General
7.1.1. The safe operation of a major hazard installation should be the responsibility of works management.
7.1.2. Works management should ensure that the major hazard installation is always operated within the limits of intended design.
7.1.3. Works management should take account of all hazards identified in the hazard analysis together with possible technical and organisational control measures.
7.1.4. Measures used to control hazards should include:
– component design;
– manufacture of components;
– assembly of the installation;
– process control;
– safety systems;
– monitoring;
– management of change;
– inspection, maintenance and repair;
– training of workers;
– supervision;
– control of contract work.
Component design
7.2.1. Each component of a major hazard installation, such as reaction vessels, storage tanks, pumps, blowers and so on, should be designed to withstand all specified operating conditions.
7.2.2. Works management should ensure that the following aspects are taken into consideration when designing a safety-relevant component:
static forces;
dynamic forces;
internal and external pressure;
corrosion;
stresses due to large differences in temperature;
loads due to external impacts (wind, snow, earthquakes, settlement);
human factors.
7.2.3. When designing a safety-relevant component, works management should consider the valid design standards (e.g. ASME, DIN, BS) as a minimum requirement.
7.2.4. The above aspects should be particularly considered when designing components containing flammable, explosive or toxic gases or liquids above their boiling point.
Manufacture of components
7.3.1. Works management or the technology supplier should ensure that the manufacture of components important for the safety of the installation is carried out with appropriate quality assurance measures.
7.3.2. Works management or the technology supplier should select only experienced manufacturers for the manufacture of these components.
7.3.3. Works management or the technology supplier should arrange for inspection and control measures to be carried out, when appropriate, in the manufacturer’s workshop by either qualified workers or third parties.
7.3.4. These inspection and control measures should be specified at an early planning stage. They should be valid for all important stages of the manufacturing process and documented accordingly.
Assembly of the installation
7.4.1. Works management or the technology supplier should:
ensure that assembly of the installation on site is carried out with appropriate quality assurance measures;
ensure that safety-relevant work, such as welding, is carried out only by qualified workers;
arrange for all on-site work on components important for the safety of the installation to be inspected by either qualified workers or third parties;
decide whether repair is sufficient or replacement required when failures are detected during assembly;
ensure that functional tests are carried out on components, control devices and safety devices important for the safety of the installation before start-up of the operation.
Process control
7.5.1. To keep an installation safety within the design limits, works management should provide an appropriate control system.
7.5.2. This control system should, where appropriate, make use of such features as:
– manual process control;
– automatic process control;
– automatic shut-down systems;
– safety systems;
– alarm systems.
7.5.3. Based on the above features, works management should establish an operational safety concept for a major hazard installation.
7.5.4. The operational safety concept should maintain the installation or the process in a safe condition by the sequence of:
monitoring a process variable in order to identify abnormal conditions which require manual process control (monitoring system); and then
initiating automatic process control when a limit value is exceeded (control system); and then
taking automatic action to avoid a hazardous condition (protective system).
7.5.5. Process variables monitored and controlled by such systems should include temperature, pressure, flow rate, mixing ratio of chemical substances, rates of pressure or temperature change.
7.5.6. In order to operate such control systems, facilities should be made available by works management to monitor the process variables and active components of the installation, e.g. pumps, compressors and blowers, with regard to operation and to hazardous conditions such as excessive pressure.
7.5.7. In establishing an operational safety concept, special attention should be paid to different phases of operation such as start-up or shut-down.
Safety systems
7.6.1. All major hazard installations should be equipped by works management with safety systems, the form and design of which will depend on the hazards present in the installation.
7.6.2. To prevent deviations from permissible operating conditions, works management should provide the major hazard installation, as appropriate, with:
sensors and controllers to monitor temperature, pressure and flow, and to initiate actions such as emergency cooling, etc.;
pressure-relief systems such as:
safety valves; or
bursting discs;
which where necessary should be connected to a
blow-down system;
scrubber;
flare; or
containment systems;
emergency shut-down systems.
7.6.3. To prevent failure of safety-related components, such components should be specially equipped by works management for higher reliability, for example using “diversity” (different systems doing the same job) or “redundancy” (several identical systems performing the same task).
7.6.4. All safety-related utility supplies, such as electricity supply to control systems, compressed air for instruments or nitrogen supply as an inert gas, should be examined by works management to determine whether a second source, e.g. emergency generators or batteries, a buffer-storage tank or an extra set of pressure gas cylinders, is necessary in the event of a primary system failure.
