engineered safety and rail systems...• so we will not implement the idea, and we believe we have...

IRSE RTSA PWI 1

Engineered Safety and Rail Systems A system…

Engineering Management Systems Engineering

Management Systems

2

Journey of Discovery


Management Systems


Management Systems

Mike Hurd: high-integrity control and power systems

Engineered Safety and Rail Systems

3


Management Systems

Safety tools, practices and techniques 4

All safety techniques applied, and combined

Most techniques applied, less consistently (no nuclear plant)

Some techniques applied, depending on experience of those involved. Commercial drivers starting to prevail…

Safety based on experience and history, with safety techniques applied for new equipment and systems. V. Reliable, mostly...

Note: Telco was an emerging issue

Safety based largely on historical developments (some international) and operational experience

“This is what we did last time, and it hasn’t gone wrong yet….” But things are changing…



Management Systems

What’s changing? 5

• Legislative change

• Changes in how business is conducted

• The pace and amount of technological change



Management Systems

‘Old’ thinking – it hasn’t gone wrong before… 6

• We have an idea to enhance safety. • The idea is not compliant with the Australian standards /

internal standards / the design specification / brief / etc. • It is not on the design template drawings. • It is not in the project scope / cost / timescale. • Things haven’t gone wrong before…. • We might complete a risk assessment to support our belief

that the safety risk has a low risk ranking. And if the ranking is ‘high’, we might refer to the corporate risk guidelines to escalate the responsibility for not addressing the safety risk.

• So we will not implement the idea, and we believe we have justification for this decision.



Management Systems

‘New’ thinking – we can make things safer 7

• We have an idea to enhance safety. • The idea is not compliant with the Australian standards / internal standards / the design

specification / brief / template drawings / the project scope / cost / timescale / etc • But we can challenge all of the above and have the management mechanisms to do so (design

change management / deviations / waivers / project change control / continuous improvements / etc).

• So let's investigate it and see whether we can make it happen (within the bounds of what is reasonably practicable).

• And if we don't implement the safety improvement, we have to justify why not using appropriate analysis, for example: demonstration that the cost is grossly disproportionate to the benefit OR that the introduction of the safety idea has an overall safety detriment over the life of the asset, OR simply that investigating it would take-up so much time and effort that we cannot achieve the functional and performance aims of the task in-hand (that is: it is not reasonably practicable to pursue it).

• We’ll double-check with others what we believe is ‘grossly disproportionate’, because we understand that people have very different perceptions about this.

• We’ll keep a record of the decision



Management Systems

Are things getting safer? 8

2002 NOHSC Findings: 35% 2012 study 36% … incidents, injuries or fatalities could have been averted at the design stage. Why? Are more statistics are being collected…?



Management Systems

Leading indicators (term from Process Safety industry) 9

• Skills loss, training facilities, ‘cultural dilution’

• More equipment types, with different interfaces and controls

• More software, more functionality… who is in control?

• Overseas development – the equipment travels, but do the assumptions?

• Less experienced constructors / maintainers

• More cultural mixes

• Poor information retrieval

• Less time

• The resource ‘pool’ is now flowing…


10

Engineered Safety


Management Systems


Management Systems

Super example of how to design unsafe stuff 11


Arc

explosion

vents

Nice

doors

Nice place

to stand

Installed for commissioning, but not removed afterwards


Management Systems

Think first, act second… 12

A rod for one’s own back: A client introduced an electric override to reduce risk of mechanical movement 1. A case was made, now it is being deployed 2. There already was one…! 3. Now it’s there, it’s difficult to take away, because of WHS law 4. New equipment, more maintenance, more training 5. All for no demonstrable safety benefit…

Oops! Engineered Safety tools would have revealed this before acting.



Management Systems

Engineered Safety – Special Interest Group 13

Drivers for starting the committee:

Common observation: What people believe is happening is not what is actually happening

Common experience of safety techniques, tools and practices: • Not used • Misused or abused • ‘Tick-boxed’

Also, common misconception: • Risk assessment = safe engineering



Management Systems

The risk of risk assessments 14


Does this add value?

