Guideline - Dam safety management system

All declared dam owners⁽¹⁾ must implement a dam safety management system (DSMS) to ensure the ongoing safety of their dams and to comply with the requirements specified in the regulation.

A dam owner must also maintain a dam safety management system document (DSMSD) that addresses the dam safety management system requirements of the regulation.

A dam owner may produce a single DSMSD for a single dam, or a DSMSD for portfolio of dams to take advantage of common management system elements that apply to all the dams. The DSMS itself may be contained within management system documentation that also applies to other assets.

The DSMSD may also form part of an integrated management system that manages quality, environmental and other safety outcomes.

Regardless of the how a dam owner configures the documentation, it needs to be able to demonstrate that the regulatory requirements for the DSMS are addressed.

The document should be easily understood and followed by all involved in ensuring the safety of the declared dam.

This guideline has been based on the dams safety legislation, the AS ISO 55001:2014 asset management systems standard and associated guidance material.

2 What is a dam safety management system?

A DSMS is a systematic approach to managing dam safety⁽²⁾ , including the required organisational structures, accountabilities, policies and procedures. It is the primary means of ensuring that dam failure risks to life, property, the environment, and public welfare are managed throughout the life cycle of the dam, which includes the design, construction, operation and maintenance and decommissioning of the dam.

A DSMS provides a structured approach for the development, coordination and control of activities undertaken to ensure that these dam failure risks are reduced so far as is reasonably practicable. The DSMS should align the dam failure risk management activities with the dam owner’s organisational objectives.

The DSMSD that is required by the regulation should be tailored to the type, size and complexity of the dam and the size and complexity of the dam owner’s organisation. A DSMSD for a simple dam⁽³⁾ may be relatively simple, as long as it addresses the requirements of the regulation.

The DSMSD should be based on the requirements of AS ISO 55001:2014, and should describe how the dam owner addresses the risks associated with failure of the dam. It should also refer to other key documents that make up the management system, such as the operations and maintenance plan and the emergency plan. (Refer to the Dams Safety NSW website for guidelines for these plans).

The DSMSD needs to include the risk management framework that identifies dam safety hazards and analyses, evaluates and treats the associated risks to reduce the residual risk so far as is reasonably practicable. The dam owner must put in place plans for dam improvements, policies, processes and procedures to address the risks, which are determined through the identification of hazards and through the analysis of dam failure modes.

The DSMS is the primary means of ensuring, the safety the dam and must be applied to all aspects of the life cycle of the dam, including the design, construction, operation, maintenance and decommissioning of the dam.

Figure 1 depicts the relationship between the DSMS, and the quality management systems required for the dam life cycle aspects of design, construction, commissioning, and decommissioning.

Figure 2 depicts the relationship between the DSMS, the operations and maintenance plan, and the emergency plan for a dam for the operations and maintenance lifecycle aspects.

Figure 2 illustrates the basic building blocks of the dam safety management system risk framework and risk treatment elements.

The basic building blocks includes identifying the hazards and dam failure modes, how these are addressed by implementing an operations and maintenance plan and, if dam failure is imminent, through emergency plan responses.

For clarity, the figure does not include all the required dam safety management system elements (for example asset management plan(s) and incident reporting).

3 Dams safety regulation 2019

3.1 Regulation Part 5

A dam owner must establish and implement a DSMS to meet the regulatory requirements.

Part 5 of the regulation sets out specific requirements that must be included in the DSMS and addressed in the DSMSD.

Section 3.3 provides guidance for dam owners to assist with addressing the regulation.

3.2 Dams Safety NSW’s role in auditing dam safety management systems

Dams Safety NSW will visit dam owners during the regulation transition prior to November 2021 to determine how dam owners are establishing and implementing their DSMS, and to support dam owners in understanding what they need to do to comply with the regulation.

From 1 November 2021, Dam Safety NSW will implement a risk-based audit program which will include management system audits of dam owners’ DSMS to determine compliance with the regulation.

3.3 Addressing the regulation requirements for a dam safety management system

Guidance on addressing the requirements of Part 5 of the regulation

This clause establishes the need for DSMS for all dams and establishes the DSMS as the primary means for a dam owner to ensure the safety of the dam throughout all stages of the dam lifecycle.

All dams need a DSMS.

It is the dam owner’s responsibility to establish the DSMS and to ensure that it is effectively implemented to ensure the safety of the dam.

The dam owner may nominate an accountable person who, on behalf of the owner and irrespective of other functions, has responsibility and accountability for the implementation and maintenance of the DSMS. However, the dam owner retains the accountability for the safety of the dam.

The DSMS and the DSMSD form the overarching system for the dam owner to manage dam risks so far as is reasonably practicable.

The DSMS also demonstrates that the dam owner is systematically addressing dam risks that may arise in relation to their dam, including any risks to public safety and to economic assets.

The dam owner must ensure that a DSMS is established and implemented for all aspects of the dam lifecycle.

This means that the owner of a proposed dam must ensure that a DSMS is in place at the dam design stage.

The nature of the DSMS will change throughout the dam lifecycle to match the changing nature of the activities that are being undertaken and the changing dam safety risks at each stage.

