Safety Case Fundamentals

ALARP Process Safety Solutions( APSS), Singapore

E r. P r e m k u m a r

Apr 2020, Rev 1.3

Disclaimer and Notes
• Though every effort has been taken to assure the accuracy and reliability of the
content, no part of the training material shall constitute a standard, or an
endorsement, recommendation or definitive guidance. The training material is
offered as a guide for the knowledge and awareness on the fundamentals and first
principles. Nothing in the training material shall be directly applied without getting
an independent professional advice. Neither the author nor the organization under
which the author is employed takes any responsibility for the errors or omissions (if
any).
• The content was developed and shared to improve public safety and so it doesn’t
have a copyright obligation. The content can be freely used or saved without getting
a request from the author.
• The guidance given in this training material is applicable ONLY to the Major Hazard
Installations (MHIs) in Singapore that fall under the Workplace Safety and Health
(Major Hazard Installations) Regulations 2017.

2
Agenda
• Case for action
• Introduction
• Purpose and Key Concepts
• Facility Description
• Major Accident Prevention Policy (MAPP)
• Safety and Health Management Systems (SHMS)
• Predictive Aspects
• Technical Aspects
• Emergency Response
• ALARP Demonstration
• Summary

3
Predictive Aspects

4
Objective
• The objective of this section is to discuss on the common methodologies that could
be considered for developing the predictive aspects of the Safety Case

5
Scope
• The predictive aspects is one of the most important areas as it sets the stage for
developing a technically sound Safety Case
• The scope of the predictive aspects include
• Identification of all Major Accident Hazards (MAHs)
• Identification of all possible Major Accident Scenarios (MASs) associated with the MAHs
• Selection of representative set of MASs
• Completing risk assessments on the representative MASs
• Selection of a sub-set of the representative MASs for As Low As Reasonably Practicable (ALARP)
demonstration
• The sub-set of the representative MASs requiring the ALARP demonstration is referred as Safety Critical
Events (SCEs)

6
Team Composition
• The requirements for predictive aspects may seem to be like a Process Hazard Analysis (PHA)
• At an overview level, we may view it as the MAHs targeted PHA
• The PHAs typically focus on the P&IDs and it may not always comprehensively identify 3-dimensional
concerns (e.g. plot plan related hazards), non-routine and abnormal activities managed through safe
work practices
• The above needs to be considered while selecting the team composition for the development of
predictive aspects and Safety Case (in general)

• The Singapore Safety Case Technical Guide defines Competent Person (CP) as a person who
has sufficient knowledge, skills and experience, to perform the work required to be carried
out as required by the safety case regime. A CP can be:
• A Professional Engineer (PE), as conferred by the PE Board in Singapore, in the Mechanical, Civil,
Electrical and Chemical disciplines or
• A Chartered Engineer or equivalent, acceptable to the Commissioner for WSH or
• A suitable person, as justified by the MHI, possessing the required knowledge, skills and experience
for the appointed role in the safety case

7
Not a One-time Exercise
• The Safety Case practitioners should understand the limitations of the common
methodologies and select the most appropriate one for their MHI
• Each methodology has its own merits and demerits
• Though there may be similarities, there are also differences in the way Safety Cases
are developed in other jurisdictions (e.g. there is a difference in the major accident
definition between Singapore Regulations and Brunei Regulations)
• In case of adopting a methodology from other jurisdictions, care should be exercised
• The chosen methodology should enable the MHIs to be able to maintain or update
the Safety Case with ease throughout its lifecycle considering the MHIs internal
resources and competency level of the resources
• It is not a one-time exercise or a project work

8
Not a One-time Exercise – cont’d
• The chosen methodology should easily allow the MHIs to review and assess the
future plant changes or risk discoveries to assess whether a new MAH or MAS is
created and/or change the risk level of the existing MASs
• Some of the critical questions those need to be considered are
• How will the chosen methodology allow the plant changes implemented through the
Management of Changes (MOCs) to be reviewed?
• How will the chosen methodology enable the projects (e.g. smaller or minor revamp projects) to
be assessed?
• How will the chosen methodology handle the new risk discoveries coming out of other existing
work processes (e.g. recommendations from the asset integrity management program)?

