Safety, or Safety Critical ?

The identification and management of

Safety Critical Elements (SCE)

Wayne Repich, James Birch

• Presenter 1, Presenter 2, Presenter 3

• Conference name, location, etc.

Copyright BakerRisk. All rights reserved.

Agenda

• Introduction
• Who is BakerRisk ?
• The importance of Safety Critical Elements (SCEs) as protective barriers to prevent Major
Accident Hazard (MAH) events.
• How to identify SCEs, and understand their different types and roles.
• Performance Standards for SCEs – defining what they must achieve
• Maintaining SCEs, and how to risk assess the impacts of their impairment.
• Questions

2
Presenters

Wayne Repich James Birch

Global Director, Business Development
Senior Consultant
& Marketing / Communications. Key
BakerRisk Europe Ltd.
Account Program Director. BakerRisk

Houston, Texas, USA Chester, UK

3
 BakerRisk – Why ?

Why ?
• To save lives and make the
world a better, safer place to do
business.

https://www.bakerrisk.com/about-bakerrisk
https://www.bakerrisk.com/egypt/
https://www.bakerrisk.com/about-bakerrisk
4
BakerRisk – Background & Foreground

• 100% Employee-Owned • Global Operations

• Projects completed in 50+ countries
► Founded 1984
• Clients on 6 continents serviced from:
• 125+ Engineers & Scientists • San Antonio
► Two Test Facilities • Houston
• Chicago
• 65 hectares, Scull Crossing
• Los Angeles
• 931 hectares, Box Canyon • Canada
► Materials Lab • United Kingdom
► Joint Industry Programs • Egypt (Registered with EGPC)
• UAE (2024)

5
BakerRisk Organization
• BakerRisk – What We Do
► Process Safety
► Protective Structures/Structural Eng.
► Blast Effects
► Accident Investigations
► BakerRisk Learning Center
► Testing
► Software
► FORTRESS Protective Buildings

• Focused on Catastrophic Events

► Predict
► Investigate
► Test
► Mitigate

6
Process Safety
• Process Safety Management
Process Safety • Gap analysis
Management • Management system development
• Leadership coaching
Quantitative
Risk Leadership • Audit and review
Assessment Development
• Identify hazards
• Analyze fire, explosion and toxic threats to personnel,
occupied buildings and critical equipment
Process • Assess hazards and operability issues
Hazard •
Facility Evaluate layers of protection
Siting Study Analysis
Process • Risk Assessment
• Analyze the risks
Safety • Quantify risk exposure, both on- and off-site

Layer Of Hazard • Risk Management & Reduction

Protection Identification • Risk reduction options
Analysis (HazID) • Cost benefit analysis
• Improvement action planning
HAZOP

7
Our input to Process Safety Knowledge
Specialist research programs created Authoring and contribution to books Validation testing for industry
and managed by BakerRisk for over on process safety topics: standards on facility siting (API 752/
40 member companies since 1993 753/ 756)
• Explosion Research
• Pressure Testing
• Ammonia & Fertilizer

Grounds, C., Moosemiller, M., Thomas, J.K., 2020.

Historical Overview of Facility Siting. Process
Safety Progress, 39(3)

Joint Industry Research Programs CCPS Guidelines Book Series Standards Testing & Validation

8
Where we work

• Industry & Safety organizations : AIChE, API, ASTM, ASME, CCPS, EPSC, IChemE, NFPA, Energy Institute.
• Conferences and working groups: Safety in Ammonia Plants symposia, IChemE Hazards, HazardEx, EGYPS, FABIG, GCPS, Qatar
Process Safety Symposium, HF Alkyl Industry Forum, OPERA, Mary Kay O’Connor Safety Centre.

9
The importance of Safety Critical Elements (SCEs)
as barriers to prevent Major Accident Hazard (MAH)
events.

Copyright BakerRisk. All rights reserved.

Safety, or Safety Critical ?

