–
Gundula Stadie-Frohboes, Head of Dep. Risk & Safety, Systems Engineering, DNV GL gave a presentation on ‘‘Risk assessment and safety barrier management for tanker operations”. She highlighted that one single factor might not lead to in an incident, but the combination of them, as there is mostly more than one reason behind an incident (e.g. design at the limit, manufacturing not as intended, operation at the limit). This problem can be controlled through “barrier management” which uses the bow-tie method in a continuous way. The bow-tie is in simple words a combination of fault and event tree methodology. An incident can happen if several prevention barriers, such as design, manufacturing control, operating and maintenance according to their specification, fail. She explained that for the barrier management several bow-ties are developed and combined and the barriers are continuously monitored.
My presentation is about risk assessment and safety barrier management and how we would like to introduce them into companies. I will try to explain what safety barrier management is, how companies may use it and also if it can really help them.
When there is a hazard, which may come from many different roots, a major accident may occur. This is not new; it is something that you know from your experience. If one accident happens, it isnt just one single thing that went wrong before. If we look for example at boiler damages, it isnt very easy to design what to limit. The manufactures involved are nearly perfect, but not as perfect as they could be. The maintenance is good, but maybe not as good as it could be. Likely, as far as it concerns the inspections and so on. And also the operations are part of these elements. If all these things come together, then the hazard finds its base through different root causes and an accident like leakage may occur.
There are a lot of things to do to defect a hazard (e.g. fire & gas detection) and to mitigate the hazard (e.g. drainage, fire protection). In case the event happens, you can have an escape route, an evacuation plan to improve your system.
Barriers & the safety barrier management
The safety barrier management is nothing new. As we have emplaced safety barrier management systems, we had found out that it is important to introduce a management system of communication, which is related to maintenance like classification testing, inspection, preventive and corrective maintenance. These are kinds of barriers that guide us to reduce the risk and performing operations such as procedures, planning, working etc.
In practice, we have a top event and different threats, which may cause this top event. For example, if this top event is a fire, then we could have different threats, which need to come to this top event. And for sure we have preventive barrier function, which reduce the probability that the top event may occur. Following the top event, we have different kind of consequences. For example, in the case of fire, the fire could escalate in different rooms and so on. And for each of this kind of consequences, we might have means that reduce these consequences. For example flow store, so the fire contained remains in one room. There are a lot of different topics that you can introduce to reduce the consequences of a top event. The barrier management didnt come to such a place because you have to find the barriers by themselves, but you have to consider that the barriers moderate during time. Sometimes, during maintenance, but not in every maintenance system, isolation is getting better from some of the top issues. In some of the evacuation routes the door may have been closed. So things happen and the barriers mitigate each time. That is why barrier management came into place; therefore we have to look at the barriers every time and to exceed them.
Concerning the risk assessment, we use a bowtie, which is consisted by a fault tree and an event tree. The fault tree includes different kind of events, which is connected to the event tree. All these events result in the final events. Fault trees flow from bottom to top and show all the ways in which the Top Event, the event at the top, can happen. Fault trees have and/or gauges to model whether controls are parallel or sequential. Event trees work the other way around. They start with a single event, and model what consequences can result from that. They do that by having combinations of conditions and based on a particular combination, a certain consequence occurs. Often Event trees also have calculated frequencies for their consequences.
Bowtie Model
For example, if you look here at the fire and the machinery space, you can recognize one of the threats, as the fuel oil or another combustible material (lubricants and so on). Then you have the barriers. The function of the barriers should be kept oil contained. Therefore, you have the fuel oil system for the prevention of ignition, the barrier here is to isolate hot surfaces or isolate electrical ignition sources. The consequences are escalation to other areas. You can prevent it by cooling, for example. Loss of power, loss of main ship functions, removing O2, isolating and cooling again. You have to put all things together and then you have your bow tie ready. For one function, you may have several barriers, which help to prevent to have these barriers function in place.
Barrier analysis applying Bowtie
This is one example of what we have carried out, introducing our methods onboard vessel. Enormous survey Bow tie and fire hazards. We have also several signs, which help us to prevent the fire. We have several barriers for fire detection, fire containment, fire extinguishing and escape. Therefore, we can go through the vessel and check the state of the barriers at the beginning of the inspection and at the end of the inspection. And then you can come up with the color code. The green code is ok. By following the proper methods of maintenance, the yellow area turns into green again. If you find something, which could be considered to be a threat, then you must immediately change it, because this is a barrier, which might fail.
Example: Fire in Machinery Space
(click on image for a larger view)
In conclusion, the barrier management is nothing new, but it is a better visualization and a continuous process. In order to use it, you have to develop a strategy and perform a risk assessment of all types. This is a major act, because for every hazard that may occur, you have to perform analysis, risk analysis by identifying the hazards and when you define the hazards, then you also define the barriers functions elements. This is a typical risk assessment work. Also, you can specify the verification activities and so on. And then you implement your system and answer the question. I think that always provides you with extra risk picture, because the color code indicates to you where action is needed. The document compliance in place is a part of maintenance, because we know where to look at important things, identify and focus on the critical elements. |
Above article is an edited version of Mrs Stadie-Frohboes presentation during the 2015 SAFETY4SEA Forum which successfullyconcluded on Wednesday 7thof October 2015in Eugenides Foundation Athens attracting1100 delegates from 30 countries representing a total of 480 organizations.
Click here to view her presentation video