#1Perspectives on: Safety in Design Presentation at EA, Adelaide, 20/4/16 Mike Hurd Engineering. Systems. Management. Pty Ltd, Adelaide. E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems 1#2N Safety in Design – where has it come from? - Safety in Design is a contemporary term that has become common in the context of the harmonised WHS-legislated duties of designers, and draws attention to procedures and steps that would ideally be built-into engineering and project-delivery processes but sometimes are not. In the absence of such processes, having a specific SiD process is a good way to draw attention to the requirements until it becomes embedded as an organisation's 'business as usual'. E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#3Perspectives • • What is SiD? • • Safe Design (SD) Safety by Design (SBD) Safety through Design (STD) Engineered Safety What isn't SiD? • Intrinsic safety (that's different) Risk Assessment Where has risk assessment gone wrong? • What does success look like? Copyright Engineering. Systems. Management. Pty Ltd#4Perspective: risk assessment gone too far The application of risk ranking per AS 31,000 LIMIT OF USEFULNESS FOR ENGINEERING DECISION- MAKING GO BACK YOU ARE GOING THE WRONG WAY NFSA stralia Time The issue is BEHAVIOURS, not the principle. Copyright Engineering. Systems. Management. Pty Ltd#5My Perspectives: Safety in Design – 1 of 2 . - My view was that SiD represented a failure in the design process to address the user requirements, construction and maintenance safety requirements I didn't 'get' what SiD was doing My engineering 'upbringing' in defence was that safety was addressed through requirements capture and systems engineering. The shocks outside defence: • • What URS? What spec? What interfaces? What integration? What systems engineering? What traceability? What configuration management? The 'traditional approach': Going straight from brief to design! First experiences of SiD • • No targets set, as I would expect for functionally-safe designs Variable attention to maintainability & through-life support in the design Good formats, and good outcomes, but incomplete owing to lack of time! Revelation: SiD is a systematic, structured process for analysing the human- to-asset interfaces (and asset to environment). It is different from a HAZOP because HAZOP is intended to analyse deviations from design intent. Copyright Engineering. Systems. Management. Pty Ltd#6My Perspectives: Safety in Design – 2 of 2 ● • • - The surprising revelations of the harmonised WHS laws . • Previous OH(W)&S laws covered duties of designers, but less explicitly The usage of SiD as a 'thing to do' and code of practice Not a concern, if you have an engineering management system / process Recognising the value of labelling "SiD" as a 'thing to do', because it does not appear to be done well otherwise Splitting-out SiD in my generic Engineering Process Map Developing the ideas, testing and refining Cultural barriers to eliminating hazards / reducing risks SFAIRP: ● Too much to do; too costly What value does this add? We don't need it Current status: • SiD has a place, because the profile needs to be raised to address the statistically significant safety problems I still believe it reflects 'not doing things properly in the first place' . It would be nice to SiD 'melt-away into' doing things properly. • There is still confusing between SiD, PHA, HAZOP, FMEA, risk assessment, etc Copyright Engineering. Systems. Management. Pty Ltd#7What is SiD? 7 Throughout design, keep asking yourself and each other: Can we make it safer? And if not, why not? (under WHS legislation you needs to be able to demonstrate reasoning and justification) E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#88 This is what it is all about Design-related issues contributed to 37% fatalities studied (total 210 researched incidents) and 30% of serious non-fatal injuries. Half of all accidents in construction could have been prevented by designer intervention Equipment designers of tools, plant and equipment could have reduced the risk in 60 of 100 accidents. Statistics quoted from Australian and UK safety authorities E ENGINEERING SYSTEMS Engineering Management Systems Engineering ✓ MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#96 Are things getting safer? 