9
MAHs and MASs Identification
• One of the three methodologies is typically adopted to identify the MAHs and MASs
• Quantitative Risk Assessment (QRA) Approach
• Isolatable Inventory Approach
• Hazard Identification (HAZID) Approach

10
QRA Approach – Overview
• In this approach, the QRA study results are used as a starting point to identify the
worst case and worst credible consequences or scenarios in reference to the QRA
criteria
• The above scenarios may be treated as the representative set of MASs
• A brainstorming workshop is performed by a multidisciplinary team on the
representative set of MASs and their causes (i.e. initiating events) and existing
control measures are identified
• A qualitative or semi-quantitative or quantitative risk assessment is performed on
the representative MASs and the SCEs are selected for the ALARP demonstration

11
QRA Approach – Merits
• The time and effort required to develop the Safety Case is typically ‘low’ when
compared to the other two methodologies since the focus area is typically limited to
the worst case and worst credible consequences or scenarios

12
QRA Approach – Demerits
• The approved QRA study results must be available for adopting this approach
• It may be possible to miss some of the MAHs or MASs since the starting point is the
worst case and worst credible consequences or scenarios
• Post Safety Case development, the level of engineering analysis required to review
and assess the future plant changes or risk discoveries (e.g. MOCs, projects) could be
on the ‘high’ side
• Since the QRA results are used as a starting point, the plant personnel may need to perform
some form of engineering analysis (e.g. consequence analysis or QRA) to determine whether the
proposed changes or risk discoveries have the potential to change or impact the approved Safety
Case

13
QRA Approach – Limitations
• The QRA study results are based on the releases through standard hole sizes (e.g.
50mm hole) from the isolatable sections and they do not provide the specific causes
(i.e. initiating events) for a loss of containment
• It may be seen that the failure rates used in the QRA takes into consideration of the historical
equipment or operating failures but the QRA results do not provide the granularity required to
identify the causes (i.e. initiating events)
• Since the brainstorming workshop is focused on a shortlisted scenarios, there is a
potential to miss
• Human failure MASs that do not fall under the QRA scenario selection category
• Loss of containment scenarios due to inadvertent chemical reactions or run-away reactions
• Events which in themselves might be low severity to begin with but has the potential to escalate
• Hence, the QRA approach may need to leverage on the results of other process
safety studies such as PHAs, fire safety studies to supplement the potential gaps and
to have a comprehensive analyses
14
QRA Approach – Pitfalls
• The QRA study results are primarily used for the land use planning purpose
• Pulling out the frequency of the representative MASs from the QRA report and
reproducing it as the frequency of the MAS in the predictive aspects may not add
value and may not meet the intent of the Safety Case
• It may be a different way of presenting the same QRA results
• The primary intent of the predictive aspects is to identify the MAHs, MASs and their
causes (i.e. initiating events) to ensure adequate control measures are in place

15
Isolatable Inventory Approach – Overview
• In this approach, the MHI facilities are divided into isolatable sections and the
dangerous substance inventory within the isolatable sections are estimated
• A criteria based on the inventory is set and the MAHs and MASs are identified for
every isolatable section
• A brainstorming workshop is performed by a multidisciplinary team and the
representative set of MASs and their causes (i.e. initiating events) and existing
control measures are identified
• A qualitative or semi-quantitative or quantitative risk assessment is performed on
the representative MASs and the SCEs are selected for the ALARP demonstration

Note: This approach may have its origin based on the requirements from the
Malaysian Occupational Safety and Health (Control of Industrial Major Accident
Hazards) Regulations 1996

16
Isolatable Inventory Approach – Merits
• Though having an approved QRA study results may help, it is not necessary to have
an approved QRA for adopting this approach
• The approach is systematic, and the results are reproducible if the inventory criteria
is well defined and consistently applied
• The time and effort required to develop the Safety Case may be designated as a
‘Medium’ level when compared to the other two methodologies
• Engineering resources may be required to define the isolatable sections and estimate the
inventory

