HSE Manual: Overview Hazards and Effects Management Process

Shell International Exploration & Production B.V.
Overview Hazards
and Effects
Management
Process
EP 95-0300
HSE
MANUAL
Revision 0: 16 October 1995
Contents
EP HSE Manual Amendment Record Sheet

Section Number:
EP 95-0300
Section Title:
Overview Hazards and Effects Management Process
Rev
Chapter
Nos.
Description to amendment
Date
dd/mm/yy
Amended by
All
Original hard copy and CD-ROM issue *
16/10/95
EPO/61
No.
0
* In this publication, some of the figures have been colour enhanced. This was done after the issue of the CD ROM.
The next issue of the CD ROM will include these enhancements. There is no difference in content.
EP 95-0350 Revision 06 June 1998

jh 9/698
Contents
Contents
1
Introduction
1.1
Elements of the HSE Management

System
1
1.2
Tools for the Hazards and Effects

Management Process
1.2.1
Selection of tools
1.2.2
Application and competence
Hazards and Effects

Terminology
2.1
Hazards, Effects and Incidents
2.2
Threats and Barriers
2.3
Consequences, Mitigation and

Recovery Preparedness Measures 4
2.4
Risk
2.5
Fault and Event Trees
2.6
Likelihood and Consequence (or

Effect)
Hazards and Effects

Management Process (HEMP) 11
3.1
The Steps in the Process
11
3.2
Implementation of HEMP
12
3.3
3.2.1
Assets: planning and review 12
3.2.2
Activities: planning and

review
13
Approaches to the Hazards and

Effects Management Process
14
3.3.1
Experience/judgement
14
3.3.2
Checklists
14
3.3.3
Codes and standards
15
3.3.4
Structured review
techniques
15
EP 95-0300 Revision 0: 16 October 1995
Contents
4
4.1
4.2
Structured Review
Techniques
17
Identify Hazards and Potential

Effects
17
Evaluate Risks
20
4.2.1
Scenario development
(causes)
20
4.2.2
Probability
20
4.2.3
Consequence analysis
20
4.2.4
Determination of risk
22
4.2.5
Quantitative Risk
Assessment (QRA)
23
Screening criteria:
limits/standards
26
4.2.6
4.3
4.4
Record Hazards and Effects
26
4.3.1
Records
26
4.3.2
Hazards and effects register 26
4.3.3
Manual of Permitted
Operations (MOPO)
27
Establish Risk Reduction

Measures
27
4.5.1
General
27
4.5.2
Control of release of hazards

and effects
28
4.5.3
Recovery preparedness
measures
28
Appendix I Activities: Planning

and Review HEMP Tools and
Techniques
31
Appendix II Assets: Planning

and Review HEMP Tools and
Techniques
33
36
Appendix IV Structured Review

Techniques Summary Description
Sheets
55
Appendix V Example of Further
Definition of Consequence Severity Rating for Risk Matrix
79
Appendix VI When to use QRA
81
Glossary
83
References
85
27
Compare with Objectives and

Performance Criteria
4.5
Appendix III Hazards and Effects

Hierarchy
Contents
1 Introduction
INTRODUCTION
Volume 3 of the EP HSE manual is concerned with the tools and techniques which are available to
achieve the management of HSE issues. It is a first reference for all those involved in EP business
activities particularly those who are responsible for the management of hazards and their effects.
The objectives of Volume 3 are to:
provide a general overview of the Hazards and Effects Management Process
describe the tools and techniques most commonly used in Shell EP
assist in the selection of the appropriate tools and techniques
provide guidance on the integrated application of the tools and techniques and outline how the
results are to be incorporated within the HSE Management System.
This document, EP 95-0300, provides an overview of Volume 3 and describes:
the need, within the context of an HSE Management System, to define both the techniques and
tools commonly in use together with the competencies required for their effective application
the more common terminology and concepts used in the analysis of hazards and effects and the
determination of risk
the stages of the Hazards and Effects Management Process and its role within the HSE
Management System. The role of experience, codes and standards, checklists and structured
techniques are discussed
in summary the various structured review techniques available in Shell to support the process.
1.1
Elements of the HSE Management System
The HSE Management System contains the following elements which are described fully in
Volume 1.
Leadership and Commitment
Policy and Strategic Objectives
Organisation, Responsibilities, Resources, Standards and Documents
Hazards and Effects Management Process (HEMP)
Planning and Procedures
Implementation and Monitoring
Audit
Review
The Hazards and Effects Management Process (HEMP) is central to the effective implementation of
the HSE Management System. The process ensures that hazards and potential effects are fully
evaluated. To do this they must first be identified then assessed and then mitigation and recovery
preparedness measures put in place to reduce the consequences of any remaining risk. To achieve this
a number of tools and techniques are used. These are described in this Volume.
(Specific guidance on when to use the techniques within various business activities is given in
the relevant sections of Volume 2, e.g. EP 95-0230 Design, EP 95-0220 Appraisal and
Development, etc.)
1.2
Tools for the Hazards and Effects Management Process
1.2.1
Selection of tools
The objectives set out in the HSE Management Systems (HSE MS) and subsequently the HSE Case
effectively become the acceptance criteria for the risk determined in the hazards and effects
management process. There are many publications and documents available describing tools and
techniques for hazards and effects management some of which are marketed commercially. These
techniques are often developed in isolation and may be inappropriate for use within EP. They may
also be unnecessarily time consuming, not cost effective or may overlap.
This document is designed to identify, specify and aid the effective selection of an integrated suite of
tools and techniques. Most of these have been in use for some time. The various tools and techniques
have been collated for ease of reference, to demonstrate their relationship to each other and to
describe their input to the HSE MS and HSE Case. As stated above this document does not specify
when to use the tools, this is done in the documents describing the business activities. A very broad
framework of tools, techniques and guidelines used in hazards and effects identification and
assessment during the life cycle is provided in Appendices I and II.
Codes, standards, checklists, as well as individual experience and judgement are in no way replaced
by any of these techniques and continue to play a vital role.
1.2.2
Application and competence
Successful application of a technique is largely dependent on the experience of the personnel using it.
For this reason, familiarity, competence and training are important factors to be taken into
consideration when planning and resourcing projects and drafting contract specifications. The
competence levels required to operate these techniques effectively may then be identified and the
relevant resources secured.
The application of tools in the hazards and effects management process such as Environmental
Assessment, Health Risk Assessment and QRA will continue to involve specialists but their output
can now be brought together with other studies in a common HSE Management System. Specialist
assistance when using other tools and techniques may also be necessary. However the successful
application of any tool and technique will always be dependent on the participation of the staff
involved in the activities under study. Most of the tools described require a multi-disciplinary
approach.
Health, Safety and Environmental Management is no different from any other aspect of EP business
and remains a line responsibility. HSE therefore falls under the same management and management
system. H, S and E have been considered together in this document although external reasons may
exist for presenting certain studies separately. For example, when two separate authorities deal with
safety and environmental
2 Hazards and Effects Terminology
HAZARDS AND EFFECTS TERMINOLOGY
This chapter provides an overview of the more common terminology and concepts used in the
analysis of hazards and effects and the determination of risk.
A comprehensive list of terms and their definitions is provided in the glossary of this document.
2.1
Hazards, Effects and Incidents
A hazard is defined as:

'The potential to cause harm, ill health or injury, damage to property, plant, products or the
environment, production losses or increased liabilities'. This definition can be extended to include
social/cultural disruption.
This represents a specific use of the word hazard which in more common usage can mean danger,
chance or risk. Risk is defined in 2.4. It is important to recognise the adopted definition of this basic
term and to be consistent when using common techniques. Hazards should not be confused with
hazardous activities (e.g. drilling). Examples of hazards are: hydrocarbons under pressure, objects at
height , electricity. Appendix III contains a listing of generic hazards.
The terms 'chronic' and 'acute' are introduced in Volume 1 and are used to differentiate between
hazards and effects associated with continuous discharges and occupational exposure (prolonged) and
those relating to one off events, (health, safety and environmental incidents) which might include
poisoning, oil spills, fires and explosions.
In environmental terms, 'chronic' effects are sometimes referred to as 'routine' and are defined as the
result of planned emission or discharge to the environment. Such releases may include flaring of gas,
or discharge to sea of produced water following repeated and prolonged exposure to relatively low
levels or concentrations of a hazardous agent.
The aim is to control all health and environmental hazards and effects within defined limits. For
health, for example, controls for benzene define levels in air for long term exposure. For
environment, for example, controls for flaring may include limiting the volume of gas disposed of,
defining criteria for the combustion efficiency and defining environmental quality standards for
combustion products. Similarly, control of noise emission will be based on noise limits which will be
set for a given location.
An effect in the context of this manual is usually an adverse effect either on the health or safety of
employees or the public. An environmental effect is any direct or indirect impingement, whether
adverse or beneficial, upon the environment of the activities, products and services of the company.
This also includes impact on social and cultural systems.
The undesired release of a hazard is a hazardous event. If the hazardous event is the first event
resulting from the release of a hazard then it is called a 'Top Event'. This is the undesired event at the
end of the fault tree and at the beginning of an event tree (see 2.5). In the context of environmental
routine hazards, the undesired event can relate to the breaching of defined limits, such as oil in water
discharged to sea or noise levels in and around locations, or in the context of health hazards, this
relates to exceeding occupational exposure limits and other standards for the full range of agents
hazardous to health.
An incident is an unplanned event or chain of events which has caused or could have caused injury,
illness and/or damage (loss) to assets, revenue, the environment or third parties. An incident involves
the release or near release of a hazard which includes the exceedance of defined limits.
2.2
Threats and Barriers
A threat in the context of this document is something that could potentially cause the release of a
hazard and result in an incident. Examples of these causes or threats are corrosion, fatigue damage,
poor visibility, overpressure, lack of knowledge/competence, etc.
To prevent a threat or combination of threats ultimately resulting in the release of a hazard, some kind
of countermeasures are necessary. These measures are called barriers. In the case of corrosion as a
threat, for example, appropriate barriers could be a corrosion-resistant coating, inspection
programmes or corrosion allowances. For overpressure one barrier would be a pressure relief system.
Environmental barriers could include operational controls, e.g. traffic restrictions for noise, or
hardware controls, e.g. provision of water treatment equipment. Health barriers include, for example
local exhaust ventilation (LEV) and PPE.
Barriers may be physical (shields, isolation, separation, protective devices) or non-physical
(procedures, alarm systems, training, drills).
2.3
Consequences, Mitigation and Recovery Preparedness

Measures
Should the barriers fail to prevent or avoid the release of a hazard then some kind of counter measures
are required to limit the consequences of the hazardous event or effect. The purpose of these
countermeasures is the mitigation of consequences and to aid in reinstatement. One example of
mitigation is a fixed fire protection system, another would be the evacuation of personnel from the
area. Those measures aimed at reinstating or returning the situation to a normal operating condition
are also called recovery preparedness measures. All such measures ranging from the first steps in
mitigation through to reinstatement of the operation are termed recovery preparedness measures.
Figure 2.1
Terminology: acute or incidental release (safety example)
THREATS
ESCALATION
Hazard :
Hydrocarbon gas
under pressure
Examples:
Corrosion
Erosion
Impact
Fire
Pressure Vessel
Rupture and Leak
Hazardous
Event
Leak !
Fire
First Hazardous Event

or
Top Event
Inspection
Corrosion
Allowance
Detection
Process
Shutdown
Detection
ESD
Plant
Detection
Separation
and
Deluge
Threat Barriers
Recovery Preparedness Measures

and Mitigation Measures
CAUSATION
CONSEQUENCE
Figure 2.2
Terminology: chronic or routine release (environmental example)
THREATS
ESCALATION
Ecological damage
Water supply contamination
Irrigation contamination
Liabilities
Reputation
Hazard :
Effluent
Treatment system
Examples:
Input Changes
Maloperation
Malfunction
Pollution
Discharge
Hazardous
Event
Discharge
ppm Limit Exceeded !
Pollution
ppm
ppm
Limit

or
Top Event
Auto Level
Alarm
Procedures
Sampling
Alarm System
Shutdown
Divert to
Holding
Tanks
Plant
Shutdown
Clean-up
Plan
Threat Barriers

CAUSATION
CONSEQUENCE
Figure 2.3
Terminology - Chronic or Routine Release (Health Example)
THREATS
ESCALATION
Increased risk :
Leukaemia
Liabilities
Loss of reputation
Hazard:
Toxic vapour
Examples:
Corrosion
Maloperation
Leaking flanges
Handling of toxic chemical
Release of benzene
Increased
risk of
leukaemia
Exposure to benzene
exceeding OEL* !
ppm
ppm
Limit
Vapour Return
System

or
Top Event
Procedures
Local
Exhaust
Ventilation
PPE
Biological Epidemiology
Monitoring
* OEL Occupational Exposure Limit
Threat Barriers

CAUSATION
CONSEQUENCE
Figure 2.4
Cause consequence diagram (bow tie)

EVENT TREE
(Consequences)
FAULT TREE
(Causes)
e.g.maloperation
e.g. overpressure
H
A
Z
A
R
D
e.g.ESD
bypassed
Loss of
gas
containment
e.g.detector failure
Hazardous Event
(release of hazard)
E
S
C
A
L
A
T
I
O
N
e.g.deluge failure
e.g. explosion
sequence of faults and causes

leading to a hazardous event
2.4
sequence of events and failures leading

to the escalation of a hazardous event
Risk
Risk is the product of the probability that a specified undesired event will occur and the severity of
the consequences of the event. To determine the risk of a specific hazardous event taking place
therefore requires information on the likelihood of the event taking place and the severity of the
adverse consequences that could be expected to follow from it. Risk is a term which combines the
chance that a specified undesired event will occur and the severity of the consequences of the event.
To determine the risk associated with a specific 'hazardous event', information is therefore required on
the chance of the event taking place and the severity of the consequences that might be expected to
follow from it. Risk is sometimes also defined as the product of probability and the severity of
consequences.
The terms 'probability', 'likelihood', 'frequency' and 'chance' are often used interchangeably however
in the HEMP terminology, the following apply and should be consistently used:
llikelihood and chance both indicate the possibility of something happening
frequency is a rate, e.g. number of incidents per hour
probability is a ratio
It indicates the number of chances of something happening to the total number of chances.
2.5
Fault and Event Trees
A common way of understanding the possible threats or causes that could lead to the unplanned
release of a hazard is to present them diagrammatically using a fault tree. In a similar way after the
release of a hazard an event tree may be used to determine and display the potential outcomes or
consequences.
Fault Tree Analysis is used to show the sequence of possible threats or causes that could lead to the
release of a hazard. The fault tree leads to a single point where the undesired event has taken place or
where the hazard has been released. This is known in risk assessment terms as the Top Event and
represents the transition from the Fault Tree (threats/causes) to the Event Tree (consequence).
The Event Tree is made up of nodes which correspond to the different stages in an escalating incident
sequence. The lines which lead out of each node correspond to the paths of success or failure in
mitigation of the incident.
The whole sequence showing the progression from any cause, (Fault Tree) through the Top Event to
the full range of consequences (Event Tree), for a single hazard can be represented in a single
diagram (often called a 'bow tie') as shown in Figure 2.4. In a quantitative assessment such as QRA, a
number of hazards will be considered together, however in qualitative assessment it is normal to
consider one hazard or one bow tie.
For qualitative and quantitative risk assessment the same process is used (i.e. bow tie) but in QRA,
risks are quantified initially per Top Event then summated for a number of scenarios and hazards.
2.6
Likelihood and Consequence (or Effect)
The Likelihood of a Top Event occurring may be determined by quantitative evaluation of the
possible threats or from historical data bases.
Lack of good data may limit the development of a fault tree however in some circumstances the
historical frequency of the top event may provide an adequate timate.
Consequence analysis can be applied to assess HSE aspects for a range of scenarios and typically
involves the use of predictive models. Examples include the use of:
physical effects models for predicting the behaviour and loading from potential hydrocarbon
releases (dispersion, fire, radiation, explosion and smoke) in terms of flammable limits, heat
radiation, explosion overpressure, etc
physical consequence models for predicting the consequence of the effects of hydrocarbon release
events (structural damage, vessel integrity loss, etc)
air and water dispersion models for predicting the behaviour of discharges to the atmosphere or
water bodies respectively
The tools and techniques used for both likelihood and consequence analysis are described in
Chapter 4.
This page intentionally left blank
10
3 Hazards and Effects Management Process (HEMP)
HAZARDS AND EFFECTS MANAGEMENT

