Day 5 - Hazop Procedure for Company

PHA , Hazards Identification & Risk Analysis by Nigel Hyatt

HAZOP Procedure for company

RISK = CONSEQUENCE (IMPACT) x FREQUENCY ( LIKELIHOOD) OF OCCURRENCE

A measure of the consequence of a hazard and the frequency with which is likely to occur.



WHAT ?HAZOP is Hazard and Operability Analysis

WHEN ?Hazop can be used at practically any stage. It is so widely used that almost any form of process hazards analysis is referred to as “ HAZOP”

ADVANTAGE ?HAZOP is very thorough , because you force yourself to examine most aspect

DISADVANTAGE?HAZOP is very time consuming and costly. If not setup correctly and managed properly , it can be ineffective. Needs leadership by an Expert in the field of Hazop



A hazard and Operability ( HAZOP) analysis is the systematic identification of every credible deviation in the system or process , usually a chemical manufacturing process from the design intent. This method was used UK Imperial Chemical Industries in the 1960’s

The purpose of a Hazop is to review a process or operation systematically to identify whether deviations from the desired practices could lead to undesirable consequences

Hazop is usually requires a series of meeting during which the team , using process drawings , systematically evaluates the impact of the deviations from the desired practices

The risks of deviations are assessed and if deemed unacceptable , the a set of recommended action is determined

Definition“a system to identify, assess & mitigate potential hazards to a tolerable level by addressing not only technology but also facility and human using specific tools”

Objective : To ensure that an adequate assessment of risk is carried out in order to

meet thefollowing :1. To identify hazards and operability problems2. To identify the consequences and evaluate the risk of hazard events3. To analyse the adequacy of existing safeguards4. To recommend additional safeguards to reduce the risks if necessary

What Is PHA ?

Hazard and Operability study (HAZOP) Failure Mode and Effect Analysis (FMEA) Hazard Identification (HAZID) Hazard Analysis (HAZAN) Structured What-if Technique (SWIFT) Safety Integrity Level Assessment (SIL) Layers of Protection Analysis (LOPA) Quantitative Risk Assessment (QRA)

Which technique?

It depends on:

The type of work you are doing and

The type of potential hazards

PHA Tools

Hazard & Operability Problems

• PEOPLE - Fatality, injury• ENVIRONMENT - air, water, land, ecological• ASSET: Equipment, asset damage/loss• REPUTATION: Loss of business, national impact

Consequence & Hazard Risk

Existing Safeguards

Additional safeguards & recommendations

• Highly explosive fuel gas• Electric power• High pressure steam of 54 bar• High temperature superheated steam • N2, O2, Argon• Chemicals Tray collapsedTubes leak, not properly weldValve passing

• Procedure• Alarm & operator intervention • Interlock, LSHH, PSHH• Lab analysis• Scheduled DOSH inspection• Preventive Maintenance

• Proper training program for new staff?• Additional transmitter or alarm?• Verification checklist?• Review inventory of critical spare part?

HAZOP Process

Method Selection

CAUSEDEVIATION

CONSEQUENCEFault Tree Analysis (FTA)

HAZOP

Failure Mode & Effect Analysis (FMEA)

What-If Checklist

Examples of PHA Applications

What If/Checklist

FMEA HAZOP FTA

Conceptual

Basic

Design

Detailed

Existing process

Process change

Decommissioning

The Process Flow…

Process Hazard Analysis (PHA)

Managing Recommendations & Tracking

Prioritized?Review/challenge?Assign action partyFollow-up/trackCommunicate to employees

Hazard ReviewTo cover Technology, Human

Errors, Facility Siting & Inherent Safer Process

• To select the suitable tools e.g. What-If?,HAZOP, FMEA, FTA,IPF

AssuranceCompliancy & Review

Communicate any findings to affected employee

Hazard Identification (HazId)

Field tour Previous MOC & Incident? Previous HazOp report?

Consequences Analysis

• Identify the potential source of leakages Type of event – F, E,TR

• Size of release

• Effect to PEAR

Planning • Identify area of study/set

boundary

• Select Team comprises of PHA leader, scribe & members

SupportingElements

Site visit for verification, ergonomics study, fire safety review,

Up-to-date Information and Documentatione.g. P&ID, O&M, MSDS, Area Classification

Resources –PHA practitioners & cross-functional subject matter expert

Facilities Data through PIMS, SAP records, e-HSEMS, e-CPA

start

What is HAZOP?

