You are on page 1of 101

Functional Safety

HAZOP

Author: rpd POZSGAI


PROCOPLAN Ltd.

Directives (EU)

Seveso II Directive [96/082/EEC]


Machinery Directive [89/392/EEC], [91/368/EEC],
[93/044/EEC]

EMC Directive [89/336/EEC]


ATEX Directive [1999/92/EK]
PED Pressure Equipment Directive [97/23/EG]
New Approach:
The European Union adopts legislation (EU Directives) that defines essential
requirements - in relation to safety and other aspects of public interest - which
should be satisfied by products and services being sold in the Europe as Single
Market;
The European Commission issues standardization requests (Mandates) to the
European Standardization Organizations (CEN, CENELEC and ETSI), which are
responsible for preparing technical standards and specifications that facilitate
compliance with these essential requirements
MOL Plc.

Functional Safety

Seveso II Directive
Aim
This Directive is aimed at the prevention of major accidents which
involve dangerous substances, and the limitation of their
consequences for man and the environment, with a view to ensuring
high levels of protection throughout the Community in a consistent
and effective manner.

General obligations of the operator:


Member States shall ensure that the operator is obliged to take all
measures necessary to prevent major accidents and to limit their
consequences for man and the environment
all measures necessary = Satndards shall be used!
Standards are not mandatory, their use is voluntary.
(If the chosen solution differs from solution required in the standard, it shall be proven
that the chosen solution is the same or better than the solution required in standard.)

MOL Plc.

Functional Safety

The main issues


What are the potential hazardous events and their associated risks, and
what risk reduction is necessary to achieve an acceptably safe process
installation?
How can it be established and confirmed that the safeguarding
measures/equipment realize the required risk reduction?
What activities need to be carried out to guarantee that this safety
integrity level is maintained during the entire lifetime of the safeguarded
process installation?
How can at any moment be proofed, by proper documentation, that the
safety requirements are met?

MOL Plc.

Functional Safety

Standards

There are many satandard!

Agnetha Fltskog

MOL Plc.

Functional Safety

Safety standards of safety system in in the


world
IEC 61508 Functional Safety of Electrical/Electronic/Programmable
Electronic Safety Related Systems
IEC 61511 Functional Safety: Safety Instrumented Systems for the
Process Industry Sector
EN 292 Safety of Machinery
EN 60240 Safety of Machinery Electrical Equipment of Machines
IEC 62061 Safety of Machinery
ISA S84.01 Application of Safety Instrumented Systems for the Process
Industries. EN 61511 (MOD.) WORLD WIDE STANDARD!!
ISA TR84.02 Safety Instrumented Systems Safety Integrity Level
Evaluation Techniques
DIN VDE 0801 Principles for Computers in Safety Related Applications

MOL Plc.

Functional Safety

Safety standards
Safety Standards

Functional Standards
e.g. BMS:

IEC 61508
Manufacturers safeguarding
equipment (sub-systems) for
all industrial sectors (except from
the nuclear industry)

IEC 61511
End-users
&
System
integrators
in the
Process
industry

Burner
Manager
Systems:

Other sector
specific
Standard
e.g. EN 61513:
For nuclear
power plants

MOL Plc.

EN 676
EN 12952-8
EN 746-1
EN 746-2
EN 298
EN 1643
EN 230
EN 50156-1

Functional Safety

Requirements of EN 746-2: 2010


EN 746-2: 2010: Industrial thermoprocessing equipment - Safety requirements
for combustion and fuel handling systems
5.7 Design requirements for electrical and electronic equipment for control system
and protective system

Protective systems shall fulfil one of the following conditions:


a) all components comply with the relevant product standards
b) components complying with the relevant product standards and
components complying with defined SIL level
c) PLC based system with a combination of components compling with the
relevant product standards and of components complying with defined SIL
level
d) PLC based system in which all components comply with defined SIL level
SIL minimum requirements:

Guarding functions (e.g. gas pressure, temperature) performed by components for


which no relevant product standards are existing shall comply with at least SIL2
Functions which will lead to immediate hazard in case of failure (e.g. flame detector
device, ratio monitoring) performed by components for which no relevant product
standards are existing shall comply with at least SIL3
defined SIL level = Process Hazard Analyses and SIL classification
MOL Plc.

Functional Safety

Requirements of EN 746-2: 2010


5.7 Design requirements for electrical and electronic equipment for control system
and protective system

Protective systems shall fulfil one of the following conditions:

In the process sector


EN 61511 shall be used!!
Note: IEC 62061 Safety of Machinery
EN 298:2012
EN 1643:2000
EN 1854:2010
EN 161:1991
EN 12067-2:2004

MOL Plc.

Automatic burner control systems for burners and appliances burning gaseous or liquid fuel
Valve proving systems for automatic shut-off valves for gas burners and gas appliances
Pressure sensing devices for gas burners and gas burning appliances
Automatic shut-off valves for gas burners and gas appliances
Gas/air ratio controls for gas burners and gas burning appliances. Electronic types

Functional Safety

Typical Safety Instrumented System

Burner Manager System

Fire & GasProtection of ritating machines (compressors, pumps etc.)

Emergency Shutdown System ESD:

Gas breakthrough protection)

Overfill protection (for tanks)

High Integrity Pressure Protection System - HIPPS

MOL Plc.

10

Functional Safety

EN 61511-1, 2, 3
Functional safety Safety instrumented
systems for the process industry sector
Part 1 : Framework, definitions, system, hardware
and software requirements
Normative

Part 2 : Guidelines in the application of part1


Informative
Part 3 : Examples of methods for determining
safety integrity in the application of hazard
& risk analysis
Informative

MOL Plc.

