Project
NAME:
HydrogenFuellingOptions..sbmx
DESCRIPTION
Safety barrier analysis of Liquid Hydrogen Station based on the FMEA analyses and other information from: "Failure Modes and effects analysis for hydrogen fuelling options, California Energy Commission (CEC) Consultant report Nov. 2004, CEC-600-2005-001/Technical Consultant report TR-03-177 TIAX Case D0130.
The analysis is performed by Nijs Jan Duijm, Risø National Labortory, Denmark, using the barrier type classification as developed under the ARAMIS project.
This analysis is only qualitative - therefore all PFD's and frequencies are zero.
Initial Event
NAME:
Tank filling operation
Expected Frequency of Occurrence per Year:
0
Intermediate Event
NAME:
Overpressure storage tank
Expected Frequency of Occurrence per Year:
0
Consequence
NAME:
tank burst - instantaneous release of full tank contents
Expected Frequency of Occurrence per Year:
0
Consequence
NAME:
Release of full tank contents
Expected Frequency of Occurrence per Year:
0
Consequence
NAME:
Unnoticed explosive atmosphere
Expected Frequency of Occurrence per Year:
0
Intermediate Event
NAME:
Pressure rise in tank
Expected Frequency of Occurrence per Year:
0
Initial Event
NAME:
Truck has defects on arrival
Expected Frequency of Occurrence per Year:
1
Intermediate Event
NAME:
Release from unloading facility
Expected Frequency of Occurrence per Year:
0.01
DESCRIPTION
Initial Event
NAME:
Defects in unloading hoses
Expected Frequency of Occurrence per Year:
0
Initial Event
NAME:
Incorrect coupling to fixed facility
Expected Frequency of Occurrence per Year:
0
Intermediate Event
NAME:
Continued release from unloading facility
Expected Frequency of Occurrence per Year:
0
Consequence
NAME:
Cryogenic burn/personnel
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Consequence
NAME:
Cryogenic burn/third parties
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Intermediate Event
NAME:
Liquid hydrogen spill
Expected Frequency of Occurrence per Year:
0.01
DESCRIPTION
Initial Event
NAME:
Liquid hydrogen in unloading hose
Expected Frequency of Occurrence per Year:
1
DESCRIPTION
Initial Event
NAME:
Vehicle movement into truck or unloading facility
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Consequence
NAME:
Liquid hydrogen release
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Intermediate Event
NAME:
Loss of vacuum insulation
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Initial Event
NAME:
Boil-off exceeds consumption
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Intermediate Event
NAME:
Loss of containment/ unloading
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Initial Event
NAME:
Release from inner tank
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Consequence
NAME:
Hydrogen release from jacket
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Initial Event
NAME:
External damage of jacket
Expected Frequency of Occurrence per Year:
0
DESCRIPTION
Barrier Diagram
NAME:
Liquid Hydrogen Station - Truck delivery and unloading action
DESCRIPTION
Safety analysis of the truck delivery and unloading activities
This analysis does not include the liquid hydrogen storage tank
Barrier
NAME:
Unloading Inspection
Probability of Failure on Demand (PFD): 0.01
DESCRIPTION
BARRIER TYPE:
10 Activated Barrier - Procedural (Observation of local conditions not using instruments)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Inspection of hoses
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
10 Activated Barrier - Procedural (Observation of local conditions not using instruments)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Inspection of connections
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
10 Activated Barrier - Procedural (Observation of local conditions not using instruments)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Supervision during unloading
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
10 Activated Barrier - Procedural (Observation of local conditions not using instruments)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Hydrogen sensors
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
8 Activated Barrier - Warned (Human Action based on passive warning)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Collision prevention
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
3 Temporary Passive Barrier - Put in place (and removed) by person
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Venting prior disconnection
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
10 Activated Barrier - Procedural (Observation of local conditions not using instruments)
BARRIER TYPE DESCRIPTION
OR Gate
NAME:
OrGate1
Barrier
NAME:
