Scope - MPcp HSSE Guidelines

The guidance provided covers all Design Safety activities for a new facility and modification of an existing facility within the following:

• Offshore Installations and Mobile Drilling Facilities

• Sub-sea Offshore Pipelines and other facilities

• Onshore Facilities and Jetty

• Onshore Pipelines (including Pump Stations and Compression)

• LNG Plant

The scope covers all parts of the design, whether performed by the primary design contractor or by equipment and package suppliers.

figure 5.1 design hazard management (DHM) process

Refine Safety Critical Design Measure

& Performance Standards

Close Outstanding Design Actions

Conduct Detailed Design Risk Assessments

Manage Design Change

Detailed HAZOP for Process Safety Assurance

Prepare for Construction, Installation and Commissioning

Manage Site Queries and Design Changes

HAZID, Design Review

Fire & Explosion Hazard Evaluation

Emergency Response Study

Emergency Systems Study

Dropped Object Risk

Identified Specialist Studies

Critical Review of P&IDs using HAZOP Methodology

Integrity Level (IL) & Layers of Protection (LOPA) Assessment

QRA

REJECT any with Major Accident Risk above Group Risk Reporting Line

Explain Any High Criticality Design Safety Measures Required in Case for Safety

Operations Case for Safety Selection in Case for Safety

Identify Areas Most at Risk

Determine Major Accident Scenarios

Establish Main Safety Critical Design Measures (SCDM) Conduct Continuous Risk

Reduction (CRR) Cycles to Eliminate or Reduce Risk

Basis of Design (BOD)

Design Action Register Hazards Register

Develop Basis of Design Design Risk Assessments

Further Continuous Risk Reduction (CRR) Cycles to

Eliminate or Reduce Risk For Key Major Accident

Hazards For Inherently Safer Design

(ISD)

The Major Projects Engineering Authority/Engineering Manager (MPEA/EM) has overall accountability for ensuring that design safety is an integral part of the design strategy and that the necessary resources are in place. There is a strong bias that the Major Projects Engineering Manager (EM) also assumes the role of the Engineering Authority (EA), hence use of the term ‘Major Projects Engineering Authority/Engineering Manager’. The MPEA/EM is also required to provide ongoing and active support for Continuous Risk Reduction (CRR) in design and the achievement of Safety Critical Design Measures (SCDM) performance standards.

The Process Safety and Risk Engineer is responsible for establishing a clear design safety strategy and goals and advising the MPEA/EM on how best to achieve these throughout the design development. The Process Safety and Risk Engineer is also responsible for:

• Defining the range of design safety studies to be conducted

• Advising on contracting strategy to achieve the desired results

• Monitoring progress on Continuous Risk Reduction (CRR)

• Reporting any potential problems to the MPEA/EM

• Developing a Case for Safety for each CVP stage that provides assurance of Design Safety Integrity

The Major Projects EA/EM is responsible for monitoring the implementation of design safety strategy, the effectiveness of Continuous Risk Reduction (CRR) and assurance that the Case for Safety is valid.

Additional details regarding the relationship of design safety and engineering processes can be found in the Engineering and Quality Management Guidelines.

5.4 Design Hazard Management (DHM) Overview

The Design Safety roadmap outlines the activities recommended for the Appraise, Select, Define and Execute stages – E&P (Engineering & Procurement) and Execute – Build & HUC (Hook-up and Commissioning). The roadmap addresses the following five major functions for each of these project stages:

1. Design Hazard Management (DHM) Process 2. Inherently Safer Design (ISD)

. Safety Critical Design Measures (SCDM) & Performance Standards 4. Study Programme & Action Management

5. Case for Safety (CfS) in Design & Operation These activities are described briefly below.

5.4.1 Design Hazard Management (DHM) Process

The DHM philosophy and strategy are developed during the Appraise stage and define the goals and standards against which design hazard management is measured.

Beginning at the Select stage, the BP team develops the DHM Implementation Plan which defines how the standards will be implemented and how the goals will be achieved. This plan is updated during the Define stage.

Other critical activities include management of actions arising from DHM studies, management of design change and incorporation of the DHM strategy in the Invitation to Tender for contractors and vendors.

5.4.2 Inherently Safer Design (ISD)

Design Hazard Management (DHM) requires multiple levels of design measures to reduce risk. Inherently Safer Design (ISD) is one element of the DHM approach and involves the elimination of hazards, where possible, and the optimization of layout and primary structural and system integrity to minimize the impact of those remaining.