HAZOP comes from the phrase “HAZard and OPerability study”

It is a systematic method (team-based) for examining complex

facilities or processes to find actual / potentially hazardous

procedures / operation. These hazards shall be eliminated or

mitigated to a tolerable level (ALARP)

Identification & assessment of hazards related to process deviation

or changes in process operating envelope

Importance of HAZOP

How can we operate plants safety if we do not know the hazards? How can we control the hazards if we don’t understand their potential of release and

impacts. How can we be confident that we are controlling the hazards if we don’t know how we

expect our controls to perform? How can we improve on the safeguards to ensure that the hazards are adequately

mitigated?

General way of doing HAZOP

By considering the plant on section-by-section, line-by-line and item-by-item; develop suitable node

By defining ‘normal operation’

By considering deviations from ‘normal operation

By using a keyword matrix to initiate discussion

General assumptions while doing HAZOP study

One failure at a time (no double jeopardy) unless It has the potential to happen It has happened before

The system will perform as the design intent The system is operated and maintained in line with the design intentProtective systems/safeguarding are functioning as designed

Outline of HAZOP Technique

HAZOP systematically review deviations from design intent The study shall consists of a team of knowledgeable and experience personnel Use guidewords to stimulate creative thinking Identify significant consequences and reasonable causes (reject small, unimportant issues e.g. small release from valve

packing) Review the available safeguards Develop recommendations to manage risks Proceed to the next deviation Put risk ranking for each of the cause (preferably later)

Outline of HAZOP Technique

The results are qualitative in nature (quantitative assessment

is available by using QRA) Effective duration is 4-5 hours per day depending on the team Further study may be required more in-depth analysis (i.e.

quantitative method) and it should be noted

Deviation List Causes

Possible?

Consequence?

Proposed OptionExisting

SAFEGUARD sufficient?

Divide system into nodes and state design intent

No

No

NoYes

Yes

Yes

For each node, select parameter

HAZOP Process

HAZOP Process Flow DetailHAZOP Process Flow Detail

Identify a Node

Describe design intent & operating condition

Consider first or next Guide Word

Identify all Causes and record

Identify all Consequences and record

List existing Safeguards and record

Identify the Risk Ranking and record

Provide any recommendations and record

Take a new Node

Last Guide Word?No

Yes

HAZOP Process FlowHAZOP Process Flow

1. Identify a Node2. Describe design intent and operating condition

A node is defined as a segment of the system which have distinct

design intent The boundary of the node should be selected such that it is

manageable for the team to analyze

Typical node: One major equipment (vessel/column/storage tank etc),

associated minor equipment (pumps/valves etc), instrumentation and other

ancillary equipment Team must understand the design intent of the node – specific information

on how the node is operated under design conditions (specific pressure,

temperature, flow etc)


Normally, a node follows the process flow Start at an isolation point (valve or equipment item) of where the

line enters the node being analyzed (INLET BOUNDARY) Continue to the next change of design intent

OR

Continue to where a critical parameter (e.g. flow, pressure, temperature)

changes

OR

Continue to the next equipment item

The point of where the node stops is known as OUTLET BOUNDARY

Practical Tips for Node SelectionPractical Tips for Node Selection

Aim for nodes which is planned to take no more than 1 – 2 hours to

study Aim for not more than 5 causes for the first Guide Word If the team needs to analyze the node in parts, then break the node

into smaller nodes HAZOP Leader and Scribe may choose the nodes before the study session

starts. The proposed nodes shall be agreed by the team members Be prepared to change the nodes if the team is struggling to analyze it

Example of Selection of Node: HAZOP Study on MOC

The following are nodes/area of study for HAZOP: Node 1: Line from V6-0204 to AGI Node 2: Line from V6-0207 to AGI Node 3: AGI

PV-1100

From V6-0204

AGI

From V6-0207

From Glycol

From LP fuel

gas

Node No:1

Node No: 2

Node No: 3Replacement of PV-1100


3. Consider Guide Word

Guide Word Process Deviation Definition

NO, NOT or NONE

The complete negation of the design or operating intent

No part of the intention is achieved

MORE OF Quantitative increase of the parameter

More of the intention occurs or is achieved

LESS OF Quantitative decrease of the parameter

Less intention occurs or is achieved

AS WELL AS Qualitative increase of the parameter

All the intention is achieved with some addition

PART OF Qualitative decrease of the parameter

Only some of the intention is achieved

REVERSE Logical opposite of the design intent The reverse of the operating intention occurs

