Microsoft Word - 1.docx CHEMICAL ENGINEERING TRANSACTIONS VOL. 77, 2019 A publication of The Italian Association of Chemical Engineering Online at www.cetjournal.it Guest Editors: Genserik Reniers, Bruno Fabiano Copyright © 2019, AIDIC Servizi S.r.l. ISBN 978-88-95608-74-7; ISSN 2283-9216 Effective KPI Setting to Process Safety Management System in Design Phase for Oil and Gas Plant Projects Masayuki Tanabea,*, Atsumi Miyakeb aJGC Corporation [2-3-1, Minato Mirai, Nishi-ku, Yokohama 220-6001, Japan] bYokohama National Universityon [Hodogaya-ku, Yokohama, 240-8501, Japan] tanabe.masayuki@jgc.com Following major accidents, such as the Seveso and the Piper Alpher, design phase process safety performance has been improved by applying ‘risk based’ regulations (e.g. safety case regulations) and Plant Owner Company standards as efforts to enhance safety in the oil and gas industry. However, major accident events continue to occur. This is inevitable, since risk cannot be nil if hazardous materials are being handled. A potential area for further improvement of the process safety performance, especially in the design phase, is the ‘quality’ of process safety information, which is the foundation of the safety management system of the operational process. Thus, managing process safety activities, which requires establishing high-quality process safety information, is the ultimate objective of process safety management in the design phase. In this paper, the following aspects are discussed and suggested: • Some important elements of Process Safety Management (PSM) System in design phase are discussed, such as approach evaluating difficulties/ characteristics of technical Process Safety requirements in project, Process Safety organization structure types depending on level of technical Process Safety requirements, and approach developing effective communication channel with related engineering disciplines. • Design process safety Key Performance Indicator (KPI) tiers are proposed, which are not available as industrial practice differently from Operation Phase PS-KPI. Since the evaluation of design process safety management performance is not straightforward, as records of process safety incidents are applicable only during the operational phase. • A simple model allowing numerical indications of design PS KPI performance evaluation is proposed using a Markov model. Where no numerical indicator is available, the review or monitoring of Plan-Do- Check-Act (PDCA) is not effective and does not fully capture specific remedial action plans. Based on reference data from actual project, a sensitivity study has been conducted in order to identify effective Design Phase PSM performance improvement parameters. 1. Introduction Effective process safety management systems can be established only when PSM system properly considers both technical and personnel management aspects. Design phase PSM is also important for operation phase PSM system as foundation of process safety information, which is one of the operation phase PSM elements defined by US OSHA. There is, however, no dedicated standard specifying design phase PSM systems. The design phase PSM system is normally established by referring to the occupational health and safety management system (i.e. OHSAS 18001) (Tanabe et al., 2017). Further, evaluating design phase PSM performance is not straightforward, as records of process safety incidents are only applicable during the operational phase. If no numerical indicator of design phase PSM system is available, the review or monitoring of PDCA becomes qualitative, and specific remedial action plans may not be clearly identified. This paper discusses a design phase PS KPI structure based on the Author’s experience in design phase process safety management. Using the design PS KPI structure and proposed evaluation model by a Markov model, some key measures are evaluated to further improve design phase process safety management performance. DOI: 10.3303/CET1977091 Paper Received: 7 January 2019; Revised: 23 April 2019; Accepted: 19 June 2019 Please cite this article as: Tanabe M., Miyake A., 2019, Effective KPI Setting to Process Safety Management System in Design Phase for Oil and Gas Plant Projects, Chemical Engineering Transactions, 77, 541-546 DOI:10.3303/CET1977091 541 2. Design Phase Process Safety Management Principles 2.1 Planning Proper planning of PSM is key success factor to establish effective process safety management system in design phase (Tanabe, et al. 2017). In order to identify required competency and resources for safety team, project characteristic should be carefully evaluated at the beginning of project and should be properly included in the Plan. The examples of evaluation of characteristics for several LNG projects are shown in Figure 1. As overall difficulties are increasing for current oil and gas plant projects, project assessment for proper planning becomes important. Based on the project assessment results, process safety management organization shall be established. The example organization is shown in the Figure 2.  Due to the larger size of recent projects, more process safety personnel are required. Therefore, it is recommended to provide a dedicated Process Safety (Technical HSE) Manager and a Technical Safety Lead Engineer.  