Limited access
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
8 Activated Barrier - Warned (Human Action based on passive warning)
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Personal protection
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
3 Temporary Passive Barrier - Put in place (and removed) by person
BARRIER TYPE DESCRIPTION
Barrier Diagram
NAME:
Liquid Hydrogen Station - Liquid Storage
DESCRIPTION
Design Intent: Store 2000 gallons (7.6 m3) of liquid hydrogen at 10 psig (0.7 barg) and -420 F (22 K)
Barrier
NAME:
Overfilling protection
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
7 Activated Barrier - Manual (Human action triggered by active hardware detection)
BARRIER TYPE DESCRIPTION
OR Gate
NAME:
OrGate2
OR Gate
NAME:
OrGate3
Barrier
NAME:
Pressure Relief Valve
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
5 Activated Barrier - Hardware on demand
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Pressure Safety Valve
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
5 Activated Barrier - Hardware on demand
BARRIER TYPE DESCRIPTION
Barrier
NAME:
Rupture disc
Probability of Failure on Demand (PFD): 0
DESCRIPTION
BARRIER TYPE:
5 Activated Barrier - Hardware on demand
BARRIER TYPE DESCRIPTION
Barrier Diagram | Consequence | Prob./Expected Freq. | (Unit) | Severity |
---|---|---|---|---|
Liquid Hydrogen Station - Truck delivery and unloading action | Unnoticed explosive atmosphere | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Truck delivery and unloading action | Cryogenic burn/personnel | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Truck delivery and unloading action | Cryogenic burn/third parties | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Liquid Storage | Liquid hydrogen release | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Liquid Storage | tank burst - instantaneous release of full tank contents | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Liquid Storage | Release of full tank contents | 0 | Expected Frequency of Occurrence per Year | |
Liquid Hydrogen Station - Liquid Storage | Hydrogen release from jacket | 0 | Expected Frequency of Occurrence per Year |
Barrier Diagram | Critical Event | Prob./Expected Freq. | (Unit) |
---|
Expected Frequency of Occurrence per Year | insignificant | significant | serious | |
---|---|---|---|---|
Frequent | More likely than: 0.1 | |||
Probable | Less likely than: 0.1 | |||
Improbable | Less likely than: 0.001 | |||
Very Improbable | Less likely than: 1E-5 |
Barrier | Barrier Diagram | Generic Barrier | Barrier Type | PFD | Description | 1st ARAMIS Item, Manpower Planning and Availability | 2nd ARAMIS Item, Competence and Suitability | 3rd ARAMIS Item, Commitment, Compliance and Conflict resolution | 4th ARAMIS Item, Communication and Coordination | 5th ARAMIS Item, Procedures, rules, and goals | 6th ARAMIS Item, Hard/software purchase, build, interface, install | 7th ARAMIS Item, Hard/software Inspection, Maintenance, and Replacement | 0th ARAMIS Item, Safety Culture | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | ||||||
Unloading Inspection | Liquid Hydrogen Station - Truck delivery and unloading action | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | 0.01 | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) On arrival of the truck, the truck is inspected visually for defects by driver or station operator (need to be decided who). The mitigation action what to do in case defects are noted need to be included. This need to be documented and trained as a standard procedure. | |||||||||||||||||
Inspection of hoses | Liquid Hydrogen Station - Truck delivery and unloading action | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | 0 | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) Inspection of hoses before unloading/connection | |||||||||||||||||
Inspection of connections | Liquid Hydrogen Station - Truck delivery and unloading action | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | 0 | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) Connections are inspected before unloading action is started | |||||||||||||||||
Supervision during unloading | Liquid Hydrogen Station - Truck delivery and unloading action | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | 0 | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) The unloading action is monitored by personnel. Note that the personnel may become disabled by freeze burn - consider additional remote monitoring Deviations of the unloading lead to aborting the unloading action | |||||||||||||||||
