The international Programme for the Improvement of Working Conditions and Environment (PIACT) includes the ILO guide on how to prevent major incidents.
The PIACT was launched by the International Labour Organisation (ILO) at the request of the International Labour Conference, and after extensive consultations with member states. PIACT is designed to promote or support action by member States to set and attain definite objectives aiming at making work more human.
The Programme is concerned with improving the quality of working life in all its aspects: prevention of occupational accidents and diseases; wider application of the principles of ergonomics; working time; improvement of the content and organisation of work; conditions of work in general, a greater concern for the human element in the transfer of technology.
PIACT co-ordinates the traditional means of ILO action, including: international labour standards; operational activities; dispatch of multidisciplinary teams to assist member States on request; tripartite meetings between representatives of governments, employers and workers, including industrial committees to study the problems facing major industries, regional meetings and meetings of experts; action-oriented studies and research; International Occupational Safety and Health Information Centre (CIS); information on Conditions of Work.
The potential for major industrial accidents, which has become more significant with the increasing production, storage and use of hazardous substances, has emphasised the need for a clearly defined and systematic approach to the control of such substances in order to protect workers, the public and the environment.
The title of the code is “Prevention of major industrial accidents”. The code is not intended to replace national laws, regulations or accepted standards. It provides guidance to those engaged in the framing of provisions relating to the control of major hazards in industry: competent authorities; works managements; emergency services; and government inspectors. The code should also offer guidelines to employers’ and workers’ organisations.
Local circumstances and the availability of financial and technical resources will determine the speed and extent of implementation. Furthermore, these provisions should be read in the context of conditions in the country proposing to use this information and the scale of operation involved. In this regard, the needs of developing countries have also been taken into consideration.
Objective of the code for prevention
The objective of this code of practice is to provide guidance in the setting up of an administrative, legal and technical system for the control of major hazard installations. It seeks to protect workers, the public and the environment by: (a) preventing major accidents from occurring at these installations; (b) minimising the consequences of a major accident on site and off site, for example by: i) arranging appropriate separation between major hazard installations and housing and other centres of population nearby such as hospitals, schools and shops; and ii) appropriate emergency planning.
Application and uses
This code applies to major hazard installations which are usually identified by means of a list of hazardous substances, each with an associated threshold quantity, in such a way that the industrial installations brought within the scope of the definition are recognised as those requiring priority attention, i.e. they have the potential for causing a very serious incident which is likely to affect people, both on site and off site, and the environment. The list and threshold quantities of hazardous substances should reflect national priorities.
In order to facilitate step-wise implementation of the provisions of this code of practice, the competent authorities may for a transitional period establish increased threshold quantities for the implementation of particular components of the code.
Excluded from the scope of this code of practice are nuclear hazards and those of a strictly military nature, both of which are likely to have existing comprehensive controls of their own. In addition, the code excludes the transportation of hazardous chemicals since its control and management are different from those at static sites.
This code addresses the activities necessary for competent authorities to establish a major hazard control system, and calls for attention to be paid to them by: (a) competent authorities such as governmental safety authorities and government inspectorates; (b) local authorities; (c) works managements; Prevention of major industrial accidents 2 (d) workers and workers’ representatives; (e) police; (f) fire authorities; (g) health authorities; (h) suppliers of technologies involving major hazards; (i) other local organisations depending on particular national arrangements.
Depending on the type and quantity of hazardous substance present, the kinds of major hazard installation covered by this code may include: (a) chemical and petrochemical works; (b) oil refineries; (c) sites storing liquefied petroleum gas (LPG); (d) major storages of gas and flammable liquids; (e) chemical warehouses; (f) fertiliser works; (g) water treatment works using chlorine.
Major hazard installations possess the potential, by virtue of the nature and quantity of hazardous substances present, to cause a major accident in one of the following general categories: (a) the release of toxic substances in tonnage quantities which are lethal or harmful even at considerable distances from the point of release; (b) the release of extremely toxic substances in kilogram quantities which are lethal or harmful even at considerable distances from the point of release; (c) the release of flammable liquids or gases in tonnage quantities which may either burn to produce high levels of thermal radiation or form an explosive vapour cloud; (d) the explosion of unstable or reactive materials.
Apart from routine safety and health provisions, special attention should be paid by competent authorities to major hazard installations by establishing a major hazard control system.
For each country having major hazard installations, competent authorities should establish such a major hazard control system. This should be implemented at a speed and to an extent dependent on the national financial and technical resources available.
The works managements of each major hazard installation should strive to eliminate all major accidents by developing and implementing an integrated plan of safety management.
Works management should develop and practise plans to mitigate the consequences of accidents which could occur.
For a major hazard control system to be effective, there should be full co-operation and consultation, based on all relevant information, among competent authorities, works managements, and workers and their representatives.
Components of a major hazard control system
Definition and identification of major hazard installations
Competent authorities should make arrangements for both existing and proposed new major hazard installations to be clearly defined and identified by a list of hazardous substances or categories of substances and associated threshold quantities, which should include: (a) very toxic chemicals such as: methyl isocyanate; phosgene; (b) toxic chemicals such as: acrylonitrile; ammonia; chlorine; sulphur dioxide; hydrogen sulphide; hydrogen cyanide; carbon disulphide; hydrogen fluoride; hydrogen chloride; sulphur trioxide; (c) flammable gases and liquids; (d) explosive substances such as: ammonium nitrate; nitroglycerine; trinitrotoluene.
The definition and identification of major hazard installations by the competent authorities should be arranged in such a way that they allow priorities to be set for those installations requiring particular attention.
Information about the installations
The works managements of all major hazard installations should notify details of their activities to the competent authorities.
For major hazard installations within the scope of the definition, a safety report should be prepared by the works management. This should include: (a) technical information about the design and operation of the installation; (b) details on the management of its safety; (c) information about the hazards of the installation, systematically identified and documented by means of safety studies; (d) information about the safety precautions taken to prevent major accidents and the emergency provisions that should reduce the effects of such accidents.
This information should be made available by the works management to all parties concerned in major hazard control systems, including workers, workers’ representatives, competent authorities and local authorities where appropriate. These parties should respect the confidentiality of information obtained in the conduct of their duties, in accordance with national law and practice.
For works management the information should: (a) lead to an appropriate level of safety which should be maintained or updated on the basis of new data; (b) be used for communication with, and training of, workers; (c) be used as part of the licence or permit application if such is required; (d) be used for the preparation of an on-site and off-site (where appropriate) emergency plan.
This information should create awareness in workers at all levels to enable them to take appropriate safety precautions on site.
For the competent authorities the information should: (a) give insight into the plant and its hazards; (b) allow the evaluation of these hazards; (c) allow licence or permit conditions to be determined where appropriate; (d) allow priorities to be set for the inspection of major hazard installations in their country or state; (e) allow the preparation of off-site emergency plans (where appropriate).
The information should be systematically arranged in such a way that parts of the installation which are critical to its safety are clearly identified, possibly by the use of rapid ranking systems.
The information should represent the current activity within the installation. Works management should ensure that this information is updated regularly, and in the case of significant modification.
Relevant information in suitable form should be made available to the public nearby. Prevention of major industrial accidents
2.3 Assessment of major hazards
2.3.1 Major hazard installations should be assessed by works management and, depending on local arrangements, by the competent authorities.
2.3.2. This assessment should identify uncontrolled events which could lead to a fire, an explosion or release of a toxic substance. This should be achieved in a systematic way, for example by means of a hazard and operability study or by checklists, and should include normal operation, start-up and shut-down.
2.3.3. The consequences of a potential explosion, fire or toxic release should be assessed using appropriate techniques and data. These will include: (a) estimation of blast waves, over-pressure and missile effects in the case of an explosion; (b) estimation of thermal radiation in the case of a fire; (c) estimation of concentration profiles and toxic doses in the case of a toxic release.
2.3.4. Particular attention should be paid to the potential for domino effects from one installation to another.
2.3.5. The assessment should consider the suitability of the safety measures taken for the hazards identified in order to ensure that they are sufficient. 2.3.6. The assessment of major hazards should take account of the likelihood of a major accident taking place, although not necessarily in the form of a full quantified risk analysis.
2.4. Control of the causes of major industrial accidents
2.4.1 Works management should control major hazard installations by sound engineering and management practices, for example by: (a) good plant design, fabrication and installation, including the use of high-standard components; (b) regular plant maintenance; (c) good plant operation; (d) good management of safety on site; (e) regular inspection of the installation, with repair and replacement of components where necessary.
2.4.2. Works management should consider the possible causes of major accidents, including: (a) component failure; (b) deviations from normal operation; (c) human and organisational errors; (d) accidents from neighbouring plant or activities; (e) natural occurrences and catastrophes, and acts of mischief.
2.4.3. Works management should regularly evaluate these causes taking into account any changes in plant design and operation. In addition, further available information arising from accidents world-wide and technological developments should be included in this evaluation.
2.4.4. Works management should arrange for safety equipment and process control instrumentation to be installed and maintained to a high standard consistent with their importance to the safety of the major hazard installation.
2.5 Safe operation of major hazard installations
2.5.1 The primary responsibility for operating and maintaining the installation safely should lie with works management.
2.5.2. Good operational instructions and sound procedures should be provided and enforced by works management.
2.5.3. Works management should ensure that workers operating the installation have been adequately trained in their duties.
2.5.4. Accidents and near misses should be investigated by works management.
2.6. Emergency planning
2.6.1. Emergency planning should be regarded by works management and the competent authorities as an essential feature of a major hazard control system.
2.6.2. The responsibility for on-site emergency planning should lie with works management. Depending on local arrangements, the responsibility for off-site emergency planning should lie with local authorities and works management.
2.6.3. The objectives of emergency planning should be: (a) to localise any emergencies that may arise and if possible contain them; (b) to minimise the harmful effects of an emergency on people, property and the environment.
2.6.4. Separate plans should be established for possible emergencies on site and off site. These should give details of appropriate technical and organisational procedures to reduce the effects and damage: (a) to people, property and the environment; Prevention of major industrial accidents 10 (b) both inside and outside the installation.
2.6.5. The emergency plans should be clear and well defined, and available for use quickly and effectively in the event of a major accident. On-site and off-site plans should be co-ordinated for maximum efficacy.
2.6.6. In industrial areas where available emergency equipment and manpower are limited, works management should attempt to make provisions for mutual assistance between the neighbouring industrial activities in the event of a major accident.
2.7. Siting and land-use planning
2.7.1. Competent authorities should make reasonable attempts to ensure that there is appropriate separation between major hazard installations and: (a) facilities such as airports and reservoirs; (b) neighbouring major hazard installations; (c) housing and other centres of population nearby.
2.8. Inspection of major hazard installations
2.8.1. Major hazard installations should be regularly inspected in order to ensure that the installations are operated according to the appropriate level of safety. This inspection should be carried out both by a safety team which includes workers and workers’ representatives and separately by inspectors from competent authorities. Both types of inspection may be carried out in other ways where appropriate.
2.8.2. Safety personnel from the installation within this safety team should be independent of production line management and should have direct access to works management.
2.8.3. Inspectors from competent authorities should have the legal right to free access to all information available within the installation that is necessary in pursuit of their duties, and to consultation with workers’ representatives.
