DuPont Methodology For Risk Assessment and Process Hazard Analysis

DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 1 TABLE OF CONTENTS
SECTION - 2 BASIS
2.1 Philosophy
Process hazards analysis (PHAs) are used to identify, evaluate and develop methods to control
significant hazards associated with Higher Hazard Processes (HHP) and Lower Hazard Operations
(LHO). These hazards generally represent the potential for fires, explosions and / or release of
toxic materials. PHAs use an organized, methodical study approach, seek to achieve a
multidisciplined consensus on hazard control and document results for future use in follow-up,
emergency planning and training of personnel involved in operating and maintaining the process.
Process Hazard Analysis systematically identifies the potential safety hazards and is a well-defined
program to remove or lower these hazards.
2.2 Purpose
The purpose of this procedure is to ensure the timeliness, consistency, and adequacy of process
hazard analyses (PHAs) across the site. PHAs are examinations of each new or existing facility to
assure that hazards of "catastrophic and major" safety or environmental consequences are identified
and adequately controlled to an acceptable risk level.
2.3 Summary
This procedure is intended to address the requirements and guidelines related to:
 When to Conduct a Process Hazard Analysis
 PHA Planning and Team Preparations
 Hazards Identification and Field Tour
 What is a Consequence Analysis
 Hazards Identification Techniques
 How to develop PHA report
 How recommendations generated in a PHA shall be managed
 How training of personnel and emergency response planning is done based on PHA findings.
1
SECTION - 3 DEFINITIONS AND ABBREVIATIONS
3.1 Definitions
3.1.1.i Administrative Controls
Procedures for directing and/or checking human performance on a plant or process task (e.g., vessel
entry, hot work permits, lock-out / tag-out procedures)
3.1.1.ii Baseline PHA
The initial review of a process which is intended to serve as the foundation for future reviews and/or
revalidations
3.1.1.iii Charter
The process hazards analysis teams' directive from Sub HSE (P) chairman that defines the team's scope
of responsibilities, tasks, and objectives.
3.1.1.iv Checklist Review
A hazards evaluation method based upon comparing a process or system against the collective
experience of those who have operated the process or system in the past, relevant codes, standards,
procedures, and / or regulations.
3.1.1.v Consequence
The direct, undesirable result of an accident sequence, usually involving a fire, explosion, or release of
toxic material
3.1.1.vi Consequence Analysis
The development of potential scenarios describing hazardous events that may occur due to loss of
engineering or administrative, controls and the evaluation of resulting impact on site personnel, off-
site communities, and the environment. Consequences are analyzed independently of the event's
probability or frequency of occurrence.
3.1.1.vii Continuous Release
Releases lasting more than one minute are usually treated as continuous, for purposes of dispersion
calculation.
3.1.1.viii Credible Events
Occurrences or scenarios deemed to be reasonably capable of happening.
3.1.1.ix Cyclical PHA
Periodic revisiting / validation of the PHA(s) for a process or operation, conducted at specified intervals
(05 years for HHP and 10 years for LHO) during the life cycle of the facility.
3.1.1.x Engineering Controls
Systems or interlocks involving the operation of physical components (e.g., sensors, transmitters,
valves, or other control elements, dykes for containment) without human intervention (that is,
"automatically").
3.1.1.xi ERPG (Emergency Response Planning Guidelines)
A system of guidelines, developed by a committee of the American Industrial Hygiene Association,
which are intended to provide estimates of concentration ranges where one might reasonably
anticipate observing adverse effects as described in the definitions for ERPG-I, ERPG-2, and ERPG3,
as a consequence of exposure to a specific toxic substance.
2
3.1.1.xii ERPG I
The maximum airborne concentration below which it is believed that nearly all individuals could be
exposed for up to 0I hour without experiencing other than mild transient adverse health effects or
perceiving a clearly defined objectionable odor.
3.1.1.xiii ERPG 2
exposed for up to 01 hour without experiencing or developing irreversible or other serious health
effects or symptoms that could impair their abilities to take protective action.
3.1.1.xiv ERPG 3
exposed for up to I hour without experiencing or developing life-threatening health effects.
3.1.1.xv Facility Siting
The activity of designing, locating and evaluating buildings relative to hazardous processes, for the
purpose of protecting personnel and / or critical equipment from the effect of fires, explosions, and
/ or toxic releases.
Siting means identifying how hazardous events in a process block can affect plant personnel in and
around the hazard epicenter. It is similar to a consequence analysis (CA) in that it identifies effects
away from the immediate area of the hazard. It differs from the CA in that siting focuses on the
impact on the site while the CA focuses on the impact both off the site and on the site.
3.1.1.xvi Failure Mode and Effects Analysis (FMEA)
A qualitative hazard evaluation method in which all of the known failure modes of components or
features in a system or process are analyzed in turn for undesired outcomes
3.1.1.xvii Fault Tree Analysis
A methodology for developing a logical model (i.e., the fault tree) of the various combinations of
basic events (e.g., system or component failures) that can result in a particular outcome (e.g., a
major accident), known as the top event. Through the use of Boolean algebra, the model can be
quantitatively evaluated to determine the estimated frequency of the top event.
3.1.1.xviii Field Tour
A step in a process hazards analysis involving a walk-through inspection of the area under review
by the PHA team, for the purposes of familiarizing the team with the process and layout and initiating
the identification of hazards.
3.1.1.xix Flash point
The minimum temperature at which a liquid gives off vapor in sufficient concentration to form an
ignitable mixture with air near the surface of the liquid within the vessel as specified by appropriate
test procedures and apparatus described in NFPA 30.
3.1.1.xx Frequency
The number of occurrences of an event per unit of time
3.1.1.xxi Hazard
An inherent property or characteristic of a material, system, or process that has the potential for causing
serious injury to people and/or property or environmental damage
3.1.1.xxii Hazard and Operability Analysis (HAZOP)
3
A systematic, qualitative technique to identify process hazards and potential operating problems using a
series of guide words to study deviations of relevant process parameters.
3.1.1.xxiii Hazard Control
The development of recommendations for process or procedures modifications that reduce the
risk associated with hazardous events. These modifications address reducing either the event
consequences or the probability of occurrence. Hazard control is applied only to those potential
hazardous events where the assessed risk is above acceptable levels.
3.1.1.xxiv Hazard Evaluation
The application of process hazards analysis methodologies (also commonly referred to as hazard
evaluation methodologies) to determine the significance of hazardous situations associated with a
process or activity. It uses qualitative or quantitative techniques to pinpoint weaknesses in design,
operation, and lines of defense, provided by engineering and administrative controls, which can lead
to hazardous events. It may also provide an assessment of risk resulting from the magnitude of the
consequence and the probability of the event occurring.
3.1.1.xxv Hazard Evaluation Methodology
A systematic analytical technique used for the analysis of a process, for the purpose of identifying
hazards inherent in the process and potential hazardous events resulting from accident or
misoperation (e.g., HAZOP, "What if'/checklist).
3.1.1.xxvi Hazard Identification
A systematic approach to characterizing handled material and process conditions that may result in
hazardous events, like explosions, fires, and releases of toxic materials.
3.1.1.xxvii Hazardous Event
Undesired, dangerous release of materials or energy (e.g., toxic/corrosive discharges, fires, and
explosions) with potential for causing serious injury to people and / or significant property or
environmental damage. It may result from a single unplanned event or sequence of events.
3.1.1.xxviii Hazardous Substance
Any substance that, when released or ignited, or when its energy is released, can result in death or
irreversible human health effects, significant property damage, or significant environmental harm
because of the substance's acute toxicity, flammability, explosivity, corrosivity, thermal instability,
latent heat, or compression.
3.1.1.xxix Hazard of Materials
The physical and chemical properties of process substances pertaining to their toxicity, flammability,
explosivity, corrosivity, reactivity, etc., that when released create hazards to people, facilities, and
the environment.
3.1.1.xxx Higher Hazard Process (HHP)
Any activity manufacturing, handling, storing, or using hazardous substances that, when released or
ignited, can result in death or irreversible human health effects, significant property or
environmental damage, or off-site impacts due to acute toxicity, explosivity, corrosivity, thermal
instability, latent heat, or compression. Local regulations may add additional considerations for
processes in this category. Examples of hazardous substances include the following when their use
poses a reasonable potential for causing any of the effects listed above: quantities of pressurized fuel
gases, flammables, combustibles above their flash points, explosives, combustible dusts, high and
moderate acute toxicity materials, strong acids and caustics, and steam above 300 psig. Also
4
operations involving chemicals where runaway conditions would result in container (vessel, tank
etc) failure are included.
3.1.1.xxxi Human Factors