Hydrogen sensors | Liquid Hydrogen Station - Truck delivery and unloading action | 8 Activated Barrier - Warned (Human Action based on passive warning) | 0 | 8 Activated Barrier - Warned (Human Action based on passive warning) Hydrogen sensors are located near the unloading facility The sensors themselves do not mitigate the presence of an explosive atmosphere, so a follow up has to be find in terms of alarms, evacuation, close down of unloading operation, close down of potential ignition sources | |||||||||||||||||
Collision prevention | Liquid Hydrogen Station - Truck delivery and unloading action | 3 Temporary Passive Barrier - Put in place (and removed) by person | 0 | 3 Temporary Passive Barrier The unloading facility can be protected against external impacts such as third party traffic. Different options are possible. The FMEA report suggests that driver puts caution cones around the truck. This would be an "activated barrier - warned (Human action based on warning, sign, alarm), where the barrier is also temporary, i.e there are two failure modes: the cones are not placed or the driver ignores the warning. A more robust option would be a combination of collision-resistant barriers (e.g. concrete poles, steel barrier) around the unloading facitily in combination with a collision-resistant temporary barrier (fence) on the access way to the truck's unloading position | |||||||||||||||||
Venting prior disconnection | Liquid Hydrogen Station - Truck delivery and unloading action | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | 0 | 10 Activated Barrier - Procedural (Observation of local conditions not using instruments) Unloading hoses need to be vented prior to disconnection | |||||||||||||||||
Limited access | Liquid Hydrogen Station - Truck delivery and unloading action | 8 Activated Barrier - Warned (Human Action based on passive warning) | 0 | 8 Activated Barrier - Warned (Human Action based on passive warning) A safety distance atround the truck and unloding facility where access is prohibited to third parties and personnel not involved in the unloading action Barrier can be enforced by signs, lights (when unloading) and supervision of personnel | |||||||||||||||||
Personal protection | Liquid Hydrogen Station - Truck delivery and unloading action | 3 Temporary Passive Barrier - Put in place (and removed) by person | 0 | 3 Temporary Passive Barrier Unloading operator and truck driver have donned protective clothing against cryogenic burn ("Nomex suit") | |||||||||||||||||
Overfilling protection | Liquid Hydrogen Station - Liquid Storage | 7 Activated Barrier - Manual (Human action triggered by active hardware detection) | 0 | Overfilling protection may consists of several independent systems, instruments, alarms and human intervention 7 Activated Barrier - Manual (Human action triggered by active hardware detection) | |||||||||||||||||
Pressure Relief Valve | Liquid Hydrogen Station - Liquid Storage | 5 Activated Barrier - Hardware on demand | 0 | 5 Activated Barrier - Hardware on demand The inner tank is provided with two pressure relief valves. The release will be vented to a safe location (vertical upwards and well above the ground level) These relief valves will be able to handle pressure rise due to normal evaporation rates in the tank by venting vapour. Overfilling will cause the PRV's to dump liquid as well. Capacity will probably be too limited to handle full loss of insulation. | 0.5 | 0 | 0.5 | 0 | |||||||||||||
Pressure Safety Valve | Liquid Hydrogen Station - Liquid Storage | 5 Activated Barrier - Hardware on demand | 0 | 5 Activated Barrier - Hardware on demand A pressure safety valve is mounted on the vacuum space between outer jacket and inner tank, that releases at 0 psig (0 barg, i.e. atmospheric pressure) | 0.5 | 0 | 0.5 | 0 | |||||||||||||
Rupture disc | Liquid Hydrogen Station - Liquid Storage | 5 Activated Barrier - Hardware on demand | 0 | 5 Activated Barrier - Hardware on demand On the line to the Pressure Relief Valve a ruspture disc is mounted, that will release the tank pressure if the pressure rises above the set pressure of the PRV's. The release will be vented to a safe location (vertical upwards and well above the ground level) | 0.5 | 0 | 0.5 | 0 |
Generic Barrier | Barrier Type | PFD | Description | 1st ARAMIS Item, Manpower Planning and Availability | 2nd ARAMIS Item, Competence and Suitability | 3rd ARAMIS Item, Commitment, Compliance and Conflict resolution | 4th ARAMIS Item, Communication and Coordination | 5th ARAMIS Item, Procedures, rules, and goals | 6th ARAMIS Item, Hard/software purchase, build, interface, install | 7th ARAMIS Item, Hard/software Inspection, Maintenance, and Replacement | 0th ARAMIS Item, Safety Culture | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | ||||
