Safety Engineering of Process Plants (CH 404)

Module IV

Dr. Prince George

Dept. Of Chemical Engineering
Saintgits College of Engineering
 Safety Inspections
• Best ways to identify potentially fatal or harmful things is to conduct workplace inspections.
• Been identified, they can be properly addressed.
• Inspections be part of your safety/loss prevention program.

❖ The inspection process seeks to identify potential causes of incidents or accidents, which is the first step in their
prevention.
❖ Unsafe acts that are observed should be addressed, as should unsafe conditions.
❖ Accidents are a disruption to daily operations, and this in turn reduces operational efficiency.
 WHAT TO INSPECT?
• Workplace means all buildings/structures must be inspected.
• When looking at inside operations,
• don’t forget to check work areas, areas accessible to the public, storage and maintenance areas, and equipment
rooms.
• Open locked doors and look.
• When inspecting external areas,
• remember to address security in parking areas, walking-working surfaces (for trip hazards), storage and
maintenance buildings, equipment buildings and vacant buildings.
• Emergency exits—signage in place and functional, blocked/chained, and/or blocked open

Checklist Categories

✓ Building Safety ✓ Electrical Safety

✓ Office Safety ✓ Emergency Equipment
✓ Fire Safety ✓ Storage Methods
 What to Look for?
➢ Indoor air quality problems
➢ Include those caused by mold or asbestos or by an improperly operating HVAC (heating, ventilation and air
conditioning) system.
➢ NFPA addresses items such as firefighting equipment, exit signs, and exit pathways.
➢ You should get a copy of the report every time they inspect your site.
➢ Housekeeping
➢ Items such as facility cleanliness, proper storage of materials and supplies, and related activities.

➢ Ensure that safety guards or safety devices on machines, equipment, etc.

➢ Follow the manufacturers recommended guidelines/procedures, or safety standards.
➢ Disabling a safety device is strictly prohibited.
➢ Unsafe conditions include slip, trip and fall hazards, electrical hazards, or any condition that can cause injury.
➢ Also include environmental systems
➢ When conducting your inspections, observe employees performing their job tasks.
➢ Are they following proper work procedures, obeying safety rules, wearing required PPE, using ladders instead of
chairs? If not, it needs to be noted and reported.
 TYPES OF INSPECTIONS
❖ Formal Inspections are those that are scheduled in advance.
❖ They may include the Safety Officer and Safety Committee members.
❖ Daily, all employees are required to conduct informal visual inspections of their work areas prior to beginning
operations.
❖ Supervisors should continuously monitor work areas for developing hazards or unsafe practices.
❖ Special function inspections are conducted after accidents and upon the introduction of new equipment or new
procedures.
❖ They may be conducted by other regulatory agencies.
❖ Annual walk-through inspection
 Purpose of Safety Inspections

▪ Identify potential hazards so they are corrected before an
injury occurs
▪ Implement or improve safety programs
▪ Increase safety awareness
▪ Display concern for workers’ safety
▪ Communicate safety standards of performance
The person conducting the inspection:
• Must have the requisite PPE to safely perform the job
• They must be knowledgeable on how to locate safety and
health hazards
• They should have the authority, given by management, to
act and make recommendations.
❖ If unsafe conditions are revealed, this person should also

The person conducting the hazard inspections should have the authority to shutdown an operation and notify

▪ Be thoroughly-versed in the facility’s operation management.

▪ Knowledgeable of relevant regulations, codes & company ❖ Consider giving this authority to all personnel, re:

policies operation shutdowns which are unsafe.

▪ Competent regarding the inspection steps

▪ Capable of collecting, evaluating & reporting the data
A dedicated person can be educated and trained to successfully
assume this task.
 Hazard Inspection Guidelines
Hazard inspection guidelines will be determined prior to
conducting field inspections.
▪ Decide what to inspect (as well as what will NOT be
inspected, i.e., those aspects outside the scope of the safety
inspection).
▪ Prepare an inspection sequence
▪ Use a checklist
▪ Ask employees in area for input
▪ Record observations – location & nature of hazards
▪ Document the inspection participants
Safety Inspections Steps
Steps in a Safety Inspection are generally:
1. Research of the area and/or operation to be viewed.
2. Organize the documents and PPE which will be required
3. Analyze findings of the inspection
4. Record the findings and recommendations
5. Follow-up with reporting-out the final report to proper
committees
Now we are going to review action that needs to be taken once you’ve completed your inspection.
Sign & Date the inspection form
 Findings from Inspection
• If a hazard was found, make sure that it is properly recorded and reported to the appropriate people.