- General duties
3.1. Duties of competent authorities
184.108.40.206. Competent authorities should define appropriate safety objectives, together with a major hazard control system for their implementation.
220.127.116.11. Although the control of major hazards is primarily the responsibility of the works management operating a major hazard installation, this major hazard control system should be set up by the competent authorities in consultation with all interested parties. Such a system should include: (a) the establishment of an infrastructure; (b) the identification and inventory of major hazard installations; (c) receipt and evaluation of safety reports; (d) emergency planning and information to the public; (e) siting and land-use planning; (f) inspection of installations; (g) reporting of major accidents; (h) investigation of major accidents and their short- and long-term effects.
3.1.2. Establishment of infrastructure for a major hazard control system
18.104.22.168. Competent authorities should establish contacts with the industry at various levels. Such contacts should allow discussion and co-ordination of the various administrative and technical issues concerning major hazard installations and their control.
22.214.171.124. Competent authorities should make available sufficient expertise to carry out their responsibilities within the major hazard control system.
126.96.36.199. Where the expertise for a particular aspect of major hazard control is not available within the competent authorities, they should arrange for that expertise to be made available from outside, for example from industry or from external consultants.
188.8.131.52. Those who provided expertise at the request of the competent authorities should not disclose the information which they have learned in connection with their service to any outside body other than the competent authorities.
3.1.3. Establishment of an inventory of major hazard installations
184.108.40.206. The implementation of a major hazard control system should start with the identification of major hazard installations. The competent authorities should draw up a definition of major hazard installations using criteria selected for their country or state.
220.127.116.11. These criteria should be established to take account of national priorities and available resources.
18.104.22.168. Legislation should be established by competent authorities requiring works managements to notify them where their works fall within the scope of the definition of a major hazard installation.
22.214.171.124. The notification should include a list of hazardous substances and quantities present which qualify the installation to be classified as a major hazard installation.
3.1.4. Receipt and evaluation of safety reports
126.96.36.199. A deadline should be set by the competent authorities for a safety report to be submitted or made available to them by the works management, and for its subsequent updating.
188.8.131.52. The competent authorities should make arrangements so that they may adequately evaluate these safety reports. This evaluation should include: (a) examination of the information, to check for completeness of the report; (b) appraisal of the safety of the installation; (c) on-site inspection to verify some of the information given, preferably on selected safety-relevant items.
184.108.40.206. The evaluation should preferably be carried out by a team of specialists, covering the various disciplines involved, where necessary with the help of external independent consultants.
3.1.5. Emergency planning and information to the public
220.127.116.11. Competent authorities should establish arrangements for an on-site emergency plan to be drawn up by the works managements of each major hazard installation.
18.104.22.168. Competent authorities should establish arrangements for an off-site emergency plan to be drawn up by local authorities and works management, depending on local arrangements. Such a plan should be prepared in consultation with the various bodies involved: fire authorities, police, ambulance services, hospitals, water authorities, public transport, workers and workers’ representatives, and so on.
22.214.171.124. These arrangements should ensure that the off site plan is consistent with the on-site emergency plan.
126.96.36.199. These arrangements should cover the need for regular rehearsals to be carried out in order to keep the off site emergency plan in a state of readiness.
188.8.131.52. Competent authorities should make arrangements to provide safety information to the public nearby.
3.1.6. Siting and land-use planning
184.108.40.206. Competent authorities should establish a land-use policy to separate, where appropriate, major hazard installations from people living or working nearby.
220.127.116.11. Consistent with this policy, competent authorities should make arrangements to prevent encroachment of population nearer to existing major hazard installations.
18.104.22.168. For situations where existing major hazard installations are not adequately separated from populated areas, a plan for gradual improvement should be established.
3.1.7. Inspection of installations
22.214.171.124. Competent authorities should make arrangements to have major hazard installations inspected regularly.
126.96.36.199. Competent authorities should provide adequate guidance and training to enable their inspectors to carry out appropriate inspection of major hazard installations.
188.8.131.52. Inspection by competent authorities should be consistent with the risks from the major hazard installation. Based on the evaluation of the safety report of a major hazard installation, a specific inspection programme should be drawn up. The aim should be to establish a list of specific safety-relevant items in the installation, with the necessary frequency of inspection.
3.1.8. Reporting of major accidents
184.108.40.206. Competent authorities should establish a system for the reporting of major accidents by works managements.
3.1.9. Investigation of major accidents
220.127.116.11. Competent authorities should make adequate arrangements to investigate major accidents and their short- and long-term effects.
18.104.22.168. Such investigations should make use of relevant accident reports and other information available.
22.214.171.124. Competent authorities should study and evaluate major accidents occurring world-wide in order that lessons can be learnt in relation to similar installations in their countries.
3.2. Responsibilities of works management
126.96.36.199. Works management operating a major hazard installation should: (a) provide for a very high standard of safety; (b) organise and implement the on-site component of the major hazard control system; (c) contribute to the drawing up and implementation of an off site emergency plan.
3.2.2. Analysis of hazards and risks
188.8.131.52. Works management should carry out a hazard analysis of the major hazard installation.
184.108.40.206. This hazard analysis should be sufficient to enable: (a) the safety system to be analysed for potential weaknesses; (b) the residual risk to be identified with the safety system in place; (c) optimum measures to be developed for technical and organisational protection in the event of abnormal plant operation.
220.127.116.11. To carry out a hazard analysis, a suitable method should be applied, such as: – preliminary hazard analysis (PHA); – hazard and operability study (HAZOP); – event tree analysis; – fault tree analysis; – accident consequences analysis; – failure modes and effects analysis; – check-list analysis.
18.104.22.168. This method should be chosen according to the nature and the complexity of the major hazard installation, and should take account of the protection of workers, the public and the environment.
3.2.3. Determination of causes of major industrial accidents
22.214.171.124. An analysis of hazards should: (a) lead to the identification of potential hardware and software failures, process and design deficiencies and human error; (b) determine what action is necessary to counteract these failures.
126.96.36.199. In determining potential causes, the failure of hardware components should be considered.
188.8.131.52. The analysis should show whether these components can withstand all operational loads in order to contain any hazardous substance.
184.108.40.206. The component examination should indicate where additional safeguards are required and where the design should be altered or improved.
220.127.116.11. Component failures should be avoided by an in-depth examination of the operational procedures and of the behaviour of the entire installation in the case of any abnormal operation, and start-up and shut-down.
18.104.22.168. An analysis of potential accidents should include outside accidental interferences, both human and natural.
22.214.171.124. Human ability to run a major hazard installation safely should be studied in detail, not only for normal operation but also for abnormal conditions, and start-up and shut-down.
126.96.36.199. Workers operating major hazard installations should be adequately trained by works management.
3.2.4. Safe design and operation of major hazard installations
188.8.131.52. Works management should seek to ensure in the design of their installation that the quantities of hazardous substances stored and used on site are the minimum consistent with their operational needs.
184.108.40.206. Works management should ensure that all operating conditions are considered in the design of components for the major hazard installation.
220.127.116.11. Particular attention should be paid to all aspects of components containing large amounts of hazardous substances.
18.104.22.168. For the manufacture of these components, works management should pay special attention to quality assurance. This should include the selection of an experienced manufacturer, inspection and control of all stages of manufacturing, and quality control.
22.214.171.124. When assembling the installation on site, works management should pay special attention to assuring the quality of on-site work such as welding, third party inspection and functional tests before start-up of the installation.
126.96.36.199. After careful design, manufacture and assembly of a major hazard installation, works management should secure safe operation through: (a) good operation and control procedures; (b) sound procedures for the management of changes in technology, operations and equipment; (c) provision of clear operating and safety instructions; (d) routine availability of safety systems; (e) adequate maintenance and monitoring; Prevention of major industrial accidents 16 (f) adequate inspection and repair; (g) proper training of workers.
3.2.5. Measures to minimise the consequences of major accidents
188.8.131.52. Works management should plan and provide measures suitable to mitigate the consequences of potential accidents.
184.108.40.206. Mitigation should be effected by safety systems, alarm systems, emergency services, etc.
220.127.116.11. For every major hazard installation an on-site emergency plan should be drawn up in consultation with the safety team.
18.104.22.168. Depending on local arrangements, in cooperation with the relevant local authorities, an off-site emergency plan should be developed and implemented.
3.2.6. Reporting to competent authorities
22.214.171.124. The works management of a major hazard installation should provide the competent authorities with: (a) the notification of a major hazard installation which will identify its nature and location; (b) a safety report containing the results of the hazard assessment; (c) an accident report immediately after a major accident occurs.
126.96.36.199. Works management should provide these reports, and update them, as specified in local arrangements.
188.8.131.52. A safety report should document the results of a hazard analysis and inform the authorities about the standard of safety and the potential hazards of the installation.
184.108.40.206. A brief accident report containing relevant information on the nature and consequences of an accident should be delivered to the competent authorities by works management immediately after an accident occurs.
220.127.116.11. A full accident report containing information on the causes, the course and the scope of the accident, as well as lessons learnt from it, should be given to the competent authorities by works management within the specified time.
3.2.7. Information to, and training of workers
18.104.22.168. In view of the crucial role of workers in the prevention of major accidents, works management should make sure that: (a) workers have a broad understanding of the process used; (b) workers are informed of the hazards of substances used; (c) workers are adequately trained.
22.214.171.124. This information and training should be provided in an appropriate language and manner.
3.3.1. Duties of workers
126.96.36.199. Workers should carry out their work safely and not compromise their ability, or the ability of others, to do so. Workers and their representatives should cooperate with works management in promoting safety awareness and two-way communication on safety issues, as well as in the investigation of major accidents or near misses which could have led to a major accident.
188.8.131.52. Workers should be required to report forthwith to the works management any situation which they believe could present a deviation from normal operating conditions, in particular a situation which could develop into a major accident.
184.108.40.206. If workers in a major hazard installation have reasonable justification to believe that there is a serious and imminent danger to workers, the public or the environment, they should, within the scope of their job, interrupt the activity in as safe a manner as possible. As soon as possible thereafter, workers should notify works management or raise the alarm, as appropriate.
220.127.116.11. Workers should not be placed at any disadvantage because of the actions referred to above.
3.3.2. Rights of workers
18.104.22.168. Workers and their representatives should have the right to receive comprehensive information of relevance to the hazards and risks connected with their workplace. In particular, they should be informed of: (a) the chemical names and composition of the hazardous substances; (b) the hazardous properties of such substances; (c) the hazards of the installation and precautions to be taken; (d) full details of the emergency plan for handling a major accident on site; (e) full details of their emergency duties in the event of a major accident.
22.214.171.124. Workers and their representatives should be consulted before decisions are taken on issues relevant to major hazards. In particular, this includes hazard and risk assessment, failure assessment and examination of major deviations from normal operating conditions.
3.4. Duties of the international supplier of technology involving major hazards
3.4.1. The supplier of technology and equipment should indicate to the competent authorities and works managements in the technology-receiving country whether the technology or equipment involves an installation which would be classified as a major hazard installation in the supplier’s country, or elsewhere, if known.