17
Isolatable Inventory Approach – Demerits
• It may be possible to miss some of the MAHs or MASs since the starting point is the
isolatable inventory
• Events which in themselves might be low severity or risk, but which could escalate to give a more
serious event could be potentially missed out
• Post Safety Case development, the level of engineering analyses required to review
and assess the future plant changes or risk discoveries (e.g. MOCs, projects) could be
‘Medium’
• Since the isolatable sections are used as the starting point, the plant personnel may need to
perform some form of engineering analysis (e.g. inventory calculation) to determine whether the
proposed plant changes or risk discoveries have the potential to change or impact the approved
Safety Case

18
Isolatable Inventory Approach – Limitations
• Some of the existing facilities may not have all the required drawings and
information (e.g. piping isometrics) for performing the inventory calculations
• Engineering judgment may need to be applied in some cases
• There is a potential to miss MAHs or MASs that could possibly occur due to
• Process upsets
• Inadvertent chemical reactions or run-away reactions
• Loss of containment from the process streams containing toxic material in a smaller quantities
• Human failure MASs that do not fall under the selection category

19
Isolatable Inventory Approach – Pitfalls
• It is critical to establish a clear basis for defining the isolatable sections
• There is a potential to underestimate or overestimate the inventory if due considerations are not
given to the interconnected equipment or piping circuits (e.g. vapor systems interconnected
through a check valve)
• There is a potential to underestimate or overestimate the inventory if the basis for the inventory
boundary is not adequately defined (e.g. remote operated valves Vs manual isolation valves)
• If a clear ruleset is not defined for the representative MASs selection, there is a
potential to miss worst case and worst credible consequences or scenarios

20
HAZID Approach – Overview
• In this approach, the MHI facilities are divided into manageable nodes (sections) by
using Process Flow Diagrams (PFDs) and Plot Plans
• A HAZID workshop is performed by a multidisciplinary team and the MAHs, MASs
and the representative set of MASs and their causes (i.e. initiating events) and
existing control measures are identified node by node
• A qualitative or semi-quantitative risk assessment is performed on the
representative MASs and the SCEs are selected

21
HAZID Approach – Merits
• Though having an approved QRA study results may help, it is not necessary to have
an approved QRA for adopting this approach
• This approach can identify all the MAHs and MASs in a systematic manner provided
personnel with appropriate knowledge, skills and experience are involved
• Post Safety Case development, the level of engineering analyses required to review
and assess the future plant changes or risk discoveries (e.g. MOCs, projects) could be
‘Low’
• Since nodes are used as the starting point, the plant personnel would be able to perform the
assessments with minimal engineering analyses and evaluate whether the proposed plant
changes or risk discoveries have the potential to change or impact the approved Safety Case

22
HAZID Approach – Demerits
• The time and effort required to develop the Safety Case is ‘High’ when compared to
the other two methodologies
• Node-by-node analyses requires significant amount of offline work and workshop duration when
compared to the other two methodologies
• Like PHAs, the quality of the output highly depends on the knowledge, skills and
experience of the team members

23
HAZID Approach – Limitations
• There is a potential to miss MAHs or MASs that could possibly occur due to
• Events which in themselves might be low severity or risk, but which could escalate to give a more
serious event

24
HAZID Approach – Pitfalls
• If a clear rule-set is not defined for the representative MASs selection, there is a
potential to miss worst case and worst credible consequences or scenarios

25
Relative Comparison Summary
Description QRA Isolatable HAZID
Approach Inventory Approach
Approach
Time and effort required to develop the initial Safety Case Low to Medium High
Medium to High

Level of engineering analyses required to update or maintain the Safety High Medium Low to
Case during its lifecycle to High Medium

Chances of Identifying all MAHs and MASs Medium Medium Medium to

High
Chances of Identifying all human failure scenarios Medium Medium Medium to
High
Does the methodology require an approved QRA study results? Must Good to Good to
have have
How critical it is to have the involvement of right team members? High High Very High

26
Q&A

27