For example, as well as other requirements included in this guideline:

• the DSMS at the design stage for a dam or modification to the dam would be aimed at:
  • the application of the risk framework to the dam design
  • responsibilities and accountabilities for the design
  • ensuring designers have appropriate qualifications and experience
  • control of the design activity (for example, ensuring that designers address the established risks and work within a quality management system)
  • ensuring the dam designs are appropriately reviewed by competent people
• the DSMS at the construction stage for a dam or modification to the dam would be aimed at:
  • the application of the risk framework to dam construction (including construction risks)
  • responsibilities and accountabilities for construction
  • control of the construction activity (monitoring consultants’ and contractors’ activity)
    • ensuring quality management systems are applied effectively
    • ensuring construction meets the design intent
• the DSMS at the operations and maintenance stage would be aimed at:
  • the application of the risk framework to ongoing dam operations and maintenance
  • responsibilities and accountabilities for operations and maintenance
  • interaction with the operations and maintenance plan and emergency plan (eg. preventive maintenance and surveillance activities)
• the DSMS at the decommissioning stage would be aimed at:
  • application of the risk framework to decommissioning (including decommissioning risks)
  • responsibilities and accountabilities for decommissioning
  • control of the decommissioning activity (monitoring consultants’ and contractors’ activity)
    • ensuring quality management systems are applied effectively
  • ongoing dam safety risks after decommissioning.

The DSMS must be comprehensive, so that all foreseeable dam failure risks are addressed.

The DSMS needs to be appropriate for the dam.

A DSMSD for a simple dam may be relatively simple, with sections that describe how the dam owner complies with the asset management system standard (AS ISO 55001:2014) and references to the other key documents that constitute the DSMS – the operations and maintenance plan and the emergency plan.

A DSMS for a more complex dam will typically require more sophisticated systems and may be part of an integrated management system or may be part of a wider asset management system that includes the dam owner’s other key assets.

This clause requires that the DSMS is described in a DSMSD that is based on AS ISO 55001:2014.

A dam owner may achieve this through the production of a single DSMSD for the dam or the DSMS may be contained within management system documentation that also manages other assets.

The DSMSD may also form part of an integrated management system that manages quality, environmental and other safety outcomes.

The documentation, however configured, needs to be able to demonstrate that the regulatory requirements for the dam safety management system are addressed and must be easily understood by all involved so that it can be readily followed to ensure the safety of the dam.

The DSMSD should describe the processes and procedures associated with the risk framework for the dam. The procedures should detail the responsibilities and accountabilities for the dam owner’s hazard identification, risk analysis, risk evaluation and risk treatment processes. The procedures should include a description of the risk management framework and how often hazard identification, risk analysis, risk evaluation and risk treatment processes are carried out.

The operations and maintenance plan normally includes the procedures for reporting, to Dams Safety NSW, the types of incidents that are described in clause 19 of the regulation.

The DSMSD should describe the procedures to ensure that all dam safety incidents are reported by dam owner staff and contractors, not just those types of incidents listed in clause 19 of the regulation. Incident reporting is an important part of the nonconformity and corrective action process that is required by AS ISO 55001:2014, under the ‘Improvement section’. All incidents are important sources of information for a dam owner to detect possible sources of risk for the dam and the dam owner needs to have processes in place to determine the causes of the incident and to implement, where possible, any corrective action that is needed to prevent recurrence.

Workplace health and safety systems include incident reporting processes and, if a dam owner does not have a comprehensive dam safety incident reporting process in place for their dam, they could adapt the processes used for reporting these types of incidents for use as a dam safety incident reporting process for their dam.

Clause 20 of the regulation requires that the dam owner ensures that a safety review, to assess the overall safety of the dam, is undertaken by a competent person.

The DSMSD should describe how the dam owner manages the safety review process and should include:

• when the last safety review was carried out
• reference to safety review records
• when the next safety review is to be carried out
• how the personnel who will be involved in undertaking the next safety review will be selected
• the scope of the safety review
• how the required corrective actions from the safety review are to be managed.

The regulation requires that a safety review is carried out least once every 15 years or as soon as practicable after:

1. a deficiency or weakness is identified in the dam
2. there is a change (other than a minor change) to the accepted technology or methods used in one of the relevant specialities or in the design criteria for dams⁽⁴⁾
3. the consequence category of the dam is changed⁽⁵⁾⁽⁶⁾
4. Dams Safety NSW gives written notice to the owner of the dam requiring a safety review of the dam to be carried out.

Appendix 1 includes more guidance on safety reviews and how they fit into the dam lifecycle and other dam safety assurance processes.

The owner of a dam must, before any significant change is made to the configuration of the dam that may affect the safety of the dam, notify Dams Safety NSW in writing of the proposed change.

Notification of proposed changes to the dam is important because Dams Safety NSW may need to discuss the proposed changes with the dam owner and may determine that there is a potential change in consequence category and/or that an audit of the design and construction processes for the changes is necessary.

Proposed changes to be notified include modifications to dam control equipment, such as spillway gates and valves, as well as proposed changes to the dam structure itself. Examples of dam structural changes include modifications to the dam wall, spillway modifications and abutment modifications. In some circumstances, the modifications may include surrounding geological structures that stabilise the surrounding geology to prevent landslide and subsequent inundation of the dam.

