HSSE Risk Management Implementing the Hazards and Effects Management Process (HEMP)

Downstream Leadership Engagement GM/GM-1 Pack (SOPAF)

Copyright: SIPC 08/26/11 File Title

Safety Stuff First Safety / Emergency Map

E
Kandinsky 4 zaal 3

E
Restaurant Kandinsky Sea side

E
Adama Zijlstra 1 2

th Jacob Maris 1 wi ith e w Eace Serre ac Jan Toorop pl eepl chh Jacob :R a c Maris 2 r : R eea on r ti n e dderp foor caatio f in m inmaapp looc l Reem l l mhoop aa s Spiegelzaal R c looc rkksh Kurzaal l or o w w

Jacob Pronkfoyer

E
Jacob Pronk Lou Bandy

Foyer Noord

Cor Ruys

E
Begane grond (niveau Kurzaal)

Kurhaus caf

Kurhaus caf

Goldbeck 1 2 3

Koos Speenhoff 1 2

EE

Kurhaus bar

E=(Emergency) Exit AP=Assembly Point / Verzamelpunt

AP
2

After this session you as a leader will:

Understand the Case for Change (Journey from A to B) Understand your role and responsibility in the HEMP process Have clear understanding of how Hazards and Effects Management (HEMP) fits into the Shell HSSE Control Framework Understand the 7 Practical Steps for completing a HEMP review Understand the need for Leaders to be mindful of Business Risks including HSSE, as outlined in the new Shell HSSE Control Framework Manual Management and Leadership Have enough knowledge to discuss HEMP and ask the right questions

08/26/11 File Title

Copyright: SIPC

From Point A to B

Understanding the Case for Change (Journey from A to B)

Major incidents continue to happen and not only on manufacturing sites

Retail BP Texas City Buncefield

Commercial Distribution Bitumen Depot OklahomaTank Fire Fuels Explosion Marine Train Derailment Sp Terminal

Point A: The case for change

5

Point A: The case for change

1. 2. HEMP concepts not understood Implementation of HEMP inconsistent or inadequate
Inadequate management of barriers (either not identified or inadequate critical activities and business processes to manage) Insufficient demonstration that all risks have been identified and managed to ALARP Hazard & Effects Register either incomplete or out of date

60 50 40 30 20 10 0
DS Independent MS Audits 2007 - High Findings By Element 6

1. 2. 3.

No formal HEMP training Focus on the process (check box) Lack of consistency and alignment in auditing

Point B DS HEMP and Process

Clear requirements that are understood Common and consistent approach across the businesses Network of experts with agreed competency in all businesses Risk identified and appropriately managed to control risks Common Tolerability and ALARP Process (ALARP = As Low As
Reasonably Practicable)

Point B and beyond (from 2009)

What Will It Look Like after BTP 1.1? Improved HSSE Performance Improved HSSE audit results and findings with true continuous improvement in HSSE Risk Management Improved DS Process Safety Performance Recognized step-change improvement

HEMP is a tool to help leaders and managers comply with Group expectations
Group Policy and the Risk Control Framework requires managers to have risk controls in place and employees to apply the controls. This applies to financial risks, legal risks, business risks and HSSE risks. HEMP is the umbrella process, for managing H, S,S,E and PS risks in our business
FRED QRA GAME PSA HazOp

HEMP
HIA

RHA

Process Safety ERP

Personal JHA Safety & HRA Bowtie Health Analysis Fitness to work Security STA EIA

Hazid

Environment

HEMP is an Integral Part of Shells Risk Control Framework

The HEMP is at at the heart of our HSSE Management Systems. Its where the planning turns into action. HSSE Risk Management relies primarily on HEMP and its associated tools. The specific requirements for application of the HEMP process in Shell are covered in the Shell HSSE Control Framework Manual, Managing Risk.
2 - Policy and Strategic
Objectives