PROCESS (HEMP)
3.1
The Steps in the Process
The Hazards and Effects Management Process (HEMP) was originally developed to provide a
structured approach to the analysis of safety hazards throughout the life cycle of an installation. The
environmental and health risk assessment processes fulfil a comparable function with respect to
environmental and health hazards at all stages of the life cycle. These assessments are based on the
same concept and have been brought together as HEMP. The process is applicable to all business
processes in the life cycle of an operation from inception to abandonment. The tools and techniques
available are applied in a logical and rigorous way, setting acceptance criteria and screening against
them as the process proceeds. The arrangements identified as necessary to manage assessed threats
and potential consequences and effects are then incorporated in the design phase or for existing
operations it is necessary to verify that what is in place is suitable and sufficient. If not, then remedial
action is taken and all necessary procedures are incorporated into the HSE Management System.
The principles of 'identify', 'assess', 'control' and 'recover' are the basis of HEMP, with the individual
stages summarised in the following steps:
1.
Identify Hazards and Potential Effects
2.
Evaluate Risks
3.
4.
Compare with Objectives and Performance Criteria
5.
Establish Risk Reduction Measures.
Step 1: Identify hazards and potential effects

Systematically identify the hazards, the threats and potential hazardous events and effects which may
affect, or arise from, a company's operation throughout the total life cycle of the operation.
Step 2: Evaluate risks
Systematically evaluate (assess) the risks from the identified hazards against accepted screening
criteria, taking into account the likelihood of occurrence and the severity of any consequences to
employees, assets, the environment and the public. This includes the risks associated with deviation
from limits set for environmental and occupational health hazards.
Step 3: Record hazards and effects
Record all those hazards and effects identified as significant in relation to the screening criteria in one
of the following documents:
HSE MS Activities Catalogue
HSE Activity Specification Sheets
Hazards and Effects Register
HSE Critical Operating Procedures
Manual of Permitted Operations.
These documents will then be included in Parts 3 and 5 of the HSE MS and HSE Case.
11
Step 4: Compare with objectives and performance criteria

Compare the evaluated risks against the detailed HSE objectives and targets for the project or
installation. For all cases these targets must be maintained and be consistent with the Company
Policy, and Strategic Objectives. Performance standards at all levels must meet the criteria set in the
HSE Case which in turn must comply with the Company's HSE Management System.
Step 5: Establish risk reduction measures
Select, evaluate and implement appropriate measures to reduce or eliminate risks. Risk reduction
measures include those to prevent or control incidence (i.e. reducing the probability of occurrence)
and to mitigate effects (i.e. reducing the consequences). Mitigation measures include steps to prevent
escalation of developing abnormal situations and to lessen adverse effects on Health, Safety and the
Environment. Risk reduction measures also include recovery preparedness measures which address
emergency procedures as well as restoration and compensation procedures to recover.
Revisit Step 3 to record fully the activity/task requirements.
3.2
Implementation of HEMP
The Hazards and Effects Management Process can be implemented at any point in the life cycle of a
facility or operation. When planning the development of new facilities, reviewing existing facilities,
or planning for the abandonment and decommissioning of existing facilities the focus is on the
identification and assessment of hazards and effects that may be avoided, reduced or eliminated. In
the operational and maintenance phase, the focus is on control of hazards and effects by procedures
and the development and implementation of effective recovery preparedness measures. In the
abandonment and decommissioning stages the focus is directed towards safe clean up and
rehabilitation.
People involved in operational activities however should always be alert to identify new hazards
particularly in non routine operations.
3.2.1
Assets: planning and review
In a new development the HEMP will normally be iterative, beginning on a wide basis with little
detail and then progressing through the development cycle as more detail becomes available. In the
review of an existing development a similar iterative approach may be adopted starting with a wide
approach on general issues then converging on areas of specific concern and more detailed
assessments. This management process is applied to all hazards and potential effects. Those engaged
in design and planning activities who utilise tools, such as HAZOP, Health Risk Assessment or
Environmental Assessment are already familiar with this approach.
Appendices I and II give an indication of when the tools and techniques are used during the life cycle
of a development and in the development of an HSE Case for an asset. Full guidance is provided in
the respective business activity guidelines such as EP 95-0230 Design and Engineering and EP 950220 Concept Development.
The output from the various tools and techniques used in the HEMP in the planning and review stages
of a new development is used primarily to refine the design by identifying the hazards and threats,
removing them if possible and making the design as inherently safe to operate as practicable. The
output therefore primarily concerns the hardware although the design planning phase can profoundly
affect all subsequent stages of the development. Information from this work is included in the HSE
Case for an asset for use in the operational phase.
12
3.2.2
Activities: planning and review
This relates to the preparation for practical physical activities involved in the implementation of
plans. In EP these activities include survey, drilling construction, operation, decommissioning, and
abandonment. This preparation should involve those carrying out or supervising the activity. The
techniques for the identification and assessment of hazards used in the planning and review stages are
also applicable but in the operational phase tend to be more focused on procedural aspects rather than
hardware design.
In the implementation or operations phase, planning activities such as the systematic preparation of
Permits to Work and Job Hazard Analysis address all the steps of the HEMP. EP 95-0315 describes
the basic Permit-to-Work System and EP 95-0311 describes Job Hazard Analysis which can be used
for a team review of the procedure for a repeated activity or as a one-off review of a new activity. The
computerised system THESIS (see EP 95-0323) can also be used to assess hazards and effects and
identify the necessary controls. EP 95-0270 General Workplace Practices contains activity
specification sheets and hazard register sheets for typical HSE activities and hazards encountered in
the workplace. The Manual of Permitted Operation (MOPO) describes conditions where specific
activities cannot be carried out at the same time and is described in EP 95-0310 Implementing and
Documenting an HSE MS and HSE Case. Waste management procedures, described in EP 95-0390
Waste Management Guidelines, provide information for the inclusion of waste management activities.
At the time of writing this Guide, work is proceeding on the preparation of Generic HSE Cases for
activities such as drilling, seismic and transport. These are aimed at providing a basic 'starter kit'
HSE case containing all the common activities, procedures and controls which can be subsequently
made 'site-specific' for local application.
The output from the various tools and techniques in the HEMP for operational-type activities will be
used in the development and review of working procedures and form part of the HSE Case for the
operation of the facility. For a significant or new activity, such as a major construction project, a
seismic or drilling campaign or abandonment, the output from the various tools will be included in an
HSE Case.
For a smaller work scope usually confined to one contract the HSE Case is sometimes called an HSE
Plan or where the work or operational task is one of many to be undertaken, terms like 'Work
Procedure' or 'Work Statement' are sometimes used. All these descriptions only reflect the scale of the
operation. The most important point is that in their preparation the steps of the Hazards and Effects
Management Process must be followed. That is hazards and potential effects must be identified and
assessed and Control and Recovery Preparedness measures must be developed and in place ahead of
time.
3.3
Approaches to the Hazards and Effects Management

Process
Hazards can be identified and assessed in a number of ways. The hazard identification and assessment
process is based on the following:
experience/judgement
checklists
codes and standards
structural review techniques
13
Figure 3.1
Approaches to the Hazards and Effects Management Process
Structured
Review
Techniques
Increasing level of detail
Codes / Standards
Checklists
Experience /
Judgement
IDENTIFY
ASSESS
HEMP
RECOVER
3.3.1
CONTROL
Experience/judgement
The knowledge of experienced staff provides a sound basis for hazard identification and assessment.
One can draw on experience gained from different aspects of the EP business in different locations.
Practical staff experience gained in the field and feedback from incidents, accidents and near misses
is invaluable.
3.3.2
Checklists
These are a useful way of ensuring that known hazards and threats have all been identified and
assessed. The use of checklists, however, must not be allowed to limit the scope of review. They are
normally drawn up from standards and operational experience and focus on areas where the potential
for mistakes is high or where problems have occurred in the past. Hazard Registers taken from the life
cycle of previous developments are particularly useful as a basis for checklists. They should be
maintained throughout the life of the development and include both the operational and abandonment
phases (Ref. 1).
Table VI.1 is a checklist called the Hazard Hierarchy which includes health, safety and environmental
hazards previously identified by Opcos. The checklist approach is used in several techniques such as
HAZID, HAZOP and FIREPRAN for example.
3.3.3
Codes and standards
These reflect collective knowledge and experience, accumulated on the basis of national or
international operations. They generally focus on hazard assessment and control, since the hazard is
inherent and recognisable. Codes and standards usually contain information on hazards applicable to
a particular type of operation. The designer of a pressure vessel relief system, for example, can use a
DEP or ISO Standard to find detailed guidance on the relief cases that should be considered. In some
cases compliance with prescriptive standards alone will reduce risk to 'as low as reasonably
practicable'. Similarly, the acceptability or otherwise of emissions or discharges to the environment or
release of agents harmful to health can be assessed by reference to environmental quality standards
14

and occupational health exposure limits. For environmental and occupational health, the process
begins with an inventory of emissions and effects agents hazardous to health respectively.
Codes and standards can therefore provide guidance on all four steps of identify, assess, control and
recovery.
Where new or non-standard designs are concerned, especially ones containing configurations with
multiple interfaces, it is unlikely that all the possible interactions can be identified using codes and
standards alone. In more complex facilities such as offshore process facilities, other hazard
management tools will be required.
3.3.4
Structured review techniques
The following chapters of this document describe the Structured Review Techniques and Procedures
in current use. Some of these techniques were initially developed for use in safety management others
have been specifically developed for environmental and occupational health management often using
similar principles as for safety management. One example is HAZID (Hazard Identification) and
another is HAZOP (Hazard and Operability Study). With interpretation, these techniques are also
capable of addressing emissions, discharges, waste generation and occupational exposure to
hazardous substances, etc. Many of the techniques described in this Volume also contain screening
and acceptance criteria for Controls.
15
16
4 Structured Review Techniques
STRUCTURED REVIEW TECHNIQUES
Structured review techniques are available for all phases of the 'identify, assess, control and recover'
process. The recommended techniques are presented in this chapter under the same headings as used
in Chapter 3, i.e.:
Evaluate Risks
Establish Risk Reduction Measures.
4.1
The selection of the appropriate techniques depends upon the information available and the phase of
the project or maturity of the operation. The development of a project is described further in Volume 2
of this manual.
For EP facilities, a generic Hazards and Effects Hierarchy has been generated and is included in
Appendix III. This provides a structured listing of hazards and effects and attributes which can be
used as a completeness check during hazard identification. The hierarchy provides the basis for a
computerised approach to the systematic identification and assessment of hazards and their effects.
Table 4.1
Techniques for planning and review of assets
Technique
Reference
HAZID (Hazard Identification)
A structured brainstorming technique that is

particularly useful in the early stages of a
development, either as a stand alone exercise or as
part of a more general review. The prompt or
checklist approach guides the less experienced
and prompts the experienced. Success when using
the technique depends upon a properly constructed
team being well managed and having the
opportunity to think beyond the checklist and
identify the unusual. The same technique can be
applied for health hazards associated with the
living environment (e.g. tropical diseases) and
lifestyle (e.g. substance abuse).
EP 95-0312
Health Risk Assessment
Is used for identifying and assessing occupational

health hazards and the controls needed to manage
them effectively. Chemical, physical, biological,
ergonomic as well as psychological aspects of the
occupational environment are included.
SHSEC Guide
(Ref. 2)
Health Risk Assessment and

Exposure Evaluation for Chemical
Agents
HMSO publication
(Ref. 3)
Supplements the general guide on Health Risk

SHSEC 1995
Assessment (Ref. 4) by providing specific
(Ref. 4)
additional advice on assessing risk to health arising
from chemical agents in the work place.
17
Table 4.1
Techniques for planning and review of assets (continued)
Technique
Reference
Human Factors
Encompasses a number of techniques directed at

the assessment of the human element of the
management of hazardous events from design
through to emergency response.
EP 95-0324
Environmental Assessment (EA)
Includes development of an environmental profile

which provides information necessary to:
EP 95-0370
build an environmental description of the area

or location and its environment before
development
assess the beneficial and/or adverse effects of
the development
identify mitigation measures
prepare a plan to enable measures to be
implemented
Also applicable to ongoing activities.
Soil and Groundwater Guides
Provides guidance on assessing soil and

groundwater quality at EP locations from initial
desk studies to more detailed site investigations.
EP 95-0385
EP 95-0386
EP 95-0387
Social Impact Assessment
Describes the component parts of a social impact

EP 95-0371
assessment including relationship to the natural
environment, cultural and historical attitudes and
sensitivities, population characteristics and political
social institutions. Means to involve the wider
public are seen as critical.
HAZOP (Hazard and Operability

Study)
One of the most widely accepted and powerful of

EP 95-0313
the hazard identification and assessment tools
available for reviewing the design of process
facilities. It is carried out in varying degrees of
detail throughout a project after design checks have
been completed. HAZOP is not a design tool but a
supplementary team checking exercise which also
includes the operational aspect of a design.
It is unusual to make other than a subjective
assessment of the consequences of a particular
failure scenario during a HAZOP. The HAZOP
technique has been extended with success by others
to areas like maintenance, drilling, etc.
FIREPRAN
To identify deficiencies and opportunities for

improvement in order to meet objectives with
respect to fire and explosion management.
FIREPRAN is not suited to complex, compact
integrated facilities.
EP 95-0350
18

Table 4.1
Techniques for planning and review of assets (continued)
Technique
Reference
SAFOP (Electrical Safety and

Operability Study)
Comprises three components:

SAFAN - (Safety Analysis) identification of
hazards to personnel in the vicinity of
electrical systems
DEP (under
preparation)
(Ref. 5)
SYSOP (System Operability) critical

assessment of electrical network and plant
design
Refer to SIPM
OPTAN (Operational Task Analysis) analysis

of operator actions to determine areas of
potential operator error.
There are few if any tools and techniques which are limited solely to the identification of Hazards and
Potential Effects. Most include assessment as well as identification. Indeed techniques, such as Health
Risk Assessment and Environmental Assessment include all four elements, identify, assess, control
and recover.
Inherent in some techniques, such as HAZOP, is a qualitative assessment of risk based on judgement
of threats, such as hardware failure, control system failure, human error, corrosion, extreme
conditions, etc.
Table 4.2
Techniques primarily for activity planning and review
Technique
Reference
Job Hazard Analysis
Identification of potential problems within a job

task that could lead to hazardous situations.
Elimination or reduction of the hazard by
development of safe working procedures.
EP 95-0311
Tripod-BETA
To facilitate accident or incident investigation and

analysis by providing the means to assemble and
manipulate investigation information into a logical
structure consistent with the Tripod accident
causation model and the hazards and effects model
of SMS (HSE MS).
EP 95-0321
Tripod-DELTA
The proactive identification of potential latent

failures that could lead to hazardous situations and
the development of remedial actions to be taken to
reduce or eliminate such hazards.
EP 95-0320
4.2
Evaluate Risks
Once hazards and threats have been identified, their causes, consequences and probability can be
estimated and the risk determined. Risk assessment may be on a qualitative or quantitative basis both
involving the same steps. Qualitative methods may be adequate for risk assessments of simple
facilities or operations where the exposure of the workforce, public, environment or the asset is low.
Inherent in many of the techniques mentioned in 4.1 is a subjective evaluation of risk. HAZOP and
FIREPRAN, for example require the team to select the critical items for further study. To do this there
must be a risk assessment which is based primarily on experience or judgement. The qualitative or
banded assessment of probability and consequence from such an analysis can be plotted on the Risk
Matrix described in EP 95-0100 HSE Management System and repeated in 4.2.4. In FIREPRAN,
HAZOP and Health Risk Assessment, this Risk Matrix is used to assist in decisions regarding risk. In
the context of this manual evaluate and assess have the same meaning. The THESIS software can also
19
be used to assist in the hazard/risk evaluation and also uses the Risk Matrix. Guidance on when to use
quantitative risk assessment is provided in the following paragraphs.
4.2.1
Scenario development (causes)
The first step in the risk evaluation is to examine the ways in which events may take place to cause a
hazardous event. Causation scenarios may be developed in simple narrative or use multiple branch
fault trees or utilise complex computerised modelling techniques. The method is entirely dependent
on the area being assessed. For further details on scenario development refer to EP 95-0352 QRA.
4.2.2
Probability
The probability of a hazardous event occurring may be determined by evaluation of the associated
possible threats and circumstances or from historical data bases. Once established, the probability of
occurrence of each event can be included in a fault tree.
Historical records such as those described in EP 92-1020 (Ref. 6) provide failure data for various
types of event in the fault tree and event tree including the Top Event. Alternatively, probability can
be generated in a qualitative way by the relative classification of probability into those shown on the
Risk Matrix in 4.2.4.
It is planned to replace EP 92-1020 (Ref. 6) with a data base prepared on an industry wide basis. This
development is underway with the E&P Forum.
4.2.3
Consequence analysis
Consequence analysis can be applied to assess HSE aspects for a range of consequence scenarios and
involves the use of predictive models. Consequence scenarios may be developed in simple narrative
or use multiple branch event trees or utilise complex computerised modelling techniques.
Examples include the use of physical effects models for assessing the integrity of structures, for
predicting the behaviour of emissions to the atmosphere and discharge to water and predicting heat
loading and explosion overpressure. Models should only be used when they are validated in a
particular application and their predictive capability is generally accepted. Successful application
requires that they be used by personnel with adequate training and experience. The results from
Physical Effects Modelling usually provide input to other HSE analyses such as ESSA, FEA and
Layout Studies.
In performing consequence analyses it should be recognised that the majority of models provide only
a good approximation of what might happen. It is a mistake to base design calculations wholly on
model results. The designed system should be capable of withstanding the range of possible
anticipated loadings.
Table 4.3
Techniques for consequence analysis
Technique
Reference
Physical Effects Modelling
This encompasses a number of techniques

available for modelling the effects of hazardous
releases such as explosions, gas dispersion and
fire
Layout Methodology
Offshore Layout Methodology

A simplified design tool for identifying separation
requirements when laying out an offshore
complex
EP 95-0314
EP 91-1600/1601
(Refs. 7 and 8)
EP 90-2500
(Ref. 9)
20
Onshore Layout Methodology as above for

onshore facilities
DEP to be prepared
(Ref. 10)
FEA
Fire and Explosion Analysis is a collective term

for the process which identifies and evaluates all
fire and explosion hazardous events as a basis for
risk reduction and for preparing performance
criteria for essential safety systems and the
arrangements required for escape, evacuation and
rescue (EER).
No reference
ESSA
Emergency System Survivability Analysis. This is

part of the FEA and determines the ability of the
emergency systems to withstand severe accident
conditions. ESSA is part of the FEA process and
provides information which is subsequently used
in TR/EERA.
EXPRO Docs
(Ref. 11)
TR/EERA
Temporary Refuge Escape, Evacuation and

Rescue Analysis of escape to Temporary Refuge
(TR), the provisions within the TR system, and the
Evacuation, Escape and Rescue provisions. The
analysis considers the major scenarios previously
identified and compares these against respective
acceptance standards highlighting critical
elements and revealing any shortfalls.
DEP 37.17.10.11
(Ref. 12)
Environmental Dispersion
Models
Used to predict the behaviour of contaminants

following discharge. Results are used to evaluate
the significance of emissions and discharges. A
wide range of models are available and vary in
complexity and sophistication.
Monitoring air
quality
EP 95-0376
Monitoring water
quality
EP 95-0381
Table 4.3
Techniques for consequence analysis (continued)
Technique
Reference
Oil Spill trajectory Models
Used to predict the behaviour of marine spills and

can play an important role in oil spill contingency
planning. A number of models are available.
A range of models
available. For
advice on selection
and use refer to
SIEP
Risk Assessment Models for

Contaminated Soil
These have been developed to evaluate the

significance of soil contaminants to human and
environmental health. The Human Exposure to
Soil Pollutants (HESP) developed in SIPM is an
example.
Env. quality
standards for soil
and groundwater:
EP 95-0385
Setting Priorities
for contaminated
soil and
groundwater:
EP 95-0387
21
Groundwater Models
These have been developed to predict the

behaviour of contaminants in groundwater and
focus on the movements of the contaminants.
A range of models
available. For
advice on selection
and use refer to
SIPM
These techniques are summarised in Appendix IV.
4.2.4
Having determined the probability of the different scenarios occurring to cause a 'hazardous event'
and having determined the consequences arising from that event, it is possible to represent the risk
graphically using the Risk Matrix described in
EP 95-0100 HSE Management System and repeated below:
Table 4.4
Risk Matrix
CONSEQUENCE
Severity
People
No
injury
1
2
3
4
5
Assets
Environment
INCREASING PROBABILITY
Reputation
No
damage
No
effect
Slight
Slight
Slight
Slight
injury
Minor
injury
Major
injury
damage
Minor
damage
Localised
damage
effect
Minor
effect
Localised
effect
impact
Limited
impact
Considerable
impact
Never
Has
Incident
Happens
Happens
heard of
occurred
has
several
several
in EP
in EP
occurred
times per
times per
industry
industry
in Opco
year in
year in
Opco
location
No
impact
Single
Major
Major
National
fatality
damage
effect
impact
Multiple
fatalities
Extensive
damage
Massive
effect
International
impact
Manage for continuous

improvement
Incorporate risk
reduction measures
Intolerable
The matrix need not remain as a static display of risk and measures to be taken. Over the years
tolerance to risk will change therefore the shading in the diagram will change.
The above matrix gives an indication of risk tolerability but this should relate to the operation under
consideration . An example of how the matrix can be further defined for a particular operation is
included in Appendix V.
4.2.5
Quantitative Risk Assessment (QRA)
QRA is a potentially powerful technique which is described fully in EP 95-0352.

Appendix VI contains specific examples and guidance of when Quantitative Risk Assessment is used
to its best advantage.
Guidelines are available for undertaking quantitative risk assessment for specific applications
including risers and pipelines.
These are:
22

Table 4.5
QRA techniques for specific applications
Technique
ASPIN
RISER
Reference
Pipeline failure risk analysis technique and
data base.
An easy to use quantitative failure risk
assessment tool to compare different
options and conditions during pipeline
design and operation and to assist in
optimising and planning inspection and
maintenance efforts.
Simplified version.
EP 94-0101
(Ref. 13)
EP 94-0102
(Ref. 14)
Risk Evaluation of Risers.
EP 90-1045
(Ref. 16)
EP 94-0195
(Ref. 15)
Assessment of risks of pipeline riser on or

near platforms with comparative risk
analysis to assess the benefits of subsea
valve installation on pipelines.
These quantitative risk assessments should only be used by personnel with adequate training and
experience. It is most important that those familiar with the operation, the facility or the design are
involved in the study particularly with respect to the input, assumptions and conclusions drawn to
ensure that the model reflects reality.
Assumptions must reflect actual practice including inspection and maintenance frequencies and
techniques, frequency of drills and operating procedures, etc.
QRA provides a structured approach to assessing risk and expresses this numerically. The main
function of QRA is to identify high risk areas and assist in the comparison of design options and the
selection of operations philosophies with a view to establishing effective and efficient risk
management.
QRA assists in the determination of 'how safe is safe enough' by helping to analyse options to
establish whether or not ALARP (As Low As Reasonably Practicable) has been achieved.
Engineers and decision makers sometimes like to use quantitative risk assessment to make a decision
for them. For this purpose they would like to see well defined acceptance criteria for risk and a
calculation resulting in one number to tell them whether their design is 'right' or 'wrong'. However,
risk figures which are based on probabilities should be used with caution and comparison against
absolute numerical risk criteria avoided where possible. This is important for a number of reasons.
First, the accuracy of QRA studies means that the comparison of calculated numbers with specified
numerical criteria must be used with considerable caution. The inaccuracies are less important in
comparisons between various options analysed in a consistent manner. Nevertheless absolute risk
figures may be required to fulfil legislative requirements and to ascertain whether ALARP risk levels
have been reached.
Secondly, the risk of EP operations calculated in a QRA is often in the 'Too High' area and nowhere
near the Negligible area. This means that regardless of acceptance criteria set by authorities or
others, there is a need to identify further improvements and to implement them if the cost, time and
effort can be justified.
23
Thirdly, there is always the temptation to use comparison with absolute risk criteria as a means to
justify not carrying out risk reduction measures, with data being manipulated solely to meet the
criteria. Playing the 'numbers game' in this way could lead to QRA being used to justify risk levels
that could realistically still be reduced.
Fourthly, using statistical likelihood values carries with them a set of inherent assumptions which
may or may not be appropriate for the operation being studied.
Expressions like 'acceptably safe' or 'an acceptable risk' should be avoided when discussing risk.
Risks are never acceptable when the benefits of an activity are perceived to be smaller than the risks.
Further, a risk is never considered acceptable while there are effective alternatives to lower it. If there
are no effective alternatives or the cost of further reduction is disproportionate then it may be
necessary to live with or 'tolerate' the risk.
QRA can be used to assess risk to the company's workforce, assets and environment as well as risk to
the public. At present, QRA or environmental QRA is confined to 'incidental' or 'acute' hazardous
events. In EP operations, the facilities are in many cases sufficiently remote that considerations of this
type of risk to the public do not dominate. In downstream activities, risk to the public is often the
main concern.
The application of QRA is not necessarily limited to large, complex and expensive studies. It is a
technique which can be used relatively quickly and cheaply to help to structure the solution to
problems for which the solution is not intuitively obvious. Without the quantification of risk in some
situations, there may a danger of allocating scarce resources for little benefit. Risk is often defined as
a function of the chance that a specified undesired event will occur and the severity of the
consequences of the event. For QRA purposes, chance can be expressed as frequency or probability
of an occurrence. If no attempt is made to estimate the chance, we may be driven by the consequence
into investing heavily on risk reduction measures which are ineffective. This is illustrated in
Figure 4.1. The risk curve (shaded) indicates the area in which effective risk reduction measures can
be taken.
Figure 4.1
24

On the left side of the curve the consequences are too small to cause concern, regardless of the
probability. On the right side the consequences could be dramatic but the probability is so low that it
would be more effective to invest in those risk reduction measures which concentrate on the events
contributing to the peak of the risk curve. The above can be easily aligned with the Risk Matrix.
It must be recognised that the public and regulatory authorities are most interested in high
consequence events. In the context of the Risk Matrix this might be in the 'never heard of incident in
EP industry' column but nevertheless risk reduction measures must still be considered.
4.2.6
Screening criteria: limits/standards
EP 95-0100 HSE Management Systems Chapter 4 describes the concept of screening risk against
criteria set in a qualitative and quantitative manner together with the use of the ALARP principle,
which sets the risk level as low as reasonably practicable.
Guidelines which provide environmental limits and standards include:
EP 95-0375
Environmental quality standards - air
EP 95-0380
Environmental quality standards - water
EP 95-0385
Environmental quality standards - soil and groundwater
References to occupational exposure limits and standards are listed in Health Risk Assessment
(Ref. 2) and Ionising Radiation Safety Guide (Ref. 17).
4.3
4.3.1
Records
The documentation relating to the hazards and effects analysis and the management of hazards and
effects is included in Parts 3 and 5 of the HSE MS and HSE Case described in EP 95-0310.
In a major project or facility the studies carried out as part of the HEMP are recorded formally usually
via the first draft of the Hazards and Effects Register. The level of detail addressed increases as
familiarity with the project or facility improves. Different techniques are then applied to identify and
assess hazards. The hazards and control measures identified during the design phase are recorded for
later transfer to the operator of the facility who will be responsible for the HSE Case. A PC based tool
developed to do this is THESIS described in EP 95-0323.
4.3.2
Hazards and effects register
The hazards and effects information gained from the application of HEMP tools and techniques is
incorporated in the HSE Case in what is called a Hazards and Effects Register.
The HSE Case has to demonstrate that:
all hazards, effects and threats have been identified
the likelihood and consequences of a hazardous event have been assessed
that controls to manage potential causes (threat barriers) are in place
that recovery preparedness measures to mitigate potential consequences have been taken.
Assembly of the Hazards and Effects Register, which forms part of the HSE Case, begins at the
design and development stage of a project when hazards and effects from this phase are incorporated.
Hazards applicable during the construction and commissioning phase may be included or listed
25
separately. Later, hazards encountered in the operations and maintenance phase are included. The
Hazards and Effects Register is a live document and is passed from phase to phase of a development
through to abandonment. When the design phase is complete, the Hazards and Effects Register is
handed over to and subsequently maintained by, the operations management of a facility. The Hazards
and Effects Register will subsequently be used in the planning of abandonment and held on record for
a period thereafter.
4.3.3
Manual of Permitted Operations (MOPO)
Once the Hazards and Effects Register is completed it is possible to complete a Manual of Permitted
Operations which defines:
the level and number of barriers installed initially and the recovery preparedness measures to be in
place
the limit of safe operation if the barriers and/or recovery preparedness measures (sometimes
referred to as the 'Integrity Envelope') are reduced, removed or purposely defeated
the limit of safe operation permitted during periods of escalated risk, in either likelihood or
consequence. This includes external factors like extreme weather conditions
which activities may or may not be carried out concurrently, e.g. simultaneous welding and crude
sampling.
Further details on the preparation of a MOPO are given in EP 95-0310 Implementing and
Documenting on HSE MS and HSE Case.
4.4
The objectives and performance criteria adopted at all levels in the process should comply with those
stated in the Corporate HSE Policy, HSE MS and HSE Case, respectively (see EP 95-0100 HSE
Management Systems Chapter 4).
4.5
Establish Risk Reduction Measures
4.5.1
General
Risk reduction measures include preventative measures (likelihood reducing) and mitigatory
measures (consequence reducing). As described in EP 95-0100, the point at which measures may be
classified as prevention, mitigation or recovery can sometimes become unclear depending on the
perspective of what constitutes the hazardous event. Fortunately, in practice, this makes little or no
difference to the process of risk reduction.
Control and recovery aspects form a significant part of design standards. These are not listed
separately in this document.
A number of reference documents describing the controls are frequently used in applying the HEMP.
These are summarised below together with references for full descriptions.
4.5.2
Control of release of hazards and effects
Some typical control measures are described in the following guidelines:

EP HSE Manual:
EP 95-0376
Monitoring Air Quality
EP 95-0381
Monitoring Water Quality
26

EP 95-0386
Monitoring Soil and Groundwater Quality
EP 95-0390
Waste Management Guidelines
EP 95-0391
Classifying Waste
EP 95-0270
General Workplace Practices
EP 95-0315
Guidelines on Permit to Work (PTW) Systems
EP 95-0317
Hydrogen Sulphide (H2S) in Operations
All SHC and SHSEC
guidelines e.g. Noise Guide, Asbestos, Ionising Radiation, Heat

and Cold Stress
DEPs
Refer to Index DEP Publications and Standard Specifications DEP

