Big data of process safety

2.1 Process indicators

Increasing attention has been dedicated to evaluation and monitoring of early deviations through appropriate indicators, as a way to foresee the occurrence of major accidents (Paltrinieri et al. 2016). A number of indicator typologies have been theorized and used.

For instance, Health and Safety Executive (2006) identifies two main categories of indicators: leading and lagging indicators. Leading indicators are a form of active monitoring of key events or activities that are essential to deliver the desired safety outcome. They represent early deviations from the ideal situation that can lead to further escalation of negative consequences. Human and organizational factors often (but not always) represent such underlying causes. Lagging indicators are a form of reactive monitoring requiring reporting and investigation of specific incidents and events to discover weaknesses in the system. Lagging indicators show when a desired safety outcome has failed, or has not been achieved.

Øien et al. (2011) affirm that we can refer to risk indicators if: they provide numerical values (such as a number or a ratio); they are updated at regular intervals; they only cover some selected determinants of overall risk, in order to have a manageable set of them. The latter feature has quickly become outdated due to the extensive collection that is being carried out in industry and the attempts made to process and elaborate larger numbers of them (Paltrinieri & Reniers 2017). For instance, for the first time since the first Seveso directive was issued in 1982, Seveso III mentions specific procedures for safety performance indicators and/or other relevant indicators, to use for monitoring the performance of safety management systems (European Parliament And Council 2012). The main aims of the Seveso directives are prevention, preparedness and response to accidents involving dangerous substances in industry in the EU. Lagging indicators in the form of past events are collected by the competent authorities of all EU member and associated countries (European Parliament And Council 2012) and may indicate themselves the safety performance of a Seveso site. One of the most complete monitoring approaches is suggested in the United Kingdom, where the competent authorities require also the collection of safety performance indicators, which may include leading indicators. Such information is periodically reviewed based on a priority classification of Seveso sites (UK Secretary of State 2015; HSE 2015; COMAH Competent Authorities 2013; COMAH Competent Authorities 2012). In addition, Italian and Dutch relevant regulations address safety performance monitoring

based on indicators and their trends (Consigio dei Ministri 2015; Staatssecretaris van Infrastructuur en Milieu 2015).

2.1.1 Techniques for development of indicators

Several approaches are used for the development of safety/risk indicators. Paltrinieri et al. (2016) identify four classes of methods.

Class I is characterized by a retrospective perspective, where indicators are developed on the basis of the effect of Technical, Human and Organizational (THO) factors in past accidents, and correlation with the overall safety is assumed (Table I). However, major accidents are rare events and the correlation between critical indicators and safety may not be conclusively demonstrated.

Class II is characterized by a predictive perspective, where indicators are defined on the basis of risk models (such as Quantitative Risk Analysis – QRA) for the potential accident scenarios addressed, and the connection to the overall risk level is logically supported by these models (Table I).

Class III groups approaches aggregating the information provided by the indicators, allowing for relatively reliable evaluation of risk on a real-time basis (Table I). Limited sets of risk indicators may not allow comprehensive coverage of THO factors.

Class IV also groups approaches aggregating information from ad hoc indicators, which have been specifically developed for proactive risk assessment (Table I). Table I shows representative approaches for the development of indicators. Several of these approaches for the development of major hazards indicators were primarily defined for the nuclear power industry. However, the chemical process and petroleum industries have contributed with the definition of specific techniques [11].

Table I:Representative approaches for development of technical, human and organizational indicators

Indicators or approaches for their development Class References

Operational safety indicators I (IAEA- International Atomic Energy Agency 1999) Safety performance indicators I (Holmberg et al. 1994) Risk indicators based on Probabilistic Safety

Assessment

II (IAEA- International Atomic Energy Agency 1999) Resilience-based Early Warning Indicators II (N. Paltrinieri et al. 2012) Indicators for risk-based inspection III (American Petroleum

Institute 2000)

MANGER method III (Pitblado et al. 2011)

Risk Barometer IV (Hauge et al. 2015)

2.2 Iteration of risk assessment

As mentioned by Villa et al. (2016), several efforts have been recently devoted to the development of dynamic risk assessment and management approaches considering the evolution of assessed process. Such evolution may be described by the class III or IV indicators previously introduced.

Some of the first attempts to simulate the dynamic nature of system behaviour were made by Swaminathan and Smidts, who proposed a methodology to extend the application of event sequence diagram (ESDs) to the modelling of dynamic situations and identification of missing accidental scenarios (Swaminathan & Smidts 1999). Čepin and Mavko developed an extension of the fault tree analysis to represent time requirements in safety systems (Čepin & Mavko 2002). Similarly, Bucci et al. (Bucci et al. 2008) presented a methodology to extend fault trees and event trees in a dynamic perspective.

The first complete dynamic risk assessment methodology for process facilities, named Dynamic Failure Assessment, was developed by Meel and Seider (Meel & Seider 2008). This approach aims at estimating the dynamic probabilities of accident sequences, including near misses and incident data (named as Accident Sequence Precursors – ASP), as well as real-time data from processes.

Kalantarnia et al. (Kalantarnia et al. 2010) integrated Bayesian failure mechanisms with consequence assessment. Starting from this foundational contribution, several methodologies have tried to improve the approach by introducing slight modifications. For instance, Hierarchical Bayesian Analysis (HBA) widened the field of application for DRA also to rare event, due to a two-stage Bayesian method (Khakzad et al. 2014). System hazard identification, prediction and prevention methodology (SHIPP) is another derived approach specifically addressing accident modelling, which integrate technical and non-technical barriers (Rathnayaka et al. 2011). Another mentionable contribution is the Dynamic Operational Risk Assessment (DORA) methodology (Yang & Mannan 2010), which included conceptual framework design, mathematical modelling and decision-making based on cost–benefit analysis.

Benefits from iteration of risk assessment are also well known by authorities. Relevant regulations (e.g management regulations by the Norwegian Petroleum Safety Authority (Petroleum Safety Authority Norway 2011)) require iteration of QRA every 5 years or in case of system changes. Most of the risk management frameworks also mention the need for continuous update (NORSOK z013 (NORSOK 2010), ISO 31000 (ISO- International standardization organization 2009), risk governance framework by International Risk Governance Council IRGC (IRGC - International Risk Governance Council 2009), etc.).

DNV-GL has also worked on the topic (Falck et al. 2015) and CGE Risk Management Solutions has released an updated version of their software BowTieXP with an add-on on real-time monitoring of safety barriers performance (no risk assessment though). Attempts have been carried out by the Norwegian oil and gas industry (e.g. Technical Integrity Management Programme by Statoil, iSee by ConocoPhillips and Barrier Panel by ENI Norge), but they only address safety barriers performance monitoring and does not provide risk levels.