Microsoft Word - 025.docx


 CHEMICAL ENGINEERING TRANSACTIONS  
 

VOL. 48, 2016 

A publication of 

 
The Italian Association 

of Chemical Engineering 
Online at www.aidic.it/cet 

Guest Editors: Eddy de Rademaeker, Peter Schmelzer
Copyright © 2016, AIDIC Servizi S.r.l., 
ISBN 978-88-95608-39-6; ISSN 2283-9216 

Technical-HSE Management System in the Design Phase of 
an LNG Plant Project 

Masayuki Tanabe, Cesare Turco* 
JGC Corporation  [2-3-1, Minato Mirai, Nishi-ku, Yokohama 220-6001, Japan 
tanabe.masayuki@jgc.com 

Recent LNG facilities projects have grown in size and complexity (e.g., larger capacities, remote sites and 
modularized construction), thus requiring larger investments.  This trend has not only increased the 
investment costs but also added further difficulties to project management during the design phase (e.g., 
large, joint venture organizations for both, Owner and Contractor, that combine partners with different 
company cultures, personnel hired specifically for the project, complicated contract formations and splits of 
work, and extensive and complex government permitting and approval requirements).  In addition, the project 
schedule is also usually very tight in order to start up the facilities sooner. 
Recent projects apply a risk-based approach in defining and ensuring a safe design, rather than using the 
traditional deterministic approach.  A risk-based approach and decisions based on a probabilistic cost-benefit 
analysis are inherently difficult.  They require obtaining a firm output from various analyses and studies, which 
in turn, require firm design data that is only available at the latter stages of the design phase.  Delays in HSE 
input to design may result in major schedule delays in project execution. 
Typical problems observed in such complex projects are differences in problem statements and optimal 
outcomes when there are multiple stakeholders, different philosophies, insufficient coordination and inefficient 
design change control, all leading to inconsistencies in HSE design.   
The HSE Management System (HSE MS) typically focuses on site occupational HSE.  However, due to the 
increased difficulties in engineering execution and project management in recent projects, detailed planning of 
how to handle Technical HSE aspects in engineering is becoming more and more important, and therefore, 
the traditional application of the HSE MS for occupational safety and for preparing HSE procedures and 
organizing and managing HSE studies (e.g., HAZID, HAZOP and SIL) do not suffice.  Detailed consideration 
of how to handle and manage the technical HSE aspects in engineering is critical for its successful 
implementation. 
This paper discusses a framework for the effective management of HSE MS in the design phase, and it 
provides some key considerations (e.g., project environment evaluation method, HSE organization and the 
decision-making process). 

1. Introduction 

The HSE Management System (HSE MS) in projects mainly covers occupational safety, and it is typically in 
accordance with OHSAS 180001.  The HSE MS for plant operation (or process safety management) is, 
instead, normally in accordance with OSHA PMS.  The HSE MS during the project design phase also refers to 
OSHA guidelines, but it is not fully covered by those guidelines. 
While occupational and operational HSE MS are the responsibility of the Project Management, the technical 
HSE Management is normally considered to be under the Engineering Management.  In projects where the 
HSE in design is based on a deterministic approach (specification requirements based on the minimum 
requirements of codes and standards), the HSE management is mainly focused on ensuring the 
implementation of the requirements.  However, in projects where a risk-based approach is applied, a specific 
technical HSE management system and plan are required, as a more complex interface management is 
required for proper and consistent implementation of the technical HSE requirements (e.g., the same accident 
scenario for the different design teams, such as the fire scenario for pressure relief design, emergency 

                               
 
 

 

 
   

                                                  
DOI: 10.3303/CET1648091

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Please cite this article as: Tanabe M., Turco C., 2016, Technical-hse management system in the design phase of an lng plant project, 
Chemical Engineering Transactions, 48, 541-546  DOI:10.3303/CET1648091  

