El TFTP

The pipeline risk management process consists of four stages:

(a) Threat Identification (b) Initial Threat Control

(c) Risk Evaluation of “failure threats”

(d) Risk Treatment

Figure 2.4.1 illustrates the Pipeline Risk Management Process. This section describes the detail and application of risk management process.

Description of design

Apply Design & Procedures & HAZOP (where applicable) Apply External Interference Protection (where applicable)

Is threat credible?

FIGURE 2.4.1 PIPELINE RISK MANAGEMENT PROCESS

2.4.2 Threats 2.4.2.1 General

The underlying principle of threat identification is that “a threat exists at a location”.

Threats exist at either specific locations (e.g. excavation threat at a particular road crossing), specific sections of a pipeline (e.g. farming; forestry; fault currents for sections with parallel power lines), or over the entire length of the pipeline (e.g. corrosion).

NOTE: Threats which apply to the entire pipeline are considered non-location-specific, and are often qualitatively different to location-specific threats (eg. Corrosion, versus external interference threats at a road crossing). The same risk assessment process applies to both location-specific and non-location-specific threats.

2.4.2.2 Location analysis

The pipeline route should be analysed to divide it into risk assessment sections, for each of which the land use and population density is consistent. A risk assessment section shall not contain more than one location class.

NOTES:

1 Use of risk assessment sections facilitates the threat analysis for threats that apply over whole sections of the route (eg. Farming, forestry, urban development, etc).

2 It is recommended that data sources to be used to conduct the location analysis include:

alignment survey data to determine basic geographical information; land user surveys in which land liaison officers gather information from land users on the specific activities carried out on the land, and obtain any other “local knowledge”; third-party spatial information (GIS type data) on earthquakes, drainage, water tables, soil stability, near-surface geology, environmental constraints etc; land planning information.

2.4.2.3 Threat identification

Threat identification shall be conducted for the full length of the pipeline, including stations and pipeline facilities. The threats to be considered shall include external interference, corrosion, natural events, electrical effects, operations and maintenance activities, construction defects, design defects, material defects, intentional damage and other threats such as seismic and blasting. The threat identification shall consider all threats with the potential to damage the pipeline, cause interruption to service, cause release of fluid from the pipeline, or cause harm to pipeline operators, the public or the environment.

The threats identification must generate sufficient information about each threat to allow external interference protection and engineering design to take place. For each identified threat, the following minimum information shall be recorded:

(a) What is the threat to the pipeline?

(b) Where does it occur? (The location of the threat) (c) Who (or what) is responsible for the activity?

(d) What is done? (e.g. depth of excavation)

(e) When is it done? (Frequency of the activity, time of the year)

(f) What equipment is used? (e.g. power of plant, characteristics of the excavator teeth, etc)

The description shall be sufficiently detailed for independent or future reviewers of the risk management study to make an informed assessment of the identified threat and its potential consequence.

2.4.2.4 Common Threats to Typical Designs

The pipeline design process involves the development and application of typical designs to locations where there is a common range of design conditions and identified threats. Where

the pipeline design uses typical designs the threats common to that design shall be documented. Each typical design shall be subjected to the risk management process in accordance with this Standard to demonstrate that the threats are mitigated by that design.

2.4.2.5 Other Threats at Typical Design Locations

Each location at which a typical design is applied shall be assessed to determine whether threats other than the approved threats “common” to that design exist at that location.

Where identified, effective threat mitigation measures shall be applied to each of these location specific threats and the effectiveness of the additional mitigation measures shall be assessed.

2.4.2.6 Non-credible threats

Each non-credible threat and the reason for it being declared “non-credible” shall be documented. Non-credible threats are considered accepted risk. The correctness of this decision shall be considered at each review of the risk assessment.

2.4.3 Threat Control by External Interference Protection or Design 2.4.3.1 General

Each credible threat shall be subject to a systematic process to control the threat.

For external interference threats, external interference protection measures shall be applied.

For those threats for which external interference protection is either not effective or not applicable, design and/or procedure shall be applied.

Threats that are not controlled by this process shall be subject to failure analysis.

2.4.3.2 Threat control by external interference protection

The whole of the pipeline shall be protected from external interference by a combination of physical and procedural measures applied to mitigate the identified threats at each location.

The minimum number of physical and procedural measures that must be applied at a location are varied by the location class.

Physical external interference protection for the full length of the pipeline shall be designed in accordance with Section 5.5. The physical measures applied shall be demonstrated to protect the pipeline from the specified threat.

NOTE: Guidance on resistance to penetration calculations is provided in Section 4.11.

Procedural external interference protection for the full length of the pipeline shall be designed in accordance with Section 5.5. The procedural measures shall be demonstrated to be effective in contributing to reducing the frequency of the occurrence of that threat.