Shells Risk Control Framework

1- Leadership and Commitment

PLAN 3 - Organisation,
Responsibilities Resources and Standards

HEMP

4 - Risk Management (Hazards & Effects Mgt)

DO 5 - Planning &
Procedures 6 Implementation, Monitoring

FEEDBACK

6 - Corrective Action

CHECK

7 - Audit

Corrective Action

8 - Management Review

Corrective Action

10

Downstream HEMP 7 Step Procedure

1 - Identification of Hazards 2 - Identification of Threats and Top Event 3 - Identification of Consequences (Effects) Handshake 1 and Assessment of Risks 4 - Identification of Red and Yellow Risks 5 Hazard Analysis -Identification of Handshake 2 Barriers (Control and Recovery Measures) Maintaining the Integrity of Barriers (Controls & Recovery Measures) 7 -Determination and Documentation of ALARP
Handshake 3

Output Documents
Hazard and Effects Register

Bowtie or Hazard Control Sheet Lists of Critical Equipment, Critical Activities, and Critical Processes Business or Site Remedial Action Plan with actions and resources to fix missing or broken barriers 11

Step1 Hazard Identification

HAZARD - An agent that has the potential to cause harm to People, damage to Assets, business loss and Impact on the Environment or Reputation (PAER) Hazards are systematically identified using a standard hazard checklist

Flammable Hydrocarbons

Moving Vehicles

Rotating Machinery

Moving Heavy Equipment

Raised Objects Chemicals

Working at Height

12

Step 2 Identification Of Threats & Top Event

THREAT - the occurrence which releases a hazard to cause an effect, e.g. corrosion, operator error, etc. TOP EVENT - First event to release the hazard, e.g., loss of containment, loss of control, exposure to health hazard, etc.

Corrosion Loss of Containment

Slippery Road Loss of Control

Moving machinery Loss of Control

Poor Visibility Loss of Control

Failure of Crane Loss of Control

Chemical Release Exposure to Health Hazard

Failure of Cable Loss of Control

13

Step 3 Identification Of Consequences And Assessment Of Risks

CONSEQUENCES (Effects) - the impacts on People, Assets, Environment and Reputation if a Hazard is Released

Fire

Toxic Gas CloudLost Time

Injury

Legal Action

Death

Discharges and Emissions

Explosion

Complaints

Fall in Share Price

14

Step 3 Identification Of Consequences And Assessment Of Risks

RISK = Consequences X Likelihood Risk is the likelihood that a specific consequence will occur within a specified period
Risk is therefore a function of the severity of a consequence and the likelihood of the consequence

Increasing Likelihood of Top Event

Increasing In using the Shell RAM, we consider the worst credible consequence to People, Consequence Assets, Environment and Reputation Severity (PAER) separately
Likelihood is HISTORICAL (has it happened before in The location? The organisation? The industry?)

Increasing Risk

Risk rating (ranking) is the resulting position on the RAM

15

Steps 1 through 4 Identification Of Hazards, Threats, Top Event, Consequences And Assessment Of Risks to Determine Red and Yellow Risks

16

Steps 1 through 4 Identification Of Hazards, Threats, Top Event, Consequences And Assessment Of Risks to Determine Red and Yellow Risks
BLUE AREAS of the RAM
- Risks are assumed to be at ALARP, if the facility or business has a properly functioning HSSE MS Site discretion allowing for more qualitative analysis.
Shell Engineering Standards or Practice, Industry or Government successful Practices (covering Threats to Consequence controls); Hazard Control Sheets, Model Bowties etc.

YELLOW AREA of the RAM Increasing Risk

RED AREA of the RAM

red risks must be analyzed by Bowtie analysis or equivalent (i.e. QRA)

See DS HSSE HEMP Application Procedure

17

Step 4 Documentation of Hazards and Risks Output document: Hazard and Effects Register
1
Hazard Hazard Location No 1 Ethylene OTU 4 OL6

2
Threats

2
Gas cloud Fire

3
3B 4B 3B

3
3B HSSE -MS ER Include Procedure information on , see Bowtie Below past incidents in 3B Bow Tie this column that support risk 3B Bow Tie assessment. ; ALARP

Top Event Consequences RISK POTENTIAL Control Reference Comments P A E R ALARP Doc.

