This document provides an overview of SIL assessment and LOPA (layer of protection analysis) techniques. It discusses the differences between HAZOP and SIL studies, and the relationship between HAZOP and LOPA. Key aspects covered include safety integrity levels (SIL), risk matrices, consequence analysis, likelihood analysis, establishing tolerable risk levels using the ALARP principle, and control measure prioritization. Examples are provided of a SIL-3 assessment and applying the risk graph method.
2. Course
contents What is a SIL assessment Study?
Relation between HAZOP and SIL
assessment study
Understanding Safety Integrity
Level (SIL)
Risk matrix/ALARP principle
Layers of protection/Safeguard
Hierarchy of controls (with simple example)
LOPA study Example
Brief introduction to Risk Graph Method
3. DIFFERENCE BETWEEN HAZOP & SIL SESSIONS
Both HAZOP and SIL Sessions deal with Risk scenario for Analysis.
But there exists a Difference in the Concept related to the Safety
Instrumented Function (SIF).
The HAZOP Session looks at the Safety Instrumented Function (SIF) from
Positive side and expects the SIF to Perform its function Successfully to avoid
a Hazardous Incident from occurring.
Where as the SIL Session looks at the Negative side, i.e Failure or Absence of
the SIF under study, explores all the consequences in the absence of the SIF
and establishes the Criticality Rating (SIL) on this basis.
The HAZOP Session deals with all the modes of Operation of a facility,
including the Steady state operation, Bypass mode, Maintenance mode etc.
But SIL Session primarily deals with the Plant’s Steady state operation.
6. Understanding Safety Integrity Level (SIL)
What does SIL mean?
– Safety Integrity Level
– A measure of probability to fail on demand(PFD) of the SIF.
– It is statistical representation of the integrity of the SIF when a process demand
occurs.
– A demand occurs whenever the process reaches the trip condition and causes
the SIF to act.
– There are 4 SIL levels. SIL Levels are measures of how we achieve function safety.
– Applies to the complete safety function/loop
– Higher SIL means
• Stricter requirements.
• Safety Function fails less and thus plant protection is available more.
8. 1 in 10 means, the function will fail once in a total of 10 process demands
1 in 1000 means, the function will fail once in a total of 1000 process demands
15. What is the consequence ???
•Can it Kill someone..?
•How much it is going to cost…both
direct/indirect/insured/uninsured
•Is it going to cause any Environmental issues..?
•Is it going to cause any public relation issues or
Regulatory actions
16. What is the likely hood the event can occur
• Is there any inherent design to the equipment..?
• Is there any BPCS to control it..?
• Is there any alarm to alert the operator for intervention..?
• Is there any safety instrumented system..?
• Is there any emergency response plan
17. RISK ASSESSMENT MATRIX (RAM)
CONSEQUENCE LIKELIHOOD
Rating
Severity
People
Equipment
damage
Production
loss
Environment
Reputation
A B C D E
More than100
years (Never
heard of the
incident)
Once in 100
years (Heard of
Incident in
Industry)
Once in 20
years (Incident
has occurred in
Our Company)
Once in 4 years
(Happened
several times in
the Company)
More than once
in a year
5
Catastrophic
Multiple worker
fatalities /
permanent total
disabilities or single
public fatality
Extensive
damage,
prolonged loss of
production or >
Rs. 10 Crore
More than a
month of outage
for one unit
Massive effect over
a large area or
constant breach of
regulatory limits
International impact.
Adverse attention in
International media
5A 5B 5C 5D 5E
4
Major
Single worker
fatality / Permanent
disability or serious
injury to public
Major damage,
disruption to
operations or <
Rs. 10 Crore
More than one
week to one
month outage
for one unit
Major Effect, Short
term breaches of
regulatory limits
Major Impact. On
National TV /
National Press
4A 4B 4C 4D 4E
3
Serious
More than one LTI Local damage,
unit shutdown or
< Rs. 1 Crore
48 hrs. to one
week outage for
one unit
Localized effect.
Has significant
impact on
Environment but no
permanent effect
Considerable
impact. Major
concern in National
Press / Local TV
3A 3B 3C 3D 3E
2
Minor
One Loss Time
Incident (LTI)
Minor damage or
< Rs. 50 Lakhs
24 hrs. to 48
hrs. outage for
one unit
Minor effect, has
impact on
Environment but no
permanent effect
Limited impact.
Public concern in
neighborhood.
Reported in local
newspaper
2A 2B 2C 2D 2E
1
Notable
Slight injuries (First
aid case) / Short
term effect
Slight damage or
< Rs. 10 Lakhs
Less than 24
hours
Slight effect; 100%
cleanup possible
Slight impact, Public
awareness exists, no
public concern 1A 1B 1C 1D 1E
Demonstrate
ALARP
Incorporate Risk
Reduction
Measures
Manage for
Continuous
Improvement
Intolerable
Zone
18. Consequence
Category
People
Target Risk
Frequency
(Occurrences per
year, per event)
P6 n/a 1.00E-07
P5 Multiple fatalities or Permanent illness 1.00E-06
P4 Single fatality or Chronic illness or Over exposure for more than 8 hrs 1.00E-05
P3 Serious illness or acute illness or high exposure (Entire shift - 8 hrs) 1.00E-04
P2 Local offsite treatment / Temporary illness / Intermittent Exposure (15 min/hr) 1.00E-03
P1 Minor injury or First aid cases 1.00E-02
E6 n/a 1.00E-07
E5 Widespread, Permanent Ecological damage 1.00E-06
E4
Some Permanent Ecological damage (continous emission not contained w ithin
the organization)
1.00E-05
E3 Major sustained environmental release 1.00E-04
E2 Controlled environmental release(w ithin license limits) 1.00E-03
E1 Minor spillage or Fugitive emission 1.00E-02
F6 n/a 1.00E-06
F5 Plant outage more than 1 w eek,>5 Cr 1.00E-05
F4
Less than 1 w eek outage for 1 section;or 48 hrs to 1 w eek for the plant,2 Cr to
5 Cr
1.00E-04
F3
48 hrs to 1w eek outage for single section; or less than 48 hrs for plant,< 1Cr to
2Cr
1.00E-03
F2 12 hrs to 48 hrs outage for single section,< Rs. 50 lakhs to 1 cr 1.00E-02
F1 Less than 12 hour outage for single section (w ithin 1 plant),< Rs. 50 lakhs 1.00E-01
19. ALARP PRINCIPLE
“As Low As Reasonably Practicable”
▪ Involves weighing risk against the
trouble, time and money to control
▪ Describes level to which workplace risk
is to be controlled.
▪ Not prescriptive
▪ Challenging because it requires
employers to exercise judgment.
What is Acceptable Risk?
We accept/ tolerate risk when:
1. We don’t know that it exists
2. The Risk is insignificantly low
3. When it’s worth the Risk (?)
20. Risk Reduction
As Low As Reasonably Practicable or Tollerable Risk
(ALARP ZONE)
Fundamental Concepts