Professional Documents
Culture Documents
PSM-Book Reducido (001-194)
PSM-Book Reducido (001-194)
PSM-Book Reducido (001-194)
1
Contents
2
1. Introduction 5 8. Process Safety Studies in The Oil, Gas 85
and Mineral Resources Tarek El Molla 8.1. Hazard Identification (HAZID) Guideline 86
1.2. Message by Mohamed Shindy, Methanex Egypt 8 8.2. Process Safety Studies in The Oil & Gas Major 92
3. Process Safety Management’s Leadership 8.4. Layout and Facility Siting Guideline 102
Leap of Faith 20
8.5. Hazard and Operability (HAZOP) Guideline 107
7.4. Management of Change (MOC) Guideline 69 11. References and Acknowledgments 180
7.5. Process Safety Culture Assessment Guideline 75
11.1. References List 181
7.6. Process Safety (KPIs) Guideline 79
11.2. Egyptian PSM Steering Committee Members 190
5
His Excellency
Tarek
El Molla
Minister of Petroleum
and Mineral Resources
It gives me great pleasure to approve today “The Unified Guideline for إنـــه لمـــن دواعي ســـروري أن أعتمد اليـــوم "الدليل الموحد للمعايير القياســـية لســـامة
Process Safety and Asset Integrity Standards” to be used across the جميعا العمليـــات وتكامـــل الأصـــول" الخـــاص بقطـــاع البتـــرول ذلك القطـــاع الذى نفخـــر
ً
Petroleum sector to which we are all proud to belong and continuously
بالانتمـــاء إليـــه ونعمل علـــي اســـتمرار دوره الريادي كقاطـــرة للتنمية علـــى أرض مصرنا
work hard to maintain its pioneering role as a development engine for
الحبيبة ولا ســـيما دوره الإســـتراتيجى فـــى تلبية احتياجات المواطنيـــن وقطاعات الدولة
our beloved Egypt. This is in addition to our sector’s strategic role in
المختلفـــة من المنتجـــات البترولية.
meeting the need for petroleum products by citizens as well as other
sectors across the country.
وفـــى هذا الإطـــار فإن تلـــك الطبيعـــة الاســـتراتيجية للعمليـــات الإنتاجية والتشـــغيلية
In this context, the strategic nature of the production and operational بالقطـــاع تحتـــم علينـــا ضـــرورة اتباع أحـــدث المعاييـــر القياســـية العالمية فـــى منظومة
processes of the sector necessitates the adoption of the latest إدارة ســـامة العمليـــات وتكامـــل الأصول مـــن أجل تحقيق التشـــغيل الآمن واســـتدامة
international process safety management and asset integrity standards العمليـــات الإنتاجيـــة بكافة شـــركات القطاع ،مما اســـتلزم قيـــام وزارة البتـــرول والثروة
to achieve safe operations and sustainable production processes in all المعدنيـــة بإصـــدار هذا الدليـــل الذي يحتـــوي على المعايير القياســـية الخاصة بســـامة
of the sector companies. Hence the issuance of this guideline by the بناء على المعايير القياســـية العالميـــة المعتمدة والمعتبرة
العمليـــات وتكامـــل الأصول ً
Ministry of Petroleum and Mineral Resources, the first Egyptian set of
في هـــذا المجال.
process safety and asset integrity standards based on certified and
reputable international standards in the field.
لـــذا ُأهـــدي إليكم هذا العمل المخلص في ســـبيل تنفيذ منظومة مرجعية لأداء ســـامة
العمليـــات وتكامل الأصول بشـــركات القطـــاع ،وفى ذات الوقت ُأعبر عن كامل ســـعادتي
Therefore, I dedicate the outcome of this work to you, reader, to
facilitate the implementation of a reference system for process safety بهـــذا الانجـــاز لأنه جـــاء تكليال ً لعمل جاد وشـــاق تضافرت من أجلـــه كافة الجهود
6
At the same time, I express my happiness with this achievement, coming مـــن جانـــب وزارة البترول والثروة المعدنيـــة ممثلة في الهيئة المصريـــة العامة للبترول
as the culmination of hard and diligent work that unified all efforts of واللجنة المصرية العليا لســـامة العمليات المشـــكلة من شركة ميثانكس مصر والشركة
the Ministry of Petroleum and Mineral Resources represented by the
المصريـــة القابضـــة للبتروكيماويـــات والشـــركة المصريـــة القابضـــة للغـــازات الطبيعيـــة
Egyptian General Petroleum Corporation, and the Egyptian Process
ممـــا أثمر عـــن خروج هـــذا العمل،(إيجـــاس) وشـــركة جنـــوب الـــوادي القابضـــة للبترول
Safety Management Steering Committee comprised of members
فـــي وقـــت قياســـي وبإتقان تـــام والذى اعتمـــد على العديد مـــن المرجعيـــات العالمية
representing Methanex Egypt, the Egyptian Petrochemicals Holding
القياســـية في هـــذا المجال مثـــل (معايير مركز ســـامة العمليات الكيميائيـــة بالولايات
Company (ECHEM), the Egyptian Natural Gas Holding Company
(EGAS), Ganoub El Wadi Petroleum Holding Company (Ganope), which ( وقد تم تنفيذه بالكامل بواســـطة اللجنة المصرية الفنيةCCPS - المتحـــدة الأمريكيـــة
resulted in the completion of this work in record time and an impeccable لســـامة العمليات المشـــكلة من مجموعة منتقاة بعناية من المهندســـين والكيميائيين
manner, relying on many international standard references in this field, كما تمت،مـــن خريجـــي فريق بناء القدرات لســـامة العمليـــات وتكامل الأصول بالـــوزارة
such as the Center for Chemical Process Safety CCPS standards. مراجعته بالاســـتعانة بخبرات كبرى الشـــركات وبيـــوت الخبرة العالمية في مجال ســـامة
This work was fully executed and reviewed by the PSM technical sub- .العمليـــات وتكامل الأصول
committee, comprised of well selected engineers and chemists who
graduated from the ministry’s capacity building and asset integrity نحـــن جميعـــاً قيـــادات وعاملين بقطـــاع البترول يجـــب أن نفخـــر بأننا نمتلـــك الآن المعايير
teams. In addition, it has also been reviewed through the support of
القياســـية لمنظومـــة إدارة ســـامة العمليات وتكامـــل الأصول بشـــركات القطاع والتي
experts from major international companies and consulting firms
تضاهـــى بل تفـــوق تلك الخاصة بالشـــركات الكبـــرى العالمية وفى نفـــس الوقت فإني
specialized in the field of process safety and asset integrity.
هيب بالســـادة رؤســـاء الشـــركات
ُ كما ُأ،آمل أن يتم تنفيذ هذه المنظومة بشـــكل فعال
As leaders and workers in the petroleum sector, we must be proud التابعـــة وجميـــع الإدارات العاملة بكل شـــركة الالتـــزام بضرورة التنفيـــذ الدقيق والفعال
of having process safety management and asset integrity standards لجميـــع عناصـــر المعاييـــر القياســـية لســـامة العمليـــات وتكامـــل الأصول الـــواردة بهذا
available for sector companies, which are comparable to, and even go وأن يقومـــوا بإعـــداد خطة عمـــل تنفيذية بجدول زمنـــي محدد لإنجـــاز هذا الأمر،الدليـــل
beyond, those of major international companies. At the same time, I وكذلـــك متابعة التنفيذ من خالل مؤشـــرات قياس الأداء الخاصـــة بهذه المنظومة وذلك
hope that this system will be implemented effectively, and I encourage
وصـــولاً لتحقيق التشـــغيل الآمن وتحقيـــق الهدف صفر للحوادث الـــذي نعمل جميعاً من
heads of all affiliate companies and all department heads working in
.أجله
each company to accurately and effectively implement all elements
of the process safety and asset integrity standards included in this
وإننـــي إذ أتمنـــى لكـــم جميعـــاً دوام التوفيق والســـداد ولوطننـــا الحبيـــب دوام الرقي
guideline. I also ask them to develop an executive action plan with an
.والازدهار
identified schedule for implementation, as well as follow up execution
through the performance indicators of this system in order to achieve
safe operations and the zero-incident goal that we all work towards.
I wish you all continued success, and to our beloved country continued
prosperity. طارق المال/معالي الوزير
7
Mohamed
Shindy
Methanex Egypt
Managing Director
It gives me great pleasure and pride to write a forward to this book, عزيـــزي القـــارئ ،إنـــه لمن دواعي ســـروري وفخـــري أن أكتـــب مقدمة هذا الكتـــاب الذي
dear reader. It encapsulates years of work by a dedicated group of يلخـــص ســـنوات مـــن العمـــل من قبـــل مجموعـــة متفانيـــة مـــن المتخصصين فـــي هذه
industry professionals who have committed themselves to offering
الصناعـــة الذين كرســـوا أنفســـهم لمنح قطـــاع النفط والغـــاز والبتروكيماويـــات المصري
the Egyptian Oil, Gas, and Petrochemical Industry an opportunity to
الفرصـــة لمنـــع وتالفي المخاطر الكبـــرى .يجمع هذا الكتاب بين طياتـــه ،نظرة عامة علي
prevent major hazards from being realized. This book gathers in its
جميع السياســـات والمعايير والإرشـــادات الأربع وعشـــرون التي تم طرحها نتيجة لمذكرة
folds – at a high level – all 24 standards and guidelines produced as
التفاهـــم المبرمـــة بين شـــركة ميثانكس مصـــر ووزارة البترول والثـــروة المعدنية.
a result of the memorandum of understanding between Methanex
Egypt and the Ministry of Petroleum and Mineral Resources.
لدينـــا فـــي هـــذا الكتـــاب المجموعـــة الأولـــى مـــن السياســـات والمعاييـــر والإرشـــادات
What we have here is the full set of Egyptian Process Safety المصريـــة لإدارة ســـامة العمليـــات التـــي ســـيتم تطبيقهـــا على قطـــاع النفـــط والغاز
& Management standards and guidelines, that will apply to the oil والبتروكيماويـــات فـــي جميـــع أنحاء مصـــر من أجل تحقيـــق الهدف الأساســـي المتمثل
gas and petrochemicals’ industry across Egypt, working towards the فـــي عـــدم إلحاق الضرر بالأشـــخاص أو المجتمعـــات أو البيئة أو الأصول .ســـتجد في هذا
ultimate goal of no harm to people, communities, the environment or الكتـــاب قصـــة وصولنـــا نحن أعضاء اللجنـــة المصرية العليـــا لإدارة ســـامة العمليات إلى
assets. In this book, you will find the story of how we, the members
هـــذه اللحظـــة الملهمـــة التي وصلنـــا إليها مســـتعدين لمشـــاركة المجموعـــة الكاملة
of the Egyptian Process Safety Steering Committee, reached this
مـــن الوثائـــق التي وضعتهـــا اللجنة الفنيـــة الفرعية لإدارة ســـامة العمليـــات وراجعها
exciting moment where we are ready to share the full set of documents
رواد محليـــون ودوليـــون من داخـــل الصناعة .إنها مســـيرة متميزة تعكـــس روح التعاون
produced by the Technical Sub-Committee and validated by local
الحقيقيـــة والســـعي نحو تحقيق هدف أســـمى من قبـــل القادة الذين تضمهـــم لجاننا.
and international industry leaders within the industry in Egypt. It is
a unique journey that reflects the true spirit of collaboration and the
strive towards a higher purpose amongst the leaders who make up
our committees.
8
Working under the guidance of His Excellency Minister Tarek El-Molla, مـــن خـــال العمل تحت إشـــراف معالـــي الوزير طارق المـــا ،تجمع اللجنـــة المصرية العليا
the Egyptian PSM Steering Committee brings together a group of لإدارة ســـامة العمليات مجموعـــة من القادة الذين لاحظوا وجود فجـــوة في مجال إدارة
leaders who saw a gap in the area of process safety management
ســـامة العمليات وقـــرروا أخذ الإجراءات الالزمـــة لمعالجتها .لقد بدأنـــا العمل بغرض رفع
and decided to do something to address it. We started out with the
مســـتوى الوعـــي بإدارة ســـامة العمليـــات داخل القطـــاع وبدء حوار شـــامل وعميق حول
aim to raise the level of PSM awareness within the sector and to
إدارة ســـامة العمليـــات في مصـــر .بمجرد تحقيق ذلك ،كانت الخطـــوة التالية هي خارطة
start a wide and deep dialogue about PSM in Egypt. Once this was
طريـــق مدتهـــا ثالث ســـنوات لتحديد الرؤيـــة المتمثلة في منـــع إلحاق الضرر بالأشـــخاص
accomplished, the next step was the three-year roadmap to define
the vision of preventing harm to people, environment, community, and والبيئة والمجتمع والأصول من خالل ترســـيخ ثقافة إدارة ســـامة العمليات في قطاعات
assets through instilling a PSM culture within the national oil & gas and النفـــط والغـــاز والبتروكيماويـــات الوطنية ،وإنشـــاء اللجنـــة الفنية الفرعية لإدارة ســـامة
petrochemicals industries, and the establishment of the Technical العمليـــات لتطويـــر معايير وإرشـــادات إدارة ســـامة العمليـــات على أيدي خبـــراء عالميين
PSM Sub-Committee to develop the PSM standards and guidelines, وأعضـــاء في برنامج بنـــاء القدرات الخـــاص بالوزارة.
at the hands of world-class experts and members of the Ministry’s
Capacity Building program. دائما
ً أثرا
أعتقـــد أن هذا المثـــال الفريد للتعاون بين أعضاء اللجنة المصرية العليا ســـيترك ً
علـــى صناعاتنا لســـنوات قادمة ،وربما يتجـــاوز حدودنا الوطنية في المســـتقبل القريب .أنا
I believe this unique example of collaboration between the members
عضوا فـــي هذه اللجنـــة ،وأعتقد أننـــي أتحدث باســـم كل من يعمل
ً حقـــا لكونـــي
ممتـــن ً
of the Egyptian Steering Committee will create a lasting impact on
فـــي شـــركة ميثانكـــس فـــي جميع أنحـــاء العالـــم عندمـــا أقـــول أن الجميع في شـــركة
our industries for years to come, potentially far beyond our national
ميثانكـــس فخـــورون بقصـــة النجاح الاســـتثنائية هذه .كمـــا أنني ممتـــن لمجموعة كبيرة
borders in the near future. I am truly grateful to be a member of this
committee, and I think I speak for everyone working for Methanex جـــداً مـــن الأشـــخاص الذين جعلوا قصـــة النجاح هـــذه ممكنة; بمـــا فيهم معالـــي الوزير
around the world when I say everyone at Methanex is proud of this طـــارق المـــا والكيميائي ســـعد هـــال والمهندس جمال فتحـــي وجميع أعضـــاء اللجنة
exceptional success story. I am also grateful for a very large group العليا لإدارة ســـامة العمليـــات وجميع أعضاء اللجنة الفنية الفرعية وفريقي في شـــركة
of people who made this success story possible; His Excellency ميثانكـــس مصـــر وبالتأكيـــد المراجعين الخارجيين بمـــا فيهم باكير ريســـك ،و بيل إنيرجي،
Minister Tarek El-Molla, Chemist Saad Helal, Chemist Gamal Fathy, ودي ان فـــي جـــي ال ،وانبـــي ،واكســـيدا ،وبـــي اس آر جي ،وريســـك تيـــك ،وتي يو في
all the members of the Steering Committee, all the members of the
راينالنـــد ،وشـــل الذيـــن أكدت عمليـــات مراجعة الجـــودة الصارمـــة التي أجروهـــا أننا نصدر
Technical Sub-Committee, my team at Methanex Egypt, and certainly
بالفعـــل وثائـــق مناســـبة للغـــرض ،عالمية المســـتوى ،لكنهـــا محلية في نفـــس الوقت.
the external peer reviewers including BakerRisk, Bell Energy, DNV
أتمنـــى أن يســـتخدم القراء هذه الوثائـــق من أجل إنقـــاذ الأرواح.
GL, Ennpi, Exida, PSRG, Risktec - TÜV Rheinland, and Shell whose
rigorous quality review process provided assurance that we are indeed
محمد شندي
producing world-class, yet national, fit for purpose documents. I hope
العضو المنتدب لشركة ميثانكس مصر
readers will use it to save lives.
و عضو اللجنة المصرية العليا لإدارة سالمة العمليات
Mohamed Shindy
Managing Director of Methanex Egypt and
Member of the Egyptian Process Safety Management Committee
9
10
The Journey
11
Major accident hazards in Egypt and across the world can potentially إن مخاطـــر الحـــوادث الكبـــرى في مصـــر والعالـــم قد تؤدي إلـــى حوادث خطيـــرة خاصة
result in severe process safety incidents impacting people, the بســـامة العمليات وتؤثر علـــى الأفراد والبيئة والمجتمعات والأصـــول .إن الآثار المحتملة
environment, communities, and assets. Potential impacts and
والتكاليـــف المصاحبـــة لتلـــك الحوادث مرتفعـــة للغاية بحيث لا يمكـــن تجاهلها من حيث
associated costs are too high to ignore in terms of loss of human
الخســـائر فـــي الأرواح والإصابـــات والأضـــرار البيئية وخســـارة الأصول والنفقـــات المالية،
life, injuries, environmental damage, loss of assets, and financial
بالإضافـــة إلـــى الإضرار بســـمعة الشـــركات المعنية .يمكـــن التخفيف من هـــذه المخاطر
expenses not to mention the reputational impact on the companies
عـــن طريـــق التطبيق الصـــارم لمعايير وإرشـــادات إدارة ســـامة العمليـــات .لتحقيق ذلك،
involved. The answer to the mitigation of these risks lies in the
rigorous application of Process Safety Management (PSM) standards شـــرعت شـــركة ميثانكس مصر وشـــريكتها الشـــركة المصريـــة القابضـــة للبتروكيماويات
and guidelines. In realizing this, Methanex Egypt and its partner the (ايكـــم) فـــي المســـيرة التـــي قادتنـــا إلى مـــا نحن عليـــه اليـــوم ،وكتابة مقدمـــة لهذا
Egyptian Petrochemicals Holding Company (ECHEM) embarked on the الكتـــاب الملخـــص لمعاييـــر وإرشـــادات إدارة ســـامة العمليـــات المصرية التـــي وضعتها
journey that brings us to where we are today, writing an introduction to اللجنـــة المصريـــة العليا لإدارة ســـامة العمليات بأيـــدي لجنتها الفنيـــة الفرعية.
this book on the Egyptian PSM standards and guidelines developed by
بـــدأت الرحلة بورشـــة عمل لتقديـــم مفهوم إدارة ســـامة العمليات إلـــى القطاع بغرض
the Egyptian Process Safety Management Steering Committee at the
hands of its Technical Subcommittee. التأكـــد مـــن إدراج هـــذا الموضوع المهـــم في صدارة جـــدول أعمال قطـــاع النفط والغاز
of Petroleum and Mineral Resources vision for the modernization of the الصناعـــات الكيميائيـــة على مســـتوى العالم لتعزيز ســـامة المجتمع وصحـــة الموظفين
Oil & Gas and Petrochemicals sector. It also aligns with Methanex’s وســـامتهم وحماية البيئة والإدارة الامنة للمنتجات والمســـؤولية الاجتماعية .وبصفتها
own commitment to Responsible Care Ethics and Principles, a United عضـــو فعال فـــي مجـــال البتروكيماويات المصـــري ،تقوم شـــركة ميثانكـــس بالتأكد بأن
Nations recognized sustainability initiative adopted by the global
جميـــع قراراتها وممارســـاتها التجارية ترقى إلى أعلى معايير الرعاية المســـؤولة خاصة
chemical industry to enhance community safety, employee health
فـــي برامج الصحة والســـامة وكذلك برامجها لإدارة ســـامة العمليات مـــع التركيز علي
and safety, environmental protection, product stewardship and social
هدفهـــا النهائـــي المتمثـــل في تحقيق مـــكان عمل آمن خـــال من الإصابـــات أو حوادث
’responsibility. A proud member of the Egyptian petrochemicals
أيضا مـــع التـــزام الشـــركة المصريـــة القابضة
عامـــا بعـــد عام .يتماشـــى ذلـــك ً
التســـرب ً
industry, Methanex ensures that all its business decisions and practices
live up to the highest standards of Responsible Care® especially in its للبتروكيماويـــات بمســـؤوليتها تجـــاه ســـامة الأفـــراد والبيئـــة والمجتمعـــات والجهات
health and safety programs as well as its process safety management المعنيـــة كجـــزء لا يتجزأ مـــن أداء أعمالها ومحور التركيز الرئيســـي لكل القـــوى العاملة
programs with the ultimate goal of achieving a zero-injury and zero- لديهـــا علـــى كل المســـتويات ،مما يضمن اســـتخدام التقنيات الأكثر أمانً ـــا والحفاظ على
release workplace year after year. This also aligned with ECHEM’s أداء عالي المســـتوى في مجال الســـامة.
own commitment to its responsibility towards the safety of people,
environment, communities and stakeholders, as an integral part of
its business performance and a prime focus of its entire workforce
at every level, ensuring the safest technologies are used and high
standard safety performance is maintained.
12
مـــن خـــال تأســـيس تحالـــف شـــامل ،أطلقـــت الشـــريكتان ،الشـــركة المصريـــة القابضـــة
للبتروكيماويـــات وشـــركة ميثانكـــس ،المبـــادرة الأولـــى لبدء حـــوار موســـع وعميق حول
إدارة ســـامة العمليات من خالل اســـتضافة مؤتمر إدارة ســـامة العمليات بشـــكل سنوي
للمســـاعدة فـــي زيـــادة الوعي بـــإدارة ســـامة العمليات بمشـــاركة مجموعـــة كبيرة من
رواد المجـــالُ .عقد مؤتمر إدارة ســـامة العمليات الأول في نوفمبـــر 2018تحت رعاية وزارة
البتـــرول والثـــروة المعدنيـــة وبتنظيـــم من شـــركة ميثانكس مصـــر بالتعاون مع الشـــركة
المصريـــة القابضـــة للبتروكيماويـــات تحـــت عنوان "تمكين مســـيرة ســـامة العمليات في
مصـــر" .كان مـــن بين المتحدثين الرئيســـيين في ورشـــة العمـــل خبراء دولييـــن في مجال
إدارة ســـامة العمليات مثل ديبورا جروبي ،مالكة ورئيســـة شـــركة أوبريشـــنز آند سيفتي
سوليوشـــنز المحـــدودة ،وكين ريفـــرز ،الرئيس الســـابق لمعهد المهندســـين الكيميائيين
والرئيـــس الســـابق للمنتـــدى الاســـتراتيجي للتحكـــم فـــي مصـــادر الخطر الرئيســـية في
المملكة المتحدة ،والدكتور جيســـون كليمينت ،مدير إدارة ســـامة العمليات في شـــركة
شـــخصا مـــن القادة والمديريـــن التنفيذيين في
ً ميثانكـــس .حضـــر هذا الحدث أكثر من 200
بالغا
أوليا ً
ً اهتمامـــا
ً مجـــال البتروكيماويـــات وصناعـــة النفط والغاز في مصـــر مما يعكس
بإدارة ســـامة العمليات داخـــل القطاع.
13
واصلت شـــركة ميثانكس العمل مع الشـــركة المصريـــة القابضـــة للبتروكيماويات للحفاظ
علـــى هـــذا النجـــاح مـــن خـــال المناقشـــات والاجتماعـــات المنتظمـــة حول إدارة ســـامة
ســـامة العمليـــات ومواصلـــة الحوار حول هذا الموضوع .في ســـبتمبر ،2019عقدت شـــركة
الســـنوي الثانـــي لإدارة ســـامة العمليات تحـــت عنوان "تحديـــث إدارة ســـامة العمليات:
مشـــاركة الرؤيـــة" .كان مـــن بين المتحدثين الرئيســـيين فـــي المؤتمر كين ريفـــرز ،الرئيس
للتحكـــم في مصادر الخطر الرئيســـية فـــي المملكة المتحدة ،ومايكل برودريب ،مستشـــار
أول في مجموعة باكير ريســـك لســـامة العمليات ،وجاســـون كليمينت ،مدير إدارة سالمة
العمليـــات في شـــركة ميثانكس .ســـلطت الجلســـات الضـــوء على دور القـــادة في قيادة
إدارة ســـامة العمليات وأهمية الاســـتفادة من الحوادث السابقة .شارك المتحدثون باسم
شـــركة ميثانكـــس تجربة الشـــركة في بناء القـــدرة التنظيمية فيما يتعلق بإدارة ســـامة
العمليات .كما اســـتعرضوا مســـيرة ميثانكس في مجال إدارة ســـامة العمليات وتطورها
Methanex continued to work with ECHEM to keep the momentum going
كمؤسســـة تعليميـــة فـــي محاولة لتقديـــم أمثلة ودراســـات حالة واقعية لتســـهيل نقل
through regular discussions and meetings around PSM, committing to
المعرفـــة عن إدارة ســـامة العمليات والمســـاهمة فـــي تعزيز ثقافة تبـــادل المعرفة بين
organizing the successful PSM conference annually to empower other
sector leaders and executives with critical PSM knowledge as well as الشـــركات العاملـــة فـــي القطـــاع .حضـــر المؤتمر أكثر مـــن 400شـــخص من القـــادة وكبار
continue and maintain the dialogue around the topic. In September التنفيذييـــن في قطاعات البتروكيماويـــات والتكرير والمعالجة والتنقية ،مما أكد الاهتمام
2019, Methanex Egypt, in partnership with the Egyptian Petrochemicals المتزايد والمســـتمر بالموضوع والفجوة التي تمكنت شـــركة ميثانكس والشركة المصرية
Holding Company (ECHEM), held its second Annual PSM Conference القابضـــة للبتروكيماويـــات من ســـدها من خالل هـــذه المؤتمرات.
under the title of “Modernizing Process Safety Management: Sharing
the Vision.” The conference keynote speakers included Ken Rivers,
former President of the Institution of Chemical Engineers and former
Chairman of UK’s Control of Major Hazards (COMAH) Strategic Forum,
Michael Broadribb, Senior Principal Consultant in BakerRisk’s Process
Safety Group, and Dr. Jason Clement, the Director of Process Safety
Management at Methanex Corporation. The sessions highlighted the
role of leaders in driving PSM and the importance of learning from
previous incidents. Methanex speakers also shared the company’s
experience in building organizational capability around PSM, and
showcased Methanex’s PSM journey and its evolution as a learning
organization in an attempt to provide real life examples and case studies
to facilitate the transfer of knowledge around PSM and contribute to
the knowledge sharing culture between companies in the sector. The
conference was attended by more than 400 of the petrochemicals
and downstream sectors’ leaders and top executives confirming the
growing and continuing interest in the topic and the gap that Methanex
and ECHEM were able to fill through such conferences.
14
Building on the success and momentum created by the first two PSM اتضحـــت الرؤيـــة بعد النجاح والزخم الناتجين عن مؤتمرات إدارة ســـامة العمليات .كانت لا
events, the vision became clear. More collaboration was needed beyond تـــزال هنـــاك حاجة إلى مزيـــد من التعاون للبناء علـــي الجزء الأول من المســـيرة والتركيز
the important first part of the journey and the focus on awareness.
علـــى التوعيـــة .فـــي ســـبيل تنفيذ المرحلـــة التاليـــة المهمة من المســـيرة ،تـــم توقيع
To fulfil the important next phase of the journey, a Memorandum of
مذكـــرة تفاهم بيـــن وزارة البتـــرول والثروة المعدنيـــة المصرية وشـــركة ميثانكس مصر
Understanding (MoU) between the Egyptian Ministry of Petroleum and
فـــي فبرايـــر 2020أثنـــاء معـــرض مصر للبتـــرول (إيجبـــس) ،2020والتي تضمنـــت وضع إطار
Mineral Resources and Methanex Egypt was signed in February 2020
عمـــل وخارطـــة طريق لمـــدة ثالث ســـنوات بهدف ترســـيخ برامج إدارة ســـامة العمليات
during Egypt Petroleum Show (EGYPS) 2020, creating a framework and
a three-year roadmap for the adoption of PSM within the Egyptian oil تتويجـــا لعامين
ً داخـــل قطـــاع النفط والغـــاز المصري .جـــاءت مذكرة التفاهـــم المذكورة
and gas sector. This MoU was a crowning achievement of two years من التعاون المثمر بين شـــركات القطاع القابضة التي شـــكلت النواة التأسيســـية للجنة
of collaborative work between the sector’s holding companies who المصريـــة العليـــا لإدارة ســـامة العمليات من أجـــل توجيه أجندة إدارة ســـامة العمليات
formed the founding core for an Industry PSM Steering Committee to وفقـــا لبرنامـــج التحديث الخـــاص بوزارة البتـــرول والثـــروة المعدنية وأفضل الممارســـات
ً
drive the PSM agenda in accordance with the Ministry of Petroleum والإرشـــادات والمعاييـــر الدوليـــة .ضمـــت اللجنـــة المصريـــة العليـــا ممثليـــن عـــن الهيئة
and Mineral Resources’ modernization program and international best
المصريـــة العامة للبترول والشـــركة المصرية القابضة للبتروكيماويات وشـــركة ميثانكس
practices, guidelines and standards. The steering committee included
مصـــر والمصريـــة القابضـــة للغـــازات الطبيعية (إيجاس) وشـــركة جنوب الـــوادي المصرية
representatives from the Egyptian General Petroleum Corporation
القابضة للبتـــرول (جنوب).
(EGPC), ECHEM, Methanex Egypt, the Egyptian Natural Gas Holding
Company (EGAS) and South Valley Egyptian Petroleum Holding خارطة الطريق المصرية لإدارة ســـامة العمليات ســـلطت الضوء على الأهداف الرئيسية
Company (Ganope). علـــى مدار ثالث ســـنوات ،بما في ذلك إنشـــاء لجنة فنية فرعية لإدارة ســـامة العمليات
The Egyptian process safety management roadmap highlighted the لتكون مســـؤولة عن تطوير سياســـات ومعايير وإجراءات إدارة ســـامة العمليات الخاصة
key goals over a three-year period, including the creation of a PSM وفقا لمعايير مركز الولايـــات المتحدة الأمريكية
ً بشـــركات النفط والغـــاز والبتروكيماويات
technical sub-committee to be responsible for the development of the لســـامة العمليـــات الكيميائيـــة .هـــذا بالإضافة إلـــى تحديد مؤشـــرات الأداء الرئيســـية
Oil, Gas and Petrochemical companies’ PSM policies, standards and
الخاصـــة بـــإدارة ســـامة العمليـــات لإدارة أداء الشـــركات ووضـــع خطة لتحديد مســـتوي
procedures according to the USA Center for Chemical Process Safety
اســـتعداد الشـــركات العاملـــة في القطـــاع فيما يخص إدارة ســـامة العمليـــات واقتراح
(CCPS). This in addition to the development of PSM Key Performance
هيـــكل تنظيمـــي لإدارة ســـامة العمليات ليتم تطبيقـــه على جميع
Indicators (KPIs) for companies’ performance management, a plan
to identify the status of the sector companies’ PSM maturity and the
proposal of a PSM organizational
15
structure to be applied to all operating companies and finally وأخيـــرا التواصـــل والتوعيـــة داخل القطاع في شـــكل
ً الشـــركات العاملـــة فـــي القطـــاع
communication within the industry in the form of workshops, ورش عمـــل ومؤتمـــرات ومنشـــورات .تم تحديـــد هذه الصالحيـــات لضمان إضفـــاء الطابع
conferences and publications. These mandates were set to ensure
المؤسســـي علـــى إدارة ســـامة العمليات بشـــكل صحيح داخـــل الشـــركات العاملة في
PSM is properly institutionalized within companies working in the
القطـــاع في ظل تعزيـــز ثقافة قوية تتبنى إدارة ســـامة العمليات فـــي صميم عمليات
industry while fostering a strong culture that adopts PSM at the center
القطـــاع ،وكل ذلـــك بغـــرض تحقيق الهدف الأساســـي وهو "عدم الإضـــرار بالأفراد وعدم
of the sector’s operations, all with the fundamental goal of “No harm to
الإضـــرار بالبيئة وعدم الإضـــرار بالأصول".
”people, No harm to the environment and No harm to assets.
بعـــد توقيع مذكـــرة التفاهم ،اجتـــاح العالم فيـــروس كوفيد 19-وإعالنـــه كجائحة عالمية.
ومـــع ذلك ،اســـتمرت اجتماعـــات اللجنة العليا لإدارة ســـامة العمليات عبر الإنترنت حســـب
الجـــدول المقـــرر لهـــا على الرغم من التحديـــات الناتجة عن الوضع في ذلـــك الوقت ،وذلك
بفضـــل التـــزام أعضاء اللجنة بتســـريع المســـيرة نحو عمليـــات أكثر أمانً ا داخـــل القطاع ،بما
يضمـــن الالتزام بالجـــدول الزمني المقترح فـــي مذكرة التفاهم .خالل تلـــك الفترة ،قامت
اللجنـــة العليا بإنشـــاء اللجنـــة الفنية الفرعية من خـــال إجراء مقابالت مســـتقلة ومكثفة
فـــي فبرايـــر ، 2021عقـــدت اللجنة العليا نـــدوة عبر الإنترنـــت بعنوان "تحديث إدارة ســـامة
العمليـــات :مـــن الرؤية إلى الواقع" حضرهـــا معالي وزير البترول والثـــروة المعدنية طارق
المـــا بالإضافة إلـــى 579من العاملين والإدارييـــن بقطاع النفط والغـــاز والبتروكيماويات
الإقليمـــي والدولي .خـــال هذه الندوة ،شـــارك أعضاء اللجنة خارطـــة طريق مدتها ثالث
After signing the MOU, COVID-19 was declared a pandemic. However,
the meetings of the PSM steering committee continued to take place ناجحا بالرغم من
ً عامـــا
ســـنوات وقدمـــوا عرضا عن ما تـــم إنجازه خالل عـــام 2020الذي كان ً
online as scheduled despite the challenges created by the situation أيضـــا على إنشـــاء الموقع الرســـمي لإدارة
عامـــا ملـــيء بالتحديات .عملـــت اللجنة ً
كونـــه ً
back then, thanks to the committee members’ commitment to ســـامة العمليـــات – – www.PSMEgypt.comالـــذي تـــم إطالقـــه كجـــزء مـــن الندوة
expediting the journey towards safer processes within the sector, لتزويـــد القطـــاع بمعلومـــات موثوقـــة وتحديثات مســـتمرة حـــول إدارة ســـامة العمليات
ensuring adherence to the timeline proposed within the MoU. وقنـــاة لمشـــاركة الأســـئلة مع اللجنـــة والاطالع علـــى سياســـات وإجراءات إدارة ســـامة
During that period, the steering committee created the technical
العمليـــات التي تـــم إصدارها.
sub-committee through independent and extensive interviewing of
candidates from within the Ministry of Petroleum’s Capacity Building منـــذ إنشـــاء اللجنـــة الفنيـــة الفرعية لإدارة ســـامة العمليـــات وهي تعمل بـــا كلل على
Program members, based on their technical skills and experience صياغـــة 24مـــن الإجـــراءات والمعايير والإرشـــادات لإدارة ســـامة العمليات على مســـتوى
and led by Methanex Egypt’s international consultant Eng. Amr عالمـــي مـــن أجـــل تمكيـــن التصميـــم والتشـــغيل الآمـــن لأصـــول وزارة البتـــرول والثروة
Moawad. In February 2021, the steering committee held a webinar المعدنيـــة .تغطـــي الوثائـــق كامل نطـــاق إدارة ســـامة العمليات ،بما فـــي ذلك تطبيق
titled “Modernizing Process Safety Management: From Vision to
برنامـــج ســـامة العمليات ،وتقييم ثقافة ســـامة العمليـــات ،ومهارات وكفاءات ســـامة
Reality” attended by His Excellency Tarek El-Molla, Minister of
العمليات ،ومؤشـــرات الأداء الرئيســـية لســـامة العمليات ،وإدارة التغيير ،وإدارة المخاطر،
Petroleum and Mineral Resources in addition to 579 executives from
وإدارة مخاطـــر الحـــوادث الجســـيمة ،وإدارة المعـــدات الحرجة ،وتصميـــم الآمن بطبيعته،
across the regional and international oil & gas and petrochemicals
بالإضافـــة إلـــى تحديد المخاطر ،ودراســـة المخاطـــر المتعلقة بالقابلية التشـــغيلية،
community. During this webinar, the committee members shared
the three-year roadmap and provided an update on the progress
delivered during the challenging yet successful year of 2020. The
committee also worked on creating an official PSM website
16
– www.PSMEgypt.com – launched as part of the webinar, to provide the وتقييم مخاطـــر الحريق، التقييم الكمـــي للمخاطـــر،ودراســـة تصنيـــف طبقـــات الحمايـــة
sector with credible information and continuous updates about PSM and رســـم خرائط أنظمة كواشف، ومخططات المنشـــآت، وتصنيف المناطق الخطرة،والإنفجار
a channel to share questions with the committee as well as access the
كما تشـــمل المعايير والإرشادات تطوير. وإدارة إشـــارات الإنذار،الحريق وتســـريبات الغازات
issued PSM policies and procedures.
.وتقييـــم حالة الســـامة وتقليـــل المخاطر إلى أقصـــى حد ممكن من الناحيـــة العملية
Since its creation, the PSM technical sub-committee worked tirelessly خضعـــت جميـــع المعاييـــر والإرشـــادات لمراجعـــة صارمة للجودة شـــملت مراجعـــات محلية
on drafting 24 world class PSM procedures, standards and guidelines
ودوليـــة للتحقق من جودة الوثيقـــة بالمقارنة بالمعايير العالمية وأفضل الممارســـات مع
to enable the safe design and operation of the Ministry of Petroleum
وقد ضمن ذلك دقة.الاهتمـــام باحتياجات قطاع النفـــط والغاز والبتروكيماويات المصـــري
and Mineral Resources’ assets. The documents cover a wide range
.المعايير والإرشـــادات ووضوحها وتميـــز جودتها وتنظيمها
of PSM spectrum and scope including Process Safety Program
Implementation, Process Safety Culture Assessment, Process Safety
Competency, Process Safety Key Performance Indicators (KPIs),
Management of Change (MOC), Risk Management, Major Accident
Hazards Management, Safety Critical Elements Management, Inherent
Safety Design as well as studies of HAZID, HAZOP, LOPA, Bow Tie, QRA,
FERA, HAC, Facility Layout and Siting, Fire and Gas Mapping and Alarm
Management. The documents also cover Safety Case Development,
Safety Case Appraisal and ALARP Demonstration.