tank wall | 1 Permanent Passive (Control) | 0 | 1 Permanent Passive (Control) | 0.8 | 0 | 0.2 | 0 | ||||||||||||
Pressure RV | 5 Activated Barrier - Hardware on demand | 0.001 | 0.5 | 0 | 0.5 | 0 | |||||||||||||
Operator control operation | 7 Activated Barrier - Manual (Human action triggered by active hardware detection) | 0.01 | Type: Activated Barrier - Manual (Human action triggered by active hardware detection) Normal control operation in response to instrument reading - highly routine operation (rule based) |
Barrier Type | Description | 1st ARAMIS Item, Manpower Planning and Availability | 2nd ARAMIS Item, Competence and Suitability | 3rd ARAMIS Item, Commitment, Compliance and Conflict resolution | 4th ARAMIS Item, Communication and Coordination | 5th ARAMIS Item, Procedures, rules, and goals | 6th ARAMIS Item, Hard/software purchase, build, interface, install | 7th ARAMIS Item, Hard/software Inspection, Maintenance, and Replacement | 0th ARAMIS Item, Safety Culture | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | ||
1 Permanent Passive (Control) | Detection: none; Diagnosis: none; Activation: hardware. Passive controls are those elements in a process system that are necessary for the system to operate, and essential to avoid the hazardous situations. Typical examples are tanks (tank walls) pipes (pipewalls), anticorrosion paint, floating tank lids, viewing ports in vessels | 0.8 | 0 | 0.2 | 0 | ||||||||||||
2 Permanent Passive Barrier | Detection: none; Diagnosis: none; Activation: hardware. Passive Barriers are elements in a system that are constantly present (i.e. they do not need to be activated), and that are installed with the only reason to avoid or limit hazardous situations (i.e. the installation can in principle operate without those barriers). Typical examples are tank bunds, dyke, blastwalls, fire protection, drainage sump, fence, lightning conductors | ||||||||||||||||
3 Temporary Passive Barrier - Put in place (and removed) by person | Detection: none; Diagnosis: none (must be put in place); Activation: hardware. Barriers temporary put in place such as barriers round repair work, blind flanges over open pipes, spades in pipes, inhibitors in substances | ||||||||||||||||
4 Permanent Active Barrier | Detection: none; Diagnosis: none (need operator activation in some conditions); Activation: hardware. These barriers are constantly present, but need an energy source to work, such as ventilation, active corrosion protection, inerting, heating or cooling. | ||||||||||||||||
5 Activated Barrier - Hardware on demand | Detection: hardware; Diagnosis: hardware; Activation: hardware. Barriers and controls that by hardware take action: Pressure relief valves, interlock systems with "hard" logic, sprinkler installation (barriers) Pressure/temperature/level control (controls or barriers) | 0.5 | 0 | 0.5 | 0 | ||||||||||||
6 Activated Barrier - Automated | Detection: hardware; Diagnosis: software; Activation: hardware. Programmable automated device, control system or shutdown system | ||||||||||||||||
7 Activated Barrier - Manual (Human action triggered by active hardware detection) | Detection: hardware; Diagnosis: behaviour (Rule, Skill or Knowledge based); Activation: Behaviour with possible hardware assist. Actions of operators in response to instrument reading, signals or alarms, e.g. Manual shutdown or adjustment, evacuation, donning breathing apparatus or calling fire brigade on alarm, action triggered by remote camera, drain valve, close/open (correct) valve | ||||||||||||||||
8 Activated Barrier - Warned (Human Action based on passive warning) | Detection: hardware; Diagnosis: behaviour (Skill or Rule); Activation: behaviour. Donning personal protection equipment in danger area, refraining from smoking, keeping within white lines, opening labelled pipe, keeping out of prohibited areas | ||||||||||||||||
9 Activated Barrier - Assisted (Software presents diagnosis to operator) | Detection: hardware; Diagnosis: Software/Behaviour (Rule or Knowledge based); Activation: Behaviour with possible hardware assist. Using an expert system or other software that determines the plant state based on some combination of inputs | ||||||||||||||||
10 Activated Barrier - Procedural (Observation of local conditions not using instruments) | Detection: Human; Diagnosis: Behaviour (Skill or Rule based); Activation: Behaviour with possible hardware assist. (Correctly) follow start up/shutdown/batch process procedure, adjust setting of hardware, warn others to act or evacuate, (un)couple tanker from storage, empty & purge line before opening, drive tanker, lay down water curtain | ||||||||||||||||