11

Functional Safety

3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

12

Functional Safety

9. Verification

2. Allocation of safety
functions to
protection layers

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511 Safety Lifecycle

2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

13

Functional Safety

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

9. Verification

Activities:
To determine the hazards of the process, the
sequence of events leading to the hazardous
event, the requirements for risk reduction and
the safety functions required to achieve the
necessary risk reduction
Allocation of safety functions to protection
layers and for each safety instrumented
function, the associated safety integrity level
Safety Requirements Specification (SRS):
To specify the requirements for each SIS, in
terms of the required safety instrumented
functions and their associated safety integrity,
in order to achieve the required functional
safety

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511 Safety Lifecycle


Analyses phase: Determination of safety requirements

2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

14

Functional Safety

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

9. Verification

Activities:
To design the SIS to meet the requirements
for safety instrumented functions (SIF) and
safety integrity (SIL). Design of the SIS in
conformance with the SIS safety
requirements specification (SRS)
SIS installation: Fully functioning SIS in
conformance with the SIS design results of
SIS integration tests (FAT, SAT)
To validate that the SIS meets in all respects
the requirements for safety in terms of the
required safety instrumented functions
(SIF) and the required safety integrity level
(SIL)

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511 Safety Lifecycle


Realization of Safety Instrumented System

2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

15

Functional Safety

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

9. Verification

Activities:
To ensure that the functional safety of the
SIS is maintained during operation and
maintenance (Test.TestTest)
To make corrections, enhancements or
adaptations to the SIS, ensuring that the
required safety integrity level is achieved
and maintained (MoC: Management of
Change)

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511 Safety Lifecycle


Operation of Safety Instrumented System

2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

16

Functional Safety

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

9. Verification

Activities:
To test and evaluate the outputs of a given
phase to ensure correctness and
consistency with respect to the products
and standards provided as input to that
phase

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511. safety lifecycle


Verification

R
R
HR

HR
HR
HR
HR

Audit

Demonstratio
n
HR
HR
HR
HR

3. Safety
requirements
specification for SIS

HR
R
R

4. Design and
engineering of
SIS

Responsibility
I
P/R
I
P/R
P/R
L / V*
P/R
I
FSA

NR: Not recommended, R: Recommended, HR: Highly recommended, L: Lead, P: Participate, R: Review, A:
Approval, I: Inform, V: Verify, FSA: Functional Safety Assessment

MOL Plc.

17

Functional Safety

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

11. Safety life-cycle structure and planning

HR
HR

HR
HR
HR

10. Management Of functional safety and functional safety Assessment and auditing

Name / Company
MOL Co.
MOL Co.
OTF
Haldor Topsoe
OLAJTERV
PROCOPLAN
MOL Co. Refinery
OLAJTERV / YEW / PCP
YOKOGAWA
OTF
PETROSZOLG
SIL4S

HR
HR
HR

HR
HR
HR

9. Verification

Description of Responsible
Customer / End-user
HSE Representative
Main Contactor
Process Designer / Licensor
Process Designer
Functional Safety Engineer / SIS specialist
Plant Operation
SIS Detail Designer
SIS Vendor
SIS Installer
SIS Maintenance
Functional Safety Assessor

HR
HR
HR

Test

Simulation

Inspection

HR
HR
HR
HR
HR

HR

1. Hazard and risk


assessment
2. Allocation of safety
functions to
protection layers

Define safety lifecycle


Hazard and risk analysis
Allocation of SIF to protection layers
Safety Requirements Specifications (SRS)
SIS design and engineering
SIS installation commissioning
SIS validation
SIS operation and maintenance
SIS modification
Decommissioning
SIS functional safety assessment

HR

HR
HR
HR
HR
HR
HR
HR

Analysis

Checklist

Safety Life Cycle phases

Review

EN 61511 Safety Lifecycle: Verification

2. Allocation of safety
functions to
protection layers
3. Safety
requirements
specification for SIS
4. Design and
engineering of
SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

18

Functional Safety

11. Safety life-cycle structure and planning

1. Hazard and risk


assessment

9. Verification

Activities:
To ensure that the functional safety of the
SIS is maintained during operation and
maintenance (Test.TestTest)
To make corrections, enhancements or
adaptations to the SIS, ensuring that the
required safety integrity level is achieved
and maintained (MoC: Management of
Change)

10. Management Of functional safety and functional safety Assessment and auditing

EN 61511 Safety Lifecycle


Operation of Safety Instrumented System

1. Hazard and risk


assessment
2. Allocation of safety
functions to
protection layers

Process Designer /
Licensor:
Haldor Topsoe

Process Designer:
OLAJTERV Co.

SIS vendor:
YOKOGAWA

Realization
Phase

PHA / FS Engineering:
ProCoPlan Ltd.

Detail Designer:
OLAJTERV Co.

SIS Field Instrument


Vendors: XX.

SIS
Design

Plant operation: MOL


Danube Refinary

PHA / SRS

Analysis
Phase

Operation
Phase

SIS Operation: MOL


Danube Refinary

SIS Field Installation


Commissioning: XXX

SIS maintenance:
PETROSZOLG Ltd.

4. Design and
engineering of
SIS

Operation/
Maintenanc
e

SIS LS+SW Installation


Commissioning:
YOKOGAWA

Installation /
Commissioning

SIS Detail Designer:


ProCoPlan Ltd.

3. Safety
requirements
specification for SIS

Design and
development of other
means of
risk reduction

5. Installation,
commissioning
and validation

6. Operation and
maintenance

7. SIS modification

8. Decommission

MOL Plc.

19

Functional Safety

11. Safety life-cycle structure and planning

Functional Safety
Assessor:
SIL4S Ltd.

10. Management Of functional safety and functional safety Assessment and auditing

Main Contactor:
OTF

9. Verification

Customer / End-User:
MOL Co.

Functional
Safety
Management

EN 61511 Safety Lifecycle


Safety Plan

Safety Book
Management Of
functional safety
Hazard and risk
assessment
(H&RA)
Allocation of safety
functions to
protection layers
Safety requirements
specification for SIS

EN 61511 Safety Lifecycle


Safety Book

Safety Plan
Responsibility Matrix
Operation and
maintenance
HAZOP report
LOPA report (preliminary)
PFD, P&ID + IPL, SIF-el

SIS modification

HAZOP report (modified)


SRS
Detail design(mod.)