Developing Internal Peer Review External Peer Review PSM Steering Quality Check & Approval, Signature,
the Document (PSM Tech. (Major Operators+ Committee Review Assurance (QA Team + TL) & Issuing (EGPC)
(Focal Point + TL) Committee Members) Global Consultants)
الموافقة والتوقيع فحوصات وضمان الجودة مراجعة اللجنة العليا مراجعة خارجية مراجعة داخلية تطوير الوثيقة
والإصدار + )فريق مراجعة الجودة لس�مة العمليات + )مشغلين رئيسين )اللجنة الفنية الفرعية + )المهندس المختص
()الهيئة المصرية العامة للبترول (قائد اللجنة الفنية (استشاريين عالميين (لإدارة س�مة العمليات (قائد اللجنة الفنية
17
The PSM Technical Sub-committee comprised the internal peer تألفـــت اللجنـــة الفنية الفرعية مـــن فريق المراجعين الداخليين وتم تقســـيمهم بحســـب
reviewers’ team and were divided according to their specialization into التخصـــص إلـــى أربـــع مجموعـــات .مجموعـــة إدارة المخاطـــر ،مجموعتيـــن لإدارة ســـامة
four groups: Risk Management group, PSM group, Safety Case group
العمليـــات ومجموعـــة الســـامة الفنية.
and Technical Safety group.
Risk Management Technical Safety Safety Case PSM مجموعة إدارة س�مة مجموعة حالة الس�مة مجموعة مجموعة
Group Group Group Group العمليات العمليات الس�مة الفنية إدارة المخاطر
International operators and major global PSM consultants supported قـــام خبـــراء دوليون وكبار الاستشـــاريين العالميين في مجال إدارة ســـامة العمليات بدعم
the project as external peer reviewers with ‘good will’ collaboration المشـــروع كمراجعيـــن خارجييـــن من خالل التعاون "حســـن النيـــة" وبدون مقابـــل مالي .من
and no monetary compensation. External reviewers included
ضمـــن هـــؤلاء المراجعين الخارجيين شـــركات باكير ريســـك ،وبيل إنيرجـــي ،ودي ان في جي
BakerRisk, Bell Energy, DNV GL, Ennpi, Exida, PSRG, Risktec - TÜV
ال ،واكســـيدا ،وبـــي اس آر جي ،وريســـتي ،وتي يو في راينالند ،وشـــل.
Rheinland, and Shell.
Major Operators Global Process Safety National EPC Contractor المقاولون المحليون للخدمات الاستشاريين العالميين لس�مة مشغلين رئيسين
& HSE Consultants الهندسية والتوريدات والإنشاءات العمليات والصحة والس�مة والبيئة
. SHELL . BakerRisk . ENPPI • انبي • باكير ريسك • شل
In addition, in 2022, the Ministry of Petroleum and Mineral Resources بالإضافـــة إلـــى ذلـــك ،طلبـــت وزارة البترول والثـــروة المعدنية فـــي عـــام 2022إدراج اللجنة
requested the inclusion of the PSM Technical Sub-Committee in the الفنيـــة الفرعيـــة لإدارة ســـامة العمليـــات في لجنة اختيـــار الموجة الثانية من المرشـــحين
selection committee of the second wave of the Capacity Building
جديدا لالنضمـــام إلى البرنامـــج كجزء من
ً مرشـــحا
ً لبرنامـــج بنـــاء القـــدرات وذلك لاختيـــار 150
program candidates, to select 150 new candidates to join the ministry’s
اســـتراتيجية التحديث الخاصة بالـــوزارة .لقد عكس اهتمام الوزارة وترشـــيحها القيمة التي
capacity building program as part of the ministry’s modernization
تضيفهـــا جهود اللجنـــة إلى القطاع من خالل دعـــم برنامج الوزارة الرئيســـي لتطوير ورفع
strategy. The ministry’s interest and nomination reflected the value
كفـــاءة الإدارة الوســـطى والمواهـــب بالإضافة إلـــى تعزيز أداء القطاع بشـــكل فعال ومن
the committee’s efforts are bringing to the sector through supporting
the ministry’s key program to develop and raise the efficiency of the ثم تعزيز الاقتصـــاد الوطني.
18
عقـــدت اللجنـــة جلســـات لتبـــادل المعرفة عبـــر الإنترنـــت لطـــرح الوثائق بمجـــرد تطويرها
تطوير أربعة من معايير وإرشـــادات إدارة ســـامة العمليات التـــي وضعتها اللجنة الفنية
تمت مشـــاركة المعايير.الفرعيـــة وتـــم اعتمادها من قبل الهيئة المصرية العامة للبترول
مســـؤول تنفيذي من شـــركات قطـــاع النفط والغاز1000 والإرشـــادات الأربعـــة مع أكثر من
العامـــة للبترول للصحة والســـامة والبيئة وعضـــو اللجنة العليا لإدارة ســـامة العمليات
شـــرح فيه مـــا تنتظره الهيئـــة العامة للبتـــرول من شـــركات القطاع فيما يتعلـــق باتباع
1000 executives from the Egyptian oil, gas and petrochemical sector حضر الجلســـات. مع اللجان الجغرافية الثماني التابعة للوزارة2022 وجهـــا لوجه في عـــام
ً
companies who attended the session. The session also included a مـــن كبـــار المســـؤولين التنفيذيين في مجـــال الصحة والســـامة ومديري300 أكثـــر مـــن
presentation by Eng. Gamal Fathy, EGPC CEO consultant for HSE and شـــؤون البيئة والرؤســـاء التنفيذيين للشـــركات العاملة في القطاع وجـــاءت ردود الفعل
PSM steering committee member, to explain EGPC expectations from
قامت، بالإضافة إلـــى ذلك ولضمان ســـهولة الاطالع علـــى الوثائق.إيجابيـــة ومشـــجعة
sector companies in terms of following the approved PSM standards
اللجنة بنشـــر جميـــع الوثائق الصادرة والمعتمدة على الموقع الإلكتروني لإدارة ســـامة
and guidelines.
.العمليـــات بالإضافة إلـــى مقاطع فيديو موجزة لشـــرح كل وثيقة
Face to face knowledge sharing sessions were held in 2022 with the
ministry’s eight geographic committees. The sessions were attended
by more than 300 senior Health and Safety executives, Environment
Managers, and CEOs of companies working in the sector. The feedback
has been positive and encouraging. More PSM awareness sessions
are planned as additional standards and guidelines are developed. In
addition, to ensure easy access to the documents, the committee
published all issued and approved documents on the PSM website along
with summarized videos to explain each document.
19
The book you hold in your hands today, dear reader, is the outcome of إن الكتـــاب الـــذي تحملـــه بين يديك اليـــوم ،عزيزي القـــارئ ،هو نتاج ســـنوات من العمل
years of hard work and collaboration between the different partners on الجـــاد والتعـــاون بين مختلف الشـــركاء في هذه المســـيرة المتميزة .إنه تجســـيد لرؤية
this unique journey. It is the manifestation of a vision and dream that
وحلـــم بـــدأ في عام 2018وســـرعان مـــا تحول إلى خطـــة قابلة للتنفيذ بخطـــوات حقيقية
started in 2018 and soon materialized into an actionable plan with real
وثابتـــة نحـــو تحويل هـــذا الحلم إلى حقيقة .لقـــد أصبح هذا الواقـــع والتغيير الهام في
and steady steps towards turning this dream into a reality. This reality
القطـــاع ممكنً ـــا من خـــال الدعـــم المقدم من معالـــي وزير البتـــرول والثـــروة المعدنية
and step-change in the sector were made possible through the support
وجميـــع قادة شـــركات الـــوزارة القابضة بمـــا في ذلك الهيئـــة المصرية العامـــة للبترول
provided by HE the Minister of Petroleum and Mineral Resources and
all the leaders of the ministry’s holding companies including EGPC والشـــركة المصريـــة القابضـــة للبتروكيماويات بالإضافـــة إلى ميثانكس مصـــر والتزامها
and ECHEM in addition to Methanex Egypt and its commitment to بإحـــداث تغييـــر إيجابي في مصر .إن هـــذا الكتاب هو نتاج نموذج ناجح من الشـــراكة بين
bring positive change to Egypt. This book is the result of a successful القطاعيـــن العـــام والخـــاص ،بين ميثانكـــس والوزارة والشـــركات القابضة يجمـــع الخبرات
model of Public Private Partnership between Methanex, the Ministry معـــا لتطوير مجموعة من المعايير والإرشـــادات التي تشـــتد الحاجة
العالميـــة والمحليـــة ً
and Holding companies bringing global and local expertise together إليهـــا مـــن خـــال كـــوادر مصريـــة ٪100والتي مـــن شـــأنها الحد مـــن تأثير مخاطـــر إدارة
to develop, through 100% Egyptian calibers, a much-needed set of ســـامة العمليـــات .إن التأثيـــر الناتج عـــن تطبيق الارشـــادات والمعايير الـــواردة في هذا
standards and guidelines that will help in mitigating the impact of PSM
وبحـــرا عبر جميـــع مراحل إنتاج
ً الكتـــاب أثنـــاء أي مشـــروع ودورة تشـــغيل أي منشـــأة ًبرا
risks. The impact that the regulations and standards in this book brings
النفـــط والغـــاز الطبيعي ،بالإضافـــة إلى كونها قابلـــة للتطبيق فـــي أي قطاع صناعي،
for application during a project and operational lifecycle onshore and
يعـــد إنجـــازً ا بـــارزً ا للقيـــادة المتمكنة والفـــرق الملتزمـــة والمواهب الهندســـية المحلية
offshore across upstream, midstream, downstream as well as being
المتميـــزة فـــي مجال إدارة ســـامة العمليـــات .هذه النتيجـــة التي تتماشـــى مع برنامج
scalable across any manufacturing industry is an outstanding feat of
capable leadership, committed teams and an outstanding local PSM التحديـــث الخاص بالوزارة تســـاهم في التوضيح لشـــركات القطاع كيفيـــة تطبيق واختيار
engineering talent. This outcome which is in line with the ministry’s ً
بداية مـــن المفهوم معاييـــر إدارة ســـامة العمليـــات فـــي مختلـــف مراحل أي مشـــروع
Modernization Program provides clarity for all sector companies to know مـــرورا بالعمليـــات ووصولً ا إلى أنشـــطة إيقاف التشـــغيل .إن الامتثال
ً والفكـــرة الأوليـــة
how and which PSM standards to apply at different stages of a project للمعاييـــر المطـــورة مـــن خالل الجهـــة التنظيميـــة يضمن انتشـــارها على نطاق واســـع
from initial concept, through operations and finally decommissioning تماما ،وفي وبالتالـــي يـــؤدي إلـــى تقليـــل حـــوادث إدارة ســـامة العمليـــات أو منعهـــا
ً
activities. Compliance with the developed standards through the حالـــة وقـــوع أي حادث مؤســـف ،يضمن توفر نظـــام كامل لإدارة هذا الحادث .سيســـاهم
regulator ensures a vast outreach leading to reduced or full prevention
الجهـــد المبذول في المبادرة بأكملها وكتاب إدارة ســـامة العمليـــات الماثل في زيادة
of PSM incidents and in case of an unfortunate incident, ensures a full
الوعـــي والمعرفـــة والأهـــم من ذلك قدرة القطـــاع فيما يتعلق بإدارة ســـامة العمليات
management system is in place to manage it. The effort behind the
بطريقـــة تنقـــذ الأرواح وتحمي البيئة وتحمي الأصول وتســـاهم مســـاهمة ايجابية في
whole initiative and this PSM book will contribute to raising awareness,
نمـــو القطـــاع ومســـتقبله وفي نهاية المطاف ترســـيخ مكانـــة مصر كمركـــز للتميز في
knowledge and most importantly capability of the sector with regards
to process safety management in a manner that will save lives, protect مجال إدارة ســـامة العمليات في أفريقيا والشـــرق الأوســـط.
20
Process Safety
Management’s
Leadership
Leap of Faith
21
Dr. Trevor Kletz known as the ‘Father of Inherent Safety’ says, “There’s an
old saying that if you think safety is expensive, try an accident. Accidents
cost a lot of money. And, not only in damage to plant and in claims for
injury, but also in the loss of the company’s reputation.”
Over the last five decades the process industries have expanded Effective Process Safety knowledge and leadership are some of the key
significantly to meet the world’s growing population needs. The world barriers preventing process safety incidents from occurring. Process
needs more energy which will require hazardous materials to be produced, Safety understanding and goal setting must be defined and set by each
processed, transported, and stored. The means of how energy is made regulatory organization and each operating organization. Process Safety
available needs to be through safe and sustainable practices. Land is at a requirements must be applied rigorously, systematically, and vigilantly
premium; hence more complex and hazardous facilities are getting closer across all levels of an organization.
to populated communities and transportation routes are going through
This is an outstanding opportunity for regulators, business leaders,
multiple environments and habitats.
technical leaders, and workforce members to fully grasp and apply to
every decision and activity that is executed daily as well as longer term
strategic plans. The outcome can only be a safe and reliable oil & gas,
and petrochemicals industry serving the wider population and meeting a
country’s economic and strategic goals.
22
Leaders must ensure that their teams rigorously and diligently follow set Several incident investigations identify managers saying that they
policies, standards, and procedures to ensure safe design, operations, didn’t know what was happening or what wasn’t happening and that if
reduce the environmental impact, achieve community expectations, they did, they would have stopped it! Well, it is a manager’s job to know
and demonstrate compliance with applicable regulations. This ensures what is happening. A manager can know what is happening by talking
operating organizations maintain their “License to Operate.” For this to to the different work crews, being visible on site and dedicating time to
happen, a critical requirement is the right leadership culture. talk to the different teams about Process Safety, listen to real issues
on site and in the offices to be able to provide the adequate resources
Culture is traditionally defined as “a shared set of beliefs, norms,
to inherently prevent incidents from happening. A manager must trust
and practices, documented and communicated through a common
language.” The key word being shared. Process Safety values must the team but verify the work through being part of the team.
be consistently - and constantly - shared at all levels of management An organization’s executive leadership and leadership members
and among all employees. An organization’s Process Safety culture across all levels must demonstrate their commitment to process
expresses itself within its own organizational structure, which may be safety through their actions. If senior leadership shows its belief in the
simple or complex. The structure must ensure that competent resources importance of process safety, consistently communicates that belief to
are available to execute process safety work as per the regulatory and other managers and the workforce, and then provides the appropriate
company requirements. resources to promote process safety excellence, shared beliefs and
practices will follow through the rest of the organization. Leaders must
Competence levels of dedicated process safety resources as well as
develop a positive, trusting, and open process safety culture.
others from different disciplines provide structured guidance to career
development planning and are a key part of an organization’s Human An organization’s culture is established, defined, and embodied in the
Resources progression program and role assignments. actions of its leaders. Preventing process safety incidents requires
vigilance. Not having an incident does not indicate that an organization
Competency levels are also considered as barriers in any incident
is safe, as this may be the first step towards complacency when
prevention model. Having competent personnel in their core technical
people no longer appreciate how their safety systems work leading
discipline as well as understanding the process safety impact of their
to deterioration in barrier control, forgetting lessons, deviating from
activities will eliminate or reduce the impact of an incident.
standards, and accepting lower performance.
Culture evolves over time in response to various events, including
Leaders must instill a sense of chronic unease with every decision they
changes in leadership and in management systems. Accordingly, an
make. The term “Chronic Unease” is well known across the industry,
organization’s process safety culture at any point in time may be viewed
and when applied leads to positive outcomes.
as reflecting prior events or prior defining periods in the history of
the organization, such as mergers and acquisitions, reorganizations, Leaders must ensure that each member of the organization is an
financial difficulties, technological changes, and management changes. Empowered Leader, and by that the executives genuinely and without
any repercussion support their teams to intervene actively and positively
As stated before, organizations exist to make good business through
to STOP unsafe activities or decisions that may negatively impact their
delivering safe production. To do so, the organization must apply the
people, facilities, and surrounding environments.
As Low As Reasonably Practicable (ALARP) Principle and still stay in
business. This is a balance that leaders must face and make risk-based People are and will continue to be at the heart of every decision related
decisions daily to meet it. Moreover, an organization with a strong to safe design and operations. People write up the guidelines that
safety culture does not lose sight of the fact that the stakeholders with others implement to design and operate facilities. Leaders must set the
the most to lose-their lives-are workers and members of the public systems to select the right people at the right time for the right role –
living or working near hazardous operating plants or facilities. this is the initial step to setting up the correct systems.
23
It is imperative that leaders understand risk management protocols and Barrier health must be maintained and independently verified as per each
how they apply to the hierarchy of control steps. This will allow them to organization’s Process Safety Management framework. This is critically
support process safety decisions that involve budgetary allocation and important regardless of the number of barriers in place.
expenditure. As stated above, the cost of an incident outweighs the cost
Peter Drucker says: “What gets measured gets managed.” To better
of engineering and project execution to mitigate ‘after the fact (incident)
understand and manage a process safety program, metrics must be put
reactive action’ risks and continuously improve process safety at any
in place to performance manage the teams working in the office and
organization.
on site against defined KPIs. This holds leaders and work crews alike
There are multiple barriers that each organization, through a thorough accountable to deliver safe and reliable operations.
process safety and hazard management program, must set in place
Over the years, the Safety Case program has proven to be a positive
and maintain to prevent incidents from occurring. All the barriers work
means for organizations to demonstrate to Regulators that they have
together to provide the required protection and prevention of an incident.
done what they can to operate safely. The work completed within
Barriers include people (selection, competence, training, communication, a Safety Case is the culmination of multiple management systems
culture, etc.), process (administrative procedures, operational (Quality, Health, Safety, Security, Environment, Process Safety,
procedures, technical documents, maintenance programs, compliance Operations, Maintenance, Asset Integrity, Risk, Engineering, Human
with process and avoiding shortcuts, etc.), and plant (engineering and Resources, Planning, Budgeting, Projects, etc.) coming together to
construction of barriers, maintaining safe operating limits, defining, and clarify how an organization operates safely with technical, procedural,
maintaining safety critical equipment, applying operational control of and administrative evidence to the Regulator and other stakeholders.
work, etc.).
The Safety Case once reviewed and accepted by a Regulator, grants the
The more barriers identified, the better the defense against an Operator a timebound ‘License to Operate’. The evidence to allow for
incident.This is a concept of safety defense-in-depth. The fewer the a Safety Case to be accepted must be continuously reviewed by each
holes and the smaller the holes, the more likely you are to identify/ organization to ensure its validity.
stop errors and failures that may occur. Barriers need to be always as
Organizational leaders must familiarize themselves with the Safety
robust as possible.
Case content, and must hold themselves as well as their teams
accountable to maintain what the Safety Case stipulates and commits
Protective
them to do. This is a very formal process demonstrating facility safety
«Barriers»
and compliance with regulations ensuring that all stakeholders are of
Hazard Weaknesses
or «Holes» the same understanding of a facility’s Major Accident Hazard’s (MAH)
risk as well as how this risk is managed, everyone gets to have a say
in the output as part of the consultation process, thus in the end the
document is publicly owned by all stakeholders. It is a vehicle to drive
continuous improvement within the organization and the industry.
Incident “It is wise to learn from one’s mistakes, but it is wiser to learn from others’
mistakes!”
Organizations exist to make profit based on a human need – the end goal
of ‘Safe Production’ can and must be achieved. Process Safety is Good
As the holes are frequently changing, regular management reviews, Business.
drawing upon input from performance metrics, audits, and lessons from
lesser incidents, can be used to maintain the robustness of the barriers.
24
About PSM
25
The Oil, Gas, and Petrochemical industry has many inherent process The root cause events may have occurred or been ongoing for a
safety hazards and risks that could harm the people, environment, considerable time before the accident occurrence. Thus, any approach
assets, and reputation. It can interrupt the production and operation that only considers plant barriers will fail to acknowledge the critical roles of
activities which made it necessary to develop a management system for processes and people in the causation of major accident hazards and will
mitigating the Major Accident Hazards (MAHs) and managing process not deliver process safety.
safety issues. Process safety management (PSM) is mainly focused on
Process safety management applies to all stages of a project lifecycle.
managing low-frequency, high-consequence, major accident events. The
Successful process safety management in the operation phase requires
consequences of these accidents may include serious personnel injuries
appropriate activities to have been undertaken during the evaluation/
or fatalities, significant environmental damage, in addition to substantial
concept selection, basic engineering/FEED, and detailed engineering phases,
financial and reputational impact. Process Safety requires that all physical
then continue throughout the operation stage till decommissioning. This is
plants, management processes, and people operate as intended.
described in the following three categories of activity and illustrated figure.
Therefore, process Safety Management needs to be addressed for the
below three barrier types:
26
The PSM standards and guidelines (described in detail further in this • Continually improve its process safety performance and the
book and illustrated in figure 1) provide structured documents to capture achievement of process safety objectives.
and communicate best practices and lessons learned for all the Egyptian
• Demonstrate conformity with the requirements of the PSM system to the
oil, gas, and petrochemical segments, to prevent the repetition of
key stakeholders, such as shareholders and relevant regulatory bodies.
major accidents. Whereas the PSM standards are mandatory, the PSM
guidelines are discretionary. However, it is required that the guidelines’
content be understood and considered for implementation by Each standard or guideline in the process safety management system
operations and projects. The PSM standards set minimum requirements is founded on the Plan-Do-Check-Act (PDCA) approach, which requires
in key areas, particularly concerning process safety-critical aspects of leadership commitment and workers’ participation across all levels and
facilities development, project execution, and operations, which the functions of the companies and entities. This model is an iterative process
PSM guidelines are provided to support and complement. The basic to be used to achieve continual improvement, as follows:
intent is to: • Plan: To identify process safety hazards & risks and establish a PSM
• Establish, implement, and maintain a process safety management system.
system to eliminate or minimize process hazards and risks (including • Do: To implement the PSM system processes as planned.
process safety management system deficiencies), take advantage
of opportunities, and address management system nonconformities • Check: To monitor the performance of the process safety activities and
• Design to eliminate hazards wherever reasonably practicable (e.g., • Act: To take actions to continually improve the process safety
contain hydrocarbons) through inherent safety in design and use of performance and achieve the intended outcomes from the PSM
• Reduce risks until they are as low as reasonably practicable (ALARP). It is worth mentioning that this PSM Book is only a high-level overview
of the documents, not a practical document. For more details
• Ensure the consistency of approach across all the Egyptian oil, gas, regarding the implementation purposes, please visit the EGPC USafe
and petrochemical companies. Application or PSM Egypt Website (www.psmegypt.com) to follow the
detailed PSM standards and guidelines.
PSM
Definitions &
Abbreviations
27
The Egyptian PSM
Standards and
Guidelines
28
of the Ministerial Committee for Process Safety - psmegypt.com - and
were also made available on the "EGPC Usafe" application, which can be
downloaded on Android and IOS systems.
29
Being appointed to Egypt’s PSM technical sub-committee as its Team
Leader in order to develop Egyptian PSM standards and guidelines was
a momentous experience for me. I had the resolute belief that creating
the Egypt PSM standards and guidelines written and developed by a
qualified Egyptian technical team was a challenging but probable dream.
And here we are on the other side of that enormous achievement.
30
Risk Management
31
Risk Management Standard
EGPC-PSM-ST-00
32
• Using a consistent language that is understood across the
Overview
subsidiaries and operating companies managed by the entities.
This snapshot showcases an overview of the principles and methodology
• Defining a unified Risk Assessment and Management System
that comprise the key principles and methodology of the Risk Management
Framework for the entities, including a unified Corporate Risk Matrix
Standard, which will focus on the following:
for all HSE and Business risk assessments.
- Risk Management Process • Specifying methods and tools for effectively identifying hazards, risk
analysis, and evaluation using the Risk Tolerability criteria defined in
- Risk Management Process Requirements this standard related to entities’ activities.
- Hazard Identification & Screening • Setting consistent risk tolerability criteria for qualitative, semi-
quantitative, and quantitative risk assessments in line with entities’
- Risk Analysis (Qualitative, Semi Quantitative & Quantitative)
Corporate Risk Matrix.
- Risk Evaluation
• Aiding robust and informed decisions making for the management of
- Risk Treatment HSE risk consistently across entities and their companies.
- Risk Reporting & Communication • Notifying risks and endorsing risk management measures, including
additional actions if applicable, consistently at the appropriate levels of
the organization.
Introduction
• Monitoring the effectiveness of any risk management measures.
The Oil and Gas industry has hazards and risks that are inherent to its
workers, environment, public, assets, activities, operational locations,
and products. Using a standardized approach to risk management that Risk Management Process Requirements
is applied consistently across all types of operation has the advantage of
• Chairperson(s) and Managing Director(s) of each company belonging
accounting for different sources and types of risk (including, but not limited
to any of the entities shall be accountable for conformance to the
to, consideration of the potential consequences of environmental impact,
requirements of this Standard.
security threats, community grievances, and capability scarcity, as well
as personal and process safety incidents). This means that all activities • Each company that belongs to any of the entities shall:
must be conducted in a manner designed to minimize QHSSE risks and - Identify the risks relevant to its accountabilities across the types
protect the health and safety of employees, contractors, customers, the of risks (e.g., Process Safety, Occupational Health & Safety,
community at large, and the environment. Environmental Security, and Compliance);
The purpose of this standard is to establish a structured Risk Management - Assess the level of risk based on worst credible accidental scenarios
process and consistent method of ranking the severity and probability of for each of the applicable severity and likelihood criteria defined in
potential hazards to ensure that risks are identified, analyzed, evaluated, Annex A - Corporate Risk Assessment Matrix; EGPC-PSM-ST-00
and treated consistently and assigned to a respective management tier for
- The extent (breadth and depth) of risk assessment is proportionate
implementation, follow-up, and closure. It seeks to help prioritize resource
with the impact level and type of risk and the nature of the impact.
allocation and defines endorsement levels to manage levels of risk. To
The extent of risk assessment may range from a professional
achieve this objective, this standard aims to provide a framework for the
judgment to a formal quantified risk assessment.
following:
33
- Produce their internal Risk Assessment Matrix based on severity and - Monitored to an appropriate extent, reviewed and updated frequently
likelihood criteria defined in Annex A - Corporate Risk Assessment as identified in Annex H - Risk Management Review Committees. The
Matrix with only allowable changes to financial impact criteria reflecting extent and how often risk monitoring is conducted is proportionate with
their asset value and annual production or profit plans according to the level and type of risk and the nature of the impact.
the percentage identified for financial impact.
• Annex F - Risk Assessment Fundamentals guides the key steps and
- Follow risk management measures according to Annex E - Risk expectations of a risk assessment process that might be applied.
Control Measures.
- Document the risks they are accountable for and how they are Establish Context
managed.
Before starting any operation or project, it is important to establish the
- Establish and maintain a Risk Register and Risk Action Plan for each context and assess the risks. There should be a clear understanding
Level 1 (Red), Level 2 (Amber), and Level 3 (Yellow) risks as per Annex of the technical objectives, scale of operations, geographic location,
D - Risk Register and Action Plan Template. and timeframe. Taking this into consideration, as well as any relevant
stakeholder input, all potential consequences should be assessed.
- Notify and endorse Risk Register and Action Plan – at a minimum – to
The likelihood of occurrence of a hazard and the potential severity of a
the levels defined in Annex I - Signoff requirements for various residual
consequence is used to assess the level of risk. A realistic view can then
risk levels, based on the highest residual risk rating determined by
be taken of the worst-case, credible outcome of a scenario, taking into
the colours on the risk matrix.
account the extent to which severe consequences can be foreseen,
- Significant changes to risks and their management shall be notified particularly those with a low likelihood of occurrence.
and endorsed respectively at the levels defined in levels consistent
with the colours on the Corporate Risk Matrix.
Hazard Identification and Screening
• Where improvements are needed to the management of risks, additional
actions with owners, timelines for completion, and resources required For hazards associated with the activities throughout the life cycle of
shall be developed and implemented. companies belonging to any of the ENTITIES, all threats and causes
that could lead to potentially hazardous events resulting in undesirable
• Additional actions can be developed and prioritized based on the risk
consequences shall be systematically identified. This can be done using
assessment, strength of existing risk management measures, strategy
structured techniques, such as HAZID, HAZOP, HITRA, etc.
and plans, legal and regulatory requirements, and any other factors that
could affect timing.
Risk Analysis
• To help decide whether improvements are needed, consider whether
the risk is sufficiently managed by existing risk management Risk analysis is an informative analytical process to understand risk
measures. This could include reference to applicable entities’ level that includes a detailed examination of the identified hazards,
requirements, laws, regulations, and proven practices in the industry. addressing the potential consequences, and determining the severity
level of addressed consequences, the likelihood of consequences
• Risks and the effectiveness of risk management measures shall be:
occurrence, and the risk level. The unified Corporate Risk Matrix
- Specific, Measurable, Achievable, Time framed (SMART) shall be used for carrying out qualitative and semi-quantitative risk
assessments. The Corporate Risk Matrix is separated into four
- Referred to the best available data or expert judgment, and
regions that identify the limit of risk tolerability:
34
1. Level 1 - High Risk (Red / Intolerable Risk Region): The risk level is not Likelihood Rare Unlikely Possible Likely
Very Almost
Likely Certain
acceptable, and risk control measures are required to move the risk
Severity # 1 2 3 4 5 6
figure to be tolerable and in the ALARP region.
Disastrous A 1A 2A 3A 4A 5A 6A
4. Continuous improvement (Green / Low-Risk Region): The risk level CORPORATE RISK MATRIX
requires continuous monitoring to prevent deterioration or deviation
from performance standards. For further details on Risk matrix please refer to RISK MANAGEMENT
STANDARD EGPC-PSM-ST-001 on EGPC USafe Application or PSM
Risk analysis may be undertaken using qualitative, semi-quantitative, or
Egypt website.
quantitative methods. Each of these methods is discussed briefly below:
Semi-Quantitative Risk Assessment In carrying out quantitative risk assessments, specific quantitative tools
and techniques are used for estimating the severity of the consequences
Semi-quantitative risk assessments are structured risk assessment
and the likelihood of the hazardous scenario occurring for various identified
techniques that can use simple consequence modelling techniques where
scenarios within the study boundary. For details of the QRA process, refer
applicable to derive estimates of the severity level of the hazard scenario
to Quantitative Risk Assessment (QRA) Guideline EGPC-PSM-GL-008.
and event trees and fault tree analysis for quantifying the likelihood of
hazards resulting in hazards events.
35
Risk Evaluation Unacceptable
region
Risk can not be justified
except in extraordinary
circumstances
Risk evaluation is used to identify any residual risk (or increased risk level)
and provides inputs to decision making processes on whether risks need Tolerable if
ALARP region
Tolerable only if risk
reduction is impracticable
Risk is taken or if its cost is grossly
to be treated and on the most appropriate risk treatment strategies and only if a benefit is disproportionate to the
required improvement gained.
methods. Subsequently, the purpose of risk evaluation is to assist in making
decisions (based on the outcomes of risk analysis) about which risks need
Tolerable if cost of
treatment and which priority must be assigned for their treatment. reduction would exceed
the improvement
Risks are prioritized for risk response. Unacceptable risks are ranked and Broadly Necessary to maintain
acceptable assurance that risk
prioritized with other risks. A common approach to prioritizing risks is to region remains at this level
divide them into three bands (according to the unified Corporate Risk
Matrix):
Framework for Tolerability of Risk (Ref. ALARP Carrot Diagram Example
• An upper band, where the level of risk (Level 1 - Red) is regarded as Given by UK HSE COMAH)
intolerable whatever benefit the activity may bring, and risk treatment is
essential whatever its costs;
Criteria for Qualitative and
• A middle band (Level 2 - Amber and Level 3 - Yellow), where costs and
benefits are considered and opportunities balanced against potential
Semi-Quantitative Risk Assessment
consequences; and Risk criteria for qualitative and semi-quantitative risk assessment are
defined in the risk matrix used for the assessment. A risk matrix facilitates
• A lower band (Green), where the level of risk is regarded as negligible or
the quick assignment of risk levels for each risk level (Red, Amber, Yellow,
so small that no risk treatment measures are needed.
and Green) demonstrated in the unified Corporate Risk Matrix.
36
Quantitative Risk Assessment Individual Risk Criteria are most expressed in the form of Individual Risk Per
Annum (IRPA). The IRPA is a representative worker of a given worker group
Tolerance Criteria considering expected occupancy at all the locations he is expected to be
Quantitative risk criteria are standards used to translate numerical risk present within the hazardous location throughout the year. This includes
estimates, as produced by a Quantitative Risk Assessment (QRA), into plants, accommodations, recreational activities, etc. The calculation
value judgments such as ‘negligible risk’ (e.g., the risk value is lower than 10- excludes the duration for which personnel is not present at the site due
6, which means lower than one fatality every 1 million years), that can then to reasons such as annual leave; personnel is considered not exposed to
be set against other value judgments such as ‘high economic benefit’ in the facility operations or occupational risk during this duration. This criterion
decision-making process. is applicable to all companies belonging to entities. It is mandatory to
demonstrate that risk levels are within the criteria given in the table below:
To define the three bands of risk (acceptable, Tolerable if ALARP, and
unacceptable), two levels of risk criteria are required: Workers Member of public
• A maximum tolerable criterion above which the risk is intolerable, Maximum tolerable criterion 10 -3 per year 10 -4 per year
• Between these two criteria, the ALARP region is laid. Tolerability Criteria
Risks to people may be expressed in two main forms: At the other extreme is the broadly acceptable region, where the risk is
so low that there is no further requirement to undertake additional risk
• Individual Risk – the risk experienced by a person.
reduction measures, i.e., the risk is, or has been made, so small that no
• Societal (or Group) Risk – the risk experienced by the whole group of further precaution is warranted.
people exposed to the hazard. Where the people exposed are members
In between these two extremes lies a wide range of tolerable risk levels
of the public, the term Societal Risk is often used. Where workers are
to which the ALARP principle applies, i.e., the risk must be reduced to
isolated, and members of the public are unlikely to be affected, the term
the lowest level practicable, bearing in mind the benefits flowing from its
group risk is often used. In this document, the term Societal Risk is used
acceptance and taking into account the costs of any further reduction.
to encompass both public and worker risk.
Thus, for the risks, which fall within the Tolerable region, some weighing of
costs and benefits, i.e., Cost-Benefit Analysis, is necessary to determine
Individual Risk Criteria (IRPA) compliance with the ALARP principle.
• Transport, e.g., road traffic accidents, air/sea transport accidents. The Criteria may be defined to limit the risk of major accidents and
help target Societal Risk reduction measures (such as restrictions on
• Hydrocarbon-related, e.g., loss of containment leading to toxic releases,
concurrent activities or land use, enhanced engineered safeguards,
fires, or explosions.
and improved building siting or protection).
37
particular location for 24 hours per day, 365 days per year. This is also known
FN-Diagram
as Location-Specific Individual Risk (LSIR).
The FN curve is the curve of cumulative frequency versus the number of
Land use planning (LUP) criteria is a planning tool to advise on new
fatalities on a logarithmic scale. FN curves are frequency-fatality plots,
developments, accommodations that are constructed near the existing
showing the cumulative frequencies (F) of events involving N or more
facility boundary or siting the facility in the vicinity of the existing occupied
fatalities. They are derived by sorting the frequency-fatality (FN) pairs
building area, or master plan updates for existing assets. The purpose of
from each outcome of each accidental event and summing them to form
defining LUP zones is to minimize risk to people around the hazardous
cumulative frequency-fatality (FN) coordinates for the plot.
facility by specifying how close certain types of facilities can be developed.
At the top of the curve is the unacceptable level, on or above which the For example, relatively low occupancy nonindustrial development such
risk is so great or the outcome so unacceptable that it must be reduced as warehouses…etc. can be allowed to be relatively close to the facility
immediately. boundary, whereas vulnerable populations, such as schools, hospitals …
At the other extreme is the broadly acceptable level, where the risk is so low etc. need to be further away from the facility.
Potential Loss of Life (PLL) approach is useful to help define the context properly and for well-targeted
change management during risk treatment.
The other main measure for Societal Risk is the annual fatality rate, where
the frequency and number of fatalities are combined into a Potential Loss
of Life (PLL), which is a convenient one-dimensional measure of the total Reporting Risks
number of expected fatalities.
The Risk Register and Action Plan (RRAP) (see Annex D - Risk Register and
Potential Loss of Life (PLL) is simply the sum of the products of all f-N pairs Action Plan Template) shall be used to record, track, close out, and follow
(i.e., Potential Loss of Life = ∑FN [people/year]) up on all the identified risks.
PLL is well suited for comparing alternative solutions for the same facility,
From the risk assessment process, each company shall develop a Risk
is relatively easy to understand for non-risk specialists, and must be
Register that details the main areas of risk associated with activities in
calculated to be able to derive the cost-effectiveness of risk reduction;
all operating units (e.g., exploration, development, projects, operations),
Lifetime PLL is how risk reduction measures should be assessed by using
including normal and temporary activities (e.g., operation plant, warehouse,
Cost-Benefit Analysis.
marine base, headquarter, drilling activity, seismic).
The RRAP shall capture the most significant hazards (together with their
Risk Contours (LSIR) Criteria for consequences and probability of occurrence), which, if realized, have the
Land Use Planning (LUP) potential to adversely affect the company with consequential negative
impact on its HSE performance and reputation.
