Probabilistic Safety Assessment & Management (PSAM) Conference

Asset Integrity – Process Safety Management (Techniques and Technologies)

Soliman A. Mahmoud
Engineering Specialist, Saudi Aramco Oil Company, Saudi Arabia
Email: [email protected]
Cell #: +966 59 300 8884

ABSTRACT
This paper discuses concepts and methodologies to Asset Integrity and Process Safety Management
(AI-PSM) of Hydrocarbon Operations and elaborates on Inherently Safe Design as a predictive
method to meet Process Safety requirements early at the Design Stage.

Technologies to aid in AI-PSM, including Focused Asset Integrity Review, monitor performance and
manage the integrity barriers will also be discussed in this paper.

Keywords: Technical Integrity, Asset Integrity, Inherently Safe Design, Process Safety, Technical
Integrity Barriers, Safety Critical Elements, Technical Integrity Review.

INTRODUCTION
Hydrocarbon Operations are hazardous in nature, whereby potential or likelihood of leaks and
releases causing damage to life, property, environment and/or Operators’ reputation vary depending
on the Technical Integrity measures taken to ensure that assets are being designed, operated,
inspected and maintained in a way such that under normal operating conditions, the risks are
tolerable and controlled at an “As Low As Reasonably Practicable (ALARP)” limit.

Since the Technical Integrity measures (whatever comprehensive) cannot grant the achievement of
the “Zero Accident” goal, major hydrocarbon operators are prepared with Emergency Response
Plans that address initial response and communications leading to the containment of major accidents
and associated escalation of events (e.g. H2S release, Hydrocarbon/Chemical Spill, Fire and
Explosion, Radioactivity), consequently safeguarding of lives, the environment, and asset
value/revenue.

TECHNICAL INTEGRITY
By definition, Technical Integrity (TI) of an asset is achieved when: under specified operating
conditions, the risk of failure that endangers the safety of personnel, the environment, asset value, or
Company reputation is tolerable and has been controlled or contained to be ALARP.

TI (as practiced by major operator; as advised by global regulatory bodies) depends on controlling
the escalation of emergency events and associated consequences at ALARP level, by forming a
successive set of Integrity Barriers that run from safe operating mode to escalation, i.e. Structural
Integrity, Process Containment, Ignition Control, Detection System, Protection System, Shutdown
System, Emergency Response, and Lifesaving, where each barrier contains a group of Safety Critical
Elements (SCEs).

For each SCE, Performance Standard with specific functional goals, acceptance criteria, and
minimum assurance tasks are used to determine whether the TI for that SCE is demonstrated, or else,
gap closure recommendation is specified to retain the ALARP status.
PSAM-12 1
INTEGRITY BARRIERS AND SAFETY CRITICAL ELEMENTS

SCEs are defined as those items of equipment or structures whose failure could lead to a Major
Accident or whose purpose is to prevent or limit the consequences of a Major Accident. In Figure 1
(below), reference was made to the Integrity Barrier “Swiss Cheese” Model of Shell EP.

Figure 1 - Integrity Barrier “Swiss Cheese” Model of Shell EP

TECHNICAL INTEGRITY FRAMEWORK

Asset Integrity has always been subject to deterioration over time for a number of reasons, e.g. faulty
design, wrong selection of materials, improper operation, and maintenance (leave aside the aging and
end of service considerations). Therefore, a proactive mechanism to assure the TI of an asset can
ideally be made to maintain its fitness for purpose throughout its whole life cycle (from design to
decommissioning).

The integrity assurance framework, accordingly, is extended from the design stage (during which,
Engineering defines Integrity Standards and Design Envelops based on Operational Safety Cases to
assure the Design Integrity) until post-handover of assets to Operations, where Engineering provide
Operations with Operating Envelops, Inspection and Maintenance guides to safeguard the Technical
Integrity of the assets (or what is called Operational Integrity assurance practices that are aimed at
sustainable operations of the assets at the Design Standards).
2
 Probabilistic Safety Assessment & Management (PSAM) Conference

ASSET INTEGRITY AND PROCESS SAFETY (AI-PS)

Asset Integrity and Process Safety (AI-PS) of hydrocarbon facilities are intrinsically linked and
together they constitute TI, where Asset Integrity is the process of establishing TI, by understanding
and evaluating key risks early at the design stage, selecting protection, and defining controls to
contain risks of failure at ALARP limit. In simple trams, Asset Integrity is the efforts aimed at
designing for safety and environmental integrity to proactively meet the Process Safety requirements.