• Unsafe conditions must be addressed within a reasonable time period.

• A follow-up inspection may be necessary.
• Unsafe acts can normally be corrected immediately.
• Often, root-cause analyses reveal that unsafe acts are a result of incorrect training or lack of training.
• After a problem has been detected, management has the ultimate responsibility to take the necessary steps
to correct it.
• Once a problem has been corrected, prudent steps should be taken to ensure that it doesn’t return.
• Job safety observations may be used to ensure that proper job procedures are being used.
• These observations should be conducted immediately and intermittently.

• When possible, line employees should be involved in the inspection process.

• In part because of their job/task knowledge, they are often able to develop safer, more efficient processes.
• Always document corrective actions on the inspection form
 IMPLEMENTING CONTROLS
• Engineering controls include replacing equipment with safer models and removing unsafe equipment from the work area.
• Administrative controls include restricting access to hazardous areas, the use of signs to communicate information,
ensuring site security, and employee training.
• Written policies & procedures by management.
• Protective equipment must be used as a last option after consideration has been given to engineering and administrative
controls.
• When PPE is used, employees must be trained in its use, and they must be monitored to ensure they are using the
PPE properly.
• There should be a written program on how to purchase, use, maintain, store, disposal & replacement of PPE.
Document Your Findings

❑ All findings, along with corrective action recommended (including training), should be fully documented.
❑ When items recorded on the Hazard Control Log or Inspection Checklists have been corrected.
❑ The type of documentation that is used is not as important as ensuring it is done in a timely and thorough manner.
 SAFETY AUDITING
• Process that identifies unsafe conditions and unsafe acts in the plant and recommends safety improvement.
• Walk through safety audit
• Intermediate safety audit
• Comprehensive safety audit Team
• Safety manager
• Walk through safety audit • Safety consultant
❑ Least expensive, • Insurance Inspector
• Electrical Inspector
❑ Noting conditions via naked eyes during walk through • Manager-Civil/E/C/O&M
❑ Recommendations discussed with line managers and supervisors

• Intermediate Audit

❑ More detailed and review on plant design and operations

❑ Detailed measurement of high-risk zones
❑ Test on unsafe equipment and operations
❑ Weakness in plant design, equipment and sub systems and O&M procedures
 • Functional Audit
• Comprehensive Audit
❑ Organizational weakness
❑ Full scale audit on safety factors in plant based on ❑ Training
❑ Engineering ❑ Clarity of responsibilities
❑ Analysis ❑ Delegation
❑ Testing ❑ Documentation
❑ Measurement
❑ Module analysis • Safety Facility Audit

❑ Leads to the improvement in plant design, renovation, Ops, Staffing ❑ Reviews unsafe conditions
❑ Classification of risk in facilities
• Envelope Audit
❑ High
❑ Civil works ❑ Medium
❑ Switch yards and electrical plant aux ❑ Low
❑ Stores ❑ Recommendations
❑ Offices and Canteens and security arrangements
❑ Ventilation sys and lightening
 Job Safety Analysis (JSA)

Term job hazard analysis, or JHA for short. But you may have also heard this type of hazard analysis referred to as Job
Safety Analysis (JSA) or Activity Hazard Analysis (AHA).

• It is a method of identifying the risks and hazards associated with each process we perform.
• If we don’t identify all of them, we can’t take corrective action to prevent accidents and injuries.
• So JHA is essential to your safety and health on the job.
• JHA also helps us break a process down into simple individual steps, allowing us to pinpoint all the risks and
hazards associated with each step.
• If you look at an operation, you might see five or six risks or hazards.
• But when you break the operation down into simple discrete steps, you might realize that there are five
or six risks or hazards associated with each step in the operation.
• As you can already see, JHAs provide a system for easily understanding process hazards or risks.
 Why Perform JHAs?
▪ JHAs not only help us identify existing hazards or risks associated with each step in a process,
▪ It also helps us identify potential hazards or risks.
▪ Some are not as evident until you break the process down into simple discrete steps and examine each individual
step in the operation.
▪ JHA also helps us prioritize corrective actions.
▪ Not that all hazards and risks aren’t important.
▪ But we need an organized, prioritized way of going about dealing with workplace hazards.
▪ When a JHA is properly conducted, we are able to reduce, control, or eliminate workplace hazards or risks.
▪ Because if we reduce or eliminate hazards, we reduce or eliminate the risk of accidents, injuries, and process-
related illness.
 What Are the Benefits of JHAs?