2002 NOHSCC Findings: 37% 2012 findings 36% 2015 SafeWork SA (anecdotal / not researched) 30% ... incidents, injuries or fatalities could have been averted at the design stage. E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#10Australian Workplace Injuries Serious Claims: Percentage by Mechanism of Injury/Disease, 2009-10 Surely, these can be eliminated by design? Body stressing 40.8% Falls, trips and slips of a person 20.9% Being hit by moving objects 13.6% Hitting objects with a part of the body 6.8% Mental stress 5.3% Sound and pressure 4.2% Other and unspecified mechanisms of injury 2.0% Vehicle incident 1.4% Heat, radiation and electricity 1.0% Chemicals and other substances 4.0% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% E ENGINEERING Engineering Management SYSTEMS Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 10#11The design stage... CONCEPT ASSESS- DESIGN MANU- CON- COMM- IN- DECOM./ MENT FACTURE STRUCT ISSION SERVICE DISPOSE Brief/ Options URS / Concept Scope Specif'n Detail design IFC As-built Changes Mod's, Mod's Mark-ups upgrades DCC refurb design A&A Engineer Engineer Designer Designer Engineer/ Engineer Engineer Engineer Designer E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 11#12What is SiD? Safe Design = Good Design It's a simple equation What is good design? Good Design = Good Engineering E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 12#13What constitutes good engineering? Before doing any design work: Competent people Design Change Control procedure, through-life Verification and Validation process Engineering Authority Structure Engineering process Per piece of engineering or design work (per project): Information transfer plan E ENGINEERING SYSTEMS Human-to Asset interface matrix Requirement Specification (or URS) TALK to users Spec. for detail design Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 13#14What is Engineered Safety? Practice/tool/ technique Used for.... Safety in Design / PHA (Also 'CHAIR') Systems / Process Safety HAZOP studies per AS IEC 61882 SWIFT FMEA per AS IEC 60812 (FMECA, FMEDA, process FMEA) QRA/ PRA & Bow-tie analysis; Event tree & Fault tree analyses LOPA (Layers of Protection Analysis) Functional Safety per AS IEC 61508/61511 Major Hazard Facilities What will be the 'human-to-asset', environment-to-asset, and asset- to-asset interfaces, and can we make them safer? Understand top-level concepts of operations & functional reqt's, identify the hazards and then the safety functions to control them Analysis of what happens when design are operated outside its design intent Systematic what-if technique. Good for operator interactions with / into a system (less formal / faster than HAZOP) What if a component fails whilst operating within design intent? Analysis of predicted, random failure rates of new designs / mod's Typically: incident causation and consequence analysis. Something has gone wrong...what next? (Actual or postulated) What diverse means of achieving safe states dare there, in case one fails? Justification of electrical, electronic, programmable system performance. "The safety of functions." Legislation supported by guides from Safe Work Australia (Good model of systems safety). Requires a SAFETY CASE 14 Copyright Engineering. Systems. Management. Pty Ltd#15Context: SiD 'Umbrella' over design tools Plant Lifetime Hazard Management Safety in Design All contribute to achieving Plant HAZOPS System-Level HAZOP/ CHAZOP Functional Safety Engineering FMEA / FMECA Management Fault / Event Tree Analysis Construction hazard assessment Root-cause analysis E ENGINEERING Engineering Management SYSTEMS M MANAGEMENT Management Systems Systems Engineering Copyright Engineering. Systems. Management. Pty Ltd 15#1616 Engineered Safety: tools, practices and techniques, and their applicability throughout the engineering lifecycle, indicating effectiveness Safety in Design Sys./ Proc. CONCEPT ASSESS- DESIGN MANU- CON- MENT Design tool FACTURE COMM- STRUCT ISSION IN- SERVICE DISPOSE DECOM./ Safety HAZOP Design tool SWIFT Design tool FMEA FMEA as a design tool Other FMEA types QRA / PRA design tool FTA LOPA Functional Safety Bow-Tie E ENGINEERING SYSTEMS MI MANAGEMENT design tool design tool Func Safety as a design tool design tool Engineering Management Systems Engineering Management Systems NB: Systems Engineering Lifecycle safety management Analyse failures - causes and effects Copyright Engineering. Systems. Management. Pty Ltd#17Ten Steps of SiD 1. LESSONS LEARNT 2. DETERMINE SAFETY IN DESIGN REQUIREMENTS: 3. EARLY ENGAGEMENT OF O&M / HAZARD REGISTER: 4. CONDUCT OTHER SAFETY STUDIES 5. ALIGN UNDERSTANDING 6. EARLY ENGAGEMENT OF STAKEHOLDERS (CONSTRUCTION & COMMISSIONING) 7. LIVE HAZARD TRACKING 8. INFORMATION TRANSFER & Safety Report (SiD Report) (WHS Reg 295) 9. VERIFY AND VALIDATE SAFETY IN DESIGN ACTIONS 10.SAFETY IN DESIGN LESSONS LEARNT Copyright Engineering. Systems. Management. Pty Ltd#18Safety in Design – Ten Steps (A minimum set of activities?) 1 2 WHAT? Find lessons learned Put them in the requirements spec. Start a hazard register SiD Impact Assessment Determine SiD requirements 3 SiD Management Plan 4 Who does what, when? SID Review of O&M Early engagement of O&M/HAZARD REGISTER DELIVERABLE Lessons learned list / hazard register. Keep it live throughout the project. Signed assessment form Signed plan, with project plan / design plan (or within one of them) Updated hazard register, With hazards, and means to address them, per hierarchy of controls. Confidence in the design WHEN? At the start of design / after the brief / as part of writing the R Spec When there is a concept to conduct a meaningful assessment When you know the preferred engineering / design option When you have a draft scope Meeting minutes, signed Per the plan: when they are appropriate in the design