Origins of energy barrier accident perspective

This post will introduce the energy transfer model and the development of energy barrier accident perspective.

During 1960’s and 1970’s, two pioneering safety theories were developed, both of which studied the transition of excess energy from a source to a vulnerable target. Both theories demonstrated how accidents occurred, and paved the way for safety thinking based on potential energy sources. James. J. Gibson was the first among the two researchers to define and illustrate the energy model- Energy Source-Barrier-Vulnerable Target (as discussed in earlier post) in the year 1961  (Kjellén, 2000).

The infamous Energy Model by James. J. Gibson

However, in the 1970, William Haddon revolutionized the field of accident causation. William Haddon introduced 10 simple yet powerful rules to avoid, control, and, mitigate accidents involving vulnerable targets (Haddon, 1980).

Haddons 10 accident prevention strategies Haddon (1970, 1980)

In 1980, W.G. Johnson  defined a barrier as “The physical and procedural measures to direct energy in wanted channels and control unwanted releases”. W.G.Johnson also is famous for his proposed MORT- Management Oversight & Risk Tree adopted by the nuclear industry (read MORT manual  here).

In 1987, Urban Kjellen  used the accident prevention strategies proposed by Haddon and termed them as <Barriers> to ensuring safety, but in a later publication Kjellen proposed to use the term <Barrier> on physical countermeasure e.g. a metal mesh = <Barrier> to separate rotating propellers and vulnerable targets.  (Kjellen, 2000)

History and development of energy model into energy barrier accident perspective

In 1997, James Reason coined a safety theory based on the notion that accidents can be avoided with a approach of defense-in-depth. In other words, there is more than one barrier in a system and every layer of the barrier, has faults and failures. Only when all of these barriers fail, will an incident or accident occur. He illustrated this in intuitive illustration of a Swiss Cheese, where the hole in the cheese illustrated failure in the barrier and rightly called the Swiss Cheese Model.  If the hazards transit through the holes in the barriers, it can convert to either a serious incident or a failure in the system. He also distinguished between terms  <latent failure> and <active failure>. Latent failure is a barrier functional failure due to unknown causes and are not observable, while active failures occur during the execution of barrier functions and are observable.

Swiss Cheese Model – James Reason (1997)

Snorre Sklet in his Doctoral thesis defined three key terms in safety and barrier performance management applicable to the oil and gas industry (Sklet, 2006). The recommendations from Sklet has been well adopted in the Norwegian Oil and gas industry. The key is to organize and use the barrier terms consistently. The recommendations were used in the recently published Petroleum Safety Authority memo on <Barrier Management>

Overview of barrier system, functions, and elements.

• Barrier system– is a system that has been designed and implemented to perform one or more barrier functions. e.g, Reduce consequence of hydrocarbon leak
  • There may be one of more barrier system depending on the risk reduction requirements
• Barrier function– is a function planned to prevent, control, or mitigate undesired events or accidents. e.g, Reduce duration and size of leak
  • Each barrier system may have 1 to N barrier functions
• Barrier element– A barrier element is a component or a subsystem of a barrier system that by itself is not sufficient, to perform a barrier function e.g, Process shutdown systems
  • Each barrier function requires 1 to N number of barrier elements to function on demand

In 2013, Petroleum Safety Authority (PSA) published the barrier management principle memo to guide oil and gas operators in maintaining barrier management according to the PSA requirements. This guide builds on previous work on RNNP (Trends in Risk Level  in petroleum industry)  and suggests development of technical, operational and organizational safety barriers.

So, how is energy barrier accident perspective applied in high risk industries?

Lets consider a typical bow-tie risk model. The left of side of the bow-tie contain preventive barrier systems, functions, and elements (before the accident). The same is true to the consequence part (right) of the bow-tie (after the accident) . As illustrated, the energy source initially has to transit through the preventive barriers before the accidental event can occur. The number of barrier systems may differ depending on the overall hazard identification and corresponding risk reduction strategies for a given system.

Energy barrier perspective with a bow-tie risk model

If the accidental event occurs, the barriers to prevent escalation of the event have to perform as planned. If they don’t, the vulnerable target, be it human, machinery or cost of operations are severely affected.  In a traditional barrier management approach, the energy can be ideally traced to the source, in ideal situations (with help of risk management and reliability assessment). A key point to note here is that these barriers are not only technical barriers, e.g, valves. Barriers may also be in form of operational procedures, or organizational practices. In other words, Man Technology and Organizational barriers (MTO) have to be combined.

