3. 1 - 3
Hazardous Event :
The release of a material or energy that has
the potential for causing harmful effects to:
The plant personnel;
The surrounding community at large;
The environment.
4. What is Risk?
Risk relates two important factors:
How much of what causes how much
damage to whom (or whatever else) from the
hazardous event, i.e., the Consequence.
How often the hazardous event can be
expected to occur, i.e., the Frequency or
Likelihood.
1 - 4
5. What is Risk?(Cont.)
Risk Analysis : The process of
evaluating the consequences and
frequencies of occurrence of hazardous
activities.
1 - 5
6. What is Risk?(Cont.)
Risk Appraisal : Judging the
acceptability of risks.
Risk Assessment : Combination of
Risk Analysis and Risk Appraisal.
1 - 6
7. What is Risk?(Cont.)
Risk Control (also called Risk
Mitigation) : Method(s) existing or
introduced for the express purpose of
reducing the frequency or consequences
of a hazardous event. Methods are often
categorized as active or passive.
1 - 7
8. What is Risk?(Cont.)
Risk Management : The process of
acting upon information supplied on
Hazards Identification, Risk Assessment
and Risk Control for management
decision-making purposes.
1 - 8
9. Occupational safety & Process safety
Occupational safety focuses on accident
prevention through work systems aimed at
minimizing risk of personal injury.
Process safety focuses on prevention and
mitigation of fires, explosions, hazardous
material releases, and other potentially large
incidents associated with the chemistry and
physics of the manufacturing process.
1 - 9
10. Administrative Controls
Procedural mechanisms, such as
lockout/ tag out procedures, used for
directing and/or checking human
performance on plant tasks.
1 - 10
11. Autoignition Temperature
The autoignition temperature of a
substance, whether solid, liquid or
gaseous, is the minimum temperature
that is required to initiate or cause self-
sustained combustion in air without a
specific source of ignition. (It may also
be noted that for paraffinic hydrocarbons
the autoignition temperature decreases
with increasing molecular weight).
1 - 11
12. Cambustible
A term used to classify certain liquids
that will bum on the basis of flash points.
Both the National Fire Protection
Association (NFPA) and the Department
of Transportation (DOT) define
"combustible liquids" as having a flash
point of 100°C (373°F) or higher
1 - 12
13. Explosion
A release of energy that causes a
pressure discontinuity or blast wave
1 - 13
14. BLEVE (Boiling-Liquid-Expanding-
Vapor Explosion)
A type of rapid phase transition in which a
liquid which is contained above its
atmospheric boiling point is rapidly
depressurized, causing a nearly
instantaneous transition from liquid to vapor
with a corresponding energy release.
1 - 14
15. BLEVE (Cont.)
A BLEVE is often accompanied by a
large fireball, if a flammable liquid is
involved, since an external fire
impinging on the vapor space of a
pressure vessel is a common BLEVE
scenario.
1 - 15
16. Flash Point
The lowest temperature at which vapors
above a liquid will ignite. The
temperature at which vapor will bum
while in contact with an ignition source,
but which will not continue to bum after
the ignition source is removed.
1 - 16
17. Fire Point
The temperature at which a material
continues to bum when the ignition
source is removed.
1 - 17
18. Flammability Limits
The range of gas or vapor amounts in air
that will bum or explode if a flame or
other ignition source is present.
1 - 18
19. Hazards Identification
The process by which hazards are
identified. Commonly known as
Process Hazards Analysis (PHA).
Structured analytical tools include:
HAZARD and Operability Analysis (HAZOP)
"What if' Analysis
Failure Mode and Effects Analysis (FMEA)
1 - 19
20. Hazards Identification (Cont.)
Checklist Analysis
Preliminary Hazard Analysis (also
known as PrHA or Screening Level
Risk Analysis, SLRA)
"What if' + Checklist
Fault Tree and root cause analysis
1 - 20
21. QRA
QRA stands for Quantitative Risk
Assessment, as opposed to Hazards
Identification, which is qualitative in
nature. Hazards Identification is a
necessary prerequisite to QRA
1 - 21
22. Quenching
Rapid cooling from an elevated
temperature such that the further
decomposition is halted or severely
reduced.