“If you think safety is expensive, try having an accident.

Accidents cost a lot of money.”

Trevor Kletz, “The Father of Process Safety”

11
 Safety, or Safety Critical ?

• Following this wisdom, we employ large amounts of resource to

implement and maintain safety features in our plants and
management systems.
• However, which of these truly qualify as “safety critical” ?
• Making the right choices when identifying them is important –
• If non-critical elements are identified as safety critical, then the costs and maintenance
burden will be too high, and there is a risk that the system will be devalued.

• However, if the reverse occurs, then lives, businesses and the environment will be
exposed to an unacceptable level of risk.

12
 Definition

A Safety Critical Element (SCE) is:

• any part of a facility, plant, or computer program which, if it fails, could cause or contribute
substantially to causing a Major Accident Hazard (MAH) event,
or
• any part of a facility, plant, or computer program, the purpose of which is to prevent or
limit the effect of a MAH.

13
 Other “Safety Critical” concepts
• Safety Critical Equipment is a term used at the asset tag level to identify components within a Safety Critical
Element which are key to its operation, e.g., one of many gas detectors that is part of a gas detection SCE.

• Safety Critical System (SCS) refers to the collected protective system formed one or more SCEs, which may
include administrative protections such as Safety Critical Procedures (SCP) (for example, safety permit system).

• Safety Critical Tasks (SCT) are human activities which play a major part in protecting against MAH events (for
example, the testing of firefighting equipment).
• While the same concepts that apply to SCEs also apply to Safety Critical Procedures and Tasks, it must be remembered that these rely
on people – and are therefore open to human limitations – often referred to as “human failings” or “human error”.

• For Safety Critical Tasks, it may be necessary to address these considerations using techniques such as Human Factors, or Safety
Critical Task Analysis (SCTA). These techniques will be discussed in more detail during a future webinar.

• ECE – Environmentally Critical Elements – the same concept as SCE, but focussed on environmental
protection.

14
Layers of Protection

• Major Accident Hazards are so serious, and so significant, that we cannot risk them being
caused by one single failure.
• A key principle of Process Safety Management is the use of “multiple, diverse layers of
protection” (also known as “defence in depth”) to protect against MAH events.
• This approach provides many opportunities to try and prevent, or control, or mitigate the
MAH event – and so manage the risks that they present to an acceptable level : As Low As
Reasonably Practicable (ALARP).

15
Layers of Protection / Barriers
 The “Swiss Cheese” model for barriers

• Barriers will not be perfect.

Engineering Controls
• The Swiss Cheese model represents
safety barriers as layers of slices
with potential weaknesses (holes). Engineering ControlsControls
Administrative

• Accidents occur when these holes

Behavioural Controls
align, or grow in size so that they
align - hence the need for multiple
layers of defense and continuous Post-incident mitigation
improvement to prevent failure
pathways in complex systems.
Monitoring barrier health using a combination of leading and lagging
metrics is a key approach within Process Safety Management
Active or Passive ?

Layers of Protection and SCEs fall into two groups:

• Passive systems – which do not require energy in order to operate.
• For example, process containment, blast walls, passive fire protection, escape routes.
• These SCEs are measured by their dimensions, quantity, condition etc. and so are verified by
inspection.

• Active systems – which require energy in order to operate.

• For example: Fire and gas detection systems, Emergency Shutdown Systems / Depressurisation
Systems, Active Fire Protection such as deluge.
• These SCEs must initiate an action on demand – and so their performance is demonstrated by testing

18
The Importance of SCEs – Key Points

1 Safety or Safety Critical ?

SCEs are key protective components that
2 Layers of Protection
MAH events generally have multiple
play a major role in the prevention and potential causes. Multiple, diverse layers
mitigation of MAH events. of protection are required in order to
manage risks to As Low As Reasonably
Practicable (ALARP)

3 Swiss Cheese
Layers of Protection – Barriers – are not
4 Active or Passive ?
Passive SCEs do not require energy in
perfect, and have weaknesses that must order to operate. Active SCEs require
be managed. To ensure that SCEs remain energy and function on demand. A
robust, assurance and verification checks combination of these systems gives
must be carried out “defense in depth” against MAH events

19
How to identify SCEs, and their different types and
roles.

Copyright BakerRisk. All rights reserved.