11 Activated Barrier - Emergency (Ad-hoc observation of deviation and improvised response) | Detection: Human; Diagnosis: Behaviour (Knowledge based); Activation: Behaviour with possible hardware assist. Response to unexpected emergency, e.g. improvised jury-rig during maintenance, fight fire |
Barrier Element | PFD | Description | 1st ARAMIS Item, Manpower Planning and Availability | 2nd ARAMIS Item, Competence and Suitability | 3rd ARAMIS Item, Commitment, Compliance and Conflict resolution | 4th ARAMIS Item, Communication and Coordination | 5th ARAMIS Item, Procedures, rules, and goals | 6th ARAMIS Item, Hard/software purchase, build, interface, install | 7th ARAMIS Item, Hard/software Inspection, Maintenance, and Replacement | 0th ARAMIS Item, Safety Culture | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating | Weight | Rating |
Gate | Barrier Diagram | Gate Type | Description |
---|---|---|---|
OrGate1 | Liquid Hydrogen Station - Truck delivery and unloading action | OR Gate | |
OrGate2 | Liquid Hydrogen Station - Liquid Storage | OR Gate | |
OrGate3 | Liquid Hydrogen Station - Liquid Storage | OR Gate |
Condition | Condition Type | Freq. or Prob. | Unit | Description | Severity |
---|---|---|---|---|---|
Tank filling operation | Initial Event | 0 | Expected Frequency of Occurrence per Year | ||
Overpressure storage tank | Intermediate Event | 0 | Expected Frequency of Occurrence per Year | ||
tank burst - instantaneous release of full tank contents | Consequence | 0 | Expected Frequency of Occurrence per Year | ||
Release of full tank contents | Consequence | 0 | Expected Frequency of Occurrence per Year | ||
Unnoticed explosive atmosphere | Consequence | 0 | Expected Frequency of Occurrence per Year | ||
Pressure rise in tank | Intermediate Event | 0 | Expected Frequency of Occurrence per Year | ||
Truck has defects on arrival | Initial Event | 1 | Expected Frequency of Occurrence per Year | ||
Release from unloading facility | Intermediate Event | 0.01 | Expected Frequency of Occurrence per Year | Release form either truck or unloading hose or connection facility at station | |
Defects in unloading hoses | Initial Event | 0 | Expected Frequency of Occurrence per Year | ||
Incorrect coupling to fixed facility | Initial Event | 0 | Expected Frequency of Occurrence per Year | ||
Continued release from unloading facility | Intermediate Event | 0 | Expected Frequency of Occurrence per Year | ||
Cryogenic burn/personnel | Consequence | 0 | Expected Frequency of Occurrence per Year | Cryogenic burn of operating personnel | |
Cryogenic burn/third parties | Consequence | 0 | Expected Frequency of Occurrence per Year | Cryogenic burn of third parties and personnel not involved in the unloading operation | |
Liquid hydrogen spill | Intermediate Event | 0.01 | Expected Frequency of Occurrence per Year | uncontrolled spill of liquid hydrogen from damaged truck or unloading facility | |
Liquid hydrogen in unloading hose | Initial Event | 1 | Expected Frequency of Occurrence per Year | There is always liquid hydrogen in the unloading hose after unloading and before disconnection | |
Vehicle movement into truck or unloading facility | Initial Event | 0 | Expected Frequency of Occurrence per Year | Two possibilities exists: third party vehicles moving into the direction of the truck at the unloadng facility, and the truck itself threatening the fixed installations | |
Liquid hydrogen release | Consequence | 0 | Expected Frequency of Occurrence per Year | In case of overfilling or pressure rise, the PRV will dump liquid hydrogen. In that case the safe relief location may need further protection against fire and explosion | |
Loss of vacuum insulation | Intermediate Event | 0 | Expected Frequency of Occurrence per Year | In case of failure of the outer tank (jacket) the vacuume insulation will disappaer and heat transfer to the inner tank will cause excessive boil off an pressure rise in the inner tank | |
Boil-off exceeds consumption | Initial Event | 0 | Expected Frequency of Occurrence per Year | Evaporation in tank due to lack off vehicle filling (less than 1 vehicle per 2 weeks), | |
Loss of containment/ unloading | Intermediate Event | 0 | Expected Frequency of Occurrence per Year | Vehicle impact may lead to loss of containment | |
Release from inner tank | Initial Event | 0 | Expected Frequency of Occurrence per Year | Leakage of inner tank will cause pressure built up in the vacuum shell between jacket and inner tank | |
Hydrogen release from jacket | Consequence | 0 | Expected Frequency of Occurrence per Year | The jacket (outer tank) is not designed to withstand internal pressure, leakage from the inner tank will pressurise the vacuum space | |