Loss of External Corrosion containment Internal Corrosion Impact by traffic Failure of flanged connections Failure of seals

4B

5B 5B

3B 3B

Vapour Cloud 4B Explosion

4
4D 1C 2C Bow Tie Standard ALARP 2C Health Risk Assessment and

Personnel Site wide Not following Loss of Control Fatality (fall) at Work Heights Procedures Material notOverexposure Illness lung Asbestos Adm. identified cancer Buildi ng PU3 Unit Lack of Work Procedures

4C

A Responsible Manager is assigned for each of the Red or Yellow Hazards in the Hazard

18

Step 5 Identification of Barriers Examples of Controls, Recovery Measures

CONTROLS prevent the threat from releasing the hazard to cause the Top Event. RECOVERY MEASURES mitigate the Top Event or the worst credible consequences.

Design Standards

Load Plan

Emergency Response Plans

Access Control

Antilock Braking System Community Relations Planning

Blast Resistant Modules

19

Step 5 Identification of Barriers (the Control and Recovery Measures)

CONTROLS prevent the threat from releasing the hazard to cause the Top Event. RECOVERY MEASURES mitigate the Top Event or the worst credible consequences.

H A Z A R D

T H R E A T

C O N T R O L S

TOP EVENT

R E C O V E R Y

C O N S E Q U E N C E

20

Exercise
1. Imagine you are the owner of the Nairobi Zoo, and you have the opportunity to acquire a lion for your zoo. 2. Up until now you have only had sheep and rabbits in your zoo. 3. Identify the Hazard, Top event and Consequence, RAM your Consequence 4. What can go wrong and how can you prevent this from happening? 5. What happens if the Lion Gets out? What do you do?

21

Lion at the Zoo

Hazard Threat Barriers Top Event Recovery Measures Consequences

Lion

Human Error; Improper design etc.

Materials of Const.; Zoo Keeper Rounds etc.

Loss of Control; Lion Gets out

Zoo Emergency Response Plan

Accident, Injuries, Fatalities

22

Step 5 Identification of Barriers (the Control and Recovery Measures)

Documentation of Red Risks in a BOWTIE
Recovery Measures Consequence 1 Top Event Consequence 2 Consequence 3

Controls H A Z A R D Threat 1 Threat 2 Threat 3

23

Documentation of Yellow Risks in a Hazard Control Sheet

Hazard Sheet No. 4 Working at Height
HAZARD SHEET No : 4 Hazard Group: Fall fro m height

Step 5 Identification of Barriers (the Control and Recovery Measures)

ADDITIONAL RISK REDUCTION MEASURE FOR CONSIDERATION IS THE MEASURE CREDIBLE / PRACTICABLE? (Yes / No) Yes Yes Yes Yes No ARE DISPROPORTIONATE RESOURCES REQUIRED TO IMPLEMENT? (Yes / No) No No No No Yes

Hazard Description : Personal injury as a consequence of a fall from height Location : During work by staff or contractor or at customer location

Assessment of hazard : Fall from height while working on asset or fall from height while delivering t o customer tank Threats:

Working on height for cleaning, painting or maintenance and delivery to customer tanks Unsecured ladder Safety HSE Critical Activity/ Responsible Position

1. All working at heights > 1.5 metres scaffolds or platforms to be used 2. Review of contracts for HSSE content 3. Introduce Ladder checks 4. Proactively encourage customers to provide safe access to storage tanks 5. Ban the use of portable ladders in the organisation Is the Risk ALARP? Y/N No

