User login

Issue 19 - May 2007

in

Issue 19 - May 2007

NSW Coal Mining - Significant Regulatory Changes

The recently-introduced Regulation 20061 marks another change in the way in which safety is managed in the NSW coal mining industry. One of the more subtle changes relates to the way in which risk reduction targets are not necessarily being mandated in guidance material. Instead, the onus of assessing risk is placed squarely with the coal mine operator, with guidance material being just that - guidance only, without any directives... Download PDF

This could mean that guidance material, standards, codes of practice and the like, even if closely adhered to, may not provide an acceptable level of safety assurance in all circumstances.

'I've followed all the relevant standards, guidelines and codes of practice. Isn't this enough?'

One would assume that following all of the relevant standards and codes would provide an adequate level of safety assurance. There is however a basic flaw in the logic: standards and codes, by their nature, can never fully anticipate all of the circumstances that may arise, and thus represent only part of the safety assurance. Certainly, they represent a body of knowledge from experienced practitioners, but can never fully address detailed and particular issues at every workplace.

For this reason we are seeing moves away from prescription, in favour of a focus on individual assessment of risk and control measures at a detailed level. This is not to say that standards have no place, but it does mean that reliance on standards alone may not be sufficient to achieve acceptable levels of risk.

Programmable Electronic Systems

Coupled with issues of risk assessment is the growth of programmable electronic systems in safety-related applications. Standards that relate to these systems anticipate the need for risk assessment from the outset, and deliberately do not specify levels of risk reduction that may be needed. Instead, they offer a rigorous process to help users make their own determinations.

An example of this approach is the concept of Safety Integrity Level (SIL). In simple terms, SIL is a numerical measure of comparative risk between an unacceptable risk situation and a desired or target risk situation. SIL in effect asks the question, 'How much risk reduction is needed before the unacceptable situation becomes acceptable?'

The concept of SIL has emerged alongside programmable electronics, but is equally applicable to purely mechanical systems. In fact, most programmable electronic devices are not stand-alone safety systems but are instead closely linked to pneumatic, hydraulic and other mechanical components.

SIL 1, 2, 3 or 4?

SIL is a numerical measure of risk reduction. To help illustrate the concept, imagine a safety system where if the system fails, a person will likely be killed. It is first necessary to estimate how often such failures could occur, then decide whether this is an acceptable risk. Deciding how often is not an easy task, but let's say that operating experience suggests fatalities could occur once in 30 years. Is this acceptable?

Suppose that industry average performance for this kind of incident is once in 100 years. Clearly the current performance is below average and therefore unacceptable. If changes are proposed for the safety system, they should at least aim to reduce the risk by a factor of three.

There is a strong argument to say that the risk ought to be reduced by much more than three, perhaps by 10 or more. If not, the proposed safety system is simply perpetuating average performance rather than improving overall performance. If everyone adopted this thinking then progress would cease.

SIL is a way of expressing the risk reduction needed, so that designers can select appropriate components and systems to achieve the target. Risk reduction is expressed by one of four risk reduction bands SIL 1 to SIL 4, the latter being the greatest risk reduction.

The band for SIL 1 risk reduction is 10-100. In this example, management has chosen a reduction target of 10-100, so the new safety system will need to be designed to achieve SIL 1.

Another reason for choosing conservative targets lies in the confidence that can (or cannot) be had in estimated failure rates, industry data and the like. Much of the data is generic, making it hard to apply to specific situations. Order of magnitude errors are to be expected - adopting a conservative approach is prudent.

Other Questions to Ask

Once a target SIL has been determined, other questions need to be asked:

  • Is the proposed design of the safety system going to achieve the target SIL?
    This question needs to be asked at many stages during the concept design and implementation of the system. Late design changes are expensive and need to be avoided if cost and schedule targets for the project are to be met.
  • Will the safety system actually perform the safety function required?
    It is fine to have a well-designed system, working reliably to its target SIL, but will the system actually achieve the safety function required? What ongoing management is required?
  • What needs to be done to ensure that the system does not lose its effectiveness over time?
    Systems are never completely stable. They gradually drift from their original intent because management and organisational controls may not be sufficiently robust to arrest the process. Sometimes organisations fail to even recognise that drift occurs.

Reference Material

1. NSW Coal Mine Health and Safety Regulation 2006

Contact Advitech for Assistance

If you require more information on any of these above, please call Mike Taylor, Senior Engineer, on 4961 6544 or email us.