View
2
Download
0
Category
Preview:
Citation preview
SyRIO 1.3
System for Reporting the Incidents in
Offshore Oil and Gas Operations
– Overview and the User guide –
Document No: 1
Revision No: 1.3
Revision date: 30/10/2016
Document title SyRIO 1.3 – Overview and User Guide
Document version 1
Document revision 1.3
Document date 30/10/2016
Authors Bogdan Vamanu (bogdan.vamanu@jrc.ec.europa.eu)
Stefano Tarantola (stefano.tarantola@jrc.ec.europa.eu)
Contributors Stefania Contini (stefania.contini@ext.jrc.ec.europa.eu)
Shlomo Wald (shlomo.wald@jrc.ec.europa.eu)
Jessica Cavestro (jessica.cavestro@ext.jrc.ec.europa.eu)
Table of Contents
Table of Contents
List of Figures vii
List of Tables x
The Background 1
History of SyRIO .................................................................................................................................. 1
The Online Reporting Platforms in the context of the European Legislation ..................................... 2
The tasks, the issues, the solution ...................................................................................................... 3
SyRIO Overview 8
What is SyRIO ...................................................................................................................................... 8
Design and Functional characteristics ................................................................................................ 9
What it offers .................................................................................................................................... 12
Operators/Owners ........................................................................................................................ 13
To the Competent Authority ......................................................................................................... 16
Assumptions and concepts ................................................................................................................... 19
Reporting and assessing incidents in SyRIO ...................................................................................... 19
The Incident Report .......................................................................................................................... 21
The Reporting assumptions and SyRIO Assets .................................................................................. 22
The Users – types and credentials .................................................................................................... 23
The ‘tight’ vs. ‘loose’ control in managing the assets ....................................................................... 25
The Registration Process ................................................................................................................... 26
The Operators and Owners ........................................................................................................... 26
The Competent Authority ............................................................................................................. 29
CA / System Administrator tasks................................................................................................... 30
SyRIO roles and credentials – the in-depth ...................................................................................... 32
Application Structure ............................................................................................................................ 37
The Logical Blocks ............................................................................................................................. 37
The CRF Reporting ......................................................................................................................... 37
The Major Accident (MA) Assessment .......................................................................................... 38
The Annual Report Builder ............................................................................................................ 38
The Management blocks ............................................................................................................... 39
The Assets Management block ................................................................................................. 39
The Requests Management block ............................................................................................. 39
The Units Management block ................................................................................................... 39
The Holidays Management block .............................................................................................. 40
The Translations Management block ........................................................................................ 41
The Site Map ..................................................................................................................................... 41
Operators/Owners ........................................................................................................................ 42
Competent Authorities ................................................................................................................. 42
Administrators .............................................................................................................................. 43
Main Interface 44
SyRIO – Operators / Owners ............................................................................................................. 45
Home ............................................................................................................................................. 45
The Events Hub (Registered Events) ............................................................................................. 47
Deleted Events .............................................................................................................................. 53
Register New Event ....................................................................................................................... 54
The Event Declaration page .......................................................................................................... 56
Modify Event Declaration page..................................................................................................... 57
The Event Drafts page ................................................................................................................... 58
Draft Event Categorization ............................................................................................................ 63
New Draft / Modify Event Categorization .................................................................................... 65
Draft Section page ......................................................................................................................... 66
CRF Editor ...................................................................................................................................... 69
Submit Report Confirmation ......................................................................................................... 70
The CRF Review Page .................................................................................................................... 71
SyRIO – Competent Authorities ........................................................................................................ 72
Home ............................................................................................................................................. 72
Reported incidents ........................................................................................................................ 73
View incident report ..................................................................................................................... 77
Assess incident report ................................................................................................................... 80
Annual Report Preparation ........................................................................................................... 82
Incident CPF classification ............................................................................................................. 85
Update Incident CPF classification ................................................................................................ 87
Annual Reports.............................................................................................................................. 89
Create Annual Report ................................................................................................................... 91
Annual Report Editor .................................................................................................................... 92
Update Reported Installation ....................................................................................................... 95
Add Operation Area page ............................................................................................................. 96
Information for Data Normalization Purposes page ..................................................................... 97
Annual Report Section 3 – Update page ....................................................................................... 98
Annual Report Section 3 – Add Reference page ......................................................................... 100
Register/edit Document page ..................................................................................................... 101
Documents page ......................................................................................................................... 102
Reporting history ........................................................................................................................ 103
SyRIO – Management ..................................................................................................................... 105
The Management Hub ................................................................................................................ 105
For more information on the default credentials depending on the user roles please consult
section ............................................................................................................................................. 105
Organizations .............................................................................................................................. 106
Register Organization .................................................................................................................. 109
Organization Details .................................................................................................................... 111
Edit Organization......................................................................................................................... 112
Installations ................................................................................................................................. 113
Register / Update Installation ..................................................................................................... 116
Installation Details ...................................................................................................................... 117
Users ........................................................................................................................................... 118
Register / Update User ................................................................................................................ 121
User details ................................................................................................................................. 123
Requests page ............................................................................................................................. 124
Requests list page ....................................................................................................................... 125
Process Request .......................................................................................................................... 127
Units ............................................................................................................................................ 129
Create/Edit Unit .......................................................................................................................... 131
Holidays ....................................................................................................................................... 132
Create/Edit Holiday ..................................................................................................................... 133
Translations ................................................................................................................................. 135
Source Messages ......................................................................................................................... 137
