loading area professionals
ComplianceESGMay 03, 2017

5 key questions for targeting vulnerability in process safety management


When it comes to the best practices for process safety, Ian warns of the danger of ‘not seeing the wood for the trees’.

Accurately and comprehensively providing an overview of all risks associated with a process will paint, by necessity, a complicated picture. An effective process safety system aims to clarify the complications by focusing on the elements that really matter. These 5 questions are designed to help with that.

1. How could the process go wrong?

The U.K Health and Safety Laboratory (HSL) conducted a study into over 1000 loss of containment incidents, citing some of the most common causes of failure — some catastrophic — in the workplace. The results included human error, excessive current, mechanical failure or simply having a volume, pressure, temperature or speed that was too high.

Ian notes that none of these risks should be novel or in any way surprising, as they’re exactly the sorts of challenges with which process safety management should be used to contending. The nuance comes with the context of the location and of the process, both of which are addressed in the next question…

2. When or where is it most likely to go wrong?

As a result of the breadth of knowledge regarding hazards and how they can arise, there are numerous standard risk models to suit the variety of challenges offered in process safety. However, there is no ‘one size fits all’ approach to control systems — therefore, risk profiles must be created for every scenario which is under investigation.

Ian shows us a number of these risk profiles during the course of the webinar, for different systems of different complexities. Common to each profile is the accurate diagrammatic representation of the system, showing an in-depth snapshot of the process. The picture shown below is the risk profile for a process of fuel storage and distribution.

This image is a canvas, onto which ideas of potential hazards and the controls required to subvert them can be mapped. A broad contextual knowledge of the process is also required in order to understand the nature of any major hazards present, taking into account safety and environmental concerns — in the case of fuel storage, these are spillages and ignition.

3. What controls are there to prevent a major accident?

Control systems are our defense against any potential hazards coming to fruition; they must be used appropriately for the correct purposes, in the correct locations, and to the correct extent.

Control systems will also deteriorate, meaning that frequent, rigorous checks are required to ascertain key performance indicators (KPIs) for each. These too can be mapped onto the risk profile, allowing the profile to display not only the clusters in which most hazards lie, but also providing an insight into whether the control measures are commensurate with their associated hazards (Ian adds that, as a rule of thumb, there should always be a greater number of control systems than hazards).

The number of control measures, and how they rely on one another, is best illustrated in a bowtie diagram. As you can see below, this diagram allows us to directly gauge the number of control measures and how these relate to any hazards present.

Each ‘line’ of controls shows a functional sequence of reliance — by which we mean if the far-left control doesn’t function, the next one along needs to work to prevent a hazard and so on. To further this point and exemplify the importance of extensive control systems, Ian talks about a time where 22 control systems failed, but loss of containment was prevented by the 23rd and final control still functioning. The phrase ‘better safe than sorry’ seems apt.

4. Which of these controls are the most vulnerable to failure?

A huge stumbling point in process safety is attempting to tackle a vast, complicated picture and becoming quickly overwhelmed. The best way of narrowing this information down and getting to the areas in most urgent need of overview is by performing a vulnerability analysis on the risk profile. This analysis involves asking the following questions of a control system:

  • Is the system safety critical? This means that the system’s failure would lead to a serious incident.
  • Is the control near, or does it occupy, the ‘last in line’ position of the bow-tie diagram? As mentioned before, if a control is at the end of the branch then it is the last barrier between normal function and loss of containment.
  • Before failure, does the system have some kind of early warning? This could be a range of things, but often involves an abnormal sound or movement such as rattling.
  • Is there an opportunity to recover the loss of containment resulting from the control’s breakdown?
  • Does the control’s correct function rely partly or wholly on human intervention?

Once the areas of highest vulnerability have been identified, new bow-tie diagrams should be formulated that show only these areas. While all controls should have their KPI measured, it is imperative that those measurements are carried out for these systems specifically. The act of obtaining such measurements brings us to our fifth and final question…

5. What information is there to show that systems still operate to the desired performance standard?

Pinpointing those systems which are performing the worst is a fine idea, but how exactly does one ascertain that information? The two best guidelines offered by Ian for these purposes are HSG254: Developing Process Safety Performance Indicators and OECD’s Guidance on Safety Performance Indicators.

From these guidelines, Ian advises that KPIs should be applied to each control measure. These are then able to be compared across the risk profile, highlighting areas where new controls should be added, or existing controls should be repaired or adjusted.

The influence of technology, as in all sectors, has reached process safety in a big way. Maintenance of control systems can now be devolved somewhat, with employees able to document the workings of any software or machinery using an app; some apps even allow the taking of photos as a method to document the state of control system repair.

This information can be displayed in an ‘online dashboard’, showing the various working efficiencies of many systems in different areas. This makes the endeavor to declutter information and hone in on the most vulnerable aspects even easier.


Process safety is an area which can easily swamp you with details and complications if you’re not adequately prepared. The remedy to this, according to Ian, is to put key vulnerabilities first, ensuring that they’re not lost in the maelstrom of near-countless hazards and control systems.

Ian does, however, add that other, less vulnerable controls should not be ignored. Ideal practice should include KPIs for all control systems which, when monitored through inspections or online dashboards, provide continued updates with regards to performance and upkeep.

© Ian Travers. 2007 –The copyright of the content of this guest blog belongs to Ian Travers who has authorized CGE Risk Management Solutions B.V. to provide this content on its website.

Back To Top