Team A – Maintaining ALARP In-service

Overview

Once system risks have reached ALARP status, they should be reviewed whenever there is a change in hazards or risk levels due to:

• Failures in service or other in service incidents or occurrences
• The system or asset function being changed or adapted when in-service
• The change in the environment where the system or asset is being deployed/used
• Obsolescence

The objective of this workshop is to think about the impact of new in-service information on the Oil SSTS Safety Case and ALARP arguement.

Task

Overview

There has been a number of in service reports of the pump operating at pressures inexcess of 25 bar causing increased pressures on the pipe work, metering unit and ultimately the receiving system on the tanker.  Crews have found that by cycling the system off and on the problem is removed for a short period before returning to the failed state.  The cycling of power is effective however causes delays to the tanker transfer operations.

The pump manufacturer have performed their own tests and have been able to replicate the same soft failure on their test unit.  On investigation they have isolated the issue to the control PCB of the pump.

Their recommendation is to correct the fault through a redesign of the PCB which will take 6 months.  However as it is being introduced to achieve the already accepted design standard no design modification activity is required.

There is an alternate pump that the SSTS DT have identified, however due to it being a different pump and part number its introduction will require a modification programme to embody and accordingly cost the programme a little over £160K and take 6 months to embody.

Tasks

Immediate Response

The pipes are specified to an operating pressure of 20bar as is the metering unit and tanker receiving system.  The butterfly valves are specified to 25bar and ball valves to 100bar,

• Consider the risks of over pressure on the rest of the system and review and update the hazard log for your preferred option.
• Consider what actions / changes could be taken to mitigate the increased risk over the 6 month period and add them to the hazard log.
• Identify what changes you need to make to the safety case.  What documents are impacted?

[Hint, an example Padlet layout can be seen here]

Long Term Response – Cost Benefit Anlaysis

The supplier of the pump has stated that the modification to the PCB will be effective in preventing overpressure operations however in their initial investigation of their in house modified pump, they have identified that the wear out rate of the pump will be higher due to the modification.  The revised pump will need replacing every 5 years, rather than the 20 originally stated for the un-modified pump.

The DT are therefore interested in understanding if we can change pump designs to another pump?

Perform a Cost Benefit Analysis based on the following information, to decide what to do.

• The fatalities per year for the current pump has been assessed to have increased to 2E-3.  The ‘Fixed’ pump is assessed as improving this figure to 1E-4 however the £30,000 pump will need replacing every 5 years.
• The new pump offered by an alternate supplier further improves the fatalities per year to 1.5E-6 and will match the 20 years’ service life and but will cost £160,456 to implement.
• The VPF is £2M and the gross disproportion factor (GDF) is 2.

[Hint the equation Detriment = Frequency of Fatalities x VPF x Lifetime of System x GDF]