Register new/Modify source message ........................................................................................ 139
Register new language ................................................................................................................ 140
View Translations ........................................................................................................................ 141
Message translation .................................................................................................................... 142
The Advanced filters ....................................................................................................................... 143
Advanced date filter .................................................................................................................... 143
Advanced incident type filter ...................................................................................................... 143
Using SyRIO 144
The Operators / Owners ................................................................................................................. 144
Incident reporting ....................................................................................................................... 144
Register event ......................................................................................................................... 147
Create an Incident Report Draft .............................................................................................. 147
Draft Report Section ............................................................................................................... 147
Finalize report (sections, draft) ............................................................................................... 148
Sign report (draft) ................................................................................................................... 151
Submit report .......................................................................................................................... 152
Verify reporting status ................................................................................................................ 154
Re-submit the report .................................................................................................................. 154
Incident reports management .................................................................................................... 156
The Competent Authority ............................................................................................................... 157
Incident Assessment in terms of Major Accident ....................................................................... 157
Visualize the incident report ............................................................................................... 159
Assess incident in terms of MA ........................................................................................... 160
Finalize assessment ............................................................................................................. 160
Re-open assessment ........................................................................................................... 161
Annual Report ............................................................................................................................. 161
Preparation ............................................................................................................................. 162
Annual Report Drafting / Exporting ........................................................................................ 166
Installation 179
Minimum requirements .................................................................................................................. 179
General recommendations ............................................................................................................. 179
Installation process ......................................................................................................................... 179
Setup database ........................................................................................................................... 180
Application setup ........................................................................................................................ 181
Annex I – SyRIO CPF inference engine – CPF assessment assumptions ............................................. 186
Annex II – SyRIO Units ......................................................................................................................... 191
vii
List of Figures
Figure 1. Offshore Oil & Gas activities in Europe .................................................................................... 2
Figure 2. Reporting flow as required by Directive 2013/30/EU .............................................................. 4
Figure 3. Reporting flow, stakeholders and information boundaries ..................................................... 4
Figure 4. The two-platform architecture. Information flow and access to resources. ........................... 5
Figure 5. SyRIO and SPIROS input-output configuration ........................................................................ 6
Figure 6. Separation of access and rights in the operators & owners case. ......................................... 11
Figure 7. Event reporting history – format and tracked information (operators/owners) .................. 15
Figure 8. SyRIO Incident reporting/assessment lifecycle ...................................................................... 19
Figure 9. Incident report structure in SyRIO - Operators and Owners ................................................. 21
Figure 10. Incident report structure in SyRIO - Competent Authority .................................................. 22
Figure 11. User groups and basic credentials - the RBAC hierarchical structure ................................. 25
Figure 12. Assets registration workflow for operators/owners ........................................................... 26
Figure 13. Assets registration workflow for Competent Authorities .................................................... 29
Figure 14. Request processing page. .................................................................................................... 31
Figure 15. Main logical blocks/modules ............................................................................................... 37
Figure 16. Operators/Owners Home Page ............................................................................................ 45
Figure 17. Incidents Status Card ........................................................................................................... 45
Figure 18. Registered Events page ........................................................................................................ 47
Figure 19. Event record details ............................................................................................................. 48
Figure 20. Event declaration audit details ............................................................................................ 48
Figure 21. Reporting dates cell ............................................................................................................. 49
Figure 22. Report submission dates details .......................................................................................... 49
Figure 23. Deleted events page ............................................................................................................ 53
Figure 24. Register new event page ...................................................................................................... 54
Figure 25. The Event Declaration page ................................................................................................. 56
Figure 26. Event Drafts page ................................................................................................................. 58
Figure 27. Event Draft record. Same draft in different phases of the event reporting lifecycle .......... 59
Figure 28. Draft Event Categorization page .......................................................................................... 63
Figure 29.Modify Event Categorization page ........................................................................................ 65
Figure 30. Draft Section page – section mode ...................................................................................... 66
Figure 31. Draft Section page – sub-section mode ............................................................................... 66
Figure 32. Various displays of the Draft Section actions block ............................................................. 67
Figure 33. Draft navigation widget - various snapshots ....................................................................... 68
Figure 34. CRF Editor ............................................................................................................................. 69
Figure 35. Submit Report Confirmation page ....................................................................................... 70
Figure 36. The CRF Review page. .......................................................................................................... 71
Figure 37. Home page - Competent Authority ..................................................................................... 72
Figure 38. Reported incidents - Competent Authority ......................................................................... 73
Figure 39. Reported incident details - Competent Authority .............................................................. 74
Figure 40. Reporting dates .................................................................................................................... 75
Figure 41. View incident report - Competent Authority ....................................................................... 77
file:///C:/Users/vamanbo/Documents/Final%20report%20SyRIO%201.0/SyRIO_User_Manual_1.1.4.docx%23_Toc466036257file:///C:/Users/vamanbo/Documents/Final%20report%20SyRIO%201.0/SyRIO_User_Manual_1.1.4.docx%23_Toc466036260
viii
Figure 42. Example of complete section (Competent Authority part included) in the View incident
report .................................................................................................................................................... 78
Figure 43. Incident rejection justification page .................................................................................... 79
Figure 44. Assess incident report page (top) - Competent Authority ................................................... 80
Figure 45. Assess incident report page (bottom) - the Competent Authority section and control block
.............................................................................................................................................................. 80
Figure 46. Annual Report Preparation page - Competent Authority .................................................... 82
Figure 47. Incidents list - assessment in terms of Section 4 of the CPF - header and record
information ........................................................................................................................................... 83
Figure 48. Incident CPF Classification page - Competent Authority ..................................................... 85
Figure 49. SyRIO findings and User's options ....................................................................................... 86
Figure 50. Update Incident CPF Classification page - Competent Authority ........................................ 87
Figure 51. SyRIO findings and User's options in Edit mode .................................................................. 88
Figure 52. The Annual Reports page - Competent Authority ............................................................... 89
Figure 53. Create Annual Report page - Competent Authority ............................................................ 91
Figure 54. Annual Report editor - Competent Authority ...................................................................... 92
Figure 55. Contextual message block - illustrative. .............................................................................. 93
Figure 56. Update Reported Installation page ...................................................................................... 95
Figure 57. Add MODU Operation Area page ........................................................................................ 96
Figure 58. Information for Data Normalization Purposes page ............................................................ 97
Figure 59. Annual Report Section 3 – Update page .............................................................................. 98
Figure 60. Annual Report Section 3 - Add Reference page ................................................................. 100