OTHER THAN Something else happens No part of the intention occurs

Deviations obtained by using Guide WordsDeviations obtained by using Guide Words

Parameter Guide Word DeviationFlow No/Less No/Less Flow

Flow More More Flow

Flow Reverse Reverse Flow

Pressure More High Pressure

Pressure Less Low Pressure

Temperature More High Temperature

Temperature Less Low Temperature

Level More High Level

Level Less Low Level

Reaction More More Reaction

Reaction Other Other Reaction

Composition Other Off-specification

Contamination Other Contamination

Relief Other Relief

Sampling Other Sampling

Service No Power Failure

Service No Instrument Air Failure

Service No Cooling Water Failure

Service No Steam Failure

Service No Nitrogen Failure

Service No No Flushing Oil

Maintenance Other Maintenance

Consider other modes of operationConsider other modes of operation

Normal Operation

Reduced Throughput / Turndown

Routine Start Up

Routine Shutdown

Commissioning

Emergency

Special Modes of Operation

Other Guide WordsOther Guide Words

Phase : Gas / liquid / solid

Composition : Two phase / changes with time / slugging / additives

Testing : Equipment / hydrocarbon streams / effluents / sampling points

Operation : Operability / maintainability

Electrical : Area classification / isolation / earthing

Instrument : Sufficient for control / too many / correct location / consistent philosophy / separate tapping for alarm and IPF

Global Guide WordsGlobal Guide Words

Toxicity Commissioning / start up Shutdown (isolation / purging) Breakdown (including services and utility failures) Effluent Noise Fire / explosion Safety equipment Materials of construction Quality, consistency & reliability Efficiency and reliability Ignition

Engineering issues

Corrosion / erosion

Previous precaution

Accessibility

Orientation

Safety/ ESD

Environmental

Viscosity


The Causes identified must be within the Node It must be a credible scenario Typically done using a brainstorming technique without considering

the Consequences It is possible that there are none or no new Cause identified for a

specific Deviation

4. Identify all Causes


Wrong routing Blockage Incorrect blind plate insertion Isolation in error Burst pipe Large leakage Incorrectly installed check valve Equipment failure (fail-close valve, pump, filter etc) Incorrect pressure differential

Examples of Causes for NO FLOW

Examples of Causes for NO FLOW


Surge problems Thermal overpressure Isolation of relief devices Positive displacement pump running Failed open PCV Incorrect design pressure Gas breakthrough (inadequate venting) Connection to high pressure system Specification of pipes, vessels, fittings & instruments

Examples of Causes for MORE PRESSURE

Examples of Causes for MORE PRESSURE


Phase change Settling of slurries Leaking isolation valves, exchanger tubes Incorrect feedstock specification Process control upsets Uncontrolled reaction by intermediate or by-products

Examples of Causes for OTHER COMPOSITION

Examples of Causes for OTHER COMPOSITION


Wrong relief philosophy (process / fire etc) Unsuitable type of relief device, blocking Unsuitable relief device location Multi-phase flow Effect of debottlenecking on relief capacity Effect of inlet/outlet piping & manifold configuration

Examples of Causes for RELIEFExamples of Causes for RELIEF


Wrong control philosophy Wrong fail-safe philosophy Unsuitable instrument location and response time Time available for operator intervention Panel arrangement and location Fire protection Unsuitable set points of alarms, trips and authorization of changes Alarm and trip testing, auto/manual switches and human error

Examples of Causes for INSTRUMENTATIONExamples of Causes for INSTRUMENTATION


Failure of Instrument air, steam, water & nitrogen Hydraulic power, electric power Telecommunications, computer and interfaces Heating and ventilation

Contamination of Instrument air, steam, nitrogen

Examples of Causes for SERVICE FAILUREExamples of Causes for SERVICE FAILURE


Purging Flushing Start up Normal shutdown Emergency operation Emergency shutdown Inspection of operating machines

