Informative Annex F Hazard Analysis, Risk Estimation, and Risk Evaluation Procedure

Informative Annex F Hazard Analysis, Risk Estimation, and Risk Evaluation Procedure

This informative annex is not a part of the requirements of this NFPA document but is included for informational purposes only.

F.1 Risk Assessment (General).

This informative annex provides guidance regarding a qualitative approach for risk assessment, including risk estimation and risk evaluation, which can be helpful in determining the protective measures that are required to reduce the probability of harm occurring in the circumstances under consideration. In order to receive the full benefit of completing the risk assessment process the relationships between the source or cause of risk and the effects of the hierarchy of controls on those causes must be understood. This annex is intended to provide guidance.

Hazard identification and risk assessment are analytical processes consisting of a number of discrete steps intended to ensure that hazards are properly identified and analyzed with regard to their severity and the probability of their occurrence. Once hazards have been identified and analyzed, the risk associated with those hazards can be estimated using the parameters outlined in Figure F.2.1. Appropriate protective measures can then be implemented and evaluated in order to determine if adequate risk reduction has been achieved. Hazard identification and risk assessment include a comprehensive review of the hazards, the associated foreseeable tasks, and the protective measures that are required in order to maintain a tolerable level of risk, including the following:

(1) Identifying and analyzing electrical hazards (2) Identifying tasks to be performed (3) Documenting hazards associated with each task (4) Estimating the risk for each hazard/task pair (5) Determining the appropriate protective measures needed to adequately reduce the level of risk

Figure F.1(a) is intended to illustrate the steps to be taken and the decisions to be considered when performing an electrical work risk assessment. See 110.3 for a hazard and risk evaluation procedure. Figure F.1(b) illustrates in more detail the steps of the risk analysis, assessment, and evaluation process. Figure F.1(a)  Risk Assessment Process. g70e-22_2012.png Figure F.1(b)  Detailed Risk Assessment Process. g70e-25_2012.png

F.1.1 Responsibility. Electrical system designers, constructors, and users have responsibilities for defining and achieving tolerable risk. The supplier and the user either separately or jointly identify hazards, estimate risks, and reduce risks to a tolerable level within the scope of their respective work activities. Although the responsibilities of the supplier and the user differ over the life cycle of the electrical equipment, each entity should use the risk assessment process.

In general, the electrical system supplier is responsible for the design, construction, and information for operation and maintenance of the electrical system, while the user is responsible for the operation and maintenance of the electrical system.

Suppliers and users should involve qualified personnel in meeting their respective responsibilities. The supplier and user should ensure compliance with the related regulations and standards applicable to their work activity. This could include regulations and standards for a specific location, a specific application, or both.

F.2 Risk Assessment. F.2.1 Initial Risk Estimation. An initial estimation of risk should be carried out for each hazard. Risk related to the identified hazard should be derived by using the risk parameters that are shown in Figure F.2.1 including the following:

(1) Severity of harm, (2) Probability of occurrence of that harm, which is a function of all of the following: a. Frequency and duration of the exposure of persons to the hazard, Fr b. Probability of occurrence of a hazardous event, Pr c. Possibilities to avoid or limit the harm, Av Figure F.2.1  Elements of Risk. g70e-23_2012.png

F.2.2 Parameters Used in Risk Estimation. In preparation for the risk assessment, parameter estimates can be entered into Table F.2.5. These parameters should be based on worst-case considerations for the electrical system. It may be the case that different risk reduction strategies are implemented for each hazard. The risk estimation stage is the only one at which hazards can be eliminated, thus avoiding the need for additional protective measures, such as safeguarding or complementary protective measures.

F.2.3 Severity of the Possible Harm (Se). Severity of injuries or damage to health can be estimated by taking into account reversible injuries, irreversible injuries, and death. Typically, the types of hazards to be considered include, but are not limited to, shock and electrocution, burns, and impact. Choose the appropriate value of severity from Table F.2.3, based on the consequences of an injury, where:

(1) 8 means a fatal or a significant irreversible injury, such that it will be very difficult to continue the same work after healing, if at all. (2) 6 means a major or irreversible injury, in such a way that it can be possible to continue the same work after healing and can also include a severe major but reversible injury such as broken limbs. (3) 3 means a reversible injury, including severe lacerations, stabbing, and severe bruises, that requires attention from a medical practitioner. (4) 1 means a minor injury, including scratches and minor bruises that require attention by first aid. Select the appropriate row for severity of the possible harm (Se) from Table F.2.3. Insert the appropriate number under the Se column in Table F.2.5. Table F.2.3  Severity of the Possible Harm (Se) Classification Severity (Se) Irreversible — trauma, death Permanent — skeletal damage, blindness, hearing loss, third degree burns Reversible — minor impact, hearing damage, second degree burns Reversible — minor laceration, bruises, first degree burns

F.2.4 Probability of Occurrence of Harm. Each of the three parameters of probability of occurrence of harm (that is, Fr, Pr, and Av) should be estimated independently of each other. A worst-case assumption needs to be used for each parameter to ensure that the protective measures, determined during risk evaluation, will provide adequate risk reduction. Generally, the use of a form of hazard/task–based evaluation is strongly recommended to ensure that proper consideration is given to the estimation of the probability of occurrence of harm.

