ISO 17776:2016

INTERNATIONAL ISO
STANDARD 17776
Second edition
2016-12-15
Petroleum and natural gas
industries — Offshore production
installations — Major accident hazard
management during the design of new
installations
Industries du pétrole et du gaz naturel — Installations des plates-
formes en mer — Lignes directrices relatives aux outils et techniques
pour l’identification et l’évaluation des risques
Reference number
ISO 17776:2016(E)
©
ISO 2016

---------------------- Page: 1 ----------------------
ISO 17776:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 17776:2016(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 4
4 Major accident hazard management overview . 5
4.1 General . 5
4.2 Project management commitment . 5
4.3 Project management accountability . 6
4.4 Project plan to manage major accident hazards . 6
4.5 Objectives of major accident hazard management . 6
4.6 Selection of hazard evaluation and risk assessment methods . 7
4.7 Good engineering practice . 7
4.8 Documentation . 8
4.8.1 General. 8
4.8.2 Register of major accident hazards . 9
4.9 Actions management . 9
4.10 Management of change . 9
5 Management of major accident hazards in design .10
5.1 Overview of MA hazard management .10
5.2 Key concepts .11
5.2.1 Understanding the MA hazards .11
5.2.2 Inherently safer design (ISD) .12
5.2.3 Design strategies for managing MA hazards.13
5.2.4 Barriers .13
5.2.5 Performance standards .14
5.2.6 Communication with technical and operational teams.15
6 Screening and concept selection process .15
6.1 General .15
6.2 Objectives.16
6.3 Functional requirements .17
6.3.1 Screening .17
6.3.2 Hazard identification.17
6.3.3 Major accident hazards evaluation .17
6.3.4 ISD and barriers.18
6.3.5 Performance standards .18
6.3.6 Sufficiency of measures .18
6.3.7 Documentation .18
7 Concept definition and optimization.19
7.1 General .19
7.2 Objectives.20
7.3 Functional requirements .20
7.3.1 Hazard identification.20
7.3.2 Major accident hazard evaluation .20
7.3.3 Risk assessment . .20
7.3.4 Inherently safer design (ISD) .20
7.3.5 Barriers .21
7.3.6 Performance standards .21
7.3.7 Sufficiency of measures .21
7.3.8 Documentation .22
© ISO 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 17776:2016(E)

8 Detailed design and construction phase .22
8.1 General .22
8.2 Objectives.23
8.3 Functional requirements .23
8.3.1 Overview .23
8.3.2 Hazard identification.24
8.3.3 Major accident hazards evaluation .24
8.3.4 Risk assessment . .24
8.3.5 Inherently safer design (ISD) .24
8.3.6 Barriers .24
8.3.7 Performance standards .25
8.3.8 Sufficiency of measures .25
8.3.9 Register of major accident hazards .25
8.3.10 Documentation .25
8.3.11 Procurement of equipment .26
8.3.12 Construction, completion and commissioning .26
8.3.13 Transfer to operation .26
8.3.14 Actions management .26
9 Major accident hazard management in operation .27
9.1 General .27
9.2 Objectives.27
9.3 Functional requirements .28
9.3.1 Barrier management .28
9.3.2 Revalidation .28
9.3.3 Safety-critical tasks .28
9.3.4 Temporary changes .29
9.3.5 Non-availability of barrier performance .29
9.3.6 Management of change (MOC) . .29
Annex A (informative) Example of a framework for risk-related decision support.31
Annex B (informative) Plan to manage major accident hazards .32
Annex C (informative) Major accident hazard management identification and evaluation tools .41
Annex D (informative) Strategy for managing major accident hazards .71
Annex E (informative) Barrier system performance standards .77
Annex F (informative) HAZID guidewords .80
Bibliography .94
iv © ISO 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 17776:2016(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/TC 67, Materials, equipment and offshore structures
for petroleum, petrochemical and natural gas industries, Subcommittee SC 6, Processing equipment and
systems.
This second edition cancels and replaces the first edition (ISO 17776:2000), which has been technically
revised and the title changed from Petroleum and natural gas industries — Offshore production
installations — Guidelines on tools and techniques for hazard identification and risk assessment to the
present title.
© ISO 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 17776:2016(E)

