Process risk assessment and management
’Process risk assessment and management’ is an area of the process safety system consisting of two elements: process safety information; and process risk assessment and management.
The goal set for the area is to identify process hazards and conduct a high-quality process risk assessment, providing information about the acceptability of process risks and the measures taken to reduce them. The measures defined based on the process risk assessment must be prioritised, and their fulfilment must be monitored.
The area of process risk assessment and management is a systematic process which plays a key role in the process safety system as a whole. Process safety information covers information about chemical and process hazards, equipment and processes significant for process safety management. Process safety information must be kept updated.
PROCESS SAFETY INFORMATION
Requirement
Economic operators must have up-to-date information for process safety management: plant design principles as well as information about the current condition and any changes made. Information about equipment critical for process safety (e.g. process equipment and pipeline) and the criticality classification must be kept updated.
Approved procedure
An economic operator has enterprise resource planning (ERP) and maintenance systems in which the following are documented:
- design principles (e.g. the standards used, the results of process safety risk assessments, processes, chemical reactions)
- current condition (e.g. the results of inspections and tests, any non-conformities not fixed, the status of servicing and maintenance)
- a log and journal of changes
Equipment manufacturing documents: structural drawings, positioning plans, PI diagrams, electrical drawings, material information (material certificates, welding documents), information about equipment operating conditions (chemical, pressure, temperature, flow), information about equipment levels (safety devices), operating instructions, and maintenance plans.
For equipment purchased used for which these documents are unavailable, similar documents must be prepared afterwards.
The need to update information is reviewed regularly, and responsible persons must be appointed to ensure that information is updated.
Requirement
Economic operators must have up-to-date information about the characteristics of chemicals that are significant for process safety.
Approved procedure
The characteristics of chemicals are available in the KemiDigi system, safety data sheets, information provided by chemical manufacturers, literature, standards, and the economic operator’s studies.
KemiDigi also includes information provided by chemical manufacturers about characteristics if chemical notifications have been submitted.
Requirement
Economic operators must have up-to-date information about reactions between chemicals used and stored, and chemicals generated in processes or accidents.
Approved procedure
Reaction risks are entered in a reaction matrix, or a sufficiently documented description of chemical reactions as well as chemicals generated in processes and accidents is prepared.
Requirement
Economic operators must have up-to-date information about selection criteria for process equipment, tanks and pipelines, and the standards used.
Approved procedure
Equipment information is compiled in tank and pipeline manuals, in which repair and maintenance measures are also entered.
Material information: Approved material or a material selection diagram must be prepared for each equipment unit. The impact of chemicals, as well as process and ambient conditions, must be addressed in the selection of material. Reasons for the selection of material must be presented clearly.
Equipment manufacturing documents: structural drawings, positioning plans, PI diagrams, electrical drawings, material information (material certificates, welding documents), information about equipment operating conditions (chemical, pressure, temperature, flow), information about equipment levels (safety devices), operating instructions, and maintenance plans.
For equipment purchased used for which these documents are unavailable, similar documents must be prepared afterwards.
The authorities maintain a list of acceptable standards.
Requirement
Economic operators must have up-to-date descriptions of processes related to the plant’s process safety and their operating principles.
Approved procedure
An economic operator has a document management system in which the following are maintained:
- flow charts
- PI diagrams
- descriptions of control and safety automation operations
- layouts.
PLANNING PROCESS RISK ASSESSMENTS
Requirement
Economic operators must have a documented procedure to conduct process risk assessments, in which the stages of the risk assessment process have been defined in sufficient detail.
Approved procedure
An economic operator has instructions for conducting process risk assessments. They may also include instructions for other risk assessments.
The instructions include the following:
- a definition of the site
- the persons conducting the risk assessment
- a schedule
- the methods to be used at various sites
Requirement
Plants must have a procedure in place to identify the situations where a process risk assessment is required.
Approved procedure
An economic operator has instructions, identifying different situations possible at the plant in which a risk assessment must be conducted. A checklist of various situations can be used, for example. Instructions for process risk assessments can be included in other documentation guiding risk assessments.
The following situations where a process risk assessment is required are taken into account in instructions:
- New plant or process
- Changes (also addressing the start-up of interrupted operations)
- After an accident
- In conjunction with safety observations
- Outsourcing operations or resuming previously outsourced operations
Requirement
Economic operators must have a procedure in place to select a suitable process risk assessment method in each situation.
