Professional Documents
Culture Documents
Revision 4
August 2014
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Revision History
Rev.
0
Description of Revision
This
Loss
Prevention
and
Risk
Assessment
Standard
Authorized
by
PEP
Dec. 2004
PEP
Jul. 2009
CEO
Feb. 2011
CEO
Oct. 2011
Date
Revision 4
Page C
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Revision History
Rev.
4
Description of Revision
Authorized
by
Date
CEO
Aug. 2014
Revision 4
Page D
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Table of Contents
1.0
PURPOSE ...........................................................................................................................1
2.0
SCOPE ................................................................................................................................1
3.0
REFERENCES ....................................................................................................................2
3.1
3.2
4.0
DEFINITIONS ......................................................................................................................3
4.1
LANGUAGE .........................................................................................................................4
4.2
4.3
5.0
5.1
5.2
5.3
6.0
6.1
6.2
6.3
6.4
6.5
6.6
DEMONSTRATION OF ALARP.......................................................................................... 12
6.7
6.8
6.9
7.1
7.2
RISK CLASSIFICATION..................................................................................................... 18
8.0
9.0
APPENDIX ........................................................................................................................ 20
9.1
Revision 4
Page E
SSHE-106-STD-400
SSHE Risk Management Standard
1.0
August 2014
PURPOSE
SSHE Risk Management shall be applied to all activities over which PTTEP has operational control,
and shall cover the entire lifecycle of the asset or operation from inception through to
decommissioning and abandonment.
The primary objective of SSHE Risk Management is to ensure that all Major Accident Hazards, to
which people, environment and asset are exposed, are systematically identified, risks are
evaluated and measures for reducing them to levels that are As Low As is Reasonably Practicable
(ALARP) are put in place, documented and maintained.
The purposes of this standard are:
To define methods and tools applied for determining the level of SSHE risk in any part of the
PTTEP business and quantifying that risk;
To provide an overview for the SSHE risk management process, with emphasis on:
o
Qualitative process where the Risk Matrix (Appendix 1) is used to determine risk;
To define the SSHE Risk Assessment Matrix (RAM) and its application to:
o
Enhance the appreciation of inherent risk at all levels and in all areas across the
organization, both actual and potential;
Enable management personnel to make risk-averse decisions with consistency in day-today management;
2.0
Determine the appropriate focus and level of investigation required for any incident
SCOPE
Asset Lifecycle Phases
Identify / Assess
Select
Define
Execute
Operate
Abandon
The standard applies to all PTTEP assets, throughout the lifecycle of every development project,
which includes acquisition, seismic survey, exploration, drilling, engineering design, construction,
installation, operation, modification and abandonment.
Revision 4
Page 1 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Work undertaken by a contractor and under the contractors management system (MS) shall have
the requirement for an equivalent SSHE Risk Management approach expressly stated in the
contract and defined in appropriate bridging documents.
The SSHE risk management shall be applied to:
Security aspects;
Note:
Environment Impact Assessment (EIA), Security Risk Assessment and Health Risk Assessment
(HRA) are dealt with in other specific SSHE Document. However although the detailed methods
and categorization may differ the concept is the same as outlined in this standard.
Legal requirement in countries where PTTEP operates for risk assessment take precedence
over this standard.
3.0
REFERENCES
3.1
Document Title
SSHE-106-Manual-000
SSHE-106-STD-100
SSHE-106-STD-420
SSHE-100-STD-440
SSHE-106-GDL-401
SSHE-106-GDL-402
SSHE-106-GDL-403
SSHE-106-GDL-404
SSHE-106-GDL-411
SSHE-106-GDL-412
SSHE-106-GDL-413
SSHE-106-GDL-432
SSHE-100-GDL-540/13
SSHE-100-GDL-703
S.PSH.003
Revision 4
Page 2 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
3.2
August 2014
Document Title
CMS-0790-MNL-300
PREP Manual
CMS-0790-STD-323
PREP-GM-03
CMS-0790-STD-324
CMS-0790-STD-336
CMS-0790-STD-318
CMS-0790-STD-311
CMS-0790-STD-305
OGP 210
ISO 17776
ISO/IEC 73
4.0
DEFINITIONS
Terminology
Description
As Low As Reasonably
Practicable (ALARP)
Hazard
(MAE)
Risk
Risk Analysis
Revision 4
Page 3 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
Terminology
August 2014
Description
consequences and frequency of occurrences of any potential harmful
events.
