Integrity Cards

CHASE – Cyber Challenges & Controls

Hybrid warfare is now (sadly) a reality, and the threat of digital attacks has placed national & local infrastructure assets on heightened alert, however there is a wealth of information available to help evaluate your cyber security vulnerabilities & measures.

The UK Health & Safety Executive (HSE) operational guidance (OG-0086) includes two clear statements associated with the Cyber Security of Industrial Automation Control Systems (IACS):

In order to defend a system, it is first important to know what needs to be defended.
Risk assessment, definition of the required countermeasures and on-going management of the countermeasures can only be achieved if the full scope of the IACS is understood and documented.

A common way to evaluate the IACS is to used a modified HAZOP/PHA approach with different deviations, however, like many techniques, this only provides analysis and may not be an effective way to continuously monitor the presence and performance of your technical and organisational measures.

Many of these measures rely on non or less technical personnel, so it’s vital that all IACS stakeholders (users) fully appreciate the impact of their acts, omissions or errors.

Using Data Integrity cards, cyber security knowledge (guidance) is visualised in a familiar, accessible & memorable way.

Sample cards are shown below:

_{Click play button to start}

The knowledge silos of Information Technology (IT), Operational Technology (OT) and Physical Technology (PT) are (sadly) a common & persistent challenge, therefore the cards can be supplemented & complemented by bowties to more fully understand the Threats & Consequences, the associated Barriers & (critically) their vulnerabilities i.e. to evolve Analysis into Assurance.

The use of cyber security bowties is not new, however they may focus only on the logical assets and not fully assess the relationships with, and indirect impact on, physical assets.

CHASE (Computer Hazard And Security Evaluation) is the application of bowtie techniques which exploits key features of BowTieXP including:

Bowtie Chaining & Relationship Diagrams
Audits & Surveys
Systems & Parts

The concept is summarised in the following extract from a webinar hosted by CGE Risk Management:

This offers significant advantages over worksheets and helps measure & sustain the effectiveness of elements critical to the integrity of your data & functionality.

For more information on Data Integrity cards and/or CHASE bowties – please contact us.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.

VESTA – Ignition Insights

THE UK Health & Safety Laboratory conducted research [HSL0609] into ‘Unidentified Ignition Sources of Unplanned Flammable Releases‘ and found that ” … following investigations into major accidents that had a release and an ignition, about 60% of those incidents did not have an ignition source identified by the investigation” – so if you don’t know what caused it, how can you prevent it from happening (again) ?

BS EN 1127-1 “Explosive atmospheres – explosion prevention and protection. Basic concepts and methodology” lists 13 possible sources of ignition – many familiar, some less common (but credible).

We’ve visualised these sources on our Ignition Sources cards to help increase the awareness of all stakeholders (inc Employees, Contractors, Suppliers & Visitors):

Cards can be attached to Hot Work Permits to remind personnel of the potential ignition sources they may encounter while carrying out the identified & assessed work. They can also be used to tag/label locations where known ignition sources exist.

Regulations associated with flammable/explosive atmospheres (gases, mists, or dusts) require risk assessments to be conducted and regularly reviewed – particularly if there is a reason to suspect that the risk assessment is no longer valid or there has been a significant change.

Like many analyses (PHA, DHA, LOPA, FMEA etc) these risk assessments are often carried out by consultants/contractors and may be done for, rather than with, frontline personnel. Conventional worksheet or tabular outputs may lie dormant until the next scheduled review, a major change, or an incident. These may be difficult to operationalise and have limited potential for ongoing assurance of the control of flammable atmospheres and ignition sources.

Bowties offer a clear, consistent, concise representation of the uncontrolled ignition of flammable atmospheres by a competent ignitor (i.e. one with sufficient energy) and the associated effects on people & assets.

VESTA (Visualising Explosive atmosphere Scenarios & Tracking barrier Assurance) – named after the Roman Goddess of the hearth (fireplace) – is the application of CGE Risk BowTieXP to evaluate & communicate primary ignition threats and their potential consequences – which may include secondary ignition (represented by bowtie chaining & relationship diagrams) of flammable atmospheres in connected systems.

The aim of the Integrity Cards portfolio is to use cards to increase awareness and bowties to improve understanding – we believe an improved understanding of uncontrolled ignition by visualising scenarios can improve the recognition and respect of the Human & Hardware barriers that prevent the threats or mitigate the consequences.

Ignition Source cards help RECOGNISE THREATS – don’t ignore or underestimate unfamiliar energy sources.

VESTA bowties help RESPECT BARRIERS – controls rarely improve with age, therefore your risk is changing (increasing) as barriers degrade or are defeated. Discuss these scenarios in your Operations/Maintenance/Management meetings.