The DSMSD should describe the processes for notifying Dams Safety NSW of changes to the dam, including who is responsible for notifying Dams Safety NSW.

The notification requirement should also be referenced in the dam owner’s asset management or capital works business case procedures to ensure that the notification requirement is not overlooked.

The regulation requires that a dam owner document dam safety management system procedures that are in accordance with AS ISO 55001:2014 ‘Asset management - Management systems – Requirements’ (AS 55001).

This management systems standard provides a systematic approach to managing dam safety through a management system approach to asset management and provides the core of the dam safety management system.

The standard is part of the international standards family that includes quality, safety and environmental management systems standards.

Adopting the international standard also allows a dam owner to more easily align and integrate the dam safety management system with other management systems to form an integrated management system.

The DSMSD should include the procedures that the dam owner implements to satisfy the requirements of AS 55001.

There is a large amount of guidance available on how to implement management systems, and also specific guidance available on how to implement a management system to comply with AS ISO 55001:2014, in particular. Section 4 of this guideline includes a suggested format for the DSMSD and its relationship with AS ISO 55001:2014.

AS ISO 55002:2019 ‘Asset management — Management systems — Guidelines for the application of ISO 55001’ is a helpful guide for complying with AS ISO 55001:2014.

The DSMSD should describe the responsibilities, process, procedure and timing of the review of the DSMS.

AS 55001:2014 also requires a dam owner to review the organisation’s asset management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

Clause 17 of the regulation requires the dam owner to ensure that the dam safety management system for the dam is reviewed annually to ensure it remains effective.

The dam owner needs to provide the resources required for meeting the asset management objectives and for implementing the activities specified in the asset management plan(s).

AS 55001:2014 also requires the dam owner to ensure that the resources for the asset management system are available and to determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the asset management system.

The DSMSD needs to be in electronic form so that it can be readily shared with staff and stakeholders as needed and also readily dispatched to Dams Safety NSW when requested.

The DSMSD and associated documentation must be available and suitable for use, where and when it is needed. This may require controlled printed copies or parts of the DSMSD to be provided to locations within the dam owner’s organisation as needed (for example, copies of procedures/work instructions that may need to be kept at remote sites for use where electronic copies aren’t practical).

The DSMS should be tailored to the type, size, location and complexity of the dam and the size and complexity of the dam owner’s organisation. A DSMSD for a simple dam may be a relatively simple document, so long as it addresses the requirements of the regulation.

The extent of the systems within the DSMS should also reflect the extent of the risks associated with the dam.

The DSMSD should be written in plain language so that is easily understood by the users of the system, with appropriate diagrams and illustrations to aid understanding.

The risk management framework is the key component of the DSMS that a dam owner uses to manage dam safety risks by implementing measures to reduce them so far as is reasonably practicable.

The DSMS risk framework is based on the core components of a widely-accepted process for risk management. The core components are included in AS ISO 31000:2018 Risk management – Guidelines.

The core components of the risk management are applied specifically to dam safety.

The above list in the regulation reflects the range of hazards that may lead to dam failure. These can be found in Australian and international dam safety guidelines for dam risk management. Human factors (how humans interact with other humans, the tools and equipment they use in the workplace, and the environment to produce outcomes) has been included as an important factor that may lead to dam failure. The traditional approach to dam safety has not been particularly focused on human aspects that may lead to dam failure, so dam owners should carefully consider how human factors may contribute to dams safety risks for their dam.

As stated in the regulation, clause 14 (3) (a) to (i) is not an exhaustive list and a dam owner needs to identify all the foreseeable hazards that could lead to dam failure.

The risk analysis process employed by the dam owner must be quantitative.

After the identification of a full list of foreseeable hazards, the associated failure modes need to be identified.

This is achieved through a failure mode analysis. A failure mode analysis (FMA) is used to inform the risk evaluation and risk treatment processes.

FMA identifies the ways in which failure of the dam could conceivably occur and then selects, for further assessment, those modes which are credible. An FMA will define the overall dam system and the major elements that are critical to dam safety. These could be operational, maintenance, structural, environmental or control system elements. For example, structural and control elements include the main dam structure, saddle dams/fuse plugs, spillway structures (e.g. chute slabs, dissipator) and spillway and outlet works critical flow control elements (gates, conduits etc.).

The FMA will also identify failure modes that may arise from, and need to be addressed through, operation and maintenance, and emergency plans⁽⁷⁾.

The analysis should allow for differences in the failure modes of the operational, structural and control elements. For example, spillway control systems have a higher probability of failure, but less consequence as compared to the dam structural failure that has a lower probability of failure but potentially a significantly large consequence.

An FMA will identify physical issues and vulnerabilities which may require attention as part of routine dam surveillance (e.g. checking for signs of excessive seepage around an outlet conduit). It could also lead to a recommendation to increase the frequency of inspections, modify surveillance procedures, or to install monitoring instrumentation (e.g. piezometers).