F.2.4.1 Frequency and Duration of Exposure (Fr). The following aspects should be considered to determine the level of exposure: (1) Need for access to the hazard zone based on all modes of use; for example, normal operation and maintenance (2) Nature of access; for example, examination, repair, and trouble shooting

It should then be possible to estimate the average interval between exposures and, therefore, the average frequency of access. This factor does not include consideration of the failure of the short-circuit interruption device(s) or the failure to use the appropriate personal protective equipment. Select the appropriate row for frequency and duration of exposure (Fr) from Table F.2.4.1. Insert the appropriate number under the Fr column in Table F.2.5.

Table F.2.4.1  Frequency and Duration of Exposure (Fr) Classification Frequency and duration of exposure (Fr) Fr Duration > 10 min ≤ 1 per hour 5 > 1 per hour–≤ 1 per day 5 > 1 per day–≤ 1 every 2 weeks 4 > 1 every 2 weeks–≤ 1 per year 3 > 1 per year 2

F.2.4.2 Probability of Occurrence of a Hazardous Event (Pr). The occurrence of a hazardous event influences the probability of the occurrence of harm. The probability of the hazardous event occurring should describe the likelihood of the event materializing during the use or foreseeable misuse, or both, of the electrical system or process. Subjectivity may have a substantial impact on the result of the risk assessment. The use of subjective information should be minimized as far as reasonably practicable.

The probability of occurrence of the hazardous event should be estimated independently of other related parameters (Fr and Av) and will typically be based on the results of the completed study of the arc flash potential. The worst-case scenario should be used for this parameter to ensure that short-circuit interruption device(s) have, where practicable, been properly selected and installed and will provide adequate protection.

Elements of the electrical system that are intended to ensure an intrinsically safe design shall be taken into consideration in the determination of the probability of the hazardous event(s) These can include, but are not limited to, the mechanical structure, electrical devices, and electronic controls integral to the system or process, or both, at the time of the analysis. Types of components that could contribute to an inherently safe design could include, but are not limited to, current-limiting devices, ground-fault circuit interrupters. This parameter can be estimated by taking into account the factors that follow.

(1) The predictability of the performance of component parts of the electrical system relevant to the hazard in different modes of use (for example, normal operation, maintenance, fault finding). At this point in the risk assessment process, the protective effect of any personal protective equipment and other protective measure should not be taken into account. This is necessary in order to estimate the amount of risk that will be present if the personal protective equipment and other protective measures are not in place at the time of the exposure. In general terms, it must be considered whether the electrical system being assessed has the propensity to act in an unexpected manner. The electrical system performance will vary from very predictable to not predictable. Unexpected events cannot be discounted until it can be clearly demonstrated that the electrical system will perform as expected. Informational Note:  Predictability is often linked to the complexity of the electrical system and the characteristics of the energy supply.

(2) The specified or foreseeable characteristics of human behavior with regard to interaction with the component parts of the machine relevant to the hazard, which can be characterized by one or both of the following: a. Stress (for example, due to time constraints, work task, perceived damage limitation) b. Lack of awareness of information relevant to the hazard

Human behavior will be influenced by factors such as skills, training, experience, and complexity of the machine/process. These attributes are not usually directly under the influence of the electrical system designer, but a task analysis will reveal activities where total awareness of all issues, including unexpected outcomes, cannot be reasonably assumed. “Very high” probability of occurrence of a hazardous event should be selected to reflect normal workplace constraints and worst-case considerations. Positive reasons (for example, well-defined application and a high level of user competence) are required for any lower values to be used.

Any required or assumed skills, knowledge, and so forth, should be stated in the information for use. Select the appropriate row for probability of occurrence of a hazardous event (Pr) from Table F.2.4.2. Indicate the appropriate risk level under the Pr column in Table F.2.5.