Risk contours are iso-risk contours plots that represent the geographical
variation of the risk for a hypothetical individual who is positioned at a
38
The RRAP is owned by companies’ managing director(s) while the custodian
Monitor/Review the Risks
is the Risk Champion of relevant risk level. The RRAP is a live document, and
it shall be reviewed and updated frequently as identified. All the identified risks and associated risk reduction measures, once
recorded in the risk register, shall be reviewed periodically by associated
stakeholders.
Risk Communication
It is required that certain risk-related information be communicated to the
Document Annexes List
workforce. There are three reasons why this is necessary:
Annex A - Corporate Risk Assessment Matrix
a. Members of the workforce are exposed to risk in their daily work lives.
Annex B - Risk Assessment Framework
b. Some members of the workforce have key roles to play in the risk Annex C - Qualitative Risk Assessment Workflow
management process relating to the management of risk reduction Annex D - Risk Register and Action Plan Template
measures (barriers). Annex E - Risk Control Measures
Annex F - Risk Assessment Fundamentals
c. In their day-to-day activities, members of the workforce might interact
Annex G - Roles and Responsibilities
with barriers (e.g., via maintenance processes which, if performed
Annex H - Risk Management Review
incorrectly, can defeat barriers).
Annex I - Signoff Requirements for Various Residual Risk Levels
All members of the workforce need an understanding of the following:
For annexes details, please refer to RISK MANAGEMENT
a. What existing risks are they exposed to. STANDARD - EGPC-PSM-ST-001 on the PSM EGYPT website.
39
Major Accident Hazard
Management Guideline
EGPC-PSM-GL-006
40
Overview While this guideline has been developed for the purpose of providing an
overview of MAH management with a focus on of identification of MAH
This snapshot showcases an overview of the principles and methodology within the facility, the risk management process, and related barriers &
that comprise the management of the Major Accident Hazards (MAHs) controls for the purpose of managing Major Accident Hazards. Thus, it
guideline, which will focus on the following: does not include the full process for managing SCE, i.e., the impairment
management of SCE, the SCE criticality ranking, the KPI’s. This guideline
- Introduction also does not cover the full scope of formal safety assessment studies,
which shall be addressed in detail in other guidelines.
- Purpose
- Developing Bowties for MAH’s process starting from setting a definition for MAH until verifying the
implementation of assurance activities required to maintain the integrity of
- Identification of SCE’s and Developing Performance Standard the barriers required to control the MAHs. Each step is mentioned in detail
in the document body.
- Identification of Safety Critical Tasks and HSE Critical Positions
Set definition for MAH
This guideline establishes the principles, methodology, and guidance Conduct Hazard Identification Workshop
(Using HAZID guideword checklist)
for the management of Major Accident Hazards (MAHs), using bowties
which are typically used as part of safety case development, taking into Rank Hazard scenarios
based on risk matrix
consideration creating a balance between maximum sustained value and
minimum lowest sustained risk. Other MAH scenarios Does the initial
identified from other No Record specific control for
ranking of the hazard scenario
sources, if any i.e. HAZOP, each hazard scenario
meet the MAH criteria
QRA, Lesson Learned, etc. *
Purpose Yes
This guideline supports the development of a safety case document. (*) Input is Explored and Evaluated During HAZID Workshop
41
Major Accident Hazard Identification Identification of Major Accident Hazard
Definition of Major Accident Hazard (MAH)
A Hazard Identification (HAZID) study is commonly used as the basis for
Major Accident Hazard is a hazard with the potential, if realized, to result in identifying the major hazards and developing the MAH list. HAZID is a
a major accident. team-based brainstorming analysis used to identify potential process and
A Major Accident is a Hazardous event that results in: non-process hazards. HAZID typically examines all reasonably possible
sources of hazard, including the process design itself and hazards external
• Multiple fatalities or severe injuries; or
to the process design.
• Extensive damage to the structure, installation, or plant; or
ISO 17776 provides an extensive checklist of hazards that can be
• Large-scale impact on the environment (e.g., persistent and severe encountered in the petroleum and natural gas industries. The HAZID team
environmental damage that can lead to loss of commercial or could utilize this checklist and risk assess only the applicable hazards to the
recreational use, loss of natural resources over a wide area, or severe facility/entity or process.
environmental damage that will require extensive measures to restore
For the scope of the safety case, the main objective of the HAZID study is
beneficial uses of the environment).
to identify credible MAH scenarios. MAH screening starts in an Evaluation/
(ISO 17776 definition) Concept selection study and should be continually assessed and defined
Major Accident Hazards may be substances, activities, operations, or as the design evolves.
conditions.
MAH risks may change, especially during the operational phase. New MAH
Risk Assessment Matrix and Major Accident Hazard could be introduced, or the risk associated with existing MAHs could change
because of changing operational conditions. If these changes occur, then
Based on the definition of Major Accident Hazard and reference to the
the MAH risks should be re-evaluated. Examples of events, changes, or
Corporate Risk Assessment Matrix (RAM), the region of MAH can be
activities that should trigger MAHs reviews include:
allocated and marked on the RAM.
• Major project changes (e.g., process, inventories, production fluids, etc.);
Any hazard assessed as having a Disastrous Consequence (Severity A)
should be considered a MAH regardless of the likelihood of the event. • CAPEX projects (e.g., extensions, new builds);
The following figure shows the MAH mapped on Corporate RAM. • Ageing of the facility;
Notable F 1F 2F 3F 4F 5F 6F
42
Note: During the early design phase, evaluations will necessarily be less should be identified to reduce the risks to ALARP.
detailed than those undertaken during later design and operation phases.
Where it is not possible to utilize this technique (adequacy criteria) as the
So, any MAH identified from other studies, i.e., HAZOP, QRA, etc., is to be
introduction of a new barrier is not reasonably practicable, a team should
explored during the HAZID session and to be added to the MAH list.
include a suitable and sufficient narrative explanation of all the factors
Each MAH requires further in-depth studying through bowtie. Before starting considered and the underlying rationale for the final judgment and the
bowtie development, the MAH list shall be reviewed to consider any MAH barriers considered sufficient.
raised from any other studies and not discussed during the HAZID workshop.
Barrier Adequacy Each hardware barrier is subdivided into SCE groups for reporting and
management purposes. These groups are defined by their function,
In establishing the number of barriers required, care should be taken to
ensuring the barrier remains in place (they are not defined by location,
count only the independent barriers.
equipment type, medium or service, construction type, or technical
To ensure consistency in all bowtie studies across Egyptian companies, a authority responsibility).
criterion for barrier adequacy and sufficiency must be available to take into
One of the deliverables from the bowtie workshop is the SCE group list.
consideration the barriers of Independency and strength/effectiveness.
The purpose of developing such a list of SCE groups is that the equipment
The barrier adequacy criteria specify what is deemed suitable and sufficient
involved would be ranked higher on the integrity priority program for
control of threats and mitigation of and recovery from consequences. This
inspection, maintenance, and repair, together with measures such as
criterion should be considered as a minimum number of barriers and not
holding parts in stock to reduce the time for repair.
an absolute requirement. Where fewer barriers are identified, additional
controls/actions (Risk Reduction Measures)
43
Performance Standard (PS) • Design: engineering calculation and analysis.
For each SCE identified during the bowtie workshop, a performance • Project implementation (procurement, fabrication, construction,
standard must be developed. This standard sets out the levels of and commissioning): equipment type testing and commissioning
performance it must achieve in terms of functionality, availability/reliability, performance testing.
survivability, and interdependency (FARSI). This ensures that the critical
• Operate inspection, maintenance, and testing.
barriers remain in place and effectively continue to manage the Major
Hazard over time. PSs for SCEs should be described in a safety case for Therefore, PSs for establishing initial suitability may differ from those
MAHs that demonstrates the basics of safe operation. used to assess the ongoing suitability of SCEs, and hence separate PSs
should be developed for initial and ongoing suitability for the same SCE.
Energy Institute guidelines define Performance Standard (PS) as “A
The requirement contained in PSs should be to assure that SCEs do meet
qualitative or quantitative statement of the required performance of a
defined PS criteria across the facility life cycle and so MAH risks meet the
safety critical element (SCE) that contains the information necessary
defined risk acceptance criterion.
to validate its effectiveness during design, construction, testing,
commissioning, operation and decommissioning.” Reflecting Performance Standards in the Maintenance Program
In the context of SCE, the Performance Standard defines the performance During the operation phase, performance standard assurance
criteria for the SCE and contains the information necessary to verify the requirements should be reflected in the company’s maintenance,
effectiveness of SCE during the design, construction, and operation of inspection, and testing program so that SCEs retain ongoing suitability
the system. and continue to meet their PS criteria.
Each SCE should have its own Performance Standard. For example, Active In order to apply performance standard requirements and to facilitate
Fire Protection can be viewed as an SCE at a system level or broken down scheduling and executing assurance tasks at the tag level, an asset
into its safety-critical equipment and components, such as pumps, valves, register shall be developed. Asset register comprising Safety Critical
ring main, associated branch piping systems, and nozzles. Active Fire Equipment or Components that are part of a system-based SCE identified
Water Protection system functionality performance criteria are measured at tag level with a unique identification number.
to the firewater demand to the worst-case scenario for a certain duration, Effective SCE assurance during the operating phase is dependent upon the
while functionality performance criteria for fire pump is pressure and flow alignment between the asset register and the PSs.
measured at the pump discharge. The advantage of viewing such sets of
safety-critical equipment and components on a system level is that it is
easier to manage them together. Identification of Safety Critical Tasks and
PSs should state the overall MAH management goals (or objectives) of Health, Safety, and Environment (HSE)
the SCE. Using these goals, designers and risk specialists should be able Critical Positions
to assess and define the required function and level of performance of the
Safety Critical Tasks (SCTs) are a group or set of tasks/actions necessary
SCE during the design stage. Operating companies should define PSs for
for the development, implementation, operation, or maintenance of a
their SCEs to define the required assurance activities, i.e., maintenance,
barrier established for managing Major Hazards.
inspection, and testing to maintain the integrity of the SCEs. In this way,
there should be a transparent linkage between MAHs, SCEs, and PSs. Each Safety Critical Task should be assigned to a responsible HSE Critical
SCE performance criteria usually remain appropriate for all facility life cycle Position. Personnel in these positions should be competent in executing
phases, but SCE assurances and verifications are not fixed and change the activity allocated to them. Note: HSE Critical Position is any position
with the facility life cycle phase, such as: that is required to carry out a Safety Critical Task. i.e., Field operator, HSE
engineer, maintenance technician.
44
Safety Critical Tasks should have safety critical procedures that have been
Document Annexes List
properly designed and are supported by appropriate training programs
to ensure successful operation. Good communication of operational Annex (1) - Typical Examples of the Major Accident Hazards
instructions should equip personnel to better fulfill duties for the safe Annex (2) - Bowtie Methodology and Examples
operation and maintenance of the plant. Safety Critical Tasks (SCTs) Annex (3) - Bowtie Checklist
should be used as a basis for defining the competency criteria for those Annex (4) - Barrier Effectiveness Criteria
45
Safety Critical Element
Management Guideline
EGPC-PSM-GL-007
46
Overview A documented process shall also be in place, describing the course of
action to be followed in the event of barrier impairment. It shall address
the risk assessment process required to determine the ability to continue
- Introduction operations, the additional safeguards that may be required to be put in
place, and the means by which this will be approved and regularly reviewed
- SCE Management Flow Diagram
within the facility.
- Safety Critical Element (SCE) Identification
- Developing Performance Standards for the SCE Safety Critical Element (SCE) Management Flow
- Identification of Safety Critical Equipment Diagram
The below figure provides a logical flow diagram of the activities that
Developing Maintenance, Inspection, and Testing
- should be in place to manage safety critical equipment. The management
Requirements (Asset Care Policy)
process includes the identification of the safety critical equipment and the
- Developing Maintenance, Inspection, and Testing Procedures execution of the required maintenance, inspection, and testing to maintain
Planning and Scheduling Testing, Inspection, the SCE suitability, in addition to the management of SCE impairment.
-
and Maintenance of Safety Critical Equipment
Identify SCE (System Level)
Executing Required Testing, Inspection,
-
and Maintenance of Safety Critical Equipment Develop Performance
Standard for the SCE
Review Feedback from Maintenance, Inspection, (System Level)
-
and Testing of Safety Critical Equipment
Identify and Develop Register
- SCE Impairment Management for Safety Critical Equipment
(Tag Level)
Introduction
PIan & Schedule MIT of Safety
This guideline sets out good practices for the management of safety- Critical Equipment
47
• The levels of performance that SCE must achieve.
Safety Critical Element (SCE) Identification
• The assurance activities required to meet the required performance.
Process safety is focused on the control of MAH scenarios with severe
consequences. Based on IOGP and the Energy Institute, the hardware • The verification activities are required to ensure the implementation of
barriers, implemented by the oil and gas industry for process safety to assurance activities and meet the performance criteria.
prevent/control Major Accidents, can be broadly categorized under eight
SCE performance criteria usually remain appropriate for all facility life cycle
hardware barriers:
phases, but SCE assurances and verifications are not fixed and change
1. Structural Integrity. with the facility life cycle phase, such as:
2. Process Containment.
• Design: engineering calculation and analysis.
3. Ignition Control.
4. Detection Systems. • Project implementation (procurement, fabrication, construction,
• Passive systems (i.e., process containment, passive fire protection, The facility should ensure that all Safety Critical Equipment is identified,
escape routes, etc.). listed, and included as part of a comprehensive, structured asset register
listing all assets and work equipment at each location and within each area
• Active systems (i.e., Fire detection, ESD system, deluge system, etc.).
of operation. Each Safety Critical Equipment should be uniquely named so
that it can be easily identified on the asset register.
Developing Performance Standards for the
Identification of SCE at the tag level is not simple. Typically, an item of
Safety Critical Element (SCE) safety-critical equipment could be the ‘child’ of a system already identified
Performance Standards (PS) shall be developed for each of the identified as an SCE, but it does not follow that it is a SCE itself. The failure of an
SCEs. This standard sets out the levels of performance it must achieve in individual item (equipment) within a system will not necessarily stop the
terms of functionality, availability/reliability, survivability, and interdependency SCE from performing its functional role.
(FARSI). This ensures that the critical barriers remain in place and effectively The following decision-making principles could be applied to ascertain
continue to manage the Major Hazard over time. whether an item or equipment is a safety critical itself:
Performance Standard document shall include:
48
• Does the safety critical equipment/component item belong to an SCE
Developing Maintenance, Inspection, and Test-
system (i.e., as a child of an SCE)?
ing Requirements (Asset Care Policy)
• Will the failure of the safety critical equipment/component item prevent
The company shall develop maintenance, inspection, and testing
the SCE from meeting its performance standard?
requirements/(ACPs) for each identified Safety Critical Equipment.
The facility should ensure that there is a common understanding of which This ACP should be developed using risk management principles to
equipment should be considered safety critical. The Decisions for both define the appropriate care approach and specific testing, inspection,
the inclusion and/or exclusion of equipment as “safety critical” should be and maintenance interventions necessary to deliver the required level
suitably and formally documented inside the facility. of performance/reliability for each Safety Critical Equipment. It should
establish the most appropriate balance between ‘run to failure,’ ‘condition-
based,’ and ‘time-based’ interventions.
Asset Register
It is likely that, in many cases, a generic ACP will cover a number of identical
or similar pieces of equipment. In these cases, the team developing the
Equipment Functional ACPs should consider both the type of equipment and the operating
Location environment, when deciding whether it is appropriate to develop a generic
ACP to cover a class of safety-critical equipment.
49
When a procedure or work pack is developed for the maintenance, Whereas the plan should set out how the work will be carried out, the
inspection, and testing, it will assemble or reference many different sources schedule should set out when the work will be carried out (start, finish, and
of information. In some cases, this information may have to be developed duration) and who will carry it out.
from the basics.
The schedule also provides a means of coordinating activities to be carried
In addition to these procedures and work packs, there may be other out, forecasting and optimizing resource requirements, in addition to
reference information such as basic Safety Critical Equipment records, understanding the overall business impact of the planned activities.
specification sheets, parts lists, drawings, maintenance procedures,
The planning and scheduling of the testing, inspection, and maintenance of
vendor manuals, and Safety Critical Equipment maintenance, inspection,
the Safety Critical Equipment should be coordinated with other activities,
and testing history. Decisions should be made on which information is
which may be planned on the same assets or using the same resource
required, how it will be stored and maintained up to date, besides how it will
groups.
be made available.
It should be ensured that the work plans and schedules are reviewed and
This reference information may be assembled on an ongoing basis as
agreed upon with the line managers/supervisors/technicians who will be
procedures/work plans/work packs are developed, or it may be appropriate
required to execute them.
for resources to be assigned to address this as a specific initiative. The
choice of approach will typically be based on the current status and Any amendments to job plans or work order scheduling frequency shall
accessibility of the required reference material. be controlled to ensure that any effects of extending or increasing the
maintenance intervals are fully understood.
In many cases, a work activity may be repeated in the future, so the
procedures or work packs should be reused wherever possible, in order to The maintenance management system should be configured with the
ensure a consistent approach and to achieve the maximum efficiency and SCE assurance activities before implementing SCE integrity assurance
effectiveness from the available technology and planning resources. activities.
50
Following the completion of testing, inspection, and maintenance work, the Impairment includes:
necessary feedback should be provided. Specific feedback requirements
• SCE overdue maintenance, inspection & testing.
should be defined in the work pack for each activity. Typically, this feedback
will include the following: • Failed SCE (not meeting the performance criteria).
• Performance against the plan. The identification of SCE impairment may result from any of the following
circumstances:
• Performance against schedule.
• Through observation during routine plant operations and maintenance
It should be ensured that the equipment history is updated to incorporate
activities.
the feedback from execution. Responsibility for maintaining and updating
the records should be clearly defined. • Whilst conducting SCE assurance routines.
In cases where it is necessary to delay the scheduled testing, inspection, • During verification, witness testing.
or maintenance of the Safety Critical Equipment, this should be formally
• An unplanned event that reveals SCE impairment.
deferred via a risk-managed approach and tracked appropriately and
approved by persons with the necessary delegated level of authority. It should be ensured that the appropriate risk assessment is carried out for
any SCE impairment, through the application of appropriate compensating
Review Feedback from Maintenance, Inspection, control measures together with review and authorization by the authorized
persons. The Safety-Critical Equipment is there to prevent an unsafe
and Testing of Safety Critical Equipment
condition from developing: if it is impaired whilst the asset or work equipment
The company should ensure that the feedback from inspection, testing, that it is designed to protect is in service, it should be ensured that there are
and maintenance is monitored, analyzed, and regularly reviewed in order to appropriate alternative robust controls in place to ensure that the risk of an
identify the following: unsafe condition developing is managed to a tolerable level.
• Necessary modifications to ACPs. The company should decide who will have delegated management
• Bad actors/poor performing Safety Critical Equipment. authority to approve the impairment of the Safety Critical Equipment and
maintain an up-to-date list of these delegated authorities. In parallel with
• High-cost inspection or maintenance interventions where there is
the management authority, there should be a list of technical authorities.
a justification (opportunity) to change the inspection/maintenance
Approval to impairment should require authorization by both a technical
approach or upgrade the Safety Critical Equipment to reduce the cost.
and management authority.
The identified requirements for improvement projects should be assessed
to evaluate the justification, priority, and feasibility. When justified, the Operational Risk Assessment (ORA)
improvement projects should be developed and implemented in line with
The company’s procedures for risk management need to be dynamic such
the company’s MOC process.
that they accommodate and account for adverse changes in safety-critical
element (SCE) provision or other abnormal situations that may potentially
Safety Critical Element (SCE) Impairment
increase the levels of major accident risk. This dynamic approach to risk
Management
management takes a number of forms and has various titles applied to the
An impaired Safety Critical Element (SCE) is an SCE that does not fully processes. For the purpose of this guidance, the term Operational Risk
meet, or may not fully meet, one or more of its Performance Standard Assessment (ORA) is used.
criteria.
51
The most common trigger for ORA is the identification of the impaired • The Performance Standards requirements are integrated into the
SCE. Other triggers include abnormal operational situations and changes management system and form the basis for the planned inspection,
to the organizational capability that may compromise the safe operation testing, and maintenance of the barriers at the facility.
of the facility.
• A clear procedure describing the processes for operational risk
Each company should develop, maintain and implement the ORA assessment of impaired barriers is in place.
procedures that achieve a systematic and effective approach to
The following Figure shows the generic barrier model for managing
operational risk management processes.
process safety-related hazards.
It is particularly important to stress that the application of the task risk
assessment procedures, criteria, and guide words focusing on personal Structural Ignition Shutdown Emergency
Integrity Control System Response
injury outcomes only is inappropriate in operational risk assessment.
The objective of the Cumulative Risk Profile is to provide a means to assess Barrier Model
It is a pre-requisite for the development of the cumulative risk profiling Based on the Operational Risk Assessment, each individual barrier can
process that the following are implemented and functioning effectively: be classified based on its effectiveness (ability to meet the Performance
Standard). The classification can be represented visually in the barrier
• Applicable major accident hazard scenarios are identified.
model using a simple color coding, for example, using traffic lighting (green,
• Barriers required to manage the risks associated with these hazards are amber, and red).
identified.
52
Where the initial risk shows a significant increase above the baseline level Facilities should consider the following frequencies and drivers for carrying
and where the mitigation measures are considered to be only partially out an assessment of the barrier health status using the Cumulative Risk
effective in reducing the risk (such that there is only a small difference Model.
between the initial and residual risk rating), then this may be the basis for
• In the event of significant change, as deemed by the technical expert
the barrier to be classified as red.
and technical support functions.
For the same scenario, if the mitigation measures are considered to be
• Weekly as part of ORA reviews conducted by the facility-based team.
effective at reducing the risk (creating a significant reduction between the
initial and residual risk rating) and where the mitigation measures can be • Two weekly through a combination of the functional support roles,
readily assured, then this may be the basis for the barrier to be classified in including Technical Experts, Asset Technical Authorities.
the amber category. • Monthly through a combination of asset senior management and site
The following figure includes the barriers to health status, considering management as part of process safety and asset integrity governance
the initial risk figure and residual risk figure, after applying the mitigation review.
measure. This Barrier model could be presented to the senior management
and site management on a suggested monthly basis.
Initial Risk
Figure
Residual Risk
Figure
53
The following figure shows the relation between Cumulative Risk and ORA
* Senior
Cumulative Risk Facility Manager
Management
Assessment Approval
Review
Typical Cumulative Risk (Barrier Health Status) and ORA Process Map
54
Piper Alpha Incident – North Sea,
UK Sector. Wednesday, July 6, 1988.
Explosion and sinking of the oil
platform. 167 deaths.
55
Process Safety
Management Program
56
Process Safety Management
Program Standard
EGPC-PSM-ST-003
57
Overview Purpose
The purpose of this standard is to help the Companies belonging to
- Introduction EGPC and Holding Companies attain a better overall understanding of
- Purpose that PSM. This standard describes the main components of the PSM,
as well as establishes consistent requirements for planning, conducting,
- Application of the framework of RBPS managmentia and implementing the PSM elements for the Companies belonging to
-
EGPC and the Holding Companies which shall be in accordance with the
Risk Based PSM pillars
requirements of this Standard.
- PSM Program Implementation Approachi
58
• Asset Integrity and Reliability
Risk-based PSM Pillars
• Contractor Management
Commit to Process Safety: It is the cornerstone of process safety
excellence. Management commitment has no substitute. Companies • Training and Performance Assurance
generally do not improve without strong leadership and solid commitment.
• Management of Change
The entire company must make the same commitment. A workforce that is
convinced that the company fully supports safety as a core value will tend • Operational Readiness
to do the right things, in the right ways, at the right times, even when no one
• Conduct of Operations
is looking. This behavior should be consistently nurtured and celebrated
throughout the company. Once it is embedded in the company culture, this • Emergency Management
commitment to process safety can help sustain the focus on excellence Learn from Experience: Involves monitoring, and acting on, internal
in the more technical aspects of process safety. This pillar contains the and external sources of information. Despite a company’s best efforts,
following elements: operations do not always proceed as planned, so companies must be
• Process Safety Culture ready to turn their mistakes - and those of others - into opportunities to
improve process safety efforts. The most cost-effective ways to learn from
• Compliance with Standard
experience and seek continual improvement are to:
• PS Competency
1. Correct deficiencies exposed by internal incidents and near misses.
• Workforce Involvement 2. Utilize management reviews as ongoing “due diligence” reviews to
maintain continuous improvement.
• Stakeholder Outreach
3. Apply lessons learned from other companies.
Understand Hazards and Risk: The company that understands hazards
In addition to recognizing these opportunities to better manage risk,
and risks and principals of risk significance is better able to allocate
companies must also develop a culture and infrastructure that helps them
available resources in the most effective manner to achieve the best and
remember the lessons and apply them in the future.
most effective utilization of the workforce. This pillar contains the following
elements: This pillar contains the following elements:
1. Prudently operating and maintaining processes that pose a risk. • Management Review and Continuous Improvement
2. Managing changes to those processes to ensure that the risk remains
tolerable.
PSM Implementation Approach
3. Preparing for, responding to, and managing incidents that do occur.
The PSM program implementation approach is based on systematic
Managing risk helps a facility deploy management systems that help sustain
steps to ensure monitoring of the overall process to achieve effective
long-term, incident-free, and profitable operations. This pillar contains the
implementation:
following elements.
• Operating Procedures
59
• Maintain a Dependable Practice Ensure that the element requirements Note: Element activities were founded on the concept of the PDCA cycle
are clear, specific, documented, and issued in the company’s guidelines/
procedures to help guide the implementation and execution of the Activities founded on the concept
program and ensure that workforce follows through and complies
of Plan-Do-Check-Act (PDCA)
with the process in a consistent, safe manner. Guidelines/procedures
should be consistent throughout the company.
. Create element and system workflows.
• Conduct Element Activities By implementing element guidelines/ . Estimate the workloads and resources.
Plan
procedures consistently over time, guidelines/Procedures that are not
. Develop Written Programs/Procedures.
followed are of little value. Tolerance or endorsement of working solely
from memory or using alternatives to approved guidelines/procedures
. Roll out the system and ensure
can lead to highly unpredictable and sometimes unwanted unsafe
operations. To promote their use and full implementation, guidelines/ Do consistent implementation.
procedures should be available to the user at the time and location that . Involve competent personnel.
60
Prepared by:
Monitor Organizational Performance
Hany Mohamed Tawfik
The purpose of monitoring the organizational performance is to gauge OHS & PS General Manager - Ethydco
the effectiveness of the PSM program implementation and to prevent
an organizational adoption of such inefficient and potentially dangerous Technical Consultant:
trend. This would ensure that these potential deficiencies are proactively Amr Fathy Moawad Hassan
identified and resolved before they are revealed by an audit or incident. PSM Senior Consultant at Methanex Egypt
61
Process Safety
Implementation Guidelines
EGPC-PSM-GL-012
62
Overview Why PSM?
The necessity of PSM system implementation is increasing day by day.
- Introduction
The traditional occupational health and safety practices are not enough to
- Purpose control the process-related hazards and have nothing to do with the major
accident hazards.
- PSM implementation road map
Various factors can continuously or periodically influence a company’s PSM
- Why PSM?
system implementation and/or performance; examples include:
- Levels of PSM implementation • Significant internal or external incidents point out actual or potential
Process Safety Management (PSM) is an application of engineering and • Process changes or mergers/acquisitions that introduce new
management principles and systems to identify, understand, and control processes/ chemicals with new hazards and risks. For example, a
process hazards to protect employees, facility assets, and the environment. small site may not have previously been required to implement a PSM
system (due to either regulatory or corporate requirements), but now:
It is important to keep in mind that process safety incidents are often “high
consequence, low-frequency events.” Therefore, it is possible for a plant or - It increases the quantity of a highly hazardous chemical used in the
facility, and even the entire industry, to have declining numbers of incidents process and now needs a formal PSM system that will ensure a higher
for many years and then have a very serious incident (multiple fatalities or level of attention to process safety, or
catastrophic asset damage) with little or no change in operation.
- It is acquired by or merged with a different company that requires a
EGPC and holding companies seek a proper and effective implementation formal PSM system to be instituted due to the chemicals/quantities
of PSM. Implementing the PSM program standard (EGPC-PSM-ST-003) as handled in the process to reduce the risk to employees and neighbors,
per the 20 elements of AIChE CCPS’s Risk-Based Process Safety (RBPS) etc.
PSM framework needs preparation for the organization and personal levels.
• Regulatory changes add new requirements that the PSM system must
address.
Purpose • Global expansion leads to issues such as maintaining the PSM system's
The purpose of these guidelines is to guide the companies that belong robustness and fitness-for-purpose as the company gets larger,
to the Egyptian General Petroleum Corporation (EGPC) and the holding integrating the PSM system of new acquisitions, and instilling the desired
companies with a pathway for effective PSM program implementation. safety culture in personnel in various countries.
These guidelines describe the steps required for progressive system
implementation.
Levels of PSM Implementation
Among all Egyptian oil and gas companies, subordinates to the EGPC or
PSM Implementation Roadmap holding companies, there is a variation in the PSM implementation level
Implementing the requirements of the 20 elements of the RBPSM as due to factors including the nature of operations, process complexity,
described in the process safety management program standard (EGPC- compliance to shareholders' requirements, aging factors & asset integrity
PSM-ST-003) requires preplanning and organization preparation in the first issues, the competency & culture of individuals, and the presence of a
place to ensure effective and sustainable implementation. management commitment, vision, and leadership.
63
Based on that, the PSM in Egyptian companies is expected to be one 2. Planning (6th clause).
of the following five levels of PSM implementation: 3. Support and operations (7th & 8th clauses).
4. Performance evaluation & Improvement (9th & 10th clauses).
1. A formal system exists and is operational.
2. An informal system is in place.
1 - Secure
3. A system exists but is not followed. Management
Commitment
4. An incomplete system is in place but needs upgrading.
9 - Managing 2 - Assign PSM
5. No system exists. Process Safety
Performance
Custodian and
Management
Sponsor
Also, among the Egyptian Oil and Gas companies, structural and phase
differences might be found. Generally, the company/facility life cycle is
Performance
divided into the following six stages: Evaluation and Leadership
Improvement
8 - Roll Out 3 - Establish
the System a Culture for
1. A facility in design phases (before start-up). Change
4. Facility expansion.
7 - Develop 4 - Adopt PSM
5. Existing facility. a PSM Program Program
6. Decommissioning.
For the above-mentioned, these guidelines will apply to all cases 6 - Evaluate the 5 - Establish
Present Status a PSM Team
64
PSM Competency
Management Guideline
EGPC-PSM-GL-016
65
Overview Methodology
This snapshot showcases an overview of the principles and methodology Organizational Roles Groups
that comprise the PSM Competency Management Guideline, which will
Division roles are categorized into groups with a single definition for easy
focus on the following:
matching competency levels, as illustrated in Annex A. Job grouping is typical
for the oil, gas and petrochemical industry. However, each company should
- Introduction
calibrate the job grouping to match the company's organizational structure.
- Purpose
Competency Definitions
- Organizational Roles Groups
The proposed competency levels are:
- Competency Topics • Awareness:
- Process Safety Management (PSM) Competency Matrix - Be generally aware of this topic and associated terms.
- May not know the answer but knows where to get more information.
- Training and Competency Assessment
• Basic Knowledge:
- Plan Personnel Transitions/Organizational Changes
- Has general working knowledge of the topic.
Many incidents happen because the necessary process safety knowledge - Independent contributor.
or competence is not available at the right time in the right place. Process - Integrates work with other disciplines.
Safety Management (PSM) competency management ensures that the
• Skill:
correct actions are taken to prevent the incident or reduce its severity.
- Advanced experience in the skill.
This guideline provides a comprehensive methodology to manage the
PSM competency within the company to ensure that each working - Applies creative solutions to complex problems.
group has the right competencies for each PSM task. The guideline also
- Can execute most tasks within the topic with minimal or no direction.
provides a framework for the PSM competency assessment and training.
Besides, the guideline describes the requirement for personnel transitions - Has the experience levels to complete assigned tasks.
(organizational changes) and recruitment. Finally, the PSM competency • Mastery/Expert:
monitoring and auditing requirements are discussed briefly to ensure that
- Advanced experience in a particular skill.
the PSM competency management remains effective throughout the
project lifecycle from feasibility study to decommissioning. - Applies creative solutions to complex problems.
The purpose of this document is to provide minimum requirements and - Defines and drives critical business opportunities and needs.
guidelines for developing, sustaining, and enhancing the PSM competency
- Represents the organization internally and externally on critical issues.
in companies and entities. The main product of competency management
is understanding and using knowledge to make better decisions when - Sets standards within the organization.
faced with an abnormal situation. It also ensures that the process safety
- Recognized as a subject matter expert (SME) with extensive knowledge
competency is one of the requirements of the PSM Program Standard
and skills.
(EGPC-PSM-ST-003).
66
Notes: Process Safety Management (PSM) Competency Matrix
• The requirements for each competency level assume that the
A competency matrix is a useful tool for mapping the staff’s PSM
requirements for the lower levels are met.
competencies. The PSM competency matrix is shown in Annex B and is
• Contractors who can impact process safety are expected to have available in spreadsheet format on PSM Egypt Website
appropriate competencies in the process safety management, based (www.psmegypt.com).
on their roles and the risk associated with their scope of work. These
Notes:
contractors include, but are not limited to, operators, mechanics, and
• Competency-topic custodians included in the PSM competency
other hourly personnel.
matrix are provided as guidance per industry practice. The companies
• All full-time operations and maintenance contractors responsible for the may assign different custodians for each topic to match the company
plant's full operation and maintenance shall follow the company PSM organizational structure.
competency matrix with applicable job grouping.
• The target competencies levels for the roles are generally in line with
Competency Topics the industry practice and should be followed. In case companies decide
to change the custodians for some competency topics, the target
There are 22 PSM competency topics, requiring a specific level of
competency levels may be changed for these competency topics.
competency. These topics relate to the PSM elements, technical safety/
safety in design, and human factors, as illustrated in the table below. • The PSM competency matrix is not intended to replace each working
group's specific job competency requirements.
Emergency Management The skill and mastery/expert proficiency levels assessment should be
Incident Investigation conducted via face-to-face interviews by the PSM SME, PSM competency
Measurements and Metrics topic custodian, and HR. In special cases where an expert for a specific
Learn from Experience
Auditing competency topic is unavailable within the company, an external consultant
Management Review and Continuous Improvement
expert in this area should be outsourced to conduct the PSM competency
N/A Technical Safety/Safety in design
assessment in the presence of the PSM SME, PSM competency topic
N/A Human Factors
custodian, and HR.
67
The HR division should coordinate, compile, and record all the PSM Recruitment of Personnel
competency assessment results. It is required that the PSM competency
The recruitment process must ensure the selection of people from outside
be part of the annual performance review. The PSM competency
the company for all positions linked to PSM with the necessary PSM
requirements must be assessed for any new role as part of the recruitment
competencies/skills, aptitudes, and characteristics that will allow them
process for new employees.
to achieve competence given the available help and training. The process
Training must allow the examination of education, existing skills, experience, and
knowledge to identify suitable candidates.
The training approach in this guideline has been structured around a
three-part approach for learning and development, illustrated in the table Monitoring and Audit
below. After the PSM competency gap assessment has been completed
For continuous improvement, an annual audit for process safety
to verify the gap between actual proficiency level and target proficiency
competency should be conducted as per the PSM Program Standard
level as required by the PSM competency matrix, the training department
(EGPC-PSM-ST-003) audit element.
should coordinate with PSM SME and respective division managers to
prepare plan and budget for the improvement actions which explore the
List of Annexes
best possible options to fill the competency gap between the target and
actual competency levels. • Annex A – Organization Job Groups.
• Annex B – EGPC Competency Matrix.
PSM Competency Topics
• Annex C – Competency Definitions.
Leaming and Development Approach Typical Development Activities
For annexes details, please refer to PSM COMPETENCY MANAGEMENT
• Expanding your knowledge by
Self-education, Study & reading the required topics. GUIDELINE EGPC-PSM-GL-016 on the PSM EGYPT website.
Guided Reading.
• Learning through new experiences -
Shadowing experienced personnel.
Ahmed Mostafa
The learning through education (training courses) could be performed
Operations Section Head at Egyptian Linear
in-house via classroom or electronic training courses prepared by
Alkyl Benzene Company (ELAB)
the company PSM SME and training department in coordination with
competence topic custodian and entities. This training could be conducted
Technical Consultant:
through an external party if capabilities and resources are available. For
Amr Fathy Moawad Hassan
skill and mastery/ expert levels, the learning is performed by a specialized
PSM Senior Consultant at Methanex Egypt
consultant as per the approved training plan with applicable certification.
69
Management of Change (MOC)
Guideline
EGPC-PSM-GL-018
70
Overview Purpose & Scope
This snapshot showcases an overview of the Management of Change
The main purpose of this guideline is to explain the process of controlling
(MOC) guideline, focusing on the following main topics:
planned changes that affect the PSM system performance and address
changes without regulatory impetus because such controls represent
- Introduction sound business practices for achieving process safety, safety, quality,
and environmental objectives. In addition, it ensures that all the PSM
- Purpose & Scope
system requirements and business aspects have been considered before
- Design of A Management of Change Process implementing any change that affects asset integrity.
- Developing, Implementing & Operating of MOC Process The purpose includes how to control temporary and permanent changes
to enhance process safety opportunities and ensure that there are no
negative effects of these changes on the PSM system performance. The
Introduction
purpose also includes that companies review the results of the changes
Management of change (MOC) is a process for evaluating and controlling and take measures to mitigate any negative impact and seize possible
modifications to facility design, operation, organization, or activities -before opportunities.
implementation - to make certain that no new hazards are introduced and
It is intended that the MOC guideline applies to all sites in upstream,
that the risk of existing hazards to employees, the public, or the environment
midstream, and downstream facilities of the oil and gas sector. This
is not unknowingly increased.
guideline covers any MOC except for the following:
Management of change (MOC) is one of the most important elements
• Administrative Changes and Organizational Changes shall comply with
of a Process Safety Management (PSM) system. Changes occur when
the human resource disciplines in MOP and relevant entities' instructions
modifications are made to the operation or when the replaced equipment
and policies.
does not meet the design specification of the equipment it is replacing.