These get the focus

These tend

not to

It’s not wrong…, But it’s not safety

Hazards and risks mixed-up


Management Systems

What the statistics tell us 15


4.0%

1.0%

1.4%

2.0%

4.2%

5.3%

6.8%

13.6%

20.9%

40.8%

0% 20% 40% 60%

Chemicals and other substances

Heat, radiation and electricity

Vehicle incident

Other and unspecified mechanisms of injury

Sound and pressure

Mental stress

Hitting objects with a part of the body

Being hit by moving objects

Falls, trips and slips of a person

Body stressing

Serious Claims: Percentage by Mechanism of Injury/Disease, 2009-10

It’s the simple things that are hurting industry


Management Systems

And Safe Work Australia tells us… 16


The most effective and durable means of creating a healthy and safe working environment is to eliminate hazards and risks during the design of new plant, structures, substances and technology and of jobs, processes and systems. Safe Work Australia, 2014


Management Systems

Case study – equipment cubicles – 2 behaviours 17


2m

high,

200 kg

The hazard analysis said: • How do we eliminate the hazard? • Split it up • The original reason for one

cubicle has gone!

And it is REASONABLY PRACTICABLE

The risk assessment said: • Use a trailer • Dedicated parking • Use a trolley • Manual handling training • Install in-situ? No.


Management Systems

Reasonable practicability 18

Safety Benefit

Cost

Just do it Analyse justify cost re:

gross disproportionality

Hmmm… confirm gross

disproportionality


This quadrant is

where analyses are

ideal to aid

decision-making, eg:

• Whole-of-life cost

/ benefit / risk

assessment

• ALARP assessment

• SFAIRP test


Management Systems

Engineered Safety Group 19

Presentations: • ALARP vs. SFAIRP Same intent, different embodiment • Safe Earthing systems – can’t do everything! • SafeWork SA – Safety in Design – What the law requires • The Product Safety Journey – setting safety principles • Lessons Learned from the 2005Texas City oil refinery explosion With EA: • Challenging the EA Safety Case Guideline • Challenging EA SiD course advertising • (Oct ‘15) Information session – safety of amusement rides


What is Engineered Safety? Selecting the right tool for the job

20



Management Systems

The design stage… 21


CONCEPT ASSESS-MENT

DESIGN MANU-FACTURE

CON-STRUCT

COMM-ISSION

IN-SERVICE

DECOM./ DISPOSE

Brief / URS / Concept design

Options Scope Specif’n

Detail design

IFC As-built

Changes Mark-ups EDC

Mod’s, upgrades refurb A&A

Mod’s

Engineer Engineer Designer Designer Engineer/ Designer

Engineer Engineer Engineer


Management Systems

Engineered Safety: tools, practices and techniques, and their applicability throughout the engineering lifecycle, indicating effectiveness

22


CONCEPT ASSESS-MENT

DESIGN MANU-FACTURE

CON-STRUCT

COMM-ISSION

IN-SERVICE

DECOM./ DISPOSE

Safety in

Design

Sys./ Proc.

Safety

HAZOP

SWIFT

FMEA

QRA / PRA

FTA

LOPA

Functional

Safety

Bow-Tie

FMEA as a design tool

Design tool

Design tool

Design tool

Other FMEA types

design tool

design tool

design tool

Func Safety as a design tool Lifecycle safety management

design tool Analyse failures – causes and effects

NB: Systems Engineering


Management Systems

Tailoring 23

As soon as there is sufficient information, tailor the safety program: • Safety issues • Safety Impact • Safety Requirements • Safety plan • Spread the word • Work the plan!

Without tailoring, it can become a confusing mess!



Management Systems

Engineering is complex 24

“ we will soon design the bloody simplicity out of it” Ernest Hives, Rolls-Royce, on Whittle’s jet engine



Management Systems

Process integration: Safety Case, Engineering, WHS, SiD, Systems (Functional) Safety

25



Management Systems

Tick-Box Engineering

What are the risks? Examples from case studies

26

Some good things completed: Standards identified

Document control system

Requirement Specification

Specification review meeting

Assumptions documented

Drawings

Design Review check-list

Noise suppression equipment

Gate review

Actions lists

Audit reports

Lessons learned captured


Management Systems

Tick-Box Engineering

Case studies - findings

27

Why do people do this?