Control: 1.1 Control in design Not to use ladders for work at height > 1.5 metres Use of approv ed ladders Vehicles fitted with suitable ladders for delivery needs Bottom loading at depots 1.2

Reseller manager and Contracts management Resellers Resellers Distribution Engineering

Comments: Based on the examples of addition control measures above items 1 -4 are achievable and would represent ALARP once implemented. Item 5 is currently not practicable due to the widespread use of portable ladders during maintenance / delivery. TEAM MEMBERS Name

Control in operation Signs to be placed during work at height with scaffolding Driver training Loading / delivery procedures Drivers instructed in safe use of ladders Control in Maintenance Use of approved contractors Use of inspected ladders Vehicle planned maintanance programme

METHOD USED
Contracts Management Resellers Resellers Resellers

x Experience/Judgment Cost-Benefit Quant. Assessment Other

Expertise HSE: Engineering: Operations: Other:

1.3

Contracts Management Resellers Resellers

Recovery: Emergency response plans and training Staff and contractor to use incident case management Vehicles fitted with first aid kits

Bulk Fuels manager/CRT STL/Resellers Resellers Resellers

Similar elements as documented in the bowtie a paper bowtie!!

24

EXAMPLE: Follow the step by step approach of BowTie Analysis for Falling From Height
Output document: Bowtie or Hazard Control Sheet

25

BowTie Analysis for Falling From Height

The Hazard Release Scenario
Maintenance and repair of instrumentation of an above ground vessel in a process area from a scaffold. While carrying out a similar activity last year, another company location experienced an incident where a scaffold partially collapsed causing the contractor to fall resulting in fatal injuries.

BowTie DEVELOPMENT STEP BY STEP

Identify
Hazards Top Events Consequences Threats Controls Recovery Measures HSE Critical Activities

Identify Hazards Personnel at height Identify Top Event Loss of Control (Fall) Identify Consequences Fatality RAM: P4C Identify Threats Human error Wind Obstacles Slippery surfaces Poor job design Etc.

Evaluate and document

The Validity and effectiveness of the Barriers for each threat and consequence (ALARP). List all actions in a Remedial Action Plan that are required to achieve ALARP.

27

BowTie DEVELOPMENT STEP BY STEP

Identify
Hazards Top Events Consequences Threats Controls Recovery Measures HSE Critical Activities
Identify Controls in place Design of Non-slip surfaces, railings and guards Operation: Follow procedures for working at heights (e.g. non-slip boots, wearing fall protection, etc.)

Evaluate and document

The Validity and effectiveness of the Barriers for each threat and consequence (ALARP).

Identify Recovery Measures in place Design: Platforms at approved intervals and/or fall arrest Operation: First Aid System: Implement Emergency Response

List all actions in a Remedial Action Plan that are required to achieve ALARP.

28

BowTie DEVELOPMENT STEP BY STEP

Identify
Hazards Top Events Consequences Threats Controls Recovery Measures HSE Critical Activities
Evaluate and document Assess quality of controls and recovery measures Assess overall level of Barriers #, type, quality, confidence Identify shortfalls of Barriers, assign teams to develop more barriers Document and integrate Barriers and HSE Critical Activities to HSE mgmt system and business processes (I.e. MOC, Integrity management, HTA etc.)

Evaluate and document

The Validity and effectiveness of the Barriers for each threat and consequence (ALARP). List all actions in a Remedial Action Plan that are required to achieve ALARP.

