Posted on 8 April 2013

SEMS II: does the BSEE go far enough to eliminate human error as a safety concern?

How can we best prevent accidents on start-ups and shut-downs

The proposed changes to the BSEE’s SEMS (Safety and Environmental Management System) summed up in the new SEMS II rule have been a major topic of discussion in the US offshore industry. As a response to the oil spills and accidents that have occurred in recent history, the new revisions show a determination of the American Bureau of Safety and Environmental Enforcement (BSEE) to change the culture of the offshore oil and gas industry for the better.

For some dangerous processes however, changing the culture is not enough to effectively ensure safe procedures – human error currently is and still will be a major factor. Therefore, some experts believe that the BSEE should consider the potential use of valve interlocks as a requirement for processes where accidents should be avoided at all costs, as they can safely eliminate the risk of human error.

Netherlocks NDL interlock for pigging operations

Valve interlocks can safely eliminate the risk of human error

What is SEMS and why was it created?

The ‘Workplace Safety Rule’ on Safety and Environmental Management Systems (SEMS) is a mandatory system of rules which covers all offshore oil and gas operations in US federal waters. SEMS has come into existence in light of accidents such as the Deepwater Horizon explosion that rocked the industry both internally and in the wider world. Amongst other aspects, SEMS focuses on the effects and implications of human error and poor organization on accident risks and strives to improve the offshore industry’s safety and environmental records.

RP 75: voluntary ‘Recommended Practice’ made mandatory

SEMS makes mandatory the essential components of Recommended Practice (RP) 75 of the American Petroleum Institute (API). RP 75 is a comprehensive safety and environmental management standard and can be regarded as a tool for integrating safety management into a variety of offshore operations. It is broad in scope and addresses the identification and management of safety hazards and environmental impacts in design, construction, start-up, operation, inspection and maintenance of installations. It was also created to be a permanent part of a company’s culture, objectives and operations, inherent and integral to the way business is conducted.

Which are the main principles of RP75?

RP 75 requires that management of offshore oil and gas companies puts forward a safety program based on the following principles:

  1. A written program is required.
  2. Leadership, accountability and resources must be provided.
  3. Representatives must be appointed to establish, implement and maintain the program.
  4. There are also representatives who report to management on the performance of the program.
  5. The program should be reviewed regularly.
  6. A written description of the organization and lines of responsibility is required.
  7. The expertise of personnel should be utilized in areas such as the identification of hazards, the development of safe work practices, the development of training programs and the investigation of incidents.
  8. The owner, operator and contractor management have their own responsibility for assuring safe operations.
  9. Industry codes should be used in the design, construction, maintenance, and operation of the facility.
  10. The management of safety is an integral part of the design and operation of the facility.
  11. All persons involved in the program must be properly trained.
  12. The program should be regularly audited.
SMS II; BSEE should focus on eliminating human error

“We have learned that while operating in the startup and shutdown mode less than 5% of the time, more than 40% of the accidents take place during this ‘take off’ and ‘landing’ mode”

RP 75 only offers a general ‘safety compass’ to US offshore businesses

RP 75 recommendations do address the effects of human error and encourage offshore businesses to concentrate on minimizing these effects. RP 75 also promotes a culture of safety and stimulates companies to set up safe operating procedures. What’s good about RP 75 in particular, is that it stresses to make safety and environmental information available at every facility. BSEE recognizes that local availability of information such as design data, flow charts of facility processes, and diagrams of mechanical components and instruments highly contributes to process safety as a whole.

What RP 75 generally lacks however is the recognition of the fact that human error cannot always be prevented by formal procedures alone. Some processes can have catastrophic results if not carried out the right way and within these processes we have the opportunity to physically help and ensure that operators follow the safe procedure.

One way to establish this is by using mechanical interlocks. Interlocks eliminate human error by only allowing the right valves to be opened or closed in the correct order, leading operators safely through the strict work order of the task.

Linked to information systems or mimic panels, they not only eliminate human error, but also highlight any Permit Procedure applicable to a specific process. This allows the operator to request and receive all data needed in order to safely proceed to the next stage of a process. Flow charts, sequence diagrams and any other important information can be offered in an organized manner and make important process information locally available so that not only is the process completed safely, but the operators are aware of the reasoning behind the procedures.

RP 75 does not offer clear guidelines and preventive actions

Albeit a sound safety concept, RP 75 also creates some confusion as to which equipment it applies to(3). RP 75 simply states that it applies to ‘critical’ equipment’, which it defines as: “equipment and other systems determined to be essential in preventing the occurrence of or mitigating the consequences of an uncontrolled release. Such equipment may include vessels, machinery, piping, blowout preventers, wellheads and related valves, flares, alarms, interlocks, fire protection equipment and other monitoring, control and response systems.”

Moreover, the regulations in RP 75 sometimes deal with safety in general terms, stating that you must ensure “the mechanical integrity and safe operation of equipment through inspection, testing and quality assurance”. It also mentions that “your mechanical integrity program must encompass all equipment and systems used to prevent or mitigate uncontrolled releases of hydrocarbons, toxic substances, or other materials that may cause environmental or safety consequences.”
Ultimately, then, it is left up to the operator to decide which equipment must be covered by the mechanical integrity section. One BSEE representative did offer one view of how an operator can decide whether equipment is critical, but it still remains indefinite: “For example, if shutting down a piece of equipment impacts the ability to carry on with the operation, that’s a good indication that it’s a critical piece of equipment.”

RP 520: eliminating human error

Process safety should leave no room for confusion and ambiguity. Taking into account the disastrous effects that failing mechanical integrity can cause, BSEE could therefore consider other important Recommended Practices that can maybe replace some of the ambiguous elements in RP 75.

One of these practices is RP 520. This API recommendation specifically applies to the sizing and selection of pressure relief devices that provide protection against excessive pressure accumulation and is quite precise as to how to ensure mechanical integrity. In articles 6.3.1 and 6.3.2 of this rule, it is mentioned that “consideration should be given to using an interlocking system between the inlet and outlet isolation valves to assist with proper sequencing”.

What it means is that dual relief valves need to guarantee an open path to the relief valve at all times. The safety relief valve is clearly identified as a critical part of equipment, as it is the most important safety measure in a particular process or even an entire plant. Operating pressure relief valves in the right manner is not difficult, but even the possibility of both relief valves being accidently offline, creating less relief capacity, just cannot be accepted as ‘safe’ – yet it could currently happen. Many leading oil and gas companies have already acknowledged this fact, and, as a result, they have incorporated the use of mechanical interlocks as a mandatory requirement on pressure safety valves (PSVs).

In less than 5% of the time, more than 40% of the accidents take place

RP 520 clearly identifies pressure relief devices as potentially dangerous, whereas RP 75 leaves room for different interpretations as to what equipment is to be regarded as ‘critical’. RP 520 only focuses on safe working practices for pressure relief valves though, so the question arises whether it would be possible to define other potentially dangerous devices or processes that can easily be categorized as such.

A closer look at any prevailing similarities between accidents in the oil & gas industry might give some clear clues. As a general rule of thumb, one can say that accidents in the industry are mostly related to procedures that do not occur frequently and at the same time can have catastrophic consequences when performed incorrectly: start-ups, shut-downs and shift handover processes are all good examples.

Other research also confirms this, for instance, a study from the Mary Kay O’Connor Process Safety Center on ‘shift handover processes’(1) revealed that these processes are the most commonly cited as a contributing cause in most accidents (Piper Alpha, Bhopal). Their importance in operations and safety incidents is also underscored by a statement from a senior oil & gas industry executive, quoted in the same research:

“We have learned that while operating in the startup and shutdown mode less than 5% of the time, more than 40% of the accidents take place during this ‘take off’ and ‘landing’ mode” (1,2)

These revelations are supported by combined data from companies producing interlocking equipment. They have identified over 50 different processes that are part of a start-up or shut-down procedure. Pigging operations are an important example of this group, as they have already been internationally acknowledged as highly dangerous procedures where slight mistakes or lack in concentration can have severe and disastrous consequences.

For all these processes, process interlocking applications have been developed, incorporated and proven to be effective by numerous companies in the industry. Unfortunately, none of these applications appear in any of the current legislative standards. A remarkable fact, as the results of human error and mistakes, particularly during start-up and shut-down procedures, can be seen to occur on a daily basis.

International standards

Startup and shutdown procedures are clearly highly dangerous. Human error during these processes should therefore be avoided at all cost, as the effects can be truly disastrous.

International oil & gas companies such as Shell, Total, ADCO and PETRONAS have recognized this, and subsequently incorporated strict procedures into their engineering practices, reference documents and project guidelines. They have also implemented mechanical interlocks on a wide scale. Their procedures leave no room for different interpretations and process interlocking quite often is a formal and mandatory provision to ensure strict adherence to procedures on critical operations, such as start-up and shut-down procedures, relief valve change over and pigging operations. Following the installment of these procedures, these companies established excellent safety records and were able to substantially minimize accidents and spills.

Creating business opportunity by avoiding spills and production loss

Recent incidents and accidents have led to increased regulations on process safety. Quite often, and just as in RP 75, these regulations are broad in scope and primarily focus on the identification and management of safety hazards. What’s good about new regulations such as those in SEMS II is the attention which is given to changing company culture with regard to safety, accepting human error as an important aspect to take into account.

Netherlocks MRL interlock

Valve interlocks effectively guide operators through a designated procedure and create better overall safety awareness

This acceptance is of huge importance and creates a challenge for all parties involved, but one with great rewards at the end of the road. US oil and gas companies are expected to follow the path that has already been set out by the BSEE, and changing company culture regarding safety (as advised by BSEE) will probably be the next challenge.

Importantly, as a result of this change in culture, human error will be accepted as an important factor in process safety. This will on its turn open the ‘mindset’ for products that contribute to safety explicitly by eliminating human error. These products will not limit operation as sometimes is argued, but effectively guide operators through a designated procedure and create better overall safety awareness.

On a national level, implementing some of the new codes and practices on process safety will directly lead to results; economically, environmentally and with regard to process safety. The advantages for individual operator companies are obvious: they will benefit with improved safety track records, large cost reductions and less production loss, with all the boons to business those important elements provide.

  1.  Playing it Safe – an AVEVA Business Paper – How Information Management technology is essential to meet more stringent Process Safety and Regulatory Compliance
  2. Sherman J. Glass, Jr., President, ExxonMobil Refining & Supply Company, National Petrochemical & Refiners 2009 Conference, Keynote Address, May 12, 2009
  3. PEC – SEMS Plans – Keeping the Equipment Running Safely

Click here for a PDF version of this article

 

Tags: , , , , , , , , , , ,