Figure 61. Register/edit Document page ............................................................................................ 101
Figure 62. Documents page ................................................................................................................ 102
Figure 63. Reporting history - CA perspective .................................................................................... 103
Figure 64. The Management Hub page .............................................................................................. 105
Figure 65. Organization page .............................................................................................................. 106
Figure 66. Register Organization page (a) Organization type selection; (b) Operators/Owners
Organization; (c) Competent Authority Organization ......................................................................... 109
Figure 67. Modify Organization page.................................................................................................. 112
Figure 68. Installation page - the CA perspective .............................................................................. 113
Figure 69. Installation record - system administrator view ................................................................ 113
Figure 70. Register/Update Installation .............................................................................................. 116
Figure 71. Installation Details page – the user view (i.e. no Update button) ..................................... 117
Figure 72. Registered Users page ....................................................................................................... 118
Figure 73. SyRIO User - Register / Edit pages (a) Operator / owner; (b) Installation; (c) Competent
Authority ............................................................................................................................................. 121
Figure 74. User details page ................................................................................................................ 123
Figure 75. The Requests page – administrator view ........................................................................... 124
Figure 76. The Requests list page ....................................................................................................... 125
Figure 77. Request processing page ................................................................................................... 127
Figure 78. The Units page ................................................................................................................... 129
Figure 79. Create and Edit Unit pages (a) Create unit; (b) Update unit .............................................. 131
Figure 80. The Holidays page .............................................................................................................. 132
Figure 81. Create Holiday page ........................................................................................................... 133
ix
Figure 82. Update Holiday page .......................................................................................................... 133
Figure 83. Translations page ............................................................................................................... 135
Figure 84. Translations - Source Messages page ................................................................................ 137
Figure 85. Translations – Register new / Modify Source Message page ............................................ 139
Figure 86. Translations - Register new language page. ...................................................................... 140
Figure 87. Translations - View Translations page ............................................................................... 141
Figure 88. Translations - Message Translation page ........................................................................... 142
Figure 89. Incident reporting workflow - Operators and Owners ...................................................... 144
Figure 90. Draft navigation widget ..................................................................................................... 148
Figure 91. Section completeness validation – success message There are sections to be finalized
(top); Last section finalized (bottom) ................................................................................................. 149
Figure 92. Section completeness validation – failure message .......................................................... 150
Figure 93. Report completeness validation – failure message. .......................................................... 151
Figure 94. 'Ready-to-be-signed' draft record in the event drafts list ................................................. 151
Figure 95. 'Ready-to-be-submitted’ draft record in the event drafts list ........................................... 153
Figure 96. Dates/status column - accepted report ............................................................................. 154
Figure 97. Rejected report – rejected draft record with rejection justification displayed ................. 155
Figure 98. Reporting history - report rejection justification. .............................................................. 155
Figure 99. Competent Authority - tasks overview .............................................................................. 157
Figure 100. The Competent Authority section at the end of each section of the CRF report - excerpt
from the official IR 1112/2014 document .......................................................................................... 158
Figure 101. Incident report received notification mail ....................................................................... 158
Figure 102. Incident MA assessment - the workflow ......................................................................... 159
Figure 103. MA Unassessed report record ......................................................................................... 160
Figure 104. The Tasks section of CA Home page ................................................................................ 160
Figure 105. Relationship between CA tasks and SyRIO support ......................................................... 162
Figure 106. Refresh results notification .............................................................................................. 164
Figure 107. Refresh sections required message. ................................................................................ 169
Figure 108. Generic workflow for Annual Report drafting ................................................................. 170
Figure 109. Operation area block for a mobile installation in Table 2.3 ............................................ 173
file:///C:/Users/vamanbo/Documents/Final%20report%20SyRIO%201.0/SyRIO_User_Manual_1.1.4.docx%23_Toc466036330file:///C:/Users/vamanbo/Documents/Final%20report%20SyRIO%201.0/SyRIO_User_Manual_1.1.4.docx%23_Toc466036336
x
List of Tables
Table 1. Operator/Owner user credentials - Reporting ........................................................................ 33
Table 2. Operator/Owner user credentials - SyRIO assets ................................................................... 33
Table 3. Operator/Owner user credentials - SyRIO admin/management ............................................ 34
Table 4. Competent Authority user credentials – Incident assessment and Annual Report ................ 34
Table 5. Competent Authority user credentials - SyRIO Assets ............................................................ 34
Table 6. Competent Authority user credentials - admin/management ............................................... 35
Table 7. Possible states of the Reporting dates icons - description ..................................................... 50
Table 8. Report CA status icons and OO tasks. ..................................................................................... 50
Table 9. Reporting status in respect to the deadline ............................................................................ 50
Table 10. Report drafting status - possible icons and description ........................................................ 59
Table 11. Report CA status - possible icons, description and user tasks. ............................................. 59
Table 12. CRF Sections drafting status .................................................................................................. 60
Table 13. Drafts list action column buttons .......................................................................................... 61
Table 14. Possible states for MA/CPF assessment ................................................................................ 75
Table 15. Possible values of the incident assessment status (assessment in terms of Section 4 of CPF)
.............................................................................................................................................................. 83
Table 16. Possible values for SyRIO findings ......................................................................................... 86
Table 17. Possible values for SyRIO findings – Edit mode .................................................................... 88
Table 18. Possible synchronization icons and meanings ...................................................................... 90
Table 19. History events actors ........................................................................................................... 104
Table 20. Reporting actions tracked - Competent Authority .............................................................. 104
Table 21. The Organization details page – Competent Authority Organization as example .............. 111
Table 22. User category icons ............................................................................................................. 119
Table 23. Examples of the advanced date filter queries. .................................................................... 143
Table 24. Report CA Status. Possible values ....................................................................................... 154
SyRIO 1.3 (rev.1.1.3) The background
1
The Background
History of SyRIO After the Deepwater Horizon accident in 2010, the need for legislation at the EU level on safety in
the offshore oil and gas sector became evident. For this purpose, Directive 2013/30/EU was
published in 2013. One of the requirements of Directive 2013/30/EU established that offshore
operators and owners shall report incidents and major accidents which occurred on their
installations, as listed in Annex IX of the Directive. Incident/major accident reports should be sent to
the Competent Authorities of the Member States in whose jurisdiction the incident took place.
The type and amount of information to be provided to the MS Competent Authorities, was
thoroughly discussed by the European Union Offshore Authorities Group (EUOAG), which proposed
the use of a Common Reporting Format for the reporting of accidental events, as listed in Annex IX.
The Common Reporting Format was officially adopted in October 2014 with Commission
Implementing Regulation 1112/2014.
In order to provide an efficient way for operators/owners to send incident reports to the MS
Competent Authorities, the development of a software tool was proposed by the Joint Research
Centre to the members of the EUOAG in November 2014, at the 8th EUOAG meeting.
This software tool, named SyRIO (i.e. System for Reporting Incidents in Offshore Oil and Gas
Operations), was conceived to support operators, Member States and the EU Commission to meet
the reporting requirements of Directive 2013/30/EU and Implementing Regulation 1112/2014, by:
providing offshore operators and owners an efficient and secure way for sending
incident/major accident reports to the MS Competent Authorities;
providing the MS Competent Authorities
o the ways and means of assessing the reports submitted by the operators and
owners;
o the tools for drafting the Annual Report (to be submitted to the Commission) based
on the aggregated information in the individual reports;
allowing MS Competent Authorities to keep track of (and store information on) all
incidents/major accidents which occurred in their jurisdictions;
providing operators/owners and the Member States the necessary means for managing
incident-related data.
Following the interest expressed by several Member States for SyRIO, the Commission’s Directorate
General for Energy (DG ENER) decided to commission the development of the platform to the JRC
(Directorate C. Energy, Transport and Climate – ETC1).
A functional version of SyRIO (the proof of concept) was presented to the Member States and DG
ENER at the 9th EUOAG meeting in Brussels in February 2015. This has been followed by the
demonstration of the alpha version in May 2015. As of October 2015, following the presentation of
the platform and the first hands-on testing from the CA (the Annual Workshop of the European
1 Previously, the Institute for Energy and Transport (IET); until 30
th of June 2016.