00.00.05.05 Gen. (Ref. 18)
Codes and standards
4.5.3
Recovery preparedness measures
Recovery from the consequences of the release of a hazard requires careful planning. Even with a
comprehensive range of controls in place to prevent the release of hazards or effects things can still
go wrong. It is important that all personnel involved are fully briefed and drilled as to the response
measures planned which may include evacuation and restoration procedures.
Recovery Preparedness Measures include active, passive and operational (contingency plans)
response arrangements.
In a crude oil separation module a loss of containment will probably be controlled by ESD,
depressurisation and containment/fire protection devices. These control and recovery measures have
been installed to achieve the HSE objectives that have been set. They might reduce a worst case
occurrence to a single major injury or fatality as compared with the possible catastrophe that could
have occurred with no controls at all in place.
From an environmental perspective recovery includes site clean up and rehabilitation. An example in
occupational health would be the redeployment of a radiographer who has exceeded his radiation
exposure or a cargo handler who has a back injury.
Documents which will assist in the development of recovery procedures include amongst others:
EP 95-0316
Emergency Response
DEP 37.17.10.11-Gen
Design of Offshore Temporary Refuges (Ref. 12)
EP 95-0397
Oil Spill Dispersants
EP 95-0387
Contaminated Soil and Groundwater
EP 95-0351
Fire Control and Recovery
SHSEC 1994
Medical Emergency Guidelines for Management (Ref. 19)
HSE 94023 Jan 1995
Medical Emergency Guidelines for Health Care Professionals and

First Aiders (Ref. 20)
27
HSE 94023a Jan 1995
Guidance to First Aiders (Ref. 21)
E&P Forum
Standards for Clinical Services (Ref. 22)
DEPs
For index refer to Index DEP Publications and Standard

Specifications DEP 00.00.05.05-Gen. (Ref. 18)
Codes and standards
28

29
APPENDIX I
ACTIVITIES: PLANNING AND REVIEW
HEMP TOOLS AND TECHNIQUES
In the EP Business Model (EPBM) Version 3 (Ref. 23) the activity grouping (ACT) 'Managing
Activities' applies equally to all activities including those shown below against the life cycle.
In the 'Establishment of Business Controls' (ACT-01-06), the controls to manage HSE risk are
addressed in an HSE Case. The broad HSE objectives to be met in the activities: establishment of
business controls (ACT-01-06), 'planning' (ACT-01-08) and 'monitoring/control during execution'
(ACT-03-02) are bulletised on the left of the table below. Some of the tools and techniques available
are listed on the right.
explore
appraise
produce and
maintain
develop
abandon
Execute Surveys
Drilling
Drilling
Appraisal and
Development
Design
Construction
Commissioning
Production and
Maintenance
Decommissioning
Logistics
objectives
MANAGE ACTIVITIES (ACT)

Includes: HSE Case for Specific Activities
Establish Business Controls (ACT-01-06)
eg Prepare HSE Case for specific activities such as: survey, drilling, operations, logistics
HAZID
demonstrate that risks
Generic HSE Cases (under development)
associated with the activity
are managed
Environmental Assessment
Job Hazard Analysis
Permit-to-Work
H2 S
Safe Handling of Chemicals (SDS)
Human Factors
Emergency Response (including oil spill plans),
Classification of Waste
Waste Management
Prepare Plan (ACT-01-08)

ensure contracting strategy
reflects known risks
eg. Prepare Execution Plan

HAZID
Monitor and Control Activity Execution (ACT-03-02)

Environmental Monitoring/Standards
identify and manage any
additional hazards and threats
Job Hazard Analysis

Tripod - DELTA
Tripod - BETA
HSE CASE FOR ACTIVITY

HAZARDS AND
EFFECTS REGISTER
30
Appendix II Assets : Planning and Review HEMP Tools and Techniques
APPENDIX II
ASSETS: PLANNING AND REVIEW
HEMP TOOLS AND TECHNIQUES
The activities (Ref. 23) described in this appendix encompass the life cycle of an asset. The HSE Case
which is prepared during the execution of these activities becomes the HSE Case for the asset and
forms part of the Asset Reference Plan.
The broad HSE objectives are bulletised on the left of the table. Some of the tools and techniques
available are listed on the right.
ACQUIRE OR DIVEST ASSET (A16)
objectives
Evaluate/Value Asset or Divestment (A16-01-02)

HAZID
identify major hazards
identify environmental
Environmental Assessment (preliminary)
effects and sensitivities
together with history of past
practices
EVOLVE DEVELOPMENT CONCEPTS (A11)

Make Facility Design Concepts (A11-04-02)
identify major project
HAZID
hazards
Carry out HSE Analysis (A11-04-05)
obtain assurance of
manageability
Qualitative comparison of risk based on judgement or coarse

QRA if significant global risks or high level of innovation
Environmental Assessment, Health Risk Assessment
Evaluate Concepts (A11-05)

obtain an assessment and
QRA (Comparative or coarse)
comparison of HSE risks
between options
Environmental Assessment (update)
Propose Development Concepts (A11-06)
finalise option selection with

due regard for HSE
review hazards within option
obtain agreement for
philosophies of:
Operations and Maintenance;
Fire and Explosion
QRA (comparative or coarse)

Environmental Assessment (update)
HAZID
DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12)

Prepare Conceptual Design (A12-01)
ensure technical integrity of

basic process
develop layout to minimise
consequences in developing
the 'Project Specification'
review technical integrity of
detailed process
minimise risk of escalation
-for offshore and complex plant
-for less complex and onshore
ensure adequate provision

for escape
review overall risks
minimise construction risks
incorporate HSE-specific
requirements
(Validate 'Basis for Design')
HAZOP (coarse)
Coarse Layout Methodology
Human Factors
HAZOP (detailed)
Instrumented Protection Function (IPF) classification
Detailed Layout Methodology, Fire and Explosion Analysis
Emergency System Survivability Analysis
FIREPRAN
Escape, Evacuation and Rescue Analysis (use judgement
for less complex plant)
QRA (as necessary)
HAZID
Health Risk Assessment, Human Factors,
HSE CASE FOR ASSET

HAZARDS AND
EFFECTS REGISTER
31
objectives
DESIGN, CONSTRUCT, MODIFY OR ABANDON FACILITIES (A12) cont'd)
Prepare Detailed Design (A12-02)
ensure change does not

impair technical integrity
prepare input for HSE Case
for facility
QRA
HAZOP
see ACT-01-06
Construct and Precommission Facility (A12-03)

HSE risk managed in
Prepare activity HSE Case Plan (see ACT-01-06)
ensure
construction
Commission Facility (A12-04)
Pre-startup audit
verify readiness to startup
Abandon Facility (A12-05)
ensure legal and social
obligations met with respect
to environment
decommission and remove

safely with due care for
health and environment
Prepare plan (ACT-01-06)

HAZID
Environmental Assessment (including review of past
practices and liabilities), Health Risk Assessment
HAZID
DESIGN, CONSTRUCT, MODIFY OR ABANDON WELLS (A09)

(as for A12 for Wells)
OPERATE AND MAINTAIN FACILITIES AND WELLS (A71/A72)

(see under HSE Case for Asset)
MANAGE ASSETS (ASS)
(Includes HSE Case for Asset)
Asset Reference Plan (ASS-01-02)

HAZID
demonstrate that risks
associated with asset and its
operation are managed

Job Hazard Analysis
Permit-to-Work
H2 S
Safe Handling of Chemicals (SDS)
Human Factors
Emergency Response (including oil spill plans)
Classification of Waste
Waste Management
Appraise Asset Integrity (ASS-04-02)

Process Hazard Review
confirm process integrity and
HAZOP
containment
FIREPRAN
compare fire and explosion
provisions against objectives set
HSE CASE FOR ASSET

HAZARDS AND
EFFECTS REGISTER
32
Appendix III Hazards and Effects Hierarchy
APPENDIX III
HAZARDS AND EFFECTS HIERARCHY
The Hazards and Effects Hierarchy is a structured list of HSE-related hazards and effects that may
occur in the EP business. It can provide a starting point in hazard identification (the first step of the
Hazards and Effects Management Process, HEMP). Use of the Hazards and Effects Hierarchy as a
checklist gives greater assurance that all hazards and effects have been addressed and identification
and initial assessment is complete.
The Hazards and Effects Hierarchy is a structured checklist incorporated in the PC-based tool
THESIS (EP 95-0323). It is continually being improved with use in different operations and
environments. The hierarchy in the attached Table III.1 is therefore only included as an example or
'snapshot'. For the most up-to-date version, refer to the latest version of THESIS software.
In THESIS each hazard and effect has been assigned a number which has been consistently carried
through to the Hazards and Effects Register. The same numbering system is used here.
The Hazards and Effects Hierarchy, Table III.1, consists of main hazard groups such as H-01
Hydrocarbons. Under these are sub-groupings, such as H-01.06 Hydrocarbon Gas. Some examples
are given of typical sources of these hazards or locations where they will be found.
Under the three columns 'Safety', 'Health' and 'Environment' an arbitrary coding has been given which
has been found useful in grouping hazards. The reason for the Health grouping is explained below.
Any other coding or tagging can be used.
No attempt has been made to link the listing of hazards with, for example business activities or types
of facilities, since any one hazard can invariably be present in many situations. The Hazards and
Effects Hierarchy nevertheless lends itself to use as part of a systematised approach to hazard
management.
III.1
Routine Health Hazards and Effects
Health hazards encountered in the work place and by the public are usually divided into the following
five broad groups:
chemical hazards
physical hazards such as noise, vibration, ionising radiation
biological hazards such as micro-organisms
ergonomic hazards such as manual handling
psychological hazards such as stress
life style such as substance abuse
living environment such as malaria and environmental pollution
The Hazards and Effects Hierarchy as presented in this appendix can be sorted to cover all significant
health hazards and effects in this order or any other order that is required.
III.2
Environmental Hazards and Effects
Effects on the environment may be due to unintentional incidents (e.g. a fire or chemical spill) or due
to intended often continuous, routine or chronic releases as part of the operation.
33
The Hazards and Effects Hierarchy listing, Table III.1, is valid for both incidental releases and
routine releases. As described in 2.1, a hazardous event in the case of the routine or chronic release
is when defined limits have been exceeded. A hazardous event in the case of an acute or incidental
release is an occurrence or incident.
Limits should be defined for routine releases which have an adverse effect on the environment.
Reviewers often find it easier to think in terms of sources of environmental effects. To assist in this
identification Table III.1 is a checklist of sources, of environmental hazards and of potential effects.
This table can assist in the identification of hazards and effects when reviewing a proposed
development or operation (i.e. in the Environmental Assessment process) or when reviewing effects
from the existing operation and preparing reduction plans.
The list is not complete and any further additions to the checklist should be forwarded to SIEP.
Currently, three types of environmental hazards have been identified:
hazards associated with discharges or emissions
hazards/effects from use of natural resources
hazards causing effects from presence.
It is not always possible to pinpoint a genuine hazard causing the effect, e.g. resource use can result
from a number of activities.
Key to Hazards
Table III.1
The Hazards and Effects Hierarchy
Safety Hazards
Health Hazards
Environmental Hazards
F = Flammable
B = Biological Agent
D= Discharge Hazards
MH = Major Hazard
C = Chemical Agent
R = Use of Natural Resources
Se = Security Hazard
E = Ergonomic Agent
Pr = Presence
WP = Work Practice
P = Physical Agent
LS = Life Style Agent
Psy = Psychological Agent
M = Medical Issue
Hazard
Number
Hazard Description
Safety
Health
Enviro
Sources
H-01
Hydrocarbons
H-01.01
Crude oil under pressure
MH
Flowlines, pipelines, pressure

vessels and piping
H-01.02
Hydrocarbons in formation
MH
Oil wells especially during well

drilling and entry/workover
operations
34
H-01.03
LPGs (e.g. Propane)
MH
Process fractionating equipment,

storage tanks, transport trucks
and rail cars
H-01.04
LNGs
MH
Cryogenic plants, tankers
H-01.05
Condensate, NGL
MH
Gas wells, gas pipelines, gas

separation vessels
H-01.06
Hydrocarbon gas
MH
Oil/gas separators, gas

processing plants, compressors,
gas pipelines
H-01.07
Crude oil at low pressures
MH
Oil storage tanks
H-01.08
Wax
Filter separators, well tubulars,

pipelines
H-01.09
Coal
Fuel source, mining activities
H-02
Refined Hydrocarbons
H-02.01
Lube and seal oil
Engines and rotating equipment
H-02.02
Hydraulic oil
Hydraulic pistons, hydraulic

reservoirs and pumps
H-02
Refined Hydrocarbons (cont'd)
H-02.03
Diesel fuel
Vehicle fuelling stations, vehicle

maintenance
H-02.04
Petroleum spirit/gasoline
Vehicle fuelling stations, vehicle

maintenance
H-03
Other flammable materials
H-03.01
Cellulosic materials
H-03.02
Pyrophoric materials
Metal scale from vessels in sour

service, scale on filters in sour
service, iron sponge sweetening
units
Hazard
Number
Hazard Description
Safety
Health
Enviro
Sources
H-04
Explosives
H-04.01
Detonators
WP
H-04.02
Conventional explosive
material
MH
H-04.03
Perforating gun charges
MH
Well completion activities

associated with drilling rigs and
workover operations
H-05
Pressure Hazards
H-05.01
Bottled gases under pressure
WP
Welding and metal cutting

operations, laboratory gas
sources
Packing materials, wood planks,

paper rubbish
Seismic Operations,
pipeline construction
Pr
Seismic Operations,
pipeline construction
35
H-05.02
Water under pressure in

pipeworks
WP
Water disposal, water floods and

injection operations, strength
testing of pipeworks, well
fracturing and treatments
H-05.03
Non-hydrocarbon gas under

pressure in pipeworks
MH
Purging and leak testing of

facilities
H-05.04
Air under high pressure
WP
Seismic air guns and related

piping,
H-05.05
Hyperbaric Operations
(diving)
WP
Undersea operations
H-05.06
Decompression (diving)
WP
Undersea operations
H-06
Hazards associated with differences in height
H-06.01
Personnel at height >2m
H-06
Hazards associated with differences in height (cont'd)
H-06.02
Personnel at height <2m
WP
Slippery/uneven surfaces,
climbing/descending stairs,
obstructions, loose grating
H-06.03
Overhead equipment
MH
Objects falling while being

lifted/handled or working at a
height over people, equipment or
process systems, elevated work
platforms, slung loads
Hazard
Number
Hazard Description
Safety
H-06.04
Personnel under water
MH
Objects falling on to divers from

operations overhead
H-06.05
Personnel below grade
WP
Pipeline trenches, excavations,

repairing buried facilities
H-07
Objects under induced stress
H-07.01
Objects under tension
WP
Guy & support cables, anchor

chains, tow & barge tie-off
ropes, slings
H-07.02
Objects under compression
WP
Spring-loaded devices such as

relief valves and actuators and
hydraulically operated devices
H-08
Dynamic situation hazards
H-08.01
On land transport (driving)
WP
Driving to and from locations

and camps, transporting
materials, supplies and products,
seismic operations, moving
drilling rigs and workover rigs
MH
Work involving scaffolding,

suspended access, ladders,
platforms, excavations, towers,
stacks, roofing, working
overboard, working on monkey
board
Health
Enviro
Sources
36
H-08.02
On water transport (boating)
WP
Boat transport to and from

locations and camps,
transporting materials, supplies
and products, marine seismic
operations, barges moving
drilling rigs and workover rigs
H-08.03
In air transport (flying)
MH
Helicopter and fixed wing travel

to and from locations and camps,
transporting materials, supplies
and products
H-08.04
Boat collision hazard to other MH

vessels and offshore structures
Shipping lane traffic, product

transport vessels, supply and
maintenance barges and boats,
drifting boats
H-08.05
Equipment with moving or

rotating parts
Engines, motors, compressors,

drill stems, thrusters on DP
Ships
H-08
Dynamic situation hazards (cont'd)
H-08.06
Use of hazardous hand tools