The greatest opportunity for achieving a cost effective, inherently safer design is during the Appraise, Select and early Define stages. By the end of the Define stage, all the key ISD measures should have been determined and included in the contracts for the Execute stage.

During the Execute stage, there will be limited opportunity for significant design changes. Execute contractors will be focused on a very rapid development through detailed design into construction, and design change proposals will be strongly challenged and probably rejected.

5.4. Safety Critical Design Measures (SCDM) and Performance Standards While Inherently Safer Design (ISD) measures form an underlying level of hazard management, a diverse range of passive and active design measures provide additional levels of hazard management. These measures are referred to as Safety Critical Design Measures (SCDM), and they are required to achieve specified performance standards throughout the life of the facility.

SCDM have the following Design Hazard Management roles:

Prevention

Control

Mitigation

Emergency Response

Safety Critical Equipment (SCE) schedules are derived from SCDM, and items of equipment (identified by tag number) whose failure could lead to failure of the SCDM should be designated ‘Safety High’ criticality in the operations maintenance system.

A Hazards Register should be developed in the Select stage and updated with design development and understanding of the Major Accident Hazards (MAH) and their associated risks. The Hazards Register should include a summary of identified MAH, their possible causes, consequences, and the ISD and SCDM implemented to reduce risk.

Design Performance Standards for SCDM are developed in parallel with understanding of the MAH and will therefore be developed throughout the design phases. Appropriate verification schemes are required to ensure that the SCDM and associated SCE achieve the required performance during factory acceptance tests, and mechanical completion and commissioning tests conducted prior to start-up.

5.4.4 Study Programme and Action Management

Design Hazard Management (DHM) reviews (e.g. HAZID, HAZOP, Fire and Explosion Analysis, Layout Optimization Reviews, etc.) should be coordinated with the project schedule to ensure that important study results are available in a timely manner to influence design decisions. Actions from the reviews should be documented and tracked to closure.

A programme of DHM reviews and studies should be included in the DHM Implementation Plan. Studies and reviews may be conducted by BP, design contractors or specialist consultants in line with the agreed scope of work. The programme of reviews and studies will:

• Contribute to Continuous Risk Reduction (CRR) in design

• Develop performance standards for SCDM

• Demonstrate meeting Legislative, MAR and project risk criteria

• Support the Case for Safety (CfS) for the Define and Operations stages Systematic management of actions resulting from the study programme is critical to ensure that all actions are recorded and tracked to closure. All actions should be tracked and managed on a common Project-wide action management system.

5.4.5 Case for Safety (CfS) in Design and Operations

A Case for Safety (CfS) is required at the end of each CVP stage, each with progressively more detail. The CfS provides the Project Management Team, and later the Operations Team, with a summary of Design Hazard Management (DHM) and assurance that the risk to personnel who will be required to operate the facility is within the Group Risk Reporting requirements.

Before handing over to Operations, the CfS should be updated to provide the Operations Team with a good explanation of the Major Accident Hazards (MAH), and why the DHM measures included in the design will provide for safe operation. It should also provide clear assurance that the design objectives have been achieved.

An important benefit of the CfS is that the diverse range of information sources relating to design safety is compiled in one central location and is structured for ease of use by the Operations Team.

5.5 Integrity Management

The Integrity Management Segment Implementation Guide – Exploration &

Production has been written as a stand alone document for the E&P Segment and contains relevant material from the Group Integrity Management (IM) Standard and the Group IM Guidance. Appendix 1 (IM in Major Projects) in this document should be consulted for additional guidance regarding typical CVP stage activities and deliverables.

be considered prior to rejection. Detailed guidance and project examples related to implementation of actions in the Design Safety roadmap are provided on the CD included with these guidelines.

Inherently Safer Design (ISD)

APPRAISE SELECT

Review concept options and elimi-nate those that present MAH that will result in unacceptable risk.

Identify any location or environmen-tal conditions that may impact con-cept selection.

For those concepts carried forward, identify any unusual hazards or novel design requirements that may re-quire highly critical design measures to manage.

Identify key risks for Concept Op-tions and produce a register of major accident hazards.