3.4.2. Where technology or equipment would create a major hazard, the supplier should provide, in addition, information on the following aspects: (a) an identification of the hazardous substances, their properties, the quantities involved and the manner in which they are stored, processed or produced; (b) a thorough review of the technology and equipment in order to show: – how control and containment of the hazardous substances could fail; – how accidents could occur; – the consequences of accidents; – the vulnerability of the installation to abnormal external events such as power dips and failures, floods, earthquakes, unusual climatic conditions and sabotage, and their effects; – the measures that can be taken to counteract these potential accidents; (c) the management of the systems to prevent accidents from occurring, including: – the use of design standards; – the provision of protective devices; – maintenance requirements; – inspection and testing schedules; – plant modification controls; – operating procedures; – training requirements; – safeguards against deviations from the process; (d) emergency planning based on the consequences of possible accidents assessed under (b) above, including: – procedure for raising the alarm; – requirements and responsibilities for workers dealing with emergencies; – necessary fire-fighting requirements and procedures; – procedures for limiting an accident and mitigating its consequences; – emergency medical services, procedures and supplies; – plant shut-down procedures; – procedures for re-entering a plant where a major accident has occurred; (e) safety performance and accident history of similar plants elsewhere, as available.
3.4.3. According to contractual obligations, the supplier should provide updated safety information as it becomes available, and assistance as necessary.
3.5. Use of consultancy services
3.5.1. Works management and competent authorities should make use of consultancy services if their expertise is not adequate to cover all tasks to be fulfilled in a major hazard control system (see Annex I). On the other hand, consultancy services should not be relied upon to the exclusion of local management expertise.
3.5.2. Consultancy services may provide different fields of expertise, such as: (a) hazard assessment; (b) safe design and operation; (c) analysis of potential accidents; (d) establishment of on-site and off-site emergency plans; (e) preparation of reports; (f) training on major hazard control; (g) assistance in the event of an emergency involving major hazards; (h) quality assurance.
3.5.3. Consultants should be experienced in the relevant technology of the major hazard installation to enable them to give independent advice to organisations requiring assistance.
20 4. Prerequisites for a major hazard control system
4.1.1. The prerequisites for the operation of a major hazard control system are: (a) manpower, within industry as well as within the competent authorities, including external expertise if necessary; (b) equipment; (c) information sources.
4.2. Manpower requirements
126.96.36.199. Works management should ensure that it has an adequate number of workers available with sufficient expertise before operating a major hazard installation. The design of jobs and systems of working hours should be arranged so as not to increase the risk of accidents.
188.8.131.52. For a fully operational major hazard control system, competent authorities should ensure the availability of the following specialised manpower: (a) government inspectors with specialist support; (b) specialists on hazard and risk assessment; (c) specialists on examination and testing of pressure vessels; (d) emergency planners; (e) experts on land-use planning; (f) emergency services, police, fire authorities and medical services.
184.108.40.206. Competent authorities should not wait for the availability of specialised manpower in all fields before starting a major hazard control system. They should set realistic priorities based on available manpower.
4.2.2. Government inspectorate
220.127.116.11. Competent authorities should make available suitable staff, including specialist support for inspection of major hazard installations, and provide them with suitable training in their duties.
4.2.3. Group of Experts
18.104.22.168. Competent authorities should make resources available to establish a Group of Experts in the country, particularly when there is a shortage of technical expertise within the existing factory inspectorate. This Group should include experienced engineers and scientists.
22.214.171.124. If appropriate, this Group should be seconded from outside the competent authorities, such as from industry, trade unions or specialised consultancies.
4.2.4. Advisory committee
126.96.36.199. Competent authorities should consider the establishment of an advisory committee on major hazards. This committee should include representatives from all organisations involved or experienced in major hazard control, including: (a) competent authorities; (b) works managements and employers’ organisations; (c) trade unions or workers’ representatives; (d) local authorities; (e) scientific institutions.
188.8.131.52. The objectives of this committee should include: (a) discussion of priorities for the major hazard control system in the country in accordance with any national requirements; (b) discussion of technical matters with respect to the implementation of the major hazard control system; (c) making recommendations on all aspects of the safety of major hazard installations.
4.3.1. Competent authorities should consider whether elements of the major hazard control system require the use of computer systems, particularly in establishing data banks and national or state inventories of major hazard installations.
4.3.2. Depending on local arrangements, works management or local authorities should make available technical equipment, for use in an emergency situation, in accordance with the needs of the emergency plans. Such equipment should include: (a) first-aid and rescue material; (b) fire-fighting equipment; (c) spill containment and control equipment; (d) personal protective equipment for rescue personnel; (e) measuring instruments for various toxic materials; (f) antidotes for the treatment of people affected by toxic substances.
4.4. Sources of information
4.4.1. Competent authorities should determine their information needs for establishing a major hazard control system. These may include: (a) technological developments in the process industries; (b) developments in major hazard control; (c) codes of practice of safety-related technical issues; (d) accident reports, evaluation studies and lessons learnt; (e) inventory of experts and specialists on major hazard control.
4.4.2. Competent authorities should consider appropriate sources for this information, which may include: (a) industry experts and researchers; (b) industry and trade organisations; (c) national and international standard-setting organisations; (d) trade union organisations; (e) consultants; (f) universities, colleges and research institutes; (g) professional institutions; (h) international codes of practice and guiding principles; (i) national codes and regulations of highly industrialised countries; (j) reports of accidents; (k) published reports about major hazard assessments; (l) proceedings of seminars and conferences; (m) specific textbooks; (n) publications and articles in journals dealing with major hazards.
23 5. Analysis of hazards and risks
5.1.1. Hazard analyses should be carried out primarily by works management, but the same technique may also be applied to the evaluation of safety systems by the competent authorities.
5.1.2. To analyse the safety of a major hazard installation as well as its potential hazards, a hazard analysis should be carried out covering the following areas: (a) which toxic, reactive, explosive or flammable substances in the installation constitute a major hazard; (b) which failures or errors could cause abnormal conditions leading to a major accident; (c) the consequences of a major accident for the workers, people living or working outside the installation, or the environment; (d) prevention measures for accidents; (e) mitigation of the consequences of an accident.
5.1.3. The hazard analysis should follow a formalised method to ensure reasonable completeness and comparability.
5.2. Preliminary hazard analysis (PHA)
5.2.1. As a first step in hazard analysis, a PHA should be carried out.
5.2.2. A PHA should be used to identify types of potential accident in the installation, such as toxic release, fire, explosion or release of flammable material, and to check the fundamental elements of the safety system.
5.2.3. The PHA should be summarised in documentation covering, for each accident considered, the relevant component (storage vessel, reaction vessel, etc.), the events initiating the accident and the corresponding safety devices (safety valves, pressure gauges, temperature gauges, etc.).
5.2.4. The results of a PHA should indicate which units or procedures within the installation require further and more detailed examination and which are of less significance from a major hazard point of view.
5.3. Hazard and operability study (HAZOP)
5.3.1. A HAZOP study or its equivalent should be carried out to determine deviations from normal operation in the installation, and operational malfunctions which could lead to uncontrolled events.
5.3.2. A HAZOP study should be carried out for new plant at the design stage and for existing plant before significant modifications are implemented or for other operational or legal reasons.
5.3.3. A HAZOP study should be based on the principles described in the relevant literature.
5.3.4. The examination should systematically question every critical part of the design, its intention, deviations from this intention and possible hazardous conditions.
5.3.5. A HAZOP study should be performed by a multidisciplinary expert group, always including workers familiar with the installation.
5.3.6. The HAZOP study group should be headed by an experienced specialist from works management or by a specially trained consultant.
5.4. Accident consequence analysis
5.4.1. As the final step of a hazard analysis, an accident consequence analysis should be carried out to determine the consequences of a potential major accident on the installation, the workers, the neighbourhood and the environment.
5.4.2. An accident consequence analysis should contain: (a) a description of the potential accident (tank rupture, rupture of a pipe, failure of a safety valve, fire); (b) an estimation of the quantity of material released (toxic, flammable, explosive); (c) where appropriate, a calculation of the dispersion of the material released (gas or evaporating liquid); (d) an assessment of the harmful effects (toxic, heat radiation, blast wave).
5.4.3. The techniques for accident consequence analysis should include physical models for dispersion of pollutants m the atmosphere, propagation of blast waves, thermal radiation and so on, depending on the type of hazardous substances present in the major hazard installation.
5.4.4. The results of the analysis should be used to determine which protective measures, such as fire-fighting systems, alarm systems or pressure-relief systems, are necessary.
5.5. Other methods of analysis
5.5.1. Where necessary, a more sophisticated method should be applied to individual parts of an installation, such as the control system or other components that are very sensitive.
5.5.2. To analyse accidents in more detail and according to the frequency of their occurrence, methods should be considered which, for example, allow the graphic description of failure sequences and the mathematical calculation of probabilities.
5.5.3. The following methods should be applied where necessary: – event tree analysis; – fault tree analysis.
5.5.4. The aim of these methods should be the optimisation of the reliability and availability of safety systems.
5.5.5. Application of these quantitative methods should be restricted to sensitive components of a major hazard installation. 5.5.6. The interpretation of the results of quantitative methods should take account of the reliability of data used.
- Control of the causes of major industrial accidents
6.1.1. The primary responsibility for the control of the causes of major industrial accidents should lie with works management.
6.1.2. A hazard analysis should lead to the identification of a number of potential hardware and software failures and human errors in and around the installation, which need to be controlled by works management.
6.1.3. In determining which failure may be of importance for an individual installation, the following list of possible causes should be included: – component failure; – deviations from normal operating conditions; – human and organisational errors; – outside accidental interferences; – natural forces; – acts of mischief and sabotage.
6.2. Component failure
6.2.1. As a fundamental condition for safe operation, components should withstand all specified operating conditions in order to contain any hazardous substances in use.
6.2.2. As examples, the following causes of failure should be included in an analysis: (a) inappropriate design against internal pressure, external forces, corrosion, static electricity and temperature; (b) mechanical damage to components such as vessels and pipe-work due to corrosion or external impact; (c) malfunction of components such as pumps, compressors, blowers and stirrers; (d) malfunction of control devices and systems (pressure and temperature sensors, level controllers, flow meters, control units, process computers); (e) malfunction of safety devices and systems (safety valves, bursting discs, pressure-relief systems, neutralisation systems, flare towers).
6.2.3. Depending on the outcome of the analysis, works management should decide on the need for additional safeguards or design improvements.
Control of the causes of major industrial accidents
6.3. Deviations from normal operating conditions
6.3.1. An in-depth examination of the operational procedures (manual and automatic) should be carried out by works management to determine the consequences of deviations from normal operating conditions.
6.3.2. As examples, the following failures should be considered in the examination: (a) failure in the monitoring of crucial process parameters (pressure, temperature, flow, quantity, mixing ratios) and in the processing of these parameters, e.g. in automatic process control systems; (b) failure in the manual supply of chemical substances; (c) failure in utilities, such as: (i) insufficient coolant for exothermal reactions; (ii) insufficient steam or heating medium; (iii) no electricity; (iv) no inert gas; (v) no compressed air (instrument air); (d) failures in shut-down or start-up procedures, which could lead to hazardous conditions within the installation; (e) formation or introduction of by-products, residues, water or impurities, which could cause side-reactions (e.g. polymerisation).