A case study

Let us take the Macando blowout as an example to demonstrate the energy barrier accident perspective. Previous studies have shown that the cause of the blowout are not due to a single failure, but a set of multiple failures in the MTO barriers. The illustration shows the barrier functions and barrier elements in green blue and yellow boxes. The barrier system – avoid hydrocarbon leak.

Macando blowout explained with energy barrier accident perspective

One observation, as it is pointed out in the limitations section is that, the illustration shows the accident progression to be linear, but seldom do complex system fail with single failures. This example shows the main draw back of the energy barrier accident perspective; linear vs. complex system interactions.

Strengths of the energy barrier accident perspective

• Useful tool to identify hazard control strategies
• Forms a basis for analytical risk control
• Fundamentally based on energy transfer phenomenon and physics of the immediate environment
• Helps avoid over conservative design of barrier functions. Choice of right preventive defense strategies.
• Is transferable within various application fields, such as medicine, emergency preparedness, and high risk industries.
• For example, a computer virus may be termed as a potential energy transiting through a network of computer servers.

Limitations of the energy barrier accident perspective

• Energy model and energy barrier perspectives are fundamentally based on linear progression of failures to an accident, while accidents may occur due to complex interactions in a complex system.
• Inter-dependencies between barriers from different barrier systems exist and may be missed during various safety analysis. E.g., Failure of power supply may effect one or more sub-barrier functions.
• The adoption of energy transfer model in a large-scale system may deem challenging due to need for system co-ordination in distributed systems, e.g., Aviation industry.
• If over conservative barrier functions are designed, it may complicate the workings of the entire system and increase the inter-dependencies .

 

Feel free to explore the following references.

---

 

References

Johnson, W.G (1980). MORT Safety Assurance Systems. New York: Marcel Dekker http://tinyurl.com/qf98bdn

Haddon, W. (1970). On the escape of tigers: An ecological note. Technological review, 72(7), Massachusetts Institute of Technology, May 1970.

Haddon, W. (1980). The Basic Strategies for Reducing Damage from Hazards of All Kinds. Hazard prevention, Sept/Oct. 1980.

Kim, Hyung Ju. (2014) Titanic Viewed from Different Perspectives on Major Accidents. Presentation TPK5160 Risk Analysis- URL: http://frigg.ivt.ntnu.no/ross/risk/slides/kim-06-14.pdf

Kjellen, U. 2000: Prevention of Accidents Through Experience Feedback, Taylor & Francis, London and New York URL: http://tinyurl.com/nwbl9er

Petroleum Safety Authority. 2013. Principles for barrier management in the petroleum industry. Technical report. URL : http://www.ptil.no/getfile.php/PDF/Barrierenotatet%202013%20engelsk%20april.pdf

Rosness, R., Grøtan, T. O., Guttormsen, G., Herrera, I. A., Steiro, T., Størseth, F., Tinmannsvik, R. K., and Wærø, I., 2010, “Organisational Accidents and Resilient Organisations: Six Perspectives Revision 2,” No. Sintef A 17034, SINTEF Technology and Society Trondheim. URL:  http://tinyurl.com/pf4sbbb

Reason, J. 1997: Managing the Risks of Organizational Accidents. Ashgate. http://tinyurl.com/nodbbov

Sklet, S. 2006. Safety barriers on oil and gas platforms. means to prevent hydrocarbon releases. Doctoral thesis. http://www.diva-portal.org/smash/get/diva2:122483/FULLTEXT01.pdf

Facets of Safety

You might have heard many terminologies describing safety, but have you ever wondered why there is different understanding of safety in the society?

The oxford dictionary describes the word safety as “The condition of being protected from or unlikely to cause danger, risk, or injury”. As a modifier, the definition is “Denoting something designed to prevent injury or damage”.  For the sake of this post, let us agree with a fundamental dictionary definition; Safety is protection from a danger, risk or injury.

Use of the word safety can often vary depending on the context. Human safety, financial safety, asset safety, wildlife safety, environment safety, society safety, system safety, national safety etc. are to name few of the safety contexts.  Some argue that safety is a science, while others debate about the scientific approach used to understand safety in terms of human safety alone. However, both schools of thoughts agree that understanding safety requires combination of individual, situational, and societal perceptions (Aven, 2014).

But, what are we trying to protect? What kind of danger is looming? What kind of risk or injury is probable and serious? Answering these questions require understanding of safety in multiple perspectives.

