The Swiss cheese model is often used to represent process safety. The individual slices represent different defenses or barriers, and the holes represent the potential for a barrier to fail. If the holes should align, all barriers will fail and the hazard consequence will be realized. Weaker barriers have bigger or more holes than stronger barriers. It usefully captures the idea of layers of protection, and of these being invoked in the order corresponding with the layer sequencing, but it relies upon the abstract notion of dynamic holes that vary in size and location, and, in illustration, it requires a perspective drawing. It is an appealing illustration that immediately conveys the primary concern of multiple concurrent failures; it is perhaps less good at representing the integrated nature of process safety.
Barriers or defenses that consist of multiple elements are sometimes thought of as chains because the elements must all work together if the barrier is to be effective. This is not really an accurate analogy, however. “A chain is only as strong as its weakest link,” because each link carries an identical load. This is not true of process safety protection chains. In terms of protection, the strength of a chain link-element relates to the probability of its failing when needed. If the strength of a link is increased (the probability of failure reduced), the strength of the entire chain is enhanced because the strength of a protection chain corresponds with the aggregate probability of failure of all the link-elements. The all-work-together concept is potentially useful for our purposes in modeling protection, but the “weakest link” notion is so strongly associated with chains that this militates against their adoption.
As an alternative, we might adopt a model of a “suspended load,” which might be considered as more complete in representing the idea of an integrated system. In this model, which can be illustrated without using perspective, process safety is represented as an arch carrying a suspended load that represents process hazard. The arch represents inherent safety—those design provisions that mean there is a low danger level even if the active systems should fail; a load-hazard above the arch cannot be realized as long as the inherent safety provisions are maintained. (But it may be realized if uncontrolled changes are introduced that undermine the inherent safety provisions.) If the suspended load is dropped, the hazard event will be realized. The load is suspended by a number of cords, each of which represents a different defense or barrier. These cables are of different lengths. The shortest will carry the load; but, if it should fail, the load will transfer to the next shortest. The cords may also have different strengths, corresponding with their probability of failure. A typical arrangement would be a pressure-control system backed up with a high-pressure trip function, backed up, in turn, by a relief system. In normal operation, the load is carried by the control system and the other cords are slack. It is only if the control system cord should fail that the load is placed upon the high-pressure trip cord. If that cord should fail, or be disconnected by an override, the load will be placed upon the relief system cord. If all cords are compromised, the load will be dropped and the hazard event will be realized.
Read the full story here
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
11 - 12 Sep 2019
- Bakersfield, California, USA
Combine engineering with computer programming in this 2-day course
1 Nov 2019
- Bali, Indonesia
Registration Coming Soon
9 - 11 Nov 2019
- Abu Dhabi, UAE
The programme combines expert input, case studies, and immersive scenarios from the E&P and other industries to embed your learning and enable you to progress to the next level of your career.
10 Nov 2019
- Abu Dhabi, United Arab Emirates
Safety Leadership focuses on the ‘Human Factors’ (HF) which complement technical training to optimize reliability, safety, compliance, efficiency and risks within a team-based environment.
This course will help you develop a better understanding of factors that could impact your daily economic decisions as well as establish a new set of applicable tools to use in your professional career.
Through this workshop, attendees will go through the different processes involved in strategic planning including the elements of organizational SWOT, business scenario and options development, elaboration of strategic options and communication to stakeholders.
3 Oct 2019
- Calgary, Alberta, Canada
Being Human - reserve your place at this one-day course
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2019 Society of Petroleum Engineers, All Rights Reserved.