Maybe not so good: Standards identified The system did not meet the standard

Document control system No-one configured it for the project

Requirement Specification It contained some unclear requirements

Specification review meeting The right people could not attend

Assumptions documented They were never confirmed – no evidence

Drawings Some were still draft issues

Design Review check-list All the things has not been done

Noise suppression equipment No-one checked the impact on power supplies

Gate review The documents were incomplete

Actions lists Some actions were not completed

Audit reports The results were not acted upon

Lessons learned captured They were not fed into the next project

28



Management Systems


Management Systems

Rail Systems 29

It’s not rocket science, but it’s getting pretty close!



Management Systems

Electrification adds complexity – more care required 30


OHLE

CONTROL

EARTH FAULT DETECTION


Management Systems

Discipline-Specific Safety 31

Signaling

Stations

OHLE

Traction Power Supply

Rolling Stock / Motive Power

Facilities / depots

Track & Civil

Telecommunications

Are all safe in isolation of each other, and usually safe when working as a system

And the issues are: • Different safety approaches

(which they have to have) • Different levels of AID • Differently formatted design and

safety documents • Not talking to each other? • Mixed brown and green field /

old and new • Different competence and training

requirements • Too many assumptions, about

what other disciplines are doing and what suppliers are doing

• People!!

Controlling this is complex


Management Systems

What would be better? 32

• COMMON elements in safety approach (an overall plan, an overall safety document, more use of templates for common presentation of results, eg: FMEA, SiD

• COMMON levels of attention to detail

• SIMILARLY formatted design and safety documents

• More inter-disciplinary reviews (interface matrices?)

• COMMON competence and training requirements

• DOCUMENTED and SHARED assumptions, about what other disciplines are doing and what suppliers are doing


Management Systems

Rail Systems 33

Knitting in all together…


“we will soon design the bloody simplicity out of it…”

The following slide illustrates how a set of selected tools, practices and techniques can be integrated into an engineering management plan for a rail project. The illustration indicates the SiD, FMEA, HAZOP, etc, activities bunched at the front-end of the design lifecycle, to maximise their efficacy.


Management Systems

Process integration: Activity Chart - Electrified Rail System Engineering Management, Safety in Design, Eng. & Safety Deliverables, building, environment and planning

34



Management Systems

Discussion points 35

• Is there one person in control of the safety program?

• Have you seen ‘tick-box engineering’?

• Are lessons learned being captured and passed-on?

• Are people are still unnecessarily getting hurt?

• Is hazard information being transferred enough, ‘across and down’?

• Are constructors and maintainers are still getting unwelcome surprises?

• Is too much lip-service being paid to front-end engineering?

• Should there be more front-end engineering?

• Are draft documents and drawings being used?



Management Systems

Design information – passing the baton 36

• Ask for hazard information – not risk information

• Only accept complete and signed information

• Accept work if you know there is sufficient time to do things safely



Management Systems

Take-home messages – to do, or seek evidence of 37

• Make yourself aware of engineered safety ‘tools’, and what they are (or should have been) used for. Look for evidence. (avoid ‘using a hammer to insert a screw’)

• Spend more time looking for lessons learned – they are all out there

• Have to address ‘HI/LP’ events, but the HL/LI issues are the ones costing!

• Look for HAZARDS, not risks

• Apply a safety process – have a PLAN, discuss it as a team, and think ahead

• Can use a ‘check-list of tools’ in your plan

• For railways, think interfaces and interfacing, throughout the asset lives.

• Read the WHS Act - doesn’t take that long (and applicable regulations)

Applying the WHS legislation means doing what is reasonably practicable, which mostly means doing to what you are supposed to, and keeping records to show it



Management Systems

Books 38

Think Control, Not Risk

Marcus Punch, ($30, from Quicksales)

Puts ideas into practice.

Failure to Learn – the BP Texas City Refinery disaster,

Andrew Hopkins, ($60 from Amazon)

Straightforward lessons from too-recent events



Management Systems

Thank-you 39


[email protected]

Mike Hurd

0432 858 958

engineered safety and rail systems...• so we will not implement the idea, and we believe we have...

Documents