Proceedings Society for Risk Analysis - Europe. The 1998 annual conference:
Risk analysis: Opening the process. Paris, October 11-14.
Lars Harms-Ringdahl, Institute for Risk Management and Safety Analysis,
Bergsprängargränd 2, S-116 35 Stockholm, Sweden
A study is being made with the focus on different theories and applications concerning "safety barriers" and "safety functions". One aim is to compare the characteristics of different kinds of safety functions, which can be purpose, efficiency, reliability, weak points etc. A further aim is to summarise how the combination of different barriers are described and evaluated. Of special interest are applications from nuclear and chemical process safety.
The study is based on a literature review, interviews and discussions. Some preliminary conclusions are made. For example, it appears to exist a need for better tools to support the design and evaluation of procedures. There are a great number of theoretical models describing safety functions. However, it still appears to be an interest in further development of models, which might give the basis for improved practical tools.
The concept of safety and methodology for achieving it varies highly between different application areas. The idea behind the project was to compare how safety is handled, and how systematic approaches are used.
Systems which can prevent or stop the evolution of accidents are sometimes called safety barriers, which have some kind of safety function. The barrier concept is common in the field of nuclear safety, but also in other areas. A safety barrier can be of technical nature, but often administrative controls and human actions are included. The barriers can also be on different levels in the systems hierarchy. The barrier concept has been applied in several accident and safety analysis models (e.g. Svenson, 1991). Although the concept is common, there are still a lot of questions about how safety functions shall be evaluated and described theoretically.
One aim of the project is to compare the characteristics of different kinds of safety functions, which can be purpose, efficiency, reliability, weak points etc. A further aim is to summarise how the combination of different barriers are described and evaluated.
The project involves literature studies, interviews and discussions. The work is still in progress, and some preliminary results are given in this paper.
Examples of safety approaches
Nuclear power sector
A summary of basic safety concepts in nuclear power area is given by INSAG (1988). Twelve fundamental safety principles are discussed, and they are divided into three main groups. A compressed overview is given in Table 1.
Table 1. Summary of general safety principles (from INSAG, 1988)
Defence in depth
Defence in depth
Proven engineering practices
In the report (INSAG, 1988), also a set of 50 "specific safety principles" are discussed. They are demonstrated by placing them in a diagram with two "dimensions". The first dimension is "Life cycle " with the parts: Site, Design, Manufacturing, Commissioning, and Operation. The second dimension is "Safety" with the parts: Defence in depth, Prevention, Verification, Control, Accident management, and Accident mitigation.
Safety within the nuclear power area is well documented in numerous reports. Some examples concerning principles and methods are published by IAEA (1996), INSAG (1996), Svenson (1991), and Wahlström and Gunsell (1998).
Chemical industry sector
Also the chemical industrial sector has a long tradition of systematic safety work. An overview of safety principles is given in "Guidelines for Safe automation of Chemical Industries" (CCPS, 1993). It describes both general aspects, as well as safety in connection with automated safety and process control systems.
A fundamental term is "Protection layer" which "typically involves special process designs, process equipment, administrative procedures, the basic process control system and/or planned responses to imminent adverse process conditions; and these responses may be either automated or initiated by human actions".
In a figure "Protection layers" with eight levels are shown. These are arranged in order how they are activated at an escalating accident:
The literature part of the study could be made very large, and for practical reasons it has to be strongly limited. A number of comparisons of terms and approaches are being made. Interviews and discussions with persons practically involved in safety issues give an essential additional information. Their perspectives differ somewhat from the official and theoretical literature, which often focus on the positive picture and the possibilities. It appears to be a number of safety issues which could be solved better than today.
Especially, the design of administrative procedures and how they work in practice was a common subject for discussions. There was a clear need for better tools to support the persons, who design the procedures, and those who should evaluate them. An impression is that the traditional quality concept (e.g. IAEA, 1996) does not support this well enough. Similar discussions arose concerning automatic safety systems, their design and the evaluation of the safety functions.
There are a great number of theoretical models describing safety aspects. At first a bit surprising, the interviews and discussions pointed at a further need for better modelling of safety aspects. This should later (or in parallel) be transformed into suitable tools. A preliminary conclusion is that such a development would require a combined effort from people in different traditions such as human factors, probabilistic analysis, and a general system safety approach.
The Swedish Nuclear Power Inspection has sponsored the project, which is gratefully acknowledged.
CCPS (Centre for Chemical Process Safety). Guidelines for Safe automation of Chemical Industries. American Institute of Chemical Engineers, New York 1993 (424 p.)
IAEA. Quality assurance for safety in nuclear power plants and other nuclear installations. International Atomic Energy Agency, Vienna , 1996 (350 p.)
IEC International Electrotechnical Commission. Standard IEC 1508 Functional safety: safety related systems (Draft ). IEC International Electrotechnical Commission, 1997 (350 p.)
INSAG (International Nuclear Safety Advisory Group). Basic safety principles for Nuclear Power Plants. International Atomic Energy Agency, Vienna, 1988 (73 p.)
INSAG (International Nuclear Safety Advisory Group). Defence in depth in nuclear safety. International Atomic Energy Agency, Vienna, 1996 (33 p.)
Svenson O. The accident evolution and barrier function (AEB) model applied to incident analysis in the processing industries. Risk Analysis Vol. 11, No 3, 1991 (499-507)
Wahlström B, and Gunsell L. Reaktorsäkerhet; En beskrivning och en värdering av säkerhetsarbetet i Norden. (NKS/RAK-1(97) R8. NKS-sekretariatet, Risö forskningscenter, Denmark 1998. (175 p.)
IRS home 1999-02-24