Hazop leaders manual final

HAZOP Training Workshop

___________________________________________________________________


For

NOMAC


___________________________________________________________________

PHA Introduction

The OSHA PSM regulation states that “Process Hazard Analyses (PHA) should be performed at specific intervals.” A HAZOP is one type of PHA and is therefore a way to identify potential hazards in your facility.

A number of serious incidents have led to the OSHA PSM regulation. Those incidents listed below were the main drivers for action to be taken.

Flixborough UK, 1974, 29 dead, Cyclohexane explosion

Seveso Italy, 1976, Dioxin release

Bhopal India, 1984, 3,000 dead, MIC toxic release

Piper Alpha North Sea, 1988, 167 dead, platform fire

Phillips 66 Pasadena, Texas, 1989, 23 dead, vapor cloud

What is a Process Hazard Analysis (PHA)?

OSHA 1910.119 defines a PHA as “an organized and systematic effort to identify and analyze the significance of potential hazards associated with the processing and handling of highly hazardous chemicals.”

The regulation also specifies what is considered to be a highly hazardous chemical. The definition is covered in the next chapter of this workbook.

Why Conduct PHAs?

Minimize catastrophic process incidents

Increase understanding of process thereby improving operations

Avoid large fines from regulators

PHA Characteristics

Is team-based and synergistic

Relies significantly on process information package

Provides systematic and consistent methodology

Uses Nodes (small, individual, discrete segments and systems) to conduct the study

Recommends concepts, not specific redesign

Resolves action items through to closure

PSM Drivers and Initiatives

CCPS (Center for Chemical Process Safety, USA)

CMA (Responsible Care, Canada)

API (RP 750)

OSHA (1910.119)

EPA

ISO 9000, 14000

Legislation

Current worldwide legislations are moving rapidly toward requiring companies to adopt formal “Risk Assessment Policies.” As with environmental regulation, the penalties for failure to comply are becoming more onerous.

To discharge their responsibilities, companies must show that they have:


___________________________________________________________________ 1. A documented Corporate Risk Management Policy.

2. A documented Risk Management (and Loss Prevention) Plan that is practical, implemented, and adequately funded.

3. An ongoing documented program to carry out the studies required for the Risk Management Plan and to implement their recommendations.

Most companies have produced statements of policy for safety and risk management. In many cases the actual implementation of the program is less than desired.

Any formal plan for implementing effective risk management must include an initial phase to identify hazards which may exist. The second phase involves prioritizing or quantifying the level of risk associated with each hazard. This involves determining the expected consequences and estimated frequency of occurrence. There are many tools to accomplish this task. These tools range from qualitative judgment to specially designed computer software programs developed specifically for this purpose. Phase 3 is then to „manage‟ these risks in terms of “control or reduction.” It is no longer socially acceptable to merely buy enough insurance coverage.

OSHA 1910.119, Management of Process Hazards

The most widely accepted and known legislation in the United States and elsewhere in the world is the OSHA 1910.119. This recently promulgated federal regulation requires the companies to adopt formal risk management policies and has 14 elements.

1. process Safety Information

2. Process Hazard Analysis (PHA)

3. Operating Procedures

4. Training

5. Contractors

6. Pre-Startup Safety Review

7. Mechanical Integrity

8. Hot Work Permits

9. Management Of Change (MOC)

10. Incident Investigation

11. Emergency Planning & Response

12. Compliance Safety Audits

13. Employee Participation

14. Trade Secrets

According to OSHA, Process Hazard Analysis must address the following factors:

Hazards of the process

Any previous incident

Consequences of control failures

Facility siting

Human factors

Range of safety consequences to workers

OSHA PHA Methods

Although this workshop focuses primarily on Process Hazard Analysis and HAZOP, many of the other elements will be discussed from time to time as they interface and interact with PHA program development and implementation issues.

Of these requirements, PHA is central to the success of process safety management and will therefore be covered in the greatest detail. A PHA can be accomplished through a number of methods. The type and level of detail needed as a result of the study will be the biggest factors in determining which of the methods is appropriate for the study. The following methods are acceptable to OSHA as ways of identifying hazards:

HAZOP (Hazard and Operability Study)


___________________________________________________________________ “What-If”

Checklist

“what-If”/Checklist

FMEA (Failure Mode And Effect Analysis)

Fault Tree Analysis

Other “appropriate Equivalent Methods”

Since there are a number of acceptable hazard identification techniques available, the selection of the proper technique is important if the goal of maximum risk reduction for the lowest cost can be achieved. The choice of methodology obviously depends on the system and its complexities, but the following must be considered:

Experience and historical records have proven to be inadequate since they are neither predictive nor proactive by nature.

The techniques must be comprehensive, systematic, and proven.

Although HAZOP is a technique which fills the requirements, not every project or process change requires the rigor of HAZOP nor can the commitment of resources be justified to use it as the only hazards identification tool. There are many situations involving relatively small or minor changes to process chemicals, technology, equipment, procedures and facilities where the application of a Checklist will provide an adequate understanding of potential hazards. On the other hand, there exists a rather large difference in the level of thoroughness between a HAZOP and checklist review. Perhaps more significant is the number of project and process change PHA studies which require a moderate level method to analyze the many circumstance which fall between these two extremes.

Definition of HAZOP

HAZOP: Hazard and Operability Study

Systematic procedure used to review design and operation of potentially hazardous process facilities

Identifies and examines deviations from design intent that could lead to hazards or significant operability problems

Evaluates existing safeguards and develops recommended actions where necessary to reduce risk or enhance operability

Ranks the identified hazards for the management to prioritize the allocation of resources

Glossary of Terms

Glossary of Terms

Accident A specific unplanned event or sequence of events that has a specific undesirable consequence.

Checklist An experience based compilation of questions designed by qualified experts to enable others (”checkers”) having no particular expertise in the operation to evaluate its suitability based upon the criteria implied or cited within the list.

Deviation A departure from the design and operating intention.

Frequency Number of occurrences of an event per unit of time.


___________________________________________________________________

Guidewords During study sessions, the team tries to visualize all possible deviations from every design and operating intention. Broadly speaking, there are many kinds of deviation, each of which can be associated with a distinctive word or phrase. Collectively, these are called guidewords because when used in association with a design and operating intention they guide and stimulate creative thinking towards appropriate deviations

HAZAN Hazard Analysis. The identification of undesired events that lead to the materialization of a hazard, the analysis of the mechanism by which these undesired events could occur, and usually the estimation of the frequency of any harmful effects

Hazard A deviation which could cause damage, injury or other form of loss.

A chemical or physical condition that has the potential for causing damage to people, property or the environment.

Hazard Assessment The review of consequence results from previously identified hazards (e.g. HAZAN), linking these and plant or nearby vulnerabilities (onsite or offsite) ranking them, and categorizing them as to whether they need to be mitigated.

Hazard and Operability (HAZOP) Study

The application of a formal systematic critical examination of new or existing facilities to assess the hazard potential caused by deviations from the design intent and their consequential effects on the facility as a whole.

Model A representation of these intentions in a form suitable for study by the technique. In the majority of cases, conventional drawings, etc. are adequate and no special representation is necessary.

Process Flow Diagram (PFD)

A chart setting out the sequence of a flow of activities using symbols such as ASME standards.

Reliability / Availability

The probability that the equipment operates on demand or is available over a nominated period

Risk A measure of economic loss or human injury in terms of both the incident likelihood and the magnitude of the loss or injury.

Risk Assessment The process by which the results of a risk analysis (i.e. risk estimates) are used to make decisions, either through relative ranking of risk reduction strategies or through comparison with risk targets.

Study Definition A statement of the objective and scope of a study.

Study Team A small group of people (normally three to six) who carry out the study.

Technical Recorder (scribe)

A person who helps organize the various meetings, takes notes during the study sessions and circulates the resultant lists of actions or questions. This individual also prepares the HAZOP study report, with the assistance of the study leader.


___________________________________________________________________

Technical Team Members

Members of a study team whose main contribution consists of explaining the design, using their knowledge, experience, and imagination during team discussion and making decisions on changes.

Team Leader A person trained in the methodology of HAZOP studies who will advise and assist the study in general and, in particular, use the guidewords, stimulate the team discussion and ensure comprehensive coverage during examination sessions. In the absence of a study technical recorder, this person will also note actions or questions that arise during these sessions.

PSM of Highly Hazardous Chemicals, OSHA 29 CFR 1910.119

OSHA 1910 Key Definitions

Key Definitions

Highly Hazardous Chemical A substance possessing toxic flammable or explosive properties and specified in the regulations.

Process An activity involving the use, storage, manufacturing, handling or on-site movements. Any group of vessels that are interconnected, &separate vessels that are located such that a highly hazardous chemical could be involved in a potential release, shall be considered a process.

Catastrophic Release A major uncontrolled emission, fire or explosion involving one or more highly hazardous chemicals that presents serious danger to employees in the work place.

Normally Unoccupied Remote Facility

A facility operated, maintained, or serviced by employees who only periodically visit. It contains no permanently stationed employees.

OSHA 1910.119: Management of Process Hazards

Chapter 1 of this workbook introduced the elements of 1910.119, and this chapter will further detail the requirements contained within the regulation.

Process Safety Information (PSI)

a. Information on Highly Hazardous Chemicals used

b. Physical and chemical properties

i. Toxicity and mixing hazards

ii. MSDS may be adequate

c. Information on Process Technology

i. Simplified PFD

ii. Process chemistry, maximum inventory

iii. Temperature and pressure limits

d. Information on Equipment Employed


___________________________________________________________________ i. P&IDs

ii. Materials of construction

iii. Relief and ventilation system design

iv. Safety systems (e.g. interlocks, detectors)

v. Electrical area classification

vi. Design codes employed

vii. Material and energy balances

2. Process Hazards Analysis (PHA)

a. To be conducted in order of priority: potential hazards, numbers of people at risk, age of equipment, operating history

b. Aim: Identify, evaluate and control possible hazards

c. Techniques include the following:

i. “What-If”

ii. Checklist

iii. “what-If / Checklist”

iv. HAZOP

v. FMEA

vi. Fault Tree Analysis

vii. Appropriate equivalent method

d. PHA scope should include

i. Process hazards

ii. Previous potentially catastrophic releases

iii. Engineering and administrative controls

iv. Consequences of failure of engineering and administrative controls

v. Facility siting

vi. Human factors

vii. Qualitative employee consequence estimation

e. Form a team with at least one member knowledgeable in the process being evaluated

f. One team member must be knowledgeable in the PHA technique

g. Track findings and recommendations. Implement in a timely manner

h. Update / revalidate PHA every 5 years

3. Operating Procedures

Written operating procedures must be developed and implemented covering the following:

a. Phases of operation

i. Initial startup

ii. Normal/temporary operations

iii. Emergency shutdown (ESD)

iv. Emergency operations

v. Normal shutdown

vi. Startup following turnaround


___________________________________________________________________ b. Operating limits

c. Safety and health considerations

d. Safety systems and functions

4. Training

a. Initial training

i. At the time of hire

ii. When assigned to a new process

b. Refresher training every 3 years

c. Training documentation

i. Proof that training was received and understood

ii. Dates of training

iii. Means of training verification

5. Contractors

This element applies to contractors providing maintenance, turnaround, or specialty work on covered or adjacent processes. It does not apply to contractors providing incidental services not affecting safety.

a. Employer Responsibilities

i. Evaluate contractor safety performance

ii. Inform contractor of relevant safety hazards

iii. Explain emergency plan to contractors

iv. Develop safe practices to control entry, presence and exit of contractors

v. Confirm contractor fulfilling his duties

vi. Maintain contractor injury and illness log

b. Contractor Employer Responsibilities

i. Assure employees are trained for safe working

ii. Train employees in local hazards and emergency plan

iii. Maintain a training log for each employee

iv. Assure employees follow site safe work practices

v. Advise site of unique hazards in their work

6. Pre-Startup Safety Review (PSSR)

a. Required for new facilities or modifications requiring change to process safety information

b. Ensures construction and equipment meets design specifications

c. Ensures safety, operating, maintenance, emergency procedures in place

d. PHA should be completed and recommendations resolved for new plants

e. Operating staff should be trained before startup

7. Mechanical Integrity

a. Applicable to the following equipment

i. Pressure vessels and storage tanks

ii. Piping systems and valves


___________________________________________________________________ iii. Relief and vent systems

iv. ESD systems

v. Controls (monitors, sensors, alarms, interlocks)

b. Establish written procedures to maintain integrity

c. Train employees in process maintenance hazards

d. Inspect using good engineering practices

e. Correct equipment deficiencies in a timely manner

f. Perform quality assurance in fabrication, installation and maintenance

8. Hot Work Permits

a. Permit system required for hot work on or near covered processes

b. Document necessary precautions for fire prevention and protection

c. Document authorized date(s) for work and equipment on which the work will be done

9. Management of Change (MOC)

a. A written change procedure is required for all changes affecting covered processes except replacements in kind” to any of the following: chemicals, technology, equipment, procedures and facilities. Prior to the change, the procedure must address the following:

i. Technical basis of the change

ii. Impact on safety and health

iii. Modifications to operating procedures

iv. Time period for the change

v. Authorization requirements

b. Employees must be notified prior to startup

c. Process safety information must be updated

d. Operating procedures must be updated

10. Incident Investigation

a. Required for actual or potential catastrophic releases

b. Must be initiated in 48 hours

c. Investigation team must be knowledgeable in the process involved and the investigation techniques being used. If a contractor was involved, a contractor representative must be present

d. Report content should include date, description, contributing factors, and recommendations

e. Details must be communicated to employees and contractors

f. Report must be maintained for 5 years

11. Emergency Planning and Response

a. Emergency action plan must be implemented

i. Emergency escapes procedures and route assignments

ii. Emergency procedures for critical equipment

iii. Employee and casualty accounting

iv. Rescue and medical duties


___________________________________________________________________ v. Preferred means of reporting the emergency

vi. Contact points for further information

b. Procedure for handling small releases must be included

12. Compliance Audits

a. Employers certify compliance every 3 years

b. At least one person knowledgeable in the process

c. Audit report to be developed

d. Documented follow-up system to correct all deficiencies

e. Last two audit reports to be retained, including corrective actions

13. Employee Participation

OSHA PSM requires that employers have a written action plan for implementing employee participation. As part of this element, employees and representatives should also be consulted on the conduct and development of the PHA and other PSM elements related to their work. Individuals must also have access to all OSHA 1910 information.


