Offshore Safety: People power with technology

Luis Duran

November 1, 2013

ABB’s Luis Duran explains how proper asset integrity management can cut down human error, reduce risk, and make the offshore oil and gas industry a safer environment in which to work.

Statoil’s Tjeldbergodden control room Photo: ABB.Safety and asset integrity are costs that can pay back big dividends in the offshore oil and gas industry in decreased downtime and improved productivity, efficiency and profitability. To fully realize there is a need to eliminate human errors and squeeze the most out of automation technologies.

A perfect case in point for process safety and integrity management come into play when you look at the Piper Alpha disaster 25 years ago in the North Sea on July 6, 1988.

The human factor played large in the disaster where a series of mistakes cascaded into a catastrophe that left 167 men dead, 61 survivors and a loss of $3.4 billion. But it didn’t have to be that way.

As it is with most disasters, there were a series of errors that added up to a major catastrophe. It started with the two condensate pumps, designated A and B. On the morning of July 6, Pump A’s pressure safety valve ended up removed for routine maintenance. Crew members planned to overhaul the pump, but had not started it. They temporarily sealed the open condensate pipe with a disk cover. Because the crew did not complete the work by 6 p.m., the disc cover remained in place. The on-duty engineer filled out a permit that stated Pump A was not ready and no one should switch it on under any circumstances.

The engineer failed to inform the on duty custodian of the condition of Pump A. Instead he placed the permit in the control center and left. This permit disappeared. Meanwhile, there was another permit issued for the general overhaul of Pump A that had not yet begun.

Just over three hours later, because of problems with the methanol system earlier in the day, hydrates started to accumulate in the gas compression system pipework, causing a blockage. Due to this blockage, condensate Pump B stopped and they could not restart it. As the entire power supply of the offshore construction work depended on this pump, the manager had only a few minutes to bring the pump back online, otherwise the power supply would fail completely. A search ensued through the documents to determine whether they could start Condensate Pump A, which would alleviate the problem.

Workers found the permit for the overhaul, but not the permit that said the pump must not start under any circumstances due to the missing safety valve. The valve was in a different location from the pump and therefore the permits were in different boxes because they ended up sorted by location. No one was aware that a vital part of the machine was not there. The manager assumed from the existing documents that it would be safe to start Pump A.

Pump A switched on. Gas flowed into the pump, and because of the missing safety valve, produced an overpressure which the metal lid could not handle. Gas leaked out at high pressure and triggered six gas alarms including the high level gas alarm. Before anyone could act, the gas ignited and exploded.

It didn’t take long for the ensuing fire and explosion to take over and destroy what was left of the platform.

Yes, looking at Piper Alpha 25 years after the incident, it is easy to point fingers, but the reality is technology like an asset management/asset optimization/ maintenance system would have allowed workers to know the actual status, along with a single common storage area for all permits. Procedures were in place to follow a proper safety process, however, the total lack of people coordinating and remaining vigilant rendered the technology and process moot. Add in today’s advanced technology to help cut down on human factors, and it is much easier to avoid any kind of disaster offshore.

Reducing Risk

In the offshore environment, it is all about reducing risk and to do that an inherently safe process a manufacturer has to design in inherently safe processes. Offshore processes have a built in danger and that means accidents should always be at the forefront of everyone’s mind. Knowing that, incidents remain lower than in other industries.

In 2011, there were 2.3 incidents of injury and illness per 100 oil and gas workers, according to the US Bureau of Labor Statistics. The US offshore industry experienced an even lower rate of 0.8 incidents per 100 full-time workers. That compares with 3.5 incidents per 100 for the entire private sector.

Additionally, a 2012 Interior Department report examined spill records from 1996 through 2010 (the year of the Deepwater Horizon incident). Researchers found offshore spill frequency was actually “relatively low” despite the fact Gulf of Mexico deepwater oil production had risen sharply over that time.