Some examples of operational-related aspects that could be influenced or informed by an FMA process include:

• operating procedural adjustments (e.g. temporary lowering of normal operating level)
• procedural issues (e.g. setting of normal operating criteria)
• critical operating procedures (e.g. discharge control and flood release protocols including monitoring and warning of areas of impact prior to release)
• emergency action and incident reporting
• tailoring of routine inspection tasks and focus areas
• triggering a special inspection (e.g. by a dam safety/design engineer, mechanical and engineer, diving inspection of underwater structure)
• modifications to monitoring procedures or instrumentation
• other preventive maintenance improvements or increased frequencies
• non-maintenance solutions (e.g. equipment re-designs)

The review of failure modes for a dam typically may involve a workshop with attendees comprising engineers involved in preparing the risk assessment, dam owner’s engineers, dam operations and maintenance staff, and possibly other participants with diverse backgrounds. The workshop would develop a common understanding and consensus of the potential failure modes and potential vulnerabilities, so they are not missed and are catered for in the risk assessment.

Useful references include ANCOLD (2003b), ICOLD (2005) and FERC (2005)⁽⁸⁾ or any other source that describes failure modes analysis as it relates to dam safety.

As stated under hazard identification, all credible failure modes need to be identified so that a dam owner can determine all available measures to avoid or mitigate the effects of these potential failures on the dam system

This clause recognises the need for a systematic approach to decision-making regarding the level of resources and the measures to be applied to dam safety required to address the risks.

Clause 15 of the regulation requires a dam owner to use the risk management framework to produce a report on the dam’s societal risk and individual risk rating that requires the application of risk-informed decisions, based on the report results.

The dam owner’s response to the risks identified in the report produced in accordance with Section 15 of the regulation depends on whether the societal and individual risk rating result for the dam is above or below the safety threshold (see section 15 below).

If the risk rating is above the safety threshold

If the dam’s risk rating is above the safety threshold then the risks will require further treatment and Dams Safety NSW must be informed. Dams Safety NSW will review what risk reduction measures the dam owner proposes to take to treat the risks to below the safety threshold. If necessary, Dams Safety NSW may direct the dam owner to take measures to reduce the risk rating to the safety threshold or lower.

If the risk rating is below the safety threshold

If a dam’s risk rating is below the safety threshold, the dam owner needs to take measures to reduce the risk so far as is reasonably practicable (usually referred to as SFAIRP).

The SFAIRP process essentially asks what the available practicable measures are to reduce the risk and then tests which measures are reasonable based on a common law balance of the significance of the risk versus the effort required to reduce it.

A dam owner needs to implement those measures that are reasonably practicable. In the context of dam safety, ‘reasonably practicable’ means that which is, or was at a particular time, reasonably able to be done to ensure safety of the dam and to minimise any risks to public safety and economic assets, taking into account and weighing up all relevant matters.

The FMA will produce disaggregated steps for each failure mode and each of these steps should be treated separately for SFAIRP purposes.

To identify what is reasonably practicable all the relevant matters must be considered, and a balance achieved that will provide the highest level of protection that is both possible and reasonable in the circumstances. Some matters may be relevant to what can be done, while others may be relevant to what is reasonable to do.

No single matter determines what is reasonably practicable to be done for ensuring dam safety. In applying the concept of reasonably practicable, it is important that a dam owner pays careful consideration to all the facts and identify and account for everything that may be relevant to the hazards, risks or means of eliminating, or minimising, the likelihoods of the risks occurring.

When weighing up all matters to be taken into account in determining what is reasonably practicable:

• the greater the likelihood of a risk eventuating, the greater the significance this factor will play
• the greater the degree of harm that would likely result if the risk eventuated, the greater the significance this factor will play
• knowledge about the hazard or risk, or any ways of eliminating or reducing the hazard or risk, must be determined objectively by reference to what the person concerned knows, and what a reasonable person in the duty-holder’s position with the same duty should know. What the person knows or reasonably ought to know is commonly referred to as ‘the state of knowledge’.
• ways to reduce the risk should be regarded as being available, if the necessary equipment or physical means required to achieve it is available on the open market, or feasible to construct. Similarly, a work process (or change to a work process) to eliminate or control a risk should be regarded as being available, if it is feasible to implement. Further, a way to reduce a risk should be regarded as suitable if:
  • it is feasible to implement in the specific circumstance and
  • it is effective in reducing the likelihood and/or degree of harm from a risk and
  • it does not introduce new and higher risks, having regard to all the circumstances and
  • it is a practical measure given the circumstances in which the hazard or risk exists.

It is necessary to consider all available and suitable ways of reducing the risk, so far as is reasonably practicable.

The regulation takes the approach that the measure of ‘reasonably practicable’ may be determined through the application of CBA.

The NSW Government Guide to Cost-Benefit Analysis (refer to section 5, ‘references and useful resources’) sets out the NSW Government best-practice approach for cost-benefit analysis.

When any safety decision is made to support a SFAIRP position, the decision needs to be balanced in favour of safety. At the core of SFAIRP is the concept of 'reasonable practicability', which means that a safety measure or benefit can only be ruled out as not 'reasonably practicable' where the sacrifice in money, time, trouble or other cost of the measure or benefit is 'grossly disproportionate' to the reduction in risk.

No guidance has come from the law courts or otherwise on what represents a level of gross disproportion. The person undertaking the assessment is entirely responsible for determining whether the cost is grossly disproportionate or not. Hence a traditional CBA, which guides decision making based on benefits outweighing costs on a 1:1 basis, alone cannot justify a safety-related decision but should form part of a reasoned safety argument.

