(9a) Lifecycle Management of Protection Layers and Safeguards

From project inception to continuous plant operation a stream of safety studies will be conducted on the process, and the identified hazards will have to be either eliminated or reduced to an acceptable risk level. This risk level needs to be maintained at an acceptable level throughout the lifecycle of the plant. As changes occur and time passes the safeguards and protection layers start getting disconnected from the intent of the safety studies. This happens for many reasons but mainly because on proposing and implementing the layers of protection, the assumptions and intent made during the study are not explicitly attached to the specification of the equipment, instrumentation, or procedures. This is aggravated when the recommendations coming out of a study are implemented in a different manner as the recommended one or a totally different solution is adopted. Furthermore, the same equipment may be part of different safeguards in different studies.

A Hazards Register database would be used to contain all the pertinent information related to the risks assessed during all the safety studies performed by the company, whether a PHA, or a MOC review, or an incident investigation. The resolution of each hazard should be available in the Register, and not only the latest resolution but also its evolution (history) starting from the original study. Thus, the assumptions made at every step are kept throughout the life cycle of the plant. The Register should also automatically provide metrics that allow to manage outstanding recommendations and automatically recalculate relevant risk information (e.g., cumulative probability of failure on demand, pfd, from a LOPA study). It should be able to import data from any type of safety study and to export all or part of the data for other uses (e.g., instrument specifications, SIL verification). In order to be effective, the Hazards Register should be easily accessible, be capable of simultaneous use by all plant personnel, and be fully and effortlessly searchable. Such a system was successfully used in a very large project in which over 9,000 safeguards and their justifications were managed. At the end of the project the Hazards Register was transferred to the operating company for continued management of the process risks.