SIS
decommissioning

HAZOP report (modified)


Detail design (decommissioning plan)

LOPA report
SIS C-E Matrix
Trip-diagram
Safety Requirements
Specification(SRS)
SIF components specifications
Detail design of SIS
Operation Manual
Maintenance Manual
Test protocol
Application software design
FAT/SAT protocol
Validation Plan

Design and
engineering of
SIS

Installation,
commissioning
and validation

FAT/SAT report
Validation plan
As built plans

MOL Plc.

20

Test report
HSE report

Functional Safety

Abbreviation

BPCS:
DC:
DCS:
EUC:
H&RA:
LS:
MooN:
MOS:
MTTF:
MTTR:
MTBF:
PFDavg:

S(I)F:
SIL:
SIS:
SFF:
SLC:
SRS:
RR(F):

Basic Process Control System Alap folyamatirnyt rendszer


Diagnostic Coverage Diagnosztikai lefedettsg
Distributed Control System Osztott irnyt rendszer
Equipment Under Control Irnytott berendezs
Hazard and Risk Analysis Veszly- s kockzat analzis
Logic Solver Logikai vezrl (kirtkel)
M out of N M az N-bl szavazs
Maintenance Override Switch Karbantartsi felold kapcsol
Mean Time To Failure tlagos id hibig
Mean Time To Repair - tlagos id javtsig
Mean Time Between Failure - tlagos id hibk kztt
Average Probability of Failure on Demand Hibzs tlagos
valsznsge megkvnt (mkds esetn)
Safety (Instrumented) Function Biztonsgi (mszerezett) funkci
Safety Integrity Level Biztonsgi integritsi szint
Safety Instrumented System Biztonsgi mszerezs rendszer
Safe Failure Fraction: Biztonsgos hiba arnya
Safety Life Cycle Biztonsgi letciklus
Safety Requirement Specification Biztonsgi kvetelmny specifikci
Risk Reduction (Factor) Kockzat cskkentsi (tnyez)

MOL Plc.

21

Functional Safety

Definitions

Hazard: potential source of harm


Harm: physical injury or damage to the health of people, either directly
or indirectly, as a result of damage to property or to the environment
Risk: combination of the frequency of occurrence of harm and the
severity of that harm
Tolerable risk: risk which is accepted in a given context based on the
current values of society
Safety: freedom from unacceptable risk
Safe state: state of the process when safety is achieved
Safety integrity: average probability of a safety instrumented system
satisfactorily performing the required safety instrumented functions
under all the stated conditions within a stated period of time
safety integrity level (SIL): discrete level (one out of four) for specifying
the safety integrity requirements of the safety instrumented functions to
be allocated to the safety instrumented systems.

MOL Plc.

22

Functional Safety

Risk
Safety integrity of protection layers shall meet the
required risk reduction!
Concequency
of hazardous
event

Risk = Severity x Frequency


Severity
EUC
risk

Non SIS
risk
reduction
(BPCS)

SIS Safety
Instrumented
System

Frequency

Required risk reduction

Frequency of
hazardous
event

MOL Plc.

Other
safety
system

23

Functional Safety

Tolerable
risk

Reduce risks to acceptable levels

Hazard
Class

Major

Unacceptably
high risks!

Medium

Minor

Acceptably
low risks!
LOW

MOL Plc.

MEDIUM

24

HIGH

Functional Safety

Frequency
of occurrence

Reduce the frequency of occurrence


Prevention

Hazard
Class

Major
PL3

PL1

Medium
PL4

PL2

Minor
LOW

MOL Plc.

MEDIUM

25

HIGH

Functional Safety

Frequency
of occurrence

Reduce the severity of consequence

Major
ML
1

ML
2
Medium

ML
3

Mitigation

Hazard
Class

ML
4
Minor
LOW

MOL Plc.

MEDIUM

26

HIGH

Functional Safety

Frequency
of occurrence

Reduce the severity of consequence

Major
PL2

PL1

Medium

Mitigation

Hazard
Class

ML1
ML3

Minor
LOW

MOL Plc.

MEDIUM

27

HIGH

Functional Safety

Frequency
of occurrence

Tolerable risk
Risk cannot be justified
except in extraordinary
circumstances

Intolerable region
The ALARP or
tolerability region

ALARP:

(Risk is undertaken
only if a benefit is
desired)

Tolerable only if further risk


reduction is impracticable or if its
cost is grossly disproportionate to
the improvement gained

(As Low As Reasonably Practicable)

It is necessary to maintain
assurance that risk remains at
this level

Broadly acceptable region


(No need for detailed working
to demonstrate ALARP)

Negligible risk
MOL Plc.

28

Functional Safety

ALARP process
1. Identify & assess hazards
2. Confirm minimum acceptance criteria are
met
3. Identify complete range of possible
risk reduction measures
4. Implement each measure unless proven to
be not reasonably practicable

ALARP: Tolerable only if risk reduction is impracticable or if its cost


is grossly disproportionate to the improvement gained

MOL Plc.

29

Functional Safety

Typical Risk
Risk
5*10-2
10-2
R > 10-3
1. 3*10-4
10-4
10-4-10-3
1*10-4
10-5-10-4
10-5
10-6-10-5
R < 10-6
10-7-10-6

MOL Plc.

Description
Risk of Smoking
Risk of average illness
Not acceptable
Road accident
ALARP
Work accident (mining)
Average work accident
Work accident (Refinery)
ALARP
Work accident (light industry)
Acceptable by average individual
Risk of lighting

30

Functional Safety

Individual and Social Risk

Individual Risk (IR): Individual risk is the annual risk of death or serious
injury to which specific individual are exposed in a given location. (the
risk to a person in a vicinity of a hazard) Individual risk criteria are
intended to show that workers or members of the public are not exposed
to excessive risk. They are largely independent of the number of people
exposed and hence may be applied to a broad range of activities.
Social Risk (SR): Part of the population likely to be victims as a
consequence of an accident and the associated frequency
IR

IR

I
I

Risk source

Risk source
LAH
1

LAH
1

IRa = IRb
SRa < SRb

IR
MOL Plc.

31

Functional Safety

IR

Individual Risk Criteria


(According to 18/2006. (I. 26.) order in council)
1.0E-3

Design
intent

Not acceptable

1.0E-4

1.0E-5
ALARP
1.0E-6

Acceptable

1.0E-7

1.0E-8

MOL Plc.