Sensitivity analysis can be used to test the reasonableness of the SFAIRP position. This may be done by increasing the safety benefit by a factor of two or three and testing the effect that this has on the benefit-cost ratio and using this to support the reasoned safety argument.

The legal obligation to comply with the SFAIRP test falls on the dam owner because a dam owner is best placed to make such judgements. A dam owner should be satisfied on a case-by-case basis that the SFAIRP test is being met.⁽⁹⁾

Some dams are not complex in nature. They may have limited operating procedures with passive or simple spillway or discharge arrangements, relatively constant flow regimes and simple outlet arrangements.

Dams Safety NSW will consider the above (and other relevant) factors when deciding whether to exempt a dam owner from the requirements of subclauses (4), (6) and (7). Relevant factors may include whether the dam safety review demonstrates that the dam meets contemporary good practice using traditional analysis techniques.

A dam owner is required to comply with subclauses (1), (2), (3) and (5), even if Dams Safety NSW has issued an exemption for their declared dam.

This means that they will be required to carry out those elements of the risk framework that are required to identify the hazards and to analyse, evaluate and treat the associated risks.

The exemption essentially applies to those elements of the framework that require a quantitative analysis and, if the qualitatively estimated risk ratings for the declared dam confirm it to be below the safety threshold, the reduction of the safety risks is to be as far as is reasonably practicable.

Dams Safety NSW will apply conditions to an exemption that are appropriate for each declared dam and to address the risks associated with the identified hazards for each dam.

Risk framework application to new dams and dams undergoing major change

The owner of a proposed declared dam must produce the risk report at the time the new dam, or the major change, is being designed.

Risk framework application to existing dams

The owner of an existing dam must apply the risk framework to determine dam risks at a minimum of five-year intervals (unless there is a separate triggering event).

Five-yearly risk reports

Dams Safety NSW suggests that the first step in a five-yearly risk report for a dam would be a review of the previous dam risk report(s). This review may determine that the hazard identification, risk analysis failure modes and risk evaluations contained in the previous report remain valid for the dam. In that case the risk report process would involve determining whether new hazards or failure modes exist⁽¹⁰⁾, or whether failure impacts have changed. The risk report would then be produced with the latest information (if any) modifying the previous report. If using this approach, the dam owner should ensure that the fifteen-yearly safety review incorporates a risk report that results from the full application of the risk framework addressing all the hazards and evaluation processes from first principles.

Dams Safety NSW plans to produce a risk-based schedule for the risk reports and may direct a dam owner to produce a report by their allocated date on the schedule. This aims to spread the risk report requirements for NSW declared dams over the five-year period from November 2021 to November 2026 to ensure there are sufficient competent specialist industry resources to meet the risk analysis requirements of dam owners.

How the risk report fits into the dam lifecycle

Appendix 1 illustrates how the five-year risk report fits into the safety management lifecycle for a declared dam.

Risk report

The results of the application of the risk framework must be presented in a report, which needs to describe:

* the hazard identification, risk analysis process, risk evaluation and risk treatment process for the dam

* how the available risk treatments associated with the failure modes are addressed (SFAIRP)

* the decisions regarding which risk treatments are to be implemented and the time frames for implementation.

Implementing the treatments

The dam owner should then ensure that the treatments are captured in the DSMS (and in the asset planning document, capital works plan (however these are named), operations and maintenance plan or emergency plan) so that they are implemented according to the schedule determined by the dam owner.

The report should include information on all the risk framework components and also set out the risk ratings for the dam.

If a consultant (a competent person) is producing the risk report for the dam owner, the owner should clarify what assumptions and what level of precision that the consultant will be using in the analysis so that the uncertainty of the result is understood. This is particularly useful when comparing two or more consultants’ proposals. The level of risk assessment should be detailed and sufficient to be able to conclude whether the dam meets the safety requirements. Sensitivity analysis is useful in determining the level of uncertainty associated with the result.

Clause 15(4) If the societal risk rating or highest individual risk rating for a dam is higher than the following (the safety threshold), the dam owner must forward a copy of the report to Dams Safety NSW as soon as practicable after the report is produced

(a) societal risk rating for an existing dam (except as provided by paragraph (b))—0.001

(b) societal risk rating for a proposed dam or for an existing dam that is to be subject to a major change—0.0001

(c) individual risk rating for an existing or proposed dam—0.0001.

The dam owner needs to submit the risk report to Dams Safety NSW if either the societal or individual risk rating for the dam is above the safety threshold. Dams Safety NSW will review the risk rating report for the dam and what measures the dam owner proposes to take to treat the risks to below the safety threshold. If necessary, Dams Safety NSW may direct the dam owner to take measures to reduce the risk rating to the safety threshold or lower.

As part of the AS ISO 55001:2014 requirements the dam owner needs to establish and maintain a performance evaluation process and an internal audit process to determine if the system is effectively implemented and maintained. The dam owner needs to act on the findings of the evaluation and internal audit processes to ensure that the system remains effective. The evaluation and audit processes also provide information for the management review (see clause 17 below).