29

Example Falling From Height

Bad Weather Wind
Proper work Surfaces Follow Permit requirements (tie -off, stop work in bad weather) Work Planning process Inspection

Personnel at Height

Slippery Work Surfaces

Warning signs Non -Slip Surfaces

Non -Slip Boots

Loss of Control (Fall)

Design Platforms;

Fall Arrest equip

First aid; ERP

Personnel Injury Fatality P4D

Work Planning process

Poor Work Platform

Design; Scaffolds

Follow Permit requirements (tie -off, stop work in bad weather)

30

Step 6 Maintaining The Integrity Of Controls And Recovery Measures

Output document: Lists of HSSE Critical Equipment, Critical Activities, and Critical Processes in the BowTie
Controls H A Z A R D Threat 1 Threat 2 Threat 3
HSSE Critical Activities HSSE Critical Equipment HSSE Critical Processes

Recovery Measures Consequence 1 Top Event Consequence 2 Consequence 3

Each Barrier (i.e. Control or Recovery Measure) must have at least one HSSE

31

Step 6 Maintaining The Integrity Of Controls And Recovery Measures Output document: Lists of Critical Equipment, Critical Activities, and Critical Processes

HSSE Critical Activities ensure that Controls and Recovery Measures function properly to prevent the Top Event and the Consequences. HSSE Critical Equipment must be maintained to ensure proper function.
HSSE Critical Activities are assigned to a responsible position!

32

Step 6 Maintaining The Integrity Of Controls And Recovery Measures

HSSE CRITICAL PROCESSES Contain Critical Activities or Maintain Critical Equipment that are frequently identified during the Hazards Analysis process

HSSE Compliance Management GAME (EI, ME, ESP), DGAME, LGAME Management of Change (MOC) Permit to Work Emergency Management System

PPE Management Contractor HSSE Management Security Management Document Management Competency Management

A small number of HSSE Critical Processes effectively maintain a large number of HSSE Critical Activities and HSSE Critical Equipment
33

Step 7 Determination of ALARP Testing tolerability

Step 1 to 6 of the process are completed i.e barriers must be identified and assessed, with actions to address failed or missing barriers Meeting laws and regulations, company standards, and the HSE premises for new projects or modifications.

Reducing risks to ALARP

Reducing risks to a level at which the cost and effort (time and trouble) of further risk reduction are grossly disproportionate to the risk reduction achieved.

Risk Tolerability Criterion

Risk
Not tolerable

ALARP?

Cost

ALARP

Disproportionate

34

Step 7 Demonstrating ALARP involves answering the following questions

1. Is there more that can be done to further reduce the risk? 2. Is what can be done to further reduce the risk, reasonably practical?
Risk

Risk Tolerability Criterion

Not tolerable

ALARP?

Cost

ALARP

Disproportionate

35

Step 7 Demonstrating ALARP for DS Decision Flow

Can the Hazard be eliminated or reduced? NO

YES

Is there an acceptable Standard?

NO

1) Eliminate or reduce the Hazard 2) Apply current Shell Engineering YES (e.g. DEP, EGGS), Industry Standards and Regulatory 3) Codes RiskApply Based Approach a) Hazard Control Sheets b) Hazard Bowties (model or specific) c) Residual Risk
(LOPA or QRA)

ALARP Determination And Documentation

36

Step 7 Achieving ALARP: When is enough, enough? Eliminate or reduce the hazard Apply an existing standard or an industry work practice Risk based approach using an existing Model Bow Tie or Hazard Control Sheet Risk based approach creating a new Bow Tie Risk based approach creating a new Bow Tie with layers of Protection Analysis (LOPA) or an other analysis tool Document the ALARP determination
37

Step 7 Achieving ALARP for Downstream

RAM Ranking Type of Assessment Assessment Options ALARP Demonstration

Blues

Qualitative

Hierarchy of control

HSSE MS

Yellow

Qualitative

Ind Shell, Gov and . Stds Hierarchy of control with Hazard Control Sheets with Mini BowTies if required

Apply Recognized Practice + Consider further risk reduction measures Document ALARP

Red

Qualitative / Quantitative

Apply Recognized Practice Hierarchy of control with + Model Bow Ties or Consider further risk Process/activity specific reduction measures Bowties Document ALARP with LOPA/QRA with Cost Benefit Analysis if required