NOTE: Guidance on the effectiveness of procedural measures is provided in Appendix D.

External interference threats that are not controlled by external interference protection shall be considered for control by development of additional specific design and/or procedures.

NOTE: Re-routing is a design change decision that may be taken here if EIP is not sufficient, prior to undertaking risk evaluation.

Threats controlled by effective physical measures and with the required procedural protection are considered accepted risk.

2.4.3.3 Control of other threats by design and/or procedures

For threats for which external interference protection is not applicable, specific design and/or procedures shall be applied.

Materials shall be specified, qualified and inspected in accordance with Section 3.

Pipeline design shall be carried out in accordance for with Section 4 and Section 5.

Protection against stress and strain shall be designed in accordance with Section 5.7.

Operational controls for the full length of the pipeline shall be designed in accordance with Section 7.

Corrosion and erosion protection for the full length of the pipeline shall be designed in accordance with Section 8. Guidance on design for environment related cracking is provided in Appendix O.

Protection against construction related defects shall be in accordance with Section 10.

Induced voltage, lightning and fault current protection for sections of the pipeline affected by these conditions shall be designed in accordance with AS 4853. Further guidance on design for electrical hazards is provided in Appendix Q of this Standard.

Other threats requiring specific control by design and/or procedures include:

(a) Operational releases

(b) Loss of communication leading to loss of control (c) Temperature outside design range

(d) Natural events (landslip, seismic activity, flotation and erosion).

(e) Threats arising through operating and maintenance activities (f) Fluid composition

Threats controlled by effective design and/or procedures are considered accepted risk.

2.4.4 Failure Analysis 2.4.4.1 General

Each threat that is not controlled by external interference protection or design and/or procedures shall be analysed to determine the damage that the threat may cause to the pipeline.

The analysis shall determine whether the damage resulting from a threat results in a failure.

Where the outcome is failure the analysis shall determine the mode of failure (significant metal damage, leak or rupture) and the energy release rate at the point of failure (if applicable) as inputs to the consequence analysis.

Each failure event shall be subjected to risk evaluation and risk control.

The analysis may conclude there is no immediate or delayed failure, in which case the threat is reduced to accepted risk. Appropriate management action shall be identified.

Guidance on failure analysis is provided in Appendix Z.

FAILURE TREE EXAMPLE EXTERNAL

INTERFERENCE THREAT OCCURS

HIT? NO

YES

FAILURE

• MAOP reduced

• Supply restr icted

• Immediate repair

Note 1: Procedural errors such as failure to correctly follow venting procedures result in uncontrolled gas release and

injur y/fatality.

Note 2: Loss of containment resulting in energy release rates of 1 GJ/s (T2) and 10 GJ/s (T1) are prohibited.

PIPELINE DAMAGE

• MAOP not reduced

• Maintenance repair

NEAR MISS

COATING DAMAGE

SUPERFICIAL METAL DAMAGE

SIGNIFICANT METAL DAMAGE

LOSS OF CONTAINMENT

FIRE / EXPLOSION ENVIRONMENTAL DAMAGE

INJURY / FATALITY MAOP REDUCTION

Figure 2.4.4.1

2.4.4.2

2.4.4.3 Documentation

The failure analysis for the specific threat shall document (as applicable):

(a) The pipeline design features.

(b) The threat.

(c) Mode of failure.

NOTE: Modes of failure include rupture as a running crack in brittle fracture mode, rupture as a ductile tear, hole, pinhole, crack, dent, gouge, loss of wall thickness.

(d) The physical dimensions of the failure.

(e) Location of the failure.

(f) Nature of the escaping fluid.

(g) The energy release rate and the contour radius for a radiation intensity of 12.6 and 4.7 kW/m².

(h) Environmental effects at the location (eg. wind)

(i) For fluids with potential to cause environmental damage, the volume release and other factors related to the spread of the fluid in the environment (eg. oil and drainage systems).

NOTE: Some of this information can be addressed in a generic manner for a given set of pipeline parameters, and does not necessarily have to be documented against every threat analysed.

2.4.5 Risk Evaluation 2.4.5.1 General

Consequence analysis and frequency analysis shall be conducted for each failure event. The risk shall be evaluated for each failure event.

Where a failure event may have several outcomes, each outcome shall be considered. Full evaluation of every outcome may not be necessary, but sufficient outcomes shall be evaluated to identify the outcome with the highest risk ranking.

NOTE: The highest energy release rate may not give rise to the highest consequence or the highest risk (eg. A small LPG leak which is initially unignited may well have a higher consequence or higher risk ranking than a large immediately ignited release).

