You are on page 1of 12



TRIANA YUSMAN (1406533081)


Process Hazard Analysis (PHA)

The process hazard analysis (PHA) is a key requirement of EPAs Risk Management Program
(RMP) rule, 40 CFR Part 68, and OSHAs Process Safety Management (PSM) standard, 29
CFR 1910.119. These regulations require that PHA address toxic, fire, and explosion hazards
resulting from specific chemicals and their possible impacts on employees, the public and the
PHA is a thorough, orderly, and systematic

OSHA PSM standard.

approach for identifying, evaluating, and

controlling the hazards processes involving
hazardous chemicals. Facility shall
perform process hazard analysis on all
processes covered EPA RMP rule or

The process hazard analysis methodology selected must be appropriate to the complexity of
the process and must identify, evaluate, and control the hazards involved in the process.
First, the facility must determine and document the priority order for conducting process
hazard analyses based on a rationale that includes such considerations as the extent of the
process hazards, the number of potentially affected employees, the age of the process, and the
operating history of the process. The process hazard analyses should be conducted as soon as
The facility shall use one or more of the following methods, as appropriate, to determine and
evaluate the hazards of the process being analyzed:

Hazard and operability study (HAZOP),
Failure mode and effects analysis (FMEA),
Fault tree analysis (FTA),
Event tree analysis (ETA),
Cause consequence analysis (CCA),
Bow-Tie analysis

process hazard analysis methodology

being used.
The facility shall establish a system to
promptly address the teams findings and
recommendations; assure that the
Whichever method(s) are used, the process

recommendations are resolved in a timely

hazard analysis shall address the

manner and that the resolution is


documented; document what actions are to

The hazards of the process;

The identification of any previous
incident that had a likely potential

for catastrophic consequences;

Engineering and administrative

possible; develop a written schedule of

when these actions are to be completed;
and communicate the actions to operating,
maintenance, and other employees whose

controls applicable to the hazards

work assignments are in the process and

and their interrelationships, such as

who may be affected by the

appropriate application of detection

recommendations or actions.

methodologies to provide early

At least every five years after the

warning of releases.
Consequences of failure of

completion of the initial process hazard

engineering and administrative

be taken; complete actions as soon as

Stationary source siting;
Human factors; and
A qualitative evaluation of a range
of the possible safety and health
effects of failure of controls.

analysis, the process hazard analysis shall

be updated and revalidated by a team
meeting the programs requirements to
ensure that the hazard analysis is
consistent with the current process.
The facility shall keep on file and make
available to EPA or/and OSHA, on request,

The process hazard analysis shall be

process hazard analyses and updates or

performed by a team with expertise in

revalidation for each process covered by

engineering and process operations, and

RMP or/and PSM, as well as the

the team shall include at least one

documented resolution of

employee who has experience and

recommendations, for the life of the

knowledge specific to the process being


evaluated. Also, one member of the team

must be knowledgeable in the specific

PHA Techniques:

A What-If is a brainstorming approach in
which a group of people familiar with the
process ask questions about possible
deviations or failures. These questions may
be framed as What-If, as in What if the
pump fails? or may be expressions of
more general concern, as in I worry about
contamination during unloading. A scribe
or recorder takes down all of the questions
on flip charts or a computer. The questions
are then divided into specific areas of
investigation, usually related to
consequences of interest. Each area is then
addressed by one or more team members.
What-If analyses are intended to identify
hazards, hazardous situations, or accident
scenarios. The team of experienced people
identifies accident scenarios,
consequences, and existing safeguards,
then suggests possible risk reduction
alternatives. The method can be used to
examine deviations from design,
construction, modification, or operating
intent. It requires a basic understanding of
the process and an ability to combine
possible deviations from design intent with

A What-If usually reviews the entire

process, from the introduction of the
chemicals to the end. The analysis may
focus on particular consequences of
concern. AIChE provides the following
example of a What-If question: What if
the raw material is the wrong
concentration? The team would then try
to determine how the process would
respond: If the concentration of acid were
doubled, the reaction could not be
controlled and a rapid exothermic would
result. The team might then recommend
steps to prevent feeding wrong
concentrations or to stop the feed if the
reaction could not be controlled.
A What-If of simple systems can be done
by one or two people; a more complex
process requires a larger team and longer
meetings. AIChE/CCPS estimates that for
a small or simple system a What-If
analysis will take 4 to 8 hours to prepare, 1
to 3 days to evaluate the process, and 1 to
2 days to document the results. For larger
or more complex processes, a What-If will
take 1 to 3 days to prepare, 4 to 7 days to
evaluate, and 4 to 7 days to document.

outcomes. AIChE describes this as a

powerful procedure if the staff are
experienced; otherwise, the results are
likely to be incomplete.

