AS 2885.1-2007Planning a Safety Management

Study

Richard McDonoughManager Engineering and PolicyPetroleum & Geothermal Group

PIRSA

Session OutlineSession Outline

• Objectives of revision• What have we done? - overview• What does the Safety Management Process look

like in AS 2885.1-2007?• How do you carry out an effective Safety

Management Study?• Group discussion• Study example• Review of AS 2885 guidance

• Wrap up

Objectives of RevisionObjectives of Revision• Reflect industry experience and practice• Incorporate flowchart• Clarify terminology• Provide guidance on defining threats and establishing

“effective” controls• Multiple independent measures• Incorporate calculation methods and research

information• Include no rupture and maximum release rates in high

consequence areas• Provide guidance on ALARP• Map to other risk standards and practice (AS4360, 5 x 5

matrix)

Objectives of revision (cont)Objectives of revision (cont)• Actions for in-service pipelines• Provide for numerical methods where appropriate• Require HAZOPs for stations• Emphasise informed decision-making• Provide guidance on integrity of process• Provide guidance on minimum data and skill

requirements• Address whole-of-life safety management• Strengthen links between Part 1 and Part 3 (SAOP)• Address threats during construction etc• Improve environmental safety management

Safety Management SectionsSafety Management Sections• Section 1.4 – Definitions• Section 2 – Safety• Section 4 – Design general

• Location classification, signs, high consequence areas, fracturecontrol, energy discharge rate, resistance to penetration, etc

• Section 5.5 – External interference protection• Appendix B – Safety management process• Appendix C – Threats• Appendix D – Design considerations for external interference

protection• Appendix E – Effectiveness of procedural controls for the prevention

of external interference damage to pipelines• Appendix F – Qualitative risk assessment• Appendix G – ALARP • Appendix H – Integrity of safety management process• Appendix I – Environmental management• Appendix Y – Radiation contour

Basic concepts and principlesBasic concepts and principles

• 1997 – first standard in the world to specifically mandate external interference protection design• Protect pipeline from people to protect people

from the pipeline (EIP)• Specific threats to specific pipelines at specific

locations• Must define threats to design for them• Design solutions must be effective

• Approval and documentation• Informed decision-making• Safety management not risk assessment

Life Cycle Safety ManagementLife Cycle Safety Management

Preliminary Design & Approval

Preliminary design, route selection, environmental studies, initial risk studies for consultation

& approvals

Detailed design, detailed risk studies as part of design process, HAZOPs etc, review & validation

Pre-construction & pre-commissioning reviews

change of use, design life review, MAOP increase, change of threats,

not exceeding 5 years

Abandonment plan includes risk study

Construct & Commission

Detailed Design

Operate, Maintain, Modify

Abandon

Safety Management Process OverviewSafety Management Process OverviewThreat identification / location

analysis

Threat control

Failure analysis

Management Plan (SAOP)

ACCEPTED RISK

Threat controlled

No failure

TreatedRisk treatment

Risk evaluation

More controls

More treatment

Process detailProcess detailDesign description, location

analysis, threat ID and specification, non-location specific threats, common threats / typical

designs

Demonstrate effective physical and procedural controls for

external interference, established design and procedures for other

threats, HAZOPs etc

Can uncontrolled threats lead to failure?

Analyse consequence, specify frequency, risk matrix for risk

evaluation

Risk treatment actions according to risk level

Threat identification / location analysis

Threat control

Failure analysis (as required)

Risk Evaluation (as required)

Risk Treatment (as required)

Management Plan Component of SAOP, ongoing monitoring and review

Planning a Safety Management StudyPlanning a Safety Management Study

Objective• Robust study• Documented and approved• Justifies confidence

Section 2.2.4 – Safety management study validationEach detailed safety management study shall be

validated by a properly constituted workshop which shall critically review each aspect of the safety management study

Discussion – good and bad experiencesDiscussion – good and bad experiences

• Draw on experience in the room• When has the process worked well?• When has it not worked well?• What elements are critical to success or failure?

Example: New Roma to Brisbane PipelineExample: New Roma to Brisbane Pipeline

• Overview of pipeline route• What can people in the room tell me?• What can we glean from the maps?• What do we need to do to carry out the study?• How do we get what we need?

“New” Roma to Brisbane Pipeline “New” Roma to Brisbane Pipeline

RomaRoma

1. Roma to Condamine1. Roma to Condamine

2. Condamine to Dalby2. Condamine to Dalby

3. Dalby to Gatton3. Dalby to Gatton

4. Gatton to Brisbane4. Gatton to Brisbane

Brisbane AreaBrisbane Area

Brisbane Gate StationBrisbane Gate Station

TasksTasks

• View selected sections of the line• Discuss location class and threats• Discuss data gathering

Initial SectionInitial Section

Isolated houseIsolated house

Rural DevelopmentRural Development

Town DevelopmentTown Development

Coal Seam MethaneCoal Seam Methane

Kogan North CSM ProjectKogan North CSM Project

CSM licence informationCSM licence information

Cultivated LandCultivated Land

Cultivated landCultivated land

Urban Growth Corridor?Urban Growth Corridor?

