(As for what scenarios do belong in the Design hazard register, an illustrative (but facetious) example is dropping the theodolite on your foot).The 2004 film Primer has a notoriously complex plotline. In one scene, our protagonists load the parts for a time machine into a second time machine, to travel back in time and build the first, time machine in the past. If you lose track, it can quickly become bafflingly impenetrable.
I’m often reminded of this movie and its many intertwined timelines, when thinking about Safety in Design reviews. We aim to avoid some harmful event, off in the future during the operating life of an asset. The seeds of this hazardous event are often sown some time earlier, maybe in the components that were chosen for construction. Earlier still, the design phase of the project had an opportunity to pre-empt this, by planning the right procurement specs. And we sit at an even earlier vantage point, here in the present day, with the task of foretelling all these future events. How on earth are we going to keep track of all this?
All formal methods of hazard identification involve some way to slice and dice the information at hand, to allow us to work with bite-size chunks one at a time. In a HAZID, we may use a prompt list of hazard types. In a HAZOP, we divide the plant into nodes and use process deviation guidewords. In FMEA, we consider the positive intent of each component, to get at its logical opposite. These methods are necessary to systematically work through the whole system and leave no gaps. But when applied across a design project, or across the life cycle of an asset, this takes on an extra dimension: Time.
When carrying out a Safety in Design review, in addition to the physical portions of our system, we must also define when we are looking at – and what that even means. What do we consider in the construction stage? Are these the hazards of a construction site – suspended loads, heavy machinery, open pits? Or are we talking about the future hazardous events introduced at construction – a faulty weld on a vessel, for example, or a flange bolt not torqued up? In some sense these all ‘happen’ at construction time, and yet they are two fundamentally different categories. Without a crisp ruleset for a review, we may find ourselves jumping around, leaving gaps, and generally getting in a muddle.
I believe there’s only one coherent choice of timeline around which to orient these reviews: the timeline of the harmful event. With each stage of the life cycle we examine, we must ask “what harm could occur, in that moment?” This provides a concrete, unambiguous point in time around which we can anchor the scope of our safety reviews: the defining moment in time is the moment somebody gets hurt.
|
|
|
|
| THIS online SAFETY IN DESIGN course is to train the course participants to actively participate in SiD workshops. | Find out about our upcoming DEMONSTRATING SFARP/SFAIRP training course HERE! | Our 2-day HAZOP LEADER course is IChemE approved, find out more HERE! |
Under that structure, the examples above then fall neatly into place: the suspended loads, heavy machinery and excavations live in the construction stage, since that is when they might hurt someone. The defective vessel weld and the untorqued flange bolts live in the operating stage: that is when they might hurt someone, because that is when they contain the process hazard.
I have seen Safety in Design registers in use at some companies that attempt other arrangements of the timelines, and unfortunately from what I have seen they do not usually achieve a structured, systematic outcome. The Design stage hazard register, in particular, can become a hodgepodge of miscellaneous scenarios affecting all future states of the project and the asset. If we try to include design error as a design hazard, this becomes equivalent to asking “What are all the mistakes we’re currently making?”. This is far too broad a question to have any chance of systematically revealing all the issues. (As for what scenarios do belong in the Design hazard register, an illustrative (but facetious) example is dropping the theodolite on your foot).
Getting this right relies on being more than usually fussy about hazard terminology. The hazard is strictly the thing with the intrinsic potential to cause harm. Take, for example, a material defect: this is not a hazard. Nobody has ever said “ouch, this failed Charpy test took my eye out” – at least not without a substantial chain of events in between. The hazard is, for example, whatever nasty stuff we’ll be passing through the plant during operation. The material defect is a threat, associated with this operational stage hazard.
As long as we define a clear interpretation of the timeline of our review scope and properly distinguish our strict hazards from their surrounding terms, then it is possible to build up a robust and systematic forecast of the issues our project must address, even into the far-flung future. We can then work backwards to our control measures – both in the field and in our project execution – and make plans to improve them while we still have the chance.
If you need to develop yourself in this area, the Safety Solutions Safety in Design training course covers:
- How to accurately define and diagnose the hazards,
- How to systematically structure the hazard reviews,
- How to incorporate SiD reviews from day one of project planning,
- How to ensure the project execution systems will manage the SiD workshop findings.
FInd out more about our SAFETY IN DESIGN COURSE HERE.