Major Hazard Facilities

Hazard Identification

Dr. Muhammad Usman Tahir

01-06-2021
Overview

This lecture has been split into two sections

1. Hazard Identification
2. Major Accident Identification and Risk Assessment

The lecture has been developed to provide

Context with MHF Regulations
An overview of what is required
An overview of the steps required
Examples of hazards identified

2
Some Abbreviations and Terms
AFAP - As far as (reasonably) practicable
DG - Dangerous goods
Employer - Employer who has management control of the facility
Facility - any building or structure at which Schedule 1 materials are present or
likely to be present for any purpose
FMEA/FMECA - Failure modes and effects analysis/ Failure modes and
effects criticality analysis
FTA - Fault tree analysis
HAZID - Hazard identification
HAZOP - Hazard and operability study
HSR - Health and safety representative
LOC - Loss of containment
LOPA – Layers of protection analysis

3
Some Abbreviations and Terms
MHF - Major hazard facility
MA - Major accident
OHS - Occupational health & safety
PFD – Process Flow Diagram
P&ID – Piping and Instrumentation Diagram
PSV – Pressure safety valve
SMS - Safety management system

4
Topics Covered In This Presentation

Regulations
Definition – Hazard
Introduction
HAZID Requirements
HAZID Approach
Consultation
Conducting the HAZID
Overview of HAZID techniques
Review and Revision
Sources of Additional Information

5
Regulations
Basic outline

Hazard identification (R9.43)

Risk assessment (R9.44)
Risk control (i.e. control measures) (R9.45, S9A 210)
Safety Management System (R9.46)
Safety report (R9.47, S9A 212, 213)
Emergency plan (R9.53)
Consultation

6
Regulations
Regulation 9.43 (Hazard identification) states:
The employer must identify, in consultation with employees,
contractors (as far as is practicable) and HSRs:

a) All reasonably foreseeable hazards at the MHF that may

cause a major accident; and
b) The kinds of major accidents that may occur at the MHF, the
likelihood of a major accident occurring and the likely
consequences of a major accident.

7
Definition

Hazard

Regulatory definition per Part 20 of the Occupational Health

and Safety (Safety Standards) Regulations 1994 :
“A hazard means the potential to cause injury or illness”

Interpreted: Any activity, procedure, plant, process,

substance, situation or other circumstance that has the
potential to cause harm.

8
Introduction

HAZID is critical to safety duties and the safety report

Employer must identify all major accidents and their
related causes using a systematic and documented HAZID
approach
The process must be transparent
HAZID results must be reflected in risk assessment, SMS,
adoption of control measures and safety report

9
Introduction
An example - Gramercy Alumina Refinery, US Department of Labor Report ID
No. 16-00352, 5 July 1999 at 5am

10
Introduction

Were the hazards identified?

11
After incident
Causes (extracted from the report):
•Explosion caused by excessive pressure in digestion tanks and
by not following procedures and bypassing safety valves.
Tanks contained caustic solution at 10-20% concentration
•A power failure stopped the slurry pumps removing contents
of the tanks but they continued to add steam from gas fired
boilers
•Pressure relief valves blocked in (disengaged) on 4 of the
digestion tanks - all 4 exploded
•Injured 29 workers
•Released 180 tonnes of NaOH and an unspecified amount of
asbestos

12
Introduction

HAZID process must be ongoing to ensure existing hazards

are known, and
New hazards recognised before they are introduced:
- Prior to modification of facility
- Prior to change in SMS or workforce
- Before and during abnormal operations, troubleshooting
- Plant condition monitoring, early warning signals
- Employee feedback from routine participation in work
- After an incident
HAZID needs to be part of the risk assessment process that is built
in to the above. Important to ensure there are triggers for renewing
the HAZID at appropriate times.