Suburban / SensitiveSuburban / Sensitive

Suburban / SensitiveSuburban / Sensitive

Appendix B – Safety Management ProcessAppendix B – Safety Management Process• Normative• Integrated and continuous over pipeline life-cycle• Pitfalls• Project Phases• Requirements for detailed safety management study

Shall be undertaken by personnel with expertise in each component of the design, construction and operation of the pipeline, including, or with the support of, personnel closely familiar with land uses along the entire route

• Data and information

SMS – Data requirementsSMS – Data requirements

• Design basis / operation philosophy

• Design calculations• Initial route• Initial SMS• Design drawings• Typical designs• SMS of common threats to

typical designs• Initial pipeline alignment• Location classifications• Current and future land use

assessment• Documented investigation of

external threats

• Documented investigation of existing and planned buried and above-ground services

• Construction line list (construction and landowner constraints)

• Environmental line list (environmental constraints)

• Preliminary SAOP• Isolation plan• HAZOPs etc• Fracture Control Plan• Critical defect length /

resistance to penetration• Consequence modelling• Environmental studies

Appendix H – Study IntegrityAppendix H – Study Integrity

• Key words• Specific• Explicit• Effective• Approve

• Key elements• People• Process• Data, information and documents• Chair

Wrap upWrap up

R1 - RuralR1 - Rural

Rural R1Land which is unused, undeveloped or is used for

rural activities such as grazing, agriculture and horticulture. Rural applies where the population is distributed in isolated dwellings. Rural includes areas of land with public infrastructure serving the rural use; roads, railways, canals, utility easements.

R2 - Rural Residential R2 - Rural Residential

Land which is occupied by single residence blocks typically in the range 1 ha to 5 ha or is defined in a local land planning instrument as rural residential or its equivalent. Land used for other purposes but with similar population density shall be assigned Rural Residential location class. Rural Residential includes areas of land with public infrastructure serving the Rural Residential use; roads, railways, canals, utility easements.

T1 - ResidentialT1 - ResidentialLand which is developed for community living. Residential

applies where multiple dwellings exist in proximity to each other and dwellings are served by common public utilities. Residential includes areas of land with public infrastructure serving the residential use; roads, railways, recreational areas, camping grounds/caravan parks, suburban parks, small strip shopping centres. Residential land use may include isolated higher density areas provided they are not more than 10% of the land use. Land used for other purposes but with similar population density shall be assigned Residential location class.

T2 – High DensityT2 – High Density

Land which is developed for high density community use. High Density applies where multi storey development predominates or where large numbers of people congregate in the normal use of the area. High Density includes areas of public infrastructure serving the High Density Use; roads, railways, major sporting and cultural facilities and land use areas of major commercial developments; cities, town centres, shopping malls, hotels and motels

Sensitive Use (S)Sensitive Use (S)• The Sensitive location class identifies land where the

consequences of a failure may be increased because it is developed for use by sectors of the community who may be unable to protect themselves from the consequences of a pipeline failure. Sensitive uses are defined in some jurisdictions, but include schools, hospitals, aged care facilities and prisons. Sensitive location class shall be assigned to any portion of pipeline where there is a sensitive development within a measurement length. It shall also include locations of high environmental sensitivity

• The desing requirements for high density shall apply.

Basis of sectionBasis of section• Pipeline safety management shall be undertaken rigorously, shall apply

controls to identified threats and shall reduce residual risk to an acceptable level

• All threats to the integrity of the pipeline shall be identified and multiple independent controls shall be applied to each identified threat

• Recognises hierarchy of effectiveness of controls• Emphasis on controlling external interference threats• Process for land use changes• No rupture and maximum energy release rate in high consequence

areas• HAZOPs etc to be applied• Two-stage process: 1) Design and Safety Review; 2) AS 4360

assessment of residual risks• Suitably qualified, trained and experienced personnel• The process and outcomes shall be documented and approved• Ongoing process over life of the pipeline• Predicated on ongoing application of operations and maintenance

procedures via SAOP

Risk matrixRisk matrixCONSEQUENCES

(people, environment, supply)

FREQUENCY Catastrophic Major Severe Minor Trivial

Frequent Extreme Extreme High Intermediate Low

Occasional Extreme High Intermediate Low Low

Unlikely High High Intermediate Low Negligible

Remote High Intermediate Low Negligible Negligible

Hypothetical Intermediate Low Negligible Negligible Negligible

– Consistency with general practice

– Provides same outcomes as original matrix

–Timing of action mandated for in-service pipelines (immediate action for extreme risk)

RISK MATRIX (2)RISK MATRIX (2)

• People, environment and supply consequences to be analysed

• Description of consequence for each severity class to be reviewed and approved

• Frequency of consequence to be estimated• Where multiple outcomes may result, highest

risk ranking must be determined• Risk treatment mandated by risk ranking

RISK TREATMENT ACTIONSRISK TREATMENT ACTIONS• Extreme

• Act to reduce to intermediate or lower• Immediate action for in-service pipelines

• High• Act to reduce to intermediate or lower• Urgent action for in-service pipelines

• Intermediate• Act to reduce low or negligible• If not possible, demonstrate ALARP• Prompt action for in-service pipelines

• Low• Incorporate in management plan (ongoing

monitoring)• Accepted risk

l bl