Towards Safer Processes

in the Oil, Gas, and

Petrochemical Industries

1
 Contents

2
1. Introduction 5 8. Process Safety Studies in The Oil, Gas 85

1.1. Message by His Excellency Minister of Petroleum 6 and Petrochemical Sector

and Mineral Resources Tarek El Molla 8.1. Hazard Identification (HAZID) Guideline 86

1.2. Message by Mohamed Shindy, Methanex Egypt 8 8.2. Process Safety Studies in The Oil & Gas Major 92

Managing Director Projects

2. The Journey 11 8.3. Inherently Safer Design (ISD) Guidelines 96

3. Process Safety Management’s Leadership 8.4. Layout and Facility Siting Guideline 102
Leap of Faith 20
8.5. Hazard and Operability (HAZOP) Guideline 107

4. About PSM 24 8.6. Quantitative Risk Assessment (QRA) Guideline 116

8.7. Fire and Explosion Risk Assessment (FERA) 126

5. The Egyptian PSM Standards and Guidelines 27
Guideline
5.1. Message by EGPC CEO Consultant for HSE 28
8.8. Hazardous Area Classification (HAC) Guideline 130
5.2. Message by PSM Technical Sub-Committee 29
8.9. Layers of Protection Analysis (LOPA) Guideline 136
Team Leader
8.10. Fire & Gas Mapping Guideline 142
6. Risk Management 30
8.11. Alarm Management Guideline 146
6.1. Risk Management Standard 31
9. Safety Case 151
6.2. Major Accident Hazard Management Guideline 39
9.1. Safety Case Standard 152
6.3. Safety Critical Element Management Guideline 45
9.2. As Low As Reasonably Practicable (ALARP) 164
7. Process Safety Management Program 55
Demonstration Guideline
7.1. Process Safety Management Program Standard 56
9.3. Safety Case Appraisal Guideline 173
7.2. Process Safety Implementation Guidelines 61
10. PSM Definitions and Abbreviations 177
7.3. PSM Competency Management Guideline 64

7.4. Management of Change (MOC) Guideline 69 11. References and Acknowledgments 180
7.5. Process Safety Culture Assessment Guideline 75
11.1. References List 181
7.6. Process Safety (KPIs) Guideline 79
11.2. Egyptian PSM Steering Committee Members 190

11.3. PSM Technical Sub-Committee 190

11.4. External Peer Reviewers 191

3
4
Introduction

5
‫‪His Excellency‬‬

‫‪Tarek‬‬
‫‪El Molla‬‬
‫‪Minister of Petroleum‬‬
‫‪and Mineral Resources‬‬

‫‪It gives me great pleasure to approve today “The Unified Guideline for‬‬ ‫إنـــه لمـــن دواعي ســـروري أن أعتمد اليـــوم "الدليل الموحد للمعايير القياســـية لســـامة‬
‫‪Process Safety and Asset Integrity Standards” to be used across the‬‬ ‫جميعا‬ ‫العمليـــات وتكامـــل الأصـــول" الخـــاص بقطـــاع البتـــرول ذلك القطـــاع الذى نفخـــر‬
‫ً‬
‫‪Petroleum sector to which we are all proud to belong and continuously‬‬
‫بالانتمـــاء إليـــه ونعمل علـــي اســـتمرار دوره الريادي كقاطـــرة للتنمية علـــى أرض مصرنا‬
‫‪work hard to maintain its pioneering role as a development engine for‬‬
‫الحبيبة ولا ســـيما دوره الإســـتراتيجى فـــى تلبية احتياجات المواطنيـــن وقطاعات الدولة‬
‫‪our beloved Egypt. This is in addition to our sector’s strategic role in‬‬
‫المختلفـــة من المنتجـــات البترولية‪.‬‬
‫‪meeting the need for petroleum products by citizens as well as other‬‬
‫‪sectors across the country.‬‬
‫وفـــى هذا الإطـــار فإن تلـــك الطبيعـــة الاســـتراتيجية للعمليـــات الإنتاجية والتشـــغيلية‬

‫‪In this context, the strategic nature of the production and operational‬‬ ‫بالقطـــاع تحتـــم علينـــا ضـــرورة اتباع أحـــدث المعاييـــر القياســـية العالمية فـــى منظومة‬

‫‪processes of the sector necessitates the adoption of the latest‬‬
‫‪international process safety management and asset integrity standards‬‬
‫‪to achieve safe operations and sustainable production processes in all‬‬
‫‪of the sector companies. Hence the issuance of this guideline by the‬‬
‫‪Ministry of Petroleum and Mineral Resources, the first Egyptian set of‬‬
‫‪process safety and asset integrity standards based on certified and‬‬
‫‪reputable international standards in the field.‬‬
‫لـــذا ُأهـــدي إليكم هذا العمل المخلص في ســـبيل تنفيذ منظومة مرجعية لأداء ســـامة‬
‫إدارة ســـامة العمليـــات وتكامـــل الأصول مـــن أجل تحقيق التشـــغيل الآمن واســـتدامة‬
‫العمليـــات الإنتاجيـــة بكافة شـــركات القطاع‪ ،‬مما اســـتلزم قيـــام وزارة البتـــرول والثروة‬
‫المعدنيـــة بإصـــدار هذا الدليـــل الذي يحتـــوي على المعايير القياســـية الخاصة بســـامة‬
‫بناء على المعايير القياســـية العالميـــة المعتمدة والمعتبرة‬
‫العمليـــات وتكامـــل الأصول ً‬
‫في هـــذا المجال‪.‬‬

‫العمليـــات وتكامل الأصول بشـــركات القطـــاع‪ ،‬وفى ذات الوقت ُأعبر عن كامل ســـعادتي‬
‫‪Therefore, I dedicate the outcome of this work to you, reader, to‬‬
‫‪facilitate the implementation of a reference system for process safety‬‬ ‫بهـــذا الانجـــاز لأنه جـــاء تكليال ً لعمل جاد وشـــاق تضافرت من أجلـــه كافة الجهود‬

‫‪performance and asset integrity in the sector companies.‬‬

‫‪6‬‬
At the same time, I express my happiness with this achievement, coming ‫مـــن جانـــب وزارة البترول والثروة المعدنيـــة ممثلة في الهيئة المصريـــة العامة للبترول‬
as the culmination of hard and diligent work that unified all efforts of ‫واللجنة المصرية العليا لســـامة العمليات المشـــكلة من شركة ميثانكس مصر والشركة‬
the Ministry of Petroleum and Mineral Resources represented by the
‫المصريـــة القابضـــة للبتروكيماويـــات والشـــركة المصريـــة القابضـــة للغـــازات الطبيعيـــة‬
Egyptian General Petroleum Corporation, and the Egyptian Process
‫ ممـــا أثمر عـــن خروج هـــذا العمل‬،‫(إيجـــاس) وشـــركة جنـــوب الـــوادي القابضـــة للبترول‬
Safety Management Steering Committee comprised of members
‫فـــي وقـــت قياســـي وبإتقان تـــام والذى اعتمـــد على العديد مـــن المرجعيـــات العالمية‬
representing Methanex Egypt, the Egyptian Petrochemicals Holding
‫القياســـية في هـــذا المجال مثـــل (معايير مركز ســـامة العمليات الكيميائيـــة بالولايات‬
Company (ECHEM), the Egyptian Natural Gas Holding Company
(EGAS), Ganoub El Wadi Petroleum Holding Company (Ganope), which ‫( وقد تم تنفيذه بالكامل بواســـطة اللجنة المصرية الفنية‬CCPS - ‫المتحـــدة الأمريكيـــة‬

resulted in the completion of this work in record time and an impeccable
manner, relying on many international standard references in this field,
such as the Center for Chemical Process Safety CCPS standards.
This work was fully executed and reviewed by the PSM technical sub-
committee, comprised of well selected engineers and chemists who
graduated from the ministry’s capacity building and asset integrity
teams. In addition, it has also been reviewed through the support of
experts from major international companies and consulting firms
specialized in the field of process safety and asset integrity.
‫لســـامة العمليات المشـــكلة من مجموعة منتقاة بعناية من المهندســـين والكيميائيين‬
‫ كما تمت‬،‫مـــن خريجـــي فريق بناء القدرات لســـامة العمليـــات وتكامل الأصول بالـــوزارة‬
‫مراجعته بالاســـتعانة بخبرات كبرى الشـــركات وبيـــوت الخبرة العالمية في مجال ســـامة‬
.‫العمليـــات وتكامل الأصول‬
‫نحـــن جميعـــاً قيـــادات وعاملين بقطـــاع البترول يجـــب أن نفخـــر بأننا نمتلـــك الآن المعايير‬
‫القياســـية لمنظومـــة إدارة ســـامة العمليات وتكامـــل الأصول بشـــركات القطاع والتي‬
‫تضاهـــى بل تفـــوق تلك الخاصة بالشـــركات الكبـــرى العالمية وفى نفـــس الوقت فإني‬
‫هيب بالســـادة رؤســـاء الشـــركات‬
ُ ‫ كما ُأ‬،‫آمل أن يتم تنفيذ هذه المنظومة بشـــكل فعال‬

As leaders and workers in the petroleum sector, we must be proud ‫التابعـــة وجميـــع الإدارات العاملة بكل شـــركة الالتـــزام بضرورة التنفيـــذ الدقيق والفعال‬

of having process safety management and asset integrity standards ‫لجميـــع عناصـــر المعاييـــر القياســـية لســـامة العمليـــات وتكامـــل الأصول الـــواردة بهذا‬
available for sector companies, which are comparable to, and even go ‫ وأن يقومـــوا بإعـــداد خطة عمـــل تنفيذية بجدول زمنـــي محدد لإنجـــاز هذا الأمر‬،‫الدليـــل‬
beyond, those of major international companies. At the same time, I ‫وكذلـــك متابعة التنفيذ من خالل مؤشـــرات قياس الأداء الخاصـــة بهذه المنظومة وذلك‬
hope that this system will be implemented effectively, and I encourage
‫وصـــولاً لتحقيق التشـــغيل الآمن وتحقيـــق الهدف صفر للحوادث الـــذي نعمل جميعاً من‬
heads of all affiliate companies and all department heads working in
.‫أجله‬
each company to accurately and effectively implement all elements
of the process safety and asset integrity standards included in this
‫وإننـــي إذ أتمنـــى لكـــم جميعـــاً دوام التوفيق والســـداد ولوطننـــا الحبيـــب دوام الرقي‬
guideline. I also ask them to develop an executive action plan with an
.‫والازدهار‬
identified schedule for implementation, as well as follow up execution
through the performance indicators of this system in order to achieve
safe operations and the zero-incident goal that we all work towards.

I wish you all continued success, and to our beloved country continued
prosperity. ‫ طارق المال‬/‫معالي الوزير‬

‫وزير البترول والثروة المعدنية‬

His Excellency/ Tarek El Molla

Minister of Petroleum and Mineral Resources

7
‫‪Mohamed‬‬

‫‪Shindy‬‬
‫‪Methanex Egypt‬‬
‫‪Managing Director‬‬

‫‪It gives me great pleasure and pride to write a forward to this book,‬‬ ‫عزيـــزي القـــارئ‪ ،‬إنـــه لمن دواعي ســـروري وفخـــري أن أكتـــب مقدمة هذا الكتـــاب الذي‬
‫‪dear reader. It encapsulates years of work by a dedicated group of‬‬ ‫يلخـــص ســـنوات مـــن العمـــل من قبـــل مجموعـــة متفانيـــة مـــن المتخصصين فـــي هذه‬
‫‪industry professionals who have committed themselves to offering‬‬
‫الصناعـــة الذين كرســـوا أنفســـهم لمنح قطـــاع النفط والغـــاز والبتروكيماويـــات المصري‬
‫‪the Egyptian Oil, Gas, and Petrochemical Industry an opportunity to‬‬
‫الفرصـــة لمنـــع وتالفي المخاطر الكبـــرى‪ .‬يجمع هذا الكتاب بين طياتـــه‪ ،‬نظرة عامة علي‬
‫‪prevent major hazards from being realized. This book gathers in its‬‬
‫جميع السياســـات والمعايير والإرشـــادات الأربع وعشـــرون التي تم طرحها نتيجة لمذكرة‬
‫‪folds – at a high level – all 24 standards and guidelines produced as‬‬
‫التفاهـــم المبرمـــة بين شـــركة ميثانكس مصـــر ووزارة البترول والثـــروة المعدنية‪.‬‬
‫‪a result of the memorandum of understanding between Methanex‬‬
‫‪Egypt and the Ministry of Petroleum and Mineral Resources.‬‬
‫لدينـــا فـــي هـــذا الكتـــاب المجموعـــة الأولـــى مـــن السياســـات والمعاييـــر والإرشـــادات‬

‫‪What we have here is the full set of Egyptian Process Safety‬‬ ‫المصريـــة لإدارة ســـامة العمليـــات التـــي ســـيتم تطبيقهـــا على قطـــاع النفـــط والغاز‬
‫& ‪Management standards and guidelines, that will apply to the oil‬‬ ‫والبتروكيماويـــات فـــي جميـــع أنحاء مصـــر من أجل تحقيـــق الهدف الأساســـي المتمثل‬
‫‪gas and petrochemicals’ industry across Egypt, working towards the‬‬ ‫فـــي عـــدم إلحاق الضرر بالأشـــخاص أو المجتمعـــات أو البيئة أو الأصول‪ .‬ســـتجد في هذا‬
‫‪ultimate goal of no harm to people, communities, the environment or‬‬ ‫الكتـــاب قصـــة وصولنـــا نحن أعضاء اللجنـــة المصرية العليـــا لإدارة ســـامة العمليات إلى‬
‫‪assets. In this book, you will find the story of how we, the members‬‬
‫هـــذه اللحظـــة الملهمـــة التي وصلنـــا إليها مســـتعدين لمشـــاركة المجموعـــة الكاملة‬
‫‪of the Egyptian Process Safety Steering Committee, reached this‬‬
‫مـــن الوثائـــق التي وضعتهـــا اللجنة الفنيـــة الفرعية لإدارة ســـامة العمليـــات وراجعها‬
‫‪exciting moment where we are ready to share the full set of documents‬‬
‫رواد محليـــون ودوليـــون من داخـــل الصناعة‪ .‬إنها مســـيرة متميزة تعكـــس روح التعاون‬
‫‪produced by the Technical Sub-Committee and validated by local‬‬
‫الحقيقيـــة والســـعي نحو تحقيق هدف أســـمى من قبـــل القادة الذين تضمهـــم لجاننا‪.‬‬
‫‪and international industry leaders within the industry in Egypt. It is‬‬
‫‪a unique journey that reflects the true spirit of collaboration and the‬‬
‫‪strive towards a higher purpose amongst the leaders who make up‬‬
‫‪our committees.‬‬

‫‪8‬‬
‫‪Working under the guidance of His Excellency Minister Tarek El-Molla,‬‬ ‫مـــن خـــال العمل تحت إشـــراف معالـــي الوزير طارق المـــا‪ ،‬تجمع اللجنـــة المصرية العليا‬
‫‪the Egyptian PSM Steering Committee brings together a group of‬‬ ‫لإدارة ســـامة العمليات مجموعـــة من القادة الذين لاحظوا وجود فجـــوة في مجال إدارة‬
‫‪leaders who saw a gap in the area of process safety management‬‬
‫ســـامة العمليات وقـــرروا أخذ الإجراءات الالزمـــة لمعالجتها‪ .‬لقد بدأنـــا العمل بغرض رفع‬
‫‪and decided to do something to address it. We started out with the‬‬
‫مســـتوى الوعـــي بإدارة ســـامة العمليـــات داخل القطـــاع وبدء حوار شـــامل وعميق حول‬
‫‪aim to raise the level of PSM awareness within the sector and to‬‬
‫إدارة ســـامة العمليـــات في مصـــر‪ .‬بمجرد تحقيق ذلك‪ ،‬كانت الخطـــوة التالية هي خارطة‬
‫‪start a wide and deep dialogue about PSM in Egypt. Once this was‬‬
‫طريـــق مدتهـــا ثالث ســـنوات لتحديد الرؤيـــة المتمثلة في منـــع إلحاق الضرر بالأشـــخاص‬
‫‪accomplished, the next step was the three-year roadmap to define‬‬
‫‪the vision of preventing harm to people, environment, community, and‬‬ ‫والبيئة والمجتمع والأصول من خالل ترســـيخ ثقافة إدارة ســـامة العمليات في قطاعات‬

‫‪assets through instilling a PSM culture within the national oil & gas and‬‬ ‫النفـــط والغـــاز والبتروكيماويـــات الوطنية‪ ،‬وإنشـــاء اللجنـــة الفنية الفرعية لإدارة ســـامة‬
‫‪petrochemicals industries, and the establishment of the Technical‬‬ ‫العمليـــات لتطويـــر معايير وإرشـــادات إدارة ســـامة العمليـــات على أيدي خبـــراء عالميين‬
‫‪PSM Sub-Committee to develop the PSM standards and guidelines,‬‬ ‫وأعضـــاء في برنامج بنـــاء القدرات الخـــاص بالوزارة‪.‬‬
‫‪at the hands of world-class experts and members of the Ministry’s‬‬
‫‪Capacity Building program.‬‬ ‫دائما‬
‫ً‬ ‫أثرا‬
‫أعتقـــد أن هذا المثـــال الفريد للتعاون بين أعضاء اللجنة المصرية العليا ســـيترك ً‬
‫علـــى صناعاتنا لســـنوات قادمة‪ ،‬وربما يتجـــاوز حدودنا الوطنية في المســـتقبل القريب‪ .‬أنا‬
‫‪I believe this unique example of collaboration between the members‬‬
‫عضوا فـــي هذه اللجنـــة‪ ،‬وأعتقد أننـــي أتحدث باســـم كل من يعمل‬
‫ً‬ ‫حقـــا لكونـــي‬
‫ممتـــن ً‬
‫‪of the Egyptian Steering Committee will create a lasting impact on‬‬
‫فـــي شـــركة ميثانكـــس فـــي جميع أنحـــاء العالـــم عندمـــا أقـــول أن الجميع في شـــركة‬
‫‪our industries for years to come, potentially far beyond our national‬‬
‫ميثانكـــس فخـــورون بقصـــة النجاح الاســـتثنائية هذه‪ .‬كمـــا أنني ممتـــن لمجموعة كبيرة‬
‫‪borders in the near future. I am truly grateful to be a member of this‬‬
‫‪committee, and I think I speak for everyone working for Methanex‬‬ ‫جـــداً مـــن الأشـــخاص الذين جعلوا قصـــة النجاح هـــذه ممكنة; بمـــا فيهم معالـــي الوزير‬

‫‪around the world when I say everyone at Methanex is proud of this‬‬ ‫طـــارق المـــا والكيميائي ســـعد هـــال والمهندس جمال فتحـــي وجميع أعضـــاء اللجنة‬
‫‪exceptional success story. I am also grateful for a very large group‬‬ ‫العليا لإدارة ســـامة العمليـــات وجميع أعضاء اللجنة الفنية الفرعية وفريقي في شـــركة‬
‫‪of people who made this success story possible; His Excellency‬‬ ‫ميثانكـــس مصـــر وبالتأكيـــد المراجعين الخارجيين بمـــا فيهم باكير ريســـك‪ ،‬و بيل إنيرجي‪،‬‬
‫‪Minister Tarek El-Molla, Chemist Saad Helal, Chemist Gamal Fathy,‬‬ ‫ودي ان فـــي جـــي ال‪ ،‬وانبـــي‪ ،‬واكســـيدا‪ ،‬وبـــي اس آر جي‪ ،‬وريســـك تيـــك‪ ،‬وتي يو في‬
‫‪all the members of the Steering Committee, all the members of the‬‬
‫راينالنـــد‪ ،‬وشـــل الذيـــن أكدت عمليـــات مراجعة الجـــودة الصارمـــة التي أجروهـــا أننا نصدر‬
‫‪Technical Sub-Committee, my team at Methanex Egypt, and certainly‬‬
‫بالفعـــل وثائـــق مناســـبة للغـــرض‪ ،‬عالمية المســـتوى‪ ،‬لكنهـــا محلية في نفـــس الوقت‪.‬‬
‫‪the external peer reviewers including BakerRisk, Bell Energy, DNV‬‬
‫أتمنـــى أن يســـتخدم القراء هذه الوثائـــق من أجل إنقـــاذ الأرواح‪.‬‬
‫‪GL, Ennpi, Exida, PSRG, Risktec - TÜV Rheinland, and Shell whose‬‬
‫‪rigorous quality review process provided assurance that we are indeed‬‬
‫محمد شندي‬
‫‪producing world-class, yet national, fit for purpose documents. I hope‬‬
‫العضو المنتدب لشركة ميثانكس مصر‬
‫‪readers will use it to save lives.‬‬
‫و عضو اللجنة المصرية العليا لإدارة سالمة العمليات‬
‫‪Mohamed Shindy‬‬
‫‪Managing Director of Methanex Egypt and‬‬
‫‪Member of the Egyptian Process Safety Management Committee‬‬

‫‪9‬‬
10
The Journey

11
‫‪Major accident hazards in Egypt and across the world can potentially‬‬ ‫إن مخاطـــر الحـــوادث الكبـــرى في مصـــر والعالـــم قد تؤدي إلـــى حوادث خطيـــرة خاصة‬
‫‪result in severe process safety incidents impacting people, the‬‬ ‫بســـامة العمليات وتؤثر علـــى الأفراد والبيئة والمجتمعات والأصـــول‪ .‬إن الآثار المحتملة‬
‫‪environment, communities, and assets. Potential impacts and‬‬
‫والتكاليـــف المصاحبـــة لتلـــك الحوادث مرتفعـــة للغاية بحيث لا يمكـــن تجاهلها من حيث‬
‫‪associated costs are too high to ignore in terms of loss of human‬‬
‫الخســـائر فـــي الأرواح والإصابـــات والأضـــرار البيئية وخســـارة الأصول والنفقـــات المالية‪،‬‬
‫‪life, injuries, environmental damage, loss of assets, and financial‬‬
‫بالإضافـــة إلـــى الإضرار بســـمعة الشـــركات المعنية‪ .‬يمكـــن التخفيف من هـــذه المخاطر‬
‫‪expenses not to mention the reputational impact on the companies‬‬
‫عـــن طريـــق التطبيق الصـــارم لمعايير وإرشـــادات إدارة ســـامة العمليـــات‪ .‬لتحقيق ذلك‪،‬‬
‫‪involved. The answer to the mitigation of these risks lies in the‬‬
‫‪rigorous application of Process Safety Management (PSM) standards‬‬ ‫شـــرعت شـــركة ميثانكس مصر وشـــريكتها الشـــركة المصريـــة القابضـــة للبتروكيماويات‬

‫‪and guidelines. In realizing this, Methanex Egypt and its partner the‬‬ ‫(ايكـــم) فـــي المســـيرة التـــي قادتنـــا إلى مـــا نحن عليـــه اليـــوم‪ ،‬وكتابة مقدمـــة لهذا‬
‫‪Egyptian Petrochemicals Holding Company (ECHEM) embarked on the‬‬ ‫الكتـــاب الملخـــص لمعاييـــر وإرشـــادات إدارة ســـامة العمليـــات المصرية التـــي وضعتها‬
‫‪journey that brings us to where we are today, writing an introduction to‬‬ ‫اللجنـــة المصريـــة العليا لإدارة ســـامة العمليات بأيـــدي لجنتها الفنيـــة الفرعية‪.‬‬
‫‪this book on the Egyptian PSM standards and guidelines developed by‬‬
‫بـــدأت الرحلة بورشـــة عمل لتقديـــم مفهوم إدارة ســـامة العمليات إلـــى القطاع بغرض‬
‫‪the Egyptian Process Safety Management Steering Committee at the‬‬
‫‪hands of its Technical Subcommittee.‬‬ ‫التأكـــد مـــن إدراج هـــذا الموضوع المهـــم في صدارة جـــدول أعمال قطـــاع النفط والغاز‬

‫واضحا منذ بداية المســـيرة التوافـــق الواضح مع‬

‫ً‬ ‫والبتروكيماويـــات فـــي مصـــر‪ .‬قـــد كان‬
‫‪The journey started with a workshop introducing PSM to the industry,‬‬
‫رؤيـــة معالـــي وزير البتـــرول والثروة المعدنية فيمـــا يتعلق بتحديث قطـــاع النفط والغاز‬
‫‪and to ensure this important topic is brought to the forefront agenda‬‬
‫والبتروكيماويات‪ .‬كما أنه يتماشـــى مع التزام شـــركة ميثانكـــس بمعايير ومبادئ الرعاية‬
‫‪of the oil, gas, and petrochemical industry in Egypt. It was clear from‬‬
‫‪the early part of the journey the clear alignment with H.E. the Minister‬‬ ‫المســـؤولة‪ ،‬وهـــي مبـــادرة اســـتدامة معترف بها مـــن الأمـــم المتحـــدة ويتبناها مجال‬

‫‪of Petroleum and Mineral Resources vision for the modernization of the‬‬ ‫الصناعـــات الكيميائيـــة على مســـتوى العالم لتعزيز ســـامة المجتمع وصحـــة الموظفين‬
‫‪Oil & Gas and Petrochemicals sector. It also aligns with Methanex’s‬‬ ‫وســـامتهم وحماية البيئة والإدارة الامنة للمنتجات والمســـؤولية الاجتماعية‪ .‬وبصفتها‬
‫‪own commitment to Responsible Care Ethics and Principles, a United‬‬ ‫عضـــو فعال فـــي مجـــال البتروكيماويات المصـــري‪ ،‬تقوم شـــركة ميثانكـــس بالتأكد بأن‬
‫‪Nations recognized sustainability initiative adopted by the global‬‬
‫جميـــع قراراتها وممارســـاتها التجارية ترقى إلى أعلى معايير الرعاية المســـؤولة خاصة‬
‫‪chemical industry to enhance community safety, employee health‬‬
‫فـــي برامج الصحة والســـامة وكذلك برامجها لإدارة ســـامة العمليات مـــع التركيز علي‬
‫‪and safety, environmental protection, product stewardship and social‬‬
‫هدفهـــا النهائـــي المتمثـــل في تحقيق مـــكان عمل آمن خـــال من الإصابـــات أو حوادث‬
‫’‪responsibility. A proud member of the Egyptian petrochemicals‬‬
‫أيضا مـــع التـــزام الشـــركة المصريـــة القابضة‬
‫عامـــا بعـــد عام‪ .‬يتماشـــى ذلـــك ً‬
‫التســـرب ً‬
‫‪industry, Methanex ensures that all its business decisions and practices‬‬
‫‪live up to the highest standards of Responsible Care® especially in its‬‬ ‫للبتروكيماويـــات بمســـؤوليتها تجـــاه ســـامة الأفـــراد والبيئـــة والمجتمعـــات والجهات‬

‫‪health and safety programs as well as its process safety management‬‬ ‫المعنيـــة كجـــزء لا يتجزأ مـــن أداء أعمالها ومحور التركيز الرئيســـي لكل القـــوى العاملة‬

‫‪programs with the ultimate goal of achieving a zero-injury and zero-‬‬ ‫لديهـــا علـــى كل المســـتويات‪ ،‬مما يضمن اســـتخدام التقنيات الأكثر أمانً ـــا والحفاظ على‬
‫‪release workplace year after year. This also aligned with ECHEM’s‬‬ ‫أداء عالي المســـتوى في مجال الســـامة‪.‬‬
‫‪own commitment to its responsibility towards the safety of people,‬‬
‫‪environment, communities and stakeholders, as an integral part of‬‬
‫‪its business performance and a prime focus of its entire workforce‬‬
‫‪at every level, ensuring the safest technologies are used and high‬‬
‫‪standard safety performance is maintained.‬‬

‫‪12‬‬
 ‫مـــن خـــال تأســـيس تحالـــف شـــامل‪ ،‬أطلقـــت الشـــريكتان‪ ،‬الشـــركة المصريـــة القابضـــة‬
‫للبتروكيماويـــات وشـــركة ميثانكـــس‪ ،‬المبـــادرة الأولـــى لبدء حـــوار موســـع وعميق حول‬
‫إدارة ســـامة العمليات من خالل اســـتضافة مؤتمر إدارة ســـامة العمليات بشـــكل سنوي‬
‫للمســـاعدة فـــي زيـــادة الوعي بـــإدارة ســـامة العمليات بمشـــاركة مجموعـــة كبيرة من‬
‫رواد المجـــال‪ُ .‬عقد مؤتمر إدارة ســـامة العمليات الأول في نوفمبـــر ‪ 2018‬تحت رعاية وزارة‬
‫البتـــرول والثـــروة المعدنيـــة وبتنظيـــم من شـــركة ميثانكس مصـــر بالتعاون مع الشـــركة‬
‫المصريـــة القابضـــة للبتروكيماويـــات تحـــت عنوان "تمكين مســـيرة ســـامة العمليات في‬
‫مصـــر"‪ .‬كان مـــن بين المتحدثين الرئيســـيين في ورشـــة العمـــل خبراء دولييـــن في مجال‬
‫إدارة ســـامة العمليات مثل ديبورا جروبي‪ ،‬مالكة ورئيســـة شـــركة أوبريشـــنز آند سيفتي‬
‫سوليوشـــنز المحـــدودة‪ ،‬وكين ريفـــرز‪ ،‬الرئيس الســـابق لمعهد المهندســـين الكيميائيين‬
‫والرئيـــس الســـابق للمنتـــدى الاســـتراتيجي للتحكـــم فـــي مصـــادر الخطر الرئيســـية في‬
‫المملكة المتحدة‪ ،‬والدكتور جيســـون كليمينت‪ ،‬مدير إدارة ســـامة العمليات في شـــركة‬
‫شـــخصا مـــن القادة والمديريـــن التنفيذيين في‬
‫ً‬ ‫ميثانكـــس‪ .‬حضـــر هذا الحدث أكثر من ‪200‬‬
‫بالغا‬
‫أوليا ً‬
‫ً‬ ‫اهتمامـــا‬
‫ً‬ ‫مجـــال البتروكيماويـــات وصناعـــة النفط والغاز في مصـــر مما يعكس‬
‫بإدارة ســـامة العمليات داخـــل القطاع‪.‬‬

‫‪Establishing their profound alignment, the partners ECHEM and‬‬

‫‪Methanex launched the first initiative to start a wide and deep‬‬
‫‪dialogue around PSM by hosting an annual PSM conference to help‬‬
‫‪raise PSM awareness with a broad group of the industry’s leaders. The‬‬
‫‪first PSM conference was held in November 2018 under the auspices‬‬
‫‪of the Ministry of Petroleum and Mineral Resources and organized‬‬
‫‪by Methanex Egypt in cooperation with ECHEM under the title of‬‬
‫‪“Enabling Egypt’s Process Safety Journey.” The workshop’s keynote‬‬
‫‪speakers included international PSM experts Deb Grubbe, owner‬‬
‫‪and President of Operations and Safety Solutions LLC, Ken Rivers,‬‬
‫‪former President of the Institution of Chemical Engineers, and former‬‬
‫‪Chairman of UK’s Control of Major Hazards (COMAH) Strategic Forum‬‬
‫‪and Dr. Jason Clement, Director of Process Safety Management at‬‬
‫‪Methanex Corporation. The event was attended by over 200 leaders‬‬
‫‪and executives of the petrochemicals and downstream oil and gas‬‬
‫‪industry in Egypt reflecting a strong initial interest in PSM within the‬‬
‫‪industry.‬‬

‫‪13‬‬
 ‫واصلت شـــركة ميثانكس العمل مع الشـــركة المصريـــة القابضـــة للبتروكيماويات للحفاظ‬

‫علـــى هـــذا النجـــاح مـــن خـــال المناقشـــات والاجتماعـــات المنتظمـــة حول إدارة ســـامة‬

‫ســـنويا لتمكين القادة‬

‫ً‬ ‫العمليـــات والالتـــزام بتنظيم مؤتمر إدارة ســـامة العمليات الناجح‬

‫والمديريـــن التنفيذيين الآخريـــن في القطاع بالمعرفة والمعلومـــات الهامة الخاصة بإدارة‬

‫ســـامة العمليـــات ومواصلـــة الحوار حول هذا الموضوع‪ .‬في ســـبتمبر ‪ ،2019‬عقدت شـــركة‬

‫ميثانكـــس مصـــر بالشـــراكة مع الشـــركة المصريـــة القابضـــة للبتروكيماويـــات مؤتمرهما‬

‫الســـنوي الثانـــي لإدارة ســـامة العمليات تحـــت عنوان "تحديـــث إدارة ســـامة العمليات‪:‬‬

‫مشـــاركة الرؤيـــة"‪ .‬كان مـــن بين المتحدثين الرئيســـيين فـــي المؤتمر كين ريفـــرز‪ ،‬الرئيس‬

‫الســـابق لمعهـــد المهندســـين الكيميائييـــن والرئيـــس الســـابق للمنتدى الاســـتراتيجي‬

‫للتحكـــم في مصادر الخطر الرئيســـية فـــي المملكة المتحدة‪ ،‬ومايكل برودريب‪ ،‬مستشـــار‬

‫أول في مجموعة باكير ريســـك لســـامة العمليات‪ ،‬وجاســـون كليمينت‪ ،‬مدير إدارة سالمة‬

‫العمليـــات في شـــركة ميثانكس‪ .‬ســـلطت الجلســـات الضـــوء على دور القـــادة في قيادة‬

‫إدارة ســـامة العمليات وأهمية الاســـتفادة من الحوادث السابقة‪ .‬شارك المتحدثون باسم‬

‫شـــركة ميثانكـــس تجربة الشـــركة في بناء القـــدرة التنظيمية فيما يتعلق بإدارة ســـامة‬

‫العمليات‪ .‬كما اســـتعرضوا مســـيرة ميثانكس في مجال إدارة ســـامة العمليات وتطورها‬
‫‪Methanex continued to work with ECHEM to keep the momentum going‬‬
‫كمؤسســـة تعليميـــة فـــي محاولة لتقديـــم أمثلة ودراســـات حالة واقعية لتســـهيل نقل‬
‫‪through regular discussions and meetings around PSM, committing to‬‬
‫المعرفـــة عن إدارة ســـامة العمليات والمســـاهمة فـــي تعزيز ثقافة تبـــادل المعرفة بين‬
‫‪organizing the successful PSM conference annually to empower other‬‬
‫‪sector leaders and executives with critical PSM knowledge as well as‬‬ ‫الشـــركات العاملـــة فـــي القطـــاع‪ .‬حضـــر المؤتمر أكثر مـــن ‪ 400‬شـــخص من القـــادة وكبار‬

‫‪continue and maintain the dialogue around the topic. In September‬‬ ‫التنفيذييـــن في قطاعات البتروكيماويـــات والتكرير والمعالجة والتنقية‪ ،‬مما أكد الاهتمام‬
‫‪2019, Methanex Egypt, in partnership with the Egyptian Petrochemicals‬‬ ‫المتزايد والمســـتمر بالموضوع والفجوة التي تمكنت شـــركة ميثانكس والشركة المصرية‬
‫‪Holding Company (ECHEM), held its second Annual PSM Conference‬‬ ‫القابضـــة للبتروكيماويـــات من ســـدها من خالل هـــذه المؤتمرات‪.‬‬
‫‪under the title of “Modernizing Process Safety Management: Sharing‬‬
‫‪the Vision.” The conference keynote speakers included Ken Rivers,‬‬
‫‪former President of the Institution of Chemical Engineers and former‬‬
‫‪Chairman of UK’s Control of Major Hazards (COMAH) Strategic Forum,‬‬
‫‪Michael Broadribb, Senior Principal Consultant in BakerRisk’s Process‬‬
‫‪Safety Group, and Dr. Jason Clement, the Director of Process Safety‬‬
‫‪Management at Methanex Corporation. The sessions highlighted the‬‬
‫‪role of leaders in driving PSM and the importance of learning from‬‬
‫‪previous incidents. Methanex speakers also shared the company’s‬‬
‫‪experience in building organizational capability around PSM, and‬‬
‫‪showcased Methanex’s PSM journey and its evolution as a learning‬‬
‫‪organization in an attempt to provide real life examples and case studies‬‬
‫‪to facilitate the transfer of knowledge around PSM and contribute to‬‬
‫‪the knowledge sharing culture between companies in the sector. The‬‬
‫‪conference was attended by more than 400 of the petrochemicals‬‬
‫‪and downstream sectors’ leaders and top executives confirming the‬‬
‫‪growing and continuing interest in the topic and the gap that Methanex‬‬
‫‪and ECHEM were able to fill through such conferences.‬‬
‫‪14‬‬
‫‪Building on the success and momentum created by the first two PSM‬‬ ‫اتضحـــت الرؤيـــة بعد النجاح والزخم الناتجين عن مؤتمرات إدارة ســـامة العمليات‪ .‬كانت لا‬
‫‪events, the vision became clear. More collaboration was needed beyond‬‬ ‫تـــزال هنـــاك حاجة إلى مزيـــد من التعاون للبناء علـــي الجزء الأول من المســـيرة والتركيز‬
‫‪the important first part of the journey and the focus on awareness.‬‬
‫علـــى التوعيـــة‪ .‬فـــي ســـبيل تنفيذ المرحلـــة التاليـــة المهمة من المســـيرة‪ ،‬تـــم توقيع‬
‫‪To fulfil the important next phase of the journey, a Memorandum of‬‬
‫مذكـــرة تفاهم بيـــن وزارة البتـــرول والثروة المعدنيـــة المصرية وشـــركة ميثانكس مصر‬
‫‪Understanding (MoU) between the Egyptian Ministry of Petroleum and‬‬
‫فـــي فبرايـــر ‪ 2020‬أثنـــاء معـــرض مصر للبتـــرول (إيجبـــس) ‪ ،2020‬والتي تضمنـــت وضع إطار‬
‫‪Mineral Resources and Methanex Egypt was signed in February 2020‬‬
‫عمـــل وخارطـــة طريق لمـــدة ثالث ســـنوات بهدف ترســـيخ برامج إدارة ســـامة العمليات‬
‫‪during Egypt Petroleum Show (EGYPS) 2020, creating a framework and‬‬
‫‪a three-year roadmap for the adoption of PSM within the Egyptian oil‬‬ ‫تتويجـــا لعامين‬
‫ً‬ ‫داخـــل قطـــاع النفط والغـــاز المصري‪ .‬جـــاءت مذكرة التفاهـــم المذكورة‬

‫‪and gas sector. This MoU was a crowning achievement of two years‬‬ ‫من التعاون المثمر بين شـــركات القطاع القابضة التي شـــكلت النواة التأسيســـية للجنة‬
‫‪of collaborative work between the sector’s holding companies who‬‬ ‫المصريـــة العليـــا لإدارة ســـامة العمليات من أجـــل توجيه أجندة إدارة ســـامة العمليات‬
‫‪formed the founding core for an Industry PSM Steering Committee to‬‬ ‫وفقـــا لبرنامـــج التحديث الخـــاص بوزارة البتـــرول والثـــروة المعدنية وأفضل الممارســـات‬
‫ً‬
‫‪drive the PSM agenda in accordance with the Ministry of Petroleum‬‬ ‫والإرشـــادات والمعاييـــر الدوليـــة‪ .‬ضمـــت اللجنـــة المصريـــة العليـــا ممثليـــن عـــن الهيئة‬
‫‪and Mineral Resources’ modernization program and international best‬‬
‫المصريـــة العامة للبترول والشـــركة المصرية القابضة للبتروكيماويات وشـــركة ميثانكس‬
‫‪practices, guidelines and standards. The steering committee included‬‬
‫مصـــر والمصريـــة القابضـــة للغـــازات الطبيعية (إيجاس) وشـــركة جنوب الـــوادي المصرية‬
‫‪representatives from the Egyptian General Petroleum Corporation‬‬
‫القابضة للبتـــرول (جنوب)‪.‬‬
‫‪(EGPC), ECHEM, Methanex Egypt, the Egyptian Natural Gas Holding‬‬
‫‪Company (EGAS) and South Valley Egyptian Petroleum Holding‬‬ ‫خارطة الطريق المصرية لإدارة ســـامة العمليات ســـلطت الضوء على الأهداف الرئيسية‬
‫‪Company (Ganope).‬‬ ‫علـــى مدار ثالث ســـنوات‪ ،‬بما في ذلك إنشـــاء لجنة فنية فرعية لإدارة ســـامة العمليات‬

‫‪The Egyptian process safety management roadmap highlighted the‬‬ ‫لتكون مســـؤولة عن تطوير سياســـات ومعايير وإجراءات إدارة ســـامة العمليات الخاصة‬
‫‪key goals over a three-year period, including the creation of a PSM‬‬ ‫وفقا لمعايير مركز الولايـــات المتحدة الأمريكية‬
‫ً‬ ‫بشـــركات النفط والغـــاز والبتروكيماويات‬
‫‪technical sub-committee to be responsible for the development of the‬‬ ‫لســـامة العمليـــات الكيميائيـــة‪ .‬هـــذا بالإضافة إلـــى تحديد مؤشـــرات الأداء الرئيســـية‬
‫‪Oil, Gas and Petrochemical companies’ PSM policies, standards and‬‬
‫الخاصـــة بـــإدارة ســـامة العمليـــات لإدارة أداء الشـــركات ووضـــع خطة لتحديد مســـتوي‬
‫‪procedures according to the USA Center for Chemical Process Safety‬‬
‫اســـتعداد الشـــركات العاملـــة في القطـــاع فيما يخص إدارة ســـامة العمليـــات واقتراح‬
‫‪(CCPS). This in addition to the development of PSM Key Performance‬‬
‫هيـــكل تنظيمـــي لإدارة ســـامة العمليات ليتم تطبيقـــه على جميع‬
‫‪Indicators (KPIs) for companies’ performance management, a plan‬‬
‫‪to identify the status of the sector companies’ PSM maturity and the‬‬
‫‪proposal of a PSM organizational‬‬

‫‪15‬‬
‫‪structure to be applied to all operating companies and finally‬‬ ‫وأخيـــرا التواصـــل والتوعيـــة داخل القطاع في شـــكل‬
‫ً‬ ‫الشـــركات العاملـــة فـــي القطـــاع‬
‫‪communication within the industry in the form of workshops,‬‬ ‫ورش عمـــل ومؤتمـــرات ومنشـــورات‪ .‬تم تحديـــد هذه الصالحيـــات لضمان إضفـــاء الطابع‬
‫‪conferences and publications. These mandates were set to ensure‬‬
‫المؤسســـي علـــى إدارة ســـامة العمليات بشـــكل صحيح داخـــل الشـــركات العاملة في‬
‫‪PSM is properly institutionalized within companies working in the‬‬
‫القطـــاع في ظل تعزيـــز ثقافة قوية تتبنى إدارة ســـامة العمليات فـــي صميم عمليات‬
‫‪industry while fostering a strong culture that adopts PSM at the center‬‬
‫القطـــاع‪ ،‬وكل ذلـــك بغـــرض تحقيق الهدف الأساســـي وهو "عدم الإضـــرار بالأفراد وعدم‬
‫‪of the sector’s operations, all with the fundamental goal of “No harm to‬‬
‫الإضـــرار بالبيئة وعدم الإضـــرار بالأصول"‪.‬‬
‫”‪people, No harm to the environment and No harm to assets.‬‬

‫بعـــد توقيع مذكـــرة التفاهم‪ ،‬اجتـــاح العالم فيـــروس كوفيد‪ 19-‬وإعالنـــه كجائحة عالمية‪.‬‬

‫ومـــع ذلك‪ ،‬اســـتمرت اجتماعـــات اللجنة العليا لإدارة ســـامة العمليات عبر الإنترنت حســـب‬

‫الجـــدول المقـــرر لهـــا على الرغم من التحديـــات الناتجة عن الوضع في ذلـــك الوقت‪ ،‬وذلك‬

‫بفضـــل التـــزام أعضاء اللجنة بتســـريع المســـيرة نحو عمليـــات أكثر أمانً ا داخـــل القطاع‪ ،‬بما‬

‫يضمـــن الالتزام بالجـــدول الزمني المقترح فـــي مذكرة التفاهم‪ .‬خالل تلـــك الفترة‪ ،‬قامت‬

‫اللجنـــة العليا بإنشـــاء اللجنـــة الفنية الفرعية من خـــال إجراء مقابالت مســـتقلة ومكثفة‬

‫بناء علـــى مهاراتهم وخبراتهم‬

‫للمرشـــحين مـــن أعضاء برنامج بناء القـــدرات بوزارة البترول ً‬
‫الفنيـــة وذلـــك بقيـــادة المستشـــار الدولـــي لميثانكس مصـــر‪ ،‬المهندس‪ /‬عمـــرو معوض‪.‬‬

‫فـــي فبرايـــر ‪ ، 2021‬عقـــدت اللجنة العليا نـــدوة عبر الإنترنـــت بعنوان "تحديث إدارة ســـامة‬

‫العمليـــات‪ :‬مـــن الرؤية إلى الواقع" حضرهـــا معالي وزير البترول والثـــروة المعدنية طارق‬

‫المـــا بالإضافة إلـــى ‪ 579‬من العاملين والإدارييـــن بقطاع النفط والغـــاز والبتروكيماويات‬

‫الإقليمـــي والدولي‪ .‬خـــال هذه الندوة‪ ،‬شـــارك أعضاء اللجنة خارطـــة طريق مدتها ثالث‬
‫‪After signing the MOU, COVID-19 was declared a pandemic. However,‬‬
‫‪the meetings of the PSM steering committee continued to take place‬‬ ‫ناجحا بالرغم من‬
‫ً‬ ‫عامـــا‬
‫ســـنوات وقدمـــوا عرضا عن ما تـــم إنجازه خالل عـــام ‪ 2020‬الذي كان ً‬

‫‪online as scheduled despite the challenges created by the situation‬‬
‫‪back then, thanks to the committee members’ commitment to‬‬
‫‪expediting the journey towards safer processes within the sector,‬‬
‫‪ensuring adherence to the timeline proposed within the MoU.‬‬
‫‪During that period, the steering committee created the technical‬‬
‫‪sub-committee through independent and extensive interviewing of‬‬
‫‪candidates from within the Ministry of Petroleum’s Capacity Building‬‬
‫أيضـــا على إنشـــاء الموقع الرســـمي لإدارة‬
‫عامـــا ملـــيء بالتحديات‪ .‬عملـــت اللجنة ً‬
‫كونـــه ً‬
‫ســـامة العمليـــات – ‪ – www.PSMEgypt.com‬الـــذي تـــم إطالقـــه كجـــزء مـــن الندوة‬
‫لتزويـــد القطـــاع بمعلومـــات موثوقـــة وتحديثات مســـتمرة حـــول إدارة ســـامة العمليات‬
‫وقنـــاة لمشـــاركة الأســـئلة مع اللجنـــة والاطالع علـــى سياســـات وإجراءات إدارة ســـامة‬
‫العمليـــات التي تـــم إصدارها‪.‬‬
‫منـــذ إنشـــاء اللجنـــة الفنيـــة الفرعية لإدارة ســـامة العمليـــات وهي تعمل بـــا كلل على‬

‫‪Program members, based on their technical skills and experience‬‬ ‫صياغـــة ‪ 24‬مـــن الإجـــراءات والمعايير والإرشـــادات لإدارة ســـامة العمليات على مســـتوى‬
‫‪and led by Methanex Egypt’s international consultant Eng. Amr‬‬ ‫عالمـــي مـــن أجـــل تمكيـــن التصميـــم والتشـــغيل الآمـــن لأصـــول وزارة البتـــرول والثروة‬
‫‪Moawad. In February 2021, the steering committee held a webinar‬‬ ‫المعدنيـــة‪ .‬تغطـــي الوثائـــق كامل نطـــاق إدارة ســـامة العمليات‪ ،‬بما فـــي ذلك تطبيق‬
‫‪titled “Modernizing Process Safety Management: From Vision to‬‬
‫برنامـــج ســـامة العمليات‪ ،‬وتقييم ثقافة ســـامة العمليـــات‪ ،‬ومهارات وكفاءات ســـامة‬
‫‪Reality” attended by His Excellency Tarek El-Molla, Minister of‬‬
‫العمليات ‪ ،‬ومؤشـــرات الأداء الرئيســـية لســـامة العمليات‪ ،‬وإدارة التغيير‪ ،‬وإدارة المخاطر‪،‬‬
‫‪Petroleum and Mineral Resources in addition to 579 executives from‬‬
‫وإدارة مخاطـــر الحـــوادث الجســـيمة ‪ ،‬وإدارة المعـــدات الحرجة ‪ ،‬وتصميـــم الآمن بطبيعته‪،‬‬
‫‪across the regional and international oil & gas and petrochemicals‬‬
‫بالإضافـــة إلـــى تحديد المخاطر‪ ،‬ودراســـة المخاطـــر المتعلقة بالقابلية التشـــغيلية‪،‬‬
‫‪community. During this webinar, the committee members shared‬‬
‫‪the three-year roadmap and provided an update on the progress‬‬
‫‪delivered during the challenging yet successful year of 2020. The‬‬
‫‪committee also worked on creating an official PSM website‬‬

‫‪16‬‬
– www.PSMEgypt.com – launched as part of the webinar, to provide the ‫ وتقييم مخاطـــر الحريق‬،‫ التقييم الكمـــي للمخاطـــر‬،‫ودراســـة تصنيـــف طبقـــات الحمايـــة‬
sector with credible information and continuous updates about PSM and ‫ رســـم خرائط أنظمة كواشف‬،‫ ومخططات المنشـــآت‬،‫ وتصنيف المناطق الخطرة‬،‫والإنفجار‬
a channel to share questions with the committee as well as access the
‫ كما تشـــمل المعايير والإرشادات تطوير‬.‫ وإدارة إشـــارات الإنذار‬،‫الحريق وتســـريبات الغازات‬
issued PSM policies and procedures.
.‫وتقييـــم حالة الســـامة وتقليـــل المخاطر إلى أقصـــى حد ممكن من الناحيـــة العملية‬
Since its creation, the PSM technical sub-committee worked tirelessly ‫خضعـــت جميـــع المعاييـــر والإرشـــادات لمراجعـــة صارمة للجودة شـــملت مراجعـــات محلية‬
on drafting 24 world class PSM procedures, standards and guidelines
‫ودوليـــة للتحقق من جودة الوثيقـــة بالمقارنة بالمعايير العالمية وأفضل الممارســـات مع‬
to enable the safe design and operation of the Ministry of Petroleum
‫ وقد ضمن ذلك دقة‬.‫الاهتمـــام باحتياجات قطاع النفـــط والغاز والبتروكيماويات المصـــري‬
and Mineral Resources’ assets. The documents cover a wide range
.‫المعايير والإرشـــادات ووضوحها وتميـــز جودتها وتنظيمها‬
of PSM spectrum and scope including Process Safety Program
Implementation, Process Safety Culture Assessment, Process Safety
Competency, Process Safety Key Performance Indicators (KPIs),
Management of Change (MOC), Risk Management, Major Accident
Hazards Management, Safety Critical Elements Management, Inherent
Safety Design as well as studies of HAZID, HAZOP, LOPA, Bow Tie, QRA,
FERA, HAC, Facility Layout and Siting, Fire and Gas Mapping and Alarm
Management. The documents also cover Safety Case Development,
Safety Case Appraisal and ALARP Demonstration.

All documents went through a rigorous quality review process

involving local and international peer reviews to check the document
quality against global standards and best practices with a keen eye on
the needs of the Egyptian Oil & Gas and Petrochemicals Sector. This
ensured the accuracy and clarity of the documents and resulted in an
outstanding product structure and quality.