1 - 22
23. Specific Safety Terms
Availability : The percentage of the
time that a protective system is
available for operation
1 - 23
24. Specific Safety Terms (Cont.)
Fail-Safe : Design features which provide
for the maintenance of safe operating
conditions in the event of a malfunction of
control devices or an interruption of an
energy source
1 - 24
25. Specific Safety Terms (Cont.)
Interlock System : A system that
detects out-of-limits or abnormal
conditions or improper sequences and
either halts further action or starts
corrective action.
1 - 25
26. Specific Safety Terms (Cont.)
Protective Device : Any device that
alarms or trips a system, or part of a
system, or relieves the condition in a
safe manner (e.g., a pressure relief
valve).
1 - 26
28. Process Hazard Analysis
(PHA) Overview
With increased employee, management
and public awareness of Safety, people
have become less tolerant of Risks.
This has resulted in increased concern
over the Safety, Health and Environmental
impact of a plant-facility and its activities,
stronger public opinion, higher litigation
and stricter Regulations.
1 - 28
29. Regulatory Requirements for Major
Hazard Installations (MHI)
Factories and Machinery Act (FMA) 1967
- Regular Inspections of Plants and Vessels.
Occupational Safety and Health Act
(OSHA) 1994 – General Duties of
Employers.
Control of Industrial Major Hazard
Accident (CIMAH) 1996 – Safety Case, On
and Off-site ERP and Information to Public.
1 - 29
30. Past Oil and Gas and Processing Industry
Accidents
30
37. What are the Losses from these
Accidents?
Fatalities and injuries to the public and staff;
Significant costs of damage to company facilities,
public property and the environment;
Lost production time;
Damage to company reputation and loss of
customers;
Liability of company / senior management for delay
in supply, damage to public property or environment,
injury / fatality (imprisonment / fines / loss of
operating license / loss of job);
Costs of investigation, paperwork and legal costs;
and Increased insurance premium.
1 - 37
38. Accident Cost Iceberg
• From the financial
point of view, costs
resulting from
death and injury
are just a fraction
of the overall
financial impact on
a business
1 - 38
39. How are Process Risks Analyzed ?
Risk is analyzed in three distinct stages
Stage 1 : Hazard Identification
Stage 2: Risk Assessment
Stage 3: Risk Management
1 - 39
40. Stage 1 : Hazard Identification
Risk cannot be evaluated without first identifying the
hazards involved. Many of the hazards will be
identified by conducting a Process Hazards Analysis
(PHA), e.g., such as HAZOP, What if , checklist,
FMEA .The hazards may arise from a wide range of
sources such as fires, fireballs, BLEVEs, explosions,
toxic releases and so forth. They have the potential
to do harm to people, property and to the
environment, but at the identification stage there is
no clear or concise picture of what this harm might
be or how often it might occur.
1 - 40
41. Stage 2: Risk Assessment
If Recommendations from the Hazards Identification
stage are not questioned via the QRA route then they will
be reviewed from an economic standpoint for cost
effectiveness and for implementation. For new facilities
that are being designed this will be incorporated into the
basic design. For existing facilities the recommendations
may be processed through the Management of Change
(MOC) route.
If QRA is the chosen route then the mechanism for
calculating the basic components of the Risk Equation,
namely, Consequence and Frequency, in the equation
1 - 41
42. Stage 2: Risk Assessment(Cont.)
The Consequence is evaluated in a
number of steps,
(a) The Release Definition of HOW MUCH (e.g., lbs,
kg, tons) of WHAT (i.e., what chemical, flammable
or explosive material) is released over HOW LONG
(i.e., seconds, minutes, hours).
(b) The Impact on People, Flora and Fauna, Property
and the Environment,
1 - 42
43. Stage 2: Risk Assessment(Cont.)
The Frequency may be evaluated in a
number of ways. Frequency may be
evaluated from historical data of similar
facilities or from fault or event tree
modeling using failure rate data of
system components.
1 - 43
44. Stage 3: Risk Management
Risk may be managed once the hazards
have been identified, and if the QRA route
has been taken, when the Risks have been
assessed. At this stage, if QRA has been
done, then the calculated Overall Risk should
be compared to accepted Risk Criteria.
Depending on the level of Risk tolerable, the
decision to accept the risk or take remedial
actions(hazard or risk control) must be made.
1 - 44
45. Principle and Practice of Risk Analysis via
Quantitative Risk Assessment
Risk may be analyzed as indicated. The overall
objective is to obtain a view on how to manage the
risk or to compare the risk with other risks through
the risk management process.