541



depressuring system design, fireproofing application, and layout and separation distances; and the same 
approach to probabilistic analysis and acceptability criteria).   
In fact, many recent projects that use a risk-based approach suffer from HSE issues in engineering execution.  
For example, a risk assessment was not completed during the FEED phase, and since the design had not 
been verified, inherently safer design options were not implemented.  
Recent LNG facilities projects have grown in size and complexity (e.g., larger capacities, remote sites and 
modularized construction) and this results in larger investments.  This trend has not only increased the 
investment costs but also added further difficulties to project management during the design phase (e.g., 
large, joint venture organizations for both, Owner and Contractor, that combine partners with different 
company cultures, personnel hired specifically for the project, complicated contract formations and splits of 
work, and extensive and complex government permitting and approval requirements).  In addition, the project 
schedule is usually very tight in an effort to start up the facilities sooner.  Due to these difficulties and the 
criticality of ensuring the proper implementation of the HSE requirements, a Technical HSE MS specifically 
designed for the engineering phase is required.   
This paper discusses a framework for the effective management of HSE MS in the design phase, and it 
provides some key considerations (e.g., project environment evaluation method, HSE organization and the 
decision-making process). 

2. Consideration for process safety management principle  

This section briefly presents the HSE design principles, including the required interfaces between the design 
and the risk analysis and studies. 

2.1 Safety design concepts 
Risk based approach 
A risk-based approach requires detailed design information in order to ensure the accuracy of the risk 
evaluation results.  When the risk evaluation is conducted in the early stages of the design, it can only be 
based on assumptions due to the lack of maturity of the design.  The results, therefore, include a large degree 
of uncertainty. Thus, towards the end of the detailed engineering phase, as part of the design verification, an 
update of the risk evaluations and studies is required.  The detailed planning and the proper management of 
this cycle (i.e., input from design, feedback to design, and update) is a key success factor in the engineering 
execution. 
Further, although the initial assumptions for risk analyses and studies normally already include safe margins to 
allow for increases or changes due to design development (e.g., exact locations and elevations, and parts 
counts), in many cases, such safety margins are not sufficient, since changes in design and increases in the 
number of components in the detailed design phase may be significant.  Thus, the final values of DAL (Design 
Accidental Load) sometimes exceed the initial analyses and evaluation. 
In addition, when a project is executed by a Joint Venture (JV), each JV partner will conduct their own 
analyses and studies for the areas within their scope of work (vertical split of work). This project formation 
increases the interface management and presents problems related to consistency between the assumptions 
and the results, also because the times at which the analyses and the studies are conducted by the various 
partners may differ. 
Hazard management process 
The Hazard Management Process in design is a systematic process addressing how Loss of Containment 
(LOC) scenarios and HSE risks are identified, their potential effects are assessed, the threats are controlled, 
the appropriate mitigating barriers are identified, and the consequences are mitigated.  This is therefore a 
process for designing plant safeguarding systems based on accident scenarios. 
Although industry standard designs for safeguarding systems are based on fire scenarios, consistency 
between the safeguarding systems provided by the different design disciplines is rarely achieved.  For 
example, even if the same fire scenario is considered in the design of the PSV and ESD and EDP 
(safeguarding systems for the prevention and mitigation of the effects) and in the design of the Active and 
Passive Fire Protection System, Separation Distances, and Spill Control System (Slope and Surface 
Drainage), no particular multi-discipline consistency check is normally conducted. These safeguarding 
systems should, therefore, be designed considering not only the process design aspects, but also the facility 
layout design.  Further, supporting systems, critical for the proper functioning of the safeguarding systems, 
should also be designed based on the same accident scenarios and their escalation (e.g., instrument and 
power supply cable (fire retardant or fire resistant) distribution should avoid common cause failure). 
Recently, great emphasis has been placed on the specific requirements of the Functional Safety Management 
Plan (FSMP) for SIS design, which is part of overall HMP, and partly overlaps with the design hazard 
management (DHM). 