Also, more subtle changes can occur when new chemical suppliers are • Procedural Changes shall comply with the documented information
selected, hazard classifications change, procedures are modified, or site instructions and/or procedures in the management systems of entities
staffing and/or company organization is revised. Such changes, if not and companies.
carefully controlled, can increase the risk of process operation and result
• Capital Project Changes shall comply with the project management
in incidents.
instructions in the management systems of entities and companies.
Companies that manufacture, handle, store, or use hazardous chemicals
• Replacement In Kind (RIK).
are committed to effective MOC processes for a variety of reasons. In
addition to a desire to promote process & occupational safety and to It is suggested that the MOC procedures that will be prepared under
protect the environment, motivations for MOC include the intent to comply this guideline include any change from the initial design of the plant,
1. MOP and Entities regulations require MOC systems. • Change from design specification, and functionality, in respect of
2. Internal regulations require MOC systems. addition, deletion, and replacement of equipment/hardware items.
3. Safety, quality, and environmental initiatives such as International • Changes in the PFD and P&ID, i.e.,
Organization for Standardization (ISO) 45001, 9000, & 14000.
- Addition or deletion of any item in the PFDs and P&IDs.
71
- Set point or any configuration of any safety device outside the MOC process Lifecycle
previously established operating range.
The MOC process is outlined to cover the stages of RFC initiation, RFC
• Changes in the equipment location or any item in the workplace layout Approval, MOC Engineering, MOC Implementation, and MOC Close-Out,
drawing. illustrated in the MOC Process Map/Flowchart (see annex A) and has the
following major components. The MOC process has the following major
• Change in set point or any configuration of any safety device outside the
components:
design range.
1. Initiation: The need for change is established, risks of not implementing
have been assessed, and an internal review has been done. A Conceptual
Design of a Management of Change Process design package is assembled, sufficient for the technical review. This
The MOC Decision Tree step includes the screening of RFC, by giving justification to illustrate
that the change required is reviewed, and the MOC priorities are defined.
Any engineering change that satisfies the following criteria shall constitute
a ‘Modification’ and shall be implemented through the Management of 2. RFC Approval: The approval is based on the screening and technical
Change (MOC) process. This process shall also be applied when the reviews conducted by the reviewers (MOC committee) on the MOC
modification is done temporarily. document package and endorsement by the Process Safety Engineer or
Specialist, then the approval is given for detailed design and execution.
Types of Changes
3. MOC Engineering: That includes the design and HIRA studies for
There are several classifications of changes. There is a classification
MOC, i.e., selection of options, technical studies, detailed design, HIRA
based on the timing and duration of the change, where the classification
studies, technical reviews, and the implementation of action plans of
is braked into permanent, temporary, and emergency change.
HIRA studies.
As well as a classification based on the nature of change, so we find
4. MOC Implementation: Physical execution (construction,
technical/engineering/operational changes, procedural changes,
implementation, installation) of change, mechanical completion,
administrative changes, capital projects, and organizational (people)
documentation update, PSSR, and authorization of start-up.
changes.
5. MOC Close-Out: Complete post-start-up action items and MOC closure.
Replacement In Kind RIK
72
• Decide whether to allow the change, once a change has been reviewed and Level 3 - Examples would include additions or changes within the relief and/
its risks evaluated, management can then decide whether to (1) approve or blow-down system, the changing of process control/alarm functions,
the change for implementation as requested, (2) require an amendment fire and gas alarm system, firefighting and cooling system, the installation
to the change request or implementation process, or (3) deny the change of temporary by-passes, and/or similar systems. In these cases, a more
request. For facilities to adopt and implement appropriate MOC approval rigorous PHA should be employed, such as a HAZOP study.
protocols, the following essential features should be considered:
Level 4 - Examples would include new major modifications to existing
- Authorize changes. facilities, pipelines, and similar projects. In these cases, a detailed HAZOP
study and QRA should be performed.
- Ensure that change authorizers address important issues.
Note: The responsibilities of the relevant departments shall be based on
Ensure that the update of drawings and procedures are implemented,
the determined change level.
affected personnel be trained, required risk control measures be
implemented, and so forth. To ensure that approved MOCs are properly RFC Management Approval
concluded, the following essential features should be considered updating
If the initial reviewer (Process Safety Engineer/Specialist) and other
records, communicating personnel changes, enacting risk control
reviewers approve the Request for Change (RFC), It shall be submitted to
measures, and maintaining MOC records.
the Asset Owner Manager and the site General Manager for review and
Request for Change Request for Change (RFC) Approval Phase approval/rejection. In case of approval, the Asset Owner Manager shall
assign an Engineer In Charge (EIC).
The Change Initiator identifies the change in the "Request for Change
(RFC) Form" and provides an initial change layout, available drawings, and Engineering Phase
support documents. Then, he shall submit these documents for screening
The Engineer In Charge (EIC) is responsible for preparing a study that
to the initial reviewer (Process Safety Engineer/Specialist), who shall
includes the Engineering/detailed design of the change/ feasibility study
ensure that the proposed change complies with the modification criteria
if needed, and the scope of work for the implementation phase. Moreover,
mentioned in the scope of this procedure and that it is not a Replacement
he is responsible for preparing a presentation that describes the study of
In Kind (RIK) nor a repeated RFC, and alternative change may be proposed.
the MOC Committee meeting that shall be held later. All the documents
The Process Safety Engineer/Specialist shall implement a preliminary
relevant to the change should be provided. The MOC Committee meeting,
assessment to determine the Significance of Change (SOC) level of the
where the Engineer In Charge (EIC) shall make a presentation and provide
change by determining the degree of hazard and the degree of change.
the study details of the change, shall be held according to the agenda
Significance Of Change (SOC) Level determination prepared by the MOC Coordinator.
The initial assessment of the change results in the categorization of the The MOC Committee members shall review and evaluate the proposed
change to be one of four levels, as the following: modification to ensure that it resolves the root causes of the problem
stated, is fit for purpose and is compatible with the operating policies.
Level 1 - Examples would include the changing of process and alarm set-
They shall provide recommendations, if any. The Process Safety Engineer/
points beyond the previously established limits or modifications to normal
Specialist shall fill in the MOC form during the MOC Committee meeting.
operating procedures. A Design review shall be done in this case.
Priority is based on impact and urgency, and it identifies required times for
Level 2 - Examples would include pipeline rerouting, a replacement that is
actions to be taken. The priority level of the change shall be specified. Four
“not-in-kind,” and upsizing equipment and/or process components where
priority levels are to be given, 1,2,3,4 as follows:
relief and/or safety systems are not impacted. A simple PHA as a What-If
or checklist would be recommended as a minimum.
73
• Priority 1 is given to MOC relevant to an HSE issue or a safety critical The MOC Coordinator shall coordinate the PSSR in case it is decided to be
element/task/barrier. required during the MOC meeting. Upon completion of implementation, the
EIC and the implementation party shall submit all completed documents
• Priority 2 is given to the MOC that would increase production, prevent
to the MOC Coordinator to update the Process Safety Information (PSI).
production losses, or is associated with short-term time constraints.
Pre-Start-up Safety Review (PSSR)
• Priority 3 is given to the MOC that would improve the company's asset
reliability. Pre-Start Safety Review is a method of reviewing and evaluating all aspects
of a change project, a piece of equipment, instrumentation, process unit,
• Priority 4 is given to the MOC relevant to infrastructure modifications.
etc., that has been modified. This review is done by the Change initiator
The MOC Committee shall implement, by themself or through the (EIC), an operation Engineer for MOCs related to workplace modifications,
appointment of specialists from inside or outside the company, the and the MOC Coordinator. This review takes place before commissioning,
adequate Process Hazard Analysis (PHA) and Risk Assessment (RA) for activation, start-up, or operation through a pre-prepared checklist,
the proposed change, according to Risk Management Standard. In case according to the approved design specifications, to ensure that certain
the risk is found to be HIGH, the MOC shall be undergone by a third party important consideration has been addressed before the change are
(Outside Engineering Contractor). Meanwhile, if the risk is found to be introduced into the process.
LOW, the implementation can be done indoors. The MOC Committee
Close-Out Phase
shall review the budget/cost estimate of the proposed modification and
allocate the budget as shown in the MOC budget allocation chart. The Process Safety Engineer/Specialist shall follow a closeout review of the
performance of the change after being in service and its impact on other
Furthermore, the MOC Committee shall decide during the meeting the
systems and report any failure. The MOC Coordinator shall update the
following:
process safety information (PSI), logs the MOC in the MOC records, and
1. Either the change implementation requires a new JSA, or a routine JSA
inform all relevant departments of the change completion. Note that the
is already available.
closeout review is an approval mechanism for verifying that tasks required
2. Whether the proposed change affects the routine of the maintenance
for a change have been completed.
or not.
3. If a Prestart-up Safety Review (PSSR) is required before the change is put Deliverables from the Change
in service. The MOC Coordinator shall ensure that the entire change cycle is
Management of Change (MOC) Approval appropriately documented for each MOC process or case. Examples of
the deliverables may include engineering drawings such as PFDs and PIDs,
The final MOC package shall be circulated for review by the MOC
equipment lists, narrative safeguarding by instrumentation, alarm and
Coordinator for final approval of all MOC committees.
trip set points list, narrative process controls, and an instrument loop and
Note: for MOC levels 1&2, the final approval shall be done by the site instrument logic diagram.
manager. For MOC levels 3&4, the final approval shall be done on RFC from
Note: The MOC will not be closed unless they are ensuring the completion
the top management.
of complete the training of the relevant employees (including the
Implementation Phase emergency room members - if necessary - because they may affect during
emergencies).
The Engineer In Charge (EIC) shall arrange all the necessary resources
(i.e., personals, spare parts, and tools) to implement the change. The
implementation may be done by contractors.
74
Temporary Changes • MOCs after HIRA: MOC can be cancelled based on high-risk or major
operability issues identified during the HIRA stage. MOC Coordinator
A temporary change is a change with the intention of returning to
shall submit the MOC to the site manager for formal cancelation.
the original design condition, and it has a specific expiry period (e.g.,
the number of days from the implementation date). Changes beyond In all cases, the MOC Coordinator subsequently notifies the EIC regarding
this period shall be re-evaluated and re-approved by the approving the MOC cancelation.
authorities. All temporary changes shall be evaluated using the same
Management of Change (MOC) Recordkeeping
considerations as permanent changes.
All MOC documentation is subject to companies' documented information
Emergency Change
procedures. The original or copies, where no original is available, of all
Emergency changes are those required in a situation where the documentation associated with MOC are to be retained by the MOC
time required for following the normal MOC steps could result in an Coordinator after closure. MOC documentation shall be retained for the
unacceptable safety hazard, a significant environmental or security entire lifespan of the process site.
incident, or extreme financial losses. This shall only be applied in High/
Medium risk situations. An initial risk assessment using Company's Risk List of Annexes
Matrix shall be performed before raising the Request For Change (RFC).
• Annex A – MOC Decision Tree.
Justification and risk control plans shall be documented.
• Annex B – MOC Process Map / Flowchart.
Emergency change requests require a fast-track process to effect the • Annex C – Request for Change Form (Proposed).
change and to be implemented during the time it takes to complete • Annex D – MOC Form (Proposal).
the change request. These include RFCs raised on an emergency • Annex E – MOC Budget Allocation Chart.
basis, initiated during weekends or in the middle of the night due to an • Annex F – List of Replacement In Kind (RIK) Examples.
urgent process site situation, such as bringing the process site back • Annex G – MOC Audit Form.
to a safe state. • Annex H – PHA Form.
Management of Change (MOC) Timeliness For annexes details, please refer to MANAGEMENT OF CHANGE (MOC)
GUIDELINE-EGPC-PSM-GL-018 on the PSM EGYPT website.
Changes are pertinent with their timeliness to get the real benefit of the
changes. Accordingly, MOC priority has to be determined at the initial
stage of the MOC process, and then a timeframe shall be established
Prepared by:
for each step. Companies, in their MOC procedures, shall define these
Ahmed Mohammed Ibrahim Mohammed Roustom
requirements to manage such changes for their facilities.
Risk Management and Loss Prevention Studies
Management of Change (MOC) Cancelation Assistant General Manager – GASCO
During any MOC, there may be concerns raised or the project may be
Technical Consultant:
cancelled during the review process, which would make it necessary to
Amr Fathy Moawad Hassan
cancel the MOC. The MOC Coordinator shall be notified in writing of the
PSM Senior Consultant at Methanex Egypt
request for cancelation, including a brief explanation of why the MOC is
being cancelled. MOC shall be cancelled in the following two ways:
• MOCs before approval: MOC Coordinator shall submit the MOC to the
MOC Committee for formal cancelation.
• MOCs after approval: The MOC Coordinator shall submit the MOC to
the site manager for formal cancelation.
75
Process Safety Culture Assessment
Guideline
EGPC-PSM-GL-020
76
Overview Process Safety Culture Assessment
Many of the qualitative elements of culture may be unique to an individual
- Introduction facility or even to a specific work group within the facility. It is very difficult to
- Process safety culture survey When conducting a culture assessment, data is best collected in a variety
of ways designed to encourage a complete and accurate disclosure while
- Process Culture Survey Methodology
minimizing any bias imposed by the collection process. The result can then
be compared to eliminate (or explain) inconsistencies. Various collection
Introduction methods consist of:
People play a key role in PSM system implementation. Systems are • Written surveys.
created, followed, and assessed by people. In addition, safety and process
• Focus Group Interviews.
safety measures require people to design, construct, maintain and operate
assets; hence, people can be a cause of incidents (due to human error) and • Individual Interviews.
can act as a barrier to prevent them. All incidents are directly or indirectly • Process Safety Metrics.
caused by people’s behavior or human error.
In this document, a written survey was adopted and used to provide an
The facilities need to conduct Organizational Culture Assessments to easy application. Qualitative techniques can be done without having the
assess individual and group values of safety and risk tolerance within each need to outsource third-party.
work group. One objective of the Process Safety Culture Assessment is
to gauge the commitment and effectiveness of an organization’s process Written surveys, such as the Baker Panel Survey Instrument, are useful
safety management program by evaluating attitudes, perceptions, for comparing and measuring shifts in employee perceptions over time.
competencies, and patterns of behavior. Once these issues are known, Written surveys are easy to administer and analyze, and they can be useful
a facility can direct the design, execution, evaluation, and continuous in measuring perceptions.
The purpose of this guideline is to guide the companies that belong recommend actions for improvement, a process safety culture survey
to EGPC and entities to conduct a survey, assess and analyze the can give insight into the organization’s response toward safety, and it
process safety culture level of the company and identify and implement can also be considered as a proactive tool to predict or signal possible
improvement opportunities to enhance process safety culture and future failures. On the other hand, a safety culture survey that shows
achieve process safety objectives. employees do not feel safe at work is a leading indicator that the safety
process performance needs to be adjusted or action needs to be taken to
mitigate possible risks that can arise from either the work environment or
the organizational culture.
77
The best practices show that the questionnaire is best constructed based b. The questionnaire was distributed to approximately 10% of the sample
on the following aspects: members (a specified percentage of the experimental sample) of
various disciplines.
• Process Safety Reporting.
c. The Alpha coefficient of Cronbach (statistical coefficient used to
• Safety Values/Commitment to Process Safety.
measure the validity and reliability of the questionnaire's phrases
• upervisory Involvement and Support. and the accuracy of the results taken from this questionnaire), and
• Procedures and Equipment. it has been shown that the results of the Alpha coefficient are good.
That illustrates the significant statistical validity and reliability of
• Worker Professionalism/Empowerment. the questionnaire.
• Process Safety Training.
From the above, the validity and reliability results of the questionnaire's
Questions or objective statements are written such that employees can phrases are good; therefore, the questionnaire can be applied in
answer the extent of agreement or disagreement with the statement. This assessing the culture of process safety for workers in the Egyptian
type of measurement is a Likert scale. The Likert scale is a rating scale that petroleum sector companies.
quantitatively assesses opinions, attitudes, or behaviors.
The objective results of the extent of agreement/disagreement can then Process Culture Survey Methodology
be categorized as an extent of commonly held sets of values, norms, and
Pre-Survey Preparation (Survey planning)
beliefs that forms the facility process safety culture.
PSM team will prepare a Culture Survey plan and send it for approval and
The questionnaire was prepared, and the validity of its questions was
coordinate with a focal point of each Division to implement the process of
measured to illustrate the possibility of relying on them in assessing the
safety culture survey complied with an approved plan.
process safety culture among workers in the Egyptian petroleum sector
through several verification stages according to the following steps: Pre-Survey Communication
• A draft of the questionnaire was prepared in the Arabic language Prior to conducting a survey, it is important to set the stage well before
by one of the process safety experts in the Egyptian PSM Technical the survey is issued. This will help to enlist employee buy-in and provide
Subcommittee with reference to the "Baker Panel Questionnaire" that a basic understanding of why the survey is being conducted. People will
was prepared internationally for the same purpose. be more willing to participate if they know what the objectives are, that
the survey is endorsed by senior management and that the results will
• The draft was reviewed by members of the Egyptian PSM technical
be shared. Several different communications should be issued at varied
subcommittee who have cumulative experience in all aspects of PSM
time intervals leading up to the actual survey being issued.
elements to illustrate that the questionnaire includes clear, structured,
consistent, and comprehensive questions. Then the questionnaire was Survey Implementation
modified according to the proposals for the amendment. All participating personnel shall answer the questions in survey form
• The internal (statistical) validity and reliability coefficient of the (Annex A&B), and after the survey, the focal point of each Division collects
questionnaire was calculated and verified through the following: the filled survey forms and send them to the PSM lead for data collection,
result in analysis, and final reporting.
a. Determine the number of experimental sample members for some
workers in an Egyptian firm working in the petrochemical industry (the Interpret and Communicate the Results,
number of the sample was calculated using the Stephen Sambathon Analysis of the data should be completed within a reasonable time after
equation). the survey is closed. Information about the raw data observations should
be provided to employees as soon as possible to recognize and reinforce
the value placed on the survey and on their participation in it.
78
Establish Action Plan
Pre-Survey Interpret and
Pre-Survey Survey
Communication Communicate
Implementation
Establishing an action plan is an essential part of the process safety Preparation
the Results
Final Report
Survey Steps
Process safety culture assessment final report shall include the following
as a minimum: List of Annexes
• The average score of process safety culture survey items. • Annex A – Process safety culture survey template (English).
• Annex B – Process safety culture survey template (Arabic).
• General comments from the survey.
• Annex C – Culture ladder
• Results analysis and an evaluation of the current process safety culture
level. For annexes details, please refer to PROCESS SAFETY CULTURE
ASSESSMENT GUIDELINE -EGPC-PSM-GL-020 on the PSM EGYPT website.
• Observations and suggestions (action plan) for enhancing process
safety culture level.
The report is to be presented to management and the workforce and Prepared by:
should be within one month of data collection. Hany Mohamed Tawfik
OHS & PS General Manager - Ethydco
The implementation of improvements should start within three months of
the report presentation. Technical Consultant:
79
Process Safety (KPIs)
Guideline
EGPC-PSM-GL-025
80
• Develop and implement an integrated process safety Key Performance
Overview
Indicators (KPIs) reporting system among all companies, contractors,
This snapshot showcases an overview of the process safety key and sub-contractors through unifying reporting boundaries of process
performance indicators guideline, focusing on the following main topics: safety Key Performance Indicators (KPIs).
established process safety KPIs leads to the development of the guideline exceeds industry norms by benchmarking Key Performance Indicators
(EGPC-PSM-GL-025) to focus on process safety Key Performance (KPIs) data against industry averages and by sharing lessons learned
Indicators. Tracking KPIs is vital to help companies to understand the with other entities and companies when available.
state of their facilities and systems, as well as provide entities with an • Ensure compliance of companies, entities, contractors, and sub-
indication of impending issues. contractors with Egyptian legislation and other requirements such as
international standards/guidelines for process safety Key Performance
Indicators (KPIs).
Purpose
The purpose of the KPIs guideline is to help companies to establish a
structured process to measure process safety performance. Having a Process Safety KPIs Selection
proper measure of Process Safety Performance will assist the decision- Consider the operations that will be monitored when selecting Key
making process in entities and companies in the process safety issues and Performance Indicators (KPIs). Selected Key Performance Indicators (KPIs)
effectively use the resources. To achieve this purpose, this guideline aims to: should reflect the most likely problem areas that may arise for the specific
• Provide information to decision-makers about the company’s operating situation and the available staff to maintain or monitor Key
performance in controlling their process hazards and risks, helping Performance Indicators (KPIs). There are two methods to select Process
companies to monitor their PSM performance, and measure the Safety KPIs:
strength of process safety barriers. Use Published Guidance on Process Safety KPIs:
81
Use the Barriers Thinking (Recommended Method): Step (3) - Confirm critical process and integrity barriers to prevent major
incidents:
One documented method uses process safety barriers identification
for KPIs selection. This concept uses indicators associated with critical It is important to determine and periodically confirm the risk control barriers
process safety barriers to evaluate PSM performance. This basic concept which are critical for the prevention of major incidents and to ensure
can be focused upon three information sources: that KPIs are in place to measure the effectiveness of these barriers. At
the facility or corporate level, there are three types of inputs that can be
• Use hazard analysis findings to identify potential high-impact events
used together to help identify weak or critical barriers. These inputs are
and the process safety barriers intended to prevent such incidents.
illustrated in the following Figure.
Select KPIs that indicate the health of these barriers.
Step (1): Ensure management ownership and establish an implementation Pro-active input relies upon the identification of hazards and risks which
team: could lead to a major incident and confirms which barriers are in place to
control the most important process safety risks and the management
The first step is to establish a team, typically bringing together operational
system elements to maintain and improve those barriers. Reactive input is
and safety expertise with top management at the facility, business, and
based upon root causes investigation of major incidents and high potential
corporate levels, as appropriate.
events or demands on process safety systems that could, in other
Step (2) - Establish Tier (1) and Tier (2) KPIs to assess company circumstances, have resulted in an actual incident.
per formance:
Step (4) - Select Tier (3) and Tier (4) KPIs:
Tier (1) and (2) lagging KPIs provide baseline performance information
regarding the number of recorded process safety events. To calculate Companies should select and implement appropriate Tier (3) and Tier (4)
Process Safety Key Performance Indicators (KPIs) (Tier 1 and 2). Each relevant Key Performance Indicators (KPIs), which will monitor the weakness in the
entity will be interested to know the number of hydrocarbons LOPCs and critical barriers identified in Step (2). There is a very wide choice of Tier (3)
the quantity of the released hydrocarbons from facilities of their affiliated and (4) KPIs. In process safety KPIs guidelines, examples of Tier (3) and (4)
companies. The annual lagging process safety indicator calculations will be: KPIs are provided, which may provide useful starting points, but companies
will usually need to re-tailor their KPIs regarding the critical barriers that are
Tier (1) PSE Rate = (Total Tier (1) PSE Count/ Total Worked hours (for drilling
identified.
and production activities) x 1,000,000
Step (5) - Collect quality data, analyze performance, and set
Equation 1. Tier-1 PSE Rate (ANSI/API 745 [1])
improvement actions:
Tier (2) PSE Rate = (Total Tier (2) PSE Count/Total Worked hours (for drilling
It is essential that the effort to collect and analyze data is not just about
and production activities) x 1,000,000
‘counting the score,’ but rather, it becomes an integral part of the
Equation 2. Tier-2 PSE Rate (ANSI/API 745 [1]) continuous improvement cycle within the PSM.
82
Step (6) - Regularly review critical barriers, actions, performance, and ministerial decisions, including, but not limited to, the OHS Labor Office,
KPIs effectiveness: the Egyptian Environmental Affairs Agency, etc. All companies have to
comply with the legal requirements contained in the national plan to
It is important to confirm that process safety KPIs remain focused on the
combat marine oil pollution, which has to be reported. In general, the
most important barriers to preventing major incidents. While some KPIs,
process safety events that have to be reported to the EGPC (or the relevant
particularly the Tier (1) and (2) measures, are intended to be implemented
entities) are those that are in line with the general framework for reporting
and established for a long-term review of performance, other KPIs may be
incidents and injuries, which are detailed below:
used for a few years and then evolve to provide more detailed information on
barrier strength. It is therefore recommended that the implementation team • The PS-related injuries, illness, fatalities, lost workday case, restricted
revisit Steps (3) and (4) to ensure that process safety barriers are regularly workday case, or medical treatment case for employees, contractors,
reviewed as part of management’s review of PSM system performance. and/or 3rd parties.
Supplementary Step - The Review of the process safety Key Performance • Process safety high potential events.
Indicators (KPIs) Data:
• Major Accidents as defined in EGPC-PSM-GL-011.
The regular review of process safety Key Performance Indicators (KPIs)
• Process Safety events Tie (1) and/or Tier (2).
has to be part of the continuous improvement cycle in the PSM system.
Companies should consider the engagement of all relevant parties in • Incidents that resulted in total/partial shutdown triggered by Safety
the review process. Although the review can focus on process safety Critical Elements (SCE), hydrocarbon gas and/or liquid release, and/or
performance, it is good practice to broaden the range of the review's fire/explosions.
inputs. Examples of other inputs can include: • Incidents involving loss of radioactive sources used for industrial
• Any process safety audit findings. radiography and/or other services.
• Summary of investigation outcomes and implementation of lessons • All process fires (see process and non-process fires in Annex F) and/or
learned. explosions.
• Responses to major incidents elsewhere in the industry. • Incidents caused by sabotage, wilful damage, product theft from
transmission pipelines, or any equivalent events which cause asset
• Overview of plant reliability and correlation with process safety KPIs.
damage for any process facilities. That includes any process facilities'
Changes to staffing levels, safety-critical competencies, training, and
equipment, piping, or the transmission pipelines of crude oil, natural
demographics.
gas, or their derivatives such as gasoline, diesel liquid, condensate,
• Regulatory compliance performance or changes. commercial propane, LPG, etc.
• Safety culture surveys or behavior-based safety findings. • Loss of Containment (LOC) resulting from equipment, piping, or pipeline
failure due to integrity concerns.
• Benchmarking data and sharing good practices with peer companies.
• Loss of Containment (LOC) resulting from 3rd party activities such as
excavation or construction.
Reporting and Communication of Process
• Accidents of tankers for transporting petroleum products as well
Safety KPIs
as Motor Vehicle Crash (MVC) rollover incidents that lead to Loss
General Framework for Reportable Process Safety Events (Tier 1 and2 Oof Containment (LOC) and that are probable to be associated with
KPIs): recordable injuries, fatalities, fire, explosion, or soil pollution.
All companies shall report process safety events (accidents) to the local • Any cited violations and/or disciplinary actions issued by local
authorities and government agencies under the relevant Egyptian laws and authorities.
83
• Environmental incidents related to process safety events as defined in resource to everyone involved in improving performance, and
the Environmental Incident Guidelines of EEAA. communicating results is a key activity in maintaining a successful
improvement effort.
Tier (3) KPIs (Process Safety Near Miss) Reporting:
Effectively sharing results promptly is the central objective of the
It is recommended to implement the Tier (3) Process Safety Key
communications strategy, and this strategy has to include internal and
Performance Indicators (KPIs) (Process Safety Near Miss) reporting
external ways of communication.
program at all companies. Since a near miss is an actual event or discovery
of a potentially unsafe situation, this KPI could be defined as a “Lagging” Internal communication of the KPIs data will quickly highlight relevant
KPI. A large number of increasing trends in such events could be viewed as trends and changes to promote management review and action. Typically,
an indicator of a higher potential for a more significant event; therefore, all a dashboard highlights process safety together with related operational
companies can use Near Miss (Tier 3 KPIs) as a surrogate for a “Leading” data to quickly show any change. The important issue in communicating
KPI. That will help them to discover the process safety trend in the reported the KPIs is to strengthen the process safety barriers through the support
near misses, as well as it is a positive sign of improved culture and process of the decision-making process by top management.
safety awareness by the company.
The external communication of the KPIs data is important for benchmarking
Therefore, the number and count of more significant incidents may decrease purposes. companies have to ensure that the definitions of the KPIs are
as the number of near misses reported increases. If a company already clearly understood and are not ambiguous to preserve consistency and
has an effective near-miss reporting system that aligns with the definition effective benchmarking. Process safety KPIs, especially lagging ones, are
in process safety KPIs guideline, there should be no reason to replace that associated with process safety events.
existing system. It is recommended to report a small Loss of Containments
List of Annexes
(LOCs) which is excluded from the industry lagging KPIs at least.
Near misses and reporting provide valuable data for improving the process • Annex A – Guidance for Defining Tiers (1) and (2) Process Safety KPIs.
safety management systems at a facility. The following processes can • Annex B – Guidance for PSM KPIs of Corporate, Business, and Individual
maximize the benefits of the process safety near-miss program. Facility Levels.
• Annex C – Guidance for Implementation of Tier (3) and Tier (4) Indicators.
• Use process safety lagging indicators, process safety near misses,
• Annex D – Guidance for Determining High Potential Process Safety Events.
and management system leading indicators to build a process safety
• Annex E – Guidance for Typical KPIs for PSM 20 elements.
performance pyramid.
• Annex F – Guidance for Process and Non-Process Fires.
• When evaluating process safety near misses, consider the potential • Annex G – Typical Annual Process Safety Lagging KPIs Form.
adverse impacts. The level of response to a near-miss (i.e., investigation, • Annex H – Questions to Ask During the Annual Review of KPIs.
analysis, and follow-up) should be determined using the potential as well • Annex I – Guidance for International Regulations.
as the actual consequences of the event.
For annexes details, please refer to process safety KPIs guideline - EGPC-
• Tie the near-miss data to the deficient management system to PSM-GL-025 on the PSM EGYPT website.
drive system improvements from near misses as well as from actual
Prepared by:
incidents. Place value upon reporting near misses.
Ahmed Mohammed Ibrahim Mohammed Roustom
• Consider reward/recognition for reporting near misses as well as Risk Management and Loss Prevention Studies
rewards for performance. Assistant General Manager – GASCO
Process Safety KPIs Communication
Technical Consultant:
Communicating with those who can and do influence process safety is a
Amr Fathy Moawad Hassan
key to improvement. Key Performance Indicators (KPIs) are a valuable
PSM Senior Consultant at Methanex Egypt
84
Texas City Incident – Texas City,
United States. Wednesday, March
23, 2005. Refinery explosion. 15
deaths and 180 injuries.
85
Process Safety Studies In
The Oil, Gas and
Petrochemical Sector
86
Hazard Identification
(HAZID) Guideline
EGPC-PSM-GL-001
87
Overview The objectives of a Hazard Identification (HAZID) review are to:
The objective of a Hazard Identification (HAZID) review is to identify all Hazard identification should be conducted (as a first step to mitigate
significant hazards associated with a proposed activity, intending to risks) for any company activities that might put individuals, assets, or the
eliminate or reduce the hazards during the planning stages of the activity environment at risk.
(e.g., during the design stage of a project). The HAZID should be performed in advance of the planned activities
Early identification of hazards facilitates early implementation of risk to allow sufficient time for evaluation of the hazards so that the most
reduction measures, thus reducing the impact on cost and schedule appropriate course of action may be taken and so that the necessary
compared to the later implementation of measures. It provides an changes can be made to the design or procedures with minimum cost
opportunity to draw on collective experience and lessons learned to and schedule impact.
88
Project Life Cycle Stages Unless otherwise agreed by company operation, engineering, or project
departments, the HAZID TOR document should include the following:
During project development, a HAZID review should be conducted at the
following stages: 1. Objectives.
2. Scope.
• Evaluation / Concept Selection Stage.
3. Type of hazards.
• Basic Engineering / FEED Stage.
4. Methodology.
• Construction, Commissioning, and Start-up Stage.
5. How will recommendations be tracked?
Operation Life Cycle Stage 6. Personnel.
HAZID reviews should be conducted before significant modifications 7. Schedule for the study and report delivery.
during the operating stage driven by the Management of the Change 8. List of reference documents needed for the review (e.g., site layout,
process and for decommissioning activities. process type).
9. Recording tool.
The Safety Case Standard (EGPC-PSM-ST-002) requires periodic review of
the Safety Case validity (with an update of the Safety Case where required). Study Scope
Dependent upon the outcome of these reviews, additional HAZID reviews The scope of the HAZID study for new projects or existing operations
of the facility may be required. should identify the following:
Duration 1. Facility and/or process boundaries of the review.
A HAZID review may last from a few hours to several days, depending on 2. Operational modes included.
the complexity of the activity to be reviewed. Reviews of new plant designs 3. Interfaces included. Interfaces can be with other systems on-site or
will tend to take one to a few days. interfaces with offsite systems.
4. How human factors and facility siting issues will be included.
HAZID review duration is generally influenced by the complexity of the
5. Which ISD activities below will be performed in conjunction with the
plant/activity to be reviewed, the number of systems (or sections) into
HAZID.
which the facilities are divided, and the number of personnel in the review
team. For example, if the plant is divided into too many parts, the review System Definition
could become repetitive, and the team’s progress will be slower. Early-stage HAZID reviews can be conducted on a “global” basis –
When planning a HAZID review that may be of longer duration, effectively treating the whole of the facility as one section. While large or
consideration should be given to the demands that will be placed on the complex plants may need to be subdivided into systems or sections for
team. Each working day should be of a suitable length (i.e., not too long), ease of review, each system should be large enough to enable upstream
and suitable breaks should be included in the schedule to ensure that the and downstream causes and effects to be taken into account.
team remains alert and productive. Hazard Identification should include, but not be limited to, the systems and
Terms of Reference (TOR) and Study Scope facilities detailed in Annex B
The HAZID TOR should be developed in all cases. A TOR will support the The quality of output from any HAZID review is highly dependent on the
efficient execution of the HAZID. knowledge and experience of the assembled team. The HAZID team
should consist, as a minimum, of a Team Leader, a scribe, and engineers/
The formality and extent of the TOR should be consistent with the size and
personnel relevant to the project or operation.
complexity of the HAZID. For a major project, the TOR is typically detailed,
while for a minor change, the TOR could be a brief statement addressing
the scope, types of hazards covered, and methodology.
89
HAZID Team Leader HAZID Study Team
Each HAZID study shall have a leader. He should have the following skills The HAZID team should comprise experienced and competent personnel
and experience: input from a multidisciplinary team familiar with the project or facility with
a good working knowledge of the process/facility design, design intent,
• Attended a recognized industry available and accredited HAZID
equipment to be used, or the activities to be reviewed. However, the team
or HAZOP leader training course that provides instruction on
may include the following:
preparing, leading, and documenting a HAZID, as well as on the
HAZID technique itself. 1. Process/Technical Safety Representative.
2. Process Representative.
• Participated as a HAZID team member on previous HAZIDs or acted as
3. Production & Maintenance Representative.
a scribe for HAZID sessions under the leadership of a competent HAZID
4. Project Engineer.
leader.
5. Discipline Engineers can be full or part-time as required, according to the
• He should have strong facilitation and communication skills for leading HAZID scope.
HAZID reviews to guide the team, stimulate brainstorming, summarise
The HAZID leader shall work with the project or operating facility leaders to
the discussion, and maintain the focus and momentum of the exercise to
select and appoint competent team members based on their experience
ensure that the team works effectively to identify all potential hazards.
and the type and scale of the study being conducted.
The HAZID Team Leader will be responsible for the following:
Depending on the scope of the HAZID study, attendance may be limited to
• Advising project/operations leadership of issues that could affect the those system interfaces or specialist knowledge areas in which participants
integrity of the study and working with leadership to ensure an effective are involved. All planned participants should be present at the kick-off of the
resolution. HAZID study to ensure a common understanding of the HAZID methodology
and scope. Substitution of HAZID study team members should be avoided or
• Advising project/operations leadership of the need to delay/
minimized to ensure the continuity and homogeneity of the study.
postpone the study until issues affecting the integrity of the HAZID
can be resolved. The suggested maximum number of participants is approximately 12 people.
Additional Subject Matter Experts (SMEs) can attend part-time to cover
• Be alert to time pressures and ensure that the quality, thoroughness, or
specific systems, activities, or review areas.
integrity of the review is not compromised.
Preparation
• Resolving any conflict that may arise during the study.
Preparation has a major effect on study efficiency. For larger studies,
HAZID Scribe
an appointed study coordinator, who can be the leader or scribe, can be
The HAZID scribe should ideally be an engineer or a person with a pragmatic way of managing preparation. HAZID study, planning, and
enough technical and engineering background who can understand the preparation should include the following:
discussions and record the proceedings with minimal prompting from
1. Development of a schedule.
the Team Leader. The HAZID scribe should work with the leader to ensure
2. Selection of a study venue based on the location of design information,
that study documentation is complete and recommendations are clearly
team members, and the facility to be reviewed.
worded.
3. Selection of a study room that comfortably accommodates the HAZID
The HAZID scribe should be responsible for preparing HAZID worksheets team and additional participants with working space for documentation.
and HAZID reports as well as recording and filing all documents (including 4. For existing facilities, arrange a site tour.
the attendance list) used and generated during the study in accordance
with the directions of the HAZID facilitator.
90
HAZID Guidewords It is recommended that the HAZID review proceeds, as shown the Figure.
Greater detail is provided in the steps below:
HAZID study preparation should include a selection of guidewords to be
used (See Annex A) within the study. Preparation of a guideword list relevant
Hazard Identification (HAZID) – Reporting
to the scope of the study will focus on and improve the study's efficiency.
HAZID Study Report
Reference Documents
It is the responsibility of the team leader to ensure that the HAZID process
Before commencing the HAZID study, planning and preparation should
is recorded to allow it to be audited, verified, and reviewed.
include the identification and gathering of relevant documentation. All
drawings and documents should be the latest revision available, and the a. The team leader will be responsible for the following:
revisions used for the review should be recorded in the HAZID report.