“… when flammable vapour and air are mixed in the flammable range, experience shows that a source of ignition is liable to turn up, even though we have done everything possible to remove known sources of ignition. The only real effective way of preventing an ignition is to prevent leaks of flammable vapour“
Trevor Kletz: ‘Learning from Accidents’

i.e. proper Containment/Control of flammable atmospheres means ignition cannot occur even if/when there is a capable source.

Have a look at the latest AIChE – American Institute of Chemical Engineers CCPS Beacon “Hot Work is more than Welding, Burning & Grinding“.

For more information on Ignition Source Cards & Bowties, please contact us.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.

Here Be Dragons

In the Medieval Period or Middle Ages, only about 5% of the population could read or write and therefore iconography was the foundation of mass communication. The phrase “Here be Dragons” (HC SVNT DRACONES) was used next to images of dragons or other mythical beasts on maps to indicate dangerous or unexplored territories i.e. to warn those who might venture there of potentially fatal hazards.

Fortunately, the global literacy rate has risen to about 86% (source: World Bank), however there is still a place for visual media to alert & guide, particularly when time & information is limited.

Since 1961, the National Fire Protection Association (NFPA) publication 704 (Standard System for the Identification of the Hazards of Materials for Emergency Response) has been used to “provide a simple, readily recognized, and easily understood system of markings that provides a general idea of the hazards of a material and the severity of these hazards as they relate to emergency response” with the following objectives:

To provide an appropriate signal or alert and on-the-spot information to safeguard the lives of both public and private emergency response personnel.
To assist in planning for effective fire and emergency control operations, including cleanup.
To assist all designated personnel, engineers, and plant & safety personnel in evaluating hazards.

It provides basic information to firefighting, emergency, and other personnel, enabling them to easily decide whether to evacuate the area or to commence emergency control procedures via a simple colour coded & numerically ranked diamond. Although widely adopted in North America , NFPA 704 is less well used/known in other jurisdictions where the GHS (Global Globally Harmonized System of Classification and Labeling of Chemicals) is more familiar:

GHS has the benefit of intuitive images, however, unlike NFPA 704, it does not provide a severity ranking, so our Chemical Safety Cards aim to address this by combining both classification systems:

Although mini Safety Data Sheets provide key information concisely, it is critical to fully understand the full nature of the hazards, i.e.:

WHAT is being handled
- Chemicals i.e. physical properties
HOW it is being handled
- Conditions i.e. operating parameters

The toxicity, flammability etc must be considered in context with the pressure, temperature & inventory e.g. LPG in bottles or spheres may present the same flammable Hazards, but one is more Hazardous than the other because the conditions are more extreme (more likely to leak) and the contents are greater (more severe effects) :

Emergency Response Cards consider both the Chemicals and Conditions to provide a clearer picture of (relatively) how dangerous individual plant items are – these are described on a dedicated page which you can access by clicking on the sample card below:

_{Example Emergency Response Card (Buncefield Tank T912)}

Cards can be used informally in Top Trump style game format to increase awareness, in an anonymised format for quizzes or issued to onsite and offsite emergency responders as portable, accessible and memorable guidance.

Although Emergency Planning & Response is a core element of established Safety Management Systems, and responsible & high reliability organisations will rehearse their responses with internal resources and external agencies (Fire Brigades, Police Departments, and Emergency Medical or Ambulance Services), the nature of these operations is that they operate on a shift-basis and it can take time to ensure every person on every shift has participated in at least one emergency exercise.

Site personnel may have the process/plant knowledge but may lack experience if their facility has never experienced an incident, whereas the emergency services have the experience of attending incidents but may not be fully familiar with the specific materials, assets & activities on each site.

Packs of cards can include folded site maps with each asset (card) identified to help orientate and navigate the response:

_{Example Site Plan (ref: HSE https://www.hse.gov.uk/comah/buncefield/buncefield-report.pdf)}

Emergency Response cards aim to provide concise context – to help make better decisions (“fight or flight“) under extremely stressful conditions. These are developed with you, based on your plants, chemicals & conditions, for you to discuss with and issue to all relevant internal & external stakeholders.

Cards can be branded and/or colour coded to match your requirements or corporate standards and produced in local languages.

For more information on Emergency Response, Chemical Safety (SDS), Incidents or any other cards – please contact us.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.

Bowtie Blockbusters

Although cards are designed to increase Awareness and the associated BOWTIES are designed to improve Understanding, not all users/players are familiar with the principles and components of bowties and barrier management – so, we’ve created an interactive game, based on the familiar Blockbusters format.

Up to 4 remote individuals or teams take it in turns to draw a random card from the pack, and then use it to create a chain of events from Threats (Causes) to Consequences (Effects) across the board/table.

Via Prevention & Mitigation Barriers before & after (respectively) the Top Event where/when control of the Hazard is lost:

In order for the card to be used, the player must give an example of the Threat, Barrier or Consequence card they have drawn. If the player can’t give an example (which must be unique) or the card has already been used on the Threat or Consequence line, then they must put the card on the unused pile. It is prudent to have an independent Facilitator (Umpire) to determine the suitability of the example proposed for each card.