32

Functional Safety

Social Risk Criteria


(According to 18/2006. (I. 26.) order in council)
B. Social Risk (F-N curve)
Frequency F (x>=N)

1.0E-2

F<(10-5xN-2)

(10-5xN-2)< F<(10-3xN-2)

1.0E-3

F>(10-3xN-2)

1.0E-4

Not acceptable

1.0E-5

ALARP

1.0E-6
1.0E-7
1.0E-8

1.0E-9

Acceptable
1

10

100

1000

Number of Fatalities (N)


Design
intent
MOL Plc.

33

Functional Safety

10000

Protection Layers
Risk
Initial risk without
protection

Risk reduction by process


design

Total risk reduction

Risk reduction by
BPCS (DCS)
Risk reduction by
Alarm & operators
response
Risk reduction by
SIS
Acceptable risk

Risk reduction by
Mechanical protection
Other risk reduction

Residual Risk

Protection Layers
IPL1

MOL Plc.

IPL2

IPL3

34

IPL4

IPL5

Functional Safety

IPL6

Layers of protection
COMMUNITY EMERGENCY REPSONSE
PLANT EMERGENCY REPSONSE

PHYSICAL PROTECTION (DIKES)


PHYSICAL PROTECTION (RELIEF DEVICES)
AUTOMATIC ACTION SIS OR ESD
CRITICAL ALARMS, OPERATOR
SUPERVISION, AND MANUAL INTERVENTION
BASIC CONTROLS, PROCESS ALARMS,
AND OPERATOR SUPERVISION

PROCESS
DESIGN

LAH
1

MOL Plc.

35

Functional Safety

Preventive and mitigation Protection Layers


MECHANICAL PROTECTION

COUNTRY EMERGENCY RESPONSE

SIS (ESD)

COMMUNITY EMERGENCY RESPONSE

ALARM + OPERATOR SUPERVISION

PLANT EMERGENCY RESPONSE

BPCS (DCS) CONTROL

PHISICAL PROTECTION

PROCESS DESIGN

HAZARDOUS EVENT
ACCIDENT

LAH
1

MITIGATION

PREVENTION
INIT.
EVENT 1

PROTECTION LAYERS
PL
1A

INIT. EVENT
2

INITEVENT 3

PL
1B
PL
2B

PL
3A

PL
1C

ML1

PL
1D

HAZARDOUS
EVENT

PL
2C
PL
3C

CONSEQUENCE 1

CONSEQUENCE 2
CONSEQUENCE 3

CONSEQUENCE 4

PL
3D

SCENARIO = FROM INIT EVENT ..TO CONSEQUENCY


MOL Plc.

ML2

36

Functional Safety

TYPE OF RISK

CENSEQUENCY
FOR PERSON

ENVIROMENT ACCIDENT
CONSEQUENCE FOR
POPULATION

CAUSE
SYSTEM
INCIDENT
(FAILURE)

CONSEQUENCY FOR
ENVIROMENT

HAZARD
CONSEQUENCY FOR
ECONOMY

MOL Plc.

37

Functional Safety

HAZARD
HAZARD:
ENERGY OF POSITION

PROTECTION

INCIDENT
GRAVITY

ACCIDENT

RISK
REDUCTION

MOL Plc.

38

Functional Safety

Major accident 1.
On March 23, 2005, a hydrocarbon vapour cloud explosion occurred at the
ISOM isomerization process unit at BP's Texas City refinery in Texas City,
Texas, killing 15 workers and injuring more than 170 others

Cause: Failure of Level


transmitter and
alarm flooding

MOL Plc.

39

Functional Safety

Major accident 2.
Bruncefield, UK
Cause: Overfilling of tank and
delayed ignition + Vapor
Cloud Explosion

MOL Plc.

40

Functional Safety

Major accident 3.
Piper Alpha

OK: Removed PSV


and work
permission failure

MOL Plc.

41

Functional Safety

Material Safety Data Sheet

MOL Plc.

42

Functional Safety

PROCES HAZARD ANALYSIS


HOW TO IDENTIFY THE HAZARDS?
USEFUL ANALYSIS TECHNIQUES:

QRA: Quantitative Risk Assessment


Checklist Analysis
What If Analysis
What if Analysis+ Checklist Analysis
Hazard and Operability Analysis: HAZOP
Failure Mode and Effects Analysis: FMEA

OTHER PROCEDURES:

Event Tree Analysis: ETA


Fault-Tree Analysis: FTA

MOL Plc.

43

Functional Safety

QRA: VCE
SITE DATA:
Location: SZAZHALOMBATTA, HUNGARY
Building Air Exchanges Per Hour: 0.50 (enclosed office)
Time: March 22, 2010 0907 hours DST (using computer's clock)
CHEMICAL DATA:
Chemical Name: HYDROGEN
Molecular Weight: 2.02 g/mol
TEEL-1: 65000 ppm TEEL-2: 230000 ppm TEEL-3: 400000 ppm
LEL: 40000 ppm UEL: 750000 ppm
Ambient Boiling Point: -252.8 C
Vapor Pressure at Ambient Temperature: greater than 1 atm
Ambient Saturation Concentration: 1,000,000 ppm or 100.0%
ATMOSPHERIC DATA: (MANUAL INPUT OF DATA)
Wind: 4 meters/second from 315 true at 25 meters
Ground Roughness: urban or forest
Cloud Cover: 5 tenths
Air Temperature: 15 C
Stability Class: C
No Inversion Height
Relative Humidity: 50%
SOURCE STRENGTH:
Leak from hole in vertical cylindrical tank
Flammable chemical escaping from tank (not burning)
Tank Diameter: 1.2 meters
Tank Length: 3.09 meters
Tank Volume: 3.5 cubic meters
Tank contains gas only
Internal Temperature: 15 C
Chemical Mass in Tank: 20.3 kilograms
Internal Press: 68 atmospheres
Circular Opening Diameter: 1 centimeters
Release Duration: 7 minutes
Max Average Sustained Release Rate: 9.06 kilograms/min
(averaged over a minute or more)
Total Amount Released: 19.6 kilograms
THREAT ZONE:
Threat Modeled: Overpressure (blast force) from vapor cloud explosion
Type of Ignition: ignited by spark or flame
Level of Congestion: congested
Model Run: Gaussian
Red : 21 meters --- (100000 pascals)
Orange: 40 meters --- (16500 pascals)
Yellow: 77 meters --- (5400 pascals)

MOL Plc.