1. Issuing the HAZID report and reviewing comments.
HAZID supporting documentation varies, depending on the study scope
2. Ensuring an appropriate competent person is assigned for every
and timing. Layouts and process systems, PFDs, or process block diagrams
action.
are the focal point of the HAZID study. A single large set can be used to
support discussions within the HAZID study. b. The HAZID study report shall be formally issued as it serves as the
permanent record of the study, indicating its quality and completeness.
Hazard Identification (HAZID) – Execution
c. The study report and the HAZID worksheets (see Annex C).
Starting the HAZID study
d. HAZID report should include - at least - the following sections:
At the start of the study, the HAZID leader shall provide an orientation to
1. The main report includes an Executive summary, Scope of the study,
the team to enable a common understanding of the following:
Process or system description and design purpose, Methodology,
1. Study objectives.
HAZID team members and their roles, HAZID recommendations, and
2. HAZID scope.
Distribution list.
3. HAZID methodology.
4. Ground rules for the HAZID study and expectations of team members. 2. Appendices include TOR for the HAZID study, HAZID worksheets
(See Annex C), Team session attendance, and a List of drawings and
HAZID Review Methodology
references.
The recommended approach to a HAZID review is a brainstorming exercise
HAZID Study Recording
guided by an experienced Team Leader using a suitable set of guidewords
to prompt discussion of the potential hazards. HAZID study steps should be documented in worksheets where the HAZID
IDENTIFY
study team is responsible for the quality, accuracy, and completeness of
STEP 1: Select Area STEP 2: Establish Main STEP 3: Select STEP 4: HAZARD, is it the HAZID study worksheets.
System, or Activity Features of System/Activity Guide Word Possible, is it Likely?
In the recording of the HAZID review, those hazards which are discussed
No
Have all Have all No BRAINSTORM and are not considered significant, or where the existing Barriers
systems been guide words been STEP 5: Identify
analyzed? Yes analyzed? All Causes and (safeguards) are considered adequate, and no further action is identified,
Consequences
should be recorded on the HAZID worksheets (see Annex C) with the
Yes
ASSESS
Evaluate Worst Credible reasons to provide a record of the HAZID teams discussions. This should
STEP 9: Record
Minutes and Actions STEP 6: Perform Risk Evaluation
and Ranking (if applicable)
allow easy auditing of the HAZID process and assist in the reassessment
Evaluate Residual Risk Evaluate Current Risk of the hazards list if the HAZID is revisited (e.g., due to changes being
STEP 8: What Additional STEP 7: What Existing
Barriers are Required to
Manage the Risk?
Barriers to Prevent or
Control the Effects?
proposed in the design).
91
HAZID Study Recommendation register should detail each hazard under a unique reference, with
appropriate details of cause, consequence, and applicable safeguards
The number and complexity of recommendations will depend on the project
(Barriers).
stage, size, and complexity of the HAZID. Recommendations can focus on
hazards that cause higher severity scenarios or concentrate on the greatest Identification of Barriers
reduction in severity or risk that can be achieved. If HAZID is used as the final
The HAZID should be used to identify Barriers that are required to manage
hazard analysis (e.g., for a module move), recommendations will also cover
the hazards. These comprise prevention, detection, control, and mitigation
lower-severity scenarios.
measures and provisions for escape, muster, evacuation, and emergency
Recommendations should have the following characteristics: response. Although the identification of Barriers may be commenced in the
HAZID review (existing safeguards will be listed for each hazard), the full
1. Standalone, so they are comprehensible without the HAZID worksheets.
identification of Barriers is an activity that will usually need to be concluded
2. A clear point of closure.
after the review, based on the outputs of the review and further more
3. Be understandable, concise, and unambiguous.
detailed safety assessment work.
4. Identify the reason for the recommendation and communicate the
purpose. Establishing the Scope of Safety Assessments
5. Avoid a prescriptive solution.
The hazards identified and HAZID outputs (causes and consequences of
6. Recommendations may be assigned a priority.
accidental events, Barriers required, etc.) should be taken into account in
Recommendation Follow up subsequent safety assessment studies. Actions from the HAZID should be
incorporated into the scope of these studies where practicable.
Recommendations shall be addressed promptly and tracked until closure.
To achieve this, each recommendation should be assigned to a responsible Further guidance for establishing the scope of safety assessments for
party with a target completion date. Projects is given in the Process Safety Studies in Oil & Gas Major Projects
Guideline (EGPC-PSM-GL-002).
Technical reasons for recommendation resolution, including a suggestion
of a different action or rejection, shall be clearly stated in writing. A formal
List of Annexes
record should be kept of such decisions, which can be accessed in the
future if required. • Annex A – HAZID Guidewords.
• Annex B – System Definitions.
Recommendations actions assigned and tracked to completion, including
• Annex C – HAZID Worksheet.
Responsible person, Status, Schedule for completion, and Approval of
closure. For annexes details, please refer to HAZARD IDENTIFICATION (HAZID)
GUIDELINE - EGPC-PSM-GL-001 on the PSM EGYPT website.
Relevant recommendations and actions from HAZID reports and related
study documents should be communicated to the workforce who may be
affected by them. Prepared by:
Tamer AbdelFattah
For existing operating facilities, a MOC process shall be followed for
QHSE Senior at United Gas Derivatives Company
approved changes resulting from HAZID study recommendations.
Risk Register
Technical Consultant:
The Risk Register is required to be developed at the Project life cycle stage Amr Fathy Moawad Hassan
and thereafter kept up to date by the operating asset. As a minimum, the PSM Senior Consultant at Methanex Egypt
92
Process Safety Studies In Oil & Gas
Major Projects
EGPC-PSM-GL-002
93
In the design phases, all inputs come from process safety. The intent of
Overview
this guideline is not to describe in detail how to perform specific process
This snapshot showcases an overview of the principles and methodology that
safety studies but rather to identify what needs to be addressed at each
comprise the EGPC-PSM-GL-002 guideline, which will focus on the following:
stage of a project.
-
Project phases
Exceptions from the Guidline
A project is usually organized into phases that are determined by
- Overlapping with other Engineering Disciplines
governance and control needs. Throughout this guideline, the project
- Process Safety Studies during different Engineering Phases phases are commonly divided into four main phases. All phases are
distinct and separate from each other by a decision stage gate to evaluate
Stage Gate Review (Assure that PS Requirements are properly
- the completeness, quality, and maturity of the decision made during that
Completed and Achieved its Objectives)
phase and provide approval either or against advancing to the next project
phase.
Introduction
The main focus of this guideline is on proactively implementing process Evaluation/ Basic Construction/
Detailed
safety studies at the optimum timeframe while also addressing reactively Concept Engineering/
Engineering
Commissioning/
Selection FEED Startup
conducting a cold-eyed review to assure that nothing significant has been
missed. This approach ensures that if the right process safety studies are
conducted at the right time, project leadership will have the right process During the project, process safety engineering interacts continually with
safety information to be able to make the right risk management decisions all engineering disciplines involved in the project. In this context, process
regarding safety. safety engineering receives, processes, and analyzes information coming
from engineering disciplines and manages all Process Safety (PS) studies
The main aim of this guideline is to:
needed for the success of the project development.
• Provide clarity regarding process safety input throughout the overall
The key points of successful implementation of process safety in projects
project phases from evaluation to project execution;
are to identify and plan the required process safety studies/activities at an
• Underline the main process safety studies during project phases, early stage and link them with other engineering activities.
focusing on their interaction and scheduling inside the safety engineering
discipline;
Process Safety Studies in The Evaluation and
• Explain how process safety studies interact with other disciplines, inside
Concept Selection Phase
and outside the engineering department; and,
• Articulate the role of process safety engineering inside the engineering List of Studies
department and how it is involved in the managing of process safety
studies during project development. - Preliminary HAZID.
94
Process Safety Studies in Basic Process Safety Studies in
Engineering/Feed Phase Detailed Engineering
95
Prepared by:
Stage-Gate Review
Sayed Eid Sayed Khalil
Stage gate review is a requirement that is needed at key milestones and HSE Assistance General Manager - Agiba Petroleum Company
phases of the life cycle of capital projects to ensure that the process safety
requirements are properly completed and achieved objectives. Hany Mohamed Tawfik
The stage-gate review is conducted by an independent and experienced OHS & PS General Manager - Ethydco
multi-discipline team familiar with the relevant facility, process and
technology. This team assesses whether the project management team Technical Consultant:
has fulfilled its process safety objectives for the current project phase. Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
96
Inherently Safer Design (ISD)
Guidelines
EGPC-PSM-GL-003
97
Overview Entities, companies, and contractors should ensure that all requirements
listed herein are fully understood, implemented, complied with, and always
- Introduction monitored, including current operations and existing and future projects
during the whole project's life cycle from feasibility to decommissioning.
- Scope and Purpose
Introduction and to protect people and plants from the effects. With the safer design,
there are fewer hazards, fewer causes, and fewer people are exposed to
"Inherent" has been defined as "existing in something as a permanent and
the effects.
inseparable element, quality, or attribute."
There are four main design strategies for developing inherently safer
Inherent Safety is a concept and an approach to safety that focuses on
processes: minimize, substitute, moderate, and simplify. These strategies
eliminating or reducing the hazards associated with a set of conditions.
can be applied at any phase of the process life cycle. Although the
A chemical manufacturing process is inherently safer if it reduces or
substitution and moderation strategies are best employed during the initial
eliminates the hazards associated with materials and operations used in
process design, these four strategies form a protocol by which the risks
the process. This reduction or elimination is permanent and inseparable.
associated with the loss of containment of hazardous materials or energy
Identifying and implementing inherent safety in a specific context is called can be significantly reduced and sometimes eliminated. The elimination
inherently safer design. A process with reduced hazards is inherently safer of risk due to loss of containment is difficult, if not impossible, to achieve
than a process with only passive, active, and procedural controls. using other risk reduction measures, i.e., active or passive safeguards.
These measures, while effective if installed and maintained properly,
Inherent Safety is a modern term for an age-old concept: eliminating
generally reduce the likelihood of release and sometimes mitigate the
hazards rather than accepting and managing them. This concept goes
consequences of a release. However, they cannot reduce the risk to zero.
back to prehistoric times. For example, building villages near a river on
high ground, rather than managing flood risk with dikes and walls, is an MINIMIZE: In the context of ISD, minimizing means to reduce the quantity
inherently safer design concept. of material or energy contained in a manufacturing process or plant.
Process minimization is often thought of as resulting from the application
of innovative new technology to a chemical process,
Scope and Purpose
The term "process intensification" is synonymous with "minimization,"
The primary objective of these guidelines is to provide a tool that can be
though the former is often used more specifically to describe new
easily used by any industrial company that handles hazardous chemicals
technologies that reduce the size of unit operations equipment, particularly
to understand inherent safety concepts better. It applies to the Egyptian
reactors. In recent years, innovative process intensification techniques
General Petroleum Corporation (EGPC) and Oil and Gas Holding
have received, and continue to receive, more attention.
Companies, including the Egyptian Natural Gas Holding Company (EGAS),
the Egyptian Petrochemical Holding Company (ECHEM), and the South
Valley Petroleum Holding Company (GANOPE) covering all their operational
subsidiaries, state-owned companies, affiliates, and joint ventures.
98
SUBSTITUTE: In the context of ISD, "substitution" means replacing a
hazardous material or process with an alternative that reduces or eliminates Activities Steps
the hazard. Process designers, line managers, and plant technical staff
should continually inquire if less hazardous alternatives can be effectively
substituted for all hazardous materials used in a manufacturing process. Identify all hazards and causes of these
Identify Hazards
materials, actions, and conditions
However, the substitution concept of inherent safety is best applied during
the initial design of a process. Substituting raw materials and intermediates
after the process has been built, while possible in some cases, is usually Assess hazards, their causes and effects,
Understand Hazards
and how these interact with the design
very difficult.
99
Application of ISD through the ISD Review Methodology
Project Lifecycle The objectives for an inherent safety review are to employ a synergistic
opportunities arise to apply the concepts and practices of inherently safer • Understand the hazards.
technologies and strategies. These opportunities should be evaluated
• Find ways to eliminate or reduce those hazards.
to determine if the strategies can be applied and whether the costs
commensurate with the possible risk reduction. The first major objective for the inherent safety review is developing a good
understanding of the hazards involved in the process. Early understanding
Different choices and decisions are made as the engineering progress
of these hazards allows the development team to implement
through the project life cycle, conceptual plant design, FEED, engineering
recommendations from the inherent safety effort.
and detailed plant design, plant construction, start-up, and ongoing
operation and future modification. The ISD philosophy applies at all stages, Reducing and eliminating hazards and their associated risks is the second
but the available options change. major objective. Applying inherent safety principles early in the product/
process development effort provides the greatest opportunity to achieve
ISD approaches are applied to inform decisions throughout the project
the inherent safety review process objectives for the project at hand. If
lifecycle. As the project progresses, the scale and nature of decisions
these principles are applied late in the effort, the results may have to be
change. Early in the project, ISD approaches can influence fundamental
applied to the "project after next," as the schedule may not permit the
concept decisions, affecting risk levels throughout the asset's life. Early
implementation of the results.
emphasis on ISD in decision-making is therefore very influential, but ISD
informs decisions taken at different levels throughout the project stages. Experience with inherent safety reviews for a new process or project
indicates that project investment costs are often reduced due to this
exercise. The main contributors to investment reduction are eliminating
Application of ID through equipment and reducing the need for safety systems. Capturing these
Operations Stage potential savings largely depends on the timing of the reviews within the
process or project development cycle.
While applying inherent safety at the start of a system's lifecycle provides
the greatest opportunities to reduce risk, it does not mean it is only relevant The same two primary objectives apply to an ISD review of an existing
to projects. There can be many opportunities to apply inherent Safety process. Generally, these reviews are designed to identify either incremental
during the operational stage of the lifecycle of a system. improvements, primarily in simplification, possible major improvements
that can be made in the event of a process renovation or major equipment
While identifying opportunities for inherent safety should be a continual
replacement, or ISD opportunities for future facilities manufacturing the
goal, there will be specific times when it should be considered formally.
same product. Often, large capital expenditures to improve ISD are difficult
For example, inherent safety should be an option when identifying actions
to justify if the process operates without major incidents. However, when
following an incident investigation or when evaluating a plant or process
major projects are planned, they provide a good opportunity to identify
change instead of simply specifying additional safety systems or changes
opportunities for incorporating inherently safer design features.
to procedures. Also, it should be a key part of any routine review of safety
studies, and any study carried out retrospectively.
100
List of Annexes Prepared by:
Hany Mohamed Tawfik
• Annex A – Examples of Inherently Safer Design Application.
OHS & PS General Manager - Ethydco
• Annex B – Typical Methodology for Review of Concepts against ISD
Goals.
Tamer AbdelFattah
• Annex C – ISD Review Worksheets.
QHSE Senior - UGDC
• Annex D – ISD Review Brainstorming Considerations.
Technical Consultant:
Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
101
The Pike River Mine Disaster -
Greymouth, New Zealand. Friday,
November 19, 2010. Methane
explosion. 29 deaths.
102
Layout and Facility
Siting Guideline
EGPC-PSM-GL-004
103
Overview process units, and associated equipment/piping within the facility.
The scope of this guideline includes siting and layout study for Greenfield,
This snapshot showcases an overview of the principles and methodology
Brownfield, and Extensions/Modifications of an existing plant. This
that comprise the EGPC-PSM-GL-004 guideline, which will focus on the
guideline covers facilities such as oil & gas Plants, refineries, petrochemical,
following:
chemical plants, and fuel or chemical storage sites where hazardous
- Facility Life-Cycle Phaces materials are stored, handled or processed.
- Facility Siting Process (Selection, Evaluation, Mitigation The objective of the guideline is to develop an informative decision/s
Implementation, Revalidation & Mange Change) regarding controlling/mitigating the risks/impact associated with the
plant siting and layout, so it can be integrated and balanced with the other
- Documentation for Layout & Siting Study
plant layout design requirements.
of operation, and cost of operation and maintenance. In principle, applying the site and layout of any facility and reduce the life-cycle costs is to
inherent safe design principles during siting and layout design will have apply the siting and layout approaches and principles early in the project’s
great potential for reducing complexity, risk, and cost. Siting and Layout development phase. A well-thought-out layout contributes to the successful
study should be conducted to account for both off-site and on-site impact planning of the design and construction stages of the project. Once the
from potential fire, explosion, and toxic hazards. Although it is commonly project moves away from the early stages, the opportunity for applying
known that facility siting study FSS is focused on occupied buildings, the the principles of siting and layout of the facility decreases; consequently,
current guideline is not focused only on the location of occupied buildings costly changes may be required, and lose the opportunity for effective
but also on siting and layout of the facility, process units, equipment, and cost savings. Moreover, after the facility is handed over to operation, it is
This guideline gives a discerption of the sequence for developing a facility Changes to layout during construction or later after the handover of the
siting study and different approaches that might be used during the project to operation is a very tuff task to be managed considering the
development of this study. In addition, it emphasizes approaches and principle of facility siting. In such a case, a specific mitigation plan might
concepts for deciding the mitigation strategy and consequently developing be required, which might be very costly in both money and time to be
the mitigation plan. Moreover, it gives guidance for studying off-site or implemented.
on-site changes that might affect the original facility siting study and the
requirements for revalidation. Facilities Siting Process
There are several stages for completing a facility siting study.
Scope/Objectives These stages are:
The scope of this guideline is to give guidance on the principles for • Selection, Evaluation
conducting a facility siting study with the target to optimize and reduce the • Mitigation Planning & Implementation
impact/risk associated/resulting from the location of a facility, • Revalidation & Managing Changes.
104
The evaluation of the fire impacts a function of the type of fire, i.e., pool fire,
jet fire, etc. The outcomes of the modeling of fire scenarios are introduced
Mitigation Revalidation in terms of thermal dose (flux and duration) and flame impingement. It also
Select Evaluate Planning & & Managing
Implementation Changes introduces how far the fire impact affects the different receptors (e.g.,
people, buildings, equipment, etc.) both on-site and off-site in the plant.
. Assessment . Explosion . Develop mitigation . Revalidation
approach. scenario. strategy, and of facility Toxic release evaluation is more difficult to model due to its difficulty
. Selection of . Fire scenario. mitigation plan. siting study.
scenario/s. . Toxic scenario. . Implement the in predicting the exact direction of travel, so we can assume that many
. Evaluation mitigation actions.
criteria. receptors can be subject to toxic release impact. In this regard, gas
dispersion modeling is important to account for the pattern of spreading
a toxic release and decide the most potentially impacted receptors. The
Selection Stage evaluation of the toxic release impact is a function of the concentration of
The target of this step or phase is to select the assessment strategies released gases. The outcomes of the modeling of the toxic release scenario
or approaches (spacing table approach, consequence-based approach, are introduced in terms of concentration and how far the toxic blooms will
risk-based approach), select the potential scenarios (fire, explosion, toxic travel and affect the different receptors both on-site and off-site in the
release), and finally select and decide on the evaluation criteria that will be plant.
used during the assessment.
105
Finally, whenever the decision has been made for a certain option, the plan
Documentation for Layout and Siting Study
shall document and report all the required mitigation measures along with
their corresponding cost and schedule for implementation. Documentation should be retained to include all choices, analysis and
evaluation results, and mitigation planning and implementation we made
during the facility siting process. A standard list to be included in the
Facility Siting Revalidation and document is assessment approaches, scenario selection basis, analysis
Managing Changes methodologies, the applicability of analysis methodologies, data sources
used in the analysis, applicability of data sources, evaluation criteria, results
The initial facility siting study is not the end of the goal to address the
of analysis, mitigation plans, recommendations, and tracking to not only
hazards associated with siting and layout of the facility throughout its
assure that the required recommendations are done but also report what
lifetime. Sites are always changed both on-site and off-site. Off-site
was done and decide whether to implement the recommendations exactly
changes include urban community sprawl and industrial expansions.
as stated or implement alternative protective measures which might
On the other hand, on-site changes include expansions of the existing
provide more risk reduction. Throughout the lifetime of the process, this
facility, relocation of facility units or buildings, demolishing of some
document should be retained and kept up to date as changes are made.
units, changes in occupancy loads, changes in process conditions, and
developed scenario types, e.g., explosion, fire, or toxic release, etc.
Revalidation of facility siting study does not mean re-do the whole study.
The primary objective is to review the results of the previously conducted
study and identify and control any new hazards that have been introduced
to the previously conducted study.
106
Flare
Occupied Bldgs
Lab/WHouse Administration Bldg
Boiler House/
Air Compressors/ Generation
Tank Storage Parking Lot
Control Room
Access Raod
Storm Water &
Waste Water Ponds
Process Equipment
Gate
Railcar Loading
Fire Station
Prevailing Wind
For annex details, please refer to LAYOUT AND FACILITY SITING GUIDELINE - Technical Consultant:
EGPC-PSM-GL-004 on the PSM EGYPT website. Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
107
Hazard and Operability (HAZOP)
Guideline
EGPC-PSM-GL-005
108
Overview The “Basic HAZOP” could be done during the basic or front-end
engineering design (FEED). This would give sufficient time to incorporate
This snapshot showcases an overview of the principles and methodology any required changes into the design and to add the cost impact
that comprise the key principles and methodology that comprise the of implementing the HAZOP recommendations to the total project
Hazard and Operability (HAZOP) Study Guideline, which will focus on the estimate. However, carrying out Basic HAZOP doesn’t eliminate the need
following: for carrying out the HAZOP study during the detailed design engineering
phase “Detailed HAZOP.”
The hazard and Operability (HAZOP) study is one of the most used process be tracked and implemented before the startup. When the final design
hazard analyses (PHA) techniques in the process industry. It consists of HAZOP has been completed, any subsequent changes made to the
a structured analysis carried out by a multidisciplinary team to identify design should be subjected to a proper MOC.
process hazards and operability problems in every part of the process. • If the design and P&IDs for vendor packages are not available during the
Through the HAZOP analysis, the team seeks to identify potential deviations HAZOP study, they should be subjected to a separate HAZOP review
from the design intent, examine their possible causes, assess their with special attention to the interface between the vendor package and
consequences, and recommend proper actions if the existing safeguards the process.
are not sufficient to control the risk. The study should include all process
lines, equipment, offsite facilities, utility systems, ESD systems, interface
Existing Facilities
with other facilities, and fire protection systems. HAZOP technique can be • Operating facilities shall revalidate their HAZOP at least every five (5)
used for both continuous and batch processes. It is also applicable to new years. Existing facilities that have not conducted a HAZOP study before
projects and existing facilities. shall carry out the HAZOP study after updating the necessary process
safety information, such as the P&ID and PFD.
109
• The study will not be effective unless the issues identified during the HAZOP Study Scribe
study are resolved and the recommendations and actions put into
The scribe should follow the discussion and record the analysis results
practice.
in the worksheet. He should also assist the study leader in planning and
• HAZOP methodology assumes that the design has been carried out per administrative duties. The scribe should be:
appropriate codes or standards. Therefore, it is not the scope of HAZOP
• Have good typing and summarizing skills.
to conduct a design review, check the quality of the design, or check
compliance with codes and standards. • Trained on the software utilized to record the study.
The main responsibilities of the HAZOP study leader include the following: the team members involved. Therefore, the selection of team members
is critical for successful HAZOP. The team members should participate
• Planning the study.
actively in the discussion, respecting the opinion of each other, being to
• Clarifying the scope and objectives of the study for all the team the point, and solving disagreements through discussion or voting. The
members. team should be as small as possible with the relevant skills and experience
available, preferably no larger than ten people. The composition of the
• Facilitating the study sessions.
HAZOP team, in addition to the HAZOP leader and the scribe, could be
• Identifying the nodes. divided into core members and part-time members.
• Advising the project/site leadership about issues that could affect the
integrity of the study, such as inaccurate process safety information,
team fatigue, and inadequate HAZOP team experience/expertise.
110
Core Members HAZOP Methodology
The core members of the team should be present at all sessions.
General
They have the following responsibilities:
The HAZOP study methodology consists of three major phases: planning
and preparation, study execution, and documentation and follow-up.
• Provides information regarding the process and
Process Engineer: operating conditions of each node.
Planning and Preparation
• Explains different process control loops.
Study Initiation
Project/ • Provides information about the design
The study is generally initiated by a person with responsibility for the
Design Engineer: specifications of the project.
project or organization, which in this guide is called the manager. The
manager should determine when a study is required, appoint a study
• Provides information regarding alarms.
Instrumentation/
• Provides information regarding safety leader, and provide the necessary resources to conduct the study. The
Control Engineer:
instrumented systems (SIS) and ESD strategies. manager is ultimately accountable for ensuring that any actions that arise
from the study are completed.
Maintenance/ • Provides information related to equipment
Mechanical Engineer: specifications and possible equipment troubles. Defining Study Scope
• Explains how operators will detect process The study scope shall be clearly stated. It should include the following:
upsets and how they will respond to them.
Operator: • Process and utility systems, including vendor packages.
• Provides insight into how the deviation or human
error could occur. • Normal and abnormal operational modes, e.g., startup, shutdown,
emergency shutdown.
Process Safety/ • Provides information regarding plant safety
HSE Engineer: and emergency procedures. • Safety, health, and environmental hazard consequences.
111
• A list of documents to be included in the review. Table. Examples of deviations and their associated guidewords
• Distribution list.
No part of the intention is achieved,
Negative NO
e.g., no flow
Collecting Data and Documentation
The HAZOP leader shall ensure that these documents are approved and
Covers reverse flow in pipes and
updated before starting the HAZOP sessions. REVERSE
reverse chemical reactions
Substitution
Establishing Guidewords and Deviations
A result other than the original intention is
OTHER THAN
achieved, i.e., transfer of the wrong material
In the planning stage of a HAZOP study, the study leader should propose
an initial list of guidewords to be used. The study leader should test the
Something happens early relative to
proposed guidewords against the system and confirm their adequacy. EARLY
clock time, e.g., cooling or filtration
The choice of guidewords should be considered carefully, as a guideword Time
Something happens late relative to
that is too specific can limit ideas and discussion, and one which is too LATE
clock time, e.g., cooling or filtration
general might not focus the HAZOP study efficiently. Some examples of
different types of deviation and their associated guidewords are given in
the following table.
Study Execution
General
At the start of a study meeting, the study leader should explain briefly the
HAZOP methodology and study plan to ensure that the team is familiar with
112
the process and the study scope and objectives. The HAZOP study should Node Selection
follow the sequence illustrated in the following figure:
Nodes should be carefully selected by the HAZOP Leader. However, the
team members may also have input in node selection. There are two types
Start Study of nodes: Process nodes and Global nodes.
Develop a Deviation
Process parameters should be selected and reviewed in turn for each
node. At least flow, temperature, pressure, and level should be considered.
Identify Credible causes Additional parameters should be selected as applicable to the process.
113
Identifying Consequence Documentation and Follow-Up
The team members should identify for each cause the practical HAZOP Worksheet
unmitigated ultimate consequence (consequences without giving any
The HAZOP worksheets should consist of the following:
credit to the safeguards). It may be beneficial to consult any dispersion
modeling or risk assessment, if available, to fully understand the range of • Node description: the node description should include clear boundaries
potential consequences. for the node and describe the relevant design and operating parameters
within the node.
Identifying Safeguards
• Deviation ID: each identified deviation shall have a unique identifier.
Principal safeguards shall be recorded in the HAZOP worksheet. Typical
safeguards (or protection layers) are illustrated in Figure 3. They could be • Parameters, guidewords, and deviations.
preventive (reducing the likelihood of the cause) or mitigative (reducing the • Cause: describes the initial cause for the deviations.
severity of the consequences). Relief valves should be listed as safeguards
• Consequence: it should be described without taking safeguards into
only after it has been confirmed that the relief valve size and set pressure
account.
are sufficient for the consequence being considered.
• Safeguards: all relevant safeguards should be listed for each deviation.
Risk Assessment
• Risk Assessment: it should be done at least for unmitigated risks and
The risk assessment should be carried out during the HAZOP using the
after incorporating the safeguards.
risk matrix included in EGPC-PSM-ST-001: Risk Management Standard.
The estimations of likelihood and severity are normally qualitative and rely • Recommendations/Actions.
on the team’s experience and judgment of similar events. The risk should • Action party: it is the responsible Department/Person for closing out the
at least be assessed without considering any safeguards (initial) and after HAZOP action.
adding the safeguards (current).
• Comments.
Recommendations/Actions
HAZOP Report
Recommendations shall be made if the team judges that the existing
The HAZOP should consist of the following sections:
safeguards are unlikely to prevent or sufficiently mitigate the risk.
Recommendations should meet the following criteria: 1. Main report:
• Stand alone, such that it is understandable without the benefit of the • Title page.
worksheet.
• Table of content, list of figures, and list of tables.
• Be able to be accomplished and have a clear point of closure.
• Executive summary.
• Be understandable, concise, and unambiguous.
• Introduction defining the scope of the study.
• Be worded to address the identified hazard.
• Process or system description and design intent.
• Be thorough (identifying the reason for the recommendation and
• Methodology including guidewords used.
communicating the intentions of the HAZOP team).
• HAZOP team members and their roles.
The HAZOP team should focus on addressing hazards and not try to design
the solution to the problems identified. The purpose of the HAZOP is to • Recommendations summary.
identify hazards, not to engineer solutions. Recommendations shall not be • References (list of P&IDs and other data used).
modified without the agreement of the HAZOP team.
• Distribution list.
114
2. Appendices: • A HAZOP follow-up/close-out report should be issued, which contains
the action response sheets for all recommendations and is to be handed
• HAZOP study worksheets.
over to the next project phase. Moreover, all the pending actions shall be
• List of recommendations from the study. included in a dedicated punch list, which shall be formally handed over to
• Team attendance for each session. the project management of the next phase.
• Recommendations shall be addressed in a timely manner and tracked analysis of human factors may be needed if the HAZOP shows that there
till closure. To achieve this, each recommendation should be assigned are significant risks associated with human factors that cannot be properly
to a responsible party with a target completion date for follow-up. Each addressed in the HAZOP.
considered “CLOSED” if the response includes a positive response 2. Non-standard procedures such as non-standard routing of flows.
to the recommendation with relevant attachments confirming its 3. Launching and receiving pipeline pigs.
implementation. HAZOP actions are to be considered “OPEN” if the 4. Batch production processes such as polymer manufacturing.
response is still on hold for any reason, such as waiting for the results of
another study, waiting for a vendor reply, or being implemented at a later
stage of the project.
115
• Redo: This option is selected when a repair of the original HAZOP is
HAZOP of Control or Computer Systems
impractical due to the following:
(CHAZOP)
- A high number of major defects in the original HAZOP.
Control systems, such as programmable electronic systems, have
the potential to create common-mode failures that result in multiple - Many incidents have occurred due to improper original HAZOP review.
simultaneous process deviations. HAZOP of control or computer system - Major changes to the plant since the initial HAZOP.
(CHAZOP) reviews how control and computer systems can fail and the
In these situations, it may be more cost and resource-effective to start
consequences of deviation from the design intent. A decision shall be made
from the beginning with a “blank sheet of paper.”
as to whether the traditional HAZOP adequately addresses control system
issues or whether a CHAZOP or other types of studies are necessary.
List of Annexes
Technical Consultant:
HAZOP Revalidation Amr Fathy Moawad Hassan
PSM Senior Consultant at Methanex Egypt
There are two courses of action that may be chosen to revalidate the
HAZOP study:
116
Quantitative Risk Assessment
(QRA) Guideline
EGPC-PSM-GL-008
117
This QRA guideline focuses on protecting people inside and around the
Overview
Major Hazard facilities, while protection of Assets is covered in the Fire and
This snapshot showcases an overview of the QRA lifecycle, methodology, Explosion Risk Assessment (FERA) Guideline (EGPC-PSM-GL-009).
expected outputs, and reporting, focusing on the following main topics:
This Guideline aims to provide a framework for:
Introduction • Understanding the QRA results, beyond the obvious statistical meanings.
The Companies are committed to pursuing no harm to people and the • The consequences modeling and the complete QRA results.
community and managing Risks through effective controls. Companies
• How to compare the QRA Risk results to the EGPC & Holding Companies’
shall manage all Risks to As Low as Reasonably Practicable (ALARP).
Quantitative Tolerable Risk Criteria.
The Oil and Gas industry’ Risks, accompanied by process failures and
• Supporting the demonstration that Risk levels are reduced As Low As
chemical releases, contain severe consequences which should be
Reasonably Practicable (ALARP Demonstration).
managed quantitatively. The QRA is used to evaluate potential Risks when
qualitative methods cannot provide an adequate understanding of the • The QRA report's main components.
Risks and where more information is needed for Risk management.
The QRA is a formal and structured quantitative analysis methodology Quantitative Risk Assessment (QRA) Lifecycle
used to help Companies manage Risk and improve safety by identifying
Through Project Different Phases
the Major Hazards (i.e., identifying incident scenarios), evaluating the
associated likelihood and consequences to people, and calculating Risk The QRA can be applied in the initial siting and design of the facility
levels in a numerical way for comparison with Risk Tolerability Criteria, and (Greenfield) and during its entire life (brownfield), while the maximum
defining recommendations for guaranteeing proper Risk management is benefits result when QRA is applied at the beginning (conceptual and
in place. The QRA helps to make facilities handling hazardous chemicals design stages) of a project and maintained throughout its life. The QRA
safer by supporting Risk-Based Decision Making. helps in comparing options during the design phase or for modifications
during operations.
Greenfield
Purpose
When a new facility starts from scratch, and where the QRA is mandatory,
This Guideline describes the main components of the QRA studies and
the QRA shall be executed through the following different project phases:
their main outputs, as well as establishes consistent requirements for
planning, conducting, documenting, reviewing, and approving the QRA • Evaluation / Concept Selection Phase
studies for the Companies belonging to The EGPC and the Holding
• Basic Engineering / Front-End Engineering Design (FEED)
Companies. All QRA studies carried out for the Companies belonging
to The EGPC, and the Holding Companies shall be in accordance with • Detailed Engineering
the requirements of this Guideline.
118
Brownfield
QRA Scope of Work
QRA Assumption Register
(Existing facilities/ under development/ new expansion projects/ revamp
projects) the following should be considered: Hazard Identification and Failure Cases
Development (Accident Scenarios)
(PHA, HAZOP, Methodical Leak/ Rupture)
• For existing facilities where QRA is not available,
The QRA shall be carried out at the first available opportunity (earliest). Frequency Assessment Consequence Assessment
• During developing and updating the Company Safety Case study. Individual Risk Societal Risk
• Every five years, the QRA to ensure integrated Risk from all existing
facilities, including modification and brownfield projects, is considered. LSIR IRPA PLI FN Curve
• QRA Deliverables
119
• Boundaries of the QRA • Ignition Probability
and so that it can be verified that the assumptions reflect site reality. operation shall be taken forward for QRA assessment. The potential
hazardous event is usually called the 'top event' (e.g., hydrocarbon leaks
The register shall contain the assumptions for at least the following
from process equipment, storage facilities, risers, or pipelines).
sections (Note: Some sections could be merged if applicable):
Generally, there are two types of considered hazards, process,
• Failure Case Definition (Identification of potential Loss Of
and non-process:
Containments- LOCs)
• Process hazards generally consist of onshore/offshore process
• Parts Count / Isolatable Sections facilities, storage facilities, piping/pipelines, etc.
• Release Location and Orientation (Direction) • Non-process hazards consist of occupational hazards, transportation
Risks, escape and evacuation risks, ship collisions, dropped objects, etc.
• Consequence Assessment – Discharge
Hazard Identification and failure case development techniques such as
• Physical Effect Potential Outcomes
HAZID, HAZOP, & Methodical Leak/Rupture, along with the Company
• Impact Assessment Criteria Major Accident Hazard (MAH) list, are used to identify the Major Accidental
• Indoor / Outdoor Vulnerability Hazard Identification contains the following main steps:
• Process / Model Assumptions • Review all site materials and identify those that are hazardous.
• Leak Frequencies and Hole Sizes • The review process, utilities, and storage PFDs to identify areas of
concern.
• Event Trees
120
• Identify the Isolatable Sections: Hazardous Events shall be defined in Consequence Assessment
terms of the Isolatable Sections and their operating conditions.
Failure Cases (Accident Scenarios) Possible Outcomes
• Identify the Hazardous Inventories (Inventory Analysis) for each
The development of the top event into a serious incident gives an estimation
Isolatable Section.
for the expected failure cases (accident scenarios). The outcomes depend
• Determine the Source Terms for all accidental events. The Source Term on: the effect of the process parameters, the release hole size, the phases
means the rate at which hazardous material reaches the environment of the hazardous material, the elevation and direction of the release
and the conditions of the material (e.g., temperature, composition). point, the safety systems, the weather conditions, the confinement and
congested areas, and the presence of ignition sources.
Developing the Failure Case (Accident Scenarios)
Once the hazards are identified, the Accident Scenarios for the QRA can The possible outcomes from different hydrocarbons releases are:
• Jet Fire.
• Material/phase released.
121
• Fire Scenarios (radiation levels)
Weather
Conditions
Toxic • Explosions (blast overpressure)
Frequency Assessment
Exlposion
Parts Count (Equipment Count) for Isolatable Sections:
The Stages of Developing the HC Release the Main Physical Effects For each failure case, in each isolatable section, equipment is counted
to provide input to estimating leak frequencies. This is known as a ‘parts
count.
Impact Assessment & Vulnerability of Human
The frequency of each leak scenario and size identified is estimated by
As part of the impact assessment, the vulnerability of humans to the
combining parts counts for each equipment item with Leak frequencies.
consequences of major hazard events at onshore and offshore installations,
A ‘parts count’ involves counting each and every equipment item in each
primarily those producing and/or processing hazardous fluids, is established.
section identified.