In practice it is often difficult to say where an
assessment of risks ends and risk control begins or
to assess risks without making a number of
assumptions. As such, risk assessment is essentially
a tool for extrapolating from statistical, engineering
and scientific data, a value which people will accept
as an estimate of the risk attached to a particular
activity or event
1 - 45
46. Hazard Control
Some control measures are more
effective than others at reducing the
hazard.
Be aware of the different types of
controls available and the benefits and
limitations of each.
46
47. Hazard Control
The first consideration for controlling hazards
is to eliminate the hazard or substitute a
less hazardous material or process.
An example of this method is utilizing a
water-based paint rather than a solvent-
based paint.
This control measure minimizes flammable
vapors as well as eliminates health concerns
associated with solvent-based paints.
47
48. Hazard Control
When it is not possible to eliminate a
hazard, you should control the hazard
using the following methods (in order):
•Engineering controls
•Administrative controls
•Personal Protective Equipment
48
49. Hazard Control - Engineering
If hazard elimination or substitution is not
feasible, engineering controls should be
considered next.
Engineering controls are physical
changes to the work area or process that
effectively minimize a worker's exposure
to hazards.
49
50. Hazard Control - Engineering
Enclosed Hazard
• Enclosure of the hazard, such as enclosures for noisy
equipment.
Isolate Hazard
• Isolation of the hazard with interlocks, machine
guarding, and other mechanisms.
Remove / Redirect Hazard
• Removal or redirection of the hazard such as with
local and exhaust ventilation.
Redesign Workplace
• Redesign of workstation to minimize ergonomic
injuries.
50
51. • All of the following are examples of
engineering controls except
A. adjustable workstation to accommodate
various employee sizes.
B. elimination of lead-based paint.
C. installation of welding curtains during hot
work.
D. installation of sound-dampening shields
on noisy equipment
51
52. Hazard Control
If engineering controls are not feasible you
must then consider implementing
administrative controls.
Administrative controls
• No physical changes
• Limits daily exposure to hazards by
•Adjusting work tasks or schedules.
52
53. Hazard Control - Administrative
Examples of administrative controls include:
• Limited time exposure to hazards
• Written operating procedures,
• Work practices, and
• Safety and health rules for employees.
53
54. Hazard Control - Administrative
• Alarms, signs and warnings
• Training
• Stretching exercises and break policies
54
55. • Which of the following is an example of an
administrative control?
A. Rotating jobs to minimize exposure to noise.
B. Enclosing loud equipment to reduce noise
exposure.
C. Training employees to properly wear hearing
protection to minimize noise
exposure.
D. A and C, only.
55
POLL QUESTION
56. Hazard Control - PPE
Personal Protective Equipment (PPE):
• Used when hazards cannot be eliminated
through engineering or administrative
controls,
• Must consider personal protective equipment
(PPE) necessary for employee protection
56
57. • Which of the following statements is true?
A. PPE is the lowest level of hazard control.
B. PPE may be used with engineering and
administrative controls for the most effective control
measures.
C. PPE is considered first when implementing hazard
controls.
D. A and B, only
57
POLL QUESTION
58. Hazard Control - PPE
According to OSHA, PPE is acceptable
as a control method in the following
situations:
• Engineering controls do not eliminate hazard
• While engineering controls are being
developed
• Administrative controls and safe work
practices are not sufficient protection, and
• During emergencies.
58
59. Hazard Control
The most effective control measure = all
three hazard control types.
For example, consider an operation that
generates silica dust.
• A ventilation system may be installed to control
dust (engineering control),
• Employees are trained and a sign is posted to
warn employees of dangers (administrative
controls) and
• Goggles are required to operate the equipment
(personal protective equipment).
59
60. Administrative and Engineering
Controls as Safeguards
Both Administrative and Engineering
Controls play a major role in facility
Safeguarding. A number of Safeguards may
be needed to prevent a specific Cause or
mitigate specific Consequences. Each
Safeguard may be effective only to some
limited degree, and unless there are a
number of Safeguards providing adequate
back-up, Recommendation(s) for additional
Safeguards may be needed.
1 - 60
62. Widely Used Methodologies to
Identify Hazards
Preliminary Hazards Analysis (PrHA).
What If Analysis
Checklist
What If + Checklist
Hazard and Operability Analysis
(HAZOP)
Failure Mode and Effects Analysis
(FMEA)
Fault Tree
1 - 62
64. 1- Preliminary Hazards Analysis
(PrHA)
AISO known as Screening Level Risk
Analysis (SLRA)
PrHA is normally used on new or
existing facilities to get an overall but
not a detailed view of where the major
areas of hazardous concerns exist.