A discipline concerned with the design of machines, processes, operations, and work environments so
that they do not exceed human capabilities and limitations.
3.1.1.xxxii Inherently Safer
The pursuit of designing hazards out of chemical processes and equipment, rather than the use of
engineering or procedural controls to reduce the frequency or mitigate the consequences of
potential hazardous events
3.1.1.xxxiii Inherently Safer Process
Processes using equipment, materials, or process steps having none or reduced hazards associated with
them (e.g., using water as a solvent instead of a flammable hydrocarbon).
3.1.1.xxxiv Lines of Defense
The sequence of protective systems or devices associated with preventing the escalation of an event
sequence to a hazardous outcome and/or mitigating the effects of a hazardous event once it has
occurred.
3.1.1.xxxv Lower Hazard Operation (LHO)
Any activity that exclusively manufactures, handles, stores, or uses any substances with low potential
for death or irreversible human health effects, significant property or environmental damage, or off-
site impacts due to toxicity, mechanical hazards, or asphyxiation. Examples of lower-hazard
substances include combustibles maintained at temperatures below their flash points, inert
cryogenic gases, steam below 75 psig, fuel gases below I psig, low acute toxicity materials, chronic
toxics, and lesser quantities of hazardous substances not posing a reasonable potential for death or
irreversible human health effects, significant property or environmental damage, or off-site impacts.
Examples of lower mechanical hazard operations would include melt casting / extrusion and
tabletting or palletizing operations.
3.1.1.xxxvi Management of Change (MOC)
A systematic procedure, change of design, or test authorization procedure for the analytical review
of changes (including subtle changes) to the documented Process Safety Information (PSI) package
and/or facilities for consideration of potential hazards being introduced to the process, system or
operation, and their elimination or control.
3.1.1.xxxvii PHA Resource / Facilitator
An individual trained and experienced in the application of hazard evaluation methodologies.
3.1.1.xxxviii Pre-Authorization PHA
The second stage of process hazards analysis during the capital project life cycle, conducted prior
to project authorization. Its primary purposes are to review the screening process hazards analysis
(PHA), review any changes of scope or design intent since the screening PHA, confirm that all of
the process hazards in the process / project have been identified, and determine if the current scope
/ estimate is sufficient to provide the necessary facilities to control all of the hazards.
3.1.1.xxxix Process Hazard
5
A condition which has the potential to result in a release of, or exposure to, a hazardous substance,
or in the release of energy (mechanical or chemical), which in turn can cause serious injury to
personnel, significant property damage or significant environmental harm.
3.1.1.xl Process Hazard Analysis

A PHA is a systematic and comprehensive study of the hazardous events that could occur in the
process, using a multi-disciplined team and a combination of methodologies. The team evaluates the
possible harmful effects of each event versus the current protection and decides on whether
additional protection is needed. Recommendations are made where appropriate. Follow up on
recommendations is required.
3.1.1.xli Process Hazards Review (PHR)
The application of process hazards review methodologies (also commonly referred to as hazard
evaluation methodologies) to determine the significance of hazardous situations associated with a
process or activity. It uses qualitative or quantitative techniques to pinpoint weaknesses in design,
operation and lines of defense, provided by engineering and administrative controls, which can lead
to hazardous events. It may also provide an assessment or risk resulting from the magnitude of the
consequence and the probability of the event occurring. In general, it is the application of a hazards
evaluation methodology to an area under study.
3.1.1.xlii Qualitative Risk Assessment
The systematic development of non-quantitative estimates of the expected frequency and
consequence of potential hazardous events associated with a process, facility, or operation, based
upon engineering evaluation.
3.1.1.xliii Recommendations
Proposed modifications to equipment, facilities, operating procedures, engineering controls, or
administrative controls deemed necessary by a process hazards analysis study team or audit team
to reduce risk and permit safe operation.
3.1.1.xliv Records
All paper and electronic documentation generated or received in the ordinary course of business.
For process safety information, this includes, but is not limited to, engineering drawings and reports,
equipment records, codes and standards, calculations, and testing / evaluation files.
3.1.1.xlv Risk
The product of the expected frequency (events / unit time) and the consequences (effects / event)
of a single hazardous event or group of hazardous events. Typically it is used as a measure of
potential economic loss or human injury in terms of the probability of the loss or injury occurring
and the magnitude of the loss or injury if it occurs.
3.1.1.xlvi Safe Haven
A room or building which by virtue of its construction and heating, ventilation and air conditioning
features, will prevent infiltrations of intolerable concentrations of toxic vapors when the building is
subjected to a toxic cloud of specified concentration and duration.
3.1.1.xlvii Safety Critical Equipment
Devices, equipment or systems whose failure could result in, allow or contribute to the release of
or exposure to sufficient quantities of hazardous substances or their energy (i.e., fires, explosions,
etc.) that could result in serious injuries or irreversible health effects, significant property damage
6
or significant environmental impact or adversely affect response to such failures as opposed to other
equipment failures which are unlikely to result in more than minor injuries (e.g., medical treatment
or first aid case. This includes:
 Any plant equipment (vessels, pipelines, valves etc.) which contains hazardous material in
sufficient amounts
 Systems, instrument and controls, interlocks etc. that prevent loss of containment of hazardous
material
 Equipment to respond to or mitigate the effects of a loss of containment e.g., firefighting
equipment, hydrants, hoses, safety showers, fire suppression systems, emergency response
communication equipment etc.
3.1.1.xlviii What If / Checklist
A hazard evaluation methodology in which the review team utilizes their experience and creativity to
generate, answer and evaluate a list of "what if' questions to identify potential process hazards
3.1.1.xlix "What if” / Checklist Analysis
A hazards evaluation methodology in which the review team combines the "what if' and checklist
methods to produce a more robust review.
3.1.1.l Worst Case
The release scenario that results in the greatest off-site impact with respect to both distance and
population if the selected consequence evaluation criterion can occur
3.1.1.li Worst case events
The most severe hazardous events or incidents, considering incident outcomes and consequences
that are considered to be possible. Such events typically include total loss-of-containment scenarios
or runaway reactions resulting in major fires, explosions, or toxic releases.
Abbreviations
E&IH Environment and Industrial Hygiene PFDs Process Flow Diagrams
EPA Environmental Protection Agency PHR Process Hazard Review
ERPG Emergency Response Planning Guide PLC Programmable Logic
FMEA Failure Mode and Effect Analysis PM Controllers
FTA Fault Tree Analysis PPE Preventive Maintenance
HAZOP Hazard and Operability PrM Personal Protective Equipment
HHP Higher Hazard Process PSI Production Manager
HSE Health, Safety and Environment PSM Process Safety Information
I&E Instrument and Electrical SMP Process Safety Management
JSA Job Safety Analysis SOP Safety Management Practices
LHO Lower Hazard Operation MOC Standard Operating Procedure
MPT Management Professional Technical Sub HSE (P) Management of Change
AR Appropriation Request PHA Sub HSE (process)
DDC P&IDs Process Hazards Analysis
Document and Data Controller Process and Instrumentation
Diagrams
American Industrial Hygiene
AIHA
Association
7
SECTION - 4 PHA REQUIREMENTS
A PHA is a systematic and comprehensive study of the hazardous events that could occur in the
process, using a multi-disciplined team and a combination of methodologies (What If / Checklist,
HAZOP, Failure Mode and Effect Analysis etc.). It also evaluates the ways to either eliminate the
hazard or reduce the risk to an acceptable level.
To ensure that this activity is conducted properly following guidelines have been developed. These
guidelines also comply with the requirement of the OSHA standard 1910.119.
4.1 PHA Requirements
This section establishes the requirements for identifying, evaluating, controlling, and documenting
hazardous events and the consequences of these events. Site standards and organizational
responsibilities to conduct PHAs are defined for Higher Hazard Processes and Lower Hazard
Operations.
1. Develop a process which includes:

 Annual PHA planning of every post and unit
 Conduct PHA (including consequence analysis), documentation and follow up
2. Process Hazard Analysis must be conducted for new project facilities, existing facilities (cyclical
PHAs), mothballing or dismantling of process facilities or any significant change in process
technology requiring a management of change authorization e.g., Sub HSE etc. See details in
Section - 5 When to Conduct a PHA
3. Annual PHAs schedule shall be developed by the Safety Section and approved by Manufacturing
HSE as per PHA frequency guidelines given in Section 5.4 PHA Frequency , the schedules shall
be stewarded quarterly or half yearly
4. To provide consistency and quality PHA across the site, frequency, scheduling and
implementation of PHAs shall be clearly identified in annual PHA plans
5. Process Hazard Analysis of all the new projects / major modifications is mandatory. The cyclic
PHA of existing facilities is under taken as per approved frequencies depending upon severity of
process (HHP or LHO)
6. In the design and appropriation phase, all new projects / major modifications, including
acquisitions should have a Process Hazard Analysis (PHA). The form and size of PHA will vary
depending on project size, complexity, and level of risk
7. The appropriation process should provide checks to ensure that PHA has been done and that
the acceptability of potential added risks is agreed to. The appropriation request (AR) approving
authority should be informed off and agreed to deviations and risk
8
8. PHAs are conducted by trained team leaders with a cross functional team membership, including
those with expertise from outside the unit, as appropriate. Outside resources (Safety Specialists,
etc.) shall also be considered where required
9. Consequence Analysis is based on scientific and empirical information that reflects a thorough
understanding of the hazards of the operation and the measures to control the hazards. See
details in Section - 7 Hazard Identification and Field Tour
10. Documentation of consequence analysis includes reasons for worst case scenario selection,
methods used and assumptions made
11. Scientific and empirical information is available in OSHA and EPA guidelines (PHA Resource
Manual Section 1 and 5). This data is required prior to start the PHA and will be used to support
PSM 9 Level-2 Procedure on Procedures & Performance Standards as well as risk assessment
decisions relating to Inspection and PM Recommendations
12. Process Hazard Review (PHR) shall be conducted using a multi-disciplined team and one of
following 04 methodologies :
 What If / Checklist
 Hazard and Operability Study (HAZOP)
 Fault Tree Analysis (FTA)
 Failure Mode and Effect Analysis (FMEA)
13. The team evaluates the possible harmful effects of each event versus the current protection and
decides on whether additional protection is needed or not
14. For each hazardous event identified, the PHA team shall document a risk level (1 – IV) as well
as consequence (C1 – C4) and frequency rating (F1 – F4) as defined in the “Qualitative Risk
Assessment Protocol”. For details see Section 10.1 Hazard / Risk Evaluation Requirements
15. The PHA team is required to address human factors if the process is a Higher Hazard Process.
For details see Section 9.3 Human Factor Checklist
16. Facility Siting must be considered in PHA for Higher Hazard Processes and for processes
covered by the OSHA regulation. For details see Section 9.4 Facility Siting
17. In a PHR, consideration should be given to how to make the process inherently safer by
eliminating or minimizing hazards (required in HHP). For details see Section 9.5 Inherently Safer
Processes
18. Recommendations are made where appropriate based on risk score for each and every
identified risk. See details in Section - 10 Risk Scoring and Recommendations Developing and
Managing Recommendations
19. Cases where the cost of compliance is substantial and / or the risk of non-compliance is great
are reviewed at the appropriate level of Sub HSE or Manufacturing HSE
20. Additionally, major projects or the introduction of new processes or chemicals can add
significant risk to the site. For these cases, it is appropriate to escalate the Risk Management
decision to Corporate HSE Committee
9
21. PHA report completion and circulation responsibilities lie with the sponsor of the risk
assessment activity, that is, Operations Unit Managers for existing facilities or Process
Engineering Section Head in case of new or modified facilities
22. PHA sign off and declaration is to be carried out by the complete team after completing the
activity and should be the part of report
23. Health Risk Assessment (HRA) & Environmental Impact Assessment (EIA) activities are to be
conducted along with PHA activities during the course of excersie
24. A system shall be in place to approve and monitor the progress on the PHA recommendations.
See details in Section - 12 Recommendations – Tracking, Closure, Changing Dates, Rejections
and Waivers
25. Follow up on recommendations is required to keep track of recommendations and their
addressing in specified time
26. A PHA Follow up Coordinator (Safety Advisor) is assigned who is also a member of
Manufacturing HSE
27. PHA follow up lists are issued monthly or through automated systems, e.g., e-mail database by
site Safety Advisor. Completed PHA recommendations are kept in a permanent file or on digital
database which is retained for the life of the facility
28. PHA recommendations / findings are periodically analyzed to determine if the same corrective
actions are frequently identified and, if so, practices, standards, procedures, or management
systems are changed to prevent recurring problems
29. Engineering Standards to be utilized for conducting PHA may be based on Exxon Basic Practices,
Engineering Standards / RAGAGEP (Recognized and Generally Accepted Good Engineering
Practices). In the design and engineering of new or modified facilities, these standards will be
complied with unless otherwise approved by Manufacturing HSE Chairman. Deviation from
these standards should be fully informed, understood, and authorized
30. Training of employees on the PHA methods would be conducted periodically and record of the
training to be kept
31. The site Safety Advisor is responsible for follow up risk analysis reviews related to Emergency
Preparedness
10
4.2 PHA Process Overview
When to conduct a PHA