lifecycle At D&C contract kick-off meeting(s) 5 Other safety studies Study reports HAZOP, FMEA, bow-tie, etc 6 Align understanding: SiD programme and roles and responsibilities 1 hour meeting 7 8 00 6 SID Review of Construction and Commissioning Early engagement of C&C staff/update HAZARD REGISTER Keep track of identified hazards Safety Report (SiD Report) WHS Regulation 295 for Structures - and plant too, according to the guidance for plant 10 Capture lessons learned Updated hazard register, with hazards, and means to address them, per hierarchy of controls. Confidence in the design Updated hazard register SID (Safety) Report Lessons learned in single register in the organisation As soon as there is sufficient information to review. Around 15-40% detail design (scheme design, general arrangements) Throughout the design lifecycle, and into O&M At the end of Detail Design, with the design report. Format not specified, eg: can put on a drawing. Throughout Copyright Engineering. Systems. Management. Pty Ltd 18#19SAFETY PROCESS ABRIDGED ENGINEERING MANAGEMENT PROCESS AND ASSET LIFECYCLE Process integration Client Brief User Requrement Specification Concept Design ( incl. drawings) Preliminary design to refine and prove concept design and confirm scope (ind, drawings) OVERVIEW: INTEGRATED SUBSTATION ENGINEERING AND SAFETY PROGRAMME (COMPLIES WITH HARMONISED WHS LEGISLATION) Generate V&V Matrix Evaluate Concept Options Draft Engineering Project Scope / detailed requirements Scope & Drawings issued, including safety requirements Engineering Design Specification Safety Review of Options Safety Plan Safety Assessment D&M Safety in Design Review (workshop) (focus on through-life ownership) HAZOP Study (for high-risk, non- routine or new 0&M activities) Select safety and design activities relevant to project scale and scope of work Use the Safety Plan to describe how safety. activities will be integrated throughout the project lifecycle CONCEPT DESIGN PHASE Safety in Design Actions List PRELIMINARY DESIGN PHASE SPEC. PHASE Responsibility Key: Client Activities Detail Designer Plant Risk Assessment Data Kick-off and Design Risk Assessment with detail designers System-level design (aka 15% design) Tick-off activities on V&V matinx continues Tick-off verification and validation activities on V&V matrix as they occur Accept Design Verification. RZE Check-List until V&V completed Critical design (aka "40% design) Final detail design (aka 80% design). Design Verification FC design (certified by H the designer) Construction Safety Report Safety in Design Workshop (WHS Reg 295) System Design Critical Design Review Review Final Design Review Implement Safety Actions To include ongoing updates to the Safety Actions List Status of SafetyActions List to be checked at each design review Monitor implementation of Safety Actions Independent third party Constructor O&M DETAIL DESIGN PHASE Design verification and validation (ongoing to hand-over) Construction, commissioning and testing Review and accept Safety Report Monitor Final Safety Actions list implementation during construction and commissioning Final Safety Actions List Safety Process Audit CONSTRUCTION Note: 19 As-buit drawings Hand-Over for O&M Operation and Maintenance END OF ASSET LIFE Q&M Procedures (new/updated) In-Service Design Change (see Note below) Review Saefty Lessons Learned and Effectiveness Review Effectiveness of safety actions after one year DE COMMISSION AND DISPOSAL Innovations captured to feed- back into project processes, templates, design manuals, etc) Review design changes against Safety Report (including final Safety Actions List) POST-CONSTRUCTION O&M D&D In-service design changes could be a CAPEX Project (repeat whole process) or an OPEX Project, in which case the Operation & Maintenance personnel will manage the design changes. These design changes should be checked against the applicable Safety Report and have their own Safety Assessment, Plan & Actions. E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#20The Requirement Specification Requirement Categories Lifetime Availability Reliability Maintainability Spares Refurbishment End of Life Replacement Decommissioning Disposal Function Performance Environmental compliance Safety Engineering OH&S Delivery Cost/financial Project Management Policy Interface External to system - Interface Internal to System - Environment (impact on) Through-Life Support Physical characteristics Resources (people, money, time, tools, materials) Design Process Security or privacy QA. QC & certification Copyright Engineering. Systems. Management. Pty Ltd#21Foresight in the Asset Lifecycle Engineers need to demonstrate CONSIDERATION and FORESIGHT throughout: CONCEPT ASSESSMENT DESIGN MANUFACTURE TRANSPORT CONSTRUCT COMMISSION USE / OPERATE MAINTAIN REPAIR REFURBISH MODIFY DECOMMISSION DEMOLISH E ENGINEERING Engineering Management Systems Engineering SYSTEMS M MANAGEMENT Management Systems DISMANTLE DISPOSE Bold items = client activities? Copyright Engineering. Systems. Management. Pty Ltd 21#22Human-to-Asset Interfaces You can