1 - 64
65. 2- What If Analysis
When to Use What If Analysis :
"What If' can be used at any time for new or
existing facilities. Requires an experienced
team and adequate preparation.
1 - 65
66. Advantage & Disadvantage of What If
Advantage
Easy to learn and use. Powerful tool in hands
of experienced personnel and when used in
conjunction with Checklist Method.
Disadvantage
Much less structured than other methods and
can give poor results unless personnel are
experienced and well prepared.
1 - 66
67. What If Methodology
1. Divide the facility or unit into nodes that relate
common functions
2. Postulate problems and failures by asking the
question "What if. .."
3. For each "What if' question record the
Consequences.
4. For each "What if' question record any Safeguards
present that may prevent the occurrence or may
mitigate the consequences.
5. For each "What if' question, recommend any
Actions needed to prevent the occurrence
or mitigate the consequences.
1 - 67
68. 3- Checklist Analysis
When to Use Checklist Analysis :
Checklist Analysis can be used at any time
throughout a design or with an existing facility.
Where there is a lack of experienced personnel
the use of existing checklists is a valuable tool
for identifying hazards. Useful where teams of
personnel are not available and individuals are
required to perform the analysis.
1 - 68
69. Advantage & Disadvantage of
Checklist
Advantage
Valuable method where less experienced
personnel are involved. Best used in
conjunction with "What If' to get best results.
Disadvantage
Requires time up-front obtaining data and
information. Not thorough enough in many
cases since it follows a non analytical, by rote,
non interactive methodology.
1 - 69
70. Checklist Methodology
1. Obtain published and any available Checklists for
analysis.
2. Where no Checklists are available consult
whatever sources of information are available, such
as MSDS sheets, textbook data, etc., in order to
create Checklist.
3. Where Checklist items are not applicable record
as NIA.
4. Where Checklist items are applicable, record
Consequences, Safeguards present and any Actions
needed.
1 - 70
71. 4- Hazards And Operability
Analysis (HAZOP)
When to Use HAZOP :
HAZOP is a highly structured hazards identification
tool.
HAZOP can be used at practically any stage.
It is best used as late as possible with a new design,
in order to be as complete as possible.
With an existing facility it can be used at any time.
HAZOP can also be used for analyzing operating
instructions and procedures so that sources of
human error can be identified (and corrected).
1 - 71
72. Advantage & Disadvantage of HAZOP
Advantage :
HAZOP is very thorough, because you force yourself to
painstakingly examine most aspects.
Disadvantage :
HAZOP is very time consuming and costly. If not set
up correctly and managed properly, it can be
ineffective. Needs Leadership by an Expert in the field
of HAZOP.
1 - 72
HAZOP is the most widely used
methodology used in the world today as a
tool for hazards identification.
73. 5- Failure Mode and Effects Analysis
(FMEA)
Analyzing specific systems or items of
equipment that are best handled as objects
rather than by the use of parameters or
operations.
Analyzing pumps, compressors and items of
equipment having interactive mechanical
and/or electrical components
Consequence, severity and likelihood of
failure can be used to indicate priority
through use of risk matrix
1 - 73
74. Advantage & Disadvantage of FMEA
Advantage
Very good for analyzing complex equipment items
such as compressors, prime movers, etc. Widely
used in the nuclear industry where failure of
components in reactor circuits can have major
consequences.
Disadvantage
Does not relate specific failures that have common
causes. Needs to be used with Fault Tree
Analysis to broaden scope.
1 - 74
75. FMEA Methodology
1. Select system or component and split into
subsystems or subcomponents as required.
2. Postulate a failure mode of the subsystem
or subcomponent.
3. List the effects of failure of that subsystem
or subcomponent.
4. List safeguards or controls that might
prevent or mitigate the effects of failure.
5. Recommend remedial actions (if needed)
to prevent or mitigate the failure.
1 - 75
76. 6- Fault Tree Analysis
Graphical method that starts with a
hazardous event and works backwards
to identify the causes of the top event
Top-down analysis
Intermediate events related to the top
event are combined by using logical
operations such as AND and OR.
76
77. Risk Matrix With Hazards identification
A semi-quantitative methodology is often
used with hazards identification tools.
This permits a first order of magnitude
identification of risk by addressing both
frequency and consequence. This
method can be very useful for prioritizing
risk issues.