Examples of Causes for ABNORMAL OPERATION

Examples of Causes for ABNORMAL OPERATION


Grounding arrangement Insulated vessel/equipment Low conductance fluids Two liquid phases Splash filling of vessel Insulated components Dust and powder handling Electrical area classification Flame arrestors Hot work and hot surfaces Auto-ignition and pyrophoric materials

Examples of Causes for IGNITION SUPPRESSION

Examples of Causes for IGNITION SUPPRESSION


Fire and gas detection Testing of emergency equipment Emergency shutdown First aid, medical resources Fire fighting response time Effluent disposal Emergency plan & training Hazards created by others Toxic and hazardous properties of process materials

Examples of Causes for SAFETY EQUIPMENTExamples of Causes for SAFETY EQUIPMENT


Consequences shall be linked to the cause identified Safeguards is not considered in Consequences determination

(assume the safeguards fail) Consequences can be within the Node or outside of the Node

(upstream and downstream) One Cause can lead to many Consequences (list all of them) Can be listed under People, Environment, Asset and Reputation Meaningful and significant Can be listed one by one starting from not-so-worse consequence

until the worst case scenario

5. Identify all Consequences

Examples of consequencesExamples of consequences

People

First aid injury, minor injury, major injury, fatality

Environment

Local spillage, effluent discharge to river, black smoke

Asset

Equipment crack, valve damage, fire/explosion on storage tank

Reputation

Media attention, public inquiry, disrepute to international image


It is the designed system or administrative controls to prevent,

detect or mitigate the Consequences May list the safeguards based on the Causes Something to think about:

i. Does an indicator or a gauge being considered as a safeguard?

ii. Does working procedure being considered as a safeguard?

6. List existing Safeguards


Safeguards for any system could be listed based on the system’s

Layers of Protection theory.


The Risk Ranking for each Consequence shall be identified by

utilizing the PGB Risk Matrix Consequence vs. Probability = Risk Ranking In general, there are three levels of Risk Ranking i.e. HIGH

MEDIUM and LOW The “Consequence” rating shall take into consideration of the

detection and mitigation safeguards available The “Probability” rating shall take into consideration of the

prevention safeguards available

7. Identify the Risk Ranking

Sample of Risk MatrixSample of Risk Matrix

CONSEQUENCE INCREASING LIKELIHOOD ------>

People (P) Environment (E)Assets

Loss (A) Reputation (R)

A B C D ENever heard of in the industry

Has happened in the industry.

Has happened once in the company

Has happened several times per year in the company.

Has happened several times per year in company

Negligible 1 time in > 20 years

1 time between 4 to 20 years

1 time between 6 months to 4 years

1 time in < 6 months

P0No injury

E0No effect

A0No loss

R0No Impact L L L L L

P1Slight Injury

E1Slight effect

A1Slight loss

R1Slight Impact

L L L L L< 10k

P2Minor Injury

E2Minor Effect

A2Minor Loss

R2Limited Impact

L L L M M10k ~ 100k

P3Major Injury

E3Localised effect

A3Local Loss

R3

Considerable Impact L L M M H 100k ~ 0.5 M

P4Fatalities

E4Major effect

A4Major Loss

R4

National Impact L M M H H 0.5M ~ 10M

P5Fatalities

E5Massive effect

A5Extensive

Loss R5

International Impact M M H H H> 10 M


If the team decided that the existing Safeguards are inadequate to

prevent, detect or mitigate the Consequences, they may recommend

additional safeguards to protect the system The Recommendations must address the issue and bring the risk to

an acceptable level i.e. LOW The Recommendations must be clear and use 3Ws – WHAT, WHY

and WHERE A further study may also be recommended because HAZOP is not a

tool to solve safety issues in detail Cost of the recommendations SHALL NOT be an issue for the HAZOP

analysis team

8. Provide any Recommendations

HAZOP Team SelectionHAZOP Team Selection

The team shall consist ofo HAZOP leader – to facilitate the study

o Scribe – to record the study

o Operation personnel

o Multi-disciplinary members, depending on the scope of

the study (e.g. instrument, electrical, mechanical,

inspection, piping, civil, HSE)

Balance of skills, knowledge and experience Willing contributors, able to express thoughts clearly

Process Engineer & Operation Personnel’s ResponsibilitiesProcess Engineer & Operation Personnel’s Responsibilities

Provide simple description of the system Provide design intention for each process unit Provide information in process conditions and design conditions Provide operational specialist input to the analysis