Risk Management
Risk owner
4.1
LANGUAGE
In this document, the words may, should, and shall have the following meanings:
May
Should
Shall
4.2
In this document, the terms Corporate, Division and Asset have the following meanings:
Corporate
Group
A Business Group may have one or more distinct groups within its
hierarchy. These are referred to as Divisions, for example; within the
EDE Group there is the Engineering & Construction Division (ENC),
and the Operations Support Division (OPS), both of which also have
associated Departments within their hierarchy.
Asset
Department
Revision 4
Page 4 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
4.3
August 2014
COMMON ACRONYMS
Set out below are common specific terms presented in alphabetical order:
ALARP
CBA
CEO
CFD
DOA
EERA
EIA
ESD
Emergency Shutdown
ETA
EVP
FMEA
FNA
FTA
HAZID
Hazard Identification
HAZOP
HEMP
HRA
IRPA
JHA / JSA
LOS
Line Of Sight
MAE
MAH
OTR
PEM
PHA
PPE
PTR
Revision 4
Page 5 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
QRA
RAM
SIL
SIMOPS
Simultaneous Operations
SSHE
SVP
TEM
TPA
TSH
TSM
TA
Technical Authority
VP
Vice President
5.0
5.1
August 2014
The owner of SSHE Risk Management Standard is SVP, SSHE Division, with responsibilities for:
Issuing the SSHE Risk Management using HEMP Standard and its revisions;
5.2
The custodian of SSHE Risk Management Standard is VP, Process Safety and Assurance
Department, with responsibilities for:
Revision 4
Page 6 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
5.3
August 2014
Ensure
that
hazards
generated
by
the
activities
within
his/her
Function
Group
Allocate the necessary budget and resources to implement the SSHE risk management
process (such as organizing HAZID, developing Safety Case, and other relevant studies and
documentation).
Ensure the competency of SSHE specialist (e.g. SSHE advisor, SSHE engineer) within his/her
Division/Asset to conduct risk assessment, if not sufficient, assistance from Corporate SSHE
should be requested.
Ensure
that
SSHE
responsibilities
and
management
within
his/her
Function
Ensure the SSHE risk management processes are planned and implemented effectively.
Ensure that the Corporate SSHE is kept aware of the start of any new development project at
the inception stage.
Ensure that the SSHE risk management process is initiated as early as possible to ensure
SSHE risk management.
Ensure that sufficient and qualified competent resources are in place for the implementation of
SSHE risk management. Competent specialists are SSHE discipline within the project team,
specifically safety engineering specialist. Assistance from the Corporate SSHE may be
requested for obtaining specialist resources.
Ensure the SSHE risk management processes are planned and implemented timely.
Asset Managers shall ensure that MAE's / SCE's and Performance Standards are reviewed
annually at Site SSHE Committee and confirmed in a Statement of Fitness.
Ensure that relevant personnel are familiar with the SSHE risk management approach.
Provide expertise, support and resources (as necessary) to the Project / Asset / Divisions
regarding implementation of SSHE risk management.
Ensure the implementation of SSHE risk management throughout the Project / Asset lifecycle.
Initiate, review and approve deviation requests supported by SSHE risk assessments.
Revision 4
Page 7 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
6.0
6.1
August 2014
Risk management is a process to ensure that all significant risks are identified, prioritized and
managed effectively. It is necessary to perform the initial screening of risk related to any activities,
identify the hazards, analyze and evaluate the risks based on the risk acceptability criteria, prioritize
remedial actions, determine the effectiveness of the mitigation measures and implement risk
reduction measures.
The Risk Management Process follows the principles of the Hazards and Effects Management
Process (HEMP) which are to identify, assess, control and recover.
Risk management process and principle of ALARP as applied across PTTEP is shown in Figure 1.
To ensure effective implementation of risk management system, each of the following essential
steps requires monitoring, audit and review continuously and consistently to verify that risk reduction
measures have been provided as appropriate.