38

 HEMP Updates Initial study (creation) New Hazard 5 year review

Downstream HEMP Procedure Management Handshakes

Output Documents
Hazard and Effects Register

Step 1 to 4 Hazard identification & risk assessment

Handshake 1 Approve & Accept Hazards & Risk Rank

Step 5 Hazard Analysis

Handshake 2 Approve & Accept Barriers to Manage Risk to ALARP Handshake 3 Approve & Accept Responsibility for Installing Missing or Failed Barriers

Bowtie or Hazard Control Sheetof Critical Lists Equipment, Critical Activities, and Critical Processes Business or Site Remedial Action Plan with actions and resources to fix missing or broken
39

Step 6 & 7 Critical Activities, ALARP and Remedial Actions

 Engage and Train CoB leaders and Staff Assess and close gaps to New DS HEMP procedure and Guidance Engage and work with DS HEMP Expertise Center (HEC) to develop tools and solutions to close CoB specific HEMP gaps Support HEMP Practitioners Support other BTP 1.1 project initiatives, e.g. model bow tie, common hazard list Complete 2008-09 Milestones for BTP 1.1

40

HS EM an ag Co er B HE MP Co Fo B ca HE lP MP oin t pr ac tit ion er s

BTP 1.1 Implementation Expectations for Your CoB HSSE Staff

BTP 1.1 Implementation Milestones and Timetable

CoB Leaders Engagement Training
Q3 2008 to Q1 2009 Q2 2008 to Q2 2009 Q4 2008

HEMP Skills Training for key CoB HSSE Staff CoB Specific Implementation Plan Developed CoB Specific Gap Assessment to DS HEMP Procedure and HSE Control Framework Risk Documents
Q1 2009 to Q2 2009

Closing the Gaps to the HSSE Control Framework Managing Risk manual and the DS HEMP Procedure
Q2 2009 to Q4 2012

41

Next Steps Implementation!! West Africa Implementation

HEMP Practitioners accredited for each OU (Training completed early August) Appoint Focal-Point per Region (Moustapha Seye for West Africa) Run training workshops for HEMP Team. Timing: Sept/Oct. In liaison with Team, revise and update OU Hazard Register (and obtain S&O Mgr approval): Handshake #1. Timing: Oct/Nov. Identify Yellow/Red Hazards and allocate to specific Mgrs. Timing:Oct/Nov. In conjunction with Team above, carry out further analysis of Yellow/Red Hazards and demonstrate ALARP: Handshake #2 for CoBs Timing: Dec Feb09 Using same Team, identify CEB, CHB, Critical Activities, link to competency, develop RAP and obtain approval of responsible line mgr: Handshake #3 Timing:Jan - Apr As part of above, implement Depot HSE Case. Timing: Oct08 Jun09. Roll-out Depot HSE Case and its demonstration. Timing:Mar Aug 2009.

42

Ending this session you as a leader should:

Understand the Case for Change (Journey from A to B) Understand your role and responsibility in the HSSE Risk Management process Have clear understanding of how Hazards and Effects Management (HEMP) fits into the Shell HSSE Control Framework Understand the 7 Practical Steps for completing a HEMP review Understand the need for Leaders to be mindful of Business Risks including HSSE, as outlined in the new Shell HSSE Control Framework Manual Management and Leadership Have enough knowledge to discuss HEMP and ask the right questions

43

A final question
What will be your first practical step in the journey from A to B?

