Implementation and results of the PHA

The objectives of the PHA in this case were to identify potential hazards and haz-ardous events involving the autonomous ore-transportation system in the under-ground mine systematically, to estimate the risks, and to assess the safety measures necessary in this particular application. The PHA started with a kick-off meeting in South Africa. Present were the mine-safety officer, the local mine-safety consultant, the safety expert of the system supplier responsible for the system safety on the site, and the author of this thesis for VTT. The available materials were reviewed – among other resources, the mine-specific safety instructions for underground work, local safety regulations, special safety instructions for the use of mobile work machines in the mine, and descriptions of the production and maintenance instructions for the production level. Also, the previous, higher-level risk analysis, conducted for the development of the new underground production level, was reviewed and used as background information for the PHA. The scope for the PHA was specified and limited to the following:

Thesystem life-cycle stages under study were system integration and testing, the system’s commissioning phase, production use of the system, and system decommissioning.

Thesystem’s operating environment covered the LHD production area, the truck haulage area, the workshop area, the draw points, the transfer points, the crusher bin, the fuel bay, and related tunnels at the 630 level.

Activities in the production process such as loading, hauling, drilling, blasting, development, maintenance, repairs, and secondary breaking were considered.

Personnel working in the production area or visiting it in this case included system operators, machine drivers, drillers, subcontractors, cleaners, service personnel, repair workers, construction workers, managers, and geologists.

Themachinery in this case included dump trucks, LHDs, service cars, drilling equipment, and other mine vehicles.

The experiences and results from the earlier automated mining-machinery cases (Case studies 1 and 2) were available in this case and were taken as a baseline for hazard identification. The documentation available consists of the system’s specifications, descriptions of its operation and maintenance concepts, and pro-duction-area layout drawings. Factors such as underground operating conditions, machinery, equipment, materials, human factors, ergonomics, failures, external systems, unexpected problems with utility systems, and unusual events in the area were used as a checklist to support the identification of hazards and hazard-ous events in the underground production area. A new feature for this analysis was separate analysis of the effects on personal safety and other possible effects on machinery or production-area infrastructure.

In this case, the risk estimation was done in a new way – in two phases: firstly, without any safety measures and, secondly, in light of the existing, planned, and proposed safety measures. Firstly, the severity of the consequences and the like-lihood of the harm were estimated in the scenario of the automated system and its environment without any specific risk-reduction measures. The analysis looked at general safety rules and safety instructions for the mine – such as rules for per-sonal protective equipment, requirements for machine visibility, rules on manual machines’ traffic, and underground mining job-safety instructions. Secondly, the risk-reduction measures designed and built into the system concept by the system supplier were recorded. Needs for additional site- and application-specific risk-reduction measures were examined and proposed with respect to both the system supplier’s actions and the mining company’s actions.

The risk-estimation methods for PHA had been developed in consideration of the available risk-assessment and risk-analysis standards SFS IEC 60300-3-9 (2000) and ISO 14121 (1999), the latter now replaced with SFS EN ISO 12100 (2010). The probability of the harm and the severity of the consequences were estimated, with a scheme involving five categories, and the final rating of risk level employed three categories: low, medium, and high risk (see Tables 3, 4, and 5). To assist in the probability estimation, the categories were concretised with the following hints:

1 = Definite harm occurs continuously when the system is operated in the manner specified

2 = Very possible harm can easily occur in normal operation conditions 3 = Possible harm can occur in normal operating conditions

4 = Remotely possible harm can occur only in certain operation conditions 5 = Very unlikely harm can occur only if several errors or failures occur at

the same time.

The severity of the personal-safety consequences and physical damage or loss of production was estimated with the aid of the following hints, which were adapted from the internal risk-assessment guidelines used by the mining company:

1 = Multiple-fatality death of more than one person 2 = Fatality one person dying or being paralysed 3 = Reportable injury one person being seriously injured

4 = Lost-time injury one person being injured (> 3 days’ absence) 5 = Minor or no injury a maximum of 3 days’ absence

1 = Permanent damage catastrophic damage to the production area 2 = Multiple damage items reparable damage to machinery and infrastructure 3 = Major cost implications reparable damage to a machine or loss of

production over several shifts

4 = Loss of time/availability the system being out of use during one shift 5 = Minor or no implications unexpected stopping of the system.

Table 3. Risk rating matrix for estimation of risks to personal safety.