Check design for operational issues Ensure design compatibility with existing work practices Check design for operating procedure and training requirements

Provide details of process chemistry Provide details of process hazards

Typical information requiredTypical information required

As built / latest P&ID of the plant PFD and material balances Design parameters: temperature, pressure, flow etc Operating parameters: temperature, pressure, flow etc

Equipment data sheet / drawing Marked up P&ID / drawing of the system as reference Operating procedures Schedule of alarm/trip setting Cause & effect matrix Interlock logic chart Properties and hazards of process materials

HAZOP Team dynamicsHAZOP Team dynamics

Everyone shall be involvedo Encourage quiet people, manage loud people

Maintain attention and motivationo Concentrate on the task

Appropriate paceo Not too rush or too drawn out

Appropriate orientationo Primarily process rather than content oriented


HAZOP Procedure – Existing Plant

Occupational Safety & Health Administration( OSHA) process safety management ( PSM) regulation 29 CFR 1910.119 -Requires company to update or revalidate their PHA at least every 5 years

-In addition , the US Environment Protection Agency’s (EPA) risk management program rule , 40 CFR Part 68 requires companies to performe quatitative off-site consequences analysis

Scheduled hazard study on existing plant

Risk assessment in this context is the process of quantifying the level of risk associated with the operation of the equipment / machine

It should be a structured and systematic process that answers the following 4 specifics questions:-

i)How severe are potential injuries?

ii)How frequently are employees exposed?

iii)What is possibility of avoiding the hazards if it does occur?

iv)What is the likelihood of an injury should a safety control system fail ?


Pilot Plant & Operational Lab

Pilot Plant & Operational Lab

HAZOP – GROUP PRESENTATION

HAZOP – GROUP PRESENTATION


How to perform HAZOP process ?

1. Preparation P&ID PFD plus material and energy balances Equipment specifications Layout drawing

2. Facilitator and Process Engineer

Break P&ID down into nodes

Nodes are equipment items If nodes are too small you can loose sense of analysis and incur excessive

repetition

If nodes are too large , hard to handle and becomes confusing


3. Prepare HAZOP outline with List of Deviations

4. Assemble HAZOP team

5. Facilitators ExplainsThe facilitator or one of the team members explains the purpose and scope of theHAZOP and sets the rules of the study

6. Process Engineer ExplainsProcess in generalImmediate Node being Hazoped

7. HAZOP Each Node Using Deviation Listed in Outline Working Through the P&ID

Produce Hazop worksheet recording the following : Cause Consequence Safeguards Action & recommendation Remarks



8.At the End of HAZOP , the Facilitators Issues Preliminary HAZOP Report consisting ofAttendanceOutlineDetail reportAction/ recommendation Register.

9. Issues Final Report Giving Full Details

From BFW Header

Steam drum

Water drum

PI 7810

FT 7810

FC 7810

NC

NC

Demin Water

TI 7801

TI 7801

PT 7801

PI 7801

PI 7802

FV 7810

NC

FC 7810

LT 7810

LC 7810A

FY 7810

TW-1"-7801-A1031-H(N20A)

BW-3"-7801-D6103-H(N20B)

LT 7809

LA 7809

LSLL 7809

LALL 7809

Economizer

BV

BV BV

Boiler Feed Water for F4- 781

BV

Example of Single Node on Boiler System

NODE 1

NODE 1

Design intent: Replacement of B/Valve at D/ Stream & U/ Stream FV 7801

GUIDE DEVIATION

CAUSES CONSEQUENCES

SAFEGUARDS

REMARKS & RISK RANKING

ACTION BY/ DATE: STATUS

WORD RECOMMENDATIONS P E A R

More More Pressure BV at

Economizer partially close

1.Increased backpressure on Steam turbine2.ST tripped

PI 7801 , PI 7802 and PI 7810 (indication only

To install vibration sensor to all ST pump

L L M L 1. MTA( Q3 Fy 2010/11)

No Pressure

BV at U/stream or D/ Stream FV 7810 is fully close

1.,No water supply to steam drum leading to low level2.Boiler tripped 3.Slow down the process

LSLL 7809 To implement “ Tagging system “ to critical valve

L L M L 1.POA ( 1st May 2010 )

Less Less pressure

NA

HAZOP Worksheet

Documents

Day 5 - Hazop Procedure for Company