13
• Information from accident investigations can be useful as input to
determine contributing causes
Management System Failures Identified in Incidents Investigated by the U.S. Chemical Safety and Hazard
Investigation Board, Angela S Blair PE Chemical Incident Investigator, Process Safety Progress, December
2004, Volume 23, No.4

Top 4:
•Maintenance procedures: 13%
•Process Hazard Analysis: 12%
•Engineering design: 10%
•Operating procedures: 8%

14
HAZID Requirements
A systematic, transparent and comprehensive HAZID process should
be used based on a comprehensive and accurate description of the
facility
Major accidents (MAs) and the underlying hazards should not be
disregarded simply because:
- They appear to be very unlikely
- They have not happened previously
- They are considered to be adequately controlled by existing
measures
Up to date drawings, procedures etc. are important
Consider consequences WITHOUT controls
Recall that MA are very low likelihood (they may well not have
happened before at that facility or within the industry). This
means that they will be outside of people’s normal experience and
can tend to be overlooked as credible.

15
HAZID Requirements
The risk diagram can be useful for illustrating this aspect, as
shown below

Increasing
risk
Relative Frequency of
Occurrence

Breakdown
Public
Safety Report
s High technology and
Staf
criticism Protest Influence
hazardhigh
system
complaint
f Personal
pickets Class failures
actions
s Industria
injury Market
stoppag
l Fatality
collapse
e Fire & (fatalities)
Maintenanc OH&S Catastrophi
Explosion
e c
Consequence
Severity
16
HAZID Requirements
Catastrophic means ‫( ﺗﺒﺎه ﮐﻦ‬involving or causing sudden great
damage or suffering.)

Discuss the general concept

A risk diagram is fundamentally a plot of the likelihood of events
occurring against the severity of the outcomes. This can be done in
different ways depending on the industry or organisation that is being
examined. The frequency denominator can be events per year, events
per kilometre, events per passenger mile, or events per any frequency
denominator is plotted against consequence severity in dollars, lives
lost, working days lost, or days lost to the community. If actually
being used as a risk profile instrument, it is normally done on log-log
paper

17
HAZID Requirements
Exclusions
The HAZID process (for MHF compliance) is not
intended to identify all personnel safety concerns
Many industrial incidents are caused by personnel
safety breaches, such as the following:
- Person falls from height
- Electrocution
- Trips/slips
- Contact with moving machinery
- Etc.

18
HAZID Requirements
Exclusions
These are generally incidents that do not relate to the storage or
processing of Schedule 9 materials and are covered by other parts of an
Employer’s safety management system for a facility such as:
- Permit to work
- Confined space entry and management
- Working at heights
- Work place safety assessments
- Etc.

While these hazards are serious and are the focus of much attention within
industry, these type of incidents are not the focus of the MHF regulations.
There are other regulations which mandate requirements and specific
controls to manage these types of industrial risks.

19
HAZID Approach

• What can go wrong?

• What incidents or scenarios
could arise as a result of
things going wrong?
• What could cause or could
contribute to these incidents?

20
HAZID Approach

Considers all operating modes of the facility, and all

activities that are expected to occur
Human and system interfaces together with engineering
issues
Dynamic process to stay ahead of any changes in the facility
that could erode the safe operating envelope or could
introduce new hazards

21
HAZID Approach
The HAZID approach is required to:

Be team-based
Use a process that is systematic
Be pro-active in searching for hazards
Assess all hazards
Analyse existing controls and barriers - preventative and
mitigative
Consider size and complexity in selecting approach to use

22
HAZID Approach
Consideration needs to be given in selecting the HAZID
technique
Some issues to take into account are:
- Life cycle phase of plant
- Complexity and size
- Type of Process or activity covering:
o Engineering or procedural
o Mechanical, process, or activity focussed

Different types of approaches will work best on different types of

facilities and processes.

23
 HAZID Approach
Life Cycle Phases of a Project

Concept The HAZID approach can be used in the first stages of

the life cycle phase of a project
Prior to design phase, little information will be
Design available and the HAZID approach will need to be
undertaken on flow diagrams
Assumptions will need to be transparent and
Construction
documented

Commission The diagram is focused on the various phases of a project site.