Risk Assessment Matrix
Benefits
Qualitative
Analysis
Decision
Hazard
Identification
People
Asset
Environment
Reputation
others
1. .
2. .
3. .
4. .
..
..
..
Semi-Quantitative
Analysis
Quantitative
Analysis
ALARP
Cost
Risk Level and
Acceptance Criteria
Hazard Identification
Risk Analysis
Risk Evaluation
Risk Assessment
Page 8 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
In theory, the notion of risk reduction to ALARP applies to the whole spectrum of risk ranging from
the very low (negligible) to very high. The standard approach of three risk regions is shown in Figure
2 Triangle of Risk Regions.
High risk
Unacceptable Region
(Intolerable risk)
Acceptable Region
Necessary to maintain assurance that risk
remains at this level
Negligible risk
However, the philosophy of risk assessment recognizes that resources and available time are finite,
and therefore seeks to focus attention on high risks and the medium risks to achieve ALARP.
For new projects, it is recommended that risk targets are defined at an early stage of the project in
order to drive the risk towards broadly acceptable region. The objective of the risk targets is to
narrow the range to which explicit ALARP considerations should be applied.
Revision 4
Page 9 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
6.2
August 2014
The following are requirements for organization of SSHE risk management process:
SSHE risk management process shall be performed by personnel, or groups of personnel who
are both competent in the SSHE risk management techniques involved and knowledgeable
about the design, operation and maintenance of the facilities under consideration. TA1 is
responsible for reviewing the risk assessment performed within Asset / Projects activity.
Should the risk is classified as High risk or the consequence severity is at level 4 or 5, TA2 is
responsible to review and verify the risk assessment.
For high risk MAEs the guidance provided in the Bow-Tie Analysis Guideline (SSHE-106GDL-413) shall be applied.
Hazard identification and risk assessment shall be planned and implemented as early as
possible, subject to the availability of the necessary information in order to allow more
inherently safer risk reduction measure to be implemented with less or no impact. During the
course of project, the Risk assessment shall be planned timely to enable the results to be
incorporated without incurring avoidable rework and costs.
SSHE risk management process shall be documented such that the key information and the
decisions made are transparent and available for future reference. Recommended actions
arising from the risk assessment studies shall be recorded and tracked until closed out.
The risk assessment techniques to be used shall be selected by competent person on a caseby-case basis, and on the basis of the nature of the SSHE risk, the perception of the
stakeholders, the magnitude of the risks and costs involved to mitigate the risk.
6.3
HAZARD IDENTIFICATION
Hazard identification is a key element in SSHE risk management which can be performed through a
number of techniques and activities including HAZID and HAZOP studies, Bow-tie studies,
inspections, management reviews, technical review and audits, incident investigations, etc.
Every installation shall have a Safety Case including a Hazard Register which should identify all the
Major Accident Events (MAE) for the installation and means of avoidance, prevention, control,
mitigation and recovery. This shall start first by the examination of the possibilities for eliminating or
reducing hazard potential. If deemed not possible, then measures have to be taken to control or
mitigate consequences of materialization of the hazard. This is achieved using proven hazard
identification techniques (for example HAZID, HAZOP, What-If, etc.).
6.4
Risk is the product of the consequence and probability associated with a hazardous event i.e.
Risk = Consequence x Probability (How Bad x How often)
Revision 4
Page 10 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Risk analysis can be performed through various techniques, qualitative, se-mi quantitative or
quantitative processes, to estimate the Probability or Frequency of Occurrence and Consequences
of each identified hazard in order to assess the risks posed by an installation based on its current
status but without any additional control or mitigation measures in place (Initial Risk). If the risk is
found to be unacceptable or high, additional control and mitigation measures together with their
effectiveness will need to be identified to reduce the level of risk to ALARP. (Residual Risk)
The Risk Assessment Matrix shown in Appendix 1 is used as a tool for a preliminary or a qualitative
assessment of frequency of occurrence and consequences.
The Quantitative Risk Assessment (QRA) technique is used for quantitative processes, normally
used as part of a formal safety assessment for a Safety Case. QRA is usually performed at Project
stage and updated for major modifications / expansion of facilities during lifetime of assets.
6.5
For qualitative risk evaluation, the PTTEP Risk Assessment Matrix (RAM) shown in Appendix 1
shall be used.