The Stages of a MAH event

Escalating consequences of SCE failure

Emergency
Prevention MAH Detection Control Mitigation
Response

Now, considering each stage in turn

21
The Stages of a MAH event - Prevention

Emergency
Prevention MAH Detection Control Mitigation
Response

Structural
Structural / Foundation Integrity. Support of facilities.
Integrity

Prevention of Process Pressure & thermal relief devices, Process containment, Pressure vessels,
the incident Containment Piping and valve systems, Level control

Hazardous Area equipment / ventilation, Ex rated equipment, Inerting,

Ignition Control Fuel gas purge, Electrical earthing & bonding, Fixed and portable ignition
controls

22
The Stages of a MAH event - Detection

Emergency
Prevention MAH Detection Control Mitigation
Response

Gas detection
Fire detection
Purpose : To
Toxic gas detection
Detection of detect that
Corrosion detection
the incident other systems
Storage tank (high) level / Overfill detection
have failed
Process control, alarms and annunciation
(Liquid) leak detection

23
The Stages of a MAH event - Control

Emergency
Prevention MAH Detection Control Mitigation
Response

Purpose : To High Integrity Pressure Protection System (HIPPS)

Control reduce / Emergency Shutdown Systems (ESD)
eliminate the Emergency Shutdown Valves (ESDV)
(Regain
risk of
control of the escalation and Remotely Operated Shut-off Valves (ROSOVs)
incident) return to safe Emergency depressurisations (blowdown)
state Reaction shutdown / kill

24
The Stages of a MAH event - Mitigation

Emergency
Prevention MAH Detection Control Mitigation
Response

Explosion protection (e.g. flame propagation barriers)

Protective Blast barriers
Systems
Mitigation Deluge system
Venting provisions
(Mitigate the Purpose : Prevent
exposure to the Fire water pumps / fire water distribution / monitors / hydrants
impacts of Fine water spray / sprinkler / foam systems
event and reduce
the incident) the severity of its Fire suppression systems (gaseous or powder)
consequences Power management systems
Breakaway couplings

25
The Stages of a MAH event – Emergency Response

Emergency
Prevention MAH Detection Control Mitigation
Response

Emergency Sheltered Area / Safe Refuge / Primary Muster Area

Response Emergency Power (generation and distribution) / UPS
Escape routes / Emergency signage & lighting
Emergency Purpose : Manual firefighting equipment
Minimise the Internal, external and emergency communication systems
Response effects of the Bunding / Drains / Secondary (Tertiary) containment
(Save Lives) incident Emergency breathing supplies
Personal survival equipment (offshore), escape sets
Life Saving Rescue facilities & vehicles

26
Categories of SCE

From this assessment, eight categories of SCEs are identified:

1. Structural Integrity.

Prevention
Note: Major Accident Hazards are “Low frequency, High
2. Process Containment. consequence” events, often capable of causing multiple
3. Ignition Control. fatalities, and generally have multiple causes.

Occupational / personal safety incidents are “High

4. Detection Systems. frequency, low consequence” events and are often caused
5. Control (Shutdown) Systems. by a single point of failure or action.

Mitigation
Such incidents are addressed by risk reduction measures
6. Mitigation (Protection) Systems. which address such hazards as manual handling, slips,
7. Emergency Response. trips, noise etc. Such measures should not be considered
as SCEs (or SCSs).
8. Lifesaving Equipment.