1 - 77
78. Assumptions for the Review
Process
A common mistake in many safety reviews is
to delve into the analysis without a basic
understanding or agreement of how the
facility was designed or intended to be
operated. Prior to a discussion of the hazards
and consequences, the team should identify
and agree to the design philosophy of the
facility under review. Sometimes, some
features of a facility are assumed, but never
documented.
1 - 78
79. Typical examples are as follows:
1. The facility is manned (operated) with
adequate staff as intended by the design
philosophy.
2. The failures of process equipment,
instrumentation, and safety devices
occur randomly.
3. The failure rates and demand rates of
safety devices are considered low.
1 - 79
80. Typical examples are as follows(cont.)
4. Facility maintenance and operational
testing is considered accomplished
accurately and timely.
5.Production flows are generally of an
identical composition.
6.The facility is designed, operated, and
maintained to good management and
engineering standards.
7. Management is concerned with safety
1 - 80
81. Assumptions may not be true
Typical periods when these assumptions
may not be true are during start-up or
shutdown, turnarounds, maintenance
activities, unusual environments,
process upsets,
1 - 81
82. Risk Matrix With Hazards identification
A semi-quantitative methodology is often
used with hazards identification tools.
This permits a first order of magnitude
identification of risk by addressing both
frequency and consequence. This
method can be very useful for prioritizing
risk issues.
1 - 82
89. RISK
How much risk is acceptable by the
organization?
The acceptance of risk by any
organization should be based on the
following
PROBABILITY (of it occurring)
SEVERITY (if it does occur)
COST OF CONTROL (cost to the
organization to control it)
Ignoring risk is not always risky!
1 - 89
90. RISK ASSESSMENT
MATRIX
Risk
Assessment
Code
1 = Critical
2 = Serious
3 = Moderate
4 = Minor
5 = Negligible
Risk Levels
Cat II
Critical
Cat I
Catastrophic
Cat III
Marginal
Cat IV
Negligible
S
E
V
E
R
I
T
Y
Probability of Occurrence
Likely Probably May Unlikely
A B C D
1 1
1
4
4
4
5 5
5
2
2
2
3
3
3
3
1 - 90
91. BENEFITS OF
RISK ASSESSMENTS
Identify hazardous conditions & potential
conditions
Provide information with which effective
control measures can be established
Determine level of knowledge & skill
employees need to execute their duties
Discovering & eliminating unsafe
procedures, techniques, actions
1 - 91
93. WHAT IS JOB SAFETY
ANALYSIS (JSA)
Other names that JSA is known by:
•Job Hazard Analysis
•Job Task Analysis
1 - 93
94. BENEFITS OF JSA
Establishes job
performance standards, a
standard operating
procedure
Eliminates or minimizes
incidents
Creates a job training tool
• New employee(s)
• Pre-job instructions,
irregular jobs
Used for job observation
Aids in incident
investigations
1 - 94
95. BENEFITS OF JSA
Jobs for possible improvement in job
methods
Makes safety and health a part of the
production process, not an add-on
To
•Encourage teamwork (especially with new
employees)
•Involve everyone performing the job in the
process
•To elevate awareness
1 - 95
96. SELECTION OF JOBS TO BE
ANALYZED (ASSESSMENTS)
Accident/Incident Frequency
Injury Rate
• First Aid
• Recordable
• Lost Time
The potential for serious injury
New jobs
Modified jobs
Includes health & ergonomic issues
1 - 96
97. THREE STEP PROCESS
Break the job down into steps
Identify hazards in each step
Actions to take to eliminate or minimize the
hazards
1 - 97
98. BREAK THE JOB DOWN INTO
STEPS
Select the right
worker to observe
Identify observable
steps
• What is done,
not how
Could be 5 to 15
• Rule of thumb
• Videotaping
Number sequentially
Verify with the worker
1 - 98
99. IDENTIFY HAZARDS IN EACH
STEP
Ask questions of the
• Job task
• Equipment
• Environment
1 - 99
100. IDENTIFY HAZARDS IN EACH STEP
Examples:
•Caught in or between
•Struck by
•Slip & fall
•Lifting
•Dust
•Repetitive motion
•Radiation
•Heat
•Noise
•Work platform/station
•Etc.