The following risk management outcomes are used to support the decision making process:
High Risk: Risk reductions are mandatory. Short term and interim risk reduction shall be put in
place. Long term risk reduction plan shall be developed and implemented. The number,
independence and reliability of the risk reduction measures shall be commensurate with the
magnitude of the risk. Bow-tie diagram or quantitative method shall be used to demonstrate
tolerability and ALARP.
Medium Risk: Risk is tolerable if reasonable risk reduction measures are confirmed to be in place in
order to reduce the risk to As Low As Reasonably Practicable (ALARP).
Further risk reduction should be considered against cost benefit and the advantages that can be
achieved. Normally, loss of production is not included in this process.
Low Risk: Broadly Acceptable level of risk where further reductions are to be achieved by
continuous improvement of the SSHE Management System rather than specific design. Further risk
reduction may be considered at management / team discretion commensurate with the asset/site
perception of acceptable production loss.
For quantitative risk evaluation, area risk, Individual Risk (of fatality) Per Annum (IRPA) is
calculated and is compared against the criteria in Table 1 below:
Revision 4
Page 11 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Employees/Contractors
Public
> 1 x 10-3
New facility
> 1 x 10
> 1 x 10
New facility
< 1 x 10-6
> 1 x 10-4
-4
-6
-5
-4
-6
-5
< 1 x 10-6
When QRA method is applied, IRPA associated with various categories of workers including the
most exposed workers are obligatory.
For High Risk, the risk reduction is obligatory. Possible risk reduction measures shall be evaluated
using detailed analysis (Database / Consequence analysis / QRA) until it is demonstrated that
residual risk is acceptable or ALARP.
For Medium Risk, additional design and/or operational risk reduction measures may be required to
further reduce the risk to ALARP. For quantitative risk analysis, ALARP demonstration is required
where IRPA level are between 1 x 10-6 and 1 x 10-3 per year.
6.6
DEMONSTRATION OF ALARP
ALARP means that risk reduction measures are applied until the cost of incorporating any additional
risk reduction measures is disproportionate to the benefit obtained.
Demonstration of ALARP is necessary whether quantitative, qualitative or semi-quantitative methods
are used for risk evaluation.
When qualitative risk assessment is used based on the PTTEP RAM in Appendix 1, the risk levels in
the yellow region (Medium Risk) require additional assessment to determine the requirement for any
further risk reduction measures in order to achieve ALARP. Reduction of risk to ALARP is an
essential process of risk management.
When quantitative methods (QRA) are used individual risks between 1x10-6 and 1x10-3 per annum
shall be subject to ALARP assessment.
To further reduce a medium risk within the ALARP region may involve a cost benefit analysis (CBA).
The principle behind this is to consider risk reduction measures until the cost of any further risk
reduction measures are disproportionate to the improvement gained.
Revision 4
Page 12 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
It should be noted that for most major projects, a Safety Philosophy or Safety Concept is established
to deliver good safety engineering practices by establishing minimum mandatory safety
requirements to assure and underpin the safety of an installations from a very early stage of a
project. The concept of ALARP should not be used in reverse to remove such minimum mandatory
and sound safety engineering requirements which are established in the Safety Philosophy or the
Safety Concept.
Such aspects should also be covered in the Concept Selection Report and
ALARP WORKSHOP
An extremely effective means of assessing and demonstrating that ALARP is achieved for major
projects is to undertake an ALARP Workshop, once all safety studies including QRA have been
undertaken. Such an ALARP workshop, would normally be attended by a multidisciplinary team of
Engineers and include Operations personnel. The Safety Consultant or entity responsible for
producing the QRA Report would produce a ranked list of the top Major Accident Events in
descending order of risk contribution in terms of PLL. The cut-off point for MAEs to be considered
at the workshop would be approved by the Project Technical Safety Engineer.
Each MAE should be reviewed by the team and the measures currently in the design, for the
prevention, control, mitigation and recovery of the MAE, should be documented. With the list of
existing safeguards, the team would identify what additional measures providing a reasonable
potential to reduce risks, should be considered further or incorporated in the design or operation.
Following the workshop, the recommendations for risk reduction measures should be subject to a
critical review focusing on measures having the greatest potential, considering both cost of
implementation and risk benefits.