Due to the variety of safety aspects (e.g., process safeguarding design, structural design loads, 3D model reviews) and application of new technologies (e.g., functional safety management, CFD and FEM assessments using 3D data, and reliability and probability analysis), ensuring proper role demarcation and the competency of safety team members is highly important. Figure 1: Project Assessment Figure 2: Example of Technical Safety Team Organization in an O&G Plant Project 2.2 Design PSM KPI Tiers After establishing PSM System, key to improve process safety performance is proper monitoring of KPIs in the project execution. The PS KPI design structure is established on the basis of two principles observed in the Author’s Design PSM experience in actual projects (Figure 3). The first principle is that past accident event scenarios offer the designer challenging scenarios for identifying design phase hazards. For example, the 542 Author observed that similar scenarios were overlooked during the design phase, based on the belief that the scenario was unlikely (i.e. very low frequency). Thus, establishing a scenario-based design culture as the basis of a risk assessment process is important for designing PSM. The second principle is that an increase in the number of failures (e.g. violations of management procedures) in the Design PSM System increases the tendency of latent failures providing necessary safeguards in design. This does not necessarily mean direct linkages between management system effectiveness and a process safety design practice (e.g., challenges to good engineering practice or less consideration on design accident scenario). However, a basic understanding of the management system is important, and must have indirect linkages to enhancing a less-scenario-based design culture, since the management system includes procedures for hazard identification, SIL assessment, and the training of scenario-based design. The structure of the proposed design process for safety KPI is as follows:  Tier 1: Major Accident Event (MAE) latent failure  Tier 2: Hazardous event latent failure  Tier 3: Challenges to process safety design practices  Tier 4: Challenges to the management system Tier 1–2 indicators are obtained in hazard identification (e.g. HAZOP) and SIL. When risk assessment is applied (i.e. SIL), hazard identification shall strictly pick up ultimate consequences (even those that are ‘infrequent’ or ‘incredible’ in the designer’s view) for evaluating likelihood itself. This is an important starting point for risk assessment, and represents a major difference between dedicated hazard identification and hazard identification for risk assessment. The Tier 3–4 indicators show potentially misdirected instructions to engineers related to design process safety. Since recent projects became mega sizes, information to be handled by project managers / engineering managers becomes too much, and individuals are almost overloaded. Thus, where there is less process safety or HSE management understanding in the organization, there is a greater likelihood that safety design will be overlooked. Figure 3: Proposed Process Safety KPI Tiers in Design Phase 3. Design Process Safety Performance Evaluation using a Markov Model The Design Process Safety Performance Evaluation Model is established to numerically indicate the safety management performance using a Markov model with KPIs set in Section 2. The Markov model is a probabilistic model based on phases and transition probabilities between phases with dynamic change, as shown in Figure 4 State 1 represents a normal state (working state), and State 2 represents an unavailable state of the system. Figure 4: A Simple Markov Model Using the following formula and the initial condition of P1 (0) = 1 and P2 (0) = 0, the unavailability of the system is obtained (TNO, 2005). State 1 State 2 Failure Rate: λ Repair Rate: μ 543 1 + 2 = 1 ∆ 1 = − 1 + 2 ∆ 2 = + 1 − 2 1 = − 1 + 2 2 = + 1 − 2 (1) Similar to the System of Systems Analysis Tool (SoSAT), which is a human factor assessment technique, this model assumes that the failure rate in a PSM system increases in a linear pattern with time (i.e. exponential distribution) (Lawton, et al. 2008). The evaluation model is constructed with the primary intention of providing feedback to improve the Design Process Safety Management System (Fig. 5). The simpler model is also better for practical use in project management. To achieve the desired level of simplification, the State Transition Model is used (the Markov model) with the following assumptions:  Incident rate follows the exponential distribution (i.e. constant occurrence rate)  Each Tier incident rate (number of incidents over project spent man-hours) is used as a parameter transition to the next state  Recovery rate (inverse number of remedial actions’ duration) is used as the parameter for recovering from the next state  Periodic PDCA review can recover from failure states to safe state with 90% recovery rate. The numerical indication of Process Safety Management Performance contributes to an organization’s self- improvement of its management system. Since the key parameters are set as the incident occurrence rates, recovery rates (duration of remedial action), and frequency (and recovery coverage percentage) of PDCA review, it is simpler to feed the findings back to the management system improvements. The unavailability state is considered for Tier 1, as the state means the potential of having an insufficient risk reduction for hazard scenarios and the KPI means probability of retention in Tier 1 state after certain duration. As indicated above, it is assumed that a well-organized periodic PDCA review can recover the situation (Tier 1 ~ Tier 3) to a safe state (Tier 4). To ensure this, the audit program shall include the following:  Check remedial action settling-out duration  Check remedial action decision quality in view of safety  Check screening process major incident scenarios  Check failure incident log for management system and remedial action  Check training session feedback Figure 5: Design Process of Safety KPI Model using a Markov Model 4. Case Study This case study is conducted to confirm the Design Process Safety Performance Evaluation Model’s sensitivity to potential parameter changes. The data (incidents, average remedial-action duration) have been obtained from a mega-sized LNG project. The parameters are shown in Tables 1 