(grinding, sawing)
WP
Workshop, construction sites,

maintenance sites, rotating
equipment
H-08.07
Use of knives, machetes and

other sharp objects
WP
Galley, seismic line clearing,

grubbing operations
H-08.08
Transfer from boat to offshore WP

platform
Basket transfer, rope transfer
Hazard
Number
Hazard Description
H-09
Environmental Hazards
H-09.01
Weather
WP
Winds, temperature extremes,

rain, etc
H-09.02
Sea state/river currents
MH
Waves, tides or other sea states,

river currents
H-09.03
Tectonic
MH
Earthquakes or other earth

movement activity
H-10
Hot surfaces
H-10.01
Process piping and equipment WP

between 60 and 150 deg. C
Oilwell piping, piping in

fractionation systems, glycol
regeneration
H-10.02
Process piping and equipment MH

over 150 deg. C
Hot oil piping, piping associated

with stills and reboilers
H-10.03
Engine and turbine exhaust

systems
WP
Power generation, gas

compression, refrigeration
compression, engine driven
equipment such as forklifts
H-10.04
Steam piping
WP
Sulphur plants, power boilers,

waste heat recovery systems,
heat tracing and jackets
WP
Safety
Health
Enviro
Sources
37
H-11
Hot fluids
H-11.01
Temperatures between 100

and 150 deg. C
WP
Glycol regeneration, low quality

steam systems, cooling oils,
galley
H-11.02
Temperatures greater than 150 MH

deg. C
Power boilers, steam generators,

sulphur plants, waste heat
recovery units, hot oil heating
systems, regeneration gases used
with catalysts and desiccants
H-12
Cold surfaces
H-12.01
Process piping between

-25 deg. C and -80 deg. C
MH
Cold ambient climate, JouleThomson expansions (process

and leaks), propane refrigeration
systems, LPG gas plants
H-12.02
Process piping less than

- -80 deg. C
MH
Cryogenic plants, LNG plants,

LNG storage vessels including
tankers, vapour lines off liquid
nitrogen storage
H-13
Cold fluids
H-13.01
Oceans, seas and lakes less

than 10 deg. C
North Sea, Arctic Ocean
Hazard
Number
Hazard Description
H-14
Open flame
H-14.01
Safety
Health
Enviro
Sources
Heaters with fire tube
Glycol reboilers, amine

reboilers, salt bath heaters, water
bath heaters (line heaters)
H-14.02
Direct fired furnaces
Hot oil furnace, Claus plant

reaction furnace, catalyst and
desiccant regeneration gas
heaters, incinerators, power
boilers
H-14.03
Flares
Pressure relief and blowdown

systems
H-15
Electricity
H-15.01
Voltage > 50 to 440 V in

cables
MH
Power cables, temporary

electrical lines on construction
sites
H-15.02
Voltage > 50 to 440 V in

equipment
WP
Electric motors, electric

switchgear, power generation,
welding machines, transformer
secondary
H-15.03
Voltage >440 V
MH
Overhead power lines, power

generation, transformer primary,
large electrical motors
H-15.04
Lightning discharge
WP
Major lightning-prone areas
38
H-15.05
Electrostatic energy
WP
H-16
Electromagnetic radiation
H-16.01
Ultraviolet radiation
H-16
Electromagnetic radiation (cont'd)
H-16.02
Non-metallic storage vessels and

piping, product transfer hoses,
wiping rags, unearthed
equipment, aluminium/steel,
high velocity gas discharges
Arc welding, sunshine
Infra-red radiation
Flares
H-16.03
Microwaves
Galley
H-16.04
Lasers
Instrumentation, surveying
H-16.05
E/M radiation : high voltage

ac cables
Transformers, power cables
Hazard
Number
Hazard Description
H-17
Ionising radiation - open source
H-17.01
Health
Enviro
Sources
Alpha, beta - open source
Well logging, radiography,

densitometers, interface
instruments
H-17.02
Gamma rays - open source
Well logging, radiography
H-17.03
Neutron - open source
Well logging
H-17.04
Naturally occurring ionising

radiation
Scales in tubulars, vessels and

process plant fluids (especially
in C3 reflux streams)
H-18
Ionising radiation - closed source
H-18.01
Alpha, beta - closed source
Well logging, radiography,

densitometers, interface
instruments
H-18.02
Gamma rays - closed source
Well logging, radiography
H-18.03
Neutron - closed source
Well logging
H-19
Asphyxiates
H-19.01
Insufficient oxygen
atmospheres
Confined spaces, tanks
H-19.02
Excessive CO2
H-19.03
Drowning
Working overboard, marine

seismic operations, water
transport
H-19.04
Excessive N2
N2 purged vessels
Safety
Areas with CO2 firefighting

systems such as turbine
enclosures
39
H-19.05
Halon
Areas with halon firefighting

systems such as turbine
enclosures and electrical
switchgear and battery rooms
H-19.06
Smoke
Welding/burning operations,
fires
H-20
Toxic gas
H-20.01
H2S (hydrogen sulphide, sour MH

gas)
Sour gas production, bacterial

activity in stagnant water,
confined spaces in sour
operations
Hazard
Number
Hazard Description
Health
Enviro
Sources
H-20
Toxic gas (cont'd)
H-20.02
Exhaust fumes
Sleeping in cars with running

engines, heating devices, car
garage
H-20.03
SO2
Component of H2S flare and

incinerator flue gas
H-20.04
Benzene
Component of crude oil,

concentrated in glycol vent
emissions and Wemco units
H-20.05
Chlorine
Water treatment facilities
H-20.06
Welding fumes
Construction and metal

fabrication/repair, welding toxic
metals (galvanised steel,
cadmium-coated steel), metal
cutting, grinding
H-20.07
Tobacco smoke
LS
Accommodation, office
buildings, inside cars, boats,
helicopters, aeroplanes
H-20.08
CFCs
H-21
Toxic liquid
H-21.01
Mercury
H-21.02
Safety
MH
Air conditioning, refrigeration,

aerosol sprays
Electrical switches, gas filters
PCBs
Transformer cooling oils
H-21.03
Biocide (gluteraldehyde)
Water treatment systems
H-21.04
Methanol
Gas drying and hydrate control
H-21.05
Brines
Hydrocarbon production, well

kill fluid, packer fluids
H-21.06
Glycols
Gas drying and hydrate control
H-21.07
Degreasers (terpenes)
Maintenance shops
40
H-21.08
Isocyanates
Two-pack paint systems
H-21.09
Sulphanol
Gas sweetening
H-21.10
Amines
Gas sweetening
H-21.11
Corrosion inhibitors
Additive to pipelines and oil/gas

wells, chromates, phosphates
H-21.12
Scale inhibitors
Cooling and injection water

additive
H-21.13
Liquid mud additives
Drilling fluid additive
H-21.14
Odorant additives
(mercaptans)
Custody transfer facilities for

gas, LPG and LNG
Hazard
Number
Hazard Description
Health
Enviro
Sources
H-21.15
Alcohol-containing beverages WP
LS
H-21.16
Recreational drugs
LS
H-21.17
Used engine oils

(polycyclicaromatic
hydrocarbons)
Used engine oils
H-21.18
Carbon tetrachloride
H-21.19
Grey and/or Black Water
H-22
Toxic solid
H-22.01
Asbestos
Thermal insulation and

construction materials, old
roofing (encountered during
removal)
H-22.02
Man-made mineral fibre
Thermal insulation and

construction material
H-22.03
Cement dust
Oil well and gas well cementing,

civil construction
H-22.04
Sodium hypochlorite
H-22.05
Powdered mud additives
H-22.06
Sulphur dust
Sulphur recovery plants
H-22.07
Pig trash
Pipeline cleaning operations
H-22.08
Oil-based muds
Oil and gas well drilling
H-22.09
Pseudo-oil-based muds
H-22.10
Water-based muds
H-22.11
Cement slurries
Oil and gas well drilling, plant

construction
Safety
WP
Plant laboratory
Septic systems, camps,
detergents
41
H-22.12
Dusts
H-22.13
Cadmium compounds and

other heavy metals
Welding fumes, handling coated

bolts
H-22.14
Oil based sludges
Oil storage tank cleaning
H-23
Corrosive substances
H-23.01
Hydrofluoric acid
WP
Well stimulation
H-23.02
Hydrochloric acid
WP
Well stimulation
Cutting brickwork and concrete,

driving on unpaved roads,
carpenter shops, grit blasting,
sand blasting, catalyst (dumping,
screening, removal, drumming)
42
Hazard
Number
Hazard Description
Safety
Health
Enviro
Sources
H-23
Corrosive substances (cont'd)
H-23.03
Sulphuric acid
WP
Wet batteries, regenerant for

reverse osmosis water makers
H-23.04
Caustic soda (sodium

hydroxide)
H-24
Biological hazards
H-24.01
Poisonous plants (poison ivy

and oak, stinging nettles,
nightshade)
Natural environment
H-24.02
Large animals (dogs, cats,

rats, African wild animals)
Natural environment
H-24.03
Small animals (snakes,

scorpions, lizards)
Natural environment
H-24.04
Food-borne bacteria (e.g. E.

Coli)
Contaminated food
H-24.05
Water-borne bacteria (e.g.

Legionella)
Cooling systems, domestic water

systems
H-24.06
Parasitic insects (pin worms,

bed bugs, lice, fleas)
Improperly cleaned food, hands,

clothing, living sites (pin worms,
bed bugs, lice, fleas )
H-24.07
Disease transmitting insects

(mosquitoes-malaria and
yellow fever, ticks-lime
disease, fleas-plague)
Natural environment
H-24.08
Cold and Flu Virus
Other people
H-24.09
Human Immune deficiency

Virus (HIV)
Contaminated blood, blood

products and other body fluids
H-24.10
Other Communicable
Diseases
Other people
H-25
Ergonomic hazards
H-25.01
Manual materials handling
Pipe handling on drill floor, sack

handling in sack store,
manoeuvring equipment in
awkward locations
H-25.02
Damaging noise
H-25.03
H-25.04
Pr
Releases from relief valves,

pressure control valves
Loud steady noise > 85 dBA
Pr
Engine rooms, compressor

rooms, drilling brake, air tools
Heat stress (high ambient

temperatures)
WP
Near flare, on the monkey board

under certain conditions, in open
exposed areas in certain regions
of the world during summer
43
Hazard
Number
Hazard Description
H-25
Ergonomic hazards (cont'd)
H-25.05
Cold stress (low ambient

temperatures)
Open areas in winter in cold

climates, refrigerated storage
areas
H-25.06
High humidity
Climates where sweat

evaporation rates are too low to
cool the human body, personal
protective clothing
H-25.07
Vibration
H-25.08
Workstations
H-25.09
Lighting
H-25.10
Incompatible hand controls
Controls poorly positioned in

workplace requiring workers to
exert excessive force, lacking
proper labels, hand-operated
control valves, for example in
driller house, heavy machinery,
control rooms
H-25.11
Awkward location of
workplaces and machinery
Machinery difficult to maintain

regularly due to their awkward
positioning, for example valves
in an usually high or low
position
H-25.12
Mismatch of work to physical

abilities
Requiring older workers to

maintain a high physical level of
activity over the course of an
8/12 hour day, heavy
construction work performed by
slight individuals
H-25.13
Mismatch of work to cognitive

abilities
Requiring individuals to monitor

a process without trying to
reduce their boredom by giving
them a higher task load, asking a
worker to supervise something
he/she is not qualified
H-25.14
Long and irregular working

hours/shifts
Offshore locations utilising long

shift cycles, overtime, night
shifts, rollover shifts
Safety
Health
Enviro
Pr
Sources
Hand-tool vibration,
maintenance and construction
worker, boating
Poorly designed office furniture
and poorly laid out workstations
Pr
Work areas requiring intense

light, glare, lack of contrast,
insufficient light
44
Hazard
Number
Hazard Description
H-25
Ergonomic hazards (cont'd)
H-25.15
Poor organisation and job

design
Ambiguity of job requirements,

unclear reporting relationships,
over/under supervision, poor
operator/contractor interfaces
H-25.16
Work planning issues
Work overload, unrealistic

targets, lack of clear planning,
poor communications
H-25.17
Indoor climate (too hot/ cold/

dry/ humid, draughty)
Uncomfortable climate for

permanently manned areas
H-26
Psychological hazards
H-26.01
Living on the job/away from

family
Psy
Homesickness, missing family

and social events, unable to be
involved in community, feeling
of isolation and losing chunks of
life. Drifting away from spouse
and family, development of
different interests and friends,
threatened by spouse's
independence, wind-down period
at start of break. Inability to
support spouse in domestic
crisis. Difficult to turn off in
leisure time
H-26.02
Working and living on a live

plant
Psy
Awareness that mistakes can be

catastrophic, vulnerable to the
mistakes of others, responsible
for the safety of others.
Awareness of difficulty of escape
in an emergency. Awareness of
risks in helicopter travel, adverse
weather.
H-26.03
Post traumatic stress
Psy
Serious incidents, injuries to self

and others
H-27
Security related Hazards
H-27.01
Piracy
Se
H-27.02
Assault
Se
H-27.03
Sabotage
Se
H-27.04
Crisis (military action, civil

disturbances, terrorism)
Se
H-27.05
Theft, pilferage
Se
Safety
Health
Enviro
Sources
45
Hazard
Number
Hazard Description
H-28
Use of Natural Resources
H-28.01
Enviro
Sources
Land
Installation sites, drilling

locations, seismic clearing,
pipeline right-of-ways
H-28.02
Water
Cooling water
H-28.03
Air
Turbines, combustion engines

(cars, trucks, pump and
compressor drivers)
H-28.04
Trees, vegetation
Installation sites, seismic

clearing, pipeline right-of-ways,
drilling locations
H-28.05
Gravel
Borrow pits, road construction
H-29
Medical
H-29.01
Medical unfitness
Medically unfit staff for the task
H-29.02
Motion sickness
Crew change on water, marine

operations
Safety
Health
46
Table III.2
Checklist of sources - hazards - effects
Source*
Flare
ROUTINE HAZARDS
POTENTIAL EFFECTS
CH4
global warming/climate change/atmospheric ozone increase
SOx
acid deposition, water and soil acidification
NOx
atmospheric ozone increase/acid deposition
N2 O
global warming/stratosphere ozone depletion/climate change
CO2
global warming/climate change
CO
health damage
noise
nuisance/health damage
light
nuisance/health effects
H2 S
health damage/odour nuisance
odorous compounds
nuisance/odour
particulates
health damage/ecological damage/soot deposition
radiation
health damage/ecological
heat
trace toxics
metals
- PAH
nuisance/ecological damage
-
ecological/health damage
Energy generating
equipment
CH4
turbines
SOx
acid deposition, water and soil acidification, global cooling
boilers/heaters
furnaces
NOx
atmospheric ozone increase/acid deposition/fertilisation
transport (diesel,
gasoline)
N2 O
global warming/stratosphere ozone depletion/climate change
drilling, etc
CO2
global warming/climate change
CO
health damage
noise
nuisance/health damage/wildlife damage
light
nuisance/health damage/wildlife damage
odorous compounds
nuisance/odour
particulates/dust
ecological damage/health damage/soot deposition
radiation
PAH
H2 S
nuisance, health damage, ecological damage
heat
health damage, ecological damage
PCB
Trace toxics (e.g. catalysts,

heavy metals, chemicals)
Venting
CH4
tanker loading
VOC/CxHx
atmospheric ozone increase/health damage/ecological

damage
production
Specific Chemicals
health damage/ecological damage
CFC
halons
CH4
global warming/climate change/stratosphere ozone depletion

global warming/climate change/stratosphere ozone depletion
VOC/CxHx/specific
chemicals
ROUTINE HAZARDS
global warming/climate change/atmospheric ozone increase/

health damage/ ecological damage
POTENTIAL EFFECTS
pressure relief
glycol venting
Refrigeration
Fire extinguishers
Fugitives
valves, pumps, etc
Source*
47
Water
water based mud
oil based mud
aqueous effluents
site drains
storm water run off
produced water
cooling water
tank bottom water
oil
floating layer/unfit for drinking recreation/tainting of

fish/biological damage
soluble organics/dissolved
HC/BTEX
tainting of fish, damage to aquatic organisms, unfit for

drinking, recreation, irrigation, livestock.
heavy metals
accumulation in biota and sediments, adverse effects on