The results of all ALARP assessment shall be presented in the Design and Operations Safety Case.
6.7
In principle, the following hierarchy shall be used for the selection of risk reduction measures and
underpins a responsible and robust approach to the HEMP:
Elimination and minimization of SSHE hazard by using options with a lower impact on SSHE;
Revision 4
Page 13 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
Procedural controls;
6.8
August 2014
Risk Management lifecycle starts from early days of a project and will continue until
decommissioning of the facilities. The development cycle of an installation includes, but is not
necessarily limited to the minimum requirement for SSHE Risk Management as summarized in
Figure 3. Integration with PREP process is demonstrated. For more detail, refer to PREP Manual
(CMS-0790-MNL-300) and PREP Project Roadmap (CMS-0790-STD-305).
In addition, risk assessment is required;
Finally, the installation risk lifecycle can be managed by creation of a set of sound and
comprehensive Safety Cases for different phases and a Management System which is included in
the Safety Cases.
Revision 4
Page 14 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
PHASE 2 SELECT
FEASIBILITY
STUDIES
Gate 1A
CONCEPTUAL /
PRE-PROJECT / PRE-FEED
Gate 1B
Gate 2A
BASIC ENGINEERING /
FEED
Gate 2B
PHASE 5 OPERATE /
EVALUATE
PHASE 4 EXECUTE
DETAILED
ENGINEERING
CONSTRUCTION /
INSTALLATION /
HOOK UP
Gate 3
COMMISSIONING /
START UP
OPERATION
ABANDONMENT
DECOMMISSIONING
Gate 4 Gate 5
- Operations SSHE MS
- Updated SSHE Plan
- Identify Residual Issues for
Operation
- Obtain Regulatory Permits
and Consents
- MOC
- Competency Assurance
- SSHE Induction, Training
- Operations SSHE MS
- Updated SSHE Plan
- Identify Residual
Issues for Operation
- MOC
- Competency
Assurance
- Lessons Learned
- SSHE MS Implementation
- SSHE Plan
- SSHE Legislation Register
- Maintain Permits
- MOC
- Competency Assurance
- Review Lessons Learned
- SSHE Performance Review
- Impact Assessment
- Ongoing Stakeholder
Engagement Activities
- Impact Assessment
- Ongoing Stakeholder
Engagement Activities
- SD Implementation
- Environmental Impact
Assessment
- GHG and Energy Efficiency
Report
- Environmental Performance
Report
- ISO14001 Compliance
- Ongoing Stakeholder
Engagement Activities
- Environmental Impact
Assessment
- Soil and Groundwater
Assessment
- Safety Concept
- Model Review
- HAZID
- HAZOP #2
- Design Safety Case
- QRA (if required)
- Fire and Explosion Risk /
Consequence Analysis
- SIL Verification
- SCE Identification
- PS for SCE
- Bow-Tie Analyses
- ALARP Assessment
- Ops Safety Case (by Ops)
- Contractor Safety Case
- Operating Envelopes
- Safety Concept
- HAZID
- Installation Safety Case
- QRA
- PS for SCE
- Ops Safety Case (by Ops)
- Safety Concept
- HAZID
- Ops Safety Case
(Pre Hook Up and
Commissioning)
- HAZID
- HAZOP
- Updated Ops Safety Case
- MOC Studies
- HAZID
- Safety Case
- Updated HEMP
Studies
- SD Strategy - Preliminary
- SSHE Issues and
Stakeholder Identification
Workshop
- Site Selection
- SD Strategy Assessment
- Impact Assessment (Env,
Health, Social)
- GHG and Energy
Efficiency Requirements
- Initial Stakeholder
Engagement Plan
- Update SSHE issues
Review
- Updated SD Plan
- Impact Assessment
- Compliance with ISO14001
- Updated Stakeholder Engagement
Plan
- Compliance with Environmental
Minimum Requirements
- Best Available Technique (BAT)
Assessment
- Conceptual HAZID
- Safety Concept
- Coarse HAZID
- Coarse HAZOP
- Concept Selection Report incl.