27
 Identifying SCEs
•Safety Critical Elements can be identified by using :
• Checklists (from the eight categories previously
shown)
•Safety studies, such as:
• Hazard Identification (HAZID) Studies
• Hazard and Operability (HAZOP) Studies
• Simultaneous Operation (SIMOPS) studies
• Layer of Protection Analysis (LOPA)
• Safety Integrity Level (SIL) determination
• Quantitative Risk Analysis (QRA)
•And
• Barrier Analysis (e.g. Bow Tie diagrams)

Project 01-XXXXX-00X-XX, DATE 28

Protecting against multiple causes for MAH
events
One MAH event – such as a fire caused by loss of containment of a liquid hydrocarbon – can
have many different initiating events, e.g.
• Overflow of the storage tank
• Corrosion
• Failure of pump seals
• Passing valve
• Vehicle impact
We can design barriers with SCEs against each of these threats, to give a series of diverse layers of
protection.
How to visualize, and analyse, how these different barriers may interact ?
How to check if we have under- or over-specified the degree of protection ?

29
The Stages of a MAH event

Escalating consequences of SCE failure

Emergency
Prevention MAH Detection Control Mitigation
Response

MAH
Prevention
The “Top” Mitigation Barriers
Barriers
Event

30
SCE Barrier Analysis

MAH MAH
Prevention
Prevention Barriers
The “Top” The “Top” Mitigation
Mitigation Barriers Barriers
Barriers
Event Event

“Bow Tie” diagram

Prevention Mitigation
Barriers Barriers

31
Bow Tie Diagram

• Bow Ties provide a clear,

pictorial representation of
what types of barriers in
place.

• They are valuable for

identifying equipment
criticalities, personnel
responsibilities and for
training purposes.

• Bow Ties will be covered in

more detail during a future
webinar

32
Criticality Ranking

• In order to prioritize investment of resources, in particular maintenance effort, it

may be necessary to carry out ranking of SCEs.
• EGPC-PSM-GL-007 Safety Critical Element Management Guideline, and EI
Guidance outline the following approach:

MAH
SCE Consequence Redundancy
Criticality = Functional
* of Failure score * score
Role score
1 to 7 - Low
8 to 16 - Medium
= 1 to 4
* 1 to 3
* 1 to 3

17 to 36 - High

33
Definitions – Scoring system
Severity of Consequences Description Consequence of
MAH Management Functional
of Failure of SCE Failure Score
Functional Role of SCE role score
Multiple fatalities and/or
Prevention 4 Disastrous 3
extensive plant damage.
Detection 3 Single fatality and/or many
Control and mitigation 2 Catastrophic serious injuries and/or 2
significant plant damage.
Emergency response and Many injuries and/or local
1 Major 1
life saving plant damage.

Functional
Redundancy of SCE SCE Criticality Score SCE Criticality Rank
role score
No other SCE that duplicates the full 17-36 High
3
functionality of the failed/unavailable SCE
SCE design has provision for redundancy 2 8-16 Medium
An alternative SCE can provide full
1 1-7 Low
functionality of the failed/unavailable SCE

34
Summary – Identifying SCEs

To summarise, SCEs can be identified by :

• Category checklists
• Safety Studies
• Barrier Analysis

35
Identification of SCEs – Key Points

1 Stages of a MAH event

If prevention measures fail, and a MAH
2 Categories of SCEs
1. Structural Integrity. 5. Control (Shutdown) Systems.
event occurs, the next stages are : 2. Process Containment. 6. Mitigation (Protection) Systems.
Detection; Control; Mitigation and finally 3. Ignition Control. 7. Emergency Response.
Emergency Response 4. Detection Systems. 8. Lifesaving Equipment.

3 Criticality Ranking
A criticality score for SCEs can be
4 Bow Ties
Bow Ties provide a clear, pictorial
developed, based on their role in representation of what types of barriers in
addressing a MAH event, the possible place which is valuable for overall
consequence of their failure, and an understanding of SCEs, SCSs and their
assessment of redundancy in their design interactions

36
Performance Standards for SCEs – defining
what SCEs must achieve

Copyright BakerRisk. All rights reserved.

The Performance Standard

The Performance Standards sets out what the SCE must achieve:
• The key properties that it must have, in order to remain effective at managing the
MAH over time.
• The levels of performance that it must achieve.
• The assurance activities required to meet that level of performance.
• The verification activities that may be required.

38
The Performance Standard

The Performance Standards sets out what the SCE must achieve:
• The key properties that it must have, in order to remain effective at managing the
MAH over time.
• The levels of performance that it must achieve.
• The assurance activities required to meet that level of performance.
• The verification activities that may be required.

This section will consider the first two points above.

39
What properties must a SCE have ?

For a SCE to achieve its purpose, we must define its:

• Functionality – What must the SCE do with respect to MAH Management ?
• Availability – The proportion of time that the SCE must be able to perform its function
• Reliability – The likelihood of the SCE performing on demand (cf. failure rate)
• Survivability – The MAH event(s) that the SCE can survive and still perform its function
• Interactions (and Dependencies) – What interactions with other systems (usually also SCEs)
are required to function at the same time, or those upon which the functions directly
depend.
FARSI / FARSID
40
 Performance Standard

Criteria may be Quantitative or Qualitative:

• Quantitative criteria should include measurable performance, with units, for example:
• “Each firewater pump shall deliver a minimum acceptance flow of [volume] m3/hour at [pressure]
barg within [number] minutes of actuation at [location]”

• Qualitative criteria could be set, for example:

• “Firewater pumps shall be capable of being started by two independent means – manually from the
local control panel or automatically via the emergency control panel”
Both forms may be necessary to fully define the requirements.

41
FARSI - Functionality

Functionality – What must the SCE do with respect to MAH Management ?

• What is the goal of the SCE ? What must it do ?
• What is its scope (for example, where must it operate ? What are the boundaries
for the system ?)
• What are its performance criteria ? What would the definition of failure be ?
• What must it withstand / be designed against ?

42
 FARSI - Availability

• Availability – The proportion of time that the SCE must be able to perform its function.
• This may be stated as, e.g., unavailability of [number] hours per year or in terms of mean
time to repair (MTTR).
• Given their importance in preventing or mitigating a MAH event, most SCEs should always
be available (high availability).
• Availability is affected by the need to maintain the equipment, either planned or
unplanned, and so in order to give high availability many SCE systems will employ
redundancy or use voting systems.
• If an SCE is subject to maintenance and so is out of use, an operational risk assessment (ORA) should be raised if this is
for a significant period.

43
FARSI - Reliability

• Reliability – The likelihood of the SCE performing on demand (or, conversely, the
likelihood of the SCE failing to perform on demand).
• Reliability may be described as the mean time between failure (MTBF).

44
FARSI - Survivability

• Survivability – The MAH event(s) that the SCE can survive and still perform its
function.
• Any SCE which is mitigative must still be operating after the MAH event.
Preventative SCEs may not require survivability.
• This may can be achieved by the design of the SCE itself (e.g. an explosion-proof
unit) or by its layout within the plant.

45
FARSI - Interactions / Dependency

• Interactions (and Dependencies) – What other systems (usually also SCEs) are required to
function at the same time, or directly depend upon.
• A common cause failure is where several SCEs are impaired due to one central failure
mechanism – for example, loss of electrical power. (in the example of emergency lighting,
this is why luminaries are specified as “self-powered”)
• In this situation, these SCEs are not independent and so should be considered as a
combined system.
• A diverse selection of SCEs (passive and active) should reduce the risk of common mode
failure.

46
Performance Standards – Key Points

1 Performance Standards
To clearly define the performance required
2 Properties of a SCE - FARSI
• Functionality
of a SCE : • Availability
• Key properties • Reliability
• Levels of performance (including failure • Survivability
criteria) • Interactions and Dependencies
• Assurance requirements
• Verification requirements

Project 01-XXXXX-00X-XX, DATE 47

Maintaining SCEs, and how to risk assess the impacts of
their impairment.