▪ The main benefit of course is that JHAs reduce accidents, injuries, and illness, thereby improving safety performance.
▪ Because JHA reduces injuries and illness, it also reduces absences.
▪ This means we have more fully qualified people on the job every day, which means you don’t have to do extra work to
cover for sick or injured co-workers.
▪ And it also means that each one of us is safer on the job.
▪ When we’re fully staffed, people aren’t stressed or overburdened, which means they can take their time and work
safely.
▪ More people at work every day means increased productivity as well.
▪ It means we’re able to meet production schedules and keep our organization operating at peak performance.
▪ JHAs also help improve workplace morale.
▪ When people feel safe in the workplace, they’re happier and more satisfied with their job.
▪ And that means we can all do our best and contribute to the success of the organization.
▪ Another very important aspect of JHAs is that it helps us comply with OSHA and similar workplace regulations.
▪ When we know about all the hazards, we can take the necessary steps to protect everyone as the regulations require.
 What’s the Function of Area Hazard Checklists?
➢ To assist in inspections and to facilitate the identification of workplace hazards we use area hazard
checklists. These checklists help us evaluate:
➢ Equipment
➢ Procedures
➢ Personnel
➢ Are you familiar with the area hazard checklists we use in job hazard analysis?
Which Elements of a Process Are Analyzed?
▪ During JHA inspections the people conducting the inspection will be looking closely at all the discrete elements involved in
an operation or process from start to finish.
▪ Preparation prior to start-up;
• Start-up;
• Activities that take place during the operation or process;
• Shutdown; and
• Maintenance.
➢ All the elements must be analyzed because there may be—and usually are—hazards and risks associated with all of them.
 Steps in the JHA Process
❖ Step One : Process hazard analysis is to break the process down into all the simple, discrete tasks that make up the
process.
❖ Step Two : Identify the hazards involved in each task that must be performed to complete the process.
❖ Some hazards and risks may be repeated in several or all the tasks that make up the process.
❖ Step Three : Evaluating each hazard so that you can determine what to do about it and how to prevent injuries or work-
related illness.
❖ Step Four: Determine safe procedures and protective measures to prevent accidents, injuries, and illness as a result of
each hazard or risk.
❖ Step Five : A JHA might also have to be revised if hazards are eliminated, reduced, or controlled thanks to the previous
hazard analysis.
 Consequence Analysis or Semi Quantitative Risk Analysis

Assessment of possibilities
--- By use of various hazard identification techniques like
➢ Preliminary Hazard Analysis (PHA)
➢ Hazard & Operability Study
➢ Safety Audit
➢ Fault tree analysis
➢ Event tree analysis, etc.
 POSSIBLE HAZARD LIKELIHOOD

Description Level Specific Individual Item Fleet or Inventory

Frequent A Likely to occur frequently Continuously experienced

Probable B Will occur several times in Will occur frequently

life of an item

Occasional C Likely to occur sometime in Will occur several times

life of an item

Remote D Unlikely but possible to Unlikely but can reasonably be expected to occur
occur in life of an item

improbable E So unlikely, it can be Unlikely to occur, but possible

assumed occurrence may not
be experienced
 Hazard Assessment Matrix
HAZARD CATEGORIES
Frequency of
Occurrence I II III IV
Catastrophic Critical Marginal Negligible

(A) Frequent 1A 2A 3A 4A
(B) Probable 1B 2B 3B 4B
(C) Occasional 1C 2C 3C 4C
(D) Remote 1D 2D 3D 4D
(E) improbable 1D 2E 3E 4E
Hazard Risk Index HRI
1A, 1B, 1C, 2A, 2B, 3A I ➢Unacceptable
1D, 2C, 2D, 3B, 3C II ➢Undesirable (Management decision required)
1E, 2E, 3E, 3E, 4A, 4B III ➢Acceptable with review by management
4C, 4D, 4E IV ➢Acceptable without review
 Relationship of qualitative probability ranking to quantitative values

Frequency of Potential relationship to

Description Level
occurrence Quantitative Value

Frequent A High 10-1

Probable B  
Occasional C Medium > 10-3
Remote D  > 10-4
Improbable E Low > 10-6

Risk: ”Chances or possibility of accidental losses or undesired consequences."

