Discipline Super. H02 - Confined Spaces (Oxygen Liaise with CMO ro deficiency) Provision of Forced Inadequate provide additional Inspection by Site Inspection by Ventilation Atmospheric Checks first aid traing for First aid training not ventilation Contractor Company contractors First adeqaute Aiders. Discipline Super. Discipline Super. Const Manager Discipline Super. Head Const HSE Event : Oxygen deficiency Hazard : H02 - Confined Spaces Location/Grouping : General Control Types: RF Requirement Company Requirements un-defined
14 / 21 Example: work at height Scaffolding not Provision of Access available Equipment Const Manager Design & Poor quality Inspection by Site Inspection by Scaffolding Passport Construction to RF scaffolding Contractor Company Legislation Const Manager Const Manager Const Manager Discipline Super. Serious Personal Awareness Unsafe mobile work Use of Correct PPE Work Planning First Aiders Field ER Plans Equipment Passport Inspection by Site Inspection by infury/fatality in Induction Company Pass platform & Test Certs Contractor Company Discipline Super. HSE Coordinator Discipline Super. HSE Coordinator HSE Coordinator B4 Const Manager Const Manager HSE Coordinator Discipline Super. H01 - Working at height (Fall or Dropped Liaise with CMO ro Object) provide additional Ladder "passports" & Inspection by Site Inspection by Unsafe ladders first aid traing for First aid training not inspection Contractor Company contractors First adeqaute Aiders. Const Manager Const Manager Discipline Super. Head Const HSE No edge protection Use of Safety Inspection by Site Inspection by Harnesses Contractor Company Discipline Super. Const Manager Discipline Super. Loose tools and Contractor Safety Inspection by Site Inspection by equipment Event : Fall or Dropped Object Procedures Contractor Company Hazard : H01 - Working at height Location/Grouping : General HSE Coordinator Const Manager Discipline Super. Control Types: Company Requirements RF Requirement
▷ Can be integrated with semi-quantitative risk analysis techniques such as LOPA ▷ Identify and assess safety barriers (risk reduction measures) ▷ Make a link between critical safety tasks and the SMS ▷ Identify elements for safety audits 15 / 21 ▷ Communicating risks, accident scenarios, importance of barriers Applications of the bow-tie tool
▷ Can we improve the efgectiveness of control? ▷ What tasks or actions do we need to do to make sure the control continues to work? ▷ Who is currently doing the task? ▷ Who is currently doing the task? ▷ Is the stafg competent for doing the task? 16 / 21 Link the tasks to barriers back to SMS ▷ How will the barrier fail?
17 / 21 Source: Practical HSE Risk Management – An Introduction to the Bow-tie Method , Gareth Book, Risktec Solutions Managing critical HSE tasks HSE-Critical Role Client/Project Name Senior Supervisor Task 01.01 Making live and Closing of Hot Work Ensure that all permits are Permit register Permits signed out ‘made live’ and Records of Hot Works closed by the Authorised Safety Meetings Person Task 01.02 Ensure that Hot Work is in Ensure that permit is in Permit register compliance with permit conditions compliance with MSN 102L Walk round and work is undertaken in check/inspection of safe manor works Pre-job briefing sign off Safety meeting actions Daily records Task 02.04 Ensuring that lifting gear is tagged Ensure that lifting gear is Audit and Inspection and colour coded coded as per procedure Sign off from certifying HSE-Critical HSE-critical Verification MSN 205L company. task procedure Ensure competence of certifying contractor Task 04.04 Confirm portable electrical Ensure that external Visual check equipment is fit for purpose and in electrical equipment is Audit of Portable possession of integrity certification tested on a 3 month cycle appliances and internal equipment is tested on a 6 month cycle as per MSN 23L.
Recommend
More recommend