6.3.3. When failures with potential major consequences are identified, works management should consider countermeasures such as improvements in process control, operating procedures, frequency of inspection and testing programmes. 6.4. Human and organisational errors
6.4.1. As human factors in the running of major hazard installations are of fundamental importance, both for highly automated plants and for plants requiring a great deal of manual operation, human and organisational errors and their influence on safety should be examined in detail by works management in co-operation with workers and their representatives.
6.4.2. The examination should consider such errors as: (a) operator error (wrong button, wrong valve); (b) disconnected safety systems because of frequent false alarms; (c) mix-up of hazardous substances; (d) communication errors; (e) incorrect repair or maintenance work; (f) unauthorised procedures, e.g. hot work, modifications.
6.4.3. This examination should also consider the reasons for human errors, which may include: (a) workers being unaware of the hazards; (b) lack of or inadequate working procedures; (c) workers being inadequately trained; (d) inappropriate working conditions; (e) conflicts between safety and production demands; (f) excessive use of overtime or shift work; (g) inappropriate work design or arrangements such as single-manned workplaces; (h) conflicts between production and maintenance work; (i) drug or alcohol abuse at work.
6.4.4. To reduce human and organisational errors, works management should provide workers with regular training in conjunction with clear operating instructions, as well as adapting work design and arrangements as appropriate.
6.5. Outside accidental interferences
6.5.1. To ensure the safe operation of major hazard installations, potential outside accidental interferences should be carefully examined by works management including, as appropriate, accidents involving: (a) road, rail and ship transport (especially carrying hazardous substances); (b) loading stations for hazardous substances; (c) air traffic; (d) neighbouring installations, especially those handling flammable or explosive substances; (e) mechanical impact such as that caused by a falling crane.
6.5.2. Such outside interferences should be taken into account by works management when designing and locating sensitive parts of the installation such as control rooms and large storage vessels.
6.6. Natural forces
6.6.1. Depending on the local situation, the following natural forces should be considered by works management in the installation design: (a) wind; Control of the causes of major industrial accidents 29 (b) flooding; (c) earthquakes; (d) settlement as the result of mining activities; (e) extreme frost; (f) extreme sun; (g) lightning. 6.6.2. If such hazards are known to occur in the natural environment of the installation, adequate precautions should be taken against them.
6.7. Acts of mischief and sabotage
6.7.1. Every major hazard installation can be a target for mischief or sabotage. Protection from such actions, including site security, should be considered by works management in the design.
- Safe operation of major hazard installations
7.1.1. The safe operation of a major hazard installation should be the responsibility of works management.
7.1.2. Works management should ensure that the major hazard installation is always operated within the limits of intended design.
7.1.3. Works management should take account of all hazards identified in the hazard analysis together with possible technical and organisational control measures.
7.1.4. Measures used to control hazards should include: – component design; – manufacture of components; – assembly of the installation; – process control; – safety systems; – monitoring; – management of change; – inspection, maintenance and repair; – training of workers; – supervision; – control of contract work.
7.2. Component design
7.2.1. Each component of a major hazard installation, such as reaction vessels, storage tanks, pumps, blowers and so on, should be designed to withstand all specified operating conditions.
7.2.2. Works management should ensure that the following aspects are taken into consideration when designing a safety-relevant component: (a) static forces; (b) dynamic forces; (c) internal and external pressure; (d) corrosion; (e) stresses due to large differences in temperature; (f) loads due to external impacts (wind, snow, earthquakes, settlement); Safe operation of major hazard installations 31 (g) human factors.
7.2.3. When designing a safety-relevant component, works management should consider the valid design standards (e.g. ASME, DIN, BS) as a minimum requirement.
7.2.4. The above aspects should be particularly considered when designing components containing flammable, explosive or toxic gases or liquids above their boiling point.
7.3. Manufacture of components
7.3.1. Works management or the technology supplier should ensure that the manufacture of components important for the safety of the installation is carried out with appropriate quality assurance measures.
7.3.2. Works management or the technology supplier should select only experienced manufacturers for the manufacture of these components.
7.3.3. Works management or the technology supplier should arrange for inspection and control measures to be carried out, when appropriate, in the manufacturer’s workshop by either qualified workers or third parties.
7.3.4. These inspection and control measures should be specified at an early planning stage. They should be valid for all important stages of the manufacturing process and documented accordingly.
7.4. Assembly of the installation
7.4.1. Works management or the technology supplier should: (a) ensure that assembly of the installation on site is carried out with appropriate quality assurance measures; (b) ensure that safety-relevant work, such as welding, is carried out only by qualified workers; (c) arrange for all on-site work on components important for the safety of the installation to be inspected by either qualified workers or third parties; (d) decide whether repair is sufficient or replacement required when failures are detected during assembly; (e) ensure that functional tests are carried out on components, control devices and safety devices important for the safety of the installation before start-up of the operation. Prevention of major industrial accidents
7.5. Process control
7.5.1. To keep an installation safely within the design limits, works management should provide an appropriate control system.
7.5.2. This control system should, where appropriate, make use of such features as: – manual process control; – automatic process control; – automatic shut-down systems; – safety systems; – alarm systems.
7.5.3. Based on the above features, works management should establish an operational safety concept for a major hazard installation.
7.5.4. The operational safety concept should maintain the installation or the process in a safe condition by the sequence of: (a) monitoring a process variable in order to identify abnormal conditions which require manual process control (monitoring system); and then (b) initiating automatic process control when a limit value is exceeded (control system); and then (c) taking automatic action to avoid a hazardous condition (protective system).
7.5.5. Process variables monitored and controlled by such systems should include temperature, pressure, flow rate, mixing ratio of chemical substances, rates of pressure or temperature change.
7.5.6. In order to operate such control systems, facilities should be made available by works management to monitor the process variables and active components of the installation, e.g. pumps, compressors and blowers, with regard to operation and to hazardous conditions such as excessive pressure.
7.5.7. In establishing an operational safety concept, special attention should be paid to different phases of operation such as start-up or shut-down.
7.6. Safety systems
7.6.1. All major hazard installations should be equipped by works management with safety systems, the form and design of which will depend on the hazards present in the installation.
7.6.2. To prevent deviations from permissible operating conditions, works management should provide the major hazard installation, as appropriate, with: Safe operation of major hazard installations 33 (a) sensors and controllers to monitor temperature, pressure and flow, and to initiate actions such as emergency cooling, etc.; (b) pressure-relief systems such as: – safety valves; or – bursting discs; which where necessary should be connected to a – blow-down system; – scrubber; – flare; or – containment system; (c) emergency shut-down systems.
7.6.3. To prevent failure of safety-related components, such components should be specially equipped by works management for higher reliability, for example using “diversity” (different systems doing the same job) or “redundancy” (several identical systems performing the same task).
7.6.4. All safety-related utility supplies, such as electricity supply to control systems, compressed air for instruments or nitrogen supply as an inert gas, should be examined by works management to determine whether a second source, e.g. emergency generators or batteries, a buffer-storage tank or an extra set of pressure gas cylinders, is necessary in the event of a primary system failure.
7.6.5. To determine the existence and the cause of a malfunction and to enable the proper counteraction, works management should provide a major hazard installation with alarm systems which may be connected to sensors.
7.6.6. Over and above the safety systems which help to keep the installation in a safe condition, protective measures should be taken by works management to limit the consequences of an accident. Such measures may include: (a) water-spray systems (to cool tanks or to extinguish a fire); (b) water jets; (c) steam-spray systems; (d) collecting tanks and bunds; (e) foam-generating systems; (f) detector-activated systems. 7.6.7. To mitigate the consequences of an accident, an emergency plan (on site and off site) should be drawn up by works management and local authorities in consultation with workers and their representatives. The plan should include technical as well as organisational measures.
7.6.8. Measures to prevent human and organisational errors, which are a frequent cause of accidents, should be considered by works management as a key issue for the prevention of accidents.
7.6.9. The following examples should be used by works management as guidelines: (a) use of differently sized connections on flexible hoses to prevent unintentional mixing or use of reactive or incompatible substances; (b) prevention of materials mix-ups by means of proper marking, labelling, packaging, inspection on receipt, and analysis; (c) interlocking of safety-related valves and switches to prevent unintended modes of operation; (d) clear marking of switches, knobs and displays on control panels; (e) proper communication devices for the workers; (f) safeguarding against inadvertent switching actions.
7.7.1. To ensure the safety of a major hazard installation, a monitoring schedule should be prepared by works management for the condition of all safety-related components and systems.
7.7.2. A monitoring schedule should include such tasks as: (a) checking of safety-related operating conditions both in the control room and on site; (b) checking of safety-related components of the installation; (c) monitoring of safety-related utilities (electricity, steam, coolant, compressed air, etc.); (d) monitoring corrosion of critical components.
7.8. Inspection, maintenance and repair
7.8.1. Taking into account the contributions of the workers familiar with the installation, works management should draw up a plan for the inspection, maintenance and repair of the major hazard installation.
7.8.2. A plan for on-site inspection should include a schedule, and the equipment and procedures to be adhered to during inspection work.
7.8.3. For repair work, strict procedures should be specified for carrying out any tasks involving hot work, opening of normally closed vessels or pipelines, or work which could compromise a safety system or which involves any change in Safe operation of major hazard installations 35 design or component quality. These procedures should cover the qualifications required by personnel, quality requirements for the work to be performed and requirements for the supervision of repair work.
7.8.4. Requirements specified in national or internationally recognised standards or practices for inspection and repair work should be considered by works management as minimum requirements for major hazard installations.
7.8.5. A maintenance plan should be prepared by works management specifying the different maintenance intervals, qualifications required by personnel and the type of work to be carried out. All maintenance work and defects noted should be documented in accordance with the plan.
7.9. Management of change
7.9.1. All changes in technology, operations and equipment that would fall outside current design limits should be subject to the same review as for new installations.
7.9.2. Before authorising a change, works management should complete documentation of the proposed change, including: – effects on safety; – effects on equipment and operating procedures.
7.10. Training of workers
7.10.1. The overall safety arrangements at a major hazard installation should recognise that the human factor is critical to the safety of the installation. Therefore, works management should adequately train workers in the safe operation of the major hazard installation. For new installations, this training should take place before start-up. Necessary facilities for such training should be provided by works management.
7.10.2. The training should include, but should not be limited to, such topics as: (a) broad understanding of the overall process used in the installation; (b) the hazards of the process and the substances used, and precautions to be taken; (c) process control and monitoring of all operating conditions, including those at start-up and shut-down; (d) operating procedures, including those in the case of malfunctions or accidents; (e) emergency procedure exercises; (f) experience in similar installations elsewhere, including accidents and near misses.
7.10.3. Safety training for workers by works management should be a continuous process. Training sessions should be repeated at regular intervals under conditions as near to reality as possible. The effectiveness of safety training should be assessed and training programmes reviewed in co-operation with workers and their representatives.
7.11.1. Works management should provide adequate supervision of all activities performed in a major hazard installation. Supervisors should have the necessary authority, competence and training to exercise their role properly.