___________________________________________________________________

HAZOP – Disturb Your Thinking

Introduction and Overview of HAZOP Methodology

Hazard and Operability (HAZOP) studies are undertaken by the application of a formal, systematic, and critical examination of the process and engineering intentions of a process design. The potential for hazard is thus assessed and malfunction of individual items of equipment and the consequences for the whole system are identified. This systematic examination of the design is structured around a specific set of guidewords, which ensures complete coverage of all possible problems while allowing sufficient flexibility for an imaginative approach.

The HAZOP approach is based on generation of questions to ensure comprehensive and systematic coverage of all the relevant areas in the design of a process. These questions are asked in an ordered and creative manner by design and operations personnel with technical experience and expert knowledge of the particular process design. The aim of the questions is to identify any design faults or process deviations that might exist which could lead to safety or operability problems.

HAZOP studies normally involve a team that has experience in the plant or design to be studied. These team members apply their experience of the design and their technical expertise in the HAZOP study sessions to achieve the aims of the HAZOP.

Each HAZOP has a set of objectives that are particular to that study and which are decided as near to the beginning of the study as possible. These are dealt with in detail in later sessions. However, there is a set of four overall aims to which almost any HAZOP should be addressed:

1. To identify all deviations from the way the design is expected to work, their causes, and all the hazards and operability problems associated with these deviations.

2. To decide whether action is required to control the hazard or the operability problem and if so, to identify the ways in which the problem can be solved.

3. To identify cases where a decision cannot be made immediately and to decide on what information or action is required.

4. To ensure that actions decided upon are followed through.

The HAZOP study is primarily a hazard identification tool. The study may not be able to resolve all the hazards that arise at the meeting and so firm recommendations for change cannot always be guaranteed to result from deliberation at a HAZOP study meeting. The meeting may decide that it requires further information, or that a detailed study of a particular issue is necessary. Other personnel who did not attend the meetings may answer one of the questions, and some issues could require, for example, specific hazard analysis. For example, dispersion modeling is often required when the team is not sure of the potential consequences.

The HAZOP study is completed to draft report stage by the issue of a report summarizing the study and giving a specific list of recommendations, together with the worksheets on which the outcome of group discussion is recorded. The final report is issued when management action has been decided for each of the items covered in the interim report. The final report documents these actions, alternate solutions, or management reasons for accepting the risk.

The plant is considered section by section, line by line, and item by item, but never in complete isolation. Questions about the process are based upon guidewords, which investigate deviations from the intention of the design. The guidewords are used to ensure that the questions will explore every conceivable way in which the design could deviate from the intention.


___________________________________________________________________ HAZOP therefore searches a proposed or existing design, looking systematically for every process deviation from normal. Once the possible deviations have been identified, the study progresses to consideration of the following:

• Possible causes of deviation

• Possible consequences of deviation

• Existing safeguards to prevent or mitigate any adverse/unacceptable consequence

The possible causes of one deviation may be found to be unrealistic and so the derived consequences are rejected as not meaningful. It is also possible for the consequences to be trivial so that the deviation would not be considered any further. However, cases when causes are realistic and consequences are serious will be identified. These potential hazards are then noted for remedial action. It is important that the team works with a complete set of guidewords in some logical order, such as established through the use of a keyword matrix.

The ideal HAZOP study team consists of five to seven primary members having expertise in design, operations, and maintenance. The premise for the HAZOP technique is that several experts with different backgrounds can identify problems more efficiently when working together than if working separately and later combining their individual results.

Two key members of the team are the team leader who is also experienced in the methodology of HAZOP and has considerable experience with a variety of processes, and the recorder/scribe who records the session. The team leader stimulates and facilitates team discussion to ensure comprehensive systematic coverage of all the relevant areas. The team leader must take the final responsibility for ensuring that all the tasks involved in planning, running, recording, and implementing the study are carried out. During the study, his main task is to ensure that the team works together towards a common goal. The recorder should take notes of the study and record recommendations in enough detail for them to be understood by all. He should refrain from taking part in the discussions until after his recording responsibilities are under control. Individual members should use their experience, training and judgment to identify any issue which should be discussed by the team as a whole, and put it forward. They should then assist the team in resolving issues by suggesting changes that may overcome the problem. They should be prepared to assist the team in arriving at a consensus.

The team must keep in mind that its primary purposes are to identify potential hazards and operability problems and to recommend course of action that will resolve these issues. It is not the team‟s job to develop detailed solutions to the problems that are identified, nor should they try to redesign the process.

It is normal to prepare a draft report listing the recommendations made, and the circumstances requiring the changes, etc. A final report is produced later, when decisions have been made on what to do with regard to each recommendation. The actions taken, and future action, are recorded in the final report.

Definition of HAZOP

“Structured Brainstorming”

OR

“Formalized Imagineering”

• Formal procedure to review design and operability of hazardous process facilities

• Identifies deviations from normal operation that could lead to hazard or operability problems

• Identifies possible causes of these deviations

• Evaluates existing safeguards

• Recommends actions, if necessary, to overcome the problems


___________________________________________________________________ • Ensures recording of results, including recommendations

Why conduct a HAZOP Study?

• As an aid to design a safe plant

• As a step in the overall procedure of safe plant design

• As a training aid

• As an aid to design an operable plant

• As a cost saving exercise

• As an aid to preparation of operating manuals

• As a rigorous, systematic check of the design, for safety, operability, conformity with codes, etc.

• To demonstrate to management and authorities (and the public) that everything that can possibly be done has been done in order to avoid hazards

Hazards that result in human facilities in the oil, gas, petrochemical, and chemical process industries have been generally classified into two major categories, process safety and traditional safety. Process safety deals with those hazards related to processing, handling and storage of hazardous chemicals, while traditional safety deals with those generic hazards inherent in any industrial environment, regardless of what type of process is in operation. Examples of traditional safety concerns include: personnel protective equipment, safety training programs, safety equipment inspections, OSHA (or other equivalent) regulations, slips-trip-and fall hazards, electrocution, respiratory protection, machine guarding, etc.

There is increasing concern on the part of citizens, politicians, and regulators that process safety hazards are not being adequately controlled. Risk tolerance levels and expectations are changing. Some hazardous chemicals, such as, ammonia and chlorine have been in common use for many years. For chemicals such as these, it has been possible over the years to build up enough experience to recognize the inherent hazards, and to develop effective measures to minimize the risk of a major event. However, with advancing technology it is not practicable to continue this past practice of learning from experience and developing comprehensive codes, particularly in the major risk areas. Society and regulatory bodies no longer have the patience to accept this approach. Even if this were possible, the use of equipment-oriented practices as the sole basis for ensuring adequate design is obviously not very satisfactory. Complementary process-oriented methods are also required. As a result, it has become necessary to develop and adopt systematic procedures for carrying out formal hazard identification and risk assessment of possible hazards for any new design (or modification) in order to supplement the knowledge of the specialists and the experience summarized within codes of practice.

These formal hazard control procedures offer enormous potential for improving safety, reliability, and operability of a modern process plant by recognizing and eliminating potential problems at the design stage or following a modification. Moreover, the importance of formal identification and elimination of such problems has been accentuated by economic pressures to build larger single-stream units. The need for more critical process reviews has resulted in the development of the Hazard and Operability (HAZOP) study methodology.

HAZOP Studies: Background

The HAZOP methodology was developed by Imperial Chemical Industries in the UK and is now widely used throughout the chemical and petroleum industries. It is based on the supposition that most problems are missed because the system is complex rather than because of a lack of knowledge on the part of the design team. It can be used effectively at several stages during the lifecycle of a chemical processing plant. It is most commonly used as a final design check at the stage when the detailed piping and instrument diagrams are essentially firmed up. It has also been applied to study existing process units.


___________________________________________________________________ The technique aims to stimulate imagination of designers, operators, maintenance personnel, etc. in a systematic way so that they can identify potential hazards related to deviations from intended design conditions. The technique is extremely flexible. It can be applied to all types of plants, ranging from large continuous ones such as a petroleum refinery or ammonia plants, through small batch units to individual proprietary items of equipment such as incinerators or machines for producing sheets of plastic. The methodology can be used for many other applications such as written procedures, etc.

HAZOP methodology was developed in order to identify, not quantify, hazards. However, once the hazards have been identified, it can be useful to evaluate the level of risk imposed by the hazard. The risk of an event is defined in terms of consequence (or severity) and frequency (or likelihood). The term “hazard analysis” (HAZAN) is often used to define this process. Hazard analysis can include the use of risk matrices, several quantitative techniques such as Fault Tree Analysis (FTA), failure mode and effect (FMEA), consequence modeling, etc. the hazard analysis may be formally extended into a Quantitative Risk Assessment (QRA) which expands the analysis to summarize the total risk from all hazards within a defined set of geographical boundaries in quantitative terms.

Description of HAZOP Studies

• Formal structured review

• Multi-disciplinary team searches for deviations from design intent

• Brainstorming stimulates creativity

• An experienced leader guides the team through the facility design

• Deviation from design intent are generated by applying guidewords to process parameters for plant items throughout the system

• For each deviation, the team identifies any credible causes and significant consequences

HAZOP General Sequence

A general sequence of HAZOP methodology is shown below.


___________________________________________________________________

Purpose and Objectives of HAZOP

The purpose is to identify and evaluate potential hazards that result from deviations from the design intent of a process. A HAZOP study can also be used in part as a training aid for plant personnel and in the preparation of operating manuals. It can be used for a new process or for modifications to existing facilities for safety, operability, and conformity with codes of practice, etc.

A further problem experienced in the design process which can be overcome by the application of a HAZOP study is the tendency to focus attention only on those aspects of the design for which the individual; departments are responsible for example:

• Suitability of materials of construction

• Adequacy of blow down and relief facilities

• Suitability of proposed instrumentation

Why not just use “Process Safety Review” rather than HAZOP?

• Usually lacks systematic structure

• Potentially inconsistent

• Highly dependent on personal experiences

• May not meet regulatory requirements

HAZOP is different from traditional “process design/safety reviews” because it:

• Has a well defined scope

• Is structured

• Is a team based approach study

• Is systematic

• Is thorough

• Is systematically documented

Why not just use Engineering Codes & Standards for hazard control, rather than HAZOP?

• Consensus documents (minimum standard acceptable)

• Basis is arbitrary (no consequence analysis)

• No account for unique site features

• Not well-enforced later

• Do not consider cumulative risk

Justification for HAZOP

HAZOP is a very time consuming process, and because it requires the most knowledgeable people as its team members, it is often difficult to justify the necessary resources.

ICI collected some data for several of their operations in the UK to evaluate the benefits of using HAZOP technique over a number of years. They looked for suitable criteria to be able to compare the benefits as given below:

• Number of major modifications

• Number of minor modifications

• Relative time from startup to design flow sheet rate

The following table shows that there were sufficient differences to justify HAZOP study in the design phase of the projects which resulted in fewer modifications and achieved design rate


___________________________________________________________________ more rapidly than those which were not studied. In view of high cost of late modifications and the financial benefits of rapid achievements of flow sheet rate, most companies in the chemical process industry would accept this as a good justification. If confidence in the control of process hazards is a secondary benefit, HAZOP is easily justified.

Timing of HAZOP Studies

A HAZOP study can be conducted at various times in the life cycle of a plant such as:

• “Concept” phase studies

• Design phase studies

On first P&IDs

At design freeze

Late design phase

Pre-startup

• Operating phase studies

Post-startup

Modifications

Periodic

Concept Phase

In the early life of the project, before the process flow is frozen, there are some major decisions to be made, such as:

• Process to be used

• Storage inventories

• Site selection

• Site layout

• Plant capacity

HAZOP studies during this period concentrate only on identification of major hazard implications, but can be used to question the need to run certain risks, and the necessary control and safety measures. Such studies are aimed at optimizing the above variables in relation to safety, and improving the quality of capital cost estimating by identifying special safety systems costs associated with certain process or siting options.