Copyright BakerRisk. All rights reserved.

Maintaining SCEs

The Performance Standards sets out what the SCE must achieve:
• The key properties that it must have, in order to remain effective at managing the
MAH over time.
• The levels of performance that it must achieve.
• The assurance activities required to meet that level of performance.
• The verification activities that may be required.

How to handle impairment

49
 Management Maintenance System for SCEs

The maintenance management system for SCEs should have the capability to :
• Ensure that SCEs continue to meet their performance specification FARSI criteria throughout their life.
• Record SCE inspection, maintenance, testing and repair history, along with passes or failures so that
management Key Performance Indicators (KPIs) can be produced to monitor the system.
• Carry out the repair of failed SCEs, and initiate operational risk assessment for those having degraded
performance.
• Manage SCE repairs to maximize availability (i.e. minimize Mean Time To Repair MTTR).
• Schedule SCE maintenance to maximize reliability (i.e. maximize Mean Time Between Failure MTBF).

50
 Assurance of SCEs

Assurance : “a positive declaration intended to give confidence”

• The assurance process should carry out inspection, maintenance and testing according to the
Performance Standard, including checks on potential failure modes of SCEs.
• The assurance activities must be carried out at the scheduled frequency by competent (i.e. suitably
qualified, experienced and authorized) people.
• For active SCEs, function on demand must be checked – and that the SCE is not left in an impaired
condition.
• For passive SCEs, checks on their continued suitability against degradation, such as ageing, weathering
or corrosion must be made.
• Where SCEs are found in an impaired condition and not immediately repaired, a suitable risk assessment must be
carried out, and appropriate mitigations put in place if required.

51
 Verification of SCEs

Verification : “the process of establishing truth, accuracy, or validity”

• A suitable mixture of verification activities, such as review of records, visual examination of

equipment and witnessing of critical function tests, can be used to give verification of SCEs.

• For each Performance Standard requirement, there should be at least one verification
activity, its frequency, and how it is performed (review, examination, or witnessing)

• Verification is most efficient if carried out with a suitable degree of independence from the
assurance process (e.g., third-party inspection of pressure vessels).

52
 Performance Analysis

• Maintenance Management System should be analyzed, and used

to generate Key Performance Indicators (KPIs) for management
review. Improve Plan
• Typical KPIs might be e.g. failure rate (MTBF), levels of SCE
impairment, return to service performance (MTTR). Check Do
• Data should be trended across the lifetime of the SCEs, and of the
operating installation, to check for degradation or hidden failure
trends.
• Investigations should be carried out into unanticipated demands
on SCEs, or near misses.

53
Impairment

• If an SCE is found not to comply with the Performance Standard – namely, it fails during a
critical function test – then this must be recorded in the maintenance management system,
as either:
• Failed or degraded, or
• Failed or degraded and fixed – confirming that after repair, the SCE met the Performance
Standard.
• In either case, an investigation into the nature of the failure or degradation is required.

• If rapid repair is not possible, then an Operational Risk Assessment (ORA) must be carried
out (see next slide).

54
 Operational Risk Assessment (ORA)

• Is it safe to continue operating ?

• What steps must we take ?
• As with all Risk Assessments, a team approach which allows input from all relevant
stakeholders gives the highest quality result.
• However, it can be very challenging to determine the appropriate initial response –
particularly if not all support resources are available (for example, at 03:00 am).
• Prepared guidance should be available for operational personnel on what actions to take if
an SCE is impaired – this may include immediate unit shutdown until an ORA can be carried
out.