44

Functional Safety

Origin of HAZOP
Bert Lawley

Published by Bert Lawley in 1974


Aim: Systematically checking of P&IDs

MOL Plc.

45

Functional Safety

Flowsheet of HAZOP
0. Data gathering

HAZOP

1. Partition of process

5. Determine consequences + severity

2. Intentions of design

6. Identify protections, safeguards

Determine deviations
(parameter + guideword)

7. Recommendations, actions

4. Determine causes + frequency

8. Documentations

NO

Finish?
RISK
ASSESMENT

Applied software: DYADEM PHA-Pro7


MOL Plc.

46

Functional Safety

Aims of HAZOP
Hazard & Risk Analysis:

identification of the hazards and hazardous events (emergency situations)


inherent in the process and its associated equipment as well as of the
sequence of events leading to an emergency, the process risks related to
emergencies, the requirements of risk reduction and the safety functions
necessary for achieving the required level of risk reduction.
Objective of the HAZOP:

The hazard & operability (HAZOP) analysis is the structured and


systematic investigation of some planned or existing technological
process or operation with the purpose of identifying and evaluating all
problems which may pose risks in respect of the personnel, the
environment or equipment or may hinder the efficient operation of the
process system. The HAZOP study is aimed at the discovery of potential
deviations from the intention of the design as well as the investigation of
the possible causes of these and the assessment of the consequences.
Applied standard:
IEC 61882: Hazard and operability studies (HAZOP studies)
MOL Plc.

47

Functional Safety

HAZOP glossary
HAZOP worksheet entries:

Node / subnode: A node is a specific location in the process in which


(the deviations of) the design/process intent are evaluated. (e.g.
separators, heat exchangers, scrubbers, pumps, compressors, and
interconnecting pipes with equipment.)

Design Intent: The design intent is a description of how the process is


expected to behave at the node; this is qualitatively described as an
activity (e.g., feed, reaction, sedimentation) and/or quantitatively in the
process parameters, like temperature, flow rate, pressure etc.

Deviation: A deviation is a way in which the process conditions may


depart from their design/process intent.

Parameter: The relevant parameter for the condition(s) of the process


(e.g. pressure, temperature, composition).

Guideword: A short word to create the imagination of a deviation of the


design/process intent. The most commonly used set of guide-words
is: no, more, less, as well as, part of, other than, and reverse.

Deviation = Parameter + Guideword


MOL Plc.

48

Functional Safety

HAZOP glossary
HAZOP worksheet entries:

Cause: The reason(s) why the deviation could occur

Consequence: The results of the deviation, in case it


occurs. Consequences may both comprise process
hazards and operability problems, like plant shut-down or
reduced quality of the product. Several consequences may
follow from one cause and, in turn, one consequence can
have several causes

Safeguard: Facilities that help to reduce the occurrence


frequency of the deviation or to mitigate its consequences.

MOL Plc.

49

Functional Safety

HAZOP members
Practically in the HAZOP procedure the following members should be
present as participants:

HAZOP team leader (PROCOPLAN Ltd)

HAZOP secretary (PROCOPLAN Ltd)

Operator (MOL)

Maintenance experts of process unit (MOL)

Functional Safety Engineer (FSE) and /or SIS expert (PROCOPLAN Ltd)

Technologist

HSE

MOL Plc.

50

Functional Safety

HAZOP leader
HAZOP leader responsibilities:

Defining the method and scope of the analysis

Plans and schedules the HAZOP study

Ensures the data supply gets to the members

Explanation of the applied guide-words and technological parameters

Leads the team in the HAZOP analysis

Ensure the results and recommendations are documented

Ensures that the study is completed in the time and follows the progress
of HAZOP study

Ensures that the analysis fully covers the process

Prepares the HAZOP sheets and handles the HAZOP program

Makes a report about the comments and notices

Documenting the determined hazards, identified problems and


recommendations

Prepares the draft HAZOP report


MOL Plc.

51

Functional Safety

HAZOP guidewords
The basic HAZOP guide-words are:
Guide Words

Meaning

No (not, none)

None of the design intent is achieved

More (more of, higher)

Quantitative increase in a parameter

Less (less of, lower)

Quantitative decrease in a parameter

As well as (more than)

An additional activity occurs

Part of

Only some of the design intention is achieved

Reverse

Logical opposite of the design intention occurs

Other than (other)

Complete substitution - another activity takes place

Early / late

The timing is different from the intention

Before / after

The step (or part of it) is effected out of sequence

Faster / slower

The step is done/not done with the right timing

Where else

Applicable for flows, transfer, sources and destinations

MOL Plc.

52

Functional Safety

HAZOP documentation
Input documentation:
Process Flow Diagram (PFD)
Piping and Instrumentation Diagram (P&ID)
Detailed technological description
Operational manual
Safety Material Data Sheets (SMDS)
Risk criterias for people, public, business and environment. Tolerable
risks (part of HSE policy)
Logic Narrative, ESD system description
Cause and Effect matrix (C&E)
Output documentation:
Introduction, methodology
System definition and delimitation
Documents (on which the analysis is based)
Methodology
Team members, sessions, attendance
HAZOP report
Recommendations
MOL Plc.

53

Functional Safety

HAZOP worksheet 1.

MOL Plc.

54

Functional Safety

HAZOP worksheet 2.

MOL Plc.

55

Functional Safety

HAZOP worksheet 3.

MOL Plc.

56

Functional Safety

HAZOP worksheet 4.
Enabled Initial Event
Frequency
Initial Event Frequency

Unmitigated Event
Frequency

Mitigated Event
Frequency
Tolerate Event
Frequency
Risk Reduction Factor

MOL Plc.