Experience suggests that the earlier HAZIDs and risk evaluations
are undertaken within a project the more likely all issues are to be
Production evaluated in a proactive manner. Information evaluated and
documented for corporate memory purposes will be of great
assistance to the operational part of the life cycle.
Decommission Identifying hazards early in a project will also allow actions to be
taken or designs changed before the design becomes too
advanced.
Disposal
24
HAZID Approach
Complexity and Size
The complexity and size of a facility includes the number of activities
or systems, the number of pieces of equipment, the type of process, and
the range of potential outcomes
Some HAZID techniques may get bogged down when they are applied
to complex processes
For example, event tree and fault tree analyses can become time
consuming and difficult to structure effectively
However, simple techniques may not provide sufficient focus to reach
consensus, or confidence in the identification of hazards
Conclusion: Start with simple techniques and build
in complexity as required

More rigorous or detailed methods are best kept for where

higher hazard plant or operations are first identified via a 25
broader approach.
HAZID Approach
Event tree analysis (ETA) is a forward, bottom up, logical modeling
technique for both success and failure that explores responses through a single
initiating event and lays a path for assessing probabilities of the outcomes and
overall system analysis.
This analysis technique is used to analyze the effects of functioning or failed
systems given that an event has occurred. ETA is a powerful tool that will
identify all consequences of a system that have a probability of occurring after
an initiating event that can be applied to a wide range of systems
including: nuclear power plants, spacecraft, and chemical plants.
Fault tree analysis (FTA) is a top down, deductive failure analysis in which
an undesired state of a system is analyzed using Boolean logic to combine a
series of lower-level events. This analysis method is mainly used in the fields
of safety engineering and reliability engineering to understand how systems can
fail, to identify the best ways to reduce risk or to determine (or get a feeling for)
event rates of a safety accident or a particular system level (functional) failure.

26
HAZID Approach
Type of Process or Activity
Where activities are procedural or human error is dominant
then task analysis may be appropriate (e.g. task analysis,
procedural HAZOP, etc)
Where knowledge of the failure modes of equipment is
critical (e.g. control equipment, etc) then FMEA (Failure
modes and effects analysis) may be appropriate

Consider whether your process is predominantly procedure

based (human factors) or managed through automatic controls
(engineering controls).

27
HAZID Approach

Type of Process or Activity

Where the facility is readily shown on a process flow
diagram or a process and instrumentation diagram, then
HAZOP may be used
Where multiple failures need to be combined to cause an
accident, or multiple outcomes are possible then fault tree
analysis and event tree analysis may be beneficial

28
Consultation

The MHF Regulations require Employers to consult with

employees in relation to:
- Identification of major hazards and potential major accidents
- Risk assessment
- Adoption of control measures
- Establishment and implementation of a safety management
system
- Development of the safety report

Conducting HAZID workshops is an excellent means of

demonstrating employee involvement.

29
Consultation

Consultation is also required in relation to the roles that the

Employer defines for employees
A teamwork approach between the Employer, HSRs and
employees is strongly advocated for the safety report
development process as a whole

30
Consultation

Employees have a significant effect on the safety of

operations, as a result of their behaviour, attitude and
competence in the conduct of their safety-related roles
The involvement of the employees in the identification of
hazards and control measures enhances:
- Their awareness of these issues
and
- Is critical to the achievement of safe operation in practice

31
Conducting the HAZID
HAZID Team Selection

The team selection for the area or plant is critical to the

whole hazard identification process
Personnel with suitable skills and experience should be
available to cover all issues for discussion within the
HAZID process
A well managed, formalised approach with appropriate
documentation is required
Team selection and training in methodology used is to be
provided

On occasions there maybe issues which is outside of the teams

knowledge. Put this aside to be addressed at a later date by
suitable personnel.
32
Conducting the HAZID

HAZID Team Selection

Facilitated multi-disciplinary team based approach

Suitably qualified and experienced independent person to
facilitate
Suitably experienced and qualified personnel for the
process, operations and equipment involved