To demonstrate the varied perspectives, let us scrutinize the fundamental definition of safety with some examples.

Example 1: Umbrella – personal Safety

Umbrella protects us (humans) from the rain. Rain may be a form of danger to some people. If continually exposed (risk) to this danger (rain) the person may get sick.

Umbrella–protect—rain—getting sick (Credits: Sascha Kohlmann )

In short, umbrella is a protection against rain (danger), getting sick (risk or injury). The definition now makes sense in a human safety perspective.

Example 2: Helmet – personal safety

Helmet protects people from injury to the head. The danger in this situation can be from high-density traffic and/or poor road surface. The risk in this situation is falling from the vehicle, which may result in a person getting fatal head injury. In short, helmet is a protection against road surface/traffic (danger), risk or injury (fatal head injury).

Helmet–protect—fall—head injury (Credits: Eric R. Patalinghug )

Both umbrella and helmet protect humans from a certain danger and probable risk. Such protective items are termed as Personal-Protective-Equipment (PPE).

Example 3: Online payment system- financial safety

Secured online payment system protects us from online fraud. The danger in this situation is the ability of black-hat hackers to intercept your online payments. The risk/injury in this situation is loss of finance and disclosure of personal bank account details. A secured online payment system is robust to avoid fraud (danger) and financial loss/identity theft (risk). This is an example for financial safety.

Example 4: Fire Response- wildlife and environment safety

Fire rescue teams protect environment from seasonal wildfires. The danger in this situation is the wildfire in the dry forest areas. The probable risk of loss of forests and wildlife exists. A fire response team can protect the environment by preventing or mitigating the danger of wildfires.

Do you observe how the danger and risk change in the given examples? Risk of getting sick vs. risk of head injury vs. risk of financial loss vs. risk of wildfires are drastically different. Individuals assess these different types of dangers and risks in different ways. This is the reason why understanding safety in different contexts is important.

Describing safety through “Energy Model” 

Let us use a simple model to make sense of safety in different contexts. This model fits all contexts of safety. Firstly, in the four examples, we observe there is an energy (potential), which can cause a harm. Secondly, there is a protection barrier (umbrella, helmet, secure payment system, fire fighters). Thirdly, there is a vulnerable target (humans, wildlife), which depends on the protection barrier. This model was termed as the Energy Model by James J Gibson in 1961 (Kjellén, 2000).

Adaptation of Energy Model  (James J Gibson)

 

The table below provides examples for the Energy Model.  The three main links making the energy model differ in each safety context.

 

Take away

1. The definition of safety is highly dependent on the individuals defining it.

The competence and experience of personnel who assess safety vary and so does their understanding on the dangers and risks involved. For example, a financial risk advisor may not fully understand the dangers and risk faced by a wildfire fire fighter, but both are part of the protection (barrier) in their respective fields.

 2. Safety is not deterministic by nature.

Safety is dynamic and based on the situation, individuals, and societal perception. A perceived danger by one person/animal/system may not be the same as perceived by another person/animal/system. Uncertainty exists in both determination of dangers and risks involved.

3. Danger (hazard), risk and safety are interrelated.

In other words, the earlier definition of safety- Protection from a danger, risk or injury- stands evaluated with demonstration of different examples.

4. Safety models illustrate the difference in safety perspectives.

The energy model illustrates a simple yet powerful model to study safety. It demonstrates the propagation of energies to the vulnerable target. There are other models such as the swiss cheese model, domino theory etc., which explain the propagation of energy towards vulnerable targets (Kjellén, 2000). In the upcoming posts, we will review them in detail.

 References

Aven, Terje. What is safety science?, Safety Science, Volume 67, August 2014, Pages 15-20, ISSN 0925-7535, http://dx.doi.org/10.1016/j.ssci.2013.07.026. (http://www.sciencedirect.com/science/article/pii/S0925753513001768)

Kjellén, Urban. (2000). Prevention of accidents through experience feedback. London: Taylor & Francis. (http://tinyurl.com/lgnddjh)

Patalinghug, Eric. (2012). My First Racing Helmet. [Image] Available at: http://tinyurl.com/nrhd3sb  [Accessed 20 Oct. 2014].

Kohlmann, Sascha. (2014). Umbrella. [Image] Available at: http://tinyurl.com/qffqj7e  [Accessed 20 Oct. 2014].

————————————————————————————————————————————-

Leave your comments in the comments section, or feel free to contact me if you would like to discuss the contents of this post.