Design Phase

A design phase HAZOP cannot be carried out before the P&IDs are completed. However, it should be carried out as soon as possible thereafter. By far the best time to carry out a full HAZOP study is at the “detailed design freeze” stage. At this stage, sufficient detail has been developed around the design intention to allow the essential questioning mechanism of HAZOP to obtain meaningful answers. At the same time it is possible to change the plant design without incurring unnecessary expense.

It is possible to carry out a study of sections of a plant, the designs of which are established and detailed in advance of others. Care should be taken, however, to review these later to ensure that interactions with other sections of the plant have not introduced new hazards.

The size of the project also has influence on the timing of the study. A HAZOP on a large project may take several months even with two or three teams working in parallel on different sections of the plant. It is thus necessary to either:

1. Hold up detailed design and construction until HAZOP is complete, or


___________________________________________________________________ 2. Allow detailed design and construction to go ahead, and risk having to modify the

detailed design or even alter the plant when results of the HAZOP are known.

Ideally, the design should be planned to allow time for the former option, but if completion is urgent the later may have to be accepted.

Modifications

While a HAZOP may be most cost-effective when analyzing a new design, there should also be an understanding of the hazard potential of existing plants. The later can continue in operation for many years and can be modified or de-bottlenecked several times during this life. Unless such modifications are very carefully handled, they could have compromised the safety margins or safety concepts built into the original plant design.

If an expansion or a modification to an existing plant is planned, then the HAZOP study should be conducted at a point in time when the PFDs or P&IDs accurately represent the planned change. All recommendations should be resolved before start-up.

In order not to incur unnecessary delays or idled manpower, the study may be conducted on modules, the designs of which are established and detailed in advance of others. However, just as with a new plant, care should be taken to review these later to ensure that interactions with other modules have not introduced new hazards.

Whether or not modification HAZOPs have been carried out, operating plant studies should be carried out approximately once every five years or as per the local policy. This is appropriate because of inevitable changes in equipment operations or knowledge that will occur over a period of time. This sort of “re-visiting” of a design is also reflected in the OSHA 1910 regulations for precisely these reasons.

When making arrangements for a study on an existing plant, extra time must be allowed for preparatory work since P&IDs and operating instructions are often found to be out of date.

Even more care than usual is required at the definition stage. The team will produce recommendations and some of these might require significant changes to the plant. It is important to be quite clear who will be responsible for acting on these recommendations. Also, it will be necessary to install procedures for follow-up and monitoring of actions. This normally exists with a new capital project but may not exist to the same extent when modifications are being carried out on an existing plant.

The Importance of Consensus

HAZOP is a team technique, and its deliberations will form a report relating to the safety of a process facility. Ideally, a HAZOP team is chosen from those people with most knowledge and experience of the plant or process, the hazards involved, and other factors of importance. Their judgment is likely, therefore, to be most informed within the company. Team members must actively seek consensus by sometimes accepting what they consider to be „second best‟ if their first choice cannot achieve consensus.

The reasons why it is so vital for the team to reach consensus whenever possible can be summarized as follows:

• Consensus avoids „minority‟ reports

• Consensus on actions saves time outside the meeting

• Consensus for further study allows any diverging views to be communicated to the study team

• Consensus on no action being necessary ends the issue in the meeting

Responsibility for HAZOP Studies

Manufacturing groups have the responsibility to operate facilities safely and maintain them in good mechanical order so that the units will perform reliably to produce a quality product at a competitive cost. The role of the Plant Manager in this responsibility should be to:


___________________________________________________________________ • Promote development and use of safe operating procedures

• Ensure that a PHA management system is implemented, and ensure that studies are conducted for each operating unit on a periodic basis, and for modifications

• Provide for appropriate participation and leadership for these PHA studies

• Appoint a PHA coordinator to coordinate and facilitate the PHA program

• Follow up on action recommendations developed by the PHA study.

When there are to be process expansions or modifications, then it should be the responsibility of the Project Manager to:

• Appoint a recorder and team leader

• Ensure the study is scheduled at a proper time in the design phase

• Make available appropriate personnel to participate in the study as team members

• Make certain that adequate time is allocated in the project schedule for conducting and following up the HAZOP study activities

• Assist the HAZOP study leader in arranging for meeting sites, outside members, and designer representatives

• Include appropriate considerations in the design stage for safety and loss prevention and ensure that all applicable design checklists are reviewed

• Ensure that normal safety design is not omitted just because a HAZOP study is to be carried out

In a typical plant environment, modifications to existing units are a constant and at times an almost daily activity. Most modifications are a routine occurrence and well thought out, but it is still critical that the principles of a hazard review be applied to such modifications no matter how simple or seemingly trivial the modifications may be.

It should be the responsibility of the supervisor of the primary work activity to determine the applicability of the scheduling for a HAZOP study of minor unit modifications.

Study Output / Recommendations

Recommendations made by the HAZOP study team may involve a change in the process, a change in the process conditions, an alteration to the physical design, or a change of operating method. There may also be recommendations for specific studies to be carried out in order to resolve questions raised and not resolved during the study or questions to the management. All of the specific studies and items recommended for actions must be reviewed by responsible plant or project management.

HAZOP Guidewords

HAZOP methodology was developed by ICI in the U.K during the 1960s. Early in that decade, ICI decided that they required a more formalized technique for critical analysis of plant design. They had reviewed the techniques being used in various parts of the company, and concluded that their quality was too heavily dependent on the people who made up the study teams. A series of serious incidents convinced them that a more formalized technique was required. They asked the method study experts in the company to devise a formal review technique, and to hand it over to the engineers for use in new plant reviews.

The technique relied on a set of seven guidewords to be applied to each section/node of the design under review and deviations from these guidewords were examined in detail for possible hazard scenarios.

Over all these years, experienced HAZOP leaders have developed and refined the original set to a more comprehensive set of guidewords to meet specific needs of less experienced leaders.


___________________________________________________________________

Alterations

It should be pointed out that the generic guidewords list is subject to change continuously. It is expected that individual companies will develop their own site-specific lists. In some cases some guidewords are not used often and in other cases use of some others does not seem to exactly fit. Some examples of possible alterations are as follows:

1. LOSS OF CONTAINMENT – Some companies find it useful to discuss this as a separate issue, particularly when the HAZOP is a precursor to a QRA. Inclusion in existing guidewords sometimes causes confusion. For example, if something like a line rupture is used under the NO FLOW deviation, the argument is often made that there is NO FLOW after the break, but MORE FLOW upstream of the break even the possibility of REVERSE FLOW if the material comes backwards to the rupture.

2. LESS FLOW – this often is covered under NO FLOW and could possibly be combined with NO FLOW.

3. COMPOSITION CHANGE AND CONTAMINATION – these could be combined. In addition CORROSION/EROSION could be included in this guideword.

4. ABNORMAL OPERATIONS – some companies have renamed this as INFREQUENT OPERATIONS which is considered more descriptive.

5. AMPLING – some companies have incorporated this into HUMAN FACTORS or SAFETY.

6. IGNITION – could be incorporated into SAFETY or OTHER guideword.

7. SPARE EQUIPMENT – could be incorporated into SAFETY or OTHER guideword.

8. SITING – A possible additional guideword. Particularly useful for expansions; plant layout conducive to safety; equipment hazards to other equipment; control stations, or critical communications systems; unusual or unnecessary nuisances such as odor or noise.

9. HUMAN FACTORS - An additional guideword. Particularly useful for expansions; too few or too many alarms; ease of operating or maintaining equipment; accessibility (e.g., space, multiple exits); lighting; hazard warning signs; existence of complete and updated written procedures; training; staffing.

10. OTHER – Same as current usage of SAFETY and a more accurate description than SAFETY which applies to all categories.

Planning Issues

1. Identify scope and boundaries

2. Select team

3. Supporting documents package

4. Logistics, ground rules, and schedule

5. Study sessions

6. Follow-up actions and recommendations

7. Final documentation and report

Choosing a Team

“Few accidents occur because the design teams lack knowledge; most errors occur because the design teams failed to apply their knowledge.”

Trevor Kletz

HAZOP Team Qualifications

• Technical Recorder (scribe)

a. Engineering Terminology

b. Process Safety Technology

c. Writing Ability


___________________________________________________________________ • All Members

a. Hands-on Plant Experience

b. Available

c. Interested and Committed

• Expertise in the specific discipline that he/she is representing

Team Responsibilities

• Identify all causes of deviations that lead to safety or operability problems

• Differentiate between the consequences and group them as safety or operability issues

• Identify and evaluate existing safeguards that prevent or mitigate the consequences

• Recommend measures to overcome the consequences where existing safeguards are judged to be inadequate

• Ensure that their recommendations address all serious consequences

• Recommend further study if they are in doubt of the seriousness of any consequences

• Achieve consensus whenever possible

• Ensure no issues raised escapes being recorded

• Meet attendance commitment for team sessions

Responsibilities of Individual Members

• Use personal experience, training and judgment to identify any issue that should be discussed by the team and to put it forward

• Use personal experience, training and judgment to assist the team in solving issues by suggesting possible changes which may overcome the problem

• Listen to what others say, and assist the team to arrive at consensus by not “sticking to his guns” unless absolutely necessary

Selecting the Team

The HAZOP leader may not have direct responsibility for team selection, but should normally be asked to advise by the manager responsible for commissioning the study.

Team size is important. Less than three contributing members (i.e. excluding the recorder and the leader) will probably reduce team effectiveness. More than six contributing members cause the time taken to increase rapidly. Hence, a team size between five and eight is probably the optimum.

Team balance is a very important issue. There are various functions necessary or desirable within the team, but is not always necessary for all of these roles to be filled. It is often possible for two functions to be filled by one man. In other cases one of these roles may be unnecessary, or the specialist unavailable.

The leader must be aware of the contribution required from each team member and must constantly check that this contribution is being made. Some people do not have the right personality or intellect to make good HAZOP team members. Members must be willing contributors to discussion, have an open mind, and have ability to visualize situations they have not encountered personally in the past. Team members without these abilities will not make good contributors and may limit the progress of the team. When this happens, the member may have to be replaced.


___________________________________________________________________ The HAZOP method requires the team to have a detailed knowledge of the way the plant is intended to work. This requires a blend of those concerned with the design (of a new plant or for a modification) and those concerned with its operation. The technique of using guidewords generates a very large number of questions. For most purposes it is essential that the team contains enough people with sufficient knowledge and experience to answer the majority of those questions without recourse to further expertise. If there are many questions that require input from a specialist outside the team, the specialist should become part of the team.

1. New Plant

A typical process plant project might involve the following people in a study team:

• Process Design engineer (Chemical Engineer)

• Maintenance Supervisor or equivalent

• Mechanical Engineer

• Production Operations Supervisor or Foreman

• Instrument Design Engineer

• Inspection Engineer

Facilitator or person competent in HAZOP methods

Technical Recorder/Scribe

Other personnel could be any of the following:

• Commissioning Manager

• Electrical Engineer

• Civil Engineer

• Project Engineer

• Research Chemist or Engineer

• Human Factors Specialist

• Environmental Specialist

• Company Safety Representative

The chosen group should provide sufficient expertise to contribute the necessary technical input. Additionally if some members of the team are drawn from those who also have responsibility for the design of a plant, they will be particularly motivated to produce a successful design and a safe operating procedure. Normally these members of the team will have the necessary authority to make changes.

2. Existing Plant and Modifications

For a study of an existing plant the team could consist of the following:

• Unit Process Engineer

• Maintenance Engineer (or representative)

• Unit Supervisor/Foreman

• Senior Operator

Unit Instrument Engineer

HAZOP Facilitator

Technical Recorder


___________________________________________________________________ Again such a team could include the following individuals as supplemental members:

• Company safety representative

• Electrical Engineer

• Research Chemist or Engineer

• Human Factors Specialist

• Environmental Specialist

The team may also benefit from the inclusion of an operations representative from a similar unit on another company site, if applicable.

In addition, for both a new pant study and an study of an existing facility, certain specialists may be required to attend the study sessions as visiting members, and their duties should be as for full technical members. Examples of such specialists are as follows:

• R&D Chemist or Engineer

• Materials /engineer (Metallurgists)

• Vendors Specialists

Roles of the Team Members

The role of each team member is defined below, to aid in the selection process:

HAZOP Technical Recorder

• To take notes of the study in sufficient detail to allow the background to each recommendation to be understood.

• To record recommendations in sufficient detail for them to be incorporated.

• To inform the HAZOP leader if he/she needs more time for note taking.

• To verify that the wording of recommendations is correct.

This role requires someone with a technical background and an understanding of HAZOP procedure, so that the team is not held-up by the need to dictate all notes. The recorders‟ main function is to produce the record and therefore should usually refrain from taking part in the discussion, otherwise he will hold up the team while making the record. If the recording is under control, many leaders encourage the recorder to participate in the discussions.

In certain circumstances, an experienced HAZOP leader can act as his own recorder. However, this must inevitably require extra session time as the study must pause while he takes notes. The decision on whether or not to combine these roles is normally made on economic or availability grounds, and is generally confined to very short studies.

Process Engineer

• To provide a simple process description for each system before it is studied.

• To provide information on the design intention of each system.

• To provide information on process conditions and design limitations.

• To provide information on hazards of process material.