Probability

Table 4. Risk rating matrix for estimation of material damage and production losses.

implications 3 6 9 13 17 20

Lost time or

production 4 10 14 18 21 23

Minor or no cost

implications 5 15 19 22 24 25

Table 5. Risk levels and indication of the necessary corrective actions

Risk level Risk rating Actions

High 1–6 Measures must be taken immediately to make changes in the system. The risk must be reduced.

Medium 7–15 Measures must be taken to develop the system with regard to the issue at hand. The risk must be reduced.

Low 16–25 There should be a plan for developing the system.

The PHA team was composed of four system experts from the system supplier, the safety officer from the mine, a local mine-safety consultant, and two research-ers from VTT. Introductions to the risk-analysis practices and methods used by the mining company and the methods to be used in this case were given to the team at the kick-off meeting in South Africa. In this case, it was not possible to organise the PHA sessions such that all interested parties from the system supplier and with the mining company could have participated. The analysis work had to be adapted to the main project schedule and the availability of the system experts and mine representatives. The solution was for the hazard-identification and risk-estimation work to be done gradually.

In the first phase, two research scientists from VTT prepared a draft version of certain parts of the analysis. The PHA worksheet was developed into the form shown in Appendix 3. In the second phase, the results were reviewed and fleshed out in collaboration with the system supplier’s experts at review meetings in Fin-land. Then, this process was repeated in three iterations. In all, VTT used five full-day analysis sessions to prepare the analysis. One review meeting was held in South Africa. Present at that meeting were the mine-safety officer, the safety

ex-pert of the system supplier, and two researchers from VTT. To obtain practical information and a general overview of the underground conditions on the site, a visit to the underground mine was organised within one project meeting in South Africa. The author of this thesis took part in the visit to the underground production level, which was under construction at the time.

As output of the preliminary hazard analysis, 69 automation-related hazards or hazardous events were identified, among them the following items:

People enter a tunnel where a test driver is driving the dump truck manually.

People enter a tunnel where a machine is moving autonomously during system commissioning.

The wrong machine is selected for tele-operation during system integration and testing.

Service workers are performing repair work in the restricted area when au-tomatic operation starts.

In all, 134 consequences were defined, 81 of them affecting personal safety. The risk-estimation results included 22 of them being assigned ‘high’ level, 57 ‘medium’

level, and two ‘low’ level. In 53 cases, the consequences were deemed to affect the availability of the machinery or influence production volume.

The risk evaluation in the PHA team took into account the safety measures already in place and the safety functions specified for the automated ore-transportation system concept and then considered needs for mine- and machinery-system-specific safety measures. The three-step risk-reduction principle adopted in view of the machinery-safety standard of the time (EN 292-1, 1995), and the Machinery Di-rective of the time (DiDi-rective 98/37/EC, 1998), was amended to include the ideas in thesystem-safety precedence sequence described by Stephenson (1991, p. 11) and by Roland and Moriarty (1983, p. 39). The purpose was to extend the risk evaluation by taking into consideration both the system supplier’s and the mining company’s risk-reduction opportunities and responsibilities. According to Stephenson (1991, p. 11), the system-safety precedence sequence includes the following steps:

Design for minimal hazard Provide safety devices Provide warning devices

Exert control through procedures and training Assess the remaining hazards.

The PHA team created 72 proposals for safety measures, of which 27 were tech-nical requirements for the primary safety functions or for other safety-related func-tions. In total, 45 proposals were made, both for specific safety instructions for the operators’ working in the control room and miners in the automated production area and for general safety instructions for the miners working at the production level near the automated production area. The proposals’ foci included these:

Risks related to the commissioning stage

Operation and support procedures, system-level training, and instructions Operation modes and operation-area status changes

Safety-critical information that need to be shared by subsystems and oper-ation groups

Traffic control in the production area

Troubleshooting and support within the automated area System-level modification management.

The risk evaluation for the situation after the proposed risk-reduction measures uncovered 56 ‘medium’ risks and 25 ‘low’ risks. All ‘high’ risks could be reduced to medium or low level. The number of medium-level risks remaining derives mainly from the philosophy behind the risk-matrix method. The matrix is created such that the highest severity category 1, ‘multiple-fatality’, leads to a designation of medium risk level even if the probability category is estimated to be E, ‘very unlikely’, after all risk-reduction measures. This is the case, for instance, with machine fire situa-tions or collisions with a service vehicle. The PHA report was delivered to the customer in accordance with the terms of the assignment.