Process safety deals with the low-likelihood, high-severity scenarios, typically in the realms of occurring once every 1,000 to once every 1,000,000 years. But what about events that are even less likely than that, events such as meteor strikes or plane crashes on-site. Since the likelihood of those events occurring is so inconceivably low can we just label them as ‘not-credible’ and be done with them?
What is process safety?
Process safety deals with the high-severity, low-likelihood scenarios, such as fires, explosions, and other catastrophic events that can cause serious harm to people. These events are typically very low frequency hazards, in the realms of once every several thousand or hundred thousand years.
However, the causes for these events are typically quite common, with frequencies commonly around once every 10 years, and only by the use of control measures is the final event frequency reduced to those extremely low values. The whole purpose of process safety is to tease out those control measures and make sure they are adequate and being taken care of properly.
At what point in the realms of possibility do we stop?
Some high-severity scenarios start with very low likelihood causes, for example a meteor strike. These events are not technically impossible; however they have a likelihood that is significantly lower than those of typical process safety events, only one person has ever been recorded as being killed by a meteor strike.
So is it fair to say something like a meteor strike on a facility is so improbable that it’s not worth considering? Is it fair to call it ‘not credible’? to answer that we need to first have a look at how people perceive low probabilities.
How humans perceive big and small numbers
One of the major challenges when dealing with process safety is that humans have a hard time conceptualising extremely large and small numbers. When dealing with event frequencies spanning several millennia, it becomes difficult to grasp the relevance of a scenario.
For example, the chance of winning the biggest prize in lotto off a 10-line ticket is one in 3.8 million, whereas the chance of a pregnancy resulting in quadruplets is one in 700 thousand – 5.4 times more likely than getting that winning ticket. Both seem unfathomably low, but both occur throughout the world quite often.
So what do the regulations say?
Many countries use a ALARP or SFAIRP regime for process safety risks, that is, the risks must be eliminated or minimised asl low as reasonably practicable. So if we have identified a meteor strike being possible, albeit extremely unlikely, we would need to ensure we have done everything we reasonably can to reduce that risk.
ALARP and SFAIRP is a complex subject, and deserves a blog post of its own, however for the purpose of this discussion I will simplify it down into a few main points. As follows:
We must understand what the hazards and risks are, what is known and what ought to be known
We must comply with relevant standards, codes, and apply good industry practice
We must have considered all reasonable means to reduce the risk, and apply control measures where we reasonably can
The first part is somewhat straightforward, we need to understand what things can go wrong that might result in harm, and we need to understand what the risk is for those events occurring. Going back to the meteor strike example we have identified it can happen, it can be fatal, and the likelihood of it occurring is pretty low.
Once we have figured out what our risks are, we can then determine whether there are any applicable standards and codes we must comply with, and what industry practise is for managing those risks. For our example, I don’t imagine many organisations are doing anything special to protect their workers from meteors, and as far as I’m aware there’s not any established standards or codes for that are too relevant to us, it appears that there’s not anything for us to do here.
The last point involves looking at what control measures we might possibly implement and figuring out whether we ought to implement them. I suppose we could move all of our offices to underground bunkers; however, this isn’t really practical. Based on the level of risk reduction we might achieve with this control measure; I don’t think the cost is wholly justified.
So there is nothing we can reasonably do?
Often when dealing with these extremely low-likelihood external events such as these, there’s not really anything that we can practically do to reduce the risk further. In fact, we most likely have other hazards which have much higher risk that we ought to be focusing on.
That’s not to say we don’t need to consider these types of events at all though, after all it doesn’t hurt to talk about it, record that we considered it, and made a judgement call that there’s nothing more we can reasonably do for it.
So what’s the answer?
So do we need to include risks like meteor strikes In our safety assessment? The answer is technically yes, but not really…
We do need to be aware of all hazards that could cause serious harm at our site, and consider what steps we can reasonably take to reduce or eliminate the risk of those hazards. However, the extent at which we consider each hazard should be appropriately proportionate to its risk, we don’t want to spend all of our time worrying about meteor strikes if we have much greater risks within our facility.
In conclusion, it doesn’t hurt to bring these types of events up during hazard identification, and make a judgement as to whether any further assessment is required for them. A good HAZOP facilitator will be able to direct the workshop through this process then and there, and then move on to the more relevant hazards in the system.
HAZOP preparation checklist
To help with your hazard identification process, we have developed a HAZOP preparedness check list that we use when running HAZOPs for clients. This check list helps to ensure everything is ready on the day for a HAZOP workshop to run smoothly and efficiently.