❖The probability of a dangerous event posed by a hazard, over a definite time period of exposure or
❖The frequency at which such events will occur and results in fatalities to certain number of people and
❖The consequence of such events in terms of expected number of fatalities per year.
Risk = (Probability) x (Consequences)
 HAZOP
• Definition: A hazard and operability study (HAZOP) is a structured and systematic examination of a planned or existing
process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment or
prevent efficient operation.
• A HAZOP is a qualitative technique based on guide-words and is carried out by a multi-disciplinary team (HAZOP team)
during a set of meetings.
HAZOP Process

• A process flow diagram is examined in small sections, such as individual items of equipment or pipes between them.
• For each of these a design Intention is specified.
• The Hazop team then determines what are the possible significant Deviations from each intention, feasible Causes and
likely Consequences.
• It can then be decided whether existing, designed safeguards are sufficient, or whether additional actions are
necessary to reduce risk to an acceptable level.
 HAZOP STUDY - TEAM COMPOSITION Principles of HAZOP
A Team Leader, an expert in the HAZOP Technique Concept
Technical Members, for example •Systems work well when operating under design conditions.
New Design Existing Plant •Problems arise when deviations from design conditions occur.
Design or Project Engineer Plant
Superintendent Basis

Process Engineer Process Supervisor •a word model, a process flow sheet (PFD) or a piping and
(Foreman) instrumentation diagram (P&ID)

Commissioning Manager Maintenance Method

Engineer
•use guide words to question every part of process to discover
Instrument Design Engineer Instrument Engineer what deviations from the intention of design can occur and
Chemist Technical Engineer what are their causes and consequences may be.
 PRINCIPLES OF HAZOPS Guide Words

GUIDE WORDS*
NONE
MORE OF
LESS OF
PART OF
MORE THAN
OTHER

CAUSE DEVIATION CONSEQUENCES

(from standard (trivial, important,
condition catastrophic)
or intention) -hazard
-operating difficulties
*COVERING EVERY PARAMETER RELEVANT TO THE SYSTEM
UNDER REVIEW:
i.e. Flow Rate. Flow Quantity, Pressure, Temperature, Viscosity, Components
• STUDY NODES
Deviations Generated by Each Guide Word
• The locations (on P&ID or procedures) at which the process Guide word Deviations
parameters are investigated for deviations. These nodes are points
where the process parameters (P, T, F etc.) have an identified design
intent.
• INTENTION
• The intention defines how the plant is expected to operate in the
absence of deviations at the study nodes.
• DEVIATIONS
• These are departures from the intension which can be discovered by
systematically applying the guide words.
• Process conditions
• activities
• substances
• time
• place
EXAMPLE
Guide Word – Parameter Pairs
 EXAMPLE
▪ An alkene/alkane fraction containing small amounts of suspended water is continuously pumped from a bulk
intermediate storage tank via a half-mile pipeline into a buffer/settling tank where the residual water is settled out
prior to passing via a feed/product heat exchanger and preheater to the reaction, is run off manually from the
settling tank at intervals.
▪ Residence time in the reaction section must be held within closely defined limits to ensure adequate conversion of
the alkene and to avoid excessive formation of polymer.
Results of hazard and operability study of proposed olefin dimerization unit: results for line section from intermediate
storage to buffer/settling tank
Guide word Deviation Possible causes
NONE No flow (1)No hydrocarbon available
at intermediate storage.
(2)J1 pump fails (motor
fault, loss of drive,
impeller corroded away
etc.)
(3)Line blockage, isolation
valve closed in error, or
LCV fails shut.
(4)Line fracture
Consequences Action required
Loss of feed to reaction section (a)Ensure good
and reduced output. communications with
Polymer formed in heat exchanger intermediate storage
under no flow conditions. operator
(b)Install low level alarm
on settling tank LIC.
As for (1) Covered by (b)
As for (1) Covered by (b)
J1 pump overheats. (c)Install kickback on J1
pump.
(d)Check design of J1
pump strainers.
As for (1) Covered by (b)
Hydrocarbon discharged into (e)Institute regular
area adjacent to public highway. patrolling & inspection
of transfer line.
Guide word Deviation Possible causes Consequences Action required
MORE OF More flow (5)LCV fails open or LCV Settling tank overfills. (f)Install high level alarm
bypass open in error. on LIC and check
sizing of relief opposite
liquid overfilling.

(g)Institute locking off

procedure for LCV
bypass when not in use.

Incomplete separation of water (h)Extend J2 pump suction

phase in tank, leading to line to 12’’ above tank
problems on reaction section. base.