As part of the AS ISO 55001:2014 requirements, the dam owner needs to establish and maintain a management review process to ensure its continuing suitability, adequacy and effectiveness. The regulation requires management review to be carried out annually (as a minimum) in accordance with AS ISO 55001:2014 management review requirements. If the dam owner’s organisation and dam systems are relatively stable, the DSMS may not require comprehensive change. If this is the case a review of relevant changes since the last review may be sufficient, taking into account the results of internal audits of the DSMS. A more comprehensive review could be undertaken to coincide with the five-yearly risk report cycle for the dam.

4 Dam safety management system document contents

The following example table of contents may be simplified to suit the particular characteristics of the dam and the dam owner’s organisation.

As stated in section 2, the owner of a simple dam may establish and implement a relatively simple DSMS with a correspondingly simple DSMSD.

Conversely, a dam owner with a portfolio of dams within a large organisation will likely prepare a relatively large document (or suite of documents) that may also integrate the dams safety management system within a wider asset management system.

AS ISO 55002: 2019 provides comprehensive guidance on the management system requirements of clause 13 (e) of the regulation. The dam owner should refer to ISO AS 55002:2019 so that they can adapt the requirements to their circumstances.

A concise summary is provided below for a DSMS; the following sections may be reorganised and adapted to the organisation and dam complexity (as appropriate).

Preliminary Pages

• Table of contents, revision sheet, authorisation signatories, other document control details, glossary and abbreviations

Section 1, General

• 1.1 Background
• 1.2 dam description and data
• 1.3 administration of the DSMS
• 1.4 document hierarchy within the system (operations and maintenance plan, emergency plan, other relevant documents)

Section 2, Management system⁽¹¹⁾

• 2.1 Context of the organisation
  • the organisation and its context
  • stakeholders and their needs, including regulatory requirements
  • scope of the asset management system
  • process for reporting proposed dam modifications to Dams Safety NSW 2.2 Leadership
  • leadership and commitment
  • policy
  • organisational roles, responsibilities and authorities
• 2.3 Planning
  • dam safety management objectives
    • planning to achieve dam safety management objectives
  • risk framework and risk report process
  • safety review process
• 2.4 Support
  • resources
  • competence
  • awareness
  • communication
  • information requirements
  • documented information
• 2.5 Operation
  • operational planning and control
  • reference to the operations and maintenance plan
  • reference to the emergency plan
  • management of change
  • outsourcing
• 2.6 Performance evaluation
  • monitoring, measurement, analysis and evaluation
  • internal audit
  • management review of the DSMS
• 2.7 Improvement
  • nonconformity, incident management and corrective action
  • preventive action
  • continual improvement

Section 1 of the DSMSD should contain information and instructions concerning the administration of the DSMS. Section 1 should also outline the supporting documentation including the related elements of the dam safety management system documentation.

Section 2 of the DSMSD includes the policy, process and procedures for managing the safety of the dam.

2.1 Context of the organisation

The DSMS forms a part of the organisation’s management system and should fit in with organisational objectives and wider strategic plans.

This DSMSD section should describe, or provide the reference to:

• the scope of the DSMS, which may relate to a single dam or a portfolio of dams and, for more complex dams within larger organisations, how the DSMS fits within a wider asset management system. The scope of the DSMS should be used to set out the approach to managing dam safety to enable to deliver wider organisational objectives. The requirements for the scope and context of the DSMS is described in AS ISO 55001:2014, clause 4.
• the legislative/regulatory context within which the dam owner operates and how this affects the DSMS.
• the asset management strategy or refer to a separate strategic asset management plan for the dam(s).
  • the asset management strategy for a simple dam may be contained in a single statement describing the dam owner’s future intent for the dam and broad approach to achieving that and may refer to the DSMS objectives and policy for more detail. More complex dams within more complex organisations should document a strategic asset management plan which describes how the DSMS fits into wider organisational objectives and provide links to other organisational planning documents.
• an asset management plan for the dam.
  • for simple dams, this could refer to the operations and maintenance plan and the list of planned dam improvements that are agreed following the risk report/comprehensive surveillance process. More complex dams would require a separate asset management plan for the dam.
• for larger organisations, the external and internal context of the DSMS. (Refer to AS ISO 55001:2014, clause 4.1).
• stakeholder needs and expectations.
  • these may be described in a table that includes their group/type, identity and location, number, potential impact and how often the dam owner needs to contact them and by what means. Stakeholders could include⁽¹²⁾ people living downstream, businesses downstream, local authorities, emergency services, consultants and Dams Safety NSW.
• the process that the dam owner will use to contact Dams Safety NSW when planning significant changes to the dam may be documented in this section.

2.2 Leadership

The management system standard requires the dam owner to demonstrate leadership and commitment with respect to the DSMS.

Dam safety management leadership can be demonstrated by a dam owner through positively influencing the organisation in its execution of all the requirements of the DSMS.

The dam owner may appoint a person to oversee the development, implementation, operation and continual improvement of the DSMS. However, it is important to note that ownership and accountability for asset management remains with the dam owner.

