The Process Safety Professional. Safety Cases (Part 9)

We are writing a book The Process Safety Professional. The current Table of Contents is available here. We are gradually releasing the contents of the book to paid subscribers. This is the ninth release. It is to do with Safety Cases. (Additional information is provided in the book Offshore Safety Management.)

---

Safety Cases

Safety Cases are prepared for all those who have an interest in the safety of the offshore facility. They can include the facility’s owners, managers, the public, employees and regulators. A safety case is not fundamentally a regulatory tool — although it can be used as such by regulators. In most situations the main customer of a safety case is the operator of an offshore facility (often referred to as the Duty Holder) — all others are secondary. The reason for focusing on the operator is that it is he or she who is responsible for managing the risks associated with the facility.

Once a Safety Case has been prepared and accepted by senior management of the operating company and other affected parties then a Safety Case Regime that is created whereby the goals of the Safety Case are met.

With regard to offshore operations the development of safety cases in the UK sector of the North Sea received a major impetus following the Piper Alpha catastrophe. Although safety cases had been used before that event it was the Cullen report to do with Piper Alpha that put safety cases in the spotlight.

The principal reason for developing and implementing a safety case is, of course, to ensure that the people on a facility are safe. However, additional justifications include protection of the environment and minimizing the chance of a major economic loss (either of the facility or of the production from it).

The nature of a safety case is further explained in the following quotation (Maquire 2006),

The safety case is the whole safety justification — just as is a case for the law, it comprises every appropriate piece of evidence to make a convincing argument to support some conclusion about guilt or innocence. In this case the argument concerns the safety performance of some entity or system. As a collection of evidence it needs a guide to describe how the evidence was obtained, why it was obtained and what deductions can be made from it. In a court of law, this is done by the solicitor or attorney but in a safety case this is done by the safety engineer through the safety case report. This report summarises all the key component parts of the safety case, it makes the safety argument explicit and describes the supporting evidence. All supporting documents, analysis and results should be referenced from the safety case report. This evidence does need to be available for scrutiny, but it does not need to bulk out the safety case report.

The Cullen report stated,

Primarily the safety case is a matter of ensuring that every company produces a formal safety assessment to assure itself that its operations are safe.

Two aspects of the above quotation are of note.

First, the company has “to assure itself” that the facility is safe. At root, a safety case is developed for the facility personnel and company management — not for outside parties. For example, operators of large and expensive deepwater facilities in the Gulf of Mexico (GoM) frequently develop analyses and reports which are very similar to safety cases. They do this — in spite of the lack of regulatory requirements — simply to assure themselves that they have identified the factors that could lead to the loss of their very expensive facilities.

The second key feature of the above quotation is that the facility management has to develop a Formal Safety Assessment. This means that a framework for understanding risk, and what levels of risk are acceptable, has to be developed. Just following the appropriate regulations and standards is not sufficient. This requirement means that safety cases are basically non-prescriptive and performance based. Instead of following detailed rules, the owner (duty holder) of the facility set his or her own standards. The duty-holder’s performance is then assessed against that standard. (Formal safety assessments are described in the next chapter.)

One of the justifications for the use of safety cases is that, should be the worst happen, and the facility does have a serious accident then it is likely that litigation will follow. A well-constructed and maintained safety case provides the basis of a sound defense. Even though an accident has occurred, the safety case can demonstrate that management had given serious consideration to understanding the risk that their system posed, and that an appropriate Safety Management System was in place.

As already pointed out companies are using the Safety Case methodology more and more to go beyond just safety. They find that the management and technical systems that have traditionally been focused on safety and environmental performance can be equally effective in reducing economic losses, particularly those associated with catastrophic events. Safety cases of this type are sometimes referred to as Health, Safety and Environmental (HSE) Cases. Hence operators of very large platforms in deepwater Gulf of Mexico will sometimes prepare HSE cases because the costs associated with the loss of such platforms is so great, even though there is no legal requirement to do so. Not only does the development and application of the safety case way of thinking reduce the chance of a major event, it can also be used to show investors, customers, insurers and senior management that the risk associated with an expensive facility, such as a deepwater offshore platform, is at an acceptable level.

The Cullen Report makes it clear that a Safety Case is an organic program — one that develops and changes with time.

. . . it must be stressed that a safety case is not a one-time event. A series of safety cases for each facility will be developed: one each for design, operations and decommissioning as a minimum, in the case of production platforms. Moreover, none of these safety cases are static documents; they need to be updated whenever there is a significant change to the design or operation of an offshore facility, say from a major expansion or the introduction of a new, hazardous chemical.

An effective safety case does not focus on just one design or a single method of operation. Instead, it examines the merits of different options and a justification that the chosen option is indeed the one that reduces risk to an acceptable level. For facilities that are already operating the safety case should go beyond the original design information — it should incorporate actual operating experience.

There is no standard approach to the structure or content of safety cases — they will vary according to the circumstances and goals of each facility and the regulatory environment. Many examples of how to construct a safety case are provided at the web sites of regulatory authorities from the United Kingdom, Denmark, Australia and Norway.

Safety Case Definition