Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.6 Tools for Preventing Accidents - Coggle Diagram
4.6
Tools for Preventing Accidents
tools that enable us to prevent accidents from occurring
Crew Resources Management (CRM)
Human
Factor
Designing in Redundancy
Technical
Factor
PDCA (Shewhart or Deming cycle)
Organizational
Factor
Do
Check
Plan
Act
PDCA
PDCA describes a repeating cycle of (overlapping) activities that provides an organised approach to safety management.
Plan
Planning
Policy
Do
Risk profiling
Implementation
Organize
Check
Measure performance
Investigate accidents, incidents and occurrences
Act
Learning lessons
Review performance
Crew Resource Management (CRM)
CRM represents an approach (and a set of training procedures) for optimising the performance of people in multi-person teams working in safety critical environments.
safety critical environments are situations where human error can lead to serious accidents. This might include for example an aircraft cockpit, a nuclear power station control room, or an operating theatre.
CRM aims to:
promoting team effectiveness
producing team performance that is more than the sum of individual capabilities (synergy).
enabling crews to function as a team
CRM entails the following aspects:
Communication skills
Team-based situational awareness
Problem solving and decision making
Leadership
Stress management
Comment and constructive criticism
The
Authority Gradient
The ‘authority gradient’ is the established and/or perceived command and decision making hierarchy within a team
Types
Excessively Steep
these result from overbearing (e.g. excessively dominant, and/or dictatorial) team leadership.
Problems
skills, knowledge and support of the rest of the team are not used effectively, and junior members of the team lack the confidence to challenge bad leadership decisions.
Excessively Shallow
these result from weak leadership that will only make decisions that the entire team is happy with.
Problems
Decisions may take too long to reach and/or not be the best action (just the lowest common denominator). Team members may start to act independently.
Confusion about authority gradients can result from a lack of clarity about roles, responsibilities and capabilities
. For example, who has the authority to make a decision when there are two people of the same (official or de facto) rank or status on a team? This can lead to decisions not being taken effectively.
Designing in Redundancy
Redundancy
is when critical components within a system, or entire (sub)systems, are duplicated (or triplicated), such that there is an independent backup so that a single point failure can’t cause an accident.
For example, safety critical sensors and alarms are duplicated, such that, if one set fails, the other is able to take over
Designing for redundancy is therefore vital for safety. However, beware of making the system so complicated that it becomes unreliable or unmaintainable.
Forms of Redundancies
Technological
Redundancies
Software redundancy
Information redundancy
Hardware redundancy
Time redundancy
Process
redundancy
E.g. there is more than one way of shutting down a plant.
Procedural
redundancy
E.g. there are separate standard operating procedures for each way of shutting down a plant, and staff have been trained in them.
Skills and Knowledge
redundancy
E.g. there is more than one person on-site at any given time who is capable of performing critical operations
Decision Making
redundancy
E.g. if a decision maker is unavailable or incapacitated, they have an assigned deputy or substitute
Tools for assessing potential safety outcomes for a system or process
Hazard Identification Studies (HAZID)
Objectives
identify hazards
brainstorm threats and causes
assess potential controls.
Layer of protection analysis (LOPA)
aims to understand how a scenario resulting from a process deviation can lead to a hazardous condition, if it is not interrupted by an independent protection layer (IPL) – a measure put in place to prevent a scenario from getting worse.
LOPA considers how controls nest together, and how as one control fails another can take over, until eventually all of the controls are exhausted and one has a really big problem!
LOPA enables you to identify which scenarios carry the greater risk, and it can be used to enable the selection of IPLs for these scenarios.
Independent protection layers (IPLs)
An IPL prevents a scenario from propagating
IPLs consist of a series of layers:
Layer 4:
Automatic action (e.g. safety instrumented system, SIS or emergency shutdown, ESD)
Layer 5:
Physical protection on a process (e.g. pressure relief)
Layer 3:
Critical alarms and operator (manual) intervention
Layer 6:
Physical protection around a process (e.g. bunding, or a bund wall – a protective layer around a storage vessel that contains potentially harmful substances)
Layer 2
: Basic controls, process alarms and operator supervision
Layer 7:
Plant emergency response
Layer 1
: Process design (e.g. choosing inherently safer designs)
Layer 8
: External emergency response (e.g. local fire service)
fic = IEFi x PFDi1 x PFDi2 x ... x PFDij
Hazard and operability study (HAZOP)
HAZOP is a design review for safety, to design safety into industrial processes
Objectives
Identify hazards and operability issues associated with a process design.
Identify potential deviations from design intent
Generate a list of actions, with people or disciplines and dates assigned.
Running HAZOP
HAZOP is run as a multidisciplinary workshop, such that all of the necessary disciplines are present and engage with each other,
Steps
Form a multidisciplinary team
On a process flow diagram, identify each location (node) in the process (each could be a physical location or a point in the process) and its parameters.
For each node, consider potential deviations from normal operating conditions
HAZOP then proceeds iteratively, node by node, until the entire process has been considered.
A form of process hazard analysis (PHA)
Failure mode and effects analysis (FMEA)
Objectives
The aim of FMEA is to anticipate what might go wrong with a process or product, and the impact of failure.
If the process or product failed, how bad could it be?
FMEA seeks to identify
the potential impact of the failure,
the likely severity of the failure (1 = low, 10 = high)
potential causes of the failure
the likely frequency of occurrence of the failure (1 = low, 10 = high)
what is available for failure detection and/or control modes
the ease of failure detection (1 = easy, 10 = hard),
a risk priority number (RPN) = severity x occurrence x detection