The electronic pdf versions of the documents found through http://www.dnv.com/ are the officially binding versions. Copyright Det Norske Veritas.
![[Table of Contents]](/dwicons/b_toc.gif)
|
DNV-OS-A101 Safety Principles and Arrangements
|
APPENDIX B
Formal Safety Assessment
App.B
A. Safety Assessment
App.B
A 100 General
App.B A
101 Use of the prescriptive requirements given in these standards
together with responsible operation is intended to result in an
acceptable level of safety when the offshore unit or installation
is used for a standard application.
App.B A
102 The prescriptive requirements are based on previous experience
and safety studies and attempt to generalise with respect to design
and application. In some cases this generalisation may not be appropriate
to a specific design.
App.B A
103 Where a design or application deviates significantly from
the assumptions inherent in the generic approach, a detailed safety
assessment should be carried out to assess acceptability of the
design.
App.B A
104 Design of certain units or installations will be of such a
complex nature that it will be necessary to evaluate the design
on a case to case basis to establish specific design accidental
loads. Purpose built production units with complex production plant
will fall into this category.
App.B A
105 The term safety assessment refers
here to a design tool, and
should not be considered purely as a documentation exercise. In
this sense, safety assessment provides input to design through systematic consideration
of:| — | the hazards that can occur |
| — | role and performance of structure and facilities in
preventing and protecting against hazards |
| — | the effects of hazards on safety of personnel. |
These steps are applied to ensure that the safety of personnel,
and any other aspects such as environment, meet minimum safety levels.
The safety levels are defined through safety
targets and criteria.
App.B A
106 Safety assessment is intended to be complementary to, and
integrated with, the application of recognised design standards.
The guidance and requirements of engineering standards will provide
the basis for detailed engineering design that can be optimised
by the application of, and findings from, the assessment (e.g. establishing
optimum dimensioning accidental loads).
App.B
A 200 Application and objective
App.B A
201 Safety assessment should be performed at concept and updated
as the design evolves through detailed design and construction.
The assessment is expected to provide input to decision-making and
design basis with the aims stated in 202 to 204.
App.B A
202 Preliminary assessment work should aim to ensure that a safe
practicable concept is carried forward to detailed design. Matters
to be considered include inherent safety through avoiding unnecessary
hazards, reducing hazards, optimising layout etc.
App.B A
203 Design assessment work should be used to provide input to
detailed design by addressing design basis hazards and optimising
the protection measures to manage them, e.g. establish dimensioning
accidental loads.
App.B A
204 The safety assessment should form part of the design and operating
premises for the unit or installation.App.B
A 300 Application to mobile offshore
units
App.B A
301 Standard classed MOUsFor standardised designs constructed to classification requirements,
the methodology given in DNV "Guidelines for Risk and Emergency
Preparedness Assessment" provides an alternative assessment
method. The guidelines address the level of safety of mobile installations
through comparative evaluation against a DNV classed "reference
rig".
App.B A
302 Application of this methodology may be undertaken in lieu
of the requirements in 400 to 700.
App.B A
303 Existing assessment work
Relevant safety assessment work that already exists for similar
designs need not be duplicated. Existing assessment information
may be used in lieu of 400 to 700 provided that the information
is clearly demonstrated to be applicable. In particular, any differences
between the designs should be identified and addressed in order to
ensure that:
| — | no additional hazards have been
omitted |
| — | prevention and protection measures are adequate for
any new or changed hazards |
| — | safety criteria are not exceeded. |
App.B
A 400 Scope of assessment
App.B A
401 A typical assessment process is shown in Figure 1. Some stages
may require an iterative process as the concept develops and more
details are known.
Fig. 1 Flowchart for formal safety assessment
App.B
A 500 Hazard identification
App.B A
501 Hazard identification should be performed by competent personnel
from a suitable variety of engineering disciplines, operational
and design backgrounds.