7.12. Control of contract work
7.12.1. Special attention should be given to work performed by outside contractors or temporary workers. Works management should ensure that work performed by outside contractors or temporary workers meets the requirements detailed in all the provisions mentioned in this chapter, as appropriate.
37 8. Emergency planning
8.1.1. Emergency planning should be regarded by competent authorities, local authorities and works managements as an essential element of any major hazard control system.
8.1.2. Emergency plans for major hazard installations should cover the handling of emergencies both on site and off site.
8.1.3. Works managements should ensure that the necessary standards appropriate to the safety legislation in their country are being met. They should not regard emergency planning as a substitute for maintaining good standards inside the installation. 8.1.4. When making arrangements for emergency planning, the competent authorities and works managements should take into account the United Nations Environment Programme (UNEP) handbook, Awareness and Preparedness for Emergencies at Local Level (APELL): A process for responding to technological accidents, designed to assist decision-makers and technical personnel in improving community awareness of major hazard installations and planning for local emergencies.
8.2.1. The objectives of emergency planning should be: (a) to localise any emergencies that may arise and if possible eliminate them; (b) to minimise the harmful effects of an emergency on people, property and the environment.
8.3. Identification and analysis of hazards
8.3.1. For the initial stage of both on-site and off-site emergency planning, works management should systematically identify and assess what accidents leading to an emergency could arise on its installations.
8.3.2. For both on-site and off site emergency planning, this analysis should be based on those accidents which are more likely to occur, but other less likely events which would have severe consequences should also be considered.
8.3.3. The analysis of possible accidents by works management should indicate: (a) the worst events considered; (b) the route to those worst events; (c) the time-scale to lesser events which might lead to the worst events; (d) the size of lesser events if their development is halted; (e) the relative likelihood of events; (f) the consequences of each event.
8.3.4. Guidance on the harmful properties of hazardous substances should be obtained where necessary from the suppliers of those substances. In addition, the publications of the UNEP/ILO/WHO International Programme on Chemical Safety (IPCS) should, if necessary, be consulted to obtain practical advice on, for example, the safe storage, handling and disposal of chemicals.
8.4. On-site emergency planning
8.4.1. Formulation of the plan
184.108.40.206. Each major hazard installation should have an on-site emergency plan.
220.127.116.11. The on-site plan should be prepared by the works management and should be related to an estimate of the potential consequences of major accidents.
18.104.22.168. For very simple installations, the emergency plan may consist merely of putting the workers on stand-by and calling in the outside emergency services.
22.214.171.124. For complex installations, the plan should be much more substantial, taking account of each major hazard and its possible interaction with the others, and should include the following elements: (a) assessment of the size and nature of the potential accidents and the relative likelihood of their occurrence; (b) formulation of the plan and liaison with outside authorities, including the emergency services; (c) procedures for raising the alarm and for communicating both within and outside the installation; (d) appointment in particular of the site incident controller and the site main controller, and specification of their duties and responsibilities; (e) the location and organisation of the emergency control centre; (f) the actions of workers on site during the emergency, including evacuation procedures; (g) the actions of workers and others off site during the emergency.
126.96.36.199. The plan should set out the way in which designated workers at the site of the accident can ask for supplementary action, both inside or outside the installation, at an appropriate time. In particular, the plan should include the provision for attempting to make safe the affected part of the installation, for example by shutting it down.
188.8.131.52. The plan should contain the full sequence of key workers to be called in from other parts of the installation or from off site.
184.108.40.206. Works management should ensure that the requirements of the plan for emergency resources, both workers and equipment, are consistent with available resources which can be quickly assembled in the event of an emergency.
220.127.116.11. Works management should consider whether sufficient resources exist at the installation to carry out the plan for the various assessed accidents in conjunction with the emergency services.
18.104.22.168. Where the plan requires the assistance of the emergency services, works management should ascertain the time taken for these services to be fully operational on site and then consider whether the workers can contain the accident during all of that period.
22.214.171.124. The plan should take account of such matters as absence of workers due to sickness and holidays, and periods of installation shut-down. It should be sufficient to apply to all foreseeable variations in manning.
8.4.2. Alarms and communication
126.96.36.199. Works management should arrange for the onset of any accident or emergency to be quickly communicated to all appropriate workers and personnel off site.
188.8.131.52. Works management should inform all workers of the procedures for raising the alarm to ensure that the earliest possible action is taken to control the situation.
184.108.40.206. Works management should consider the need for emergency alarm systems, depending on the size of the installation.
220.127.116.11. Where an alarm system is installed, there should be an adequate number of points from which the alarm can be raised.
18.104.22.168. In areas where there is a high level of noise, works management should consider the installation of visual alarms to alert workers in those areas.
22.214.171.124. Works management should make available a reliable system for informing the emergency services as soon as the alarm is raised on site. The details of the communication arrangements should be agreed between works management and the emergency services, and should also be included in the off-site emergency plan.
8.4.3. Appointment of key workers and definition of duties
126.96.36.199. As part of the emergency plan, works management should nominate a site incident controller (and a deputy if necessary) to take control of the handling of the accident.
188.8.131.52. The site incident controller should be responsible for: (a) assessing the scale of the incident (both for internal and external emergency services); (b) initiating the emergency procedures to secure the safety of workers and minimise damage to the installation and property; (c) directing rescue and fire-fighting operations until (if necessary) the fire brigade arrives; (d) arranging for a search for casualties; (e) arranging the evacuation of non-essential workers to assembly areas; (f) setting up a communications point with the emergency control centre; (g) assuming the responsibilities of the site main controller until he or she arrives; (h) providing advice and information, as requested, to the emergency services.
184.108.40.206. The site incident controller should be easily identifiable by means of distinctive clothing or headwear.
220.127.116.11. As part of the emergency plan, works management should nominate a site main controller (and a deputy if necessary) who will take overall control of the accident from the emergency control centre.
18.104.22.168. The site main controller should be responsible for: (a) deciding whether a major emergency exists or is likely, requiring the emergency services and off-site emergency plan to be implemented; (b) exercising direct operational control of the installation outside the affected area; (c) continually reviewing and assessing possible developments to determine the most probable course of events; (d) directing the shutting down of parts of the installation and their evacuation in consultation with the site incident controller and key workers; (e) ensuring that any casualties are receiving adequate attention; (f) liaising with chief officers of the fire and police services, local authorities and the government inspectorate; (g) controlling traffic movement within the installation; (h) arranging for a log of the emergency to be maintained; (i) issuing authorised statements to the news media; (j) controlling the rehabilitation of affected areas after the emergency.
22.214.171.124. Where the emergency plan identifies other key roles to be played by workers (e.g. first-aiders, atmospheric monitoring staff, casualty reception staff), works management should ensure that these workers are aware of the precise nature of their roles.
8.4.4. Emergency control centre
126.96.36.199. Works management should arrange for the on-site emergency plan to identify an emergency control centre from which the operations to handle the emergency are directed and co-ordinated, and should provide a suitable control centre consistent with the plan.
188.8.131.52. The control centre should be equipped to receive and transmit information and directions from and to the site incident controller and other areas of the installation, as well as outside.
184.108.40.206. Where applicable, the emergency control centre should contain, for example: (a) an adequate number of both internal and external telephones; (b) radio and other communication equipment; (c) a plan of the installation showing: – areas where there are large inventories of hazardous substances; – sources of safety equipment; – the fire-fighting system and additional sources of water; – sewage and drainage systems; – installation entrances and roadways; – assembly points; – the location of the installation in relation to the surrounding community; (d) equipment for measuring and indicating wind speed and direction; (e) personal protective and other rescue equipment; (f) a complete list of workers; (g) a list of key workers with addresses and telephone numbers; (h) lists of other persons present on site, such as contractors or visitors; (i) a list of local authorities and emergency services with addresses and telephone numbers.
220.127.116.11. Works management should arrange for the emergency control centre to be sited in an area of minimum risk.
18.104.22.168. Works management should consider the identification of an alternative emergency control centre should the main centre be put out of action, for example, by a toxic gas cloud.
8.4.5. Action on site
22.214.171.124. The primary purpose of the on-site emergency plan is to control and contain the accident and thereby prevent it from spreading to nearby parts of the installation, and to minimise casualties.
126.96.36.199. Works management should arrange for sufficient flexibility to be included in the emergency plan to enable appropriate action and decisions to be taken on the spot.
188.8.131.52. Works management should consider how the following aspects are covered in the emergency plan: (a) evacuation of non-essential workers to predetermined assembly points through clearly marked escape routes; (b) designation of someone to record all workers arriving at the assembly points so that the information can be passed to the emergency control centre; (c) designation of someone in the emergency control centre to collate lists of workers arriving at the assembly points with those involved in the accident and then to check against the list of those thought to be on site; (d) arranging for the lists held in the emergency control centre to be updated as necessary with details of absences due to holidays and sickness, changes in persons present on site, etc.; (e) arranging for records of workers, including names and addresses, to be kept in the emergency control centre and to be regularly updated; (f) arranging for the authoritative release of information during any emergency of significant length, and appointing a senior manager to be the sole source of this information; (g) procedures for rehabilitation at the end of the emergency, including instructions for re-entering the accident area.
8.4.6. Planning shut-down procedures
184.108.40.206. Works management should ensure that emergency plans for a complex installation take account of the interrelationship of its different parts, so that ordered and phased shut-downs can take place when necessary.
8.4.7. Rehearsing emergency procedures
220.127.116.11. Once the emergency plan is finalised, works management should ensure that it is made known to all workers and to external emergency services where applicable.
18.104.22.168. Works management should arrange for the emergency plan to be regularly tested, including the following elements: (a) communications systems which would be in operation during an accident; (b) evacuation procedures.
8.4.8. Plan appraisal and updating 22.214.171.124. In the process of developing a plan and its rehearsal, works management should involve workers familiar with the installation, including the safety team as appropriate.
126.96.36.199. Works management should arrange for emergency planning rehearsals and exercises to involve workers familiar with the installation and to be monitored by observers, e.g. senior emergency officers and government inspectors, who are independent of the installation.
188.8.131.52. After each exercise, works management should ensure that the plan is thoroughly reviewed to take account of omissions or shortcomings.
184.108.40.206. Works management should ensure that any changes in the installation or in hazardous substances on site are reflected where necessary in changes to the emergency plan.
220.127.116.11. These changes should then be made known to all those with a role in handling the emergency.
8.5. Off-site emergency planning
18.104.22.168. The off-site emergency plan should be the responsibility of the local authority and works management, depending on local arrangements. 22.214.171.124. The plan should be based on those accidents identified by works management which could affect people and the environment outside the installation.
126.96.36.199. The plan should therefore follow logically from the assessment used as the basis for the on-site emergency plan.
188.8.131.52. It is important that the plan should have sufficient flexibility to deal with emergencies other than those specifically included in the plan.