Introduction
The purpose of this document is to establish requirements and provide guidance for the effective
management of major accident (MA) hazards during the design of new offshore installations for the
petroleum and natural gas industries.
The management of MA hazards involves the application of engineering expertise and knowledge to
provide the measures needed to meet the objectives set by the organizations involved in the project
development. A range of tools for evaluating and assessing the likelihood and consequences of MAs
is needed to help select the measures to be implemented, and to judge when sufficient measures have
been provided.
This process is built on the underlying integrity provided by the application of internationally
recognized codes and standards.
This document covers the following main elements:
— establishing general requirements for identifying MA hazards and their causes;
— assessing MA hazards to understand their likelihood and possible consequences;
— developing suitable strategies for managing MA hazards;
— progressively improving the understanding of MA hazards and their consequences to guide design
decisions during the development phases of the installation;
— providing the measures needed to manage all credible MAs;
— maintaining the measures throughout the life of the installation.
The technical content of this document is arranged as follows:
a) objectives: the goals to be achieved;
b) functional requirements: specifying requirements considered necessary to meet the stated
objectives;
c) annexes: guidelines in support of the functional requirements.
This document should be read in conjunction with ISO 13702 and ISO 15544.
vi © ISO 2016 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 17776:2016(E)
Petroleum and natural gas industries — Offshore
production installations — Major accident hazard
management during the design of new installations
1 Scope
This document describes processes for managing major accident (MA) hazards during the design of
offshore oil and gas production installations. It provides requirements and guidance on the development
of strategies both to prevent the occurrence of MAs and to limit the possible consequences. It also
contains some requirements and guidance on managing MA hazards in operation.
This document is applicable to the design of
— fixed offshore structures, and
— floating systems for production, storage and offloading
for the petroleum and natural gas industries.
The scope includes all credible MA hazards with the potential to have a material effect on people, the
environment and assets.
This document is intended for the larger projects undertaken to develop new offshore installations.
However, the principles are also applicable to small or simple projects or design changes to existing
facilities and can also be relevant to onshore production facilities.
Mobile offshore units as defined in this document are excluded, although many of the principles can
be used as guidance. The design of subsea facilities are also excluded, though the effects of mobile and
subsea facilities are considered if they can lead to major accidents that affect an offshore installation.
This document does not cover the construction, commissioning, abandonment or security risks
associated with offshore installations.
The decision to apply the requirements and guidance of this document, in full or in part, is intended to
be based on an assessment of the likelihood and possible consequences of MA hazards.
2 Normative references
The following documents are referred to in text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 31000, Risk management — Principles and guidelines
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms, definitions and abbreviated terms apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
© ISO 2016 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO 17776:2016(E)

3.1.1
barrier
functional grouping of safeguards or controls selected to prevent a major accident or limit the
consequences
Note 1 to entry: Barriers can be subdivided into hardware barriers or human barriers and are supported by
management system elements.
Note 2 to entry: Adapted from IOGP Report No. 415.
3.1.2
emergency response
action taken by personnel on or off an installation to limit the consequences of a major accident or
initiate and execute abandonment
[SOURCE: ISO 15544:2000, 2.1.8]
3.1.3
environment
surroundings in which an organization operates, including air, water, land, natural resources, flora,
fauna, humans and their interrelationships
Note 1 to entry: Surroundings can extend from within an organization to the local, regional and global system.
Note 2 to entry: Surroundings can be described in terms of biodiversity, ecosystems, climate or other
characteristics.
[SOURCE: ISO 14001:2015, 3.2.1]
3.1.4
ergonomics
scientific discipline concerned with study of human factors and understanding of interactions among
human and other elements of a system
Note 1 to entry: Adapted from ISO 6385:2004.
3.1.5
escape route
route from an area of an installation leading to a muster area, temporary refuge (TR), embarkation
area, or means of escape to the sea
[SOURCE: ISO 15544:2000, 2.1.15]
3.1.6
evacuation
planned method of leaving the installation in an emergency
[SOURCE: ISO 15544:2000, 2.1.17]
3.1.7
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.1.8
hazard
potential source of harm
[SOURCE: ISO/IEC Guide 51:2014, 3.2]
2 © ISO 2016 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 17776:2016(E)