100
101. ACTIONS TO TAKE TO ELIMINATE
OR MINIMIZE THE HAZARDS
Eliminate
Engineering
Administrative
Personal Protective Equipment (PPE)
Combination of all
1 - 101
102. ACTIONS TO TAKE TO ELIMINATE
OR MINIMIZE THE HAZARDS
Find new way(s) to do the job
Change the physical conditions that create
the hazard(s)
Change work procedure
Reduce the frequency
1 - 102
103. SHORTCOMINGS OF JSA’S
All hazards not identified
Action not being taken for the hazards
identified
Not being specific on action to take for
each hazard
Being too specific on steps
Being too general on steps
1 - 103
104. JSA PROCESS
JSA program must remain visible
A review process should be developed &
JSA’s updated when necessary
• Job changes, altered
• What is done
• Incident information determines JSA was
flawed
How will the JSA’s be used?
1 - 104
106. 1- BACKGROUND OF HAZOP
TECHNIQUE
The HAZOP study technique was
developed by Imperial Chemical
Industries (ICI) in the United Kingdom.
Since than, the technique has been
modified, improved, and applied to
many different processes, both
continuous and batch.
1 - 106
107. Since its inception, the use of the
HAZOP study technique has increased
enormously, particularly in Europe, and
more recently in the U.S., and is
becoming mandatory for all existing
and new processes and projects.
Legislation in some countries is driving
this effort.
1 - 107
108. 2. HAZOP purpose
a. Identify the causes of potential safety and
environmental hazards and major operability problems.
b. Consider the consequences of these hazards and
major operability problems.
c. Identify the safeguards provided as hazard
prevention or mitigation.(if possible)
d. Propose recommendations, as needed, to prevent,
control, or mitigate hazards.
e. Provide assistance to facility management in their
efforts to manage risks.
1 - 108
109. 1 - 109
It is important to remember at
all times that HAZOP is an
identifying technique and not
intended as a means of
solving problems nor is the
method intended to be used
solely as an undisciplined
means of searching for
hazardous scenarios.
110. 3- Definitions
Characteristic (Parameters):
Qualitative or quantitative property of an
element
NOTE Examples of characteristics are pressure,
temperature, voltage.
Design intent
designer’s desired, or specified range of
behavior for elements and characteristics
1 - 110
111. 3- Definitions (Cont.)
Deviation :
These are departures from the design
intention which are discovered by
systematically applying the guide
word/parameter combinations to study
the process.
1 - 111
112. 3- Definitions (Cont.)
Guide word :
word or phrase which expresses and defines a
specific type of deviation from an element’s
design intent
Node
section of the system which is the subject of
immediate study
1 - 112
113. HAZOP Guidewords
• NO
• MORE
• LESS
• PART OF
• AS WELL AS
• REVERSE
• OTHER THAN
Flow
Temperature
Pressure
Level
Chemical comp.
Physical state
No Less More Reverse
Other
X
X
X
X
X
X
X
X
X
X
X
X
X X
Type of use: normal
start-up
shutdown
1 - 113
115. 4 Principles of HAZOP
4.1 Overview
A HAZOP study is a detailed hazard and
operability problem identification process,
carried out by a team. HAZOP deals with
the identification of potential deviations
from the design intent, examination of their
possible causes and assessment of their
consequences.
1 - 115
117. 4.2 Principles of examination
The basis of HAZOP is a “guide word
examination” which is a deliberate search for
deviations from the design intent. To facilitate
the examination, a system is divided into
nodes in such a way that the design intent for
each node can be adequately defined. The
size of the part chosen is likely to depend on
the complexity of the system and the severity
of the hazard.
1 - 117
118. 4.3 Design representation
An accurate and complete design
representation of the system under study is a
prerequisite to the examination task. A design
representation is a descriptive model of the
system adequately describing the system
under study, its parts and elements, and
identifying their characteristics. The
representation may be of the physical design or
of the logical design and it should be made
clear what is represented.
1 - 118
119. 5 Applications of HAZOP
Originally HAZOP was a technique developed for
systems involving the treatment of a fluid medium or
other material flow in the process industries.
However its area of application has steadily widened
in recent years and for example includes usage for:
software applications including programmable
electronic systems;
examining different operating sequences and
procedures;
assessing administrative procedures in different
industries;
assessing specific systems, e.g. medical devices.
1 - 119
120. 5.1 HAZOP limitations
HAZOP is a hazard identification technique
which considers system parts individually
and methodically examines the effects of
deviations on each part. Sometimes a
serious hazard will involve the interaction
between a number of parts of the system.