Approved procedure
An economic operators has a few risk assessment methods in place, which they consider to be applicable to the situations requiring a risk assessment at their plant.
The economic operator has documented (selection) criteria for the use of different risk assessment methods in each situation.
Requirement
Economic operators must define the competence required for each process risk assessment method used.
Approved procedure
An economic operator defines the risk assessment method competence in which is maintained in their company and the situations where external competence is required. Information about the company’s risk assessment skills is maintained in a competence matrix.
Requirement
Economic operators must define requirements for the members and competence of the process risk assessment team.
Approved procedure
The risk assessment team includes:
- competence in the risk assessment method used
- process competence, automation
- maintenance competence
- operating employees, at least in risk assessment updates
- special expertise in equipment and equipment systems, for example, taking interfaces into account
Members of the team should be replaced when updating risk assessments.
Requirement
Economic operators must systematically assess all operations related to the industrial handling and storing of hazardous chemicals from the perspective of process safety, taking the plant’s internal interfaces into account.
Approved procedure
The site can be limited as follows:
- a specific part of the plant (e.g. according to the layout)
- a specific process (e.g. according to the PI diagram)
- accidents with the most serious consequences (identified using POA, HAZID)
- by function (storage, process, operating equipment, refilling and draining, utilities, etc.)
Requirement
Economic operators must define the baseline information required for process risk assessments.
Approved procedure
An economic operators registers what baseline information is required for each risk assessment method used. Baseline information includes chemical information, flow charts, PI diagrams, descriptions of the operation of control and safety automation, layouts, and previous risk analyses.
The revision of the source document on which the process risk assessment is based is registered.
Requirement
Economic operators must prepare a schedule to define how frequently each process risk assessment is updated.
Approved procedure
Risk assessments are updated at least every three to five years (e.g. a longer interval is sufficient for a HAZOP update if the process has not been changed, but a TRA may need to be updated more frequently). A monitoring system (e.g. an annual calendar) issues reminders of risk assessment updates.
Requirement
Economic operators must define who is responsible for each process risk assessment and its updates.
Approved procedure
Responsibilities for updating risk assessments are defined in writing in a responsibility matrix, for example.
Requirement
Economic operators must assess risks resulting from outsourced operations for process safety.
Approved procedure
A potential problem analysis (PPA) can be used as the risk assessment method. Outsourced operations may include maintenance, security and cleaning services as well as chemical vehicle drivers.
CONDUCTING PROCESS RISK ASSESSMENTS
Requirement
Economic operators must identify any hazards associated with process safety and have a documented procedure in place for this.
Approved procedure
An economic operator has defined a procedure to sufficiently reliably identify any hazards, or unwanted events, in different parts of the plant. Such hazards include chemical leaks, ignitions, explosions and chemical reactions.
Identifying hazards resulting from the hazardous properties of chemicals:
- chemicals causing a health hazard
- chemicals causing a physical hazard
- chemicals causing an environmental hazard
Requirement
Direct and underlying causes of accidents must be identified in process risk assessments.
Approved procedure
Underlying causes should be identified relative to the severity of consequences.
In their process risk assessments, economic operators must note that different causes often have different probabilities, affecting the size of the risk.
Underlying causes can be identified using the bowtie method, for example. Other applicable methods include the two whys and the fishbone diagram.
If the scenario being investigated is not considered to have any consequences relevant for the process risk assessment, its causes do not need to be identified.
Example: A clogged pipe or a closed valve is identified as the direct cause of an accident.
Underlying reasons include clogging caused by the precipitation of a chemical, a frozen pipe, a valve closing due to a human error, a defective valve and an error in an automation sequence.
Requirement
Economic operators must assess the probability of process safety hazards being materialised.
Approved procedure
The probability is first assessed without any preparations and then with preparations.
Requirement
The assessment of the probability of process safety hazards being materialised must always be based on data when possible.
Approved procedure
Examples:
- Sources used to assessing the probability of malfunctions in technical systems (databanks, literature, standards, historical data)
- Actions of trained operators: a minor or no impact on probability; contribution to lowering the probability; risk reduction factor (RRF) at most 10
Requirement
Economic operators must assess the severity of the consequences of process safety hazards.
Approved procedure
The severity of the consequences of accidents is first assessed according to the worst possible consequences without any preparations and then with preparations. The severity of consequences is assessed according to their scope and impact.
In the assessment, consequences targeted at people, the environment and property are taken into account.