organisms, unfit for drinking, recreation, irrigation, livestock.
biological damage
smothering/damage to sea bed and biota
salts
barite (mud), drilling fluids,
drilling cuttings
nutrients
odour
chemicals/corrosion
inhibitors/biocides/
fungicides
volume of water to land
fresh water discharge
suspended solids
soil/ erosion sediments
PAH
Grease
salts/brine
acids/caustics
temperature change
Black water and/or grey

water (sewage and wash
water)
detergents
pathogens
anoxia (deoxygenation)
nutrients
specific chemicals
eutrophication
nuisance
damage to aquatic organisms
increased water table, flooding, change in riverflow

decreased salinity
decreased transparency, damage to coral reefs, damage to
and bottom organisms, recreation, habitat
smothering, damage to vegetation
damage to aquatic organisms, water not fit for drinking,
irrigation, livestock.
water not fit for recreation, damage to bottom sediments
increased salinity, damage to aquatic organisms, water unfit
for drinking, recreation, irrigation, livestock
damage to aquatic organisms
change in oxygen concentration, damage to aquatic
organisms, increased growth/blooms
eutrophication/toxicity
health damage
biological damage
eutrophication
damage to aquatic organisms water unfit for drinking,
recreation, irrigation, livestock
nuisance odour/smell
damage to aquatic organisms, water unfit for drinking,
recreation, irrigation, livestock
Sacrificial anodes
odorous compounds
heavy metals
Detonators
noise/pressure waves
damage to aquatic organisms/repellent
Chemicals
paints
biological toxic or chronic damage/global warming
solvents
health/biological toxic or chronic damage/global warming
cleaners
biological toxic or chronic damage
oil/hydrocarbons
soil contamination; ground water contamination
oil sludges
heavy metals
soil contamination
tank bottom sludges
chemicals
soil contaminations; groundwater contamination; smothering.
oil based muds
specific chemicals
soil contamination; groundwater contamination; smothering.
soil sediments
smothering, biological damage
Soil
water based muds

drilled cuttings
contaminated soil
Eroded Materials
Source*
ROUTINE HAZARDS
POTENTIAL EFFECTS
Solid/liquid wastes,
medical waste,
spent catalyst
hazardous wastes
toxic substances
soil contamination; groundwater contamination; health

damage.
Household,
food/kitchen and
office waste
organic and specific

wastes
pathogens
soil contamination; groundwater contamination

damage to health
48

Landfarming
oil/hydrocarbons
heavy metals
chemical additives
soil contamination; groundwater contamination

damage to health
Heavy vehicles
soil compaction
changing surface hydrology; changing sub-surface

hydrology; reduced plant growth; erosion
Vibrating equipment
vibrations
nuisance/animal repellent
Human resources
presence of workforce
with different
socio/cultural
background
during construction
and operation;
community intrusion
socio/cultural effects; employment in-/decrease;

influence on local population/demography;
demands on local resources/surfaces
Need for land
land take by:
soil erosion, destruction of habitat
- seismic
changing surface hydrology
- drilling
removal of vegetation
- field development, tank

forms
change land use, change in natural relief
- access routes
change in accessibility
- camps, offices,
warehouses
damage to natural habitat
- pipelines
visual impact
energy take
loss of energy resources
Need for energy
heaters/boilers
power generation
steam generation
vehicles/transport
cooling
Need for water
water take
damage to wetlands
cooling
draw down of ground water level/damage to water well users
process
impact on downstream users
drinking water
waste waters
irrigation
recharge/pressure
maintenance
Need for gravel/sand
gravel/sand take
damage to habitat/vegetation/crops
drill pads
visual impact/land scarring
access roads
change to surface hydrology
camp base/levelling
change in natural relief
facility construction
recovery and
replacement
Need for consumables
use of non renewable raw

materials
depletion of raw materials
* any indented (-) are covered by all aspects in the adjacent columns.
49
50
Appendix IV Structured Review Techniques Summary Description Sheets
APPENDIX IV
STRUCTURED REVIEW TECHNIQUES
SUMMARY DESCRIPTION SHEETS
Title
Assets*
ASPIN
Emergency Systems Survivability Analysis (ESSA)
Explosion Protection Review (EPR)
Fire and Explosion Analysis (FEA)
FIREPRAN
HAZID
HAZOP
Health Risk Assessment (HRA)
*
*
*
*
*
*
*
*
*
Job Hazard Analysis

Physical Effects Modelling (PEM)
Process Hazard Review (PHR)
Platform Layout Methodology (PLM)
RISER
Smoke Ingress Analysis (SIA)
SAFOP
Structural Consequence Analysis (SCA)
Temporary Refuge/Escape Evacuation and Rescue Analysis (TR/EERA)
The Health, Environment, Safety Information System (THESIS)
Tripod-BETA
Tripod-DELTA
Assets*
Activities*
*
*
*
*
*
*
*
*
*
Activities*
*
*
*
*
*
*
*
*
*
Used primarily in planning, design, longer term review and preparation of HSE Cases for assets.
Used primarily for developing and reviewing operational-type procedures, systems and preparing
activity HSE Cases, plans or method statements, e.g. seismic drilling, construction and
commissioning, and production and maintenance.
51
ASPIN
Objective
To provide an easy-to-use quantitative failure risk assessment tool to compare different options and
conditions during pipeline design and operation and to assist in optimising and planning inspection and
maintenance efforts.
It is a tool that is situated between a full Quantitative Risk Assessment (QRA) and simple risk
ranking/scoring methods, less complicated and expensive than the former and more quantitative (and
therefore more accurate) than the latter. It is intended as a decision support tool and does not specify
acceptance criteria for risk levels. It can, for example, identify the effect of use of inspection pigging and a
leak detection system on risk levels.
Method
The methodology is based on the generally applied risk analysis technique whereby the probability of a
failure, expressed in terms of expected failure frequency, is multiplied by the consequence of such a failure
to arrive at risk. Failure risk is determined cumulatively over a given longer period of time as well as on a
yearly basis.
The method is structured in four main parts:
1.
Identify the possible failure causes and derive potential failure frequencies
2.
Identify the most likely failure type distribution
3.
Identify the consequences of pipeline failure
4.
Combine parts 1 and 3 to derive risk levels
Information Required (Input)
pipeline fluids (those covered are: crude oil, natural gas, sour natural gas, NGL, fuel gas, gas
oil/diesel, kerosene/naphtha/gasoline, LPG, ethylene, propylene and two-phase oil/gas fluids)
impact failure statistics and failure frequencies
construction/material defect failure statistics and failure frequencies
corrosion statistics or estimated possible mechanisms/expected time to first failure (wall
thickness, critical defect depth, inspection surveys, actual corrosion data), annual corrosion
failure frequencies
Deliverables (Output)
Safety, environmental and economic risk comparison assessments that can be used in support of pipeline
design and operation decisions. ASPIN can be used in the development of HSE Cases as part of the HSE MS
including input into Hazards and Effects Register. ASPIN identifies and assesses all potential major hazards,
evaluates the risks and the effectiveness of the various measures to reduce the risks to the lowest practicable
level.
Further Information
EP 94-0101 - ASPIN Version 1.1 Pipeline Failure Risk Assessment (Ref. 13)
EP 94-0102 - ASPIN Version 1.1 Pipeline Failure Risk Assessment (Ref. 14)
EP 94-0195 - Simplified Method for Pipeline Risk Ranking, Version 2.0 (Ref. 15)
DEP 31.40.60.11 - Gen Pipeline Leak Detection (Ref. 24).
52
Emergency Systems Survivability Analysis (ESSA)

Objective
Determination of the ability of the emergency systems to withstand severe accident conditions. If
performance criteria for essential safety systems are developed as part of the process which evaluates fires
and explosions an ESSA as a separate exercise may not be required.
Method
Identification of all the safety and emergency systems. Assessment of the criticality of each system with
respect to preventing escalation, protecting the Temporary Refuge(s) (TR(s)) and enabling
escape/evacuation. The critical systems are then assessed to determine their vulnerability to explosions and
fires.
Information Required
Detailed information on the type and layout of safety and emergency systems for example ESD power
systems and emergency communications. Fire and explosion scenario data from the Explosion Protection
Review (EPR) and Fire and Explosion Analysis (FEA) .
Deliverables
Identification of critical emergency equipment and system locations. An assessment of the vulnerability of
the critical systems during direct and escalated events.
Overlap
ESSA is a part of the FEA process and provides information which is subsequently used in the Temporary
Refuge/Escape, Evacuation and Rescue Analysis (TR/EERA).
Further Information
Shell Expro document EN/074 (Ref. 11).
53

Objective
To predict the significant chemical, biological and socio-economic effects of an activity and to make
recommendations on activities, sites, techniques and technologies to be adopted in order to maximise the
positive, and minimise the negative effects.
Method
Acquisition of environmental description in terms of abiotic, biotic and human environments
Identify project environmental hazards and characterise the environment
Evaluate the magnitude and significance of environmental effects
Determination of any environmental control and recovery management requirements.
Site and potential waste product descriptions, project description including process materials and sources,
materials of construction, project schedule and both strategic and local economic benefits.
Deliverables
Environmental Statement
Agreed adjustment to design options
Mitigation and recovery measures during operations
Environmental report covering suggested monitoring programmes and environmental management
systems. This report can be used as the basis for public meetings and exhibitions if required.
Overlap
Environmental Assessment (EP 95-0370) describes the Hazards and Effects Management Process (HEMP)
as it applies to environmental matters throughout the life cycle of a development.
Further Information
EP HSE Manual, Environmental Assessment, EP 95-0370.
54
Explosion Protection Review (EPR)

Objective
Determination of worst case scenarios for explosions which then define the limits required for designing
offshore installations to withstand accidental vapour cloud explosions.
Method
Explosion overpressure prediction models are used to determine the worst case peak internal explosion
overpressure and an estimate of the overpressure external to the source module. The Thornton model
SCOPE is used to determine the worst case peak confined internal overpressure and an estimate of the
overpressure external to the source area. This information is then used to assess the capacity of the blast
walls, floors, ceilings and other structural components as well as the effects of the external explosion.
Information on the area geometry, equipment layout and structure design. Worst case assumptions are
generally made on gas concentrations, gas volumes and ignition source locations.
Deliverables
Explosion overpressure for each module with the associated effects on the module structure and an
indication of the capacity of the module to withstand the explosion. Recommendations to reduce or contain
the explosion overpressure.
Overlap
EPR is effectively a stand alone technique but is part of the Fire and Explosion Analysis (FEA) process.
Further Information
Shell Expro document EA/083 (Ref. 25).
Fire and Explosion Analysis (FEA)

Objective
A general term for a process which identifies and evaluates all fire and explosion hazardous events as a basis
for risk reduction and for preparing performance criteria for essential safety systems and the arrangements
required for Escape, Evacuation and Rescue (EER).
Method
The location and type of all potential fires (and explosions) are identified. The capability of the existing or
required fire protection (and explosion relief) measures are established together with the corresponding
performance standards. Estimates of the damage potential of each event are made. The FEA process is a
fundamental part of developing an installation Quantitative Risk Assessment (QRA) model and can either be
undertaken as part of the QRA or as a stand alone exercise providing input to the QRA.
Detailed information on plant layout, fire areas, hazardous areas, flammable inventories, fire and safety
equipment layout, passive fire protection location, fire water piping runs and any other pertinent data.
Deliverables
All potential fire and explosion events are identified and a number subjected to more detailed evaluation.
Requirements for the essential safety systems to manage fire and explosions and for EER are identified.
Overlap
ESSA, EPR, SIA, SCA, FIREPRAN are all components of the FEA as necessary. The FEA utilises PEM.
Further Information
There is not a specific guideline on FEA, it is a collective term describing a process, which utilises a number
of techniques including PEM.
55
FIREPRAN
Objective
A structured review technique for the review and assessment of:
1.
hydrocarbon release and combustion related risks in a facility
2.
the fire and explosion control and recovery preparedness measures in place.
3.
the capability to meet the performance standards set and satisfy the objectives and criteria set for the
management of fire and explosion hazards.
To identify deficiencies and opportunities for improvement in order to meet objectives with respect to fire
and explosion management. FIREPRAN is not suited to complex, compact integrated facilities.
Method
A multi-disciplined team uses a structured HEMP compatible approach to identify hazards related to
hydrocarbon releases and explosions and develops a hazards and effects hierarchy. The hazard control
measures and related hazardous events mitigation and recovery measures are recorded in a hazards and
effects register. Potential fire and explosion scenarios are developed enabling review of the resources needed
to respond effectively to these incidents. Resources needed to respond effectively to fire and explosion
hazardous event scenarios are compared with those already in place. Results are presented with
opportunities for improved risk reduction measures as appropriate to plant criticality.
Process flow schemes, plot plans, plant layouts and hazardous area drawings
Fire system and fire water piping drawings, fire areas, equipment layout, fire and blast walls and passive
fire protection drawings
Operating and maintenance philosophies
Deliverables
This technique permits the identification of hazards as well as potential, related fire and explosion scenarios.
It assists line management in the process of developing realistic, cost effective, control and recovery
measures which can be justified in terms of reducing risks to personnel, environment, assets and production,
to tolerable levels. Deliverables take the form of a hazards and effects register, fire and explosion scenario
development sheets and a set of recommendations for actions needed to achieve tolerable risk levels.
Overlap
HAZOP, QRA (for complex studies).
Further Information
EP HSE Manual, FIREPRAN, EP 95-0350.
56
HAZID (Hazard Identification)

Objective
To identify at an early stage in a green or brownfield project or development plan the major Hazards which
must be removed or managed.
Method
A multi-disciplined team review of the overall project development proposal (including infrastructure) plant
design and operation together with its impact on the local environment. The study uses a step-by-step
methodology and a checklist of guide words to identify hazards and assess the influence these hazards may
have on the project development strategy and design philosophy. The scope will encompass both current and
future life cycle issues.
Information pack on project, its potential scope and environmental issues. All available conceptual and
preliminary drawings and development plans.
Input of major hazards identified to Hazards and Effects Register together with recommendations in priority
order.
An initial statement on hazard manageability and assurance needs.
Further Information
EP HSE Manual, HAZID, EP 95-0312.
HAZOP (Hazard and Operability Study)

Objective
To identify the Hazards, Effects and Operability problems relating to the process design and intended method
of plant operation which must be removed or managed in the operation.
Coarse HAZOP - Early study to identify basic flaws in design which would be costly to correct later.
Main HAZOP - Primary vehicle for identification of hazards, effects and operability problems. Held
when the front end engineering design is almost complete so that systems can be covered in detail.
Final HAZOP - Coverage of those systems not sufficiently developed for consideration in the Main
HAZOP, particularly vendor data, and a formal review of action responses to previous HAZOPs.
Procedural HAZOP - Identification of hazards and operability problems arising from procedures such as
commissioning, maintenance and other non-continuous procedures.
Health and environmental aspects must be included on the same basis as safety.
Method
A multi-disciplined team review using a structured step-by-step methodology with the application of
parameter and guide word combinations to sections (nodes) of the system to identify hazards and operability
problems normally with a facility but also with procedures.
Coarse HAZOP - Large nodes concentrating on major issues, requires a team of experienced senior
engineers. The recommendations from a Coarse HAZOP may involve significant changes to the design.
Main HAZOP - Rigorous application of the technique to relatively small nodes, requires a team of
experienced engineers with extensive project experience.
Final HAZOP - Rigorous application of the technique to relatively small nodes, requires similar team as
for Main HAZOP with the addition of vendor representatives. At this stage recommendations should be
concentrated on will it work rather than it would improve the safety of design to have.
Procedural HAZOP - Application of specialised guide words to operating procedures, requires a team
similar to that for main HAZOP with greater emphasis on operational personnel.
57