The Techical Sub-Committee Quality Review and Assurance Process

Developing Internal Peer Review External Peer Review PSM Steering Quality Check & Approval, Signature,
the Document (PSM Tech. (Major Operators+ Committee Review Assurance (QA Team + TL) & Issuing (EGPC)
(Focal Point + TL) Committee Members) Global Consultants)

‫عملية مراجعة الجودة الخاصة باللجنة الفنية الفرعية‬

‫الموافقة والتوقيع‬ ‫فحوصات وضمان الجودة‬ ‫مراجعة اللجنة العليا‬ ‫مراجعة خارجية‬ ‫مراجعة داخلية‬ ‫تطوير الوثيقة‬
‫والإصدار‬ + ‫)فريق مراجعة الجودة‬ ‫لس�مة العمليات‬ + ‫)مشغلين رئيسين‬ ‫)اللجنة الفنية الفرعية‬ + ‫)المهندس المختص‬
(‫)الهيئة المصرية العامة للبترول‬ (‫قائد اللجنة الفنية‬ (‫استشاريين عالميين‬ (‫لإدارة س�مة العمليات‬ (‫قائد اللجنة الفنية‬

17
‫‪The PSM Technical Sub-committee comprised the internal peer‬‬
‫‪reviewers’ team and were divided according to their specialization into‬‬
‫‪four groups: Risk Management group, PSM group, Safety Case group‬‬
‫‪and Technical Safety group.‬‬
‫تألفـــت اللجنـــة الفنية الفرعية مـــن فريق المراجعين الداخليين وتم تقســـيمهم بحســـب‬
‫التخصـــص إلـــى أربـــع مجموعـــات‪ .‬مجموعـــة إدارة المخاطـــر‪ ،‬مجموعتيـــن لإدارة ســـامة‬
‫العمليـــات ومجموعـــة الســـامة الفنية‪.‬‬

‫‪Internal Peer Reviewers‬‬ ‫المراجعين الداخليين‬

‫‪Risk Management‬‬ ‫‪Technical Safety‬‬ ‫‪Safety Case‬‬ ‫‪PSM‬‬ ‫مجموعة إدارة س�مة‬ ‫مجموعة حالة الس�مة‬ ‫مجموعة‬ ‫مجموعة‬
‫‪Group‬‬ ‫‪Group‬‬ ‫‪Group‬‬ ‫‪Group‬‬ ‫العمليات‬ ‫العمليات‬ ‫الس�مة الفنية‬ ‫إدارة المخاطر‬

‫‪International operators and major global PSM consultants supported‬‬ ‫قـــام خبـــراء دوليون وكبار الاستشـــاريين العالميين في مجال إدارة ســـامة العمليات بدعم‬
‫‪the project as external peer reviewers with ‘good will’ collaboration‬‬ ‫المشـــروع كمراجعيـــن خارجييـــن من خالل التعاون "حســـن النيـــة" وبدون مقابـــل مالي‪ .‬من‬
‫‪and no monetary compensation. External reviewers included‬‬
‫ضمـــن هـــؤلاء المراجعين الخارجيين شـــركات باكير ريســـك‪ ،‬وبيل إنيرجـــي‪ ،‬ودي ان في جي‬
‫‪BakerRisk, Bell Energy, DNV GL, Ennpi, Exida, PSRG, Risktec - TÜV‬‬
‫ال‪ ،‬واكســـيدا‪ ،‬وبـــي اس آر جي‪ ،‬وريســـتي‪ ،‬وتي يو في راينالند‪ ،‬وشـــل‪.‬‬
‫‪Rheinland, and Shell.‬‬

‫‪Major Operators‬‬ ‫‪Global Process Safety‬‬ ‫‪National EPC Contractor‬‬ ‫المقاولون المحليون للخدمات‬ ‫الاستشاريين العالميين لس�مة‬ ‫مشغلين رئيسين‬
‫‪& HSE Consultants‬‬ ‫الهندسية والتوريدات والإنشاءات‬ ‫العمليات والصحة والس�مة والبيئة‬

‫‪. SHELL‬‬ ‫‪. BakerRisk‬‬ ‫‪. ENPPI‬‬ ‫• انبي‬ ‫• باكير ريسك‬ ‫• شل‬

‫‪. Bell Energy‬‬ ‫• بيل إنيرجي‬

‫‪. DNV‬‬ ‫• دي ان في‬

‫• بي اس آر جي‬
‫‪. PSRG‬‬
‫• اكسيدا‬
‫‪. Exida‬‬
‫• وريستي‬
‫‪. Risktec - TUVRheinland‬‬
‫• تي يو في راين�ند‬

‫‪In addition, in 2022, the Ministry of Petroleum and Mineral Resources‬‬ ‫بالإضافـــة إلـــى ذلـــك‪ ،‬طلبـــت وزارة البترول والثـــروة المعدنية فـــي عـــام ‪ 2022‬إدراج اللجنة‬
‫‪requested the inclusion of the PSM Technical Sub-Committee in the‬‬ ‫الفنيـــة الفرعيـــة لإدارة ســـامة العمليـــات في لجنة اختيـــار الموجة الثانية من المرشـــحين‬
‫‪selection committee of the second wave of the Capacity Building‬‬
‫جديدا لالنضمـــام إلى البرنامـــج كجزء من‬
‫ً‬ ‫مرشـــحا‬
‫ً‬ ‫لبرنامـــج بنـــاء القـــدرات وذلك لاختيـــار ‪150‬‬
‫‪program candidates, to select 150 new candidates to join the ministry’s‬‬
‫اســـتراتيجية التحديث الخاصة بالـــوزارة‪ .‬لقد عكس اهتمام الوزارة وترشـــيحها القيمة التي‬
‫‪capacity building program as part of the ministry’s modernization‬‬
‫تضيفهـــا جهود اللجنـــة إلى القطاع من خالل دعـــم برنامج الوزارة الرئيســـي لتطوير ورفع‬
‫‪strategy. The ministry’s interest and nomination reflected the value‬‬
‫كفـــاءة الإدارة الوســـطى والمواهـــب بالإضافة إلـــى تعزيز أداء القطاع بشـــكل فعال ومن‬
‫‪the committee’s efforts are bringing to the sector through supporting‬‬
‫‪the ministry’s key program to develop and raise the efficiency of the‬‬ ‫ثم تعزيز الاقتصـــاد الوطني‪.‬‬

‫‪sector’s middle management and talents and effectively enhance the‬‬

‫فـــي محاولة لضمان اســـتيعاب القطاع لإلجراءات المطورة‪ ،‬عملـــت اللجنة الفنية الفرعية‬
‫‪performance of the sector and in turn the national economy.‬‬
‫علـــى خطـــة طـــرح مفصلـــة تضمـــن مشـــاركة الوثائق علـــى أفضل نحـــو داخـــل القطاع‬

‫وتســـهل تبـــادل المعرفة مـــع الجهات التنفيذية الرئيســـية فـــي القطاع‪.‬‬

‫‪18‬‬
 ‫عقـــدت اللجنـــة جلســـات لتبـــادل المعرفة عبـــر الإنترنـــت لطـــرح الوثائق بمجـــرد تطويرها‬

‫ حيث تم‬2022 ‫ ُعقـــدت أولى جلســـات تبـــادل المعرفة في مـــارس‬.‫واعتمادهـــا وإصدارهـــا‬

‫تطوير أربعة من معايير وإرشـــادات إدارة ســـامة العمليات التـــي وضعتها اللجنة الفنية‬

‫ تمت مشـــاركة المعايير‬.‫الفرعيـــة وتـــم اعتمادها من قبل الهيئة المصرية العامة للبترول‬

‫ مســـؤول تنفيذي من شـــركات قطـــاع النفط والغاز‬1000 ‫والإرشـــادات الأربعـــة مع أكثر من‬

‫ كما اشـــتملت الجلســـة على عرض‬.‫والبتروكيماويـــات المصـــري الذيـــن حضـــروا الجلســـة‬

‫ مستشـــار الرئيس التنفيـــذي للهيئة المصرية‬،‫ جمال فتحي‬.‫تقديمـــي قدمـــه المهندس‬

‫العامـــة للبترول للصحة والســـامة والبيئة وعضـــو اللجنة العليا لإدارة ســـامة العمليات‬

‫شـــرح فيه مـــا تنتظره الهيئـــة العامة للبتـــرول من شـــركات القطاع فيما يتعلـــق باتباع‬

.‫معايير وإرشـــادات إدارة ســـامة العمليات المعتمدة‬

In an effort to ensure the sector’s understanding of the developed

procedures, the technical sub-committee worked on a detailed rollout
plan that guarantees optimum visibility for the documents within the
sector and facilitates knowledge sharing with key sector executives.
The committee held online knowledge sharing sessions to rollout the
issued documents as they were being developed and approved. The first
sessions were held in March 2022, in which four of the PSM standards
and guidelines developed by the PSM Technical Sub-Committee were
approved and issued by the Egyptian General Petroleum Corporation
(EGPC). The four standards and guidelines were shared with more than ‫ قامـــت اللجنة أيضا بعقد جلســـات تبـــادل معرفة‬،‫إلـــي جانـــب عقد جلســـات عبـــر الانترنت‬

1000 executives from the Egyptian oil, gas and petrochemical sector ‫ حضر الجلســـات‬.‫ مع اللجان الجغرافية الثماني التابعة للوزارة‬2022 ‫وجهـــا لوجه في عـــام‬
ً
companies who attended the session. The session also included a ‫ مـــن كبـــار المســـؤولين التنفيذيين في مجـــال الصحة والســـامة ومديري‬300 ‫أكثـــر مـــن‬
presentation by Eng. Gamal Fathy, EGPC CEO consultant for HSE and ‫شـــؤون البيئة والرؤســـاء التنفيذيين للشـــركات العاملة في القطاع وجـــاءت ردود الفعل‬
PSM steering committee member, to explain EGPC expectations from
‫ قامت‬،‫ بالإضافة إلـــى ذلك ولضمان ســـهولة الاطالع علـــى الوثائق‬.‫إيجابيـــة ومشـــجعة‬
sector companies in terms of following the approved PSM standards
‫اللجنة بنشـــر جميـــع الوثائق الصادرة والمعتمدة على الموقع الإلكتروني لإدارة ســـامة‬
and guidelines.
.‫العمليـــات بالإضافة إلـــى مقاطع فيديو موجزة لشـــرح كل وثيقة‬
Face to face knowledge sharing sessions were held in 2022 with the
ministry’s eight geographic committees. The sessions were attended
by more than 300 senior Health and Safety executives, Environment
Managers, and CEOs of companies working in the sector. The feedback
has been positive and encouraging. More PSM awareness sessions
are planned as additional standards and guidelines are developed. In
addition, to ensure easy access to the documents, the committee
published all issued and approved documents on the PSM website along
with summarized videos to explain each document.

19
‫‪The book you hold in your hands today, dear reader, is the outcome of‬‬ ‫إن الكتـــاب الـــذي تحملـــه بين يديك اليـــوم‪ ،‬عزيزي القـــارئ‪ ،‬هو نتاج ســـنوات من العمل‬
‫‪years of hard work and collaboration between the different partners on‬‬ ‫الجـــاد والتعـــاون بين مختلف الشـــركاء في هذه المســـيرة المتميزة‪ .‬إنه تجســـيد لرؤية‬
‫‪this unique journey. It is the manifestation of a vision and dream that‬‬
‫وحلـــم بـــدأ في عام ‪ 2018‬وســـرعان مـــا تحول إلى خطـــة قابلة للتنفيذ بخطـــوات حقيقية‬
‫‪started in 2018 and soon materialized into an actionable plan with real‬‬
‫وثابتـــة نحـــو تحويل هـــذا الحلم إلى حقيقة‪ .‬لقـــد أصبح هذا الواقـــع والتغيير الهام في‬
‫‪and steady steps towards turning this dream into a reality. This reality‬‬
‫القطـــاع ممكنً ـــا من خـــال الدعـــم المقدم من معالـــي وزير البتـــرول والثـــروة المعدنية‬
‫‪and step-change in the sector were made possible through the support‬‬
‫وجميـــع قادة شـــركات الـــوزارة القابضة بمـــا في ذلك الهيئـــة المصرية العامـــة للبترول‬
‫‪provided by HE the Minister of Petroleum and Mineral Resources and‬‬
‫‪all the leaders of the ministry’s holding companies including EGPC‬‬ ‫والشـــركة المصريـــة القابضـــة للبتروكيماويات بالإضافـــة إلى ميثانكس مصـــر والتزامها‬

‫‪and ECHEM in addition to Methanex Egypt and its commitment to‬‬ ‫بإحـــداث تغييـــر إيجابي في مصر‪ .‬إن هـــذا الكتاب هو نتاج نموذج ناجح من الشـــراكة بين‬

‫‪bring positive change to Egypt. This book is the result of a successful‬‬ ‫القطاعيـــن العـــام والخـــاص‪ ،‬بين ميثانكـــس والوزارة والشـــركات القابضة يجمـــع الخبرات‬
‫‪model of Public Private Partnership between Methanex, the Ministry‬‬ ‫معـــا لتطوير مجموعة من المعايير والإرشـــادات التي تشـــتد الحاجة‬
‫العالميـــة والمحليـــة ً‬
‫‪and Holding companies bringing global and local expertise together‬‬ ‫إليهـــا مـــن خـــال كـــوادر مصريـــة ‪ ٪100‬والتي مـــن شـــأنها الحد مـــن تأثير مخاطـــر إدارة‬
‫‪to develop, through 100% Egyptian calibers, a much-needed set of‬‬ ‫ســـامة العمليـــات‪ .‬إن التأثيـــر الناتج عـــن تطبيق الارشـــادات والمعايير الـــواردة في هذا‬
‫‪standards and guidelines that will help in mitigating the impact of PSM‬‬
‫وبحـــرا عبر جميـــع مراحل إنتاج‬
‫ً‬ ‫الكتـــاب أثنـــاء أي مشـــروع ودورة تشـــغيل أي منشـــأة ًبرا‬
‫‪risks. The impact that the regulations and standards in this book brings‬‬
‫النفـــط والغـــاز الطبيعي‪ ،‬بالإضافـــة إلى كونها قابلـــة للتطبيق فـــي أي قطاع صناعي‪،‬‬
‫‪for application during a project and operational lifecycle onshore and‬‬
‫يعـــد إنجـــازً ا بـــارزً ا للقيـــادة المتمكنة والفـــرق الملتزمـــة والمواهب الهندســـية المحلية‬
‫‪offshore across upstream, midstream, downstream as well as being‬‬
‫المتميـــزة فـــي مجال إدارة ســـامة العمليـــات‪ .‬هذه النتيجـــة التي تتماشـــى مع برنامج‬
‫‪scalable across any manufacturing industry is an outstanding feat of‬‬
‫‪capable leadership, committed teams and an outstanding local PSM‬‬ ‫التحديـــث الخاص بالوزارة تســـاهم في التوضيح لشـــركات القطاع كيفيـــة تطبيق واختيار‬

‫‪engineering talent. This outcome which is in line with the ministry’s‬‬ ‫ً‬
‫بداية مـــن المفهوم‬ ‫معاييـــر إدارة ســـامة العمليـــات فـــي مختلـــف مراحل أي مشـــروع‬

‫‪Modernization Program provides clarity for all sector companies to know‬‬ ‫مـــرورا بالعمليـــات ووصولً ا إلى أنشـــطة إيقاف التشـــغيل‪ .‬إن الامتثال‬
‫ً‬ ‫والفكـــرة الأوليـــة‬
‫‪how and which PSM standards to apply at different stages of a project‬‬ ‫للمعاييـــر المطـــورة مـــن خالل الجهـــة التنظيميـــة يضمن انتشـــارها على نطاق واســـع‬
‫‪from initial concept, through operations and finally decommissioning‬‬ ‫تماما‪ ،‬وفي‬ ‫وبالتالـــي يـــؤدي إلـــى تقليـــل حـــوادث إدارة ســـامة العمليـــات أو منعهـــا‬
‫ً‬
‫‪activities. Compliance with the developed standards through the‬‬ ‫حالـــة وقـــوع أي حادث مؤســـف‪ ،‬يضمن توفر نظـــام كامل لإدارة هذا الحادث‪ .‬سيســـاهم‬
‫‪regulator ensures a vast outreach leading to reduced or full prevention‬‬
‫الجهـــد المبذول في المبادرة بأكملها وكتاب إدارة ســـامة العمليـــات الماثل في زيادة‬
‫‪of PSM incidents and in case of an unfortunate incident, ensures a full‬‬
‫الوعـــي والمعرفـــة والأهـــم من ذلك قدرة القطـــاع فيما يتعلق بإدارة ســـامة العمليات‬
‫‪management system is in place to manage it. The effort behind the‬‬
‫بطريقـــة تنقـــذ الأرواح وتحمي البيئة وتحمي الأصول وتســـاهم مســـاهمة ايجابية في‬
‫‪whole initiative and this PSM book will contribute to raising awareness,‬‬
‫نمـــو القطـــاع ومســـتقبله وفي نهاية المطاف ترســـيخ مكانـــة مصر كمركـــز للتميز في‬
‫‪knowledge and most importantly capability of the sector with regards‬‬
‫‪to process safety management in a manner that will save lives, protect‬‬ ‫مجال إدارة ســـامة العمليات في أفريقيا والشـــرق الأوســـط‪.‬‬

‫‪the environment and protect assets, positively contributing to the‬‬

‫‪growth and future of the industry and eventually solidifying Egypt’s‬‬
‫‪position as a centre of PSM excellence in Africa and the Middle East.‬‬

‫‪20‬‬
Process Safety
Management’s
Leadership
Leap of Faith
21
Dr. Trevor Kletz known as the ‘Father of Inherent Safety’ says, “There’s an
old saying that if you think safety is expensive, try an accident. Accidents
cost a lot of money. And, not only in damage to plant and in claims for
injury, but also in the loss of the company’s reputation.”
Leaders of energy industries have an obligation towards themselves, their
organizations, the communities where they operate, their stakeholders,
and partners to make sure that the industry learns from the opportunities
it was given through previous incidents, enhance processes to prevent
incident recurrence and transfer this knowledge to the generations to
come so they do not repeat mistakes of the past. Leaders must always
strive to continuously improve what was done the day before and that all
stakeholders are positively impacted by the energy industry’s activities.
Over the last five decades the process industries have expanded
significantly to meet the world’s growing population needs. The world
needs more energy which will require hazardous materials to be produced,
processed, transported, and stored. The means of how energy is made
available needs to be through safe and sustainable practices. Land is at a
premium; hence more complex and hazardous facilities are getting closer
to populated communities and transportation routes are going through
multiple environments and habitats.
Piper Alpha Incident- July 1988.
Since the start of the Industrial Revolution until our present time,
hazards leading to loss of life, environmental damage, property damage,
and financial losses are highlighted through a number of memorable
incidents across the world such as Halifax Explosion, Three Mile
Island, Flixborough, Philips Pasadena, Westray Mine Disaster, Bhopal,
Chernobyl, Seveso Disaster, Piper Alpha, Texas City, Deep Water
Horizon, Pike River Mine, Philadelphia Refinery Explosion, to name a few.
We have lost colleagues then and we continue to lose them now. This is
not acceptable and must STOP!
22
Chernobyl Disaster - April 1986.
Long gone are the days of withholding the allocation of resources on
facility process safety requirements. Unfortunately, this has been
learned the hard way.
Effective Process Safety knowledge and leadership are some of the key
barriers preventing process safety incidents from occurring. Process
Safety understanding and goal setting must be defined and set by each
regulatory organization and each operating organization. Process Safety
requirements must be applied rigorously, systematically, and vigilantly
across all levels of an organization.
This is an outstanding opportunity for regulators, business leaders,
technical leaders, and workforce members to fully grasp and apply to
every decision and activity that is executed daily as well as longer term
strategic plans. The outcome can only be a safe and reliable oil & gas,
and petrochemicals industry serving the wider population and meeting a
country’s economic and strategic goals.
So, what is Process Safety? Simply stated, Process Safety is the
prevention of major accidents by preventing the release of hazardous
materials in the process. Such releases may cause toxic effects, fires
and/or explosions with the potential to adversely impact people,
property, and the environment. Hence, in its simplest form, process
safety means that all hazards are identified, the risks of these hazards
are understood, and these risks are managed by “doing the right thing.”
According to industry expert Mike Broadribb, “Process Safety is
a disciplined framework for managing the integrity of potentially
hazardous operating systems and processes by applying good design
principles, engineering, and operating practices. It deals with the
prevention and control of incidents that have the potential to release
hazardous materials or energy. Such incidents can cause toxic effects,
fire or explosion and could ultimately result in serious injuries, property
damage, lost production, and environmental impact.”
Leaders must ensure that their teams rigorously and diligently follow set
policies, standards, and procedures to ensure safe design, operations,
reduce the environmental impact, achieve community expectations,
and demonstrate compliance with applicable regulations. This ensures
operating organizations maintain their “License to Operate.” For this to
happen, a critical requirement is the right leadership culture.
Culture is traditionally defined as “a shared set of beliefs, norms,
and practices, documented and communicated through a common
language.” The key word being shared. Process Safety values must
be consistently - and constantly - shared at all levels of management
and among all employees. An organization’s Process Safety culture
expresses itself within its own organizational structure, which may be
simple or complex. The structure must ensure that competent resources
are available to execute process safety work as per the regulatory and
company requirements.
Competence levels of dedicated process safety resources as well as
others from different disciplines provide structured guidance to career
development planning and are a key part of an organization’s Human
Resources progression program and role assignments.
Competency levels are also considered as barriers in any incident
prevention model. Having competent personnel in their core technical
discipline as well as understanding the process safety impact of their
activities will eliminate or reduce the impact of an incident.
Culture evolves over time in response to various events, including
changes in leadership and in management systems. Accordingly, an
organization’s process safety culture at any point in time may be viewed
as reflecting prior events or prior defining periods in the history of
the organization, such as mergers and acquisitions, reorganizations,
financial difficulties, technological changes, and management changes.
As stated before, organizations exist to make good business through
delivering safe production. To do so, the organization must apply the
As Low As Reasonably Practicable (ALARP) Principle and still stay in
business. This is a balance that leaders must face and make risk-based
decisions daily to meet it. Moreover, an organization with a strong
safety culture does not lose sight of the fact that the stakeholders with
the most to lose-their lives-are workers and members of the public
living or working near hazardous operating plants or facilities.
Several incident investigations identify managers saying that they
didn’t know what was happening or what wasn’t happening and that if
they did, they would have stopped it! Well, it is a manager’s job to know
what is happening. A manager can know what is happening by talking
to the different work crews, being visible on site and dedicating time to
talk to the different teams about Process Safety, listen to real issues
on site and in the offices to be able to provide the adequate resources
to inherently prevent incidents from happening. A manager must trust
the team but verify the work through being part of the team.
An organization’s executive leadership and leadership members
across all levels must demonstrate their commitment to process
safety through their actions. If senior leadership shows its belief in the
importance of process safety, consistently communicates that belief to
other managers and the workforce, and then provides the appropriate
resources to promote process safety excellence, shared beliefs and
practices will follow through the rest of the organization. Leaders must
develop a positive, trusting, and open process safety culture.
An organization’s culture is established, defined, and embodied in the
actions of its leaders. Preventing process safety incidents requires
vigilance. Not having an incident does not indicate that an organization
is safe, as this may be the first step towards complacency when
people no longer appreciate how their safety systems work leading
to deterioration in barrier control, forgetting lessons, deviating from
standards, and accepting lower performance.
Leaders must instill a sense of chronic unease with every decision they
make. The term “Chronic Unease” is well known across the industry,
and when applied leads to positive outcomes.
Leaders must ensure that each member of the organization is an
Empowered Leader, and by that the executives genuinely and without
any repercussion support their teams to intervene actively and positively
to STOP unsafe activities or decisions that may negatively impact their
people, facilities, and surrounding environments.
People are and will continue to be at the heart of every decision related
to safe design and operations. People write up the guidelines that
others implement to design and operate facilities. Leaders must set the
systems to select the right people at the right time for the right role –
this is the initial step to setting up the correct systems.
23
It is imperative that leaders understand risk management protocols and
how they apply to the hierarchy of control steps. This will allow them to
support process safety decisions that involve budgetary allocation and
expenditure. As stated above, the cost of an incident outweighs the cost
of engineering and project execution to mitigate ‘after the fact (incident)
reactive action’ risks and continuously improve process safety at any
organization.
There are multiple barriers that each organization, through a thorough
process safety and hazard management program, must set in place
and maintain to prevent incidents from occurring. All the barriers work
together to provide the required protection and prevention of an incident.
Barriers include people (selection, competence, training, communication,
culture, etc.), process (administrative procedures, operational
procedures, technical documents, maintenance programs, compliance
with process and avoiding shortcuts, etc.), and plant (engineering and
construction of barriers, maintaining safe operating limits, defining, and
maintaining safety critical equipment, applying operational control of
work, etc.).
The more barriers identified, the better the defense against an
incident.This is a concept of safety defense-in-depth. The fewer the
holes and the smaller the holes, the more likely you are to identify/
stop errors and failures that may occur. Barriers need to be always as
robust as possible.
Protective
«Barriers»
Hazard Weaknesses
or «Holes»
Incident
As the holes are frequently changing, regular management reviews,
drawing upon input from performance metrics, audits, and lessons from
lesser incidents, can be used to maintain the robustness of the barriers.
24
Barrier health must be maintained and independently verified as per each
organization’s Process Safety Management framework. This is critically
important regardless of the number of barriers in place.
Peter Drucker says: “What gets measured gets managed.” To better
understand and manage a process safety program, metrics must be put
in place to performance manage the teams working in the office and
on site against defined KPIs. This holds leaders and work crews alike
accountable to deliver safe and reliable operations.
Over the years, the Safety Case program has proven to be a positive
means for organizations to demonstrate to Regulators that they have
done what they can to operate safely. The work completed within
a Safety Case is the culmination of multiple management systems
(Quality, Health, Safety, Security, Environment, Process Safety,
Operations, Maintenance, Asset Integrity, Risk, Engineering, Human
Resources, Planning, Budgeting, Projects, etc.) coming together to
clarify how an organization operates safely with technical, procedural,
and administrative evidence to the Regulator and other stakeholders.
The Safety Case once reviewed and accepted by a Regulator, grants the
Operator a timebound ‘License to Operate’. The evidence to allow for
a Safety Case to be accepted must be continuously reviewed by each
organization to ensure its validity.
Organizational leaders must familiarize themselves with the Safety
Case content, and must hold themselves as well as their teams
accountable to maintain what the Safety Case stipulates and commits
them to do. This is a very formal process demonstrating facility safety
and compliance with regulations ensuring that all stakeholders are of
the same understanding of a facility’s Major Accident Hazard’s (MAH)
risk as well as how this risk is managed, everyone gets to have a say
in the output as part of the consultation process, thus in the end the
document is publicly owned by all stakeholders. It is a vehicle to drive
continuous improvement within the organization and the industry.
“It is wise to learn from one’s mistakes, but it is wiser to learn from others’
mistakes!”
Organizations exist to make profit based on a human need – the end goal
of ‘Safe Production’ can and must be achieved. Process Safety is Good
Business.
About PSM

25
The Oil, Gas, and Petrochemical industry has many inherent process The root cause events may have occurred or been ongoing for a
safety hazards and risks that could harm the people, environment, considerable time before the accident occurrence. Thus, any approach
assets, and reputation. It can interrupt the production and operation that only considers plant barriers will fail to acknowledge the critical roles of
activities which made it necessary to develop a management system for processes and people in the causation of major accident hazards and will
mitigating the Major Accident Hazards (MAHs) and managing process not deliver process safety.
safety issues. Process safety management (PSM) is mainly focused on
Process safety management applies to all stages of a project lifecycle.
managing low-frequency, high-consequence, major accident events. The
Successful process safety management in the operation phase requires
consequences of these accidents may include serious personnel injuries
appropriate activities to have been undertaken during the evaluation/
or fatalities, significant environmental damage, in addition to substantial
concept selection, basic engineering/FEED, and detailed engineering phases,
financial and reputational impact. Process Safety requires that all physical
then continue throughout the operation stage till decommissioning. This is
plants, management processes, and people operate as intended.
described in the following three categories of activity and illustrated figure.
Therefore, process Safety Management needs to be addressed for the
below three barrier types:

• People: People underpin everything that happens (or that does

not happen). Organizational capability, training and competency,
leadership, correct behaviours, and the correct culture are required if
process safety is implemented successfully.

• Processes: The management policies and processes, across the

Design Safe Sustain
whole lifecycle, will identify, create, and sustain the identified barriers Barriers Barriers
and operate within them – e.g., performance management, process
Process
safety in design, operational procedures, competency assurance, Safety
Management
verification, review, audit, etc.

• Plant: The hardware aspects – the systems and equipment, the

tools, and other required technology.

The existence of plant barriers is not sufficient to prevent major Operating

accidents. The barriers’ effectiveness depends upon numerous Discipline

underlying common elements and is affected by the escalation &

degradation factors, such as well-managed organizational practices
(processes) and individual competencies (people), which are essential
at every lifecycle stage to achieve the initial provision and ongoing
Design Safe Barriers - Facilities need to be designed, fabricated,
suitability of the barriers. Only the successful management of the
constructed, and commissioned so that suitable and sufficient barriers
three components in an integrated way can achieve process safety.
are in place to manage risks to a level that is ALARP, when the facility is
A major accident requires multiple barriers to fail (e.g., containment, started up.
ignition prevention, etc.). However, plant failure is only the immediate Sustain Barriers - Barriers must be maintained to continue following
cause. The root causes for such failures will very often be related to their performance standards.
processes and people (e.g., failure to follow correct procedures, failure Operating Discipline - Facilities must be operated within their defined
to inspect or maintain barriers, failure to properly manage change, operational limitations and barriers to their performance standards.
failure to learn lessons from near misses or incidents, organizational
ineffectiveness, lack of training, lack of major hazard awareness).

26
The PSM standards and guidelines (described in detail further in this
book and illustrated in figure 1) provide structured documents to capture
and communicate best practices and lessons learned for all the Egyptian
oil, gas, and petrochemical segments, to prevent the repetition of
major accidents. Whereas the PSM standards are mandatory, the PSM
guidelines are discretionary. However, it is required that the guidelines’
content be understood and considered for implementation by
operations and projects. The PSM standards set minimum requirements
in key areas, particularly concerning process safety-critical aspects of
facilities development, project execution, and operations, which the
PSM guidelines are provided to support and complement. The basic
intent is to:
• Establish, implement, and maintain a process safety management
system to eliminate or minimize process hazards and risks (including
process safety management system deficiencies), take advantage
of opportunities, and address management system nonconformities
• Continually improve its process safety performance and the
achievement of process safety objectives.
• Demonstrate conformity with the requirements of the PSM system to the
key stakeholders, such as shareholders and relevant regulatory bodies.
Each standard or guideline in the process safety management system
is founded on the Plan-Do-Check-Act (PDCA) approach, which requires
leadership commitment and workers’ participation across all levels and
functions of the companies and entities. This model is an iterative process
to be used to achieve continual improvement, as follows:
• Plan: To identify process safety hazards & risks and establish a PSM
system.
• Do: To implement the PSM system processes as planned.
• Check: To monitor the performance of the process safety activities and

associated with the operational process and activities. initiatives.

• Design to eliminate hazards wherever reasonably practicable (e.g., • Act: To take actions to continually improve the process safety

contain hydrocarbons) through inherent safety in design and use of performance and achieve the intended outcomes from the PSM

‘good practice’ to ensure the safety of people. system.

• Reduce risks until they are as low as reasonably practicable (ALARP).
• Ensure the consistency of approach across all the Egyptian oil, gas,
and petrochemical companies.
It is worth mentioning that this PSM Book is only a high-level overview
of the documents, not a practical document. For more details
regarding the implementation purposes, please visit the EGPC USafe
Application or PSM Egypt Website (www.psmegypt.com) to follow the
detailed PSM standards and guidelines.

PSM Glossary of Definitions and Abbreviations Guideline

PSM
Definitions &
Abbreviations

• Safety Case Standard. • Risk Management Standard.

• Safety Case Appraisal Guideline. • Major Accident Hazards Management Guideline.
Safety Risk
• ALARP Demonstration Guideline. Management • Safety Critical Elements Management Guideline.
Case
Standards
• HAZID Study Guideline. and Guidelines
• Process Safety Studies in Major Projects Guideline.
• Inherently Safer Design Guideline.
• Process Safety Program Standard.
• Facility Layout and Siting Study Guideline.
• Process Safety Program Implementation Guideline.
• HAZOP Study Guideline. Process Safety Process Safety
• Management of Change (MOC) Guideline.
• LOPA Study Guideline. Studies Management
• Process Safety Culture Assessment Guideline.
• QRA Study Guideline. System
• Safety Key Performance Indicators (KPIs) Guideline.
• FERA Study Guideline.
• HAC Study Guideline.
• Fire and Gas Mapping Study Guideline.
• Alarm Management Guideline.
Figure 1

27
 The Egyptian PSM
Standards and
Guidelines

28

It is my absolute pride and pleasure that the strategy launched by His
Excellency Tarek El Molla, Minister of Petroleum and Mineral Resources
includes the launch of a process safety system that complements
the occupational safety system. This will prevent serious accidents,
protect lives, assets and property, and prevent environmental damage
in the sector’s companies. This system complies with international
standards, in particular, the standards applied in most petroleum
companies, refineries and chemical industries in the United States
of America and the European Union countries (Chemical Center for
Process Safety CCPS).
In light of this, the Minister requested that all the necessary measures are
to be taken to adopt and apply this system in all subsidiary companies,
based on the Memorandum of Understanding (MoU) signed between
the Ministry of Petroleum and Mineral Resources and Methanex, in
the Egypt Petroleum Show (EGYPS). The MoU mandates technical
cooperation with Methanex to establish and activate a process safety
system in all the Petroleum sector companies. As a result of the fruitful
cooperation with Methanex in this regard, in addition to the existing
coordination between the Egyptian General Petroleum Corporation
(EGPC) and the Ministerial Committee for Process Safety, the process
safety management guidelines have been developed. Furthermore,
the Safety Standardization Committee at EGPC issued the guidelines
for the preparation of the "Safety Case" study. All the process safety
system guidelines were published on the official website
of the Ministerial Committee for Process Safety - psmegypt.com - and
were also made available on the "EGPC Usafe" application, which can be
downloaded on Android and IOS systems.
Regarding the executive aspect of the process safety system
implementation in petroleum companies, EGPC has activated the
ministerial decree (Minister of Petroleum and Mineral Resources
Decree No. 1557 of 2020) in subsidiary companies. This decree included
the formation of a committee headed by EGPC Assistant CEO for
Environment and Safety and graduates of the Capacity Building Team
for Process Safety at the Ministry to carry out process safety and asset
integrity audits and prepare a gap analysis report for all petroleum
companies in accordance with the CCPS standards. This requires all
relevant petroleum companies to develop action plans with specific time
plans to implement all 20 elements of PSM. The same committee shall
also supervise and follow up on the implementation process through
the KPI reports received from companies and subsequent field visits.
This system will enhance the culture of process safety in all companies
through the four pillars of process safety: Leadership Commitment to
Process Safety - Understanding and Analysis of Risks – Risk Management
- Senior Management Review and Continuous Improvement.
I hereby express my full pride and appreciation for being entrusted by
His Excellency the Minister to lead this system. I am fully confident that
this hard work will be crowned with success due to the unprecedented
support provided by the Ministry of Petroleum and Mineral Resources,
represented by the Minister as well as the CEO of EGPC, and the
Chairmen of the holding companies. This is in addition to the cooperation
and collaboration between all members of the team including
Methanex, the members of the Egyptian Process Safety Management
Steering Committee, EGPC and the Ministry's capacity building team
to complete this project in the best way possible, activate the process
safety and asset integrity system in all companies to achieve sustainable
production operations, provide a safe work environment with zero
incidents, and create a suitable climate for more investments in this
great sector and towards the progress of the our petroleum sector and
our beloved Egypt.
Chemist / Gamal Fathy Mohamed
EGPC CEO Consultant for HSE
29
Being appointed to Egypt’s PSM technical sub-committee as its Team
Leader in order to develop Egyptian PSM standards and guidelines was
a momentous experience for me. I had the resolute belief that creating
the Egypt PSM standards and guidelines written and developed by a
qualified Egyptian technical team was a challenging but probable dream.
And here we are on the other side of that enormous achievement.

The PSM technical sub-committee talented members and I worked

in unison to create and develop a professional, fit for purpose and user
friendly technical PSM standards and guidelines which is in line with
industry best practices that establish the core foundation of national
PSM references to be used during the life cycle of Egyptian oil, gas and
petrochemical projects.

I encourage and humbly request all PSM technical authorities in Egypt’s

oil and gas sector to comply and utilize the established PSM standards
and guidelines to ensure safe design and operations of Egypt’s oil and
gas projects.

Amr Fathy Moawad Hassan

Methanex Egypt PSM Senior Consultant
& Egyptian PSM Technical Sub-Committee Team Leader

30
Risk Management

31
Risk Management Standard
EGPC-PSM-ST-00

32
 • Using a consistent language that is understood across the
Overview
subsidiaries and operating companies managed by the entities.
This snapshot showcases an overview of the principles and methodology
• Defining a unified Risk Assessment and Management System
that comprise the key principles and methodology of the Risk Management
Framework for the entities, including a unified Corporate Risk Matrix
Standard, which will focus on the following:
for all HSE and Business risk assessments.

- Risk Management Process • Specifying methods and tools for effectively identifying hazards, risk
analysis, and evaluation using the Risk Tolerability criteria defined in
- Risk Management Process Requirements this standard related to entities’ activities.

- Hazard Identification & Screening • Setting consistent risk tolerability criteria for qualitative, semi-
quantitative, and quantitative risk assessments in line with entities’
- Risk Analysis (Qualitative, Semi Quantitative & Quantitative)
Corporate Risk Matrix.
- Risk Evaluation
• Aiding robust and informed decisions making for the management of
- Risk Treatment HSE risk consistently across entities and their companies.

- Risk Reporting & Communication • Notifying risks and endorsing risk management measures, including
additional actions if applicable, consistently at the appropriate levels of
the organization.
Introduction
• Monitoring the effectiveness of any risk management measures.
The Oil and Gas industry has hazards and risks that are inherent to its
workers, environment, public, assets, activities, operational locations,
and products. Using a standardized approach to risk management that Risk Management Process Requirements
is applied consistently across all types of operation has the advantage of
• Chairperson(s) and Managing Director(s) of each company belonging
accounting for different sources and types of risk (including, but not limited
to any of the entities shall be accountable for conformance to the
to, consideration of the potential consequences of environmental impact,
requirements of this Standard.
security threats, community grievances, and capability scarcity, as well
as personal and process safety incidents). This means that all activities • Each company that belongs to any of the entities shall:

must be conducted in a manner designed to minimize QHSSE risks and - Identify the risks relevant to its accountabilities across the types
protect the health and safety of employees, contractors, customers, the of risks (e.g., Process Safety, Occupational Health & Safety,
community at large, and the environment. Environmental Security, and Compliance);

- Identify, assess, respond to and monitor risks in accordance with this

Purpose standard;

The purpose of this standard is to establish a structured Risk Management - Assess the level of risk based on worst credible accidental scenarios
process and consistent method of ranking the severity and probability of for each of the applicable severity and likelihood criteria defined in
potential hazards to ensure that risks are identified, analyzed, evaluated, Annex A - Corporate Risk Assessment Matrix; EGPC-PSM-ST-00
and treated consistently and assigned to a respective management tier for
- The extent (breadth and depth) of risk assessment is proportionate
implementation, follow-up, and closure. It seeks to help prioritize resource
with the impact level and type of risk and the nature of the impact.
allocation and defines endorsement levels to manage levels of risk. To
The extent of risk assessment may range from a professional
achieve this objective, this standard aims to provide a framework for the
judgment to a formal quantified risk assessment.
following:

33
 - Produce their internal Risk Assessment Matrix based on severity and
likelihood criteria defined in Annex A - Corporate Risk Assessment
Matrix with only allowable changes to financial impact criteria reflecting
their asset value and annual production or profit plans according to
the percentage identified for financial impact.
- Follow risk management measures according to Annex E - Risk
Control Measures.
- Document the risks they are accountable for and how they are
managed.
- Establish and maintain a Risk Register and Risk Action Plan for each
Level 1 (Red), Level 2 (Amber), and Level 3 (Yellow) risks as per Annex
D - Risk Register and Action Plan Template.
- Notify and endorse Risk Register and Action Plan – at a minimum – to
the levels defined in Annex I - Signoff requirements for various residual
risk levels, based on the highest residual risk rating determined by
the colours on the risk matrix.
- Significant changes to risks and their management shall be notified
and endorsed respectively at the levels defined in levels consistent
with the colours on the Corporate Risk Matrix.
• Where improvements are needed to the management of risks, additional
actions with owners, timelines for completion, and resources required
shall be developed and implemented.
• Additional actions can be developed and prioritized based on the risk
assessment, strength of existing risk management measures, strategy
and plans, legal and regulatory requirements, and any other factors that
could affect timing.
• To help decide whether improvements are needed, consider whether
the risk is sufficiently managed by existing risk management
measures. This could include reference to applicable entities’
requirements, laws, regulations, and proven practices in the industry.
• Risks and the effectiveness of risk management measures shall be:
- Specific, Measurable, Achievable, Time framed (SMART)
- Referred to the best available data or expert judgment, and
34
- Monitored to an appropriate extent, reviewed and updated frequently
as identified in Annex H - Risk Management Review Committees. The
extent and how often risk monitoring is conducted is proportionate with
the level and type of risk and the nature of the impact.
• Annex F - Risk Assessment Fundamentals guides the key steps and
expectations of a risk assessment process that might be applied.
Establish Context
Before starting any operation or project, it is important to establish the
context and assess the risks. There should be a clear understanding
of the technical objectives, scale of operations, geographic location,
and timeframe. Taking this into consideration, as well as any relevant
stakeholder input, all potential consequences should be assessed.
The likelihood of occurrence of a hazard and the potential severity of a
consequence is used to assess the level of risk. A realistic view can then
be taken of the worst-case, credible outcome of a scenario, taking into
account the extent to which severe consequences can be foreseen,
particularly those with a low likelihood of occurrence.
Hazard Identification and Screening
For hazards associated with the activities throughout the life cycle of
companies belonging to any of the ENTITIES, all threats and causes
that could lead to potentially hazardous events resulting in undesirable
consequences shall be systematically identified. This can be done using
structured techniques, such as HAZID, HAZOP, HITRA, etc.
Risk Analysis
Risk analysis is an informative analytical process to understand risk
level that includes a detailed examination of the identified hazards,
addressing the potential consequences, and determining the severity
level of addressed consequences, the likelihood of consequences
occurrence, and the risk level. The unified Corporate Risk Matrix
shall be used for carrying out qualitative and semi-quantitative risk
assessments. The Corporate Risk Matrix is separated into four
regions that identify the limit of risk tolerability:
1. Level 1 - High Risk (Red / Intolerable Risk Region): The risk level is not Likelihood Rare Unlikely Possible Likely
Very Almost
Likely Certain
acceptable, and risk control measures are required to move the risk
Severity # 1 2 3 4 5 6
figure to be tolerable and in the ALARP region.
Disastrous A 1A 2A 3A 4A 5A 6A

2. Level 2 - Risk reduction measure (Amber / Medium–High-Risk Region):

Catastrophic B 1B 2B 3B 4B 5B 6B
The risk level shall be mandatorily reduced by applying suitable and
sufficient corrective measures, provided that the implementation of such Major C 1C 2C 3C 4C 5C 6C

measures is ALARP. Serious D 1D 2D 3D 4D 5D 6D

3. Level 3 - Risk reduction measure (Yellow / Medium-Risk Region): The Minor E 1E 2E 3E 4E 5E 6E

risk level requires control measures, provided that the implementation

Notable F 1F 2F 3F 4F 5F 6F
of such measures is ALARP.

4. Continuous improvement (Green / Low-Risk Region): The risk level CORPORATE RISK MATRIX
requires continuous monitoring to prevent deterioration or deviation
from performance standards. For further details on Risk matrix please refer to RISK MANAGEMENT
STANDARD EGPC-PSM-ST-001 on EGPC USafe Application or PSM
Risk analysis may be undertaken using qualitative, semi-quantitative, or
Egypt website.
quantitative methods. Each of these methods is discussed briefly below:

Qualitative Risk Assessment Quantitative Risk Assessment

In the Qualitative Risk Assessment process, the risks are analyzed based
on expert judgment to judge the likelihood and impact of the hazardous
events. The estimated severity and likelihood are plotted on the Risk Matrix
to assign a level and category of the risk. Several techniques can be used in
qualitative risk assessment, such as JSA, HAZID, HAZOP, etc.
The Corporate Risk Matrix includes the definitions of consequence severity
and likelihood levels. If the estimated consequence severity varies for
different categories, e.g., people, assets, etc., then the highest severity
shall be selected for determining the overall risk level.
Quantified Risk Assessments involve a numerical estimate of the risk
from a quantitative consideration of hazardous events probabilities (at
which a release of the hazard may be expected to occur) and the size of
consequences associated with a hazard. These aspects are then combined
to obtain numerical values for risk, which are compared against the Holding
Companies’ Risk Tolerability Criteria to ensure that overall risk levels are
managed to As Low As Reasonably Practicable (ALARP).
Detailed quantified assessment is usually carried out in various studies,
such as QRA & FERA. Each study has an objective and should cover a certain
scope and purpose.

Semi-Quantitative Risk Assessment In carrying out quantitative risk assessments, specific quantitative tools
and techniques are used for estimating the severity of the consequences
Semi-quantitative risk assessments are structured risk assessment
and the likelihood of the hazardous scenario occurring for various identified
techniques that can use simple consequence modelling techniques where
scenarios within the study boundary. For details of the QRA process, refer
applicable to derive estimates of the severity level of the hazard scenario
to Quantitative Risk Assessment (QRA) Guideline EGPC-PSM-GL-008.
and event trees and fault tree analysis for quantifying the likelihood of
hazards resulting in hazards events.

Methods such as Layer of Protection Analysis (LOPA) shall be used for

carrying out semi-quantitative risk assessments. This method may use
techniques such as Fault Tree Analysis (FTA), Event Tree Analysis (ETA), …
etc., to quantify the frequencies.

35
Risk Evaluation Unacceptable
region
Risk can not be justified
except in extraordinary
circumstances
Risk evaluation is used to identify any residual risk (or increased risk level)
and provides inputs to decision making processes on whether risks need Tolerable if
ALARP region
Tolerable only if risk
reduction is impracticable
Risk is taken or if its cost is grossly
to be treated and on the most appropriate risk treatment strategies and only if a benefit is disproportionate to the
required improvement gained.
methods. Subsequently, the purpose of risk evaluation is to assist in making
decisions (based on the outcomes of risk analysis) about which risks need
Tolerable if cost of
treatment and which priority must be assigned for their treatment. reduction would exceed
the improvement

Risks are prioritized for risk response. Unacceptable risks are ranked and Broadly Necessary to maintain
acceptable assurance that risk
prioritized with other risks. A common approach to prioritizing risks is to region remains at this level

divide them into three bands (according to the unified Corporate Risk
Matrix):
Framework for Tolerability of Risk (Ref. ALARP Carrot Diagram Example
• An upper band, where the level of risk (Level 1 - Red) is regarded as Given by UK HSE COMAH)
intolerable whatever benefit the activity may bring, and risk treatment is
essential whatever its costs;
Criteria for Qualitative and
• A middle band (Level 2 - Amber and Level 3 - Yellow), where costs and
benefits are considered and opportunities balanced against potential
Semi-Quantitative Risk Assessment
consequences; and Risk criteria for qualitative and semi-quantitative risk assessment are
defined in the risk matrix used for the assessment. A risk matrix facilitates
• A lower band (Green), where the level of risk is regarded as negligible or
the quick assignment of risk levels for each risk level (Red, Amber, Yellow,
so small that no risk treatment measures are needed.
and Green) demonstrated in the unified Corporate Risk Matrix.

As part of the Qualitative and Semi-Quantitative Risk assessment, once

A Framework for Risk Criteria
risks are identified:
The most common framework used for risk criteria divides risks into three
• They are mapped on the risk matrix in four risk categories (Health &
bands:
Safety, Environment, Financial and Non-Financial criteria), and
• An unacceptable region where risks are intolerable, and risk reduction
• Short-term and long-term risk reduction measures are identified and
measures are mandatory.
against each of the recommendations, residual risk is determined and
• A middle band, or tolerable if ALARP region, where risk reduction mapped on the risk matrix.
measures are desirable but may not be implemented if their cost is
One of the key features of the risk matrix is the accountability of the risk.
disproportionate to the benefit achieved.
Once the risk is mapped on the risk matrix, based on the risk level/category,
• A broadly acceptable region where no further risk reduction measures are accountability is assigned across the management hierarchy for risk
normally needed. reduction, action implementation, follow-up, and closeout.

