General
6.1.1. The primary responsibility for the control of the causes of major industrial accidents should lie with works management.
6.1.2. A hazard analysis should lead to the identification of a number of potential hardware and software failures and human errors in and around the installation, which need to be controlled by works management.
6.1.3. In determining which failure may be of importance for an individual installation, the following list of possible causes should be included:
– component failure;
– deviations from normal operating conditions;
– human and organisational errors;
– outside accidental interferences;
– natural forces;
– acts of mischief and sabotage.
Component failure
6.2.1. As a fundamental condition for safe operation, components should withstand all specified operating conditions in order to contain any hazardous substances in use.
6.2.2. As examples, the following causes of failure should be included in an analysis:
inappropriate design against internal pressure, external forces, corrosion, static electricity and temperature;
mechanical damage to components such as vessels and pipe-work due to corrosion or external impact;
malfunction of components such as pumps, compressors, blowers and stirrers;
malfunction of control devices and systems (pressure and temperature sensors, level controllers, flow meters, control units, process computers);
malfunction of safety devices and systems (safety valves, bursting discs, pressure-relief systems, neutralisation systems, flare towers).
6.2.3. Depending on the outcome of the analysis, works management should decide on the need for additional safeguards or design improvements.
Deviations from normal operating conditions
6.3.1. An in-depth examination of the operational procedures (manual and automatic) should be carried out by works management to determine the consequences of deviations from normal operating conditions.
6.3.2. As examples, the following failures should be considered in the examination:
failure in the monitoring of crucial process parameters (pressure, temperature, flow, quantity, mixing ratios) and in the processing of these parameters, e.g. in automatic process control systems;
failure in the manual supply of chemical substances;
failure in utilities, such as:
insufficient coolant for exothermal reactions;
insufficient steam or heating medium;
no electricity;
no inert gas;
no compressed air (instrument air);
failures in shut-down or start-up procedures, which could lead to hazardous conditions within the installation;
formation or introduction of by-products, residues, water or impurities, which could cause side-reactions (e.g. polymerisation).
6.3.3. When failures with potential major consequences are identified, works management should consider countermeasures such as improvements in process control, operating procedures, frequency of inspection and testing programmes.
Human and organisational errors
6.4.1. As human factors in the running of major hazard installations are of fundamental importance, both for highly automated plants and for plants requiring a great deal of manual operation, human and organisational errors and their influence on safety should be examined in detail by works management in co-operation with workers and their representatives.
6.4.2. The examination should consider such errors as:
operator error (wrong button, wrong valve);
disconnected safety systems because of frequent false alarms;
mix-up of hazardous substances;
communication errors;
incorrect repair or maintenance work;
unauthorised procedures, e.g. hot work, modifications.
6.4.3. This examination should also consider the reasons for human errors, which may include:
workers being unaware of the hazards;
lack of or inadequate working procedures;
workers being inadequately trained;
inappropriate working conditions;
conflicts between safety and production demands;
excessive use of overtime or shift work;
inappropriate work design or arrangements such as single-manned workplaces;
conflicts between production and maintenance work;
drug or alcohol abuse at work.
6.4.4. To reduce human and organisational errors, works management should provide workers with regular training in conjunction with clear operating instructions, as well as adapting work design and arrangements as appropriate.
Outside accidental interferences
6.5.1. To ensure the safe operation of major hazard installations, potential outside accidental interferences should be carefully examined by works management including, as appropriate, accidents involving:
road, rail and ship transport (especially carrying hazardous substances);
loading stations for hazardous substances;
air traffic;
neighbouring installations, especially those handling flammable or explosive substances;
mechanical impact such as that caused by a falling crane.
6.5.2. Such outside interferences should be taken into account by works management when designing and locating sensitive parts of the installation such as control rooms and large storage vessels.
Natural forces
6.6.1. Depending on the local situation, the following natural forces should be considered by works management in the installation design:
wind;
flooding;
earthquakes;
settlement as the result of mining activities;
extreme frost;
extreme sun;
lightning.
6.6.2. If such hazards are known to occur in the natural environment of the installation, adequate precautions should be taken against them.
Acts of mischief and sabotage
6.7.1. Every major hazard installation can be a target for mischief or sabotage. Protection from such actions, including site security, should be considered by works management in the design.