The purpose of the Emergency Systems Survivability Analysis (ESSA) is to identify the emergency systems that are necessary to protect personnel on the facility and to assess the effects of all credible Major Accident Events (MAEs) on the ability of those systems to operate as intended, i.e. reduce or mitigate the MAE consequence and prevent escalation or enable escape, temporary refuge, evacuation and recovery during emergency situations.
The ESSA has been undertaken by the systematic application of discrete steps, which are summarised as follows:
The MAEs considered in the ESSA are broadly split into two types; hydrocarbon scenarios and non-hydrocarbon scenarios.
The information used to allow assessment of hydrocarbon MAEs is compiled on a ‘by area’ basis, with the focus on the worst-case hydrocarbon events (based on the consequence). The identification of hydrocarbon MAEs is based on the fire and explosion events identified and assessed in the supporting safety studies.
Worst-case hydrocarbon consequence events in those modules/areas under examination are defined to be those MAEs having the greatest potential for equipment damage and escalation, and which therefore pose the greatest threat to personnel. It is during these types of events that the emergency systems are critical. The effects of these events, in terms of increased levels of thermal radiation, smoke produced, overpressures etc. upon emergency systems are assessed. Both the local effects on emergency system equipment in the area and the global consequences for the system as a whole are assessed as part of the vulnerability assessment.
The impact of non-hydrocarbon MAEs on emergency system operation has also been assessed. Typical non-hydrocarbon MAEs include extreme weather, ship collision incidents, helicopter operations etc. Non-hydrocarbon MAEs have been subjected to a qualitative assessment to determine their effect on critical emergency systems, if they meet the following criteria:
Based on a review of the provided safety studies documentation, Step 2 shall identify which emergency systems are critical with respect to:
• Mitigating (M) the consequences of the MAE by preventing escalation and/or protecting the accommodation, evacuation and escape systems; or,
• Aiding (A) recovery from the MAEs by enabling escape to, and evacuation from, the accommodation or rescue from lifeboats or the sea following evacuation of the Facility.
Some emergency systems are provided with fail-safe features and, in certain cases, to improve availability, redundancy is provided. Both of these aspects contribute greatly to the availability of an emergency system to function as and when required.
A system has ‘redundancy’ if its components are duplicated (e.g. 2 x 100% systems, one of which remains serviceable in a MAE), or if another independent system exists which fulfils the same function and remains serviceable in a MAE.
For those systems identified as fail-safe and/or having redundancy, they have not been subject to the further analysis undertaken in Steps 5 and 6. Conversely, for those systems not identified as fail-safe and/or having sufficient redundancy, these have been subject to further analysis, as described in Steps 5 and 6 below.
For the emergency systems addressed in the ESSA, notes on the system description have been completed, including the system components, functional purpose and operating philosophy. The information developed for Steps 2 - 4 shall be summarised in the tables in Appendix, an example of which is shown beside,
For each emergency system addressed in the ESSA, a survivability assessment against the identified MAEs from Step 1 shall be undertaken. A system is considered to be vulnerable if it sustains damage/loss such that it prevents the system operating for the necessary period of time. This period of time has been taken to be the endurance time of the temporary refuge which is defined as one hour.
In Step 5, it is only necessary to identify if a MAE with the potential to impact an emergency system is possible i.e. the system is (Y = YES = Vulnerable) or is not (N = NO = Not Vulnerable) vulnerable. It is noted here that the probability (or likelihood) of the MAE sufficiently impacting the emergency system rendering it inoperable shall be examined in Step 6, not Step 5. The vulnerability assessment has been completed to reflect the vulnerability of the systems major components.
For those emergency systems identified as being ‘Vulnerable’ in Step 5, a qualitative evaluation of the risk as High, Medium or Low has been performed using information from the project risk matrix and the following guidance:
• High Risk: The combination of frequency and severity of the MAE is such that remedial measures shall be necessary to ensure that the system can continue to function;
• Medium Risk: The combination of frequency and severity of the MAE is such that further analysis is required to determine whether remedial measures are required; and,
• Low Risk: The frequency and severity of the MAE is low/negligible such that no further action is necessary.