Experiences, comments, and observations

5.3.1 The mining company’s experiences and comments

The practical implementation of the analysis and three-level assessment work was discussed and agreed upon at the beginning of the project, and the work was conducted in keeping with the plan. During the project, no specific comments were received on the methodology used. The mining company’s experiences and com-ments associated with the risk-assessment project and its results were detailed in the final review meeting, in April 2001. Present at the meeting were the manager of the semi-automatic ore-transportation system-development project, the under-ground mine’s industrial-safety delegate and the safety engineer, the system ex-pert of the automation system’s supplier, and two researchers from VTT.

According to the mining company, the co-operation in the project went well and the operation and maintenance staff had experienced it as positive to be able to participate in the risk-analysis work. The mining company stated that the results of the project clarified the main areas in which the system improvements need to be concentrated for ensuring the safety of the system and conformity with the Ma-chine Directive’s main health and safety requirements: for an access-control sys-tem that keeps the operation area of the automatic LHDs safe, safety instructions and set daily procedures for use in system operation and maintenance, system software version management and parameterisation, and reliability of the commu-nication throughout the automation system.

The PHA covered the operation situations of the semi-automatic ore-transportation system in the production area, and the upper-system-level HAZOP study was focused on operator actions and system functions. The HAZOP study for on-board machine operations entailed detailed signal-level analysis. System troubleshooting and daily maintenance issues were covered in the PHA, and operators’ actions in system fault situations were touched upon in the upper-system-level HAZOP study of system operations. According to the mining company, the analysis of mainte-nance tasks in the automated production area should have covered the work done on the machine also, such as troubleshooting of the on-board control system and maintenance of the on-board automation components, because they are automa-tion-related work tasks and could perhaps bring new safety risks.

Even though the analysis was focused on safety issues, the mining company stated that it had been valuable to go through the system systematically with the experts from all interested parties and to have a common understanding of the system architecture, system operation, and system functions. The risk analysis brought together experts from all stakeholders in the automation-development project and got them to discuss potential problems and come up with possible solutions and improvements. The mining company also pointed out that the pro-posed corrective actions and proposals for improvement specified in the project were valuable and that many of them would be realised in the system-development project in co-operation with the machine manufacturer and subsystem suppliers.

The importance of the analysis documentation format and how the results – identified hazards, hazardous events, causes and consequences, risk levels, existing safety measures, and proposals for additional safety measures – are described in the worksheets was brought up by the industrial partners. As one of the mining company’s representatives stated at the final review meeting, the anal-ysis results were, in places, too briefly expressed and difficult to understand, es-pecially for those who were not themselves participating in the analysis sessions.

5.3.2 Observations

The semi-automatic ore-transportation system had been developed, implemented, and extended in the course of several years at the mine. One of the strongest motivations for this project was the mining company becoming aware of its re-sponsibility for the safety of the whole automated ore-transportation system. The mining company had developed the system in co-operation with the subsystem suppliers, integrated the control room and on-board subsystems into the automat-ed production system, and then startautomat-ed to use the system. Under the Machinery Directive, the mining company became the ‘manufacturer’ of the semi-automatic ore-transportation system. The mining company wanted to have a fuller picture of the safety risks linked to operation and maintenance of the system, not just the basis and reasoning for the safety requirements and safeguarding solutions.

The project in question was the first risk-analysis assignment for such a complex automated mobile work-machine system and, as such, gave researchers valuable information and experience of how to carry out hazard identification and risk evalua-tion of a complex machinery system in co-operaevalua-tion with multiple industrial partners.

The PHA was carried out with traditional brainstorming and team discussion methods. The identification of the work-related hazards was grounded in the com-pany representatives’ many years of experience of mining work and personal experiences of work with the automated LHD system. The analysis proceeded smoothly, and discussion was lively. The role of the VTT researchers was mainly to keep the discussion focused on the question at hand and record the results. In the four full-day analysis sessions, 58 findings of automation-related hazards or hazardous events were identified and 51 distinct proposals were generated and specified.

The upper-system-level HAZOP study of system operations and related system functions completed the higher-level risk analyses by analysing the effects of possible functionality deviations (both human error and system failure) on the selected system operations. In total, 83 deviations were identified, and 24 pro-posals for corrective actions were defined. Some of the hazardous events caused by these functionality deviations had been identified already in the PHA. New hazardous events were identified as the analysis advanced to a more detailed level in the operation procedures and technical failures. No precise value associ-ated with the new hazards as compared with the earlier results can be presented here, because of the insufficient and inexact expression of the findings.

The efficiency of analysis methods can be evaluated via examination of the ef-fort applied in the analysis versus the number and quality of results yielded. In the PHA meetings, a large amount of time was devoted to general discussion of the work management in the automated production area, prioritisation of production and maintenance activities, daily work scheduling, and communication between the production team and the maintenance teams. Systematic analysis of the sys-tem functions in the upper-syssys-tem-level HAZOP study sessions and discussion of the possible technical problems and failures at higher level, without delving into details of message or signal characteristics, turned out to be important for ena-bling all interested parties to understand the existing capabilities of detecting fail-ures and the existing inherent redundant information channels. These discussions were not always related to the analysis in question, but, in fact, they were of great value for the mining company, as was indicated at the final review meeting for the assignment.

The on-board system HAZOP study at detailed signal level was the most labo-rious analysis task in this case. In addition to the actual work to analyse the 19 selected functions, great effort was undergone at VTT to collect the necessary information from various design documents and to create the function-level draw-ings that made it possible to analyse the on-board system functions in such detail.

The HAZOP method, with the aid of guide words, revealed 326 deviations from designed signal characteristics. Most of them involved control-system reliability issues. Accordingly, in addition to the corrective actions related to the 10 safe-ty-critical deviations, much important information was produced for improvement of the on-board system reliability and availability. The traditional worksheet text doc-ument turned out to be laborious to create and maintain. For greater efficiency of the analysis work, tele-meeting techniques used with shared documents were applied in a smaller group in the risk-estimation phase. Experiences of that tele-meeting technique were positive.

A risk-estimation method using three categories for the probability of occur-rence of harm and for the severity of the harm, with clarifying hints, was consid-ered simple and general enough for qualitative expert estimation in PHA. The simplicity of the method caused difficulties for the evaluation and prioritising of the risks. For example, severity level 3, meaning fatality, and probability level 2 to-gether give the same risk level as severity level 2, meaning reportable injury, in combination with probability 3. The same three-category estimation method, with

differently specified criteria, was used in the on-board system HAZOP study.

When the results were compared with the PHA results, the different expression of the same severity or probability categories caused lack of clarity and created some extra work for interpretation of the results.

Use of the semi-automatic ore-transportation system continued in Kiruna in varying extent for several years after the assignment. Some years ago, the mining company stopped using the system, for various reasons (Gustafson 2011, p. 23).

According to the machine manufacturer’s experts interviewed in March 2012, no automation-related accidents caused by the automated machinery had been re-ported to the machine manufacturer.