Process Safety, in turn, is the efforts of safeguarding Asset Integrity through, verifying that
appropriate assurance measures are in place to oversee operating assets and timely intervene to
safeguard their performance within design standards. In other words, Process Safety depends on
structuring robust controls to manage technical risks by maintaining the TI of the SCE to sustain the
ALARP status throughout asset lifecycle.

Since AI-PS goal is the fitness of the assets throughout their lifecycle (from design to
decommissioning), aligning TI measures with an efficient and cost effective Maintenance Program
(ideally based on Risk-Focused Maintenance methodology) is a must. Figure 2 illustrates the Asset
Integrity – Process Safety management process.

Asset Integrity Process Safety

Design & Construct (Build TI) Operate & Sustain TI
Owner: Engineering Owner: Operations

Handover to
Operations

Commission
Design Construct & Start-Up
Operate Abandon

 Asset Registers
 As-Built Drawing
Engineering defines Integrity 

Data Management
Change Control (PIR)
Standards at Handover of Assets to 

Deviation Control (DAR)
Operating Envelops Update
Operations (to safeguard Technical  Asset Performance Management
(APM)
Integrity)  Inspection and Maintenance
Guides
 Audits and Reviews

Figure 2 –AI-PS Management Process

AI-PS and RISK ANALYSIS RELATIONSHIP

Asset Integrity and Process Safety (AI-PS) of hydrocarbon facilities are intrinsically linked. They are
(fundamentally) the processes of understanding key risks early at the design stage, accordingly:
PSAM-12 3
 evaluate, select, define, and execute the design for safety and environmental integrity based on
ALARP and Inherent Safety concepts, then sustaining the operation within these design measures
throughout the asset service period. This task requires a comprehensive risk analysis and risk control
capabilities.

DEFINITIONS of RISK and PROBABILITY

Western Canadian Spill Services Limited defines Risk as: “The measure of the probability and
severity of an adverse effect to health, property, or the environment”. However, most of major
Operators add adverse effect to their reputation as a risk assessment factor.

Probability is the likelihood of an event occurring during an interval of time. Risk is often estimated
by the mathematical expectation of the consequence of an adverse event occurring (i.e., the product
of "consequence").

RISK ASSESSMENT
A risk assessment is all about careful examination and calculation of potential hazards that could
result in harm to people, asset, environment, or company reputation. A typical risk assessment
process may include the following steps:

 Identify the hazard (defined as any situation that has the potential to cause harm to people,
asset, environment, or company reputation);
 Determine the risk (using the product of "probability x consequence" formula);
 Evaluate the risk, and then decide whether the existing precautions/controls are adequate, or
whether more control measures are still needed;
 Keep record of your findings, and maintain weighing them against the risk control measures
in place and the control measures that are required by the regulatory bodies;
 Based on the above, implement your control strategies;
 Following the implementation of control strategies, keep revising risk, control strategies and
make changes as necessary; and
 Conduct a new risk assessment following any significant changes or an incident.

Risk levels based on probability and consequences may be better assessed by using the following
formula: Risk = Consequence (severity of impact from an event) X Probability (likelihood of event
occurring), as represented in the following Risk Assessment Matrix (Table 1).

Hazards Probability (Likelihood of event occurring)

Has Has
Has
happened happened
happened
at the in the Never
more Heard
Environment

Severity of
Reputation

Location Company heard

than of in
People

Asset

Consequences or more or more of in

once per E&P
Severity of than once than once E&P
year at industry
Consequences per year per year industry
the (2)
in in the (1)
Location
Company industry
(5)
(4) (3)
Catastrophic
More than Catastrophic Catastrophic Catastrophic
damage 25 20 15 10 5
3 Fatalities effect impact (5)
>US$ 10M
PTD or up Major
Major Major
to damage Major effect 20 16 12 8 4
impact (4)
3 fatality <US$10M
Major injury Moderate Moderate Moderate Moderate 15 12 9 6 3
4
 Probabilistic Safety Assessment & Management (PSAM) Conference

or health damage effect impact (3)

effect < US$ 1M
Minor injury Minor
Minor Minor
or health damage Minor effect 10 8 6 4 2
impact (2)
effect <US $100K
Insignificant Insignificant
Insignificant Insignificant Insignificant
Injury/health damage 5 4 3 2 1
effect impact (1)
effect <US $10K
No injury or No impact
No damage No effect No impact 0 0 0 0 0
health effect (0)
Table 1 – Risk Assessment Matrix