Carry out preliminary design optimisa-tion on the preferred concept opoptimisa-tions to reduce the likelihood and possible consequences of major accidents as-sociated with environmental condi-tions, impact (collisions), release of hazardous substances, toxic release, explosion and fire, loss of stability (e.g., flooding of floating facilities) and other credible scenarios.

Assess impact on design of riser, drilling, well operations, sub-sea, pipeline and SIMOPS hazards for off-shore facilities.

Consider location and protection of facilities required in an emergency, including refuge (where required).

Design Hazard Management (DHM) Process

APPRAISE SELECT

Define design hazard management goals, philosophy and strategy for the Project (including application of ETPS) and obtain Project Management Team approval.

Obtain endorsement of the document by the Project Manager and issue for Project use.

Employ DHM Assurance Process – PEER Assist, PHSSER.

Establish a simple system for record-ing any design or operational hazard management actions.

Design Safety input should influence concept selection, particularly if haz-ards associated with any of the options could lead to unacceptable risk.

Update DHM and Emergency Re-sponse Strategy for Define Stage (if necessary). Include details for the conduct of DHM during Define Stage and the obligations of contractors for seamless integration of Continuous Risk Reduction (CRR) to influence the design decisions. throughout the project Design Stages.

Ensure that Define contractor un-derstands the action management requirements and commits to operating the system effectively.

Prepare input to Invitation to Tender for Define contractor – define level of competency required.

DEFINE EXECUTE (Design)

Continue the inherent safe design to optimise the significant Separation and segregation of hazardous facili-ties from each other and from non-hazardous areas.

Location and protection of living quar-ters, offices, refuges, escape routes and emergency response facilities.

Location and elevation of air intakes for refuges to provide reliable clean air intake during gas and smoke con-ditions.

Structural strength required to toler-ate accidental loads.

Blast and fire barriers or breaks.

Location and protection of risers or pipeline terminations.

Consistent design standards and ap-proach across contractor boundaries.

By the end of Define Stage, fix inher-ently safer design measures in the Basis of Design.

Raise awareness of Inherent Safe De-sign for all contractors, vendors and significant equipment suppliers.

Continue optimization process for de-tailed design of systems and equip-ment in line with the CRR.

Progressively firm up design assump-tions/uncertainties in relation to inher-ent safe design measures and emer-gency response measures.

Preserve basis of design for inherent safe design measures by ensuring that all contractors have arrange-ments in place to ensure that pro-posed design changes are subject to review for impact on overall hazard management.

Impose consistent design standards and approach across contractor boundaries.

Upon completion, verify that inher-ent safe design measures are carried out, as analyzed in the various safety studies. Re-assess any significant variations for impact on hazard man-agement.

Define Inherent Safe Design mea-sures in the Operations Case for Safety.

Transfer to the operations team, knowledge of any assumptions made during Design Stage about how spe-cific facilities will be operated.

Review temporary operations provi-sions that may impact safety.

EXECUTE-BUILD & HUC DEFINE EXECUTE (Design)

Take positive action to ensure that the Define contractor(s) understand that they are expected to build on the preliminary hazard management work with seamless, integrated Continuous Risk Reduction (CRR).

Ensure that the interfaces between contractors are well defined and do not become an obstacle to CRR.

Update DHM Implementation Plan for Execute (Design) Stage to include an outline plan, defining minimum con-tent of Execute (Design) contractors for inclusion in Invitation To Tender and contracts.

Implement a safety study actions man-agement system acceptable to BP. De-velop the system for transfer into the Execute (Design) Stage with particular reference to a common reporting pro-cess for all contractor groups.

Implement a Project process for man-aging design changes that may affect DHM. BP Design Safety Advisor must authorize changes.

Prepare input to Contracting Strategy for Execute Stage to include an up-dated DHM Implementation Plan to identify activities and key Design Deliv-erables for the Execute Stage.

Ensure that contractors understand the DHM expectations and that they know how to provide consistency between each other and the BP DHM team.

Ensure that the interfaces between contractors are well defined and do not become an obstacle to CRR.

Verify that contractors are complying with the commitments made within their agreed DHM Implementation Plan(s) and update to include additional requirements when necessary.

Ensure that the agreed process for managing design changes is imple-mented across all contracts.

Ensure that the Action Management System is implemented across all con-tracts and that actions are closed with the proper authority.

Ensure that arrangements are in place for sub contractors and package ven-dors to be integrated into the hazard management process.