SyRIO 1.3 (rev.1.1.3) The background
2
Union Offshore Oil and Gas Authorities Group, Cyprus, Nicosia) SyRIO beta has been made available
online to the interested Member States for further testing, feedback and promoting the platform to
the offshore Operators / Owners in their jurisdiction.
The feedback and comments provided by the Member States have been dully accounted and have
been incorporated in version 1.0 of the software tool (February 2016). By the time of the official
distribution to the MS, SyRIO went through a continuous series of tests that resulted in several
improvements being made to the application. The distributed version, hence the subject of this
document is SyRIO 1.3.
The Online Reporting Platforms in the context of the European Legislation The offshore Oil & Gas Industry is very important to the EU economy. Sixteen2 EU Member States
are involved in the Industry, and offshore exploration and production activities are carried out in a
number of EU geographical areas, namely the North Sea, the Mediterranean Sea, the Baltic Sea, the
Black Sea, and the Atlantic Ocean (Figure 1).
Figure 1. Offshore Oil & Gas activities in Europe
In June 2013, the European Parliament and the Council officially adopted Directive 2013/30/EU (or
Offshore Safety Directive, OSD) on “safety of offshore oil and gas operations and amending Directive
2004/35/CE” with the purpose of establishing minimum requirements for the prevention of major
accidents in offshore oil and gas operations and for limiting the consequences of such events.
A special focus was driven towards transparency and sharing of information between the different
actors in the business (operators and owners, Member States, Commission and the Public). In this
2 BG, HR, CY, DK, FR, DE, GR, IRE, IT, MT, NL, PL, PT, RO, ES, UK
SyRIO 1.3 (rev.1.1.3) The background
3
line, Chapter V of the OSD outlines the requirements to operators, Member States and the European
Commission on transparency and sharing of information concerning incidents and major accidents in
the offshore sector.
Article 23 (“Sharing of information”) and article 24 (“Transparency”) specifically mention that
Commission’s obligations include the determination of:
a Common Reporting Format (CRF), for the reporting of accidental events, as listed in Annex
IX of the OSD;
a Common Publication Format (CPF), in order to allow for cross-border comparison of data
on offshore incidents and major accidents and to make such data publicly available on an
annual basis.
As requested by the Directive, these formats had to be adopted by the Commission by means of an
Implementing Act. For this purpose, an ad-hoc working group composed of members of the EUOAG
was set up. The Oil and Gas Team of the JRC-ETC-ESDM3 also joined this effort, proposals and
contributions on their behalf being duly noted and considered during the meetings of the working
group.
On October 13th, 2014, Commission Implementing Regulation No.1112/2014 “determining a
common format for sharing of information on major hazard indicators by the operators and owners
of offshore oil and gas installations and a common format for the publication of the information on
major hazard indicators by the Member States” (hereafter referred to as IR 1112/2014) was officially
adopted.
The two documents (Directive 2013/30/EU and IR 1112/2014) are the foundation on which the two
(see next section) reporting software platforms are laid on.
The tasks, the issues, the solution According to the OSD there are two types of reporting tasks in respect to the safety of the offshore
activities (Figure 1). The first, deals with the obligation of the operators and owners (the OO) to
inform the Member States Competent Authority (MS CA) any offshore incident that falls under one
or more of the categories in Annex IX of the OSD (hereafter named the Incident Report or the CRF
Report). The second, falls under the responsibility of the MS CA and implies drafting an yearly
holistic report on the offshore activities in their jurisdiction (referred to as the MS Annual Report or,
shortly, the Annual Report or CPF report).
One of the first activities in the development of the reporting platforms was the identification of the
stakeholders their needs, and their concerns.
Four classes of stakeholders have been identified:
- Operators/owners4 of offshore installations (the Industry);
- MS Competent Authorities5 for offshore safety (the National Regulators);
- European Commission6 (European Regulators);
3 ESDM – Energy Security, Distribution and Markets
4 Opertors/owners – OO
5 Competent Authority – CA
SyRIO 1.3 (rev.1.1.3) The background
4
- EU citizens (the Public).
Figure 2. Reporting flow as required by Directive 2013/30/EU
With the exception of the public, all the other actors must fulfil specific reporting obligations, and
produce different types of incident/major accident reports, with different timings. From the
reporting perspective, only three of these actors play an ‘active’ role (OO, CA, COM).
It has also been remarked that reporting in the context of the Offshore Directive is a bi-lateral,
disjoined business between these actors. There are two main lines of communications: one between
the OO and the CA, and the second between the CA and the COM. Hence, the individual offshore
accidents are reported by OO to the CA, while the annual report on Safety Indicators is reported by
the CA to the COM (Figure 3).
Figure 3. Reporting flow, stakeholders and information boundaries
6 European Commission – COM
SyRIO 1.3 (rev.1.1.3) The background
5
These findings lead to defining the core confidentiality and functional requirements of the overall IT
solution.
Thus, the access to an incident report sent by Operator A must be restricted to Operator A and the
Competent Authority under which jurisdiction the incident occurred (the horizontal dimension of
confidentiality). Moreover, Operator A’s reports must be isolated from other operators activating in
the same jurisdiction (the vertical dimension of confidentiality).
Things are also valid for the second reporting task: The Annual Report of MS A must be accessible by
MS A and the Commission (the horizontal dimension of confidentiality), and isolated from the other
Member States reports (the vertical dimension).
The solution adopted for dealing with the vertical confidentiality was the development of two
separate reporting platforms: SyRIO (System for Reporting Incidents in Offshore Oil and Gas
Operations) that handles the communication between to OO and the CA; and SPIROS (Safety
Performance Indicators Reporting of the Offshore Oil & Gas Activities) that handles the
communication of the Annual Reports from the MS to the COM (Figure 4).
Figure 4. The two-platform architecture. Information flow and access to resources.
The horizontal confidentiality is guaranteed at each application level through the implementation of
an authentication and authorization system.
Since part of the annual reports (especially CPF Section 4. Incident Data and Performance of
Offshore Operations) is based on aggregated information from the individual incident reports, and
due to the fact that – in the current architecture – the information (the data) between the two
applications is completely separated (two physically distinct databases), a new feature has been
added to SyRIO: providing the CA with a set of tools for, and assistance in:
- drafting the Annual Report based on the information in the incident reports;
- generating an export file which, upon the upload on the SPIROS platform, will represent
(part of) the MS Annual Report to the COM.
SyRIO 1.3 (rev.1.1.3) The background
6
From an input-output perspective, SyRIO has as output the (partly completed7) annual report that is
an input for SPIROS.