55
ORA Team

• The team must have sufficient knowledge of the purpose of the SCE in protecting
against MAH event(s), the consequences of operating without it in place, and
interactions with other systems, both SCE, SCS and other.
• The minimum technical authorities to be involved in the ORA could be:
• Operational Management
• Process Safety
• Process Engineering / Technical Authorities
• Mechanical Engineering
• (Other specialist disciplines may be required).

56
Risk Level – Key Questions to answer
Does risk Unit shutdown
now exceed required ?
allowable
level ?
Acceptable to implement
mitigations ?

Acceptable operational
SCE risk level ?
Impairment
occurs

SCE return to
duty

57
 Key considerations for the ORA

• It is critical to stress to all ORA participants that ORA is not simply a mechanism by which
continued operation can be justified under any circumstances.
• Whilst guidance provided may not have immediately directed to shut down or limit
operations, this may still be the eventual outcome of the ORA process.
• It is also particularly important to stress to the team that they are undertaking an ORA and
not a Task Risk Assessment - so a Major Accident Hazard mindset is needed, rather than a
personal injury mindset.

Failure of an SCE can have extremely severe consequences and

affect many people.

58
 Information Required

Information required by the ORA Team might include:

• A list of major accident hazard scenarios
• Hazardous inventories
• Significant escalation events
• Significance of other barriers and their actions
• Options for repair, or other possible protections

59
 Example questions to ask in the ORA

• Should the plant or process be shut down?

• What is the impaired system for?
• Under what circumstances would the system be required to work? If these circumstances occur, what will be the
effects of the impairment?
• What can we do to reduce the potential for these circumstances to occur?
• What measures can we put in place to replace the functionality lost due to impairment?
• How effective are these measures likely to be under the circumstances in which they are most needed?
• Is an engineered solution necessary and possible to reduce risk?
• Have all available risk reduction measures been identified and properly considered?
• Where human intervention has been identified as mitigation, is there sufficient capacity and no risk of overload to the
facility personnel?
• Is human intervention practical in the event of an emergency?
• Together, are all of these measures sufficient to manage risk effectively, and for how long?

60
 Visualizing the Information

• Bow Tie diagrams can help visualize the large amount of information required to carry out
an effective ORA.
• So, consideration should be given to having prepared Bow Tie diagrams for each set of MAH
hazards – see:
• EGPC-PSM-GL-006 Major Accident Hazard Management Guideline and EGPC-PSM-GL-013
Safety Case Appraisal Guideline.

• An example is given on the next slide for an impaired SCE level trip on a gasoline storage
tank

61
Bow Tie example

Note that different colours can be used to indicate impaired or less effective barriers

62
Maintaining SCEs – Key Points

1 Maintenance System
Requirements 2 Assurance and Verification
Processes for assurance and verification;
Ensuring that SCEs comply with the Performance personnel competency; monitoring for SCE
Standard; recording performance information degradation; identification of impairment.
and the generation of Key Performance Continuous improvement.
Indicators (KPIs)

3 Impairment and Operational

Risk Assessment 4 Making the ORA Decision
Information requirements; the need for
Understanding the changes in risk level; guidance; visualizing the necessary
composition of the ORA team and key information, interactions and potential
questions to address impacts. Mitigation and remediation.

63
Safety, or Safety Critical ?
The identification and management of
Safety Critical Elements (SCE)

In summary….
• Presenter 1, Presenter 2, Presenter 3

Copyright BakerRisk. All rights reserved.

 Summary

• Safety Critical Elements are critical layers of protection against the consequences of Process
Safety incidents such as Major Accident Hazards.

• Applying diverse types of SCEs, from “Prevention” to “Emergency Response” provides the
most robust protection.

• Performance Standards must define SCE requirements, and failure criteria, and be followed
without compromise.

• Assurance and verification are essential for management of SCEs to maintain performance.

• Operational Risk Assessments are essential if impaired SCEs cannot be repaired promptly.

65
QUESTIONS ?

BakerRisk.com

Copyright BakerRisk. All rights reserved.

CONTACT US

67