• For a chemical plant the process engineer will normally be a chemical engineer. For other types of plants, a different discipline may be appropriate.

Mechanical Design Engineer

• To provide specification details for equipment, piping and pipe fittings, including details of piping support and thermal design.

• To provide details of vendor packages so far as these are known.


___________________________________________________________________ • To provide information on equipment and piping layouts, site layout and access,

etc.

• To provide information on design codes applicable to the equipment.

Instrument and Control Specialist

• To provide details of interlock and control philosophy.

• To provide information on control and interlock hardware and software.

• To give information on hardware reliability and modes of failure (especially common cause failures).

• To provide information on control sequences, control states, shutdown, and safety features.

• To provide information on testing needs and intentions and maintenance requirements.

• To provide information on specialized safety devices, e.g. High Integrity Protective Systems (HIPS).

Operations Representative

• To check the design details against operating philosophy (either for similar units or that planned or expected for the plant).

• To ensure that the design is compatible with existing systems.

• To check the design against maintenance requirements and practices on the site.

• In a study of the operating plant, to provide details of the operating practices and procedures.

Company Safety Representative

• To ensure that company safety standards are observed in the design.

• To ensure a common approach to safety in this facility in comparison to other company facilities.

• To ensure that all key safety issues are addressed to the satisfaction of the site management as per company safety policy.

Project Engineer

• To provide background details of the project not known to other team members.

• To provide details of the implication of schedule and timing.

• To allow a rapid response to design change suggestions in terms of schedule and cost impact.

• To address any constructability concerns based on suggested design changes.

• The project engineer role will normally be necessary when the plant under study is in the detail design phase or later, or is to be modified.

Training Team Members

It is helpful if the majority of the team members of a HAZOP team have had some formal training in the HAZOP technique, and essential that the leader and recorder have been trained.

Training for a HAZOP leader should include not only a good grounding in the technique itself, but should also include practical experience of leading studies. If this experience is part of a training course, it should be monitored to ensure that the new leader has mastered the technique. In any case it is worthwhile to arrange for the new leader to be monitored by an experienced leader early in his career, so that he can benefit from constructive criticism.


___________________________________________________________________ Training for a HAZOP recorder should obviously include use of any computer recording package (e.g. PHA Pro) to be used. As a minimum he/she should also have an introduction to the HAZOP technique, but many companies also require their HAZOP recorders to attend a HAZOP leader training course.

Training for HAZOP team members need not be as extensive as that for leaders, but should include a general introduction to the methodology, and the reasons for carrying out such a study. It is also useful for new team members to take part in a study exercise.

Managers who are responsible for activities that may require a HAZOP study can also benefit from the introductory training course for the new team members, and if they are to be invited the course can specially be tailored to cover the needs of both groups.

HAZOP Successful Leadership Factors

Critical Factors for HAZOP Effectiveness

1. Experience

2. Communication

3. Management Responsiveness

4. Intensity and Quality Of Process Safety Practices

5. Strong Technical Support

6. Positive Human Factors Environment

HAZOP Leader Qualifications

The following characteristics are essential for a well-qualified team leader:

Technical skills and knowledge

• Broad and in-depth, hands-on process experience and knowledge – including an appreciation of the reality and practicality of day-to-day plant operations accumulated through years of field experience with many types of processes.

• Process hazards knowledge and experience – with a special awareness required through learning form the bad experiences of others.

• HAZOP experience – a first-hand understanding of the capabilities and limitations of the HAZOP tools.

Non-Technical skills and knowledge

• Leadership skills – an example of competence, concern, responsibility and professionalism that will provide motivation for the team to follow and to keep the proceedings orderly.

• Management skills – knowledge and ability in applying proven management techniques in planning, organizing, implementing and controlling the HAZOP.

• Interpersonal skills – an understanding of group dynamics and the skill to elicit a spirit of cooperation and team work.

• Commitment to high ethical standards – seeking optimum results rather than minimum, adequate, quick-fix, solutions that are more costly in the end.

PHA/HAZOP Leader Attributes

• Diplomacy in exercising authority

• Ability to motivate and gain respect of team members

• Open minded and has ability to really listen

• Ability to work with different personalities from different backgrounds


___________________________________________________________________ • Organized and well prepared

• Stamina (mental and emotional)

• Perseverance with tact and patience

• Not easily intimidated

• Knowledge of PHA methodology being applied

• General knowledge of process operations, equipment, and generic failure modes

• Knowledge of past accidents, their causes and lessons learned

HAZOP Leader Responsibilities

The primary responsibility of a HAZOP leader is to provide leadership. Providing effective and credible leadership requires the leader to have abilities and skills in several key technical and non-technical areas. Simply knowing the process is not always sufficient experience to qualify an individual as a HAZOP team leader. A need for more specific experience in process hazards techniques and in leading process hazards reviews is also a desirable quality. An experienced leader will ensure that the hazards knowledge available through the team will be applied.

The leader is responsible for controlling/performing the following during the study:

• Plan sessions and timetable

• Control discussion

• Limit discussion where appropriate

• Encourage team to draw conclusions

• Ensure recorder has time for note-taking

• Keep team to the point and within scope

• Encourage imagination of team members

• Motivate members

• Discourage recriminations

• Judge importance of issues

• Leader is in charge, no matter how senior others present

• Leader is NOT the technical expert, and must seek advice

• If leader is tempted to give an opinion, he/she should phrase it as a question

• Leader controls debate, but does not contribute

• Leader should not leave an issue until all are satisfied

• HAZOP is a team exercise; leader must keep team together

• Conflict must be avoided, and quieter members must be encouraged

• Discussions must stay on the point and discussion time must be controlled

• Leader must summarize as soon as possible and seek consensus

• Establish and maintain high standards

• Leader is responsible for an objective study; he/she should not be associated with the project or unit being studied

• Leader must ensure that the team identifies every hazard they are capable of recognizing

• Leader must ensure that the team makes realistic recommendations

The leader can generally influence the outcome of a HAZOP by decisions he/she makes about where to draw the line with respect to study sections. When choosing which components to combine, or when deciding what operations are similar and thus can be


___________________________________________________________________ examined by analogy, the leader can either simplify or complicate the analysis. Leader can cause the team to overlook significant hazards or to take far too long in recognizing them. Any deviation from the optimum can be harmful, Taking too long can lead to schedule and deadline problems, which may result in overlooking hazards when the review of subsequent sections becomes rushed. The importance of missed hazards for any reason is obvious. Details regarding selection of study sections are discussed later in this chapter.

The HAZOP leader also needs to make the judgment whether HAZOP is the best technique to use on a particular study. Selecting the appropriate hazard evaluation method for a particular review is a critical and demanding matter. That is why team leaders must be thoroughly trained in hazards assessment methods. Such a judgment may apply to all or any part of the system to be analyzed. The judgment may also be influenced by non-technical factors, such as the need to meet particular regulatory requirements. Although such a choice is usually made in the planning stage, if a change is appropriate during the course of the study, it is up to the leader to recognize the need and make the decision.

Leadership and Team Control

1. Leadership Skill

The leader can maintain team motivation by doing the following during the study:

a. Short breaks every 1 to 1.5 hours

b. Short “war story” sessions at appropriate intervals

c. Extending recognition to team or to individual members for good contributions

d. A break on completing he P&ID (performance bonus)

e. Occasionally discuss marginal issues of general interest (if time allows)

f. Avoiding the mistake of overextended sessions

2. Leadership Issues

The leader must be aware that the study guideline is the zero defect standard - that no fire, explosions or dangerous spills occur. Although this is recognized that it is not possible to make the chemical industry risk-free, the goal should still be the zero defect standard.

The leader must be constantly aware that he/she is in control of the team. Even if some of the team members are his/her seniors, this must not sway the team from its charter. The leader must be prepared to overrule them if he/she feels it to be necessary.

The leader must not be afraid to ask for further explanation of points that are outside his/her technical expertise. Remember, the leader is not expected to be an expert in all that are covered by the study and should utilize the knowledge of the team members to full advantage. If the review is of an existing facility, many leaders prefer a walkthrough of the plant prior to the actual study to become familiar with the layout, condition of the equipment, spacing, etc.

The leader should not attempt to lead a HAZOP study immediately following training. Unless the training has included sufficient practical experience, he/she should first be either a team member or recorder under an experienced leader.

The leader should resist the temptation to agree that a system is „safe‟ and does not need study, until he/she is fully convinced, even if this means that the study is running overtime.

The leader should be able to judge the importance of issues. He/she must have some grasp of probability estimation in order to know which issues must be reviewed in detail and which can be treated more superficially.


___________________________________________________________________

HAZOP Management

The leader‟s knowledge and ability in applying proven management techniques to prioritize massive amounts of information and stay within time, capital, and human resource constraints are of great importance to his /her success.

Effective and efficient planning will cover a multitude of shortcomings in other areas. Carefully defining the scope of the study will prevent costly surprises. Planning and scheduling the work of the team well in advance is a skill that can be acquired by appropriate training. Industry experience clearly shows that the effectiveness of a HAZOP team is reduced when marathon sessions are held. Conversely, rushing a HAZOP to conclusion to meet a deadline must also be avoided through careful inspection.

It is essential that the well-organized leader study and review the process in advance using his/her own broad experience to determine areas having fairly obvious hazards potential. The leader will then develop a list of questions relating to these potential hazards that should be addressed and resolved during the study. He/she will later use these questions during the course of the HAZOP to serve as monitoring points for gauging the efficiency and effectiveness of the study.

The team leader has the ultimate responsibility for the success/failure of a HAZOP study. He/she must have attended a HAZOP Leader‟s Training course.

The leader has the responsibility to carry out an objective HAZOP study and should therefore not accept an assignment where there is an actual, or an implied conflict of interest. To this end the leader should not be currently associated with the process unit under study, or report to the management requesting the study.

The responsibilities of a HAZOP leader will vary somewhat, depending on whether he/she is from the company or an external consultant, and to an extent on the type of study involved. The main tasks below will, however, need to be done by somebody. A leader should always take the ultimate responsibility for ensuring that the tasks are carried out, whether or not he/she does them himself.

The major responsibilities are listed below but some are dealt with in more detail in other sections:

1. Selecting the team

2. Planning of the study

3. Carrying out the study

a. initial team training

b. touring the unit or proposed site

c. deciding what to study and in what order

4. Reporting the study

5. Following up the actions

Recorder Responsibilities

• Take complete and accurate notes

• Record recommendations

• Inform leader if more time is required

• If unclear, check wording of recommendation

• Produce interim lists of recommendations

• Produce draft report of study


___________________________________________________________________

Training for HAZOP

• Member‟s needs:

HAZOP orientation course

Experience in an exercise

• Manager‟s needs:

HAZOP orientation course

Understanding and commitment

Commitment to follow-up and resolve recommendations

HAZOP Group Dynamics

• Team should have common goals

• Members must remain motivated

• Leader should not join in discussion

• Recorder should not join in discussions

• Leader must work toward consensus

• Team member participation should be reasonably balanced

• To keep team members fresh

5 hours per day maximum

“war story” sessions at intervals

Short break every 1 to 1.5 hours

Short break after every P&ID

Possible Team Member Problems

• Overly talkative

• Will not talk

• Highly argumentative

• Personality clashes

• Persistently on the wrong subject

• Attempts to do detail design during team sessions

• Inarticulate

• Griper

• Rambler

• Obstinate

• Definitely wrong on facts or technical issues

Safe Zone Concept

• Freedom to discharge

• Freedom to admit lack of knowledge

• Freedom to ask possibly naïve questions

• Freedom to discuss prior mistakes and events related to the process without recriminations

• No distinguished rank within the room

• Arguments left inside the room

• Common team goals and objectives


___________________________________________________________________ When to Replace a Member

• When the lack of knowledge and experience significantly holds up the team (and there is a better alternate person available)

• When the person is incapable of using his/her imagination

• When the person cannot accept compromise

• When the person persistently disrupts the process (by arguing, etc.)

• When the person cannot be persuaded to contribute or to participate in discussions

Team Issues

The effectiveness of a HZOP team depends on a number of factors including comfortable surroundings, adequate preparations, and a clear understanding of their purpose or charter. A HAZOP team can only function effectively if it behaves as a group with common goals, and if each member remains motivated towards achieving those goals.

Consequently before the study commences, the leader should have a clear idea of the objectives and should clearly communicate to the team. The leader should also be responsible for getting the sessions to start and finish on time.

The team leaders‟ role is to monitor the performance of the team on a continuous basis and ensure that each member contributes to the common goal and remains motivated. The HAZOP leader has an especially difficult role to play, and he/she must encourage discussions, control discussions and summarize findings without joining in the discussions. He/she must be seen to remain neutral at all times, and be prepared to terminate fruitless discussions, and actively seek consensus.

During discussions the leader must develop the structure by testing the recommendations for acceptability. He/she must also ensure that members are clear at all times about what point is being discussed and also help the team keep to the point or consciously choose a new direction.

The leader must be aware of group dynamics and able to deal with the types of personality listed previously. Other members of the team should also be aware of this information, either so that they can identify or modify their own behavior, or to assist the leader in handling a difficult situation.

If the leader has great problems with one member of the team, the option of asking for a replacement must be available. In the final analysis the operations of the study team are more important than the feelings of one individual member.