8.5.2. Aspects to be included in an off-site emergency plan
184.108.40.206. The off-site emergency plan should include the following (as appropriate): (a) organisation – details of command structures, warning systems, implementation procedures, emergency control centres, names of the emergency co-ordinating officer, the site main controller, their deputies and other key workers; (b) communications – identification of personnel involved, communications centre, call signs, network, lists of telephone numbers; (c) specialised emergency equipment – details of availability and location of heavy lifting gear, bulldozers, specified fire-fighting equipment, fire boats; (d) specialised knowledge – details of specialist bodies, firms with specialised chemical expertise and laboratories; (e) voluntary aid organisations – details of organisers, telephone numbers, size of resources; (f) chemical information – details of the hazardous substances stored or processed in each major hazard installation and a summary of the risks associated with them; (g) meteorological information – arrangements for obtaining details of weather conditions prevailing at the time of an accident, and weather forecasts; (h) humanitarian arrangements – transport, evacuation centres, emergency feeding, treatment of the injured, first aid, ambulances, temporary mortuaries; (i) public information – arrangements for dealing with the media and informing relatives of casualties, etc.; (j) assessment – arrangements for collecting information on the causes of the emergency, and for reviewing the effectiveness of all aspects of the emergency plan.
8.5.3. Role of the emergency co-ordinating officer
220.127.116.11. The off-site plan should identify an emergency co-ordinating officer and a deputy, if necessary, with the necessary authority to mobilise and co-ordinate the emergency services.
18.104.22.168. The emergency co-ordinating officer should take overall command of the off-site handling of the emergency.
22.214.171.124. The emergency co-ordinating officer should liaise closely with the site main controller throughout the emergency to receive regular briefing on the development of the accident on site.
8.5.4. Role of works managements of major hazard installations
126.96.36.199. Where the responsibility for preparing the off-site emergency plan lies with works management: (a) works management should ensure that the plan is known to all organisations and personnel with a role to play in handling the emergency; (b) it should appoint the emergency co-ordinating officer; (c) it should arrange for the off site plan to be rehearsed and tested in conjunction with on-site exercises and to be updated from the experience gained at these rehearsals.
188.8.131.52. Where the responsibility for preparing the off-site emergency plan lies with the local authority, works management should establish a liaison with those preparing the plan and provide information to assist them in that task.
184.108.40.206. This information should include a description of possible on-site accidents with potential for off-site harm, together with their consequences and relative likelihood.
220.127.116.11. Technical advice should be provided by works management to familiarise outside organisations which may become involved in handling the emergency.
18.104.22.168. Works management should ensure that any changes in the installation or hazardous substances on site which may affect the off-site plan are passed to those responsible for producing the off-site emergency plan.
8.5.5. Role of the local authorities
22.214.171.124. Where the duty for preparing the off-site plan lies with the local authorities, they should (as appropriate) develop any necessary administrative structures or arrangements and appoint an emergency planning officer to take charge of this task. In addition, they should appoint an emergency co-ordinating officer to take overall command of subsequent off-site emergencies.
126.96.36.199. The emergency planning officer should liaise with works management to obtain the information to provide the basis for the plan. This liaison should be maintained to keep the plan up to date. Where more than one major hazard installation is operating within any local authority, that authority should make appropriate arrangements for the co-ordination of the off-site emergency plans covering every installation, to produce where necessary an overall plan.
188.8.131.52. The emergency planning officer should ensure that all those organisations which will be involved in handling the emergency off site are familiar with their roles and are able to fulfil them.
184.108.40.206. Local authorities should attempt to enlist the help of the media in the emergency planning process.
220.127.116.11. The emergency planning officer should arrange for the off site plan to be rehearsed and tested in conjunction with on-site exercises and to be updated from the experience gained at these rehearsals.
18.104.22.168. Where a major accident could result in a major spill or environmental harm requiring attention and investigation, the emergency planning officer should identify those authorities who will carry out these tasks and inform them, as appropriate, of their role in the off-site plan.
8.5.6. Role of emergency services
22.214.171.124. The roles of the police, fire and health authorities and other emergency services should be consistent with the normal practice in each country, which may entail a redistribution of the roles listed below.
126.96.36.199. The police should take responsibility for protecting life and property, and controlling traffic movements during the emergency.
188.8.131.52. Depending on local arrangements, the police should also be responsible for tasks such as controlling bystanders, evacuating the public, identifying the dead, dealing with casualties, and informing the relatives of the dead and injured.
184.108.40.206. The control of a fire on site should normally be the responsibility of a senior fire-brigade officer upon arrival at the site, in co-operation with works management.
220.127.116.11. Depending on local arrangements, the senior fire-brigade officer may have similar responsibilities for other major accidents such as explosions and toxic releases.
18.104.22.168. Fire authorities having major hazard installations in their area should, at an early date, familiarise themselves with the location on site of all stores of flammable materials, water and foam supply points, and fire-fighting equipment.
22.214.171.124. Health authorities, including doctors, surgeons, hospitals, poison centres and ambulances, should have a vital role to play following a major accident.
126.96.36.199. Health authority services should form an integral part of an off-site emergency plan.
188.8.131.52. Health authorities should be familiar with the short- and long-term effects on people of a major accident arising from a major hazard installation in their area.
184.108.40.206. Where hazardous substances are stored or handled at major hazard installations in their area, health authorities should be familiar with the appropriate treatment for anyone affected by these substances.
220.127.116.11. Where accidents with off-site consequences may require medical equipment and facilities additional to those available in their area, health authorities should arrange a “mutual aid” scheme to enable the assistance of neighbouring authorities to be obtained.
8.5.7. Role of the government safety authority or inspectorate
18.104.22.168. Depending on local arrangements, government inspectors should: (a) check to ensure that works management has properly identified potential major accidents which could affect people and the environment outside the installation, and where appropriate has provided the information required by the local authorities; (b) check that works management has prepared an on-site emergency plan and has provided information about the plan to the local authorities; (c) check that the organisation responsible for producing the off-site plan has made adequate arrangements for handling emergencies of all types; (d) check to ensure that the various elements of the emergency plan have been tested and rehearsed; (e) be clear as to their expected role during the actual emergency, including advisory and monitoring duties; (f) in the event of an emergency, advise works management and emergency coordinating officers of the suitability of an affected area for re-entry and reuse once the emergency has ended; (g) consider whether parts of the installation or equipment should be secured for on-the-spot examination and subsequent testing; (h) interview witnesses as soon as practicable after the emergency; (i) institute any necessary action in the light of lessons learned from a major accident, including evaluating the effectiveness of the emergency plan
8.5.8. Rehearsals and exercises
22.214.171.124. The organisation responsible for preparing the off-site plan should appropriately test its arrangements in conjunction with on-site exercises.
126.96.36.199. In particular, it should ensure that the various communication links needed for overall co-ordination are able to operate efficiently under emergency conditions.
188.8.131.52. After each rehearsal exercise, the organisation responsible for the plan should thoroughly review the exercise to correct shortcomings or omissions in the off-site plan. The effectiveness of the plan should also be reviewed following a major accident.
- Information to the public concerning major hazard installations
9.1.1. Competent authorities should make arrangements to provide information to the public living or working near a major hazard installation. These arrangements should require that works management make available such information in co-operation with the local authority for all existing installations, and for new installations before they start to operate.
9.1.2. This information should include: (a) the designation of the installation as a major hazard installation; (b) a broad description in simple terms of the major hazard activities in the installation, the hazardous substances used and how they are controlled; (c) ways of recognising that an emergency is occurring (alarm system); (d) the action that the public should take in the event of an emergency; (e) the known effects to the public of a major accident; (f) remedial treatment appropriate for anyone affected by a major accident.
9.1.3. Advice on the distance from the major hazard installation within which the public are to be informed should be obtained from the Group of Experts or elsewhere.
9.1.4. All different available forms of communicating this information should be considered in order to make these procedures as effective as possible, taking into account the different target groups (schools, hospitals, etc.).
9.1.5. The general information should periodically be repeated and if necessary updated to allow for any movement of the population into and out of the locality.
9.1.6. Local authorities in co-operation with works managements should assess whether the general information has been effectively communicated and understood, and take appropriate action to revise it if necessary
9.1.7. Arrangements for informing the public should allow for the existence of major hazard installations operating near a territory that comes under a different local authority or country from the one in which the installation is situated. Provision should be made for people living near the installation but in the adjoining territory to be similarly informed.
9.2. Information during an emergency
9.2.1. Works managements should provide information to the public living or working near a major hazard installation, giving warning of the occurrence of a major accident as soon as possible after it has taken place.
9.2.2. This should be carried out according to the procedures detailed in the general information.
9.2.3. Works managements should regularly update this information during an emergency, for example with the co-operation of the media, particularly if it becomes necessary for the public to take action different from that given in earlier information.
9.3. Information after a major accident
9.3.1. Works managements should provide information for communication to the public who have been affected by a major accident, on the outcome of their investigation into the accident, and on the short- and long-term effects on the public and the environment.
9.3.2. After a major accident, works managements should review the general information in consultation with local authorities and the public to see if any revisions are necessary.
- Siting and land-use planning
10.1. Competent authorities should establish arrangements to ensure that new major hazard installations are appropriately separated from people living or working nearby. These arrangements should take full account of both the relative likelihood of a major accident and its consequences, allowing for any special local factor.
10.2. Additionally, they should seek to ensure that these arrangements prevent inappropriate developments being built close to any hazard installations, especially where these developments will contain significant numbers of people.
10.3. Competent authorities should obtain specialist advice from a designated source within their country, such as the Group of Experts, to enable them to formulate a policy for the siting of new major hazard installations and the use of land near all such installations.
10.4. This policy with regard to proposed developments near major hazard installations should take account of the following factors concerning the proposed development, as appropriate: – the proportion of time spent by individuals in the development (e.g. homes, shops, hotels); – the size of the development in terms of number of users at any one time; – ease of evacuation or other measures in the event of an emergency on site; – vulnerability of individuals using the development (e.g. children, disabled people, elderly people); – physical features of the development (e.g. height of buildings, type of construction).
10.5. Competent authorities should, where appropriate, apply this policy to designate zones around major hazard installations, with clear guide-lines as to what types of developments are appropriate for each zone.
10.6. This policy should seek to ensure that sensitive developments such as schools, hospitals and homes for the elderly are placed further away from the major hazard installation than developments such as factories and normal housing.
10.7. In addition, competent authorities should designate zones suitable for new major hazard installations which will depend on the type and maximum quantity of hazardous substances proposed for the new installations.
10.8. Competent authorities should examine all existing major hazard installations to determine whether their separation from nearby developments is consistent with their policy. Where it is not, they should consider whether it is appropriate to seek improvements.
- Reporting to competent authorities
11.1.1. A major hazard control system should include the principal requirement for works managements to report in writing to the competent authorities within a specified time period. The requirement should include: (a) notifying the existence of, or proposal for, a major hazard installation; (b) reporting about the hazards of the major hazard installation and their control (safety report); (c) immediate reporting of major accidents.
11.2. Objectives of the reporting system
11.2.1. Reporting to the competent authorities should be arranged in such a way that the information can be used: (a) inside the installation: – to create awareness of the hazards of the particular installation; – to inform the workers concerned; – to decide on the appropriate level of safety and the required safety provisions; (b) outside the installation: – to inform the competent authorities; – to support decisions on land-use planning and siting; – to assist the competent authorities in setting priorities for inspection of the major hazard installation; – to give guidance in the preparation of the off-site emergency plan; – to inform the public nearby.