To be consistent with the transparency principle, the XML8 markup language has been adopted for
the format (encoding) of the Annual Report export file. For facilitating the communication and for
ensuring the consistency in terms of the data formats, an XML Schema9 (SPIROS Schema) has been
also developed.
Figure 5. SyRIO and SPIROS input-output configuration
Adoption of the ‘two separate platforms’ approach is also justified by another consideration: the
high variability in terms of the clients. Potential clients might have different needs, requirements,
experience, or even an already existing reporting infrastructure (i.e. operational IT systems, existing
incident communication ways and means, in-place network architecture, etc.).
By separating the reporting tasks in two platforms, and also by adopting XML as the annual report
file format (together with providing the SPIROS schema), we allowed the MS that might only be
interested in the communication with the Commission to take advantage of the safe and sound
infrastructure for reporting the Annual Report (SPIROS) to the Commission. With a minimum effort,
such a MS can plug-in in the overall reporting context by providing an XML file – built following the
SPIROS schema – at the input of the SPIROS platform.
The variability of the clients was also duly taken into account throughout the design and
development phases of the platforms and it is reflected in the technologies and the IT solutions
adopted.
SyRIO is distributed by DG ENER under the EUPL10 license to all of the Competent Authorities of the
MS. The Competent Authorities should, upon adopting the solution, install SyRIO on their own
servers (application and database), thus becoming the owners of the platform (application and
data).
7 See Drafting the Annual Report section
8 The Extensible Markup Language (XML) is a language that defines a set of rules for encoding documents in a
format that is both human and machine-readable. 9 An XML Schema is a set of constraints on the structure and content of an XML document.
10 EUPL – the European Union Public License. See more at:
https://joinup.ec.europa.eu/community/eupl/og_page/eupl
https://joinup.ec.europa.eu/community/eupl/og_page/eupl
SyRIO 1.3 (rev.1.1.3) The background
7
SPIROS will be hosted on the Commission servers, the MS being granted the use of the platform as
users.
The rest of this document will address the SyRIO reporting platform. The subjects covered are
grouped in six main sections, as follows.
An overview of SyRIO, including the main design and functional requirements that have guided the
development of the application is given in SyRIO Overview (pg. 8). The focus is driven towards the
security and confidentaility of information. An outline of the main information provided to each type
of the actors is also provided.
The governing assumptions and concepts are introduced in Assumptions and concepts (pg.19). The
topics addressed in this section include the introduction of the main workflows in terms of
reporting/assessing the incidents; the notion of SyRIO assets (i.e. organizations, installations, users)
the asset registration process; and the structure of a SyRIO incident report.
An overview of the main logical blocks and the application site map is presented in Application
Structure (pg. 37).
The interface of the application is covered in Main Interface (pg.44). Each of the pages of the web
site is exhaustively introduced. Indications on ‘how to read’ the information at hand and which are
the possible actions are offered. It is intended that this section would also provide support during
going through the next section of the document, which is Using SyRIO (pg.144)
The last subjects covered are the installation and setup of SyRIO (Installation, pg.179). This section is
mainly oriented to the IT professionals.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
8
SyRIO Overview
What is SyRIO SyRIO is the IT solution proposed by the Commission to the MS for the communication of the
offshore incidents from the Operators/Owners to the Competent Authorities.
SyRIO is developed by the Commission (JRC-ETC) and distributed (by DG ENER) to the Competent
Authorities. When installing SyRIO on their own servers (application and database), the Competent
Authorities become the owners of the application and data.
SyRIO is an online (Internet) web application accessible from the web browser. This solution has
been identified and adopted as conferring the most flexibility in terms of the accessibility and (client)
hardware requirements; thus, SyRIO can be used:
- from any place that has Internet coverage;
- from any operating system, e.g. Windows, Linux, Android, etc. (i.e. is OS11 agnostic);
- from any hardware - desktop (recommended), tablet, mobile phone.
Moreover, having the system as a web platform overcomes any possible constraints enforced
through the operators and owners’ organization software policies, requiring no installation of
software on the client computers.
From the functional standpoint SyRIO provides a safe and secured way of transmitting the
information related to the offshore incidents from the operators and owners to the Competent
Authority. For the Competent Authorities, SyRIO also offers the informative support and the
appropriate set of tools for helping in drafting the annual report based on the information in the
individual incident reports.
Nevertheless, SyRIO has been designed to be more than that. By the type and the variety of the
information provided, and by the tools and functionalities available, SyRIO is intended to be not only
a reporting assistant but also a support for self-assessment of the reporting performances. We may
say that, from this perspective, SyRIO is envisaged to be an offshore incident reporting management
system.
At a very high level, SyRIO guarantees:
- Fast and reliable offshore incident reporting;
- Conformity with the OSD provisions;
- Conformity with the IR 1112/2014 formats;
- Safety information exchange;
- Unified approach with other MS (also adopting SyRIO).
SyRIO gives the users full control on what information is sent and when. There is, however, a series
of validation rules that enforce consistency of data and reduce the risk of incomplete information
being reported.
11
Operating System
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
9
SyRIO exhibits a set of features intended in making life easier to all the actors involved in the
process; thus, when using the application:
The Operators and Owners get:
- Access to a centralized hub of reports – from anywhere, at anytime
- Assistance in filling in the incident report (CRF)
- Confirmation that the format and content of the report is consistent with the Common
Reporting Format (IR 1112/2014 Annex I)
- Possibility of keeping reporting up-to-date in case of longer events
- Historical data
- Incident reporting history (dates and operations)
- A channel of communication with the Competent Authority in respect of the incident
reporting requirements
- An (additional) source of data for internal assessments
- Information on the reporting performance.
The Competent Authority gets:
- Centralized offshore incident reporting hub (all the CRF reports in one place)
- Assurance that the reports submitted by the operators are compliant with the CRF.
- The information and tools for performing their incident reporting tasks (i.e. assessment of
the reports in terms of Major Accident)
- The incident reports available anytime, from anywhere
- Historical data
- Information on OO reporting performance
- Incident reporting history (dates and operations)
- A communication channel with the operators and owners in respect of the incident
reporting
- Assistance with the Annual Report preparation
- The tools for the Annual Report drafting
- Incident submission notification system
- Full access to the (reported!) incidents (CRF) database
- Support for data export for further statistics and analysis
The above lists are not exhaustive. A more in-depth description on the information provided and the
various tools available is given in the next sections.
Design and Functional characteristics SyRIO has been designed with three main objectives in mind: the end-user needs and expectations;
the owner’s/administrators’ needs and expectations; and gaining the users’ trust.
