ISO 17776:2016(E)

7.2 Objectives
The primary objective is to develop the MA hazard management to a level consistent with entry into the
detailed design stage.

7.3 Functional requirements

7.3.1 Hazard identification

MA hazard identification shall be through studies timed to provide input to design development such
that design improvements can still be made.

7.3.2 Major accident hazard evaluation

MA hazard evaluation shall be conducted using a range of tools and methodologies.

Studies shall be timed to occur early in the phase and in time to implement design improvements
subject to having sufficient design definition.
The studies and analyses shall be used to guide the design of ISD measures and barriers, including the
following:
— evaluation of the benefits in terms of hazard management and risk reduction;
— determining the level of reliance placed on each measure within the design strategies for
managing MA hazards;
— identifying the vulnerability of the measures to damage from MAs;
— determining the performance standards required to achieve the design strategies for managing MA
hazards.
The evaluation of MAs shall be used to define the design accidental loads for the hardware barriers
provided to manage MA hazards. The preference shall always be to design to withstand the worst case
situation but this may not always be possible. In this case, the consequences of failure shall be evaluated
and the impact on the overall project objectives assessed.
The evaluation of the MAs shall include assessing if unreliable human performance and the potential
for error could affect a MA scenario.
Although the reliability of evaluation results will improve during this phase, it is possible that growth
in potential consequences could occur during detailed design. Good practice and judgment will be
required to provide predictions as to how the MAs could change with detail design and what allowances
need to be made.

7.3.3 Risk assessment

The overall risks for people, the environment and assets associated with credible MA hazards shall
be assessed before the end of this phase, including contributions made by each of the MA hazards
identified.
Risk assessment results shall be used in conjunction with hazard evaluation to identify high risks that
remain, and to provide inputs to design, particularly for ISD, hardware barriers and their performance
standards.

7.3.4 Inherently safer design (ISD)

Development of ISD measures shall continue throughout this phase, and design strategies for managing
MA hazards developed accordingly.

20  © ISO 2016 – All rights reserved

 ISO 17776:2016(E)


Early in this phase, the application of ISD shall focus on major design decisions, such as size and
layout, structural barriers, structural strength to withstand credible MA loads, orientation to provide
optimum natural ventilation.
Any ISD measures rejected in the screening and concept selection phase shall be reviewed to confirm
that they are still not reasonable risk reduction measures.
Consideration of ISD options shall be applied to auxiliary system such as heating and cooling mediums,
refrigeration systems, electrical systems, hydraulic and pneumatic systems and other similar utilities.
Performance standards shall be developed for those ISD measures which are defined as hardware
barriers, and will need to be monitored for the life of the installation.
By the end of this phase, all the ISD measures shall be implemented, and design strategies for managing
MA hazards that rely on them shall be defined in sufficient detail to provide confidence that no major
change will be required during detailed design, unless there is a major change in the design concept.

7.3.5 Barriers

Development of the details of barriers shall continue throughout this phase, and the design strategies
for managing credible MA hazards developed accordingly.
By the end of the phase, the range of barriers shall be fully established, although more detailed
information will be required during detailed design.

7.3.6 Performance standards

Performance standards produced during this phase shall be unambiguous statements specifying the
minimum expected performance required of the hardware barriers, using measures that can be verified
by design documentation. They shall be defined in sufficient detail to provide confidence that major
changes will not be required during detailed design, unless there is a change in the basis of design.
The performance standards shall reflect the likely demand on the hardware barrier, and whether
readily available equipment and materials are able to achieve the required performance.
The effect of failure or impairment of each hardware barrier shall be evaluated to determine the
performance required. Assessment of the implications of failure or impairment of hardware barriers
(e.g. due to individual equipment failure) shall draw on equipment reliability and failure data, operating
experience or specific evaluation (e.g. FMECA).
Assurance activities shall be defined in order to ensure that performance standard requirements are
verified by relevant discipline engineers or responsible persons. Assurance activities expected in the
detailed design, procurement, construction and commissioning shall also be defined, and form part of
the contract for the next phase.

7.3.7 Sufficiency of measures

A multidiscipline review of MA hazard management shall be conducted before the end of this phase, in
order to provide assurance that all credible MA hazards have been identified and subject to appropriate
evaluation. The review shall assess whether the ISD and other barriers implemented are sufficient to
achieve the project objectives for managing MA hazards and any external criteria defined for the area
of operation.
The multidiscipline team shall review the following:
— work done prior to and during the concept definition and optimization stage for MA hazard
management;
— how the MA hazard management objectives have been achieved;
— the identified MA hazards and their potential consequences;

© ISO 2016 – All rights reserved  21

ISO 17776:2016(E)


— how credible MA hazards are managed by the design;

— summary of the key ISD measures and barriers, and their role in hazard management and emergency
response;
— hardware barrier performance standards defined to date and further detail required;
— human barriers and expectations regarding reliable performance;
— readiness of the major hazard management aspects of the design to progress into detailed design,
construction and operations;
— level of risk, assessed or calculated, for the design, and the expectation for further risk reduction
during detailed design;
— any identified uncertainties and how these will be addressed in subsequent stages;
— basis for emergency response provisions (e.g. the emergency response strategy).
Particular attention shall be paid to areas of uncertainty and to any remaining MA hazards for which
the consequences could be severe. The aim is to provide assurance that all reasonable measures
have been implemented to reduce uncertainty or limit the severity of MAs, and that the strategies for
managing MA hazards are sufficiently mature to provide a good basis for detailed design.
The review output shall be approved by the project management team; in some cases external
acceptance can also be required by local legislation.