A What-If/Checklist combines the

a What If/Checklist analysis will take 6 to

creative, brainstorming aspects of the

12 hours to prepare, 6 to 12 hours to

What-If with the systematic approach of

evaluate the process, and 4 to 8 hours to

the Checklist. The combination of

document the results. For larger or more

techniques can compensate for the

complex processes, a What-If/Checklist

weaknesses of each. The What-If part of

will take 1 to 3 days to prepare, 4 to 7 days

the process can help the team identify

to evaluate, and 1 to 3 weeks to document.

hazards and accident scenarios that are

beyond the experience of the team


members. The checklist provides a more

The Hazard and Operability Analysis

detailed systematic approach that can fill

(HAZOP) was originally developed to

in gaps in the brainstorming process. The

identify both hazards and operability

technique is generally used to identify the

problems at chemical process plants,

most common hazards that exist in a

particularly for processes using

process. AIChE states that it is often the

technologies with which the plant was not

first PHA conducted on a process, with

familiar. The technique has been found to

subsequent analyses using more detailed

be useful for existing processes as well. A


HAZOP requires an interdisciplinary team

The purpose of a What-If/Checklist is to

and an experienced team leader.

identify hazards and the general types of

The purpose of a HAZOP is to review a

accidents that could occur, evaluate

process or operation systematically to

qualitatively the affects of the effects, and

identify whether process deviations could

determine whether safeguards are

lead to undesirable consequences. AIChE

adequate. Usually the What-If

states that the technique can be used for

brainstorming precedes the use of the

continuous or batch processes and can be

checklist, although the order can be

adapted to evaluate written procedures. It


can be used at any stage in the life of a

The technique usually is performed by a


team experienced in the design, operation,

HAZOPs usually require a series of

and maintenance of the process. The

meetings in which, using process

number of people required depends on the

drawings, the team systematically

complexity of the process. AIChE/CCPS

evaluates the impact of deviations. The

estimates that for a small or simple system

team leader uses a fixed set of guide words

and applies them to process parameters at

A Failure Mode and Effects Analysis

each point in the process. Guide words

(FMEA) evaluates the ways in which

include No, More, Less, Part of,

equipment fails and the systems response

As well as, Reverse, and Other than.

to the failure. The focus of the FMEA is on

Process parameters considered include

single equipment failures and system

flow, pressure, temperature, level,

failures. An FMEA usually generates

composition, pH, frequency, and voltage.

recommendations for increasing

As the team applies the guide words to

equipment reliability. FMEA does not

each process step, they record the

examine human errors directly, but will

deviation, with its causes, consequences,

consider the impact on equipment of

safeguards, and actions needed, or the need

human error. AIChE states that FMEA is

for more information to evaluate the

not efficient for identifying an exhaustive


list of combinations of equipment failures

HAZOPs require more resources than

that lead to accidents.

simpler techniques. AIChE states that a

An FMEA produces a qualitative,

simple process or a review with a narrow

systematic list of equipment, failure

scope may be done by as few as three or

modes, and effects. The analysis can easily

four people, if they have the technical

be updated for design or system changes.

skills and experience. A large or complex

The FMEA usually produces a table that,

process usually requires a team of five to

for each item of equipment, includes a

seven people. AIChE/CCPS estimates that

description, a list of failure modes, the

for a small or simple system a HAZOP

effects of each failure, safeguards that

analysis will take 8 to 12 hours to prepare,

exist, and actions recommended to address

1 to 3 days to evaluate the process, and 2

the failure. For example, for pump

to 6 days to document the results. For

operating normal, the failure modes would

larger or more complex processes, a

include fails to stop when required, stops

HAZOP will take 2 to 4 days to prepare, 1

when required to run, seal leaks or

to 3 weeks to evaluate, and 2 to 6 weeks to

ruptures, and pump case leaks or ruptures.