The leader must be aware of the contribution required from each team member, and ensure that this contribution is being given. Some people do not have the right personality or intellect to make good HAZOP team members. Members must be willing contributors to discussions, have an open mind, and have an ability to visualize situations that they have not been through themselves. Team members without these abilities will not make good contributors, and may limit the progress of the team. When this happens, the leader should arrange to have that members replaced.

Conclusion

HAZOP effectiveness, efficiency, and credibility depend on the following:

• Hands-On Experience

• Management Skills

• Leadership

• Group Dynamics

• High Ethical Standards


___________________________________________________________________

Planning, Preparation & Node Selection

Planning a HAZOP Study

The task of planning a HAZOP study may be carried out by the HAZOP organizer, or be delegated to the HAZOP leader or the technical recorder. Whoever has this responsibility must ensure that the plan can be carried out as scheduled. Frequently there are severe pressures to finish the study in a given time frame. If the time is inadequate to do a satisfactory job, the study leader must guard against rushing through the study.

The first task is to prepare a study program. This then allows participants to schedule their commitments, and gives management milestones against which to evaluate progress.

The actions required before the study commences can be summarized as follows:

• Establish the ground rules of the study

• Plan the study schedule

• Identify the team members and arrange for their assistance

• Organize the database

• Ensure that all team members are familiar with the major design and operating principles

• Arrange a suitable meeting place

These actions are discussed later in this chapter

Step 1: Establishing the Ground Rules

The aims and the objective of the study must be defined before the study commences, as these can influence how the study is carried out and reported. Such objectives may be: HAZOP Workshop

• To identify all causes of deviations which could lead to a safety hazard

• To identify all causes of deviation which could lead to an operability problem

• To recommend changes, or further study, to overcome safety hazards

• To recommend changes or further study, to overcome operability problems

• To provide training of inexperienced personnel in the design intentions and expected operation of the facility

• To provide background for the preparation of plant manuals and operating procedures

• To review operating procedures

• To record the background to all recommendations made

• To record all useful information from the study

It is normal for any study to carry out the first two objectives, but the generation of recommendations could be left to sub-groups if the initial study team is very large. It is also possible for the teams only to make recommendations on safety issues, and leave operability issues for review by a sub-group

The training aspect is normally accomplished by having those requiring training act as observers of the sessions, sitting back from the study table and charged not to speak unless spoken to.

If an input for plant manuals is required, this is often achieved by having an observer take additional notes specifically for this purpose.

For an operating plant, where operating procedures exist, these should be available to the team and can be reviewed in detail by the HAZOP method if they relate to plant areas where


___________________________________________________________________ safety or operability problems have been identified, or the subject of a separate HAZOP study.

The scope of the study must be firm and completely understood.

The final two points relate to the recording of the study. And define the two possible recording methods. “Recording by exception” means that the causes and consequences are only recorded if they lead to a recommendation, whereas in full recording” all issues identified are recorded, whether or not they lead to a recommendation.

Step 2: Planning the Study Schedule

The elements of a HAZOP study schedule are listed below:

1. Session dates and times

2. Plant sections and P&IDs to be studied in each session

3. Team members required for each session and reserve members on “standby”

4. Intermediate reporting arrangements, if required, and final reporting

5. Study sub-session plans, if required

6. Plan for follow-up of actions

Deciding which drawings to study

The most difficult part of planning is the estimation of time taken for each P&ID. This should be a self-fulfilling prophecy in that, once the program has been arranged (and accepted by the HAZPOP leader), he/she will control it. However, in particular, if the estimate was wrong either a lot of effort is wasted by slowing down the team or an incomplete identification of hazards can result.

Many experienced HAZOP chairmen have simple rules, based on a standard time increment per main plant item, or per P&ID sheet of average complexity. However, both involve judgment of either “what is a main plant item” or what is “average complexity.” The ability to estimate successfully comes with experience of the leader‟s own comfortable pace. It should also be remembered that most studies start relatively slowly, but accelerate as the team begins to “knit”, and as respective issues are resolved. Keep the following tips in mind when deciding what drawings to study:

• Omit drawings only for the following reasons:

The team agrees not to study them

The drawings are covered in the scope of another study

The drawing is identical to another drawing

• Do not omit drawings because:

There is no hazard

They are just service

They are similar to others

Another judgmental issue is which P&IDs to study. For an inexperienced leader the first answer would be “all”. However, in multi-stream plants it is often possible not to review duplicate drawings. Also, potable water systems and other low-hazard systems may be excluded if they connect to no other system. However, the leader must ask for the team‟s agreement and the secretary must record why the system was not studied.

The order in which the drawings should be studied must also be decided. In general it is best to follow the flow sheet from raw materials to finished products. This may not always be the optimum solution, and in some circumstances the program should be arranged in areas of interest of the participants. If, for example, two process engineers share responsibility for the plant design, it is normally best to complete the study of one engineer‟s area, and then move


___________________________________________________________________ to the next. However, the scheduling of areas of study is more often determined by the availability of key people or drawings to study.

Study sub-sessions may sometimes be advantageous, where for example a sub-committee may review instrumentation, interlocks, or other specialized areas, then report back to the main team.

Since the study is not complete until the final report is prepared, including the actions taken following the study, it is important to plan the follow-up phase.

In general this will not be under the control of the HAZOP leader, but he/she may either take the responsibility for monitoring the progress of this activity or ensure that someone is nominated to do so. If an outside leader is used, many sites have a nominated internal leader who will follow-up the recommendations.

Step 3: Estimate Time Requirements

The plan must contain the following:

• Session dates and times

• Plant sections and P&IDs to be studied in each session

• Team members required for each session and reserve members “on standby”

• Intermediate reporting arrangements, if required, and final reporting

• Study sub-session plans, if required

• Plan for follow-up actions

Study time for each P&ID can vary substantially, depending on the following factors:

• Team size

• Leader‟s style

• Team‟s knowledge of design details, design intent, operation

The leader can control the study to some extent to meet time targets, without a reduction in effectiveness.

Time Targets for HAZOP Studies

Continuous Plant

• 4-6 hours for an average P&ID of normal complexity

• 1-1.5 hours per main plant item

• Study rate will be slow initially

• Time targets are average for study

• A less complete study is possible in half this time

• The leader should log team performance to improve his/her estimates

Batch Plant

Targets must take into account a number of main process steps:

• Fill

• Heat

• React

• Cool

• Discharge

Estimate time as 2 hours per step.


___________________________________________________________________

Step 4: Identify the Team Members and Arrange For Their Assistance

Always notify anyone who will be used as a main team member or as a supplemental member. Provide them with dates, place, details of equipment/unit being studied, and any other information that will help them in preparing for the study. It is very important to provide ample notice in order to keep things running smoothly.

If some team members have had no contact with the plant, or if the operating principles are complex, the leader should decide whether they will need pre-study preparation. If so, this could either be given while the leader prepares himself, or by circulating some of the database material prior to the study. It can be very beneficial for the HAZOP team leader to tour the unit prior to the study, in conjunction with the team if beneficial.

It will be necessary for the leader to talk to each member to assess the need for these actions.

Step 5: Organize the Database

Once the study leader has been briefed on the scope of the study, he/she can begin to assemble the database. The table titled “Typical Ideal Data for a HAZOP Study” gives an ideal database for a continuous plant study during the design phase of a project. In that phase, time should be allocated to gathering together the latest version (preferably as-built) of each document in the list and checking them for consistency. Any ambiguities or discrepancies in the database should be resolved before the study commences.

For a study on an existing plant a similar amount of time will be required, but here the need is to ensure that the documents are up-to-date. It is vital that all plant modifications which have occurred since the final design stage are reflected on the P&IDs, and this will normally require a detailed review against the actual plant to be confident of their completeness.

For a batch process study, additional information will be required. Details of the sequence of operations are needed, either as an operating procedure or as a sequence flow chart.

Step 6: Arrange a Suitable Meeting Place

For an effective HAZOP study, the meeting place must be free of any distractions. This keeps team members focused on the task at hand. Keep the following tips in mind when planning the study:

• Large enough for members and observers

• Table space for drawings

• No interruptions

• Message taker, message board

• Away from plant site

• Good lighting

• Flip chart, space to hang drawings

• Enough stationary (markers, tape, pins, etc)

• Coffee/tea

Process Safety Information Requirements

The following Process Safety Information (PSI) is necessary for an effective study:

Information pertaining to the hazards of highly hazardous chemicals

• Toxicity information HAZOP Workshop

• Permissible Exposure Limits (PEL)


___________________________________________________________________ • Physical data

• Reactivity data

• Corrosivity data

• Thermal and chemical stability data

• Hazardous effects of inadvertent mixing of different materials that could possibly occur

Information pertaining to the technology of the process

• Block flow diagram

• Process chemistry

• Maximum intended inventory

• Safe upper and lower limits for items such as temperature, pressure, flow, and composition

• An evaluation of the consequences of deviation including the safety and health of employees

Information pertaining to the equipment in the process

• Materials of construction

• Piping and Instrumentation Diagrams (P&IDs)

• Electrical area classification

• Relief system design and design basis

• Ventilation system design

• Design codes and standards employed (local or international)

• Material and energy balances

• Safety systems (e.g. interlocks, detection, or suppression systems)

• Fire protection details (firewater network, foam systems, extinguishers)

OSHA PHAs

OSHA PHAs must address the following:

• Hazards of the process

• Previous incidents with catastrophic potential

• Engineering and administrative controls

• Consequences of E&A control failure

• Facility siting

• Human factors

• Qualitative evaluation of control failure safety and health effects

Additional ideal Data for a HAZOP Study

• Operating procedures, including startup, shutdown and normal ranges for key operating parameters

• Schedule of alarm and trip settings and cause-and effect charts

• Equipment and main piping layout and elevation drawings

• Electrical single line diagrams

• P&IDs for vendor „ packages


___________________________________________________________________ • Systems design philosophy and process description

• Instrumentation philosophy

• Engineering design data sheets for all plant items

• Design data sheets for instrumentation and control valves

• Utilities specifications

• Mechanical integrity data

• Emergency response plan

• Outstanding recommendations from previous audits (e.g. insurance audits)

Typical Ideal Data for a HAZOP Study

1. P&IDs

2. Operating procedures

3. System design philosophy and process description

4. Engineering design data sheets for al plant items

5. P&IDs for vendor packages

6. Design data sheets for instruments and control valves

7. Schedule of alarm and trip settings and cause-and-effect charts

8. Equipment and piping layout

9. Piping material specifications

10. Full description of interlock and shutdown systems

11. Design basis for all relief valves, rupture discs, etc

12. Chemical and physical properties of all process material

13. PFD and material balances

14. Electrical single line diagram

15. Instrumentation philosophy

16. Utilities specifications

17. Drawings showings interface/tie-ins with other units

18. Vents and drain system drawings

19. Firewater network drawings

20. Fire detection and alarm system drawings

Selecting a HAZOP Study Section

• This is the HAZOP leader‟s responsibility

• The choice depends on the system and the team

• Golden rule – “keep it simple”

• Large, complex systems increase the chance of missing something

• Normally follow the process flow

• Start where line enters the P&ID

• Continue to next change of design intent

OR

• Continue until significant change of process conditions


___________________________________________________________________ OR

• Continue to next equipment item

• Modifications

Study all new or modified equipment

Study all equipment where conditions or throughput changed by project

Follow the consequences over the project boundaries

Where necessary, recommend study of adjacent sections

• Aim for sections taking no more than 1 study hour

• Aim for no more than 5 causes as an average for each deviation

• If the team needs to address the section in parts, it is more than one section

The selection of a study section is primarily the responsibility of the HAZOP leader. The selection of this section will be both a function of the process plant being studied and the overall HAZOP experience of the team. Early in the study if the team is inexperienced, the sections selected by the leader will most likely be small and not very complicated. However, once the team gains some experience in both the process being studied and the HAZOP methodology, bigger sections can be selected by the leader, consistent with the principles of node selection discussed below.

Before the start of a study session, the HAZOP leader should review the P&IDs to be studied the next day and plan sections and order in which they will be studied. This should not be a detailed plan nor should the sections be marked out on the P&IDs but rather a general one as the team might make some suggestions or provide additional information that would require alteration of the plan during the study session.

The following are the criteria that should be followed by the leader in selecting the next study section to be considered by the HAZOP team:

• To the next change in design intent

• When a significant change of state occurs

• Separate equipment items with different process parameters

• Each process vessel with its associated equipment

Figure 1 is an example intended to illustrate the above principles.

Design intent example (Fig. 1)

If this figure is studied carefully, it can be established that there are three distinct design intentions in the system:

• Feed Tank: Store the feed material for the reactor

• Pipelines and Pump: To transfer the feed from the storage tank to the reactor

• Reactor: To do something with the feed supplied to it.


___________________________________________________________________ In all there are three distinct study sections because there are three definite design intents in the process system, as illustrated above. Each one would be a HAZOP study section.

An example of a change of state occurring, which would become a section dividing point, would be the overhead condenser on a distillation column. The flow enters the condenser system as a vapor and exits as a liquid. The piping system on either side of the condenser would be separate study sections. Depending on the condenser configuration, it could become a separate study section or made part of either piping study section. It should also be noted that the coolant being fed to the condenser should be a separate study section as its design intent is different than the process lines design intent.

