Reducing Operational Risk with IntelliPERMIT and FlexiLOG
Article by Gavin Halse, Scott Bredin & Henry Boshoff
Enterprise risk is often grouped into categories. One popular classification is to separate out operational, financial, environmental and reputational risks. But there are many overlaps and dependencies between these categories. For example, in a manufacturing plant a specific operations incident (e.g. the failure of a critical piece of equipment containing hazardous chemicals) can result in a safety incident as well as have environmental consequences (for example a spill of toxic chemicals). The same incident could ultimately lead to financial and reputational consequences. Operational risk cannot therefore be isolated from overall risk management in the business.
Holistic Risk Management
All risk management needs to be approached holistically. An incident (or event) can be the result of one or more possible causes as well as have a number of knock-on effects or consequences. Several approaches are used in industry to manage this relationship between cause and consequence. One such technique is the bowtie analysis. The name arises from the shape of the diagram below which resembles a bowtie.
A typical bowtie analysis diagram is shown below:
In the bowtie method a number of hazards and threats are identified. The threats can individually, or in combination lead to a “top event” when control is lost over one or more of the preventative barriers put in place. The top event is so serious in that it could result in multiple negative consequences. To mitigate against these consequences, management puts in place recovery barriers to prevent the probability of each of them occurring (and any related escalations).
Types of operational risk
Operational risk in the context of an industrial operation can be analysed using a bowtie analysis and will consist of a combination of threats, barriers, events and consequences.
In a typical factory, operational risk is controlled using a number of standard processes, for example:
- Job risk assessment
- Permit to work
- Incident / non-conformance management
- Isolation management
- Safety inspections
- Engineering change management
- Design methodologies (e.g. HAZOP, SIL etc)
To control these processes the company will put in place certain standard procedures. For example, when doing maintenance in hazardous situations the permit to work procedure will apply. The permit to work will normally cover the following dangerous scenarios:
- Hot work
- Vessel entry / confined space
- Working at heights
- Working with specific hazardous materials (e.g. radioactive material)
A procedure will be developed for each of these scenarios and the permit document itself is adapted accordingly.
How does the permit to work reduce operational risk?
The permit to work is a formal document that identifies hazards, ensures the precautions are in place, and controls the responsibilities and communications that need to take place when hazardous work takes place on the plant.
The specific permit procedures will differ slightly between organisations, but will always include a job hazard analysis / risk assessment, necessary precautions to be taken (e.g. personal protective equipment and isolations), specify the competencies and skills needed to do the work, identify the safe work procedures to be followed etc.
By requiring the signatures of the responsible parties at key points in the process, the permit to work is designed to ensure that there is good communication between plant operators and maintenance crews who must work closely together to make sure that any non-routine work takes place safely.
Together these steps reduce the risk of a bowtie “top event” resulting from any potentially dangerous work.
The permit to work therefore focuses on the items on the left of the bowtie analysis, i.e. correctly identifying the threats and the required preventative barriers to minimise the probability of occurrence of an event. What is perhaps unique about the permit to work process is that it identifies risks that are very specific to the precise situation on the plant at the exact time that the work takes place. This real-time aspect is important because in manufacturing operations many risks are transient in nature, for example the unexpected presence of heavy excavation machinery simultaneously working at an adjacent work site. Permits therefore need to be managed in real time and must expire at the end of a shift, or should be revalidated at the end of the working day. Electronic operational risk systems ideally need to be accessible using mobile devices in the field and be able to monitor data from sensors in the field that can track personnel, isolation locks or equipment (for example).
Clearly the permit to work/control of work system is an important part of the overall risk management on the plant. But in order to fully address the total risk, (including mitigation measures such as recovery barriers and consequence management as used in the bow-tie analysis) several other related systems are also required. These related risks could lie to the left of the bowtie (causes) or to the right (consequences). Some examples might include:
- Control of emergency response
- Non-conformance/incident reporting and management
- Shift management
- Operator logs and communications
- Event management / workflow processes
- Competency and training management
- Contractor pre-qualification and induction management
Introducing FlexiLOG + IntelliPERMIT
A perfect combination for operational risk management
An electronic control of work system like IntelliPERMIT has proven invaluable to manage the permit to work process in industries such as mining, process manufacturing and power generation. It covers the essential functionality needed for risk identification and mitigation in the field. It controls work at the precise time when work takes place in dangerous situations. In short, IntelliPERMIT handles the permit to work process extremely well, and is relied on by tens of thousands of people around the world working in hazardous situations every week for controlling the associated risks.
To cover the other areas that make up operational risk, IntelliPERMIT is designed to work together with FlexiLOG, a related software system also developed and supported by Adapt IT. Whereas IntelliPERMIT manages the core permit to work process (and does this extremely well), many of the adjacent operational processes will be managed using FlexiLOG. By virtue of its design, FlexiLOG provides for the flexibility and adaptability to cover the full spectrum of generic operations risk management processes. This is achieved through using a flexible workflow system, combined with its industrial strength ability to integrate with process data and events.
For example, an unusual plant condition (e.g. dropping pressure from a tripped compressor) as seen in the SCADA database can not only trigger a control room alarm, but also trigger a FlexiLOG workflow to coordinate a predefined response that results in a work order in the maintenance system, plus the related permit with the correct isolation procedures in IntelliPERMIT.
FlexiLOG and IntelliPERMIT both share the same heritage, and both have been continuously developed by the team at Adapt IT. The goal is to enhance operational performance, reduce risk and enhance safety. Many customers use both solutions together, although it is possible to run them as stand-alone systems. Keep an eye on our website where we will be introducing more stories about how our customers use IntelliPERMIT and FlexiLOG together to manage operational performance and risk.
You might also enjoy
Successful software project implementations should be a matter of common sense, but sadly this is not always the case. The good news is that some relatively simple and basic principles can be used to dramatically increase the chances of success.
Safety management systems rely on the control of formal safety documents that need to be easily and reliably accessed when it matters most, while planning and executing work in dangerous plant areas.
Is it possible to use IntelliPERMIT in combination with a DCS or PLC to manage isolations using software only? Read more about software assisted isolations.