The development of an audit technique to assess the quality of safety barrier management

This paper describes the development of a management model to control barriers devised to prevent major hazard scenarios. Additionally, an audit technique is explained that assesses the quality of such a management system. The final purpose of the audit technique is to quantify those aspects of the management system that have a direct impact on the reliability and effectiveness of the barriers and, hence, the probability of the scenarios involved.

First, an outline of the management model is given and its elements are explained. Then, the development of the audit technique is described. Because the audit technique uses actual major hazard scenarios and barriers within these as its focus, the technique achieves a concreteness and clarity that many other techniques often lack. However, this strength is also its limitation, since the full safety management system is not covered with the technique. Finally, some preliminary experiences obtained from several test sites are compiled and discussed.     

ARAMIS project: a more explicit demonstration of risk control through the use of bow-tie diagrams and the evaluation of safety barrier performance

Over the last two decades a growing interest for risk analysis has been noted in the industries. The ARAMIS project has defined a methodology for risk assessment. This methodology has been built to help the industrialist to demonstrate that they have a sufficient risk control on their site.

Risk analysis consists first in the identification of all the major accidents, assuming that safety functions in place are inefficient. This step of identification of the major accidents uses bow–tie diagrams. Secondly, the safety barriers really implemented on the site are taken into account. The barriers are identified on the bow–ties. An evaluation of their performance (response time, efficiency, and level of confidence) is performed to validate that they are relevant for the expected safety function. At last, the evaluation of their probability of failure enables to assess the frequency of occurrence of the accident. The demonstration of the risk control based on a couple gravity/frequency of occurrence is also possible for all the accident scenarios.

During the risk analysis, a practical tool called risk graph is used to assess if the number and the reliability of the safety functions for a given cause are sufficient to reach a good risk control.     

Initial development of a practical safety audit tool to assess fleet safety management practices

Work-related vehicle crashes are a common cause of occupational injury. Yet, there are few studies that investigate management practices used for light vehicle fleets (i.e. vehicles less than 4.5 tonnes). One of the impediments to obtaining and sharing information on effective fleet safety management is the lack of an evidence-based, standardised measurement tool. This article describes the initial development of an audit tool to assess fleet safety management practices in light vehicle fleets. The audit tool was developed by triangulating information from a review of the literature on fleet safety management practices and from semi-structured interviews with 15 fleet managers and 21 fleet drivers. A preliminary useability assessment was conducted with 5 organisations. The audit tool assesses the management of fleet safety against five core categories: (1) management, systems and processes; (2) monitoring and assessment; (3) employee recruitment, training and education; (4) vehicle technology, selection and maintenance; and (5) vehicle journeys. Each of these core categories has between 1 and 3 sub-categories. Organisations are rated at one of 4 levels on each sub-category. The fleet safety management audit tool is designed to identify the extent to which fleet safety is managed in an organisation against best practice. It is intended that the audit tool be used to conduct audits within an organisation to provide an indicator of progress in managing fleet safety and to consistently benchmark performance against other organisations. Application of the tool by fleet safety researchers is now needed to inform its further development and refinement and to permit psychometric evaluation.     

Quantifying the influence of safety management on the reliability of safety barriers

A methodology is described that enables to use safety management audit assessments and safety culture questionnaire results for estimating the reductions in the reliability of safety barriers in major hazard plants. The critical issue is the establishment of weight factors in combination with the anchoring of “good” safety management. A method is proposed to derive weight factors from statistical accident analysis in combination with a statistical analysis of safety management assessments at a representative sample of major hazard industries. A preliminary set of weight factors is presented with some examples of resulting reductions in reliability—this demonstration confirms that the set of weight factors needs further development.     

Safety management practices and safety behaviour: Assessing the mediating role of safety knowledge and motivation

Safety management practices not only improve working conditions but also positively influence employees’ attitudes and behaviours with regard to safety, thereby reducing accidents in workplace. This study measured employees’ perceptions on six safety management practices and self-reported safety knowledge, safety motivation, safety compliance and safety participation by conducting a survey using questionnaire among 1566 employees belonging to eight major accident hazard process industrial units in Kerala, a state in southern part of India. The reliability and unidimesionality of all the scales were found acceptable. Path analysis using AMOS-4 software showed that some of the safety management practices have direct and indirect relations with the safety performance components, namely, safety compliance and safety participation. Safety knowledge and safety motivation were found to be the key mediators in explaining these relationships. Safety training was identified as the most important safety management practice that predicts safety knowledge, safety motivation, safety compliance and safety participation. These findings provide valuable guidance for researchers and practitioners for identifying the mechanisms by which they can improve safety of workplace.     