With a strong safety culture, the potential for accidents will significantly lower through a constant assessment of the significance of safety events and issues to ensure each receives the appropriate level of attention.

One area manufacturers need to focus on is not just reacting to a problem, but also assessing near misses. All factors should come into play in a true safety lifecycle management program. A cycle for continuous improvement in safety performance also should be in place to track any near misses, analyze them for root causes, and use the results to further improve safety system performance. This is another area where technology can help operator track the right KPIs which plant management already established.

In the case of Piper Alpha, dismissing what may seem like an insignificant issue in the past may not seem important, but after a period of time of ignoring a seemingly small issue, that may lead to other slights, which starts the countdown to a disaster.

Proper management of the safety lifecycle requires trained and certified workers. Along those lines, maintenance of safety-related equipment often goes overlooked and that means operations and maintenance personnel need training and certification in testing safety systems. Better adherence to maintenance practices is a must. Asset integrity management systems can help bring about a more proactive maintenance strategy and can even reduce maintenance costs.

Part of those assessments will include the idea that system design must follow safety standards that include an ongoing continuous improvement cycle based on periodic hazard analysis or HAZOP. That ongoing analysis will continue to determine the type of safety protection needed, such as an Emergency Shutdown system. The next task is to assess the appropriate Safety Integrity Level (SIL) the system must meet.

The IEC 61508 and IEC 61511 developing standards define, among many items, four safety integrity levels. Most production facilities in the oil and gas and petrochemical sectors have critical safety applications that range from SIL 1 to SIL 3 (the three levels referenced in the ANSI/ISA S 84.01 guidelines).

In addition, asset management systems must undergo regular testing and maintenance in accordance with safety procedures. Proper asset management must include an alarm management strategy with warning or event indication to alert the operator and maintenance when maintenance is due.

Integrated Safety

Offshore installations service specialists. Photo: ABB.Integrated safety with automation systems can be an important technology trend where critical information or alarms are on display. Utilizing common reporting tools for safety and control systems creates an environment for consistent analysis and breeds familiarity with safety systems for the operator. Along those lines, operator ergonomics that facilitate fast and correct operator decision-making and produces measurable improvements in plant productivity, information flow, and safety can improve the work environment and have a positive impact on remaining alert, which removes the potential to miss critical information due to fatigue.

The design allows for the system to react properly to an incident, but it can’t just stop there. Inevitably, operators need training. The system cannot prevent every little discrepancy, but the right problem solvers in the right culture married to the technology will solve issues before they escalate.

One way to deal with safety is to implement lifecycle management that will not only allow the user to work with issues known today, but also take care of those that appear down the road.

Review the entire lifecycle. When the designers created the system, did they understand the risks? Did they use reasonable levels of probability? How about the consequences? Did they mitigate those factors?

Equipment will continue working for years, but other factors intervene. Just how sure is everyone that valves that have been in place for 20 years or so will open or close as they should during an emergency situation? Have they undergone any testing and how do you know they will work? What about the pumps?

Safety Culture

The system 800xA extended operator workstation. Photo: ABB.Technology will not fix a problem unless the right processes and the right best practices are in place. Technology will help enable people to make the right decision. But the safety culture has to be there to enforce them to make the decision in the first place. Even with multiple technology protective layers, users need to enforce a strong safety culture that reaches every level — and it has to start at the top.

The following are some recommendations to keep everyone tuned into safety:

Use check lists: Create a check list and then have a co-worker verify the checklist. With tablets becoming more commonplace, that will be a big help.

Foolproofing: Understand and recognize which operations are highly critical and sit down and make sure everyone understands that and then find the answer to the question of how can we make this foolproof.

Flag changes: Operators and maintenance users get a flag that tells them when systems or devices end up moved off automatic and into manual or in the case of Piper Alpha which are not usable. Flagging should make workers aware. Communication: Workers need to cross check and talk through an issue; create a collaboration table where people can have a look at the plant digitally where they can cross check and look at diagrams and understand the ramifications behind decisions. Don’t rush.