Each of these objectives has been translated in the functional requirements of the application as:
- Full-control on what, when and how I send (user-perspective)
- Full-control on the system, access, credentials and data (owner’s perspective)
- Clear, built-in delimitation of information boundaries – information confidentiality
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
10
SyRIO meets these requirements by providing:
- A flexible architecture, customizable by the needs
- Adopting well-known and wide-spread technologies which, in turn, results in lower
installation and maintenance costs
- Familiar look-and-feel
- Intuitive workflows
- Moderate to low learning curve
In particular, to each of the major actor groups involved in the reporting activity (i.e. the Operators
and Owners and the Competent Authority) SyRIO offers:
- Assistance in filling in the incident CRF
- Possibility of keeping reporting up-to-date in case on longer events
- Access to a centralized hub of reports
- Historical data
- An (additional) source of data for internal assessments
to the Operators and Owners, as well as
- Centralized incident information point
- Full access to incident reports (CRF) database
- Assistance with major accident identification
- Assistance with the Annual Report preparation
- Historical data
- Near-Real time notification system
to the Competent Authorities.
The implementation technologies adopted (i.e. a ‘regular’ AMP12 stack and model-view-controller)
gives SyRIO a modular architecture. This, together with the fact that the system is distributed as
source code, gives the owners (i.e. Competent Authorities) the possibility of extending SyRIO
capabilities by their own needs (e.g. build additional tools for statistics and data analysis).
As mentioned earlier, data security and confidentiality was one of the pillars SyRIO is built on.
Each operator/owner organization gets, upon registration, a private area in the system within which
all the users of that organization perform the activities (reporting and, potentially, managing the
resources13). The access to this area (data and tools) is only allowed to the members of the
operator’s organization; all other operators/owners, as well as the competent authority are
restricted. Within the same organization, the access to the various tools is, in turn, restricted, based
on a scheme of groups having particular roles (rapporteurs, users and administrators) 14.
12
AMP – Apache, MySQL, PHP 13
For more details on the resources management please consult The ‘tight’ vs. ‘loose’ control in managing the assets. 14
For details on the user roles, tasks, permissions please consult The Users – types and credentials section.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
11
To give more flexibility in accommodating different organization-level arrangements in terms of
information access, this separation has been taken one step further, down to the level of installation
(Figure 6. Separation of access and rights in the operators & owners case.).
Figure 6. Separation of access and rights in the operators & owners case.
In this scheme, incident reporting is a private business of the operator, until the incident report is
sent to the Competent Authority. In other words, the Competent Authority has no knowledge about
a particular event until it receives the incident report from the operator.
On the Competent Authority side, separation of the rights to access the information and tools has
also been put in practice. Thus, three groups have been defined for the Competent Authority users:
- the ‘regular’ users (ca_users) – having read-only access to the incident reports;
- the assessors (ca_assessors) – responsible with the incident reports assessment and having
the rights for annual report drafting;
- the administrators (ca_admin)
The information available in the Competent Authority section is:
- the incident reports (CRF) submitted by the operators (including the section referring to the
event assessment in terms of Major Accident);
- the Operator/Owner Organizations and the Installations in the CA jurisdiction.
In addition, the members of the ca_assessors group have access to all the information and tools
related with the preparation and drafting of the Annual Report (see Using SyRIO - Annual Report
section).
All the information in the Competent Authority section cannot be accessed by the Operators and
Owners.
Information confidentiality has been ensured at the application level by restricting the access to the
application, following the scheme presented above. Yet, this is not enough. When talking about safe
data, we must also consider, besides confidentiality, the data integrity aspect. A distinction should
be made between securing the data on the communication channel and on the servers.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
12
Securing the communication channel is a vital element for minimizing the vulnerability of any web
based IT system. In IT lingo, this is referred to as ‘using a secured channel’; basically, it means
encrypting the information between the source and destination. Using a secured channel is the main
barrier against the ‘eavesdropping’ and ‘man-in-the-middle’ type of attacks. In a nutshell, a secured
channel ensures that:
- even if someone intercepts (eavesdrop) the communication between operators and
competent authorities all he can get is an encrypted (i.e. unreadable) conversation – hence,
improved confidentiality;
- what is sent on one end is what gets on the other end of the communication channel -
hence, the data integrity.
Providing a secured channel implies installing SyRIO (strongly recommended) on a TLS/SSL15,16,17
accessible web server.
Integrity of data on the servers implies:
- restricting the access and possible operations on the database. In this line, SyRIO forbids –
through the architecture – the direct interaction of the end-user with the database, as well
as – through implementation – the limitation of the operations that can be performed on
the database.
- ensuring the database integrity; SyRIO has been developed with a series of barriers that
prevent the operations on the database that would result in an ‘unstable’ state of the
application. However, a database regular back-up policy is fundamental to keep the
information / application safe.
What it offers SyRIO provides a plethora of information and tools that help in the reporting processes. The final
goal is the increase of the effectiveness of the overall process of reporting/assessment of the
offshore incidents.
As a general rule, SyRIO offers access to resources, details on resources and processes, and assistance
during the various tasks the users must perform.
An overview of the information available is given next. For completeness, it is recommended to read
this section in conjunction with the Main Interface section of this document.
15
TLS – Transport Layer Security; SSL – Secured Socket Layer (more at https://en.wikipedia.org/wiki/Transport_Layer_Security) 16
Securing the channel is not a built-in characteristic of the application, being the responsibility of the owner. Any web application can be installed (hosted) on both secured and unsecured servers. 17
No SSL certificate is provided with the application.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
13
Operators/Owners
The events registered with SyRIO
The operators and owners have access to all the events registered in SyRIO by their Organization.
This may be seen as the – always available – archive of all of the incidents (reported or not).
The registered events list is intended to be used for having an overview of
- the Organization’s offshore incidents; and
- status and performance of the incident reporting, in respect to the OSD provisions.
Information available
The following information is available for each of the registered events:
Event characteristic
- Name of the event18 – the name of the event given for quick identification of the event;
- Date/Time of the event;
- Event classification – the classification of the event in one of the categories provided in
Annex IX of the OSD (A to J) as required by the OSD and IR 1112/2014.
- Installation – the installation on which the event occurred.
- (Installation) Type – the type of the installation, as provided in the Common Publication
Format (CPF, Annex II of IR 1112/2014); accordingly, the installation types considered are:
o FMI – Fixed manned installation;
o NUI – (Fixed) normally unmanned installation;
o FPI – Floating production installation;
o FNP – Fixed on-production installation
o MODU – Mobile offshore drilling unit;
o MOA – Other mobile non-production.