3.1.9
hazardous event
event that can cause harm
[SOURCE: ISO/IEC Guide 51:2014, 3.3]
3.1.10
individual risk
risk to which an individual is exposed during a defined period of time
3.1.11
inherently safer design
design which eliminates or reduces major accidents through measures that are permanent and
inseparable from the design
3.1.12
major accident
MA
hazardous event that results in
— multiple fatalities or severe injuries; or
— extensive damage to structure, installation or plant; or
— large-scale impact on the environment (e.g. persistent and severe environmental damage that
can lead to loss of commercial or recreational use, loss of natural resources over a wide area or
severe environmental damage that will require extensive measures to restore beneficial uses of the
environment)
Note 1 to entry: In this document, a major accident is the realization of a major accident hazard.
Note 2 to entry: This definition is intended to incorporate terms such as “major accident” as defined by UK HSE.
3.1.13
major hazard
hazard with the potential, if realized, to result in a major accident
3.1.14
mobile offshore unit
mobile platform, including drilling ships, equipped for drilling for subsea hydrocarbon deposits and
mobile platforms for purposes other than production and storage of hydrocarbon deposits
Note 1 to entry: Includes mobile offshore drilling units, drill ships, accommodation units, construction and pipe-
lay units, well servicing and well stimulation vessels.
3.1.15
muster area
designated area to which personnel report when required to do so in an emergency
[SOURCE: ISO 15544:2000, 2.1.29]
3.1.16
performance standard
measureable statement, expressed in qualitative or quantitative terms, of the performance required of a
system, item of equipment, person or procedure, and that is relied upon as a basis for managing a hazard
Note 1 to entry: Hardware performance standards address the functionality, reliability, survivability and
interdependency of barriers under emergency conditions.
[SOURCE: IOGP Report No. 415]
© ISO 2016 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO 17776:2016(E)

3.1.17
risk
combination of the probability of occurrence of harm and the severity of that harm
Note 1 to entry: A more general definition of risk is given in ISO Guide 73:2009 and is “effect of uncertainty” where:
— an effect is a deviation from the expected, and
— uncertainty is a state of having limited knowledge where it is impossible to exactly describe the existing
state and future outcomes.
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified, Note 1 to entry has been replaced with another note.]
3.1.18
risk criteria
terms of reference against which the significance of risk is evaluated
Note 1 to entry: Risk criteria are based on organizational objectives, and external and internal context.
Note 2 to entry: Risk criteria can be derived from standards, laws, policies and other requirements.
[SOURCE: ISO Guide 73:2009, 3.3.1.3]
3.1.19
risk tolerance
organization’s readiness to bear the risk after risk treatment in order to achieve its objectives
Note 1 to entry: Risk tolerance can be influenced by legal or regulatory requirements.
Note 2 to entry: Qualitative or quantitative criteria can be used to help the organization decide if a risk is tolerable
[SOURCE: ISO Guide 73:2009, 3.7.1.3, modified – Note 2 to entry has been added.]
3.1.20
temporary refuge
TR
place provided where personnel can take refuge for a predetermined period while investigations,
emergency response and evacuation preparations are undertaken
[SOURCE: ISO 15544:2000, 2.1.37, modified, Note 1 to entry has been omitted.]
3.2 Abbreviated terms
CFD computational fluid dynamics
EER escape, evacuation and rescue
ESD emergency shutdown
FMECA failure mode, effects, and criticality analysis
HAZID hazard identification study
HAZOP hazard and operability study
IOGP International Association of Oil and Gas Producers (previously: OGP)
ISD inherently safer design
JHA job hazard analysis
MA major accident
MOC management of change
4 © ISO 2016 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 17776:2016(E)

P&ID piping a
...