External damage of jacket | Initial Event | 0 | Expected Frequency of Occurrence per Year | External damage will destroy the vacuum inside the jacket |
Measure | Description | Applies to: Barriers | Applies to: Initial Conditions | Management Issue |
---|
Management Issue | Performance | Description |
---|---|---|
1st ARAMIS Item, Manpower Planning and Availability | 1 | Manpower Planning covers allocating the necessary time (or numbers) of competent people to the tasks that have to be carried out, at the moment (or within the time frame) when they should be carried out. It also covers the process of planning and allocation of tasks over time, including coverage for: Holidays, Sick leave, Peak loads, Ensuring breaks and rest pauses, and Limiting overtime and fatigue. Personnel Availability ensures that personnell is available for all relevant tasks in relation to the functioning and management of barriers (operations, maintenance, emergency), including: Operating personnel, Maintenance personnel, Inspection & testing incl. general plantwalk-rounds, Supervision, and Back-up & emergency crews,. |
2nd ARAMIS Item, Competence and Suitability | 1 | Competence covers the knowledge, skills, and abilities of first-line and/or back-up personnel for the safe execution of safety-critical tasks related to barrier functioning or management. Competence covers the cognitive aspects of behaviour, which can be learned through training, experience and practice. They include: Job content/safety, e.g.: Plant & process knowledge: - Operating procedures, critical tasks, action alternatives, skills - Boundary of safety operations - Hazards, safety consequences of actions, safety priorities - Safety responsibility/task boundaries Inspection & testing procedures: - Fault diagnosis & response - Emergency procedures - Maintenance diagnosis - Safe isolation and recommissioning - Equipment dismantling, repair, testing & reassembly Other skills: - Communications - Team work - Supervision/management - Issuing instructions Suitability covers physical attributes that are usually more permanent characteristics of an individual, though some can be modified or compensated for over the longer term. They include: Size, strength, dexterity, Physical condition, health, Visual acuity, colour blindness, and Hearing. |
3rd ARAMIS Item, Commitment, Compliance and Conflict resolution | 1 | Commitment and conflict resolution are concerned with: - Information, training and discussion on what is important and has priority - Rapid confrontation and correction of deviations from the desired working method, state or condition - High (publicity) profile and reward for achievements on safety - Appraisal schemes with explicit attention to safety performance - Recurrent active attention to safety in meetings, discussions and actions - Procedure violations - Keeping to the prescribed operating envelope - Safety and production/time pressures e.g. production pressures reducing scheduled maintenance/inspection, operations which come under time pressure for implementation, reluctance to declare emergencies or shutdown plant because of loss of production - Safety critical maintenance priority over production - Balancing production targets, resource availability/costs and inspection and maintenance requirements via e.g. time schedules and budget setting - Safety budget (increased/decreased) |
4th ARAMIS Item, Communication and Coordination | 1 | The communication and coordination concerns itself with: - Communication channels (phone, radio, minutes, reports, etc.) - Coordination methods (e.g. meetings, supervision) - Communication between: Different persons engaged on one task as team or working in sequence, and Shifts at changeover - Communication about: Work content Barrier/plant status Job instructions Priorities Who does what, where and when Need for action or (back-up) personnel and equipment - Communication systems for sharing operation/maintenance hazard concerns and experience |
5th ARAMIS Item, Procedures, rules, and goals | 1 | The procedures, rules and goals delivery system is occupied with identifying tasks that need (detailed) written rules and procedures, and subsequently providing and promulgating these. This system also delivers output goals for tasks that do not need a detailed procedure. Procedures and rules are specific performance criteria, which specify in detail, usually in written form, a formalised 'normative' behaviour or method for carrying out an activity (checklist, task list, action steps, plan, instruction manual, fault-finding heuristic, form to be completed, etc.). Output goals are performance measures for an activity, which specify what the result of the activity should be, but not how the results should be achieved. They are objectives, goals or outputs. The procedures, rules and goals delivery system concerns itself with: Coverage (i.e. all safety situations), Accuracy, Readability/usability, Size/complexity/overload or rule sets, Clarity/ambiguity, Up-to-date, Indicating priorities. |
