The main objective of a safety case regime is for a facility to demonstrate (to a regulator) that appropriate risk management is in place for major incidents/ accidents. This helps the regulator to have confidence that appropriate controls are in place to manage their hazards. The typical aspects of a safety case include:
An Emergency Response Plan (ERP) is in place and appropriate to the hazards.
Depending on the risk maturity and complexity of the organisation, the effort needed to develop a Safety Case can be between 1000-7000 hours. In most jurisdictions, the safety case is required to be resubmitted every 5 years to ensure that the regime objectives are being met as the facility, organisation, and regulator evolves over time.
As a facility evolves, the hazards and risks associated with it may also change. This is the key driver for a resubmission of the safety case in addition to increasing expectations from the regulator. The following types of changes should be incorporated:
Significant hardware and/or software changes to the facility which could introduce new hazards, or increase the risks associated with existing hazards. This includes new or changed critical controls.
Changes to key elements of the safety management system (SMS) such as change management, incident investigation, competence management etc.
Was the last submission aligned with what is considered good practice now?
Have the expectations of the regulator changed? Is there new guidance which should be incorporated?
Have any events occurred in industry that could reflect the need for new controls or an approach to the safety case?
How Should the Safety Assessment be Updated?
It is good practice to go through a full PHA revalidation (Process Hazard Assessment) every 5 years for an asset. This could take on the form of a re-HAZOP/ LOPA/ Bowties or an alternate approach such as Delta HAZOP (& associated risk assessments). The approach depends on the level of change that has occurred in the last 5 years and the process safety maturity of the organisation. Our recommendations is that a "bottom-up" approach should be adopted if there is reason to believe there are gaps (see following table). A previously accepted Safety Case (by the regulator) does not mean that good practice has previously been adopted which needs to be a consideration in moving forward.
Site has only conducted a design HAZOP not a full operational HAZOP.
The site has had a design HAZOP and operational HAZOP done on it
A lot of change has occurred on the asset in recent years.
The facility has not changed a lot since the last site HAZOP.
The quality of the original safety assessment doesn’t meet good practice.
The organisation is process safety mature – there are mechanisms to ensure controls are effective and that competence of the site personnel is in place.
The regulatory environment has changed in recent years.
The regulatory environment has been relatively stable.
The Safety Management System (SMS) in the organisation is not mature (ie the underpinning assumptions of the risk assessment may have changed) -
The SMS is mature. Accountabilities are clear, the system is monitored and audited, elements align with good practice.
A Safety Case Audit
To ensure the effort in resubmitting the safety case is well directed, 2 types of audits could be conducted.
Basic Level – This level of audit would review the Safety Assessment, SMS implementation and Safety Case report to determine the scope of any updates. A basic level audit should be conducted if the asset and organisation has been relatively stable in the last 5 years and the SMS is performing
Basic Level + SMS Performance Audit – If there has been a significant amount change in the organisation OR it is considered that the SMS is not being followed, an SMS Performance audit should also be done. This will identify gaps and make recommendations to close those. The word “performance” is used here because it is important to find out it the SMS is working or not vs a commonly done SMS “structural” audit.
An output of this audit process is a scope and cost of the resubmission process alongside a detailed SMS audit report highlighting performance, gaps and recommendations. It is recommended that this process be started at least 1 year before the Safety Case Report is due for submission.
Performing the Work
Plan ahead your resource requirements considering the skills and capacity needed. The work will need significant engagement from within and outside the organisation, so a project plan is appropriate. Allow time for reviews and verification.
If you are in the process of planning your Safety Case Resubmission, we have developed a screening checklist which you can download here.