and 2. This is set as the Base Case. The sensitivity scenarios are also provided as follows:  Base Case  Case 2: Remedial-action duration is set as half  Case 3: Incident-occurrence rate is set as half  Case 4: Parameters are same with the Base Case, but apply a half year-PDCA review cycle with recovery coverage of 90% λ1 λ2 λ3 λ4 μ4μ3μ2μ1 1 SAFE 2. TIER4 3 TIER3 4 TIER2 5 TIER1 0.9 0.9 0.9 0.9 1 SAFE 2. TIER4 3 TIER3 4 TIER2 5 TIER1 544 Table 1: Failure Rate Para. Description Suggested Data Source Number of Incidents Total Man- hours [Hr] Likelihood [/Hr] λ1 Number of management system failure incidents Engineering or HSE Issues Register 50 1,000,000 1.000E-4 λ2 Number of challenges to process safety design practices ALARP Demonstration or Project HSE Peer Review 40 1,000,000 5.000E-5 λ3 Number of overlooked hazardous scenarios identified in HAZOP/ SIL Recommendations in HAZOP and SIL 500 1,000,000 5.000E-4 λ4 Number of overlooked significant hazardous scenarios identified in HAZOP / SIL (i.e. high risk) Recommendations in HAZOP and SIL 50 1,000,000 5.000E-5 Table 2: Remedial Rate Parameter Description Suggested Data Source Remedial Action Time [Hr] Remedial Rate [/Hr] μ1 Inverse time duration for remedial action implemented for Tier 4 Time between issue registered to close 4380 2.283E-4 μ2 Inverse time duration for remedial action implemented for Tier 3 Time between issue registered to close 4380 2.283E-4 μ3 Inverse time duration for remedial action implemented for Tier 2 Time between HAZOP/ SIL completion to issue close 4380 2.283E-4 μ4 Inverse time duration for remedial action implemented for Tier 1 Time between HAZOP/ SIL completion to issue close 4380 2.283E-4 The results are shown in the Table 3 and the Figure 4 Each case is depicted as a graphical result showing the time history. Table 3: Calculation Results Case λ1 [/hr] λ2 [/hr] λ3 [/hr] λ4 [/hr] μ1−μ4 [/hr] PDCA Review 5-yr PS KPI Base Case 1.00E-4 5.00E-5 5.00E-4 5.00E-5 2.28E-4 No 2.190E-2 Case 2 1.00E-4 5.00E-5 5.00E-4 5.00E-5 4.57E-4 No 2.252E-3 Case 3 5.00E-5 2.50E-5 2.50E-4 2.50E-5 2.28E-4 No 2.063E-3 Case 4 1.00E-4 5.00E-5 5.00E-4 5.00E-5 2.28E-4 6 months 90% recovery 8.442E-4 Figure 4: Evaluation Results using a Markov Model 545 5. Consideration Although the Markov model simplified the actual situations, the results suggest that three key remedial actions evaluated in this paper are effective for improving process safety management performance. The understanding of this simple principle further supports the notion of educating competent process safety personnel from a ‘management aspect’. They are:  Shorter the remedial-action duration  Reduce the incident-occurrence rate  Conduct a frequent-PDCA review The measures that reduce remedial action duration and incident-occurrence rates are very powerful for reducing retention time in the unavailability states (Tier 1 and Tier 2). To achieve these measures, designers require training (e.g. induction training and refresher training to increase and keep awareness of process safety). The measure of a half year-PDCA is less powerful than the earlier two measures from the case study results. However, it can be further improved by offering more frequent PDCA opportunities, such as monthly meetings between the process safety team and designers. Where the management system is not effective according to the KPI measure, process safety personnel can consider reinforcing the PDCA cycle by providing additional monitoring / communication opportunities, and providing additional training. For example, where a project applying process safety management system for observing technical and management issues for each functional design area (such as fire safety/protection, process safeguarding design), not only project execution but also process safety management improvement is observed by identifying the issues and proper remedial actions immediately (Table 3). Table 3: Comparison for performance of process safety management (Example) Project management system Process safety management system Organization  Technical safety engineer as staff  Dedicated process safety manager in parallel with engineering manager Management System  Rely on Project Management System  Dedicated Process Safety Management System Communication  Ad-hoc  Regular meetings Technical  More focus on after LOC assessments, such as Fire Safety Assessment  More focus on safety in design, such as process initiating event assessments (HAZOP/SIL), good engineering practice Design Decisions  Advise as requested  Actively involved MS Issues Control  Engineering action list  HSE Issues Register 6. Conclusion In this paper, design phase PS-KPI is proposed and some key measures to improve design phase process safety management performance is discussed. Understanding the principles for design phase process safety management and key sensitive measures affecting its performance as discussed in this paper is the key element for improving the process safety management performance in design phase. References API Recommended Practice 754, 2016, Process Safety Performance Indicators for the Refining and Petrochemical Industries. BP, 2005, Fatal Accident Investigation Report, Isomerization Unit Explosion Final Report, Texas City, Texas, USA. Craig R. Lawton, Dennis E. Longsine, Kevin R. Dixon, James C. Forsythe, Justin D. Basilico, Hai Le, John H. Gauthier, 2008, SAND2008-6892 Human Performance Modeling for System of Systems Analytics. SANDIA National Laboratory Tanabe M., C. Turco, A. Miyake, 2017, Management system for enhancing chances to take inherently safer design options in LNG plant projects. Journal of Loss Prevention in the Process Industries, 49, 120–128. CSB, U.S. Chemical Safety and Hazard Investigation Board, 2007, Investigation Report, Refinery Explosion and Fire. TNO, 2005, Methods for determining and processing probabilities ‘Red Book’. 546