Include requirements for support of those groups that do not have the re-quired competency in DHM.

Verify compliance with DHM Imple-mentation Plans and CRR. Update where required to include HUC, SI-MOPS etc., and Operation Readiness Reviews for main pre-ops activities.

Provide ongoing design office support for site to assess and advise on varia-tions from design intent. Providesup-port for training, maintenance technical queries, as-built, tech database.

Review and participate in readiness reviews.

Close all remaining design Actions and prepare for transfer of information to operations.

Ensure that provision is made for inher-ent safety measures and SCDM per-formance to be verified on completion and commissioning.

Provide input to Emergency Response Plans (for accident on the Facility).

EXECUTE-BUILD & HUC

Safety Critical

Review concept options and define a preliminary register of SCDM and identify any residual MAH that may require highly critical or unusual measures to manage.

Identify any new or innovative re-quirements for the management of residual hazards and report the level of uncertainty involved for consider-ation during the Select Stage.

Issue a preliminary register of SCDM required to manage residual MAH and to provide effective emergency response for a major accident on the facility.

Define the outline hazard manage-ment and emergency response role of each SCDM and high-level design performance required.

Develop the requirements for further SCDM development to include more detailed performance requirements.

Develop the process to be followed in Define Stage to ensure that the equip-ment critical to the performance of SCDM (Safety Critical Equipment) be-comes an integral part of the Design Stage development.

Develop preliminary hazard register.

Ensure that Define Stage contrac-tors understand the implications for design development, whether they are expected to develop the SCDM definitions, or BP retains control of the activity.

Conduct a preliminary hazard type appraisal for each concept using safety review/HAZID techniques and experienced team.

Record any design or operational hazard management actions arising for later resolution.

Conduct DHM reviews and studies to support DHM input to design de-velopment to include:

o Hazard identification and evalu-ation to understand possible causes and consequences.

o Carry out specialist review of ex-plosion and fire hazards to estab-lish likely consequences (e.g., BP EPTG specialists).

o Carry out reviews for emergency response, layout optimization, emergency systems required and operation and manning.

o Ensure that all actions are prop-erly defined, clear and actionable;

then record in the Action Man-agement System.

o Conduct MAR assessment of the chosen concept design using the risk assessment tool defined.

Define the programme of DHM re-views and studies required during re-quired, to manage identified MAH and emergency response and define more detailed performance requirements.

Identify the Safety Critical Equipment within each SCDM.

Develop hazard register in line with growing understanding of major haz-ards and performance of SCDM using study program output and experience of similar facilities as a guide.

By the end of Define Stage, ensure that SCDM and SCE schedules and performance standards are sufficiently well defined to form a contractual basis for detailed design and procurement in Execute (Design) Stage contents.

Also specify that the performance standards will be updated during Ex-ecute (Design) Stage in line with the availability of detailed design data.

Define how SCDM performance will be verified during design and procure-ment (e.g., by Factory Acceptance Tests, Design Review, etc.).

Engage primary contractors in pro-gressively updating SCDM, SCE and performance standards in light of detailed safety studies and CRR requirements.

Remove obstacles to consistent de-sign of SCDM that cross contract boundaries.

Progressively firm up on design as-sumptions/uncertainties.

Verify that final SCDM performance standards have been achieved in De-sign Stage.

Produce inspection and test schemes for Factory Acceptance Tests, con-struction completion, and HUC to demonstrate achievement of SCDM performance.

Finalize hazard register in line with final schedule of major accident haz-ards, inherently safer design mea-sures, SCDM and their performance standards.

Coordinate with construction com-pletion, and HUC teams to produce inspection and test schemes for re-maining Factory Acceptance Tests, construction completion and HUC to demonstrate achievement of SCDM performance.

Monitor for any dilution of SCDM in-tent and re-assess impact on hazard management and risk.

Ensure that SCDM implemented dur-ing design are defined in operations procedures and the Operations Case for Safety.

Coordinate with the Operations Read-iness Team to develop Safety Critical Equipment (SCE) schedules from the SCDM and develop suitable maintenance programs in line with integrity management standards.

DEFINE EXECUTE (Design) EXECUTE-BUILD & HUC

Continue CRR by conducting DHM reviews and studies. The following are some examples:

In document MPcp HSSE Guidelines (Page 30-38)