- Field – the operational field (if any)
Report
- Reporting status – the status of the incident reporting (according to the provisions of the
OSD)
o For un-reported (i.e. unsubmitted) incidents – the status may be:
in due time – if there are at least three days before the 10 working-days
deadline is reached)
late – if the deadline is less than three days ahead
overdue – if the reporting deadline has been exceeded.
o For reported (i.e. submitted) incidents – the status may be:
submitted in due time
submitted late
- Reporting deadline – the day and time corresponding to the 10 working days from the
declared event date and time.
18
The name of the event is only available to the Operators and Owners. The name is not part of the information submitted to the Competent Authority.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
14
At the moment of registration of the event SyRIO computes the date of the deadline as 10
days from the event date and time, excluding the weekends (Saturdays and Sundays) and
taking into account any holiday19 (i.e. non-working day) that may come within the interval.
The deadline date is also adjusted after modifying the event date/time during the reporting
phase.
o For un-reported (i.e. not submitted) incidents:
deadline date and time
time (days) to deadline – i.e. ‘how many days left to deadline’
o For reported (i.e. submitted) incidents – the status may be:
deadline date and time
submitted late – i.e. ‘how much time since the report have been submitted’
- Report acceptance status – this refers to whether or not the report is accepted by the
Competent Authority; the report acceptance status may be either
o Accepted
o Rejected
Reporting audit/performance information
This information is available for the reported incidents only. It contains details in respect to the
reporting status (i.e. in due time or late) together with additional dates, as follows:
- Date of submission – the date and time of the first submission
- Deadline – the date and time of the deadline
- Deadline interval – the number of days of the deadline
- Report submitted – the reporting status (in due time / late)
- Timing – the timespan between the reporting date and the deadline (days, hours, minutes
before/after the deadline)
Reporting history
A detailed reporting history is kept for each event. A history item is characterized by (Figure 7):
- the actor – Operator/Owner or Competent Authority;
- the date and time of the event (i.e. what happened in the reporting process, and NOT the
offshore event);
- the history event;
- the event description, with the minimum information:
o the user performing the event;
o date and time
SyRIO tracks the following:
- event registration;
- reporting draft events;
- changes in the report drafting status (draft/section status), e.g. Finalized, Re-opened, Signed,
Submitted, etc.;
19
Please refer to Holidays (pg.158) for more details.
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
15
- changes in the report submission status (i.e. event submitted by the OO, accepted/rejected
by the CA)
Figure 7. Event reporting history – format and tracked information (operators/owners)
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
16
Operations
Many other information can be extracted using SyRIO built-in capabilities. SyRIO can provide the
information directly or offers support as intermediate tool for having the data processed in other
systems (e.g. MS Excel). To make use of this the user may take advantage of three main features:
- sorting data;
- filtering data;
- exporting data.
To the Competent Authority
List of the offshore incidents in their jurisdiction
Information available
The main information SyRIO provides to the Competent Authorities is the list off all the offshore
incidents in their jurisdiction, as reported by the operators and owners in accordance with the OSD
and IR 1112/2014 provisions.
The following information is available for each of the incidents:
Event characteristic
- The CRF report of the event – the full incident report in the Common Reporting Format, as
submitted by the operators.
- The event description – in addition to the full report, the users have immediate access to
the following information:
o The Event date/time
o The Operator
o The Installation
o The Installation type – one of the types as provided in the Common Publication
Format (Annex II of IR 1112.2014), i.e.
FMI – Fixed manned installation;
NUI – (Fixed) normally unmanned installation;
FPI – Floating production installation;
FNP – Fixed on-production installation
o The Event categorization – the classification of the event in one of the categories
provided in Annex IX of the OSD (A to J) as required by the OSD and IR 1112/2014.
Reporting characteristic
- Acceptance status – whether or not the report is accepted or rejected
- The Submission date – the date when the report has been received
Reporting audit/performance information
This information contains details in respect to the reporting status (i.e. in due time or late) together
with additional dates, as follows:
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
17
- Reporting deadline status – information related to the relationship between the reporting
date and the initial deadline for reporting (10 working days from the occurrence of the
event); the status may be:
o submitted in due time
o submitted late
- Date of submission – the date and time of the first submission
- Deadline – the date and time of the deadline
- Deadline interval – the number of days of the deadline
- Timing – the timespan between the reporting date and the deadline (days, hours, minutes
before/after the deadline)
Assessment status and tasks
- The Major Accident status – can be:
o Major Accident
o Minor Incident
- The CPF Assessment status – whether or not a particular incident is ready to be accounted in
the Annual Report.
The CPF assessment can only be performed on incidents previously assessed in terms of
Major Accident. Depending on the acceptance and MA assessment status of an incident
(report) the values can be:
o Report is CPF assessed (equivalent with assessed in terms of CPF Section 4);
o Report must be CPF assessed – if the report is MA assessed;
o Report cannot be CPF assessed – if the report is not yet MA assessed;
o Report should not be CPF assessed – if the report is rejected.
Reporting history
A detailed reporting history is kept for each event.
- the actor – Operator/Owner or Competent Authority;
- the date and time of the event (i.e. what happened in the reporting process, and NOT the
offshore event);
- the history event;
- the event description, with the minimum information:
o the user performing the event;
o date and time
SyRIO tracks the following:
- event submission;
- changes in the acceptance / rejection status of an event.
Operations
Many other information can be extracted using SyRIO built-in capabilities. SyRIO can provide the
information directly or offers support as intermediate tool for having the data processed in other
systems (e.g. MS Excel). To make use of this the user may take advantage of three main features:
SyRIO 1.3 (rev.1.1.3) SyRIO Overview
18
- sorting data;
- filtering data;
- exporting data.
Details on each of the above are provided in the next sections of this document. It is recommended
to consult the Main Interface section to gain a better overview of SyRIO capabilities both in terms of
which information is available and the functional and supportive characteristics.
This concludes the overview on the SyRIO platform. We will proceed next to introduce the main
concepts that, together with the description of the main interface and the workflows for performing
the main tasks provide the sufficient basis for starting to explore and use SyRIO.
SyRIO 1.3 (rev.1.1.3) Assumptions and Concepts
19
Assumptions and concepts This section introduces the main assumptions and concepts that fundaments the functionality of
SyRIO. At the end of this part, the reader will possess the conceptual basis that will allow a
streamline, safe and sound usage of the application.
Reporting and assessing incidents in SyRIO According to the OSD, each of the actors (i.e. the Operators/Owners - OO and the Competent
Authority - CA) involved in the incident reporting have one, single task each: the OO must submit the
incident report within 10 working days from the incident occurrence, and the CA must assess the
received report and decide whether or not it is a Major Accident or Minor Incident.
This reporting/assessment play has been implemented in SyRIO taking into account the posture
adopted in terms of information confidentiality (Figure 8).