11.3. The notification of major hazard installations
11.3.1. Works managements should notify the competent authorities of the existence of, or proposal for, major hazard installations. In the case of a new development, notification should precede the start of work on the installation. Notification should take place within the time period specified by the competent authorities.
11.3.2. This notification should include information on: (a) works management; (b) the installation; Prevention of major industrial accidents 52 (c) existing licences or permits; (d) the hazardous substances, their names, maximum expected quantities and physical conditions. 11.3.3. Any notification for a new installation should take into account any foreseeable increase in the range or quantity of hazardous substances, to allow for the planned growth of the installation.
11.4. The safety report
184.108.40.206. The works management of a major hazard installation should provide or make available to the competent authorities a safety report containing all safety-relevant information about the major hazard installation.
220.127.116.11. The preparation of the safety report should be carried out under the direct responsibility of works management. Attention should also be paid to the input from, and participation of, the workers familiar with the installation. For specific items, the assistance of external consultants may be appropriate.
18.104.22.168. The safety report should be arranged in such a way that it gives information about the installation, its hazards and their control. It should: (a) identify the nature and quantities of hazardous substances used in the installation; (b) give an account of the arrangements for safe operation of the installation, for control of abnormal conditions that could lead to a major accident and for emergency procedures at the site; (c) identify the type, relative likelihood and consequences of major accidents that might occur; (d) demonstrate that works management has identified the major hazard potential of the installation and has provided appropriate safety measures.
22.214.171.124. The safety report should contain sufficient information to be understood without previous knowledge of the particular installation.
126.96.36.199. A safety report should contain the following elements: (a) description of the installation, the processes and the hazardous substances used; (b) description of the hazards, their control, and consequences to workers, the public and the environment of potential major accidents by means of systematic hazard analysis; (c) description of the organisation of the installation and the management of its safety; (d) description of the emergency provisions in order to mitigate the consequences of major accidents.
11.4.2. Description of the installation, processes and hazardous substances 188.8.131.52. The description of the installation should give safety-relevant information on: (a) the installation and the surroundings; (b) the design parameters; (c) protection zones; (d) area classification; (e) the equipment and materials used.
184.108.40.206. The description of the processes should give information about: (a) the technical purpose of the installation; (b) the basic principles of the process; (c) process conditions, including the static and dynamic process parameters and safety-relevant data; (d) utility supplies; (e) discharge, retention, recycling or disposal of liquids, gases and waste products.
220.127.116.11. A list of all hazardous substances should be given, including: (a) raw materials and the final products; (b) intermediate products and by-products; (c) waste products; (d) catalysts, additives, etc.
18.104.22.168. Information about the hazardous substances should include: (a) the process stage in which the substances are involved; (b) the quantity of substances used; (c) safety-related physical and chemical data; (d) toxicological data; (e) environmental impact data. 11.4.3. Description of the hazards and their control
22.214.171.124. The description of the hazards of the installation should be based on a systematic hazard analysis, including: (a) the identification of hazards; (b) the analysis of hazards; (c) the analysis of the consequences of major accidents.
126.96.36.199. Works management should, where appropriate, consider using a rapid ranking system in its installation in order: (a) to have a rapid indication of the hazards of the various parts of the installation; (b) to set priorities for more detailed examination.
188.8.131.52. The identification of hazards should lead to the selection of safety-relevant items. This identification should preferably be based on a preliminary hazard analysis.
184.108.40.206. The analysis of hazards should concentrate on the safety-relevant items. This analysis should be based on a hazard and operability study or recognised equivalent.
220.127.116.11. The description of the safety-relevant components should include data on: (a) function, type and extent of operating conditions; (b) design criteria; (c) controls and alarms; (d) pressure-relief systems and valves; (e) dump tanks, sprinkler systems and fire protection.
18.104.22.168. For particularly sensitive features, such as instrumentation, an additional reliability study should be considered, which should indicate whether sufficient precautions are taken to avoid major accidents.
22.214.171.124. In the safety report an analysis should be given of the consequences of an identified major accident. This information should particularly be related to: (a) possible releases of energy in the form of a blast wave, including its effects on the surrounding area; (b) possible thermal radiation in the case of fire; (c) possible dispersion of released substances, particularly toxic chemicals, including its effects on the surrounding area.
11.4.4. Description of the organisation
126.96.36.199. The safety report should contain information about the organisation of the installation and the management of its safety. Descriptions should be given of: (a) management structure; (b) general safety policy within the -installation; (c) duties and responsibilities of works management and workers; (d) consultation procedures with workers and their representatives; (e) safety and operational procedures.
188.8.131.52. An organisational diagram should be included with a description of the position and line responsibilities of the various production and supporting departments, such as operations, safety, engineering, maintenance, and so on.
184.108.40.206. The allocation and delegation of responsibility for plant safety within works management should be described. The role and duties of workers, works management and safety departments should be detailed.
220.127.116.11. A description should be given of the procedures for safety consultation with workers. It should indicate whether a works council or a safety committee is involved in the safety consultation, and how the safety department and medical service function within this framework.
18.104.22.168. Information should be given about: (a) the education and qualifications required of workers in particular jobs in the installation; (b) the training of workers.
22.214.171.124. All procedures that are relevant to the safe operation of the installation should be described. These procedures should either be given in the report or a reference made to information available in the installation. The procedures described in the report should include: (a) installation design and modification; (b) start-up, operation and shut-down of the installation; (c) inspection, maintenance and repair; (d) communication and follow-up of accidents; (e) internal safety audits; (f) management of change.
11.4.5. Description of emergency provisions
126.96.36.199. Emergency provisions should be described in the safety report, including both organisational and technical aspects.
188.8.131.52. The organisational aspects should include: (a) instructions and procedures in case of an emergency; (b) communication within the installation and with third parties; (c) the relationship between internal and external emergency services; (d) practical training on, and rehearsals of, the emergency plan. 184.108.40.206. The technical emergency measures, which should be described in the report, include: (a) alarm systems; (b) emergency shut-down systems; Prevention of major industrial accidents 56 (c) fire-fighting equipment; (d) evacuation plans; (e) personal protective equipment, etc.
11.4.6. Handling and evaluation of safety reports
220.127.116.11. The competent authorities should check the safety report for completeness and accuracy and consider whether additional safety provisions are required.
18.104.22.168. Both works management and the competent authorities should use the information in the report to evaluate the safety precautions.
22.214.171.124. The evaluation of safety reports should be carried out by the competent authorities according to national guidelines drawn up either by the Group of Experts or elsewhere. 126.96.36.199. Evaluation should include a systematic study of the major hazard potential of the installation, including domino and missile effects.
188.8.131.52. Evaluation should cover: (a) all handling operations, including internal transport; (b) the consequences of process instability and major changes in process variables; (c) the consequences of the location of one hazardous substance in relation to another; (d) the consequences of common mode failure, e.g. sudden total loss of power; (e) the consequences of the identified major accidents in relation to off-site neighbouring populations.
184.108.40.206. Where appropriate, competent authorities should consider the assistance of external consultants for the evaluation of major hazard installations, particularly where the off-site consequences of a major accident would be very serious.
11.5. Updating of safety reports
11.5.1. Works management should regularly update their safety report within a time period specified by the competent authorities.
11.5.2. Safety reports should be updated immediately in the event of significant modification to the installation.
11.5.3. Updated reports should take account of new important information about the hazards of the substances used and the process.
11.5.4. Details of minor changes taking place in every installation should be kept on file inside the plant by the plant personnel. On a regular basis, at least every five years, the safety report should be updated completely.
11.6. Reporting of accidents
11.6.1. Immediate report
220.127.116.11. The works management should report major accidents immediately to the competent authorities.
18.104.22.168. The report should include, as far as it is available, information necessary for an initial evaluation, such as: (a) the nature of the accident; (b) the substances involved; (c) an indication of the possible acute effects on persons and the environment, and data needed to assess these effects; (d) the initial measures taken.
22.214.171.124. The report should give information in order to let the competent authorities and, where appropriate, the local authorities decide whether urgent action is necessary off site and whether the off-site emergency plan should be put into operation.
126.96.36.199. The competent authorities should provide a standard form for the immediate reporting of major accidents.
11.6.2. Complete report
188.8.131.52. Works management should later provide further information in the form of a complete report to the competent authorities.
184.108.40.206. This complete report of a major accident should contain: (a) an analysis of the causes and contributing factors of the accident; (b) the steps taken to mitigate the effects, acute as well as long term; (c) the provisions made to prevent a recurrence of the accident; (d) lessons learnt for the safety of the installation; (e) all available data useful for assessing possible long-term effects on workers, the public and the environment.
220.127.116.11. The competent authorities should make information on the accident available to works managements and competent authorities elsewhere.
- Implementation of a major hazard control system
12.1.1. The competent authorities should establish by policy, regulation or legislation a time schedule for the implementation of the various elements of a major hazard control system.
12.1.2. The speed of implementation of a major hazard control system should depend on: (a) resources available locally and nationally for the different components of the control system; (b) the number of major hazard installations in the country.
12.1.3. Priorities should be set by the competent authorities for the staged implementation of the major hazard control system. Care should be taken not to attempt too much in the short term where local resources are limited.
12.1.4. Where sufficient national and local resources are available, the competent authorities should arrange for any new major hazard installation to come within the full major hazard control system. Existing major hazard installations should be allowed a time period by the competent authorities to meet the various requirements of the system.
12.2. Identification of major hazard installations
12.2.1. The competent authorities should draw up a definition of a major hazard installation. This definition, based on a list of hazardous substances with their threshold quantities, should be clear and unambiguous.
12.2.2. The competent authorities should confirm this definition as part of major hazard legislation to enable both existing and proposed new major hazard installations to be identified.
12.2.3. As a start of the identification, the competent authorities should consider whether existing major hazard installations can be identified by nonstatutory means, using tentative criteria.
12.3. Establishment of a Group of Experts 12.3.1. For countries setting up a major hazard control system for the first time, the competent authorities should consider the establishment of a Group of Experts.
12.3.2. The Group should consist mainly of trained engineers, chemists and physicists and should have the task of advising the competent authorities, works managements, trade unions, local authorities, government inspectorates, and so on, on all aspects of a major hazard control system.
12.3.3. Where appropriate, competent authorities should consider seconding experts from industry, trade unions, universities, research and technology institutes and consultancies to assist in this task.
12.3.4. Competent authorities should ensure that the chosen experts work as a group, in order that individual experiences can be shared by the group. 12.4. On-site emergency planning
12.4.1. Competent authorities should ensure that all major hazard installations have an on-site emergency plan.
12.4.2. Works management should make the necessary arrangements to draw up an on-site emergency plan. This plan should be based on the consequences of potential major accidents.
12.4.3. Works management should ensure that it has sufficient workers and safety management available to meet the requirements of the on-site emergency plan.
12.4.4. Works management should ensure that the on-site emergency plan is tested and rehearsed to identify any weaknesses in the plan, and that such weaknesses are quickly corrected.
12.5. Off-site emergency planning
12.5.1. Competent authorities should clarify, by means of policy, regulation or legislation, whether the works managements or the local authorities have the responsibility for preparing the off site emergency plan.
