It’s essential to have a clear definition of the sequence of events which can initiate each

hazard scenario. Shutdown logic which will result in different valve combinations may not

yet be mature. Furthermore, Operating Procedures are unlikely to be developed at the time

of SIL assessment, and the intended modes of operations may not be well defined, making

the participation of experienced operations personnel very important.

Verification processes must be put into place to ensure that the estimated frequency of

operations (assumed at the time of SIL assessment) are still valid when the final Operating

Procedures are produced. Similarly, shutdown logic which can result in different valve

combinations may change, which may affect assumptions made during the SIL assessment.

2.2

Human error rates

With reference to document [1], specialists in human reliability found that there are four basic

types of human failure:

• Slip – e.g. press button “A” instead of button “B”

• Lapse – e.g. skip steps of sequence (including following an interruption)

• Mistake – e.g. incorrect diagnosis of situation

• Violation – deliberate breach of rules or procedures

Human failure related initiating events considered in the examples of this paper are mostly

due to errors of omission – the failure to execute the steps of a procedure completely, either

missing steps or not completing tasks properly.

Applicability of generic human error rate data (see [2] & [3]) depends on a multitude of

factors, including:

• How often the task is completed (lower error rates can generally be expected for

more frequently executed tasks)

• Operator Training and Competence

• The length and complexity of the procedure

• Operator’s stress level during the procedure

• Whether the Operating Procedure is clear, well written and has been validated

• Whether the Operating Procedure includes a sign-off provision (which can prevent

steps being missed)

• Whether the Operating Procedure includes checking by a 2nd person

When assessing errors, further challenges are encountered in considering whether certain

scenarios are credible. Two errors by the same operator when performing one procedure

may be considered credible, but when performing two different procedures may not. When

opening a manual choke valve too fast (see 1.3.1), at what point does an error become

recklessness? For this, as with many decisions made during SIL assessment, sensible

judgement based on experienced Operations input, needs to be applied.

The challenge is to appropriately select the human error rate data which is credibly

applicable to your own operations, and to define clear criteria to apply when considering

human error. This paper recommends that these topics should be addressed in SIL

assessment Terms of Reference to ensure a consistent approach.