ALARP Demonstration
- Concept QRA
- Layout Review
- Safety Distance
- Fire and Explosion Risk /
Consequence Analysis
- Hazardous Area Classification
- Safety Concept
- Updated SSHE
Premises
- HAZID
- HAZOP #1
- Design Safety Case
incl. ALARP
Demonstration
- Coarse QRA
- Fire and Explosion
Risk / Consequence
Analysis
- SIL Assessment
- SCE Identification
- Performance
Standards for SCE
- Operations Procedures
- PTW
- HFE Implementation Plan
- Logistics Risk Management Plan
- Verify Medical Service and ER Compliance
- SIMOPS
- JSA
- HFE Implementation
Plan
- HRA
- SIMOPS
- JSA
- HFE Review
- HRA
- Medical Review
- SIMOPS
- Assess Operational
Competence and Training
- JSA
- HRA
- SSIs
- ERPs
- PTR#1
- Pre-Q FEED Contractors
- Tender Specification
- Document Control System
- Project SSHE Audit and Review
Plan
- Input to Venture Execution Plan
- Input to ITB, BOD and FDP
- PTR #2
- Pre-Q EPC Contractors
- Peer Review
- Formal Audit and Review of
contractor Performance
- Input to Design ITB
- PTR #3
- Pre-Q Construction Contractors
- Peer Review
- Compliance Audits
- Certification Records
- Construction Audits
- Peer Review
- Handover Documents and
Records
- PTR #4
- Commissioning Audits
- Peer Review incl. Ops
- Pre Start-Up Audits
- Handover Documents
& Records
- OTR
- SSHE Operations
Performance Review
- Post Implementation Audits
- SSHE Audits
- Pre Decommissioning
Audit
TECHNICAL SAFETY
- HAZID
- Prelim. Bow-Tie
Analyses
- Hazardous Area
Classification
- Escape, Evacuation
and Rescue Analysis
- Isolation Philosophy
- Overpressure
Protection Philosophy
- HIPS Philosophy
- ESD Philosophy
- Operability Assessment
- Health Screening incl.
Baseline Local Facilities
and Medical Emergency
Response (MER) Review
Figure 3: Typical SSHE Requirements of Risk Management in the Project Life Cycle
Revision 4
Page 15 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
6.9
August 2014
Monitoring shall be made to ensure and demonstrate compliance with the regulations, the
installation Safety Case and any mandatory standard requirements, and to review the effectiveness
of the existing risk control measures.
Monitoring methods shall vary depending on the type of risk being monitored, for example:
Behavioral observation,
Results of each monitoring shall be recorded as the evidence for internal and external audit and
review, proposed action shall be implemented, closed-out and reported to the management
respectively.
Audit and review of the risk management system shall be carried out at a regular interval to
systematically verify and review the effectiveness of the control put in place in terms of reducing risk
to an acceptable level, and of the monitoring process itself.
Conformity with the technical content of the Risk Assessment process ( for example assumptions,
calculations, input parameters of the models, methods, presentation of results, etc.) defined in this
Standard (effective implementation, frequency of update through life cycle, adequacy of
documentation, adaptation of SSHE Management System etc.) shall be verified during the formal
audit and reviews.
Competent auditors for these conformity audits and reviews may be the representatives of SSHE
department and/or the external auditors and/or consultants relevant to each specific subject.
Note: Key personnel involved in the risk management program must have the appropriate
qualifications and competency to understand and apply this Standard and any other relevant specific
procedures. The Asset/Division or Project in charge of risk management must have adequate
resources necessary for the application.
In the absence of resources, assistance should be sought from the SSHE division who can either
allocate resources to manage the work directly or via specialized Contractors/Consultants, in
particular to develop or update or upgrade the Safety Case, EIA, HRA, Security Risk Assessment,
etc.
Revision 4
Page 16 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
6.10
August 2014
FEEDBACK EXPERIENCE
Feedback experience is an essential part of risk management, Incidents, accidents and failures
happen as the results of hardware, software, human errors or management failures. Such events
can provide very useful feedback to the Safety Management System and Risk Management of an
installation. If an incident does occur then this is an indicator that the specified control has not been
effective.
If a severe incident occurs the associated risks shall be considered HIGH until the revised controls
are implemented and verified.
