Safety Critical Element Management Manual



Download 494.83 Kb.
View original pdf
Page12/54
Date16.09.2023
Size494.83 Kb.
#62078
1   ...   8   9   10   11   12   13   14   15   ...   54
Shell EP 2009.9009 SCE Management Manual
POSITION PAPER 130[shell verification]
Figure 5: Bow-tie model
Top event
Threat Threat Threat 1
Barrier
Barrier
Escalation factor
Escalation factor control
Escalation factor control
Escalation factor control
Escalation factor control
Escalation factor
HSE critical elements
HSE critical tasks Engineering Maintenance Operation
Hazard
Consequence Consequence Consequence 1


1. Identify SCEs and performance standards
1.2
Identify barriers and SCE groups
This section describes the roles and hierarchy of barriers,
hardware barriers and SCE groups, which start to be used during the early project phases and continue into the Operate phase.
Barriers
The role of a barrier is to prevent or limit the consequences of a major incident. Barriers maybe design features, e.g. separation distances hardware, e.g. pressure relief valve, fire detection system processes, e.g. lockout tag out operational intervention tasks, e.g. plant monitoring/shutdown.
This manual covers only the management of critical hardware barriers, whilst the other barriers are covered in HSE and other management systems.
Hardware barriers
Hardware barriers for Major Hazards are high level groupings of SCEs used for reporting purposes. There are eight hardware barriers as depicted in the Swiss cheese model, shown in
Figure 6, which represent the two sides of the bow ties. Only those barriers identified from the bow-tie model are relevant to an Asset.
The hardware barriers are depicted with a number of small holes that represent a design flaw or some potential degradation of their performance. On their own, these degradations may not be significant but, if the holes line up,
there maybe no effective barriers in place between safe operations and escalating consequences, leading to a major incident.
The illustration is used to show the importance of maintaining and knowing the integrity status of all the hardware barriers, so that what might be considered to be relatively small faults in individual barriers do not combine together in an unforeseen manner that compromises the ability of the barriers to prevent or control a major incident.
SCE groups
Each hardware barrier is subdivided into SCE groups, for reporting and management purposes, although SCE groups are only relevant to an Asset if corresponding HSE critical elements are identified from the bow-tie model. These groups are defined by their function in ensuring the barrier remains in place
(they are not defined by location, equipment type, medium or service, construction type or TA responsibility. The SCE groups are listed against their respective barrier in Figure 6 with more detail about SCE groups and examples of SCEs provided in
Appendix 3. The SCE groups are defined on a Global basis and additions or changes shall be authorised by the owner of this document.
It is not necessary for all eight barriers to fail to lead to a major incident. For example, failure of a single barrier such as structural integrity or process containment may lead directly to a major incident.
EP 2009-9009
Restricted
15



Download 494.83 Kb.

Share with your friends:
1   ...   8   9   10   11   12   13   14   15   ...   54




The database is protected by copyright ©ininet.org 2024
send message

    Main page