This DSMSD section should describe, or provide the reference to:

• the asset management/dams safety policy.
  • the policy:
    • is a short statement that sets out the principles by which the dam owner intends to apply the DSMS to achieve the safety objectives
    • should be authorised by the dam owner to demonstrate commitment to safety management
    • should set out the dam owner’s commitments and expectations for decisions, activities and behaviour concerning the DSMS
    • should be aligned to and demonstrate support for the objectives.
• organisational roles, responsibilities and authorities
  • roles, responsibilities and responsibilities for all the functions needed to implement the DSMS may be documented in a single section (or table) in this section and may also be documented within the DSMS’ related plans’ procedures or work instructions

2.3 Planning

As well as the management system elements for planning, this section should show how the dam owner will address the requirements of the regulation’s risk framework, risk report, and safety review clauses.

This DSMSD section should describe or provide the reference to:

• the objectives for the DSMS, which: o may include statements regarding dam owner compliance with the regulation
  • may also include objectives that relate to how the risks are identified in the risk framework
• how the risk framework is used to determine planning for dam upgrades, operations and maintenance (asset planning), the emergency planning and response activities and the risk report process for the dam
• the safety review process for the dam.

2.4 Support

This DSMSD section should describe or provide the reference to:

• the dam owner’s commitment to providing adequate resources:
  • the dam owner needs to provide the resources needed for the establishment, implementation, maintenance and continual improvement of the DSMS. This requires the dam owner to commit to providing the resources needed to meet the objectives and for implementing the activities specified in the asset management plan, capital works plan (however these are named), operations and maintenance plan, and emergency plan.
• the processes and procedures to ensure that all roles within the DSMS are carried out by people who are competent; these include:
  • management and supervisory roles
  • the specialised roles specified by the regulation - safety reviews, design checks, consequence category assessment and reviews
  • application of the risk framework and risk reports
  • all tasks required by the operations and maintenance plan and the emergency plan:
    • operating; maintenance; surveillance; emergency response tasks.
• the process to ensure that all staff and other stakeholders are aware of the importance of the DSMS and their role within it.
• the process to ensure that communication with relevant stakeholders is maintained
• the process for identifying required information and the process and procedures for managing information
• the process and procedures for creating, updating and controlling documentation
• the procedures for maintaining records in accordance with clause 27 of the regulation

2.5 Operation

This DSMSD section should describe or provide the reference to:

• a reference to the operations and maintenance plan:
  • the operations plan contains the operating, maintenance, surveillance and incident reporting to Dams Safety NSW processes and procedures
  • the special and comprehensive surveillance processes and procedures may be included in this section if they are not documented in the operations and maintenance plan
• a reference to the emergency plan
• how changes to the dam are managed:
  • risks associated with any planned change, permanent or temporary that can have an impact on achieving the asset management objectives, shall be assessed before the change is implemented
  • The dam owner needs to control planned changes and review the unintended consequences of changes and take action to mitigate any adverse effects, as necessary
• How outsourced activities are managed:
  • the dam owner needs to control outsourced activities; typical outsourced activity includes:
    • contracting the services of a competent person for consequence category assessments and review, safety review, design checks, special and comprehensive surveillance activities and risk reports)
    • selected maintenance activities
  • the dam owner needs to document the responsibilities and authorities within the organization for managing the outsourced processes and activities
  • the processes and scope for the sharing of knowledge and information between the dam owner and the contracted service provider(s)

2.6 Performance evaluation

The dam owner needs to determine what needs to be monitored and measured, the methods for monitoring, measurement, analysis and evaluation, when the monitoring and measuring is performed, analysed and evaluated and how performance is reported (including the effectiveness of the DSMS).

This DSMSD section should describe or provide the reference to:

• the processes and procedures for monitoring, measurement, analysis and evaluation referring to: o the routine surveillance processes and procedures described in the operations and maintenance plan
  • all special and comprehensive surveillance processes and procedures
• the processes and procedures for internal audit of the DSMS
• the processes and procedures for the annual review of the DSMS

2.7 Improvement

This DSMSD section should include:

• the process and procedure for managing all dam safety incidents (not just the ones that need to be reported to Dams Safety NSW) referring to:
  • the Operations and maintenance manual for the process and procedure for reporting the incidents to Dams Safety NSW that are specified in the regulation
  • the emergency plan for incidents that require activation of the plan
  • corrective action processes and procedures to prevent a recurrence of the incident (or nonconformity).
• a reference to the risk framework process for identifying potential failures and acting on these
• a commitment by the dam owner to continually improve the DSMS, and the process in place to meet this commitment.

5 References and useful resources

The following list of resources may be useful for assisting with the development of dam safety management system.

Table 4 – Useful resources for developing a dam safety management system

Appendix 1 Dam safety management lifecycle

1 Risk Framework

Section 3 of this guideline describes the application of the risk framework and the risk report process in more detail.

The regulation requires that, for a proposed declared dam, a risk report on all foreseeable risks to the dam is to be performed at the time that the dam is being designed. For an existing dam, a risk report is produced every five years (under normal circumstances, unless there is a separate triggering event).

As stated in Section 3, once an initial risk report has been produced for a dam in the operations and maintenance phase, the next five-year risk assessment and risk report should initially review the previous risk report to determine if there have been any changes to dam risks.

The dam owner is also encouraged to undertake a comprehensive surveillance exercise prior to applying the risk framework to inform that risk process. Refer to the diagram in section 5, Safety review, below.

2 Design

A dam owner must apply the risk framework at the dam design stage (or dam modification design stage) to ensure that dam failure modes are addressed by the dam design.