44

The End

45

Additional Background Information for use as required

46

Exercise : The Angry Bull

47

Exercise : The Angry Bull

x x x x x

x x x

x x

x x x x x

Glossary of HEMP Terms

Hazard Threat Top Event Consequence Likelihood Risk Tolerable ALARP

Barrier Control Recovery Measure Escalation Factor Escalation Factor Control HSSE Critical Equipment HSSE Critical Activity

Hazard and Effects Register Bowtie Hazard or Activity Control Sheet Business or Site Remedial Action Plan

Know the termsHSSE Critical Process questions! to ask the right

49

Glossary of HEMP Terms (1)

Hazard - The potential to cause harm, including ill health and injury, damage to property, products, production losses or increased liabilities, the environment or reputation. Threat - Threats are the ways in which a hazard can be released to cause an incident, e.g. corrosion, operator error, exposure to health hazards, etc. Top Event The way in which a hazard can be released to do harm is via a top event. Consequence Consequences are the final results of hazards being released, but not being controlled. Likelihood - Estimated on the basis of experience and or evidence that a certain outcome has previously occurred Risk - A term, which combines the chance that a specified undesired event will occur and the severity of the consequences of the event
50

Glossary of HEMP Terms (2)

Tolerable - Expresses the level of risk deemed tolerable for a given period or phase of activities. May be expressed qualitatively or represented quantitatively.. ALARP - Once tolerability criteria is met, to reduce a risk to a level that is as low as reasonably practicable involves balancing reduction in risk against the time, trouble, difficulty and cost of achieving it. Reducing Risks to ALARP means reducing them to a level at which the cost and effort (time and trouble) of further risk reduction are grossly disproportionate to the risk reduction achieved. Business or Site Remedial Action Plan Prioritised plan to close the gaps (e.g., missing barriers) to achieve ALARP.

51

Glossary of HEMP Terms (3)

Barrier - Barriers can be either hardware barriers that are implemented via design, or administrative (procedural and/or human system) barriers that are part of the HSSEMS of the unit or the site. All barriers have the role of risk reduction. The name barrier is used as a common name for control and/or recovery measure and/or escalation factor control. Control All barriers in the main line of the bowtie on the left hand side, i.e. from the Threats to the Top Event, to reduce the risk that the threat will release the hazard. Recovery Measures - All barriers in the main line of the bowtie on the right hand side, i.e. from the Top Event to the Consequences, to reduce the risk that the release leads to the consequences, or in other words to mitigate the consequences.
52

Glossary of HEMP Terms (4)

Escalation Factors - Escalation Factors may render a Control or Recovery Measure useless Escalation Factor Controls - Escalation Factor Controls reduce the risk that the escalation factors affect the effectiveness of the Controls or Recovery Measures. Critical Equipment is equipment that is necessary for the effectiveness of a barrier (i.e. trip systems, relief valves etc.) Critical Activities - Critical Activities maintain the validity of a Barrier (sometimes referred to as HSSE Critical Activities or Tasks). It is important that the activities be documented at a level where accountability for the activity can be realistically placed with a single individual. Critical Activities may belongs to one of the HSSE Critical Processes. (e.g. MOC, Competency, ERP,

53

Glossary of HEMP Terms (5)

Hazard and Effects Register - A Hazard management communication document that demonstrates that Hazards have been identified, risks assessed, are being properly controlled and that recovery measures are in place in the event control is ever lost. Bowtie Pictorial representation of how a Hazard can be hypothetically released and further developed into a number of consequences. The left hand side of the diagram is constructed from the threats associated with the Hazard, the controls associated with each threat and any factors that escalate likelihood. The right hand side of the diagram is constructed from the consequence analysis and involves escalation factors and recovery measures. Hazard Control Sheet - A sheet used to document the outputs of a specific hazard controls and recovery analysis resulting in the detailed list of control and recovery barriers that need to be in place to manage the risk of release of the hazard to ALARP.
54

Process Safety and HEM P: Indicators

Recom ended Business or Site Specific Dashboard Item m s

F romL agging t L o eading indicat ors

All T hreat and consequence barriers failed:
R AM3/ 4+( and spills, non com pliances/ com plaint et s c.) AP I

RAM 5 RAM 3/ 4 API LOPC Failed barriers Compliance w ith HSE Critical Processes Chronic unease Maintain barriers Sm all Devia tions Missing barriers

