Get in touch

The pitfalls of certification dependency

Certification bodies play a crucial role in setting industry standards and guidelines. They contribute to improving safety by enhancing standards, sharing best practice, and disseminating knowledge. However, developers of energy transition assets need to be careful not to fall victim to “certification dependency”. Certification of products, systems, and structures is a starting point, and not the destination of a project’s journey to deliver a safe operating asset. This article examines why certification alone is insufficient and highlights the common pitfalls of overly depending upon it.

Introduction

Certification bodies act as independent, third-party organisations, helping to set industry standards and verify compliance with requirements. They aim to reassure owners and developers that products, systems, and structures meet specific codes and standards for safety, quality, and reliability. This assurance supports investment decisions by providing confidence to lenders. Different bodies, such as classification societies in maritime and asset assurance bureaus in civil infrastructure, use different certification approaches, but all are focused on safe, reliable, and compliant development and operation, ultimately supporting the growth and adoption of industrial endeavours.

The development of an energy transition asset involves incorporating certified products along with bespoke engineering designs. An offshore wind farm for example, will purchase certified equipment from original equipment manufacturers (OEMs), such as the transformers and switchgear of the electrical substation, as well as nacelle components, blades, and control systems of the wind turbine generators (WTGs). Other parts will be custom designed to meet the specific needs of the project and local conditions, like the wind turbine foundations, or intra-array and export cables. All parts are brought together with the aim of delivering an asset that is safe-by-design.

Certification alone cannot ensure safety. Despite the roll-on/roll-off passenger ferry Herald of Free Enterprise being certified and deemed seaworthy, a series of human errors and oversights led to it capsizing in 1987 with the loss of 193 lives. Irrespective of the unconventional docking arrangements, the incident underscored the importance of a comprehensive approach to safety, involving not only technical certifications but also robust procedures, effective training, and a strong safety culture.

The classification of the Deepwater Horizon offshore semi-submersible drilling rig and the certification of its drilling equipment did not prevent the 2010 oil spill in the Gulf of Mexico. The blowout resulted from a catalogue of equipment failures, human errors, and organisational failings.

As illustrated by these major incidents, certification of specific parts of an asset does not in itself demonstrate that the risks involved during operations have been controlled effectively. As the world transitions to net zero, utilising novel technology to do so, the need for comprehensive risk management beyond certification is more pertinent than ever – a major incident would set back the sector for many years.

Complying with codes and standards

It is a common misconception that compliance with a given set of codes and standards will ensure an acceptably safe operation. Codes and standards may not account for unforeseen or unique circumstances, new technologies, or emerging risks that were not anticipated during their development. They tend to lag rapidly evolving technologies and practices, creating potential gaps in safety coverage. They may not adequately address the full range of potential failure modes and interdependencies within complex industrial systems. Furthermore, organisational culture, safety practices, and the commitment to continuous improvement play a crucial role in ensuring safety beyond mere compliance with codes and standards.

For industrial assets operating in goal setting regulatory regimes, such as the UK, and especially those with site-specific characteristics such as renewable energy developments, the reliance on certification alone is insufficient to manage risks to acceptable levels. It is incumbent on the owner of the asset to consider all the hazards present and to eliminate them or, where not possible, to reduce the risks to acceptable levels. Certification dependency occurs when developers rely on a certificate of safety compliance rather than engaging in a risk-based approach.

There are four key pitfalls of overreliance on certification in the context of the energy transition.

PITFALL 1 – Certification does not automatically achieve regulatory compliance

Understanding what certification achieves compared to meeting national regulatory requirements can be confusing.

Certification boils down to an accredited body, expert in the specific industry, establishing a set of codes and standards against which to measure a specific product, system, or structure. The OEM or developer then undertakes a provision of information programme to demonstrate, to the certification body’s satisfaction, compliance with each of the specified codes and standards. When satisfied, the body will issue certification.

However, certification bodies are not national regulators. In the UK, the Health and Safety Executive (HSE) is the regulatory authority responsible for ensuring safe workplaces. The HSE’s primary goal is to regulate industry to ensure that hazards are eliminated or, when that is not possible, risks are reduced as low as reasonably practicable (ALARP). Compliance with rules created by certification bodies alone is unlikely to achieve this position. For example, Lloyds Register, DNV and other certification bodies offer offshore wind project certification which will provide assurance that the project is being undertaken via industry-specific standards, however this is not equivalent to ensuring compliance with the HSE’s benchmark standards.

PITFALL 2 – Certification may not account for site-specific applications

The UK HSE defines adequate risk reduction via the ALARP position, which is reached when the effort and costs of further risk reduction measures are grossly disproportionate to the benefit. In most cases, complying with rule sets from certification bodies will not meet this requirement. Even if a rule set happens to align with the ALARP principle, the regulator will still expect evidence of how the project team identified and mitigated risks effectively.