Play continues alternately until one player/team has created a chain. Unused cards can be returned to the deck once all cards have been drawn.

For a more advanced game, Degradation Factor cards (which reduce the effectiveness of barriers) can be used to break the opponents chain. These typically represent vulnerabilities in People, Process (or Procedures) and Plant (or Equipment):

These can be removed if a Degradation Control card (which sustains barrier presence and performance) is drawn. These typically represent your Management Systems:

This Process Safety (Loss of Containment) example uses the familiar barrier types from the CCPS bowtie book and is built on a commercial game design platform:

If you’d like to try this out, please click here to visit our demo table.

Alternatively, interactive whiteboard software can also be used, and the tables & cards can be customised (branded) to match your requirements.

For more information on physical & digital Cards & Bowties, please contact us.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.

Amplify The Message

We are extremely pleased to continue our relationship with Amplify Process Safety who give us, and other industry professionals, a platform to communicate to a wider audience.

Podcasts are designed to build ongoing relationships with your community and offer the following benefits:

Podcasts make information personal.
Podcasts are convenient.
Podcasts are cost effective.
Podcasts are time efficient.
Podcasts are portable.

We believe all these attributes apply to our cards which offer the advantages of Gamification (driving human engagement) with the convenience & power of Microlearning (reducing cognitive overload).

Our podcast is available below or via this link

Episode 78 – Incident Breakdown: 2021 Fatal Acid Release at LyondellBasell La Porte Complex – Amplify Your Process Safety

In this episode, Molly and Jo discuss the CSB's final investigation report on the 2021 fatal acid release at LyondellBasell La Port Complex in La Porte, Texas. On July 27, 2021, contractors inadvertently removed pressure retaining components of a valve, releasing 164,000 pounds of acetic acid mixture, which fatally injured two contract workers. Today, Molly and Jo provide some background information on LyondellBasell and the substances involved in the release, talk about what exactly happened at the time of the incident, and discuss what a valve actuator is and why contractors were trying to remove one that day. Then they discuss other incidents that the CSB identified where similar mistakes were made with plug valves and removal of pressure retaining components, touch on the contributing factors, and talk about what other companies can learn from this incident. Finally, they cover the CSB's recommendations, which include those addressed to LyondellBasell, the contract company, and to various RAGAGEP entities. Find the CSB's final report for the incident we discussed today ⁠⁠here⁠.Find the CSB's final report and video about the ExxonMobil Baton Rouge Refinery Chemical Release and Fire here. — Send in a voice message: https://podcasters.spotify.com/pod/show/amplifyyourprocesssafety/message

Please contact us for more information on the concept and cards.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.

To Err Is Human

For our 1st post, we are extremely honoured to have been granted permission by the family of the late, great Trevor Kletz to publish extracts from his Institution of Chemical Engineers (IChemE) book “An Engineer’s View of Human Error”.

This is a perfect example of how our familiar, accessible & adaptable cards VISUALIZE KNOWLEDGE & OPERATIONALIZE WISDOM – in this case from the undisputed “Godfather of Process Safety” and “Founding Father of Inherent Safety”. In this book, Professor Kletz uses a variety of cartoons (previously appearing on a page-per-month ICI calendar) to convey key human error messages via “The Adventures of Joe Soap and John Doe”.

JOE SOAP makes frequent mistakes – he takes the wrong action as he has not been told what is the right action.

JOHN DOE makes the little slips we all make from time to time – we could tell him to be more careful, or we could make simple changes to plant design or methods of operation, to remove opportunities for error.

The theme of the book is …

“Try to change situations, not people”

… and reflects one of his most famous quotes:

“People were saying that most accidents were due to human error … it’s a bit like saying that falls are due to gravity”

Trevor frequently used cartoons in his books to help embed his messages – however, using another of his famous quotes …

“There’s a saying that Organisations have no memory: only People have memory”

People’s memories are fluid and, despite the wealth of experience & insight in his (and other) books, it’s an ongoing challenge to retain and respect these values when immersed in an environment of stress & distractions.

Our cards are designed to be memorable, to preserve this INTELLIGENCE in the Hearts and Minds of all Stakeholders, so it can be applied in times of need.

We firmly believe, again from a perhaps lesser-known quote from Trevor, that …

“Accidents are not caused by a lack of knowledge, but by a failure to use the knowledge that is available”

Click the book image below for more information and/or contact us to discuss how to collate YOUR knowledge & communicate YOUR wisdom.

Like all other cards, bowties & digital platforms; these can be translated into a variety of international languages.

Please visit our Options page to discover what customisation is available to make these even more familiar to your stakeholders.

If you’d like to subscribe to future updates, please submit your email address below – many thanks for your interest.