Table F.2.4.2  Probability of a Hazardous Event (Pr) Classification Probability (Pr)

Very high 5 Likely 4 Possible 3 Rare 2 Negligible 1

F.2.4.3 Probability of Avoiding or Limiting Harm (Av). This parameter can be estimated by taking into account aspects of the electrical system design and its intended application that can help to avoid or limit the harm from a hazard, including the examples that follow. (1) Sudden fast or slow speed of appearance of the hazardous event; for example, an explosion caused by high fault values under short-circuit conditions. (2) Spatial possibility to withdraw from the hazard. (3) Nature of the component or system; for example, the use of touch-safe components can reduce the probability of contact with energized parts. Working in close proximity to high voltage can increase the probability of personnel being exposed to hazards due to approach to live parts. (4) Possibility of recognition of a hazard; for example, an electrical hazard: a copper bar does not change its appearance, whether or not it is under voltage. To recognize the presence of the hazard, one needs an instrument to establish whether or not electrical equipment is energized; thus, both inadvertent and advertent contact need to be considered. Select the appropriate row for probability of avoiding or limiting harm (Av) from Table F.2.4.3. Insert the appropriate risk level under the Av column in Table F.2.5.

T

able F.2.4.3  Probability of Avoiding or Limiting Harm (Av) Classification Av Risk Level Impossible 5 Rare 3 Probable 1

F.2.5 Risk Level and Probability of Harm. Once the parameters for each hazard under consideration have been entered in Table F.2.5, the information can be used in the first step of the risk assessment process as outlined in Figure F.1(a). Table F.2.5  Parameters for Determining Risk Levels and Probability of Harm (See Figure F.2.1) Zone No. Hazard Se Fr Pr Av

F.3 Risk Reduction.

F.3.1 Protective Measures. Once the risk prior to the application of protective measures has been estimated, all practicable efforts must be made to reduce the risk of harm. Careful consideration of failure modes is an important part of risk reduction. Care should be taken to ensure that both technical and behavioral failures, which could result in ineffective risk reduction, are taken into account during the risk reduction stage of the risk assessment. Situations where hazard elimination cannot be attained typically require a balanced approach in order to reduce the probability of harm. For example, the effective control of access to an electrical system requires the use of barriers, awareness placards, safe operating instructions, qualification and training, and personnel protective equipment as required by this standard, as well as initial and refresher or periodic training for all affected personnel in the area. Engineering controls alone are not sufficient in reducing the remaining risk to a tolerable level. Typically, all five areas of risk reduction must be implemented in order to achieve the desired result. Consideration of all five of the items that follow is required to establish an adequate risk reduction strategy.

F.3.1.1 Engineering Controls. Engineering controls have the potential to have a substantial impact on risk. They should, where practicable, be considered and analyzed. Typically, engineering controls take the form of barriers and other safeguarding devices as described in NFPA 70, National Electrical Code, IEC 60204-1 ed 5.1 Consol. with am 1, Safety of Machinery — Electrical Equipment of Machines — Part 1: General Requirements, 2009 or NFPA 79, Electrical Standard for Industrial Machinery, or a combination thereof.

F.3.1.2 Awareness Devices. Awareness means can be used to complement the effects of engineering controls with regard to risk reduction. They should be chosen based on the design configuration for each specific application and their potential effectiveness during foreseen interaction. Each design and configuration could require unique awareness devices in order to have the desired impact on risk. Typically, awareness means take the form of signs, visual alarms, audible alarms, and so forth.

F.3.1.3 Procedures. Procedures and instructions that are required for the individual(s) to safely interact with the electrical system should be identified. The procedures and instructions should include descriptions of the hazards, the possible hazardous events, hazardous situations, and the protective measures that need to be implemented. The procedures and instructions should also be used to communicate any foreseeable misuse of the system that could contribute to an increased level of risk. Typically, formal procedures should be provided in written form; however, in some cases, verbal instruction can be provided. Care should be taken in the latter case to ensure that the verbal instructions will have the desired impact on risk.

F.3.1.4 Training. Training, with regard to the proper interaction and for foreseeable inappropriate interaction with the electrical system, must be completed. The intent of the training is to ensure that all affected personnel are able to understand when and how hazardous situations could arise and how to best reduce the risk associated with those situations. Typically, training for those interacting with electrical systems will include technical information regarding hazards or hazardous situations, or both, as well as information related to potential failure modes that could impact risk. This type of training generally will be provided by a trainer who has an in-depth understanding of electrical system design, as well as experience in the field of adult education. Less technical training content could be appropriate in situations where only awareness of electrical hazards is needed in order to ensure that unqualified personnel do not interact with the electrical system.

F.3.1.5 Personal Protective Equipment (PPE). The electrical system must be analyzed in order to determine the appropriate category of personal protective equipment (PPE). Once the appropriate PPE has been determined, personnel are required to maintain and use it as required in order to ensure that residual risk remains at the desired level.

F.4 Risk Evaluation.

F.4.1 Risk Evaluation. Once the appropriate protective measures described in F.3.1 have been applied, the impact of those measures on the elements of risk (see Figure F.2.1) should be taken into account. Each type of protective measure could impact one or more of the elements that contribute to risk. The effects on risk, or the impacts on the individual elements of risk, should be considered in the final risk estimation. The cumulative effect of the final combination of protective measures can then be used to estimate the residual risk. Paragraphs F.4.1.1 through F.4.1.5 provide a general nonexhaustive outline that can be used as a guide to the final estimation of risk.