Independent can mean either independent to the process being evaluated or

a company external facilitator

33
Conducting the HAZID

HAZID Team Selection

These employees MAY BE the HSRs but DO NOT HAVE

TO BE
However, the HSRs should be consulted in selection of
appropriate persons - this process must be documented and
be transparent
No single person can conduct a HAZID
A team approach will be most effective

34
Conducting the HAZID
HAZID Study Team
The typical study team would comprise:
Study facilitator
Technical secretary
Operations management
HSR/Operations representative
Project engineer or project design engineer for new projects
Process engineer
Maintenance representative
Instrument electrical representative
Note: the above team make up is indicative only
The HSR and the operations person can be the same or different people, depending on the agreement set
between the Employer and the HSR person within the context of the MHF Regulations. Some people will
not need to be there all of the time, for example materials and instrumentation/electronics personnel. Issues
for these personnel cam be placed on a to do list and treated when they are available accordingly

35
Conducting the HAZID

HAZID Planning

The following steps are required:

Planning and preparation

Defining the boundaries and provide system description
Divide plant into logical groups
Review P&IDs and process schematics to ensure accuracy
Optimise HAZID process by means of preplanning work involving
relevant stakeholders (operations, maintenance, technical and safety
personnel)

36
 Conducting the HAZID – Consider the Past, Present and Future

What has gone wrong in the past?

Root Cause
Historical Historical Records
conditions Process Experience
Near Misses

Identified
What could go wrong currently?
Hazards
HAZID Workshop
Existing HAZOP Study
conditions Scenario Definitions
Checklists

What could go wrong due to change?

Change Management unforeseeable
Future What-If Judgement
conditions Prediction

Pre-work would involve gathering incident and near miss data and other process experience.
Structured workshop to gain insights from a range of suitable people with experience in the process
being studied.
Maintain the HAZID by triggering review based on changes, incidents etc.
Conducting the HAZID

It is tempting to disregard “Non-Credible” Scenarios BUT

“Non-credible” scenarios have happened to others

Worst cases are important to emergency planning

Again, non-credible does NOT mean very unlikely.

For HAZID the credible worst case consequences should be considered.

38
It happened to someone else …

Aftermath of an explosion
(U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, SIERRA
CHEMICAL COMPANY REPORT NO. 98-001-I-NV, January 1988)

39
Conducting the HAZID

Issues for consideration

Equipment can be off-line

Safety devices can be disabled or fail to operate
Several tasks may be concurrent
Procedures are not always followed
People are not always available
How we act is not always how we plan to act
Things can take twice as long as planned
Abnormal conditions can cross section limits
◦ Power failure
Consider all possible operating modes (e.g.
start-up and shut-down), human errors, failed
40
controls etc.
 Conducting the HAZID – HAZID Process

Define boundary System description

Divide system into sections

Analyse each section

• asset or equipment failure
• external events Existing studies
• process operational deviations
• hazards associated with all materials Selected methods
• human activities which could contribute to incidents
• interactions with other sections of the facility

Systematically record all hazards

Independent check

Hazard Register Revisit after risk assessment

41
Conducting the HAZID

Meeting Venue

Hold on site if possible

Avoid interruptions if possible
Schedule within the normal work pattern, or within the
safety report activities
Meetings less than 3 hours are not effective
Meetings that last all day are also not effective, however
practicalities may require all day meetings
Don’t underestimate the time required

42
Conducting the HAZID

Recording Detail
The level of detail is important for:
- Clarity
- Transparency and
- Traceability
A system (hazard register) is required for keeping track of the process for each
analysed section of the facility
The items to be recorded are:
- Study team
- System being evaluated
- Identified hazard scenario
- Consequences of the hazard being realised
- Controls in place to prevent hazard being realised and their adequacy
- Opportunity for additional controls

Will another person be able to understand

what is written 3 months down the track?
43
HAZID Techniques - Overview

Checklists - questions to assist in hazard identification

Increasing effort required

Brainstorming - whatever anyone can think of

What If Analysis - possible outcomes of change
HAZOP - identifies “process plant” type incidents
FMEA/FMECA - equipment failure causes
Task Analysis – maintenance activities, procedures
Fault Tree Analysis - combinations of failures