542



2.2 Philosophy of process safety engineering 
Hierarchy of process safety design options 
The hierarchy of the protection layers is key to the reduction of the likelihood and consequent severity of an 
accident.  However, once an accident occurs, the public perception of the accident is defined only by its 
consequences.  Therefore, providing only protection layers that reduce the likelihood of an accident is not 
sufficient.  The hierarchy of the protection layers should be as follows: 
1. Reducing the hazard (e.g., process selection, inventory and operating conditions) 
2. Greater separation distances 
3. Reducing likelihood (prevention layers, such as PSV and SIS) 
4. Mitigation measures (e.g., ESD and EDP, and Fire Protection System) 
5. Administrative control 
Inherently safe design (ISD) options result in greater investment costs, and they are normally considered and 
implemented in the early design phase, which is largely driven by the feasibility of the project (i.e., investment 
and running costs).  Thus, early identification of ISD options (i.e., philosophy) is critical for the correct 
implementation of safety in design. 

3. Technical-HSE management system in design phase 

3.1 Framework of technical HSE MS 
The Project HSE MS should specifically cover the technical HSE aspects in order to ensure an inherently safe 
and consistent application of the HSE requirements in the design.  A simplified representation of the Technical 
HSE MS for a Joint Venture formation is shown in Figure 1 a). 
The Project Policy should specifically refer to a detailed HSE design policy (i.e., not to a general, “coverall” 
policy, but to detailed guidelines for the design teams of each JV Partner) and to a specific Design HSE Plan, 
presenting the relations between the specific plans and procedures, such as pre-FEED and FEED studies, 
HAZID and ENVID, QRA, HAZOP, DHMP, FSMP, and to the other safety assessments, specifying the timing 
and the disciplines responsible and the leaders, for each of the partners.  Further, the plan should also give 
the acceptability criteria for the various scenarios. 
Implementing ISD 
The most important aspect in establishing the Technical HSE MS is the clear indication of the HSE execution 
strategy. In each design and project phase (e.g., Pre-FEED, FEED, EPC), the potential ISD options that can 
be implemented are different, as late changes in or additions to the design have great cost and schedule 
impacts.  For example, selection of the process licenser can only be done during pre-feed, as it would be 
difficult and costly to select or change the Licensor during the FEED, and it would not be feasible to change it 
during the EPC.  Adequate separation distances between areas are to be set during early FEED, as they will 
have great impact if they are changed at the end of the FEED, and it would be physically impossible to modify 
them during EPC as the foot print of the plant is normally fixed at that time. 
Separation distances can mitigate accident escalation. Therefore, the escalation of large, but less credible 
accident scenarios should be prevented by setting the safety distances between areas and units; and the 
escalation of smaller, but credible accident scenarios should be prevented by setting the safety distances 
between pieces of equipment within the same area. 
Decision making process and ALARP demonstration 
In many cases, decisions related to major development and changes are carefully scrutinized for their 
commercial and schedule aspects.  However, many such decisions include HSE aspects, which may affect 
the design hazard scenarios or the design of Safety Critical Elements (SCE).  When the decision making 
process overlooks the safety aspects, it may result in late design changes, which in turn, will require significant 
expenditures to resolve them.  
The suggested decision making process for decisions taken to ensure the proper consideration of HSE 
aspects is shown in Figure 1 b). 
Technical Queries (TQ) are commonly used for handling and recording design issues and the decision 
process between Plant Owner and Contractor.  When a TQ is issued by the Plant Owner or the Contractor 
disciplines, the TQ should be evaluated first by the discipline engineers who prepared it to identify the HSE 
issues.  The TQ form should include a check box for indicating that HSE aspects are involved, and the TQ log 
sheet should include the results.  Then, based on discipline’s evaluation results, the Engineering Manager 
(EM) should decide whether the TQ involves HSE issues or not.  If the EM considers the TQ to be HSE 
related, the TQ will be forwarded to the Technical HSE Group and preliminarily discussed with Company’s 
Technical HSE Group.  The TQ will then be revised as necessary and officially issued.  Some TQ’s may 
require an ALARP demonstration to justify the decision to be taken.  The following flow chart shows the 

