The Inter-Relationship between Causal Factors
In order to institute effective barrier controls, it is important that the project team has performed a successful analysis of the pathways that lead to a root cause. The objective is to put in place certain obstacles that would prevent the occurrence of an accident.
In the event that an untoward event does take place, there is an immediate presumption that one or even a set of control measures has failed. Barriers are defense systems or safety devices that could prevent a specific accident. Hence, in a root casue analysis, the line of questioning would delve into the causal factors that led to their breakdown. For all intents and purposes, they are in place to make it impossible for a root cause to flourish.
Understanding the Mechanisms of Control or Defense Systems
Let’s take the Daiichi-Japan nuclear power plant accident as an example. The whole world readily surmised that the cause of the accident was the earthquake and the tsunami that immediately followed. However, the members of the fact-finding teams are in the know that nuclear plants have defense-in-depth systems in place. They are the layers of control obstacles that are independent from each other.
The failure of one barrier will not cause the failure of another; on the contrary, it would even trigger the motion or activity of another safety or preventive measure. Thus, if another preventive obstruction fails, there are other causal factors to consider. This means that a more important safety control was overlooked or disregarded, which allowed a series of causal factors to break down the barriers. This is exactly the case of the Daiichi power plant nuclear accident.
As investigations unfolded, “a can of worms" was opened revealing the faulty inspections and implementations being conducted by the Japanese government’s regulatory body. It turned out that the latter was aware of fake maintenance and safety inspection reports that were submitted in the past, as early as 1986. They were also aware that several incidents of power plant accidents were not reported by the Daiichi nuclear power plant operator. Yet the ultimate barrier of shutting down the nuclear plant never took place. This could have prevented the level-seven nuclear accident from happening.
Using the MORT Approach
The Management Oversight and Risk Tree (MORT) approach delves into the relationship between the flow of energy or activity and the barriers. In line with this, the analysis starts by differentiating between the control and the safety barriers.
Control barriers are distinguished as those that are in place where energy used is part of the normal occurrence. Examples of control obstructions or preventive measures include:
- regulatory inspections for approved design and work methods
- regular internal checks and maintenance
- adequate job training of operators
- physical control and management of hazardous materials
- circuit breakers or automated disconnection switches
- pressure vessels or containers
Safety or Protective barriers, on the other hand, deal with energy that is not related to the workflow; hence it is unintended or unwanted. This includes:
- protective guard rails
- preventive equipment
- fire drills or other simulation exercises
- emergency contingency or mitigation plans.
However, these barriers will be further classified according to their purpose, whether they are for control or for preventive measures or for mitigating actions. This is being done in order to determine if each obstruction is independent of a task or if it is a part of the task. It can also be the plan in place as a means to curtail the effects of the incident in the event that all safety controls fail.
The Barrier Location – this is another important aspect of the MORT approach. The chart should indicate at what point the obstructions or preventions are located. This applies to accidents that are instigated by a physical activity, and the obstructions may be located at
:(1) the source of energy or activity,
(2) a time period or space before the preventive control is activated, and at
(3) the instance that the untoward incident or accident happens.
Other classifications to consider in applying the MORT approach are the nature or element of the barrier in place, whether the function is:
- Physical, in the sense that it prevents the happening or the release of the energy that can cause a trigger factor to happen. The obstacles could be in the form of concrete or steel walls, fences, containers, valves, harnesses, sprinklers, filters, air bags, etc.
- Functional, which applies to the prevention of movement like locks, passwords, action or numbered sequences, brakes, time-delays, interlocking devices, etc.
- Symbolic, like flashing lights, labels, color transformation, alarms, approvals or clearance.
- Non-physical, which pertains to monitoring and supervision and the implementation of laws, rules and regulations, or the observance of guidelines, ethics, and checklists or the adherence to restrictions and prohibitions.
However, these classifications are dependent on the activities or energy for which the controls have to be applied.
Sample Analysis of Safety and Prevention Against Fire Accident
Click on the image at the left to enlarge the screenshot of a sample barrier analysis chart to determine the control measures against fire accidents.
The harmful energy flow perceived and anticipated are the occurrences of lightning strikes, faulty electrical wiring and arson attempts. Perceive that the obstructions are segregated according to safety controls, preventive measures and mitigating actions to minimize the impact of damages caused by fire accidents.
Each category is placed in appropriate barrier locations to readily indicate the specific points at which the defense system has failed. Hence, in determining the root cause of the incident, the related activities or the flow of energy that caused failures in any of the safety controls are the likeliest suspects.
However, the use of the MORT approach in our sample is only a partial representation of this technique. The safety obstructions in place can still be categorized into design requirements, while design requirements can be further broken down into systems design, equipment, supervision, knowledge and skills requirements, as well as floor plans and layouts. The matter of categorizing human barriers may also be significant as a separate category, to be further analyzed according to organizational structure, skills and competencies, policies and behaviors.
The main objective for referencing the barrier analysis chart is to determine the root cause of an accident and why it still occurred despite the layers of independent defense or control systems in place. That way, the control measures or defense systems can be corrected or enhanced.
Reference Materials and Image Credit Section:
- Accident Analysis and Barrier Functions. – https://webcache.googleusercontent.com/search?q=cache:81vdyEmK_zsJ:www.it.uu.se/research/project/train/papers/AccidentAnalysis.pdf+how+to+perform+barrier+analysis&hl=en&gl=ph