Coarse HAZOP - Basic layouts, process flow schemes (PFSs) and any operating/control philosophies that
are available.
Main HAZOP - Process and Utility Process Engineering Flow Schemes, (PEFSs, UEFSs) Operating and
Control Philosophies, Cause and Effect Diagrams, Process Safeguarding Drawings, line lists, alarm and
trip settings.
Final HAZOP EFSs and Vendor drawings, data, previous HAZOP findings and responses and any design
changes since last HAZOP.
Procedural HAZOP - As for Main HAZOP and Operating Procedures.
(Continued on next page)
HAZOP (continued)
Coarse HAZOP - Recommendations for adjustment to design options, QRA studies and other supporting
investigations. A risk ranking may be given to assist in prioritising the actions. This list may be
incorporated into the Hazards and Effects register for the project.
Main HAZOP - Recommendations to amend the design to remove or reduce hazards and operability
problems. Categorisation of the recommendations into approximate risk groups to assist in prioritising
the actions. This list should be used to update the Hazard register for the project.
Procedural HAZOP - Recommendations to amend the procedures to remove or reduce hazards and
operating problems. This will allow Safety Critical Procedures/Operations to be identified.
Overlap
HAZOP is a stand alone process hazard and operability problem identification and assessment (qualitative)
tool.
Further Information
EP HSE Manual, HAZOP, EP 95-0313.
58
Health Risk Assessment (HRA)

Objective
The identification of health hazards in the workplace and subsequent evaluation of risk to health, taking
account of existing control measures. Where appropriate, the need for further measures to control exposure
is identified.
Method
HRA consists of a number of steps:
Step 1
Define management's role and responsibilities and allocate resources
Step 2
Define structure for implementation (identify assessment units; assessment team; job types; tasks;
hazardous agents)
Step 3
For each job type gather information on agents and their harmful effects; nature and degree of
exposure; screening and performance criteria
Step 4
Evaluate the risk to health (assign severity rating and exposure rating)
Step 5
Decide on remedial action
Step 6
Record the health risk assessment
Step 7
Review the health risk assessment.
Detailed information on hazards and effects (e.g. toxic properties of chemicals); exposures (e.g. exposure
levels to toxic chemicals); performance of existing controls; information from health surveillance records,
etc.
Deliverables
HRA, as a tool for use as party of a company's HEMP, assists to identify, evaluate and control health risks
related to the company's operations to a level 'as low as reasonably practicable'. The recommendations
emerging from the HRA provide the input into the HSE Management System to ensure ongoing control of
health risks and continual improvement in health performance.
Further Information
SHSEC Guide (Ref. 2) and references contained within that document.
59
Job Hazard Analysis (JHA)

Objective
Identification of potential problems within a job task that could lead to hazardous situations. Elimination or
reduction of the hazard by development of safe working procedures.
Method
The method is derived from Task Analysis. It is a structured step-by-step team analysis of the job. Initially
the job is broken down into individual steps which are then analysed sequentially to identify potential
injuries to personnel, damage to equipment and pollution of the environment. The controls and preventative
measures are considered and if found to be inadequate remedial recommendations are made. Consideration
is also given to the establishment of recovery measures if necessary.
Job description, plans and drawings. Historical records of accidents and near misses. Team members with
technical competence relevant to the job being analysed.
Deliverables
Step-by-step analysis of each job highlighting potential departures from normal practice, with associated
hazards and recommendations for remedial action. The analysis also identifies the accident prevention
responsibilities for key personnel. The report can also be used as the basis for the development/ modification
of operating/working procedures.
Overlap
Job Hazard Analysis is a stand alone technique but is often used in configuration with PTW system.
Further Information
EP HSE Manual, Job Hazard Analysis, EP 95-0311.
60
Physical Effects Modelling (PEM)

Objective
To model the physical behaviour of the potential release of a hazardous fluid or substance and subsequent
related events to determine a measure of the effect, in terms of loading, on people, the environment and
assets for each potential outcome.
Method
The physical effects, such as dispersion, explosion over pressures and heat radiation are calculated as input
to assess potential extent of loss of life or damage. Use of step-by-step modelling allows potential escalation
scenarios to be assessed.
Detailed information on: physical properties, such as density and toxicity; environmental factors, such as
wind velocity, humidity ambient temperature, and geometrical obstructions, confinement, etc.
Information on process flows and any mitigating measures, such as inventory ESD or blowdown systems.
Access to sophisticated consequence modelling computer programs, e.g. FRED, HG SYSTEMS and
SCOPE.
Deliverables
Data on the potential consequential loadings of previously identified hazardous scenarios with respect to the
potential effects to personnel, the environment and the facilities.
Overlap
Input data for Physical Effects Modelling can be generated from hazard identification techniques contained
in FIREPRAN, QRA and HAZOP.
Physical effects modelling may be used as an aid to Quantitative Risk Assessment, (QRA), FIREPRAN,
PHR, Plant Layout Methodology (PLM) and Fire and Explosion Analysis (FEA). Output from physical
effects modelling will provide input to physical response assessment (e.g. SCA) and consequent modelling.
Further Information
EP HSE Manual, Physical Effects Modelling, EP 95-0314.
61
Process Hazard Review (PHR)

Objective
An assessment of the safety status of existing process plant. It is intended for use when a plant has been in
operation for a considerable time and/or has undergone equipment modifications and operation changes. It is
used to provide an HSE Assurance report for ongoing operations in advance of major modifications or for
life extension evaluations.
Method
PHR is an 'expert review' led by an experienced leader, containing design engineers but heavily weighted
towards plant operators and maintenance staff. The review primarily focuses on potential causes of 'loss of
containment'.
The study progresses through the plant looking at each major equipment items, applying a leader's checklist
(aide-mmoire) of causes of loss of containment. The current design and operation of the plant is assessed
and a critical examination made of the revision history to identify any causes of release resulting from
changes to the design and operation of the equipment item since commissioning.
The team also reviews any hazards arising from variations (due to the age of the plant) from current design
or operating standards.
The technique assumes that most of the drawings are near to current status. The meetings are normally held
on the plant with regular site visits to check any details not 'as built' on drawings. The latest version of the
Process Engineering Flow Schemes (PEFS) is used as the major study document to ensure complete
coverage of the scope of the study. Additional information required includes the cause and effect diagrams
and the full revision history and incident reports for the plant together with changes in the operating
envelope and operation/maintenance procedures.
The expertise of the team is of critical importance. Where data are incomplete the PHR technique is
applicable but success relies heavily on the study team containing operating staff with considerable depth of
experience and knowledge of the plant throughout its operating life.
Deliverables
A report showing the identified hazards, their causes and the concern of the team together with
recommendations for any remedial action including, if appropriate, more detailed HAZOP in discrete areas.
Overlap
HAZOP, FIREPRAN, Technical Audit.
Further Information
SIEP.
62
Platform Layout Methodology (PLM)

Objective
Provision of an auditable framework within which the essential processes in the development of an offshore
platform topsides layout can be structured.
Method
Establishment of the functional shape of the facility with due regard to safety and operational
constraints
A structured approach is used to select layout preferences based on the inherent active and reactive
behaviour characteristics of equipment items with due regard for separation distances and physical
barriers
Consideration of previously identified hazardous scenarios to identify those which are highly likely to
reach adjacent areas of the facility.
Facility layout drawings and any available information from physical effect and consequence modelling.
Deliverables
A structured auditable description of the development of an offshore platform topsides layout.
Overlap
Input data from PEM and consequence modelling.
Further Information
EP 90-2500 (Ref. 9)
EP 91-1600 (Ref. 7)
EP 91-1601 (Ref. 8).
A similar document describing an onshore layout procedure is planned.
63
RISER
Objective
Assessment of risks of pipeline riser on or near platforms with comparative risk analysis to assess the
benefits of subsea valve installation on pipelines.
Method
The method is based on the following steps (using the information required described below):
definition of release cases using clear selection rules
failure frequency estimation (using a standard historical data set modified where needed to allow for
local factors)
consequence modelling (from release rate calculations using models for dispersion, jet fires, explosions,
etc)
impact assessment (determination of fatalities/damage and probabilities followed by event tree analysis)
risk calculation (determination of total risk for the riser system).
Platform and pipeline engineering data, personnel numbers and distribution, environmental data and
evacuation systems.
Deliverables
Data on the comparative risk expressed as Potential Loss of Life (PLL)
Overlap
Input data from hazard identification techniques such as FIREPRAN, Quantitative Risk Assessment (QRA)
and Hazard and Operability Studies (HAZOP).
Output data are used in Quantitative Risk Assessment (QRA), FIREPRAN, Plant Layout Methodology
(PLM) and Fire and Explosion Analysis (FEA).
Further Information
EP 90-1045 RISER Riser Safety Evaluation Routine (Ref.16).
64
SAFOP (Electrical Safety and Operability Study)

Objective
Identification of potential hazards to personnel in the vicinity of electrical systems. Critical assessment of
electrical network and plant design and analysis of operator actions to determine areas of potential operator
error. Making recommendations to eliminate or reduce risks.
Method
A multi-disciplined team and a structured step by step methodology are used.
SAFAN - Hazards present in construction, commissioning and operation of electrical systems are
examined in relation to the safety of personnel in the vicinity.
SYSOP - Examination is made of the control systems, the main items of plant and their auxiliaries in
relation to any limitations and their effects on the overall system operability.
OPTAN - Considers probable tasks to be under taken during normal and upset conditions. The usability
of equipment and clarity of instructions are reviewed with the aim of reducing the potential for human
error as low as is reasonably practicable.
Detailed electrical system design and layout drawings, control circuit diagrams, system designs and
functional specifications, and electrical system operating and emergency procedures.
Deliverables
Report detailing the findings of the audit and where necessary making recommendations categorised as
Strongly Recommended, Advice or call for further information Information Required.
Overlap
SAFOP is a stand alone technique but it has some overlap with Job Hazard Analysis EP 95-0311, Human
Factors Analysis EP 95-0324 and Procedural HAZOP.
Further Information
DEP (Ref. 5) under preparation. Until release consult Electrical Engineering. Refer to SIEP.
65
Smoke Ingress Analysis (SIA)

Objective
Determination of the rate of build-up of gases and smoke in and around designated Temporary Refuges
(TRs) and the effect this will have on TR integrity and the ability of occupants to survive. The SIA is an
integral part of Escape Evacuation and Rescue Analysis/Temporary Refuge (EERA/TR) but is so significant
that it has been documented separately.
Method
Input on the type size and duration of potential fires is taken from the Fire and Explosion Analysis (FEA).
Each scenario will then be analysed to determine the concentration of smoke and gases at the boundary of
the TR and subsequently the build-up inside and around the TR. Consideration is given to the dilution and
dispersion effects that may occur between the fire source and the TR. Assessment is also made of the leak
paths and any localised over or under pressures caused by wind effects in order to determine the rate of
ingress to the TR. If available, actual installation test data are used to increase the realism of the SIA.
Installation layout drawings, details of TR construction and the details of the fire scenarios from the FEA .
Leak test data for the TR.
Deliverables
Identification of scenarios that have the potential to effect significantly the TR in terms of smoke or gas
ingress at build-up rates which would impair TR integrity or impact on the emergency response capability.
Overlap
The results from the SIA are be used in TR/EERA analyses.
Further Information
Shell Expro document EN/066 (Ref. 26).
Note:
There are several practical and theoretical problems with the methodology in EN/066. The model is
written in Supercalc 5 which is not a Shell-supported package and there may be considerable
difficulty in running the software. Expro are planning to revise EN/066 to provide guidance on
smoke, heat, CO and low oxygen impairment of the TR. This work is planned to also overcome the
technical limitations of the current methodology and to incorporate results of relevant research in
these areas.
66
Structural Consequence Analysis (SCA)

Objective
Assessment of the response of a structure under fire conditions. Determination of the extent of any failure
under fire loading and, if necessary, proposal of remedial measures.
Method
Coarse analysis is based on determining the time to failure of the structure from linear elastic techniques.
This analysis determines those structures which are critical and which should be the subject of more
detailed analysis.
Detailed analysis is based on non-linear analysis methods. These allow the true collapse load of the
structure to be estimated by modelling elastic-plastic behaviour of the structure at elevated temperatures.
The USFOS analysis program may be used for these studies.
Details of potential fires from FEA , data on the type and layout of existing fire protection facilities. Detailed
structural drawings.
Deliverables
Report on the ability of the structure to withstand the fire scenarios identified. This will reveal if there exists
the potential exists for fire to lead to progressive collapse of the structure or loss of the TR within the
required endurance period. If necessary recommendations for remedial actions and distribution of protective
equipment should be made.
Overlap
Input data is required from Fire and Explosion Analysis (FEA) and physical effects modelling. SCA may be
used in QRA.
Further Information
Expertise and advice should be sought from SIEP Structural engineering function.
67
Temporary Refuge/Escape, Evacuation and Rescue Analysis (TR/EERA)

Objective
Analysis of escape to TR, the provisions within the TR system, and Evacuation, Escape and Rescue with
respect to the major scenarios previously identified for comparison against respective acceptance standards
highlighting critical elements and revealing any shortfalls.
Method
The EERA/TRA comprises three related elements:
a goal analysis which considers how the goals for the EER process will be satisfied in likely EER
situations as a basis for determining the adequacy of the proposed arrangements
an escape and evacuation time analysis which considers the time needed to complete all phases of the
EER process under conditions which may be present when there is a need for EER
a TR impairment analysis to determine the frequency that the TR and related evacuation facilities will be
impaired.
Detailed information on the TR/EERA provisions and details of the major hazard scenarios identified.
Details of installation layout including muster stations, refuges, evacuation points and escape to sea
facilities. Input data from Fire and Explosion Analysis (FEA), Smoke Ingress Analysis (SIA) and
Emergency Systems Survivability Analysis (ESSA).
Deliverables
A formal record of the EER facilities and arrangements with details of the direct and escalated impact of the
identified hazard scenarios coupled with considerations on the likelihood of their occurrence.
Overlap
Input data required from FEA , SIA and ESSA. The results of the TR/EERA may be used in the QRA.
Further Information
Shell Expro document - EA/032 (Ref. 27) and DEP 37.17.10.11 Gen (Ref. 12).
68
THESIS (The Health, Environment, Safety Information System)