TI COMPLIANCE AND TOLERANCE COLOR-CODE

The Risk Assessment Matrix (Table 1) and associated Color-code can be used to determine the
Criticality Level of a SCE, and to determine its Current Status in terms of compliance with TI
standards as follows:

Red, used when Technical Integrity is NOT demonstrated;

Yellow, used when Technical Integrity is demonstrated, but areas of improvements are
identified; and
Green, used when Technical Integrity is demonstrated; no further action is required.

Likewise, Assessment Matrix Color-code can be used to express the tolerance and assist in setting
response priorities as follows:

Red, requires immediate risk control action(s);

Yellow, requires further evaluation to determine if existing controls are sufficient, or else,
corrective action is needed; and
Green; risk is tolerable/no risk control action is needed.

TECHNICAL INTEGRITY ASSESSMENT

Technical Integrity assurance involves assessment of the following:

 Technical Integrity of Upstream and Downstream Facilities (Wells, Pipelines and

Facilities/Process Equipment);
 Roles, Responsibilities and associated Competence System;
 Document Control System;
 Data Management System;
 Management of Change;
 Performance Monitoring and Measurement;
 Inspection and Maintenance Processes;
 Reliability/Key Performance Indicators; and
 Technical Assurance and Verification Mechanism.

TI ASSESSMENT METHODOLOGY
As explained earlier, TI assurance depends on risk assessment and risk controls to contain the
escalation of consequences at ALARP level. To achieve this goal, Integrity Barriers with Safety
Critical Elements have been introduced, and periodic inspection is required to assess the current
status of the SCEs against TI measures that include functional goals, performance criteria, and
minimum assurance standards for each SCE.
PSAM-12 5
Response action and timeframe depends on the SCE criticality level. The assessment can possibly be
conducted either manually or automatically (using a software tool).

FAIR Methodology & Technologies

As part of Shell AI-PS Management System that drives to assess and improve the Technical Integrity
status of the exploration and production facilities, a Global Technical Integrity Review and
Improvement Program was initiated in 2006, where Shell Global Solutions International’s (Shell
GSI) leading teams of regional discipline engineers have developed two software tools to aid what
they call “Focused Asset Integrity Review (FAIR)”.

The objective of the two FAIR versions (as explained later in this paper) is to help exploration and
production operations comprehensively understand the operational risks, then identify and
implement controls/improvements to the Technical Integrity Management System as a whole
(Technical Integrity of the assets and the system alike; from well bore to point of hydrocarbon sale.).
Note that Shell’s FAIR and AI-PS Management System depends only on “Hardware Barriers”
[physical assets]. Software Barriers (knowledge and skills) are addressed in their “Corporate
Management System”.

a. FAIR+ER

The first FAIR software tool to be introduced is the ‘Equipment Review’ (“FAIR+ER”), which aids
the assessment of the current status of equipment. FAIR+ER methodology comprises a detailed
review of the present condition of an equipment to determine if it performs it function as per design
when called upon, and if it is in compliance with the functional goals, performance criteria, and
minimum TI assurance standards that have been predefined for each equipment (SCE).

FAIR+ER employs experienced discipline engineers (usually supervised by “Technical Authorities

(TAs)”) to review equipment history and condition records, and then conduct site interviews to
capture findings, collect evidences, discuss concerns and get suggestions from asset personnel with
roles to maintain the asset integrity, including reliability, inspection, operation, and maintenance
teams.

FAIR+ER discipline engineers record their findings along with references to evidences and other
information gathered during the review on Current Status Reports (CSRs) that the FAIR+ER
software produce for each SCE. Each CSR gives a conclusion about the Technical Integrity status of
the relevant SCE by means of outlining the acceptance criteria for the relevant SCE with check boxes
to ease consistent conclusion of the current integrity status. Typical conclusions are either: 1)
Technical Integrity is NOT demonstrated; 2) Technical Integrity is demonstrated but areas of
improvement identified; or 3) Technical Integrity is demonstrated.