543



process for TQ preparation and issue.  The same process may be applied also for projects where technical 
queries are handled by official correspondence (i.e., letters). 
 

 
a) Technical HSE management system  b) Suggested decision making process 

Figure 1: Proposed Framework of technical HSE management system 

3.2 Technical HSE team organization 
Due to the larger size of recent projects, more Technical HSE personnel are required.  Therefore, for such 
projects, it is recommended to provide a dedicated Technical HSE Manager and a Technical Safety Lead 
Engineer (refer to Figure 2).  This formation also provides for independence of the Technical HSE team from 
the design team (i.e., a Technical HSE Manager for design, and a Technical Safety Lead for technical safety).   
Due to the variety of HSE aspects (e.g., process safeguarding design, structural design loads, 3D model 
reviews) and application of new technologies (e.g., functional safety management, CFD and FEM 
assessments using 3D data, and reliability and probability analysis), ensuring the competency of HSE Team 
members is highly important.  The Technical HSE Manager requires not only knowledge and skills in 
assessment techniques, but also knowledge in engineering and design, in order to manage the interfaces 
between the Technical HSE team and the engineering disciplines.  The Technical HSE Manager should also 
be responsible for managing the third-party specialist consultants doing the analyses.  It is very important to 
communicate to the consultants an overview and strategy for the Technical HSE Design in the project. 
 

 

Figure 2: Example of technical HSE team organization 

Independency of technical HSE engineers 
Although the Technical HSE Manager reports to the Engineering Manager and coordination between the 
Technical HSE Group and the other design groups is essential, it is important to ensure the independence of 
the Technical HSE Group from the design groups.  This is to prevent design decisions involving HSE aspects 
from being driven only by cost and schedule considerations.  However, in some projects, the design groups 
relied too heavily on HSE aspects for decisions involving normal engineering and design practices. 

544



4. Experience with a large LNG module project 

A risk-based approach was implemented for the project execution, in particular the design, and it required 
strict management and control due to the extensive regulatory and technical HSE requirements, a three-
partner Joint Venture with four main design centers and several production engineering centers, and 
modularized construction with three main fabrication yards.  The Project key issues identified were as follows: 
 Commonality in design through the various project design centers and design phases. 
 Verification of, and check for compliance with applicable laws and regulations, national and local 

authorities’ permits, and codes and standards 
 Verification of COMPANY HSE requirements 
 Identification and implementation of the recommendations of the FEED Environmental Impact 

Assessment and QRA, and issue of data and information for their update 
 Identification and planning of the HSE risk assessments, reviews and studies to be conducted (e.g., 

HAZID, HRA, ENVID, HAZOP, SIL, Explosion and Fire Hazard Studies, QRA, E-HAZOP, C-HAZOP, 
ALARP studies, and Bow Ties). 

 Potential high plant noise levels 
 Ground flare capacity, radiation and noise 
 Layouts of plant and equipment to mitigate HSES risks and to ensure operability, maintainability and 

constructability 
 Technical HSES risks, such as loss of containment and consequent fires and explosions, identification 

and reduction to ALARP. 
 Management and control of design interfaces, in particular in HSES issues and plant wise systems, with 

licensors, between the Joint Venture Partners’ design groups, and consultants. 
A specific Technical HSE Plan was prepared by the Technical HSE Manager in order to plan, monitor, and 
control the large number of HSE studies conducted by the several JV partners and consultants. A Risk 
Assessment Execution Plan was developed, and a Functional Safety Management Plan (FSMP), covering the 
implementation of the functional safety management for process safeguarding design (especially for SIS), was 
also developed separately under the Design Hazard Management Process. The structure of the HSE MS 
documentation was as shown in Tables 1 through 3. 

