On barrier analysis - NTNU

1
Barriers and barrier
classification
Mary Ann Lundteigen
(mary.a.lundteigen@ntnu.no)
Updated Sept 2011
RAMS

2
The role of barriers: Haddon
Hazard
(energy
source) or
threat
Barrier
“Energy model”
Victim
Haddons 10 strategies to risk reduction
Avoid the release of hazards:
1. Prevent the (creation of) hazard or threat
2. Reduce the amount of hazard or threat
3. Prevent the release of hazard or threat
4. Modify the rate of release from its source
Reduce the severity of damage:
5. Separate in time or space the released hazard or
threat
6. Separate with physical means of physical
protection
7. Modify the relevant properties of the hazard or
threat
8. Make the victim more resistant to the damage
Stabilize and restore:
9. Reduce the further development of damage (in
time and amount)
10. Stabilize, repair, and rehabilitate from damage

3
Terms
Hazard:
Potential source of
harm (ISO 14121)
Threat:
An expression of
intention to inflict evil,
injury or damage
(Garrick et al, 2004)
Hazardous event:
Event confined to the first
significant release of a
hazard that will result in
harmful exposure if not
controlled (Johansen, I.L.,
2010)
See http://www.ntnu.no/ross/reports/johansen‐risk‐foundation.pdf

4
Terms
Risk (II):
The effect of
uncertainty on
objectives (ISO 31000)
Risk (I):
By answering the following
questions (Kaplan & Garrick,
1981):
1. What can go wrong?
2. How likely is it?
3. If it does happen, what are
the consequences?
Effect: A deviation (positive or negative)
Objectives: Financial, health, safety,
environment
aspects of products, systems, organizations,…
Uncertainty: Lack of knowledge
Illustrations from http://www.ntnu.no/ross/reports/johansen‐risk‐foundation.pdf

5
Terms
(Safety) barrier:
Safety barriers are physical
and/or non‐physical means
planned to prevent, control, or
mitigate undesired events or
accidents (Sklet, 2006)
Illustrations from http://www.ntnu.no/ross/reports/johansen‐risk‐foundation.pdf

6
The role of barriers: Swizz cheese
Barriers may have weaknesses, by Reason referred to as active failures and latent
conditions
Hazard
(energy
source) or
threat
Barriers
Victim
Source: J. Reason (1997)

7
The role of barriers
Frequency
reducing barriers
Consequence
reducing barriers
Hazardous
event
Triggering
event
“Bowtie model”
End consequences
/accidents

8
Vulnerability analyses
Emergency preparedness
analyses
Risk analyses
Frequency
reducing barriers
Consequence
reducing barriers
Hazardous
event
Triggering
event
“Bowtie model”
End consequences
/accidents
Haddon 1-4 Haddon 5-8
Haddon 9-10

9
Reliability analyses
Hazardous
event
“Bowtie model”
End consequences
/accidents

10
Fault tree analysis
Event tree analysis
Reliability analyses
Hazardous
event
“Bowtie model”
End consequences
/accidents

11
Classification of barriers
Safety barrier: Physical and/or non‐physical means planned to
prevent, control, or mitigate undesired events or accidents
(Sklet, 2006)
What
How
Barrier function: A function planned to prevent, control, or mitigate
undesired events or accidents. (Sklet, 2006)
Barrier system: A system that has been designed and implemented
to perform one or more barrier functions (Sklet, 2006)

12
Classification of barriers
Barrier function
What to do
Barrier system
How to do it
Always available
Passive
Active
Available on
demand
Physical Human/operational Technical Human/operational
Other technology
systems*
Safety instrumented
systems
Other technology
systems
Based on Sklet (2006)

13
Performance of barriers
Criteria Definition Example (SIS)
Functionality /
effectiveness
Reliability/ availability
Ability to perform a specified function under
given technical, environmental, and operational
conditions
The ability to perform a function with an actual
functionality and response time when needed,
or on demand
The SIS shall detect certain
unwanted events and take
specified actions (Effectiveness in
%)
Safety integrity level (SIL) or
Probability of failure on demand
(PFD)
Response time
Robustness
Triggering event or
condition
The time from a deviation occurs that should
have activated a safety barrier, to the fulfillment
of the specified barrier function
The ability to resist given accident loads and
function as specified during accident sequence
The event or condition that triggers the
activation of the barrier
Valve closure time
Hardware fault tolerance
Trip signal from sensors
Based on Sklet (2006)

14
Example:
Taken from:
http://www.pennenergy.com/index/petroleum/display/297003/article
s/offshore/volume-67/issue-6/subsea/hipps-protects-subseaproduction-in-hp-ht-conditions.html

15
The closing time
for the HIPPS valve
as a function of operating
pressure
(We assume that it has
been verified that 12 seconds
closing time at 280 bar is
adequate)
RAMS

16
Question for group discussions:
• Identify performance criteria
for the HIPPS system
RAMS