Management of dam safety risk within the design process is addressed in the regulation by clauses 23 and 24. Dam design needs to be carried out within a quality management system in accordance with AS/NZS ISO 9001:2016. The quality management system requires that design inputs address (among other things) potential consequences of failure and should comprehensively address all identified failure modes using up to date practices and information under the relevant specialities (defined in clause 3 of the regulation) and recognised design criteria.

A design for a high or extreme consequence category dam needs to be reviewed by an independent competent person.

3 Construction

A dam owner must apply the risk framework at the dam construction stage (or dam modification construction stage) to ensure that dam failure modes during construction are addressed.

Management of dam safety risk within the design process is addressed in the regulation by clauses 23. Dam construction needs to be carried out within a quality management system in accordance with AS/NZS ISO 9001:2016.

4 Operations and Maintenance and Emergency plan

The plans are informed by the dam safety risk framework and risk assessment process. Operating and maintenance procedures and emergency plan procedures deal with failure modes through operating processes, maintenance, monitoring and surveillance and emergency processes.

Refer to Dams Safety NSW guidelines on Operations and maintenance and Emergency plans.

5 Safety review

The regulation requires that a safety review be undertaken every fifteen years (under normal circumstances, unless there is a separate triggering event). The safety review is scheduled to occur at every third risk report, as illustrated in the following example:

A safety review assesses the safety of the dam, and comprises, where relevant, a detailed study of structural, hydraulic, hydrologic and geotechnical design aspects and of the records and reports from risk reports and surveillance activities.⁽¹³⁾

The safety review must take into account relevant developments in any of the relevant specialities or in the design criteria for dams that have occurred since the safety review was last carried out for the dam.⁽¹⁴⁾

The safety review is a comprehensive study of the safety of the dam, similar in extent to that undertaken when designing the dam and considers a similar level of design input as for a new dam design.

Background information should first be collected. This includes all relevant historical investigation, design, construction, commissioning, remedial, operation and maintenance, monitoring and inspection data and risk reports. The performance of the dam is then compared with the relevant knowledge, standards and guidelines existing at the time of the review.

Where insufficient plans or data exist, the dam may have to be surveyed and new plans drawn, or sampling and testing of materials in the dam and its foundations, geotechnical drilling and mapping and calculation of new design flood, or revised earthquake loadings may be required. Particular attention should be given to changes in land use that may have occurred since construction of the dam. This includes such activities as mining, urbanisation or clearing of the catchment area. Attention should also be given to changes in developments downstream of the dam which may be affected by or influence unusual releases from the dam. For older dams the review may need to be more extensive because of lack of data, change in design criteria (for example, uplift under a concrete dam, additional flood or earthquake data) and deteriorating conditions due to inadequate maintenance or for other reasons, such as siltation.

Conclusions should be drawn, where relevant, regarding the adequacy of the main features of the dam (i.e. foundations, main wall, spillway, outlet works, associated equipment and monitoring system). Comments should also be made regarding the frequency of inspections, surveillance program, and operation and maintenance procedures. Such comments and conclusions should consider modern developments in hydrology, hydraulics, geotechnical engineering, engineering geology, structural analysis and design criteria relating to dams. Details of the review should be outlined in a report. The report should include a summarised statement on the safety of the dam indicating whether or not the dam is in a satisfactory condition, its risk status, and what remedial or emergency action should be carried out and when to rectify any deficiencies in the dam. The report should also indicate remedial options and preliminary estimates of cost. The report should conclude with a bibliography and appendices detailing all relevant reference material, photographs, drawings, data plots, inspection reports, test results and any other information which relates to the dam's safety.

Footnotes

(1) All subsequent references to ‘dam owner’ in this guideline will mean ‘declared dam owner’ and subsequent references to ‘dam’ will mean ‘declared dam’

(2) The term ‘dam safety’ relates to risks to public safety and to environmental and economic assets

(3) Dams Safety NSW is planning to publish a fact sheet regarding whether a dam may be considered ‘simple’ or ‘not complex

(4) This may be detected by a competent person during surveillance or risk report activity

(5) The dam owner should contact Dams Safety NSW regarding this requirement if the change in consequence category is to a lesser level

(6) The dam owner should contact Dams Safety NSW regarding this requirement. The relevance of the existing safety review may not be affected markedly by a consequence category change. For example, the review might consist of an update to the last safety review and updating the risk assessment (depending on a number of considerations).

(7) This is described in Appendix 1 and covered in the Dams Safety NSW Operations and maintenance guideline

(8) Refer to Section 5 ‘References and useful resources’

(9) Adapted from Transport Asset Standards Authority T MU MD 20003 GU

(10) In other words, applying subclause 3 of clause 14, to identify if there are any changed or additional hazards and then applying the rest of the subclauses to those changed or additional hazards. The updated failure modes can then be used to produce the risk ratings. The available treatment options and risk reduction measures for the full set of hazards should be reviewed to determine if any changes to these are also required.

(11) This section covers the procedures to ensure compliance with AS ISO 55000:2014, with the additional regulation requirements included in context

(12) This is not intended to be a comprehensive list

(13) This section has been adapted from ‘ANCOLD Guidelines on Dam Safety Management 2003’

(14) Regulation clause 20 (4)