The focus is on Fatality Criteria as QRAs generally address fatality Risks:
however, injury thresholds can also be identified where appropriate. Hazardous Events Likelihood
• Plant/Facility-Specific Data
Vulnerability of
HC Release
(Parameters)
Discharge Dispersion Flammable • Generic Failure Frequencies
Physical Effect Impact • Event Tree Analysis (For Failure Cases Probability Estimation)
(Severity Extend) Assessment
• Judgemental Evaluation
The Stages of Developing the HC Releases into the Impact Assessment
• Software
Frequency Estimation
The impact assessment is generally expressed in terms of the following:
The failure frequency for each failure case for each isolatable section needs
a. Lethality, which is the fraction/percentage of the exposed population
to be represented by one frequency value (e.g., it would consider all large
who would suffer fatality on exposure to a given consequence level.
leaks from all the base elements in each isolatable section as they are all
b. Probit, which is a function that relates lethality to the intensity or
part of the single failure case for this isolatable section). Failure frequencies
concentration of hazardous effects and the duration of exposure.
are applied to all items of equipment (e.g., pipes, flanges, valves) within the
Generally, the following consequences are considered as part of the failure cases (as they are all part of a single failure case).
impact assessment:
122
Other Data for Risk Calculation Societal (or Group) Risk:
In order to complete the Risk Calculation, some other data should be The Risk experienced by the whole group of people exposed to the hazard.
collected, calculated, and considered (e.g., Process and Plant Data, Where the people exposed are members of the public, the term Societal
Chemical Data, Environmental Data, [1]), hereafter some of the most Risk is often used. Where workers are isolated, and members of the
important required data: public are unlikely to be affected, the term group Risk is often used. In this
document, the term Societal Risk is used to encompass both public and
• Ignition Sources and Ignition Probability
worker Risk. There are two forms of Societal Risk:
• Explosion Data
• FN Curve / Diagram: The FN curve is the curve of cumulative frequency
• Meteorological Data (Weather Conditions and Probabilities)
versus the number of fatalities on a logarithmic scale. FN curves are
• Population and Manning Level Distribution fr quency-fatality plots, showing the cumulative frequencies (F) of events
involving N or more fatalities.
Risk Analysis
• PLL, Potential Loss of Life: The other main measure for Societal Risk is
The consequences and frequencies are combined in an integrated QRA
the annual fatality rate, where the frequency and number of fatalities
model to give numerical Risk values.
are combined into a Potential Loss of Life (PLL), which is a convenient
(Note: Other non-process hazards also need to be analyzed, such as one-dimensional measure of the total number of expected fatalities.
personnel transport, occupational hazards, ship collision, aircraft impact,
Other Risks Analysis
and natural hazards. Each has its own specialist method for Risk Analysis).
• Non-Process Risk
Risks to people may be expressed in two main forms:
• Ship Collision Risk Assessment
Individual Risk:
• Transportation Risk Assessment
The Risk is experienced by a person, and it shows the frequency at which
an individual (worker or public) may be expected to sustain a given level of • Marine Transport Risk Assessment
harm from the realization of specified hazards. It is divided into: • Aviation Risk Assessment
• IRPA, Individual Risk Per Annum: Individual Risk is mostly expressed in • Road Transport Risk Assessment
the form of Individual Risk Per Annum (IRPA). The IRPA is a representa-
• Dropped Object Risk Assessment
tive work of a given workers group considering expected occupancy at all
the locations he is expected to be present within the hazardous location • Occupational Risk Assessment
throughout the year. This includes plants, accommodations, recreation-
• Escape and Evacuation Risk Assessment
al activities, etc. The calculation excludes the duration for which person-
nel is not present at the site due to reasons such as annual leave. Person- • H2S Zoning
nel is considered not exposed to facility operations or occupational Risk • Occupied Building Risk Assessment
during this duration.
• Simultaneous Operations (SIMOPS) QRA
• LSIR, Location Specific Individual Risk / Risk contours: Risk contours are
• Integrated Risk Assessment
iso-Risk contours plots that represent the geographical variation of the
Risk for a hypothetical individual who is positioned at a particular Once various Risks, such as process Risk, non-process Risk, escape &
location for 24 hours per day, 365 days per year. evacuation Risk, etc., are determined, the overall Risk shall be determined
by combining Individual Risks from all these factors. For brownfield
or modifications projects/QRA, existing facilities Risk shall also be
considered.
123
Risk Evaluation ALARP Demonstration
Once Risks are identified and analyzed, Risks should be evaluated against The QRA shall provide a clear demonstration that the Risk is (or will) be
set Criteria. It must be ensured that all Risks are evaluated to meet and reduced to ALARP. ALARP process starts with the identification of the
comply with EGPC and Holding Companies’ Quantitative Risk Tolerance Major Risk Contributors. These Major Risk Contributors are further broken
Criteria. The QRA Tolerance Criteria - mentioned in detail in the Risk down to determine the top contributors to Risk.
Management Standard EGPC-PSM-ST-001 - as shown in the following
Risk reduction measures are identified against these contributors to
figures:
reduce the Risk, as well as identifying the hierarchy of controls for these
Risk reduction measures.
Tolerable if the inputs to the system. It is often used when there is uncertainty in a
ALARP particular input.
• Leak frequencies
Individual Risk Tolerability Criteria
• Leak locations
• Ignition probabilities
• Wind data
1.0E-01
• Operating conditions
1.0E-02
• Release durations
Intolerable Risk
1.0E-03
• Vulnerability Criteria
Frequency (1/yr)
1.0E-04
Risk is tolerable • Population data
if ALARP
1.0E-05
QRA Reporting
1.0E-06 Broadly acceptable Risk QRA report shall document all the key assumptions, facility descriptions,
assessment details, and all relevant calculations and information used in
1.0E-07
the assessment. The report shall be submitted in Hard and soft copy as
1 10 100 1000
Number of Fatalities per needed by the Company and should be subjected to the document
control procedure of the Company.
124
The QRA report shall contain at least the following sections: - Appendix 6 - Populations densities
• Section 1– Introduction/ Objective/Scope - Appendix 8 - Consequence Results (flammable gas, fire, and
• Section 8 – Frequency Assessment • Annex B – Gives details to determine and understand the different
values
• Section 9 – Ignition Probabilities
of the Vulnerability of humans for different Consequences/Impact of
• Section 10– Explosion Probabilities Major Hazard Events.
• Annex C – Figures C1-C5 provide examples for Event Tree for a range of
• Section 11 – Weather Conditions
different releases.
• Section 12– Manning Levels • Annex D – Tables D1 & D2 give a full list of the QRA study deliverables.
• Annex E – The QRA Tolerance Criteria- as per mentioned in the Risk
• Section 13– Process Risk Assessment
Management Standard EGPC-PSM-ST-001.
• Section 14 – Non-Process Risk Assessment (if required)
For annexes details, please refer to Quantitative Risk Assessment (QRA)
• Section 15 – Integrated Risk Assessment Guideline- EGPC-PSM-GL-008 on the PSM EGYPT website.
• Section 16 – Risk Results and Assessment (indoor and outdoor Risk
results)
Prepared by:
• Section 17 – Sensitivity Analysis (if required) Mohammed Sabry Hanafi Mahmoud
Risk Management and Loss Prevention Studies
• Section 18 – Major Risk Contributor Analysis & Risk Reduction Measures
Executive General Manager – GASCO
• Section 19 – ALARP Demonstration
125
Seveso Disaster - North Milan, Italy.
Saturday, July 10, 1976. Chemical
explosion. Release of a chemical
cloud containing the highly toxic
dioxin TCDD.
126
Fire And Explosion Risk Assessment
(FERA) Guideline
EGPC-PSM-GL-009
127
Overview Purpose
This snapshot showcases an overview of the FERA lifecycle, methodology, This guideline describes the main elements of planning, conducting, and
expected outputs, and reporting, focusing on the following main topics: reporting the FERA studies for the companies under EGPC and Holding
Companies.
- Purpose • Identifying and assessing all potential fire and explosion hazards and their
impact on the facilities, and
- FERA Lifecycle Through Project Different Phases
• Providing and defining the recommendations and the required risk
- FERA Methodology
reduction measures to control these hazards and their impact.
The main output of the FERA study may include the assessment of the
Introduction requirements of passive and active fire protection (PFP & AFP), evaluation
The oil, gas, and petrochemical industries contain major hazards that are of the requirements of blast protection for the buildings, and provision
inherent to their assets, activities, operational locations, and products inputs for developing fire zones.
which may cause severe impact on people and assets in case of potential
The FERA guideline focuses on the protection of assets and facilities while
process failures and chemical releases. Managing the significant risks
protecting people inside and around the Major Hazard facilities covered in
of those major hazards shall undergo quantitative risk analysis means to
the Quantitative Risk Assessment (QRA) Guideline.
provide and ensure a better understanding of the significant risk and its
impacts and to have the chance to set and prioritize the control measures
based on figures. FERA Lifecycle through Project Different
The Fire and Explosion Risk Assessment (FERA) study quantifies risks to the Phases
facilities associated with events caused by Loss of Containments (LOCs) The FERA can be applied in the initial siting and design of the facility in a
and it is a formal and structured quantitative risk analysis methodology used greenfield and during its entire life in a brownfield. The maximum benefits
to help companies manage their risks and improve safety by identifying the are witnessed when FERA is applied at the beginning (conceptual and
major hazards, evaluating the associated likelihood and consequences design stages) of a project and maintained throughout its life.
to the different assets and facilities, and calculating the risk levels in a
Greenfield
numerical way for comparing with the vulnerability criteria (consequence
approach) and the Risk Tolerability Criteria (risk-based approach), and When a new facility starts from scratch, and where the FERA is required,
defining recommendations to guarantee proper risk management is in it should be considered in the following different project phases (the
place. objective of the study may also vary for each project phase):
The results of the FERA study are used to ensure a safe facilities layout • Evaluation / Concept Selection Phase
(process units, equipment, piping, and buildings), specify passive and active
Preliminary FERA, if required, may be carried out during the concept stage,
fire protection requirements, and could provide input for the assessment
and usually only consequence modeling is required, unless otherwise
of the escape and evacuation locations and roots and the Emergency
determined by the company, to assist in layout planning, determine the
Systems Survivability.
separation distances, etc.
128
• Basic Engineering / Front-End Engineering Design (FEED)
FERA study Methodology
A Comprehensive FERA shall be performed during the FEED Stage of the The basis of the FERA study methodology is to identify incident scenarios
project to provide a numerical estimate of the facilities’ risk exposures. and evaluate the risk by defining the frequency of failure, the probability of
This allows risk levels to be compared with the vulnerability criteria various consequences, and the potential impact of those consequences
(consequence approach) and the Risk Tolerability Criteria (risk-based on different facilities.
approach) and provides input where Risk Reduction Measures (RRMs) are
required to mitigate the risks. The FERA study methodology flowchart is illustrated in the following
Figure:
• Detailed Engineering
The FERA study conducted during the FEED shall be updated, as required, FERA Scope of Work
FERA Assumption Register
during the Detailed Engineering Phase based on the newly established
information, data, engineering documentation, etc. The FERA study at this
Hazard Identification and Failure Cases
phase forms the basis for the operations phase. Development (Accident Scenarios)
(PHA, HAZOP, Methodical Leak/Rupture)
Brownfield
Frequency Assessment Consequence Assessment
For existing facilities, facilities under development, new expansion projects
or revamp projects, the following should be considered:
Failure Cases Possible Outcomes
• For existing facilities where FERA is not available, Parts Count for
and its Physical Effect
Isolatable Sections
The FERA study shall be carried out at the first available opportunity Identifiy Receptors to be Evalutade
(Equipmint, Structure, Buildings....)
(earliest).
Hazardous Events
Impact Assessment
• For existing facilities and a new expansion to be established Likelihood
(Against the Facilities Vulnerability
and EER Impairment Criteria)
An integrated FERA study for the existing and planned facilities shall be
carried out.
• For existing facilities where FERA is available, Other Data for Risk Calculation
(Ignition Probabilities, Explosion,
Metrological Data)
The FERA study shall be reviewed and revalidated or updated, if required,
based on the following:
Risk Analysis
• If significant changes happened to the facilities (e.g., modification in (Identify the risk value at each Receptor)
&
process, feed changes, new technology, barriers changes, manning Risk Evaluation
(Against the Risk Tolerance Criteria)
level, fire protection measures, building functionality or building
occupancy, etc.) are observed or carried out.
Fire and Explosion
• If the FERA study is required during developing and updating the Assess The FERA Results and Risk Assessment
FERA Reporting
Set The Recommendations (FERA) Methodology
company’s Safety Case study.
• Every five years to ensure integrated risk from all existing facilities,
The FERA Methodology Flowchart
including modification and brownfield projects, is considered.
129
The FERA study Methodology is almost similar to the QRA study FERA Study Reporting
methodology, with some changes such as the intent of the study, the
The FERA study report shall document all the key assumptions, facility
consequence and risk receptors, and the forms of the output.
descriptions, assessment details, and all relevant calculations and
The FERA study Methodology contains, as required, the assessment of the information used in the assessment. The report shall be submitted in hard
fire zone, passive fire protection assessment, explosion assessment, and and soft copy as needed by the company and should be subjected to the
review of active fire protection accordingly, document control procedure of the company.
• Setting the FERA scope and defining the assumption register contents. Prepared by:
Mohammed Sabry Hanafi Mahmoud
• Hazard identification; including defining the potential event sequence
Risk Management and Loss Prevention Studies
and potential incidents.
Executive General Manager – GASCO
• Evaluating the incident outcomes (consequences) using some typical
tools, including vapor cloud dispersion modeling and fire and explosion Technical Consultant:
effect modelling. Amr Fathy Moawad Hassan
• Identifying different receptors to be evaluated (e.g., hydrocarbon PSM Senior Consultant at Methanex Egypt
• Estimating the risk for each of the different receptors against the risk
tolerability criteria.
130
Hazardous Area Classification
(HAC) Guideline
EGPC-PSM-GL-014
131
of the detailed design and engineering developed by any electrical
Overview
engineering discipline, and use these data in the selection, inspection,
This snapshot showcases an overview of the Hazardous Area Classification and maintenance of the classified electrical equipment. The document's
(HAC) guideline, focusing on the following main topics: annex also provides the basis for the correct selection, maintenance, and
inspection of the explosion-proof electrical installations.
- Introduction
Finally, this guideline has also been prepared to:
- Purpose
• Maintain process safety requirements to protect personnel, plant, and
- Basics & Approached of Hazardous Area Classificaton (HAC) property from explosion hazards due to installing unclassified electrical
installations in hazardous areas, i.e., maximize the safety of electrical
- HAC Required Data, Expected Deliverables, and How to Manage equipment installed in potentially explosive atmospheres.
• Minimize the risk of accidents by the adoption of safe and sound engi-
Introduction neering practices in the oil and gas industry.
The "Hazardous Area Classification (HAC) Guideline" gives guidance on
The guideline is intended to apply to all upstream, midstream, and
the classification of areas around equipment handling or storing flammable
downstream facilities and installations in processing, distribution, and
fluids - or combustible liquid-produced vapors mixed with air under normal
drilling and production sites of the oil and gas sector. This guideline does
atmospheric conditions - and provides a basis for the classification of
not apply to the classification of locations containing combustible dust or
hazardous areas. Also, the document's annex provides the basis for the
ignitable fibers of flying. It does not comprehensively address the releases
correct selection, maintenance, and inspection of the explosion-proof
of flammable refrigerated or cryogenic liquids, for which the dispersion
electrical installations.
characteristics are markedly different from those of fluids at higher
Potentially explosive atmospheres occur in many industries, not only in temperatures.
onshore and offshore petrochemical processing and refining plants but
also in places such as fuel filling stations, garages, workshops, etc. Failure
Basics and Approaches of Hazardous Area
to adopt correct and safe working practices could result in the ignition of
explosive gases, not necessarily at the time the work is done but possibly Classification (HAC)
at some future date. Basics of Hazardous Area Classification (HAC)
132
For a fire or explosion to occur, all three of the following statements must • Where the release hole size and/or grade release rate is unknown, the
be true: Risk-Based Approach can be used to calculate the release rate and haz-
ard radii. The Risk-Based Approach provides means of adjusting release
• The flammable or combustible material is present.
frequency and hence hazard radii to fit specific process scenarios. It is
• The material is mixed with air in the proportions required to produce an proposed to determine the hole size to be used for a secondary grade
ignitable mixture. release. A secondary grade release, as defined before, would not be an-
• The release of energy is sufficient to ignite the mixture. ticipated to occur during normal operation. Examples include failure of
pump/compressor seals, leaks from valves and flanges, or operational
The above conditions constitute the well-known “fire triangle.” In the error.
context of HAC, the source of energy is understood to be the facility’s
It is considerable to know that it is normally not necessary to determine
electrical system.
the hazardous area that would arise from each source of release when
Hazardous Area Classification (HAC) is the assessed division of the this would not influence the overall zone boundary. In carrying out such a
facilities into zones based on the likelihood of occurrence and duration of hazardous area assessment, by the direct example approach, the following
a flammable atmosphere. The zones are divided into Zone 0, Zone 1, Zone basic principles should be considered:
2, and non-hazardous areas. Hazardous area classification is a rigorous
a. When classifying a new facility or modifying an existing one, the area
method of determining where an explosive environment may be present. In
classification should be carried out before the design and layout of
general, hazardous areas are defined by:
equipment are finalized, as, at this stage, it may be possible to make
• The type of hazard or hazardous material. considerable improvements at little cost and even some savings.
b. The area classification should be reviewed, and modified, if necessary,
• The likelihood of its presence in flammable concentration.
on completion of design or before any significant change is made to an
• The auto-ignition temperature of the hazardous material. existing plant or to the category of flammable fluids that are to be
handled.
Approaches of Hazardous Area Classification (HAC)
c. Vents and drain points from vessels and instruments can influence the
The HAC guideline presents methodologies to be used in hazardous area boundary of the overall (Zone 2) hazardous area. As the exact locations
classification. The following figure illustrates how to select the appropriate of these may not be known when the initial hazardous area drawing was
approach to be used. prepared, the hazardous areas as derived should be drawn from the
extremities of the equipment or pipework containing the vent/drain
• The first and most commonly used approach is the Direct Example
point.
Approach, which can be used in limited cases for common facilities.
d. Where facilities, such as storage, pumps, or loading and discharge
• If the direct examples (such as the ones stated in the references, e.g., API facilities, handle a number of materials, the area classification should be
RP 505 and EI 15 Annex D) do not match the design of the site’s equipment based on the most volatile anticipated.
or the surrounding working environment, and the release hole size and e. If the direct example approach cannot be applied, the Point Source
grade release rate are known, the Point Sources Approach can be used. Approach is applied. The basic guidance set out in the Point Source
The Point Source Methodology involves the identification of the point Approach for Classification of Individual Sources of Release, except
sources and associated release conditions, determination of the grade where otherwise stated, relates to open area conditions with good
of release, determination of the fluid category, the establishment of the ventilation that ensures natural dispersion of releases to the
zone classification, determination of the hazard radii, determination of the atmosphere.
hazardous area, and combination of the hazardous areas from different f. Where less well-ventilated or enclosed situations occur, typically in
point sources. offshore installations and certain onshore situations, guidance on the
relevant
g. ventilation condition should be obtained from the Ventilation clause.
When the release rate is unknown, the Risk-Based Approach is relevant.
133
Details of installation/ Is quantity of flammable NO
• Gradual displacement with good mixing. In this case any contaminant is
plant or process material that may be released
sections sufficient to require well-mixed through the volume. A large part or all of the volume can be-
classification?
The following figure can be used to determine how to assess the degree of
NO YES
ventilation for any given situation.
NO Assign fluid category: Assign petroleum
Is the fluid at Assign non-
A, B, C, G class
a temperature below flammable
its flash point? petroleum
class Is the area to be classified enclosed?
YES
NO YES
Can the fluid form a
flammable mist at these
process conditions? Outdoor area Enclosed area
Is release rate known, Open air conditions Air movement limited and flammable
hole size, pressure? atmosphere not dispersed naturally
YES
NO
YES NO
Selection Of the Appropriate Approach To Hazardous Area Classification NO NO YES YES NO NO YES
YES NO
Ventilation dilutes gas or vapor released into the atmosphere by dispersion
Open area Congested Stagnant
until its concentration is at a safe limit (below the lower flammable limit (LFL)). area area
Over Non Enclosed Enclosed Dilution
pressurised pressurised area area ventilation
The time it takes for this to occur and the size and spatial location of the gas enclosed enclosed Adequate Inadequate
area area ventilation ventilation
Non-hazard with no
cloud depend upon the nature of the release, the vapor properties such ous internal
release
as density relative to the air, the movement of the air, and the presence of source
turbulence to promote mixing. Where the release is not into completely free
air (i.e., not into an open area), then the airflow, or ventilation, is also a factor
HAC Required Data and Expected
in determining the rate of gas or vapor dispersion. However, it is important
to also consider, in a sheltered or obstructed open area or enclosed area, Deliverables
whether any recirculating motions may lead to a gradual accumulation of gas The Required Data for Developing Hazardous Area Classification
or vapor over time.
If a company assigns the task of classification of hazardous areas to
The processes of movement of air and removal of contaminated air occur, to an external contractor/expert to explain, the data, information, and
differing degrees, in any ventilation process. The limiting cases are: documentation have to be provided to the contractor/external expert as
determined from the assessment methodology. This information such as
• Efficient displacement without mixing. In this case a contaminant is
PFDs that provide information about the process stream, plot plans that
swept out of a volume without much mixing. This is sometimes referred
serve as the backgrounds for area classification plan drawings, MSDSs
to as 'displacement ventilation. By inference, high concentrations of
that are the source of process information about each component in the
contaminant may exist within the volume and be emitted from it.
process stream, and P&IDs that provide a lower-level view of the process
134
for equipment identification and process arrangements. The information • Hazardous Area Classification (HAC) Drawings.
can include:
• Hazardous Area Classification (HAC) Schedule.
a. Brief descriptions of the process and it's O&M and cleaning details.
• Hazardous Area Classification (HAC) Report.
A process flow diagram showing flows, temperatures, and pressures.
b. A listing of all the flammable and combustible materials used in the The HAC drawing intends to communicate to engineers, designers, and
facility, as well as their pertinent properties (flash point, ignition operators information on the hazardous material that may be present and
temperature, density, etc.) and how and where the materials are handled. the probability that it is in the atmosphere. This knowledge allows engineers
As well as the material properties (e.g., gas group and T class). and designers to select the right equipment and for operators to know how
c. Flashpoints or, where more complex conditions requiring a point-source to properly install the equipment. Area classification records can comprise
release approach apply, the boiling ranges or other relevant physical detailed drawings with notes and/or can be in the form of tabulations.
characteristics of the fluids handled that will enable the fluid category. The area classification drawings should be of sufficient scale to show all the
d. Where relevant, a piping and instrumentation diagram would also main items of equipment and all the buildings in both plan and elevation.
indicate drain/sample points, etc., and line/valve sizes (for example, for Records should be marked up using the shading convention adopted in IEC
the processing plant). 60079–10–1, shown in the following figure.
e. A layout drawing with typical plans and elevations showing the position of
all equipment, including operational vents, drain/surface water systems,
storage areas, and tanker loading areas. In addition, this should show
sources of ignition such as heaters, roadways with unrestricted access,
flares, workshops, hot work areas, etc.
f. Knowledge of the equipment features and the mode of operation. Zone 0 Zone 1 Zone 2
g. Ventilation details, considering whether open, congested, stagnant, or Hazardous Area Zone Classification Shading Convention
enclosed area(s). For congested or enclosed areas, the positions of
openings such as doors, windows, and inlets/outlets will be needed. The Hazardous Area Classification Management
location of below-grade areas, such as pits and pipe trenches, should
Area classification should be incorporated into companies’ process safety
also be specified.
management systems. The person responsible for the coordination of
Hazardous Area Classification Expected Deliverables the area classification should be identified and competent in this field.
The work, which requires an interdisciplinary approach, should be carried
In the new installations, the expected deliverables from the plant designer
out by persons who have full knowledge of the process systems and
regarding the hazardous area classification comprise hazardous area
equipment, in consultation with process safety, loss prevention, and
classification schedules and drawings that include detailed design and
electrical engineering personnel, as appropriate. Agreements reached on
engineering information. Hazardous area classification drawing outlines
the area classification should be formally recorded, regularly reviewed, and
the classifications of areas where flammable liquids, gasses, or vapors are
kept updated. Records, such as drawings and/or tabulated data sheets,
handled, processed, or stored. It is created based on input from the Process
should include details as to the type of protection selected to meet the
Flow Diagrams, Piping and Instrumentation Diagrams, and the Equipment
zone requirements and the apparatus sub-group and temperature class
Location Plan. The drawings usually include plot plans with a 3D perspective
(T class) of the equipment.
to illustrate the elevation of hazardous areas. The drawings intend to
communicate to engineers, operators, and contractors information on the In classifying a new facility or a modification to an existing facility, the
hazardous material that may be present and the probability that it is in the area classification should be carried out before the design and layout of
atmosphere. This knowledge allows engineers and designers to select the equipment are finalized. The area classification should be reviewed, and
right equipment and for contractors to know how to properly install the drawings modified on completion of the design and before any change is
equipment. The deliverables have to include the following: made to existing plants.
135
The company operating a facility has the main responsibility to ensure that Prepared by:
area classification has been carried out on installations handling flammable Ahmed Mohammed Ibrahim Mohammed Roustom
fluids. Where a facility has been designed and built on a turn-key basis, the Risk Management and Loss Prevention Studies
plant designers should have carried out an area classification study and Assistant General Manager – GASCO
should have passed it over with other documentation to the operating
company at the end of commissioning. Technical Consultant:
Amr Fathy Moawad Hassan
List of Annexes PSM Senior Consultant at Methanex Egypt
136
Layers Of Protection Analysis (LOPA)
Guideline
EGPC-PSM-GL-015
137
Overview Purpose
This snapshot displays an overview of the layer of protection analysis guideline, This guideline provides guidance for conducting layers of protection
which focuses on the following: analysis (LOPA) studies for new and existing facilities within the Egyptian
General Petroleum Corporation (EGPC) and Oil and Gas Holding
- LOPA Overview Companies, including the Egyptian Natural Gas Holding Company
(EGAS), the Egyptian Petrochemical Holding Company (ECHEM), and the
- LOPA Methodology South Valley Petroleum Holding Company (GANOPE) covering all their
- Timing and Software operational subsidiaries, state-owned companies, affiliates, and joint
ventures.
- Roles and Responsibilities
This guideline generally describes the requirements for LOPA
- Input/Output Documentation implementation, including LOPA timing, advantages and limitations,
and roles and responsibilities. Besides, the required documentation to
- LOPA Values/Templates
apply effective LOPA and develop a comprehensive report and follow-
up procedures were addressed. Then, a detailed LOPA examination
Introduction methodology is explained, starting with selecting the hazardous event
A layer of Protection Analysis (LOPA) is a semi-quantitative tool for analyzing scenario developed in HAZOP until the LOPA study's final recommendations
and assessing risk. LOPA typically uses the order of magnitude categories are reached. The appendices contain useful data to estimate the initial
for initiating event frequency, consequence severity, and the likelihood event frequency and the independent protection layers' probability of
of failure of independent protection layers (IPLs) to approximate the risk failure on demand (PFD).
must work successfully to prevent the consequence. However, since no outcome of LOPA. LOPA also evaluates whether a protection layer can be
layer is perfectly effective, sufficient protection layers must be provided to considered independent and can determine the performance required for
render the risk of the accident tolerable. non-SIS independent layers of protection.
LOPA provides a consistent basis for judging whether there are sufficient The advantages of conducting LOPA study for new and existing facilities
independent protection layers (IPLs) to control the risk of an accident include the following:
in a given scenario. If the estimated risk of a scenario is not acceptable, • LOPA requires less time than quantitative risk analysis. This benefit
additional IPLs may be added. Alternatives encompassing inherently safer applies particularly to scenarios that are too complex for qualitative risk
design can be evaluated as well. LOPA does not suggest which IPLs to add assessment.
or which design to choose, but it assists in judging alternatives for risk
• LOPA is effective in resolving disagreements related to risk.
mitigation. LOPA is not a fully quantitative risk assessment approach but
a simplified method for assessing the value of protection layers for a well- • LOPA facilitates the determination of more precise cause–consequence
defined accident scenario. pairs and improves scenario identification.
138
• LOPA determines whether SIS or alternative means of protection are
required and associated SIL if SIS is chosen. 8. Community Emergency Response
• LOPA conforms to industry standards, i.e., ISA S84.01, IEC 61508, and IEC
7. Local Emergency Response
61511.
• LOPA facilitates the analysis of protective layers addressing health 6. Passive Protection
and safety and environment and may also be applied to risks due to
equipment damage and business value lost. 5. Active Protection
• LOPA can help an organization decide if the risk is" As Low as Reasonably Control System
139
LOPA Team
Select hazardous
YES
LOPA analysis requires multi-disciplinary teamwork. The LOPA workshop
scenarios for LOPA Is the
IEL < TMEL? normally includes the following:
NO
• LOPA Study Coordinator.
Identify the initiating
causes of hazardous YES • LOPA Study Leader.
scenario and estimate the
initiating cause frequency Recommend Is there an ISD
ISD option option? • Scribe.
• Projects Rep.
NO
Determine the scenario
consequence level.
• Operations Rep.
Determine the TMELs for
YES
the hazardous scenario. Is there an • Safety Rep.
existing SIS?
• Maintenance/Inspection.
NO
Is the initiating
event frequency below
the TMELs?
Use TMEL/IEL to
Recommended additional LOPA Documentation
protection layers, non SIS
determine PFD for SIL, EIC
or SIS, with PFD to
and FIL for existing SIS
make IEL < TML Required Documentation
NO
The last version of the following documents should be available before the
List the IPLs that can start of the LOPA study:
mitigate listed initiating
causes, Assess the IPL
type and IPL integrity • Cause and effect chart.
• LOPA should be conducted with or immediately after the HAZOP for all • The clear and complete definition of instrumented systems and their
major events identified in the detailed engineering phase and for iden- interrelationships.
tified and proposed Safety Instrumented Functions (SIFs) during the
• SIL ratings that have been previously determined for existing SISs.
HAZOP [1].
• SRS for existing SIS (if the SIF already exists).
• LOPA could be carried out at an earlier phase (e.g., basic engineering), as
identifying the SIS needs at this stage will lead to more satisfactory and • PSV design data.
effective design work.
• Vessel/Equipment design data.
• LOPA could be conducted as a part of a general review (revalidation) of
• F&G Detection Layouts.
risk studies.
• Operating and Control Procedures.
• LOPA could be conducted to manage change for modifications to an ex-
isting facility. • Equipment Datasheets.
140
• Instrument and Control Philosophy. List of Annexes
• Flare load summary/Relief and Blowdown summary providing all • Annex A – Initiating Events Frequencies.
overpressure scenarios. • Annex B – Independent Protection Layers PFD Data.
• Basic Process Control Systems, ESD systems, and interlock • Annex C – Enabling Conditions and Conditional Modifiers.
• Relevant Safety Study Reports include ENVID, HAZID, FERA/QRA, etc. For annexes details, please refer to LAYERS OF PROTECTION ANALYSIS
(LOPA) GUIDELINE - EGPC-PSM-GL-015 on the PSM EGYPT website.
LOPA Report
2. Appendices
a. List of attendees.
b. Assumptions.
c. LOPA Log sheets.
d. List of recommendations from the study.
141
The Halifax Explosion - Nova Scotia,
Canada. Thursday, December 6, 1917.
Collision explosion. 1,782 deaths,
and 9,000 injuries.
142
Fire & Gas Mapping Guideline
EGPC-PSM-GL-017
143
• Area grading rules (if applicable) that define the performance criteria
Overview
based on different assessed risk categories.
This snapshot displays an overview of the fire and gas mapping guideline,
• Appropriate applied technologies for the environment and the hazard.
which focuses on the following:
• Set points and voting requirements for detectors.
- Introduction and Purpose The objective of the fire detection system is to detect fire as early as practical
in order to reduce the possibility of escalation, minimize the impact of the
- Fire and Gas (F&G) Philosophy
asset, and allow personnel to take appropriate protective actions.
- Detection Technology
Introduction suitable for the hazard types which might be present in the particular
location, e.g.:
Fire and gas mapping is a process by which flame or gas detection layout
is determined. This could include a combination of prescriptive adherence • If there is a risk of a unique fuel (i.e., hydrogen), it is important to be aware
to facility philosophies, detection engineering knowledge, experience, and of the fire detector types and capabilities; and
software modeling tools. • Certain flammable vapors, such as benzene, are not detected by the
standard infrared line of site (IR LOS) detection.
Purpose Interoperability between the device and system could have an impact on
device selection. This should be taken into account as early as possible
This document provides a guideline on the placement of permanently
in the design philosophy. If this information is not available, conservative
installed fire and gas detectors, including coverage and technology
assumptions should be made with respect to coverage and updated as the
selection. It provides guidance on the most commonly used methods of
project evolves.
mapping: prescriptive, volumetric-based, and scenario-based.
Fire Detection
The scope covers the permanently installed detection systems, including
optical flame detection (including ultraviolet, infrared, and imaging/visual), The main fire detection technologies in general industrial use are:
flammable gas/vapor detection, and toxic gas detection.
• Optical flame detection.
• Heat detection.
Fire and Gas (F&G) Philosophy
• Smoke detection.
For new projects or physical changes in facilities, and in order to assure
Flammable Gas Detection
the consistency of installation of the F&G detection system, a fire and gas
philosophy should be in place. The main flammable gas detection technologies in general industrial use
are:
The fire and gas detection philosophy should include the following:
• Infrared (IR) point.
• The metrics to use to assess the system, e.g., percentage coverage,
target fire size, the gas cloud of a certain size, gas cloud/fire that could • Line of sight (open path).
lead to escalation of a certain frequency of occurrence.
144
Toxic Gas Detection Software modeling tools and metrics (e.g., fire size/target gas cloud size/
percentage coverage) are not required when applying the prescriptive
The main toxic gas detectors in general industrial use are:
approach; compliance can often be checked using a checkbox-type
• Electrochemical sensors. approach against the ruleset that has been employed.
• Ultrasonic (acoustic) gas leak detectors. Volumetric-based mapping assesses the capability of a system to detect
a fire or a flammable/toxic cloud of a certain size and presents the results
in terms of the coverage of a given volume. The size of a fire can be based
F&G Mapping Methods
on different methods, including effective viewing distance to the flame of
Three different mapping methods are available: specified size or RHO of a fire. At the same time, the size of a flammable/
a. Prescriptive method. toxic gas cloud size can be based on the cloud size that is assumed to be of
Prescriptive methods are the most simplistic, with the level of complexity verify the coverage achieved by the system.
and effort increasing progressively towards the employment of scenario- The advantages of volumetric-based fire and gas
based methods. The mapping methods can be considered analogous to mapping include the following:
qualitative (prescriptive), semi-quantitative (volumetric-based), and fully
a. 3D model can be applied for visualization purposes.
quantitative (scenario-based method) methods applied to risk assessment.
b. No modeling of specific scenarios is required.
The concept of proportionality should be applied, with the methodology
c. The analysis is relatively quick.
chosen to be appropriate to the level of risk.
d. Consistent designs.
It is possible to use a two-stage approach whereby a conservative (high e. Easily audited.
detector number) prescriptive-based method is used early in the design, f. Coverage can be validated against certified detection capability.
and then the design is optimized by using more detailed techniques (such g. It is less subjective than scenario-based type approaches.
as volumetric or scenario-based). h. Change management is easily incorporated (i.e., the detailed analysis
The Prescriptive Method does not need to be rerun as a result of minor alterations in the process
area).
Prescriptive detection mapping refers to the use of qualitative evaluation
and judgment-based placement in the locating of fire and gas detectors. The disadvantages of volumetric-based mapping
a. A proven design that is reused for similar applications. a. Results can be influenced by the size of the volume assessed, i.e., the
b. Ruleset-based approach, e.g., detectors at a spacing of X m. designer can expand the graded volume into open space to increase the
c. For open facilities with minimal obstruction to the field of view, it resulting percentage coverage achieved.
might be sufficient to place detectors at the extremities of the area b. No clear way of determining where the graded volume should extend to.
where fires could exist, taking into account the detector range. c. Subjective features of analysis are increased by comparison to
d. Evaluation of influencing factors and detectors placed at locations prescriptive, i.e., various cloud sizes, coverage adequacy interpretation,
applications that do not contain many potential leak sources and d. Normally shows a higher number of required detectors to achieve the
releases likely to behave in a predictable manner, e.g., no areas of required coverage percentage than the scenario-based method.
recirculation.
145
The Scenario-based Method The disadvantages of scenario-based
mapping include the following:
Scenario-based mapping requires information specific to the process and
is analogous to the approach taken in a QRA, i.e.; It considers both the a. Dependent on the specifics of the design; if the design changes, an
frequency and consequence of quantifying risk. analysis might have to be rerun.
b. It can be dependent on the number of scenarios considered.
Scenario-based method mapping models individual scenarios using a
c. More time-consuming than volumetric-based mapping.
range of different parameters, such as:
d. Minor changes in the area (i.e., the addition of scaffolding/ temporary
a. Release location. habitat) can affect the gas detection design.
b. Release direction. e. Detectors can be recommended in areas where no explosion hazard
c. Wind speed and direction. exists when based solely on gas migration behavior.
d. Hole size.
The dispersion analysis also gives more detailed information on each List of Annexes
scenario modeled, such as: • Annex A – Examples of flammable gas detection mapping.
• Annex B – Examples of gas detection mapping.
a. Time of detection.
b. Cloud size versus time. For annexes details, please refer to FIRE & GAS MAPPING GUIDELINE -
c. Number of gas detectors that alarm for a given scenario highlighting EGPC-PSM-GL-017 on the PSM EGYPT website.
redundancy in a system, e.g., this information could be used to justify
continued operation if a given detector is in a fault condition.