12.5.2. Where the responsibility lies with the local authorities, works managements should assist them with the necessary technical information.
12.5.3. The off-site emergency plan should be based on information about the potential consequences of major accidents off site.
12.5.4. The off-site emergency plan should be consistent with the on-site emergency plan.
12.5.5. All parties having a role in the off-site emergency plan should be advised as to their responsibilities by the party responsible for the plan.
12.5.6. The off-site emergency plan should specifically address whether those living near the installation should remain indoors or be evacuated, and what action is necessary in either case.
12.5.7. The organisation responsible for the plan should ensure that the plan is tested and rehearsed to identify any weaknesses, and that such weaknesses are quickly corrected in the modified plan.
12.6. Siting and land-use planning
12.6.1. The siting of major hazard installations and the use of land surrounding the installations should be regarded by the competent authorities as a fundamental element of the major hazard control system.
12.6.2. Competent authorities should establish criteria for the appropriate separation of installations from people living and working nearby.
12.6.3. If required, advice on such criteria should be obtained from the Group of Experts.
12.6.4. As a first priority, competent authorities should establish an appropriate siting policy for all new major hazard installations.
12.6.5. Where the separation from nearby developments is less than that indicated under the siting policy, the government inspectorate should urgently consider the need for additional safety control on site.
12.7. Training of government inspectors
12.7.1. Competent authorities should take account of the key role that its government inspectors are likely to hold in any major hazard control system.
12.7.2. Competent authorities should take relevant measures to provide appropriate training to government inspectors and to establish minimum academic and professional qualifications enabling them to carry out their duties within the major hazard control system, which may include: (a) identification of major hazard installations; (b) licensing of, or issuing permits for, the installations; (c) inspection of the installations; (d) evaluation of safety reports from works managements; (e) advising about off-site emergency planning.
12.7.3. Competent authorities should consider using the Group of Experts to assist in the training of government inspectors.
12.7.4. Alternative sources of training, which should also be considered by competent authorities, include: (a) joint participation in industry safety training courses; (b) fellowships under the supervision of experienced inspectors either in the country or abroad (if appropriate); (c) professional meetings and seminars about major hazards; (d) periodical literature and reports about major hazard control developments in other countries with established control systems.
12.8. Preparation of check-lists
12.8.1. Check-lists should be considered both by the competent authorities and by works managements as an effective way of transferring experience to less experienced users.
12.8.2. Where appropriate, check-lists should be considered for: (a) properties of hazardous substances; (b) detailed design requirements; (c) inspection systems; (d) internal audit systems; (e) management control systems; (f) guidance on the contents of safety reports; (g) reporting of major accidents; (h) evaluation of hazards; (i) preparing emergency plans both on site and off site; (j) siting and layout of the installation; (k) accident investigation.
12.8.3. Check-lists should be kept up to date in order to be effective.
12.9. Inspection of installations by government inspectors
12.9.1. Competent authorities should make arrangements for major hazard installations to be regularly inspected by government inspectors.
The initial inspection programme should be drawn up based on the details provided at the time of notification. Subsequent inspections should take into Prevention of major industrial accidents account the findings from the examination of the safety report, and the results of previous inspections.
Government inspectors should set priorities for an inspection programme at each installation based on a sample inspection of one plant component to represent the standard of safety of all similar components.
Government inspectors should confirm by inspection which parts of the major hazard installation contain hazardous substances in sufficient quantity to cause a major accident.
Government inspectors should, through their inspections, make sufficient checks on the actions taken by works managements to satisfy themselves as to the competence of the latter to operate the plant safely and to maintain control in the event of an accident.
Government inspectors should keep a record of all inspections carried out, together with actions required of works managements, in order to ensure continuity where there is a change of inspectors.
Government inspectors should initiate action to remedy any significant defects discovered during the inspection.
Inspection of installations by specialists
The role of specialists, including electrical, mechanical, civil and chemical engineers, should be to provide support for general government inspectors.
Competent authorities should consider the need for specialists in their country according to the resources available.
The work of specialists should include, for example: (a) advising the general government inspectors on the selection of sample components to be inspected inside the major hazard installation; (b) inspecting pressure vessels for design, operation and maintenance to approved standards and regulations; (c) checking computer-controlled major hazard installations for software accuracy and reliability; (d) checking the procedures for modifying installations in order to maintain the initial integrity of the plant after modification; (e) checking the design and maintenance procedures for pipelines carrying hazardous materials.
Implementation of a major hazard control system
Specialists should be aware of the world-wide experience of accidents involving their particular discipline and should be able to advise general government inspectors and works managements accordingly.
Actions following the evaluation of safety reports
Evaluation in conjunction with the safety report of the installation should provide both works managements and government inspectors with a basis for: (a) deciding if a new process should be allowed to proceed; (b) evaluating the adequacy of the layout of a new installation or process; (c) evaluating the adequacy of hardware and software control arrangements, e.g. automatic shut-off valves; (d) formulating an on-site emergency plan and providing information for an off site emergency plan; (e) evaluating the separation proposed between the installation and the neighbourhood; (f) deciding the extent to which the public nearby should be informed about the major hazard installation.
Use of consultancy services
Consultancy services should be employed by either works managements or competent authorities who do not have sufficient expertise to fulfil the tasks required within a major hazard control system. The competent authorities should in particular consider the use of consultants during the early stages of the development and implementation of a major hazard control system.
Consultants at national or international level should be selected according to their relevant field of expertise, such as chemistry, process engineering, process control, systematic hazard analysis, environmental science, toxicology, emergency planning or training of workers.
Use of consultancy services by the competent authorities
Authorities implementing a major hazard control system should preferably employ consultants having experience with a major hazard control system elsewhere.
Where necessary, consultancy services should be used by the competent authorities for such tasks as: (a) establishing a definition for major hazard installations; (b) establishing and training a Group of Experts within the competent authorities; (c) evaluating hazard analyses prepared by works managements; (d) preparing off-site emergency plans; (e) establishing a policy for siting of major hazard installations.
Use of consultancy services by works management
Works management should employ consultants only if its expertise or manpower is insufficient to cope with the tasks specified by the major hazard control system. The tasks should where possible be carried out by the works management.
Where necessary, consultancy services should be used by works management for: (a) carrying out the hazard analysis and preparing the safety report in close cooperation with works management; (b) establishing guidelines for the safe design and operation of the installation and their application in component design, process control, operating manuals, etc.; (c) analysing the consequences of potential accidents (e.g. dispersion of toxic releases, blast waves, thermal radiation) by means of modelling to assess their possible impact; (d) establishing on-site and, where appropriate, off site emergency plans; (e) training of workers.
In this code, the following terms have the meanings hereby assigned to them: Accident consequence analysis: An analysis of the expected effects of an accident, independent of frequency and probability. Check-list analysis: A method for identifying hazards by comparison with experience in the form of a list of failure modes and hazardous situations.
Code of practice: A document offering practical guidance on the policy, standards-setting and practice in occupational and general public safety and health for use by governments, employers and workers in order to promote safety and health at the national level and at the level of the installation. A code of practice is not necessarily a substitute for existing national legislation, regulations and safety standards. Competent authority: A Minister, government department or other public authority with the power to issue regulations, orders or other instructions having the force of law. Emergency plan: A formal written plan which, on the basis of identified potential accidents at the installation together with their consequences, describes how such accidents and their consequences should be handled either on site or off site. General provisions
Emergency services: External bodies which are available to handle major accidents and their consequences both on site and off site, e.g. fire authorities, police, health services. Event tree analysis: A method for illustrating the intermediate and final outcomes which may arise after the occurrence of a selected initial event. Failure mode and effects analysis: A process of hazard identification where all known failure modes of components or features of a system are considered in turn and undesired outcomes are noted.
Fault tree analysis: A method for representing the logical combinations of various system states which lead to a particular outcome (top event).
Hazard: A physical situation with a potential for human injury, damage to property, damage to the environment or some combination of these.
Hazard analysis: The identification of undesired events that lead to the materialisation of the hazard, the analysis of the mechanisms by which those undesired events could occur and usually the estimation of the extent, magnitude and relative likelihood of any harmful effects
Hazard assessment: An evaluation of the results of a hazard analysis including judgements as to their acceptability and, as a guide, comparison with relevant codes, standards, laws and policies. Hazard and operability study (HAZOP). A study carried out by application of guide words to identify all deviations from design intent having undesirable effects on safety or operability, with the aim of identifying potential hazards.
Hazardous substance: A substance which by virtue of its chemical, physical or toxicological properties constitutes a hazard.
Hot work: An activity involving a source of ignition such as welding, brazing or spark-producing operations.
Major accident: An unexpected, sudden occurrence including, in particular, a major emission, fire or explosion, resulting from abnormal developments in the course of an industrial activity, leading to a serious danger to workers, the public or the environment, whether immediate or delayed, inside or outside the installation and involving one or more hazardous substances. Major hazard installation: An industrial installation which stores, processes or produces hazardous substances in such a form and such a quantity that they possess the potential to cause a major accident. The term is also used for an installation which has on its premises, either permanently or temporarily, a quantity of hazardous substance which exceeds the amount prescribed in national or state major hazard legislation. Operational safety concept: Strategy for process control, incorporating a hierarchy of monitoring and controlling process parameters and of protective action to be taken.
Preliminary hazard analysis (PHA): A procedure for identifying hazards early in the design phase of a project before the final design has been established. Its Prevention of major industrial accidents purpose is to identify opportunities for design modifications which would reduce or eliminate hazards, mitigate the consequences of accidents, or both. Rapid ranking method: A means of classifying the hazards of separate elements of plant within an industrial complex, to enable areas for priority attention to be quickly established.
Risk: The likelihood of an undesired event with specified consequences occurring within a specified period or in specified circumstances. It may be expressed either as a frequency (the number of specified events in unit time) or as a probability (the probability of a specified event following a prior event), depending on the circumstances.
Risk management: The whole of actions taken to achieve, maintain or improve the safety of an installation and its operation.
Safety audit: A methodical in-depth examination of all or part of a total operating system with relevance to safety.
Safety report: The written presentation of the technical, management and operational information covering the hazards of a major hazard installation and their control in support of a justification for the safety of the installation.
Safety team: A group which may be established by the works management for specific safety purposes, e.g. inspections or emergency planning. The team should include workers, their representatives where appropriate, and other persons with expertise relevant to the tasks.
Threshold quantity: That quantity of a listed hazardous substance present or liable to be present in an installation which, if exceeded, results in the classification of the installation as a major hazard installation.
Works management: Employers and persons at works level having the responsibility and the authority delegated by the employer for taking decisions relevant to the safety of major hazard installations. When appropriate, the definition also includes persons at corporate level having such authority.
- Source; ILO Code for Prevention of major industrial accidents.
- See an update on the South African Major Hazard Installation Regulations Amendment process, in a separate report on Sheqafrica.com
Latest posts by Edmond Furter (see all)
- Competition Commission could stop construction safety registration - 2 March 2017
- Mines sue inspectors for mine safety stoppages - 25 February 2017
- Mine Health and Safety Centre of Excellence opens in 2017 - 25 February 2017