All t hreat barriers failed

L C ( oss of P ary Cont OP L rim ainm ) ent

Not all t hreat barriers failed

F ailed B arriers

T int he egrit of cert barriers is reduced y ain

Overdues and non com pliances wit crit h ical processes Near Miss report / S y observat ing afet ions in t field he

55

HEM P : HSSE Critical Business Processes

Keep it in the Pipes Our AI/ PS Focus : MOC* Linkage to GAME-EI, RCM, IPF, ME*, DGAME, LGAME etc. (Mechanical integrity) Linkage to GAME-ESP* Com petency Mgt (HSSE Level 1) Perm to work PTW (Process it Isolation) Rem aining Critical Processes: Docum Mgt (Incl Procedures) ent Em ergency Mgt HSSE Com pliance Mgt Contractor HSE Mgt PPE Mgt Security Mgt Competency Mgt (HSSE Level 2)

HSSE Critical process are those processes that contain critical activities that are frequently identified during the Hazards Analysis process. Key Attributes: Have a Site Process Owner (* SPO for MOC and GAME m odules - a m ber of the site leadership em team Have focused audits/ reviews of one or m (existing) KPIs of the process - these are leading ore indicators for process safety Is described as a work process - norm ally a collection of procedures, work plans, data collection, tools, etc. 56

Activity 1a
Understanding the Case for Change (slide 4)
Answer this question: Why do major incidents continue to happen? Discuss in pairs. Write down each reason (max 4) on a post-it . Match with the cases for change below by sticking post-its on a poster with the following points:
1. 2. 3. 4. 5. 6. HEMP not understood HEMP not implemented sufficiently No formal HEMP training Focus on the process (check box) Lack of consistency and alignment in auditing programs Other

The goal of this activity is to enforce the idea that improving implementation of HEMP will make a change. Believing a better system would have made the difference.

57

Activity 1b
Understanding the Case for Change (slide 10)
Continue activity 1: only do this activity if there were post-its in the other category Answer the question: Are there any other reasons which couldnt be placed behind one of the case for change bullets, that can be linked to one of the steps in the HEMP procedure? Was the hazard, threat, top event, consequence, barrier identified? Was the barrier maintained?

The goal of this activity is to connect more of the posted reasons (reasons that participants gave for the disasters) to things that can be identified in HEMP.

58

Activity 2
Blue, yellow and red risks (slide 15)
Answer the question: What would be a blue risk, a yellow risk and a red risk. Each participant thinks of an example individually. The facilitator will asks the group for two or three examples within each color. He will write the examples (in the right cell) on the Risks poster. The facilitator will then discusses the implications (next slide).
The examples on the risk poster are used later when discussion ALARP

The goal of this activity is to link risks with the risks the participants encounter in the workplace.

59

Activity 3
Demonstration ALARP (slide 32)
What risk would not be tolerable? What risk is? Point out in Risk poster (with examples from participants).
The facilitator will pick an example from the poster: what three things can be done to further reduce the risk? Discuss this questions in pairs. The facilitator will ask the group to give an example what would be reasonable and what wont.

60

Activity 4
Discussion (slide 39)
Time for questions and group discussion.

The goal of this activity is discuss or answer questions you or fellow participants have, focusing on the main learning goals of this course.

61

Activity 5
First step from A to B (slide 40)
Answer this question: What will be your first practical step in the journey from A to B? The practical step may be large or small. Think about this a minute. The session will end by letting each participant share their answer. By doing this, you should end the session with a whole list of actions that can be taken to achieve the goal.

The goal of this activity is to link what you have learned with the workplace. Translate what you have learned into something you can do tomorrow.

62

Cases for change poster

1. HEMP not understood 2. HEMP not implemented sufficiently 3. No formal HEMP training 4. Focus on the process (check box) 5. Lack of consistency and alignment in auditing programs 6. Other

63

Risks poster

64