The effects would detail both the

immediate effect and the impact on other
equipment. Generally, when analyzing

Failure Mode and Effects

Analysis (FMEA)

impacts, analysts assume that existing

safeguards do not work. AIChE states that

more optimistic assumptions may be

identify combinations of basic equipment

satisfactory as long as all equipment

and human failures that can lead to an

failure modes are analyzed on the same

accident, allowing the analyst to focus


preventive measures on significant basic

An FMEA requires an equipment list or


P&ID, knowledge of the equipment,

AIChE states that FTA is well suited for

knowledge of the system, and responses to

analyses of highly redundant systems. For

equipment failure. AIChE states that on

systems vulnerable to single failures that

average, an hour is sufficient to analyze

can lead to accidents, FMEA or HAZOP

two to four pieces of equipment.

are better techniques to use. FTA is often

AIChE/CCPS estimates that for a small or

used when another technique has identified

simple system an FMEA will take 2 to 6

an accident that requires more detailed

hours to prepare, 1 to 3 days to evaluate

analysis. The FTA looks at component

the process, and 1 to 3 days to document

failures (malfunctions that require that the

the results. For larger or more complex

component be repaired) and faults

processes, an FMEA will take 1 to 3 days

(malfunctions that will remedy themselves

to prepare, 1 to 3 weeks to evaluate, and 2

once the conditions change). Failures and

to 4 weeks to document.

faults are divided into three groups:

Fault Tree Analysis (FTA)

primary failures and faults occur when the

equipment is operating in the environment

A Fault Tree Analysis (FTA) is a deductive

for which it was intended; secondary

technique that focuses on a particular

failures and faults occur when the system

accident or main system failure and

is operating outside of intended

provides a method for determining causes

environment; and command faults and

of the event. The fault tree is a graphic that

failures are malfunctions where the

displays the combinations of equipment

equipment performed as designed but the

failures and human errors that can result in

system that commanded it malfunctioned.

the accident. The FTA starts with the

accident and identifies the immediate
causes. Each immediate cause is examined
to determine its causes until the basic
causes of each are identified. AIChE states
that the strength of FTA is its ability to

An FTA requires a detailed knowledge of

how the plant or system works, detailed
process drawings and procedures, and
knowledge of component failure modes
and effects. AIChE states that FTAs need
well trained and experienced analysts.

Although a single analyst can develop a

fault tree, input and review from others is

Cause Consequence Analysis

Cause-consequence analysis (CCA) is a

AIChE/CCPS estimates that for a small or

method for analyzing consequence chains

simple system an FTA will take 1 to 3 days

and can be used individually or as a

to prepare, 3 to 6 days for model

supportive method for other analysis

construction, 2 to 4 days to evaluate the

methods. The objective of the analysis is to

process, and 3 to 5 days to document the

recognize consequence chains developing

results. For larger or more complex

from failures or other unwanted events,

processes, an FTA will take 4 to 6 days to

and to estimate these consequences with

prepare, 2 to 3 weeks for model

their probabilities. The cause-consequence

constructions, 1 to 4 weeks to evaluate,

structure of the analysis is formed by

and 3 to 5 weeks to document.

combining two different types of tree

Event Tree Analysis (ETA)

structures together. To the consequence

tree, built from left to right, includes the

An event tree analysis (ETA) is an

examined primary event and its follow-up

inductive procedure that shows all possible

events leading eventually to a failure or

outcomes resulting from an accidental

some other unwanted event like for

(initiating) event, taking into account

example a serious injury of a person.

whether installed safety barriers are

functioning or not, and additional events
and factors.

The causes and the probabilities for the

realization of the primary event and the
follow-up events are defined to cause trees

By studying all relevant accidental events

built from top to down. Often cause trees

(that have been identified by a preliminary

describe failures and are therefore called

hazard analysis, a HAZOP, or some other

fault trees. The top level of the cause tree

technique), the ETA can be used to identify

is at the same time a node in the

all potential accident scenarios and

consequence tree describing an event

sequences in a complex system.

realizing or not. Cause and consequence

Design and procedural weaknesses can be

tree together create a visual consequence

identified, and probabilities of the various

chain to help illustrate the relations

outcomes from an accidental event can be

between causes and consequences that lead


into different damages. Consequence tree

shows the possible consequence chains

and damages of a single event, whereas

Visual and logical description of

cause trees (fault trees) describe the causes

the consequence chain evolving

and probabilities of each consequence.

from the examined primary event

Probabilities for the final

Cause-consequence analysis includes the

consequence damages based on the

following phases:

Recognizing damage chains

Recognizing the primary event
(failure or some unwanted event

that triggers the damage chain)

Recognizing the follow-up events

Bow-Tie Analysis
A BowTie is a diagram that visualises the

final damages)
Final consequence damages

risk you are dealing with in just one, easy

levels of follow-up events)