More pressure (6)Isolation valve closed in
error or LCV closes, with
J1 pump running.
Transfer line subjected to full
pump delivery or surge pressure.
(j)Covered by (c) except
when kickback blocked
or isolated. Check line.
FQ and flange ratings
and reduce stroking
speed of LCV if
necessary. Install a PG
upstream of LCV and
an independent PG on
settling tank.

(7)Thermal expansion in an Line fracture or flange leak. (k)Install thermal expansion

isolated valved section due relief on valved section
to fire or strong sunlight. (relief discharge route to
be decided later in study).

More (8)High intermediate storage Higher pressure in transfer line (l)Check whether there is
temperature temperature. and settling tank. adequate warning of
high temperature at
intermediate storage. If
not, install.
 HAZOP PREPLANNING ISSUES
Preplanning issues addressed in a typical refinery unit HAZOP
include the following:
• Verification of as-built conditions shown on the P&IDs
• Line segment boundaries set; markup of P&IDs
• List of support documents compiled
• P&IDs (base study document)
• Process flow diagrams (PFDs)
• Process description
• Operating manuals/procedures
• Processing materials information
• Equipment and material specifications
• Tentative schedules of time to be spent per P&IDs
sheet
• Recording technique (computer program or data
sheet) determination
• List of standard abbreviations and acronyms compiled
• Criticality rankings devised
• HAZOP training given to all team members (one day)
• Arrange for system or process briefings for team
before work begins.
HAZOP STUDY LOGISTICS
Logistical development of this refinery unit HAZOP
included the following:
• Preplanning issues were addressed the prior week.
• The team include three core team members and four part-
time members.
• The study included 16 moderately busy P&IDs.
• The study took three and one-half weeks.
• The team met 4 hours per day in morning review sessions
and spent 2 hours per day on individual efforts for reviews,
follow-ups, and field checks.
• Dedicated space was required for storing the large number
of documents.
• The study resulted in 170 data sheets.
• The team recorder used a personal computer to record, sort,
and retrieve data.
• The plant operator was the key contribution plant member
of the team.
• Key operating procedures were reviewed relative to the
P&IDs and safe engineering practices.
 Fault Tree Analysis
The Fault Tree Analysis includes all segments which may cause, contribute to or be affected by an incident.

The Fault Tree Analysis views potential event sequences which may result in an incident.

• Diagram looks like a tree.

• Each branch lists sequence of events (failures) for different paths to the end event.

• Probabilities assigned to each event then used to determine the statistical probability to the end event which is posed.

• An appropriate equivalent methodology may also be adopted for use.

Advantages
• Quantitative - defines probabilities to each event which
can be used to calculate the probability of the top event.
• Easy to read and understand.

Disadvantages
• Need to have identified the top event first.
• More difficult than other techniques to document.
• Complex and time consuming.
• Quantitative data needed to perform properly.
 Fault Tree Analysis
The procedure for conducting a FTA is:
1) Prepare and organize the study.
2) Construct fault tree.
3) Analyze fault tree.
4) Quantify fault tree.
5) Evaluate results.
6) Identify any recommendations.
7) Document the results.
8) Resolve recommendations.
9) Follow up on recommendations.
 Fault Tree Analysis
• The fault tree is a graphical representation of the basic causes interactions that may result in a hazardous or undesirable
event.
❖ Use of deductive logic.
❖ Logical diagram in the reverse sequence
❖ Failure frequency are available Fail To Get
To Work On
❖ Be estimated with the common sense Time

Collision: Collision:
Major Minor
Bike Flat Tire
Stolen Damage Damage
to Bike to Bike

Cyclist Ride Driver

Driver cuts Potential Bike To Hits Cyclist
Cannot
Off Cyclist Calamity Work With Door
Avoid Car
 Fault Tree Analysis
• FTA is not comparable to standard PHA methods.
• It does not identify a full set of hazard scenarios for a process.

• Identify the causes of a particular incident (called a top event) using deductive reasoning.
• Often, it is used when other PHA techniques indicate that a particular type of accident is of special concern and a
more thorough understanding of its causes is needed.
• Thus, it is a useful supplement to other PHA techniques.
• Sometimes FTA is used in the investigation of incidents to deconstruct what happened.
• FTA is also used to quantify the likelihood of the top event.
• It is best suited for the analysis of highly redundant systems.

❖ FTA identifies and graphically displays the combinations of equipment failures, human failures, and external
events that can result in an incident.

➢ FTA is not a technique that lends itself to a team-based study.