In these cases the hazard may need to be
studied in more detail using techniques
such as event tree and fault tree analyses.
1 - 120
121. 5.1 HAZOP limitations (Cont.)
As with any technique for the identification of
hazards or operability problems, there can be
no guarantee that all hazards or operability
problems will be identified in a HAZOP study.
The study of a complex system should not,
therefore, depend entirely upon HAZOP.
It should be used in conjunction with other
suitable techniques. It is essential that other
relevant studies are coordinated within an
effective overall safety management system.
1 - 121
122. 5.1 HAZOP limitations (Cont.)
The success of the review is highly
dependent on the accuracy of drawings
and data.
it requires the right mix of team
members with the proper technical
experience and insight.
1 - 122
123. 5.1 HAZOP limitations (Cont.)
It is tiring and difficult to perform over
extended periods and leads to something we
call “brain burnout.”
For a smooth, effective study, it requires the
commitment of the team, and management,
for the duration of the study. A HAZOP study
is difficult to conduct when team members
are changed or key team members don’t
attend.
1 - 123
124. 6 The HAZOP study procedure
6.1 Initiation of the study
The study is generally initiated by a person with
responsibility for the project, who in this course
is called “project manager”. The project
manager should determine when a study is
required, appoint a study leader and provide
the necessary resources to carry it out. The
need for such a study will often have been
identified during normal project planning, due to
legal requirements or company policy.
1 - 124
125. 6.2 Definition of scope and
objectives of the study
the study objectives should be clearly
stated, documented, and agreed upon
prior to conducting the study.
the scope needs to be defined and
documented. The scope could be limited
to a specific unit, process, or piece of
equipment, or include the entire facility.
1 - 125
128. 6.3 Roles and responsibilities
The role and responsibilities of a HAZOP
team should be clearly defined by the project
manager and agreed with the HAZOP study
leader at the outset of the study.
Where a system has been designed by a
contractor, the HAZOP team should contain
personnel from both the contractor and the
client.
1 - 128
129. Recommended roles for team
members
Study leader: not closely associated with the design
team and the project. Trained and experienced in
leading HAZOP studies. Responsible for
communications between project management and
the HAZOP team. Plans the study. Agrees study
team composition. Ensures the study team is
supplied with a design representation package.
Suggests guide words and guide word –
element/characteristic interpretations to be used in
the study. Conducts the study. Ensures
documentation of the results.
Also referred to as facilitator or chairman
1 - 129
130. Recommended roles for team
members (cont.)
Recorder: documents proceedings of the meetings.
Documents the hazards and problem areas
identified, recommendations made and any actions
for follow-up. Assists the study leader in planning
and administrative duties. In some cases, the study
leader may carry out this role.
also referred to as HAZOP study scribe or secretary
1 - 130
131. Recommended roles for team
members (cont.)
Designer: explains the design and its
representation. Explains how a defined deviation can
occur and the corresponding system response.
User: explains the operational context within which
the element under study will operate, the operational
consequences of a deviation and the extent to which
deviations may be hazardous.
1 - 131
132. Recommended roles for team
members (cont.)
Specialists: provide expertise relevant to the system
and the study. May be called upon for limited
participation with the role revolving amongst different
individuals.
Maintainer: maintenance staff representative
1 - 132
133. Typical Team Members
1 - 133
Operations
Inspection
Instrumentation/Electrical
Loss Prevention/Fire Prevention
Maintenance
Operations/Process Engineering
Other Specialists as required
134. 6.4 Preparatory work
6.4.1 General
The study leader is responsible for the
following preparatory work:
a) obtaining the information;
b) converting the information into a suitable
format;
c) planning the sequence of the meetings;
d) arranging the necessary meetings.
1 - 134
135. 6.4.2 Design description
Typically a design description may consist of some
of the following documentation which should be
clearly and uniquely identified, approved and dated.
design requirements and descriptions, flow sheets,
functional block diagrams, control diagrams,
electrical circuit diagrams, engineering data sheets,
arrangement drawings, utilities specifications,
operating and maintenance requirements , piping
and instrumentation diagrams, material
specifications and standards equipment, piping and
system layout;;
1 - 135
136. 6.4.3 Guide words and deviations
In the planning stage of a HAZOP study, the study
leader should propose an initial list of guide words to
be used. The study leader should test the proposed
guide words against the system and confirm their
adequacy. The choice of guide words should be
considered carefully, as a guide word which is too
specific may limit ideas and discussion, and one
which is too general may not focus the HAZOP study
efficiently.