Safety and Integrity Management

Along with keeping people tuned in, there is also the point where process safety and integrity management can come together. Process safety is the prevention of unplanned and uncontrolled loss of containment from plant and process equipment that might cause harm to people or the environment. That definition works hand in hand with integrity management which is the assurance that plant and equipment are fit and ready to go by establishing competent people, effective systems and dependable assets.

Operators understand to achieve safety, reliability and plant integrity goals requires a holistic approach to integrity management. They need to understand safety, integrity and reliability all link. In essence, they all tie together into a management system that should operate cohesively to manage risk and achieve the economic goals of the business.

There are three elements in play when undertaking any integrity management review: The reliability and integrity of the assets, the effectiveness of the systems and procedures in place to control operation and maintenance of the assets, and the knowledge and competence of the workforce managing and maintaining the assets.

Human factors end up being a key factor in the review from management understanding and support, communications across the lifecycle, establishing effective information systems, and an understanding of the design and construction features and deterioration mechanisms by all the relevant groups. Benefits from integrated safety and integrity management include:

••Being in control, resulting in improved health, safety and environmental performance; full regulatory compliance, and business performance benefits, including higher plant availability, improved output and more reliable customer provision ••Reduced costs, including maintenance costs.

••Compliance with the ability to reliably meet ever more demanding regulatory requirements

••Technology backbone to a culture that ensures safety and integrity are integral parts of day to day operations.

••Delivery of performance which means a more proactive approach and managing improved performance sustainably

Continuous Training

A majority of the industrial accidents that occur every year are a result of human error. Every year, a majority of accidents occur as a result of improper training of personnel. Systems can have the right design to react properly to an incident, but manufacturers need properly trained workers to ensure the safe handling of a problem.

Manufacturers need to have an action plan of best practices to ensure a safe environment. They need to: ••Set up procedures for reducing incidents that include proactive asset management and written standard operating procedures.

••Perform comprehensive hazard assessment after every incident or accident to ensure equipment meets baseline protection levels at minimum.

••Manage process safety as an all-inclusive effort where all parties (including third-party contractors) possess appropriate process safety knowledge and expertise. Root cause analysis of incidents leverages lessons learned and adds to the overall body of knowledge.

••Consider an integrity management system to gain more knowledge of the current state of all equipment as it relates to safe operations.

••Do retrospective HazOp implementing “what if” scenarios. If the plant has been running 10 to 15 years, every five years the plant should do a HazOp test to make sure everything is working.

••Layers of protection analysis (LOPA). This is to overcome human factors where plants undergo changes over the years. People have modifications like add ons or close offs. This type of analysis would inform what was working and what was not.

••Asset integrity management. This is for the mechanical items on a production plant. Make sure the control valves, the emergency relief valves, piping and pressure vessels, etc. undergo inspections at defined frequencies.

••Alarm management. A root cause of the Three Mile Island nuclear plant incident was the operators ended up swamped with alarms. Operators had dozens of flashing lights and they couldn’t tell the wood from the trees. Alarms need to be in context. Now there are emergent standards coming out that allows for a certain amount of alarms in 10 minutes.

Safety goes beyond just ensuring processes remain stable. By having a solid plan and ensuring a strong safety culture where users and automation technology remain intertwined, there will be a direct link to increases in production and decreases in incidents. Producers need to look at the big picture and realize just what a strong safety program brings to the bottom line. OE

Luis DuranLuis Duran is Product Marketing Manager, Safety Systems, at ABB. Duran holds a Functional Safety Engineer certification from TÜV, and an MBA and a degree in Electrical Engineering from Universidad Simon Bolivar Caracas, Venezuela.

Image Caption (top): Statoil’s Tjeldbergodden control room
Photo: ABB.

Image Caption (middle): Offshore installations service specialists.
Photo: ABB.

Image Caption (Bottom): The system 800xA extended operator workstation.
Photo: ABB.