36
Quantitative Risk Assessment
Tolerance Criteria
Quantitative risk criteria are standards used to translate numerical risk
estimates, as produced by a Quantitative Risk Assessment (QRA), into
value judgments such as ‘negligible risk’ (e.g., the risk value is lower than 10-
6, which means lower than one fatality every 1 million years), that can then
be set against other value judgments such as ‘high economic benefit’ in the
decision-making process.
To define the three bands of risk (acceptable, Tolerable if ALARP, and
unacceptable), two levels of risk criteria are required:
• A maximum tolerable criterion above which the risk is intolerable,
• A broadly acceptable criterion below which the risk is insignificant, and
• Between these two criteria, the ALARP region is laid.
Risks to people may be expressed in two main forms:
• Individual Risk – the risk experienced by a person.
• Societal (or Group) Risk – the risk experienced by the whole group of
people exposed to the hazard. Where the people exposed are members
of the public, the term Societal Risk is often used. Where workers are
isolated, and members of the public are unlikely to be affected, the term
group risk is often used. In this document, the term Societal Risk is used
to encompass both public and worker risk.
Individual Risk Criteria (IRPA)
Individual Risk Criteria are intended to show the frequency at which an
individual (worker or public) may be expected to sustain a given level of
harm from the realization of specified hazards. It is usually taken to be the
risk of death and usually expressed as a risk per year.
Individual Risk is calculated by identifying all sources of fatality risk to a given
individual, deriving the contribution from each source, and then summing
these to give the overall risk. For typical oil, gas, and petrochemical workers,
the primary sources of risk as a minimum are:
• Transport, e.g., road traffic accidents, air/sea transport accidents.
• Hydrocarbon-related, e.g., loss of containment leading to toxic releases,
fires, or explosions.
Individual Risk Criteria are most expressed in the form of Individual Risk Per
Annum (IRPA). The IRPA is a representative worker of a given worker group
considering expected occupancy at all the locations he is expected to be
present within the hazardous location throughout the year. This includes
plants, accommodations, recreational activities, etc. The calculation
excludes the duration for which personnel is not present at the site due
to reasons such as annual leave; personnel is considered not exposed to
facility operations or occupational risk during this duration. This criterion
is applicable to all companies belonging to entities. It is mandatory to
demonstrate that risk levels are within the criteria given in the table below:
Workers Member of public
Maximum tolerable criterion 10 -3 per year 10 -4 per year
Broadly acceptable criterion 10 -6 per year
Tolerability Criteria
At the other extreme is the broadly acceptable region, where the risk is
so low that there is no further requirement to undertake additional risk
reduction measures, i.e., the risk is, or has been made, so small that no
further precaution is warranted.
In between these two extremes lies a wide range of tolerable risk levels
to which the ALARP principle applies, i.e., the risk must be reduced to
the lowest level practicable, bearing in mind the benefits flowing from its
acceptance and taking into account the costs of any further reduction.
Thus, for the risks, which fall within the Tolerable region, some weighing of
costs and benefits, i.e., Cost-Benefit Analysis, is necessary to determine
compliance with the ALARP principle.
Societal (Group) Risk Criteria:
Societal Risk evaluation is concerned with the estimation of the chances of
more than one individual being harmed simultaneously by an incident. The
likelihood of the primary event (an accident at a major hazard plant) is still
a factor, but the consequences are assessed in terms of the level of harm
and the numbers affected (severity) to provide an idea of the scale of an
accident in terms of numbers killed or harmed.
The Criteria may be defined to limit the risk of major accidents and
help target Societal Risk reduction measures (such as restrictions on
concurrent activities or land use, enhanced engineered safeguards,
and improved building siting or protection).
37

FN-Diagram
The FN curve is the curve of cumulative frequency versus the number of
fatalities on a logarithmic scale. FN curves are frequency-fatality plots,
showing the cumulative frequencies (F) of events involving N or more
fatalities. They are derived by sorting the frequency-fatality (FN) pairs
from each outcome of each accidental event and summing them to form
cumulative frequency-fatality (FN) coordinates for the plot.
At the top of the curve is the unacceptable level, on or above which the
risk is so great or the outcome so unacceptable that it must be reduced
immediately.
particular location for 24 hours per day, 365 days per year. This is also known
as Location-Specific Individual Risk (LSIR).
Land use planning (LUP) criteria is a planning tool to advise on new
developments, accommodations that are constructed near the existing
facility boundary or siting the facility in the vicinity of the existing occupied
building area, or master plan updates for existing assets. The purpose of
defining LUP zones is to minimize risk to people around the hazardous
facility by specifying how close certain types of facilities can be developed.
For example, relatively low occupancy nonindustrial development such
as warehouses…etc. can be allowed to be relatively close to the facility
boundary, whereas vulnerable populations, such as schools, hospitals …

At the other extreme is the broadly acceptable level, where the risk is so low etc. need to be further away from the facility.

that there is no further requirement to undertake additional risk reduction

measures, i.e., the risk is, or has been made, so small that no further
Risk Treatment
precaution is warranted.
Risk treatment should comply with legal requirements, as well as
In between these two extremes lies a wide range of tolerable risk levels
government and organizational policies. Therefore, decisions concerning
to which the ALARP principle applies, i.e., the risk must be reduced to
whether risk treatment is required may be based on operational, technical,
the lowest level practicable, bearing in mind the benefits flowing from its
financial, legal, social, environmental, or other criteria. Such criteria should
acceptance and taking into account the costs of any further reduction.
reflect the organization’s context and depend on its internal policies, goals,
and objectives, as well as its stakeholders’ needs. In this respect, a team

Potential Loss of Life (PLL) approach is useful to help define the context properly and for well-targeted
change management during risk treatment.
The other main measure for Societal Risk is the annual fatality rate, where
the frequency and number of fatalities are combined into a Potential Loss
of Life (PLL), which is a convenient one-dimensional measure of the total Reporting Risks
number of expected fatalities.
The Risk Register and Action Plan (RRAP) (see Annex D - Risk Register and
Potential Loss of Life (PLL) is simply the sum of the products of all f-N pairs Action Plan Template) shall be used to record, track, close out, and follow
(i.e., Potential Loss of Life = ∑FN [people/year]) up on all the identified risks.
PLL is well suited for comparing alternative solutions for the same facility,
From the risk assessment process, each company shall develop a Risk
is relatively easy to understand for non-risk specialists, and must be
Register that details the main areas of risk associated with activities in
calculated to be able to derive the cost-effectiveness of risk reduction;
all operating units (e.g., exploration, development, projects, operations),
Lifetime PLL is how risk reduction measures should be assessed by using
including normal and temporary activities (e.g., operation plant, warehouse,
Cost-Benefit Analysis.
marine base, headquarter, drilling activity, seismic).

Risk Contours (LSIR) Criteria for
Land Use Planning (LUP)
Risk contours are iso-risk contours plots that represent the geographical
variation of the risk for a hypothetical individual who is positioned at a
The RRAP shall capture the most significant hazards (together with their
consequences and probability of occurrence), which, if realized, have the
potential to adversely affect the company with consequential negative
impact on its HSE performance and reputation.

38
The RRAP is owned by companies’ managing director(s) while the custodian
is the Risk Champion of relevant risk level. The RRAP is a live document, and
it shall be reviewed and updated frequently as identified.
Risk Communication
It is required that certain risk-related information be communicated to the
workforce. There are three reasons why this is necessary:
a. Members of the workforce are exposed to risk in their daily work lives.
b. Some members of the workforce have key roles to play in the risk
management process relating to the management of risk reduction
measures (barriers).
c. In their day-to-day activities, members of the workforce might interact
with barriers (e.g., via maintenance processes which, if performed
incorrectly, can defeat barriers).
All members of the workforce need an understanding of the following:
a. What existing risks are they exposed to.
Monitor/Review the Risks
All the identified risks and associated risk reduction measures, once
recorded in the risk register, shall be reviewed periodically by associated
stakeholders.
Document Annexes List
Annex A - Corporate Risk Assessment Matrix
Annex B - Risk Assessment Framework
Annex C - Qualitative Risk Assessment Workflow
Annex D - Risk Register and Action Plan Template
Annex E - Risk Control Measures
Annex F - Risk Assessment Fundamentals
Annex G - Roles and Responsibilities
Annex H - Risk Management Review
Annex I - Signoff Requirements for Various Residual Risk Levels
For annexes details, please refer to RISK MANAGEMENT
STANDARD - EGPC-PSM-ST-001 on the PSM EGYPT website.

b. How they are managed.

c. Role of individuals in managing and maintaining barriers. Prepared by:

d. Role of risk management measures. Tamer AbdelFattah
QHSE Senior at United Gas Derivatives Company
Level 1 (Red) risks shall be communicated to the relevant entity as part of
the planning cycle to allow strategic management of risks and to prioritize
Mohamed Sabry
resource allocation at the appropriate level. Annex H - Risk Management
Risk Management and Loss Prevention Studies Executive
Review Committees provides a high-level structure for the Risk
General Manager at GASCO
Management committees at different levels of risks where the risk shall be
communicated.
Technical Consultant:
Amr Fathy Moawad Hassan
Signoff Authority PSM Senior Consultant at Methanex Egypt

The consultation and communication shall be through the Risk Register

and action tracking process. The consultation process is carried out as part
of risk assessment workshops with relevant stakeholders, wherein all the
identified risks from semi-quantitative studies and quantified studies are
captured, monitored, and reported to the appropriate signoff authority and
Executive Leadership Team. Reporting requirements, actions required, and
signoff authority levels for various risk levels are given in.

39
Major Accident Hazard
Management Guideline
EGPC-PSM-GL-006

40
Overview While this guideline has been developed for the purpose of providing an
overview of MAH management with a focus on of identification of MAH
This snapshot showcases an overview of the principles and methodology within the facility, the risk management process, and related barriers &
that comprise the management of the Major Accident Hazards (MAHs) controls for the purpose of managing Major Accident Hazards. Thus, it
guideline, which will focus on the following: does not include the full process for managing SCE, i.e., the impairment
management of SCE, the SCE criticality ranking, the KPI’s. This guideline
- Introduction also does not cover the full scope of formal safety assessment studies,
which shall be addressed in detail in other guidelines.
- Purpose

- Major Accident Hazards Management Methodology

Major Accident Hazard Management Process
- Major Accident Hazard Identification The below chart details the Major Accident Hazard (MAH) management

- Developing Bowties for MAH’s
- Identification of SCE’s and Developing Performance Standard
- Identification of Safety Critical Tasks and HSE Critical Positions
process starting from setting a definition for MAH until verifying the
implementation of assurance activities required to maintain the integrity of
the barriers required to control the MAHs. Each step is mentioned in detail
in the document body.
Set definition for MAH

Introduction Allocate MAH definition into

Risk Assessment Matrix, RAM

This guideline establishes the principles, methodology, and guidance Conduct Hazard Identification Workshop
(Using HAZID guideword checklist)
for the management of Major Accident Hazards (MAHs), using bowties
which are typically used as part of safety case development, taking into Rank Hazard scenarios
based on risk matrix
consideration creating a balance between maximum sustained value and
minimum lowest sustained risk. Other MAH scenarios Does the initial
identified from other No Record specific control for
ranking of the hazard scenario
sources, if any i.e. HAZOP, each hazard scenario
meet the MAH criteria
QRA, Lesson Learned, etc. *

Purpose Yes

Produce Hazard and Effect

Develop MAH list
Register
The main purpose of this document is to establish requirements and
provide guidance for the effective management of Major Accident Hazards Conduct Bowtie workshop
(Develop Bowtie diagrams
Update

for all the MAH scenarios)

(MAHs) during the project life cycle, including the design and operation
phases of a Facility/Entity. This guideline aims to: Develop SCE list (All the
hardware barriers meet
the SCE criteria)
• Develop a clear definition of Major Accident Hazard (MAH);
Develop performance (PS)
• Provide MAH bowtie development rules; Develop Safety Critical
standard for the identified
SCE (PS to include SCE
Tasks (SCTs) document
owner and the required
• Develop criteria for MAH safety barriers concerning effectiveness, assurance tasks)

independence, and adequacy; and, Update Maintenance,

Inspection and Testing
Program to considerPS
• Detail the process for identifying Safety-Critical Elements (SCE), assurance tasks

developing SCE Performance standards (SCEPS), and developing Safety

Verify the implementation
Critical Tasks (SCTs). of Assurance tasks
through audits

This guideline supports the development of a safety case document. (*) Input is Explored and Evaluated During HAZID Workshop

41
Major Accident Hazard Identification
Definition of Major Accident Hazard (MAH)
Major Accident Hazard is a hazard with the potential, if realized, to result in
a major accident.
A Major Accident is a Hazardous event that results in:
• Multiple fatalities or severe injuries; or
• Extensive damage to the structure, installation, or plant; or
• Large-scale impact on the environment (e.g., persistent and severe
environmental damage that can lead to loss of commercial or
recreational use, loss of natural resources over a wide area, or severe
environmental damage that will require extensive measures to restore
beneficial uses of the environment).
(ISO 17776 definition)
Major Accident Hazards may be substances, activities, operations, or
conditions.
Risk Assessment Matrix and Major Accident Hazard
Based on the definition of Major Accident Hazard and reference to the
Corporate Risk Assessment Matrix (RAM), the region of MAH can be
allocated and marked on the RAM.
Any hazard assessed as having a Disastrous Consequence (Severity A)
should be considered a MAH regardless of the likelihood of the event.
Identification of Major Accident Hazard
A Hazard Identification (HAZID) study is commonly used as the basis for
identifying the major hazards and developing the MAH list. HAZID is a
team-based brainstorming analysis used to identify potential process and
non-process hazards. HAZID typically examines all reasonably possible
sources of hazard, including the process design itself and hazards external
to the process design.
ISO 17776 provides an extensive checklist of hazards that can be
encountered in the petroleum and natural gas industries. The HAZID team
could utilize this checklist and risk assess only the applicable hazards to the
facility/entity or process.
For the scope of the safety case, the main objective of the HAZID study is
to identify credible MAH scenarios. MAH screening starts in an Evaluation/
Concept selection study and should be continually assessed and defined
as the design evolves.
MAH risks may change, especially during the operational phase. New MAH
could be introduced, or the risk associated with existing MAHs could change
because of changing operational conditions. If these changes occur, then
the MAH risks should be re-evaluated. Examples of events, changes, or
activities that should trigger MAHs reviews include:
• Major project changes (e.g., process, inventories, production fluids, etc.);
• CAPEX projects (e.g., extensions, new builds);

The following figure shows the MAH mapped on Corporate RAM. • Ageing of the facility;

• New or amended legislation, regulations, standards, etc.; and,

Very Almost
Likelihood Rare Unlikely Possible Likely
Likely Certain • Lessons learned from incidents.
Severity # 1 2 3 4 5 6
During the operation phase and as a minimum, the MAH review process
Disastrous A 1A 2A 3A 4A 5A 6A
should be conducted every five years.
Catastrophic
MAH Area
B 1B 2B 3B 4B 5B 6B
List of Major Accident Hazards
Major C 1C 2C 3C 4C 5C 6C
MAH list is generated as one of the deliverables of the HAZID study. Initial
Serious D 1D 2D 3D 4D 5D 6D
risk ranking, before considering the proposed/existing control measures,
Non-MAH Area determines those hazards that are qualified as Major Accident Hazards.
Minor E 1E 2E 3E 4E 5E 6E

Notable F 1F 2F 3F 4F 5F 6F

42
Note: During the early design phase, evaluations will necessarily be less
detailed than those undertaken during later design and operation phases.
So, any MAH identified from other studies, i.e., HAZOP, QRA, etc., is to be
explored during the HAZID session and to be added to the MAH list.
Each MAH requires further in-depth studying through bowtie. Before starting
bowtie development, the MAH list shall be reviewed to consider any MAH
raised from any other studies and not discussed during the HAZID workshop.
Developing Bowties for Major Accident Hazards
(MAH’s)
Bowtie is a method of identifying prevention and mitigation risk
reduction control measures. An advantage of the bowtie methodology
is its simplicity in delivering a pictorial representation of the MAHs, top
events, consequences, and risk reduction measures, which in bowtie
terminology are called barriers.
For those hazards that are classified to be Major Accident Hazards, bowtie
models are required to be developed to:
• Identify the potential Major Hazard release, escalation, and
consequence scenarios,
• Identify the prevention and mitigation barriers and ensure their
adequacy, and
• Identify the Safety Critical Elements and Safety Critical Tasks required
to effectively manage these hazards.
Bowties can demonstrate the link between controls and the management
system, specifically those relevant to the management of risks (e.g.,
safety-critical elements, critical positions/tasks).
Barrier Adequacy
In establishing the number of barriers required, care should be taken to
count only the independent barriers.
To ensure consistency in all bowtie studies across Egyptian companies, a
criterion for barrier adequacy and sufficiency must be available to take into
consideration the barriers of Independency and strength/effectiveness.
The barrier adequacy criteria specify what is deemed suitable and sufficient
control of threats and mitigation of and recovery from consequences. This
criterion should be considered as a minimum number of barriers and not
an absolute requirement. Where fewer barriers are identified, additional
controls/actions (Risk Reduction Measures)
should be identified to reduce the risks to ALARP.
Where it is not possible to utilize this technique (adequacy criteria) as the
introduction of a new barrier is not reasonably practicable, a team should
include a suitable and sufficient narrative explanation of all the factors
considered and the underlying rationale for the final judgment and the
barriers considered sufficient.
Identification of Safety Critical Elements (SCEs)
and Developing Performance Standards
Identification of Safety Critical Elements (SCEs)
In principle, all barriers in a bowtie diagram are important and need an
ongoing management process to ensure their effectiveness. However,
some barriers can be more important than others, and frequently some
barrier components are designated SCEs and their associated human
actions as safety-critical tasks. This is why barriers could be categorized as
critical and non-critical barriers.
The purpose of this categorization is to indicate which barriers need more
focus and ongoing monitoring, maintenance, and immediate rectification
when required. When a critical barrier fails, it can be assumed that the risks
associated with the threat under consideration are greater, so the chance
of an undesired event occurring increases significantly, warranting the
additional focus and attention on that barrier.
The basis for determining barrier criticality is whether the barrier
components include Safety Critical Element (SCE). SCE is defined by the
Energy Institute as “any part of a facility, plant, or computer program, the
failure of which could cause or contribute substantially to a MAH; or the
purpose of which is to prevent or limit the effect of a MAH.”
Each hardware barrier is subdivided into SCE groups for reporting and
management purposes. These groups are defined by their function,
ensuring the barrier remains in place (they are not defined by location,
equipment type, medium or service, construction type, or technical
authority responsibility).
One of the deliverables from the bowtie workshop is the SCE group list.
The purpose of developing such a list of SCE groups is that the equipment
involved would be ranked higher on the integrity priority program for
inspection, maintenance, and repair, together with measures such as
holding parts in stock to reduce the time for repair.
43
Performance Standard (PS)
For each SCE identified during the bowtie workshop, a performance
standard must be developed. This standard sets out the levels of
performance it must achieve in terms of functionality, availability/reliability,
survivability, and interdependency (FARSI). This ensures that the critical
barriers remain in place and effectively continue to manage the Major
Hazard over time. PSs for SCEs should be described in a safety case for
MAHs that demonstrates the basics of safe operation.
Energy Institute guidelines define Performance Standard (PS) as “A
qualitative or quantitative statement of the required performance of a
safety critical element (SCE) that contains the information necessary
to validate its effectiveness during design, construction, testing,
commissioning, operation and decommissioning.”
In the context of SCE, the Performance Standard defines the performance
criteria for the SCE and contains the information necessary to verify the
effectiveness of SCE during the design, construction, and operation of
the system.
Each SCE should have its own Performance Standard. For example, Active
Fire Protection can be viewed as an SCE at a system level or broken down
into its safety-critical equipment and components, such as pumps, valves,
ring main, associated branch piping systems, and nozzles. Active Fire
Water Protection system functionality performance criteria are measured
to the firewater demand to the worst-case scenario for a certain duration,
while functionality performance criteria for fire pump is pressure and flow
measured at the pump discharge. The advantage of viewing such sets of
safety-critical equipment and components on a system level is that it is
easier to manage them together.
PSs should state the overall MAH management goals (or objectives) of
the SCE. Using these goals, designers and risk specialists should be able
to assess and define the required function and level of performance of the
SCE during the design stage. Operating companies should define PSs for
their SCEs to define the required assurance activities, i.e., maintenance,
inspection, and testing to maintain the integrity of the SCEs. In this way,
there should be a transparent linkage between MAHs, SCEs, and PSs.
SCE performance criteria usually remain appropriate for all facility life cycle
phases, but SCE assurances and verifications are not fixed and change
with the facility life cycle phase, such as:
44
• Design: engineering calculation and analysis.
• Project implementation (procurement, fabrication, construction,
and commissioning): equipment type testing and commissioning
performance testing.
• Operate inspection, maintenance, and testing.
Therefore, PSs for establishing initial suitability may differ from those
used to assess the ongoing suitability of SCEs, and hence separate PSs
should be developed for initial and ongoing suitability for the same SCE.
The requirement contained in PSs should be to assure that SCEs do meet
defined PS criteria across the facility life cycle and so MAH risks meet the
defined risk acceptance criterion.
Reflecting Performance Standards in the Maintenance Program
During the operation phase, performance standard assurance
requirements should be reflected in the company’s maintenance,
inspection, and testing program so that SCEs retain ongoing suitability
and continue to meet their PS criteria.
In order to apply performance standard requirements and to facilitate
scheduling and executing assurance tasks at the tag level, an asset
register shall be developed. Asset register comprising Safety Critical
Equipment or Components that are part of a system-based SCE identified
at tag level with a unique identification number.
Effective SCE assurance during the operating phase is dependent upon the
alignment between the asset register and the PSs.
Identification of Safety Critical Tasks and
Health, Safety, and Environment (HSE)
Critical Positions
Safety Critical Tasks (SCTs) are a group or set of tasks/actions necessary
for the development, implementation, operation, or maintenance of a
barrier established for managing Major Hazards.
Each Safety Critical Task should be assigned to a responsible HSE Critical
Position. Personnel in these positions should be competent in executing
the activity allocated to them. Note: HSE Critical Position is any position
that is required to carry out a Safety Critical Task. i.e., Field operator, HSE
engineer, maintenance technician.
Safety Critical Tasks should have safety critical procedures that have been
Document Annexes List
properly designed and are supported by appropriate training programs
to ensure successful operation. Good communication of operational Annex (1) - Typical Examples of the Major Accident Hazards

instructions should equip personnel to better fulfill duties for the safe Annex (2) - Bowtie Methodology and Examples

operation and maintenance of the plant. Safety Critical Tasks (SCTs) Annex (3) - Bowtie Checklist

should be used as a basis for defining the competency criteria for those Annex (4) - Barrier Effectiveness Criteria

HSE critical positions. Annex (5) - Barrier Adequacy Criteria

Annex (6) - SCE Group for Each Barrier
Several SCTs could be derived from a single barrier. All critical barriers
Annex (7) - Operation Performance Standard Example
on the bowtie must be supported by at least one Safety Critical Task to
Annex (8) - Safety Critical Tasks Example
maintain the Barrier performance.
For annexes details, please refer to MAJOR ACCIDENT HAZARD
Safety Critical Tasks should be written in the active form (e.g., Initiate
MANAGEMENT GUIDELINE - EGPC-PSM-GL-006 on the PSM EGYPT
Emergency Response according to an Emergency Response Plan) and
website.
should be linked to procedures or processes which are identified to ensure
that the activity is carried out when, and as required and be written in the
form of (who does what when and how often). Prepared by:
One of the deliverables from the bowtie workshop and performance Mohamed Mahmoud Hamoda
standard documents is the list of SCTs and the associated HSE Critical HSE Department Head - Pharaonic Petroleum Company
Position that is responsible for executing the SCT.
Technical Consultant:
SCT could be derived from the following:
Amr Fathy Moawad Hassan
• A Human Barrier where human action is required to prevent or limit the PSM Senior Consultant at Methanex Egypt
consequences of major accidents.

• Performance standard document where people are required to inspect,

maintain or test an SCE, or

• From any other general requirement, i.e., PSM element.

45
Safety Critical Element
Management Guideline
EGPC-PSM-GL-007

46
Overview A documented process shall also be in place, describing the course of
action to be followed in the event of barrier impairment. It shall address
the risk assessment process required to determine the ability to continue
- Introduction operations, the additional safeguards that may be required to be put in
place, and the means by which this will be approved and regularly reviewed
- SCE Management Flow Diagram
within the facility.
- Safety Critical Element (SCE) Identification

- Developing Performance Standards for the SCE Safety Critical Element (SCE) Management Flow
- Identification of Safety Critical Equipment Diagram
The below figure provides a logical flow diagram of the activities that
Developing Maintenance, Inspection, and Testing
- should be in place to manage safety critical equipment. The management
Requirements (Asset Care Policy)
process includes the identification of the safety critical equipment and the
- Developing Maintenance, Inspection, and Testing Procedures execution of the required maintenance, inspection, and testing to maintain

Planning and Scheduling Testing, Inspection, the SCE suitability, in addition to the management of SCE impairment.
-
and Maintenance of Safety Critical Equipment
Identify SCE (System Level)
Executing Required Testing, Inspection,
-
and Maintenance of Safety Critical Equipment Develop Performance
Standard for the SCE
Review Feedback from Maintenance, Inspection, (System Level)
-
and Testing of Safety Critical Equipment
Identify and Develop Register
- SCE Impairment Management for Safety Critical Equipment
(Tag Level)

- Operational Risk Assessment (ORA)

Develop Maintenance,
Inspection and Testing (MIT)
- Cumulative Risk Profile (Barrier Health Model) Requirements (Asset Care Policy)

Develop MIT Procedure

Introduction
PIan & Schedule MIT of Safety
This guideline sets out good practices for the management of safety- Critical Equipment

critical equipment. This includes the identification, operation, maintenance,

Execute the Required MIT
inspection, and testing in an appropriate way to assure that the integrity of
Monitor, Review & Intervene
their operation and the facilities they protect is maintained. Yes & Anomalies were
Identified and Not Tackled MIT No
Conducted?
Management should ensure that safety-critical equipment is identified and
appropriately managed, so that they are in service and functioning correctly. Yes

Update the Records Conduct an ORA and Defer

Conduct an ORA Including the Feedback the Safety Critical Equipment
MIT Activity
In addition to assuring and verifying the initial suitability of the SCEs,
Update the Facility's Risk
all facilities shall have in place a program of inspection, testing, and Profile (Barrier Health Model)

maintenance to ensure the ongoing suitability of safety-critical equipment

and their respective barriers. SCE Management Flow Diagram

47

Safety Critical Element (SCE) Identification
Process safety is focused on the control of MAH scenarios with severe
consequences. Based on IOGP and the Energy Institute, the hardware
barriers, implemented by the oil and gas industry for process safety to
prevent/control Major Accidents, can be broadly categorized under eight
hardware barriers:
1. Structural Integrity.
2. Process Containment.
3. Ignition Control.
4. Detection Systems.
5. Protection Systems.
6. Shutdown Systems.
7. Emergency Response.
8. Lifesaving Equipment.
Each barrier is divided into separate systems that form part of the same
high-level functional group. These are referred to as Safety Critical
Elements. SCE is any part of a facility, plant, or computer program, the
failure of which could cause or contribute substantially to a MAH or the
purpose of which is to prevent or limit the effect of a MAH.
So, the starting step in identifying the SCALEs is to identify the MAH
scenarios. Identification of MAH and subsequent hardware barriers were
explained in the MAH management guideline.
SCEs fall into one of the following two groups:
• Passive systems (i.e., process containment, passive fire protection,
escape routes, etc.).
• Active systems (i.e., Fire detection, ESD system, deluge system, etc.).
Developing Performance Standards for the
Safety Critical Element (SCE)
Performance Standards (PS) shall be developed for each of the identified
SCEs. This standard sets out the levels of performance it must achieve in
terms of functionality, availability/reliability, survivability, and interdependency
(FARSI). This ensures that the critical barriers remain in place and effectively
continue to manage the Major Hazard over time.
Performance Standard document shall include:
48
• The levels of performance that SCE must achieve.
• The assurance activities required to meet the required performance.
• The verification activities are required to ensure the implementation of
assurance activities and meet the performance criteria.
SCE performance criteria usually remain appropriate for all facility life cycle
phases, but SCE assurances and verifications are not fixed and change
with the facility life cycle phase, such as:
• Design: engineering calculation and analysis.
• Project implementation (procurement, fabrication, construction,
and commissioning): equipment type testing and commissioning
performance testing.
• Operate inspection, maintenance, and testing.
Therefore, PSs for establishing initial suitability may differ from those used
to assess the ongoing suitability of SCEs, hence separate PSs should be
developed for initial and ongoing suitability for the same SCE.
Identifying Safety Critical Equipment
The next step is to identify the SCE on the tag level. For the sake of
differentiation, the SCE on the tag level will be referred to as “Safety Critical
Equipment.” So, Safety Critical Equipment is the equipment forming part
of a broader system that is safety critical, e.g., one of many gas detectors
that is part of a gas detection SCE.
The facility should ensure that all Safety Critical Equipment is identified,
listed, and included as part of a comprehensive, structured asset register
listing all assets and work equipment at each location and within each area
of operation. Each Safety Critical Equipment should be uniquely named so
that it can be easily identified on the asset register.
Identification of SCE at the tag level is not simple. Typically, an item of
safety-critical equipment could be the ‘child’ of a system already identified
as an SCE, but it does not follow that it is a SCE itself. The failure of an
individual item (equipment) within a system will not necessarily stop the
SCE from performing its functional role.
The following decision-making principles could be applied to ascertain
whether an item or equipment is a safety critical itself:
• Does the safety critical equipment/component item belong to an SCE
system (i.e., as a child of an SCE)?
• Will the failure of the safety critical equipment/component item prevent
the SCE from meeting its performance standard?
The facility should ensure that there is a common understanding of which
equipment should be considered safety critical. The Decisions for both
the inclusion and/or exclusion of equipment as “safety critical” should be
suitably and formally documented inside the facility.
Asset Register
Equipment Functional
Location
Developing Maintenance, Inspection, and Test-
ing Requirements (Asset Care Policy)
The company shall develop maintenance, inspection, and testing
requirements/(ACPs) for each identified Safety Critical Equipment.
This ACP should be developed using risk management principles to
define the appropriate care approach and specific testing, inspection,
and maintenance interventions necessary to deliver the required level
of performance/reliability for each Safety Critical Equipment. It should
establish the most appropriate balance between ‘run to failure,’ ‘condition-
based,’ and ‘time-based’ interventions.
It is likely that, in many cases, a generic ACP will cover a number of identical
or similar pieces of equipment. In these cases, the team developing the
ACPs should consider both the type of equipment and the operating
environment, when deciding whether it is appropriate to develop a generic
ACP to cover a class of safety-critical equipment.

In the initial stages of implementation, it is likely that the extensive use

Equipment Tag
will be made of generic ACPs. Although the degradation mechanisms are
likely to remain the same across a class of equipment, the consequences
of failure may be different depending upon the way it is being used, and
with time, as more comprehensive testing, inspection and maintenance
histories develop for each safety critical equipment, it may be possible to
Is tag a child No differentiate the likelihood of failure. This will allow ACPs to be optimized for
of an SCE each of the identified safety-critical equipment.
system
It is important to ensure that the ACP complies with the legislative
requirements, as well as the company and industry standards
Yes Tag is not a Safety requirements. The SCE performance standard documents shall
Critical Equipment
be considered, during the development of the ACPs to ensure that
the maintenance and testing meet the requirements of the SCE
Will Failure
performance standards.
Prevent SCE No
meeting its
Performance
Standard?
Developing Maintenance, Inspection, and
Testing Procedures
Yes Procedures (or work packs) should be developed for the SCE maintenance,
inspection, and testing in order to ensure a consistent approach and to
Tag is a Safety
achieve the maximum efficiency and effectiveness from the available
Critical Equipment
technology and planning resources.

Safety Critical Equipment Decision-Making Process

49
When a procedure or work pack is developed for the maintenance,
inspection, and testing, it will assemble or reference many different sources
of information. In some cases, this information may have to be developed
from the basics.
In addition to these procedures and work packs, there may be other
reference information such as basic Safety Critical Equipment records,
specification sheets, parts lists, drawings, maintenance procedures,
vendor manuals, and Safety Critical Equipment maintenance, inspection,
and testing history. Decisions should be made on which information is
required, how it will be stored and maintained up to date, besides how it will
be made available.
This reference information may be assembled on an ongoing basis as
procedures/work plans/work packs are developed, or it may be appropriate
for resources to be assigned to address this as a specific initiative. The
choice of approach will typically be based on the current status and
accessibility of the required reference material.
In many cases, a work activity may be repeated in the future, so the
procedures or work packs should be reused wherever possible, in order to
ensure a consistent approach and to achieve the maximum efficiency and
effectiveness from the available technology and planning resources.
Sometimes, SCE maintenance, inspection, and testing activities
address the frequency of testing and the type of test to be carried out
(e.g., proof, function) but not how that testing should be done. The result
is that technicians may only have their standard competence to do the
testing (e.g., electrical), but there is no recognition of its limitations
when applied to SCEs.
Planning and Scheduling Testing, Inspection,
and Maintenance of Safety Critical Equipment
The planning of the work activities should identify how the work will be
carried out and develop the work packs, which should put in place everything
that is required to execute the work safely, efficiently, and in full.
The work pack for the Safety Critical Equipment maintenance,
inspection, and testing should contain a risk assessment and a
procedure incorporating the necessary control measures to maintain
a tolerable risk during the period when the Safety Critical Equipment
is bypassed or defeated for testing, inspection, and maintenance. The
work packs should also define the feedback required from the execution
group that will carry out the work.
50
Whereas the plan should set out how the work will be carried out, the
schedule should set out when the work will be carried out (start, finish, and
duration) and who will carry it out.
The schedule also provides a means of coordinating activities to be carried
out, forecasting and optimizing resource requirements, in addition to
understanding the overall business impact of the planned activities.
The planning and scheduling of the testing, inspection, and maintenance of
the Safety Critical Equipment should be coordinated with other activities,
which may be planned on the same assets or using the same resource
groups.
It should be ensured that the work plans and schedules are reviewed and
agreed upon with the line managers/supervisors/technicians who will be
required to execute them.
Any amendments to job plans or work order scheduling frequency shall
be controlled to ensure that any effects of extending or increasing the
maintenance intervals are fully understood.
The maintenance management system should be configured with the
SCE assurance activities before implementing SCE integrity assurance
activities.
Executing Required Testing, Inspection,
and Maintenance of Safety Critical Equipment
If work is effectively planned and scheduled, its execution becomes
a matter of making sure that everything goes according to plan, i.e.,
ensuring that all identified testing, inspection, and maintenance activities
are completed in full, on schedule, and in line with the plan.
The people carrying out the work should be appropriately briefed, and
everything should be set up in line with the plan.
It will also be necessary to address any issues arising from work, such as:
• The management of emergent work is identified by the testing,
inspection, and maintenance activities.
• The resolution of any deficiencies in the plan. In this case, it should be
ensured that the plan is updated to correct these deficiencies to improve
the plan efficiency for future use.
Following the completion of testing, inspection, and maintenance work, the
necessary feedback should be provided. Specific feedback requirements
should be defined in the work pack for each activity. Typically, this feedback
will include the following:
• As found condition.
• As left condition.
• Performance against the plan.
• Performance against schedule.
It should be ensured that the equipment history is updated to incorporate
the feedback from execution. Responsibility for maintaining and updating
the records should be clearly defined.
In cases where it is necessary to delay the scheduled testing, inspection,
or maintenance of the Safety Critical Equipment, this should be formally
deferred via a risk-managed approach and tracked appropriately and
approved by persons with the necessary delegated level of authority.
Review Feedback from Maintenance, Inspection,
and Testing of Safety Critical Equipment
The company should ensure that the feedback from inspection, testing,
and maintenance is monitored, analyzed, and regularly reviewed in order to
identify the following:
• Necessary modifications to ACPs.
• Bad actors/poor performing Safety Critical Equipment.
• High-cost inspection or maintenance interventions where there is
a justification (opportunity) to change the inspection/maintenance
approach or upgrade the Safety Critical Equipment to reduce the cost.
The identified requirements for improvement projects should be assessed
to evaluate the justification, priority, and feasibility. When justified, the
improvement projects should be developed and implemented in line with
the company’s MOC process.
Safety Critical Element (SCE) Impairment
Management
An impaired Safety Critical Element (SCE) is an SCE that does not fully
meet, or may not fully meet, one or more of its Performance Standard
criteria.
Impairment includes:
• SCE overdue maintenance, inspection & testing.
• Failed SCE (not meeting the performance criteria).
• Degraded SCE (partial failure to meet its functionality).
• Unavailable SCE.
The identification of SCE impairment may result from any of the following
circumstances:
• Through observation during routine plant operations and maintenance
activities.
• Whilst conducting SCE assurance routines.
• During verification, witness testing.
• An unplanned event that reveals SCE impairment.
It should be ensured that the appropriate risk assessment is carried out for
any SCE impairment, through the application of appropriate compensating
control measures together with review and authorization by the authorized
persons. The Safety-Critical Equipment is there to prevent an unsafe
condition from developing: if it is impaired whilst the asset or work equipment
that it is designed to protect is in service, it should be ensured that there are
appropriate alternative robust controls in place to ensure that the risk of an
unsafe condition developing is managed to a tolerable level.
The company should decide who will have delegated management
authority to approve the impairment of the Safety Critical Equipment and
maintain an up-to-date list of these delegated authorities. In parallel with
the management authority, there should be a list of technical authorities.
Approval to impairment should require authorization by both a technical
and management authority.
Operational Risk Assessment (ORA)
The company’s procedures for risk management need to be dynamic such
that they accommodate and account for adverse changes in safety-critical
element (SCE) provision or other abnormal situations that may potentially
increase the levels of major accident risk. This dynamic approach to risk
management takes a number of forms and has various titles applied to the
processes. For the purpose of this guidance, the term Operational Risk
Assessment (ORA) is used.
51
The most common trigger for ORA is the identification of the impaired • The Performance Standards requirements are integrated into the
SCE. Other triggers include abnormal operational situations and changes management system and form the basis for the planned inspection,
to the organizational capability that may compromise the safe operation testing, and maintenance of the barriers at the facility.
of the facility.
• A clear procedure describing the processes for operational risk
Each company should develop, maintain and implement the ORA assessment of impaired barriers is in place.
procedures that achieve a systematic and effective approach to
The following Figure shows the generic barrier model for managing
operational risk management processes.
process safety-related hazards.
It is particularly important to stress that the application of the task risk
assessment procedures, criteria, and guide words focusing on personal Structural Ignition Shutdown Emergency
Integrity Control System Response
injury outcomes only is inappropriate in operational risk assessment.

Cumulative Risk Profile (Barrier Health Model)

The Cumulative Risk Profile process provides an overview of the overall
operational risk, which results from the combined impairments to the full
Process Detection Protection Life Saving
range of barriers in place at the facility. Containment System System Equipment

The objective of the Cumulative Risk Profile is to provide a means to assess Barrier Model

the ongoing effectiveness (health status) of the barriers, their systems,

and equipment and so to assess the increase in the baseline level of risk
resulting from failed or defective, or untested, barriers.
Determining if the barriers can perform in accordance with their
Performance Standards is based on the information gathered from
maintenance, inspection, and testing, plus independent verification
activities and periodic safety case/process hazard reviews and a
knowledge of other activities affecting the barriers, such as inhibits or
over-rides.
Gathering this information and assessing the potential or actual impact
on the barrier effectiveness will provide oversight of the potential
increases in major hazard risk that a facility is subject to during operation
and provide a reliable basis for operational decision-making and control.
When the specific barriers have been identified and agreed upon, they
can be represented in a visual model similar to that shown above. This
can provide the basis for a visual representation of the overall barrier
effectiveness for a facility.
Barriers’ integrity is assured based on three key elements:
• Design and Build Integrity.
• Sustain Integrity.
• Operate with Integrity.
Each of these three elements should be considered in determining the
overall effectiveness of the barriers. However, the three elements are not
all reviewed on the same timescale.

It is a pre-requisite for the development of the cumulative risk profiling
process that the following are implemented and functioning effectively:
• Applicable major accident hazard scenarios are identified.
• Barriers required to manage the risks associated with these hazards are
identified.
Based on the Operational Risk Assessment, each individual barrier can
be classified based on its effectiveness (ability to meet the Performance
Standard). The classification can be represented visually in the barrier
model using a simple color coding, for example, using traffic lighting (green,
amber, and red).

• The minimum acceptable Performance Standards for these barriers are

documented.

52
Where the initial risk shows a significant increase above the baseline level
and where the mitigation measures are considered to be only partially
effective in reducing the risk (such that there is only a small difference
between the initial and residual risk rating), then this may be the basis for
the barrier to be classified as red.
For the same scenario, if the mitigation measures are considered to be
effective at reducing the risk (creating a significant reduction between the
initial and residual risk rating) and where the mitigation measures can be
readily assured, then this may be the basis for the barrier to be classified in
the amber category.
The following figure includes the barriers to health status, considering
the initial risk figure and residual risk figure, after applying the mitigation
measure. This Barrier model could be presented to the senior management
and site management on a suggested monthly basis.
Facilities should consider the following frequencies and drivers for carrying
out an assessment of the barrier health status using the Cumulative Risk
Model.
• In the event of significant change, as deemed by the technical expert
and technical support functions.
• Weekly as part of ORA reviews conducted by the facility-based team.
• Two weekly through a combination of the functional support roles,
including Technical Experts, Asset Technical Authorities.
• Monthly through a combination of asset senior management and site
management as part of process safety and asset integrity governance
review.

Structural Ignition Shutdown Emergency

Integrity Control System Response

Initial Risk
Figure

Process Detection Protection Life Saving

Containment System System Equipment

Residual Risk
Figure

Barriers Health Status

53
The following figure shows the relation between Cumulative Risk and ORA

SCE impairment/ Mitigation Technical

Initial Risk Residual Risk
Barrier Weakness Raise an ORA Measures Authority
Assessment Assessment
Identified Identified Approval

* Senior
Cumulative Risk Facility Manager
Management
Assessment Approval
Review

Barrier Delivers Long Term Decision to

Remove ORA Performance Solution Continue
Standard Implemented Operation

* Management Review on a Suggested Monthly Basis

Typical Cumulative Risk (Barrier Health Status) and ORA Process Map

54
Piper Alpha Incident – North Sea,
UK Sector. Wednesday, July 6, 1988.
Explosion and sinking of the oil
platform. 167 deaths.

55
Process Safety
Management Program

56
Process Safety Management
Program Standard
EGPC-PSM-ST-003

57
Overview Purpose
The purpose of this standard is to help the Companies belonging to
- Introduction EGPC and Holding Companies attain a better overall understanding of

- Purpose that PSM. This standard describes the main components of the PSM,
as well as establishes consistent requirements for planning, conducting,
- Application of the framework of RBPS managmentia and implementing the PSM elements for the Companies belonging to

-
EGPC and the Holding Companies which shall be in accordance with the
Risk Based PSM pillars
requirements of this Standard.
- PSM Program Implementation Approachi

- PSM Elements Performance Requirements Application of the Framework of Risk-Based

- PSM Elements Allocations and Accountability Process Safety (RBPS) Management
Over the years, the process industries have evolved several strategic
Introduction approaches for chemical accident and loss prevention, among these
approaches, the Egyptian PSM steering committee decided to adopt the
Process Safety Management (PSM) is an application of engineering and
risk based approach as it directs most of the efforts, resources and time
management principles and systems to the identification, understanding,
toward the most critical and risky aspects to ensure fast and effective
and control of process hazards to protect employees, facility assets, and
results. However, companies should continue to use an appropriate blend
the environment.
of the other three strategies as well.
It is important to keep in mind that process safety incidents are often “high
consequence, low-frequency events.” Therefore, it is possible for a plant or
facility, and even the entire industry, to have declining numbers of incidents Standards Based Strategy
for many years and then have a very serious incident (multiple fatalities or
catastrophic asset damage) with little or no change in operation. What should I do?

The objective of this standard is to provide a simple fit-for-purpose

structured methodology for implementing a PSM program as per the Compliance Based Strategy
20 elements of AIChE CCPS’s Risk-Based Process Safety (RBPS) PSM
framework to ensure the integrity and safety of the operations, taking into What do I have to do?
consideration design, operational, maintenance, and human factors to
control process safety incidents.
Continuous Improvement-based Strategy
The PSM RBPS standard also helps companies to design and implement
more effective process safety management systems covering (1) The
How can I improve based on my experience?
design of a process safety management system and (2) Improvement of
process safety management practices.

Risk Based Strategy

How can I better manage risk?

58

Risk-based PSM Pillars
Commit to Process Safety: It is the cornerstone of process safety
excellence. Management commitment has no substitute. Companies
generally do not improve without strong leadership and solid commitment.
The entire company must make the same commitment. A workforce that is
convinced that the company fully supports safety as a core value will tend
to do the right things, in the right ways, at the right times, even when no one
is looking. This behavior should be consistently nurtured and celebrated
throughout the company. Once it is embedded in the company culture, this
commitment to process safety can help sustain the focus on excellence
in the more technical aspects of process safety. This pillar contains the
following elements:
• Process Safety Culture
• Compliance with Standard
• PS Competency
• Workforce Involvement
• Stakeholder Outreach
Understand Hazards and Risk: The company that understands hazards
and risks and principals of risk significance is better able to allocate
available resources in the most effective manner to achieve the best and
most effective utilization of the workforce. This pillar contains the following
elements:
• Asset Integrity and Reliability
• Contractor Management
• Training and Performance Assurance
• Management of Change
• Operational Readiness
• Conduct of Operations
• Emergency Management
Learn from Experience: Involves monitoring, and acting on, internal
and external sources of information. Despite a company’s best efforts,
operations do not always proceed as planned, so companies must be
ready to turn their mistakes - and those of others - into opportunities to
improve process safety efforts. The most cost-effective ways to learn from
experience and seek continual improvement are to:
1. Correct deficiencies exposed by internal incidents and near misses.
2. Utilize management reviews as ongoing “due diligence” reviews to
maintain continuous improvement.
3. Apply lessons learned from other companies.
In addition to recognizing these opportunities to better manage risk,
companies must also develop a culture and infrastructure that helps them
remember the lessons and apply them in the future.
This pillar contains the following elements:

• Process Knowledge Management • Incident Investigation

• Hazard Identification and Risk Analysisx • Measurement and Metrics

Manage Risk: Focuses on three (3) issues: • Auditing

1. Prudently operating and maintaining processes that pose a risk. • Management Review and Continuous Improvement
2. Managing changes to those processes to ensure that the risk remains
tolerable.
PSM Implementation Approach
3. Preparing for, responding to, and managing incidents that do occur.
The PSM program implementation approach is based on systematic
Managing risk helps a facility deploy management systems that help sustain
steps to ensure monitoring of the overall process to achieve effective
long-term, incident-free, and profitable operations. This pillar contains the
implementation:
following elements.

• Operating Procedures

• Safe Work Practices

59
• Maintain a Dependable Practice Ensure that the element requirements
are clear, specific, documented, and issued in the company’s guidelines/
procedures to help guide the implementation and execution of the
program and ensure that workforce follows through and complies
with the process in a consistent, safe manner. Guidelines/procedures
should be consistent throughout the company.
• Conduct Element Activities By implementing element guidelines/
procedures consistently over time, guidelines/Procedures that are not
followed are of little value. Tolerance or endorsement of working solely
from memory or using alternatives to approved guidelines/procedures
can lead to highly unpredictable and sometimes unwanted unsafe
operations. To promote their use and full implementation, guidelines/
procedures should be available to the user at the time and location that
they are needed.
• Monitor the System Performance An annual internal audit on the
implementation compliance for each element will help determine
whether the implementation of the element requirements is
performing as intended and producing the desired results. Also,
it is recommended to have an external audit review within 3 to 5
years intervals.
PSM Elements Performance Requirements
The elements were written in a manner that doesn’t make them dependent
on each other and facilitates their separate application. The expected
content for each element is as follows:
• Element Overview - Element description/definition.
• Element Objective - Implementation approach.
• Activities - Minimum requirements to achieve the element performance
expectations.
60
Note: Element activities were founded on the concept of the PDCA cycle
Activities founded on the concept
of Plan-Do-Check-Act (PDCA)
. Create element and system workflows.
. Estimate the workloads and resources.
Plan
. Develop Written Programs/Procedures.
. Roll out the system and ensure
Do consistent implementation.
. Involve competent personnel.
. Provide continuous monitoring of performance.
. Conduct periodic audits and reviews.
Check
. Perform annual executive review.
. Update documents and reportes as needed.
. Adjust plans.
Act
. Maintain Element Work Records.
PSM Elements Allocations and Accountability
Each company covered in the scope of this standard is responsible for the
adoption of process safety management in their processes and ensuring
process safety culture enhancement among their personnel.
They are also responsible for assigning PSM element owners between
departments to maintain accountability and achieve target performance.
PSM Element Owners are responsible for defining and reviewing the PSM
measurements and metrics (KPIs) related to their assigned element, as well
as for ensuring that reporting of KPIs is done within the defined timelines.
The PSM Element Owners are also responsible for keeping and providing,
upon request, records of information to support the reported KPIs.
 Prepared by:
Monitor Organizational Performance
Hany Mohamed Tawfik
The purpose of monitoring the organizational performance is to gauge OHS & PS General Manager - Ethydco
the effectiveness of the PSM program implementation and to prevent
an organizational adoption of such inefficient and potentially dangerous Technical Consultant:
trend. This would ensure that these potential deficiencies are proactively Amr Fathy Moawad Hassan
identified and resolved before they are revealed by an audit or incident. PSM Senior Consultant at Methanex Egypt

61
Process Safety
Implementation Guidelines
EGPC-PSM-GL-012

62
Overview
- Introduction
- Purpose
- PSM implementation road map
- Why PSM?
- Levels of PSM implementation
- PSM implementation stages
Introduction
Process Safety Management (PSM) is an application of engineering and
management principles and systems to identify, understand, and control
process hazards to protect employees, facility assets, and the environment.
It is important to keep in mind that process safety incidents are often “high
consequence, low-frequency events.” Therefore, it is possible for a plant or
facility, and even the entire industry, to have declining numbers of incidents
for many years and then have a very serious incident (multiple fatalities or
catastrophic asset damage) with little or no change in operation.
EGPC and holding companies seek a proper and effective implementation
of PSM. Implementing the PSM program standard (EGPC-PSM-ST-003) as
per the 20 elements of AIChE CCPS’s Risk-Based Process Safety (RBPS)
PSM framework needs preparation for the organization and personal levels.
Purpose
The purpose of these guidelines is to guide the companies that belong
to the Egyptian General Petroleum Corporation (EGPC) and the holding
companies with a pathway for effective PSM program implementation.
These guidelines describe the steps required for progressive system
implementation.
PSM Implementation Roadmap
Implementing the requirements of the 20 elements of the RBPSM as
described in the process safety management program standard (EGPC-
PSM-ST-003) requires preplanning and organization preparation in the first
place to ensure effective and sustainable implementation.
Why PSM?
The necessity of PSM system implementation is increasing day by day.
The traditional occupational health and safety practices are not enough to
control the process-related hazards and have nothing to do with the major
accident hazards.
Various factors can continuously or periodically influence a company’s PSM
system implementation and/or performance; examples include:
• Significant internal or external incidents point out actual or potential
weaknesses or new areas that need to be addressed.
• Economic conditions may bring pressure to reduce the costs and
resources associated with maintaining systems.
• Process changes or mergers/acquisitions that introduce new
processes/ chemicals with new hazards and risks. For example, a
small site may not have previously been required to implement a PSM
system (due to either regulatory or corporate requirements), but now:
- It increases the quantity of a highly hazardous chemical used in the
process and now needs a formal PSM system that will ensure a higher
level of attention to process safety, or
- It is acquired by or merged with a different company that requires a
formal PSM system to be instituted due to the chemicals/quantities
handled in the process to reduce the risk to employees and neighbors,
etc.
• Regulatory changes add new requirements that the PSM system must
address.
• Global expansion leads to issues such as maintaining the PSM system's
robustness and fitness-for-purpose as the company gets larger,
integrating the PSM system of new acquisitions, and instilling the desired
safety culture in personnel in various countries.
Levels of PSM Implementation
Among all Egyptian oil and gas companies, subordinates to the EGPC or
holding companies, there is a variation in the PSM implementation level
due to factors including the nature of operations, process complexity,
compliance to shareholders' requirements, aging factors & asset integrity
issues, the competency & culture of individuals, and the presence of a
management commitment, vision, and leadership.
63
Based on that, the PSM in Egyptian companies is expected to be one 2. Planning (6th clause).
of the following five levels of PSM implementation: 3. Support and operations (7th & 8th clauses).
4. Performance evaluation & Improvement (9th & 10th clauses).
1. A formal system exists and is operational.
2. An informal system is in place.
1 - Secure
3. A system exists but is not followed. Management
Commitment
4. An incomplete system is in place but needs upgrading.
9 - Managing 2 - Assign PSM
5. No system exists. Process Safety
Performance
Custodian and
Management
Sponsor

Also, among the Egyptian Oil and Gas companies, structural and phase
differences might be found. Generally, the company/facility life cycle is
Performance
divided into the following six stages: Evaluation and Leadership
Improvement
8 - Roll Out 3 - Establish
the System a Culture for
1. A facility in design phases (before start-up). Change

2. New company/facility (shortly after forming or start-up).

Support and
3. Acquisition of company/facility. Operations
Planning

4. Facility expansion.
7 - Develop 4 - Adopt PSM
5. Existing facility. a PSM Program Program

6. Decommissioning.

For the above-mentioned, these guidelines will apply to all cases 6 - Evaluate the 5 - Establish
Present Status a PSM Team

PSM Implementation Stages PSM Program High-Level Road Map.