1 - 136
137. 6.5 The examination (Study Sessions)
The examination sessions should be structured, with
the study leader leading the discussion following the
study plan. At the start of a HAZOP study meeting
the study leader or a team member who is familiar
with the process to be examined and its problems
should
outline the study plan,
outline the design representation and explain the
proposed elements and guide words to be used;
review the known hazards and operational
problems and potential areas of concern.
1 - 137
138. 6.5 The examination(Study Sessions)(cont.)
HAZOP study working sessions can be
divided into the following steps:
Select a vessel or line (i.e. node) on the drawing
being studied
Apply the guide words
Determine whether there are realistic causes for the
deviation
Determine the consequences
Record the results
1 - 138
139. HAZOP procedure
Select a component
Select a flow
Suggest a deviation
using a guide word
Investigate and
document effects
Investigate and
document causes
Record as non-hazardous
deviation, with a
justification
Record as hazard. Make
recommendations for
action if necessary
Start Finish
All components analysed?
All flows analysed?
All guide words considered?
Does deviation have plausible
causes and hazardous effects?
YES
YES
YES
NO
NO
NO
NO YES
1 - 139
141. 6.6 Documentation
The primary strength of HAZOP is that it
presents a systematic, disciplined and
documented approach. To achieve full
benefits from a HAZOP study, it has to
be properly documented and followed
up. The study leader is responsible to
ensure that suitable records are
produced for each meeting.
1 - 141
143. 6.7 Follow-up and responsibility
HAZOP studies are not aimed at redesigning
a system. Nor is it usual for the study leader
to have the authority to ensure that the study
team's recommendations are acted upon.
In some cases, as indicated in 6.3, the
project manager may authorize the HAZOP
team to implement the recommendations and
carry out design changes.
1 - 143
144. 7 Audit
The program and results of HAZOP studies
may be subjected to internal company or
regulatory authority audits. Criteria and
issues which may be audited should be
defined in the company’s procedures. These
may include: personnel, procedures,
preparations, documentation and follow-up.
A thorough check of technical aspects should
also be included.
1 - 144
145. HAZOP Review Suggestions
Identify control loops and equipment by
number.
If cause originates from adjacent node or
area, identify specific examples of the
cause if possible (i.e., “Block valve
closed on upstream node”).
Try to match one consequence with one
cause, as much as possible.
Safeguards that are located on other
nodes can be referenced.
1 - 145
146. HAZOP Review Suggestions(cont.)
The consequences of control valves
failing to open or close should be
evaluated, regardless of the specified
failure position of the valve.
Do not use an indicator or an alarm that
derives its signal from a control loop as a
safeguard if that control loop is the
cause of the deviation.
1 - 146
147. HAZOP Review Suggestions(cont.)
If a review consistently indicates
considerable design faults, the quality of
the design or its completeness may be in
question. When this occurs, an
evaluation of the project design team’s
qualifications or timing and level of the
review should be carried out.
1 - 147
148. Remember
HAZOP members not an engineering
department
Typically a fire protection system or
response is not used as a safeguard.
1 - 148
152. Exercise (2) Storage Tank
Storage
Tank
TIA
FICA
PI
PICA
LIA
To flare
To
atmosphere
Nitrogen
To process
From tank
trucks
H
H
L
L
H
V-2
V-3
V-1
V-5
V-4 FV-1
V-8
V-7
PV-2
PV-1
RV-1
Equipment & Valve
FV Flow control valve
T Tank
P Pump
PV Pressure control valve
RV Relief valve
V Valve
Instrument
L Level
T Temperature
P Pressure
F Flow
I Indicator
C Controller
A Alarm
152
154. Exercise (3)
consider the following example in which
crude oil is transferred from the low
pressure separator on Platform “A” to a
transfer pump on Platform “B”. From
Platform “B”, the oil is sent to an onshore
storage terminal through approximately
5,000 ft. (1,525 m) of 8 inch pipe.
1 - 154
157. Exercise (4)
PG
PG
LC
Settling tank
Drain
Drain
Drain
Hydrocarbon
from storage
Transfer pumps
(one working, one spare)
To reactor
LC
Valve (normally closed during
operation of the plant)
Valve (normally open during
operation of the plant)
Manually operated valve
Non-return valve
Pump
Automation (level
controller)
1 - 157