CSRs include a risk assessment matrix to define a priority for the recommendation, and another set
of checklists with guidance to evidences and typical questionnaire to facilitate site interviews and to
maintain consistency. When all SCEs relevant to an integrity barrier have been assessed, the integrity
status of this barrier can be determined; accordingly, recommendations to restoring design standards
and/or improving integrity status can outlined on the CSRs. Operating units can then establish an
implementation plan, an audit tracking mechanism to measure the progress and closeout completed
tasks (to ensure compliance with TI teams’ recommendations).

6
 Probabilistic Safety Assessment & Management (PSAM) Conference

b. FAIR+SR

FAIR+SR is the second software tool version produced by Shell GSI; it is a structured review of the
Asset Integrity (as a Management Systems). FAIR+SR objective is to aid the control of activities,
practices and procedures required to monitor, assess, improve and sustain the integrity of specific
asset types and facilities, such as static equipment (e.g. heat exchangers, vessels and piping),
instrumentation, rotating equipment, wells, pipelines and offshore structures. According to Offshore
Technology, FAIR+SR “aspects of management systems reviewed are detailed as follow:

 Organization and Administration

 Skill Resources, Training and Certification
 Procedure and Practices
 Quality Assurance and Quality Control
 Maintenance Plans
 Module-Specific Aspects
 Corrosion Prevention and Control
 Inspection and Fitness For Purpose Assessments
 Testing Programs
 Data, Integrity Records, Tools and References”.

FAIR+SR process begins with a preliminary self-assessment performed by local staff from the
concerned operating unit using FAIR software, which provides them with guidance to the
effectiveness of their TI Management System through answering a thorough series of questions
about all aspects of the asset integrity systems applied at their location.
Status of an integrity barrier can be determined after the assessment of all SCEs relevant to that
integrity barrier, then, the FAIR+SR team carries out a review of record systems and procedures
through site interviews with a selected technical and operating staff from all disciplines and
associated levels and functions.

Using the FAIR+SR software, the review teams analyzes the information gathered and conclude
current status assessment on the management systems based on a gap analysis between the site self-
assessment and the FAIR+MS team findings, accordingly, key findings, areas of strengths and
weaknesses can be jointly introduced, leading to a prioritized list of improvement opportunities to
the existing management systems.

TI DATA MANAGEMENT
Data management is a crucial task for the efficiency and viability of a Technical Integrity
Management System. The data management begins at the early design stage, where the below listed
data must be available prior to the commissioning of the asset and subsequently maintained up-to-
date after project hand-over to operations and until abandonment of the assets:

 Design data (Including Design Envelope);

 Asset registers (into SAP or other CMMS);
 As-built-drawings;
 Inspection and maintenance plans and intervals (CMMS);
 Operating Manuals;
 SCEs;
 SCE Functional Goals and Acceptance Criteria (Performance Standards);
PSAM-12 7
  MoC (Design Alteration and Plant Improvement Requests’ control process that runs through
five steps: Screen → Review → Approve → Implement → Close-out);
 Maintenance history;
 Inspection/Audit findings and recommendations; and
 Inspection/Audit track records.

INTEGRATION OF TI WITH RELIABILITY, INSPECTION AND MAINTENANCE

Reliability programs can be utilized to measure the TI, where KPIs can be produced to rate the
integrity of SCE against performance standards. Reliability programs can also help take overall Asset
Performance (hardware) to the next level by focusing on optimum, efficient, and cost-effective
performance of assets, people, systems and processes within the Technical Integrity as
complementary framework.

TIF provides directions and guidance to align Technical Integrity (TI) practices with inspection and
maintenance execution. The aim is to ensure that the scheduled Inspection and Maintenance
programs are formulated by responsible/authorized personnel from technical, operational and
planning disciplines and in compliance with the methodology, strategy and objectives that are
globally adopted for the Asset Inspection & Maintenance Systems.