do this for environment-to-asset interfaces too ASSET LIFECYCLE CONSTRUCT COMMISSION HAND-OVER OPERATE MAINTAIN D&D HUMANS Trades / Skilled Visitors ('bloody engineers') Surveyors Maintenance staff Cleaners Inspectors/ auditors E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 22#23Two key process steps The assessment form tailors the SiD program to the scope, scale and complexity of the project. ● It's a very important step! Makes the process practical Also achieves buy-in from the start SiD Review is the process 'cornerstone', to identify: What tasks will be carried out throughout O&M? What hazards will be presented to end users when carrying out these tasks? Are there things we can do during design to make the tasks safer? E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 23#2424 SiD Reviews ('workshops') Analyse tasks carried out during: Operation & Maintenance Outages Planned Upgrades Decommissioning Disposal Construction: separate workshop E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd#25Foresight: Asset Lifecycle Engineers need to demonstrate CONSIDERATION and FORESIGHT throughout: CONCEPT ASSESSMENT DESIGN MANUFACTURE TRANSPORT CONSTRUCT COMMISSION USE / OPERATE MAINTAIN REPAIR REFURBISH MODIFY DECOMMISSION DEMOLISH E ENGINEERING Engineering Management Systems Engineering SYSTEMS M MANAGEMENT Management Systems DISMANTLE Bold items = DISPOSE client activities Copyright Engineering. Systems. Management. Pty Ltd 25#26Reasonable Practicability Safety Benefit Just do it • • • Analyse TL CBA ALARP analysis SFAIRP test Risk Assess Hmmm... confirm gross disproportionality Cost E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd 26#27Contributors to a safe state: Leadership: Top-down, messages and belief Governance structure in-place Safety Culture: Recognition of differences between OHS, Engineered Safety (System safety, process safety) Recognition of the different tools, practices and techniques that give-rise to safe assets Chief Engineer, with authority to say "NO" and 'STOP' Clear Engineering Authority Proper gate reviews Stick to the Processes: agree how to apply (tailor) them up-front, then nil acceptance of cutting corners Training: Engineered Safety Engineering Processes Safety tools and practices Governance WHS legislation: PCBU, Officer, Worker, duties of all, etc Roles and responsibilities Engineering Process: Requirements Spec User's consulted Stakeholder Consultation Standards baseline Spec for detail design Competence throughout Copyright Engineering. Systems. Management. Pty Ltd#28Review: What is SiD? What isn't SiD? Where has risk assessment gone wrong? Clear, mandatory steps throughout the engineering and design lifecycles, to plan for and address safety requirements (focus on HAZARDS). The PROPER application of the tools, practices and techniques that give-rise to safer outcomes Risk ranking, single workshops, the application of AS 31,000 Over-use of risk ranking in relation to assessing safety hazards. Leads to false sense of security and achievement Copyright Engineering. Systems. Management. Pty Ltd#29Review: What does success look like? The tangible ULTIMATELY: FEWER SAFETY INCIDENTS, INJURIES AND FATALITIES Having an engineering management process, including: Single repository of lessons learned in the organisation, managed by an individual Design Change Control process Verification and Validation process Requirement specifications, that include safety and human factors Engineering Authority Structure Two roles: senior engineering manager and chief engineer A documented engineering process Templates, with mandatory fields An absence of 'tick-box engineering' Focus on HAZARDS, not RISKS ONE HAZARD REGISTER for your project (or, at least, all registers on ONE PLACE) SiD Information Package: single point of information for the organisation's SiD process, plus GUIDANCE - Clear SiD requirements in CONTRACTS – or risk getting poor outputs Copyright Engineering. Systems. Management. Pty Ltd#30Review: The less-tangible Leadership: participatory, supportive and visible Training SiD principles: clear, well-communicated. Overt, not hidden. Culture: the willingness to say 'no', and supportive / professional when this occurs Understanding the difference between hazards and risks Understanding the difference between a constructability review and construction SiD review Understanding the concept of 'Design Intent' SiD Focus Group: consultative review group, accountable to leadership team Clear Accountability: stakeholders know what is required of them Audits Copyright Engineering. Systems. Management. Pty Ltd#31Summary of perspectives 1. 2. 3. SiD is part of the engineering and design lifecycles 'Built-in, not bolt-on' (like quality) It is not difficult 4. It starts at the beginning 5. Requires systematic approach 6. 7. Talk about hazards, and the hierarchy of controls Is not risk assessment, but contributes to overall risk reduction 31 E ENGINEERING SYSTEMS Engineering Management Systems Engineering M MANAGEMENT Management Systems Copyright Engineering. Systems. Management. Pty Ltd