2.4.5.2 Consequence Analysis

The severity of the consequences of each failure event shall be assessed. Consequences to be assessed shall include the potential for—

(a) Human injury or fatality;

(b) Interruption to continuity of supply with economic impact; and (c) Environmental damage.

NOTES:

1 Other factors such as property damage and loss of reputation may also be considered.

2 Gas pipelines and some liquid petroleum pipelines may be identified as “essential infrastructure” where the consequence of a loss of supply is significant. This may be in terms of the potential for economic impact, and in some cases significant fatalities may result from the cascading consequence of loss of the energy supply.

The consequence analysis for each failure event shall derive the extent of effect of the consequences at that location and shall include assessment of location specific environmental parameters.

The description of the severity classes based on Table “risk matrix” shall be established for the pipeline under study and used in the risk matrix which determines the risk rank.

In establishing pipeline-specific severity classes description, the severity classification shall be maintained, but the description of the consequences associated with each classification shall be reviewed and approved.

The reasons for any changes to the severity class description shall be documented and approved.

2.4.5.3 Frequency analysis

A frequency of occurrence of each failure event shall be assigned for each location where risk estimation is required. The frequency of occurrence shall be selected from Table 2.4.5.

The contribution of operations and maintenance practices and procedures to the occurrence of or prevention of failure events may be considered in assigning the frequency of occurrence to each failure event at each location.

2.4.5.4 Risk Ranking

Table “risk matrix” shall be used to combine the results of frequency analysis and consequence analysis.

Risks determined to be low, negligible or demonstrated to be ALARP are accepted risks.

TABLE 2.4.5 RISK MATRIX may occur in locations which are relatively small and

Extreme Extreme High Intermediate Low

FREQUENCY

Unlikely Unlikely to occur within the life of the pipeline, but possible

High High Intermediate Low Neglible

Remote Not anticipated for this pipeline at this location

High Intermediate Low Neglible Neglible

Hypothetical Theoretically

Intermediate Low Neglible Neglible Neglible

Risk Management Actions:

Extreme: Modify the threat, the frequency or the consequences to ensure that the risk class is reduced to Intermediate or lower. For an in-service pipeline the risk must be reduced immediately.

High: Modify the threat, the frequency or the consequences to ensure that the risk class is reduced to

Intermediate or lower. For an in-service pipeline the risk must be reduced as soon as possible, typically within a timescale of not more than a few weeks

Intermediate: Repeat threat identification and risk evaluation processes to verify and, where possible, quantify the risk estimation; determine the accuracy and uncertainty of the estimation. Where the risk class is confirmed to be Intermediate, modify the threat, the frequency or the consequence to ensure the risk class is reduced to Low or Negligible. Where the risk class cannot be reduced to Low or Negligible action shall be taken to remove threats, or reduce frequencies or reduce severity of consequences so as to reduce the risk to ALARP. For an in-service pipeline the reduction to Low, Negligible or ALARP must be completed as soon as practicable, typically within a timescale of not more than a few months

Low: Determine the management plan for the threat to prevent occurrence and to monitor changes which could affect the classification.

Negligible: Review at the next review interval

2.4.5.5 Numerical Methods

It is recognised that there are circumstances where risk estimation using numerical methods is required to enable comparison of alternative mitigation measures as a basis for demonstration of ALARP, and in some jurisdictions, to satisfy planning criteria.

2.4.6 Risk Treatment 2.4.6.1 General

Action shall be taken to reduce the risk in accordance with Table 2.4.5.

The action(s) taken and their effect on the risk assessment shall be documented and approved.

2.4.6.2 Design stage

Risk treatment actions at design stage may include the following:

(a) Relocation of the pipeline route.

(b) Modification of the design for any one or more of the following:

(i) Pipeline isolation.

(ii) External interference protection.

(iii) Corrosion prevention.

(iv) Operational controls.

(c) Establishment of specific procedural measures for prevention of external interference.

(d) Establishment of specific operations measures.

2.4.6.3 Operating pipelines

Risk treatment actions at operating pipeline stage may include one or more of the following:

(a) Installation of modified physical external interference protection measures.

(b) Modification of procedural external interference protection measures in operation.

(c) Specific actions in relation to identified activities; e.g. presence of operating personnel during activities on the easement.

(d) Modification to pipeline marking.

(e) Changes to the Isolation plan.

(f) Changes to the design or operation to satisfy the requirements of this Standard when there is a change to the location class of the pipeline.

(g) Specific operational or maintenance procedures.

Risk treatment for operating pipelines shall consider interim risk reduction measures (e.g.

reduction in operating pressure, access restrictions) to allow time for the implementation of permanent risk reduction measures (e.g. repair).

2.5 STATIONS, PIPELINES FACILITIES AND PIPELINE CONTROL SYSTEMS

In document Aplicaciones Internet (página 59-64)