7.3.8 Documentation

Documentation produced in this phase shall demonstrate that MA hazard management activities have
been conducted in accordance with the defined plan. Furthermore, it shall provide evidence that all
credible MA hazards have been identified and understood, with effective design strategies for managing
them developed.
A key deliverable for completion by the end of this phase is a plan of activities needed to manage
credible MA hazards for the detailed design and construction phase.
This plan shall include the following:
— study programme and timetable for detailed design;
— details of specific areas of concern or uncertainty for further investigation or resolution in
detailed design;
— actions management approach, including the role of contractors;
— verification schemes required to demonstrate that barrier performance is achieved, either through
design documentation or physical inspection and test on site;
— a definition of further MA hazard management required.

8 Detailed design and construction phase

8.1 General
The detailed design and construction phase process shall be implemented in accordance with the plan
for managing MA hazards as illustrated in Figure 4.

22  © ISO 2016 – All rights reserved

 ISO 17776:2016(E)


Figure 4 — Outline of detailed design and construction

8.2 Objectives
The primary objective of this phase shall be to build on the MA hazard management achieved during
the concept definition and optimization phase through improved understanding of the MA hazards and
refining details of the strategies for managing credible MA hazards, such that the installation is ready
to operate.

8.3 Functional requirements

8.3.1 Overview

One or more primary contractors can be involved in detailed design, or contractors can be involved
in supplying systems or elements that have a significant impact on MA hazard management.
Arrangements shall be implemented so that contract boundaries are not an obstacle to seamless
development, implementation and verification of design strategies for managing credible MA hazards.

© ISO 2016 – All rights reserved  23

ISO 17776:2016(E)


Contractor responsibilities in this respect shall be defined in the contracts and interfaces for MA hazard
management and action management defined and accepted by each contractor.

8.3.2 Hazard identification

Changes that are made shall be managed through a formal MOC process so that any requirements for
hazard identification and further evaluation of MA hazards will be a part of that process.

8.3.3 Major accident hazards evaluation

Final evaluation of MA hazards shall be conducted using a range of tools and methodologies, with the
purpose of further developing understanding of the MA hazards and their potential consequences.
Provision shall be made for additional studies in response to issues that arise as a normal part of the
detailed design development.
In the early part of this phase, any identified evaluation requirements and uncertainties or specific
issues carried forward from the concept definition and optimization phase shall be evaluated, and
solutions sought. These early studies shall be timed to allow potential design improvements to be
implemented. Studies needed for assurance purposes shall be conducted to meet construction or
completion milestones.
By the end of this phase, it shall be possible to verify that the models used to carry out any analysis are
an accurate representation of the as-built installation. The models used for the final analyses shall be
verified when construction is nearing completion and an on-site inspection of the installation can be
conducted, e.g. ensuring that the physical layout, equipment and piping congestion are consistent with
the model used to carry out the analysis. Any significant deviation shall be evaluated.

8.3.4 Risk assessment

The risk assessments carried out in the concept definition and optimization phase shall be updated to
include detailed design data. These assessments shall define the risk for people, the environment and
assets, and shall include contributions made by each of the identified MA hazards to demonstrate that
the project will meet the project criteria for risk management.
The results of the detailed risk assessments of MA hazards could prompt changes in detailed aspects
of the design. It is therefore necessary to start the process as early as reasonable, to allow the study to
take place and feedback into detailed design.

8.3.5 Inherently safer design (ISD)

The scope for development of new ISD measures is likely to be limited during this phase, although
opportunities shall continue to be sought. The main focus shall be to preserve the effectiveness of the
ISD decisions made in earlier project phases.
Continued engagement of engineering managers and discipline engineers is important for the
development and preservation of ISD measures, in order to ensure that they understand and implement
the design strategies for managing MA hazards.

8.3.6 Barriers

The definition of barriers shall be developed further to include detailed design information and data
from equipment suppliers.
Design strategies for MA hazard management should not change significantly during detailed design,
although hardware barrier design definition and performance standards shall be refined to take into
account improved design definition, particularly for vendor-supplied equipment. The only reason for
significant change should be design changes that require revision of a MA hazard management strategy.

24  © ISO 2016 – All rights reserved