Defining causes of primary and
follow-up events to cause/fault

(causalities) between events

Requirements for the safety

(events between primary event and

(damages coming from different

cause-consequence structure
Cause-consequence relations

Inputting realization probabilities

to understand picture. The diagram is

shaped like a bow-tie, creating a clear
differentiation between proactive and
reactive risk management. The power of a
BowTieXP diagram is that it gives you an
overview of multiple plausible scenarios,

(failure data) for the causes of

in a single picture. In short, it provides a

primary and follow-up events

simple, visual explanation of a risk that

Cause-consequence analysis is an effective

tool when confirming that the operational

would be much more difficult to explain


safety features have been taken into

account already on the design phase. The
method can be applied especially when
examining complex event chains where
there are many possible consequence
damages for a single primary event.

Risks bow-tie analysis process can be

The results of cause-consequence analysis

effectively used to develop a risk-based

include among other things:

platform for the ongoing management and

prevention of major incidents. It delivers
the following benefits:

Draws on the direct involvement

latter do not easily deal with the need to

and experience of facility personnel

evaluate the time-dependent nature of

to identify hazards and to properly

batch operations. Analysis of multiple

incorporate critical controls into

failure situations is best handled by FTA.

management systems
Enables risk-based monitoring,

Single-failure techniques, such as HAZOP

auditing and review of critical risk

handle these although they can be

Raises awareness and improves

extended to evaluate a few simple accident

understanding and knowledge

and FMEA, are not normally used to

situations involving more than one event.

amongst employees of the potential

AIChE states that when a process has

major incidents and the reliance on

operated relatively free of accidents for a

critical controls that prevent those

long time, the potential for high

consequence events is low, and if there

accidents from occurring

Enables proper risk management to

be demonstrated
Contributes to achieving legislative

experience base, the less exhaustive


used. When the opposite is true, the more

have been few changes to invalidate the

techniques, such as a Checklist, can be

Factors in Selecting a Technique

rigorous techniques are more appropriate.

Type of process will affect your selection

OSHA Guide to Hazard Assessment

of a technique. AIChE states that most of

Initial hazard assessments should be

the techniques can be used for any process,

performed prior to the introduction of new

but some are better suited for certain

raw materials, equipment or processes to

processes than others. FMEA efficiently

the workplace, or before major changes are

analyzes the hazards associated with

made to processes, equipment or the work

computer and electronic systems; HAZOPs


do not work as well with these. Processes

or storage units designed to industry or
government standards can be handled with

Regardless of the technique used, all

employees should know how to report
hazards to have them evaluated and
corrected. Use of the reporting system

AIChE lists What-If, What-If/Checklist,

should be encouraged by management.

and HAZOP as better able to handle batch

Employers need to respond to complaints

processes than FTA or FMEA because the

in a timely fashion. The employees should

be updated about the status of the

protective equipment, such as respirators,

complaint investigation and its outcome.

gloves and safety glasses, should only be

The employees should also have the

used as a last resort; after all feasible

authority and ability to correct hazards

engineering and administrative controls

themselves whenever feasible.

and work practices have been

Some employers or safety committees feel


there is benefit in having inspections or

Employee input about abatement

audits of a facilitys safety and health

techniques is highly recommended. The

program by someone from outside of the

employees may be able to provide insight

organization. This person may have more

regarding equipment and work procedures

specialized knowledge in the safety and

or have their own ideas about how to abate

health field than most of the organizations

the hazards. They often are familiar with

safety committee members. He or she may

the history of the process and what

have more sophisticated sampling or

measures have been tried in the past.

measurement equipment than the employer

Employees are also more likely to use the

has readily available. An outsider may also

control measures and safe work practices if

recognize hazards the committee has

they feel some ownership in their


establishment. Employee training may also

After hazards are identified, they should be

eliminated or abated to the degree that it is

be necessary, especially if new engineering

controls or work practices are used.

feasible. OSHA promotes a hierarchy of

Regular preventive maintenance of

control measures. At the top of the

equipment is also important to prevent the

hierarchy are engineering controls, which

occurrence of hazards. Some processing

include tactics such as ventilation and raw

equipment may require a full mechanical

material substitution. All reasonably

integrity program with written inspection

feasible engineering controls should be

and testing procedures performed on a

exhausted before other measures are taken.

regular schedule.

Work practices, another technique for

employee protection, involves modifying
tasks and jobs to reduce hazards.
Administrative controls, such as job
rotation, are another tool employers
sometimes use to reduce hazards. Personal