|
Technical Research and Analysis Center August 1995Revision 1ASCIE-DOE-01-TRAC-28-95 Prepared by: SCIE-DOE-01-TRAC-28-95
ContentsExecutive SummaryPotentially Harmful Energy Flow or Environmental Conditions
Executive Summary"Barrier Analysis" was written to support the total MORT Programme. It is a reminder to the system safety person or the accident investigator that there are three factors to be considered when evaluating an accident or a potential accident situation. Those three factors are
These three factors and their relationships to the MORT chart are discussed. Familiarity with the MORT chart is recommended for readers of this document.
IntroductionThe Management Oversight and Risk Tree (MORT) provides to the user a technique for a thorough, searching investigation of occupational accidents as well as a technique to analyse safety programmes. MORT is a formal, disciplined logic or decision "tree" to relate and integrate a wide variety of safety concepts systematically. Included is the sequential role of energy and barriers to energy transfers. The MORT chart is the key diagram for the whole MORT system safety programme. This MORT chart sets down in an orderly way all the potential causal factors for accidents. It can also be used to delve into the future to analyse systems for adequacy of those control elements that are designed to prevent accidents. In the MORT programme, an incident is an event for which a barrier to an unwanted energy flow is inadequate or fails without any loss or consequence occurring. Accident or mishap is defined as the unwanted flow of energy or exposure to an environmental condition that results in adverse consequences. Based upon these definitions, the basic ingredients of an accident are:
All four of these ingredients are required to be in place for an accident to occur. If any one of the four is missing, there would not be an accident. Figure 1, "Accident" (SA1) [1] graphically displays the ingredients of an accident.
Wherever there is a possibility that persons or objects may come in contact with an energy flow or an environmental condition that could cause harm to persons or things, it is necessary to isolate the energy flow or the environmental condition. Other factors to consider are those that relate to control of potential targets of accidents, such as those factors that relate to control of people that could be injured in the work areas. Consideration should also be given to those factors that relate to protection of buildings, grounds, hardware and production processes, and the factors that could relate to the reputation and liability of a company itself. Haddon [2] originated the concept that harmful effects of energy transfer are commonly controlled by one or more of a succession of measures or barriers. These barriers are:
These successive steps have been called "energy barriers." The energy barriers may be a physical obstruction or they may be a written or verbal procedure that is put into place as a means of separating the energy from the persons or objects in time or space. Substituting a less harmful energy may be a way to "limit the energy" or "prevent the build-up." In reference to Figure 1, the MORT programme uses an energy-barrier concept. This emphasises that in order to analyse accidents or potential accidents, one must first investigate the potentially harmful energy flows (hazard) or environmental conditions, SB1. These are energy transfers that can interact with people or things, such as particles flying through the air or vehicles in motion. In the environmental sense, one should consider environmental factors, such as industrial hygiene problems, toxic materials, etc., or those elements which can interact with and harm people or things. The second element to be considered is the people or objects (targets) of value that are vulnerable to an unwanted energy flow, SB3. The third element to be considered in an accident sequence is the failure or lack of the barriers and controls that are designed to keep the potentially harmful energy away from the vulnerable people or objects, SB2. The fourth element to be considered in the analysis of an accident is the precursor events, e.g., the multiple energy transfers and barrier failures that lead to the final energy transfer causing the accident, SB4.
Incident - AccidentThe MORT programme uses a special definition of an incident or an accident. This definition will be used exclusively in the discussion of the MORT analysis of the Energy-Barrier programme. As stated before, an incident is an event for which a barrier to unwanted energy flow is inadequate or fails without any loss or consequences. An accident or mishap is defined as the unwanted flow of energy or environmental condition that results (loss of barrier) in adverse consequences. To illustrate this concept in the MORT analysis, a tiger analogy is used. The analogy refers to tigers (energy source or environmental conditions) harming a target (vulnerable persons or objects), where barriers are inadequate or are not in place. If there is a cage for the tigers and someone leaves the cage door open, the tiger gets out but does not harm anyone; this is defined as an incident. That is, one of the barriers between the tiger and the people failed. The same sort of logic can be applied to a nuclear facility where a radioactive source is normally kept in a container. If the source escapes containment but no person is there to be exposed to the radiation, the barrier failed but no harm was done; this would also be defined as an incident. The event would be defined as an accident if the cage door were left open, and the tiger harmed someone; an adverse consequence an accident. It would also be an accident if the radioactive source got out of the container and a person was exposed to the radiation. The incident is the failure of the control system without adverse consequences. The accident is the failure of the control system with adverse consequences.
Footnote 1
Footnote 2 |