• New facilities – Developmental / Basic Data / Pre -Authorization (scope of work)
• Cyclic PHA – For HHP 5 Years, For LHO Industry Practice or 10 Years
• Existing Facilities – Major Change in process or material
• Facilities Phase Out – Mothballing a unit or part of process
Planning and Preparing to Conduct a PHA

• Selecting the Team Leader and Training the Team Members
Define PHA Charter and Scope

• Include study timing requirements, process boundaries, expectati ons and any special
objectives
Team Preparation
• PSI package development required for PHA
• Operating procedures, conditions and process parameter limits
• Incident reports and previous PHAs
• PHA Team Organizational Meeting – working norms set
Team Responsibilities
• Keep management informed about progress
• Give priority to the PHA assignment
Start PHA Activities
Hazards Identification
• Field Tour
• Evaluate potential hazardous
Consequence Analysis
• Explosions, toxic release
Process Hazard Review

• Evaluation of harmful effects of each event
Human Factors, Facility Siting and Inherently Safer Processes

• Include all aspects of human interaction with work environment
• Evaluate existing site buildings to determine if they are adequa te
• Look for Inherently Safer Process
Develop PHA Recommendations

• Use Consequence of Hazard and Probability of Occurrence to Calcu late Riske using DuPont
Qualitative Risk Assessment Protocol
PHA Report and Presentation to Management
Recommendations Follow - up, Tracking, Monthly Stewardship
Closing Recommendations
11
SECTION - 5 WHEN TO CONDUCT A PHA
5.1 General
The processes have been divided into two main categories; which are Higher Hazard Process and
Lower Hazard Operations.
It is mandatory to conduct PHA of all the new projects and major modifications. These PHAs will
be conducted at, at-least two stages of the project.
5.2 Higher Hazard Process (HHP)
A Higher Hazard Process is any activity Manufacturing, Handling, Storing, or using Hazardous
substances (classified by OSHA / EPA) that, when released or ignited, can result in death or
irreversible human health effects, significant property or environmental damage, or off-site impacts
due to acute toxicity, flammability, explosivity, corrosivity, thermal instability, latent heat, or
compression. Also operations involving chemicals where runaway conditions would result in
container (vessel, tank etc.) failure are included in HHP.
Higher Hazard Process PHA is mandatory as per OSHA / EPA guideline. PHA must be conducted
on existing facilities as outlined in the OSHA and EPA regulations.
5.2.1 Examples of Higher Hazard Processes (HHP)
 Quantities of pressurized fuel gases  Flammables

 Combustibles over their flash point
 Explosives
 Combustible dust
 Highly acute and moderately acute toxicity materials
 Strong acids and caustics
5.3 Lower Hazard Operations (LHO)
A Lower Hazard Operation is an activity that exclusively manufactures, handles, stores or uses any
substance with low potential for death or irreversible human health effects, significant property or
environmental damage, or off-site impacts due to toxicity, asphyxiation, or mechanical hazards,
including stored energy. A Lower Hazard operation does not have much impact on Site or Offsite.
Lower Hazard Operation PHA is recommended but not mandatory.
5.3.1 Examples of Lower Hazard Operation (LHO)
17
 Combustibles maintained below their flash point

 Inert cryogenic gases
 Steam at all pressures except Boiler
 Fuel gases at less than 01 psig pressure
 Low acute toxicity materials
 Lesser quantities or concentrations of hazardous substances not posing a reasonable potential
for death or irreversible human health effects, significant property or environmental damage,
or off-site impacts
5.4 PHA Frequencies
PHA would be conducted on existing facilities that is consistent with the risk involved in the process.
The PHA would be considered as a base line PHA and after that it would be a cyclic review PHA.
5.4.1 Frequency of PHAs for HHP
The frequency of PHA of these processes must be conducted at a maximum interval of 05 years as
per OSHA and EPA regulations for processes containing listed Higher Hazard substances in
quantities above the listed threshold levels.
5.4.2 Frequency of PHAs for LHO
Following are some factors which shall be considered for defining LHOs frequency:
 PHAs of Lower Hazard Operation are done at an interval of 10 years or as per requirement
 PHA for LHO should be conducted at a frequency that is consistent with the risk involved
 The PHA frequency can be adjusted in-line with the industry wide practice
 Consideration should be given to reducing the review frequency to less than five years for
processes that experience many process safety incidents, have extreme hazards or are subject
to frequent significant change
5.5 When to Conduct a PHA
New process facilities require PHAs during various design and installation stages. Periodic PHAs for
existing facilities are necessary to protect against the serious hazards, which may infiltrate a process
as the equipment ages and the process or its operation changes over the years.
 New Projects / Facilities

 Developmental / Basic Data (Screening Process Hazard Review)
18
 Pre-Authorization (Scope of Work)
 Design Review (Detailed PHA)
 Base Line PHA
Note: It is recommended to conduct PHA on Developmental / Basic Data and