Requirement
Direct and subsequent consequences must be taken into account in defining the severity of the consequences of accidents related to process safety.
Approved procedure
Consequences can be identified using the bowtie method. Other methods include two what ifs and the fishbone diagram.
Example: There is a leak in a toxic chemical container. Its direct consequences include local personal injuries in the container area, but its subsequent consequences may also extend farther if any toxic chemical can spread to a larger area, for example, carried by wind.
Requirement
Economic operators must, in conjunction with a risk assessment, identify any hazards potentially leading to a major accident.
Approved procedure
Legal definition of a major accident:
17) a notable discharge, fire, explosion or other event that is a consequence of uncontrollable events in the operation of a production plant at which hazardous chemicals or explosives are manufactured, handled or stored, and that can cause serious or immediate danger to human health, the environment or property, or danger that becomes evident later inside or outside the plant and that is related to one or several hazardous chemicals or explosives (390/2005, section 6)
Requirement
Economic operators must identify any process safety accident scenarios that require modelling.
Approved procedure
The use of a consequence analysis is required from facilities obliged to provide a major accident prevention policy document and facilities obliged to provide a safety report, as well as other plants (toxic and flammable gases) if they are close to sensitive areas (e.g. daycare centres, waterbodies), or if they are in an industrial area and an accident can be assumed to have an impact on neighbouring facilities.
Requirement
Economic operators must document their process safety risk assessments.
Approved procedure
Documentation includes at least the method used, participants, meeting minutes, results, measures and revisions of the baseline information used.
DEFINING THE ACCEPTABILITY OF RISKS
Requirement
Economic operators must have a procedure in place to assess the acceptability of process risks.
Approved procedure
The acceptability of risks is defined using a risk matrix. The economic operator defines which risks are acceptable and which require measures to reduce them.
Requirement
The procedure used to define the acceptability of risks must take personal injuries and damage to the environment and property into account.
Approved procedure
The risk matrix includes separate columns for personal injuries and damage to the environment and property.
Requirement
An acceptable probability must be defined for major accidents.
Approved procedure
An economic operator presents grounds for an acceptable probability. The acceptable probability is presented as part of the risk matrix.
For example, the acceptable probability can be 10-5 (inside the plant area) – 10-6 (outside the plant area).
Requirement
The procedure used to define the acceptability of risks must have a sufficient resolution, or accuracy.
Approved procedure
The risk matrix defines in detail what each column means (quantitative estimates of probabilities and consequences). As a rule, personal injuries result in a greater risk than damage to the environment or property. The risk matrix can be in format 6 × 5, for example.
RESIDUAL RISKS AND MEASURES
Requirement
Economic operators must define measures to reduce process risks down to an acceptable level. As a rule, the measures required to reduce process risks must be technical and passive solutions.
Economic operators must assess residual risks after measures have been taken to reduce risks. Residual risks must be verified to be at an acceptable level.
Approved procedure
Measures are defined based on the acceptable risk level set.
If required, safety automation must be added to reduce risks down to the acceptable level.
Passive solutions protect simply by existing (e.g. blast walls, basins, etc.), whereas active solutions require internal or external energy (e.g. safety valves, safety automation, etc.).
Requirement
The measures defined based on a process risk assessment must be prioritised.
Approved procedure
An economic operator arranges the measures defined to reduce risks in an order of importance based on the magnitude of risks.
At plants that are in the design phase, risk reduction measures must already be implemented during the construction phase.
Requirement
Schedules and responsibilities must be defined for the measures defined in the process risk assessment, and they must be acknowledged as completed.
Their implementation on schedule must be verified through monitoring.
Approved procedure
Measures with schedules and responsibilities are defined for areas to be corrected. The aim is to correct any easily corrected areas immediately, and it is also ensured that low-risk measures are implemented.
It is be defined what will be done until the corrective measures have been completed. Will operations be suspended or will a temporary solution be used.
The measures are entered in a monitoring system in which their schedule is monitored. The implementation method applied to the measures is entered in the system. The measures will remain open until they have been completed, after which the person responsible for them will acknowledge them.
Requirement
If a measure defined in the process risk assessment is not implemented according to the defined schedule or scope, impact on process safety risks must be reassessed.
Approved procedure
If a measure defined during the assessment is not implemented, the area will be assessed and acceptable measures will be defined again. Reasons for the delay in the original measure or its non-implementation are also entered in documentation.