Equipment items having different process parameters are usually vessels. Each vessel operates at different temperatures or pressures. As such they should be separate study sections. Instrumentation, relief valves and internals inside or connected directly to the vessel for example should be part of the study section.

If as a HAZOP leader you are into the second week of a study and find that the team is taking more than an hour on average to complete a study section, then it is likely you are taking too large a section.

Remember, the important principle in conducting a HAZOP study as a leader is to confine the causes of a guideword to the section under study and to follow the consequences to the most severe situation conceivable wherever it may be in the process. That can be either upstream or downstream of the section under study.


___________________________________________________________________

Recommendations & Action Items

Introduction

Once the team identified a hazard that imposes an unacceptable risk, the recommended changes needed to improve the system will usually be agreed upon very quickly, since in many cases there is an obvious remedy. In some cases, there will be a number of alternatives and the team may have some difficulty agreeing which is the most cost-effective course to take. Actions to contain hazards are generally of four kinds:

1. A change in the process (recipe, materials, etc.)

2. A change in process conditions (pressure, temperature, etc.)

3. An alteration to the physical design

4. A change of operating procedure

Changing the design of the plant is not always the best action that can be taken. Often some software change is more easily implemented and incorporated into an existing design.

When choosing between a numbers of possible actions, it may be useful to put them into two categories:

1. Those actions which remove the cause of the hazard

2. Those actions which reduce the consequences

In general, it is better and more effective to remove the hazard. Provided that the study is carried out at the design stage, this can usually be done without undue expenditure. If there is no reasonable prospect of removing the hazard, the team will have to consider what can be done to reduce the likelihood of the event, or to reduce the consequences.

When it has been decided to alter a design, operating method, etc., it is often necessary to subject the new design intention to a second round of examination to make sure that the change has not introduced a new and unexpected hazard. For major changes, a whole new HAZOP study of a part of the design may be necessary.

One goal of the study is to identify potential problems that the team believes to be unacceptable under the current situation. For those cases where the team feels confident in their ability to resolve the problems the following steps are taken:

Step 1: The problem is identified using the standard HAZOP methodology

Step 2: The team must understand the impact of the problem

Step 3: The team must agree that the present situation is unacceptable

Step 4: The team must agree on recommended changes, or if there is not enough information available, further work outside the meetings should be recommended

Step 5: If a recommendation for further study is made, the scope and objectives of the study must be clearly defined

To ensure that the study leads to desired result of minimum hazard and optimum operability, recommendations developed by the team should have the following characteristics:

• Clear

• Concise

• Unambiguous

• Relevant to the problem

• Self contained

• Prioritized on the basis of risk reduction

• Document the resolution/closeout of the recommendation


___________________________________________________________________

Writing Effective PHA Recommendations

• Purpose of PHA

Critical review

• Intermediate output

Recommendations

• Final output

Plant where

Hazards understood

Operability considered

Hazards minimized

Operability optimized

When the HAZOP team feels the combination of likelihood of occurrence and seriousness of consequences requires an action, and the existing safeguards are considered to be inadequate, a specific recommendation is made. The team must be confident that if the recommendation is carried out, it will either remove the problem or reduce probability or consequence to an acceptable level without introducing new problems.

If the team is in doubt, about whether or not an action is required or what that action should be, they should record a recommendation for further study. Such a recommendation should specify the problem clearly and the scope and objectives of the required study.

If any change is recommended:

The team has an obligation to provide the decision makers (usually upper management) with sufficient detail to understand the intent of the recommended changes or study. The HAZOP team should not get bogged down on detailed design issues.

• There should be no room for misunderstanding the intent of the recommendation.

• The wording should express the importance of the item, i.e., do not write “consider”, unless the HAZOP team believes it is truly optional.

• It is important that the team avoids extensive discussion on design of any recommended change. The recommendation should focus on the concern and

The recommendations should have the following general characteristics:

• Be generated if the team considers that the scenario is unacceptable

• Be suitable for removing the problem, or for making the scenario acceptable

• Include the word “consider” only if the action is optional

• Recommend further study if the team has insufficient data or cannot agree on a solution

Before writing recommendations, complete the following steps:

1. Identify the problem

2. Understand the problem

3. Agree on the following

a. The present situation is unacceptable

b. What is to be changed

c. Not enough information is available


___________________________________________________________________ What is needed in recommendations?

• Enough detail is provided to carry out the action

• If more than one option exists, all must solve the problem

• Recommendations are clear and there is no chance of misinterpretation

• Do not use “consider” unless truly optional

If further study is recommended:

• The problem should be clearly identified

• The objective of the study should be defined in detail

• The scope and extent of the study should be defined clearly

• Implementing its findings should also be a requirement, and a target date for completion date should be defined

One possible mistake is drafting “open ended” recommendations, where the expected scope and objectives of the additional study are not clearly identified by the HAZOP team making the recommendation. Outcome options of the additional study should be addressed. The team may have doubts about the capability/adequacy of a particular safeguard, yet may not have the confidence to reach a conclusion. The team might recommend a study/evaluation be conducted to confirm that that the safeguard is indeed adequate for the scenario in question. In this case, the team should also include its expectations and understanding of what action should be taken if the additional study determines that the existing safeguard is not adequate.

Process Safety Engineered Solutions

• Substitute

• Intensify

• Attenuate

• Simplify

• Contain

• Control

• Survive

Study Mechanics – Some Technical Issues

A system is not safe from overpressure simply because relief is provided. Relief must be to a safe location, and the PHA team should confirm it is safe. Since any active or passive safety system can fail, the team should also consider reliability, testing, and consequence of failure during the study.

Information Available Elsewhere

• HAZOP worksheets

• “Possible Causes”

• “Possible Consequences”

Worksheet Information

When the team identifies a specific recommendation, the HAZOP study worksheets should contain the following:

• Causes for all deviations to the design intent identified by the HAZOP team

• Potential problem caused by the deviation to be avoided

• Safeguards in place to prevent the undesired event


___________________________________________________________________ • Change (if any) recommended by the HAZOP team

• Scope and objective of further study, if this has been recommended

Certain guidelines should be followed when recording a recommendation on the worksheet

1. The worksheet should indicate why the recommendation is being made, what benefit would be provided if the recommendation were to be accepted.

2. The worksheet should define the likely consequences in sufficient detail for a reader from outside the study team to understand the severity of the problem and how to prioritize it.

3. If there are existing safeguards that the team judges to be inadequate, it is helpful to document the reasons why the team believes the existing safeguards deficient.

Conclusion

Recommendations must be

• Clear

• Concise

• Unambiguous

• Relevant

• Prioritized

• Actioned


___________________________________________________________________

Documentation & HAZOP Reporting

Reporting the Study

There are two common ways of recording a HAZOP study. It is important to decide which method will be utilized before the study is carried out to avoid wasting time and effort.

Full Recording

Full recording requires that all topics discussed are recorded in some detail. This includes even those that the team does not consider significant problems.

• Valuable for operating procedures, training manuals, etc.

• May be required by authorities

• Used with online computer recording

Recording by Exception

When recording by exception not all discussion topics are recorded. Only those exceptions leading to identification of a significant hazard or other problem that the team feels requires corrective action or further study are documented.

Both methods have advantages and disadvantages, the major differences are shown in the table below:

Full Recording Recording by Exception

Valuable for operating procedures, training manuals, etc.

Fewer study hours

Maybe required by authorities Shorter report

Useful to minimize effort required for subsequent hazard identification studies

Important items are easier to find

In the past, the majority of studies have used the “recording by exception method in the interest of cost effectiveness, accepting the loss of some potential benefit. However, the advent of real time recording and the requirements of regulatory agencies have persuaded many organizations to implement full recording. Nevertheless, in situations in which there is need for input to operating procedures and training manuals, it is often more effective to have an operations representative present (who is not a member of the HAZOP team ) to take the necessary notes.

Computer Recording

This method uses specialized software to produce log sheets during the study. If properly designed, it can be configured to “prompt” the next guideword. The advantage of this method is that it allows full recording of the study without recording delays.

The use of a PC image projector is another recording aid. The image projector allows team members to review report wording as it is being typed during the study. Many leaders prefer having the option of being able to turn off the projector until the recorder has completed recording his recommendation to avoid distracting the team. Computerization of the recording also assists in the speedy dissemination of the results by printing out the text frequently. The team and other members of management can review the records outside the meetings while discussions are fresh in their minds. However, it does require a technical recorder with typing skills.

Recording the Results

During any HAZOP study, it is important to record all hazards, questions, or operating/maintenance problems identified. This provides a permanent record of the findings


___________________________________________________________________ of the study and avoids needless duplication in the future. During the study sessions, HAZOP log sheets are used as the primary recording tool. The following table is an example.

A side benefit of the study should be the formation of a “Hazard File” containing the complete documentation of the study. This file should contain the following:

• A copy of the data (flow sheets, operating instructions, etc.) used by the team during the sessions, and marked by the study leader to show that they have been examined

• A copy of all working papers, questions, recommendations, redesigns, etc. produced by the team and others as a result of the study.

The file should be retained at the plant or other central location so that it can be a source of information if changes are subsequently contemplated by the operating personnel. It also should be used as a primary source of training material. The file also serves as the database for the next required periodic HAZOP as required in recent OSHA and other regulations.

Reports

The results of the study are documented in a report. The report format can vary considerably depending on the needs of the organization requesting the study.

Draft Report

In all cases, a draft, or interim, report should be produced to document the findings of the study team. This report varies in its content but typically will have the following format:

• Introduction

• Description of the study method

• Objective and scope of the study

• Description of the unit/process studied

• List of HAZOP team members with location and job titles

• Study period and list of drawings studied

• Major recommendations

• Conclusions

• Appendix

HAZOP study log sheets

Complete list of recommendations

Team members and drawings studied by session

File location of marked-up drawings actually studied

Frequently the sections covering Major Recommendations or Conclusions are not included in the interim report. Note also that “Conclusions” may or may not be an appropriate section in the HAZOP report. It is not philosophically correct for the HAZOP leader/recorder to be “concluding” anything, since any conclusions are more properly within the realm of the team members.

Final Report

The Final Report is the completed record of the study. In addition to documenting the meeting noted, it includes the agreed upon changes to be made to improve the operation and lower the risk. A common format would include the following report sections:

• Introduction

• Description of the study method

• Objective and scope of the study


___________________________________________________________________ • Description of the unit/process studied

• List of HAZOP team members with location and job titles

• Study period and list of drawings studied with identification codes

• Recommendations summarized

• Major actions taken

• List of recommendations rejected and reason for rejection

• List of recommendations being evaluated & expected timing of follow-up actions by item

• Conclusions

• Appendix

HAZOP study log sheets

Complete list of recommendations and actions taken for each

Team members and drawings studied by session

File location of marked-up drawings actually studied

Once the final report is issued, all copies of the interim report should be returned to the issuer and destroyed

The Role of Documentation

The HAZOP study must be documented properly. Good documentation of the study provides a record of the study group‟s deliberations on the hazards existing in the plant and how they are controlled. Thus, future consideration of minor changes to plant design can use the HAZOP study report as a reference to ascertain the effects of the changes. The effect of the changes to process conditions can also be assessed quickly by reference to the report of hazard file resulting from the study.

Hazard File (Study Working File)

The Hazard file should contain the following:

• A copy of data used by the team during HAZOP sessions

• A copy of all working papers, questions, recommendations, redesigns, etc. produced by the team or others

• Retain the file at the plant

Typical items to include in the hazard file are as follows:

1. Process hazards review reports.

2. Electrical hazard classification drawings.

3. Basic data on physical properties- relating to flammability, explosibility, toxicity, etc.

4. Data section on safety--- detailed information on safety requirements and assumptions.

5. Potential hazards--- all information developed on hazards, such as the potential for a runaway reaction or a rapid decomposition. All information on design limitations involved in equipment specifications.

6. Calculations---significant engineering calculations related to safety, and appropriate as background for future hazard reviews should be included, such as calculations for the following:

• Relief valves

• Rupture discs and explosion vents


___________________________________________________________________ • Blast resistance designs

• Dispersion studies

• Thrust calculations for relief lines

7. Interlock function description

8. Documentation on control valve philosophy--- reasons for selecting reverse-acting transmitters or controllers, specific control loop actions for sensing failure, fail-safe considerations regarding air-to-open and air-to-close specifications for control valves.

9. Results of any quantitative hazard analysis performed.

10. Results of any Fault Tree Analysis or other frequency assessments.

11. Any incident reports applicable to the unit.

All recommendations should be documented on the recorder‟s log sheet. Any action completed before the interim report is issued may be listed in that report.

Process Safety Information Requirements

The following sections outline the requirements for process safety information.

Information Pertaining to the Hazards of Highly Hazardous Chemicals

• Toxicity information

• Permissible exposure limits

• Physical data

• Reactivity data

• Corrosivity data

• Thermal and chemical stability data

• Hazardous effects of inadvertent missing of different materials that could possibly occur

MSDSs provided by the manufacturer/vendor may be used to comply

Information Pertaining to the Technology of the Process

• Materials of construction

• Piping and instrumentation diagrams (P&IDs)

• Electrical classification

• Relief system design and design basis

• Ventilation system design

• Design codes and standards employed

• Material and energy balances

• Safety systems (e.g. interlocks, detection, or suppression systems)

For equipment designed in accordance with codes or standards no longer in use, the employer must document that the equipment is designed, maintained, inspected, tested, and operated in a safe manner.

