How to avoid some common pitfalls in the production and use of a COMAH report; from Robert McGregor, Sarah Bickerstaffe, Stephen Beedle, and Conrad Ellison
FOR sites in the UK exceeding thresholds in inventories of certain dangerous substances there is a regulatory requirement to produce a COMAH safety report. Depending on the quantities present, the regulations apply as either a lower tier or upper tier level. The purpose of COMAH regulations is to ensure that operators take all necessary measures to prevent major accident hazards (MAHs) involving dangerous substances and limit the consequences to people and the environment of any major accidents which do occur.
Upper tier (formerly top tier) operators are required to submit safety reports to the competent authority (CA), demonstrating that safety and environmental risks for the whole COMAH establishment have been reduced to a tolerable level. This article focuses on upper tier safety reports, but it should be noted that lower tier operators must prepare a major accident prevention policy (MAPP) that examines the potential for major accidents on their site and demonstrating their approach to controlling the risk of occurrence. Whilst the MAPP is not required to be submitted to the CA, it should be available during CA inspections.
Producing a COMAH report can be a huge investment in time and money and this article explores what, in ABB’s experience, are some of the more common ways in which the process can go wrong. There are two main themes: (1) challenge by the competent authority (CA); and (2) not using a well-written COMAH report to its full potential. COMAH reports are complicated documents, and this is by no means a complete review of the potential error traps; there are other areas equally worthy of discussion that aren’t covered here. Hopefully though, it provides some useful information and will help engineers learn from others’ mistakes and extract the maximum value from their COMAH reports.
IS THE TEAM UP TO THE TASK?
When a COMAH report is challenged by the CA in some way, it is obvious that something has gone wrong. Most of the time this is down to not getting the basics of the report right. This starts with the team! Writing a COMAH report is a challenging exercise – the team that is producing it should be suitably qualified and experienced and have sufficient availability to complete what can be a time-consuming activity. Consultancies are often used to help with the production of the COMAH report, but ultimately the document is owned by the operating company, which needs to ensure that it has done its due diligence and that it has reviewed and buys into the finished report.
DOES THE REPRESENTATIVE SET COVER ALL OF THE MAJOR ACCIDENT HAZARDS ON SITE?
The representative set is a list of hazardous events that have the potential to cause harm, and provides the foundation from which an upper tier COMAH safety report is constructed. It should be a representative summary of the entire site and therefore include a variety of MAHs which reflect “what could go wrong” for all sorts of processes and equipment across the site. Challenges often arise due to the representative set not being truly representative of all the MAHs on site ie, important details are missed because it is too generic. Many companies take a quantitative risk assessment (QRA) approach using generic rupture, large hole, or small hole in a generic pressure vessel or tank for example – but this is too generic. To analyse it in a meaningful way you need to look at a specific (worst-case) vessel with its specific failure mechanisms, specific controls, specific protective measures, and specific mitigations based on the vessel location. This often comes down to not having demonstrated “line of sight” between the hazard identification studies and the representative set, making it difficult for the CA to understand how the various scenarios were chosen. Sometimes the discrepancy may be due to lack of robust revalidation protocols for hazard studies, meaning that the five-yearly updates, which drive towards better mapping of MAHs, are either delayed or not completed.
FAILURE TO IDENTIFY RELEVANT GOOD PRACTICE
“Good practice” is the legal minimum standard that is to be reached for a particular application, and relevant good practice (RGP) audits are conducted as part of the COMAH report to highlight any gaps to this minimum requirement. Where it is sometimes very clear what represents good practice for a system or piece of equipment it is often not so straightforward. For instance, BS EN 746-2 gives very prescriptive guidance on good practice for protective systems on fired equipment, whereas other items of equipment such as reactors, columns, or pumps don’t have clearly-defined RGP. However, compliance with RGP must be demonstrated and the onus falls on the operator to determine what the majority of companies in their industry sector typically do and then justify to the competent authority why their own arrangement is suitable in comparison. Failure to do so is a commonly occurring cause of challenge.
FAILURE TO RECOGNISE CHANGES
An update to a COMAH report must adequately capture any changes that have occurred since the previous COMAH submission. This can be challenging enough for onsite changes, but neighbouring sites may have made changes affecting their own MAHs, some of which may have an impact on the operating site. If the neighbouring sites are upper tier COMAH establishments, they will have a good understanding of their MAHs and will have defined any offsite consequences in their domino report. However, non-COMAH sites may not have such a comprehensive grasp of the hazards on their site. In theory they should not have any events with potential for offsite impacts, but sites involved in the water industry, for example, may not be regulated and can still have toxic and explosion hazards.
POOR LINKAGE BETWEEN THE PREDICTIVE ASPECTS AND TECHNICAL ASPECTS SECTIONS
If well written, the Predictive Aspects section of a COMAH report should give detail about the cause of an MAH and highlight the layers of protection that are used to reduce the likelihood of the event occurring. The Technical Aspects section is interested in the life cycle analysis of this safety critical equipment and demonstrating that robust processes are in place to ensure that the holes in the Swiss Cheese don’t line up!
One way to do this would be to describe the cause of failure of the vessel, say over pressure for instance, then provide some narrative around the protective systems, ie high-pressure trip and relief valve within the scenario description. The Technical Aspects section would then highlight the procedures and regime for testing these safety-critical devices along with the competency of the individuals or companies undertaking the testing.
IS ALARP (AS LOW AS REASONABLY PRACTICABLE) DEMONSTRATED?
COMAH reports are sometimes challenged with the feedback that “ALARP is not demonstrated”. This is a catch-all for many different criticisms but can mean that the report is too generic. This can happen when the quantitative risk assessment (QRA) methodology, which produces choropleth-style risk contour maps, is used. In QRA, various events are modelled for each piece of equipment on a site. Taking a vessel as an example these may be catastrophic rupture, a large hole, and a small hole. This can give a very precise representation of risk but can be very generic and often doesn’t align with the site hazard studies, which look at guidewords such as over pressure and over temperature and therefore doesn’t give detail on the cause(s) of the failures. In other words, the QRA methodology lacks practicality and does not tell the reader a great deal about the site-specific hazards and means that it cannot be easily used for training or other studies. This leads us to the next way in which a COMAH report can go wrong.
Catch up on the latest news, views and jobs from The Chemical Engineer. Below are the four latest issues. View a wider selection of the archive from within the Magazine section of this site.