Certification is commonly awarded against the certification body’s chosen codes and standards, as well as an OEM’s specified basis of design and environmental conditions for which the product is intended. The OEM’s design criteria and environmental specifications are usually aimed at addressing a broad range of potential applications and markets. However, the application of products is always site-specific, especially so with the distributed nature of energy transition projects. The risks associated with a product in a specific location and environmental conditions, or even different regulatory regimes, may be different to those specifically detailed in the certification process.

A common example is the application of WTGs around an island such as the UK. Though a turbine may receive certification for its design, the use case for its application in the more sheltered areas of the east coast of the UK will be very different to that in the windward or exposed shore of the western coastline. The turbine itself may be the same, certified product, but the case for its safe use in these two environments is unlikely to be the same.

A similar warning applies to certification such as CE marking, or other supplier or developer applied assurances, for product categories such as machinery and electrical equipment. The 1986 Challenger space shuttle disaster is a stark example. The failure of the O-rings within the solid rocket boosters was not due to poor design or manufacturing. NASA had correctly certified them for their written design application. Their failure arose from application outside of their design environmental conditions. Whether the product is a small O-ring or a one thousand tonne wind turbine, the message remains the same – context is key.

PITFALL 3 – Ignoring standards beyond certification

A significant number of projects automatically seek compliance with certification body guidance, overlooking the value of wider sources of guidance. One example would be the UK HSE’s Approved Codes of Practice (ACOPs) which offer a clear route to minimum legal compliance for certain operations, many of which will form part of net zero projects.

The HSE has issued multiple ACOPs with potential benefits when applied to clean energy projects, such as L148 (safety within docks), L103 (offshore diving) and L24 (workplace health, safety, and welfare).

Net zero projects must expand their research beyond the rule sets of certification bodies and consider ACOPs, other tailored guidance and industry good practice that aligns more closely with their specific activities. By doing so, projects can ensure that their risk reduction strategies are more relevant and effective in achieving the desired safety outcomes.

The expectation of a regulator is, and should be, a moving goalpost that develops as knowledge within the industry grows. The regulator will ask why risk reduction strategies in place on one project are not implemented on another project with similar aims. Examples such as spacing between battery energy storage system (BESS) containers, or methods for personnel transfer to and from offshore WTGs, may soon become common areas of focus for the regulator.

PITFALL 4 – Failing to integrate certification within the design risk management process

Applying adequate control measures to ensure safety can only be done effectively when all risks are identified and understood. Undertaking risk assessment is a key area of scrutiny for the regulator. Certification alone is no substitute for effective risk management throughout a project – delivering suitable and sufficient risk assessment, risk treatment and risk monitoring, as illustrated in Figure 1.

Figure 1- The risk management triangle

The UK HSE expects project owners to identify their individual hazards, implement suitable safeguards, and justify their approach. While some projects may find a certification rule set that aligns with their needs, almost all energy transition projects will require additional steps.

No two new-build projects are the same. Consequently, the rule sets written by certification bodies are wide ranging in scope so that they remain applicable to as much of the industry as possible. The regulator knows this and will not automatically accept something as safe simply because it complies with a rule set.

Developers must remember that the regulator expects all hazards to be identified and then eliminated. Where elimination is not possible, it should be demonstrated why that conclusion was reached and how risks have subsequently been reduced ALARP. Though certification does contribute to this demonstration, it is the design risk management process and its associated site-specific safety assurance that delivers the safe design and provides the complete demonstration.

Conclusion

Certification bodies provide an invaluable role in industry by setting standards and verifying compliance with specified requirements. They provide a level of assurance that products, systems, and structures meet specified codes and standards for safety, quality, and reliability.

However, developers of energy transition assets should not fall victim to the pitfalls of certification dependency. Certification does not automatically achieve regulatory compliance for an asset, may not account for site-specific applications, and there are important standards beyond certification to consider. As a result, certification needs to be integrated into the broader design risk management process.

Certification is a starting point, not a destination. By implementing proportionate and pragmatic safety assurance, project developers and owners can confidently demonstrate compliance with regulations. This contributes to the safety and success of both individual projects and the wider industry goal for a safe energy transition.

RELATED CAIRN CONTENT

Towards a unified approach – Guidance for applying CDM2015 to offshore wind
Towards a unified approach – Guidance for applying CDM2015 to offshore wind
Safety beyond boundaries – Embracing all flavours
Safety beyond boundaries – Embracing all flavours

Contact Us

Want to discuss your requirements?
Get in touch

Jump to Top