A number of minor incidents e.g. near misses are also an indicator of the failure of specified controls
therefore again the associated risks shall be considered as HIGH. On many occasions a near miss
i.e. no actual harm, is by luck and/or fast reactions of an individual rather than by effective controls.
7.0
7.1
The PTTEP Risk Matrix, five-cell by five-cell is divided into three main regions with the assigned
color code for High risk (Red color), Medium risk (Yellow color) and Low risk (Green color) as shown
in Appendix 1.
The left side of the matrix covers the potential consequences of the events/incidents to people,
production/property, environment and reputation; the criteria are based on incident real/potential
severity assessment.
The top part of the matrix shows frequency estimation which is based upon knowledge/historical
data of similar events/incidents occurring within PTTEP or in the E&P industry as a whole.
Note:
1. The quantity of spill is measured in bbl however the impact is dependent on the actual site
location and this must be considered e.g. if it is on-shore close to a river course or populated
water front spills of less volume may have significant impact on the environment.
2. For certain application of the RAM, i.e. for Alarm Management prioritization, the severity row can
be expanded to include No effect, which has no adverse impact to any of people, production /
property loss, environment and reputation. For this severity category, the risk is considered
broadly acceptable regardless of the frequency of occurrence.
3. When utilising the Risk Assessment Matrix as reference for other application i.e. for Alarm
Management, SIL assessment, the consequence severity given in the matrix is the minimum
requirement in line with risk perception at PTTEP Corporate level and calibrated with risk
perception at asset level. Depending on context of a risk assessment or risk perception at the
Revision 4
Page 17 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
asset level, the severity consequence may be modified to be more stringent subjected to
approval from CLP. In no case the severity consequence can be modified to be less stringent.
4. For job level risk assessment using OHSAS 18001, the frequency / probability can be assessed
in line with the OHSAS 18001.
7.2
RISK CLASSIFICATION
The risk classification is determined using the risk matrix following a systematic approach, normally
conducted by a group workshop type review, for example a HAZID study.
The level of risk management required will be determined by the risk classification selected from the
Risk Matrix (See Appendix 1).
For example, a credible major incident causing a fatality, moderate production/property loss, no
environmental impact and serious reputation issues is risk ranked.
Due to single fatality, this provides an initial risk ranking of High Risk (4C), which is intolerable, so
control measures need to be identified and put in place to reduce the frequency of the incident to
say unlikely Medium Risk (4B). Any further risk reduction measures would need to be investigated
and implemented if justified (using cost benefit analysis) in order to achieve ALARP.
It is mandatory to reduce any identified risks having a High Risk (red region) of the matrix, such
risks are unacceptable and measures must be taken to eliminate or reduce the identified risk to a
low level or ALARP. Risk reduction can be a combination of design or operating measures, but
nevertheless the primary measures must be risk reduction by design rather than operating
procedures which are subject to human error or non-compliance with procedures.
Risks within the Medium Risk (yellow region) of the matrix should be subjected to further risk
reduction measures in accordance with ALARP principles; i.e. risk reduction measures must be
identified and cost benefit analysis may need to be carried out to assess and demonstrate ALARP.
Any risks which are shown to be in the Low Risk (green region) of the matrix are considered to be
broadly acceptable where further reductions are to be achieved by continuous improvement of the
SSHE Management System rather than specific design. Further risk reduction may be considered at
management / team discretion commensurate with the asset/site perception of acceptable
production loss.
Revision 4
Page 18 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
8.0
August 2014
HAZARD REGISTER
A hazard register shall be maintained for facilities operating under a Safety Case and typically
includes the following:
A hazard register should be established for projects/activities to manage the identified risks
throughout the whole lifecycle of a project/activity.