Objective
To provide a structured method for building, using and maintaining Safety (HSE) Management Systems and
Cases. To store Safety (HSE) Management System and Case data in an electronic relational data bank on a
computer for easy access and use and generate HSE Cases in a consistent structured manner.
Method
THESIS provides checklists, models, prompts and facilitates structured brainstorming to identify the hazards
and effects and critical activities of an operation. Once the hazards and effects and activities are identified a
process is provided to document and qualitatively assess the controls in place and identify shortfalls. It uses
workforce experience and engineering judgement to identify and qualitatively assess the HSE management
system in use. The build process is designed to provoke and facilitate discussion concerning the degree of
existing hazard control provided and how adequately HSE critical activities are performed.
Personnel with detailed working knowledge of the operation or installation for which the Case is being
prepared. Operational information about the operation or installation such as operating manuals, inspection
and maintenance manuals, equipment standards and specifications, environmental and health standards,
specifications and monitoring data.
Deliverables
Safety or HSE Case data stored on a computer in a relational data bank for easy access and use. Printed
reports are generated which provide a fully documented record of the build and assessment process carried
out including the 7 part Safety (HSE) Case document, Hazard Registers, HSE MS Specification Sheets, a
list of shortfalls and many more. Once completed, HSE specialists, managers, supervisors and operators
have the information needed at their fingertips to implement their HSE management system. They can use
THESIS to assess the HSE implications of proposed actions and changes.
Overlap
THESIS is a stand alone tool. It is designed to be complementary with other management systems such as a
maintenance management system.
Further Information
EP HSE Manual, THESIS, EP 95-0323.
69
Tripod-BETA
Objective
To facilitate accident or incident investigation and analysis by providing the means to assemble and
manipulate investigation information into a logical structure consistent with the Tripod accident causation
model and the hazards and effects model of SMS (HSE MS).
Method
A PC tool which provides the means to record information from the investigation, linking related
information on events, people, damage, locations, etc.
Information is transferred to a screen where it can be manipulated and linked as nodes in a BETA tree.
Nodes are classified, the connecting logic tested and anomalies flagged for amendment. Nodes are assigned
General Failure Type (GFT) classifications.
Accident or incident investigation data.
Deliverables
A draft report for final editing, presenting salient details of the events, actual and potential damage,
failures and identified causes
A BETA tree diagram
GFT profile for the accident/incident.
Overlap
Tripod-BETA is a stand-alone technique.
Further Information
EP HSE Manual, Tripod-BETA, EP 95-0321
Tripod-DELTA
Objective
The proactive identification of potential latent failures that could lead to hazardous situations and the
development of remedial actions to be taken to reduce or eliminate such hazards.
Used where there are few incidents providing information on causation therefore tries to avoid 'requiring
incidents to improve'.
Method
Development of indicator question database. These are used in the form of yes/no answer questions to
reveal the presence of General Failure Types (GFT) in the operation or organisation
Tripod-DELTA Profiling-derivation of checklists based on the indicator questions, answering of indicator
questions, analysis of answers. Results are presented as a Failure State Profile. The analysis identifies
those areas where remedial action is required.
Access to personnel with detailed working knowledge of the operation or organisation being analysed.
Deliverables
The Failure State Profile indicates the extent to which each of the 11 GFTs is present in the system under
study. This allows remedial actions to be prioritised.
Overlap
Tripod-DELTA is a stand alone technique.
Further Information
EP HSE Manual, Tripod-DELTA, EP 95-0320
70
71
72
Appendix V Example of Further Definition of Consequence
APPENDIX V
EXAMPLE OF FURTHER DEFINITION OF CONSEQUENCE SEVERITY RATING FOR RISK MATRIX
Table V.1
Example of further definition of consequence - severity rating for risk matrix
Severit
y
People
Potential
Impact
No injury
Injury
Definition
No injury or damage to health
Slight
injury
Not detrimental to individual

employability or to the
performance of present work
Minor
injury
Potential
Impact
No injury
Assets*, Equipment
Health
Definition
No injury or damage to health
Slight injury
Not affecting work performance

or causing disability.
-Agents which are not hazardous
to health
Detrimental to the performance

of present work, such as
curtailment of activities or
some calendar days to recover
fully, maximum one week
Minor
injury/
illness
Major
injury
Leading to permanent partial

disablement or unfitness for
work or detrimental to
performance of work over
extended period, such as long
term absence
Major
injury/
illness
Single
fatality
Alternatively victim with

permanent total disablement or
unfitness for work. Also
includes the possibility of
multiple fatalities (maximum 3)
in close succession due to the
incident, e.g. explosion
Permanent
total
disability or
fatality
(small
exposed
population)
Affecting work performance,

such as restriction to activities
(Restricted Work Case) or a
need to take a few calendar days
to recover fully
-Agents which have limited
health effects which are
reversible, e.g. irritants, many
food poisoning bacteria
Resulting in permanent partial
disability or affecting work
performance in the longer term,
such as a prolonged absence
from work
-Agents which are capable of
irreversible damage without
serious disability, e.g. noise,
poorly designed manual handling
tasks
- Agents which are capable of
irreversible damage with serious
disability or death, e.g.
corrosives, known human
carcinogens
Potential
Impact
No
damage
Slight
damage
Minor
damage
Localised
damage
Definition
No damage to
equipment
No disruption to
the process,
minimum cost of
repair (below
$10,000)
Possible brief
disruption of the
process;
isolation of
equipment for
repair (estimated
cost below
$100,000)
Plant partly
down; process
can (possibly) be
restarted.
(estimated cost
of repair below
$1,000,000)
Partial loss of
plant; plant shut
down (for at
most two weeks
and/or estimated
repair costs
below
$10,000,000)
5
Multiple
May include four fatalities in
Multiple
-Agents with potential to cause
Extensive
Total loss of the
fatalities
close succession due to the
fatalities
multiple fatalities, e.g. chemicals
damage
plant; extensive
incident, or multiple fatalities
with acute toxic effects (e.g.
damage
(four or more) each at different
hydrogen sulphide, carbon
(estimated cost
points and/or with different
monoxide), known human
of repair exceeds
activities
carcinogens
$10,000,000)
* Assets are understood as referring to: the oil and gas reservoirs, production facilities, pipelines, money, capital, and other Opco and third party
property
Major
damage
73
Table V.1
Example of further definition of consequence - severity rating for risk matrix

(continued)
Severity
Environment
Potential
Impact
Definition
Reputation
Oil Contamination
per incident
(litres)
Sensitive
areas
No environmental risk, no
financial consequences
Potential
Impact
Definition
No impact
No public awareness
Offshore
No effect
Several
Slight effect
Negligible financial
consequences, local
environmental risk within the
fence and within systems
<10
0-100
Slight impact
Public awareness of the

incident* may exist; there is no
public concern
Minor effect
Contamination, damage
sufficiently large to affect the
environment, single
exceedance of statutory or
prescribed criteria, single
complaint, no permanent effect
on the environment
<100
100 1,000
Limited
impact
Some local public concern;

some complaints received;
slight local media and/or local
political attention with
potentially negative aspects for
Opco operations
Localised
effect
Limited loss of discharges of

known toxicity, repeated
exceedance of statutory or
prescribed limit and beyond
fence/neighbourhood
100
-1,000
1,00010,000
Considerable
impact
Regional public concern;

numerous complaints;
extensive negative attention in
local media; slight national
media and/or local/regional
political attention with possible
negative stance of local
government and/or action
groups
Major effect
Severe environmental
damage, the Opco is required
to take extensive measures to
restore the contaminated
environment to its original
state. Extended exceedance of
statutory or prescribed limit
1000 10,000
10,000 100,000
National
impact
National public concern;

continuing complaints;
national media and/or
regional/national politics with
potentially restrictive measures
and/or impact on grant of
licences; mobilisation of action
groups
Massive
effect
Persistent severe
environmental damage or
severe nuisance extending
over a large area. In terms of
commercial or recreational use
or nature conservancy, a major
economic loss for the Opco.
Constant high exceedance of
statutory or prescribed limit
>10,000
>100,000
International
impact
International public attention;

international media and
national/international politics;
potential to harm access to
new areas, grants of licences
and/or tax legislation;
concerted pressure by action
groups; adverse effects in
Opcos in other countries
The above table is an example for crude oil contamination. For other chemical discharge criteria, environmental experts should be consulted.
Incidents relating to air, noise, small, light and soil vibrations should be addressed on the basis of expert judgement and, in the case of
uncertainty, local expertise may be called in.
* 'Incident' as used in Severity level 1 must be seen as the source of the concern for all severity levels. It is defined in the glossary but recognise
it includes an environmental problem, an event or chain of events which has caused or could have caused spills, leaks, complaints, public
concern, issue debates, failing to follow commitments and so forth.
'Public' must be seen as encompassing a wide range including 'opinion formers', e.g. environmental scientists; groups; politicians; authorities (of
various types); media (scientific general).
74
Appendix VI When to use QRA
APPENDIX VI
WHEN TO USE QRA
Quantified Risk Assessment (QRA) is used to:
assist in reducing risks

This is done by identifying areas of high risk or identifying areas where risk can be further
reduced.
assist in option selection by ranking options in terms of risk
assess the cost-effectiveness of risk-reducing measures
assist in the demonstration and achievement of ALARP
act as an aid to communication with the workforce and third parties regarding their impact
on risk and their exposure to risk
indicate whether or not risks are tolerable
comply with legislation and company policy.
Guidance is given below which addresses the cases when QRA is likely to be of benefit and when it is
not. Each individual case should be treated on its merits. Further advice is given in EP 95-0352.
VI.1
Projects for Which QRA is Likely to be Beneficial
VI.1.1
Project identification phase - comparative coarse QRA
All projects onshore or offshore for which several options have been identified which are considered
to have significantly different risks. A risk assessment should be undertaken early in a project
development (in some cases this may be during the prospect stage, if for instance, novel technology is
used). A comparison of risks associated with, for example, onshore versus offshore processing,
manned versus unmanned facilities, platform versus subsea installation, location and operating
strategy of onshore installations, etc may be effectively studied using QRA.
VI.1.2
Definition phase - project specification - detailed QRA
During the definition phase, a more detailed risk assessment may be required to:
(i)
assist with final major decision-making with respect to design options
(ii) provide a basis for further design optimisation during completion of conceptual engineering and
detailed engineering and (ultimately) to reach risk levels regarded as As Low As Reasonably
Practicable (ALARP)
(iii) confirm to senior management, shareholders and the Regulator that risk criteria will be achieved.
At the end of detailed engineering, i.e. when all optimisation has been completed, the risk assessment
is issued in the form of a final report for input to the HSE Case. This is intended to demonstrate that
the risk criteria have been achieved and this risk is as low as reasonably practicable.
The above is particularly applicable to:
all offshore permanently manned installations
75
This is the case unless the layout is so well spaced-out that the workforce is for the majority of the
time outside the maximum effect area of the high pressure hydrocarbon production/process
facilities and the risk of escalation is considered to be negligible.
onshore plants
This is where the public is within the maximum effect radius and/or where the plant is complex
and the hydrocarbon processing equipment cannot be spaced to minimise the risk of escalation.
studies to compare transport and manning philosophy options
If the option under development has significantly different operating philosophies to those
considered during the comparative QRA in the project identification phase.
VI.1.3
Operations Phase
Existing facilities
Any facility or operation which is considered to be safety critical and for which there are doubts as to
whether or not the risks have been reduced to as low as reasonably practicable. A QRA study would
assist in the identification of high-risk areas and the ranking of risk reduction measures, identify the
need for modifying the operating philosophy (e.g. MOPO), and increase the awareness of the
workforce of the risks they are exposed to and have influence over.
Upgrades to existing facilities
Plant modifications which will result in significant risks during construction and/ or which are
expected to increase significantly the risk level during operations. The need for an additional or
revalidated risk assessment at the time of proposed upgrades or refurbishments has to be considered.
In cases where the proposals are viewed as having a minimal impact on safety or asset integrity, no
additional work will be necessary. However, for some modifications the earlier risk assessment will
require reviewing and additional risk assessment may be required.
VI.2
Projects for Which QRA is not Likely to be Beneficial
QRA would not usually be used for Not Normally Manned offshore installations and onshore
facilities, except in connection with the determination of the operating philosophy unless:
the equipment spacing allows escalation
the facility has a high strategic or asset value
there are environmental concerns
the public is in permanently occupied areas within the maximum effect radius
it is a legal requirement
several expensive risk reduction measures have been identified whose relative effectiveness is not
obvious.
In other cases, physical effects modelling combined with other non-quantitative methodologies may
be sufficient to manage the hazards.
76
Glossary
GLOSSARY
The general glossary for the EP HSE Manual is now in a separate Section EP95-0010 Glossary.
77
78
References
REFERENCES
1
MF 92-0130 Issue 4, Technical HSE Reviews and Fire Safety Reviews: Checklists Planning and
Execution, Shell Manufacturing Division, March 1995.
Health Risk Assessment, SHSEC, September 1994.
ISBN 0 11 430020, Understanding Stress - Part Two Line Managers' Guide, HMSO, June 1992.
Chemical Hazards: Health Risk Assessment and Exposure Evaluation, SHSEC, 1995.
SAFOP DEP (under preparation).
EP 92-1020, Guidelines for Risk Assessment Data Sheets, SIPM, 1992.
EP 91-1600, Layout Considerations for Offshore Topsides Facilities, Volume II, Step by Step
Procedure and Template, SIPM, 1991.
EP 91-1601, Layout Considerations for Offshore Topsides Facilities, Volume III, 'Ariadne'
Demonstrator, SIPM, 1991.
EP 90-2500, Technology Development, Layout Considerations for Offshore Topside Facilities,

SIPM,1990.
10
DEP to be prepared, Onshore Layout Methodology.
11
EN/074, Hazard Identification and Assessment, Shell Expro.
12
DEP 37.17.10.11 - Gen, Design of Offshore Temporary Refuges,
13
EP 94-0101, ASPIN Version 1.1 Pipeline Failure Risk Assessment, User Manual, Worked
examples, December 1993.
14
EP 94-0102, ASPIN Version 1.1 Pipeline Failure Risk Assessment, Reference Manual,
December 1993.
15
EP 94-0195, Simplified Method for Pipeline Risk Ranking, Version 2.0, January 1994.
16
EP 90-1045, RISER: Riser Safety Evaluation Routine, SIPM, April 1990.
17
Ionising Radiation Safety Guide, SSHC, November 1993.
18
DEP 00.00.05.05-Gen, Index DEP Publications and Standard Specifications, SIPM.
19
Medical Emergency Guidelines for Management, SHSEC, November 1994.
20
HSE 94023, Medical Emergency Guidelines for Health Care Professionals and First Aiders,
January 1995
21
HSE 94023a, Guidance to First Aiders, January 1995.
22
Standards for Clinical Services, E&P Forum.
79
References
23
EP 95-7000 EP Business Model (Version 3.0) Flowcharts and Description of Process Activities,
SIEP, 1995.
24
DEP 31.40.60.11 - Gen, Pipeline Leak Detection, September 1994.
25
EA/083, Explosion Protection of Offshore Installations, Shell Expro.
26
EN/066, Methodology of Assessing Smoke/Gas Ingress to Offshore Modules, Shell Expro.
27
EA/032, Escape, Refuge, Evacuation and Rescue - Offshore Installations, Shell Expro.
28
HSE MS, E&P Forum, 1994.
29
EP 92-0945, Business Process Management Guideline, SIPM EPO/72, June 1992.
30
ISBN 0 11 8859889 Successful Health and Safety Management UK Health and Safety
Executive, HMSO, 1991.
31
ISO/CD 14.690, Health, Safety and Environmental Management System (Draft).
32
Incident Investigation and Analysis Guide (Revision of Accident Investigation), SHSEC, August
1993.
81

HSE Manual: Overview Hazards and Effects Management Process

Uploaded by

Copyright:

Available Formats

HSE Manual: Overview Hazards and Effects Management Process

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HSE Manual: Overview Hazards and Effects Management Process

Uploaded by

Copyright:

Available Formats

What is the purpose of this document?

What is the purpose of this document?

What are some of the tools and techniques described for hazards and effects management?

What are some of the tools and techniques described for hazards and effects management?

Shell International Exploration & Production B.V.

Revision 0: 16 October 1995

EP HSE Manual Amendment Record Sheet

Overview Hazards and Effects Management Process

Original hard copy and CD-ROM issue *

EP 95-0350 Revision 06 June 1998

Elements of the HSE Management

Tools for the Hazards and Effects

Application and competence

Hazards and Effects

Hazards, Effects and Incidents

Threats and Barriers

Consequences, Mitigation and

Fault and Event Trees

Likelihood and Consequence (or

Hazards and Effects

The Steps in the Process

Assets: planning and review 12

Activities: planning and

Approaches to the Hazards and

Codes and standards

EP 95-0300 Revision 0: 16 October 1995

Identify Hazards and Potential

Record Hazards and Effects

Hazards and effects register 26

Establish Risk Reduction

Control of release of hazards

Appendix I Activities: Planning

Appendix II Assets: Planning

EP 95-0300 Revision 0: 16 October 1995

Appendix IV Structured Review

Appendix VI When to use QRA

Compare with Objectives and

Appendix III Hazards and Effects

EP 95-0300 Revision 0: 16 October 1995

Elements of the HSE Management System

Tools for the Hazards and Effects Management Process

Application and competence

EP 95-0300 Revision 0: 16 October 1995

2 Hazards and Effects Terminology

HAZARDS AND EFFECTS TERMINOLOGY

Hazards, Effects and Incidents

A hazard is defined as:

EP 95-0300 Revision 0: 16 October 1995

Threats and Barriers

Consequences, Mitigation and Recovery Preparedness

EP 95-0300 Revision 0: 16 October 1995

2 Hazards and Effects Terminology

Terminology: acute or incidental release (safety example)

Rupture and Leak

First Hazardous Event

Recovery Preparedness Measures

EP 95-0300 Revision 0: 16 October 1995

Terminology: chronic or routine release (environmental example)

First Hazardous Event