Table 1: HSE management system 

Overall Plan Specific Area Plan Procedure 
HSE MS   
Eng. HSE 
Management 
Plan 

Risk Assessment Execution Plan HAZID Study Procedure 
Functional Safety Management Plan ENVID Study Procedure 
HFE Implementation Plan HRA Study Procedure 
Noise Management Plan HAZOP Study Procedure 
SIMOPS Plan SIL Study Procedure 
 QRA Procedure 
 HSE Action Tracking Procedure 
 Management of Change Procedure 
 ALARP Demonstration Procedure 
 Safety in Design Procedure 

Fabrication Yard 
HSE Plan 

- (apply each Fabrication Yard HSE 
procedures) 

Construction 
HSE Plan 

Emergency Response Plan Orientation, Education and Training 
Procedure 

Fire Protection and Prevention Plan HSES Risk and Hazard Management 
Procedure 

Occupational Health Plan Incident and Hazard Reporting Procedure 
Security Management Plan Fitness for Work Procedure, and the like 

Environment 
Management 
Plan 

Air Emission Management Plan Spill Response Procedure 
Liquid Discharge Management Plan Waste Management Procedure 
Waste Management Plan Cultural Heritage Management Procedure 
Underwater Noise Management Plan Vegetation Clearing Procedure 
Erosion and Sediment Control Plan Fauna Handling Procedure, and the like 

545



Table 2: Action plan (extract) 

No. Item Description By Whom Location By When Deliverables 
1 Prepare Process Design Data  Process Lead YOC  Process Design Basis 
2 Follow up of FEED HAZOP Eng. Manager YOC  Revised P&IDs 

Operation Manuals  
3 P&ID Internal Review Eng. Manager YOC  P&IDs  
4 P&ID COMPANY’s Review COMPANY YOC  Marked P&IDs 
5 Verify, update and finalize 

Process Safeguarding 
Systems 

Process Lead YOC  Process Safeguarding 
Diagram 

6 Identify and specify 
hydrocarbon inventory 

Process Lead YOC  Hydrocarbon Inventory 

Table 3: Responsibility matrix (extract) 

Document Type Preparer Checker Approver 
Overall HSES Execution  HSE Manager Deputy Project Director Project Director 
Engineering HSES Plan Tech. HSE Manager HSE Manager HSE Manager 
Engineering HSES Philosophy  HSE Engineer Tech. HSE Manager Tech. HSE Manager 
Engineering HSES Procedure HSE Engineer Tech. HSE Manager Tech. HSE Manager 
Engineering HSES Reports HSE Engineer Tech. HSE Manager Tech. HSE Manager 

 
By assigning the technical HSE function directly under the Engineering Manager, the design information flow 
related to HSE was tightly controlled and directed to the Technical HSE Manager. Further, regular Technical 
HSE meetings were called by the HSE Leader with all design disciplines in order to ensure a common 
understanding of the HSE requirements and enhance the coordination and working relationships between the 
engineering disciplines in the various design centers.  A Technical HSE Induction Training package was also 
provided to all members in the project. 
As a result of having a dedicated Technical HSE MS, the recommendations of the hazard assessments and 
risk studies were properly implemented throughout the project, from the conceptual design to the detailed 
design, in a timely manner, without any significant, late design changes.   

5. Conclusion 

In this paper, a framework for establishing a Technical HSE MS is discussed.  Setting the proper Technical 
HSE MS (based on the complexity of the scope of work, project organization and contract formation) as a part 
of the Engineering Execution Plan is the key element for the effective implementation of HSE requirements in 
design.  Key aspects to be considered for an effective Technical HSE MS are as follows: 
Organization aspects 
Independence of HSE group from discipline groups 
Multi-discipline regular HSE review and status meetings 
Competency and training 
Technical aspects 
Technical Queries and ALARP systems 
Establishment of acceptability criteria 
Implementation of ISD 
Specific technical HSE plans covering such aspects as risk assessment execution plan and Functional Safety 
Management Plan 

Reference 

Tanabe, M., Miyake, A.,  2012,  Approach enhancing inherent safety application in onshore LNG plant design, 
Journal of Loss Prevention in the Process Industries, 25, 809-819.1.2011 

546