Inspection and Maintenance System should be directed to maintain the integrity of SCEs based on
the following considerations:

 To ensure a continuous comprehension of the running condition of all SCEs;

 To direct the maintenance program so as to keep all SCEs in a satisfactory ALARP safe-state
(from integrity, operability, and maintainability standpoint);
 To ensure the safe conduct of all inspection and maintenance tasks on SCEs;
 To direct the scheduling of the SCEs equipment towards efficient and cost effective
‘Productive Utilization of Assets’ by means of proper balance between SCEs running hours,
inspection and shutdown maintenance (to maximize the MTBF and to minimize the MTTR
simultaneously);
 To optimize the performance ratings of the SCEs;
 To ensure accurate and complete recording of SCEs inspection and maintenance activities,
findings and service/corrective actions histories; and
 To maintain updated dashboards, KPIs, Management of Change, historical equipment
inspection and maintenance records.

8
 Probabilistic Safety Assessment & Management (PSAM) Conference

RISK-FOCUSES MAINTENANCE (RFM)

RFM is a technique for establishing a Reliability-Centered Maintenance (RCM) program. The
RFM process is to focus maintenance resources only on components that enable plants to
fulfill their essential functions when called upon, and/or to focus on components, which
failure may initiate challenges to safety systems, so as to realize the greatest beneficial impact
in reducing risk. In other words, RFM addresses the maintenance of TI Barriers and
associated SCEs.

RFM process addresses only a portion of the RCM, which in turn addresses all portions or
selected portion(s) of total plant maintenance program. Therefore, use of the RFM process
should not preclude other maintenance activities.

RFM METHODOLOGY
RFM method consists of two major steps: 1) Identifying SCEs, and 2) Determining what
maintenance activities are required to ensure reliable operation of the SCEs identified [2]. For
TI purposes, the SCEs are identified through Hazard and Effect Management Process, in
association with eight TIB as illustrated in Figure 1. Figure 3 illustrates the top-level RFM
process.

Determine if
Component is (1)
SCE or not

No Not included in
SCE? (2)
RFM Process

Yes

Evaluate RFM
for SCE (3)
identified

Fig.3 Top-level RFM Process

PSAM-12 9
 Probabilistic Safety Assessment & Management (PSAM) Conference

After identification of SCEs, a single approach of two steps is used to establish an RFM
program. The first step is to determine the dominant component failure modes that should be
prevented. The second step is to determine maintenance activities that will prevent the
occurrence of those dominant failure modes. Figure 4 illustrates the maintenance evaluation
for SCEs.

Identify SCE

-------------------------------------------------------------------------------------------------------------

Determine
Maintenance Tasks
for each Dominant
Failure Mode to
Defend Against

Determine
Dominant Failure
Modes to Defend
Against

Fig.4 Maintenance Evaluation for SCEs

CONDITION MONITORING
An Effective RFM program requires operating the plant equipment under the watchful eyes of
operation and maintenance teams, therefore, Condition Monitoring (CM) is an essential
element that allows RFM to be proactive rather than reactive.

CM is the practice of “using the proper instruments” [3] (either hand-held or integrated with a
PLC, DCS, or SCADA system) to monitor equipment/process variables, e.g. vibration,
thermography, emission, releases, corrosion rate, NORM, and noise levels as a preliminary

10 PSAM-12
 Probabilistic Safety Assessment & Management (PSAM) Conference

step. Comprehensive diagnostics of these variables and thorough understanding of safe

operating limits are the key competence factors that allow TI/RFM engineers to timely
interfere to restore the process safety. A separate research paper to discuss plant operations
with safe parameters is currently being developed by the Author.

RESULTS AND CONCLUSIONS

Technical Integrity Framework comprises Asset Integrity and Process Safety assurance
methodologies were presented. FAIR was also introduced as an state-of-the-art technology to
aid in TI assurance.

REFERENCES

 Energy Institute, Guidelines for the Management of Safety Critical Elements, Second
Edition, March 2007, ISBN 978 0 85293 462 3, Published by the Energy Institute.

 Holmes, R. et al., Liquid Hydrocarbon Spills—Risk Assessment Guide, Western

Canadian Spill Services Limited, available from:
http://www.wcss.ab.ca/archive/publications/pdf/WCSSRISKASSESSMENTGUIDE.p
df last viewed: December 17, 2013.

 Offshore-Technology.Com, Protect You Asset, available from:

http://www.offshoretechnology.com/features/feature52922/ last viewed: December 17,
2013.

 David Stevens, Equipment Condition Monitoring, available from:

http://www.vibanalysis.co.uk/, last viewed: December 17, 2013.

PSAM-12 11