44
Checklists

Simple set of prompts or checklist questions to assist in

hazard identification
Can be used in combination with any other techniques, such
as “What If”
Can be developed progressively to capture corporate
learning of organisation
Particularly useful in early analysis of change within
projects

45
Checklists
Initiating General Causes Initiating Causes
Events
Overfills And Improper Operating Error
Spills Operation Inadequate / Incorrect Procedure
Failure To Follow Procedure
Outside Operating Envelope
Inadequate Training

Vessel/Tanker Corrosion Wet H2S Cracking

Shell Failure General Process
Cooling Water
Steam / Condensate
Service Water
Mechanical Impact Crane
Vehicles

46
Checklists

Advantages
Highly valuable as a cross check review tool following application of
other techniques
Useful as a shop floor tool to review continued compliance with SMS

Disadvantages
Tends to stifle (to quell, crush) creative thinking
Used alone introduces the potential of limiting study to already known
hazards - no new hazard types are identified
Checklists on their own will rarely be able to satisfy regulatory
requirements

47
Brainstorm

Team based exercise

Based on the principle that several experts with different
backgrounds can interact and identify more problems
when working together
Can be applied with many other techniques to vary the
balance between free flowing thought and structure
Can be effective at identifying obscure hazards which
other techniques may miss

48
Brainstorm

Advantages
Useful starting point for many HAZID techniques to focus a group’s
ideas, especially at the project’s concept phase
Facilitates active participation and input
Allows employees experience to surface readily
Enables “thinking outside the square”
Very useful at early stages of a project or study

Disadvantages
Less rigorous and systematic than other techniques
High risk of missing hazards unless combined with other tools
Caution required to avoid overlooking the detail
Relies on experience and competency of facilitator

49
What If

What if analysis is an early method of identifying hazards

Brainstorming approach that uses broad, loosely structured
questioning to postulate potential upsets that may result in
an incident or system performance problems
It can be used for almost every type of analysis situation,
especially those dominated by relatively simple failure
scenarios

50
What If

Normally the study leader will develop a list of questions

to consider at the study session
This list needs to be developed before the study session
Further questions may be considered during the session
Checklists may be used to minimise the likelihood of
omitting some areas

51
What If
Example of a What If report for a single assessed item

52
What If

Advantages
Useful for hazard identification early in the process, such as when only PFDs
are available
What If studies may also be more beneficial than HAZOPs where the project
being examined is not a typical steady state process, though HAZOP
methodologies do exist for batch and sequence processes

Disadvantages
Inability to identify pre-release conditions
Apparent lack of rigour (the quality of being extremely thorough and careful).
Checklists are used extensively which can provide tunnel vision, thereby
running the risk of overlooking possible initiating events

53
HAZOP

A HAZOP study is a widely used method for the identification of

hazards
A HAZOP is a rigorous and highly structured hazard identification tool
It is normally applied when PFDs and P&IDs are available
The plant/process under investigation is split into study nodes and lines
and equipment are reviewed on a node by node basis
Guideword and deviation lists are applied to process parameters to
develop possible deviations from the design intent

HAZOP results in a very a systematic assessment of hazards

54
HAZOP
Example of a HAZOP report for a single assessed item

55
HAZOP

Advantages
Will identify hazards, and events leading to an accident, release or
other undesired event
Systematic and rigorous process
The systematic approach goes some way to ensuring all hazards are
considered

Disadvantages
HAZOPs are most effective when conducted using P&IDs, though they
can be done with PFDs
Requires significant resource commitment
HAZOPs are time consuming
The HAZOP process is quite monotonous and maintaining participant
interest can be a challenge

56
FMEA/FMECA

Objective is to systematically address all possible failure

modes and the associated effects on a technical system
The underlying equipment and components of the system
are analysed in order to eliminate, mitigate or reduce the
failure or the failure effect
Best suited for mechanical and electrical hardware systems
evaluations