Figure 8. SyRIO Incident reporting/assessment lifecycle
The process can be summarized as follows: when an offshore incident occurs, the OO may proceed
immediately to drafting the incident report. For this the OO must first register the incident in SyRIO,
providing the minimum event description information (such as date and time of the event, etc.)
The OO should continue, as soon the information becomes available, with drafting the report
content (i.e. filling out the information required in each section of the report, depending on the type
of event). To allow concurrent work on the report, SyRIO enforces the drafting to be performed on a
section-by-section basis. Only one user can edit a particular section at a given time.
SyRIO 1.3 (rev.1.1.3) Assumptions and Concepts
20
The OO can create as many reporting drafts as he wants. The only restriction is that only one draft
can be submitted to the CA. And, once submitted, that particular draft becomes the ‘official’ one (i.e.
no other draft – of the same incident – can be submitted). Moreover, let it be reminded that,
according to the provisions of the OSD and the IR, the official draft should be submitted within 10
working days from the event occurrence.
Once the work on a draft section is done, that section must be marked as Finalized. The use of this
information is two-folded: on the one hand, this allows a better monitoring of the reporting process.
Especially when the drafting spans over several days and it is performed in a non-continuous
manner, losing the track of the changes and forgetting the ‘to do’s’ is quite frequent. Having the
possibility of marking each section as Finalized helps in a better control of the things left to be done.
Another role of the Finalized marking deals with the concurrent report drafting. In this case, each of
the draftees has an indication on each other’s work progress, and the supervisor gets the overall
progress status.
A report draft is considered Finalized when all the constituent sections are finalized.
The next step for the OO is to have the draft Signed by the supervisor. Only a finalized draft can be
signed.
Once signed, the report is ready to be submitted to the Competent Authority.
The process described previously allows us to introduce the structure of a report in SyRIO, as follows:
An incident report in SyRIO is consisting of:
- the Event Declaration
- one of the Reporting Drafts, finalized and signed.
A couple of remarks are required on the incident drafting:
- the entire process is restricted to the OO;
- the CA is unaware of any information related to the event.
The last task for the OO (at this moment) is to Submit the report to the CA. Upon submission the
following occur:
- the CA is informed about the new submission (at the user interface and via emails sent to all
the assessors of the CA);
- the OO cannot make any changes to the report.
Upon receiving the incident report, the CA may accept or reject it.
A justification is required when rejecting a report. When rejection occurs, the OO is informed and
the justification is provided. The OO gets, again, partial access to the submitted report so the
modifications required by the CA can be performed. To resubmit the report, the OO must follow
again the finalize-sign-submit procedure.
In case the CA is satisfied with content of the report the CA assessor must proceed with assessing
the incident in terms if Major Accident (which, in SyRIO, is also referred to as the MA assessment of
SyRIO 1.3 (rev.1.1.3) Assumptions and Concepts
21
an incident). In short, this implies compiling in the incident report all the information addressing the
Competent Authority (i.e. ‘The competent authority should further complete this section’), found at
the end of each section of the report.
Based on the individual section assessments, the incident is considered as Major Accident if at least
one section has been declared as Major Accident or Minor Incident otherwise.
This concludes the incident reporting life-cycle as provided by SyRIO. In the next section we will dive
more into the description of the incident report structure.
The Incident Report The structure of an incident report for the Operators/Owners is given in Figure 9. Incident report
structure in SyRIO - Operators and Owners; accordingly, the incident report consists of:
Figure 9. Incident report structure in SyRIO - Operators and Owners
- The Event Declaration – having as the correspondence to the CRF:
o the Event date and time;
o Details of the location and of the person reporting the event
- One Event report draft – containing all the information required in the CRF, starting from
the Event categorization, i.e.:
o Event categorization
o The content of each section corresponding to the event categorization
From the incident structure one may see that the Operators/Owners actions related to Finalizing,
Signing and Submitting the report are actually applied on an Incident Draft.
SyRIO 1.3 (rev.1.1.3) Assumptions and Concepts
22
Figure 10. Incident report structure in SyRIO - Competent Authority
On the Competent Authority side, the SyRIO structure of an incident report is identical with the CRF
report, as provided by the IR 1112/2014 (Figure 10).
The Reporting assumptions and SyRIO Assets The next two statements are of the utmost importance in introducing the concept of SyRIO assets,
the user roles and tasks assignation. Thus:
1. An incident can only be reported by a User that belongs to an OO Organization or
Installation owned or operated by that particular Organization at the time of the event.
2. An incident can be assessed by a User that belongs to any of the Organizations component
of the CA.
Out of the aforementioned statements we can define an event (E) in SyRIO as being identified by a
tuple of a User (U), Installation (I), (Operators/Owners) Organization (OO) and Time (t).
𝐸 → {𝑈, 𝐼, 𝑂𝑂, 𝑡}
Defining the event as above allows coping with the confidentiality issues that may arise when
various developments occur in respect to the users, installations and/or organizations, on the
operator/owners side.
SyRIO 1.3 (rev.1.1.3) Assumptions and Concepts
23
Thus, a User changing the Organization has only access to the reports of the new Organization; if the
installation changes the owner/operator, the previous operator still has the access to the reports
during his operating the installation, while the new operator can access his own reports (i.e. the
ones from the moment of changing the ownership); and the examples may continue.
The definition of the SyRIO assets may go as follows: a SyRIO Asset is an application logical entity
corresponding to a physical entity, that plays a predefined role within the system.
The next statements allow us to identify the SyRIO assets:
1. An incident is reported by a User (U);
2. The incident is linked to an Installation (I);
3. The Installation is own/operated by an Organization (OO);
4. The incident is reported to the Competent Authority (CA);
5. A Competent Authority is made of (can be) more than one bodies (Organizations);
6. The incident is assessed in terms of Major Accident by a User (U)
From statements 1-6 above, we recognize the assets considered in SyRIO as:
- The Organization, with the subtypes
o Operators/Owners Organization (OO Org);
o Competent Authority Organization (CA Org);
- The Installation
- The User, with the following sub-types:
o Operator/Owner user;
o Installation user;
o Competent Authority user.
The following remarks are valid in respect to the SyRIO assets:
- An asset is (can be) linked or belongs to another asset(s).
- The asset that can directly operates upon SyRIO (interacts with) is the User.
- All assets must be registered with the system.
Details on the registration process, the different types of users and the default credentials are given
next.
The Users – types and credentials The User is the SyRIO asset that directly interacts with the application. The access of a User is
granted based on username as password. Each user should belong to a group which, in turn,
corresponds to one of the other assets of the application (i.e. Organization or Installation); the user
credentials are granted depending on the respective group.
A number of user groups have been defined taking into consideration the circumstantial aspects
related to the security and confidentiality of i
Recommended