57

Functional Safety

HAZOP worksheet 5.

MOL Plc.

58

Functional Safety

HAZOP nodes and subnodes


Subnode
2.6

NODE-1

Subnode
2.7
Subnode
2.9

Subnode
2.2

Subnode
1.5

Subnode
2.8

Subnode
2.3

Subnode
2.4
Subnode
2.10

Subnode
2.11

Subnode
2.1
Subnode
1.1

Subnode
1.2

NODE-2

PLDA
Subnode
2.12
Subnode
1.3

Subnode
1.6
MOL Plc.

Subnode
2.5
Subnode
1.4
59

Functional Safety

Subnode
2.13

HAZOP node and subnode: 111 Heater


I

TAHH
2103

Subnode-1:

GSO
2601

Feed of H111

GSC
2601
I
FALL
2302

TN
201

GUDRON BE

TN
208

Subnode-3:

PALL
2205

Firing Chamber

H111

FNC
2302

TAHH
2104

P351
1/2

TN
211

GUDRON KI
NAL
3511

TNC
2102

BXL
2701
PALL
2234

PAL
2233

Ignition

PAHH
2232

PAH
2231

Subnode-2:

Fuelgas supply
DPAH
3205

Out of
Service

Operation

FG
PAL
2239

PALL
2240

PAH
2237

MOL Plc.

FNC
2305

60

PAHH
2238

Functional Safety

PNC
2214

Example

HAZOP & LOPA


HAZOP

LOPA

RISK RANKING

INITIATING EVENT

DEVIATION

INITIATING EVENT
FREQUENCY

FREQUENCY OF
COUSES

CAUSES

FSQA

RISK
MATRIX
SEVERITY OF
CONSEQUENCE

CONSEQUENCES

FSQA

EXISTING PROTECTION

CONSEQUENCES

BPCS (DCS, PLC) IPL


& PFD

SEVERITY OF
CONSEQUENCE

ALARM + OPERATORS
ACTION IPL & PFD

TOLERABLE EVENT
FREQUENCY

SIS (ESD) IPL & PFD

MECHANICAL
PROTECTIONIPL & PFD

PROPOSED PROTECTION
SAFETY REQUIREMENT
SPECIFICATION SRS
MOL Plc.

61

SIL?
Functional Safety

MITIGATED
EVENT FREQUENCY

Frequency of the initial causes


Determination of the frequency of the initial causes (by qualitative method)
Category

Probability

Definition

Negligible, extremely
improbable

Improbable (> 20 years)

Possible (4 - 20 years)

Probable (1 - 4 years)

Frequent (< 1 year)

An occurrence unknown in the industry, not expected


during the life-cycle of the equipment.
Has occurred in the industry, not yet at known unit
sites, but may occur during the life-cycle of the
equipment.
Has occurred at known unit sites and may occur a
few times during the life-cycle of the equipment.
Has occurred several times in a year at known unit
sites and may occur several times during the lifecycle of the equipment.
May occur several times in a year at a given location.

Example

MOL Plc.

62

Functional Safety

Consequences affecting people (PERS)


Consequences affecting the health and safety of people:
Category

A
B

Consequence
Slight injury & harm to
health (first-aid)
Major injury (accident) &
harm to health

Severe injury (accident) &


harm to health

Fatality or group accident

Multiple fatality

Definition
Capacity to work not affected, no lost time caused
(first-aid, medical attention).
Temporary (less than 3 days) loss of capacity to
work. Reversible, complete recovery possible.
Prolonged or partial loss of capacity to work. Not
reversible, complete recovery not possible, but does
not entail loss of life.
Fatal accident involving one person or a severe
group accident involving more than two persons.
Fatal accident involving more than one person,
catastrophe.

Example

MOL Plc.

63

Functional Safety

Economic or business consequences:

Category

Consequence

Definition

Minor loss

Yield, energy loss, about 25% feed rate reduction


in a smaller unit (business loss: 1 10 thousand
EUR)

Major loss

Shut-down of a smaller unit, 25% feed rate


reduction in an average size unit (business loss: 10
100 thousand EUR)

Severe loss

Quality & quantity problem in market supply,


spoiling the corporate image (business loss: 0.1
1 million EUR)

Very severe loss

Shutdown of a major unit (business loss: 1 10


million EUR)

Catastrophic loss

Shocking upset in the national


(business loss: >10 million EUR)

fuel

supply

Example

MOL Plc.

64

Functional Safety

Environmental consequences:
Category

Consequence

Minor effect

Major effect

Severe (local) effect

Very severe effect

Catastrophic effect

Definition
Local environmental impact, inconvenience (noise,
odor, waste generation). Flaring for less than a day.
Major environmental impact, emission above limits
(high-rate flaring of e.g. hydrogen sulfide. Periodical
environmental impact.
Local (internal) damage to the environment, spoiling
corporate image. Limited release of toxic substance.
Very severe effect damaging the environment, emission
exceeding limits significantly (toxic gas release).
External (outside the fence) and major internal damage
to the environment. Rehabilitation requiring significant
resources.
Large effect damaging the external environment with
catastrophic
consequences,
prolonged
emission
exceeding limits considerably (e.g. HF, ammonia,
hydrogen sulfide release or major living water
pollution). Rehabilitation requiring very significant
resources.

Example

MOL Plc.

65

Functional Safety

Layer of Protection Analysis: LOPA

The LOPA methodology allows the determination of the


appropriate Safety Integrity Level (SIL) for the SIF.
Providing rational, semi-quantitative, risk-based answers
LOPA can be easily applied after the HAZOP
The mitigated risk for an impact event can be compared with the
corporation's criteria for unacceptable risk.
Additional safeguards or independent protection layers can be
added.
LOPA provides a rational basis to allocate risk reduction
resources efficiently.
Reducing emotionalism
Providing clarity and consistency
Documenting the basis for the decision
Facilitating understanding among plant personnel

MOL Plc.