Software safety analysis of function block diagrams using fault trees

As programmable logic controllers (PLCs) are often used to implement safety–critical embedded software, safety demonstration of PLC code is needed. In this paper, we propose a fault tree analysis technique on Function Block Diagrams (FBDs) which is one of the most widely used PLC programming languages. FBD is currently being used to develop Reactor Protection System (RPS) for a nuclear power plant in South Korea. Our approach to fault tree analysis, which combines fault-oriented and cause/effect-oriented viewpoints, is easy to understand and offers systematic guidelines to ensure safety of PLC code. Domain experts found the approach to be useful through a case study on RPS, and this paper compares completeness and comprehensiveness of the semi-automatically generated fault trees using the proposed approach against the one manually prepared by nuclear safety engineers.     

Risk indicators as a tool for risk control

This paper presents a general methodology for the establishment of risk indicators that can be used as a tool for risk control during operation of offshore petroleum installations. The risk indicators established are based on the platform specific quantitative risk analysis (QRA). The general methodology is evaluated against comparable approaches both in offshore and nuclear industry. There are two distinct features of this methodology. The first is that it is truly risk-based with the intention of covering the total risk picture. The second is that the identification of the risk factors contributing most to the total risk is based on realistic changes of each factor assessed by the platform personnel, not a theoretically assumed change. The set of risk indicators for one specific installation is presented along with test results.     

A global view on ARAMIS, a risk assessment methodology for industries in the framework of the SEVESO II directive

The ARAMIS methodology was developed in an European project co-funded in the fifth Framework Programme of the European Commission with the objective to answer the specific requirements of the SEVESO II directive. It offers an alternative to purely deterministic and probabilistic approaches to risk assessment of process plants. It also answers the needs of the various stakeholders interested by the results of the risk assessment for land use or emergency planning, enforcement or, more generally, public decision-making. The methodology is divided into the following major steps: identification of major accident hazards (MIMAH), identification of the safety barriers and assessment of their performances, evaluation of safety management efficiency to barrier reliability, identification of reference accident scenarios (MIRAS), assessment and mapping of the risk severity of reference scenarios and of the vulnerability of the plant surroundings. The methodology was tested during five case studies, which provided useful information about the applicability of the method and, by identifying the most sensitive parts of it opened way to new research activity for an improved industrial safety.     

The use of a basic safety investment model in a practical risk management context

We consider a basic model in economic safety analysis: a firm is willing to invest an amount x in safety measures to avoid an accident A, which in the case of occurrence, leads to a loss of size L. The probability of an accident is a function of x. The optimal value of x is determined by minimizing the expected costs. In the paper, we re-examine this model by adopting a practical risk/safety management perspective. We question how this model can be used for guiding the firm and regulators in determining the proper level of investment in safety. Attention is given to issues like how to determine the probability of an accident and how to take into account uncertainties that extend beyond the expected value. It is concluded that the model, with suitable extensions and if properly implemented, provides a valuable decision support tool. By focusing on investment levels and stimulating thereby the generation of alternative risk-reducing measures, the model is considered particularly useful in risk reduction (ALARP) processes.     

Human and organizational biases affecting the management of safety

Management of safety is always based on underlying models or theories of organization, human behavior and system safety. The aim of the article is to review and describe a set of potential biases in these models and theories. We will outline human and organizational biases that have an effect on the management of safety in four thematic areas: beliefs about human behavior, beliefs about organizations, beliefs about information and safety models. At worst, biases in these areas can lead to an approach where people are treated as isolated and independent actors who make (bad) decisions in a social vacuum and who pose a threat to safety. Such an approach aims at building barriers and constraints to human behavior and neglects the measures aiming at providing prerequisites and organizational conditions for people to work effectively. This reductionist view of safety management can also lead to too drastic a strong separation of so-called human factors from technical issues, undermining the holistic view of system safety. Human behavior needs to be understood in the context of people attempting (together) to make sense of themselves and their environment, and act based on perpetually incomplete information while relying on social conventions, affordances provided by the environment and the available cognitive heuristics. In addition, a move toward a positive view of the human contribution to safety is needed. Systemic safety management requires an increased understanding of various normal organizational phenomena - in this paper discussed from the point of view of biases - coupled with a systemic safety culture that encourages and endorses a holistic view of the workings and challenges of the socio-technical system in question.     