Before implementing the requirements of the 20 elements as per standard

List of Annexes
(EGPC-PSM-ST-003), it is necessary to prepare the organization for this
change and secure the required resources. The PSM program shall be • Annex A – Example for PSM System Rating.
implemented through the following steps: • Annex B – Consultation.
• Annex C – Typical PSM Audit Stages.
1. Secure management commitment.
• Annex D – Communication Steps and Types.
2. Assign PSM custodian and management sponsor.
• Annex E – Steps for Leading Change.
3. Establish a culture for change.
• Annex F – Typical Gap Assessment.
4. Adopt the PSM program.
• Annex G – Example for Workflow.
5. Establish a PSM team.
6. Evaluate the present status. For annexes details, please refer to PROCESS SAFETY IMPLEMENTATION
7. Develop a PSM program. GUIDELINES - EGPC-PSM-GL-012 on the PSM EGYPT website.
8. Roll out the system.
9. Managing process safety performance.
Prepared by:
To make these guidelines relevant to common practice, these nine steps Hany Mohamed Tawfik
are subcategorized under four major stages inspired by the high-level OHS & PS General Manager - Ethydco
structure of ISO management systems standard (10 clauses), as illustrated
Technical Consultant:
in the following figure:
Amr Fathy Moawad Hassan
1. Leadership (5th clause). PSM Senior Consultant at Methanex Egypt

64
PSM Competency
Management Guideline
EGPC-PSM-GL-016

65
Overview Methodology
This snapshot showcases an overview of the principles and methodology Organizational Roles Groups
that comprise the PSM Competency Management Guideline, which will
Division roles are categorized into groups with a single definition for easy
focus on the following:
matching competency levels, as illustrated in Annex A. Job grouping is typical
for the oil, gas and petrochemical industry. However, each company should
- Introduction
calibrate the job grouping to match the company's organizational structure.
- Purpose
Competency Definitions
- Organizational Roles Groups
The proposed competency levels are:
- Competency Topics • Awareness:

- Process Safety Management (PSM) Competency Matrix - Be generally aware of this topic and associated terms.

- May not know the answer but knows where to get more information.
- Training and Competency Assessment
• Basic Knowledge:
- Plan Personnel Transitions/Organizational Changes
- Has general working knowledge of the topic.

Introduction - Has basic training necessary to carry out general tasks.

Many incidents happen because the necessary process safety knowledge - Independent contributor.

or competence is not available at the right time in the right place. Process - Integrates work with other disciplines.
Safety Management (PSM) competency management ensures that the
• Skill:
correct actions are taken to prevent the incident or reduce its severity.
- Advanced experience in the skill.
This guideline provides a comprehensive methodology to manage the
PSM competency within the company to ensure that each working - Applies creative solutions to complex problems.
group has the right competencies for each PSM task. The guideline also
- Can execute most tasks within the topic with minimal or no direction.
provides a framework for the PSM competency assessment and training.
Besides, the guideline describes the requirement for personnel transitions - Has the experience levels to complete assigned tasks.
(organizational changes) and recruitment. Finally, the PSM competency • Mastery/Expert:
monitoring and auditing requirements are discussed briefly to ensure that
- Advanced experience in a particular skill.
the PSM competency management remains effective throughout the
project lifecycle from feasibility study to decommissioning. - Applies creative solutions to complex problems.

- Has specialized training or certification, which may be required for certain

Purpose tasks.

The purpose of this document is to provide minimum requirements and - Defines and drives critical business opportunities and needs.
guidelines for developing, sustaining, and enhancing the PSM competency
- Represents the organization internally and externally on critical issues.
in companies and entities. The main product of competency management
is understanding and using knowledge to make better decisions when - Sets standards within the organization.
faced with an abnormal situation. It also ensures that the process safety
- Recognized as a subject matter expert (SME) with extensive knowledge
competency is one of the requirements of the PSM Program Standard
and skills.
(EGPC-PSM-ST-003).

66
Notes:
• The requirements for each competency level assume that the
requirements for the lower levels are met.
• Contractors who can impact process safety are expected to have
appropriate competencies in the process safety management, based
on their roles and the risk associated with their scope of work. These
contractors include, but are not limited to, operators, mechanics, and
other hourly personnel.
• All full-time operations and maintenance contractors responsible for the
plant's full operation and maintenance shall follow the company PSM
competency matrix with applicable job grouping.
Competency Topics
There are 22 PSM competency topics, requiring a specific level of
competency. These topics relate to the PSM elements, technical safety/
safety in design, and human factors, as illustrated in the table below.
Process Safety Management (PSM) Competency Matrix
A competency matrix is a useful tool for mapping the staff’s PSM
competencies. The PSM competency matrix is shown in Annex B and is
available in spreadsheet format on PSM Egypt Website
(www.psmegypt.com).
Notes:
• Competency-topic custodians included in the PSM competency
matrix are provided as guidance per industry practice. The companies
may assign different custodians for each topic to match the company
organizational structure.
• The target competencies levels for the roles are generally in line with
the industry practice and should be followed. In case companies decide
to change the custodians for some competency topics, the target
competency levels may be changed for these competency topics.
• The PSM competency matrix is not intended to replace each working
group's specific job competency requirements.

PSM Competency Topics

PSM Competency Assessment
RBPS Pillars Competency Topics
The requirement for maintaining the PSM competency expectations for
Process Safety Culture
each PSM competency topic should be included in the job description of all
Compliance with Standards
Commitment to staff for appropriate monitoring and assessment.
Process Safety Competency
Process Safety
Workforce Involvement Companies should plan to conduct gap assessments for existing role
Stakeholder Outreach competencies against the PSM competency matrix at planned intervals
Understanding Process Knowledge Management to ensure maintaining the company's PSM competency profile, preferably
Hazards and Risks Hazard Identification and Risk Analysis once every two years for different proficiency levels.
Operating Procedures

Safe Work Practices

The assessment system's technical contents, including training material
Asset Integrity and Reliability and questions, should be prepared by the company's PSM subject matter
Contractor Management expert (PSM SME) in coordination with the human resources (HR) division.
Manage Risk Training and Performance Assurance If applicable, it would be more effective in the matter of cost and effort
Management of Change to develop an online assessment method instead of a paper-based
Operational Readiness assessment method.
Conduct of Operations

Emergency Management The skill and mastery/expert proficiency levels assessment should be
Incident Investigation conducted via face-to-face interviews by the PSM SME, PSM competency
Measurements and Metrics topic custodian, and HR. In special cases where an expert for a specific
Learn from Experience
Auditing competency topic is unavailable within the company, an external consultant
Management Review and Continuous Improvement
expert in this area should be outsourced to conduct the PSM competency
N/A Technical Safety/Safety in design
assessment in the presence of the PSM SME, PSM competency topic
N/A Human Factors
custodian, and HR.

67
The HR division should coordinate, compile, and record all the PSM Recruitment of Personnel
competency assessment results. It is required that the PSM competency
The recruitment process must ensure the selection of people from outside
be part of the annual performance review. The PSM competency
the company for all positions linked to PSM with the necessary PSM
requirements must be assessed for any new role as part of the recruitment
competencies/skills, aptitudes, and characteristics that will allow them
process for new employees.
to achieve competence given the available help and training. The process
Training must allow the examination of education, existing skills, experience, and
knowledge to identify suitable candidates.
The training approach in this guideline has been structured around a
three-part approach for learning and development, illustrated in the table Monitoring and Audit
below. After the PSM competency gap assessment has been completed
For continuous improvement, an annual audit for process safety
to verify the gap between actual proficiency level and target proficiency
competency should be conducted as per the PSM Program Standard
level as required by the PSM competency matrix, the training department
(EGPC-PSM-ST-003) audit element.
should coordinate with PSM SME and respective division managers to
prepare plan and budget for the improvement actions which explore the
List of Annexes
best possible options to fill the competency gap between the target and
actual competency levels. • Annex A – Organization Job Groups.
• Annex B – EGPC Competency Matrix.
PSM Competency Topics
• Annex C – Competency Definitions.
Leaming and Development Approach Typical Development Activities
For annexes details, please refer to PSM COMPETENCY MANAGEMENT
• Expanding your knowledge by
Self-education, Study & reading the required topics. GUIDELINE EGPC-PSM-GL-016 on the PSM EGYPT website.
Guided Reading.
• Learning through new experiences -
Shadowing experienced personnel.

Learning Through Others - On-job - • Structured mentoring and coaching.

Training {OJT).
Prepared by:
• Receiving feedback.
Amr Fathy Moawad Hassan
Learning Through Education - • Formal training and education.
Training Course. • Professional certification and accreditation.
PSM Senior Consultant at Methanex Egypt

Ahmed Mostafa
The learning through education (training courses) could be performed
Operations Section Head at Egyptian Linear
in-house via classroom or electronic training courses prepared by
Alkyl Benzene Company (ELAB)
the company PSM SME and training department in coordination with
competence topic custodian and entities. This training could be conducted
Technical Consultant:
through an external party if capabilities and resources are available. For
Amr Fathy Moawad Hassan
skill and mastery/ expert levels, the learning is performed by a specialized
PSM Senior Consultant at Methanex Egypt
consultant as per the approved training plan with applicable certification.

Plan Personnel Transitions/Organizational Changes

A succession planning program for technical personnel should be

implemented to prepare qualified internal candidates with the required
PSM competency in case of any transition. The succession plan should
include a formal requirement for the PSM competency assessment and
appropriate PSM training to fulfill the new job competency expectations
to maintain the organization's competency and critical knowledge through
transitions and enhance process safety competency over time.
68
Three Mile Island Incident -
Pennsylvania, United States.
Wednesday, March 28, 1979.
Radioactive gas release. As a
precaution, 144,000 people were
evacuated over a five day period.

69
Management of Change (MOC)
Guideline
EGPC-PSM-GL-018

70
Overview
This snapshot showcases an overview of the Management of Change
(MOC) guideline, focusing on the following main topics:
- Introduction
- Purpose & Scope
- Design of A Management of Change Process
- Developing, Implementing & Operating of MOC Process
Introduction
Management of change (MOC) is a process for evaluating and controlling
modifications to facility design, operation, organization, or activities -before
implementation - to make certain that no new hazards are introduced and
that the risk of existing hazards to employees, the public, or the environment
is not unknowingly increased.
Management of change (MOC) is one of the most important elements
of a Process Safety Management (PSM) system. Changes occur when
modifications are made to the operation or when the replaced equipment
does not meet the design specification of the equipment it is replacing.
Also, more subtle changes can occur when new chemical suppliers are
selected, hazard classifications change, procedures are modified, or site
staffing and/or company organization is revised. Such changes, if not
carefully controlled, can increase the risk of process operation and result
in incidents.
Companies that manufacture, handle, store, or use hazardous chemicals
are committed to effective MOC processes for a variety of reasons. In
addition to a desire to promote process & occupational safety and to
protect the environment, motivations for MOC include the intent to comply
with the following:
1. MOP and Entities regulations require MOC systems.
2. Internal regulations require MOC systems.
3. Safety, quality, and environmental initiatives such as International
Organization for Standardization (ISO) 45001, 9000, & 14000.
Purpose & Scope
The main purpose of this guideline is to explain the process of controlling
planned changes that affect the PSM system performance and address
changes without regulatory impetus because such controls represent
sound business practices for achieving process safety, safety, quality,
and environmental objectives. In addition, it ensures that all the PSM
system requirements and business aspects have been considered before
implementing any change that affects asset integrity.
The purpose includes how to control temporary and permanent changes
to enhance process safety opportunities and ensure that there are no
negative effects of these changes on the PSM system performance. The
purpose also includes that companies review the results of the changes
and take measures to mitigate any negative impact and seize possible
opportunities.
It is intended that the MOC guideline applies to all sites in upstream,
midstream, and downstream facilities of the oil and gas sector. This
guideline covers any MOC except for the following:
• Administrative Changes and Organizational Changes shall comply with
the human resource disciplines in MOP and relevant entities' instructions
and policies.
• Procedural Changes shall comply with the documented information
instructions and/or procedures in the management systems of entities
and companies.
• Capital Project Changes shall comply with the project management
instructions in the management systems of entities and companies.
• Replacement In Kind (RIK).
It is suggested that the MOC procedures that will be prepared under
this guideline include any change from the initial design of the plant,
equipment, chemicals, and catalyst that:
• Change from design specification, and functionality, in respect of
addition, deletion, and replacement of equipment/hardware items.
• Changes in the PFD and P&ID, i.e.,
- Addition or deletion of any item in the PFDs and P&IDs.
- Changes in the location of any item in the workplace layout drawing.
71
 - Set point or any configuration of any safety device outside the
previously established operating range.
• Changes in the equipment location or any item in the workplace layout
drawing.
• Change in set point or any configuration of any safety device outside the
design range.
Design of a Management of Change Process
The MOC Decision Tree
Any engineering change that satisfies the following criteria shall constitute
a ‘Modification’ and shall be implemented through the Management of
Change (MOC) process. This process shall also be applied when the
modification is done temporarily.
Types of Changes
There are several classifications of changes. There is a classification
based on the timing and duration of the change, where the classification
is braked into permanent, temporary, and emergency change.
As well as a classification based on the nature of change, so we find
technical/engineering/operational changes, procedural changes,
administrative changes, capital projects, and organizational (people)
changes.
Replacement In Kind RIK
A replacement in kind or like for like is defined as “an item (equipment,
chemicals, procedures, organizational structures, people, etc.) that meets
the design specification, if one exists, of the item, it is replacing. This can
be an identical replacement, or any other alternative specifically provided
for in the design specification, as long as the alternative does not in any
way adversely affect the function or safety of the item or associated items.
For nonphysical changes (relating to procedures, personnel, organizational
structures, etc.), no specification, per se, may exist. In these cases, the
reviewer should consider the design and functional requirements of the
existing item (even if nothing is written down) when deciding whether
the proposed modification is an RIK or a change”. RIK shall be examined
formally in the MOC committee meetings.
72
MOC process Lifecycle
The MOC process is outlined to cover the stages of RFC initiation, RFC
Approval, MOC Engineering, MOC Implementation, and MOC Close-Out,
illustrated in the MOC Process Map/Flowchart (see annex A) and has the
following major components. The MOC process has the following major
components:
1. Initiation: The need for change is established, risks of not implementing
have been assessed, and an internal review has been done. A Conceptual
design package is assembled, sufficient for the technical review. This
step includes the screening of RFC, by giving justification to illustrate
that the change required is reviewed, and the MOC priorities are defined.
2. RFC Approval: The approval is based on the screening and technical
reviews conducted by the reviewers (MOC committee) on the MOC
document package and endorsement by the Process Safety Engineer or
Specialist, then the approval is given for detailed design and execution.
3. MOC Engineering: That includes the design and HIRA studies for
MOC, i.e., selection of options, technical studies, detailed design, HIRA
studies, technical reviews, and the implementation of action plans of
HIRA studies.
4. MOC Implementation: Physical execution (construction,
implementation, installation) of change, mechanical completion,
documentation update, PSSR, and authorization of start-up.
5. MOC Close-Out: Complete post-start-up action items and MOC closure.
Developing, Implementing & Operating of
(MOC) Process
The following key principles should be addressed when developing,
evaluating, or improving any MOC process:
• Identify potential change situations, which include the definition of the
MOC process scope and how to manage all sources of change.
• To evaluate the possible impact, the following essential features should
be considered:
- Provide appropriate input information to manage changes.
- Apply appropriate technical rigor for the MOC review process.
- Ensure that MOC reviewers have appropriate expertise and tools.
• Decide whether to allow the change, once a change has been reviewed and
its risks evaluated, management can then decide whether to (1) approve
the change for implementation as requested, (2) require an amendment
to the change request or implementation process, or (3) deny the change
request. For facilities to adopt and implement appropriate MOC approval
protocols, the following essential features should be considered:
- Authorize changes.
- Ensure that change authorizers address important issues.
Ensure that the update of drawings and procedures are implemented,
affected personnel be trained, required risk control measures be
implemented, and so forth. To ensure that approved MOCs are properly
concluded, the following essential features should be considered updating
records, communicating personnel changes, enacting risk control
measures, and maintaining MOC records.
Request for Change Request for Change (RFC) Approval Phase
The Change Initiator identifies the change in the "Request for Change
(RFC) Form" and provides an initial change layout, available drawings, and
support documents. Then, he shall submit these documents for screening
to the initial reviewer (Process Safety Engineer/Specialist), who shall
ensure that the proposed change complies with the modification criteria
mentioned in the scope of this procedure and that it is not a Replacement
In Kind (RIK) nor a repeated RFC, and alternative change may be proposed.
The Process Safety Engineer/Specialist shall implement a preliminary
assessment to determine the Significance of Change (SOC) level of the
change by determining the degree of hazard and the degree of change.
Significance Of Change (SOC) Level determination
The initial assessment of the change results in the categorization of the
change to be one of four levels, as the following:
Level 1 - Examples would include the changing of process and alarm set-
points beyond the previously established limits or modifications to normal
operating procedures. A Design review shall be done in this case.
Level 2 - Examples would include pipeline rerouting, a replacement that is
“not-in-kind,” and upsizing equipment and/or process components where
relief and/or safety systems are not impacted. A simple PHA as a What-If
or checklist would be recommended as a minimum.
Level 3 - Examples would include additions or changes within the relief and/
or blow-down system, the changing of process control/alarm functions,
fire and gas alarm system, firefighting and cooling system, the installation
of temporary by-passes, and/or similar systems. In these cases, a more
rigorous PHA should be employed, such as a HAZOP study.
Level 4 - Examples would include new major modifications to existing
facilities, pipelines, and similar projects. In these cases, a detailed HAZOP
study and QRA should be performed.
Note: The responsibilities of the relevant departments shall be based on
the determined change level.
RFC Management Approval
If the initial reviewer (Process Safety Engineer/Specialist) and other
reviewers approve the Request for Change (RFC), It shall be submitted to
the Asset Owner Manager and the site General Manager for review and
approval/rejection. In case of approval, the Asset Owner Manager shall
assign an Engineer In Charge (EIC).
Engineering Phase
The Engineer In Charge (EIC) is responsible for preparing a study that
includes the Engineering/detailed design of the change/ feasibility study
if needed, and the scope of work for the implementation phase. Moreover,
he is responsible for preparing a presentation that describes the study of
the MOC Committee meeting that shall be held later. All the documents
relevant to the change should be provided. The MOC Committee meeting,
where the Engineer In Charge (EIC) shall make a presentation and provide
the study details of the change, shall be held according to the agenda
prepared by the MOC Coordinator.
The MOC Committee members shall review and evaluate the proposed
modification to ensure that it resolves the root causes of the problem
stated, is fit for purpose and is compatible with the operating policies.
They shall provide recommendations, if any. The Process Safety Engineer/
Specialist shall fill in the MOC form during the MOC Committee meeting.
Priority is based on impact and urgency, and it identifies required times for
actions to be taken. The priority level of the change shall be specified. Four
priority levels are to be given, 1,2,3,4 as follows:
73
• Priority 1 is given to MOC relevant to an HSE issue or a safety critical
element/task/barrier.
• Priority 2 is given to the MOC that would increase production, prevent
production losses, or is associated with short-term time constraints.
• Priority 3 is given to the MOC that would improve the company's asset
reliability.
• Priority 4 is given to the MOC relevant to infrastructure modifications.
The MOC Committee shall implement, by themself or through the
appointment of specialists from inside or outside the company, the
adequate Process Hazard Analysis (PHA) and Risk Assessment (RA) for
the proposed change, according to Risk Management Standard. In case
the risk is found to be HIGH, the MOC shall be undergone by a third party
(Outside Engineering Contractor). Meanwhile, if the risk is found to be
LOW, the implementation can be done indoors. The MOC Committee
shall review the budget/cost estimate of the proposed modification and
allocate the budget as shown in the MOC budget allocation chart.
Furthermore, the MOC Committee shall decide during the meeting the
following:
1. Either the change implementation requires a new JSA, or a routine JSA
is already available.
2. Whether the proposed change affects the routine of the maintenance
or not.
3. If a Prestart-up Safety Review (PSSR) is required before the change is put
in service.
Management of Change (MOC) Approval
The final MOC package shall be circulated for review by the MOC
Coordinator for final approval of all MOC committees.
Note: for MOC levels 1&2, the final approval shall be done by the site
manager. For MOC levels 3&4, the final approval shall be done on RFC from
the top management.
Implementation Phase
The Engineer In Charge (EIC) shall arrange all the necessary resources
(i.e., personals, spare parts, and tools) to implement the change. The
implementation may be done by contractors.
74
The MOC Coordinator shall coordinate the PSSR in case it is decided to be
required during the MOC meeting. Upon completion of implementation, the
EIC and the implementation party shall submit all completed documents
to the MOC Coordinator to update the Process Safety Information (PSI).
Pre-Start-up Safety Review (PSSR)
Pre-Start Safety Review is a method of reviewing and evaluating all aspects
of a change project, a piece of equipment, instrumentation, process unit,
etc., that has been modified. This review is done by the Change initiator
(EIC), an operation Engineer for MOCs related to workplace modifications,
and the MOC Coordinator. This review takes place before commissioning,
activation, start-up, or operation through a pre-prepared checklist,
according to the approved design specifications, to ensure that certain
important consideration has been addressed before the change are
introduced into the process.
Close-Out Phase
The Process Safety Engineer/Specialist shall follow a closeout review of the
performance of the change after being in service and its impact on other
systems and report any failure. The MOC Coordinator shall update the
process safety information (PSI), logs the MOC in the MOC records, and
inform all relevant departments of the change completion. Note that the
closeout review is an approval mechanism for verifying that tasks required
for a change have been completed.
Deliverables from the Change
The MOC Coordinator shall ensure that the entire change cycle is
appropriately documented for each MOC process or case. Examples of
the deliverables may include engineering drawings such as PFDs and PIDs,
equipment lists, narrative safeguarding by instrumentation, alarm and
trip set points list, narrative process controls, and an instrument loop and
instrument logic diagram.
Note: The MOC will not be closed unless they are ensuring the completion
of complete the training of the relevant employees (including the
emergency room members - if necessary - because they may affect during
emergencies).
Temporary Changes
A temporary change is a change with the intention of returning to
the original design condition, and it has a specific expiry period (e.g.,
the number of days from the implementation date). Changes beyond
this period shall be re-evaluated and re-approved by the approving
authorities. All temporary changes shall be evaluated using the same
considerations as permanent changes.
Emergency Change
Emergency changes are those required in a situation where the
time required for following the normal MOC steps could result in an
unacceptable safety hazard, a significant environmental or security
incident, or extreme financial losses. This shall only be applied in High/
Medium risk situations. An initial risk assessment using Company's Risk
Matrix shall be performed before raising the Request For Change (RFC).
Justification and risk control plans shall be documented.
Emergency change requests require a fast-track process to effect the
change and to be implemented during the time it takes to complete
the change request. These include RFCs raised on an emergency
basis, initiated during weekends or in the middle of the night due to an
urgent process site situation, such as bringing the process site back
to a safe state.
• MOCs after HIRA: MOC can be cancelled based on high-risk or major
operability issues identified during the HIRA stage. MOC Coordinator
shall submit the MOC to the site manager for formal cancelation.
In all cases, the MOC Coordinator subsequently notifies the EIC regarding
the MOC cancelation.
Management of Change (MOC) Recordkeeping
All MOC documentation is subject to companies' documented information
procedures. The original or copies, where no original is available, of all
documentation associated with MOC are to be retained by the MOC
Coordinator after closure. MOC documentation shall be retained for the
entire lifespan of the process site.
List of Annexes
• Annex A – MOC Decision Tree.
• Annex B – MOC Process Map / Flowchart.
• Annex C – Request for Change Form (Proposed).
• Annex D – MOC Form (Proposal).
• Annex E – MOC Budget Allocation Chart.
• Annex F – List of Replacement In Kind (RIK) Examples.
• Annex G – MOC Audit Form.
• Annex H – PHA Form.

Management of Change (MOC) Timeliness For annexes details, please refer to MANAGEMENT OF CHANGE (MOC)
GUIDELINE-EGPC-PSM-GL-018 on the PSM EGYPT website.
Changes are pertinent with their timeliness to get the real benefit of the
changes. Accordingly, MOC priority has to be determined at the initial
stage of the MOC process, and then a timeframe shall be established
Prepared by:
for each step. Companies, in their MOC procedures, shall define these
Ahmed Mohammed Ibrahim Mohammed Roustom
requirements to manage such changes for their facilities.
Risk Management and Loss Prevention Studies
Management of Change (MOC) Cancelation Assistant General Manager – GASCO

During any MOC, there may be concerns raised or the project may be
Technical Consultant:
cancelled during the review process, which would make it necessary to
Amr Fathy Moawad Hassan
cancel the MOC. The MOC Coordinator shall be notified in writing of the
PSM Senior Consultant at Methanex Egypt
request for cancelation, including a brief explanation of why the MOC is
being cancelled. MOC shall be cancelled in the following two ways:

• MOCs before approval: MOC Coordinator shall submit the MOC to the
MOC Committee for formal cancelation.

• MOCs after approval: The MOC Coordinator shall submit the MOC to
the site manager for formal cancelation.

75
Process Safety Culture Assessment
Guideline
EGPC-PSM-GL-020

76
Overview Process Safety Culture Assessment
Many of the qualitative elements of culture may be unique to an individual
- Introduction facility or even to a specific work group within the facility. It is very difficult to

- compare results and establish qualitative standards across different work

Purpose
units, but it is still possible to establish a baseline and measure progress
- Process Safety Culture Assessment over time within the same (or similar) work units.

- Process safety culture survey When conducting a culture assessment, data is best collected in a variety
of ways designed to encourage a complete and accurate disclosure while
- Process Culture Survey Methodology
minimizing any bias imposed by the collection process. The result can then
be compared to eliminate (or explain) inconsistencies. Various collection
Introduction methods consist of:

People play a key role in PSM system implementation. Systems are • Written surveys.
created, followed, and assessed by people. In addition, safety and process
• Focus Group Interviews.
safety measures require people to design, construct, maintain and operate
assets; hence, people can be a cause of incidents (due to human error) and • Individual Interviews.
can act as a barrier to prevent them. All incidents are directly or indirectly • Process Safety Metrics.
caused by people’s behavior or human error.
In this document, a written survey was adopted and used to provide an
The facilities need to conduct Organizational Culture Assessments to easy application. Qualitative techniques can be done without having the
assess individual and group values of safety and risk tolerance within each need to outsource third-party.
work group. One objective of the Process Safety Culture Assessment is
to gauge the commitment and effectiveness of an organization’s process Written surveys, such as the Baker Panel Survey Instrument, are useful

safety management program by evaluating attitudes, perceptions, for comparing and measuring shifts in employee perceptions over time.

competencies, and patterns of behavior. Once these issues are known, Written surveys are easy to administer and analyze, and they can be useful

a facility can direct the design, execution, evaluation, and continuous in measuring perceptions.

improvement in the work environment to affect changes to safety-related

behaviors and attitudes that ultimately minimize accidents. Process Safety Culture Survey
A process safety culture survey using a questionnaire can be used as
Purpose a tool to identify gaps in process safety culture in an organization and

The purpose of this guideline is to guide the companies that belong recommend actions for improvement, a process safety culture survey

to EGPC and entities to conduct a survey, assess and analyze the can give insight into the organization’s response toward safety, and it

process safety culture level of the company and identify and implement can also be considered as a proactive tool to predict or signal possible

improvement opportunities to enhance process safety culture and future failures. On the other hand, a safety culture survey that shows

achieve process safety objectives. employees do not feel safe at work is a leading indicator that the safety
process performance needs to be adjusted or action needs to be taken to
mitigate possible risks that can arise from either the work environment or
the organizational culture.

77
The best practices show that the questionnaire is best constructed based
on the following aspects:
• Process Safety Reporting.
• Safety Values/Commitment to Process Safety.
• upervisory Involvement and Support.
• Procedures and Equipment.
• Worker Professionalism/Empowerment.
• Process Safety Training.
Questions or objective statements are written such that employees can
answer the extent of agreement or disagreement with the statement. This
type of measurement is a Likert scale. The Likert scale is a rating scale that
quantitatively assesses opinions, attitudes, or behaviors.
The objective results of the extent of agreement/disagreement can then
be categorized as an extent of commonly held sets of values, norms, and
beliefs that forms the facility process safety culture.
The questionnaire was prepared, and the validity of its questions was
measured to illustrate the possibility of relying on them in assessing the
process safety culture among workers in the Egyptian petroleum sector
through several verification stages according to the following steps:
• A draft of the questionnaire was prepared in the Arabic language
by one of the process safety experts in the Egyptian PSM Technical
Subcommittee with reference to the "Baker Panel Questionnaire" that
was prepared internationally for the same purpose.
• The draft was reviewed by members of the Egyptian PSM technical
subcommittee who have cumulative experience in all aspects of PSM
elements to illustrate that the questionnaire includes clear, structured,
consistent, and comprehensive questions. Then the questionnaire was
modified according to the proposals for the amendment.
• The internal (statistical) validity and reliability coefficient of the
questionnaire was calculated and verified through the following:
a. Determine the number of experimental sample members for some
workers in an Egyptian firm working in the petrochemical industry (the
number of the sample was calculated using the Stephen Sambathon
equation).
78
b. The questionnaire was distributed to approximately 10% of the sample
members (a specified percentage of the experimental sample) of
various disciplines.
c. The Alpha coefficient of Cronbach (statistical coefficient used to
measure the validity and reliability of the questionnaire's phrases
and the accuracy of the results taken from this questionnaire), and
it has been shown that the results of the Alpha coefficient are good.
That illustrates the significant statistical validity and reliability of
the questionnaire.
From the above, the validity and reliability results of the questionnaire's
phrases are good; therefore, the questionnaire can be applied in
assessing the culture of process safety for workers in the Egyptian
petroleum sector companies.
Process Culture Survey Methodology
Pre-Survey Preparation (Survey planning)
PSM team will prepare a Culture Survey plan and send it for approval and
coordinate with a focal point of each Division to implement the process of
safety culture survey complied with an approved plan.
Pre-Survey Communication
Prior to conducting a survey, it is important to set the stage well before
the survey is issued. This will help to enlist employee buy-in and provide
a basic understanding of why the survey is being conducted. People will
be more willing to participate if they know what the objectives are, that
the survey is endorsed by senior management and that the results will
be shared. Several different communications should be issued at varied
time intervals leading up to the actual survey being issued.
Survey Implementation
All participating personnel shall answer the questions in survey form
(Annex A&B), and after the survey, the focal point of each Division collects
the filled survey forms and send them to the PSM lead for data collection,
result in analysis, and final reporting.
Interpret and Communicate the Results,
Analysis of the data should be completed within a reasonable time after
the survey is closed. Information about the raw data observations should
be provided to employees as soon as possible to recognize and reinforce
the value placed on the survey and on their participation in it.
Establish Action Plan
Pre-Survey Interpret and
Pre-Survey Survey
Communication Communicate
Implementation
Establishing an action plan is an essential part of the process safety Preparation
the Results

culture assessment process, and it depends on the nature of the

feedback provided. Prior to developing a plan of action for any possible
improvements, an additional study may be required to determine why
employees responded to questions in a particular way. This can be an Follow Up
Communication
Final Report
Establish
Action Plan
important step to help ensure that corrective action plans are credible.

Final Report
Survey Steps
Process safety culture assessment final report shall include the following
as a minimum: List of Annexes
• The average score of process safety culture survey items. • Annex A – Process safety culture survey template (English).
• Annex B – Process safety culture survey template (Arabic).
• General comments from the survey.
• Annex C – Culture ladder
• Results analysis and an evaluation of the current process safety culture
level. For annexes details, please refer to PROCESS SAFETY CULTURE
ASSESSMENT GUIDELINE -EGPC-PSM-GL-020 on the PSM EGYPT website.
• Observations and suggestions (action plan) for enhancing process
safety culture level.

The report is to be presented to management and the workforce and Prepared by:
should be within one month of data collection. Hany Mohamed Tawfik
OHS & PS General Manager - Ethydco
The implementation of improvements should start within three months of
the report presentation. Technical Consultant:

Follow-Up Communications Amr Fathy Moawad Hassan

PSM Senior Consultant at Methanex Egypt
Providing employees with follow-up information regarding the safety
culture survey is a key action item. This is particularly important if you
plan to conduct future surveys, as it will help to demonstrate the value of
participants’ time. The information provided should be as transparent and
open as possible and should clearly identify any deficiencies that need to
be addressed.

79
Process Safety (KPIs)
Guideline
EGPC-PSM-GL-025

80

Overview
This snapshot showcases an overview of the process safety key
performance indicators guideline, focusing on the following main topics:
- Introduction
- Purpose & Scope
- Process Safety KPIs Selection
- Reporting & Communication Of Process Safety KPIs
Introduction
Process safety Key Performance Indicators (KPIs) are an area of strong
interest to industry, regulators, and experts as key enablers to improve
process safety performance across the industry. The need for well-
established process safety KPIs leads to the development of the guideline
(EGPC-PSM-GL-025) to focus on process safety Key Performance
Indicators. Tracking KPIs is vital to help companies to understand the
state of their facilities and systems, as well as provide entities with an
indication of impending issues.
Purpose
The purpose of the KPIs guideline is to help companies to establish a
structured process to measure process safety performance. Having a
proper measure of Process Safety Performance will assist the decision-
making process in entities and companies in the process safety issues and
effectively use the resources. To achieve this purpose, this guideline aims to:
• Provide information to decision-makers about the company’s
performance in controlling their process hazards and risks, helping
companies to monitor their PSM performance, and measure the
strength of process safety barriers.
• Define consistent technical language and terminologies of process
safety KPIs to ensure that they are understood across all companies and
entities.
• Develop and implement an integrated process safety Key Performance
Indicators (KPIs) reporting system among all companies, contractors,
and sub-contractors through unifying reporting boundaries of process
safety Key Performance Indicators (KPIs).
• Provide feedback from the employees and motivate them to actively
participate in the implementation of the PSM system.
• Help companies provide transparent disclosure of their performance to
stakeholders and illustrate the controls of the potential Major Accident
Hazards (MAHs).
• Provide many opportunities for companies to develop their annual
sustainability reports through the Global Reporting Initiative (GRI).
• Identifying areas that require remedial actions and what are the most
important basic points that need improvement.
• Assess whether the measured performance on process safety meets or
exceeds industry norms by benchmarking Key Performance Indicators
(KPIs) data against industry averages and by sharing lessons learned
with other entities and companies when available.
• Ensure compliance of companies, entities, contractors, and sub-
contractors with Egyptian legislation and other requirements such as
international standards/guidelines for process safety Key Performance
Indicators (KPIs).
Process Safety KPIs Selection
Consider the operations that will be monitored when selecting Key
Performance Indicators (KPIs). Selected Key Performance Indicators (KPIs)
should reflect the most likely problem areas that may arise for the specific
operating situation and the available staff to maintain or monitor Key
Performance Indicators (KPIs). There are two methods to select Process
Safety KPIs:
Use Published Guidance on Process Safety KPIs:
Many organizations guide Key Performance Indicators (KPIs) for evaluating
process safety performance. Trade organizations (such as the American
Petroleum Institute, the American Chemistry Council, and the National
Petrochemical Refiners Association), professional organizations (such as
the American Institute of Chemical Engineers and the Centre for Chemical
Process Safety), and academic institutions (such as Texas A&M).
81
Use the Barriers Thinking (Recommended Method): Step (3) - Confirm critical process and integrity barriers to prevent major
incidents:
One documented method uses process safety barriers identification
for KPIs selection. This concept uses indicators associated with critical It is important to determine and periodically confirm the risk control barriers

process safety barriers to evaluate PSM performance. This basic concept which are critical for the prevention of major incidents and to ensure

can be focused upon three information sources: that KPIs are in place to measure the effectiveness of these barriers. At
the facility or corporate level, there are three types of inputs that can be
• Use hazard analysis findings to identify potential high-impact events
used together to help identify weak or critical barriers. These inputs are
and the process safety barriers intended to prevent such incidents.
illustrated in the following Figure.
Select KPIs that indicate the health of these barriers.

• Use incident investigation and analysis findings to identify process

safety barrier failures that contributed to incidents.
!
Hazard
• Use organizational learnings to determine what are the critical barriers
that other firms in the same industry have successfully defined.

Six-Step Approach for Selection and Review of Process Safety Key

Performance Indicators (KPIs) According to Barriers Thinking Method
Consequence

Selecting effective indicators is a challenge. The six-step approach is

recommended by IOGP. Inputs to Identify Critical Barrier

Step (1): Ensure management ownership and establish an implementation
team:
The first step is to establish a team, typically bringing together operational
and safety expertise with top management at the facility, business, and
corporate levels, as appropriate.
Step (2) - Establish Tier (1) and Tier (2) KPIs to assess company
per formance:
Tier (1) and (2) lagging KPIs provide baseline performance information
regarding the number of recorded process safety events. To calculate
Pro-active input relies upon the identification of hazards and risks which
could lead to a major incident and confirms which barriers are in place to
control the most important process safety risks and the management
system elements to maintain and improve those barriers. Reactive input is
based upon root causes investigation of major incidents and high potential
events or demands on process safety systems that could, in other
circumstances, have resulted in an actual incident.
Step (4) - Select Tier (3) and Tier (4) KPIs:
Companies should select and implement appropriate Tier (3) and Tier (4)

Process Safety Key Performance Indicators (KPIs) (Tier 1 and 2). Each relevant Key Performance Indicators (KPIs), which will monitor the weakness in the

entity will be interested to know the number of hydrocarbons LOPCs and critical barriers identified in Step (2). There is a very wide choice of Tier (3)

the quantity of the released hydrocarbons from facilities of their affiliated and (4) KPIs. In process safety KPIs guidelines, examples of Tier (3) and (4)

companies. The annual lagging process safety indicator calculations will be:
Tier (1) PSE Rate = (Total Tier (1) PSE Count/ Total Worked hours (for drilling
and production activities) x 1,000,000
Equation 1. Tier-1 PSE Rate (ANSI/API 745 [1])
Tier (2) PSE Rate = (Total Tier (2) PSE Count/Total Worked hours (for drilling
and production activities) x 1,000,000
Equation 2. Tier-2 PSE Rate (ANSI/API 745 [1])
KPIs are provided, which may provide useful starting points, but companies
will usually need to re-tailor their KPIs regarding the critical barriers that are
identified.
Step (5) - Collect quality data, analyze performance, and set
improvement actions:
It is essential that the effort to collect and analyze data is not just about
‘counting the score,’ but rather, it becomes an integral part of the
continuous improvement cycle within the PSM.

82
Step (6) - Regularly review critical barriers, actions, performance, and
KPIs effectiveness:
It is important to confirm that process safety KPIs remain focused on the
most important barriers to preventing major incidents. While some KPIs,
particularly the Tier (1) and (2) measures, are intended to be implemented
and established for a long-term review of performance, other KPIs may be
used for a few years and then evolve to provide more detailed information on
barrier strength. It is therefore recommended that the implementation team
revisit Steps (3) and (4) to ensure that process safety barriers are regularly
reviewed as part of management’s review of PSM system performance.
Supplementary Step - The Review of the process safety Key Performance
Indicators (KPIs) Data:
The regular review of process safety Key Performance Indicators (KPIs)
has to be part of the continuous improvement cycle in the PSM system.
Companies should consider the engagement of all relevant parties in
the review process. Although the review can focus on process safety
performance, it is good practice to broaden the range of the review's
inputs. Examples of other inputs can include:
• Any process safety audit findings.
• Summary of investigation outcomes and implementation of lessons
learned.
• Responses to major incidents elsewhere in the industry.
• Overview of plant reliability and correlation with process safety KPIs.
Changes to staffing levels, safety-critical competencies, training, and
demographics.
• Regulatory compliance performance or changes.
• Safety culture surveys or behavior-based safety findings.
• Benchmarking data and sharing good practices with peer companies.
Reporting and Communication of Process
Safety KPIs
General Framework for Reportable Process Safety Events (Tier 1 and2
KPIs):
All companies shall report process safety events (accidents) to the local
authorities and government agencies under the relevant Egyptian laws and
ministerial decisions, including, but not limited to, the OHS Labor Office,
the Egyptian Environmental Affairs Agency, etc. All companies have to
comply with the legal requirements contained in the national plan to
combat marine oil pollution, which has to be reported. In general, the
process safety events that have to be reported to the EGPC (or the relevant
entities) are those that are in line with the general framework for reporting
incidents and injuries, which are detailed below:
• The PS-related injuries, illness, fatalities, lost workday case, restricted
workday case, or medical treatment case for employees, contractors,
and/or 3rd parties.
• Process safety high potential events.
• Major Accidents as defined in EGPC-PSM-GL-011.
• Process Safety events Tie (1) and/or Tier (2).
• Incidents that resulted in total/partial shutdown triggered by Safety
Critical Elements (SCE), hydrocarbon gas and/or liquid release, and/or
fire/explosions.
• Incidents involving loss of radioactive sources used for industrial
radiography and/or other services.
• All process fires (see process and non-process fires in Annex F) and/or
explosions.
• Incidents caused by sabotage, wilful damage, product theft from
transmission pipelines, or any equivalent events which cause asset
damage for any process facilities. That includes any process facilities'
equipment, piping, or the transmission pipelines of crude oil, natural
gas, or their derivatives such as gasoline, diesel liquid, condensate,
commercial propane, LPG, etc.
• Loss of Containment (LOC) resulting from equipment, piping, or pipeline
failure due to integrity concerns.
• Loss of Containment (LOC) resulting from 3rd party activities such as
excavation or construction.
• Accidents of tankers for transporting petroleum products as well
as Motor Vehicle Crash (MVC) rollover incidents that lead to Loss
Oof Containment (LOC) and that are probable to be associated with
recordable injuries, fatalities, fire, explosion, or soil pollution.
• Any cited violations and/or disciplinary actions issued by local
authorities.
83
• Environmental incidents related to process safety events as defined in
the Environmental Incident Guidelines of EEAA.
Tier (3) KPIs (Process Safety Near Miss) Reporting:
It is recommended to implement the Tier (3) Process Safety Key
Performance Indicators (KPIs) (Process Safety Near Miss) reporting
program at all companies. Since a near miss is an actual event or discovery
of a potentially unsafe situation, this KPI could be defined as a “Lagging”
KPI. A large number of increasing trends in such events could be viewed as
an indicator of a higher potential for a more significant event; therefore, all
companies can use Near Miss (Tier 3 KPIs) as a surrogate for a “Leading”
KPI. That will help them to discover the process safety trend in the reported
near misses, as well as it is a positive sign of improved culture and process
safety awareness by the company.
Therefore, the number and count of more significant incidents may decrease
as the number of near misses reported increases. If a company already
has an effective near-miss reporting system that aligns with the definition
in process safety KPIs guideline, there should be no reason to replace that
existing system. It is recommended to report a small Loss of Containments
(LOCs) which is excluded from the industry lagging KPIs at least.
Near misses and reporting provide valuable data for improving the process
safety management systems at a facility. The following processes can
maximize the benefits of the process safety near-miss program.
• Use process safety lagging indicators, process safety near misses,
and management system leading indicators to build a process safety
performance pyramid.
• When evaluating process safety near misses, consider the potential
adverse impacts. The level of response to a near-miss (i.e., investigation,
analysis, and follow-up) should be determined using the potential as well
as the actual consequences of the event.
• Tie the near-miss data to the deficient management system to
drive system improvements from near misses as well as from actual
incidents. Place value upon reporting near misses.
• Consider reward/recognition for reporting near misses as well as
rewards for performance.
Process Safety KPIs Communication
Communicating with those who can and do influence process safety is a
key to improvement. Key Performance Indicators (KPIs) are a valuable
84
resource to everyone involved in improving performance, and
communicating results is a key activity in maintaining a successful
improvement effort.
Effectively sharing results promptly is the central objective of the
communications strategy, and this strategy has to include internal and
external ways of communication.
Internal communication of the KPIs data will quickly highlight relevant
trends and changes to promote management review and action. Typically,
a dashboard highlights process safety together with related operational
data to quickly show any change. The important issue in communicating
the KPIs is to strengthen the process safety barriers through the support
of the decision-making process by top management.
The external communication of the KPIs data is important for benchmarking
purposes. companies have to ensure that the definitions of the KPIs are
clearly understood and are not ambiguous to preserve consistency and
effective benchmarking. Process safety KPIs, especially lagging ones, are
associated with process safety events.
List of Annexes
• Annex A – Guidance for Defining Tiers (1) and (2) Process Safety KPIs.
• Annex B – Guidance for PSM KPIs of Corporate, Business, and Individual
Facility Levels.
• Annex C – Guidance for Implementation of Tier (3) and Tier (4) Indicators.
• Annex D – Guidance for Determining High Potential Process Safety Events.
• Annex E – Guidance for Typical KPIs for PSM 20 elements.
• Annex F – Guidance for Process and Non-Process Fires.
• Annex G – Typical Annual Process Safety Lagging KPIs Form.
• Annex H – Questions to Ask During the Annual Review of KPIs.
• Annex I – Guidance for International Regulations.
For annexes details, please refer to process safety KPIs guideline - EGPC-
PSM-GL-025 on the PSM EGYPT website.
Prepared by:
Ahmed Mohammed Ibrahim Mohammed Roustom
Risk Management and Loss Prevention Studies
Assistant General Manager – GASCO
Technical Consultant:
Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
Texas City Incident – Texas City,
United States. Wednesday, March
23, 2005. Refinery explosion. 15
deaths and 180 injuries.

85
Process Safety Studies In
The Oil, Gas and
Petrochemical Sector

86
Hazard Identification
(HAZID) Guideline
EGPC-PSM-GL-001

87
Overview
This snapshot showcases an overview of the principles and methodology
that comprise the key principles and methodology that comprise the Hazard
Identification (HAZID) Study Guideline, which will focus on the following:
- Management Accountabilities
- Hazard Identification (HAZID) – Planning
- Hazard Identification (HAZID) – Execution
- Hazard Identification (HAZID) – Reporting
- Use of HAZID Outputs
Introduction
This Hazard Identification (HAZID) process, coordinated throughout
the project/asset life cycle stages as demonstrated in Process Safety
Studies in Major Projects Guideline (EGPC-PSM-GL-002), will provide an
integrated approach to ensure that all hazards are adequately identified
and that findings/recommendations are incorporated into the design and/
or operational activity to reduce risk to meet entities tolerability criteria.
The facility Safety Case for COMPANIES will contain the documented
evidence of this HAZID process for each facility as illustrated in the Safety
Case Standard (EGPC-PSM-ST-002).
This guideline describes the objectives, scope, and requirements for
the identification of hazards as the first step in the risk management
process, which provides requirements for the planning, conduct, and
documentation of HAZARD IDentification (HAZID) studies.
Purpose
The objective of a Hazard Identification (HAZID) review is to identify all
significant hazards associated with a proposed activity, intending to
eliminate or reduce the hazards during the planning stages of the activity
(e.g., during the design stage of a project).
Early identification of hazards facilitates early implementation of risk
reduction measures, thus reducing the impact on cost and schedule
compared to the later implementation of measures. It provides an
opportunity to draw on collective experience and lessons learned to
identify the potential hazards that may be associated with proposed
activities.
88
The objectives of a Hazard Identification (HAZID) review are to:
a. Identify potential hazards relevant to the operation or stage of the project.
b. Identify the potential consequences of the hazards on personnel, asset,
or the environment.
c. Identify existing safeguards (also termed Barriers) to provide hazard
prevention or mitigation.
d. If existing safeguards are considered inadequate, propose actions
to undertake further hazard assessment and identify additional risk
reduction measures by eliminating hazards, minimizing their effect, or
controlling the consequences of events as required.
e. Provide a list of Hazards for inclusion in hazard and risk registers and
further evaluation and risk reduction.
f. Propose recommendations for the application of Inherently Safer Design
ISD and other risk reduction measures,
g. Assist facility management in its efforts to manage risks.
h. Identify the Major Hazards as illustrated in Major Accident Hazard
Management Guideline (EGPC-PSM-GL-006),
Management Accountabilities
COMPANIES’ operations, engineering, or project leader is typically
accountable for:
a. Allocation of required resources for HAZID.
b. Allocation of time for preparation and execution of HAZID.
c. Review of the HAZID report.
d. Resolution of HAZID recommendations and closure of actions promptly.
Hazard Identification (HAZID) – Planning
Timing
Hazard identification should be conducted (as a first step to mitigate
risks) for any company activities that might put individuals, assets, or the
environment at risk.
The HAZID should be performed in advance of the planned activities
to allow sufficient time for evaluation of the hazards so that the most
appropriate course of action may be taken and so that the necessary
changes can be made to the design or procedures with minimum cost
and schedule impact.
Project Life Cycle Stages
During project development, a HAZID review should be conducted at the
following stages:
• Evaluation / Concept Selection Stage.
• Basic Engineering / FEED Stage.
• Construction, Commissioning, and Start-up Stage.
Operation Life Cycle Stage
HAZID reviews should be conducted before significant modifications
during the operating stage driven by the Management of the Change
process and for decommissioning activities.
The Safety Case Standard (EGPC-PSM-ST-002) requires periodic review of
the Safety Case validity (with an update of the Safety Case where required).
Dependent upon the outcome of these reviews, additional HAZID reviews
of the facility may be required.
Duration
A HAZID review may last from a few hours to several days, depending on
the complexity of the activity to be reviewed. Reviews of new plant designs
will tend to take one to a few days.
HAZID review duration is generally influenced by the complexity of the
plant/activity to be reviewed, the number of systems (or sections) into
which the facilities are divided, and the number of personnel in the review
team. For example, if the plant is divided into too many parts, the review
could become repetitive, and the team’s progress will be slower.
When planning a HAZID review that may be of longer duration,
consideration should be given to the demands that will be placed on the
team. Each working day should be of a suitable length (i.e., not too long),
and suitable breaks should be included in the schedule to ensure that the
team remains alert and productive.
Terms of Reference (TOR) and Study Scope
General
The HAZID TOR should be developed in all cases. A TOR will support the
efficient execution of the HAZID.
The formality and extent of the TOR should be consistent with the size and
complexity of the HAZID. For a major project, the TOR is typically detailed,
while for a minor change, the TOR could be a brief statement addressing
the scope, types of hazards covered, and methodology.
Unless otherwise agreed by company operation, engineering, or project
departments, the HAZID TOR document should include the following:
1. Objectives.
2. Scope.
3. Type of hazards.
4. Methodology.
5. How will recommendations be tracked?
6. Personnel.
7. Schedule for the study and report delivery.
8. List of reference documents needed for the review (e.g., site layout,
process type).
9. Recording tool.
Study Scope
The scope of the HAZID study for new projects or existing operations
should identify the following:
1. Facility and/or process boundaries of the review.
2. Operational modes included.
3. Interfaces included. Interfaces can be with other systems on-site or
interfaces with offsite systems.
4. How human factors and facility siting issues will be included.
5. Which ISD activities below will be performed in conjunction with the
HAZID.
System Definition
Early-stage HAZID reviews can be conducted on a “global” basis –
effectively treating the whole of the facility as one section. While large or
complex plants may need to be subdivided into systems or sections for
ease of review, each system should be large enough to enable upstream
and downstream causes and effects to be taken into account.
Hazard Identification should include, but not be limited to, the systems and
facilities detailed in Annex B
Team Composition and Roles
The quality of output from any HAZID review is highly dependent on the
knowledge and experience of the assembled team. The HAZID team
should consist, as a minimum, of a Team Leader, a scribe, and engineers/
personnel relevant to the project or operation.
89
HAZID Team Leader
Each HAZID study shall have a leader. He should have the following skills
and experience:
• Attended a recognized industry available and accredited HAZID
or HAZOP leader training course that provides instruction on
preparing, leading, and documenting a HAZID, as well as on the
HAZID technique itself.
• Participated as a HAZID team member on previous HAZIDs or acted as
a scribe for HAZID sessions under the leadership of a competent HAZID
leader.
• He should have strong facilitation and communication skills for leading
HAZID reviews to guide the team, stimulate brainstorming, summarise
the discussion, and maintain the focus and momentum of the exercise to
ensure that the team works effectively to identify all potential hazards.
The HAZID Team Leader will be responsible for the following:
• Advising project/operations leadership of issues that could affect the
integrity of the study and working with leadership to ensure an effective
resolution.
• Advising project/operations leadership of the need to delay/
postpone the study until issues affecting the integrity of the HAZID
can be resolved.
• Be alert to time pressures and ensure that the quality, thoroughness, or
integrity of the review is not compromised.
• Resolving any conflict that may arise during the study.
HAZID Scribe
The HAZID scribe should ideally be an engineer or a person with
enough technical and engineering background who can understand the
discussions and record the proceedings with minimal prompting from
the Team Leader. The HAZID scribe should work with the leader to ensure
that study documentation is complete and recommendations are clearly
worded.
The HAZID scribe should be responsible for preparing HAZID worksheets
and HAZID reports as well as recording and filing all documents (including
the attendance list) used and generated during the study in accordance
with the directions of the HAZID facilitator.
90
HAZID Study Team
The HAZID team should comprise experienced and competent personnel
input from a multidisciplinary team familiar with the project or facility with
a good working knowledge of the process/facility design, design intent,
equipment to be used, or the activities to be reviewed. However, the team
may include the following:
1. Process/Technical Safety Representative.
2. Process Representative.
3. Production & Maintenance Representative.
4. Project Engineer.
5. Discipline Engineers can be full or part-time as required, according to the
HAZID scope.
The HAZID leader shall work with the project or operating facility leaders to
select and appoint competent team members based on their experience
and the type and scale of the study being conducted.
Depending on the scope of the HAZID study, attendance may be limited to
those system interfaces or specialist knowledge areas in which participants
are involved. All planned participants should be present at the kick-off of the
HAZID study to ensure a common understanding of the HAZID methodology
and scope. Substitution of HAZID study team members should be avoided or
minimized to ensure the continuity and homogeneity of the study.
The suggested maximum number of participants is approximately 12 people.
Additional Subject Matter Experts (SMEs) can attend part-time to cover
specific systems, activities, or review areas.
Preparation
Preparation has a major effect on study efficiency. For larger studies,
an appointed study coordinator, who can be the leader or scribe, can be
a pragmatic way of managing preparation. HAZID study, planning, and
preparation should include the following:
1. Development of a schedule.
2. Selection of a study venue based on the location of design information,
team members, and the facility to be reviewed.
3. Selection of a study room that comfortably accommodates the HAZID
team and additional participants with working space for documentation.
4. For existing facilities, arrange a site tour.
HAZID Guidewords It is recommended that the HAZID review proceeds, as shown the Figure.
Greater detail is provided in the steps below:
HAZID study preparation should include a selection of guidewords to be
used (See Annex A) within the study. Preparation of a guideword list relevant
Hazard Identification (HAZID) – Reporting
to the scope of the study will focus on and improve the study's efficiency.
HAZID Study Report
Reference Documents
It is the responsibility of the team leader to ensure that the HAZID process
Before commencing the HAZID study, planning and preparation should
is recorded to allow it to be audited, verified, and reviewed.
include the identification and gathering of relevant documentation. All
drawings and documents should be the latest revision available, and the a. The team leader will be responsible for the following:
revisions used for the review should be recorded in the HAZID report.
1. Issuing the HAZID report and reviewing comments.
HAZID supporting documentation varies, depending on the study scope
2. Ensuring an appropriate competent person is assigned for every
and timing. Layouts and process systems, PFDs, or process block diagrams
action.
are the focal point of the HAZID study. A single large set can be used to
support discussions within the HAZID study. b. The HAZID study report shall be formally issued as it serves as the
permanent record of the study, indicating its quality and completeness.
Hazard Identification (HAZID) – Execution
c. The study report and the HAZID worksheets (see Annex C).
Starting the HAZID study
d. HAZID report should include - at least - the following sections:
At the start of the study, the HAZID leader shall provide an orientation to
1. The main report includes an Executive summary, Scope of the study,
the team to enable a common understanding of the following:
Process or system description and design purpose, Methodology,
1. Study objectives.
HAZID team members and their roles, HAZID recommendations, and
2. HAZID scope.
Distribution list.
3. HAZID methodology.
4. Ground rules for the HAZID study and expectations of team members. 2. Appendices include TOR for the HAZID study, HAZID worksheets
(See Annex C), Team session attendance, and a List of drawings and
HAZID Review Methodology
references.
The recommended approach to a HAZID review is a brainstorming exercise
HAZID Study Recording
guided by an experienced Team Leader using a suitable set of guidewords
to prompt discussion of the potential hazards. HAZID study steps should be documented in worksheets where the HAZID

IDENTIFY
study team is responsible for the quality, accuracy, and completeness of
STEP 1: Select Area STEP 2: Establish Main STEP 3: Select STEP 4: HAZARD, is it the HAZID study worksheets.
System, or Activity Features of System/Activity Guide Word Possible, is it Likely?