66

Functional Safety

Layer of Protection Analysis: LOPA


LOPA
1. Identification of scenario

6. Calculation of Unmitigated
event frequency

2. Determination of severity of
consequence

7. PFD of IPLs

3. Tolerable frequency (TEF)

8. Calculation of Mitigated
event frequency (MEF)

4. Frequency of cause
9. Determination of SIL
5. Enabling event and
conditional modifier

10. LOPA documentation

SIF/SRS

LOPA: Layer of Protection Analysis Simplified Process Risk Assessment


by CCPS (concept book)
Applied LOPA software: DYADEM PHA-Pro7

MOL Plc.

67

Functional Safety

Risk criteria:
Tolerable frequency for the health and safety of people:
Category

Consequence

Tolerable frequency

Small injury and health damage (first aid)

10-2 event/year

Moderate injury and health damage

10-3 event/year

Serious injury and health damage

10-4 event/year

One fatality and group of injury

10-5 event/year *

More fatalities

10-6 event/year *

* Note: Tolerable frequency: 10-5 / N^2, where the N is the effected person.
Tolerable frequency for the business:
Category

Consequence

Tolerable frequency

No significant losses (business losses: 1-10 000 EUR)

10-1 event/year

Significant losses (business losses: 0,010-0,100 mEUR) 10-2 event/year

Serious losses (business losses: 0,1-1 mEUR)

10-3 event/year

Highly serious losses (business losses: 1-10 mEUR)

10-4 event/year

Catastrophic losses (business losses >10 mEUR)

10-5 event/year

MOL Plc.

68

Functional Safety

Protection Layers
BUMM
Mechanical Protection
Trip level HH

Safety action of SIS (ESD)

(BPCS) Alarm + operators response

Alarm high: AH

High level

BPCS (DCS)
Process Variable (PV)

Normal operation

Low level

MOL Plc.

69

Functional Safety

RRF and PFD


PFD: Probability of Failure on Demand
PFDavg: Average Probability of Failure on Demand

Initial event

IPL1

IPL2

IPL3

BPCS
(DCS)

Alarm+
operator

SIS

Occurrence of consequence

Initial
event
fI

Success

safety
Success

Not desirable, but


acceptable

Failed (PFD1)
f1=fI*PFD1

Success
Failed (PFD2)
f2=f1*PFD2
Failed (PFD3)
fC=f2*PFD3

Not desirable, but


acceptable
Dangerous
fC

1
f C f I PFD1 PFD2 PFD N f I PFDi f I
RRF
i 1
MOL Plc.

70

Functional Safety

IPL requirements
IPL Independent Protection Layer shall be (acc. to EN 61511-3/F.9.):
Specificity: An IPL is designed solely to prevent or to mitigate the
consequences of one potentially hazardous event (for example, a runaway
reaction, release of toxic material, a loss of containment, or a fire).
Multiple causes may lead to the same hazardous event; and, therefore,
multiple event scenarios may initiate action of one IPL;
Independence: An IPL is independent of the other protection layers
associated with the identified danger.
Dependability: It can be counted on to do what it was designed to do.
Both random and systematic failures modes are addressed in the design.
Auditability: It is designed to facilitate regular validation of the protective
functions. Proof testing and maintenance of the safety system is
necessary.

3 Enough's, Big/Fast/Strong Enough


3 Ds: Detect / Decide / Deflect
MOL Plc.

71

Functional Safety

Typical PFD
A

MOL Plc.

72

Functional Safety

Typical PFD
A

MOL Plc.

73

Functional Safety

LOPA calculation
fUMF f I PE PC
Initial event

fUMF
SW

fI

IPL1

IPL2

IPL3

IPLN

fMEF

Veszlyes
esemny

f I f Ii
i

PE

ENABLING
EVENT
M

PE PEi
i

PC

PFD1

PFD2

PFD3

PFDN

fT

CONDITIONAL
MODIFIER

RRF

PC PCi

RRFSIF

N
fUEF N
f MEF
fI

PFDi PE PC PFDi
fT
fT i1
fT
i 1

PE

TBASE

TE
TBASE

Time
(t)

TE

PC

AEFF

MOL Plc.

Severity of
consequence

74

ATOT

Functional Safety

p fatality V

AEFF
ATOT

SIL

SIL, RRF
RR(F):
SIL:

MOL Plc.

Risk Reduction (Factor)


Safety Integrity Level

Safety integrity level


(SIL)

Avarage Probability of
Failure on Demand
(PFDavg)

Risk Reduction Factor (RRF)

>=10-1

<= 100

>=10-2 - <10-1

>10 - <= 100

>=10-3 - <10-2

>100 - <= 1000

>=10-4 - <10-3

>1000 - <= 10000

>=10-5 - <10-4

>10000 - <= 100000

75

Functional Safety

Safety Requirement Specification

Example
MOL Plc.

76

Functional Safety

Safety Instrumented Functions (SIF)

SIF1
SIF1

SIF2

S1

S1

SIF2
S2
S3

Logic
Solver
(LS)

FE
2

S2

Logic
Solver
(LS)

S3

SIF3

FE
2
FE
3

S3
S4

MOL Plc.

FE
1

77

Functional Safety

SIF3

Typical SIF

Typical SIF of BMS:

Fuel gas low pressure protection: SIF-102-02B/1..4


MPSL-087A/B/C

MBAL-001-004
(main burner 1.)

PSL

2oo3

1oo2

LOGIC
SOLVER:
Safety PLC

BSL

1oo2

MUV-002A/B/C
(main burner 1.)

1oo2

MUV-003A/B/C
(main burner 2.)

1oo2

MUV-002A/B/C
(main burner 1.)

1oo2

MUV-003A/B/C
(main burner 2.)

1oo3

MUV-004A/B/C
(pilot burner)

8oo8

MUV-011..018
(pilot burner)

No flame protection (during operation): SIF-102-03D/5..8


MBAL-005-008
(main burner 2.)

BSL

LOGIC
SOLVER:
Safety PLC

Flue gas path protection: SIF-102-05A


MGSC015/15A/15B

MOL Plc.

GSC

2oo3

LOGIC
SOLVER:
Safety PLC

78

3oo3

Functional Safety

Realization of SIF

Example
MOL Plc.