Revision 4
Page 19 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
9.0
Revision 4
August 2014
APPENDIX
Page 20 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
9.1
August 2014
Consequences
Severity
People(*)
MAE
Asset
Production /
Property(**)
Environmental
Effect (***)
Reputation
International
TV
International
papers
Multiple LWDC
OR one or more
Permanent
Disability
OR 1 Fatality
Loss between
$5M $50M
National TV
National
papers
Single LWDC
OR multiple
RWDC
Loss between
$100K $5M
Local TV
Local written
media
Moderate
(2)
MTC OR Single
RWDC
Loss between
$10K - $100K
Local media
interest
Minor (1)
No Reaction
Major
(5)
Serious
(4)
Significant
(3)
Multiple
fatalities
Rare (A)
Unlikely (B)
Credible (C)
Likely (D)
Frequent (E)
Event
occurrence is
remote and/ or
never heard of
in the E&P
industry
Event
occurrence is
possible but
unlikely or has
happened few
times in the E&P
industry
Event has
occurred several
times in the E&P
industry OR
occurred in
PTTEP
Event has
occurred several
times per year in
the E&P industry
OR more than
once per year in
PTTEP OR
occurred at the
location.
Events are
frequent in the oil
& gas industry
OR occurred
more than once
per year at the
location.
(1)
(1)
HPI
HIGH
RISK
MEDIUM
RISK
LOW
RISK
(2)
(2)
Revision 4
Page 21 of 22
SSHE-106-STD-400
SSHE Risk Management Standard
August 2014
Description
Minor Slight injury/illness (First Aid Case-FAC) OR No or slight damage to health e.g. non-toxic dusts (as an acute
hazard)
Moderate Cases of Medical Treatment Case (MTC) OR a single Restricted Work Day Case (RWDC). Minor health
effects, which are reversible, e.g. skin irritation, food poisoning.
Significant - Multiple cases of RWDC OR a single Lost Work Day Case (LWDC)
Affecting work performance in the either short or long term, absence from work. Irreversible health damage without loss
of life e.g. noise, poor manual handling tasks, hand/arm vibration syndrome, chemicals causing systemic system effects,
repetitive strain injury.
Serious- Multiple LWDC OR one or more permanent disability OR one Fatality from an accident/illness. Irreversible
health damage with serious disability or death e.g. corrosive burns, known human carcinogens
Major - Multiple Fatalities from an accident e.g. chemical with acute toxic effects (Hydrogen sulphide, carbon
monoxide), known human carcinogens (large exposed population)
Note: 1. Effect to public shall be considered with the severity at least equal to the workforce. Depending on societal risk
perception in the region, public risk may have to be considered one order of magnitude more severe than that of the workforce.
(**) Effect to Asset2 (Cost of Production Loss + deferment + Property damage + repair /
replacement)
No.
Description
Minor Effect Minimal damage. Negligible down time or asset loss. Losses less than $10K.
Moderate Effect Some asset loss, damage and/or downtime. Losses between $10K - $100K.
Significant Effect Serious asset loss, damage to facility and/or down time. Losses between $100K - $5 M.
Serious Effect Major asset loss, damage to facility and/or down time. Losses between $5M - $50 M.
Major Effect Massive asset loss, significant damage to facility and/or down time. Losses more than $50 M.
Note: 2. Only monetary term is specified and has been calibrated in the same order of magnitude with PTTEP Corporates risk
perception and made more stringent to be able to apply at Asset level. However, at asset/site management discretion, the
decision for implementation of safeguard and mitigation may be more stringent commensurate with the asset/site perception of
acceptable production loss. In no case it can be less stringent.
Production loss duration may be calculated using site-specific average production revenue (e.g. with average daily production
20,000 BOE @ $100 per barrel, severity level for Partial shutdown (few hrs / run at 60% capacity), 1 day shutdown, 1 week
shutdown will be Moderate, Serious and Significant respectively.
(***)Effect to Environment
No.
1
Description
Minor Effect Minor environmental damage, within the fence and within systems or vicinity of the installation. No or
negligible financial consequences
Minor Effect - Sufficiently large contamination or discharge to damage the environment, but no lasting effect. Single
breach of statutory or prescribed limit, or single complaint.
Localized Effect - Limited discharges affecting the neighborhood and damaging the environment. Repeated breaches
of statutory or prescribed limit, or many complaints.
Serious Effect - Severe environmental damage. The company is required to take extensive measures to restore the
damaged environment. Extended breaches of statutory or prescribed limits, or widespread nuisance.
Major Effect - Persistent severe environmental damage or severe nuisance extending over a large area. Loss of
commercial, recreational use or nature conservancy, resulting in major financial consequences for the Company.
Ongoing breaches well above statutory or prescribed limits.
Revision 4
Page 22 of 22