Preauthorization stages but not mandatory.
 Existing Facilities
 Cyclic PHA
 Modification or Significant Changes (as judged by Sub HSE (P, M, IE, E&IH etc.)
 Mothballing of Process Facilities
 Dismantling of Process Facilities
5.6 New Projects / Facilities
5.6.1 Developmental / Basic Data (Screening Process Hazard Review)
Preferably the first PHA should be conducted while experimental work is in process. These reviews
are used to evaluate risks of the process being developed, and guide the development toward an
inherently safer process.
PHAs should also be conducted during the basic data stage of a project, when the proposed process
and equipment are still in the conceptual stage. At this time, it is appropriate to challenge why a
particular hazardous operation or material is being used and why other less hazardous alternatives
are not being considered.
5.6.2 Pre-Authorization (Scope of Work)
At this stage of a project, design is 10 to 40 percent complete; conceptually, the design is starting
to gel. Since the project has not been authorized yet, it is an appropriate time to conduct a
comprehensive PHA to identify hazards. This analysis can crystallize the design team's understanding
of the hazards still present. The objective of this review is to ensure that appropriate hazard control
features are included in the design and in the project estimate.
Typically, this review will use methods that are less rigorous than those in the subsequent design
review. It must address, however, those hazards which could have a significant effect on the project
cost, such as size and location of storage facilities for hazardous materials and the safety systems
needed for safe operation.
5.6.3 Design Review (Detailed PHA)
19
The objective of this review is to ensure that appropriate hazard control features are included in
the design and in the project estimate.
Once a project is authorized, the conceptual features provided in the DBM become a firm design.
At the design stage of the project, a PHA is conducted to further define the hazards relative to the
particular process. This review usually focuses on the design being developed and on the design
decisions to be made. Accordingly, the design PHAs typically focus on the P&IDs and on detailed
equipment design drawings. The recommendations from this PHA define any additional safety
features needed to ensure safe operation of the process.
5.6.4 Base Line PHA
The baseline PHA (Pre-start up OR first PHA of an existing facility) is the design review of the
process and is intended to serve as the foundation for future cyclic PHAs. The baseline PHA must
be very thorough, intensive, systematic and complete. It must be based on an up-to-date Process
Safety Information package. It should also include review of operating procedures / instructions.
In processes where the potential for a catastrophic incident exists, the risk assessment, or
consequence analysis, requires an exact definition of the potential catastrophic incident. The study
may also require downwind dispersion analysis (for toxic gas releases) and a community impact
analysis. The result of the study is the quantification of the impact of this catastrophic incident.
The base line PHA stage is more appropriately a “checkpoint” stage where all of the health, safety
and hazard analysis efforts are checked for accuracy, thoroughness, completeness and whether
there has been follow up of recommendations made in the previous hazard review(s).
For new facilities with significant changes during the startup that could affect process safety, a
revalidation of the baseline PHA should be done within a year of startup, or sooner.
5.7 Existing Facilities
5.7.1 Cyclic PHA
A Cyclic PHA is a revalidation PHA and is based on review of the baseline PHA and subsequent
PHAs. The cyclic PHA must include a review of the recommendations to make sure that the
previous considerations and conclusions still apply and are accurate.
It also reviews any modifications / changes in the equipment, process conditions or procedures. If
a significant change has occurred, then a new baseline PHA must be conducted. Revalidation
protocol for cyclic PHA is given in the PHA Resource Material Section 16.
The cyclic review also determines whether additional considerations are appropriate for any
changes made in the materials, processing conditions, or new information developed for the system.
 Hazards and hazardous events characterizations.
20
 Incidents and process changes since the last review.
 Engineering and administrative controls still in place.
 Consequence analysis changes.
 Facility siting.
 Human factors.
 New technology.
 Inherently safer process.
5.7.2 Revalidation PHA
All Cyclic PHAs must be evaluated to determine if a PHA revalidation can be done. A revalidation
can significantly reduce the PHA team’s effort, while still producing a quality PHA.
A revalidation PHA must be considered in following cases:
 The previous PHA no longer meets the needs or requirements of the program
 There are significant opportunities to improve the PHA
 For new facilities with significant changes during start-up that could affect process safety, a
revalidation of the baseline PHA shall be done within one year of start-up.
Note: A new base line PHA, using appropriate methodology, shall be conducted. If the
previous PHA is judged to be valid, then revalidation is appropriate.
A cyclic PHA starts with a review of the baseline and subsequent PHAs. This review must include
examination of all the elements in these PHAs.
Multi-disciplined PHA teams meeting the same criteria listed in the procedure must conduct PHA
revalidations. PHA revalidations shall be documented as outlined in PHA procedure, but where the
prior report is adequate, the new section shall be a statement that the prior report was found
adequate. For minor upgrades, the revalidation report shall state that the prior report was adequate,
except for the stated new information.
5.7.2.i Revalidation Protocol for Cyclic PHAs
The revalidation activities shall be based on evaluation of previous study in following aspects:
 A review of the listed hazards and hazardous events – Are all hazards included? Are all hazards
still appropriately defined and characterized?
 Application of an approved PHA methodology – Was the prior methodology applied correctly?
Were the conclusions correct?
 Identification of any incidents since the previous review that will have potential for catastrophic
consequences.
21
 Engineering and administrative controls to prevent or mitigate catastrophic consequences – Are
all controls still in place? Are there any revisions since the previous PHA?
 Consequence Analysis (CA) – Is the analysis still valid? Are the consequences properly
identified? Are the mitigating factors still in place?
 Facility Siting – Are there any changes in process that would affect siting? Any change in
population that would affect siting? Are the previous conclusions correct?
 Human Factors – Are there any changes in controls or personnel that would affect prior
conclusions?
 Inherently Safer Processes (ISP) – Are there any new considerations / recommendations to
make the process inherently safer?
 A review of all process changes made since the previous PHA – What are the safety implications
of each change and how can individual changes interact to create new hazards?
 A review of all the process test reports issued since the last PHA – Were new process safety
implications discovered?
5.7.3 Facilities Modifications PHA
At times some modifications would be complex and would require utilization of multi-discipline
teams to conduct a PHA. This PHA should be done before approving the modification. The lead to
conduct such a PHA would be with the Process Engineering Manager, Safety Advisor and Sub HSE
(P) Chairman.
All modifications should be reviewed from Hazards point of view. To ensure this aspect, HSE
checklist should be filled and attached with all the process specification. The Sub HSE (P) would
ensure that all the safety related issues are addressed before approving any process specification.
Mechanical, I&E, Environment and Industrial Hygiene related modifications to be reviewed in the
respective Sub HSEs to ensure safety aspects have been properly addressed.
5.8 Mothballing / Dismantling of Process Facilities
To mothball or dismantle a process facility in a safe manner, a PHA is recommended.
5.9 Other Areas
Other areas that may require PHAs include the following:

 Any change requiring a Management of Change authorization - the decision on PHA may be
taken by process Sub HSE (P, M, I&E, E&IH).
 Storage facilities
 Laboratories
 Serious process incidents, and
 Existing lower hazard operations
22
5.10 Process Units Division and Classification for PHAs
For existing chemical operations, the processes should be broken into logical blocks that can be
analyzed in a reasonable period of time by an ad hoc team of at least 5 people, assigned to do this
in addition to their usual job.
5.10.1 Area Classification on the Basis of Hazard
To define the nature of hazards of different processes, all sections / posts of Ammonia, Urea and
Utilities Unit have been reviewed and checked for classification as per OSHA / EPA guidelines and
the definition used by DuPont for Higher Hazard Process (HHP) and Lower Hazard Operation
(LHO).
The frequency for different categories of PHA has been set in such a way to ensure the compliance
of OSHA / DuPont standard for Higher Hazard Process, as for the other two categories the
frequency has been set looking at the Site’s capability and previous track record. The PHA
frequencies are given below:
 HHP 5 Years (OSHA / EPA standard compliant)

 LHO 10 Years or as per industry practice or risk
Involved
 Control and Electrical Systems Once after installation. (Cyclic review after any major
hardware up-rate)
Classification of different sections / posts of the Plant is given below:
Higher Lower Control &

Unit / Section Hazard Hazard Electrical
Process Operation System
Ammonia:
- Reforming - -
- Purification - -
- Compressors - -
- Synthesis
- Ammonia Storage - -
- DCS & Electrical Distribution - -
Urea :
- HP Section - -
- MP / LP Section - -
- CO2 Compressors - -
- Vacuum / Prilling Section - -
- DCS, & Electrical Distribution - -
23
Utilities :
- Acid / Caustic unloading facility - -
- Steam Generation - -
- Lime Soften Unit / Off-Site - -
- Water Treatment - -
- Power Generation - -
- Cooling Water System - -
- DCS, ESD, BMS & Electrical Distribution - -
24
SECTION - 6 PHA PLANNING AND TEAM PREPARATIONS
A PHA is lengthy activity and must be done in segments. Also team preparations, training and
development of PSI (Process Safety Information) package are vital tools for this critical activity.
6.1 Management Responsibility for PHA Activity
The Production Unit Manager or PHA team leader must prepare and issue a charter to the PHA
team that defines the PHA team’s responsibilities, tasks and the objectives. The charter shall be
endorsed by Site HSE advisor and approved by Production Manager.
The charter should at least include:
 Team and Its Responsibilities

 Study-timing requirements
 Process boundaries (In Scope / Out Scope)
 PHE techniques & other tools like HRA, EIA etc.
 Any special objectives e.g. why safety incidents are high on this particular post or unit
6.1.1 Team Selection
1. Sub HSE (P) chairman selects the PHA team leader with the help of area Unit Manager and site
Safety Advisor. The operations Unit Manager of that specific unit and Safety Advisor are
responsible for ensuring that the Team Leader is qualified to lead a PHA.
2. PHA team leader then helps Sub HSE (P) chairman / area Unit Manager in selecting team
members, and their PHA training
3. Area Unit Manager and Sub HSE (P) chairman shall adjust assignment priorities to provide
adequate resources and time for the study
4. The selection of the team members must be based on the skills needed for planned studies
6.2 Team Formation

6.2.1 Team Leader
The team leader should be a good listener, a good organizer, good at handling an ad hoc committee
made up of people from different background and assignments and shall have good leadership skills.
The team leader should be technically trained on PHA technique. The leader does not have to be
familiar with the process to be studied, but should be skilled in applying the hazard review method
to be used.
6.2.2 PHA Team Leader Minimum Requirements
 Multiple day DuPont PHA Course on PHA methodology or

 Non-DuPont PHA course specific to the methodology to be used in the review,
supplemented with on-the-job training by site Safety Advisor or
 As a minimum, ½ day PHA course presented by Safety Advisor or his designate. It is also
recommended that the nominated leader has participated in any PHA prior to leading a PHA
 Minimum Experience Required : 07 Years
6.2.3 PHA Team Membership
The team members must represent a cross section of the disciplines involved in designing and
running the process. It is extremely important to put the most experienced and knowledgeable
resource for this activity as inexperienced team tends to conduct a poor quality PHA.
The team should contain people from 1st line supervisors and the operating levels, operator and
boardman. The team should consist of six permanent members. Typically, the team should have
people from Production (Engineer, Supervisor, Boardman, and Operators etc.), Process, Projects,
Safety, Maintenance, Inspection, Machinery, I&E, Projects etc.
The membership must include individuals with the following skills:
 Knowledgeable of the basic technology involved in the operation of the process and
equipment as well as the equipment design
 Hands-on operating experience in the process or system. This experience involves knowing
how the process actually operates, as opposed to how it was intended to operate
 Hands-on maintenance experience in the process or system. This experience involves
knowing how the facilities are actually maintained, as opposed to how they are intended to
be maintained
 One team member / team leader who is knowledgeable in the specific PHA method being
used
 Other appropriate knowledge or expertise needed to accomplish the aims of the study.
Experts in specific disciplines, not available in the team can be called in as part time resources
for the team
 External safety / technical resources shall be considered when site existing resources
capabilities are limited, e.g., addition of new materials during new unit / plant installation
 Minimum Experience Required : 03 Years
6.2.4 Full Time Members
26
A typical PHA team would have the following membership:
 PHA team leader (qualified in PHA technique)
 Operations Engineer
 Process Engineer
 Project Engineer
 Boardman and Area Operator(s)
 Maintenance Engineer
 Safety Engineer
6.2.5 Part Time Members (As per requirement)
 Inspection Engineer
 I&E Engineer
 Machinery Engineer
6.3 Team Charter or Scope
At least 02 weeks before the start of each PHA, the PHA team shall be selected and the Charter
letter issued.
6.4 Team Preparations to Conduct a PHA
6.4.1 PHA Charter – Team Discussion and Understanding
The team leader must review the charter with the team and discuss the expectations for
understanding. A Production Unit Manager or Production Manager / Sub HSE(P) chairman should
be present to resolve any questions concerning the scope of the study.
6.4.2 PHA Team Organizational Meeting
The first team meeting is usually called the organizational meeting, where the task to be done is
outlined and agreement is reached on how to proceed. At the organizational meeting, the PHA
team should develop:
 A plan for conducting the study