Application of micro Markov models for quantitative safety assessment to determine safety integrity levels as defined by the IEC 61508 standard for functional safety

This paper presents a method that will drastically reduce the calculation effort required to obtain quantitative safety and reliability assessments to determine safety integrity levels for applications in the process industry. The method described combines all benefits of Markov modeling with the practical benefits of reliability block diagrams.     

The effects of error management climate and safety communication on safety: A multi-level study

Work in the construction industry is considered inherently dangerous, despite the technological improvements regarding the safety of work conditions and equipment. To address the urgent need to identify organizational predictors of safety performance and outcomes among construction workers, the present study examined multi-level effects of two important indicators of safety climate, namely contractor error management climate and worker safety communication, on safety behavior, injury, and pain among union construction workers. Data were collected from 235 union construction workers employed by 15 contractors in Midwest and Northwest regions of the United States. Results revealed significant main effects for safety communication and error management climate on safety behaviors and pain, but not on injuries. Our findings suggest that positive safety communication and error management climate are important contributors to improving workplace safety. Specific implications of these results for organizational safety research and practice are discussed.     

Scale development of safety management system evaluation for the airline industry

The airline industry relies on the implementation of Safety Management System (SMS) to integrate safety policies and augment safety performance at both organizational and individual levels. Although there are various degrees of SMS implementation in practice, a comprehensive scale measuring the essential dimensions of SMS is still lacking. This paper thus aims to develop an SMS measurement scale from the perspective of aviation experts and airline managers to evaluate the performance of company's safety management system, by adopting Schwab's (1980) three-stage scale development procedure. The results reveal a five-factor structure consisting of 23 items. The five factors include documentation and commands, safety promotion and training, executive management commitment, emergency preparedness and response plan and safety management policy. The implications of this SMS evaluation scale for practitioners and future research are discussed.     

A fault tree analysis strategy using binary decision diagrams

The use of binary decision diagrams (BDDs) in fault tree analysis provides both an accurate and efficient means of analysing a system. There is a problem, however, with the conversion process of the fault tree to the BDD. The variable ordering scheme chosen for the construction of the BDD has a crucial effect on its resulting size and previous research has failed to identify any scheme that is capable of producing BDDs for all fault trees. This paper proposes an analysis strategy aimed at increasing the likelihood of obtaining a BDD for any given fault tree, by ensuring the associated calculations are as efficient as possible. The method implements simplification techniques, which are applied to the fault tree to obtain a set of ‘minimal’ subtrees, equivalent to the original fault tree structure. BDDs are constructed for each, using ordering schemes most suited to their particular characteristics. Quantitative analysis is performed simultaneously on the set of BDDs to obtain the top event probability, the system unconditional failure intensity and the criticality of the basic events.     

浅谈大型制氧企业液氧充装过程的安全管理

介绍武钢氧气公司对液氧充装过程的安全管理,以及现场充装设备的改造,通过建立健全安全管理制度,改进充装设备的安全性能,全面提高了液氧充装过程的安全性,为大型制氧企业加强液氧充装安全提供借鉴。     

Principles of engineering safety: Risk and uncertainty reduction

This article provides a systematised account of safety engineering practices that clarifies their relation to the goal of safety engineering, namely to increase safety. We list 24 principles referred to in the literature of safety engineering, dividing them into four major categories: Inherently safe design, Safety reserves, Safe fail and Procedural safeguards. It emerges from this systematisation that important aspects of these methods can be better understood with the help of the distinction between risk and uncertainty.     

