| engineering and operations development | ||
| infrastructure risk models |
cause consequence modelling
The principles of risk assessment detailed here are equally applicable to the qualitative as well as the quantitative approach to this discipline. They constitute a systematic framework within which, a broad spectrum of situations hazardous to health and safety of people may be identified, analysed and assessed.
The Quantitative Risk Assessment process in this Code-of-Practice satisfies the following requirements;
Extensive use of modelling
Predominate application of objective and validated data
Treatment of uncertainty associated with input data and results
Treatment of dependency between significant factors
Use of statistical simulation where appropriate
Modelling predominately represents a simplification and generalisation of reality but, enhances our understanding of causal relationships, highlights important factors and provides a useful tool for anticipation and potentially prediction of future.
The Risk modelling used in the study is Cause Consequence Analysis (CCA). Compatible with its title the method facilitates the analysis of an event (which is typically a hazard or failure mode of a piece of equipment) to investigate the range of possible outcomes or consequences. The particular strength of this method is that, when applied systematically with the appropriate experts, it logically develops the escalation scenarios that follow the hazardous event. The logic tree developed then reflects how situations develop in the operational environment.
This is achieved by starting the analysis from the hazard (termed the 'Critical Event'), then identifying the 'Barriers' than can mitigate the escalation of the event. A Barrier is any means which reduces the probability of the Critical Event developing into an undesirable consequence. The analysis continues until no more Barriers are identified and all significant Consequences are arrived at. The consequences from a hazard can range from a benign (safe) condition to a scenario that is associated with severe safety and economic losses.
The original CCA methodology, which was developed for the nuclear industry in the 1970s, has been enhanced to better suit the requirements of the rail industry. This has led to the development of a software package entitled Integrated Safety Assurance Environment (ISAE) which operates in a windows environment and has proved CCA functionality.
The ISAE software enables three types of Barriers to be represented, these are as follows:
Physical Barriers: These relate to Barriers which present hardware protective systems that impede the escalation of the hazard. Examples of hardware Barriers are; hoops on signal structure ladders that prevent maintainers falling from the ladder and a secured harness that would prevent a maintainer from falling from a structure.
Human or Circumstantial Barriers: These relate to Barriers that rely on the vigilance of personnel to prevent the escalation of a hazard. An example of this would be a member of staff noticing a fire. This particular category also includes Barriers that are circumstantial, the escalation of the hazard at this stage is predominantly exposed to chance. An example of this would be the chance that an object dropped from a signal structure does not hit a member of staff.
Procedural Barriers: Barriers within this category are where existing established procedures and work instructions if correctly followed prevent the escalation of a hazard. A Barrier of this type is the routine inspection of signal structures in OHL areas to ensure that earth bonds are not severed.
The
icons used to represent the types of barriers and consequences are shown in
Table 1, below.
|
Icon |
Where
Used |
Denotes |
|
|
Commercial
Consequences |
An
outcome/accident that is associated with a predominantly commercial loss.
An example of a commercial consequence is a long train delay. |
|
|
Environmental
Consequences |
An
outcome/accident that is associated with a
predominantly environmental loss. An example of an environmental
loss is the release of oil into the water table. |
|
|
Broadly
Safe Consequences |
An
outcome/accident that is associated with a situation with no significant
safety, commercial or environmental loss |
|
|
Safety
Consequences |
An
outcome/accident that is associated with a predominantly safety loss. An
example is a high speed collision between two passenger trains. |
|
|
Escalation
Barrier (Circumstantial) |
A
favourable condition which averts or ameliorates the escalation of a
hazardous scenario. Examples are situations where there are no personnel
exposed to a hazard or where the vigilance of a third party prevents an
accident. |
|
|
Escalation
barrier (Physical) |
A
physical detection or control measure which averts or ameliorates the
escalation of a hazardous scenario. An
example of such a barrier is Automatic Train Protection. |
|
|
Escalation
Barrier (Procedural) |
Rules
and instructions which when applied avert or ameliorate the escalation of
a hazardous scenario. An
example of such a barrier are those rules and instructions contained
within the Rulebook. |
|
|
Critical
Event or Hazard |
This
refers to an event which is the start point of the cause‑consequence
model. An example of such an event is level crossing fails to protect the
public from trains. |
|
|
Connector
Box 'IN' |
A
situation where the cause consequence diagram cannot be contained on a
single page, the position where the diagram is continued from is denoted
by this type of arrow. |
|
|
Connector
Box 'OUT' |
A
situation where the cause consequence diagram cannot be contained on a
single page, the position where the diagram is exported from is denoted by
this type of arrow. |
At
every Barrier, the probability of failure is entered based on historical data or
calculations. Where validated numerical data were not available, best estimates
based on the knowledge of the panel members were used. The probability of
success is computed as the reciprocal of the failure probability.