 Failure Mode and Effect Analysis

FMEA is a systematic list that includes the failure mode, the effects of each failure, the safeguards that exist, and the
additional actions that can be taken
FMEA is a hazard evaluation procedure in which failure modes of system components, typically process equipment, are
considered to determine whether existing safeguards are adequate.

➢ Failure modes describe how components fail

• (e.g., open, closed, on, off, leaks, etc.).

The effects of each failure mode are the process responses or incident resulting from the component failures, that is,
hazard scenario consequences.

An FMEA becomes an FMECA (failure modes and effects and criticality analysis) when a criticality ranking is included for
each failure mode and effect.

• A criticality ranking is the same as a risk ranking.

❖ FMEA is used extensively in the aerospace, nuclear, and defense industries.
 Failure Mode and Effect Analysis
❑ Typically, it is used in the process industries for special applications such as reliability centered maintenance (RCM)
programs and the analysis of control systems.
❑ FMEA can be conducted at different levels of resolution.
❑ For PHA purposes, usually it is conducted at the equipment level,
❑ Valves,
❑ Pumps,
❑ Lines.
❑ For RCM purposes, usually it is conducted at the equipment component level,
❑ Motor,
❑ Shaft,
❑ Impeller,
❑ Casing,
❑ Seal,
❑ Bearings, and so on for a pump.
The procedure for conducting a FMEA is:
• Prepare and organize the study. • Identify safeguards.
• Subdivide the process. • Perform risk ranking.
• List process equipment. • Identify any recommendations.
• Identify equipment failure modes. • Document the results.
• Optionally, identify causes of failure modes. • Resolve recommendations.
• Specify effects (consequences). • Follow up on recommendations

Types of FMEAs

 Design

 Analyzes product design before release to production, with a focus on product function

 Analyzes systems and subsystems in early concept and design stages

 Process

 Used to analyze manufacturing and assembly processes after they are implemented
 Definition Of Terms
• Failure Mode

The way in which a specific process input fails

❑ If it is not detected and either corrected or removed, it may cause a negative “Effect” to occur
❑ Can be associated with a defect (in discrete manufacturing) or a process input variable that goes outside of specification
✓ Anything that an operator can see that’s wrong is considered a Failure Mode

❑ Effect: The adverse impact on customer requirements.

Generally, has an external customer focus, but can also include downstream processes.
A product or process that does not perform satisfactorily to design
❑ Cause: Whatever causes the Failure Mode to occur.
How a specific part of the process (operation or component) can cause a Failure Mode.
A worn spindle (cause) may cause a dimension to be out of tolerance (mode) which may cause the part to not fit
(effect)
 Definition Of Terms

❑ Severity: An assessment of how serious the Failure Effect (due to the Failure Mode) is to the customer
❑ Occurrence: An assessment of the likelihood that a particular Cause will happen and result in the Failure Mode
❑ Detection: An assessment of the likelihood that the current controls will detect the Cause of the Failure Mode or
the Failure Mode itself, should it occur, thus preventing the Failure Effect from reaching your customer.
❑ The customer in this case could be the next operation, subsequent operations, or the end user

❑ Current Controls: Systematized methods/devices in place to prevent or detect failure Modes or Causes (before causing
effects)
✓ Prevention-based controls may include Mistake Proofing, automated controls, setup verifications, Preventive
Maintenance, and
Control Charts
✓ Detection-based controls may include audits, checklists, inspection, laboratory testing, and Control Charts
 Rating Definitions Typical Scales

Rating Severity
Severity Occurrence
Occurrence Detection
Detection
High 10 Hazardous without warning Very high and almost Cannot detect
inevitable

Loss of primary function High repeated failures Low chance of

detection

Loss of secondary function Moderate failures Moderate chance of

detection

Minor effect Occasional failures Good chance of

detection

No effect Failure unlikely Almost certain

Low 1 detection

Note : Determine if your company has rating scales and rules.

In some companies, rating a “10” on severity may have legal consequences.
 Risk Priority Number (RPN)
❑ A key output of an FMEA is the “Risk Priority Number”

❑ The RPN is a calculated number based on information

you ❑ The Risk Priority Number need not be limited to Severity,

provide regarding: Occurrence, and Detection.