Other Process Safety Information Requirements

• Process Hazards Analysis (All)

• Operating Procedures (Current)

• Training Documentation


___________________________________________________________________ • Pre-Startup Safety Review

• Mechanical Integrity Inspection/Testing

• Incident Investigation Report (last 5 years)

• Compliance Audit Reports (last 2)

HAZOP Documentation Required by OSHA

• PFDs

• P&IDs

• Electrical Classifications

• Safety Interlock Drawings

• Electrical One-Line Drawings

Hazard File Documentation

1. Process hazards review reports

2. Electrical hazards classifications minutes

3. Physical property data

4. Data section on safety

5. Potential hazards

• Runaway reaction

• Rapid decomposition

• Design limitations of equipment

6. Calculations related to safety

• Relief valves

• Rupture discs and explosion vents

• Blast resistance designs

• Dispersion studies

• Thrust calculations for relief lines

7. Interlock function descriptions

8. Control valve philosophy

• Fail safe mode

• Air to close or open

• Sensor failure actions

9. Quantitative hazard analysis results

10. Fault tree results


___________________________________________________________________

Qualitative Risk Analysis

Qualitative Risk Analysis in HAZOP

The traditional HAZOP technique does not include any formal ranking of the hazards identified. This can make it very difficult to prioritize the recommendations for implementation. To facilitate that, companies around the world use some kind of standardized Risk Ranking Scheme to rank failure scenarios based on their severity and likelihood.

In the example risk matrix on the following pages (Fig. 1), the severity ranking is an estimate of the consequences expected from the failure event, and is on a scale of A (highest) to E (lowest). The likelihood ranking is based on the expected frequency of the failure event, and is on a scale of 1(highest) to 5 (lowest).

When a HAZOP team discusses an issue whose consequence is related to safety, environmental concerns, equipment or facility damage, or plant outage, it typically employs some sort of qualitative risk assessment technique. Once team members accept that an event may occur, they must answer the following questions in order to assess the level of risk using the matrix:

• How likely is the event?

• How serious would the accident be?

This is simple qualitative risk analysis. Unless the team resorts to calculation, the aforementioned risk matrix helps in the decision process. The team does this to decide:

• If risk is acceptable

• If a change must be made

• If further study is required to make a decision

HOW CAN QUALITATIVE RISK ASSESSMENT BE MADE MORE ACCURATE?

During the study, a consensus is reached on whether a risk is acceptable or unacceptable, or the problem may be referred for further analysis. One useful and formal process for reaching a consensus is a simple decision matrix based on the severity and likelihood of an undesirable event happening. The severity and likelihood are combined in the risk ranking matrix, which represents the overall relative risk of the failure event.

Fig. 2 represents different regions of the risk matrix for easy decision making and prioritization purposes. Risks falling in the „Red‟ region, e.g. 1A, 2B, etc. cannot be tolerated and appropriate mitigation action must be built into the design to eliminate the risk. Risks falling in the „Yellow‟ region, e.g. 5A, 3D, etc. can be tolerated after implementing the identified control/mitigation measures. The risks falling in the „Green‟ region, e.g. 5C, 3E, etc. can be tolerated with the available mitigation measures in the design, i.e. no action required.


___________________________________________________________________


___________________________________________________________________


___________________________________________________________________ TIMING OF THE RISK RANKING PROCESS

It has been found by experience that risk ranking is best done after the hazard identification process. Risk ranking alongside the brainstorming tends to cause confusion and disagreement and detracts from the most important part of the process, i.e. identification of the hazards.

Risk ranking is also a subjective process which is very dependent on the team. It does not produce numbers which can be used as a risk standard and therefore users should be very wary of using the technique to compare risks on a company-wide basis. It works best when used in isolation for one particular project and where the team is having difficulty deciding if the existing risk is acceptable.

The most powerful use of the technique is to risk rank before and after recommendations are made. In that way, the effect of recommendations on the risk is clearly demonstrated. If a team considers recommendation is not necessary (i.e. the existing safeguards are adequate) then it can be argued that there is no need to formally determine a risk index. This is an entirely reasonable approach but its adoption may depend on company policy.

Uncertainty in Risk Analysis

Many events that are postulated during a HAZOP study occur very infrequently, and may well not have occurred in the personal experience of anyone on the team. Examples of questions that might puzzle a HAZOP team include:

• How often will a 200 ft pipe rupture?

• If I leak 1,000 pounds of chlorine at 500 psig and ambient temperature, will dangerous concentrations reach offsite?

• If I have a fire in dike A, will tank B be exposed to dangerous heat levels?

• If tank A ruptures catastrophically, will the contents wash over the dike?

• If vessel C explodes, will shrapnel hit toxic chemical storage tank D?

The team should draw on this knowledge of process industry incidents in general, however, in many or most such cases, a HAZOP team will not include a member who can answer these questions. Rather than guessing at the likelihood or consequence index (and risk understating the importance of the issue), a team should either:

• Assume the worst indices the team feels could reasonably exist, or

• Consult a risk analyst to evaluate the issue further

If the issue has severe consequences, then it is likely that a risk analyst should be consulted in any case, unless the solution to the problem is straightforward.

Qualitative Risk Analysis Exercise

The following scenarios are to be evaluated to determine a severity, likelihood, and an overall risk region (1, 2, or 3). The purpose is to demonstrate some of the kinds of issues that may arise when trying to assign priorities to HAZOP recommendations.

The exercise will be carried out in groups of 4-6. Each group should discuss and agree upon the circumstances and details of the scenarios being evaluated. The conclusions reached by the various teams will be discussed and compared to illustrate the differences in perceptions of risk that can result from different types of training and experience.

Note: If the available information is insufficient to conduct the analysis, try assuming two values for the unknown parameter and evaluate each.

1. If a single back pressure valve on the nitrogen line fails closed, the conservation vent will open allowing air to enter a large flammable storage tank.

2. Because the operator failed to secure the safety chain, a 150-lb chlorine cylinder is upset and the attached ½” outlet tubing is damaged.


___________________________________________________________________ 3. A spontaneous failure occurs in a 6” nozzle on the bottom of a 2,000-ton propylene

storage sphere. Assume the resulting leak is the equivalent of a leak through a 1” diameter orifice.

4. A loaded gasoline tank truck headed to an inner city filling station becomes involved in a collision in a busy downtown area.

5. An operator taking a sample of LPG from the bottom of an atmospheric distillation column is unable to close ¼” sample valve.

6. The single mechanical seal on the bottoms pump for the LPG column in example no. 5 above, fails.

7. A runaway reaction occurs in a styrene polymerization reactor blowing the rupture disc and venting the reactor to atmosphere.

8. An operator inadvertently fails to close a manual block valve in an air line after carrying out a purging operation. When the system is restarted, chlorine slowly leaks through a check valve in the air line and enters the plant air header.

9. During maintenance on an LPG distillation system, a heavy object is dropped shearing off a ¾” drain valve on the still bottoms loop.

10. During maintenance, a heavy object is dropped and shears a 4” LPG storage tank vapor return line containing no isolation valve.


___________________________________________________________________

Management of Change

Introduction

1. Changes will occur

2. Inadvertent consequences

3. Links to PHA system

Along with PHA, the system for managing process change is an integral element in any successful PSM program. Systems for Management-of-change (MOC), process safety information (PSI), and process hazard assessment (PHA) share a unique interdependency. When planning, conducting, or revalidating a PHA study for an existing unit, the PHA Leader must make a determination as to the effectiveness of the existing MOC system. Before changing process design, equipment, operating procedures, safe ranges of operating parameters, staffing levels, qualification requirements for operating personnel, alarm and trip settings, it is necessary to identify and evaluate potential consequences of the modification.

Changes made to improve the operation or environmental performance of a process sometimes produces unforeseen and hazardous side effects. The most famous example of this occurred at Flixborough Disaster in the UK in 1974, where 28 people died as a result of an explosion of a released cloud of cyclohexane. The release was the result of failure of a temporary piping change that had not been adequately designed and installed. A properly implemented MOC system would most likely have prevented the incident.

Other recent examples of the need to couple MOC and PHA activities include several explosions caused by attempts to improve environmental protection programs. Enclosing previously open (or semi-open) compressor structures and process equipment structures has increased the likelihood for explosions of accumulated vapors in the newly created enclosed buildings. Poorly designed ventilation collection systems have exploded. Substitution of flammable hydrocarbons for CFC compounds has changed the potential for explosive mixtures being present around refrigeration systems. Changes in control system configuration can inadvertently eliminate safeguards that were indentified during previous PHA (HAZOP) studies.

MOC System Failures

• Flixborough, UK 1974

• Seveso, Italy 1976

• Bhopal, India 1984

• Challenger Space Shuttle, 1986

Examples of PSM Changes

• Extend inspection schedule

• Rearrange assignment of emergency response duties

• Revise alarm set-point

• Temporary adjustment of operating parameter (pressure, flow, order) outside of established limits

Additional Examples of Changes

• Adding a new pump

• Changing trim inside a control valve

• Switching to a new “improved” lube oil

• Using an “equivalent” type gasket

• Semi-permanent slip-blinds


___________________________________________________________________ • Changing process sampling program

MOC Link to PHA Studies

Every modification that could affect process safety or the results of a previous PHA (HAZOP) should be reviewed and approved. There should be a formal management system to accomplish this task, and a clearly and consistently understood and established definition of what constitutes a “change”. Some modifications will require a PHA study, depending on the following:

• Extent (magnitude) of the change

• Extent of review/approval

• Technical basis (or reason) for the modification

• Previous PHA study/records

• Need for partial or full scale PHA

• Which PHA method to use

• Range of potential consequences/impacts

• Documentation

• Previous experience with the new configuration

• Availability of documentation and information for the change

• Is the modification a “replacement-in-kind?”

• Is the “replacement-in-kind” really a “replacement-in-kind?”

• Is the modification part of a larger project?

• Is the modification part of a modular (skid unit, for example) design to be provided by an outside vendor?

• Is the modification intended to be permanent or not?

In some cases, the person responsible for implementing the change will only need to review the previous PHA documentation to confirm that the proposed modification was indeed discussed during the previous PHA, and determined not to be a safety concern.

In many cases, documentation from the previous PHA will not indicate if the conditions created by the proposed change were discussed, and therefore a full or partial scope PHA is then necessary. In other cases, the proposed change may involve a potential change in maintenance practices (type or extent of inspection procedures, for example).

During project design, there should be a formal system to ensure that previous PHA studies related to the design are reviewed.

Many organizations have found it helpful to provide guideline checklists to aid in the decision on when and to what extent a PHA should be conducted in conjunction with a proposed change.

Additional MOC/PHA Considerations

• Previous experience at the new condition or arrangement

• Safety protective system capacity and adjustments

• PSI update

• Training and Operating Procedures update

• Code compliance


___________________________________________________________________

Example Checklist Guidelines for MOC PHA Evaluation

Evaluating potential impact of proposed modification:*

1. Does the change involve any different chemicals that could react with other chemicals, including dilutents, solvents, and additives already in the process.

2. Does the new proposal encourage the production of undesirable byproducts either through primary reactions, side reactions or introduction of impurities with the new chemical?

3. Does the rate of heat generation and/or the reaction pressure increase as a result of the new scheme?

4. Does the proposed change encourage or require the operation of equipment outside the approved operating or design limits of chemical processing equipment?

5. Does the proposal consider the compatibility of the new chemical component and its impurities with materials of construction?

6. Has the occupational health and environmental impact of change been considered?

7. Has the design for modifying the process facilities or conditions been reviewed by a qualified individual using effective techniques for analyzing process hazards, particularly when the modifications are being made in rush situations or emergency conditions?

8. Has there been an on-site inspection by qualified personnel to ensure that the new equipment is installed in accordance with specifications and drawings?

9. Have the operating instructions and engineering drawings been revised to take into account the modifications?

10. Have proper communications been made for the training of chemical process operators, maintenance craftsman and supervisors who may be affected by the modification?

11. Have proper revisions been made to the process control logic, instrumentation set points and alarm points, especially for computer control systems?

12. Have provisions been made to remove or completely isolate obsolete facilities/ equipment in order to eliminate the chances for operator error involving abandoned equipment?

