Incorporating the Human Reliability Technique (Petro-HRA) into the Real-Time Dynamic Risk Management Tool

Dynamic Risk Advisor (DRA) is a risk management tool developed combining two risk assessment methods (Bowtie and LOPA). This tool is a web application that aggregates information from different management systems (e.g., Maintenance, Training, Supervisory, and Digital Checklists Systems) and shows in real-time the process safety barrier health situation. Furthermore, using LOPA technique it is possible to calculate the hazardous scenario tolerability also in real time, once DRA considers the number of active, contingent, and degraded barriers. In its new version, DRA incorporates the Petro-HRA method to evaluate the Human Error Probability (HEP). This new feature helps to increase the accuracy of risk assessment, especially for industries such as drilling companies, where there are several barriers that rely on Human-Machine Interaction (HMI).

1 Introduction

In recent years, the topic of Process Safety has been gaining strength in the chemical industry and, in addition, there is an irreversible trend towards digitization of processes and information to help managers, engineers, and crew members keeping it safe.

In this scenario a real-time monitoring system, called Dynamic Risk Advisor (DRA), was developed combining two different methods of risk assessment (LOPA and Bowtie), aiming to evaluate the integrity of three barrier classes, which are Physical, Organizational and Human. To perform this real time monitoring, DRA system integrates with other systems like MAXIMO (Maintenance Management; MOC System), DRAKE (Training Platform), ChecklistFácil (Digital Checklists), and Supervisory System (F&G System, Thrusters, sensors etc.). Using all data from those systems, was created a specific Performance Standards criteria for barrier degradation and was stablished the acceptable frequencies of unsafe events based on the ALARP (as low as reasonably practicable) approach.

The DRA has been updated to include the PetroHRA method in its human barrier risk assessment. The Petro-HRA is a method for qualitative and quantitative assessment of human reliability analysis in the Petroleum Industry. This new feature helps to increase the accuracy of risk assessment, especially for industries like drilling companies, where there are several barriers that depend on Human Machine Interaction (HMI). PetroHRA was chosen because of its compatibility with LOPA.

The frequencies of threats, hazard scenarios and its consequences shown in DRA screen are calculated using the LOPA semiquantitative method. DRA has “Dynamic” in its name because it automatically calculates the residual risk based on barriers’ health in real time. Furthermore, the Bowtie layout exhibited in DRA provides an easy-to-understand overview of implemented barriers and its integrity. This tool was designed to help both managers and entire process-related workforce to find safety vulnerabilities, prioritize preventive and corrective actions and manage the processes risks.

2 Discussion

2.1 Risk Assessment Methods

The Dynamic Risk Advisor (DRA) was developed combining two different risk assessment methods. The first one is the Bowtie method and the second is the Layer of Protection Analysis (LOPA). The Bowtie method was selected because of its easy-to-understand layout, where the hazard, top event, threats, and consequences are easily identified. Furthermore, a Bowtie diagram ease the work of finding the correlation between a safety barrier and a specific threat or consequence.

The LOPA method is useful for calculating the number of safety barriers required to maintain the risk at tolerable level. The risk tolerance criterion is based on ALARP principle (As Low As Reasonably Practicable). Therefore, each physical barrier has a Probability of Failure on Demand (PFD) based on the literature or drill rig history, and the human barriers has its Human Error Probability (HEP) based on the results of PetroHRA studies. The PFD/HEP number directly affects the number of safety barriers required to achieve the acceptable risk level.

The Figure 1 shows the main screen of Dynamic Risk Advisor using the Bowtie diagram structure.

Figure 1. DRA main screen using the Bowtie diagram structure

2.2 Barriers Monitoring

The main function of the system is to monitor the safety barriers health. Therefore, DRA has specifics performance standards criteria for each of the three types of barriers, which are organizational, human, and physical. DRA is also capable of identify the “running” hazardous scenario, disabling those scenarios that are not applicable in a specific operation. This feature is especially useful for batch operations or highly dynamic operations, such as offshore drilling operations.

Organizational barriers are related to procedures, standards, and operational checklists. This kind of barrier is degraded when crew members are not trained in a critical safety procedure or do not attend an operational checklist related to that barrier.