An enhanced component connection method for conversion of fault trees to binary decision diagrams

Fault tree analysis (FTA) is widely applied to assess the failure probability of industrial systems. Many computer packages are available, which are based on conventional kinetic tree theory methods. When dealing with large (possibly non-coherent) fault trees, the limitations of the technique in terms of accuracy of the solutions and the efficiency of the processing time become apparent. Over recent years, the binary decision diagram (BDD) method has been developed that solves fault trees and overcomes the disadvantages of the conventional FTA approach. First of all, a fault tree for a particular system failure mode is constructed and then converted to a BDD for analysis. This paper analyses alternative methods for the fault tree to BDD conversion process.For most fault tree to BDD conversion approaches, the basic events of the fault tree are placed in an ordering. This can dramatically affect the size of the final BDD and the success of qualitative and quantitative analyses of the system. A set of rules is then applied to each gate in the fault tree to generate the BDD. An alternative approach can also be used, where BDD constructs for each of the gate types are first built and then merged to represent a parent gate. A powerful and efficient property, sub-node sharing, is also incorporated in the enhanced method proposed in this paper. Finally, a combined approach is developed taking the best features of the alternative methods. The efficiency of the techniques is analysed and discussed.     

A systematic approach to safety case maintenance

A crucial aspect of safety case management is the ongoing maintenance of the safety argument through life. Throughout the operational life of any system, changing regulatory requirements, additional safety evidence and a changing design can challenge the corresponding safety case. In order to maintain an accurate account of the safety of the system, all such challenges must be assessed for their impact on the original safety argument. This is increasingly being recognised by many safety standards. However, many safety engineers are experiencing difficulties with safety case maintenance at present, the prime reason being that they do not have a systematic and methodical approach by which to examine the impact of change on safety argument. The size and complexity of safety arguments and evidence being presented within safety cases is increasing. Nowhere is this more apparent than for Electrical, Electronic and Programmable Electronic systems attempting to comply with the requirements and recommendations of software and hardware safety standards such as [1] and UK Defence Standards 00-54 [MoD. 00-54 Requirements of Safety Related Electronic Hardware in Defence Equipment. Ministry of Defence, Interim Defence Standard, 1999], 00-55 [ [2]]. However, this increase in safety case complexity exacerbates problems of comprehension and maintainability later on in the system lifecycle. This paper defines and describes a tool-supported process, based upon the principles of goal structuring, that attempts to address these difficulties through facilitating the systematic impact assessment of safety case challenges.     

Does the concept of safety culture help or hinder systems thinking in safety?

The concept of safety culture has become established in safety management applications in all major safety-critical domains. The idea that safety culture somehow represents a “systemic view” on safety is seldom explicitly spoken out, but nevertheless seem to linger behind many safety culture discourses. However, in this paper we argue that the “new” contribution to safety management from safety culture never really became integrated with classical engineering principles and concepts. This integration would have been necessary for the development of a more genuine systems-oriented view on safety; e.g. a conception of safety in which human, technological, organisational and cultural factors are understood as mutually interacting elements. Without of this integration, researchers and the users of the various tools and methods associated with safety culture have sometimes fostered a belief that “safety culture” in fact represents such a systemic view about safety. This belief is, however, not backed up by theoretical or empirical evidence. It is true that safety culture, at least in some sense, represents a holistic term—a totality of factors that include human, organisational and technological aspects. However, the departure for such safety culture models is still human and organisational factors rather than technology (or safety) itself. The aim of this paper is to critically review the various uses of the concept of safety culture as representing a systemic view on safety. The article will take a look at the concepts of culture and safety culture based on previous studies, and outlines in more detail the theoretical challenges in safety culture as a systems concept. The paper also presents recommendations on how to make safety culture more systemic.     

Optimization of safety equipment outages improves safety

Testing and maintenance activities of safety equipment in nuclear power plants are an important potential for risk and cost reduction. An optimization method is presented based on the simulated annealing algorithm. The method determines the optimal schedule of safety equipment outages due to testing and maintenance based on minimization of selected risk measure. The mean value of the selected time dependent risk measure represents the objective function of the optimization. The time dependent function of the selected risk measure is obtained from probabilistic safety assessment, i.e. the fault tree analysis at the system level and the fault tree/event tree analysis at the plant level, both extended with inclusion of time requirements. Results of several examples showed that it is possible to reduce risk by application of the proposed method. Because of large uncertainties in the probabilistic safety assessment, the most important result of the method may not be a selection of the most suitable schedule of safety equipment outages among those, which results in similarly low risk. But, it may be a prevention of such schedules of safety equipment outages, which result in high risk. Such finding increases the importance of evaluation speed versus the requirement of getting always the global optimum no matter if it is only slightly better that certain local one.