 Team members assignments
 Set an overall timeline for completing the study
27
Members should reach agreement on the meeting schedule, clearly defining the meeting days and
times so that everyone will be present at the meetings.
6.4.3 Process Safety Information Package
Process Safety Information Package should be distributed at the meeting for the team members to
study to increase their understanding of the process. The information should be reviewed by each
team member before the first review meeting so that they are able to actively participate in the
identification of hazards.
The PSI package must be correct and up-to-date before the PHA is begun. The process safety
information (PSI) package defines the hazards of the materials, process design basis and the
equipment design basis. Other information that should be collected for review and used during the
PHA includes (but is not limited to) the following:
 MSDS for the substances in the process

 Operating conditions and safe limits
 Operating procedures / instructions
 Consequences of operating outside the limits
 Piping and instrument diagrams (P&IDs)
 Equipment design basis. (Specification sheets of vessels, pumps & piping classification)
 Management of change documents since prior PHA review. (Process / Design Specification)
 Serious incident reports since prior review
 Previous PHAs
 If serious deficiencies exist in the PSI package, the PHA team must stop work, report the
problem to the site leadership and request that the information be updated and the PHA goal
completion dates be revised as needed
 If during the course of conducting its process study, the PHA team determines or finds any
inconsistency with the site / project designation of Safety Critical components, equipment or
systems (see PSI requirements), they shall document that finding as a recommendation of the
PHA
Note: P&IDs of the process block under review must be field verified to ensure their
“As Built” status.
6.4.4 Process Description Overview
The process is explained by one of the team members, or a process expert, to provide background
for those not familiar with the process. The team can also ask questions to clarify any details on
how the process operates.
28
6.5 PHA Team Responsibilities
6.5.1 PHA Leader

PHA leader is responsible for following:
 Organizes the PSI package and other resources needed and sets the agenda for the meetings.
Any major deficiencies shall be reported to Production Manager for existing facility and Project
Manager of expansion or new facility
 Ensures that adequate team members are maintained during the course of the PHA activities 
Keeps the study moving and on track to finish in a reasonable time, as pre-decided.
 Ensures that the final report is completed on schedule
 Keeps the Safety Advisor and operations Unit Manager, well informed about the PHA team
meetings
 Keeps the Production Manager, operations Unit Manager and site Safety Advisor informed about
PHA proceedings
 Assigns various responsibilities to PHA team e.g., scribers, report writer etc.
6.5.2 Team Members
All regular team members must give priority to the PHA assignment, participate in meetings and
tour the facilities periodically to enhance their understanding of equipment, piping, controls,
procedures, tasks, consequences of upsets and failure events and so on.
To ensure that the PHA is thorough and consistent with the charter, the PHA team should focus
on recommendations relating to Safety, Loss of Containment, Fire Hazard, Environmental Aspects
and Inherently Safer Operation. It is important to keep focus on the above-mentioned areas and
not to generate unnecessary recommendations.
Scribe must capture the true essence of the points being highlighted and keep detailed notes of
the meeting, listing the items covered.
6.6 Team Training
The PHA team leader and team members must be selected and trained.
Adequate training of the PHA study team must be done to ensure a high quality analysis of the
process hazards. Training is most effective when provided shortly before the beginning of the
study.
Team training requirements typically include a team resource, or leader, with in-depth knowledge
of the PHA methodology to be used and experience in applying the method. Team members
should receive overview training in the PHA procedure and application of the methodology
selected for the review. This training can be provided in a ½ day training session by a resource
with knowledge and experience in the method.
Site safety training plan should ensure that adequate resources are put through a formal Process
Hazard Analysis & Consequence Analysis courses. A list of these individuals is to be maintained by
the Safety Section.
29
SECTION - 7 HAZARD IDENTIFICATION AND FIELD TOUR
7.1 Hazards Identification
Process hazards must be identified and listed in the initial stages of the PHA. These hazards are
inherent and unique to the specific chemicals and process conditions under review. They are
generally hazards having the potential for explosion, fire, large toxic release or irreversible human
health effects. The list of hazards is used during the PHA to help focus the discussion and shall be
included in the final PHA report and in communication of the hazards to the affected personnel.
7.2 Field Tour
The PHA team must conduct a field tour of the facility being studied. The team member with hands-
on experience should serve as the guide. The tour gives the team a clear picture of the process and
the layout. The team can begin to develop the list of hazards during the tour and can discuss the
process with the operating people in the field. On the tour, the team should compare the facilities
with the piping and instrument drawings to be satisfied that the drawings are up-todate.
A typical field tour may take 4 hours to one day.
Note: Field tour for Developmental / Basic Data, Pre-Authorization or Design Stage
PHA is not possible. However, team shall review the site, surrounding
community, geography, topology etc. at such stages.
30
SECTION - 8 CONSEQUENCE ANALYSIS
Consequence analysis consists of evaluating the undesirable impact of potential hazardous events,
such as fires, explosions, and toxic releases resulting from the loss of engineering and / or
administrative controls for the process.
This evaluation includes:

 Estimating release amounts and conditions
 Evaluating consequences on affected areas
 Determining resulting health, safety, and environmental effects
The PHA team is required to conduct consequence analysis if the process is Higher Hazard Process
(HHP).
Note: Details on the consequence analysis techniques are available in the PHA Manual.
8.1 Purpose of Consequence Analysis
The purpose of the consequence analysis is to help the PHA team understand the type, severity,
and number of potential injuries, property damage, and significant environmental effects both on-
and off-site.
Consequence analysis is typically carried out in following applications:

 In a PHA to evaluate either on-site & off-site impacts
 As part of facility siting study to determine the impacts on buildings
 As a means of classifying process areas as high-hazard process (HHP) or lower-hazard
operations (LHO).
 As an aid for developing emergency response plans or drills (both for on-site & off-site planning)
8.2 Consequence Analysis Scenarios
The PHA team must identify and understand the consequences of a wide range of possible
hazardous events associated with the process. The following information should be considered in
the consequence analysis:
 Type of event possible, such as fire, explosion, or toxic release due to mechanical failure, flanges,
man ways and other fittings
 An estimate of the potential release quantities, including worst case scenario
 Consequences of the event, such as estimates of distances to different levels of concern (ERPG-
1, 2 or 3) based on toxic concentrations, thermal effects, overpressure, or significant
environmental effects
31
 Safety and health effects to personnel on-site and in the community; the type and severity of
potential injuries should also be estimated
These hypothetical incidents are analyzed for consequences independent of their probability of
occurrence.
8.2.1 Worst-Case Scenario
Consequence analysis starts with a review of the facilities and activities within the area to be studied
in the PHA.
 The first scenario to be identified is usually the worst-case, which is defined in the EPA regulation
as the release of a regulated substance from the largest vessel or a high-flow process line failure
 Administrative controls and passive mitigation that limit the total quantity involved, or the
release rate, can be taken into account. For toxic gases, the worst-case release scenario assumes
that the quantity is released from the vessel in 10 minutes, per the EPA regulation.
 For liquids, the scenario assumes an instantaneous spill; the release rate to the air is the
volatilization rate from a pool 1 cm deep, unless passive mitigation systems contain the substance
in a smaller area.
 For flammables, the worst-case scenario assumes an instantaneous release and a vapor cloud
explosion. In addition to the worst-case scenario, alternative scenarios are to be considered.
 The EPA regulation requires at least one alternative scenario for each toxic substance and at
least one alternative scenario to represent all flammable substance held in covered processes at
the source.
 A qualitative review of these hazardous impacts is acceptable if the effects are confined to the
site, and is all that is required by OSHA. If the impact could extend offsite, a more quantitative
analysis may be useful, and is required if the substance involved is listed in the EPA regulation
(see PHA Resource Manual Sections 4 and 5)
8.2.2 Estimating Area Affected by the Accidental Toxic Release
 The area affected by the accidental release is determined by estimating the distance from the
source of the release to an endpoint where the adverse effects can be tolerated.
 The endpoint concentration for a toxic substance is its Emergency Response Planning
Guideline level-2 (ERPG 2), which was developed by the American Industrial Hygiene
Association (AIHA).
 Endpoints equivalent to ERPG-2s are tabulated for covered substances in the EPA regulation.
For flammables, vapor cloud explosion distances are based on an overpressure of 1 psig; for
alternative flammable releases, radiant heat distances are an exposure of 5 kilowatts per square
meter for 40 seconds. Atmospheric conditions for the worst case are specified at 2 meter per
second wind speed and a very stable atmosphere.
 For EPA hazard assessment, populations potentially affected are defined as those within a circle
that has as its center as the point of release and its radius the distance to the toxic or flammable
endpoint.
 List the residential population in the circle within two significant figures.
32
 Also, list the presence of schools, hospitals, other institutions, public areas, and recreational
areas. Large commercial and industrial developments that can be identified on street maps within
the circle must be noted, but the number of people occupying them need not be enumerated.
 Quantitative estimates of consequences must be made when injuries, major property damage
or significant environmental effects are possible at off-site locations.
8.2.3 Estimating Area Affected by Fire
The area affected by the accidental release is determined by estimating the intensity of heat from
the source of fire to an endpoint where the adverse effects can be tolerated, expressed as thermal
exposure level of concern. An appropriate initial criterion for estimating possible fire exposure
injury is 3000 Btu/(hr)(ft2). At this radiation level, escape within 20 seconds can prevent burn
injuries, and most combustible materials do not ignite, even after prolonged exposure. Typical
thermal exposure levels of concern include the following:
 3000 Btu/(hr)(ft2) – Human Escape in 20 sec

