SEPTEMBER 1, 2021

Energy Storage Safety Hazard Analysis Part 1 – Product Design

Safety should be the paramount concern for battery energy storage system (BESS) stakeholders. The risk of personal injury, damage to the critical assets themselves, or harm to the local community must be taken seriously from the planning stages of the project through the installation, commissioning, operational life and eventual decommissioning of the system itself.

As I wrote in a previous blog post, before the Borrego team considers applying an energy storage unit (ESU), or subcomponent within our BESS, on a project, we employ an extensive preliminary hazard analysis covering each component within the system. By doing this, we examine real safety issues and their underlying risk. This includes oversights or deficiencies in current codes and standards and enables our project teams to assuage concerns of the AHJs and interested community members. Without an intimate knowledge of the storage products and an objective framework to evaluate them against, you are rolling the dice when it comes to designing safe energy storage systems.

This two-part blog will offer an overview of our site-specific BESS safety hazard assessment and analysis methodology. This first post digs into product design and safety; the second installment will offer drilldowns into the other key segments of our approach: project design, installation and commissioning and operations and maintenance (O&M).

Storage Product Design and Safety

Energy storage system failures such as those that occurred in the well-reported explosion and fire at the McMicken substation in Arizona in 2019 and the series of BESS fires in South Korea between 2017 and 2019 are a focal point for many, if not most, safety conversations with AHJs. The investigations following these incidents have led to much-improved ESU designs through a keener focus on prevention and mitigation, some of which is also captured or attributable to updated model codes and standards such as NFPA 855 (standard for the installation of stationary energy storage systems) and UL 9540A (the test method for evaluating thermal runaway fire propagation in battery energy storage systems).

We’ve developed a risk assessment methodology focusing on the causes and consequences of component level failures that applies Borrego’s unique risk tolerance to evaluate whether our safeguards yield a safe and acceptable result. Below is a brief outline of the assessment sequence we use in our hazard analysis:

  • Determine your organization’s acceptable risk tolerance.
  • Assuming the failure occurs, determine the immediate consequence(s) of failure.
  • Evaluate the likelihood of the failure based on available safeguards.
  • Score the severity of the consequence(s).
  • Establish a risk level based on the likelihood of failure and the severity.
  • Apply current safeguards and reassess the risk level.
  • List recommendations to bring risk to appropriate levels.
  • Implement recommendations.

Our product safety process includes, among others, the following critical steps: 

  • Review the product certifications and applied testing standards.
  • Review manufacturer failure modes and effects analyses (FMEAs).
  • Review UL 9540A test results.
  • Ensure vendors have quality systems in place for incident prevention.
  • Ensure vendors have an appropriately detailed Emergency Response Plan or guidelines that are specific to their product and evaluate systems for the recovery stage of the incident.

The example risk matrix shown below can be used to establish High, Medium, and Low ratings for each cause your team reviews. It is necessary to set specific criteria for each level of likelihood/severity and for severity to evaluate personal or public harm/fatality, commercial implications and reputation risk. 

We also ascertain whether the storage component OEMs and integrators have developed and adopted the right safety systems to stay ahead of industry needs. As part of that investigation, we determine if there are any unanswered questions and concerns as far as certifications,  intent to field evaluate, or test data are concerned. A topical application of this review is differentiating between versions of the UL 9540A test standard. 

UL 9540A – An Imperfect Standard

Over the past few years, several astute permitting jurisdictions and industry professionals have questioned the validity of UL 9540A Rev 3 results and therefore the applicability of the results in safety system design. Specifically, they have called into question if the enforcing laboratories met the intent of the fire testing standard (to simulate a full thermal runaway event) or were merely following the written procedure while failing to demonstrate the actual consequence of a full cell, module, or unit level failure. In this case, Borrego still does a detailed review of the UL 9540A test report, but takes into account two failure modes (which is not the industry norm for FMEAs or HMAs) and reviews additional safeguards that must be in place in order to avoid the downstream consequence of a failure cell.  

Safety is foundational and it all starts with product design. Coming soon, look for the second installment of this two-part blog, where I will discuss the three other segments of our storage safety approach: project design, installation and commissioning, and O&M.

Kyle Cerniglia

Director of Energy Storage Engineering

Previous Post Next Post