Some examples:
✓ The likelihood of potential causes of Failure Modes
✓ Add an “Impact” score to estimate the overall impact of
✓ The seriousness of the resulting effects
the Failure Mode on the process (10 = high, 1 = low)
✓ The current ability of the process to detect the
✓ Add an “EHS” rating to a project FMEA to incorporate
causes of the Failure Modes before they cause an
possible environmental impact (10 = high, 1 = low)
effect to reach a customer
✓ Add an “EOC” or Ease Of Completion (10 = easy, 1= hard)
❑ It is calculated as the product of three (3) ratings, each to help prioritize/focus projects
one related to the severity, frequency, and detect ability

RPN = Severity x Occurrence x Detection

Regardless of RPN, high severity scores should be given special attention.
 9 Strategies To Complete An FMEA

❖ For each Process Input, determine the ways in which the Process Step can go wrong (Failure Modes)
❖ For each Failure Mode associated with the inputs, determine Effects
❖ Identify potential Causes of each Failure Mode
❖ List the Current Controls for each Cause
❖ Assign Severity, Occurrence, and Detection ratings to each Cause
❖ Calculate RPN
❖ Determine Recommended Actions to reduce High RPNs
❖ Take appropriate actions and document
❖ Recalculate RPNs
 FMEA: A Team Tool
 A team approach is necessary.

 Team should be led by the Process Owner who is the responsible manufacturing engineer or technical person, or other

similar individual familiar with FMEA.

 The following should be considered for team

members:

– Design Engineers – Operators

– Process Engineers – Reliability

– Materials Suppliers – Suppliers

– Customers

Identify failure Identify causes Prioritiz Determine and

modes and their of the failure e assess actions
effects modes
and controls
 The FMEA Form - The Analysis Section

PAPERWORK TURN STEAM ON

LOAD DMF LOAD DICY LOAD 2MI 1
TO DICY TANK

BILL OF MATERIALS SCALE ACCURACY

LOAD ACCURACY LOAD ACCURACY
LOAD ACCURACY
ISO PROCEDURES

REWORK
PREHEATING
CLEANLINESS ENVIRONMENT
(HUMIDITY)
ENVIRONMENT Process Map
(HUMIDITY)
RAW MATERIAL RAW MATERIAL
RAW MATERIAL
MIXER SPEED
MIXER SPEED

FMEA
The FMEA Form - The Analysis Section
 Event Trees for Quantitative Risk Analysis
• Event tree analysis evaluates potential accident outcomes that might result following an equipment failure or
process upset known as an initiating event.
• It is a “forward-thinking” process
• potential accidents,
• accounting for both the successes and failures of the safety functions as the accident
• the analyst begins with an initiating event and develops the following sequences of events that
progresses.

❖ Event trees graphically display the progression of event sequences beginning with a starting event, proceeding to
control and safety system responses, and ending with the event sequence consequences.
❖ ETA helps analysts to determine where additional safety functions will be most effective in protecting against the
event sequences.
❖ Typically, ETA is used to analyze complex processes that have several layers of safety systems or emergency
procedures to respond to starting events.
❖ Event trees are used to follow the potential course of events as the event moves through the various safety
systems.
❖ The probability of success or failure of each safety intervention is used to determine the overall probability of each
final outcome.

An Event Tree is used to determine the frequency of occurrence of process shutdowns or runaway systems.

Inductive approach

Specify/Identify an initiating even and work forward.

Identifies how a failure can occur and the probability of occurrence

Identify an initiating event

❖ May have been identified during a HAZOP as a potential event that could result in adverse consequences.
❖ Usually involves a major piece of operating equipment or processing step, i.e., a HAZOP “Study Node”.
 Procedure Identify safety functions

The procedure for conducting an ETA is:

➢ From PID, process flow sheet, or procedures find what
1) Prepare and organize the study.
safety systems are in place and what their functions
2) Identify a starting event.
are.
3) Identify controls and safeguards that respond to
➢ These can include things such as automatic controllers,
the event.
alarms, sensors, operator intervention, etc.
4) Construct the event tree.
➢ On you Event Tree write across the top of the page in
5) Describe the event sequence outcomes.
the sequence of the safety interventions that logically
6) Optionally, calculate the frequencies of the
occur.
outcomes.
➢ Give each safety intervention an alphabetic letter
7) Identify any recommendations.
notation.
8) Document the results.
9) Resolve recommendations.
10) Follow up on recommendations.
 Construct the Event Tree
Horizontal lines are drawn between functions that apply