Prepared by:
The advantages of scenario-based mapping
Mohamed Mesbah
include the following:
Operations Department Head - Khalda Petroleum Company
to account for different set points of detectors as the concentration Amr Fathy Moawad Hassan
in 3D space is calculated, i.e., judgment is not required in terms of the PSM Senior Consultant at Methanex Egypt
146
Alarm Management Guideline
EGPC-PSM-GL-019
147
Overview Alarm And Alarm Management
This snapshot showcases an overview of the principles and methodology Definitions
that comprise the EGPC-PSM-GL-019 guideline, which will focus on the The primary function of an alarm is to alert the operator to take timely
following: action(s) and avoid undesirable conditions and events. Although there are
different definitions for alarm and alarm management, most of them are
- Introduction, Background, and Definitions
consistent.
- Alarm Management Lifecycle
The first definition comes from ISA-18.2, which defines an alarm as “an
- Criteria for Effective Alarm Management System audible and/or visible means of indicating to the operator an equipment
malfunction, process deviation, or abnormal condition requiring a
- Alarm System Problems response.”
API RP 1167 gives a similar definition for alarm as “visible and/or audible
Introduction means of indicating to the controller an equipment malfunction, an
It is important to start the introduction with the statement by Lucius analog or accumulation process deviation, or other condition requiring a
Annaeus Seneca: “There are more things to alarm us than to harm us, and controller’s response.”
we suffer more often in apprehension than reality.” This statement puts
Indeed, IEC 62682 add the word “timely” to the ISA-18.2 definition to be as
the base of the alarm system, which is how it anticipates the undesired
follows “An audible and/or visible means of indicating to the operator an
events or situations and draws the attention of people to them before the
equipment malfunction, process deviation, or abnormal condition requiring
worst happens, and the real loss occurs.
a timely response.”
The industry history, especially in oil and gas, has a big record of incidents
Alarm management can be defined per API RP 1167 as “process and
and accidents where the poor alarm management system was the causal
practices for determining, documenting, designing, operating, monitoring,
cause of the incident or accident.
and maintaining alarm systems.” The same definition was found in IEC 62682
The guideline discusses the characteristics and different criteria for and in ISA-18.2, “collection of processes and practices for determining,
getting an effective alarm management system with the consideration of documenting, designing, operating, monitoring, and maintaining alarm
human limitations. systems.”
148
The target of this model is to identify in a structured way the requirements Detailed Design: In this stage, additional alarm attributes are specified and
and responsibilities for implementing an alarm management system. The designed in light of the result of alarm rationalization. This design stage
following figure illustrates ISA 18.2 alarm management lifecycle model. This includes basic alarm design, HMI design, and design of the advanced
lifecycle model is applicable for both new alarm systems installation and alarming system.
managing an existing system.
Implementation: This stage includes the implementation of the alarm
system through the physical and logical installation as well as function
A J verification of the system. In addition, it also includes the training of
Philosophy
operators for the implemented alarm system.
B I
Operation: In this stage, the alarm system is becoming handover to the
Identification
operator, and it becomes in service where it performs its intended function.
C
The stage also might include refreshment training for the alarm philosophy
Rationalisation
Management and each alarm's purpose.
D of change
Detailed Design Audit Maintenance: This stage is about periodical maintenance (including
testing of the instrumentation) in order to ensure that the alarm system
E
Implementation functions as designed.
F H Monitoring and Assessment: In this stage, the alarm system and each
Operation individual alarm are continuously monitored against the performance goals
Monitoring
G & Assessment mentioned in the alarm philosophy. Monitoring and assessment of the
Maintenence data from the operation stage may trigger maintenance work or identify
the need for modification to the alarm system or operating procedures.
Without this stage, the potential for the alarm system to degrade over time
Alarm Philosophy: This is the basic planning step before designing any is highly possible.
new alarm system or modifying an existing one. This step documents the Management of Change: This stage is about the process for modification
objectives of the alarm system and the process to achieve them. The alarm of the alarm system and its approval cycle. This change process should
philosophy is a reflection of operations and maintenance work processes, follow the normal alarm management lifecycle stages from identification
and it serves as the base for Alarm System Requirements Specifications to implementation.
(ASRS). It also gives the criteria for alarm prioritization, definitions of alarm
Audit: In this stage, a periodic review shall be done to ensure the
classes, performance metrics, and reporting requirements.
effectiveness of the alarm management process and maintain the integrity
Identification: Simply, it is the collection stage of the proposed alarm using of the alarm system.
several methods, e.g., hazard analysis, safety requirements specifications,
good practices, incident recommendations, environmental permits, P&ID’s
development, or operating procedures. The information collected here will Criteria for Effective Alarm
be input for the alarm rationalization step. Management System
Rationalization: It is the process of applying the requirements for the alarm In general, there are key principles identified for any alarm system:
and generating supporting documents such as the alarm set point, the
Every alarm should have a defined purpose. In general, the purpose of any
consequence, and corrective action. Also, it includes alarm prioritization
alarm system is to drive the operator's attention to certain plant conditions
and classification considering alarm philosophy.
that require a timely assessment and consequent actions.
149
Every alarm should have a defined response. Each alarm presented to the Understandable: This characteristic is about ensuring that each alarm
operator should be useful and relevant. To achieve this, the designer should message is clear and easy to understand by the operator(s). All alarms
ensure that every alarm has a defined response. In general, this response must be clean and unambiguous and shall be presented at the appropriate
should be an action, e.g., operating a standby pump, alerting a control set time when the operator needs to take corrective action(s).
point, repairing some failed part of the equipment, etc.
Diagnostic: This characteristic is about the ability of the system to easily
Adequate time should be allowed for the operator to carry out this identify the problem(s) that has/have occurred. This is one of the core
response. As discussed before, for each alarm, the operator response is abilities of the system to detect and analyze the event and then deliver the
expected. This requires that adequate time should be given for the operator right message to the operator to take suitable action on a timely basis.
to perform the required action.
Advisory: This characteristic is about how the alarm system helps in
In light of the above-mentioned principles for an effective alarm system, indicating the required action for each type of alarm. The ability of the
it is easily inferred that “the alarm system should be explicitly designed system to detect and process the plant information and finally propose the
to take account of the human limitations.” Accordingly, an effective alarm required actions is one of the characteristics that decides how much the
system needs to include the following: alarm system is properly designed.
issues that can disturb the operator and affect its attention for a real case.
Advisory
Relevant
Alarm System Problems
Diagnostic
Timely
Relevant when none exists or when no change in process condition has occurred.
Understandable
Prioritized
Nuisance alarms desensitize the operator, reducing the response to all
alarms. Instrument problems or alarms set within the normal operating
range often cause nuisance alarms.
Any alarm should be Relevant: This means that any alarm is not to be
Stale Alarms: Stale alarms remain in the alarm state even when no
spurious or of low operational value. Looking at this alarm characteristic, it
abnormal condition exists, or no operator action is required. Stale alarms
is important to mention that fall to develop a relevant alarm is the reason
form a baseline of alarms that require no action and train the operator to
behind a lot of incidents in the oil and gas industries.
ignore certain alarms.
Alarms should be Unique: This means that each alarm should not duplicate
Alarm Floods: Alarm floods refer to a temporary high rate of alarms, usually
another alarm.
associated with an event like a process upset. Alarm floods overwhelm the
The alarm should be Timely: As mentioned before, the purpose of an alarm operator, masking important alarms and reducing the operator’s ability to
system is to direct the attention of the operator to the presence of a certain respond to the upset appropriately. Configuring multiple alarms for a single
condition that requires a timely assessment and actions. event is one of the main causes of alarm floods.
150
Alarm Clarity: Clarity of alarms relates to configuring the alarms and Prepared by:
training the operator to respond to the alarm. Alarm documentation Sayed Eid Sayed Khalil
generated during rationalization serves as input for training. Alarm clarity HSE Assistance General Manager - Agiba Petroleum Company
problems are a difficult thing to measure. Operator training can provide the
opportunity to identify clarity problems. Sometimes the problems can be Technical Consultant:
resolved with changes to the basic alarm configuration. Advanced alarm Amr Fathy Moawad Hassan
techniques are employed to produce fewer alarms with clear meaning. PSM Senior Consultant at Methanex Egypt
151
Safety Case
152
Safety Case Standard
EGPC-PSM-ST-002
153
demonstrate to top management, workforce, regulators, local population/
Overview
communities, shareholders, etc., that the Major Accident Hazards and
154
• To assure stakeholders that significant hazards are identified and Based on the notification, EGPC will then designate the facility and,
assessed to appropriate levels, residual risks are managed to As Low As accordingly, decide whether developing a Safety Case report is needed or
Reasonably Practicable (ALARP) levels. not. Notification will help to:
• To demonstrate that an internal emergency plan has been prepared, • Allow EGPC to understand the type of activities carried out inside the
including sufficient information to prepare an external emergency plan. facility and the other activities in the area surrounding the facility and
hence the expected risk level.
• To fulfill the EGPC requirement to be able to grant a license to operate
the facility. • Confirm the quantities of specified dangerous substances present or
likely to be present at the facility.
Safety Case Process Flowchart • Support EGPC for the correct designation of the facility.
The Safety Case process comprises four main stages: The operator must send the notification to EGPC within a reasonable
period of time prior to the start of construction/start of operation of the
1. Notifying EGPC of the facility.
facility. The table following includes the timescales for the submission of
2. Designating the facility by EGPC.
notifications in various circumstances.
3. Developing the Safety Case report.
4. Reviewing the Safety Case by EGPC.
SCENARIO NOTIFICATION
Major Hazard Facility's Operator
sends Notification to EGPC - Major hazard facility - - Notification to be sent as
Existing. per EGPC scheduled
EGPC reviews the Notification
requirement.
and designates the Facility
Safety Case report No Safety Case report IADC HSE case report
Required Required Required - The facility moves to - Notification to be sent
another category due to an (Not less than one year)
Operator to Develop
Operator to Develop
Major Accident Prevention
Rig owner to Develop
IADC HSE Case and
increase/decrease in the before the date of
Safety Case Report Policy (MAPP) and
PSM system
Bowties for the Major
Accident Hazards scenarios
number of dangerous increase/decrease.
substances.
155
The operator of the major hazard facility shall inform the holding company In a period of not more than 45 days from receiving the notification, EGPC
(EGAS, ECHEM, or GANOPE) of the notification content. The notification will then designate the facility and notify the operator in writing that the
to EGPC must be given in the manner and form required by EGPC, and it facility or proposed facility to which the notification relates is or will become
shall include the following information: an Upper Tier Major Hazard Facility or a Lower Tier Major Hazard Facility.
• A brief description of the primary business activity or activities at the The designated Upper Tier Major Hazard Facility shall develop a
facility. Safety Case report, while the designated Lower Tier Major Hazard
Facility is not required to develop a Safety Case report. However, the
• Information about the operator.
Lower Tier Major Hazard Facility is still required to develop a Major
• Sufficient information to identify the specified dangerous substances Accident Prevention Policy (MAPP) and implement a Process Safety
present or (likely to be present) at the Facility. Management (PSM) program. Holding companies (EGAS, ECHEM, or
• The calculated quantity and physical form (for example, solid, liquid, or GANOPE) will be notified of the Upper Tier Major Hazard Facilities so
gas) of the specified dangerous substances. that they can be aware of the designation of their affiliates and can
follow up with them on the development of the Safety Case report.
• The contact details of a person with whom EGPC may communicate
concerning the information that is, or must be, contained in the Although all drilling activities shall develop IADC HSE Cases and bowties
notification. for MAH scenarios, the operator must still send a notification to EGPC
preceding the drilling operation.
• The expected start date of the operation.
EGPC may request further information about the facility. This can include
• Information about the land use and other activities in the area surrounding information about the use or proposed use of specified dangerous
the facility or proposed facility. substances and the physical condition of the facility. Supported by a written
• Any other additional information that EGPC requires. justification, EGPC could decide to designate a Lower Tier Major Hazard
Facility as an Upper Tier Major Hazard Facility based on the following:
For the land use description part, the following should be considered:
• The quantity or combination of specified dangerous substances present
• Describing, where available, details (such as name, address, and type of
or likely to be present at the facility.
business) of neighboring facilities and other sites which could initiate or
aggravate a major accident and domino effects, e.g., a scrapyard storing • The type of activities within the facility involving the specified dangerous
tires near the boundary with a facility where flammable gas is stored. substances.
• Describing elements of the surrounding environment that could • The land use and other activities in the area surrounding the facility.
aggravate the consequences of a major accident. This should include Any other relevant matter.
both built and natural environments, i.e., nearby housing, schools, Due to the highly challenging and remote environments with limited
location close to a river or groundwater, etc. resources to assist in a major accident event, all offshore installations are
After the notification is sent to EGPC, EGPC will assess the notification, designated Upper Tier Major Hazard Facilities regardless of the quantities
make a decision, and notify the operator of its decision regarding the of the dangerous substances. If the operator submits a Safety Case report
type of facility. EGPC could include any requirements or instructions the or a revised Safety Case report before the submission of the notification,
operator shall comply with in its response to the operator. The decision he must still send a separate notification to EGPC.
takes into consideration the nature of the facility and the quantity of
specified dangerous substances that are present or likely to be present.
156
For the purposes of carrying out the review and designation of the facility, Onshore Lower Tier Major Hazard Facilities
EGPC may require a site visit to the existing sites or may require the operator
Onshore facilities designated as Lower Tier Major Hazard Facilities are
to provide further information. The operator must reply to EGPC’s required
not required to develop Safety Case reports. However, developing Major
information within a period of not more than 14 days. EGPC may change a
Accident Prevention Policy (MAPP) and implementing a process safety
designation if, after consultation with the operator, EGPC is satisfied that
management system, including emergency response, is required.
the reasons for the designation or decision no longer apply.
The following table illustrates obligations imposed by the Safety Case
standard.
When is a Safety Case Report
Required? DUTIES UTMHF LTMHF DRILLING
All offshore installations, whether manned or not and whether containing Prepare and submit Safety Case to EGPC YES NO NO
dangerous substances or not, shall develop a Safety Case report. Prepare and submit IADC HSE Case to EGPC NO NO YES
For all onshore facilities that are designated by EGPC as Upper Tier Major The Safety Case Report and the
Hazard Facilities, the operators of those facilities shall develop a Safety
Facility Life Cycle
Case report.
Design Safety Case
Pipelines
The facility shall develop a Design Safety Case at the latest end of FEED and
A major accident hazard pipeline is considered a major hazard facility and
send it to EGPC only for a quick completeness check and acknowledgment.
is subjected to the same process to identify the need for the Safety Case.
EGPC could indicate any matters that may create difficulties with
If the pipeline is designated as an Upper Tier Major Hazard Facility, the
accepting the operation Safety Case if those matters are not considered in
operator of the pipeline shall develop a Safety Case report.
the detailed design or the construction or commissioning stages.
Drilling Rigs The purpose of the Design Safety Case is to:
For both onshore and offshore drilling activities, the rig owner is responsible
• Define the options considered as part of the Evaluation/Concept
for developing an IADC HSE Case in accordance with the requirements of
selection phase and justification for the selected option.
the International Association of Drilling Contractors (IADC). The operator
shall approve the IADC HSE Case developed by the rig owner and send it • Define the design performance standards of the Safety Critical Elements
to EGPC for an acknowledgment before the commencement of the drilling that shall be achieved and maintained during the design, construction,
If the facility where the drilling activity will be carried out is not required to • Demonstrate that the risks from Major Accident Hazards have been
develop a Safety Case report, then the operator shall, in conjunction with actively and systematically reduced to ALARP, and the facility is designed
the rig owner, conduct a HAZID workshop to identify the hazards associated for HSE & Integrity.
with the drilling operation. Following the HAZID, bowties shall be developed
Operations Safety Case
for the MAH scenarios to ensure meeting the barrier adequacy criteria and
further ALARP demonstration. In addition to the IADC HSE Case, MAH The Operations Safety Case shall be developed before the startup of the
Bowties shall be sent to EGPC for acknowledgment before the start of the facility and be submitted to EGPC for review and approval so that EGPC is
157
The purpose of the Operation Safety Case is to: If the Greenfield project/Brownfield modification alone is sufficient to
designate the facility as an upper-tier major hazard facility, then a Design
• Demonstrate how the Major Accident Hazards are managed during
Safety Case should be developed during FEED. Following the Design Safety
operations to ensure that the risks are tolerable and ALARP.
Case, the Operations Safety Case shall be developed/updated for the
• Define the operations performance standards of the Safety Critical whole facility and be submitted to EGPC before the startup of the project/
Elements that shall be achieved and maintained during the operation modification.
phase, including maintenance, inspection, and testing of the SCEs.
The following figure shows the decision tree for dealing with Greenfield
• Define the Safety Critical Tasks with the corresponding HSE Critical projects and brownfield modifications with major accident potential.
positions and enable them to effectively and safely manage the day-to-
day operations/activities and associated hazards.
Safety Case report submission time
• Describe how the relevant management systems (e.g., integrity,
The defined submission period is to give EGPC sufficient time to properly
maintenance, competence, MOC, PTW) implement the requirements of
assess the Safety Case and resolve any issues with the operator. For some
the performance standard and the Safety Critical Tasks, including the
fast-track developments, it may be difficult to provide this defined period
management of SCEs to continuously meet operations performance
notice. If so, EGPC has the power to reduce the timescale for submission,
standards.
particularly for smaller and fewer complex installations, where the earlier
• Demonstrate that an internal emergency plan has been prepared, which Design Safety Case did not give rise to significant concerns. Operators
includes sufficient information to enable an external emergency plan to should contact EGPC as soon as they identify a possible need to ask EGPC
be prepared. Figure 4 shows the link between design and Operations to specify a shorter period.
Safety Cases.
EGPC also may extend the time within which the operator must give EGPC
a completed Safety Case/ IADC HSE Case if:
Greenfield Project/Brownfield
a. The operator applies in writing to EGPC for an extension of time, and
modification (With MAH Potential)
within the facility boundary
b. EGPC is satisfied that there has been insufficient time to comply with
the Safety Case/IADC HSE Case requirement.
The proposed modification/project brings
No
significant change to existing facility risk
The following table shows the timescale for the submission of the Safety
profiles or change the facility tier
Operator to send
a Notification to EGPC
No Yes
No No
158
REASON FOR DEVELOPING THE SAFETY CASE REPORT TIME TO SUBMIT SAFETY CASE REPORT TO EGPC
- Designated Upper Tier Major Hazard Facility - - Design Safety Case report (Latest end of FEED)
Proposed construction Operations Safety Case report
(6 months before the startup of the operation)
- Designated Upper Tier Major Hazard Facility - Existing - Operations Safety Case report (not later than one year
after being designated from EGPC)
- Existing onshore Lower Tier Major Hazard Facility chooses - Operations Safety Case report
to increase its inventory of dangerous substances (6 months before the start of operation)
to meet the Upper Tier threshold limits
Major Accident Prevention Policy (MAPP) Preparation of the Safety Case Report
Major Accident Prevention Policy (MAPP) is required for the whole major The Safety Case report is site-specific, so operators with more than one
hazard facilities, either upper tier or lower tier. For upper-tier major hazard site cannot submit one Safety Case report to cover them all. In some
facilities, MAPP must be included as a separate document in the Safety cases, and upon approval from EGPC, a single Safety Case report may be
Case report under the process safety management section. developed for a group of facilities, e.g., a major accident hazard pipeline
connected to an Upper Tier Major Hazard Facility, a production platform
The MAPP is a key document. Its purpose is to provide a statement of the
connected to satellite platforms that are normally unattended. However,
senior management’s commitment to achieving high standards of major
the detailed description, including the assessment of risks, MAHs, bowties,
hazard control. A MAPP must be in writing and should include the facility’s
SCEs, and Performance Standards, shall be specified for each facility.
overall aims and principles of action about the control of major accident
hazards, preventing the occurrence of major accidents, and limiting The Safety Case must be a stand-alone document that is sufficient to meet
their consequences to people and the environment at or near the facility the contents and the required level of detail without the need to refer to
by appropriate means, structures, and management systems. A MAPP other documents external to the Safety Case. It is not required to provide
document must: extensive detail when it is possible to refer to other reports or studies
already prepared. Reference documents are a useful way of supporting
a. Be designed to ensure a high level of protection of human health and the
arguments but are not a substitute for the demonstrations required in the
environment.
Safety Case.
b. Be proportionate to the Major Accident Hazards.
c. Set out the operator’s overall aims and principles of action. The operator of the facility must demonstrate to EGPC that in the
d. Set out the role and responsibility of management and its commitment development or revision of the Safety Case for the facility, there has been
to continuously improving the control of Major Accident Hazards. effective consultation with and participation of members of the workforce.
159
Concept selection
Content of the Safety Case report
This section is intended only for the Design Safety Case to compare
Executive Summary
the principal features of the design with alternative designs considered
The executive summary is intended to provide a succinct summary of the to demonstrate that the preferred option will reduce risks to as low as
essential features of the Safety Case report, in particular, the conclusions reasonably practicable. Reference should be made to safety factors
and recommendations section of the document. It should be no longer incorporated in the design and to relevant codes of practice.
than two pages as it is intended to provide a rapid digest for the reader to
decide whether to read in more depth. It should briefly describe the asset
Formal Safety Assessment
in outline and set down the intent of the Safety Case report. It should then Formal Safety Studies
summarize the control of major accident hazards (MAHs) with less detail
This section summarizes the formal safety studies carried out for the
aiming to capture the essential message of the results. It should outline any
facility and their closeout status. This section should cover different
actions for further studies and why these do not prejudice the justification
studies, such as HAZOP and LOPA studies. It should demonstrate that the
for continued safe operation.
degree of detail of the analysis is proportionate to the level of complexity
of the facility, the nature of the hazards, and the possible consequences.
Introduction
MAH scenarios and Barrier Management
The main function of the Introduction section is to provide an overview
of the objective of the Safety Case and how the parts of the document This section is aimed to demonstrate that all potential MAH scenarios are
logically lead to the endpoint, demonstrating the ALARP and justification of identified, critical barriers are selected, and the performance criteria for
continued safe operation. As there is often considerable detail and length the barriers have been defined. This also includes how the facility ensures
in the Safety Case, such as the approach, it will allow the “bigger picture” to the suitability of the barriers, either initial suitability or ongoing suitability.
be retained, and the reader progresses through the document. This section shall cover the following points:
160
MAH scenarios that shall be considered in the Safety Case are as follow: Emergency Response Plan
• The onshore Safety Case shall focus the attention only on ‘Process- A summary of the emergency response plans must form part of the
related Major Accident Hazards’ that involve a release of one or Safety Case report though the ERP is prepared as a separate document
more dangerous substances included in Annex A and excludes 'non- to facilitate use. This is to demonstrate that an effective emergency
process-related Major Accident Hazards' which have possibly severe response plan is in place against all the identified major accident hazards.
or catastrophic consequences. The operator of the onshore Upper Tier The response plans should be related and preferably cross-referenced to
Major Hazard Facility has the option to consider the non-process MAH the major accident hazards (in particular, the representative set of MAHs)
scenarios if needed. described elsewhere in the Safety Case.
• Offshore Safety Cases shall consider all Major Accident Hazards, either ALARP Demonstration
process-related or non-process-related.
As part of the ALARP demonstration, a risk reduction workshop shall be
• In the case of combined operations, MAH scenarios that are generated conducted to present the recommended risk reduction measures (RRM)
because of the combined operations shall be considered. identified during the safety studies required for developing the Safety
Case, e.g., MAH bowties, QRA, and assess the implementation of those
• MAH scenarios that developed because of domino effects shall be
risk reduction measures. In some cases, cost-benefit analysis (CBA)
considered.
for potential risk reduction measures shall be presented; potential risk
Quantitative Risk Assessment reduction measures that are rejected shall be recorded with a justification
This section shall summarize the outcome of the QRA study, including the for the rejection.
individual and societal risk figures against the corporate risk acceptance The output from the risk reduction workshop and CBA calculations shall
criteria. This section shall also include the impact on critical equipment and be briefly documented in the ALARP demonstration section, inclusive of
locations, i.e., muster points, control room, fire pump station, etc. MAH the justification for the selection and rejection of all identified potential risk
Scenarios developed from the nearby facilities and have an impact on the reduction measures.
existing facility shall be considered and evaluated.
Improvement Action Plan
Manual of Permitted Operations (MOPO)
This part of the Safety Case provides a plan to resolve any outstanding
A MOPO is required to be developed as part of the Operations Safety actions, improvements, or shortfalls identified at the time the Safety Case
Case. This section shall detail how the MOPO is used and how the facility is was prepared and thereby improve the overall safety management system
managing deviations from MOPO. of the facility.
The operator needs to show that an effective process safety management Appendix section of the Safety Case report shall include the following:
system is established and maintained to control and manage major
a. Hazard and Effect Register.
accident hazards and limit their consequences. The PSM system summary
b. MAH bowties.
should provide a general overview of the PSM program implemented in
c. List of SCEs with their owner.
compliance with EGPC Process Safety Management System Program
d. SCE’s Performance Standards.
Standard EGPC-PSM-ST-003.
e. Safety Critical Tasks and HSE Critical Positions.
The summary should cover the four PSM pillars and respective sub-PSM f. MOPO matrix.
elements listed in the standards and include sufficient evidence to show
and support that an appropriate PSM system is in place.
161
The below table presents the typical content of design and Operations
Statement of Fitness
Safety Case reports.
The operator of the facility, the most senior position, shall sign and date a
statement confirming that:
TYPE TYPICAL CONTENT NOTES
• The information in the Safety Case is accurate and up to date.
Design Safety 1. Executive Summary The following points are not
Case • The controls to be implemented will eliminate or minimize the risk of a
2. Introduction included in the Design Safety
3. General Description of the Case: major accident occurring to the extent that is reasonably practicable.
Facility • Emergency Response Plan.
4. Formal Safety Assessment • Process Safety Management
• The barriers required to manage Major Accident Hazards are identified,
5. ALARP Demonstration systems.
6. Action Plan • MOPO matrix. and performance standards of Safety Critical Elements are developed.
7. Appendixes • Safety-Critical Tasks.
a. Hazard and Effect Register. • All people involved in implementing the management system have
b. MAH bowties. - Closeout reports status for the
c. List of SCEs with their owner. process safety studies shall be
the knowledge and skills necessary to carry out their roles safely and
d. SCE’s design Performance included under the formal competently.
Standard. safety assessment section.
• In the event of a major accident occurring, the controls will minimize the
- Design performance standards
for the SCEs shall detail the magnitude and severity of its health and safety consequences to the
assurance and verification tasks
covering design, installation, and
extent that is reasonably practicable.
commissioning aspects.
Statement of Fitness shall be part of the Operations Safety Case report
- “Concept Selection” should be
and be included under the ALARP Demonstration.
added under the General
Description of the Facility
section.
162
• As part of any significant changes to the facility, operation, or List of Annexes
surrounding environment that may have a potential impact on the risk
• Annex A – Calculations of Dangerous Substances.
profile.
• Annex B – Major Hazard Facility Notification Form.
• As part of any significant changes to the facility, operation, or • Annex C – Information to be Included in “General Description of The
surrounding environment Following any change to the safety Facility” Section.
management system could have significant consequences for the • Annex D – Manual of Permitted Operations (MOPO).
prevention of major accidents or the limitation of the consequences of
For annexes details, please refer to SAFETY CASE STANDARD EGPC-PSM-
major accidents to human health and the environment. that may have a
ST-002 on the PSM EGYPT website.
potential impact on the risk profile.
The Design Safety Case shall also be sent to EGPC. This is only for quick
completeness check and acknowledgment and will not follow the same
detailed review as the Operations Safety Case; however, EGPC could
indicate any matters that may create difficulties with accepting the
Operations Safety Case if those matters are not taken into account in the
detailed design or the construction or commissioning stages.
IADC HSE Case for the drilling rigs, reference to IADC requirement, and
MAH bowties are mandatory documents and shall be sent to EGPC for
quick completeness check and acknowledgment before the start of the
drilling operation. It is the operator's responsibility to review the IADC
HSE Case before sending it to EGPC to ensure all the IADC HSE Case
requirements are covered.
163
The Deepwater Horizon Oil Spill -
Gulf of Mexico. Tuesday, April 20,
2010. Hydrocarbons escape. 11
deaths and 17 injuries.
164
As Low As Reasonably Practicable
(ALARP) Demonstration Guideline
EGPC-PSM-GL-010
165
Overview • The Decision-Making Process.
- Introduction
ALARP Overview
- Purpose
The fundamental principle of Risk Management is that while risks cannot
- ALARP Overview always be eliminated, it should be possible to reduce them to a level that is
ALARP so that they are tolerable because all Reasonably Practicable Risk
- ALARP Demonstration Process Reduction Measures have been implemented.
The ALARP principle is a well-established principle predefined in the Risk Tolerable if Tolerable only if risk
ALARP region reduction is impracticable
Management Standard EGPC-PSM-ST-001. At the same time, ALARP or if its cost is grossly
Risk is taken disproportionate to the
Demonstration and Assessment is a method used by companies to improvement gained.
only if a benefit is
demonstrate that the Residual Risk from their Major Hazard activities is required
ALARP.
Tolerable if cost of
reduction would exceed
This guideline helps the companies to prepare and document their ALARP
the improvement
Demonstration and Assessment to encompass the submission of the
Broadly Necessary to maintain
Safety Case per the Safety Case Standard EGPC-PSM-ST-002. assurance that risk
acceptable
remains at this level
region
Purpose
This guideline describes the main components of the ALARP Framework for Tolerability of Risk (ALARP Carrot Diagram).
Demonstration and Assessment process as the main objective of
companies' Safety Case(s). This guideline is consistent with the Safety The triangle divides risk into three bands representing an increasing level of
Case Standard EGPC-PSM-ST-002, and the Major Accident Hazard risk from a Low Risk to a High Risk:
Management Guideline EGPC-PSM-GL-006 [3] enables COMPANIES to 1. An unacceptable region is represented by red at the top of the triangle,
follow a defined regime to demonstrate that all Residual Risks from its where risks are intolerable and Risk Reduction Measures are mandatory.
Major Hazards activities are ALARP. This guideline aims to explain the 2. A middle band, or tolerable if the ALARP region is represented by amber
following: and yellow at the middle of the triangle, where Risk Reduction Measures
• The ALARP Principle Overview. are desirable but may not be implemented if their cost is disproportionate
to the benefit achieved.
• The ALARP Demonstration Process, including the ALARP Demonstration
3. A broadly acceptable region is represented by green at the base of the
Methodology and the ALARP Assessment. triangle, where no further Risk Reduction Measures are normally needed.
166
Initial Risk Low ALARP High
MAH
Identification
Major Accident Hazard (MAH)
Existing Risk Some special For tolerable Most of Risks In Early design
cases risk only are treated only
Reduction
Measures
RRM(s) 4T'S
Transfer Tolerate Treat Terminate Strategy
L1 Elimination
L2 Substitution
L1 Passive
L3 Engineering controls
Increasing of L2 Active Hierarchy of
L4 Isolation Control
Barrier L3 Admin. Controls
L5 Admin. Controls
Reliability L6 PPE
Additional Risk
Reduction Low ALARP High
Measures
Accept
Prepare evidence
for the
disproportionality
167
From the ALARP demonstration perspective, even if the risk level for a Initial Risk from Qualitive Methods (e.g., HAZID)
Baseline Case/Initial/Inherent Risk has been judged to be in the ALARP
region, it is still required to consider introducing further Risk Reduction
Qualitative MAH Identification
Measures to drive the remaining or Residual Risk downwards. The ALARP (Based on the MAH Zone in the Qualitative Risk Tolerability Criteria)
level is reached when the time, trouble, and cost of further reduction (Ref. Major Accident Hazard Management Guideline EGPC-PSM-GL3) (006-)
This includes identifying the MAH using the developed different Risk
Barriers meet Barriers do not meet
Assessment Techniques, checking the existing Risk Reduction Measures the criteria the criteria
(Barrier's adequacy), deciding the need for additional RRM(s), and whether
Check the Qualitative Risk
these additional RRMs are reasonably practical not to be implemented. Tolerability Criteria to determine
the Risk value after considering
The Main Steps for a Successful ALARP Demonstration Process linked the exiting Barriers/RRM(s)
to Risk Management, the MAH, and the Safety Case Standard and
Guidelines.
Acceptable Risk Medium Risk High Risk
two Figures.
168
Quantitative MAH identification using QRA Major Accident Hazard (MAH) Identification
(Ref. Quantitative Risk Assessment
(QRA) Guideline EGPC-PSM-GL4] (008-]) The MAH is a hazard with the potential, if realized, to result in a Major
Accident. The Major Accident is a Hazardous Event that results in: multiple
fatalities or severe injuries; extensive damage to the structure, installation,
or plant; or large-scale environmental impact [3]. The objective is to
The Risk value(s) resulted from the QRA is(are) determined
considering the existing Barriers / RRM(s) (i.e., it is a identify all potential MAH(s) to prove that all MAH(s) are controlled and
Current Risk not an Initial Risk), and its evaluated have been reduced to or below the lower tolerability limit. The MAH list is
based on the Quantitative Risk Tolerability Criteria
generated for the Initial Risk (Inherent Risk) ranking before considering the
proposed/existing control measures/RRMs. However, the MAH from QRA
is determined considering the existing Barriers.
Acceptable Risk Medium Risk High Risk
Risk Reduction Measures RRM (Barriers) Selection
Suggest Additional Suggest Additional After identifying the MAH and as a part of the Hazard Identification process,
Barrier(s) Barrier(s)
the existing RRM(s) must be identified for the Inherent Risk so that the
Rerun (Recalculate) the QRA to Current Risk and, finally, the Residual Risk can be assessed. All physically
check that the suggested Additional
RRM/ Barrier(s) will reduce Risk(s) to possible additional RRMs shall be identified to the Current Risk located in
the Tolerable Limit
the ALARP zone; to drive the remaining/Residual' Risk downwards (to or
The RRM(s) can either lower the possibility (frequency) of the hazard
The Quantitative MAH Assessment Link to the ALARP
occurring, reduce its consequences, or both. The recommended Strategy,
Demonstration Methodology.
the Hierarchy of Control (Hoc), and the reliability of the RRM have been
Risk Assessment identified in the Risk Management Standard EGPC-PSM-ST-001,
In carrying out the ALARP Demonstration, a Risk Management Residual Risk (RR) Identification and the
process must be followed (Risk Management Standard EGPC-PSM- Needs for Additional RRM
ST-001), including different Risk Analysis Techniques (Qualitatively
The Current Risk is the risk remaining after considering all already
and Quantitively), to comprehensively identify all hazards and risks
implemented barriers (existing RRMs) for both Qualitative and Quantitative
associated with the activities. The objective is to provide sufficient
Risk Assessments. The need for additional RRM is based on the Current
details of the hazard nature and the risk level to demonstrate that the
Risk value and the need to lower the Residual Risk (RR) to or below the lower
risks have been reduced to ALARP.
tolerability limit.
Risk Tolerability Criteria
Qualitative Residual Risk Identification
Qualitative and Quantitative Risks shall be evaluated in reference to the
For those MAH(s) which have been identified Qualitatively using
Risk Tolerability Criteria. The objective is to describe clearly and concisely
a Qualitative Risk Analysis method (HAZID) followed by barrier(s)
the facilities' risks level.
assessment using bowtie, the Residual Risk is identified depending on
Note: Qualitative and Quantitative Risk Tolerability Criteria are the barrier adequacy criteria (the criterion is described comprehensively
comprehensively described in the Risk Management Standard EGPC- in the Major Hazard Management Guideline (EGPC-PSM-GL-006)).
PSM-ST-001.
169
Quantitative Residual Risk Identification
The ALARP Demonstration process is viewed as a series of staircases, with
For those Current Risks identified Quantitatively (using a Quantitative each level representing an increased level of risk control. The main objective
method, e.g., QRA) that exceeded the upper tolerability limit (Intolerable of levels one and two is to answer the question, "did we make the basics?"
Risks) and Current Risks that are located in the ALARP zone, there is a need (i.e., did we achieve the baseline or the minimum?) The answer to this
for recommended additional RRM(s)/ Barrier(s). A rerun (recalculation) for question is yes or no, and it is not an argued question. Passing by these two
the QRA models shall take place to ensure that the implementation of the staircases is mandated before deciding whether the risk is ALARP or not.
recommended additional RRM(s) / barrier (s) is capable of reducing the Level three is where to measure the proportionality of the suffering relative
Residual Risk(s) to or below the lower tolerability limit. to the benefits and to decide whether the suggested additional RRM is
reasonably practicable or not. At this level, two important questions have
ALARP Demonstration - Identifying What is
to be answered; "is there anything more we can do?" and "Is it reasonably
Reasonably Practicable
practicable or not?"
The main objective of this section is to guide on how to assess and
demonstrate whether it is reasonably practicable to implement a Risk Level One – Risk Levels Legislative Requirements
Reduction Measure based on a risk decision framework. At this level, COMPANIES shall ensure that the Risk Tolerability Criteria are
met before moving to any additional RRM, as well as all legal requirements
of all relevant Laws and Decrees from Governmental Authorities.
ALARP Demonstration Methodology
Level Two – Good Practice, International and Company
There are three main levels/ steps to ensure that risks are reduced to the
Standards
ALARP levels, as illustrated in the following Figure.
Adopting current Good Practice or its equivalent is an ALARP methodology's
Levels one and two identify and adopt the legislation requirements and
second step. It is the level to determine whether the Risk Assessment and
appropriate codes and standards; these represent cumulative industry
the RRM met the Good Practice requirement or not. Good Practices (as
knowledge gained from previous incidents. Level three identifies what is
defined by UK-HSE) are the recognized Risk Management Practices and
reasonably practicable RRM(s) to be implemented (ALARP).
Measures that competent organizations use to manage well-understood
hazards arising from their activities.
170
Qualitative ALARP Assessment Quantitative ALARP Assessment
The suggested additional RRM/barrier will be qualitatively evaluated to Cost Benefit Analysis (CBA) is the Quantitative Assessment of the Cost
determine if the implementation of the RRM is reasonably practicable or of implementing a particular Risk Reduction Measure and the comparison
not. A matrix is used to produce a numeric value for implementing Risk with the Safety Benefit (Risk Reduction) that this would be expected to
Reduction Measures (Note: although it is a numerical value, the matrix is still achieve. While no amount of money can compensate for injury or harm,
qualitative). Values are given to cost, effort, and expected risk reduction. the ALARP principle acknowledges that an investment aimed at reducing
injury or harm will not be made without regard to the size of that investment.