Physical barriers are related to equipment and safety instrumentation. In this type of barrier, the Dynamic Risk Advisor system can monitor and indicate overdue maintenances, absence of risk assessment in in contingent equipment, and safety equipment and instrumentation out of service.

Human barriers are related to some human safety action, like attend to a pre-operation checklist or to an alarm recognition, or process monitoring, or any safety critical task.

In addition to barriers monitoring, the system also gives the general situation of hazardous scenario depending on the number of barriers degraded. The system also indicates the specific bad actor, which is degrading some barrier, for example: the crew member who doesn’t complete the training in time; which safety checklist is warning about some unsafe aspect; and the equipment tag number with overdue maintenance.

2.3 Incorporating PetroHRA into DRA

As mentioned above, PetroHRA permits to calculate the Human Error Probability (HEP) of safety human tasks. Then, as a part of PetroHRA implementation, Foresea has performed an update of its Risk Assessment Studies with the aim of addressing all critical safety tasks present in human barriers of Bowtie. This led to a Critical Safety Task List which served to initiate PetroHRA studies. As an example, the steps for evaluating the HEP for well shut-in task is described below.

First, was defined the scenario “Well Shut-in during drilling operations”. Then, a multidisciplinary team developed a Hierarchical Task Analysis (HTA), shown in Figure 2. In this step the team divided the Well Shut-In Task into several subtasks, which must be analyzed in the next

With the HTA concluded, the same team elaborated and discussed a Tabular Task Analysis (TTA), where was possible to identify in detail the Performance Shaping Factors (PSFs) and its impacts on each subtask. The analyzed PSFs includes Time Available, Threat Stress, Task Complexity, Training/Experience, and other factors.

Once finished TTA, the HEP was calculated using the Human Error Quantification Technique. This quantification is very similar to an event tree analysis, as shown in Figure 3. In total there are 9 different PSFs, and each one has its own criteria of how it impacts the subtask. The Figure 4 shows the “Threat Stress” PSF and its levels and multipliers. To calculate the final HEP of each subtask its necessary multiple the Nominal HEP (NHEP, and NEHP = 0.001) by each multiplier of all 9 PSF, as shown in the Equation 1 below.

HEP = 0.01(NHEP) x multiplier (Time) x multiplier (Threat Stress) x multiplier (Task Complexity) x multiplier (Experience/Training) x multiplier (Procedures) x multiplier (HMI) x multiplier (Attitudes to Safety, Work and Management Support) x multiplier (Teamwork) x multiplier (Physical working environment)

Equation 1. HEP calculation

It is important to highlight that if the final HEP does not meet the minimum criterion of 0.01, then it is necessary for the multidisciplinary team improves the safety of the task by doing recommendations, for example, improving procedures, training, supervision, etc.

If recommendations are necessary, they must be implemented, and once implemented then a new HEP must be calculated. And following these steps, achieving the Human Error Probability, this value is inserted into its respective DRA’s barrier, improving the accuracy of the final risk calculations.

Figure 3. Example of part Human Error Quantification on PetroHRA

Figure 4. Levels and Multipliers for the Threat Stress PSF

3 Conclusion

Since it was launched the Dynamic Risk Advisor is being continuously improved using the user feedback. The system proved to be useful in terms of preventing nonconformities and helping the teams to quickly identify vulnerabilities in its process safety barriers. Furthermore, the system was able to help maintenance teams prioritize maintenance schedules based on the updated status of the safety equipment.

With the increasing importance of human factors in the safety of people and operations, it becomes increasingly relevant to incorporate human reliability analysis techniques into the tools used to monitor and reduce risks. And PetroHRA proved to be compatible with DRA.

By applying PetroHRA method some benefits were identified, as follows: best characterization of IPL barriers, properly characterization of human and organizational factors in bowtie diagrams, identification of critical tasks, establishment of procedures, premises and working method for conducting the reliability studies.

Nevertheless, the PetroHRA method brings some challenges, such as: ensuring that all differences in each Drilling Rig Unit will be considered, evaluating critical tasks from third parties, carrying out Human Reliability studies to evaluate maintenance activities and inspections, and how to stablish criteria for re-evaluate these studies when motivated by Management of Change, degraded Safety Critical Elements and periodic reassessment.