Exclusion of major accident events in safety cases

Article published in the Regulator | Issue 2: 2016

NOPSEMA has recently rejected a number of safety cases where certain hazards with the potential to cause a major accident event had not been appropriately considered.

In many cases, the formal safety assessment description simply excluded these hazards on the basis they were not considered to be ‘credible’ due to the control measures in place. For example, operators of facilities have previously argued that ‘accommodation fire’ is not a major accident event because it is not considered credible due to combustion-proof construction of accommodation modules, fire protection equipment etc. Accommodation fire, however, is known to occur in the offshore petroleum industry and the type of construction material and fire protection equipment installed are simply technical controls to reduce the risk of an accommodation fire major accident event. Operators may be tempted to exclude major accident events because they are perceived to be extremely unlikely. The exclusion of events can often result from an assumption that existing controls are highly effective and therefore the occurrence of such an event is not considered possible. This type of exclusion is undesirable for the following reasons:

• The principle of identifying hazards with the potential to lead to a major accident event, and then demonstrating that sufficient controls are in place to reduce the risks associated with those hazards to a level that is as low as reasonably practicable (ALARP), is fundamental to both the safety case concept and the objectives-based offshore petroleum OHS regulatory regime.

• The control (that was thought to eliminate the risk) may not be as robust as first thought. For example, controls can deteriorate over time and the effectiveness of new controls is often unproven – the effectiveness of technical controls should be regularly tested, where practicable. • Controls may not be adequately managed if their importance is not recognised.

• The initial assessment may not be based on appropriate grounds, and a further detailed assessment may indicate that the risk is higher due to site-specific considerations.

• Knowledge of all potential events is essential for emergency planning. NOPSEMA’s Hazard identification guidance note (GN0107) provides further information on hazard identification. Operators are reminded that a safety case must contain a detailed description of the formal safety assessment, being an assessment or series of assessments, which:

a) identifies all hazards having the potential to cause a major accident event

b) is a detailed and systematic assessment of the risk associated with each of those hazards, including the likelihood and consequences of each potential major accident event

c) identifies the technical and other control measures that are necessary to reduce that risk to a level that is as low as reasonably practicable.