In the recording of the HAZID review, those hazards which are discussed
No

Have all Have all No BRAINSTORM and are not considered significant, or where the existing Barriers
systems been guide words been STEP 5: Identify
analyzed? Yes analyzed? All Causes and (safeguards) are considered adequate, and no further action is identified,
Consequences
should be recorded on the HAZID worksheets (see Annex C) with the
Yes

ASSESS
Evaluate Worst Credible reasons to provide a record of the HAZID teams discussions. This should
STEP 9: Record
Minutes and Actions STEP 6: Perform Risk Evaluation
and Ranking (if applicable)
allow easy auditing of the HAZID process and assist in the reassessment
Evaluate Residual Risk Evaluate Current Risk of the hazards list if the HAZID is revisited (e.g., due to changes being
STEP 8: What Additional STEP 7: What Existing
Barriers are Required to
Manage the Risk?
Barriers to Prevent or
Control the Effects?
proposed in the design).

Figure: HAZID Review Process Flowchart

91
HAZID Study Recommendation register should detail each hazard under a unique reference, with
appropriate details of cause, consequence, and applicable safeguards
The number and complexity of recommendations will depend on the project
(Barriers).
stage, size, and complexity of the HAZID. Recommendations can focus on
hazards that cause higher severity scenarios or concentrate on the greatest Identification of Barriers
reduction in severity or risk that can be achieved. If HAZID is used as the final
The HAZID should be used to identify Barriers that are required to manage
hazard analysis (e.g., for a module move), recommendations will also cover
the hazards. These comprise prevention, detection, control, and mitigation
lower-severity scenarios.
measures and provisions for escape, muster, evacuation, and emergency
Recommendations should have the following characteristics: response. Although the identification of Barriers may be commenced in the
HAZID review (existing safeguards will be listed for each hazard), the full
1. Standalone, so they are comprehensible without the HAZID worksheets.
identification of Barriers is an activity that will usually need to be concluded
2. A clear point of closure.
after the review, based on the outputs of the review and further more
3. Be understandable, concise, and unambiguous.
detailed safety assessment work.
4. Identify the reason for the recommendation and communicate the
purpose. Establishing the Scope of Safety Assessments
5. Avoid a prescriptive solution.
The hazards identified and HAZID outputs (causes and consequences of
6. Recommendations may be assigned a priority.
accidental events, Barriers required, etc.) should be taken into account in
Recommendation Follow up subsequent safety assessment studies. Actions from the HAZID should be
incorporated into the scope of these studies where practicable.
Recommendations shall be addressed promptly and tracked until closure.
To achieve this, each recommendation should be assigned to a responsible Further guidance for establishing the scope of safety assessments for
party with a target completion date. Projects is given in the Process Safety Studies in Oil & Gas Major Projects
Guideline (EGPC-PSM-GL-002).
Technical reasons for recommendation resolution, including a suggestion
of a different action or rejection, shall be clearly stated in writing. A formal
List of Annexes
record should be kept of such decisions, which can be accessed in the
future if required. • Annex A – HAZID Guidewords.
• Annex B – System Definitions.
Recommendations actions assigned and tracked to completion, including
• Annex C – HAZID Worksheet.
Responsible person, Status, Schedule for completion, and Approval of
closure. For annexes details, please refer to HAZARD IDENTIFICATION (HAZID)
GUIDELINE - EGPC-PSM-GL-001 on the PSM EGYPT website.
Relevant recommendations and actions from HAZID reports and related
study documents should be communicated to the workforce who may be
affected by them. Prepared by:
Tamer AbdelFattah
For existing operating facilities, a MOC process shall be followed for
QHSE Senior at United Gas Derivatives Company
approved changes resulting from HAZID study recommendations.

Mohamed Ashraf Aboul Dahab

Use of HAZID Outputs Safety Section Head for Upstream – EGPC

Risk Register
Technical Consultant:
The Risk Register is required to be developed at the Project life cycle stage Amr Fathy Moawad Hassan
and thereafter kept up to date by the operating asset. As a minimum, the PSM Senior Consultant at Methanex Egypt

92
Process Safety Studies In Oil & Gas
Major Projects
EGPC-PSM-GL-002

93
 In the design phases, all inputs come from process safety. The intent of
Overview
this guideline is not to describe in detail how to perform specific process
This snapshot showcases an overview of the principles and methodology that
safety studies but rather to identify what needs to be addressed at each
comprise the EGPC-PSM-GL-002 guideline, which will focus on the following:
stage of a project.

- Main Project Phases as Defined in this Guidline

-
Project phases
Exceptions from the Guidline
A project is usually organized into phases that are determined by
- Overlapping with other Engineering Disciplines
governance and control needs. Throughout this guideline, the project
- Process Safety Studies during different Engineering Phases phases are commonly divided into four main phases. All phases are
distinct and separate from each other by a decision stage gate to evaluate
Stage Gate Review (Assure that PS Requirements are properly
- the completeness, quality, and maturity of the decision made during that
Completed and Achieved its Objectives)
phase and provide approval either or against advancing to the next project
phase.
Introduction
The main focus of this guideline is on proactively implementing process Evaluation/ Basic Construction/
Detailed
safety studies at the optimum timeframe while also addressing reactively Concept Engineering/
Engineering
Commissioning/
Selection FEED Startup
conducting a cold-eyed review to assure that nothing significant has been
missed. This approach ensures that if the right process safety studies are
conducted at the right time, project leadership will have the right process During the project, process safety engineering interacts continually with
safety information to be able to make the right risk management decisions all engineering disciplines involved in the project. In this context, process
regarding safety. safety engineering receives, processes, and analyzes information coming
from engineering disciplines and manages all Process Safety (PS) studies
The main aim of this guideline is to:
needed for the success of the project development.
• Provide clarity regarding process safety input throughout the overall
The key points of successful implementation of process safety in projects
project phases from evaluation to project execution;
are to identify and plan the required process safety studies/activities at an
• Underline the main process safety studies during project phases, early stage and link them with other engineering activities.
focusing on their interaction and scheduling inside the safety engineering
discipline;
Process Safety Studies in The Evaluation and
• Explain how process safety studies interact with other disciplines, inside
Concept Selection Phase
and outside the engineering department; and,

• Articulate the role of process safety engineering inside the engineering List of Studies
department and how it is involved in the managing of process safety
studies during project development. - Preliminary HAZID.

- Preliminary Inherent Safer Design Review.

Scope
- Preliminary Layout Review.
The primary scope of this document is to provide guidance for addressing
process safety studies required to support projects in oil and gas and - Preliminary Risk Studies.
petrochemical industries.

94
Process Safety Studies in Basic Process Safety Studies in
Engineering/Feed Phase Detailed Engineering

List of Studies List of Studies

- HAZID. - HAZOP (Detailed Engineering).

- HAZOP. - Safety Integrity Level Classification/Assessment

- Facility Siting Study. Study (SIL Study).

- Final/Updated Facility Siting Study.

- Flare Radiation & Gas Dissersion Study.
- Final/Updated Vent to Safe Location
- Vent to Safe Location Dispersion Modelling.
(Dispersion modelling).
- Inherent Safer Design Review.
- Final/Updated Hazardous Area Classification.
- Hazardous Area Classification.
- Final/Updated Evacuation, Escape, and Rescue.
- SCEs & Performance Standard Management in Design.
- Analysis (EERA).
- Evacuation, Escape and Rescue Analysis EERA.
- Final/Updated Quantitative Risk Analysis (QRA).
- Quantitative Risk Assessment QRA.
- Final/Updated Fire & Explosion Risk Analysis (FERA).
- Fire and Explosion Risk Assessment FERA.
- Safety Integrity Level Verification (SIL Verification).
- Dropped Object Study.
- Final/Updated Fire & Gas 3D Mapping Study.
- Ship Collision Assessment.
- Final/Updated Active Firefighting Calculation Study.
- Temporary Refuge Impairment Assessment.

- Emergency Shutdown and Blowdown Philosophy.

- Fire & Gas Detection Philosophy.

Process Safety Studies In The Construction/
- Fire Protection Philosophy.
Commissioning/Startup Phase
- Process Isolation Philosophy.

- Drainage & Venting Philosophy.

List of Studies
- Fire & Gas 3D Mapping Study.
- SCE’s Identification & Performance Standard.
- Passive Firefighting Calculation Study.
- SIMOPS.
- Passive Fire Protection Study.

- Design Safety Case. - Operation Safety Case.

95
 Prepared by:
Stage-Gate Review
Sayed Eid Sayed Khalil
Stage gate review is a requirement that is needed at key milestones and HSE Assistance General Manager - Agiba Petroleum Company
phases of the life cycle of capital projects to ensure that the process safety
requirements are properly completed and achieved objectives. Hany Mohamed Tawfik
The stage-gate review is conducted by an independent and experienced OHS & PS General Manager - Ethydco
multi-discipline team familiar with the relevant facility, process and
technology. This team assesses whether the project management team Technical Consultant:
has fulfilled its process safety objectives for the current project phase. Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt

Evaluation/ Basic Construction

Detailed
Concept Engineering/ Commissioning
Engineering
Selection FEED Startup

96
Inherently Safer Design (ISD)
Guidelines
EGPC-PSM-GL-003

97
Overview
- Introduction
- Scope and Purpose
- Inherently Safer Design Concept
- Application of ISD through the Project Lifecycle
- Application of ISD through Operations Stage
- ISD Review Methodology
Introduction
"Inherent" has been defined as "existing in something as a permanent and
inseparable element, quality, or attribute."
Inherent Safety is a concept and an approach to safety that focuses on
eliminating or reducing the hazards associated with a set of conditions.
A chemical manufacturing process is inherently safer if it reduces or
eliminates the hazards associated with materials and operations used in
the process. This reduction or elimination is permanent and inseparable.
Identifying and implementing inherent safety in a specific context is called
inherently safer design. A process with reduced hazards is inherently safer
than a process with only passive, active, and procedural controls.
Inherent Safety is a modern term for an age-old concept: eliminating
hazards rather than accepting and managing them. This concept goes
back to prehistoric times. For example, building villages near a river on
high ground, rather than managing flood risk with dikes and walls, is an
inherently safer design concept.
Scope and Purpose
The primary objective of these guidelines is to provide a tool that can be
easily used by any industrial company that handles hazardous chemicals
to understand inherent safety concepts better. It applies to the Egyptian
General Petroleum Corporation (EGPC) and Oil and Gas Holding
Companies, including the Egyptian Natural Gas Holding Company (EGAS),
the Egyptian Petrochemical Holding Company (ECHEM), and the South
Valley Petroleum Holding Company (GANOPE) covering all their operational
subsidiaries, state-owned companies, affiliates, and joint ventures.
98
Entities, companies, and contractors should ensure that all requirements
listed herein are fully understood, implemented, complied with, and always
monitored, including current operations and existing and future projects
during the whole project's life cycle from feasibility to decommissioning.
Inherently Safer Design Concept
The essence of the inherently safer approach to plant design is the
avoidance of hazards rather than their control by added protective
equipment. Although we generally think of safety in a comparative sense,
there is a difference between safe and safer design. With the safe design,
there are active safeguards to prevent the occurrence of hazardous events
and to protect people and plants from the effects. With the safer design,
there are fewer hazards, fewer causes, and fewer people are exposed to
the effects.
There are four main design strategies for developing inherently safer
processes: minimize, substitute, moderate, and simplify. These strategies
can be applied at any phase of the process life cycle. Although the
substitution and moderation strategies are best employed during the initial
process design, these four strategies form a protocol by which the risks
associated with the loss of containment of hazardous materials or energy
can be significantly reduced and sometimes eliminated. The elimination
of risk due to loss of containment is difficult, if not impossible, to achieve
using other risk reduction measures, i.e., active or passive safeguards.
These measures, while effective if installed and maintained properly,
generally reduce the likelihood of release and sometimes mitigate the
consequences of a release. However, they cannot reduce the risk to zero.
MINIMIZE: In the context of ISD, minimizing means to reduce the quantity
of material or energy contained in a manufacturing process or plant.
Process minimization is often thought of as resulting from the application
of innovative new technology to a chemical process,
The term "process intensification" is synonymous with "minimization,"
though the former is often used more specifically to describe new
technologies that reduce the size of unit operations equipment, particularly
reactors. In recent years, innovative process intensification techniques
have received, and continue to receive, more attention.
SUBSTITUTE: In the context of ISD, "substitution" means replacing a
hazardous material or process with an alternative that reduces or eliminates Activities Steps

the hazard. Process designers, line managers, and plant technical staff
should continually inquire if less hazardous alternatives can be effectively
substituted for all hazardous materials used in a manufacturing process. Identify all hazards and causes of these
Identify Hazards
materials, actions, and conditions
However, the substitution concept of inherent safety is best applied during
the initial design of a process. Substituting raw materials and intermediates
after the process has been built, while possible in some cases, is usually Assess hazards, their causes and effects,
Understand Hazards
and how these interact with the design
very difficult.

MODERATE: In the context of ISD, moderate, also called attenuation, means

using materials under less hazardous conditions. Moderation of conditions
Avoid or eliminate
can be accomplished by either physical (i.e., lower temperatures, dilution) hazard by design Avoid Hazards

or chemical (i.e., development of reaction chemistry which operates at less

severe conditions).
Minimize, substitute or
moderate to reduce Reduce Severity
SIMPLIFY: In the context of ISD, simplifying means designing the process the severity of the hazard
Inherently
to eliminate unnecessary complexity, thereby reducing the opportunities
Safer Design
for error and misoperation. A simpler process is generally safer and more Principles
Simplify the process or plant
cost-effective than a complex one. For example, it is often cheaper to to reduce the likelihood Reduce Likehood
of the hazard occurring
spend a relatively small amount of money on building a higher-pressure
reactor rather than a large amount of money for an elaborate system to
Use distance, or use sections
collect and treat the discharge from the emergency relief system of a of the plant itself as barriers
to segregate/protect people Segregate
reactor designed for lower maximum pressure. and emergency systems from
effects of hazards

SEGREGATE: The aim here is to limit the effects of a hazard by providing

physical separation between the source of hazards and receptors such as
Use safeguards that do not Apply Passive
people or the environment. One of the first options to be considered on any need initiation, and hence
have high availability Safeguards
project is where it will be located. The segregated design also incorporates Add-on Safety
i.e.
blast walls, which physically separate different areas. Engineering
Use active systems, but note
Apply Active
The concept of the risk control hierarchy illustrates that controls' these depend on timely
Safeguards
hazard detection and initiation
effectiveness depends on their characteristics. As a general philosophy,
controls at the top of the hierarchy should always be considered first
Operator and maintenance procedures should be the Apply Procedural
because they are the most reliable. This hierarchy covers the spectrum last resort, especially for control and mitigation, where
the chance of error or failure is high Safeguards
from elimination (at the top of the hierarchy) through substitution,
engineering, and administrative (procedural) controls. It is important to
remember that inherent Safety is not a stand-alone concept. The principles Use findings of the hazard assessment to estimate the Apply Residual Risk
risks, and target and implement inherent/segregation/
of Inherently Safer Design (ISD) work through a hierarchical arrangement as add-on/procedural safeguards until risks are tolerable Reduction Measures

illustrated below for the systematic approach to loss prevention (hierarchy

of controls). These considerations must therefore be incorporated into the A systematic approach to loss prevention
overall process of risk assessment. (hierarchy of controls) - (Kletz & Amyotte, 2010)

99
Application of ISD through the ISD Review Methodology
Project Lifecycle The objectives for an inherent safety review are to employ a synergistic

Throughout the life cycle of a project/facility (concept to operations), team to:

opportunities arise to apply the concepts and practices of inherently safer • Understand the hazards.
technologies and strategies. These opportunities should be evaluated
• Find ways to eliminate or reduce those hazards.
to determine if the strategies can be applied and whether the costs
commensurate with the possible risk reduction. The first major objective for the inherent safety review is developing a good
understanding of the hazards involved in the process. Early understanding
Different choices and decisions are made as the engineering progress
of these hazards allows the development team to implement
through the project life cycle, conceptual plant design, FEED, engineering
recommendations from the inherent safety effort.
and detailed plant design, plant construction, start-up, and ongoing
operation and future modification. The ISD philosophy applies at all stages, Reducing and eliminating hazards and their associated risks is the second

but the available options change.
ISD approaches are applied to inform decisions throughout the project
lifecycle. As the project progresses, the scale and nature of decisions
change. Early in the project, ISD approaches can influence fundamental
concept decisions, affecting risk levels throughout the asset's life. Early
emphasis on ISD in decision-making is therefore very influential, but ISD
informs decisions taken at different levels throughout the project stages.
Application of ID through
Operations Stage
While applying inherent safety at the start of a system's lifecycle provides
the greatest opportunities to reduce risk, it does not mean it is only relevant
to projects. There can be many opportunities to apply inherent Safety
during the operational stage of the lifecycle of a system.
While identifying opportunities for inherent safety should be a continual
goal, there will be specific times when it should be considered formally.
For example, inherent safety should be an option when identifying actions
following an incident investigation or when evaluating a plant or process
change instead of simply specifying additional safety systems or changes
to procedures. Also, it should be a key part of any routine review of safety
studies, and any study carried out retrospectively.
major objective. Applying inherent safety principles early in the product/
process development effort provides the greatest opportunity to achieve
the inherent safety review process objectives for the project at hand. If
these principles are applied late in the effort, the results may have to be
applied to the "project after next," as the schedule may not permit the
implementation of the results.
Experience with inherent safety reviews for a new process or project
indicates that project investment costs are often reduced due to this
exercise. The main contributors to investment reduction are eliminating
equipment and reducing the need for safety systems. Capturing these
potential savings largely depends on the timing of the reviews within the
process or project development cycle.
The same two primary objectives apply to an ISD review of an existing
process. Generally, these reviews are designed to identify either incremental
improvements, primarily in simplification, possible major improvements
that can be made in the event of a process renovation or major equipment
replacement, or ISD opportunities for future facilities manufacturing the
same product. Often, large capital expenditures to improve ISD are difficult
to justify if the process operates without major incidents. However, when
major projects are planned, they provide a good opportunity to identify
opportunities for incorporating inherently safer design features.

Applying inherent safety to an operating system is not straightforward, and

care must be taken to avoid unintended consequences. These can include
loss of operational flexibility, reduced plant availability, or transfer of safety
risks. It is a fine balance to select reasonably practicable options while not
affecting economic viability.

100
List of Annexes Prepared by:
Hany Mohamed Tawfik
• Annex A – Examples of Inherently Safer Design Application.
OHS & PS General Manager - Ethydco
• Annex B – Typical Methodology for Review of Concepts against ISD
Goals.
Tamer AbdelFattah
• Annex C – ISD Review Worksheets.
QHSE Senior - UGDC
• Annex D – ISD Review Brainstorming Considerations.

Technical Consultant:
Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt

101
 The Pike River Mine Disaster -
Greymouth, New Zealand. Friday,
November 19, 2010. Methane
explosion. 29 deaths.

102
Layout and Facility
Siting Guideline
EGPC-PSM-GL-004

103
Overview
This snapshot showcases an overview of the principles and methodology
that comprise the EGPC-PSM-GL-004 guideline, which will focus on the
following:
- Facility Life-Cycle Phaces
- Facility Siting Process (Selection, Evaluation, Mitigation
Implementation, Revalidation & Mange Change)
- Documentation for Layout & Siting Study
- General Design Considerations in Layout
Introduction
Layout and facility siting is a complex and multidisciplinary task that
requires input from different disciplines. The location of the facility and the
arrangement of process units/equipment and buildings have a significant
influence on material and construction costs, major accident risk, the safety
of operation, and cost of operation and maintenance. In principle, applying
inherent safe design principles during siting and layout design will have
great potential for reducing complexity, risk, and cost. Siting and Layout
study should be conducted to account for both off-site and on-site impact
from potential fire, explosion, and toxic hazards. Although it is commonly
known that facility siting study FSS is focused on occupied buildings, the
current guideline is not focused only on the location of occupied buildings
but also on siting and layout of the facility, process units, equipment, and
piping.
This guideline gives a discerption of the sequence for developing a facility
siting study and different approaches that might be used during the
development of this study. In addition, it emphasizes approaches and
concepts for deciding the mitigation strategy and consequently developing
the mitigation plan. Moreover, it gives guidance for studying off-site or
on-site changes that might affect the original facility siting study and the
requirements for revalidation.
Scope/Objectives
The scope of this guideline is to give guidance on the principles for
conducting a facility siting study with the target to optimize and reduce the
impact/risk associated/resulting from the location of a facility,
104
process units, and associated equipment/piping within the facility.
The scope of this guideline includes siting and layout study for Greenfield,
Brownfield, and Extensions/Modifications of an existing plant. This
guideline covers facilities such as oil & gas Plants, refineries, petrochemical,
chemical plants, and fuel or chemical storage sites where hazardous
materials are stored, handled or processed.
The objective of the guideline is to develop an informative decision/s
regarding controlling/mitigating the risks/impact associated with the
plant siting and layout, so it can be integrated and balanced with the other
plant layout design requirements.
Facilities Life-Cycle Phases
Throughout the facility life-cycle, we can distinguish eight main phases
illustrated in the following figure and listed as follows: design, fabricate,
install, commission, operate, maintain, change, and decommission.
The most effective strategy to reduce the impact/risks associated with
the site and layout of any facility and reduce the life-cycle costs is to
apply the siting and layout approaches and principles early in the project’s
development phase. A well-thought-out layout contributes to the successful
planning of the design and construction stages of the project. Once the
project moves away from the early stages, the opportunity for applying
the principles of siting and layout of the facility decreases; consequently,
costly changes may be required, and lose the opportunity for effective
cost savings. Moreover, after the facility is handed over to operation, it is
expected to experience an increase in operating and maintenance costs.
Changes to layout during construction or later after the handover of the
project to operation is a very tuff task to be managed considering the
principle of facility siting. In such a case, a specific mitigation plan might
be required, which might be very costly in both money and time to be
implemented.
Facilities Siting Process
There are several stages for completing a facility siting study.
These stages are:
• Selection, Evaluation
• Mitigation Planning & Implementation
• Revalidation & Managing Changes.
 The evaluation of the fire impacts a function of the type of fire, i.e., pool fire,
jet fire, etc. The outcomes of the modeling of fire scenarios are introduced
Mitigation Revalidation in terms of thermal dose (flux and duration) and flame impingement. It also
Select Evaluate Planning & & Managing
Implementation Changes introduces how far the fire impact affects the different receptors (e.g.,
people, buildings, equipment, etc.) both on-site and off-site in the plant.
. Assessment . Explosion . Develop mitigation . Revalidation
approach. scenario. strategy, and of facility Toxic release evaluation is more difficult to model due to its difficulty
. Selection of . Fire scenario. mitigation plan. siting study.
scenario/s. . Toxic scenario. . Implement the in predicting the exact direction of travel, so we can assume that many
. Evaluation mitigation actions.
criteria. receptors can be subject to toxic release impact. In this regard, gas
dispersion modeling is important to account for the pattern of spreading
a toxic release and decide the most potentially impacted receptors. The
Selection Stage evaluation of the toxic release impact is a function of the concentration of
The target of this step or phase is to select the assessment strategies released gases. The outcomes of the modeling of the toxic release scenario
or approaches (spacing table approach, consequence-based approach, are introduced in terms of concentration and how far the toxic blooms will
risk-based approach), select the potential scenarios (fire, explosion, toxic travel and affect the different receptors both on-site and off-site in the
release), and finally select and decide on the evaluation criteria that will be plant.
used during the assessment.

Mitigation Planning and Implementation Stage

Evaluation Stage
This step focuses on how to evaluate the different identified scenarios,
i.e., explosion, fire, and/or toxic release. Generally, there are different
assessment methods that are used to evaluate each type of hazardous
scenario.
For explosion scenarios, the evaluation will start by defining the types
of explosions that might occur. e.g., external or internal VCE, BLEVE,
reactive chemical explosions, etc. For each of these types, it is required to
determine if it could happen in a facility and at what location it might occur.
The outcomes of the assessment will give the amount of pressure that
will result from the explosion wave pressure (in terms of overpressure or
impulse) and how far this pressure is going to radiate to affect the different
receptors (e.g., people, buildings, equipment, etc.) both on-site and off-site
in the plant.
Fire scenarios evaluation is easier when it comes to using the spacing
tables as a facility siting approach. In such cases, and whenever the
separation distance is met, the impact is assumed to be accepted. As
mentioned before, the spacing table does not consider the material on
fire or the size of the fire. On the other hand, modeling for the fire effect is
required for both consequence-based and risk-based approaches. In such
fire modeling, material properties, release rate and amount, and release
conditions are considered.
Once the impact or risk from different potentially hazardous scenarios on
various receptors is evaluated and understood, it is necessary to develop
a mitigation plan for those receptors that did not meet defined threshold
criteria or evaluation criteria. A mitigation plan is a structured framework
that is being developed to account for the facility's siting hazards by
applying mitigation measures that might be active, passive, procedural, or
a blend of them. The mitigation plan shall consider all applicable options so
it can help in decision-making. Mitigation decisions should be made in a
logical and justifiable manner.
The mitigation strategies development shall be based on the complete
understanding of the results of the facility siting study, which are presented
by hazards (explosion, fire, toxic release). A good understanding of the
facility siting hazards will help define the main contributors in specific
hazardous scenarios and locations subject to the highest impact or risk in
the plant. This is an important precursor for the proper development of a
mitigation strategy. In this respect, it is clear that one mitigation strategy
cannot serve all sources or locations; instead, it shall be assessed for each
individual source or location.
Once the mitigation strategy has been decided, a simplified process for
developing the mitigation plan shall be started. In this respect, quick wins
or interim actions might be considered till they reach long-term fixation.

105
Finally, whenever the decision has been made for a certain option, the plan
Documentation for Layout and Siting Study
shall document and report all the required mitigation measures along with
their corresponding cost and schedule for implementation. Documentation should be retained to include all choices, analysis and
evaluation results, and mitigation planning and implementation we made
during the facility siting process. A standard list to be included in the
Facility Siting Revalidation and document is assessment approaches, scenario selection basis, analysis
Managing Changes methodologies, the applicability of analysis methodologies, data sources
used in the analysis, applicability of data sources, evaluation criteria, results
The initial facility siting study is not the end of the goal to address the
of analysis, mitigation plans, recommendations, and tracking to not only
hazards associated with siting and layout of the facility throughout its
assure that the required recommendations are done but also report what
lifetime. Sites are always changed both on-site and off-site. Off-site
was done and decide whether to implement the recommendations exactly
changes include urban community sprawl and industrial expansions.
as stated or implement alternative protective measures which might
On the other hand, on-site changes include expansions of the existing
provide more risk reduction. Throughout the lifetime of the process, this
facility, relocation of facility units or buildings, demolishing of some
document should be retained and kept up to date as changes are made.
units, changes in occupancy loads, changes in process conditions, and
developed scenario types, e.g., explosion, fire, or toxic release, etc.

As a response to these changes and considering the concept of

management of changes (MOC), the facility siting should be revalidated to
be in line with these changes. Also, revalidation may come as a response to
changing the facility owner, while the new one might have different policies
and standards regarding the approach used for conducting the facility
siting study or even criteria used during the evaluation phase. Moreover,
revalidation might be required as a response to the lesson learned from
incidents and any subsequently developed standards or regulations that
might have an impact on the facility's siting.
General Design Considerations in Layout
In general, the plant site shall be selected to be inherently safe (in terms of
distance) with respect to the adjacent receptors. Moreover, the selected site
shall account for uncontrolled factors, e.g., tidal waves, floods, earthquakes,
subsidence, adjacent oil and chemical plants, etc. Consequently, and once
the site has been selected, the plant (process units, equipment, piping, and
buildings) arrangement and spacing shall be made to reduce the effect of
any factor that contributes to the loss. The following figure introduces good
practices for plant arrangement considering the prevailing wind direction.

Generally, and since facility siting is considered a part of process hazard

analysis PHA, it is required to be revalidated at least every five years as per
29 CFR Part 1910 section 6. e.

Revalidation of facility siting study does not mean re-do the whole study.
The primary objective is to review the results of the previously conducted
study and identify and control any new hazards that have been introduced
to the previously conducted study.

The revalidation process will start by reviewing and reassessing the

owner's policies and procedures, then considering incident outcomes and
MOC events. This is followed by verifying any studies based on preliminary
or final designs to match the current situation and condition. Finally, the
outcomes of the revalidation study will guide us to either continue with the
existing remediation plan or make adjustments to account for new hazards.

106
 Flare

Occupied Bldgs
Lab/WHouse Administration Bldg

Boiler House/
Air Compressors/ Generation
Tank Storage Parking Lot

Control Room
Access Raod
Storm Water &
Waste Water Ponds
Process Equipment

Gate

Railcar Loading
Fire Station

Prevailing Wind

List of Annexes Prepared by:

Sayed Eid Sayed Khalil
• Annex A – CCPS Recommended Distance Tables for Siting and Layout
HSE Assistance General Manager - Agiba Petroleum Company
of Facilities

For annex details, please refer to LAYOUT AND FACILITY SITING GUIDELINE - Technical Consultant:
EGPC-PSM-GL-004 on the PSM EGYPT website. Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt

107
Hazard and Operability (HAZOP)
Guideline
EGPC-PSM-GL-005

108
Overview
This snapshot showcases an overview of the principles and methodology
that comprise the key principles and methodology that comprise the
Hazard and Operability (HAZOP) Study Guideline, which will focus on the
following:
Introduction
The hazard and Operability (HAZOP) study is one of the most used process
hazard analyses (PHA) techniques in the process industry. It consists of
a structured analysis carried out by a multidisciplinary team to identify
process hazards and operability problems in every part of the process.
Through the HAZOP analysis, the team seeks to identify potential deviations
from the design intent, examine their possible causes, assess their
consequences, and recommend proper actions if the existing safeguards
are not sufficient to control the risk. The study should include all process
lines, equipment, offsite facilities, utility systems, ESD systems, interface
with other facilities, and fire protection systems. HAZOP technique can be
used for both continuous and batch processes. It is also applicable to new
projects and existing facilities.
Purpose
The objective of this Hazard and Operability (HAZOP) Guideline is to provide
an overall understanding of the HAZOP technique and its application in the
oil and gas industry. It covers the timing for conducting the study, either
for projects or existing facilities, study limitations, team composition, and
a detailed description of the HAZOP methodology. Besides, several topics
were discussed briefly, such as human factors, procedural and batch/
sequential HAZOP, control, or computer systems HAZOP (CHAZOP),
relations to the layers of protection analysis study (LOPA), and HAZOP
revalidation requirements. Finally, guidance for the COMPANIES to develop
their HAZOP procedures, if warranted, was provided
HAZOP Study Timing
Projects
• The HAZOP study could be undertaken at different phases of the project
depending on the complexity and the scale of the project. For a large-
scale project, the HAZOP study could be conducted at different phases.
The “Basic HAZOP” could be done during the basic or front-end
engineering design (FEED). This would give sufficient time to incorporate
any required changes into the design and to add the cost impact
of implementing the HAZOP recommendations to the total project
estimate. However, carrying out Basic HAZOP doesn’t eliminate the need
for carrying out the HAZOP study during the detailed design engineering
phase “Detailed HAZOP.”
• The recommendations developed through the HAZOP study should
be tracked and implemented before the startup. When the final design
HAZOP has been completed, any subsequent changes made to the
design should be subjected to a proper MOC.
• If the design and P&IDs for vendor packages are not available during the
HAZOP study, they should be subjected to a separate HAZOP review
with special attention to the interface between the vendor package and
the process.
Existing Facilities
• Operating facilities shall revalidate their HAZOP at least every five (5)
years. Existing facilities that have not conducted a HAZOP study before
shall carry out the HAZOP study after updating the necessary process
safety information, such as the P&ID and PFD.
• HAZOP should be considered part of the organization's MOC based
on the complexity and the risk associated with the change. This
would ensure that the hazards associated with process changes are
considered. However, not all changes warrant a HAZOP study.
HAZOP Study Limitations
The HAZOP technique has some limitations, such as:
• As with any technique for the identification of risks or operability issues,
there can be no guarantee that all risks will be identified in a HAZOP
study. Therefore, the study of a complex system should not depend
only on a HAZOP study, and it should be used in conjunction with other
suitable studies.
• The success of a HAZOP study depends greatly on the ability and
experience of the study leader and the knowledge, experience, and level
of interaction between team members.
109
• The study will not be effective unless the issues identified during the
study are resolved and the recommendations and actions put into
practice.
• HAZOP methodology assumes that the design has been carried out per
appropriate codes or standards. Therefore, it is not the scope of HAZOP
to conduct a design review, check the quality of the design, or check
compliance with codes and standards.
HAZOP Study Scribe
The scribe should follow the discussion and record the analysis results
in the worksheet. He should also assist the study leader in planning and
administrative duties. The scribe should be:
• Have good typing and summarizing skills.
• Trained on the software utilized to record the study.

• Familiar with the HAZOP and industrial terminologies.

Team Composition Other Team Members

HAZOP Study Leader The quality of the HAZOP depends upon the knowledge and experience of

The main responsibilities of the HAZOP study leader include the following: the team members involved. Therefore, the selection of team members
is critical for successful HAZOP. The team members should participate
• Planning the study.
actively in the discussion, respecting the opinion of each other, being to
• Clarifying the scope and objectives of the study for all the team the point, and solving disagreements through discussion or voting. The
members. team should be as small as possible with the relevant skills and experience
available, preferably no larger than ten people. The composition of the
• Facilitating the study sessions.
HAZOP team, in addition to the HAZOP leader and the scribe, could be
• Identifying the nodes. divided into core members and part-time members.

• Suggesting the parameters, guidewords, and deviations cover the study

scope within schedule.

• Advising the project/site leadership about issues that could affect the
integrity of the study, such as inaccurate process safety information,
team fatigue, and inadequate HAZOP team experience/expertise.

• Issuing the final report.

The HAZOP leader should be:

• Independent of the project, the processing unit, or the modification for

which the HAZOP study is conducted.

• Participated as a HAZOP team member on many HAZOPs.

• Acted as scribe for HAZOP sessions.

• Co-led HAZOP sessions under the supervision of a competent HAZOP

leader.

• Attended a HAZOP leadership training course and have required

certificates from recognized entities.

110
Core Members HAZOP Methodology
The core members of the team should be present at all sessions.
General
They have the following responsibilities:
The HAZOP study methodology consists of three major phases: planning
and preparation, study execution, and documentation and follow-up.
• Provides information regarding the process and
Process Engineer: operating conditions of each node.
Planning and Preparation
• Explains different process control loops.
Study Initiation
Project/ • Provides information about the design
The study is generally initiated by a person with responsibility for the
Design Engineer: specifications of the project.
project or organization, which in this guide is called the manager. The
manager should determine when a study is required, appoint a study
• Provides information regarding alarms.
Instrumentation/
• Provides information regarding safety leader, and provide the necessary resources to conduct the study. The
Control Engineer:
instrumented systems (SIS) and ESD strategies. manager is ultimately accountable for ensuring that any actions that arise
from the study are completed.
Maintenance/ • Provides information related to equipment
Mechanical Engineer: specifications and possible equipment troubles. Defining Study Scope

• Explains how operators will detect process The study scope shall be clearly stated. It should include the following:
upsets and how they will respond to them.
Operator: • Process and utility systems, including vendor packages.
• Provides insight into how the deviation or human
error could occur. • Normal and abnormal operational modes, e.g., startup, shutdown,
emergency shutdown.
Process Safety/ • Provides information regarding plant safety
HSE Engineer: and emergency procedures. • Safety, health, and environmental hazard consequences.

• Provides information about the process • Major operability problems.

Licenser Representative
technology and the best practices to control
(as needed): • The boundaries of the study.
hazards in that process.

Developing Terms of Reference (TOR)

Vendor representative • Provides information relating to the vendor
(as needed): packages and their design. The terms of reference (TOR) shall be developed by the study leader
and agreed on before the start of the study. A typical HAZOP TOR
document should include the following:
Part-Time Members
• Study Scope and objectives.
The part-time members who may be called when needed include:
• HAZOP methodology.
• Specialist Engineers (piping, civil, electrical, machinery, corrosion, etc.)
• Parameters, guidewords, and deviations are to be used.
• Contractor representative.
• Personnel required to attend the meeting and their responsibilities.
• Commissioning engineer (for new facilities).
• Schedule and deliverables.

• A list of materials and facilities required to conduct the study, such

as a study room with adequate size, copies of P&ID, copies of the risk
assessment matrix, a projector, and recording software.

111
• A list of documents to be included in the review. Table. Examples of deviations and their associated guidewords

• A list of appropriate references, design criteria, standards, or norms.

EXAMPLE INTERPRETATION FOR
• A HAZOP worksheet template. DEVIATION TYPE GUIDEWORD
THE PROCESS INDUSTRY

• Distribution list.
No part of the intention is achieved,
Negative NO
e.g., no flow
Collecting Data and Documentation

HAZOP documentation should include the following: A quantitative increase, e.g.,

MORE
higher temperature
Quantitative
• Process and instrumentation diagrams (P&IDs). modification
A quantitative decrease. e.g.,
LESS
• Process flow diagrams (PFDs). lower temperature

• Process description and process chemistry. A quantitative increase, e.g.,

AS WELL AS
higher temperature
• Pressure relief (or safety) valves datasheets. Quantitative
modification
Only some of the intention is achieved. Only
• Previous HAZID or LOPA Follow-Up/Close-out Report. PART OF
part of an intended fluid transfer takes place

The HAZOP leader shall ensure that these documents are approved and
Covers reverse flow in pipes and
updated before starting the HAZOP sessions. REVERSE
reverse chemical reactions
Substitution
Establishing Guidewords and Deviations
A result other than the original intention is
OTHER THAN
achieved, i.e., transfer of the wrong material
In the planning stage of a HAZOP study, the study leader should propose
an initial list of guidewords to be used. The study leader should test the
Something happens early relative to
proposed guidewords against the system and confirm their adequacy. EARLY
clock time, e.g., cooling or filtration
The choice of guidewords should be considered carefully, as a guideword Time
Something happens late relative to
that is too specific can limit ideas and discussion, and one which is too LATE
clock time, e.g., cooling or filtration
general might not focus the HAZOP study efficiently. Some examples of
different types of deviation and their associated guidewords are given in
the following table.
Study Execution
General

At the start of a study meeting, the study leader should explain briefly the
HAZOP methodology and study plan to ensure that the team is familiar with

112
the process and the study scope and objectives. The HAZOP study should
follow the sequence illustrated in the following figure:
Start Study
Node Selection
Nodes should be carefully selected by the HAZOP Leader. However, the
team members may also have input in node selection. There are two types
of nodes: Process nodes and Global nodes.

Defining Design Intent

Select a Node
The design intent defines how a component or system is expected to
Define Design Intent operate and the purpose of the system. This includes the design flow rate,
temperature, pressure, level, and other relevant details such as chemical
Select a Parameter
composition.

Select a Guideword Selecting Process Parameter

Develop a Deviation
Process parameters should be selected and reviewed in turn for each
node. At least flow, temperature, pressure, and level should be considered.
Identify Credible causes Additional parameters should be selected as applicable to the process.

Selecting Guidewords and Deviations

Record significant consequences
for each deviation and cause
The guidewords are combined with parameters to make the deviation from
Record existing safeguards the design intent. For example, if the guideword “No” is combined with the
parameter “Flow,” the resulting deviation is “No Flow.” Guidewords should
Risk Assessment be selected and applied in turn to each parameter. If no issues are found,
it should be documented that there were no issues of concern for that
Yes
Is Risk Acceptable deviation. Additional deviations that could be used as applicable to the
No studied process include start-up, shutdown, maintenance, inspection, and
Develop Recommendations services.

Assign Responsibility for Recommendations Identifying Causes

All potential causes should be established for each considered deviation.

Yes
Other Deviations There are maybe multiple causes for each deviation. In such a case, each
No cause should be listed separately. Causes can be due to a range of events,
Yes
Other Guidewords such as human error, equipment failure, process upset, external events,
No actuator failure, etc. The cause is identified within the node being studied.
Yes However, the resulting consequence may occur throughout the whole
Other Paramete
process.
No
Yes
Other Nodes “Double jeopardy” events are not typically included in the HAZOP studies.

No Double jeopardy events are multiple independent events occurring at the

same time and causing a hazardous situation. Careful consideration must
End Study be made before deciding whether two or more initiating events can be
considered double jeopardy or not, considering the following factors:

Typical HAZOP Study Sequence.

113
Identifying Consequence
The team members should identify for each cause the practical
unmitigated ultimate consequence (consequences without giving any
credit to the safeguards). It may be beneficial to consult any dispersion
modeling or risk assessment, if available, to fully understand the range of
potential consequences.
Identifying Safeguards
Principal safeguards shall be recorded in the HAZOP worksheet. Typical
safeguards (or protection layers) are illustrated in Figure 3. They could be
Documentation and Follow-Up
HAZOP Worksheet
The HAZOP worksheets should consist of the following:
• Node description: the node description should include clear boundaries
for the node and describe the relevant design and operating parameters
within the node.
• Deviation ID: each identified deviation shall have a unique identifier.
• Parameters, guidewords, and deviations.

preventive (reducing the likelihood of the cause) or mitigative (reducing the • Cause: describes the initial cause for the deviations.
severity of the consequences). Relief valves should be listed as safeguards
• Consequence: it should be described without taking safeguards into
only after it has been confirmed that the relief valve size and set pressure
account.
are sufficient for the consequence being considered.
• Safeguards: all relevant safeguards should be listed for each deviation.
Risk Assessment
• Risk Assessment: it should be done at least for unmitigated risks and
The risk assessment should be carried out during the HAZOP using the
after incorporating the safeguards.
risk matrix included in EGPC-PSM-ST-001: Risk Management Standard.
The estimations of likelihood and severity are normally qualitative and rely • Recommendations/Actions.
on the team’s experience and judgment of similar events. The risk should • Action party: it is the responsible Department/Person for closing out the
at least be assessed without considering any safeguards (initial) and after HAZOP action.
adding the safeguards (current).
• Comments.
Recommendations/Actions
HAZOP Report
Recommendations shall be made if the team judges that the existing
The HAZOP should consist of the following sections:
safeguards are unlikely to prevent or sufficiently mitigate the risk.
Recommendations should meet the following criteria: 1. Main report:

• Stand alone, such that it is understandable without the benefit of the • Title page.
worksheet.
• Table of content, list of figures, and list of tables.
• Be able to be accomplished and have a clear point of closure.
• Executive summary.
• Be understandable, concise, and unambiguous.
• Introduction defining the scope of the study.
• Be worded to address the identified hazard.
• Process or system description and design intent.
• Be thorough (identifying the reason for the recommendation and
• Methodology including guidewords used.
communicating the intentions of the HAZOP team).
• HAZOP team members and their roles.
The HAZOP team should focus on addressing hazards and not try to design
the solution to the problems identified. The purpose of the HAZOP is to • Recommendations summary.

identify hazards, not to engineer solutions. Recommendations shall not be • References (list of P&IDs and other data used).
modified without the agreement of the HAZOP team.
• Distribution list.

114
2. Appendices: • A HAZOP follow-up/close-out report should be issued, which contains
the action response sheets for all recommendations and is to be handed
• HAZOP study worksheets.
over to the next project phase. Moreover, all the pending actions shall be
• List of recommendations from the study. included in a dedicated punch list, which shall be formally handed over to

• Team attendance for each session. the project management of the next phase.

• Color-marked P&IDs with node numbers.

• Risk matrix from EGPC-PSM-ST-001: Risk Management Standard.
• Any incidents considered during the study.
• List of MOCs reviewed.
Sign-Off
At the end of the study, the report of the study should be agreed on by the
team. There should be an official sign-off and approval of the final report
by the team leader and the management representative (preferably the
manager who initiated the study).
Follow-Up
Human Factors
The team should pay particular attention to human factors during the
identification of the deviations causes such as; (a) Improper operation of
valves, (b) Incorrect or inadequate actions through the control system,
(c) Incorrect response to an alarm, and (d) Operability issues such as
instrument visibility, access, or confusing information.
Human factors can be taken into consideration in the assessment of
safeguards and in developing HAZOP recommendations to decide whether
the administrative controls are sufficient or an engineered solution is
necessary. HAZOP normally gives little credit for operator intervention,
particularly if the hazard is significant and occurs rapidly. A separate

• Recommendations shall be addressed in a timely manner and tracked analysis of human factors may be needed if the HAZOP shows that there

till closure. To achieve this, each recommendation should be assigned are significant risks associated with human factors that cannot be properly

to a responsible party with a target completion date for follow-up. Each addressed in the HAZOP.

HAZOP recommendation must be assigned a unique identification

number for easy tracking and follow-up.
Procedural and Batch/Sequential HAZOP
• For each HAZOP recommendation or action, there is a corresponding
Procedural and Batch/Sequential HAZOP usually review any process that is
“Action Response Sheet.” These sheets should contain a detailed
performed in chronological order, such as:
response to the action and should be signed by the person or
department assigned to reply to this action. HAZOP actions are to be 1. Standard procedures such as startup and shutdown procedures.

considered “CLOSED” if the response includes a positive response 2. Non-standard procedures such as non-standard routing of flows.

to the recommendation with relevant attachments confirming its 3. Launching and receiving pipeline pigs.

implementation. HAZOP actions are to be considered “OPEN” if the 4. Batch production processes such as polymer manufacturing.

response is still on hold for any reason, such as waiting for the results of
another study, waiting for a vendor reply, or being implemented at a later
stage of the project.

• The decision to accept the recommendation, suggest different actions

or reject the recommendation must be justified and supported with
technical reasons.

115
 • Redo: This option is selected when a repair of the original HAZOP is
HAZOP of Control or Computer Systems
impractical due to the following:
(CHAZOP)
- A high number of major defects in the original HAZOP.
Control systems, such as programmable electronic systems, have
the potential to create common-mode failures that result in multiple - Many incidents have occurred due to improper original HAZOP review.
simultaneous process deviations. HAZOP of control or computer system - Major changes to the plant since the initial HAZOP.
(CHAZOP) reviews how control and computer systems can fail and the
In these situations, it may be more cost and resource-effective to start
consequences of deviation from the design intent. A decision shall be made
from the beginning with a “blank sheet of paper.”
as to whether the traditional HAZOP adequately addresses control system
issues or whether a CHAZOP or other types of studies are necessary.
List of Annexes

• Annex A – Corporate Risk Assessment Matrix.

Relation to LOPA
• Annex B – Typical Deviations and Causes for HAZOP Study.
Layers of protection analysis (LOPA) relies on the result of HAZOP • Annex C – Example of HAZOP Worksheet.
for identifying hazards, initiating causes, and consequences. The key • Annex D – Example of HAZOP Action Sheet .
participants in HAZOP should also participate in LOPA. If a different
For annexes details, please refer to HAZARD AND OPERABILITY (HAZOP)
team is used for LOPA, the LOPA team should spend some time getting
GUIDELINE - EGPC-PSM-GL-005 on the PSM EGYPT website.
familiar with the process and discussing the hazards already addressed
in the HAZOP study. The HAZOP team should take care in estimating the
consequence level. As this information will feed into LOPA, underestimation
Prepared by:
of the consequence may lead to inadequate layers of protection managing
Ahmed Mostafa
the risk, while overestimation can lead to more layers of protection being
Operations Section Head at Egyptian Linear
applied than are warranted, which, over the lifecycle, results in increased
Alkyl Benzene Company (ELAB)
cost, inspection, and maintenance requirements.

Technical Consultant:
HAZOP Revalidation Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
There are two courses of action that may be chosen to revalidate the
HAZOP study:

• Revalidation: The COMPANY shall carry out a HAZOP revalidation at least

every five (5) years following the initial HAZOP. In this case, the HAZOP
needs only to be revised to reflect the changes that have occurred in the
process and the lessons learned from the incidents. If there are some
“repairable” defects in the previous HAZOP, the revalidation team shall
repair these defects first and then can update and revalidate the HAZOP.