 4000 Btu/(hr)(ft2) – Wood surface ignite
 12000 Btu/(hr)(ft2) – Major equipment damage
8.2.4 Estimating Area Affected by Explosions
Large explosion may result in damage to building / structures. Impact of an explosion is estimated
by overpressure at an endpoint where adverse effects can be tolerated. Typical overpressures of
interest are the following:
 0.3 psi – onset of structural damage; 10% of window glass breaks
 0.5 psi – minor to light building damage
 1.0 psi – people can be knocked down; the potential for building damage and flying glass with
potential for severe lacerations
 2.0 psi - threshold of eardrum rupture
 5.0 psi – threshold of lung damage
Actual impact on building is also a function of the impulse of an explosion, the orientation of building
surfaces to pressure wave, and the specific type of building construction.
Note: Analysis of toxic releases / fires & explosion should be carried out by individual
with appropriate training on toxic release mapping / explosion impact assessment.
8.3 Quantitative Consequence Analysis Procedure
After the initial evaluation of hazardous event scenarios, a subset of events should be selected for
detailed quantitative evaluation. Quantitative Consequence Analysis must be done for all events
that may have off-site impact events or may result in significant on-site impact. An example of
such a situation might be a vapor cloud explosion that could lead to building damage, injuries,
fatalities, and major business impact.
33
Complete quantitative evaluation of release scenarios can be a complex task that involves such
considerations as aerosol formation, gas momentum effects, instantaneous releases, phase
changes, thermodynamic interactions with the atmosphere, and transient flow. For initial
consequence estimates, it is appropriate to make conservative assumptions by over-predicting the
consequences.
For example, toxic gas and flammable vapors generally have the largest consequences when:
 Released at or near ground level
 Conditions that produce high vapor and aerosol generation rates exist
 Release temperatures and pressures (maximum or minimum, depending on the chemical) of the
stored material can enhance the rate of vapor cloud generation
Release conditions that increase the gas density are conservative, because the denser the gas, the
slower it disperses in air. For releases of pressurized liquefied gases that flash at ambient
temperatures, it is conservative to assume that all of the liquid remaining after the flash forms a
stable aerosol and does not deposit out as rain or form a pool.
After developing an initial set of conservatively estimated release scenarios, appropriate modeling
tools can be used to estimate the toxic and flammable consequences in accordance with the
consequence evaluation criteria described previously. For consequence estimation, the PHA
Resources Manual should be used to help ensure consistency.
Consequence estimates should meet each of the following criteria:

 They should be prepared in a manner that can be substantiated
 They should be technically consistent with established methods that are widely accepted by
experts
 They should err on the conservative side by over-predicting the consequences
It is important to note that over-prediction could lead to unrealistic public concern or

unwarranted and possibly unsafe large-scale evacuation planning. In these cases, decisions should
be made based on proper understanding of the risk, not just the consequences.
Note: Quantitative CA should be done by personnel that have been trained and
qualified to do the analysis.
8.4 Consequences Analysis Activity

The following is an overview of the typical CA activity flow that should be followed:
1. Define the purpose, scope, and resource requirements for the CA
2. Define the approximate range of hazardous events, assuming failure of all engineering and
administrative controls
3. Conduct initial evaluation of scenarios:
a. Determine whether the potentially catastrophic failure scenarios involve serious on-site or
off-site consequences
34
b. Identify a more thorough set of hazardous events; consider the appropriateness of including
additional scenarios based on a more precise estimation of event parameters
c. Qualitatively assess the consequences for the events. Use the results to determine the
potential impact, including estimated release quantities, area affected, and safety and health
effects, on
 Exposed personnel, on-site and off-site
 On-site and off-site facilities
 Shelter-in-place facilities
 Process-critical equipment
d. If the potential consequences are not clear, even after the event scenarios have been
finetuned, then determine if a limited or more extensive quantitative analysis is required.
4. Conduct a quantitative CA. The following is an overview of the procedure for conducting a
quantitative CA:
 Select scenarios (e.g., from PHA hazards identification or other studies) addressing a
complete range of possible release events (i.e., small, medium, large, and catastrophic
failures)
 Evaluate each scenario in accordance with the DuPont Consequence Analysis Technical
Guidance Manuals2, 3 and / or DuET Process Safety and Fire Protection guidance
 Determine for each scenario the potential on-site and off-site impact of events (e.g.,
releases, fires, or explosions) on personnel, occupied facilities, and critical equipment
identified as a line of defense
5. Summarize the findings for use in
 Hazards evaluation when determining the risk of the scenario and any appropriate risk
mitigation
 Facility siting or other PHA activities, as appropriate
 Site emergency response planning
35
SECTION - 9 PROCESS HAZARD REVIEW / EVALUATION
The PHA team must apply appropriate hazard review methods to the process under review to
identify each hazardous event, the significant existing lines of defense and to evaluate the
effectiveness of these lines of defense.
9.1 Process Hazard Review (PHR) Techniques
The four methods recommended for the Hazard Reviews are described below. The priority of
methods shall be What If / Checklist; next method to be used are HAZOP and Failure Mode &
Effect Analysis and finally the Fault Tree Analysis. A typical cyclic Process Hazard Review step may
take 3 to 5 days. Following are four PHR techniques to be used for hazard evaluation:
9.1.1 What If / Checklist Method
This is the foundation method and should be used in the first review of almost any process. The
method allows the team to brainstorm situations (what if’s) that might lead to hazardous events.
After brainstorming, a checklist is used to trigger thoughts about situations that may have been
overlooked. The OSHA and EPA regulations allow the use of either What If (brainstorming) or the
Checklist as separate methods as well as in combination. The combination of the two is
recommended for best results. What If / Checklist is given in the PHA and its resource Manual.
9.1.2 Hazard and Operability (HAZOP) Method
This method addresses deviations in the operating parameters in the system and whether these
deviations will produce a hazardous effect. All possible deviations are studied in a rigorous fashion
and if required using guide words to suggest possible deviations for each parameter. The team
decides whether deviations will result in hazardous consequences. Details are available in PHA and
its resource Manual.
There are advantages to using different methods of process hazards identification on the same
process or project. Each method addresses hazards differently. When the What If / Checklist
method is used with HAZOP, the two complement each other and strengthen the accuracy of the
overall PHA.
9.1.3 Fault Tree Analysis

This method focuses on one pre-selected undesirable consequence (top event) and the
combination of sub-events that must occur to produce this top event. The sub-events are arranged
in a logic diagram and probabilities of the sub-events are assigned. The probability of the top event’s
occurrence can then be calculated. This method will be used for analyzing the major safety incidents
relating to the respective process block. Details are available in PHA and its resource Manual.
9.1.4 Failure Mode and Effect Analysis (FMEA)
36
This method focuses on the failure of each of the components in the system (transmitters,
controller, valve, etc.). The team assesses the effects of the component failures and prioritizes the
hazards, using a semi quantitative ranking. This method will be used for hazard analysis of the control
systems. Details are available in PHA and its resource Manual.
9.2 PHR Methods to be Used for HHP and LHO

Different methods of PHA have to be used for conducting hazard analysis. Below a chart has been
developed to give guidance for using different methods in a number of cases. This is the minimum
requirement, however, Sub-HSE (P) can always ask for use of more hazard analysis methods if
required:
Method to be Used
Consequence
Case What If/ Fault Tree
Analysis
HAZOP FMEA
Checklist Analysis
Existing Facilities:
- HHP -
- LHO - -
Major Project:
- Developmental/
- - - -
Basic Data
- Pre-authorization
- - - -
(Scope of work)
- Design Stage - -
(Only for HHP)
- Base Line/Prestartup -
-
Stage
Modifications:
- Major - - - -
- Minor - - * - -
Control & Electrical System
- Existing - -
- New Project - - -
* : Health, Safety and Environment Design Checklist used with the Sub HSE is adequate enough.
37
9.3 Human Factor Checklist
Human factors include all aspects of how humans interact with their work environment, in both
routine and non-routine situations. Human factors primarily concern the interaction between
human and the equipment, systems and information in their work environment. The PHA deals with
various aspects of these interactions given below:
9.3.1 Physical Aspects
Human size and strength relative to the equipment design and layout
9.3.2 Cognitive Aspects
Human intellectual capabilities for gathering, processing, and acting on information.
The PHA team is required to address human factors if the process is an HHP or is covered by the
OSHA or EPA regulation. However, human factors are also an important consideration for Lower
Hazard Operations. The focus of the PHA is to identify areas where human error is likely and
recommend changes to minimize those errors. Situations where human errors are likely may
involve one or more of the following:
 Deficient procedures or procedural violation

