10th December 2019
Following on from the assessment of individual and societal risk, the next step in an assessment for high hazard sites is to compare the results to a set of risk tolerability criteria to demonstrate that risk is tolerable and As Low As Reasonably Practicable (ALARP), or determine what more could be done. Only when both types of risk are demonstrated to be tolerable and ALARP can the duty of the operator be considered met. This requirement brings in the need to define, justify and then apply risk tolerability targets at an organisational level. These however can vary dramatically across the industry and our experience shows that they can easily be misconceived, misunderstood and misapplied, the consequences of which can be incredibly costly; protection measures can end up in the wrong places. In this article we touch on the obstacles to setting appropriate risk tolerability targets and suggest that three key factors should be taken into account; which criteria to use, where to aim, and how to account for other risks.
In setting targets it is important to understand how they will be used for given situations; tolerability criteria are for the whole site, or all risks, but they must be adapted when organisations want to scrutinise a single event, for example when performing LOPA. It is in calibrating targets for scenario risk that we often see mistakes being made and it has become a focus point for us, writing papers and presenting at conferences to try and remove the confusion across the industry.
An understanding of the intricacies between the types of risk to be well understood by the organisation is also required. Individual risk is calculated as the risk of fatality to a specific individual per year, whereas societal risk is calculated based on the frequency of an event per year and the potential number of people affected by it. There are pre-defined boundaries out there for tolerability for risk to an individual, but the guidance on societal risk is less definite. Considering the nature of the risks present at high hazard and COMAH sites, and the potential for widespread consequences, it is generally societal risk that is used as a driver for decision making. It is therefore particularly important that targets are well considered and justified.
Should organisations aim for broadly acceptable or somewhere in the tolerable if ALARP region? The exact point on the tolerability scale where establishments aim varies widely between organisations but careful consideration should be given, as the most appropriate target could depend on the circumstance of the establishment. For existing establishments with legacy systems, it might not be practicable to meet broadly acceptable levels of risk, and therefore showing tolerable risk and giving an accompanying demonstration of ALARP would be considered acceptable. For new establishments, broadly acceptable levels of risk are potentially within reach when taken into consideration in early design. Aiming for broadly acceptable might therefore be considered, which would have the benefit of reducing the onus on demonstrating that the risk is ALARP. The key point to include in all assessments is a transparent description of the method used and why.
Targets should also be adapted to make allowances for other risks as in assessing the risk from one scenario, neither individual nor societal risk can be fully assessed. Individual risk tolerability must include all risks that the individual is exposed to, not just one scenario, and societal risk must be aggregated for the whole site. It is generally accepted across the industry that it is appropriate to reduce the risk target by one order of magnitude to account for these other risks.
Both the levels of risk to an individual and to society must be shown to be tolerable and ALARP for the duties under health and safety law to be considered met, however risk tolerability criteria are not used consistently, and are often inappropriate or incorrect. This results in difficulty for both the regulator and the establishment to demonstrate that risk is being managed to the correct level, something that is becoming increasingly evident as the general understanding of risk and rigour of regulation increases. With careful consideration and clear justification of the type of criteria, where the target is set and how other risks have been factored in, however, better judgements can be made and risk effectively managed.