The way that the CBA is done is to:
Anticipated Risk Reduction (the ALARP Value)
Risk Reduction x Cost x effort
Cost x Effort 1. Calculate the Implied Cost of Averting a Fatality (ICAF) for the Risk
High Medium Low Reduction Measure, which is the Cost of the Risk Reduction Measure
1 2 3
divided by the Risk Reduction achieved (the reduction in Potential Loss
1 1 2 3
of Life over the Facility’s Remaining Lifetime.
2 2 4 6
2. Compare this to the Identified ICAF values criteria.
3 3 6 9
3. A risk reduction measure will then be reasonably practicable or not
4 4 8 12
based on the action category of each Identified ICAF value.
6 6 12 18
For further details about the quantitative assessment please visit the
9 9 18 27
EGPC USafe Application or the PSM Egypt website for the detailed ALARP
guideline.
The final ALARP value is checked against the Decision-Making, and
ALARP Demonstration Methodology and the
a decision is made on implementing, considering, or rejecting the
Risk Reduction Measure. A simple model is used to categorize the
Decision-Making Process
recommendations into the following categories, as shown in the The ALARP Demonstration Methodology requires Decisions shall be based
following table: on a Decision-Making process. The main objective of the Decision-Making
Process is to identify at what level of the ALARP Demonstration ladder
ALARP Value Action Category The Required Decision we shall stop (when enough is enough). Choosing the suitable decision
1-4 Implement
Disproportionate to the reduction in the risk hazards. The following Figure shows the Decision-Making Process Diagram
achieved (i.e., the implementation of the
RRM is reasonably practicable). based on the UKOOA.
171
Significance to the Process of Decision Making
• Nothing New
Codes and Standards Codes and Standards • Well Understood
• Established Practice
A
Verification
• No major Stakeholder issues
e n gt • Lifecycle Implications
Peer Review tic me
ac d ge • Some risk 'trade-offs'
Benchmarking
G
o od
Pr
ng
in ee
rin
g Ju
sis-Q RA , CB
A etc • Some uncertainty or
deviation from standard
B
E naly
s es A practice
-Ba
Risk • Significant economic implications
The ALARP Demonstration (Risk Reduction) workshop shall be conducted ALARP Demonstration Workshop is a multidisciplinary analysis approach
to present the various Qualitative and Quantitative Risk Assessment that requires all team members to bring specific knowledge continuously
Studies' results and to discuss the additional Risk Reduction Measures throughout the session, having the main goal of properly answering any
and Recommendations, to demonstrate that risks are ALARP (as a main process safety-related question and avoiding them as much as possible to
purpose of the Safety Case). The ALARP Demonstration Workshop shall delay the issue by reporting to people outside of the team.
follow the Methodology illustrated in the following Figure.
172
Recommended Additional RRM
Grossly
Disproportionate
ALARP
Assessment
No (Step 3)
Is it a Good
Practice?
(Step 2)
No
Is it a Legal
Requirement?
(Step 1)
Yes
Yes
Grossly
proportionate Need Further
Investigation to take
the suitable Decision
Executing the ALARP Demonstration Steps during the ALARP Demonstration (Risk Reduction) Workshop.
173
Safety Case Appraisal Guideline
EGPC-PSM-GL-013
174
Overview MHF operators should use it to understand the CA expectations and
minimum requirements better. This is in conjunction with the Safety Case
This snapshot displays an overview of the safety case appraisal guideline, Standard EGPC-PSM-ST-002 and ALARP demonstration Guideline EGPC-
which focuses on the following: PSM-GL-010.
The Safety Case Appraisal Criteria applies to all companies that operate
- Purpose under the Authority of the Egyptian General Petroleum Corporation
- Safety Case Appraisal Process (EGPC), the Egyptian Natural Gas Holding Company (EGAS), the Egyptian
Petrochemical Holding Company (ECHEM), and the South Valley Petroleum
- Safety Case Appraisal Criteria Holding Company (GANOPE) covering all their operational subsidiaries,
- Checklists/Templates
The Safety Case Appraisal Process
The Safety Case Appraisal Process consists of four stages:
Purpose
1. Notification.
This document illustrates how the Competent Authority (CA) assesses
2. Safety Case Preparation and Pre-receipt Meeting.
submitted safety cases and provides the basis for accepting, conditionally
3. Safety Case Submission and Decision.
accepting, or rejecting safety cases.
4. Safety Case Intervention Plan.
The Pre-Receipt stage and the appraisal process from ‘Submission and
Decision’ to ‘Intervention Phase’ are managed by the Safety Case Appraisal
team (the CA).
175
• Track and close out the improvement plan recommendations as
Safety Case Appraisal Criteria
scheduled in the Safety Case.
The appraisal criteria provide a framework that helps the MHF operator and
• Facilitate any required logistics such as transportation,
the CA achieve a consistent and proportionate consideration of matters
accommodations, and Hazardous areas and secure permits for the
that may be examined during appraisal.
Safety Case Appraisal Team to conduct any needed site verifications.
In general, the Safety Case appraisal criteria rely mainly on two factors:
• Arrange the pre-receipt meeting with the Safety Case Appraisal Team to
• Detailed Data Sufficiency validate the development roadmap.
• ALARP Demonstration • Secure and facilitate access to the facility documentation and interviews
The criteria are applied by the appraisal team against the relevant content with the focal facility personnel, employees, and contractors.
of the safety case. In this context, the appraisal team will have a good • Communicate internally with the holding company (EGAS, ECHEM, or
understanding of the safety case appraisal process and its place within the GANOPE) to discuss the Safety Case progress and seek its advice.
safety case standard requirements:
Holding Companies
a. Criteria will be “met” when all relevant items are included, and the
• Enforce the implementation and development of the Safety Case across
necessary supporting information has been provided.
their companies.
b. Criteria will be “not met” when some critical relevant items are not
included, the necessary supporting information has not been provided, • Provide any required technical and administrative support for MHF
or the ALARP has not been demonstrated. operators to develop the Safety Case.
• Complete and submit the notification form to EGPC and notify the • Raise MHF non-conformities to Safety Case Endorsement Authority.
holding company.
The Safety Case Endorsement Authority
• Assign a focal person to communicate with the CA to identify whether
the facility is an Upper or Lower Tier Facility. • Endorse Safety Case rejection letters to MHF operators.
• Prepare and submit a Safety Case pre-receipt document. The Safety Case Appraisal Team (The CA)
• Complete and submit the signed-off Safety Case report. The safety case appraisal team are multi-disciplinary team members
• Cooperate with the CA to prepare/review the intervention plan based on that cover all aspects of the safety case. They represent EGPC in
the type of Safety Case approval. communications with the MHF operator and should:
176
• Receive MHF notifications, identify whether the facility is either an Upper • Assess the SCEs' performance standards and verification schemes.
Tier or Lower Tier facility, and notify the MHF operator accordingly.
• Conduct site verifications when deemed required.
• Participate in the pre-receipt meeting with the operator to validate the
Based on the Safety Case's complexity and nature, the Safety Case
Safety Case development roadmap.
Appraisal Team may request the participation of other specialists in the
• Validate the initial completeness of submitted Safety Cases and appraisal process.
whether they are qualified for the appraisal process or lack basic
information. List of Annexes
• Interview the MHF operator to ensure his awareness of the Safety Case’s • Annex A – Safety Case Appraisal Checklist.
important contents. • Annex B – Safety Case interview checklist.
• Annex C – Conclusion Letter Templates.
• Manage the Safety Case conclusion meetings to announce the appraisal
results and agree on the intervention plans for accepted or conditionally For annexes details, please refer to SAFETY CASE APPRAISAL GUIDELINE-
accepted Safety Cases. EGPC-PSM-GL-013 on the PSM EGYPT website.
177
PSM Definitions &
Abbreviations
178
PSM Glossary of Definitions
and Abbreviations
EGPC-PSM-GL-010
179
Purpose Scope
This Glossary of Terms and Abbreviations document has been prepared PSM Technical Subcommittee prepared and maintained this Glossary of
as a guideline for ENTITIES and COMPANIES’ employees and contractors Terms and Abbreviation as a guideline to support consistent reporting and
engaged in activities with respect to Process Safety to ensure a consistent communication within the ENTITIES.
approach for communication of information and understanding and use of
COMPANIES should use the Glossary of Terms and Abbreviations as the
terms across the COMPANIES.
first point of reference when referring to Process Safety Standards or
Individual terms may have been attributed more specific meanings in Guidelines. Where there is a conflict in the guideline or the guideline does
various Standards and Guidelines. Where this is the case, they will appear in not cover all the circumstances, additional Guidance can be obtained by
the specific standard’s or Guideline’s list of defined terms, and the defined contacting the PSM Egypt website.
term definition will take precedence within that Standard or Guideline.
COMPANIES should ensure that all personnel, including Staff and
Contractors involved in any works or services related to PSM Standards
and Guidelines, are informed of their existence, the need for compliance
with PSM Standards, and the adoption, where practicable, of the
recommendations in PSM Guidelines.
180
References and
Acknowledgments
181
• ISO, 2016. Petroleum and natural gas industries - Offshore production
References List
installations - Major Accident Hazard management during the design
• EGPC, “Operating Manual System (OMS) Framework,” Egyptian General of new installations (ISO17776). Brussels: EUROPEAN COMMITTEE FOR
Petroleum Corporation, Cairo, 2020. STANDARDIZATION.
• EGPC, “Operating Manual System (OMS) Implementation Guideline
Safety Critical Element Management Guideline
EGPC-GEN-GL-010,” Egyptian General Petroleum Corporation, Cairo,
2020. • Energy institute, guidance on meeting expectations of ei process safety
management framework - element 16: management of safety critical
• ISO, “Risk management - Guidelines ISO 31000:2018,” International
devices, london: energy institute, 2015.
Organization for Standardization, Geneva, 2018.
• Energy institute, guidelines for management of safety critical elements
• ISO, “Risk management — Risk assessment techniques ISO 31010:2019,”
(sces), london: energy institute, 2020.
International Organization for Standardization, Geneva, 2019.
• Oil & gas uk, guidance on the conduct and management of operational
• HSE UK, “Good Practice and Pitfalls in Risk Assessment, Research
risk assessment for ukcs offshore oil and gas operations, london: oil &
report 151,” Health & Safety Executive, London, 2003.
gas uk, 2012.
• UKOOA, “Industry Guidelines on a Framework for Risk Related Decision,”
• British gas, cumulative operational risk assessment, british gas group,
UK Offshore Operators Association, London, 1999.
2012.
• HSE UK, “Societal Risk: Initial briefing to Societal Risk Technical Advisory
Group, Research report 703,” Health & Safety Executive, London, 2009.
Process Safety Management
• CCPS, “Guidelines for - Developing Quantitative Safety Risk Criteria,”
PSM Program Standard References
Centre for Chemical Process Safety, New York, 2009.
• (AIChE CCPS), center for chemical process safety. Guidelines for risk
• DNV, “Criteria and Risk-Based Damage Stability. Final Report -0165, Part
based process safety. New jersey : a john wiley & sons, inc., Publication,
1: Risk Acceptance Criteria,” DNV, 2015.
2007.
• Risktec-TUV, “Risk-Based Decision Making and ALARP - An introduction
• (DNV) Process safety managment. S.L. : Dnv as veritasveien 1, 1322 hovik,
to making risk-based decisions and reducing risks As Low As Reasonably
norway, 2013.
Practicable (ALARP).,” TUV, 2018.
• (AIChE CCPS), center for chemical process safety. Guidlines for asset
• Risktec-TUV, “Quantitative Risk Assessment (QRA) - An introduction
integrity management. New jersey : john wiley & sons, inc., Hoboken, new
to the quantitative assessment of risks associated with high hazard
jersey., 2017.
facilities,” TUV, 2018.
• (EGPC), egyptian general petroleum corporation. Contractor
Major Accident Hazard Management Guideline
management. Cairo : s.N., 2020. Egpc-gen-gl-005.
• CCPS, 2018. BOW TIES IN RISK MANAGEMENT - A Concept Book for
• (AIChE CCPS), center for chemical process safety. Guidelines for
Process Safety. New York: John Wiley & Sons, Inc.
process safety metrics. New jersey : john wiley & sons, inc., Hoboken,
• Energy Institute, 2020. Guidelines for management of safety critical new jersey., 2010.
Elements (SCEs). 3rd ed. London.: Energy Institute.
• (EGPC), egyptian general petroleum corporation. Hse auditing . Cairo :
s.N., 2020. Egpc-gen-gl-006.
182
• (AIChE CCPS), center for chemical process safety. Ccps introduction • International Organization for Standardization (ISO) (BS ISO 45002:2018),
to process safety for undergraduates and engineers. New jersey : John Occupational Health and Safety management systems – General
Wiley & Sons, inc., Hoboken, New Jersey., 2016. guidelines for the application of ISO 45001. Published by BSI standards
limited 2018.
• (AIChE CCPS), center for chemical process safety. Guidelines for
implementing process safety management. New jersey :John Wiley &
Sons, inc., Hoboken, New Jersey., 2016. PSM Competency Guideline References
• (EGPC), egyptian general petroleum corporation. Competency • European Process Safety Centre (EPSC), "Process Safety Competence:
management system. Cairo : s.N., 2020. EGPC-gen-gl-003. How to Set up a Process Safety Competence Management System,"
2013. Institution of Chemical Engineers (IChemE), Process Safety
• (EGPC), egyptian general petroleum corporation. Indident invistigation
Competency: Supplementary guide – how to build and develop process
guidance. Cairo: s.N., 2020. EGPC-gen-gl-011.
safety competence, 2020.
• (EI), energy institute. Guidance on meeting expectations of ei process
• Centre for Chemical Process Safety (CCPS), Guidelines for Defining
safety management framework. London : Energy Institute, London, 2013.
Process Safety Competency Requirements, New Jersey: John Wiley &
• Administration, U.S. Department of Labor Occupational Safety and Sons, 2015.
Health. Process safety management . s.l. : U.S. Department of Labor
Occupational Safety and Health Administration, 2000. OSHA 3132.
MOC Guideline
• Administration, U.S. Department of Labor Occupational Safety and
Health. Process safety management guidelines for compliance. . s.l. : U.S. • Egyptian Natural Gas Co. (GASCO) (2015), Management Of Changes
Department of Labor Occupational Safety and Health Administration. (MOC) Procedure no.: GASCO-HSE-P-017, Version 1
• (EI), Energy institute. high level framework for process safety Process Safety Management Framework - Element 12 : Management Of
managment . london: Energy institute, LONDON, 2010. Change & Project Management, 1st edition.
• Center for Chemical Process Safety (CCPS). Guidelines For Process Safety Culture Assessment
Implementing Process Safety Management systems. New York: Guideline References
American Institue of Chemical Engineers, 1994.
• Center for Chemical Process Safety (CCPS). Guidelines for Risk-
• Center for Chemical Process Safety (CCPS). Guidelines For Based Process Safety. New Jersey: A JOHN WILEY & SONS, INC.,
Implementing Process Safety Management. New Jersey: John Wiley & PUBLICATION, 2007.
Sons, inc., Hoboken, New Jersey., 2016.
• Center for Chemical Process Safety (CCPS). Guidelines For
• International Organization for Standardization (ISO). (BS ISO 45001:2018), Implementing Process Safety Management systems. New York:
Occupational Health and Safety management systems Requirements American Institute of Chemical Engineers, 1994.
with guidance for use. Geneva: ISO copyright office., 2018.
183
• Process Safety Culture survey, Baker Panel U.S. Refineries independent
Process Safety Studies
safety review.
HAZID Guideline References
• Center for Chemical Process Safety (CCPS). Essential Practices for
Creating, Strengthening, And Sustaining Process Safety Culture. New • HSE UK, "COMAH Safety Report Assessment Guides (SARGs). Energy
Jersey: A JOHN WILEY & SONS, INC., PUBLICATION, 2018. Division - Hazardous Installation Directorate (HID)," Health and Safety
Executives, London, 1999.
PSM KPIs Guideline • HSE UK, "Guidance on Risk Assessment for Offshore Installations,
Offshore Information Sheet No. 3/2006," Health and Safety Executives,
• ANSI/API. (2021). Recommended Practice 754, Process Safety London, 2006.
Performance Indicators for the Refining and Petrochemical Industries.
USA. • HSE UK, "Guidance on Risk Assessment for Offshore Installations,
Offshore Information Sheet No. 3/2006," Health and Safety Executives,
• EGPC. (Feb. 2020), Operating Manual System (OMS) Framework. London, 2006.
• EGPC. (June 2020), Operating Manual System (OMS) Implementation • SO, "Risk management — Risk assessment techniques ISO 31010:2019,"
Guideline – EGPC- GEN-GL-010. International Organization for Standardization, Geneva, 2019.
• IOGP. (2018). Report 2018P, Health leading performance indicators, IOGP • EGPC, "Safety Case Standard (EGPC-PSM-ST-002)," Egyptian General
Report 2018 data. London. Petroleum Corporation, Cairo, 2022.
• EGAS. (March 2017), Incident Reporting & Investigation Procedure. • EGPC, "Risk Management Standard (EGPC-PSM-ST-001)," Egyptian
• Centre for Chemical Process Safety (CCPS) (2016), Guidelines for General Petroleum Corporation, Cairo, 2021.
Integrating Management Systems and Key Performance Indicators • EGPC, "PSM Glossary of Definitions and Abbreviations (EGPC-PSM-
(KPIs) to Improve Process Safety Performance. GL-011)," Egyptian General Petroleum Corporation, Cairo, 2021.
• IOGP. (2016). Report 556, Process Safety - Leading Performance • EGPC, "Process Safety Studies in Oil & Gas Major Projects (EGPC-PSM-
Indicators. London. GL-002)," Egyptian General Petroleum Corporation, Cairo, 2022.
• IOGP. (2011). Report 456, Process Safety - Recommended Practice on • EGPC, "Major Accident Hazard Management Guideline (EGPC-PSM-
Key Performance Indicators. London. GL-006)," Egyptian General Petroleum Corporation, Cairo, 2021.
• Centre for Chemical Process Safety (CCPS) (2011), Process Safety
• EGPC, "HAZOP Guideline (EGPC-PSM-GL-005)," Egyptian General
Leading and Lagging Key Performance Indicators (KPIs).
Petroleum Corporation, Cairo, 2022.
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for
• ISO, "Petroleum and natural gas industries. Offshore production
Process Safety Key Performance Indicators (KPIs).
installations - ISO 17776:2016," International Organization for
• Centre for Chemical Process Safety (CCPS) (2007), Guidelines for Standardization, Geneva, 2016.
Risk-Based Process Safety.
• Health & Safety Executive (UK-HSE). (2006), Health and Safety Guideline
HSG 254, Developing process safety indicators.
184
Process Safety Studies in Oil & Gas Layout and Facility Siting Guideline
Major Projects Guideline • Jung S. Facility siting and plant layout optimization for chemical process
• Centre for Chemical Process Safety (CCPS) 2018. Guidelines for safety. Korean Journal of Chemical Engineering. 2016 Jan; 33(1):1-7.
Integrating Process Safety into Engineering Projects. New York, NY: • Center for Chemical Process Safety (CCPS). Guidelines for Integrating
American Institute of Chemical Engineers. Process Safety into Engineering Projects. New York, NY: American
• PMI, 2013, Guide to the Project Management Body of Knowledge, Institute of Chemical Engineers; 2018.
PMBOK Guide Fifth Edition. • API R. 752: Management of Hazards Associated with Location of Process
• ISO, 2016. Petroleum and natural gas industries - Offshore production Plant Permanent Buildings. Washington: API. 2009 Dec.
installations - Major Accident hazard management during the design of • Marx JD, Ishii BR. A comprehensive approach to API RP 752 and 753
new installations (ISO 17776). building siting studies. Journal of Loss Prevention in the Process
• ISO, 2012, Guidance on Project Management (ISO 21500). Industries. 2016 Nov 1; 44:748-54.
• IChemE, 2015. Frank Crawley Brian Tyler, HAZOP: Guide to Best Practice • Chemical Industries Association, Guidance for the Location and
Design of Occupied Buildings on Chemical Manufacturing Sites, fourth
third edition.
Edition, 2020.
• API, 2001, Recommended Practice for Design and Hazards Analysis for
• API R. 753: Management of Hazards Associated with Location of
Offshore Production Facilities (RP 14J).
Process Plant Portable Buildings. Washington: API. 2007 Jun.
• IEC, 2016. Functional safety –Safety instrumented systems for the
process industry sector (IEC 61511, second edition). • Sutton I. Plant design and operations. Gulf Professional Publishing;
2017 Jun 14.
• API, 2013 Fireproofing Practices in Petroleum and Petrochemical
Processing Plants, (RP 2218, third Edition). • CCPS C. Guidelines for Siting and Layout of Facilities. New York, NU,
USA: Wiley; 2018.
• Vilas KR, Hereña PG, Shah JN. A vision of facility siting possibilities.
Inherently Safer Design (ISD)
Process Safety Progress. 2020 Sep; 39(3):e12180.
Guideline References
• Mannan S. Lees' Process Safety Essentials: Hazard Identification,
• T. Kletz, P. Amyotte, Process Plant, A Handbook for Inherently Safer Assessment and Control. Butterworth-Heinemann; 2013 Nov 12.
Design, second ed., Taylor & Francis, 2010.
• Klein JA, Vaughen BK. Process Safety: Key Concepts and Practical
• Center for Chemical Process Safety, Inherently Safer Chemical Approaches. CRC Press; 2017 Jun 1.
Processes: A Life Cycle Approach, second ed., (2009).
• Moran S. Process plant layout. Butterworth-Heinemann; 2016 Nov 16.
• Energy Institute, Guidance on Applying Inherent Safety in Design:
Reducing Process Safety Hazards Whilst Optimising Capex and Opex, • Anderson TH, Hodge PR. A method to utilize facility siting techniques in
second ed., (2014). the early phases of capital projects to reduce risks and safety spending.
• T. Kletz, Lessons from Disaster, Institute of Chemical Engineers, 2003. • Journal of Loss Prevention in the Process Industries. 2017 Sep 1; 49:310-8.
185
• Shah JN, Shaffer DM. Risk-based approach for evaluating safety events
HAZOP References
in large plants. Process Safety Progress. 2012 Sep; 31(3):287-90.
• F. Crawley, M. Preston, and B. Tyler, HAZOP: Guide to Best Practice, Third
• Ashiofu A, Bruce-Black J, Dyer J. Leveraging facility siting to optimize
Edit. Institution of chemical Engineers. (IChemE.), 2015.
mitigation decisions. Process Safety Progress. 2020 Sep; 39(3):e12188.
• John Gould, “Review of Hazard Identification Techniques,” Sheffield,
• Mander TJ, Sarrack A, Diakow P, Bruce-Black J. Current state of the
U.K, 2005. doi: 10.1142/9789812776075_0001.
practice for facility siting studies. Process Safety Progress. 2020 Sep;
39(3):e12181. • International Electrotechnical Commission, “IEC 61882:2016 Hazard and
operability studies ( HAZOP studies ) — Application guide.” 2016.
• Vilas KR, Hereña PG, Shah JN. A vision of facility siting possibilities.
Process Safety Progress. 2020 Sep; 39(3):e12180. • J. Dunjó, V. M. Fthenakis, R. M. Darbra, J. A. Vílchez, and J. Arnaldos,
“Conducting HAZOPs in continuous chemical processes: Part I. Criteria,
• Martinez-Gomez J, Nápoles-Rivera F, Ponce-Ortega JM, Serna-González
tools and guidelines for selecting nodes,” Process Saf. Environ. Prot., vol.
M, El-Halwagi MM. Siting optimization of facility and unit relocation with
89, no. 4, pp. 214–223, 2011, doi: 10.1016/j.psep.2011.03.001.
the simultaneous consideration of economic and safety issues. Industrial
& Engineering Chemistry Research. 2014 Mar 12; 53(10):3950-8. • Center for Chemical Process Safety, “Appendix 1: Simultaneous Failures
and " Double Jeopardy ",” in Guidelines for Enabling Conditions and
• Centre for Chemical Process Safety. Guidelines for Evaluating Process
Conditional Modifiers in Layer of Protection Analysis, New Jersey: John
Plant Buildings for External Explosions, Fires, and Toxic Releases. John
Wiley & Sons, Inc., 2014.
Wiley & Sons (US); 2012.
• Egyptian General Petroleum Corporation, “EGPC-PSM-ST-001: Risk
• Basheer A, Tauseef SM, Abbasi T, Abbasi SA. A new method for siting
Management Standard,” Cairo, 2021. [Online]. Available: http://www.
hazardous units in chemical process facilities which minimizes risk at
standards.co.nz/news/standards-information/risk-managment/.
least cost: RIDIMPUS. Journal of Failure Analysis and Prevention. 2018
Feb; 18(1):83-91. • P. Aspinall, “Hazops and human factors,” Inst. Chem. Eng. Symp. Ser.,
no. 151, pp. 820–829, 2006.
• Michael W. The Facility Siting Cycle (Revalidation). 13th Global Congress
on process safety. 2017. • D. Macdonald and Steve Mackay, Practical Hazops, Trips and Alarms.
Elsevier Ltd., 2004.
• GAP.2.5.2: Oil and Chemical Plant Layout and Spacing. A Publication of
Global Asset Protection Services LLC, 2015. • Center for Chemical Process Safety, Layer of protection analysis, vol. 84.
2014.
• Pemberton AW. Plant layout and materials handling. Macmillan
International Higher Education; 2016. • Center for Chemical Process Safety, Guidelines for Hazard Evaluation
Procedures, Third. Center for Chemical Process Safety: A JOHN WlLN
• Barker GB. The engineer's guide to plant layout and piping design for the
& SONS, INC., 2008.
Oil and Gas Industries. Gulf Professional Publishing; 2018.
186
• The International Oil and Gas Producers association (IOGP) March 2010,
QRA References
report no. 434-16 Ship/Installation Collisions.
• Centre for Chemical Process Safety (CCPS) & American Institute for
• The International Oil and Gas Producers association (IOGP) March 2010,
Chemical Engineers (AICHE) (2000), Guidelines for – Chemical Process
report no. 434-10 Water Transport Accident Statistics.
Quantitative Risk Analysis- 2nd edition.
• The International Oil and Gas Producers association (IOGP) March 2010,
• The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-12 Occupational Risk.
report no. 434-14 vulnerability of Humans.
• The International Oil and Gas Producers association (IOGP) March 2010,
• Health & Safety Executive (UK-HSE). (2008), Hazardous installations
report no. 434-19 Evacuation and Scape Rescue.
director’s (HID’S), Approach to (As Low As Reasonably Practicable)
ALARP Decision.
• UK Offshore Operators Association (UKOOA). (1999), industry guidelines Fire and Explosion Risk Assessment
on – A Framework Risk Related Decision Support. (FERA) Guideline References
• Health & Safety Executive (UK-HSE). (2009), research report 703, Societal • Egyptian General Petroleum Corporation (EGPC), "Risk-Management
Risk: Initial briefing to Societal Risk Technical Advisory Group. Standard (EGPC-PSM-ST-001)," 2021.
• Evaluating Process Safety in The Chemical Industry (2000) – A User’s • Egyptian General Petroleum Corporation (EGPC), "Safety Case Standard
Guide to Quantitative Risk Analysis. (EGPC-PSM-ST-002)," 2022.
• Marc J Assael & Konstantions E. Kakosimos (2010) – Fires, Explosions, • Egyptian General Petroleum Corporation (EGPC), "Major Accident
and Toxics Gas Dispersions – Effects Calculation and Risk Analysis. Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for - • Egyptian General Petroleum Corporation (EGPC), "Quantitative Risk
Developing Quantitative Safety Risk Criteria. Assessment Guideline (EGPC-PSM-GL-008)," 2021.
• Canadian Society for Chemical Engineering (CSChE). (2004), Risk • Centre for Chemical Process Safety (CCPS) & American Institute for
Assessment – Recommended Practices for Municipalities and Industry. Chemical Engineers (AICHE) (2000), Guidelines for – Chemical Process
Quantitative Risk Analysis- 2nd edition.
• DNV Risk Acceptance 2015, Criteria and Risk Based Damage Stability.
Final Report -0165, Rev. 1, part 1: Risk Acceptance Criteria. • The International Oil and Gas Producers association (IOGP) March 2010,
report no. 434-14 vulnerability of Humans.
• Risktec Essentials (2018), Risk-Based Decision Making and ALARP (An
Introduction to Making Risk-Based Decisions and Reducing Risks As Low • Health & Safety Executive (UK-HSE). (2008), Hazardous installations
As Reasonably Practicable (ALARP)). director’s (HID’S), Approach to (As Low As Reasonably Practicable)
• Risktec Essentials (2018), Quantitative Risk Assessment (QRA) (An ALARP Decision.
Introduction to the Quantitative Assessment of Risks Associated with • UK Offshore Operators Association (UKOOA). (1999), industry guidelines
High Hazard Facilities). on – A Framework Risk Related Decision Support.
• Centre for Chemical Process Safety (CCPS) (1989), Guidelines for • Evaluating Process Safety in The Chemical Industry (2000) – A User’s
Process Equipment Reliability Data with Data Table. Guide to Quantitative Risk Analysis.
• The International Oil and Gas Producers association (IOGP) Sept. 2019, • Marc J Assael & Konstantions E. Kakosimos (2010) – Fires, Explosions,
report no. 434-06 Ignition Probabilities. and Toxics Gas Dispersions – Effects Calculation and Risk Analysis.
187
• Centre for Chemical Process Safety (CCPS) (2009), Guidelines for - • Hazardous Area Classification in Petroleum and Chimerical plants - A
Developing Quantitative Safety Risk Criteria. Guide to Mitigating Risk, Alireza Bahadori, 2008.
• DNV Risk Acceptance 2015, Criteria and Risk Based Damage Stability. • Electrical Installations in Hazardous Areas, Allan McMillan, 1998.
Final Report -0165, Rev. 1, part 1: Risk Acceptance Criteria.
• NFPA 497- Recommended Practice for the Classification of Flammable
• Risktec Essentials (2018), Risk-Based Decision Making and ALARP (An Liquids Gases or Vapors and of Hazardous Classified Locations for Electrical
Introduction to Making Risk-Based Decisions and Reducing Risks As Low Installations in Chemical Process Areas, 2021.
As Reasonably Practicable (ALARP)).
• Hazardous Area Classification in Petroleum and Chimerical plants - A
• Risktec Essentials (2018), Quantitative Risk Assessment (QRA) (An Guide to Mitigating Risk, Alireza Bahadori, 2008.
Introduction to the Quantitative Assessment of Risks Associated with
• ATEX 2014-34-EU Guidelines, 3rd Edition,2020.
High Hazard Facilities).
• The International Oil and Gas Producers association (IOGP) March 2010, • EGPC, Process Safety Studies / Activities in Major Projects - EGPC-
• The International Oil and Gas Producers association (IOGP) March 2010, • CCPS, Layer of protection analysis, New York, 2001.
report no. 434-19 Evacuation and Scape Rescue. • CCPS, Guidelines for Enabling Conditions and Conditional Modifiers in
Layer of Protection Analysis, 2013.
HAC Guideline • CCPS, Guidelines for Initiating Events and Independent Protection
Layers in Layer of Protection Analysis, 2015.
• NFPA 497- Recommended Practice for the Classification of Flammable
Liquids Gases or Vapors and of Hazardous Classified Locations for
Electrical Installations in Chemical Process Areas, 2021. Fire and Gas Mapping Guideline References
• IEC Part 10-1, Classification of areas - Explosive gas atmospheres, 3rd • BS 60080 - Hazard detection mapping - Guidance on the placement of
Edition,2020. permanently installed flame and gas detection devices using software
• ATEX 2014-34-EU Guidelines, 3rd Edition,2020. tools and other techniques, 2020.
• ATEX Directive, 2020. • ISA, ISA TR84.00.07 “Guidance on the Evaluation of Fire, Combustible
Gas and Toxic Gas system effectiveness, 2018.
• American Petroleum Institute, Recommended Practice 505, 2018.
• J. McNay, A Guide to Fire and Gas Detection Design in Hazardous
• Energy Institute, Model Code of Safe Practice Part 15, Area classification
Industries, CRC Press, 2023.
for installations handling flammable fluids, 4th edition, 2015.
• H. Executive, Fire and Gas Detection, https://www.hse.gov.uk/offshore/
• EEMUA 186, A Practitioner's Handbook for Electrical Installation,
strategy/fgdetect.htm, HSE.
Inspection and Maintenance in Potentially Explosive Atmospheres,
Edition 5, 2010.
188
• UK Health & Safety Executive (UK-HSE), " A guide to the Pipelines Safety
Alarm Management Guideline References
Regulations," 1996.
• ANSI/ISA-18.2-2016, Management of Alarm Systems for the Process
• UK Health & Safety Executive (UK-HSE), "A guide to the Offshore
Industries.
Installations (Safety Case) Regulations," 2006.
• International Electrotechnical Commission. IEC 62682 Management of
• International Association of Drilling Contractors (IADC), "IADC HSE Case
Alarm Systems for the Process Industries. IEC, Geneva, Switzerland.
Guidelines for Land Drilling Units," 2019.
2014:24-6.
• International Association of Drilling Contractors (IADC), "IADC HSE Case
• EEMUA E. Alarm Systems-A Guide to Design, Management and
Guidelines for Mobile Offshore Drilling Units," 2019.
Procurement. EEMUA Publication. 2013; 191.
• Singapore Ministry of Manpower, "Safety Case Technical Guide," 2016.
• API RP. 1167. Pipeline SCADA Alarm Management. Second Edition, June
2016. • UK Health & Safety Executive (UK-HSE), "The Control of Major Accident
Hazards Regulations," 2015.
• Goel P, Datta A, Mannan MS. Industrial alarm systems: Challenges and
opportunities. Journal of Loss Prevention in the Process Industries. 2017 • British Gas (BG), "Safety Case Standard," 2014.
Nov 1; 50:23-36.
• Safe Work Australia, "Guide For Major Hazard Facilities: Preparation of A
• Wilkinson J, Lucas D. Better alarm handling—a practical application of Safety Case," 2012.
human factors. Measurement and control. 2002 Mar; 35(2):52-4.
• National Offshore Petroleum Safety and Environmental Management
• Hollifield BR, Habibi E. The alarm management handbook: a Authority, "Safety Case Content and Level of Detail - Guidance Note,"
comprehensive guide: practical and proven methods to optimize the 2020.
performance of alarm management systems. Pas; 2010.
• Center for Chemical Process Safety (CCPS). Human Factors Handbook ALARP Guideline References
for Process Plant Operations: Improving Process Safety and System
• Egyptian General Petroleum Corporation (EGPC), "Risk-Management
Performance. New York, NY: American Institute of Chemical Engineers;
Standard (EGPC-PSM-ST-001)," 2021.
April 2022.
• Egyptian General Petroleum Corporation (EGPC), "Safety Case Standard
• Wang J, Yang F, Chen T, Shah SL. An overview of industrial alarm systems:
(EGPC-PSM-ST-002)," 2022.
Main causes for alarm overloading, research status, and open problems.
IEEE Transactions on Automation Science and Engineering. 2015 Sep 16; • Egyptian General Petroleum Corporation (EGPC), "Major Accident
13(2):1045-61. Hazard Management Guideline (EGPC-PSM-GL-006)," 2021.
• Egyptian General Petroleum Corporation (EGPC), "Major Accident • Risktec Essentials, "Risk-Based Decision Making and ALARP, an
Hazard Management Guideline (EGPC-PSM-GL-006)," 2021. Introduction to Making Risk-Based Decisions and Reducing Risks As Low
As Reasonably Practicable (ALARP)," 2018.
• WorkSafe New Zealand , "Major Hazard Facilities: Major Accident
Prevention Policy and Safety Management Systems," 2016. • The Commission for Energy Regulation (Ireland), "ALARP Guidance
Part of the Petroleum Safety Framework and the Gas Safety Regulatory
• WorkSafe New Zealand, "Major Hazard Facilities: Notifications and
Framework CER/16/106.," 2017.
Designation.," 2017.
189
• UK Offshore Operators Association (UKOOA), "Industry Guidelines on
a Framework Risk Related Decision Support," Industry Guidelines on a
Acknowledgments
Framework Risk Related Decision Support 1999. PSM Steering Committee
• Oil and Gas UK, "Guidance on Risk Related Decision Making, issue 2," 2014. Gamal Fathy Mohamed
• UK Health & Safety Executive (UK-HSE), "Reducing Risk Protecting CEO Consultant for HSE - EGPC
• Government of Western Australia Department of Mines, "Industry Executive Vice President - ECHEM
Regulation and Safety- Petroleum Safety and Major Hazard Facility – Salah EL Din Riad
Guide ALARP Demonstration," 2020.
Q&HSE Chairman Assistant - ECHEM
• UK Health & Safety Executive (UK-HSE), "Hazardous installations
Mohamed Mostafa
director's (HID'S), Approach to ALARP Decision," 2008.
Inspection & External Audit General Manager - ECHEM
• UK Health & Safety Executive (UK-HSE), "HSE principles for Cost Benefit
Mohamed Shindy
Analysis (CBA) in Support of ALARP Decisions," 2022.
Managing Director - Methanex Egypt
• UK Health & Safety Executive (UK-HSE), "Application of QRA in
Manal El Jesri
Operational Safety Issues- Research Report RR025," 2018.
Public Affairs Manager - Methanex Egypt
190
PSM Technical Sub-Committee External Peer Reviewers
Tamer Abdel Fattah International Oil Companies (IOC’s)
QHSE Senior - UGDC - Member
Shell
Hany Tawfik
Yasser Fathy - Asset Integrity Technical Manager
OHS & PS General Manager - Ethydco - Member
191
The picture on the book cover is taken from Methanex Egypt's plant in Damietta.