6th ARAMIS Item, Hard/software purchase, build, interface, install | 1 | Management of barrier (and spares) purchase, construction, installation and adjustment deals with the management process for ensuring that the hardware/ software barriers and barrier elements in agreement with specifications are acquired, either by purchase from outside, or by construction on site, are put in place and adjusted and that the spare parts or replacements purchased and stored for the maintenance phase of their life cycle are the correct ones and are in good condition when used. The process should pay explicit attention to the human factors aspects of the interface between barrier elements and their users in the case of mixed barriers. |
7th ARAMIS Item, Hard/software Inspection, Maintenance, and Replacement | 1 | Management of inspection, maintenance and replacement deals with the management processes for ensuring that the specified hardware/software barriers and barrier elements are kept in an effective state. It covers all hardware and software which has a function within any barrier designed to fulfill a safety function in the plant. It forms the part of the life cycle of these barrier elements from the point where they have been installed and adjusted and are ready for use. It covers all the activities which monitor the working of the barriers, detect the (chance of) deviation from the designed working and identify the need for work to be done to restore the functioning or replace the barrier (elements) with new ones. This process also manages small modifications which are carried out at the same time as, and under the same management as the maintenance activities. Where the modifications are of a more major type, which are (or should be) dealt with by a change management process, these are covered by the protocol on learning and change. |
0th ARAMIS Item, Safety Culture | 0.75 | Safety culture can be assessed by questionnaire surveys of the personnel. Safety culture addresses the following issues: Learning and willingness to report: the employees' willingness / reluctance to report accidents and incidents, their perception of feedback from reporting and dissemination of lessons learned. Safety prioritisation, rules and compliance covering use of and familiarity with rules and instructions; the prioritisation of safety versus productivity and ease of work; the extent to which and the circumstances under which safety procedures may be violated Leadership involvement and commitment concerns both the avowed involvement and commitment of management and supervisors and team leaders as well as employee perception of their commitment and involvement Risk and human performance limitation perception concerns management and employee awareness of hazards, risks and human error potentials (fatigue, automation etc.) relevant to their work. Felt responsibility concerns the employee's perception of who is responsible for safety at work including felt ownership of responsibility Trust and fairness involves management's trust in employees and, crucially, employees' trust in top management and their immediate leaders and employee perception of fairness in the workplace Work team atmosphere and support comprises employees' perception of teamwork and the 'spirit' in their respective teams; the extent to which the team gives its members support and help; and the extent to which respondents are willing to speak up and warn each other of dangers. Motivation, influence and involvement comprises (i) work as meaningful; (ii) own influence on work planning and execution; (iii) motivation and involvement; and (iv) feeling informed and finding work predictable |
Diagram Name | Number of: Barriers | Number of: Gates | Number of: Event Tree Branches | Description |
---|---|---|---|---|
Liquid Hydrogen Station - Truck delivery and unloading action | 9 | 1 | 0 | Safety analysis of the truck delivery and unloading activities This analysis does not include the liquid hydrogen storage tank |
Liquid Hydrogen Station - Liquid Storage | 4 | 2 | 0 | Design Intent: Store 2000 gallons (7.6 m3) of liquid hydrogen at 10 psig (0.7 barg) and -420 F (22 K) |
Event Tree Branch Name | Diagram Name | Number of: Event Tree Branches | Event Tree Branches & Probability | Description |
---|