79

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

80

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

81

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

82

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

83

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

84

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

85

Functional Safety

Realization of SIF by Honeywell FSC

Example
MOL Plc.

86

Functional Safety

Failure mode

Safety failure:
close

Safety
Detected
Detected by
limit switch

Safety
Undetected

Failure

Detected by
PST
Dangerous failure:
Stuck open

MOL Plc.

87

Functional Safety

Dangerous
Detected

Dangerous
Undetected

Failure mode

Safety Failure:
Close
Pressure

PSHH

Dangerous failure

High Pressure

Time
Spurious shutdown
Failed
shutdown
shutdown
(safety)
(dangerous)

MOL Plc.

88

Functional Safety

Failure mode
SD
SU
HIBAMENTES

Safety
Detected

Safety
Undetected

DD
DU

Dangerous
Detected

Dangerous
Undetected

D U DD DU SD SU
MOL Plc.

89

Functional Safety

Failure rate

Failures

Constant:
(t)=
Time
Normal operation (lifetime)
Wearing

Wear in

MOL Plc.

90

Functional Safety

PFD
PFD: (Probability of Failure on Demand):
1

Probability

PFD (t )
Dangerous failure
t

PFDD (t ) FD (t ) 1 e

D t

D t

S t

PFS (t )

PFDS (t ) FS (t ) 1 e

PFD (t ) PFDD (t ) PFDS (t )


MOL Plc.

91

Functional Safety

PFDavg
PFDavg: (Average Probability of Failure on Demand):
1

Probability
PFDAVG: average

t
TI: TEST INTERVAL

1
1
D TI
D t

PFD D (t ) dt
1 e
dt

TI 0
TI 0
2
TI

PFD AVG
MOL Plc.

TI

92

Functional Safety

MooN voting
Safety

1oo3

1oo2

1oo1

2oo4

2oo3

2oo2

Reliability

Safety

3oo3
Reliability

Architecture

HFT

1oo1

2oo2

1oo2

2oo3

1oo3

2oo4

MooN voting (respect to safety) implies that at least M out of N


component must function for the safety function to work (on demand)
MOL Plc.

93

Functional Safety

1oo2, 2oo2 voting


1oo2 voting

2oo2 voting

MOL Plc.

94

Functional Safety

Achieved Safety Integrity Level


Low demand
mode:

Continous:

Safety integrity Level


(SIL)

PFDavg

PFH

>=10-1

<= 100

>=10-2 - <10-1

>=10-6 - <10-5

>=10-3 - <10-2

>=10-7 - <10-6

>=10-4 - <10-3

>=10-8 - <10-7

>=10-5 - <10-4

>=10-9 - <10-8

SENSOR

LOGIC
SOLVER

FINEL
ELEMENT

Energize to trip

POWER
SUPPLY

PFDSIS PFDSi PFDLSi PFDFEi PFDPSi


MOL Plc.

95

Functional Safety

SIL verification
Failure
mode

DIAGNOSTIC

DC

Failure rate

Architecture

PROOF TEST

NooM

PTI

H&RA

lDU, lDD
lSU, lSD
SRS
SFF

HW. Fault TOL.

HFT

Target SIL
PIU

SILAC
SIL
ARCHITECTURE
Constraint

MSZ EN 61511

SILPFD

MIN
SIL
Achieved
SIL

MOL Plc.

SILTAR

96

Functional Safety

>
OK

NOT
OK

SIL certificate

FIT: Failure In Time (1x10-9 failures per hour).


MOL Plc.

97

Functional Safety

SIL verification

FIT: Failure In Time (1x10-9 failures per hour).


MOL Plc.

98

Functional Safety

SIL verification

MOL Plc.

99

Functional Safety

Standards
Seveso II Directive [96/082/EEC]
18/2006. (I. 26.) Korm. Rendelet: a veszlyes anyagokkal kapcsolatos slyos balesetek elleni vdekezsrl
MSZ EN 61508:
Functional safety of electrical/electronic/programmable electronic safety-related systems,
Parts 1-7.
MSZ EN 61511:
Functional safety: Safety Instrumented Systems for the Process Industries. Parts 1-3.
EEMUA 191:
Alarm systems, a guide to design, management and procurement No. 191 (Engineering
Equipment and Materials Users Association)
IEC 61882
Hazard and operability studies (HAZOP studies)
IEC 60812
A rendszer-megbzhatsg elemzs mdszerei. A hibamd- s hatselemzs (FMEA)
eljrsa
IEC 61025
Hibafa-elemzs (FTA: Fault Tree Analysis)
AZ EURPAI PARLAMENT S A TANCS 1999/92/EK IRNYELVE (ATEX137):
A robbansveszlyes lgkr kockzatnak kitett munkavllalk biztonsgnak s
egszsgvdelmnek javtsra vonatkoz minimumkvetelmnyekrl
3/2003. (III. 11.) FMM-ESzCsM egyttes rendelet:
A POTENCILISAN ROBBANSVESZLYES KRNYEZETBEN LEV MUNKAHELYEK
MINIMLIS MUNKAVDELMI KVETELMNYEIRL
MSZ EN 1127-1:
Robbankpes kzegek. Robbansmegelzs s robbansvdelem.
MSZ EN 746-2:1998 Ipari htechnikai berendezsek 2. rsz:Tzel s tzelanyag ellt rendszerek biztonsgi
kvetelmnyei
NYOMSTART BERENDEZSEK MSZAKI-BIZTONSGI SZABLYZATA: a 63/2004. (IV. 27.) GKM rendelet
s a 23/2006. (II. 3.) Kormnyrendelet vgrehajtshoz szksges rszletes mszaki
kvetelmnyek
Layer of Protection Analysis: Simplified Process Risk Assessment (Center for Chemical Process Safety (CCPS)
Concept Book)

MOL Plc.

100

Functional Safety

Thank You for your attention!


PROCOPLAN KFT.
2030 rd, Disdi u. 107./C
Tel: +36 23 361-433
Fax: +36 23 364-124
Mail: procoplan@procoplan.hu
www.procoplan.hu

MOL Plc.

101

Functional Safety