App.B A
502 The identification should, as a minimum, focus on hazards
that could directly, or indirectly, result in:| — | loss of life |
| — | major fire or explosion |
| — | loss of structural integrity or control |
| — | the need for escape or evacuation |
| — | environmental impact. |
App.B A
503 A typical, but not necessarily exhaustive, list of hazards
is:| — | loss of well containment (blowout
etc.) |
| — | gas release into confined space |
| — | release of toxic or other hazardous substance |
| — | collisions |
| — | helicopter crash |
| — | structural and/or foundation failure |
| — | stability and buoyancy |
| — | dropped objects |
| — | loss of mooring, propulsion, or station keeping. |
App.B A
504 The results of the hazard identification shall be documented.
This should be reviewed as the unit or installation evolves in case
of additional or changed hazards.App.B
A 600 Hazard reduction
App.B A
601 Identified hazards should be avoided wherever practicable,
e.g. through:| — | removal of the source of a hazard
(without introducing new sources of hazard) |
| — | breaking the sequence of events leading to realisation
of a hazard. |
App.B A
602 Where hazards cannot be avoided, unit or installation design
and operation should aim to reduce the likelihood of hazards occurring
where practicable, e.g. by:| — | reduction in number of leak
sources (flanges, instruments, valves etc.) |
| — | removal or relocation of ignition sources |
| — | simplifying operations, avoiding complex or illogical
procedures and inter-relationships between systems |
| — | selection of other materials |
| — | mechanical integrity or protection |
| — | reducing the probability of external initiating events,
e.g. lifting operations etc. |
| — | reduction in inventory, pressure, temperature |
| — | use of less hazardous materials, process or technology. |
App.B A
603 The consequences of hazards should be controlled and mitigated
with the aim of reducing risk to personnel where practicable, e.g.
through:| — | relocation of equipment, improved
layout |
| — | provision of physical barriers, distance separation,
fire walls etc. |
| — | provision of detection and protection systems |
| — | provision of means to escape and evacuate. |
App.B A
604 Where appropriate, dimensioning accidental loads shall be
defined for selected hazard reduction measures. The loads may be
based on existing standards, and shall be verified as suitable by
the evaluation, see 700.Guidance note:
Default accidental loads stated in design standards, such
as DNV Offshore Standards, are based on experience and past assessments.
These may be applied as initial load estimates and are expected
to be suitable in many cases.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
App.B
A 700 Hazard evaluation
App.B A
701 Identified hazards and potential escalation shall be evaluated
based on the effects, consequences and likelihood of occurrence.
App.B A
702 The evaluation should address the sources and contributors
in the chain of events leading to a hazard, including the effect
of any prevention and protection measures, see also 705.
App.B A
703 The evaluation may be by means of qualitative and/or
quantitative analysis as necessary to provide input for comparison
with safety targets and safety criteria.
App.B A
704 Where used, models and data should be appropriate, and from
industry recognised sources.Guidance note:
Hazards that are commonly considered as not
reasonably foreseeable, i.e. extremely unlikely to occur,
may be discounted from the evaluation provided that this is clearly
indicated and justified in the assessment.---e-n-d---o-f---G-u-i-d-a-n-c-e---n-o-t-e---
App.B A
705 Dimensioning accidental loadsThe dimensioning accidental loads for structure and important
safety systems shall be identified and included in the evaluation.
This is expected to include accidental
loads such as:
| — | toxic or flammable fluids (e.g.
smoke, hydrocarbon gas, etc.) |
| — | fire |
| — | explosion |
| — | flooding and stability |
| — | collision and impacts |
| — | environmental effects |
and their effect on systems or facilities such as:
| — | fire and gas detection |
| — | ESD, PSD, and other shutdown systems, including riser
ESD valves and pipeline SSIV |
| — | flare and depressurising system (blowdown) |
| — | fire and explosion protection |
| — | active fire protection systems |
| — | impact protection |
| — | alarm, internal, and external communications |
| — | emergency power systems and UPS |
| — | arrangements for escape and evacuation |
| — | life support at temporary refuge and muster facilities |
| — | structure |
| — | mooring or positioning system |
| — | turret turning and locking system |
| — | stability systems |
| — | well control and drilling. |
App.B A
706 The final selection of dimensioning accidental loads shall
be suitable for the installation to meet the safety criteria. See
Table A1 for typical safety targets. Where the safety criteria are
exceeded, the initial dimensioning loads may need to be revised.App.B A
| Table A1 Typical safety
targets |
| No. | Safety target | 1. | An escape route shall be available from every
work area for sufficient time for personnel to reach the temporary refuge
or evacuation facilities. | | 2. | The temporary refuge shall be capable of providing
life support and communications for sufficient time to enable controlled
evacuation from the unit or installation. | | 3. | Evacuation and escape facilities shall be available
and reliable for use. | | 4. | Simultaneous loss of all safety targets shall
not occur during the time required to: mitigate an accidental event,
or leave the unit or installation. | |
App.B
B. Alternative Requirements
App.B
B 100 General
App.B B
101 Statutory or voluntary requirements may also be applied in
addition to, or in lieu of, basic safety assessment requirements.
A selection of potential variations is stated in 200 and 300.App.B
B 200 Regional requirements
App.B B
201 Assessment can be required under certain national (shelf or
coastal State) regulations. Where units or installations which shall
be designed for operation in regions with statutory safety assessment
requirements, those requirements may apply in lieu of A.App.B
B 300 Alternative safety targets and
criteria
App.B B
301 Other safety standards, such as regional or owner or operator
criteria, may be applied in lieu of those in Table A1 provided that
they are equivalent to or more stringent than the personnel safety
requirements in this standard.
![[-]](/dwicons/i_colpse.gif)