7.6.5. To determine the existence and the cause of a malfunction and to enable the proper counteraction, works management should provide a major hazard installation with alarm systems which may be connected to sensors.
7.6.6. Over and above the safety systems which help to keep the installation in a safe condition, protective measures should be taken by works management to limit the consequences of an accident. Such measures may include:
water-spray systems (to cool tanks or to extinguish a fire);
water jets;
steam-spray systems;
collecting tanks and bunds;
foam-generating systems;
detector-activated systems.
7.6.7. To mitigate the consequences of an accident, an emergency plan (on site and off site) should be drawn up by works management and local authorities in consultation with workers and their representatives. The plan should include technical as well as organisational measures.
7.6.8. Measures to prevent human and organisational errors, which are a frequent cause of accidents, should be considered by works management as a key issue for the prevention of accidents.
7.6.9. The following example should be used by works management as guidelines:
use of differently sized connections on flexible hoses to prevent unintentional mixing or use of reactive or incompatible substances;
prevention of materials mix-ups by means of proper marking, labeling, packaging, inspection on receipt, and analysis;
interlocking of safety-related valves and switches to prevent unintended modes of operation;
clear marking of switches, knobs and displays on control panels;
proper communication devices for the workers;
safeguarding against inadvertent switching actions.
Monitoring
7.7.1. To ensure the safety of a major hazard installation, a monitoring schedule should be prepared by works management for the condition of all safety-related components and systems.
7.7.2. A monitoring schedule should include such tasks as:
checking of safety-related operating conditions both in the control room and on site;
checking of safety-related components of the installation;
monitoring of safety-related utilities (electricity, steam, coolant, compressed air, etc.);
monitoring corrosion of critical components.
Inspection, maintenance and repair
7.8.1. Taking into account the contributions of the workers familiar with the installation, works management should draw up a plan for the inspection, maintenance and repair of the major hazard installation.
7.8.2. A plan for on-site inspection should include a schedule, and the equipment and procedures to be adhered to during inspection work.
7.8.3. For repair work, strict procedures should be specified for carrying out any tasks involving hot work, opening of normally closed vessels or pipelines, or work which could compromise a safety system or which involves any change in design or component quality. These procedures should cover the qualifications required by personnel, quality requirements for the work to be performed and requirements for the supervision of repair work.
7.8.4. Requirements specified in national or internationally recognised standards or practices for inspection and repair work should be considered by works management as minimum requirements for major hazard installations.
7.8.5. A maintenance plan should be prepared by works management specifying the different maintenance intervals, qualifications required by personnel and the type of work to be carried out. All maintenance work and defects noted should be documented in accordance with the plan.
Management of change
7.9.1. All changes in technology, operations and equipment that would fall outside current design limits should be subject to the same review as for new installations.
7.9.2. Before authorising a change, works management should complete documentation of the proposed change, including:
– effects on safety;
– effects on equipment and operating procedures.
Training of workers
7.10.1. The overall safety arrangement at a major hazard installation should recognise that the human factor is critical to the safety of the installation. Therefore, works management should adequately train workers in the safe operation of the major hazard installation. For new installations, this training should take place before start-up. Necessary facilities for such training should be provided by works management.
7.10.2. The training should include, but should not be limited to, such topics as:
broad understanding of the overall process used in the installation;
the hazards of the process and the substances used, and precautions to be taken;
process control and monitoring of all operating conditions, including those at start-up and shut-down;
operating procedures, including those in the case of malfunctions or accidents;
emergency procedure exercises;
experience in similar installations elsewhere, including accidents and near misses.
7.10.3. Safety training for workers by works management should be a continuous process. Training sessions should be repeated at regular intervals under conditions as near to reality as possible. The effectiveness of safety training should be assessed and training programmes reviewed in co-operation with workers and their representatives.
Supervision
7.11.1. Works management should provide adequate supervision of all activities performed in a major hazard installation. Supervisors should have the necessary authority, competence and training to exercise their role properly.
Control of contract work
7.12.1. Special attention should be given to work performed by outside contractors or temporary workers. Works management should ensure that work performed by outside contractors or temporary workers meets the requirements detailed in all the provisions mentioned in this chapter, as appropriate.