FMEA/FMECA - Failure modes and effects analysis/ Failure modes and effects criticality analysis

57
FMEA/FMECA
Example of an FMEA/FMCEA report for a single assessed item

Potential Potential Potential Comments Recommendations

Failure Effects of Causes
Mode Failure of Failure
Open Wrong Wear and Commissioning The integrity of the
indicator indication of tear and test position indicators for the
switch failed valve back to procedures Diverter system
control system must ensure equipment is critical to
causing possible that all diverter the logic of the control
incorrect equipment system.
controller action indicators are It is recommended that
to be taken correctly wired the position indicators
to the diverter are discretely function
control system tested prior to
commencement of each
program

58
FMEA/FMECA

Advantages
Generally applied to solve a specific problem or set of problems
FMEA/FMECA was primarily considered to be a tool or process to
assist in designing a technical system to a higher level of reliability
Designed correction or mitigation techniques can be implemented so
that failure possibilities can be eliminated or minimized

Disadvantages
It is very time consuming and needs specialist skills from different
backgrounds to obtain maximum effect
Very hard to assess operational risks within an FMEA/FMECA (like
they can be within a HAZOP or What if study)

59
Task Analysis

Technique which analyses human interactions with the

tasks they perform, the tools they use and the plant, process
or work environment
Approach breaks down a task into individual steps and
analyses each step for the presence of potential hazards
Used widely to manage known injury related tasks in
workplace
Excellent tool for hazard identification related to human
tasks

60
Task Analysis

Disadvantages
Does not address plant process deviations which are not related to
human interaction

Caution
Relies on multi-disciplined input with specific input of person who
normally carries out the task
Often assumed to be the only tool of hazard identification or risk
assessment, as it is used generally at the shop floor

Only deals with human factors (or errors) which can create hazards.
Can not identify process related hazards.

61
Fault Tree Analysis

Graphical technique approach

Provides a systematic description of the combinations of
possible occurrences in a system which can result in an
identified undesirable outcome (top event)
This method combines hardware failures and human
failures
Uses logic gates to define modes of interaction (ANDs/
ORs)

62
Fault Tree Analysis
Process
vessel over
pressured

AN
D

Pressure rises PSV does not

relieve

AN OR
D

Process Control Set point too

pressure fails high Fouling inlet high
rises or outlet
PSV too PSV stuck
small closed

63
Fault Tree Analysis

Advantages
Quantitative - defines probabilities to each event which can be used to
calculate the probability of the top event
Easy to read and understand hazard profile
Easily expanded to bow tie diagram by addition of event tree

Disadvantages
Need to have identified the top event first
More difficult than other techniques to document
Fault trees can become rather complex
Time consuming approach
Quantitative data needed to perform properly

64
Review and Revision
The following are examples of when a HAZID revision should occur

Organizational
changes

New
projects
Process or
HAZID condition
Revision monitoring
changes
Incident
investigation results

Abnormal conditions
through design envelope
changes

65
Sources of Additional Information

Loss Prevention In The Process Industries, Second Edition, Reed Educational and
Professional Publishing, F. P Lees,1996
Guidelines for Hazard Analysis, Hazardous Industry Planning Advisory Paper
No.6, NSW Department of Planning, June 1992
HAZOP and HAZANs, Notes on the Identification and Assessment of Hazards,
Second Edition, Trevor Kletz, The Institution of Chemical Engineers, 1986

66
Sources of Additional Information

Guidelines for Hazard Evaluation Procedures, Second Edition, Centre for

Chemical Process Safety, American Institute of Chemical Engineers, 1992
Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for
Chemical Process Safety, American Institute of Chemical Engineers, 2001
Hazard Identification and Risk Assessment, Geoff Wells, The Institution of
Chemical Engineers, 19.
MIL-STD-1629A, 1980
Failure Modes and Effects Analysis, J. Moubray, RCM II, 2000

67
Questions?

68