*Source: Canadian Chemical Producers Association (CCPA)

Circle those factors which may be changed by the proposal

Proposed Classification Maintenance Considerations

Capital Improvement

Environmental Improvement

Process Change

Abnormal Operations

Emergency Operations

Temporary Change

Materials Change

Preparation for Maintenance

Equipment Inspection

Pre-modification

Periodically in Service

Trip and Alarm Testing

Specialty Contractors

Hot Tapping or Stopple

On-stream Leak Repair

Line Freezing

Vessel Alteration


___________________________________________________________________

Process Conditions Engineering Considerations

Temperature

Pressure

Vacuum

Flow

Level

Composition

Flash Point

Reactive Conditions

Toxicity

Corrosion Potentials

Instrument Drawings

Process Drawings

Wiring Diagrams

Trip & Alarm Procedures

Plant Layout

Pressure Relief Design

Flare & Vent Specifications

Design Temperature

Isolation for Maintenance

Static Electricity

Drainage

*Source: R.Sanders “Management of Change in Chemical Plants”


___________________________________________________________________

Other PHA Methods

Introduction

Although HAZOP is the most commonly used PHA methodology for initial studies, the OSHA PSM regulation recognizes several other proven PHA methodologies. In addition to HAZOP, OSHA 1919.119 allows use of other PHA methodologies, including the following:

• “What-If”

• Checklist

• “What-If/Checklist”

• Failure Modes And Effect Analysis (FMEA)

• Fault Tree Analysis (FTA)

• “An appropriate equivalent methodology”

In subsequent interpretations, OSHA has given guidance on what “appropriate equivalent” methods are. Application of these alternate methods depends on several variables. The alternate method must be systematic, must meet the criteria established in part (e) Process Hazard Analysis, must provide equivalent results to the six methods listed by OSHA, and the documentation must be adequate for OSHA to determine the scope and extent of detail. Alternate methods include: Event Tree Analysis, Human Reliability Analysis, DOW INDEX, ICI MOND INDEX method, Cause Consequence Analysis.

“What-If” Method

• Used to identify hazards, possible hazard scenarios and their consequences and perhaps potential methods for risk reduction.

• Poses questions such as

“What if the wrong material is delivered?”

“What if pump A stops running during startup?”

“What if the operator opens valve B instead of A?”

Involves the careful considerations of the results of expected events that produce an adverse consequence

Examines possible deviations from the design, construction, modification or operating intent

Loose structure. The user adapts the basic concepts to the specific application

Questioning usually starts at the input to the process and follows its flow. Alternatively, questioning can be focused on a particular consequence category (e.g. personnel safety)

Often questions from a previous analysis are used as a guide. Questions are almost invariably added as the review proceeds

“WHAT-IF” analysis is a multidisciplinary team oriented analytical technique that utilizes creative brainstorming to examine a process or operation. When compared with HAZOP, it lacks the structure provided by the guideword approach. Also, unless the leader imposes a pattern (e.g. dividing the process down into subunits and/or following the flow of the operation from the introduction of raw materials through to product recovery) upon the analysis, it can be anything but systematic. However, the What-If technique has a good reputation for effectiveness as a hazard identification tool which is easy to focus and useful as an educational instrument.

The technique appears to have its roots in the military as a tool for planning for contingencies. It is a team based approach which asked many of the same questions which might be raised during a HAZOP while not dwelling on topics which probably will not result in


___________________________________________________________________ new understanding of potential hazards. It is simple to use and generally requires commitment of fewer resources than an HAZOP study. Although it tends to produce excellent team participation, the What-If methodology lacks the structure of an HAZOP or a checklist, and is therefore highly dependent upon the study leader to ensure that the right questions area asked and adequately answered.

Although the questions can be answered as they are raised, it is sometimes more effective and efficient to pose and record as many questions as possible in a “brainstorming” manner before trying to answer them. Interrupting the train of thought when brainstorming may result in questions being forgotten or perhaps never being posed. Additional questions can always be added to the discussion list as they are raised.

“WHAT-IF” questions often begin with the words “What-If?” but they don‟t have to. “How could?”, “Is it possible?” or any other form of question is perfectly acceptable. The intent is to ask questions that will cause the group to carefully consider and think through the potential scenarios and ultimate consequences that such an error or failure might precipitate. Team discussion during a What-If review should be similar in all aspects to those encountered during a HAZOP study.

Care must be taken to adequately consider all of the What-If questions on the list to ensure that every known important issue has been raised, discussed,

and necessary recommendations written. The process should be divided into systems or subsystems as with a continuous unit.

“What-If” Method Application

• Commonly used to examine proposed changes to an existing facility/unit. Can also be used during process development or at pre-startup

• Can study refining units, gas plants, reactors, platforms, raw materials, products, storage, materials handling, in-plant environment, operating procedures, work practices, plant security, etc.

• Input information includes detailed documentation of the facility/ unit, the process, and the operating procedures, and perhaps interviews with operators and maintenance mechanics

• Users should be experienced

“What-If” Advantages and Disadvantages

Advantages Disadvantages

Easy to use Unstructured format

Rapid focus on major plant hazards Complete coverage not guaranteed

Group technique Recording of results is inherently sparse

Hard to achieve quality control

“What-If” Example

What-If Consequence/Hazard Recommendation

Wrong product is delivered instead of phosphoric acid

None likely

Phosphoric acid is wrong concentration

Ammonia is not used up & is released to work area

Verify phosphoric acid concentration after filling tank, prior to operation


___________________________________________________________________

Phosphoric acid is contaminated None likely

Valve A is closed or plugged Ammonia un-reacted, released to work area

Alarms/shutoff of ammonia (Valve B) on low flow from Valve A into reactor

Too high proportion of ammonia is supplied to reactor

Excess ammonia released to work area Alarms/

shutoff of ammonia (Valve B) on high flow from Valve B into reactor

Checklists

• Known types of hazards

• Design deficiencies

• Potential common accident situations

Checklists can also be used for the following:

• To guide

• To remind

• To establish a preferred order for critical tasks

• As a final check

• To put thoughts in a logical order

• To enumerate a common set of criteria

• To record what happened and when (identify trends)

Checklist PHA Method

A check list will usually include a series of questions about organization, operations, maintenance, equipment, and chemicals. It can be very detailed involving hundreds or even thousands of items. The design of the checklist depends upon its intended use. Although the user does not have to be an expert in the hazards of the process being studied, he or she must possess a sufficiently detailed knowledge about the process and hazards in general to be able to accurately answer the questions and recognize the significance of mismatches between the criteria implied by the checklist and the conditions prevalent in the process.

To be effective and efficient a good checklist must be prepared by the correct person(s). To ensure that the checklist asks the correct questions and provides the necessary guidance to the user, the question lists need to be developed by the expert(s) and be reviewed and tested by other expert(s).

Checklist analysis is a much used hazard evaluation approach in which the analyst uses a written list of design or operational features as a guide in assessing the process safety status of a system. The checklist analysis approach is easy to use and can be applied at any stage of the process life cycle. The checklist analysis method is versatile, cost-effective way to identify common hazards.

Checklists can be specific to one type of process, or they can be more generic in scope. A detailed checklist provides the basis for standardized evaluation of process hazards, but only for the process for which it was written. Generic checklists, on the other hand, are intended to provoke more original thought by suggesting broad areas for investigation rather than specific, predetermined solutions to problems.

Checklists are limited by their authors‟ experience; therefore, they should be developed and used by analysts with varied backgrounds who have extensive experience with the systems they are analyzing. Checklists should be updated regularly to reflect new knowledge, technology, and experience.


___________________________________________________________________ Advantages to Using a Checklist

• Utilize past experience

• High proportion of accidents are repetition

• Checklists embody much experience in readily usable form

• Simplest method

Selecting a Checklist

Select a checklist based on the following:

• Internal standards

• Recognized consensus standards (NFPA, ASME, and others)

• Industry guidelines (AIChE, API, and others)

• Authoritative references

Question and Content Phrasing

An example of a poorly worded question:

“Are emergency exits adequate and accessible?”

An example of a well thought out question:

“Are there at least two separate safe means of egress from all occupied areas? If not, specify deficiencies.”

Checklist for the DAP Process

Material

• Do all raw materials continue to conform to original specifications?

• Is each receipt of material checked?

• Does the operating staff have access to material safety data sheets (MSDS)?

• Is fire fighting and safety equipment properly located and maintained?

• Equipment

• Has all equipment been inspected as scheduled?

• Have pressure relief valves been inspected as scheduled?

• Have safety systems and interlocks been tested at an appropriate frequency?

• Are the proper maintenance materials, such as spare parts, available?

Acceptable responses to some of the questions above are as follows:

• Do all raw materials continue to conform to original specifications?

NO. The concentration of ammonia in the ammonia solution has been increased to require less frequent purchase of ammonia. The relative flow rates to the reactor have been adjusted for the higher ammonia concentration.

• Has all material been inspected as scheduled?

Yes. The maintenance crew has inspected the equipment in the processing area according to the company inspection standards. However, failure data and maintenance department concerns suggest that inspections of the acid handling equipment may be too infrequent.


___________________________________________________________________ “What-If”/Checklist

The What-If/checklist analysis technique combines the creative, brainstorming features of the what-if analysis method with the systematic features of the checklist analysis. This hybrid method combines the strengths and offsets the individual shortcomings of the separate approaches. For example, the results of a checklist analysis are highly dependent on the contents of the checklist. If the checklist is not sufficiently comprehensive, the analysis may not effectively address a hazardous situation. On the other hand, a what-if analysis encourages the hazard evaluation team to consider any potential hazard or accident event and, thus, does not restrain the team. Conversely, the checklist portion of this technique lends a more systematic structure than does the what-if analysis. That what-if/checklist analysis technique may be used at any stage of the process life cycle.

Like many other hazard evaluation methods, the what-if checklist analysis works best when performed by an experienced team. While a skilled analyst can direct a team in using this technique to evaluate the significance of accidents at almost any level of detail, the what-if/checklist analysis method usually focuses on a less detailed level of resolution than, for example, the FMEA technique. The what-if/checklist analysis can be used very effectively as the first hazard evaluation method performed on a process, and as such, it is a precursor for more detailed study.

In some cases, the review team may first apply the what-if methodology, as described, permitting maximum use of its creativity. As the energy level in this process starts to dwindle and good questions become less frequent, the team leader provides a suitable checklist to help formulate supplemental questions.

In other cases, the review team uses a checklist first, with the leader prompting “what-if” thinking for each entry on the checklist. In either case, the checklists used are commonly of the more generic form, as discussed previously.

Failure Modes and Effect Analysis (FMEA)

• Individual component failure

• Credible cause(s)

• Immediate effect

• Ultimate effect

• Existing safeguards

In the Failure Modes and Effect Analysis (FMEA) approach, each component in a system is examined individually for credible failure modes. The immediate and ultimate effects (consequences) of these individual failures are evaluated.

The effect of the failure mode is determined by the system‟s response to the equipment failure. Equipment failure modes can be initiating events or contributing events leading to an accident. An FMEA deals with single equipment failures and does not efficiently identify combinations of equipment failures that lead to accidents. Human errors are generally not examined directly in an FMEA. FMEA technique requires detailed process design information. Consequently, the FMEA technique most commonly is used during or after the detailed design stage. Also, like HAZOP, the FMEA technique intentionally is methodical and can require considerable time for identifying equipment failure modes and analyzing their potential effects.

Fault Tree Analysis (FTA)

• System Safety Technique

• Deductive logic based

• Relationships between events or conditions and their resulting consequences

• Formal symbols


___________________________________________________________________ • Boolean Logic diagrams

• Quantitative or qualitative

Fault Tree Analysis (FTA) is a logic diagram based system for identifying and evaluating the relationships between faults (events or conditions|) and their resulting consequences. FTA uses Boolean Logic Diagrams, “AND” gates, “OR” gates and other formal symbols to illustrate how events and conditions can produce a specific outcome, called “Top Event.”

FTA differs from HAZOP in that FTA is based on a deductive rather than inductive logic approach. Because of its complexity, the use of well trained and experienced analysts is advised to ensure an efficient and high quality FTA. It is not often that this mix of process expertise and experience with the FTA technique can be found in the same individual. Therefore, qualified analysts commonly develop the fault trees with process input provided by the engineers, operators and other personnel who have experience with the systems and equipment under study.

The strength of FTA as a qualitative tool is its ability to identify the combinations of basic causes that can lead to an accident. This allows the PHA team to focus preventive or mitigative measures on these basic causes to reduce the likelihood of the top event. Quite often, the FTA model is based upon cause-and effect relationships discovered through application of other hazard evaluation techniques such as HAZOP or human reliability analysis.

“Other Appropriate Equivalent PHA Method”

This chapter presents a brief overview of other (i.e. non-HAZOP) PHA methods, and is not intended to be a complete guide on how to use these alternate methods. Some other methods that may be used are as follows:

• DOW Index

• ICI Mond Index

• Event Tree

• Process Safety Review

Formal Protocol

Extensive Detail

Broad in scope

Multidisciplinary participation

Extensive examination of PSM documentation

Process Safety Review

Some organizations have implemented a formal and systematic method for identifying and reviewing process safety issues. A variety of titles is given to this approach; Safety Design Review, Loss Prevention Review, Process Safety Hazards Review, Compliance Review, etc.

This method can be used at any stage of project design/startup, or unit operations.

Safety reviews are used to ensure that the facility and its operating and maintenance practices comply with the design basis and any applicable standards. For new processes being designed, the safety review may be conducted as a technology, P&IDs or proposed operating procedures. Most commonly, a safety review is a walk-through inspection of an existing facility. In that context it can range from an informal, routine visual examination by a single individual, to a formal examination performed by a team over several weeks. A typical safety review includes operators, maintenance staff, engineer, management, safety staff and others, depending upon the plant organization. The active support and involvement of all these groups helps to ensure a thorough review.

Business

Hazop leaders manual final