116
Quantitative Risk Assessment
(QRA) Guideline
EGPC-PSM-GL-008

117

Overview
This snapshot showcases an overview of the QRA lifecycle, methodology,
expected outputs, and reporting, focusing on the following main topics:
- Introduction
- Purpose
- QRA Lifecycle Through Project Different Phases
- QRA Methodology
Introduction
The Companies are committed to pursuing no harm to people and the
community and managing Risks through effective controls. Companies
shall manage all Risks to As Low as Reasonably Practicable (ALARP).
The Oil and Gas industry’ Risks, accompanied by process failures and
chemical releases, contain severe consequences which should be
managed quantitatively. The QRA is used to evaluate potential Risks when
qualitative methods cannot provide an adequate understanding of the
Risks and where more information is needed for Risk management.
The QRA is a formal and structured quantitative analysis methodology
used to help Companies manage Risk and improve safety by identifying
the Major Hazards (i.e., identifying incident scenarios), evaluating the
associated likelihood and consequences to people, and calculating Risk
levels in a numerical way for comparison with Risk Tolerability Criteria, and
defining recommendations for guaranteeing proper Risk management is
in place. The QRA helps to make facilities handling hazardous chemicals
safer by supporting Risk-Based Decision Making.
Purpose
This Guideline describes the main components of the QRA studies and
their main outputs, as well as establishes consistent requirements for
planning, conducting, documenting, reviewing, and approving the QRA
studies for the Companies belonging to The EGPC and the Holding
Companies. All QRA studies carried out for the Companies belonging
to The EGPC, and the Holding Companies shall be in accordance with
the requirements of this Guideline.
118
This QRA guideline focuses on protecting people inside and around the
Major Hazard facilities, while protection of Assets is covered in the Fire and
Explosion Risk Assessment (FERA) Guideline (EGPC-PSM-GL-009).
This Guideline aims to provide a framework for:
• When and how to use the QRA.
• What is expected from the QRA.
• The QRA Methodology.
• The Scope of the QRA study.
• The minimum contents of the assumption register.
• Understanding the QRA results, beyond the obvious statistical meanings.
• The consequences modeling and the complete QRA results.
• How to compare the QRA Risk results to the EGPC & Holding Companies’
Quantitative Tolerable Risk Criteria.
• Supporting the demonstration that Risk levels are reduced As Low As
Reasonably Practicable (ALARP Demonstration).
• The QRA report's main components.
Quantitative Risk Assessment (QRA) Lifecycle
Through Project Different Phases
The QRA can be applied in the initial siting and design of the facility
(Greenfield) and during its entire life (brownfield), while the maximum
benefits result when QRA is applied at the beginning (conceptual and
design stages) of a project and maintained throughout its life. The QRA
helps in comparing options during the design phase or for modifications
during operations.
Greenfield
When a new facility starts from scratch, and where the QRA is mandatory,
the QRA shall be executed through the following different project phases:
• Evaluation / Concept Selection Phase
• Basic Engineering / Front-End Engineering Design (FEED)
• Detailed Engineering
Brownfield
QRA Scope of Work
QRA Assumption Register
(Existing facilities/ under development/ new expansion projects/ revamp
projects) the following should be considered: Hazard Identification and Failure Cases
Development (Accident Scenarios)
(PHA, HAZOP, Methodical Leak/ Rupture)
• For existing facilities where QRA is not available,

The QRA shall be carried out at the first available opportunity (earliest). Frequency Assessment Consequence Assessment

• For existing facilities and a new expansion to be established

Physical Effect
Parts Count for
An integrated QRA for the existing and planned facilities shall be carried out. Isolatable Sections
(Flammable, Explosive,
and Toxic)

• For existing facilities where QRA is available,

Impact
Hazardous Events Assessment
The QRA shall be reviewed and revalidated or updated, if required, based Likelihood Assets (Vulnerability )
People
(FERA)
on the following:
(Note, Ref. FERA Guideline, EGPC-PSM-GL-D09))

• If significant changes to facilities (e.g., modification in process, feed

Other data
changes, new technology), barriers, manning level, building functionality for risk
calculation Risk Analysis
or building occupancy, etc., are observed or carried out.

• During developing and updating the Company Safety Case study. Individual Risk Societal Risk

• Every five years, the QRA to ensure integrated Risk from all existing
facilities, including modification and brownfield projects, is considered. LSIR IRPA PLI FN Curve

Risk Evaluation (against criteria)

QRA Methodology
Quantitative Risk
ALARP Demonstration/ Assessment
The basis of the QRA methodology is to identify incident scenarios and QRA Reporting
Sensitivity Analysis Methodology
evaluate the Risk by defining the frequency of failure, the probability of
various consequences, and the potential impact of those consequences.
The QRA Methodology Flowchart
The Risk is defined in QRA as a function of probability or frequency and
consequence of a particular accident scenario.
The objective of the QRA Methodology is to cover the activities QRA Scope of Work
illustrated in the following flowchart. The Company is responsible for identifying the scope of work of the QRA
study and submitting it to the QRA Consultant to prepare the assumption
register in order to start the execution of the study. The scope of a QRA
includes the necessary details to define the QRA as a single document and
includes:

• The Objective of The QRA Study

• The Facility Description

• Types of Risks to be Evaluated

• QRA Deliverables

119
• Boundaries of the QRA • Ignition Probability

• General Requirements • Explosion Modelling

• Identification of Resources • Manning Distribution

• Kick-Off Meeting • Meteorological Data

• Finalize the Scope • Modification Factor(s)/ and other Judgemental

Assumption(s) (if used)

Assumption Register • Risk Calculation
After the kick-off meeting and the finalization of the scope of work between • Risk Acceptance Criteria
the Company and the Consultant, the Consultant shall establish the
• Sensitivity Analysis (if required)
study’s Assumption Register to show:
• The Study Deliverables
• The study’s different assumptions.
• Software to be used name, version, and license number
• The available data to be used.
• References
• The missing data (if any) alternatives and assumptions.

• The references to be used.

Hazard Identification
The QRA will contain several assumptions: these assumptions shall be
listed in the QRA report so that results are fully traceable and repeatable All potential Major Accident Hazards associated with the facility or

and so that it can be verified that the assumptions reflect site reality.
The register shall contain the assumptions for at least the following
sections (Note: Some sections could be merged if applicable):
• Failure Case Definition (Identification of potential Loss Of
Containments- LOCs)
• Parts Count / Isolatable Sections
operation shall be taken forward for QRA assessment. The potential
hazardous event is usually called the 'top event' (e.g., hydrocarbon leaks
from process equipment, storage facilities, risers, or pipelines).
Generally, there are two types of considered hazards, process,
and non-process:
• Process hazards generally consist of onshore/offshore process
facilities, storage facilities, piping/pipelines, etc.

• Release Location and Orientation (Direction) • Non-process hazards consist of occupational hazards, transportation
Risks, escape and evacuation risks, ship collisions, dropped objects, etc.
• Consequence Assessment – Discharge
Hazard Identification and failure case development techniques such as
• Physical Effect Potential Outcomes
HAZID, HAZOP, & Methodical Leak/Rupture, along with the Company
• Impact Assessment Criteria Major Accident Hazard (MAH) list, are used to identify the Major Accidental

• Consequence Results Height of Interest Hazards associated with project facilities.

• Indoor / Outdoor Vulnerability Hazard Identification contains the following main steps:

• Process / Model Assumptions • Review all site materials and identify those that are hazardous.

• Leak Frequencies and Hole Sizes • The review process, utilities, and storage PFDs to identify areas of
concern.
• Event Trees

120
• Identify the Isolatable Sections: Hazardous Events shall be defined in
terms of the Isolatable Sections and their operating conditions.
• Identify the Hazardous Inventories (Inventory Analysis) for each
Isolatable Section.
• Determine the Source Terms for all accidental events. The Source Term
means the rate at which hazardous material reaches the environment
and the conditions of the material (e.g., temperature, composition).
Developing the Failure Case (Accident Scenarios)
Consequence Assessment
Failure Cases (Accident Scenarios) Possible Outcomes
The development of the top event into a serious incident gives an estimation
for the expected failure cases (accident scenarios). The outcomes depend
on: the effect of the process parameters, the release hole size, the phases
of the hazardous material, the elevation and direction of the release
point, the safety systems, the weather conditions, the confinement and
congested areas, and the presence of ignition sources.

Once the hazards are identified, the Accident Scenarios for the QRA can The possible outcomes from different hydrocarbons releases are:

be generated. • Flash Fire.

• Jet Fire.

Failure Cases Development Hazard • Pool Fire.

Process Data
(Accident Scenarios) Identification
• Explosion (VCE - Vapor Cloud Explosion).
Failure Case Development Inputs
• Fireball / BLEVE (Boiling Liquid Expanding Vapor Explosion).

• Flammable Gas Dispersion.

Failure cases are identified for the following categories:
• Toxic Gas Dispersion.
• Pipework, risers, valves, flanges, fittings, and associated equipment.
Accordingly, for each identified Isolatable Section and Failure Case, the
• Pressure vessels/tanks.
physical effects (consequence) shall be identified.
• Atmospheric storage tanks.
Physical Effect Modelling
• Intermediate bulk containers.
The Physical Effect refers to the possible consequences of the release of
• Pipelines. hydrocarbons and toxic gases. (For example, this may be the extent of a gas

• Flexible hoses. cloud's flammability or toxicity, or it may be a measure of thermal radiation

or explosion overpressure).
Failure cases are distinguished from each other by the following
conditions: Physical effects shall be calculated to identify which parts of the facility,
community, Company personnel, and the public may be exposed for each
• Release location. potential event and the extent of that exposure. This exposure is used to
• Process parameters. estimate the potential for further failure, escalation, impairment, injury,
etc., and contribute to decisions on the need to reduce such Risks.
• The size of the isolatable inventory affects the release rate profile
The following Figure shows the stages of developing the Hydrocarbons
and duration of release. (HC) release into the main physical effects.

• Material/phase released.

121
 • Fire Scenarios (radiation levels)
Weather
Conditions
Toxic • Explosions (blast overpressure)

• Toxic Gases (toxic gas exposure)

HC Release
Discharge Dispersion Flammable • Smoke (toxic fumes exposure)
(Parameters)

Frequency Assessment
Exlposion
Parts Count (Equipment Count) for Isolatable Sections:

The Stages of Developing the HC Release the Main Physical Effects
Impact Assessment & Vulnerability of Human
As part of the impact assessment, the vulnerability of humans to the
consequences of major hazard events at onshore and offshore installations,
primarily those producing and/or processing hazardous fluids, is established.
The focus is on Fatality Criteria as QRAs generally address fatality Risks:
however, injury thresholds can also be identified where appropriate.
For each failure case, in each isolatable section, equipment is counted
to provide input to estimating leak frequencies. This is known as a ‘parts
count.
The frequency of each leak scenario and size identified is estimated by
combining parts counts for each equipment item with Leak frequencies.
A ‘parts count’ involves counting each and every equipment item in each
section identified.
Hazardous Events Likelihood

The Quantitative estimates of hazardous events likelihood are usually

Weather derived using a combination of the following approaches:
Conditions
Toxic
People and Assets

• Plant/Facility-Specific Data
Vulnerability of

HC Release
(Parameters)
Discharge Dispersion Flammable • Generic Failure Frequencies

• Using Modelling Techniques

Exlposion

• Fault Tree Analysis (For Top Event Frequency Estimation)

Physical Effect Impact • Event Tree Analysis (For Failure Cases Probability Estimation)
(Severity Extend) Assessment

• Judgemental Evaluation
The Stages of Developing the HC Releases into the Impact Assessment
• Software

Frequency Estimation
The impact assessment is generally expressed in terms of the following:
The failure frequency for each failure case for each isolatable section needs
a. Lethality, which is the fraction/percentage of the exposed population
to be represented by one frequency value (e.g., it would consider all large
who would suffer fatality on exposure to a given consequence level.
leaks from all the base elements in each isolatable section as they are all
b. Probit, which is a function that relates lethality to the intensity or
part of the single failure case for this isolatable section). Failure frequencies
concentration of hazardous effects and the duration of exposure.
are applied to all items of equipment (e.g., pipes, flanges, valves) within the
Generally, the following consequences are considered as part of the failure cases (as they are all part of a single failure case).
impact assessment:

122
Other Data for Risk Calculation
In order to complete the Risk Calculation, some other data should be
collected, calculated, and considered (e.g., Process and Plant Data,
Chemical Data, Environmental Data, [1]), hereafter some of the most
important required data:
• Ignition Sources and Ignition Probability
• Explosion Data
• Meteorological Data (Weather Conditions and Probabilities)
• Population and Manning Level Distribution
Risk Analysis
The consequences and frequencies are combined in an integrated QRA
model to give numerical Risk values.
(Note: Other non-process hazards also need to be analyzed, such as
personnel transport, occupational hazards, ship collision, aircraft impact,
and natural hazards. Each has its own specialist method for Risk Analysis).
Risks to people may be expressed in two main forms:
Individual Risk:
The Risk is experienced by a person, and it shows the frequency at which
an individual (worker or public) may be expected to sustain a given level of
Societal (or Group) Risk:
The Risk experienced by the whole group of people exposed to the hazard.
Where the people exposed are members of the public, the term Societal
Risk is often used. Where workers are isolated, and members of the
public are unlikely to be affected, the term group Risk is often used. In this
document, the term Societal Risk is used to encompass both public and
worker Risk. There are two forms of Societal Risk:
• FN Curve / Diagram: The FN curve is the curve of cumulative frequency
versus the number of fatalities on a logarithmic scale. FN curves are
fr quency-fatality plots, showing the cumulative frequencies (F) of events
involving N or more fatalities.
• PLL, Potential Loss of Life: The other main measure for Societal Risk is
the annual fatality rate, where the frequency and number of fatalities
are combined into a Potential Loss of Life (PLL), which is a convenient
one-dimensional measure of the total number of expected fatalities.
Other Risks Analysis
• Non-Process Risk
• Ship Collision Risk Assessment
• Transportation Risk Assessment
• Marine Transport Risk Assessment

harm from the realization of specified hazards. It is divided into: • Aviation Risk Assessment

• IRPA, Individual Risk Per Annum: Individual Risk is mostly expressed in • Road Transport Risk Assessment
the form of Individual Risk Per Annum (IRPA). The IRPA is a representa-
• Dropped Object Risk Assessment
tive work of a given workers group considering expected occupancy at all
the locations he is expected to be present within the hazardous location • Occupational Risk Assessment
throughout the year. This includes plants, accommodations, recreation-
• Escape and Evacuation Risk Assessment
al activities, etc. The calculation excludes the duration for which person-
nel is not present at the site due to reasons such as annual leave. Person- • H2S Zoning

nel is considered not exposed to facility operations or occupational Risk
during this duration.
• LSIR, Location Specific Individual Risk / Risk contours: Risk contours are
iso-Risk contours plots that represent the geographical variation of the
Risk for a hypothetical individual who is positioned at a particular
location for 24 hours per day, 365 days per year.
• Occupied Building Risk Assessment
• Simultaneous Operations (SIMOPS) QRA
• Integrated Risk Assessment
Once various Risks, such as process Risk, non-process Risk, escape &
evacuation Risk, etc., are determined, the overall Risk shall be determined
by combining Individual Risks from all these factors. For brownfield
or modifications projects/QRA, existing facilities Risk shall also be
considered.

123
Risk Evaluation
Once Risks are identified and analyzed, Risks should be evaluated against
set Criteria. It must be ensured that all Risks are evaluated to meet and
comply with EGPC and Holding Companies’ Quantitative Risk Tolerance
Criteria. The QRA Tolerance Criteria - mentioned in detail in the Risk
Management Standard EGPC-PSM-ST-001 - as shown in the following
figures:
ALARP Demonstration
The QRA shall provide a clear demonstration that the Risk is (or will) be
reduced to ALARP. ALARP process starts with the identification of the
Major Risk Contributors. These Major Risk Contributors are further broken
down to determine the top contributors to Risk.
Risk reduction measures are identified against these contributors to
reduce the Risk, as well as identifying the hierarchy of controls for these
Risk reduction measures.

10 -3per year (worker)

Sensitivity Analysis
Unacceptable
The Sensitivity Analysis generally takes place to fulfill ALARP Criteria.
10 -4per year (public) It is the act of analyzing the effect of output by changing one or more of
Increasing Risk

Tolerable if the inputs to the system. It is often used when there is uncertainty in a
ALARP particular input.

(For example, a Sensitivity Analysis may be performed when trying to

decide whether to store LPG using pressurized technology or refrigerated
10 -6per year (both) technology, the different obtained Risks provide the basis for the Risk
Broadly management decisions making process). Some typical examples of the
acceptable
elements which can be subject to Sensitivity Analysis are:

• Leak frequencies
Individual Risk Tolerability Criteria
• Leak locations

• Ignition probabilities

• Wind data
1.0E-01

• Operating conditions
1.0E-02
• Release durations
Intolerable Risk
1.0E-03
• Vulnerability Criteria
Frequency (1/yr)

1.0E-04
Risk is tolerable • Population data
if ALARP
1.0E-05
QRA Reporting
1.0E-06 Broadly acceptable Risk QRA report shall document all the key assumptions, facility descriptions,
assessment details, and all relevant calculations and information used in
1.0E-07
the assessment. The report shall be submitted in Hard and soft copy as
1 10 100 1000
Number of Fatalities per needed by the Company and should be subjected to the document
control procedure of the Company.

124
The QRA report shall contain at least the following sections: - Appendix 6 - Populations densities

• Executive Summary & conclusion - Appendix 7 - Inventory Calculations

• Section 1– Introduction/ Objective/Scope - Appendix 8 - Consequence Results (flammable gas, fire, and

• Section 2 – Facility Overview explosions) & Contours

• Section 3 – QRA Methodology - Appendix 9 - LSIR - FN Curves

• Section 4 – Site Description - Appendix 10 - Risk Ranking Reports

• Section 5 – Hazard Identification

List of Annexes
• Section 6 – Failure Cases
• Annex A – Table A1 gives an example and a sample for the Process
• Section 7 – Consequence Assessment Hazards, Events, Sequences, Incident Outcomes, and consequences.

• Section 8 – Frequency Assessment • Annex B – Gives details to determine and understand the different
values
• Section 9 – Ignition Probabilities
of the Vulnerability of humans for different Consequences/Impact of
• Section 10– Explosion Probabilities Major Hazard Events.
• Annex C – Figures C1-C5 provide examples for Event Tree for a range of
• Section 11 – Weather Conditions
different releases.
• Section 12– Manning Levels • Annex D – Tables D1 & D2 give a full list of the QRA study deliverables.
• Annex E – The QRA Tolerance Criteria- as per mentioned in the Risk
• Section 13– Process Risk Assessment
Management Standard EGPC-PSM-ST-001.
• Section 14 – Non-Process Risk Assessment (if required)
For annexes details, please refer to Quantitative Risk Assessment (QRA)
• Section 15 – Integrated Risk Assessment Guideline- EGPC-PSM-GL-008 on the PSM EGYPT website.
• Section 16 – Risk Results and Assessment (indoor and outdoor Risk

results)
Prepared by:
• Section 17 – Sensitivity Analysis (if required) Mohammed Sabry Hanafi Mahmoud
Risk Management and Loss Prevention Studies
• Section 18 – Major Risk Contributor Analysis & Risk Reduction Measures
Executive General Manager – GASCO
• Section 19 – ALARP Demonstration

• Section 20 – Conclusion & Recommendations Technical Consultant:

Amr Fathy Moawad Hassan
• Section 21 – References
PSM Senior Consultant at Methanex Egypt
- Appendix 1 – Assumption Register

- Appendix 2 – Plot Plans, Layouts, etc.

- Appendix 3 – Isolatable Section & Failure Case Marking

- Appendix 4 – Part Count and Failure Frequencies

- Appendix 5 – Meteorological Data

125
 Seveso Disaster - North Milan, Italy.
Saturday, July 10, 1976. Chemical
explosion. Release of a chemical
cloud containing the highly toxic
dioxin TCDD.

126
Fire And Explosion Risk Assessment
(FERA) Guideline
EGPC-PSM-GL-009

127
Overview
This snapshot showcases an overview of the FERA lifecycle, methodology,
expected outputs, and reporting, focusing on the following main topics:
- Introduction
- Purpose
- FERA Lifecycle Through Project Different Phases
- FERA Methodology
Introduction
The oil, gas, and petrochemical industries contain major hazards that are
inherent to their assets, activities, operational locations, and products
which may cause severe impact on people and assets in case of potential
process failures and chemical releases. Managing the significant risks
of those major hazards shall undergo quantitative risk analysis means to
provide and ensure a better understanding of the significant risk and its
impacts and to have the chance to set and prioritize the control measures
based on figures.
The Fire and Explosion Risk Assessment (FERA) study quantifies risks to the
facilities associated with events caused by Loss of Containments (LOCs)
and it is a formal and structured quantitative risk analysis methodology used
to help companies manage their risks and improve safety by identifying the
major hazards, evaluating the associated likelihood and consequences
to the different assets and facilities, and calculating the risk levels in a
numerical way for comparing with the vulnerability criteria (consequence
approach) and the Risk Tolerability Criteria (risk-based approach), and
defining recommendations to guarantee proper risk management is in
place.
The results of the FERA study are used to ensure a safe facilities layout
(process units, equipment, piping, and buildings), specify passive and active
fire protection requirements, and could provide input for the assessment
of the escape and evacuation locations and roots and the Emergency
Systems Survivability.
128
Purpose
This guideline describes the main elements of planning, conducting, and
reporting the FERA studies for the companies under EGPC and Holding
Companies.
The main objectives of the FERA study are:
• Identifying and assessing all potential fire and explosion hazards and their
impact on the facilities, and
• Providing and defining the recommendations and the required risk
reduction measures to control these hazards and their impact.
The main output of the FERA study may include the assessment of the
requirements of passive and active fire protection (PFP & AFP), evaluation
of the requirements of blast protection for the buildings, and provision
inputs for developing fire zones.
The FERA guideline focuses on the protection of assets and facilities while
protecting people inside and around the Major Hazard facilities covered in
the Quantitative Risk Assessment (QRA) Guideline.
FERA Lifecycle through Project Different
Phases
The FERA can be applied in the initial siting and design of the facility in a
greenfield and during its entire life in a brownfield. The maximum benefits
are witnessed when FERA is applied at the beginning (conceptual and
design stages) of a project and maintained throughout its life.
Greenfield
When a new facility starts from scratch, and where the FERA is required,
it should be considered in the following different project phases (the
objective of the study may also vary for each project phase):
• Evaluation / Concept Selection Phase
Preliminary FERA, if required, may be carried out during the concept stage,
and usually only consequence modeling is required, unless otherwise
determined by the company, to assist in layout planning, determine the
separation distances, etc.
• Basic Engineering / Front-End Engineering Design (FEED)
A Comprehensive FERA shall be performed during the FEED Stage of the
project to provide a numerical estimate of the facilities’ risk exposures.
This allows risk levels to be compared with the vulnerability criteria
(consequence approach) and the Risk Tolerability Criteria (risk-based
approach) and provides input where Risk Reduction Measures (RRMs) are
required to mitigate the risks.
• Detailed Engineering
FERA study Methodology
The basis of the FERA study methodology is to identify incident scenarios
and evaluate the risk by defining the frequency of failure, the probability of
various consequences, and the potential impact of those consequences
on different facilities.
The FERA study methodology flowchart is illustrated in the following
Figure:

The FERA study conducted during the FEED shall be updated, as required, FERA Scope of Work
FERA Assumption Register
during the Detailed Engineering Phase based on the newly established
information, data, engineering documentation, etc. The FERA study at this
Hazard Identification and Failure Cases
phase forms the basis for the operations phase. Development (Accident Scenarios)
(PHA, HAZOP, Methodical Leak/Rupture)

Brownfield
Frequency Assessment Consequence Assessment
For existing facilities, facilities under development, new expansion projects
or revamp projects, the following should be considered:
Failure Cases Possible Outcomes
• For existing facilities where FERA is not available, Parts Count for
and its Physical Effect
Isolatable Sections

The FERA study shall be carried out at the first available opportunity Identifiy Receptors to be Evalutade
(Equipmint, Structure, Buildings....)
(earliest).
Hazardous Events
Impact Assessment
• For existing facilities and a new expansion to be established Likelihood
(Against the Facilities Vulnerability
and EER Impairment Criteria)
An integrated FERA study for the existing and planned facilities shall be
carried out.

• For existing facilities where FERA is available, Other Data for Risk Calculation
(Ignition Probabilities, Explosion,
Metrological Data)
The FERA study shall be reviewed and revalidated or updated, if required,
based on the following:
Risk Analysis
• If significant changes happened to the facilities (e.g., modification in (Identify the risk value at each Receptor)
&
process, feed changes, new technology, barriers changes, manning Risk Evaluation
(Against the Risk Tolerance Criteria)
level, fire protection measures, building functionality or building
occupancy, etc.) are observed or carried out.
Fire and Explosion
• If the FERA study is required during developing and updating the Assess The FERA Results and Risk Assessment
FERA Reporting
Set The Recommendations (FERA) Methodology
company’s Safety Case study.

• Every five years to ensure integrated risk from all existing facilities,
The FERA Methodology Flowchart
including modification and brownfield projects, is considered.

129
The FERA study Methodology is almost similar to the QRA study
methodology, with some changes such as the intent of the study, the
consequence and risk receptors, and the forms of the output.
The FERA study Methodology contains, as required, the assessment of the
fire zone, passive fire protection assessment, explosion assessment, and
review of active fire protection accordingly,
FERA Study Reporting
The FERA study report shall document all the key assumptions, facility
descriptions, assessment details, and all relevant calculations and
information used in the assessment. The report shall be submitted in hard
and soft copy as needed by the company and should be subjected to the
document control procedure of the company.

The methodology of the FERA study could be summarized as follows:

• Setting the FERA scope and defining the assumption register contents. Prepared by:
Mohammed Sabry Hanafi Mahmoud
• Hazard identification; including defining the potential event sequence
Risk Management and Loss Prevention Studies
and potential incidents.
Executive General Manager – GASCO
• Evaluating the incident outcomes (consequences) using some typical
tools, including vapor cloud dispersion modeling and fire and explosion Technical Consultant:
effect modelling. Amr Fathy Moawad Hassan

• Identifying different receptors to be evaluated (e.g., hydrocarbon PSM Senior Consultant at Methanex Egypt

handling equipment, critical structures, escape and evacuation roots,

buildings, etc.).

• Estimating the incident impacts (consequences) on different receptors

against the plant/structure vulnerability criteria.

• Estimating the failure cases frequencies.

• Estimating the Risk by combining the potential consequence for each

event with the event frequency over all events.

• Estimating the risk for each of the different receptors against the risk
tolerability criteria.

• Identifying and prioritizing potential risk reduction measures if required.

130
Hazardous Area Classification
(HAC) Guideline
EGPC-PSM-GL-014

131

Overview
This snapshot showcases an overview of the Hazardous Area Classification
(HAC) guideline, focusing on the following main topics:
- Introduction
- Purpose
- Basics & Approached of Hazardous Area Classificaton (HAC)
- HAC Required Data, Expected Deliverables, and How to Manage
Introduction
The "Hazardous Area Classification (HAC) Guideline" gives guidance on
the classification of areas around equipment handling or storing flammable
fluids - or combustible liquid-produced vapors mixed with air under normal
atmospheric conditions - and provides a basis for the classification of
hazardous areas. Also, the document's annex provides the basis for the
correct selection, maintenance, and inspection of the explosion-proof
electrical installations.
Potentially explosive atmospheres occur in many industries, not only in
onshore and offshore petrochemical processing and refining plants but
also in places such as fuel filling stations, garages, workshops, etc. Failure
to adopt correct and safe working practices could result in the ignition of
explosive gases, not necessarily at the time the work is done but possibly
at some future date.
Purpose
The main purpose of the Hazardous Area Classification (HAC) guideline is
to provide comprehensive information for guidance in the classification of
areas and to set out principles, definitions, and explanations of terms that
are used for area classifications throughout facilities.
This guideline is not developed for the plant designers who prepare
the hazardous area classification drawings to help them in the design
process. Although it provides them with valuable knowledge, it is prepared
essentially for the asset owners to aid them in understanding the HAC
concepts and how to prepare appropriate and helpful data for the plant
designers, determine the expected deliverables from the designer (HAC
drawings, HAC schedule, ...etc.), review and interpret the deliverables
132
of the detailed design and engineering developed by any electrical
engineering discipline, and use these data in the selection, inspection,
and maintenance of the classified electrical equipment. The document's
annex also provides the basis for the correct selection, maintenance, and
inspection of the explosion-proof electrical installations.
Finally, this guideline has also been prepared to:
• Maintain process safety requirements to protect personnel, plant, and
property from explosion hazards due to installing unclassified electrical
installations in hazardous areas, i.e., maximize the safety of electrical
equipment installed in potentially explosive atmospheres.
• Minimize the risk of accidents by the adoption of safe and sound engi-
neering practices in the oil and gas industry.
The guideline is intended to apply to all upstream, midstream, and
downstream facilities and installations in processing, distribution, and
drilling and production sites of the oil and gas sector. This guideline does
not apply to the classification of locations containing combustible dust or
ignitable fibers of flying. It does not comprehensively address the releases
of flammable refrigerated or cryogenic liquids, for which the dispersion
characteristics are markedly different from those of fluids at higher
temperatures.
Basics and Approaches of Hazardous Area
Classification (HAC)
Basics of Hazardous Area Classification (HAC)
Hazardous (classified) areas are those where fire or explosion hazards
may exist due to the presence of flammable gases, vapors, and liquids.
Hazardous Area Classification (HAC) is the process of determining the
existence and extent of hazardous locations in a facility containing any of
those substances. The result of the process is usually called the HAC of
the facility. In the context of electrical equipment, the terms hazardous
area classification, hazardous locations, hazardous (classified) locations,
and classified areas—are all synonymous with HAC. Hazardous area
classifications explain how to select and install electrical equipment and
wiring to minimize the likelihood of ignition of a flammable or explosive
mixture.
For a fire or explosion to occur, all three of the following statements must
be true:
• The flammable or combustible material is present.
• The material is mixed with air in the proportions required to produce an
ignitable mixture.
• The release of energy is sufficient to ignite the mixture.
The above conditions constitute the well-known “fire triangle.” In the
context of HAC, the source of energy is understood to be the facility’s
electrical system.
Hazardous Area Classification (HAC) is the assessed division of the
facilities into zones based on the likelihood of occurrence and duration of
a flammable atmosphere. The zones are divided into Zone 0, Zone 1, Zone
2, and non-hazardous areas. Hazardous area classification is a rigorous
method of determining where an explosive environment may be present. In
general, hazardous areas are defined by:
• The type of hazard or hazardous material.
• The likelihood of its presence in flammable concentration.
• The auto-ignition temperature of the hazardous material.
Approaches of Hazardous Area Classification (HAC)
The HAC guideline presents methodologies to be used in hazardous area
classification. The following figure illustrates how to select the appropriate
approach to be used.
• The first and most commonly used approach is the Direct Example
Approach, which can be used in limited cases for common facilities.
• If the direct examples (such as the ones stated in the references, e.g., API
RP 505 and EI 15 Annex D) do not match the design of the site’s equipment
or the surrounding working environment, and the release hole size and
grade release rate are known, the Point Sources Approach can be used.
The Point Source Methodology involves the identification of the point
sources and associated release conditions, determination of the grade
of release, determination of the fluid category, the establishment of the
zone classification, determination of the hazard radii, determination of the
hazardous area, and combination of the hazardous areas from different
point sources.
• Where the release hole size and/or grade release rate is unknown, the
Risk-Based Approach can be used to calculate the release rate and haz-
ard radii. The Risk-Based Approach provides means of adjusting release
frequency and hence hazard radii to fit specific process scenarios. It is
proposed to determine the hole size to be used for a secondary grade
release. A secondary grade release, as defined before, would not be an-
ticipated to occur during normal operation. Examples include failure of
pump/compressor seals, leaks from valves and flanges, or operational
error.
It is considerable to know that it is normally not necessary to determine
the hazardous area that would arise from each source of release when
this would not influence the overall zone boundary. In carrying out such a
hazardous area assessment, by the direct example approach, the following
basic principles should be considered:
a. When classifying a new facility or modifying an existing one, the area
classification should be carried out before the design and layout of
equipment are finalized, as, at this stage, it may be possible to make
considerable improvements at little cost and even some savings.
b. The area classification should be reviewed, and modified, if necessary,
on completion of design or before any significant change is made to an
existing plant or to the category of flammable fluids that are to be
handled.
c. Vents and drain points from vessels and instruments can influence the
boundary of the overall (Zone 2) hazardous area. As the exact locations
of these may not be known when the initial hazardous area drawing was
prepared, the hazardous areas as derived should be drawn from the
extremities of the equipment or pipework containing the vent/drain
point.
d. Where facilities, such as storage, pumps, or loading and discharge
facilities, handle a number of materials, the area classification should be
based on the most volatile anticipated.
e. If the direct example approach cannot be applied, the Point Source
Approach is applied. The basic guidance set out in the Point Source
Approach for Classification of Individual Sources of Release, except
where otherwise stated, relates to open area conditions with good
ventilation that ensures natural dispersion of releases to the
atmosphere.
f. Where less well-ventilated or enclosed situations occur, typically in
offshore installations and certain onshore situations, guidance on the
relevant
g. ventilation condition should be obtained from the Ventilation clause.
When the release rate is unknown, the Risk-Based Approach is relevant.
133
 Details of installation/ Is quantity of flammable NO
• Gradual displacement with good mixing. In this case any contaminant is
plant or process material that may be released
sections sufficient to require well-mixed through the volume. A large part or all of the volume can be-
classification?

Material properties: YES

come contaminated, while displacement removes the mixture of air and
- Boiling point
- Flash point contaminant. A special case of this is sometimes referred to as dilution
- Ambient temperature Can a petroleum
Is the facility of YES class be NO
Process conditions:
common type assigned to the ventilation.
- Pressure material?
- Temperature

The following figure can be used to determine how to assess the degree of
NO YES
ventilation for any given situation.
NO Assign fluid category: Assign petroleum
Is the fluid at Assign non-
A, B, C, G class
a temperature below flammable
its flash point? petroleum
class Is the area to be classified enclosed?
YES

NO YES
Can the fluid form a
flammable mist at these
process conditions? Outdoor area Enclosed area
Is release rate known, Open air conditions Air movement limited and flammable
hole size, pressure? atmosphere not dispersed naturally
YES
NO

YES NO

Is there congestion restricting gas Does the enclosed area contain an

Classification Determine extent Determine extent Determine extent Classification dispersion/air movement? internal source of release?
not required. of hazardous area of hazardous area of hazardous area not required.
Nevertheless, and zone and zone and zone Nevertheless,
consider other classification classification classification consider other YES NO YES
safety measures. using: using: using: safety measures.

If external source exists, Is there dilution

Non-hazardous Point source Risk-based Direct example Non-hazardous
area approach approach approach area
Is the area stagnant? is enclosure pressurised ventilation?
to >50 Pa?

Selection Of the Appropriate Approach To Hazardous Area Classification NO NO YES YES NO NO YES

Does ventilation limit the

average enclosure
Effect of Ventilation on Area Classification concentration to <25 % LFL?

YES NO
Ventilation dilutes gas or vapor released into the atmosphere by dispersion
Open area Congested Stagnant
until its concentration is at a safe limit (below the lower flammable limit (LFL)). area area
Over Non Enclosed Enclosed Dilution
pressurised pressurised area area ventilation
The time it takes for this to occur and the size and spatial location of the gas enclosed enclosed Adequate Inadequate
area area ventilation ventilation
Non-hazard with no
cloud depend upon the nature of the release, the vapor properties such ous internal
release
as density relative to the air, the movement of the air, and the presence of source

turbulence to promote mixing. Where the release is not into completely free
air (i.e., not into an open area), then the airflow, or ventilation, is also a factor
HAC Required Data and Expected
in determining the rate of gas or vapor dispersion. However, it is important
to also consider, in a sheltered or obstructed open area or enclosed area, Deliverables
whether any recirculating motions may lead to a gradual accumulation of gas The Required Data for Developing Hazardous Area Classification
or vapor over time.
If a company assigns the task of classification of hazardous areas to
The processes of movement of air and removal of contaminated air occur, to an external contractor/expert to explain, the data, information, and
differing degrees, in any ventilation process. The limiting cases are: documentation have to be provided to the contractor/external expert as
determined from the assessment methodology. This information such as
• Efficient displacement without mixing. In this case a contaminant is
PFDs that provide information about the process stream, plot plans that
swept out of a volume without much mixing. This is sometimes referred
serve as the backgrounds for area classification plan drawings, MSDSs
to as 'displacement ventilation. By inference, high concentrations of
that are the source of process information about each component in the
contaminant may exist within the volume and be emitted from it.
process stream, and P&IDs that provide a lower-level view of the process

134
for equipment identification and process arrangements. The information
can include:
a. Brief descriptions of the process and it's O&M and cleaning details.
A process flow diagram showing flows, temperatures, and pressures.
b. A listing of all the flammable and combustible materials used in the
facility, as well as their pertinent properties (flash point, ignition
temperature, density, etc.) and how and where the materials are handled.
As well as the material properties (e.g., gas group and T class).
c. Flashpoints or, where more complex conditions requiring a point-source
release approach apply, the boiling ranges or other relevant physical
characteristics of the fluids handled that will enable the fluid category.
d. Where relevant, a piping and instrumentation diagram would also
indicate drain/sample points, etc., and line/valve sizes (for example, for
the processing plant).
e. A layout drawing with typical plans and elevations showing the position of
all equipment, including operational vents, drain/surface water systems,
storage areas, and tanker loading areas. In addition, this should show
sources of ignition such as heaters, roadways with unrestricted access,
flares, workshops, hot work areas, etc.
f. Knowledge of the equipment features and the mode of operation.
g. Ventilation details, considering whether open, congested, stagnant, or
enclosed area(s). For congested or enclosed areas, the positions of
openings such as doors, windows, and inlets/outlets will be needed. The
location of below-grade areas, such as pits and pipe trenches, should
also be specified.
Hazardous Area Classification Expected Deliverables
In the new installations, the expected deliverables from the plant designer
regarding the hazardous area classification comprise hazardous area
classification schedules and drawings that include detailed design and
engineering information. Hazardous area classification drawing outlines
the classifications of areas where flammable liquids, gasses, or vapors are
handled, processed, or stored. It is created based on input from the Process
Flow Diagrams, Piping and Instrumentation Diagrams, and the Equipment
Location Plan. The drawings usually include plot plans with a 3D perspective
to illustrate the elevation of hazardous areas. The drawings intend to
communicate to engineers, operators, and contractors information on the
hazardous material that may be present and the probability that it is in the
atmosphere. This knowledge allows engineers and designers to select the
right equipment and for contractors to know how to properly install the
equipment. The deliverables have to include the following:
• Hazardous Area Classification (HAC) Drawings.
• Hazardous Area Classification (HAC) Schedule.
• Hazardous Area Classification (HAC) Report.
The HAC drawing intends to communicate to engineers, designers, and
operators information on the hazardous material that may be present and
the probability that it is in the atmosphere. This knowledge allows engineers
and designers to select the right equipment and for operators to know how
to properly install the equipment. Area classification records can comprise
detailed drawings with notes and/or can be in the form of tabulations.
The area classification drawings should be of sufficient scale to show all the
main items of equipment and all the buildings in both plan and elevation.
Records should be marked up using the shading convention adopted in IEC
60079–10–1, shown in the following figure.
Zone 0 Zone 1 Zone 2
Hazardous Area Zone Classification Shading Convention
Hazardous Area Classification Management
Area classification should be incorporated into companies’ process safety
management systems. The person responsible for the coordination of
the area classification should be identified and competent in this field.
The work, which requires an interdisciplinary approach, should be carried
out by persons who have full knowledge of the process systems and
equipment, in consultation with process safety, loss prevention, and
electrical engineering personnel, as appropriate. Agreements reached on
the area classification should be formally recorded, regularly reviewed, and
kept updated. Records, such as drawings and/or tabulated data sheets,
should include details as to the type of protection selected to meet the
zone requirements and the apparatus sub-group and temperature class
(T class) of the equipment.
In classifying a new facility or a modification to an existing facility, the
area classification should be carried out before the design and layout of
equipment are finalized. The area classification should be reviewed, and
drawings modified on completion of the design and before any change is
made to existing plants.
135
The company operating a facility has the main responsibility to ensure that Prepared by:
area classification has been carried out on installations handling flammable Ahmed Mohammed Ibrahim Mohammed Roustom
fluids. Where a facility has been designed and built on a turn-key basis, the Risk Management and Loss Prevention Studies
plant designers should have carried out an area classification study and Assistant General Manager – GASCO
should have passed it over with other documentation to the operating
company at the end of commissioning. Technical Consultant:
Amr Fathy Moawad Hassan
List of Annexes PSM Senior Consultant at Methanex Egypt

• Annex A – Hazardous area apparatus selection, installation, inspection,

maintenance, and testing.
• Annex B – How to Read ATEX and IECEx Markings of Electrical Equipment
for Hazardous Areas.
• Annex C – Classes, Groups, Divisions, and Zones Concepts.
• Annex D – The Auto-Ignition Temperature (AIT) and the Temperature
Class (T Class).
• Annex E – Zones Versus Grade of Release.

For annexes details, please refer to HAZARDOUS AREA CLASSIFICATION

(HAC) GUIDELINE - EGPC-PSM-GL-014 on the PSM EGYPT website.

136
Layers Of Protection Analysis (LOPA)
Guideline
EGPC-PSM-GL-015

137
Overview
This snapshot displays an overview of the layer of protection analysis guideline,
which focuses on the following:
- LOPA Overview
- LOPA Methodology
- Timing and Software
- Roles and Responsibilities
- Input/Output Documentation
- LOPA Values/Templates
Introduction
A layer of Protection Analysis (LOPA) is a semi-quantitative tool for analyzing
and assessing risk. LOPA typically uses the order of magnitude categories
for initiating event frequency, consequence severity, and the likelihood
of failure of independent protection layers (IPLs) to approximate the risk
of a scenario. It is an analysis tool that typically builds on the information
developed during a qualitative process hazard analysis, such as Hazards
and Operability studies (HAZOP).
Like many other hazard analysis methods, the primary purpose of LOPA is
to determine if there are sufficient layers of protection against an accident
scenario (can the risk be tolerated?). A scenario may require one or many
protection layers depending on the process complexity and potential
severity of a consequence. Note that for a given scenario, only one Layer
must work successfully to prevent the consequence. However, since no
layer is perfectly effective, sufficient protection layers must be provided to
render the risk of the accident tolerable.
LOPA provides a consistent basis for judging whether there are sufficient
independent protection layers (IPLs) to control the risk of an accident
in a given scenario. If the estimated risk of a scenario is not acceptable,
additional IPLs may be added. Alternatives encompassing inherently safer
design can be evaluated as well. LOPA does not suggest which IPLs to add
or which design to choose, but it assists in judging alternatives for risk
mitigation. LOPA is not a fully quantitative risk assessment approach but
a simplified method for assessing the value of protection layers for a well-
defined accident scenario.
138
Purpose
This guideline provides guidance for conducting layers of protection
analysis (LOPA) studies for new and existing facilities within the Egyptian
General Petroleum Corporation (EGPC) and Oil and Gas Holding
Companies, including the Egyptian Natural Gas Holding Company
(EGAS), the Egyptian Petrochemical Holding Company (ECHEM), and the
South Valley Petroleum Holding Company (GANOPE) covering all their
operational subsidiaries, state-owned companies, affiliates, and joint
ventures.
This guideline generally describes the requirements for LOPA
implementation, including LOPA timing, advantages and limitations,
and roles and responsibilities. Besides, the required documentation to
apply effective LOPA and develop a comprehensive report and follow-
up procedures were addressed. Then, a detailed LOPA examination
methodology is explained, starting with selecting the hazardous event
scenario developed in HAZOP until the LOPA study's final recommendations
are reached. The appendices contain useful data to estimate the initial
event frequency and the independent protection layers' probability of
failure on demand (PFD).
LOPA Overview
LOPA is a method for evaluating the effectiveness of protection layers in
reducing the frequency and consequence severity of hazardous events.
LOPA provides specific criteria and restrictions for evaluating IPLs, reducing
the subjectivity of qualitative methods.
LOPA can be used to determine the target SIL for a SIF, but that is just one
outcome of LOPA. LOPA also evaluates whether a protection layer can be
considered independent and can determine the performance required for
non-SIS independent layers of protection.
The advantages of conducting LOPA study for new and existing facilities
include the following:
• LOPA requires less time than quantitative risk analysis. This benefit
applies particularly to scenarios that are too complex for qualitative risk
assessment.
• LOPA is effective in resolving disagreements related to risk.
• LOPA facilitates the determination of more precise cause–consequence
pairs and improves scenario identification.
• LOPA determines whether SIS or alternative means of protection are
required and associated SIL if SIS is chosen. 8. Community Emergency Response

• LOPA conforms to industry standards, i.e., ISA S84.01, IEC 61508, and IEC
7. Local Emergency Response
61511.

• LOPA facilitates the analysis of protective layers addressing health 6. Passive Protection

and safety and environment and may also be applied to risks due to
equipment damage and business value lost. 5. Active Protection

• If the same approach is used throughout the company, LOPA provides a

means of comparing risk from unit to unit or plant to plant. 4. Safety Instrumented System

• LOPA provides more defensible comparative risk judgments than

qualitative methods due to the more rigorous documentation and the
3. Alarm Manual Intervention
specific values assigned to the frequency and consequence aspects
of the scenario.
2.(BPCS) Basic Process

• LOPA can help an organization decide if the risk is" As Low as Reasonably Control System

Practicable" (ALARP), which may also meet specific regulatory

requirements. 1.Process Design

• LOPA helps identify operations and practices previously thought to

have sufficient safeguards. Still, on more detailed analysis (facilitated by
LOPA), the safeguards do not mitigate the risk to a tolerable level.

• Information from LOPA helps an organization decide which safeguards

to focus on during operation, maintenance, and related training. For in-
stance, many companies focus their inspection, test, and preventive
maintenance activities on the IPLs identified during LOPA; these com-
panies often decide to run the remaining safeguards (those not identi-
fied as IPLs) to failure or subject them to a less rigorous test and main-
tenance schedules. Therefore, LOPA is a tool for implementing a wise
PSM mechanical integrity or risk-based maintenance system, and it aids
in identifying "safety critical" features and tasks.
LOPA Methodology
LOPA methodology could be summarized as the following:
1. List the hazardous events and consequences of each scenario identified
in the HAZOP or from any other reliable source. Identify and evaluate the
consequences of each scenario.
2. Determine the Target Mitigated Event Likelihood (TMEL) for each category
of consequences (i.e., health & safety, environment, and business).
3. Identify the initiating events for each scenario and the frequency of each
initiating event.
4. Identify the independent protection layers (IPLs) and probability of failure
on demand (PFD) for each scenario.
5. Identify the enabling conditions and conditional modifiers probabilities for
each scenario.
6. Determine the Intermediate Event Likelihood (IEL).
7. Determine if other IPLs are required by evaluating the IEL against the TMEL
for each category.
8. In case IEL is higher than the TMEL, an additional independent protection
layer shall be added, PFD (for the additional IPL) = TMEL/IEL

139
 LOPA Team
Select hazardous
YES
LOPA analysis requires multi-disciplinary teamwork. The LOPA workshop
scenarios for LOPA Is the
IEL < TMEL? normally includes the following:

NO
• LOPA Study Coordinator.
Identify the initiating
causes of hazardous YES • LOPA Study Leader.
scenario and estimate the
initiating cause frequency Recommend Is there an ISD
ISD option option? • Scribe.

• Projects Rep.
NO
Determine the scenario
consequence level.
• Operations Rep.
Determine the TMELs for
YES
the hazardous scenario. Is there an • Safety Rep.
existing SIS?

• Maintenance/Inspection.
NO

Is the initiating
event frequency below
the TMELs?
Use TMEL/IEL to
Recommended additional LOPA Documentation
protection layers, non SIS
determine PFD for SIL, EIC
or SIS, with PFD to
and FIL for existing SIS
make IEL < TML Required Documentation
NO
The last version of the following documents should be available before the
List the IPLs that can start of the LOPA study:
mitigate listed initiating
causes, Assess the IPL
type and IPL integrity • Cause and effect chart.

Go to next • HAZOP worksheets with a clear and complete definition of hazard

scenario
scenarios, their consequence, and safeguards, including the layers of
protection.
LOPA Methodology Flow Chart
• Complete set of P&IDs.

LOPA Timing • Plot plan and Equipment layouts.

• LOPA should be conducted with or immediately after the HAZOP for all • The clear and complete definition of instrumented systems and their
major events identified in the detailed engineering phase and for iden- interrelationships.
tified and proposed Safety Instrumented Functions (SIFs) during the
• SIL ratings that have been previously determined for existing SISs.
HAZOP [1].
• SRS for existing SIS (if the SIF already exists).
• LOPA could be carried out at an earlier phase (e.g., basic engineering), as
identifying the SIS needs at this stage will lead to more satisfactory and • PSV design data.
effective design work.
• Vessel/Equipment design data.
• LOPA could be conducted as a part of a general review (revalidation) of
• F&G Detection Layouts.
risk studies.
• Operating and Control Procedures.
• LOPA could be conducted to manage change for modifications to an ex-
isting facility. • Equipment Datasheets.

140
• Instrument and Control Philosophy. List of Annexes
• Flare load summary/Relief and Blowdown summary providing all • Annex A – Initiating Events Frequencies.
overpressure scenarios. • Annex B – Independent Protection Layers PFD Data.

• Basic Process Control Systems, ESD systems, and interlock • Annex C – Enabling Conditions and Conditional Modifiers.

information. • Annex D – LOPA Worksheet Sample.

• Relevant Safety Study Reports include ENVID, HAZID, FERA/QRA, etc. For annexes details, please refer to LAYERS OF PROTECTION ANALYSIS
(LOPA) GUIDELINE - EGPC-PSM-GL-015 on the PSM EGYPT website.
LOPA Report

A LOPA report shall include the following:

Prepared by:
1. Main report
Mohamed Mesbah
a. Principal recipient of the report. Operations Department Head - Khalda Petroleum Company
b. Executive summary.
c. Scope of the study. Ahmed Mostafa
d. Process or system description and design intent. Operations Section Head
e. Identification of numerical values used in their sources and any Egyptian Linear Alkyl Benzene Company (ELAB)
assumptions made.
f. LOPA Team members and their roles. Technical Consultant:
g. Recommendations summary. Amr Fathy Moawad Hassan
h. References (list of documentation and drawings used). PSM Senior Consultant at Methanex Egypt
i. Distribution list.

2. Appendices

a. List of attendees.
b. Assumptions.
c. LOPA Log sheets.
d. List of recommendations from the study.

141
 The Halifax Explosion - Nova Scotia,
Canada. Thursday, December 6, 1917.
Collision explosion. 1,782 deaths,
and 9,000 injuries.

142
Fire & Gas Mapping Guideline
EGPC-PSM-GL-017

143
 • Area grading rules (if applicable) that define the performance criteria
Overview
based on different assessed risk categories.
This snapshot displays an overview of the fire and gas mapping guideline,
• Appropriate applied technologies for the environment and the hazard.
which focuses on the following:
• Set points and voting requirements for detectors.

