Hazard identification system safety concept

The system safety discipline will require the timely identification and subsequent evaluation of the hazards associated with this operation, before losses occur. The hazards must then be either eliminated or controlled to an acceptable level of risk in order to accomplish the goal of relocating the hazardous chemicals. In short, the system safety process will identify any corrective actions that must be implemented before the task is permitted to proceed. The fly-fix-fiy approach discussed earlier has also been described as an after the fact attempt to improve operational safety performance. In contrast, the system safety concept requires before the fact control of system hazards. 

System safety commences with hazard identification and analysis and risk assessment. So are all the subsets of the practice of safety, whatever they are called. This author is confident that application of system safety concepts in the business and industrial setting will result in significant reductions in injuries and illnesses, damage to property, and environmental incidents. 

If all safety professionals accept the premise that hazard identification and risk assessment are to be the first steps in preventing injuries to personnel, a major concept change in the practice of safety will have been achieved. Adopting that premise takes the focus away from what have been called the unsafe acts of workers and redirects it to work system causal factors. This represents sound thinking. 

For this paper we treat hazard assessment as a combination of two interrelated concepts hazard identification, in which the possible hazardous events at the system boundary are discovered, and hazard analysis, in which the likelihood, consequences and severity of the events are determined. The hazard identification process is based on a model of the way in which parts of a system may deviate fi om their intended behaviour. Examples of such analysis include Hazard and Operability Studies (HAZOP, Kletz 1992), Fault Propagation and Transformation Calculus (Wallace 2005), Function Failure Analysis (SAE 1996) and Failure Modes and Effects Analysis (Villemeur 1992). Some analysis approaches start with possible deviations and determine likely undesired outcomes (so-called inductive approaches) while others start with a particular unwanted event and try to determine possible causes (so-called deductive approaches). The overall goal may be safety analysis, to assess the safety of a proposed system (a design, a model or an actual product) or accident analysis, to determine the likely causes of an incident that has occurred. 

Extensive and systematic hazard identification has been carried out based on the description of the system and the operational environment (Ludc, 2003b). All of the hazards identified during the hazard identification study have been analysed, stmctured and mapped to the Core Hazards (higher level hazard groupings) originating from the Axle Counter Concept Safety Case, which aims to support the development of Cause-Consequence models for the project. 

Mishaps involve a set of causal factors that lead up to the final mishap event, and these factors are the actuated hazard conditions. Mishap causal factors can be identified prior to an actual mishap through the application of HA. Mishaps are an inevitable consequence of antecedent causes and, given the same causal factors, the same mishap is repeatable, with the frequency based on the component probabilities. Mishaps can be predicted via hazard identification, and they can be prevented or controlled via hazard elimination or hazard control methods. This safety concept demonstrates that we do have control over the potential mishaps in the systems we develop and operate. We are not destined to face an unknown suite of undesired mishaps, unless we allow it to be so (by not performing adequate system safety). In the safety sense, mishaps are preplanned events in that they are actually created through poor design and/or inadequate design foresight. 

T vo distinguishing characteristic of systems theory are that (a) the whole is more than the sum of the parts and (b) what is best for the subsystems is not necessarily the best for the overall system, and vice versa. The concept that the system is more than the totality of its components is referred to as synergy. As might be expected, these two system characteristics are important in safety analysis and in identification of hazards. The discipline of system safety must evaluate the subsystems as well as the system as a whole. 

The design of most process plants relies on redundant safety features or layers of protection, such that multiple layers must fail before a serious incident occurs. Barrier analysis ) (also called Hazard-Barrier-Target Analysis, HBTA) can assist the identification of causal factors by identifying which safety feature(s) failed to function as desired and allowed the sequence of events to occur. These safety features or barriers are anything that is used to protect a system or person from a hazard including both physical and administrative layers of protection. The concepts of the hazard-barrier-target theory of incident causation are encompassed in this tool. (See Chapter 3.)... 

The overall life cycle discussions in the standard mainly covered in this main Clause 7, having 17 major sub-clauses. Now coming back to main life cycle phases in Fig. VI/4.0.2-1, it is seen that the first part of the safety life cycle is basically the analysis part comprising concept, scope for the system/EUC, hazard/risk analysis, creation of overall safety requirements, and identification of specific safety functions to prevent the identified hazards safety requirements allocation. The middle part is realization activities (Clause 7.10) as detailed in Figs. Vl/4.1.4-1 and Vl/4.1.4-2, are dealt with in Parts 2 and 3 discussions. The next part of the life cycle is related to installation and commissioning (Clause 7.13). Then comes the validation (Clause 7.14), operation and maintenance (Clause 7.15), modification, retrofit (Clause 7.16), and finally, decommissioning (Clause 7.17). 

---