Vertical lines are drawn at each safety function that applies

Success – upward
Compute frequency of failures
Failure – downward

Indicate result of event

Circle – acceptable result

Cross-circle – unacceptable result

B is the failure per demand or the unavailability of safety function B

Occurrence Frequency
• Follow process through with each step to calculate the frequency of each consequence occurring.
• Typically three results
• Continuous operation Guidelines
• Shutdown (safely) 1. Identify an initiating event of interest.
• Runaway or fail 2. Identify the safety functions designed to deal with
the initiating event.
Mean time between Shutdown
3. Construct the event tree.
Mean Time Between Shutdown, MTBS is calculated
4. Describe the resulting accident event sequences.
from:
MTBS=1/occurrences of shutdowns

Mean Time Between Runaway, MTBR is calculated

from:
MTBR=1/ occurrences of runaways
Step 1 Identify the initiating event Step 2 Identify the Safety Functions Designed to Deal with the Initiating
Event
• system or equipment failure
Safety system that automatically respond to the initiating event.
• human error
• Alarms
• process upset
• Barriers or Containment methods
• [Example]
“Loss of Cooling Water” to an Oxidation
Reactor

Step 3: Construct the Event Tree Step 4: Describe the Accident Sequence

a. Enter the initiating event and safety functions.

b. Evaluate the safety functions
 Consequence of chemical hazards

❖ Risk assessment includes incident identification and consequence analysis.

❖ Incident identification describes how an accident occurs.
❖ It frequently includes an analysis of the probabilities.

▪ Consequence analysis describes the expected damage.

▪ Loss of life,
▪ Damage to the environment or
▪ Capital equipment, and days outage.
➢ For every accident, there are potentially many people and different populations at risk—the so-called risk populations.
➢ For an incident in a chemical plant,
➢ Example, risk populations would include the workers in the plant, workers in adjacent plants, and the people
living nearby in the surrounding community since they may be seriously affected by a plant incident.

There are two methods of risk determination

• Qualitative risk determination
• Quantitative risk determination
 QUANTITATIVE RISK DETERMINATION

• Risk indices are single numbers or tabulation of numbers which are correlated to the magnitude of risk.
• Some risk indices are relative values with no specific units, which only have meaning within the context of the
risk index calculations.
• The main two risk sets are:
• Individual risk
• Societal risk

❖ Individual risk calculations are normally performed when considering a plant employee exposed to plant hazards.
❖ In contrast, with societal risk, a group of people is exposed to one or more hazards.
❖ Societal risk calculations are normally performed when considering the risks to a community surrounding a chemical
plant and exposed to multiple plant hazards.

Methods to calculate and display individual and societal risk

 Individual risk

Individual risk(IRx,y): Probability of death per year of exposure to an individual at a certain distance from the hazardous
source. It is usually expressed in the form of iso-risk contours.

IR x,y =ΣIR (x,y,i)

IR (x,y,i)= Σfi*pfi

Pfi is obtained using probit equation. AlChe/CCPS is used for converting probit equation to probability
 Different probit functions used for calculation
The probit models are generally expressed as
Pr =k1+k2(ln V)
Probit equations are available for a variety of exposures, including exposure to toxic materials, heat, pressure and
radiation, impact and sound.
P=a+bln cnt
Esignberg also provides a probit function for fatalities due to direct effect of overpressure as follows
Pr=-77+6.91(ln P0)
 Societal risk
▪ It is based on the principle that often fatalities are the best way to express the seriousness of an accident and provides
a simplified basis for risk evaluation.
▪ Societal risk is defined as the relationship between frequency and the number of fatalities in a given population from
an undesired event.
▪ Societal risk evaluation is concerned with estimation of the chances of more than one individual being harmed
simultaneously by a same accident.

Depending on the scope and objectives of the LOPA study, risk tolerance
criteria
may be needed for: • different hazardous events, for example:
• different types of receptors, for example: – fire
– people – explosion
– environment – toxic material release
– property – runaway reaction
• different classes of a receptor, for example: • different levels of harm, for example:
– employees versus the public – multiple versus single fatalities, fatalities versus injuries
– on-site property versus off-site property – environmental remediation versus cleanup
 Societal risk
Societal risk is a measure of risk to a group of people. It is most often expressed in terms of the frequency distribution of
multiple casualty events. (FN curve).
• Number of people affected by all incident outcome cases can be estimated using the following equation

FN-curve is a type of risk curve that displays the probability of having N or more fatalities per year, as a function of N, on a
double logarithmic scale.

• Information about societal risks and to depict at least three different types of information

• Historical record of incidents;

• Results of a Probabilistic Safety Assessment (PSA);
• Criteria for judging the tolerability of risk.