- Introduction and Purpose The objective of the fire detection system is to detect fire as early as practical
in order to reduce the possibility of escalation, minimize the impact of the
- Fire and Gas (F&G) Philosophy
asset, and allow personnel to take appropriate protective actions.
- Detection Technology

- F&G Mapping Methods Detection technology

For all types of detection, the detector technology selected needs to be

Introduction suitable for the hazard types which might be present in the particular
location, e.g.:
Fire and gas mapping is a process by which flame or gas detection layout
is determined. This could include a combination of prescriptive adherence • If there is a risk of a unique fuel (i.e., hydrogen), it is important to be aware

to facility philosophies, detection engineering knowledge, experience, and of the fire detector types and capabilities; and

software modeling tools. • Certain flammable vapors, such as benzene, are not detected by the
standard infrared line of site (IR LOS) detection.

Purpose Interoperability between the device and system could have an impact on
device selection. This should be taken into account as early as possible
This document provides a guideline on the placement of permanently
in the design philosophy. If this information is not available, conservative
installed fire and gas detectors, including coverage and technology
assumptions should be made with respect to coverage and updated as the
selection. It provides guidance on the most commonly used methods of
project evolves.
mapping: prescriptive, volumetric-based, and scenario-based.
Fire Detection
The scope covers the permanently installed detection systems, including
optical flame detection (including ultraviolet, infrared, and imaging/visual), The main fire detection technologies in general industrial use are:
flammable gas/vapor detection, and toxic gas detection.
• Optical flame detection.

• Heat detection.
Fire and Gas (F&G) Philosophy
• Smoke detection.
For new projects or physical changes in facilities, and in order to assure
Flammable Gas Detection
the consistency of installation of the F&G detection system, a fire and gas
philosophy should be in place. The main flammable gas detection technologies in general industrial use
are:
The fire and gas detection philosophy should include the following:
• Infrared (IR) point.
• The metrics to use to assess the system, e.g., percentage coverage,
target fire size, the gas cloud of a certain size, gas cloud/fire that could • Line of sight (open path).
lead to escalation of a certain frequency of occurrence.

• The mapping zones, including the methodology used to define them.

144
Toxic Gas Detection
The main toxic gas detectors in general industrial use are:
• Electrochemical sensors.
• Semiconductor sensors.
• Ultrasonic (acoustic) gas leak detectors.
F&G Mapping Methods
Three different mapping methods are available:
a. Prescriptive method.
b. Volumetric-based (geographic) method.
c. Scenario-based method.
Prescriptive methods are the most simplistic, with the level of complexity
and effort increasing progressively towards the employment of scenario-
based methods. The mapping methods can be considered analogous to
qualitative (prescriptive), semi-quantitative (volumetric-based), and fully
quantitative (scenario-based method) methods applied to risk assessment.
The concept of proportionality should be applied, with the methodology
chosen to be appropriate to the level of risk.
It is possible to use a two-stage approach whereby a conservative (high
detector number) prescriptive-based method is used early in the design,
and then the design is optimized by using more detailed techniques (such
as volumetric or scenario-based).
The Prescriptive Method
Prescriptive detection mapping refers to the use of qualitative evaluation
and judgment-based placement in the locating of fire and gas detectors.
Examples include:
a. A proven design that is reused for similar applications.
b. Ruleset-based approach, e.g., detectors at a spacing of X m.
c. For open facilities with minimal obstruction to the field of view, it
might be sufficient to place detectors at the extremities of the area
where fires could exist, taking into account the detector range.
d. Evaluation of influencing factors and detectors placed at locations
where gas is likely to accumulate; this is most appropriate for
applications that do not contain many potential leak sources and
releases likely to behave in a predictable manner, e.g., no areas of
recirculation.
Software modeling tools and metrics (e.g., fire size/target gas cloud size/
percentage coverage) are not required when applying the prescriptive
approach; compliance can often be checked using a checkbox-type
approach against the ruleset that has been employed.
The Volumetric-based (Geographic) Method
Volumetric-based mapping assesses the capability of a system to detect
a fire or a flammable/toxic cloud of a certain size and presents the results
in terms of the coverage of a given volume. The size of a fire can be based
on different methods, including effective viewing distance to the flame of
specified size or RHO of a fire. At the same time, the size of a flammable/
toxic gas cloud size can be based on the cloud size that is assumed to be of
uniform concentration shape.
Volumetric-based mapping is performed using software packages that
verify the coverage achieved by the system.
The advantages of volumetric-based fire and gas
mapping include the following:
a. 3D model can be applied for visualization purposes.
b. No modeling of specific scenarios is required.
c. The analysis is relatively quick.
d. Consistent designs.
e. Easily audited.
f. Coverage can be validated against certified detection capability.
g. It is less subjective than scenario-based type approaches.
h. Change management is easily incorporated (i.e., the detailed analysis
does not need to be rerun as a result of minor alterations in the process
area).
The disadvantages of volumetric-based mapping
include the following:
a. Results can be influenced by the size of the volume assessed, i.e., the
designer can expand the graded volume into open space to increase the
resulting percentage coverage achieved.
b. No clear way of determining where the graded volume should extend to.
c. Subjective features of analysis are increased by comparison to
prescriptive, i.e., various cloud sizes, coverage adequacy interpretation,
etc.
d. Normally shows a higher number of required detectors to achieve the
required coverage percentage than the scenario-based method.
145
The Scenario-based Method The disadvantages of scenario-based
mapping include the following:
Scenario-based mapping requires information specific to the process and
is analogous to the approach taken in a QRA, i.e.; It considers both the a. Dependent on the specifics of the design; if the design changes, an
frequency and consequence of quantifying risk. analysis might have to be rerun.
b. It can be dependent on the number of scenarios considered.
Scenario-based method mapping models individual scenarios using a
c. More time-consuming than volumetric-based mapping.
range of different parameters, such as:
d. Minor changes in the area (i.e., the addition of scaffolding/ temporary
a. Release location. habitat) can affect the gas detection design.
b. Release direction. e. Detectors can be recommended in areas where no explosion hazard
c. Wind speed and direction. exists when based solely on gas migration behavior.
d. Hole size.

The dispersion analysis also gives more detailed information on each
scenario modeled, such as:
a. Time of detection.
b. Cloud size versus time.
c. Number of gas detectors that alarm for a given scenario highlighting
redundancy in a system, e.g., this information could be used to justify
continued operation if a given detector is in a fault condition.
The advantages of scenario-based mapping
include the following:
List of Annexes
• Annex A – Examples of flammable gas detection mapping.
• Annex B – Examples of gas detection mapping.
For annexes details, please refer to FIRE & GAS MAPPING GUIDELINE -
EGPC-PSM-GL-017 on the PSM EGYPT website.
Prepared by:
Mohamed Mesbah
Operations Department Head - Khalda Petroleum Company

a. 3D model can be applied for visualization purposes.

b. If dispersion analysis has been conducted, this can be used directly Technical Consultant:

to account for different set points of detectors as the concentration Amr Fathy Moawad Hassan

in 3D space is calculated, i.e., judgment is not required in terms of the PSM Senior Consultant at Methanex Egypt

difference in the size of a cloud at low and high set points.

c. More thorough consideration of different release scenarios through
consideration of specific release conditions, including wind direction,
release orientation, gas release rate, etc.
d. Normally shows a lower number of required detectors to achieve the
required coverage percentage than the scenario-based method.

146
Alarm Management Guideline
EGPC-PSM-GL-019

147
Overview
This snapshot showcases an overview of the principles and methodology
that comprise the EGPC-PSM-GL-019 guideline, which will focus on the
following:
- Introduction, Background, and Definitions
- Alarm Management Lifecycle
- Criteria for Effective Alarm Management System
- Alarm System Problems
Introduction
It is important to start the introduction with the statement by Lucius
Annaeus Seneca: “There are more things to alarm us than to harm us, and
we suffer more often in apprehension than reality.” This statement puts
the base of the alarm system, which is how it anticipates the undesired
events or situations and draws the attention of people to them before the
worst happens, and the real loss occurs.
The industry history, especially in oil and gas, has a big record of incidents
and accidents where the poor alarm management system was the causal
cause of the incident or accident.
The guideline discusses the characteristics and different criteria for
getting an effective alarm management system with the consideration of
human limitations.
Objectives and Scope
The objective of this guideline is to give guidance on the principles and
requirements for developing, operating, and maintaining an effective alarm
management system. The target of having an effective alarm management
system is to enhance and improve the reliability and integrity of one of the
critical layers of protection (Alarm and Operator Response) during the
occurrence of a process fault or the presence of undesirable conditions.
The scope of this guideline includes Alarm systems for Greenfield,
Brownfield, and Extensions or Modifications of an existing plant. This
guideline covers facilities such as oil & gas plants, refineries, petrochemical,
chemical plants, and fuel or chemical storage sites where hazardous
materials are stored, handled, or processed.
148
Alarm And Alarm Management
Definitions
The primary function of an alarm is to alert the operator to take timely
action(s) and avoid undesirable conditions and events. Although there are
different definitions for alarm and alarm management, most of them are
consistent.
The first definition comes from ISA-18.2, which defines an alarm as “an
audible and/or visible means of indicating to the operator an equipment
malfunction, process deviation, or abnormal condition requiring a
response.”
API RP 1167 gives a similar definition for alarm as “visible and/or audible
means of indicating to the controller an equipment malfunction, an
analog or accumulation process deviation, or other condition requiring a
controller’s response.”
Indeed, IEC 62682 add the word “timely” to the ISA-18.2 definition to be as
follows “An audible and/or visible means of indicating to the operator an
equipment malfunction, process deviation, or abnormal condition requiring
a timely response.”
Alarm management can be defined per API RP 1167 as “process and
practices for determining, documenting, designing, operating, monitoring,
and maintaining alarm systems.” The same definition was found in IEC 62682
and in ISA-18.2, “collection of processes and practices for determining,
documenting, designing, operating, monitoring, and maintaining alarm
systems.”
Alarm Management Lifecycle
Alarm management is a collection of processes and practices that ensure
an effective alarm system. This can be achieved by ensuring well designed,
implemented, operated, and maintained alarm system. Before going
through the discussion of the criteria for effective alarm management
system design and operation, it is important to highlight the global view
of the alarm management lifecycle model firstly. The alarm management
lifecycle covers alarm system specifications, design, implementation,
operation, monitoring, maintenance, and change activities from initial
conceptions.
The target of this model is to identify in a structured way the requirements
and responsibilities for implementing an alarm management system. The
following figure illustrates ISA 18.2 alarm management lifecycle model. This
lifecycle model is applicable for both new alarm systems installation and
managing an existing system.
A J
Philosophy
B I
Identification
C
Rationalisation
Management
D of change
Detailed Design Audit
E
Implementation
F H
Operation
Monitoring
G & Assessment
Maintenence
Alarm Philosophy: This is the basic planning step before designing any
new alarm system or modifying an existing one. This step documents the
objectives of the alarm system and the process to achieve them. The alarm
philosophy is a reflection of operations and maintenance work processes,
and it serves as the base for Alarm System Requirements Specifications
(ASRS). It also gives the criteria for alarm prioritization, definitions of alarm
classes, performance metrics, and reporting requirements.
Identification: Simply, it is the collection stage of the proposed alarm using
several methods, e.g., hazard analysis, safety requirements specifications,
good practices, incident recommendations, environmental permits, P&ID’s
development, or operating procedures. The information collected here will
be input for the alarm rationalization step.
Rationalization: It is the process of applying the requirements for the alarm
and generating supporting documents such as the alarm set point, the
consequence, and corrective action. Also, it includes alarm prioritization
and classification considering alarm philosophy.
Detailed Design: In this stage, additional alarm attributes are specified and
designed in light of the result of alarm rationalization. This design stage
includes basic alarm design, HMI design, and design of the advanced
alarming system.
Implementation: This stage includes the implementation of the alarm
system through the physical and logical installation as well as function
verification of the system. In addition, it also includes the training of
operators for the implemented alarm system.
Operation: In this stage, the alarm system is becoming handover to the
operator, and it becomes in service where it performs its intended function.
The stage also might include refreshment training for the alarm philosophy
and each alarm's purpose.
Maintenance: This stage is about periodical maintenance (including
testing of the instrumentation) in order to ensure that the alarm system
functions as designed.
Monitoring and Assessment: In this stage, the alarm system and each
individual alarm are continuously monitored against the performance goals
mentioned in the alarm philosophy. Monitoring and assessment of the
data from the operation stage may trigger maintenance work or identify
the need for modification to the alarm system or operating procedures.
Without this stage, the potential for the alarm system to degrade over time
is highly possible.
Management of Change: This stage is about the process for modification
of the alarm system and its approval cycle. This change process should
follow the normal alarm management lifecycle stages from identification
to implementation.
Audit: In this stage, a periodic review shall be done to ensure the
effectiveness of the alarm management process and maintain the integrity
of the alarm system.
Criteria for Effective Alarm
Management System
In general, there are key principles identified for any alarm system:
Every alarm should have a defined purpose. In general, the purpose of any
alarm system is to drive the operator's attention to certain plant conditions
that require a timely assessment and consequent actions.
149
Every alarm should have a defined response. Each alarm presented to the
operator should be useful and relevant. To achieve this, the designer should
ensure that every alarm has a defined response. In general, this response
should be an action, e.g., operating a standby pump, alerting a control set
point, repairing some failed part of the equipment, etc.
Adequate time should be allowed for the operator to carry out this
response. As discussed before, for each alarm, the operator response is
expected. This requires that adequate time should be given for the operator
to perform the required action.
In light of the above-mentioned principles for an effective alarm system,
it is easily inferred that “the alarm system should be explicitly designed
to take account of the human limitations.” Accordingly, an effective alarm
system needs to include the following:
Alarm
Advisory
Relevant
Diagnostic
Unique
Timely
Relevant
Understandable
Prioritized
Any alarm should be Relevant: This means that any alarm is not to be
spurious or of low operational value. Looking at this alarm characteristic, it
is important to mention that fall to develop a relevant alarm is the reason
behind a lot of incidents in the oil and gas industries.
Alarms should be Unique: This means that each alarm should not duplicate
another alarm.
The alarm should be Timely: As mentioned before, the purpose of an alarm
system is to direct the attention of the operator to the presence of a certain
condition that requires a timely assessment and actions.
Alarm Prioritization: This characteristic aims to indicate the importance
that the operator deals with. The purpose of this stage is a priority ranking
for the different alarms and hence assist the operator in dealing with the
different alarms in order of importance, especially during the high.
150
Understandable: This characteristic is about ensuring that each alarm
message is clear and easy to understand by the operator(s). All alarms
must be clean and unambiguous and shall be presented at the appropriate
time when the operator needs to take corrective action(s).
Diagnostic: This characteristic is about the ability of the system to easily
identify the problem(s) that has/have occurred. This is one of the core
abilities of the system to detect and analyze the event and then deliver the
right message to the operator to take suitable action on a timely basis.
Advisory: This characteristic is about how the alarm system helps in
indicating the required action for each type of alarm. The ability of the
system to detect and process the plant information and finally propose the
required actions is one of the characteristics that decides how much the
alarm system is properly designed.
Focused: This characteristic is very important, and it can be directly linked
to the prioritization principles with the general aim to draw the attention of
the operator to the most important issues, not to overload with low-priority
Focused
issues that can disturb the operator and affect its attention for a real case.
Alarm System Problems
Nuisance Alarms: Nuisance alarms indicate an abnormal condition
when none exists or when no change in process condition has occurred.
Nuisance alarms desensitize the operator, reducing the response to all
alarms. Instrument problems or alarms set within the normal operating
range often cause nuisance alarms.
Stale Alarms: Stale alarms remain in the alarm state even when no
abnormal condition exists, or no operator action is required. Stale alarms
form a baseline of alarms that require no action and train the operator to
ignore certain alarms.
Alarm Floods: Alarm floods refer to a temporary high rate of alarms, usually
associated with an event like a process upset. Alarm floods overwhelm the
operator, masking important alarms and reducing the operator’s ability to
respond to the upset appropriately. Configuring multiple alarms for a single
event is one of the main causes of alarm floods.
Alarm Clarity: Clarity of alarms relates to configuring the alarms and Prepared by:
training the operator to respond to the alarm. Alarm documentation Sayed Eid Sayed Khalil
generated during rationalization serves as input for training. Alarm clarity HSE Assistance General Manager - Agiba Petroleum Company
problems are a difficult thing to measure. Operator training can provide the
opportunity to identify clarity problems. Sometimes the problems can be Technical Consultant:
resolved with changes to the basic alarm configuration. Advanced alarm Amr Fathy Moawad Hassan
techniques are employed to produce fewer alarms with clear meaning. PSM Senior Consultant at Methanex Egypt

151
Safety Case

152
Safety Case Standard
EGPC-PSM-ST-002

153

Overview
- associated risks are properly identified and adequately controlled.
Introduction
- Purpose
- Safety Case Process Flowchart
- Notifications and Designations
- When is a Safety Case Report Required?
- The Safety Case Report and the Facility Life Cycle
- Greenfield Projects and Brownfield Modifications
- Safety Case report submission time
- Major Accident Prevention Policy (MAPP)
- Preparation of the Safety Case report
- Content of the Safety Case report
- Statement of Fitness
- Revision of Safety Case Report
- EGPC Review and Approval of Safety Case
Introduction
The Safety case report provides written documentation regarding the
technical and operational information about those Major Hazards and their
risks that may lead to a major accident at the Upper Tier Major Hazard Facility
(UTMHF), as well as methods with which to mitigate those hazards and
risks. In the safety case report, the UTMHF operator provides justification
for the measures the operator has taken and will take to ensure the safe
operation of the facility. The principal should be based on managing and
reducing the risk associated with the UTMHF down to broadly acceptable
levels or tolerable levels subject to risks being demonstrated to be As Low
As Reasonably Practicable (ALARP) as per risk tolerance criteria listed in
risk management standards.
The Safety Case approach is a systematic process for the identification,
evaluation, and documentation of Major Accident Hazards and the
associated risk level. It is a written document that helps to review and
154
demonstrate to top management, workforce, regulators, local population/
communities, shareholders, etc., that the Major Accident Hazards and
All operators of the oil, gas, and petrochemical major hazard facilities and
proposed major hazard facilities operated in Egypt shall notify EGPC of the
nature of their business and the quantities of the dangerous substances
present or likely to be present in their facility. Based on the notification,
EGPC will decide the type of facility and whether the Safety Case report
is required. Upper Tier Major Hazard Facilities shall develop a Safety Case
report; however, Lower Tier Major Hazard Facilities are not required to
develop a Safety Case report, although they are still required to develop a
Major Accident Prevention Policy (MAPP) and implement a Process Safety
Management (PSM) program.
The intent of the Safety Case report is to state your ‘case’ that the facility
will operate safely and meet the requirements of this Safety Case standard
so that EGPC is able to grant a license to operate the facility. A Safety
Case report does not guarantee that major accidents will not occur at
the facility. However, the Safety Case and robust management system
arrangements, alongside an open dialogue with EGPC, can form the basis
of safe operations.
Purpose
This standard aims to define the approach to demonstrate the control over
Major Accident Hazards for all major hazard facilities operated in Egypt
under the authority of the Ministry of Petroleum and Mineral Resources.
This standard is developed to help the operators of oil, gas, and
petrochemical facilities to decide the type of their facility, whether the
Safety Case report is required, and to define the Safety Case report
requirements. The Safety Case report is required for the following reasons:
• To demonstrate that the Major Accident Hazards and possible major
accident scenarios concerning the facility have been identified and that
the necessary measures have been taken to prevent such accidents and
to limit their consequences for human health and the environment.
• To demonstrate that adequate safety and reliability have been
considered in the design, construction, operation, and maintenance of
any facility and its infrastructure.
• To assure stakeholders that significant hazards are identified and Based on the notification, EGPC will then designate the facility and,
assessed to appropriate levels, residual risks are managed to As Low As accordingly, decide whether developing a Safety Case report is needed or
Reasonably Practicable (ALARP) levels. not. Notification will help to:

• To demonstrate that an internal emergency plan has been prepared,
including sufficient information to prepare an external emergency plan.
• To fulfill the EGPC requirement to be able to grant a license to operate
the facility.
• Allow EGPC to understand the type of activities carried out inside the
facility and the other activities in the area surrounding the facility and
hence the expected risk level.
• Confirm the quantities of specified dangerous substances present or
likely to be present at the facility.

Safety Case Process Flowchart • Support EGPC for the correct designation of the facility.

The Safety Case process comprises four main stages: The operator must send the notification to EGPC within a reasonable
period of time prior to the start of construction/start of operation of the
1. Notifying EGPC of the facility.
facility. The table following includes the timescales for the submission of
2. Designating the facility by EGPC.
notifications in various circumstances.
3. Developing the Safety Case report.
4. Reviewing the Safety Case by EGPC.

SCENARIO NOTIFICATION
Major Hazard Facility's Operator
sends Notification to EGPC - Major hazard facility - - Notification to be sent as
Existing. per EGPC scheduled
EGPC reviews the Notification
requirement.
and designates the Facility

- Major hazard facility - - Design notification to be

New construction or sent (during FEED).
first-time operation.
Upper-Tier Major Hazard LOWer-Tier Major
Drilling Rig
- Pre-Operation notification
Facility Hazard Facility
to be sent (Latest end
of detailed engineering).

Safety Case report
Required
Operator to Develop
Major Accident Prevention
Safety Case Report
No Safety Case report
Required
Operator to Develop
Policy (MAPP) and
PSM system
Accident Hazards scenarios
IADC HSE case report
Required - The facility moves to - Notification to be sent
another category due to an (Not less than one year)
Rig owner to Develop
IADC HSE Case and
increase/decrease in the before the date of
Bowties for the Major
number of dangerous increase/decrease.
substances.

Operator sends the IADC

Operator sends the Safety HSE Case report and - Drilling facility. - Notification is to be sent
Case report to EGPC for Bowties to EGPC for
Approval Acknowledgement (Not less than four months)
before starting the
drilling operation.
Notifications and Designations
- Major hazard facility - Notification to be sent
All operators of major hazard facilities and proposed major hazard facilities close or decommissions. (Not less than six months)
shall notify EGPC of the nature of their business and the quantities of in advance.
dangerous substances present or likely to be present in the facility.

155
The operator of the major hazard facility shall inform the holding company
(EGAS, ECHEM, or GANOPE) of the notification content. The notification
to EGPC must be given in the manner and form required by EGPC, and it
shall include the following information:
• A brief description of the primary business activity or activities at the
facility.
• Information about the operator.
• Sufficient information to identify the specified dangerous substances
present or (likely to be present) at the Facility.
• The calculated quantity and physical form (for example, solid, liquid, or
gas) of the specified dangerous substances.
• The contact details of a person with whom EGPC may communicate
concerning the information that is, or must be, contained in the
notification.
• The expected start date of the operation.
• Information about the land use and other activities in the area surrounding
the facility or proposed facility.
• Any other additional information that EGPC requires.
For the land use description part, the following should be considered:
• Describing, where available, details (such as name, address, and type of
business) of neighboring facilities and other sites which could initiate or
aggravate a major accident and domino effects, e.g., a scrapyard storing
tires near the boundary with a facility where flammable gas is stored.
• Describing elements of the surrounding environment that could
aggravate the consequences of a major accident. This should include
both built and natural environments, i.e., nearby housing, schools,
location close to a river or groundwater, etc.
After the notification is sent to EGPC, EGPC will assess the notification,
make a decision, and notify the operator of its decision regarding the
type of facility. EGPC could include any requirements or instructions the
operator shall comply with in its response to the operator. The decision
takes into consideration the nature of the facility and the quantity of
specified dangerous substances that are present or likely to be present.
156
In a period of not more than 45 days from receiving the notification, EGPC
will then designate the facility and notify the operator in writing that the
facility or proposed facility to which the notification relates is or will become
an Upper Tier Major Hazard Facility or a Lower Tier Major Hazard Facility.
The designated Upper Tier Major Hazard Facility shall develop a
Safety Case report, while the designated Lower Tier Major Hazard
Facility is not required to develop a Safety Case report. However, the
Lower Tier Major Hazard Facility is still required to develop a Major
Accident Prevention Policy (MAPP) and implement a Process Safety
Management (PSM) program. Holding companies (EGAS, ECHEM, or
GANOPE) will be notified of the Upper Tier Major Hazard Facilities so
that they can be aware of the designation of their affiliates and can
follow up with them on the development of the Safety Case report.
Although all drilling activities shall develop IADC HSE Cases and bowties
for MAH scenarios, the operator must still send a notification to EGPC
preceding the drilling operation.
EGPC may request further information about the facility. This can include
information about the use or proposed use of specified dangerous
substances and the physical condition of the facility. Supported by a written
justification, EGPC could decide to designate a Lower Tier Major Hazard
Facility as an Upper Tier Major Hazard Facility based on the following:
• The quantity or combination of specified dangerous substances present
or likely to be present at the facility.
• The type of activities within the facility involving the specified dangerous
substances.
• The land use and other activities in the area surrounding the facility.
Any other relevant matter.
Due to the highly challenging and remote environments with limited
resources to assist in a major accident event, all offshore installations are
designated Upper Tier Major Hazard Facilities regardless of the quantities
of the dangerous substances. If the operator submits a Safety Case report
or a revised Safety Case report before the submission of the notification,
he must still send a separate notification to EGPC.
For the purposes of carrying out the review and designation of the facility, Onshore Lower Tier Major Hazard Facilities
EGPC may require a site visit to the existing sites or may require the operator
Onshore facilities designated as Lower Tier Major Hazard Facilities are
to provide further information. The operator must reply to EGPC’s required
not required to develop Safety Case reports. However, developing Major
information within a period of not more than 14 days. EGPC may change a
Accident Prevention Policy (MAPP) and implementing a process safety
designation if, after consultation with the operator, EGPC is satisfied that
management system, including emergency response, is required.
the reasons for the designation or decision no longer apply.
The following table illustrates obligations imposed by the Safety Case
standard.
When is a Safety Case Report
Required? DUTIES UTMHF LTMHF DRILLING

Develop and submit notification to EGPC YES YES YES

Offshore Installations Prepare and implement MAPP YES YES NO

All offshore installations, whether manned or not and whether containing Prepare and submit Safety Case to EGPC YES NO NO

dangerous substances or not, shall develop a Safety Case report. Prepare and submit IADC HSE Case to EGPC NO NO YES

Prepare and submit drilling MAH bowtie to EGPC NO NO YES

Onshore Upper Tier Major Hazard Facilities

For all onshore facilities that are designated by EGPC as Upper Tier Major The Safety Case Report and the
Hazard Facilities, the operators of those facilities shall develop a Safety
Facility Life Cycle
Case report.
Design Safety Case
Pipelines
The facility shall develop a Design Safety Case at the latest end of FEED and
A major accident hazard pipeline is considered a major hazard facility and
send it to EGPC only for a quick completeness check and acknowledgment.
is subjected to the same process to identify the need for the Safety Case.
EGPC could indicate any matters that may create difficulties with
If the pipeline is designated as an Upper Tier Major Hazard Facility, the
accepting the operation Safety Case if those matters are not considered in
operator of the pipeline shall develop a Safety Case report.
the detailed design or the construction or commissioning stages.
Drilling Rigs The purpose of the Design Safety Case is to:
For both onshore and offshore drilling activities, the rig owner is responsible
• Define the options considered as part of the Evaluation/Concept
for developing an IADC HSE Case in accordance with the requirements of
selection phase and justification for the selected option.
the International Association of Drilling Contractors (IADC). The operator
shall approve the IADC HSE Case developed by the rig owner and send it • Define the design performance standards of the Safety Critical Elements

to EGPC for an acknowledgment before the commencement of the drilling that shall be achieved and maintained during the design, construction,

activities. and commissioning of the Facility.

If the facility where the drilling activity will be carried out is not required to • Demonstrate that the risks from Major Accident Hazards have been

develop a Safety Case report, then the operator shall, in conjunction with actively and systematically reduced to ALARP, and the facility is designed

the rig owner, conduct a HAZID workshop to identify the hazards associated for HSE & Integrity.

with the drilling operation. Following the HAZID, bowties shall be developed
Operations Safety Case
for the MAH scenarios to ensure meeting the barrier adequacy criteria and
further ALARP demonstration. In addition to the IADC HSE Case, MAH The Operations Safety Case shall be developed before the startup of the

Bowties shall be sent to EGPC for acknowledgment before the start of the facility and be submitted to EGPC for review and approval so that EGPC is

drilling activities. able to grant a license to operate the facility.

157
The purpose of the Operation Safety Case is to:
• Demonstrate how the Major Accident Hazards are managed during
operations to ensure that the risks are tolerable and ALARP.
• Define the operations performance standards of the Safety Critical
Elements that shall be achieved and maintained during the operation
phase, including maintenance, inspection, and testing of the SCEs.
• Define the Safety Critical Tasks with the corresponding HSE Critical
positions and enable them to effectively and safely manage the day-to-
day operations/activities and associated hazards.
• Describe how the relevant management systems (e.g., integrity,
maintenance, competence, MOC, PTW) implement the requirements of
the performance standard and the Safety Critical Tasks, including the
management of SCEs to continuously meet operations performance
standards.
• Demonstrate that an internal emergency plan has been prepared, which
includes sufficient information to enable an external emergency plan to
be prepared. Figure 4 shows the link between design and Operations
Safety Cases.
If the Greenfield project/Brownfield modification alone is sufficient to
designate the facility as an upper-tier major hazard facility, then a Design
Safety Case should be developed during FEED. Following the Design Safety
Case, the Operations Safety Case shall be developed/updated for the
whole facility and be submitted to EGPC before the startup of the project/
modification.
The following figure shows the decision tree for dealing with Greenfield
projects and brownfield modifications with major accident potential.
Safety Case report submission time
The defined submission period is to give EGPC sufficient time to properly
assess the Safety Case and resolve any issues with the operator. For some
fast-track developments, it may be difficult to provide this defined period
notice. If so, EGPC has the power to reduce the timescale for submission,
particularly for smaller and fewer complex installations, where the earlier
Design Safety Case did not give rise to significant concerns. Operators
should contact EGPC as soon as they identify a possible need to ask EGPC
to specify a shorter period.
EGPC also may extend the time within which the operator must give EGPC
a completed Safety Case/ IADC HSE Case if:

Greenfield Project/Brownfield
a. The operator applies in writing to EGPC for an extension of time, and
modification (With MAH Potential)
within the facility boundary
b. EGPC is satisfied that there has been insufficient time to comply with
the Safety Case/IADC HSE Case requirement.
The proposed modification/project brings
No
significant change to existing facility risk
The following table shows the timescale for the submission of the Safety
profiles or change the facility tier

Case/IADC HSE Case to EGPC

Yes

Operator to send
a Notification to EGPC

Operator to develop design safety

Yes
case for the project/modification
The Project/ modification alone
and send it to EGPC only for
designate the facility as Upper Tier?
acknowledgement

No Yes

Yes EGPC decides the need for

Facility type is upgraded following
Design Safety Case for the new
the new project to be an Upper Tier?
Project/ modification

No No

No Notification nor Operator to develop/update the

No operations safety case required
Safety Case required facility's operations safety case

158
 REASON FOR DEVELOPING THE SAFETY CASE REPORT
- Designated Upper Tier Major Hazard Facility -
Proposed construction
- Designated Upper Tier Major Hazard Facility - Existing
- Drilling Facility
- Existing onshore Lower Tier Major Hazard Facility chooses
to increase its inventory of dangerous substances
to meet the Upper Tier threshold limits
Major Accident Prevention Policy (MAPP)
Major Accident Prevention Policy (MAPP) is required for the whole major
hazard facilities, either upper tier or lower tier. For upper-tier major hazard
facilities, MAPP must be included as a separate document in the Safety
Case report under the process safety management section.
The MAPP is a key document. Its purpose is to provide a statement of the
senior management’s commitment to achieving high standards of major
hazard control. A MAPP must be in writing and should include the facility’s
overall aims and principles of action about the control of major accident
hazards, preventing the occurrence of major accidents, and limiting
their consequences to people and the environment at or near the facility
by appropriate means, structures, and management systems. A MAPP
document must:
a. Be designed to ensure a high level of protection of human health and the
environment.
b. Be proportionate to the Major Accident Hazards.
c. Set out the operator’s overall aims and principles of action.
d. Set out the role and responsibility of management and its commitment
to continuously improving the control of Major Accident Hazards.
TIME TO SUBMIT SAFETY CASE REPORT TO EGPC
- Design Safety Case report (Latest end of FEED)
Operations Safety Case report
(6 months before the startup of the operation)
- Operations Safety Case report (not later than one year
after being designated from EGPC)
- IADC HSE Case reference to IADC requirement and
drilling MAH bowties (Not less than two months)
before starting the drilling operation
- Operations Safety Case report
(6 months before the start of operation)
Preparation of the Safety Case Report
The Safety Case report is site-specific, so operators with more than one
site cannot submit one Safety Case report to cover them all. In some
cases, and upon approval from EGPC, a single Safety Case report may be
developed for a group of facilities, e.g., a major accident hazard pipeline
connected to an Upper Tier Major Hazard Facility, a production platform
connected to satellite platforms that are normally unattended. However,
the detailed description, including the assessment of risks, MAHs, bowties,
SCEs, and Performance Standards, shall be specified for each facility.
The Safety Case must be a stand-alone document that is sufficient to meet
the contents and the required level of detail without the need to refer to
other documents external to the Safety Case. It is not required to provide
extensive detail when it is possible to refer to other reports or studies
already prepared. Reference documents are a useful way of supporting
arguments but are not a substitute for the demonstrations required in the
Safety Case.
The operator of the facility must demonstrate to EGPC that in the
development or revision of the Safety Case for the facility, there has been
effective consultation with and participation of members of the workforce.
The operator must implement the MAPP by establishing a PSM system
that satisfies the requirements specified in the PSM program standard
EGPC-PSM-ST-003.
159

Content of the Safety Case report
Executive Summary
The executive summary is intended to provide a succinct summary of the
essential features of the Safety Case report, in particular, the conclusions
and recommendations section of the document. It should be no longer
than two pages as it is intended to provide a rapid digest for the reader to
decide whether to read in more depth. It should briefly describe the asset
in outline and set down the intent of the Safety Case report. It should then
summarize the control of major accident hazards (MAHs) with less detail
aiming to capture the essential message of the results. It should outline any
actions for further studies and why these do not prejudice the justification
for continued safe operation.
Introduction
The main function of the Introduction section is to provide an overview
of the objective of the Safety Case and how the parts of the document
logically lead to the endpoint, demonstrating the ALARP and justification of
continued safe operation. As there is often considerable detail and length
in the Safety Case, such as the approach, it will allow the “bigger picture” to
be retained, and the reader progresses through the document.
General description of the Facility
General description
The purpose of this part of the Safety Case is to provide a wide range of
readers with a sound understanding of the facility, its intent, design, and
operational aspects, in addition to the equipment and operations which are
expected to be functioning during an emergency. This section will also allow
EGPC to understand and evaluate the identification and control of major
accidents at the facility. The amount of description required will depend
on the degree of complexity of the facility. For example, an unmanned
facility requires a simple account, whereas an oil and gas terminal with
an importing and exporting facility would require sufficient explanation to
enable the critical aspects of its operation to be understood.
160
Concept selection
This section is intended only for the Design Safety Case to compare
the principal features of the design with alternative designs considered
to demonstrate that the preferred option will reduce risks to as low as
reasonably practicable. Reference should be made to safety factors
incorporated in the design and to relevant codes of practice.
Formal Safety Assessment
Formal Safety Studies
This section summarizes the formal safety studies carried out for the
facility and their closeout status. This section should cover different
studies, such as HAZOP and LOPA studies. It should demonstrate that the
degree of detail of the analysis is proportionate to the level of complexity
of the facility, the nature of the hazards, and the possible consequences.
MAH scenarios and Barrier Management
This section is aimed to demonstrate that all potential MAH scenarios are
identified, critical barriers are selected, and the performance criteria for
the barriers have been defined. This also includes how the facility ensures
the suitability of the barriers, either initial suitability or ongoing suitability.
This section shall cover the following points:
• A summary of the HAZID study undertaken to identify all potential MAHs
and a list of MAH scenarios.
• A summary of the MAH bowtie diagrams demonstrating the barriers'
adequacy and detailing the health status of the barriers.
• A summary of the SCE performance standards and detailing how the
performance standard is implemented.
• Detail how the facility conducts verification of the SCE design,
installation, commissioning, and ongoing suitability throughout the
facility life cycle.
• A summary of the safety-critical tasks and the HSE Critical Positions
for the operations phase only.
• Detailing how the facility, in the operations phase, manages SCE
impairment (SCE does not fully meet, or may not fully meet, one or more
of its performance standard criteria).
MAH scenarios that shall be considered in the Safety Case are as follow:
• The onshore Safety Case shall focus the attention only on ‘Process-
related Major Accident Hazards’ that involve a release of one or
more dangerous substances included in Annex A and excludes 'non-
process-related Major Accident Hazards' which have possibly severe
or catastrophic consequences. The operator of the onshore Upper Tier
Major Hazard Facility has the option to consider the non-process MAH
scenarios if needed.
• Offshore Safety Cases shall consider all Major Accident Hazards, either
process-related or non-process-related.
• In the case of combined operations, MAH scenarios that are generated
because of the combined operations shall be considered.
• MAH scenarios that developed because of domino effects shall be
considered.
Quantitative Risk Assessment
This section shall summarize the outcome of the QRA study, including the
individual and societal risk figures against the corporate risk acceptance
criteria. This section shall also include the impact on critical equipment and
locations, i.e., muster points, control room, fire pump station, etc. MAH
Scenarios developed from the nearby facilities and have an impact on the
existing facility shall be considered and evaluated.
Manual of Permitted Operations (MOPO)
A MOPO is required to be developed as part of the Operations Safety
Case. This section shall detail how the MOPO is used and how the facility is
managing deviations from MOPO.
Process Safety Management (PSM) System
The operator needs to show that an effective process safety management
system is established and maintained to control and manage major
accident hazards and limit their consequences. The PSM system summary
should provide a general overview of the PSM program implemented in
compliance with EGPC Process Safety Management System Program
Standard EGPC-PSM-ST-003.
The summary should cover the four PSM pillars and respective sub-PSM
elements listed in the standards and include sufficient evidence to show
and support that an appropriate PSM system is in place.
Emergency Response Plan
A summary of the emergency response plans must form part of the
Safety Case report though the ERP is prepared as a separate document
to facilitate use. This is to demonstrate that an effective emergency
response plan is in place against all the identified major accident hazards.
The response plans should be related and preferably cross-referenced to
the major accident hazards (in particular, the representative set of MAHs)
described elsewhere in the Safety Case.
ALARP Demonstration
As part of the ALARP demonstration, a risk reduction workshop shall be
conducted to present the recommended risk reduction measures (RRM)
identified during the safety studies required for developing the Safety
Case, e.g., MAH bowties, QRA, and assess the implementation of those
risk reduction measures. In some cases, cost-benefit analysis (CBA)
for potential risk reduction measures shall be presented; potential risk
reduction measures that are rejected shall be recorded with a justification
for the rejection.
The output from the risk reduction workshop and CBA calculations shall
be briefly documented in the ALARP demonstration section, inclusive of
the justification for the selection and rejection of all identified potential risk
reduction measures.
Improvement Action Plan
This part of the Safety Case provides a plan to resolve any outstanding
actions, improvements, or shortfalls identified at the time the Safety Case
was prepared and thereby improve the overall safety management system
of the facility.
Appendixes
Appendix section of the Safety Case report shall include the following:
a. Hazard and Effect Register.
b. MAH bowties.
c. List of SCEs with their owner.
d. SCE’s Performance Standards.
e. Safety Critical Tasks and HSE Critical Positions.
f. MOPO matrix.
161
The below table presents the typical content of design and Operations
Statement of Fitness
Safety Case reports.
The operator of the facility, the most senior position, shall sign and date a
statement confirming that:
TYPE TYPICAL CONTENT NOTES
• The information in the Safety Case is accurate and up to date.
Design Safety 1. Executive Summary The following points are not
Case • The controls to be implemented will eliminate or minimize the risk of a
2. Introduction included in the Design Safety
3. General Description of the Case: major accident occurring to the extent that is reasonably practicable.
Facility • Emergency Response Plan.
4. Formal Safety Assessment • Process Safety Management
• The barriers required to manage Major Accident Hazards are identified,
5. ALARP Demonstration systems.
6. Action Plan • MOPO matrix. and performance standards of Safety Critical Elements are developed.
7. Appendixes • Safety-Critical Tasks.
a. Hazard and Effect Register. • All people involved in implementing the management system have
b. MAH bowties. - Closeout reports status for the
c. List of SCEs with their owner. process safety studies shall be
the knowledge and skills necessary to carry out their roles safely and
d. SCE’s design Performance included under the formal competently.
Standard. safety assessment section.

• In the event of a major accident occurring, the controls will minimize the
- Design performance standards
for the SCEs shall detail the magnitude and severity of its health and safety consequences to the
assurance and verification tasks
covering design, installation, and
extent that is reasonably practicable.
commissioning aspects.
Statement of Fitness shall be part of the Operations Safety Case report
- “Concept Selection” should be
and be included under the ALARP Demonstration.
added under the General
Description of the Facility
section.

Revision of Safety Case Report

Operations 1. Executive Summary
Safety Case The Safety Case report shall be a living document. It is the operator's
2. Introduction
3. General Description of the responsibility to ensure that it is kept up to date throughout the life cycle
Facility
4. Formal Safety Assessment
of the facility. A Safety Case report must be reviewed and, where it is
5. MAPP & PSM System necessary, revised by the operator:
6. Emergency Response Plan
7. ALARP demonstration
• After the design and before the startup of the facility.
8. Improvement Action Plan
9. Appendixes
a. Hazard and Effect Register.
• Following a major accident at the facility.
b. MAH bowties.
c. List of SCEs with their owner. • Where a review is justified by new facts or by technological knowledge
d. SCE’s operations
about safety matters, including knowledge arising from the analysis of
Performance Standard.
e. Safety Critical Tasks and HSE accidents or near misses.
Critical Positions.
f. MOPO matrix. • Where a review is justified by developments in knowledge concerning
the assessment of hazards.

• Before making any modifications to the facility, process, or the nature

or physical form or quantity of dangerous substances, which could have
significant consequences for Major Accident Hazards.

162
• As part of any significant changes to the facility, operation, or
surrounding environment that may have a potential impact on the risk
profile.
• As part of any significant changes to the facility, operation, or
surrounding environment Following any change to the safety
management system could have significant consequences for the
prevention of major accidents or the limitation of the consequences of
major accidents to human health and the environment. that may have a
potential impact on the risk profile.
List of Annexes
• Annex A – Calculations of Dangerous Substances.
• Annex B – Major Hazard Facility Notification Form.
• Annex C – Information to be Included in “General Description of The
Facility” Section.
• Annex D – Manual of Permitted Operations (MOPO).
For annexes details, please refer to SAFETY CASE STANDARD EGPC-PSM-
ST-002 on the PSM EGYPT website.

• When it is required to operate the facility beyond its design life.

Prepared by:
• At a maximum interval of five years.
Mohamed Mahmoud Hamoda
HSE department Head - Pharaonic Petroleum Company
EGPC Review and Approval of Safety Case
Technical Consultant:
Operations Safety Case is a mandatory document for the Upper Tier Major
Amr Fathy Moawad Hassan
Hazard Facilities. The facility operator shall send it to EGPC for review and
PSM Senior Consultant at Methanex Egypt
appraisal to obtain the license to operate the facility. Based on the appraisal
process, EGPC will communicate the outcomes to the operator within six
months from the submission.

The outcomes of the review process could be:

• Accepting the Safety Case.

• Accepting the safety with conditions.

• Rejecting the Safety Case.

The Design Safety Case shall also be sent to EGPC. This is only for quick
completeness check and acknowledgment and will not follow the same
detailed review as the Operations Safety Case; however, EGPC could
indicate any matters that may create difficulties with accepting the
Operations Safety Case if those matters are not taken into account in the
detailed design or the construction or commissioning stages.

IADC HSE Case for the drilling rigs, reference to IADC requirement, and
MAH bowties are mandatory documents and shall be sent to EGPC for
quick completeness check and acknowledgment before the start of the
drilling operation. It is the operator's responsibility to review the IADC
HSE Case before sending it to EGPC to ensure all the IADC HSE Case
requirements are covered.

163
 The Deepwater Horizon Oil Spill -
Gulf of Mexico. Tuesday, April 20,
2010. Hydrocarbons escape. 11
deaths and 17 injuries.

164
As Low As Reasonably Practicable
(ALARP) Demonstration Guideline
EGPC-PSM-GL-010

165
Overview • The Decision-Making Process.

• The ALARP Demonstration Workshop details.

This snapshot showcases an overview of the ALARP Demonstration
principle, process, and assessment, focusing on the following main topics: • The ALARP Demonstration Reporting.

- Introduction
ALARP Overview
- Purpose
The fundamental principle of Risk Management is that while risks cannot
- ALARP Overview always be eliminated, it should be possible to reduce them to a level that is
ALARP so that they are tolerable because all Reasonably Practicable Risk
- ALARP Demonstration Process Reduction Measures have been implemented.

The ALARP must be demonstrated in the petroleum industry where there

Introduction is a potential for Major Accident Hazards. The ALARP principle is illustrated
The companies are committed to pursuing no harm to their people and in the following Figure.
the community by managing risks through effective and efficient controls.
Unacceptable Risk can not be justified
companies shall reduce all risks related to their Major Hazard Activities to a except in extraordinary
region
level As Low As Reasonably Practicable (ALARP). circumstances

The ALARP principle is a well-established principle predefined in the Risk Tolerable if Tolerable only if risk
ALARP region reduction is impracticable
Management Standard EGPC-PSM-ST-001. At the same time, ALARP or if its cost is grossly
Risk is taken disproportionate to the
Demonstration and Assessment is a method used by companies to improvement gained.
only if a benefit is
demonstrate that the Residual Risk from their Major Hazard activities is required

ALARP.
Tolerable if cost of
reduction would exceed
This guideline helps the companies to prepare and document their ALARP
the improvement
Demonstration and Assessment to encompass the submission of the
Broadly Necessary to maintain
Safety Case per the Safety Case Standard EGPC-PSM-ST-002. assurance that risk
acceptable
remains at this level
region

Purpose
This guideline describes the main components of the ALARP Framework for Tolerability of Risk (ALARP Carrot Diagram).
Demonstration and Assessment process as the main objective of
companies' Safety Case(s). This guideline is consistent with the Safety The triangle divides risk into three bands representing an increasing level of

Case Standard EGPC-PSM-ST-002, and the Major Accident Hazard
Management Guideline EGPC-PSM-GL-006 [3] enables COMPANIES to
follow a defined regime to demonstrate that all Residual Risks from its
Major Hazards activities are ALARP. This guideline aims to explain the
following:
• The ALARP Principle Overview.
• The ALARP Demonstration Process, including the ALARP Demonstration
Methodology and the ALARP Assessment.
risk from a Low Risk to a High Risk:
1. An unacceptable region is represented by red at the top of the triangle,
where risks are intolerable and Risk Reduction Measures are mandatory.
2. A middle band, or tolerable if the ALARP region is represented by amber
and yellow at the middle of the triangle, where Risk Reduction Measures
are desirable but may not be implemented if their cost is disproportionate
to the benefit achieved.
3. A broadly acceptable region is represented by green at the base of the
triangle, where no further Risk Reduction Measures are normally needed.

166
 Initial Risk Low ALARP High

MAH
Identification
Major Accident Hazard (MAH)

Existing Risk Some special For tolerable Most of Risks In Early design
cases risk only are treated only
Reduction
Measures
RRM(s) 4T'S
Transfer Tolerate Treat Terminate Strategy

L1 Elimination
L2 Substitution
L1 Passive
L3 Engineering controls
Increasing of L2 Active Hierarchy of
L4 Isolation Control
Barrier L3 Admin. Controls
L5 Admin. Controls
Reliability L6 PPE

Additional Risk
Reduction Low ALARP High
Measures
Accept

The Risk value RRM(s) 4T'S

after considering Transfer Tolerate Treat Terminate Strategy
the existing RRM(s)

Tolerate and do Treat and apply

not apply the RRM the RRM if is
Apply The ALARP
Demonstration
if it is grossly reasonably
Methodology disproportionate practicable

Prepare evidence
for the
disproportionality

Document the ALARP

Demonstration

Encompass to the safety case

167
From the ALARP demonstration perspective, even if the risk level for a
Baseline Case/Initial/Inherent Risk has been judged to be in the ALARP
region, it is still required to consider introducing further Risk Reduction
Measures to drive the remaining or Residual Risk downwards. The ALARP
Initial Risk from Qualitive Methods (e.g., HAZID)
Qualitative MAH Identification
(Based on the MAH Zone in the Qualitative Risk Tolerability Criteria)

level is reached when the time, trouble, and cost of further reduction (Ref. Major Accident Hazard Management Guideline EGPC-PSM-GL3) (006-)

measures become unreasonably disproportionate to the Additional Risk

Reduction obtained. The risk is tolerable if it is ALARP, so all reasonably Bowtie for the MAH
practicable Risk Reduction Measures (RRM) must have been explored
and evaluated. Where the risk(s) is in the middle band, a detailed ALARP Existing Barrier Identification
on the Bowtie
Demonstration/Assessment will be required.

The ALARP Demonstration overall process linked to Risk Management,

Check the Barrier
MAH Management, and the Safety Case is illustrated in the following. Adequacy Criteria

This includes identifying the MAH using the developed different Risk
Barriers meet Barriers do not meet
Assessment Techniques, checking the existing Risk Reduction Measures the criteria the criteria

(Barrier's adequacy), deciding the need for additional RRM(s), and whether
Check the Qualitative Risk
these additional RRMs are reasonably practical not to be implemented. Tolerability Criteria to determine
the Risk value after considering
The Main Steps for a Successful ALARP Demonstration Process linked the exiting Barriers/RRM(s)

to Risk Management, the MAH, and the Safety Case Standard and
Guidelines.
Acceptable Risk Medium Risk High Risk

Both Qualitative and Quantitative MAH Assessments linked to the ALARP

Suggest Additional Suggest Additional
Demonstration Methodology are illustrated separately in the following Barrier(s) Barrier(s)

two Figures.

Apply the ALARP Implement

Demonstration Methodology Additional Barrier(s)
(Using the Qualitative ALARP
Assessment)

The Qualitative MAH Assessment Link

to the ALARP Demonstration Methodology

168
 Quantitative MAH identification using QRA
(Ref. Quantitative Risk Assessment
(QRA) Guideline EGPC-PSM-GL4] (008-])
The Risk value(s) resulted from the QRA is(are) determined
considering the existing Barriers / RRM(s) (i.e., it is a
Current Risk not an Initial Risk), and its evaluated
based on the Quantitative Risk Tolerability Criteria
Acceptable Risk Medium Risk
Suggest Additional Suggest Additional
Barrier(s)
Rerun (Recalculate) the QRA to
check that the suggested Additional
RRM/ Barrier(s) will reduce Risk(s) to
the Tolerable Limit
Major Accident Hazard (MAH) Identification
The MAH is a hazard with the potential, if realized, to result in a Major
Accident. The Major Accident is a Hazardous Event that results in: multiple
fatalities or severe injuries; extensive damage to the structure, installation,
or plant; or large-scale environmental impact [3]. The objective is to
identify all potential MAH(s) to prove that all MAH(s) are controlled and
have been reduced to or below the lower tolerability limit. The MAH list is
generated for the Initial Risk (Inherent Risk) ranking before considering the
proposed/existing control measures/RRMs. However, the MAH from QRA
is determined considering the existing Barriers.
High Risk
Risk Reduction Measures RRM (Barriers) Selection
After identifying the MAH and as a part of the Hazard Identification process,
Barrier(s)
the existing RRM(s) must be identified for the Inherent Risk so that the
Current Risk and, finally, the Residual Risk can be assessed. All physically
possible additional RRMs shall be identified to the Current Risk located in
the ALARP zone; to drive the remaining/Residual' Risk downwards (to or

Apply the ALARP Implement

below the lower tolerability limit). These additional RRMs are subjected to
Demonstration Methodology Additional Barrier(s) the ALARP assessment to identify which is reasonably practicable so that
(Using the Qualitative ALARP
Assessment) those deemed reasonably practicable can be implemented.