F.4.1.1 Design — Elimination or Substitution by Design. (a) Elimination of the hazard — impacts both severity of harm and likelihood of harm Failure mode(s) examples:

(1) Component(s) failure (2) Application of an incorrect construction or manufacturing specification (3) Incorrect calculation (that is, potential energy, toxicity, strength, durability) (4) Inadequate procurement control (5) Incorrect or insufficient maintenance, or both (b) Substitution — may affect severity of harm, frequency of exposure to the hazard under consideration, or the possibility of avoiding or limiting harm, depending on which method of substitution is applied, or a combination thereof.

Failure mode(s) examples: (1) Unexpected or unanticipated interaction (2) Excessive production pressure (3) Inadequate procurement control

F.4.1.2 Design — Use of Engineering Controls. (a) Greatest impact on the probability of a hazardous event(s) under certain circumstances (b) No impact on severity of harm

Failure mode(s) examples: (1) Incorrect application of construction or manufacturing specification (2) Unanticipated tasks (3) Incentive to circumvent or reduce effectiveness (4) Excessive production pressure (5) Protective system failure F.4.1.3 Use of Systems that Increase Awareness of Potential Hazards. (a) Potential impact on avoiding or limiting harm (b) Potential impact on inadvertent exposure (c) Minimal or no impact on severity of harmFailure mode(s) examples: (1) Too many warning signs (2) Depreciation of effect over time (3) Lack of understanding

F.4.1.4 Organization and Application of a Safe System of Work.

F.4.1.4.1 Personnel training. (a) Greatest impact on avoiding or limiting harm (b) Minimal, if any, impact on severity of harm (c) Possible impact on the probability of a hazardous event(s) under certain circumstances

Failure mode(s) examples: (1) Training not understood (2) Identified hazards not clearly communicated (3) Depreciation of effect over time (4) Training material not current (5) Training not consistent with instructions (6) Training material not inclusive of detail regarding how to perform work

F.4.1.4.2 Access restrictions. (a) Greatest impact on exposure (b) No impact on severity of harm

Failure mode(s) examples: (1) Work permit system does not exist (2) Competency complacency (3) Insufficient monitoring, control, or corrective actions, or combination thereof

F.4.1.4.3 Safe work procedures. (a) Greatest impact on avoiding or limiting harm (b) Minimal, if any, impact on severity of harm (c) Possible impact on the probability of a hazardous event(s) under certain circumstances

Failure mode(s) examples: (1) Inconsistent with the current culture (2) Procedures not current or accessible (3) Does not consider all task, hazards, or hazardous situations, or combination thereof (4) Insufficient monitoring, control, or corrective actions, or combination thereof (5) Instructions not consistent with training content (6) Content too general (for example, “Don’t touch the live parts, be careful.”)

F.4.1.4.4 Policies and instructions. (a) Greatest impact on exposure (b) Possible impact on the probability of a hazardous event(s) under certain circumstances (c) Minimal or no impact on severity of harm

Failure mode(s) examples: (1) Policies and instructions inconsistent (2) Instructions not clearly communicated or accessible (3) Insufficient monitoring, control, or corrective actions, or combination thereof (4) Allows personnel to make the decision to work live without adequate justification

F.4.1.5 Personal Protective Equipment (PPE). (a) Greatest impact on avoiding or limiting harm (b) Potential impact on inadvertent exposure (c) Minimal impact on severity of harm (d) No impact on the probability of a hazardous event(s)

Failure mode(s) examples: (1) Reason for use not understood (2) Creates barriers to effective completion of the work (3) PPE specification inappropriate for the considered hazards (4) Production pressure does not afford time to use or maintain (5) Worker forgets to use when needed (6) Excessive discomfort (7) Perceived invulnerability (8) Insufficient monitoring, control, or corrective actions, or combination thereof

F.5 Risk Reduction Verification.

F.5.1 Verification. Once the assessment has been completed and protective measures have been determined, it is imperative to ensure that the protective measures are implemented prior to initiating the electrical work. While this procedure might not result in a reduction of the PPE required, it could improve the understanding of the properties of the hazards associated with a task to a greater extent and thus allow for improvement in the implementation of the protective measures that have been selected.

F.5.2 Auditing. For each activity that has been assessed, it could be necessary to audit the risk reduction strategy that is applicable. If an audit is required, the auditing process should take place prior to commencing work on electrical systems. An example of a nonexhaustive audit is shown in Figure F.5.2. Each audit process may need to be specific to the properties of the electrical system or the task to be performed, or both.

Figure F.5.2  Sample Auditing Form. g70e-24_2012.png

Tags: