HIMA’s Jamie Hudson addresses functional safety and the technical aspects of safety case submission under Singapore’s new major hazards installations regulation.
In Singapore, MHIs comprise of petroleum refining, petrochemical manufacturing facilities and chemical processing plants. Image from HIMA.
Singapore’s Ministry of Manpower has introduced a set of major hazards installations (MHI) regulations under the Workplace Safety and Health Act, to be implemented from the last quarter of 2017 through 2019. The core feature of the MHI regulations is the safety case regime where the submission of a safety case is compulsory.
A safety case is a structured argument produced by an MHI operator which identifies the hazards and risks that may lead to a major accident; describes how the risks are controlled; describes the safety management system in place to ensure controls are applied in a consistent and effective manner; and demonstrates that all major accident risks have are as low as reasonably practicable (ALARP).
MHIs are permitted to engage external consultants with relevant experience to help in the preparation of safety case submission. However, responsibility for the safety case lies with the MHI themselves. The external consultants can also help to build in-house capability so as to maximize benefits from the safety case implementation and to support future reviews. The safety case documentation needs to be kept current.
The MHI Regulations come under the purview of the new National MHI Regulatory Office (NMRO), Ministry of Manpower. For the industry, the NMRO will act as a single regulatory body for all safety, health and environment matters in MHIs. The NMRO will have the authority for the oversight and intervention to safeguard the integrity and safety of MHIs.
What are MHIs?
MHIs are premises where there are processing, manufacturing or bulk storage of any of the government-controlled dangerous substances. Also, another additional condition for the classification as a MHI is that the quantity of these dangerous substances would be at a predetermined level.
In Singapore, MHIs comprise petroleum refining, petrochemical manufacturing facilities, chemical processing plants and installations where large quantities of toxic and flammable substances are stored or used. There are currently around 110 MHIs in Singapore.
Safety case approach
The safety case regime ensures that MHIs take on greater responsibility for the risks they create while at the same time, giving MHIs the flexibility to tailor their risk mitigating measures to best suit their needs. The safety case regime is also used in Europe, UK and Australia for the management of MHIs.
The regime also demonstrates to the relevant authority that the MHIs have control measures in place to prevent major accidents or limit their consequences. To achieve this aim, MHIs must systematically examine their facility, and assess the potential for major accidents. The safety case should list what systems and precautionary measures the MHIs have in place or are going to implement to prevent major accidents.
A well-constructed safety case will demonstrate that MHIs have assessed their control measures and how organizational, technical and human factors contribute to safety in their installations. It also shows that MHIs have arrangements in place to rectify any shortcomings identified. Therefore, through the preparation of the safety case, MHIs demonstrate how they meet the fundamental obligations under the Regulations for the prevention and limitation of major accidents.
Key regulatory requirements
There are several key regulatory requirements when it comes to documentation for the safety case, one of which is the technical aspects. This section will focus on the technical aspects. The technical aspects are concerned with the measures MHIs have put in place to prevent or mitigate against major accident hazards, and to limit their consequences to people and the environment.
The end goal is to demonstrate that the risk of major accident hazards have been reduced to a point where they are ALARP. In other words, the risks are at a level that is perceived as acceptable to workers and the general public.
There are five main elements, relating to the life cycle of the MHIs, to be considered when demonstrating how MHIs prevent major accidents or limit their consequences. The five are design, construction, operation, maintenance and modification or decommissioning.
For the technical aspects, there are four criteria that the authority will look out for during assessment of safety cases. These include process safety, mechanical, human factors, and electrical control and instrumentation (EC&I).
Process safety aims to ensure that suitable process safety techniques are included in the design and operations. For example, were the hazard identification studies carried out adequate? Were inherent safety design principals considered before prevention and mitigation strategies? The mechanical engineering assessment looks for demonstration of adequate mechanical integrity, within the design and ongoing operations.
While human factors require demonstration that measures have been taken to prevent foreseeable human, EC&I assessment is to ensure the safety instrumented systems protecting the MHI meet functional safety standards. Within EC&I functional safety is a priority item.
If the MHI is relying on a safety instrumented system, then demonstrating the risks are ALARP will be impossible without demonstrating functional safety has been achieved. Typical systems protecting MHIs may include emergency shutdown systems; burner management systems; turbine shutdown systems; fire and gas systems; and high-integrity pressure protection systems.
Functional Safety is focused around ensuring safety instrumented systems are available and ready to respond during a major accident event. Should the safety instrumented systems fail to respond correctly during one of these events, it could lead to the realization of catastrophic consequences.
One of the critical infrastructures where functional safety is crucial is the liquid natural gas (LNG) storage facility. Let’s consider some examples: Leaks in piping or equipment handling LNG can lead to the loss of containment. With the potential for ignition, this can result in a fire or vapor cloud explosion that has devastating consequences. Fire and gas detection systems typically provide a key control measure to prevent this major accident scenario from developing.
Storage and processing of LNG requires a significant amount of electrical power. Facilities often operate their own gas turbine generators to meet these power needs. Gas turbine failure can lead to a fire or explosion, with the potential to result in fatalities, and/or the destruction of property.
This can also cause significant downtime costs when the facility is unable to secure alternative power supplies during rebuilds. Turbine shutdown systems are often used as a key control measure to prevent turbine safety critical events from turning into a major accident scenario.
In both of these LNG examples, we are also likely to rely upon a plant emergency shutdown systems to bring the plant to a safe state, and prevent further escalation of events. In order to ensure the abovementioned Safety Instrumented Systems are available and can respond correctly, they need to be designed and maintained in a manner that minimizes the potential for fail In both of
these LNG examples, we are also likely to rely upon a plant emergency shutdown systems to bring the plant to a safe state, and prevent further escalation of events. In order to ensure the abovementioned Safety Instrumented Systems are available and can respond correctly, they need to be designed and maintained in a manner that minimizes the potential for failure or error.
Functional safety standards help to ensure consistent and robust processes are developed and followed throughout the systems lifecycle, from concept – analysis, design, implementation, operation and maintenance, modification and decommissioning. This ensures due consideration is given to minimize the risk of failures or errors, such as hardware failures, software failures, human errors, or environmental influences.
Following functional safety standards allows operators to design and maintain safety instrumented systems that provide a desired level of risk reduction. As such, these systems typically form a critical aspect of any ALARP demonstration. Therefore, when addressing the technical aspects of their safety case, MHIs are required to demonstrate functional safety has been adequately addressed for all relevant phases of the systems lifecycle.
The Ministry of Manpower has provided examples of functional safety documents MHIs could cite to provide this demonstration. Examples include safety integrity level assessment records, sample safety requirements specification, sample of safety instrumented systems competency records, functional safety assessment, safety instrumented systems proof test, proof test records, and safety instrumented systems management of change records.
Jamie Hudson is the principal safety and risk engineer at HIMA Consulting. He holds a master’s degree in process safety, and is a TÜV Certified functional safety expert. Hudson possesses experience in process and functional safety including HAZID/HAZOP, LOPA, SIL Assessment, SIL verification, functional safety management, and operations and maintenance across oil and gas and mining sectors. He can help MHIs to understand the role of functional safety within the technical aspects of the safety case regime, through consulting and training.
AOG Digital E-News is the subsea industry's largest circulation and most authoritative ENews Service, delivered to your Email three times per week