The RRM(s) can either lower the possibility (frequency) of the hazard
The Quantitative MAH Assessment Link to the ALARP
occurring, reduce its consequences, or both. The recommended Strategy,
Demonstration Methodology.
the Hierarchy of Control (Hoc), and the reliability of the RRM have been
Risk Assessment identified in the Risk Management Standard EGPC-PSM-ST-001,

In carrying out the ALARP Demonstration, a Risk Management Residual Risk (RR) Identification and the
process must be followed (Risk Management Standard EGPC-PSM- Needs for Additional RRM
ST-001), including different Risk Analysis Techniques (Qualitatively
The Current Risk is the risk remaining after considering all already
and Quantitively), to comprehensively identify all hazards and risks
implemented barriers (existing RRMs) for both Qualitative and Quantitative
associated with the activities. The objective is to provide sufficient
Risk Assessments. The need for additional RRM is based on the Current
details of the hazard nature and the risk level to demonstrate that the
Risk value and the need to lower the Residual Risk (RR) to or below the lower
risks have been reduced to ALARP.
tolerability limit.
Risk Tolerability Criteria
Qualitative Residual Risk Identification
Qualitative and Quantitative Risks shall be evaluated in reference to the
For those MAH(s) which have been identified Qualitatively using
Risk Tolerability Criteria. The objective is to describe clearly and concisely
a Qualitative Risk Analysis method (HAZID) followed by barrier(s)
the facilities' risks level.
assessment using bowtie, the Residual Risk is identified depending on
Note: Qualitative and Quantitative Risk Tolerability Criteria are the barrier adequacy criteria (the criterion is described comprehensively
comprehensively described in the Risk Management Standard EGPC- in the Major Hazard Management Guideline (EGPC-PSM-GL-006)).
PSM-ST-001.

169
Quantitative Residual Risk Identification
For those Current Risks identified Quantitatively (using a Quantitative
method, e.g., QRA) that exceeded the upper tolerability limit (Intolerable
Risks) and Current Risks that are located in the ALARP zone, there is a need
for recommended additional RRM(s)/ Barrier(s). A rerun (recalculation) for
the QRA models shall take place to ensure that the implementation of the
recommended additional RRM(s) / barrier (s) is capable of reducing the
Residual Risk(s) to or below the lower tolerability limit.
ALARP Demonstration - Identifying What is
Reasonably Practicable
The main objective of this section is to guide on how to assess and
demonstrate whether it is reasonably practicable to implement a Risk
Reduction Measure based on a risk decision framework.
ALARP Demonstration Methodology
There are three main levels/ steps to ensure that risks are reduced to the
ALARP levels, as illustrated in the following Figure.
Levels one and two identify and adopt the legislation requirements and
appropriate codes and standards; these represent cumulative industry
knowledge gained from previous incidents. Level three identifies what is
reasonably practicable RRM(s) to be implemented (ALARP).
ALARP
Good Practice
International and company standards
Risk levels
Legislative requirements
ALARP Demonstration Major Steps [5]
170
The ALARP Demonstration process is viewed as a series of staircases, with
each level representing an increased level of risk control. The main objective
of levels one and two is to answer the question, "did we make the basics?"
(i.e., did we achieve the baseline or the minimum?) The answer to this
question is yes or no, and it is not an argued question. Passing by these two
staircases is mandated before deciding whether the risk is ALARP or not.
Level three is where to measure the proportionality of the suffering relative
to the benefits and to decide whether the suggested additional RRM is
reasonably practicable or not. At this level, two important questions have
to be answered; "is there anything more we can do?" and "Is it reasonably
practicable or not?"
Level One – Risk Levels Legislative Requirements
At this level, COMPANIES shall ensure that the Risk Tolerability Criteria are
met before moving to any additional RRM, as well as all legal requirements
of all relevant Laws and Decrees from Governmental Authorities.
Level Two – Good Practice, International and Company
Standards
Adopting current Good Practice or its equivalent is an ALARP methodology's
second step. It is the level to determine whether the Risk Assessment and
the RRM met the Good Practice requirement or not. Good Practices (as
defined by UK-HSE) are the recognized Risk Management Practices and
Measures that competent organizations use to manage well-understood
hazards arising from their activities.
Level Three – ALARP Assessment
At step three (ALARP assessment), COMPANIES identify the need for
any additional RRM/barrier for demonstrating the ALARP. This potential
RRM/barrier is either adding a new RRM or an improvement for the existing
one. Then the decision is taken by executing this additional RRM or not by
comparing the benefit of adding the RRM (in terms of reducing the risk and
protecting from loss) with the sacrifice (including the cost, time, effort, and
any difficulties) (i.e., identifying the proportionality).
In this guideline, the ALARP assessment's approach and depth to identify
the reasonably practicable RRM/barrier are proportional to the MAH
identification method. A Qualitative ALARP assessment is used for
the Qualitative method (e.g., HAZID followed by a bowtie). In contrast, a
Quantitative ALARP assessment (Cost Benefit Analysis-CBA) is used for
the Quantitative method (e.g., QRA).
Qualitative ALARP Assessment Quantitative ALARP Assessment
The suggested additional RRM/barrier will be qualitatively evaluated to Cost Benefit Analysis (CBA) is the Quantitative Assessment of the Cost
determine if the implementation of the RRM is reasonably practicable or of implementing a particular Risk Reduction Measure and the comparison
not. A matrix is used to produce a numeric value for implementing Risk with the Safety Benefit (Risk Reduction) that this would be expected to
Reduction Measures (Note: although it is a numerical value, the matrix is still achieve. While no amount of money can compensate for injury or harm,
qualitative). Values are given to cost, effort, and expected risk reduction. the ALARP principle acknowledges that an investment aimed at reducing
injury or harm will not be made without regard to the size of that investment.
The way that the CBA is done is to:
Anticipated Risk Reduction (the ALARP Value)
Risk Reduction x Cost x effort
Cost x Effort 1. Calculate the Implied Cost of Averting a Fatality (ICAF) for the Risk
High Medium Low Reduction Measure, which is the Cost of the Risk Reduction Measure
1 2 3
divided by the Risk Reduction achieved (the reduction in Potential Loss
1 1 2 3
of Life over the Facility’s Remaining Lifetime.
2 2 4 6
2. Compare this to the Identified ICAF values criteria.
3 3 6 9
3. A risk reduction measure will then be reasonably practicable or not
4 4 8 12
based on the action category of each Identified ICAF value.
6 6 12 18
For further details about the quantitative assessment please visit the
9 9 18 27
EGPC USafe Application or the PSM Egypt website for the detailed ALARP
guideline.
The final ALARP value is checked against the Decision-Making, and
ALARP Demonstration Methodology and the
a decision is made on implementing, considering, or rejecting the
Risk Reduction Measure. A simple model is used to categorize the
Decision-Making Process
recommendations into the following categories, as shown in the The ALARP Demonstration Methodology requires Decisions shall be based
following table: on a Decision-Making process. The main objective of the Decision-Making
Process is to identify at what level of the ALARP Demonstration ladder
ALARP Value Action Category The Required Decision we shall stop (when enough is enough). Choosing the suitable decision

Implementing the RRM would not be Grossly

depends on the complexity of the project/facility and the size of the

1-4 Implement
Disproportionate to the reduction in the risk hazards. The following Figure shows the Decision-Making Process Diagram
achieved (i.e., the implementation of the
RRM is reasonably practicable). based on the UKOOA.

Management decisions are based on further

discussion, considering in the
Decision-Making all factors related to the
complexity of the facility, the internal and
6-8 Consider
external stakeholder views and opinions,
using of innovative technology, the absence
of related good practice, and the degree of
uncertainty.

Implementation of the RRM would be

9-12 Reject Grossly Disproportionate to the
reduction in risk achieved.

171
 Significance to the Process of Decision Making

• Nothing New
Codes and Standards Codes and Standards • Well Understood
• Established Practice
A
Verification
• No major Stakeholder issues

e n gt • Lifecycle Implications
Peer Review tic me
ac d ge • Some risk 'trade-offs'

Benchmarking
G
o od
Pr

ng
in ee
rin
g Ju

sis-Q RA , CB
A etc • Some uncertainty or
deviation from standard
B
E naly
s es A practice
-Ba
Risk • Significant economic implications

Internal Stakeholder • Very novel or challenging

Consultation Company Values • Strong stakeholder views
and opinions C
External Stakeholder • Significant risk 'trad e-offs'
Consultation Societal Values • Large uncertainties
• Perceived lowering of safety standards

UKOOA Decision-Making Framework for ALARP Demonstration

ALARP Demonstration (Risk Reduction) Workshop ALARP Demonstration Workshop Team

The ALARP Demonstration (Risk Reduction) workshop shall be conducted
to present the various Qualitative and Quantitative Risk Assessment
Studies' results and to discuss the additional Risk Reduction Measures
and Recommendations, to demonstrate that risks are ALARP (as a main
purpose of the Safety Case). The ALARP Demonstration Workshop shall
follow the Methodology illustrated in the following Figure.
ALARP Demonstration Workshop is a multidisciplinary analysis approach
that requires all team members to bring specific knowledge continuously
throughout the session, having the main goal of properly answering any
process safety-related question and avoiding them as much as possible to
delay the issue by reporting to people outside of the team.

172
 Recommended Additional RRM

Grossly
Disproportionate
ALARP
Assessment
No (Step 3)
Is it a Good
Practice?
(Step 2)
No
Is it a Legal
Requirement?
(Step 1)

Yes

Yes
Grossly
proportionate Need Further
Investigation to take
the suitable Decision

Implement Consider Reject

Note, Unless a justified Decision-Making is taken by the ALARP Demonstration

workshop team to implement the recommended Additional RRM

Executing the ALARP Demonstration Steps during the ALARP Demonstration (Risk Reduction) Workshop.

ALARP Demonstration Reporting Prepared by:

Mohammed Sabry Hanafi Mahmoud
As a major objective of the Safety Case, the ALARP Demonstration must
Risk Management and Loss Prevention Studies
be documented and incorporated into the safety case. A key part of the
Executive General Manager – GASCO
documentation of an ALARP demonstration is that it must describe those
reasonably practicable measures and justify those that have not been
Technical Consultant:
implemented. A recommended form for the ALARP Demonstration report
Amr Fathy Moawad Hassan
contains the following:
PSM Senior Consultant at Methanex Egypt
• Introduction to the study intent, scope, definitions, used terms,
workshop date, references, and RA studies to be evaluated.

• ALARP Demonstration Methodology in reference to this guideline.

• ALARP Demonstration results; describe those reasonably practicable

measures to be implemented and justify those that have not been
implemented, and a list of the additional reasonably practicable RRM.

• The appendices contain; the ALARP worksheet, attendance sheet,.. etc.

173
Safety Case Appraisal Guideline
EGPC-PSM-GL-013

174
Overview MHF operators should use it to understand the CA expectations and
minimum requirements better. This is in conjunction with the Safety Case
This snapshot displays an overview of the safety case appraisal guideline, Standard EGPC-PSM-ST-002 and ALARP demonstration Guideline EGPC-
which focuses on the following: PSM-GL-010.

The Safety Case Appraisal Criteria applies to all companies that operate
- Purpose under the Authority of the Egyptian General Petroleum Corporation

- Safety Case Appraisal Process (EGPC), the Egyptian Natural Gas Holding Company (EGAS), the Egyptian
Petrochemical Holding Company (ECHEM), and the South Valley Petroleum
- Safety Case Appraisal Criteria Holding Company (GANOPE) covering all their operational subsidiaries,

- state-owned companies, affiliates, and joint ventures.

Roles and Responsibilities

- Checklists/Templates
The Safety Case Appraisal Process
The Safety Case Appraisal Process consists of four stages:
Purpose
1. Notification.
This document illustrates how the Competent Authority (CA) assesses
2. Safety Case Preparation and Pre-receipt Meeting.
submitted safety cases and provides the basis for accepting, conditionally
3. Safety Case Submission and Decision.
accepting, or rejecting safety cases.
4. Safety Case Intervention Plan.

The Pre-Receipt stage and the appraisal process from ‘Submission and
Decision’ to ‘Intervention Phase’ are managed by the Safety Case Appraisal
team (the CA).

The Facility is Qualified Pre-receipt Safety Case Completeness Full Assessment

for Safety Case Meeting Submission Checks

Intervention Plan Conclusion Decision Making Physical Checks Operator

and Follow-up Meeting (Optional) Interview

Simplified Safety Case Appraisal Process Chart

175

Safety Case Appraisal Criteria
The appraisal criteria provide a framework that helps the MHF operator and
the CA achieve a consistent and proportionate consideration of matters
that may be examined during appraisal.
In general, the Safety Case appraisal criteria rely mainly on two factors:
• Detailed Data Sufficiency
• ALARP Demonstration
The criteria are applied by the appraisal team against the relevant content
of the safety case. In this context, the appraisal team will have a good
understanding of the safety case appraisal process and its place within the
safety case standard requirements:
a. Criteria will be “met” when all relevant items are included, and the
necessary supporting information has been provided.
b. Criteria will be “not met” when some critical relevant items are not
included, the necessary supporting information has not been provided,
or the ALARP has not been demonstrated.
Roles and Responsibilities
The success of the Safety Case development and appraisal process relies
on properly identifying each party’s role and responsibilities. The expected
duties of each party are described in the following.
The MHF Operator
• Complete and submit the notification form to EGPC and notify the
holding company.
• Assign a focal person to communicate with the CA to identify whether
the facility is an Upper or Lower Tier Facility.
• Start preparing the Safety Case as per the Safety Case Standard (EGPC-
PSM-ST-002).
• Prepare and submit a Safety Case pre-receipt document.
• Complete and submit the signed-off Safety Case report.
• Cooperate with the CA to prepare/review the intervention plan based on
the type of Safety Case approval.
• Assure the accuracy and precision of all provided information in the
Safety Case.
176
• Track and close out the improvement plan recommendations as
scheduled in the Safety Case.
• Facilitate any required logistics such as transportation,
accommodations, and Hazardous areas and secure permits for the
Safety Case Appraisal Team to conduct any needed site verifications.
• Arrange the pre-receipt meeting with the Safety Case Appraisal Team to
validate the development roadmap.
• Secure and facilitate access to the facility documentation and interviews
with the focal facility personnel, employees, and contractors.
• Communicate internally with the holding company (EGAS, ECHEM, or
GANOPE) to discuss the Safety Case progress and seek its advice.
Holding Companies
• Enforce the implementation and development of the Safety Case across
their companies.
• Provide any required technical and administrative support for MHF
operators to develop the Safety Case.
The Safety Case Approving Authority
• Provide the Safety Case final decision (Acceptance, Conditional
Acceptance, or Rejection) and approve the Safety Case acceptance and
conditional acceptance letters.
• Escalate rejected Safety Cases to the Safety Case Endorsement
Authority (EGPC Chairman).
• Raise MHF non-conformities to Safety Case Endorsement Authority.
The Safety Case Endorsement Authority
• Endorse Safety Case rejection letters to MHF operators.
• Enforce compliance with the Safety Case standard requirements.
• Investigate any MHF non-conformities.
The Safety Case Appraisal Team (The CA)
The safety case appraisal team are multi-disciplinary team members
that cover all aspects of the safety case. They represent EGPC in
communications with the MHF operator and should:
• Receive MHF notifications, identify whether the facility is either an Upper
Tier or Lower Tier facility, and notify the MHF operator accordingly.
• Participate in the pre-receipt meeting with the operator to validate the
Safety Case development roadmap.
• Validate the initial completeness of submitted Safety Cases and
whether they are qualified for the appraisal process or lack basic
information.
• Assess the SCEs' performance standards and verification schemes.
• Conduct site verifications when deemed required.
Based on the Safety Case's complexity and nature, the Safety Case
Appraisal Team may request the participation of other specialists in the
appraisal process.
List of Annexes

• Interview the MHF operator to ensure his awareness of the Safety Case’s
important contents.
• Manage the Safety Case conclusion meetings to announce the appraisal
results and agree on the intervention plans for accepted or conditionally
accepted Safety Cases.
• Annex A – Safety Case Appraisal Checklist.
• Annex B – Safety Case interview checklist.
• Annex C – Conclusion Letter Templates.
For annexes details, please refer to SAFETY CASE APPRAISAL GUIDELINE-
EGPC-PSM-GL-013 on the PSM EGYPT website.

• Sign off the initial decision (Acceptance, Conditional Acceptance, or

Rejection).
Prepared by:
• Notify the holding companies with UTMHFs related to companies under Mohamed Mesbah
their supervision. Operations Department Head - Khalda Petroleum Company

• Inform the holding companies about the Safety Case appraisal

Technical Consultant:
results of the UTMHFs related to companies under their supervision.
Amr Fathy Moawad Hassan
The Safety Case Appraisal Team's typical duties: PSM Senior Consultant at Methanex Egypt

• Assess the process description and operational conditions.

• Assess the list of hazardous material and their inventories.

• Assess the relevant drawings.

• Conduct site verifications when deemed required.

• Assess the ERP.

• Conduct site verifications when deemed required.

• Assess the process safety management system.

• Assess the formal safety studies.

• Assess the major accident prevention policy (MAPP).

• Assess the MAH Register.

• Assess the ALARP demonstration and the improvement plan.

• Conduct site verifications when deemed required.

177
PSM Definitions &
Abbreviations

178
PSM Glossary of Definitions
and Abbreviations
EGPC-PSM-GL-010

179
Purpose
This Glossary of Terms and Abbreviations document has been prepared
as a guideline for ENTITIES and COMPANIES’ employees and contractors
engaged in activities with respect to Process Safety to ensure a consistent
approach for communication of information and understanding and use of
terms across the COMPANIES.
Individual terms may have been attributed more specific meanings in
various Standards and Guidelines. Where this is the case, they will appear in
the specific standard’s or Guideline’s list of defined terms, and the defined
term definition will take precedence within that Standard or Guideline.
180
Scope
PSM Technical Subcommittee prepared and maintained this Glossary of
Terms and Abbreviation as a guideline to support consistent reporting and
communication within the ENTITIES.
COMPANIES should use the Glossary of Terms and Abbreviations as the
first point of reference when referring to Process Safety Standards or
Guidelines. Where there is a conflict in the guideline or the guideline does
not cover all the circumstances, additional Guidance can be obtained by
contacting the PSM Egypt website.
COMPANIES should ensure that all personnel, including Staff and
Contractors involved in any works or services related to PSM Standards
and Guidelines, are informed of their existence, the need for compliance
with PSM Standards, and the adoption, where practicable, of the
recommendations in PSM Guidelines.
References and
Acknowledgments

181
 • ISO, 2016. Petroleum and natural gas industries - Offshore production
References List
installations - Major Accident Hazard management during the design
• EGPC, “Operating Manual System (OMS) Framework,” Egyptian General of new installations (ISO17776). Brussels: EUROPEAN COMMITTEE FOR
Petroleum Corporation, Cairo, 2020. STANDARDIZATION.
• EGPC, “Operating Manual System (OMS) Implementation Guideline
Safety Critical Element Management Guideline
EGPC-GEN-GL-010,” Egyptian General Petroleum Corporation, Cairo,
2020. • Energy institute, guidance on meeting expectations of ei process safety
management framework - element 16: management of safety critical
• ISO, “Risk management - Guidelines ISO 31000:2018,” International
devices, london: energy institute, 2015.
Organization for Standardization, Geneva, 2018.
• Energy institute, guidelines for management of safety critical elements
• ISO, “Risk management — Risk assessment techniques ISO 31010:2019,”
(sces), london: energy institute, 2020.
International Organization for Standardization, Geneva, 2019.
• Oil & gas uk, guidance on the conduct and management of operational
• HSE UK, “Good Practice and Pitfalls in Risk Assessment, Research
risk assessment for ukcs offshore oil and gas operations, london: oil &
report 151,” Health & Safety Executive, London, 2003.
gas uk, 2012.
• UKOOA, “Industry Guidelines on a Framework for Risk Related Decision,”
• British gas, cumulative operational risk assessment, british gas group,
UK Offshore Operators Association, London, 1999.
2012.
• HSE UK, “Societal Risk: Initial briefing to Societal Risk Technical Advisory
Group, Research report 703,” Health & Safety Executive, London, 2009.
Process Safety Management
• CCPS, “Guidelines for - Developing Quantitative Safety Risk Criteria,”
PSM Program Standard References
Centre for Chemical Process Safety, New York, 2009.
• (AIChE CCPS), center for chemical process safety. Guidelines for risk
• DNV, “Criteria and Risk-Based Damage Stability. Final Report -0165, Part
based process safety. New jersey : a john wiley & sons, inc., Publication,
1: Risk Acceptance Criteria,” DNV, 2015.
2007.
• Risktec-TUV, “Risk-Based Decision Making and ALARP - An introduction
• (DNV) Process safety managment. S.L. : Dnv as veritasveien 1, 1322 hovik,
to making risk-based decisions and reducing risks As Low As Reasonably
norway, 2013.
Practicable (ALARP).,” TUV, 2018.
• (AIChE CCPS), center for chemical process safety. Guidlines for asset
• Risktec-TUV, “Quantitative Risk Assessment (QRA) - An introduction
integrity management. New jersey : john wiley & sons, inc., Hoboken, new
to the quantitative assessment of risks associated with high hazard
jersey., 2017.
facilities,” TUV, 2018.
• (EGPC), egyptian general petroleum corporation. Contractor
Major Accident Hazard Management Guideline
management. Cairo : s.N., 2020. Egpc-gen-gl-005.
• CCPS, 2018. BOW TIES IN RISK MANAGEMENT - A Concept Book for
• (AIChE CCPS), center for chemical process safety. Guidelines for
Process Safety. New York: John Wiley & Sons, Inc.
process safety metrics. New jersey : john wiley & sons, inc., Hoboken,
• Energy Institute, 2020. Guidelines for management of safety critical new jersey., 2010.
Elements (SCEs). 3rd ed. London.: Energy Institute.
• (EGPC), egyptian general petroleum corporation. Hse auditing . Cairo :
s.N., 2020. Egpc-gen-gl-006.

182
• (AIChE CCPS), center for chemical process safety. Ccps introduction
to process safety for undergraduates and engineers. New jersey : John
Wiley & Sons, inc., Hoboken, New Jersey., 2016.
• (AIChE CCPS), center for chemical process safety. Guidelines for
implementing process safety management. New jersey :John Wiley &
Sons, inc., Hoboken, New Jersey., 2016.
• (EGPC), egyptian general petroleum corporation. Competency
management system. Cairo : s.N., 2020. EGPC-gen-gl-003.
• (EGPC), egyptian general petroleum corporation. Indident invistigation
guidance. Cairo: s.N., 2020. EGPC-gen-gl-011.
• (EI), energy institute. Guidance on meeting expectations of ei process
safety management framework. London : Energy Institute, London, 2013.
• Administration, U.S. Department of Labor Occupational Safety and
Health. Process safety management . s.l. : U.S. Department of Labor
Occupational Safety and Health Administration, 2000. OSHA 3132.
• Administration, U.S. Department of Labor Occupational Safety and
Health. Process safety management guidelines for compliance. . s.l. : U.S.
Department of Labor Occupational Safety and Health Administration.
OSHA 3111.
• (EI), Energy institute. high level framework for process safety
managment . london: Energy institute, LONDON, 2010.
PSM Implementation Guideline References
• Center for Chemical Process Safety (CCPS). Guidelines for Risk-
Based Process Safety. New Jersey: A JOHN WILEY & SONS, INC.,
PUBLICATION, 2007.
• Center for Chemical Process Safety (CCPS). Guidelines For
Implementing Process Safety Management systems. New York:
American Institue of Chemical Engineers, 1994.
• Center for Chemical Process Safety (CCPS). Guidelines For
Implementing Process Safety Management. New Jersey: John Wiley &
Sons, inc., Hoboken, New Jersey., 2016.
• International Organization for Standardization (ISO). (BS ISO 45001:2018),
Occupational Health and Safety management systems Requirements
with guidance for use. Geneva: ISO copyright office., 2018.
• International Organization for Standardization (ISO) (BS ISO 45002:2018),
Occupational Health and Safety management systems – General
guidelines for the application of ISO 45001. Published by BSI standards
limited 2018.
PSM Competency Guideline References
• European Process Safety Centre (EPSC), "Process Safety Competence:
How to Set up a Process Safety Competence Management System,"
2013. Institution of Chemical Engineers (IChemE), Process Safety
Competency: Supplementary guide – how to build and develop process
safety competence, 2020.
• Centre for Chemical Process Safety (CCPS), Guidelines for Defining
Process Safety Competency Requirements, New Jersey: John Wiley &
Sons, 2015.
MOC Guideline
• Egyptian Natural Gas Co. (GASCO) (2015), Management Of Changes
(MOC) Procedure no.: GASCO-HSE-P-017, Version 1
• Energy Institute (EI), (2015), Guidance On Meeting Expectations Of EI
Process Safety Management Framework - Element 12 : Management Of
Change & Project Management, 1st edition.
• Centre for Chemical Process Safety (CCPS) (2013), Guidelines for
Managing Process Safety Risks During Organizational Change.
• Centre for Chemical Process Safety (CCPS) (2008), Guidelines for The
Management Of Change For Process Safety.
Process Safety Culture Assessment
Guideline References
• Center for Chemical Process Safety (CCPS). Guidelines for Risk-
Based Process Safety. New Jersey: A JOHN WILEY & SONS, INC.,
PUBLICATION, 2007.
• Center for Chemical Process Safety (CCPS). Guidelines For
Implementing Process Safety Management systems. New York:
American Institute of Chemical Engineers, 1994.
183
• Process Safety Culture survey, Baker Panel U.S. Refineries independent
safety review.
• Center for Chemical Process Safety (CCPS). Essential Practices for
Creating, Strengthening, And Sustaining Process Safety Culture. New
Jersey: A JOHN WILEY & SONS, INC., PUBLICATION, 2018.
PSM KPIs Guideline
• ANSI/API. (2021). Recommended Practice 754, Process Safety
Performance Indicators for the Refining and Petrochemical Industries.
USA.
• EGPC. (Feb. 2020), Operating Manual System (OMS) Framework.
• EGPC. (June 2020), Operating Manual System (OMS) Implementation
Guideline – EGPC- GEN-GL-010.
• IOGP. (2018). Report 2018P, Health leading performance indicators, IOGP
Report 2018 data. London.
• EGAS. (March 2017), Incident Reporting & Investigation Procedure.
• Centre for Chemical Process Safety (CCPS) (2016), Guidelines for
Integrating Management Systems and Key Performance Indicators
(KPIs) to Improve Process Safety Performance.
• IOGP. (2016). Report 556, Process Safety - Leading Performance
Indicators. London.
• IOGP. (2011). Report 456, Process Safety - Recommended Practice on
Key Performance Indicators. London.
• Centre for Chemical Process Safety (CCPS) (2011), Process Safety
Leading and Lagging Key Performance Indicators (KPIs).
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for
Process Safety Key Performance Indicators (KPIs).
• Centre for Chemical Process Safety (CCPS) (2007), Guidelines for
Risk-Based Process Safety.
• Health & Safety Executive (UK-HSE). (2006), Health and Safety Guideline
HSG 254, Developing process safety indicators.
184
Process Safety Studies
HAZID Guideline References
• HSE UK, "COMAH Safety Report Assessment Guides (SARGs). Energy
Division - Hazardous Installation Directorate (HID)," Health and Safety
Executives, London, 1999.
• HSE UK, "Guidance on Risk Assessment for Offshore Installations,
Offshore Information Sheet No. 3/2006," Health and Safety Executives,
London, 2006.
• HSE UK, "Guidance on Risk Assessment for Offshore Installations,
Offshore Information Sheet No. 3/2006," Health and Safety Executives,
London, 2006.
• SO, "Risk management — Risk assessment techniques ISO 31010:2019,"
International Organization for Standardization, Geneva, 2019.
• EGPC, "Safety Case Standard (EGPC-PSM-ST-002)," Egyptian General
Petroleum Corporation, Cairo, 2022.
• EGPC, "Risk Management Standard (EGPC-PSM-ST-001)," Egyptian
General Petroleum Corporation, Cairo, 2021.
• EGPC, "PSM Glossary of Definitions and Abbreviations (EGPC-PSM-
GL-011)," Egyptian General Petroleum Corporation, Cairo, 2021.
• EGPC, "Process Safety Studies in Oil & Gas Major Projects (EGPC-PSM-
GL-002)," Egyptian General Petroleum Corporation, Cairo, 2022.
• EGPC, "Major Accident Hazard Management Guideline (EGPC-PSM-
GL-006)," Egyptian General Petroleum Corporation, Cairo, 2021.
• EGPC, "HAZOP Guideline (EGPC-PSM-GL-005)," Egyptian General
Petroleum Corporation, Cairo, 2022.
• ISO, "Petroleum and natural gas industries. Offshore production
installations - ISO 17776:2016," International Organization for
Standardization, Geneva, 2016.
Process Safety Studies in Oil & Gas
Major Projects Guideline
• Centre for Chemical Process Safety (CCPS) 2018. Guidelines for
Integrating Process Safety into Engineering Projects. New York, NY:
American Institute of Chemical Engineers.
• PMI, 2013, Guide to the Project Management Body of Knowledge,
PMBOK Guide Fifth Edition.
• ISO, 2016. Petroleum and natural gas industries - Offshore production
installations - Major Accident hazard management during the design of
new installations (ISO 17776).
• ISO, 2012, Guidance on Project Management (ISO 21500).
• IChemE, 2015. Frank Crawley Brian Tyler, HAZOP: Guide to Best Practice
third edition.
• API, 2001, Recommended Practice for Design and Hazards Analysis for
Offshore Production Facilities (RP 14J).
• IEC, 2016. Functional safety –Safety instrumented systems for the
process industry sector (IEC 61511, second edition).
• API, 2013 Fireproofing Practices in Petroleum and Petrochemical
Processing Plants, (RP 2218, third Edition).
Inherently Safer Design (ISD)
Guideline References
• T. Kletz, P. Amyotte, Process Plant, A Handbook for Inherently Safer
Design, second ed., Taylor & Francis, 2010.
• Center for Chemical Process Safety, Inherently Safer Chemical
Processes: A Life Cycle Approach, second ed., (2009).
• Energy Institute, Guidance on Applying Inherent Safety in Design:
Reducing Process Safety Hazards Whilst Optimising Capex and Opex,
second ed., (2014).
• T. Kletz, Lessons from Disaster, Institute of Chemical Engineers, 2003.
Layout and Facility Siting Guideline
• Jung S. Facility siting and plant layout optimization for chemical process
safety. Korean Journal of Chemical Engineering. 2016 Jan; 33(1):1-7.
• Center for Chemical Process Safety (CCPS). Guidelines for Integrating
Process Safety into Engineering Projects. New York, NY: American
Institute of Chemical Engineers; 2018.
• API R. 752: Management of Hazards Associated with Location of Process
Plant Permanent Buildings. Washington: API. 2009 Dec.
• Marx JD, Ishii BR. A comprehensive approach to API RP 752 and 753
building siting studies. Journal of Loss Prevention in the Process
Industries. 2016 Nov 1; 44:748-54.
• Chemical Industries Association, Guidance for the Location and
Design of Occupied Buildings on Chemical Manufacturing Sites, fourth
Edition, 2020.
• API R. 753: Management of Hazards Associated with Location of
Process Plant Portable Buildings. Washington: API. 2007 Jun.
• Sutton I. Plant design and operations. Gulf Professional Publishing;
2017 Jun 14.
• CCPS C. Guidelines for Siting and Layout of Facilities. New York, NU,
USA: Wiley; 2018.
• Vilas KR, Hereña PG, Shah JN. A vision of facility siting possibilities.
Process Safety Progress. 2020 Sep; 39(3):e12180.
• Mannan S. Lees' Process Safety Essentials: Hazard Identification,
Assessment and Control. Butterworth-Heinemann; 2013 Nov 12.
• Klein JA, Vaughen BK. Process Safety: Key Concepts and Practical
Approaches. CRC Press; 2017 Jun 1.
• Moran S. Process plant layout. Butterworth-Heinemann; 2016 Nov 16.
• Anderson TH, Hodge PR. A method to utilize facility siting techniques in
the early phases of capital projects to reduce risks and safety spending.
• Journal of Loss Prevention in the Process Industries. 2017 Sep 1; 49:310-8.
• Prophet N. The benefits of a risk-based approach to facility siting.
Process Safety Progress. 2012 Dec; 31(4):377-80.
185
• Shah JN, Shaffer DM. Risk-based approach for evaluating safety events
HAZOP References
in large plants. Process Safety Progress. 2012 Sep; 31(3):287-90.
• F. Crawley, M. Preston, and B. Tyler, HAZOP: Guide to Best Practice, Third
• Ashiofu A, Bruce-Black J, Dyer J. Leveraging facility siting to optimize
Edit. Institution of chemical Engineers. (IChemE.), 2015.
mitigation decisions. Process Safety Progress. 2020 Sep; 39(3):e12188.
• John Gould, “Review of Hazard Identification Techniques,” Sheffield,
• Mander TJ, Sarrack A, Diakow P, Bruce-Black J. Current state of the
U.K, 2005. doi: 10.1142/9789812776075_0001.
practice for facility siting studies. Process Safety Progress. 2020 Sep;
39(3):e12181. • International Electrotechnical Commission, “IEC 61882:2016 Hazard and
operability studies ( HAZOP studies ) — Application guide.” 2016.
• Vilas KR, Hereña PG, Shah JN. A vision of facility siting possibilities.
Process Safety Progress. 2020 Sep; 39(3):e12180. • J. Dunjó, V. M. Fthenakis, R. M. Darbra, J. A. Vílchez, and J. Arnaldos,
“Conducting HAZOPs in continuous chemical processes: Part I. Criteria,
• Martinez-Gomez J, Nápoles-Rivera F, Ponce-Ortega JM, Serna-González
tools and guidelines for selecting nodes,” Process Saf. Environ. Prot., vol.
M, El-Halwagi MM. Siting optimization of facility and unit relocation with
89, no. 4, pp. 214–223, 2011, doi: 10.1016/j.psep.2011.03.001.
the simultaneous consideration of economic and safety issues. Industrial
& Engineering Chemistry Research. 2014 Mar 12; 53(10):3950-8. • Center for Chemical Process Safety, “Appendix 1: Simultaneous Failures
and " Double Jeopardy ",” in Guidelines for Enabling Conditions and
• Centre for Chemical Process Safety. Guidelines for Evaluating Process
Conditional Modifiers in Layer of Protection Analysis, New Jersey: John
Plant Buildings for External Explosions, Fires, and Toxic Releases. John
Wiley & Sons, Inc., 2014.
Wiley & Sons (US); 2012.
• Egyptian General Petroleum Corporation, “EGPC-PSM-ST-001: Risk
• Basheer A, Tauseef SM, Abbasi T, Abbasi SA. A new method for siting
Management Standard,” Cairo, 2021. [Online]. Available: http://www.
hazardous units in chemical process facilities which minimizes risk at
standards.co.nz/news/standards-information/risk-managment/.
least cost: RIDIMPUS. Journal of Failure Analysis and Prevention. 2018
Feb; 18(1):83-91. • P. Aspinall, “Hazops and human factors,” Inst. Chem. Eng. Symp. Ser.,
no. 151, pp. 820–829, 2006.
• Michael W. The Facility Siting Cycle (Revalidation). 13th Global Congress
on process safety. 2017. • D. Macdonald and Steve Mackay, Practical Hazops, Trips and Alarms.
Elsevier Ltd., 2004.
• GAP.2.5.2: Oil and Chemical Plant Layout and Spacing. A Publication of
Global Asset Protection Services LLC, 2015. • Center for Chemical Process Safety, Layer of protection analysis, vol. 84.
2014.
• Pemberton AW. Plant layout and materials handling. Macmillan
International Higher Education; 2016. • Center for Chemical Process Safety, Guidelines for Hazard Evaluation
Procedures, Third. Center for Chemical Process Safety: A JOHN WlLN
• Barker GB. The engineer's guide to plant layout and piping design for the
& SONS, INC., 2008.
Oil and Gas Industries. Gulf Professional Publishing; 2018.

• UK Onshore Pipeline Operators Association (UKOPA), "Good Practice

Guide- Application of cost-benefit analysis to demonstrate ALARP
(UKOPA/GP/025 Edition 1)," 2018.

186

QRA References
• Centre for Chemical Process Safety (CCPS) & American Institute for
Chemical Engineers (AICHE) (2000), Guidelines for – Chemical Process
Quantitative Risk Analysis- 2nd edition.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-14 vulnerability of Humans.
• Health & Safety Executive (UK-HSE). (2008), Hazardous installations
director’s (HID’S), Approach to (As Low As Reasonably Practicable)
ALARP Decision.
• UK Offshore Operators Association (UKOOA). (1999), industry guidelines
on – A Framework Risk Related Decision Support.
• Health & Safety Executive (UK-HSE). (2009), research report 703, Societal
Risk: Initial briefing to Societal Risk Technical Advisory Group.
• Evaluating Process Safety in The Chemical Industry (2000) – A User’s
Guide to Quantitative Risk Analysis.
• Marc J Assael & Konstantions E. Kakosimos (2010) – Fires, Explosions,
and Toxics Gas Dispersions – Effects Calculation and Risk Analysis.
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for -
Developing Quantitative Safety Risk Criteria.
• Canadian Society for Chemical Engineering (CSChE). (2004), Risk
Assessment – Recommended Practices for Municipalities and Industry.
• DNV Risk Acceptance 2015, Criteria and Risk Based Damage Stability.
Final Report -0165, Rev. 1, part 1: Risk Acceptance Criteria.
• Risktec Essentials (2018), Risk-Based Decision Making and ALARP (An
Introduction to Making Risk-Based Decisions and Reducing Risks As Low
As Reasonably Practicable (ALARP)).
• Risktec Essentials (2018), Quantitative Risk Assessment (QRA) (An
Introduction to the Quantitative Assessment of Risks Associated with
High Hazard Facilities).
• Centre for Chemical Process Safety (CCPS) (1989), Guidelines for
Process Equipment Reliability Data with Data Table.
• The International Oil and Gas Producers association (IOGP) Sept. 2019,
report no. 434-06 Ignition Probabilities.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-16 Ship/Installation Collisions.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-10 Water Transport Accident Statistics.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-12 Occupational Risk.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-19 Evacuation and Scape Rescue.
Fire and Explosion Risk Assessment
(FERA) Guideline References
• Egyptian General Petroleum Corporation (EGPC), "Risk-Management
Standard (EGPC-PSM-ST-001)," 2021.
• Egyptian General Petroleum Corporation (EGPC), "Safety Case Standard
(EGPC-PSM-ST-002)," 2022.
• Egyptian General Petroleum Corporation (EGPC), "Major Accident
Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
• Egyptian General Petroleum Corporation (EGPC), "Quantitative Risk
Assessment Guideline (EGPC-PSM-GL-008)," 2021.
• Centre for Chemical Process Safety (CCPS) & American Institute for
Chemical Engineers (AICHE) (2000), Guidelines for – Chemical Process
Quantitative Risk Analysis- 2nd edition.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-14 vulnerability of Humans.
• Health & Safety Executive (UK-HSE). (2008), Hazardous installations
director’s (HID’S), Approach to (As Low As Reasonably Practicable)
ALARP Decision.
• UK Offshore Operators Association (UKOOA). (1999), industry guidelines
on – A Framework Risk Related Decision Support.
• Evaluating Process Safety in The Chemical Industry (2000) – A User’s
Guide to Quantitative Risk Analysis.
• Marc J Assael & Konstantions E. Kakosimos (2010) – Fires, Explosions,
and Toxics Gas Dispersions – Effects Calculation and Risk Analysis.
187
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for -
Developing Quantitative Safety Risk Criteria.
• DNV Risk Acceptance 2015, Criteria and Risk Based Damage Stability.
Final Report -0165, Rev. 1, part 1: Risk Acceptance Criteria.
• Risktec Essentials (2018), Risk-Based Decision Making and ALARP (An
Introduction to Making Risk-Based Decisions and Reducing Risks As Low
As Reasonably Practicable (ALARP)).
• Risktec Essentials (2018), Quantitative Risk Assessment (QRA) (An
Introduction to the Quantitative Assessment of Risks Associated with
High Hazard Facilities).
• Centre for Chemical Process Safety (CCPS) (1989), Guidelines for
Process Equipment Reliability Data with Data Table.
• The International Oil and Gas Producers association (IOGP) Sept. 2019,
report no. 434-06 Ignition Probabilities.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-15 Vulnerability of plant/structure.
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-19 Evacuation and Scape Rescue.
HAC Guideline
• NFPA 497- Recommended Practice for the Classification of Flammable
Liquids Gases or Vapors and of Hazardous Classified Locations for
Electrical Installations in Chemical Process Areas, 2021.
• IEC Part 10-1, Classification of areas - Explosive gas atmospheres, 3rd
Edition,2020.
• ATEX 2014-34-EU Guidelines, 3rd Edition,2020.
• ATEX Directive, 2020.
• American Petroleum Institute, Recommended Practice 505, 2018.
• Energy Institute, Model Code of Safe Practice Part 15, Area classification
for installations handling flammable fluids, 4th edition, 2015.
• EEMUA 186, A Practitioner's Handbook for Electrical Installation,
Inspection and Maintenance in Potentially Explosive Atmospheres,
Edition 5, 2010.
188
• Hazardous Area Classification in Petroleum and Chimerical plants - A
Guide to Mitigating Risk, Alireza Bahadori, 2008.
• Electrical Installations in Hazardous Areas, Allan McMillan, 1998.
• NFPA 497- Recommended Practice for the Classification of Flammable
Liquids Gases or Vapors and of Hazardous Classified Locations for Electrical
Installations in Chemical Process Areas, 2021.
• Hazardous Area Classification in Petroleum and Chimerical plants - A
Guide to Mitigating Risk, Alireza Bahadori, 2008.
• ATEX 2014-34-EU Guidelines, 3rd Edition,2020.
Layer of Protection Analysis (LOPA)
Guideline References
• EGPC, Risk Management Standard - EGPC-PSM-ST-001, 2022.
• EGPC, Process Safety Studies / Activities in Major Projects - EGPC-
PSM-GL-002, 2021.
• CCPS, Layer of protection analysis, New York, 2001.
• CCPS, Guidelines for Enabling Conditions and Conditional Modifiers in
Layer of Protection Analysis, 2013.
• CCPS, Guidelines for Initiating Events and Independent Protection
Layers in Layer of Protection Analysis, 2015.
Fire and Gas Mapping Guideline References
• BS 60080 - Hazard detection mapping - Guidance on the placement of
permanently installed flame and gas detection devices using software
tools and other techniques, 2020.
• ISA, ISA TR84.00.07 “Guidance on the Evaluation of Fire, Combustible
Gas and Toxic Gas system effectiveness, 2018.
• J. McNay, A Guide to Fire and Gas Detection Design in Hazardous
Industries, CRC Press, 2023.
• H. Executive, Fire and Gas Detection, https://www.hse.gov.uk/offshore/
strategy/fgdetect.htm, HSE.

Alarm Management Guideline References
• ANSI/ISA-18.2-2016, Management of Alarm Systems for the Process
Industries.
• International Electrotechnical Commission. IEC 62682 Management of
Alarm Systems for the Process Industries. IEC, Geneva, Switzerland.
2014:24-6.
• EEMUA E. Alarm Systems-A Guide to Design, Management and
Procurement. EEMUA Publication. 2013; 191.
• API RP. 1167. Pipeline SCADA Alarm Management. Second Edition, June
2016.
• Goel P, Datta A, Mannan MS. Industrial alarm systems: Challenges and
opportunities. Journal of Loss Prevention in the Process Industries. 2017
Nov 1; 50:23-36.
• Wilkinson J, Lucas D. Better alarm handling—a practical application of
human factors. Measurement and control. 2002 Mar; 35(2):52-4.
• Hollifield BR, Habibi E. The alarm management handbook: a
comprehensive guide: practical and proven methods to optimize the
performance of alarm management systems. Pas; 2010.
• Center for Chemical Process Safety (CCPS). Human Factors Handbook
for Process Plant Operations: Improving Process Safety and System
Performance. New York, NY: American Institute of Chemical Engineers;
April 2022.
• Wang J, Yang F, Chen T, Shah SL. An overview of industrial alarm systems:
Main causes for alarm overloading, research status, and open problems.
IEEE Transactions on Automation Science and Engineering. 2015 Sep 16;
13(2):1045-61.
Safety Case Standard References
• Egyptian General Petroleum Corporation (EGPC), "Major Accident
Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
• WorkSafe New Zealand , "Major Hazard Facilities: Major Accident
Prevention Policy and Safety Management Systems," 2016.
• WorkSafe New Zealand, "Major Hazard Facilities: Notifications and
Designation.," 2017.
• UK Health & Safety Executive (UK-HSE), " A guide to the Pipelines Safety
Regulations," 1996.
• UK Health & Safety Executive (UK-HSE), "A guide to the Offshore
Installations (Safety Case) Regulations," 2006.
• International Association of Drilling Contractors (IADC), "IADC HSE Case
Guidelines for Land Drilling Units," 2019.
• International Association of Drilling Contractors (IADC), "IADC HSE Case
Guidelines for Mobile Offshore Drilling Units," 2019.
• Singapore Ministry of Manpower, "Safety Case Technical Guide," 2016.
• UK Health & Safety Executive (UK-HSE), "The Control of Major Accident
Hazards Regulations," 2015.
• British Gas (BG), "Safety Case Standard," 2014.
• Safe Work Australia, "Guide For Major Hazard Facilities: Preparation of A
Safety Case," 2012.
• National Offshore Petroleum Safety and Environmental Management
Authority, "Safety Case Content and Level of Detail - Guidance Note,"
2020.
ALARP Guideline References
• Egyptian General Petroleum Corporation (EGPC), "Risk-Management
Standard (EGPC-PSM-ST-001)," 2021.
• Egyptian General Petroleum Corporation (EGPC), "Safety Case Standard
(EGPC-PSM-ST-002)," 2022.
• Egyptian General Petroleum Corporation (EGPC), "Major Accident
Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
• Egyptian General Petroleum Corporation (EGPC), "Quantitative Risk
Assessment Guideline (EGPC-PSM-GL-008)," 2021.
• Risktec Essentials, "Risk-Based Decision Making and ALARP, an
Introduction to Making Risk-Based Decisions and Reducing Risks As Low
As Reasonably Practicable (ALARP)," 2018.
• The Commission for Energy Regulation (Ireland), "ALARP Guidance
Part of the Petroleum Safety Framework and the Gas Safety Regulatory
Framework CER/16/106.," 2017.
189
• UK Offshore Operators Association (UKOOA), "Industry Guidelines on
a Framework Risk Related Decision Support," Industry Guidelines on a
Acknowledgments
Framework Risk Related Decision Support 1999. PSM Steering Committee
• Oil and Gas UK, "Guidance on Risk Related Decision Making, issue 2," 2014. Gamal Fathy Mohamed

• UK Health & Safety Executive (UK-HSE), "Reducing Risk Protecting CEO Consultant for HSE - EGPC

People - HSE Decision Making Process," 2001. Mohamed Mahmoud Zaki

• Government of Western Australia Department of Mines, "Industry Executive Vice President - ECHEM
Regulation and Safety- Petroleum Safety and Major Hazard Facility – Salah EL Din Riad
Guide ALARP Demonstration," 2020.
Q&HSE Chairman Assistant - ECHEM
• UK Health & Safety Executive (UK-HSE), "Hazardous installations
Mohamed Mostafa
director's (HID'S), Approach to ALARP Decision," 2008.
Inspection & External Audit General Manager - ECHEM
• UK Health & Safety Executive (UK-HSE), "HSE principles for Cost Benefit
Mohamed Shindy
Analysis (CBA) in Support of ALARP Decisions," 2022.
Managing Director - Methanex Egypt
• UK Health & Safety Executive (UK-HSE), "Application of QRA in
Manal El Jesri
Operational Safety Issues- Research Report RR025," 2018.
Public Affairs Manager - Methanex Egypt

Amr Moawad Hassan

Safety Case Appraisal Guideline References PSM Senior Consultan - Methanex Egypt
• Egyptian General Petroleum Corporation (EGPC), "ALARP Demonstration
Mourad Maged Hassan
Guideline (EGPC-PSM-GL-010)," 2022.
PSM Consultant - Methanex Egypt
• Egyptian General Petroleum Corporation (EGPC), "Major Accident
Mohamed Hanno
Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
Responsible Care (QHSE & PSM) Manager - Methanex Egypt
• Egyptian General Petroleum Corporation (EGPC), "Safety Case Standard
Asharf Ramadan
(EGPC-PSM-ST-002)," 2022.
HSE Chairman Assistant - EGAS
• Offshore Safety Directive Regulator (OSDR), "Assessment Principles for
Emad Kilany
Offshore Safety Case s," 2016.
OHS & Fire Fighting Technical Studies General Manager - EGAS
• Control of Major Accident Hazards (COMAH), "Safety Report
Mohamed Sayed Suliman
Assessment Manual (SRAM)," 2015.
HSE General Manager - Ganope
• International Association of Drilling Contractors (IADC), "IADC HSE Case
Guidelines for Land Drilling Units," 2019.

• International Association of Drilling Contractors (IADC), "IADC HSE Case

Guidelines for Mobile Offshore Drilling Units," 2019.

190
PSM Technical Sub-Committee External Peer Reviewers
Tamer Abdel Fattah International Oil Companies (IOC’s)
QHSE Senior - UGDC - Member
Shell
Hany Tawfik
Yasser Fathy - Asset Integrity Technical Manager
OHS & PS General Manager - Ethydco - Member

Mohammed Sabry Global Process Safety Consultants

Risk Management and Loss Prevention Studies
Baker Engineering and Risk Consultants, Inc (BakerRisk)
Executive General Manager – GASCO - Member

Sayed Eid Bell Energy - Amey Kulkarni - Technical Director

HSE A. General Manager - Agiba Pet. Co. - Member
DNV - Cees de Regt - Senior Principal Consultant
Mohamed Hamouda
Process Safety & Reliability Group (PSRG) - Robert J. Weber
HSE Department Head - Pharaonic Pet. Co. - Member
President & CEO
Mohamed Aboul Dahab
Safety Section Head for Upstream - EGPC - Member Exida - Greg Chantler - Managing Director - Exida Middle East

Ahmed Roustom Risktec - TUVRheinland

Risk Management and Loss Prevention Studies
Assistant General Manager - GASCO - Member Aladdin Elsonbati - HSE & Process Safety Manager – ENI

Ahmed Mostafa Ahmed Omar - Commissioning & Start Up Manager - Saipem

Operations Section Head - ELAB - Member

Mohamed Mesbah National EPC Contractors

Operations Department Head - KPC - Member
Engineering for the Petroleum & Process industries (ENPPI):

- Ahmed Mousa - GM Assistant, Safety & Loss Prevention Engineering

- Kareem Rasmy - GM Assistant, Safety & Loss Prevention Engineering

- Mohamed Nabil Youssef - Loss Prevention Section Supervisor

- Ramadan Ismail - GM Assistant, Safety & Loss Prevention Engineering

- Hossam Yehia - Safety & Loss Prevention Principal Engineer

- Essam Mohsen - Safety & Loss Prevention Principal Engineer

191
 



Special Thanks to the Egyptian PSM Steering

Committee and PSM Technical Sub-Committee.

The picture on the book cover is taken from Methanex Egypt's plant in Damietta.

Printed at Sahara Printing Company

192