 Inadequate, inoperative, or misleading instrumentation
 Poor layout or design of controls
 Poor task design (e.g., excessive mental tasks or extend periods of uneventful activity)
 Poor communications
 Conflicting priorities
 Causing fatigue and stress to individuals
A human factor checklist is available in the PHA and its resource Manual.
9.3.3 Areas for consideration
Human factors come into play in a number of areas covered by the various elements of a
comprehensive PSM system. The PHA team should be aware of these areas when attempting to
identify human factors issues. The PHA is not the time, however, for a complete human factors
analysis of all the PSM elements. The following are some of the more significant areas:
• Ergonomics: In this context, the term “ergonomics” does not refer to the likelihood of
strain or cumulative-trauma injury. Instead, a key consideration is the accessibility of
emergency controls and equipment. Physical issues (i.e., traditional ergonomics) can come
38
into play if emergency controls call for great strength, dexterity, or size to access and
operate successfully.
• Emergency Access: Questions that the PHA team should consider include the following:
Can emergency shutdown manual valves or emergency stop push buttons be accessed
quickly in an emergency? Does a hazardous situation hinder or prevent access to key
controls?
• The HMI: Another important human factors issue is the clarity of the design of panel boards
and video display terminals. Are emergency controls clearly marked? Is emergency activation
straightforward or complex? Can emergency or important controls be confused with others
in close proximity? Is color coding used in a way that color-blindness of personnel could
become an issue? Both familiarity (i.e., boredom) and extreme anxiety (i.e., panic) vastly
increase the chance of errors being made. Design of controls should take these factors into
consideration.
• Distractions: The team should evaluate what the work environment is like under routine
conditions and what it might be like in an emergency. Are trivial or nuisance alarms in close
proximity to critical ones, so they are likely to be ignored? Can information overload take
place in an emergency? The number of specified tasks, the work schedule, and likely response
time should be considered.
• Training, skill, and performance: The PHA team should consider the effectiveness of
personnel training to deal with unusual and emergency situations. How effective is the
program, and what actions are taken to remediate sub-par performance? If critical
emergency procedures exist, are there drills to gauge how well they work in practice? Have
work schedules or forced overtime situations produced excessive fatigue in the work force
that might impair performance in critical situations?
• Turnover: The rate and management of personnel turnover is a key factor in determining
human reliability. The PHA team should consider the rate of turnover in key operating and
supervisory levels and the quality and timeliness of training new people.
• Operating procedures: The accuracy of OP’s is generally related to human performance.

Operating procedures linked to hazardous event situations should be reviewed for
procedure accuracy and evaluated for user friendliness. Emergency procedures should be
clear, explicit, quick, and easy to locate. Are there procedures to deal with the loss of all
HMIs?
• Maintenance procedures: Inaccurate or unclear maintenance procedures can be a source

of situations in which human error is likely. Maintenance procedures involving process
safety-critical equipment linked to hazardous event scenarios should be reviewed for
adequacy.
9.4 Facility Siting
39
Many processes contain one or more hazardous materials or conditions that could, in the event of
an incident, result in a fire, explosion, or toxic gas release. This may affect a building, its occupants,
or its housed function. Buildings should have attributes that can withstand the effects of such events
(e.g. the strength to withstand the overpressure from an explosion or the fire retardance to
withstand a fire) to protect the occupants or the function that the buildings house.
Facility siting must be considered in process hazards analyses for Higher Hazard Processes and for
processes covered by the OSHA regulation.
Of particular interest are those facilities that can aggravate or magnify a realized hazard. An example
would be damage of a motor control center for fire water pumps caused by an explosion. Another
example would be fatal injuries to people eating lunch in a local area lunchroom when a process
fire trapped them in the room.
Through the application of PHA, it is possible to identify significant process hazards and to evaluate
the various event sequences that could lead to a fire, explosion, or toxic release. Qualitative &
Quantitative Consequence Analysis estimate the magnitude of these events and where warranted,
a frequency analysis provides techniques for estimating their likelihood. These techniques provide
the means for evaluating potential risk posed by the process activities to the building occupants and
to the function of the facility.
Siting evaluations involve the reconciliation of a number of factors, including

 The type of event (i.e. fire, explosion, or toxic release)
 Building distance from the event
 The building’s design (i.e. dimensions and materials of construction)
 The building’s occupancy level and function
 The operation, economic, or engineering considerations associated with more remotely
situated buildings
 The likelihood and degree of damage (i.e. the risk) to which the buildings and its occupants
are exposed.
9.4.1 Evaluation of existing buildings
9.4.1.i Frequency
Areas / Units classified as HHP shall evaluate all building, including temporary structures (e.g. trailers,
cabins etc.) that fall under the scope of this standard at a frequency not to exceed once every five
years
9.4.1.ii Evaluation of buildings
All facility siting evaluations shall be conducted in accordance with the general methodology outlined
in Appendix A.
9.4.1.iii Modification in existing buildings

All modifications to buildings located in the HHP units / areas shall be evaluated to determine
whether they affect previously conducted facility siting evaluations. Such effects shall be addressed
and documented as part of MOC documentation.
40
9.4.2 Design & Siting of new buildings
9.4.2.i Scope
All new buildings constructed in HHP units / areas including temporary structures (e.g. trailers,
cabins) shall be evaluated against possible catastrophic events and designed so as to protect the
occupants.
9.4.2.ii Evaluation of buildings

All evaluations shall be conducted in accordance with the general methodology outlined in Appendix
A.
9.4.2.iii Additional considerations

Buildings intended to house personnel or critical functions within fire hazard zones should be fire
resistant. Exterior wall facing the fire hazard should have a fire-resistance rating of at least 30 min.
the building roof should have a fire-resistance rating of at least 30 min, where the exposure of
building roof is credible. Exists should be arranged in a manner that is sufficient in number to permit
occupants to evacuate from the fire hazard and move to safe location.
9.5 Inherently Safer Processes
In a PHR, consideration should be given to how to make the process inherently safer by eliminating
or minimizing hazards (required for HHPs). The What If / Checklist method is the best format for
this type of consideration, since the FMEA and HAZOP methods assume the process is safe if
operated as designed.
Examples of changes (recommendations) that could make a process inherently safer are listed
below:
1. Intensification – Minimize the quantities of hazardous material (e.g., make and immediately
consume a toxic intermediate to limit the quantity in the process).
2. Substitution – Replace hazardous materials with less hazardous materials
3. Attenuation – Use less hazardous processing conditions (e.g., lower temperature and / or
pressure)
4. Limitation – Design the equipment to limit the impact of a hazardous event (e.g., design vessel
to contain the highest pressure that could be reached in a decomposition or runaway reaction)
5. Simplification – Design facilities so that operating errors are less likely and facilities are forgiving
of errors that are made.
PHRs during the development stage of a new operation provide the most opportunities to make
changes that will lead to inherently safer processes. Once a facility is constructed and in operation,
the range of feasible options becomes more constrained. Nevertheless, a careful examination of the
entire process (looking at feedstock, processing and reaction systems, inprocess inventories,
41
location of equipment and piping, etc.) may result in identification of some inherently safer options.
Some of these concepts can be referred to the research and development organization for potential
incorporation in future versions of the process. For additional information, see the discussion on
Inherently Safer Processes in PHA and its Resource Manual.
42
SECTION - 10 RISK SCORING AND RECOMMENDATIONS
10.1 Hazard / Risk Evaluation Requirements
For each hazardous event identified, the PHA team shall document a risk level (1 – IV) as well as
consequence (C1 – C4) and frequency rating (F1 – F4). Detail of consequence-evaluation / frequency
rating guidelines is provided in Appendix B.
10.2 Developing Recommendations
The following facts should be considered in developing PHA recommendations:

 Clear connection with the process hazard and the hazardous event.
 Degree of risk
All recommendations should be checked against the Qualitative Risk Assessment Protocol
(Appendix-B). This would ensure that the PHA team drops all the low risk recommendations and
only high-risk recommendations get documented in the final report.
Recommendations shall be made for hazards having risk score I and II, some of the risk score III
items may be considered for developing recommendations, while for risk score IV items, the
administrative controls shall be suggested.
When the team considers risk and concludes that a recommendation is appropriate, the
recommendation should be specific and accomplishable. In general, the team should not make
recommendations to “study”, “consider” or “investigate” a situation. The team should do any
investigation needed, except in cases where a long range investigation by an expert is needed.
Recommendations should not give a specific design solution, because it can inhibit development of
more innovative or cost effective designs. The details of the design should be left to the person
assigned to complete the implementation of the recommendation. When possible, alternate routes
for achieving the same desired improved safety should be listed.
In documenting recommendations in the PHA report, each recommendation should be listed in the
review worksheets of the appropriate review method. The recommendations should use clear and
concise wording.
Multipart recommendations should be broken down for stewardship so that each part can be
assigned to an individual. The goal is to have a single person, not a group of people, responsible for
each recommendation.
Recommendations from the PHA should be prioritized as high and low. The priority given to a
recommendation can be used on the team’s judgment or the risk matrix.
43
10.2.1 Focus Items
The principle focus of a PHA is to eliminate or control hazardous process events to an acceptable
risk level through recommendations generated by the PHA team.
 A safety or environmental consequence with a risk score of I or II must have
recommendations and shall be included in the final PHA report
 Interim solutions must be developed for safety or environmental hazards with a risk level of
1
 Risk levels of II should be reviewed on a case-by-case basis to determine if a
recommendation or an opportunity for improvement (Suggestion) is warranted (See PHA
Resource Manual Section 15)
 When the potential consequences of a particular safety or environmental event, is
"catastrophic or major", the PHA Team may need to conduct a formal quantitative risk
analysis in addition to the qualitative risk analysis
 A small fault tree, specific for the hazardous event in question may be helpful to the team
to confirm the probability of occurrence
10.3 Types of Recommendations
Further all recommendations to be categorized as follows:
10.3.1 Procedural
All the safe guards, which can be achieved by providing an approved procedure, standing order or
instruction, fall under this category.
10.3.2 Simple Jobs
Any recommendations, which can be complied with by doing routine maintenance, or a minor job,
which does not require engineering, fall under this category.
10.3.3 Turnaround Jobs
All the jobs, which cannot be handled on a running plant and can only be worked on during a
Shutdown or Turnaround, are covered in this category.
44
10.3.4 Engineering Jobs
Recommendations requiring engineering evaluations would fall under this category and would have
to go through the control of change protocol.
10.3.5 Timeline of Different Categories
Category of Job Maximum Time
Procedural 02 months
Simple Job 04 months
Turnaround Job Next Turnaround / FAO
Engineering Job 02 Year
10.4 Recommendations Approval
Cases, where the cost of compliance is substantial and / or the risk of non-compliance so great, are
reviewed at the appropriate level of Sub HSE or Manufacturing HSE.
Following are guidelines for recommendations approval, escalating level of approval to higher safety
forums etc.
10.4.1 Sub HSE (P)
1. Recommendations from a PHA must be reviewed by the Sub-HSE (P). Sub-HSE (P) must
document its response to recommendations, accepting the recommendation as stated, accepting
it as modified, or rejecting the recommendation
2. Management must assign follow up responsibility and dates for completion of each accepted
recommendation. Interim actions should be considered until the permanent solution is
completed
3. If a recommendation is modified, the reason for the modification should be documented and
the alternate solution should address the hazard as effectively as the original recommendation
4. If management does not adopt or accept a recommendation, the reason and logic supporting
the decision must be documented and appended to the PHA report. Some of the reasons for
rejecting a recommendation are as follows:
 The analysis upon which the recommendation is based contains factual material error
 The recommendation is not necessary to protect the health and safety of employees,
contractors, or the public
45
 An alternative measure would provide a sufficient level of protection
 The recommendation is not feasible
10.4.2 Manufacturing HSE Committee
Sub HSE (P) may suggest some key recommendations / findings to be reviewed in Manufacturing
HSE committee due to higher risks, immediate actions required or cost impacts are higher
10.4.3 Corporate HSE (Health, Safety & Environment) Committee
Major projects or the introduction of new processes or chemicals can add significant risk to the
site. For these cases, it is appropriate to escalate the Risk Management decision to Corporate HSE
Committee.
10.4.4 Management Response on Recommendations
Management response on recommendations shall be documented; a good way of documentation

may be taking minutes of the meeting item by item.
10.5 Items Not Requiring Recommendations
Following are items, which do not require any recommendations, but still will be given in the PHA
report under the Heading “Discussions of Items Not Resulting in Recommendations”
 Any safety or environmental C-4 event that has a risk score of II may not result in
recommendations
 Safety or environmental consequences resulting in a risk level of III or IV could be considered
"Suggestions (Opportunities for Improvement)"
10.6 Discussion / Review of the Recommendations and Suggestions
A draft of the PHA discussion section of the recommendations shall be issued to the Production
Section Head / Unit Manager and Safety Advisor before the formal review
46
SECTION - 11 PHA REPORT AND COMMUNICATION
The PHA report is a formal document that records the PHA team findings for management. The
report is also used by future PHA teams to understand what hazards have already been considered
and the conclusions reached. Following are guidelines for PHA report development:
 The report should be concise, but with sufficient detail to provide readers with a clear
understanding of the hazards inherent to the process, the potential hazardous events, the lines
of defense controlling the hazards and the consequences of loss of these lines of defense.
 Site recommended format for a base-line PHA is to be followed. However, this format is not
mandatory as long as all required sections (given in 11.1 PHA Report and Communication) are
included in the final PHA report.
 The PHA is not considered “COMPLETE”, until the report is approved by the PHA leader
 The approval date (report issue date) is taken as the starting point of duration for next PHA.
This is also considered starting date for any targets given in months, e.g., if a PHA is started on
January1, 2018 and PHA report is issued on May 15, 2018, then the next cyclic PHA will be due
on May 16, 2023 for a HHP.
11.1 Report Contents
Below is a list of specific requirements that should be included in the final PHA Report document:
1. Executive Summary / Conclusion Section

2. Scope of PHA
3. Introduction to team
4. Field Tour
5. Process description & process flow diagram
6. P&IDs Studies/ Referred
7. List of Hazards in the Facility
8. Consequence Analysis / Modeling of Releases
9. Qualitative Risk Assessment Protocol
10. Summary of Recommendations along with justification, responsibilities and target dates
11. Management Response on Recommendations
12. Human Factors
13. Facility Siting
14. Emergency Handling
15. Suggestions
47
16. Reference Documents
17. Attachments
 Release model diagrams
 Release modeling worksheets
 PHR (What-if / checklist, HAZOP, FMEA etc) record forms
 HAZOP examination record sheets
 List of gaps identified in Operating / Maintenance Procedure or P&IDs
 List of alarms which need to be revised
Thinking and logic employed by the team to generate the recommendations should be well
documented in the supporting detail section of the report. This information is needed by the
individuals assigned to implement the recommendations as well as future hazards review teams, to
avoid duplication of effort.
11.2 PHA Detailed Working File
A PHA file must be developed in addition to the final report. This is to file all documentation of the
team’s work, including calculations, a list of references used and so forth. The information on the
follow up implementation of the recommendations must be included in the file. This file is a
permanent record and must be retained for the life of the facility with the relevant area Unit
Manager.
11.3 Report Issuance Time
The final report for a base line PHA should be issued after 2 ~ 3 months of the activity, so that the
team members get enough time to close out the report.
The time between the charter letter and the final PHA report must not exceed six months.
11.4 Report Circulation
Copies of the PHA report should be distributed to:

 Sub HSE (P) Chairman and its Members
 Safety Advisor
 Unit Managers / Section Heads who Operate & Maintain the facility
 Process Engineering Unit Manager
 Each member of the PHA team
 PHA files of the Unit
48
11.5 PHA Presentation
All PHAs to be presented to or reviewed by Sub HSE (P). It is recommended but not mandatory to
present base line PHAs to Manufacturing HSE.
11.5.1 Recognizing and Rewarding Good Performance by Teams
In PHA presentation to Sub HSE (P) and Manufacturing HSE, management shall acknowledge,
recognize and reward good performance by PHA team.
11.6 Communicating PHA Findings and Recommendations (Hazard

Communication)
It is most important for the Area Unit Manager / Section Head to communicate hazards identified
in a PHA to all the individuals working on a process unit which have a potential of injury, fire or
loss of containment.
This information should be passed to all the individuals within 03 months of the PHA report issue
date.
Further the training plans of the entire individual who are assigned to a Unit or process area (new
or cross training) should ensure that they are aware of the hazards identified in a PHA.
The preferred method for PHA communication is through meetings, D-level Safety Meetings, Class
Room Trainings etc.
11.6.1 PHA Communication Items:
 PHA Title and Report Number

 List of PHA Team Members and Resources
 Summary of PHA Scope
 Hazards Identified
 Summary of Recommendations
 Summary of Higher Priority Suggestions
11.6.2 Consequence Analysis Communication to Emergency Squad Members
PHA team leader is responsible for communicating consequence analysis to all the Emergency Squad
Members.
49
As a minimum, the PHA Leader should send a copy of the PHA Report "Consequence Analysis
Section" along with supporting documentation to the Emergency Response Leaders and Crisis
Management Cell (CM Cell) members.
SECTION - 12 RECOMMENDATIONS – TRACKING,
CLOSURE, RE-EVALUATION AND WAIVERS
Once the recommendations are generated, finalized and report issued, all the high risk score
recommendation shall be tracked and stewarded till their completion.
12.1 Recommendations Tracking and Stewardship
1. A formal tracking system should be in-place to monitor the status of all the PHA
recommendations, this would ensure that the recommendations are under special focus and are
timely closed out. Safety section is responsible for setting up this tracking system
2. Periodic reports listing each recommendation’s progress should be issued by Safety Section or
through automated database every month
3. Status of the recommendations should be regularly stewarded in Manufacturing HSE by site
Safety Advisor
4. The status report shall include:
 No. of recommendations added
 No. of recommendations completed
 Open recommendations
 Pending recommendations – Recommendations that have passed due dates
12.2 Closure
1. All recommendations should be closed out within the assigned target date.
2. The recommendations will be closed on written feedback of responsible person or area Section
Head / Unit Manager
3. Recommendations must not be removed from the tracking system without a closure document
and comments
4. Close out record of all the recommendations should be kept in the PHA master file of the Unit,
with the Safety section or on OPERA / database
5. The completion documentation must clearly state the action taken to complete the
recommendation and justification should be appended to the PHA report
50
6. If the recommendation was modified, the reason for the modification must be documented and
the alternate solution must be shown to address the hazard as effectively as the original
recommendation.
12.3 Changing Target Dates
1. Recommendations which have passed their target dates shall be changed for 1st time after review
and approval by Respective Department Manager or Sub HSE (P) chairman for High Risk score
items (risk score 1 & II). For any subsequent extension in target date (e.g 2nd or 3rd time etc),
approval of Manufacturing HSE chairman shall be mandatory.
2. For low risk score (III & IV) items, target dates can be changed on written approval of concerned
operations Section Head / Unit Manager for the 1st time. For any subsequent extension in target
date (e.g 2nd or 3rd time etc), approval of Respective Department Manager or sub HSE (P)
chairman shall be mandatory.
3. Justification letters must be attached for recommendations older than 02 year. The justification
shall include:
 PHA Report, Recommendation and Tracking Number
 Recommendation as stated in report
 Reason due date was not met
 Progress made to date on recommendations
 When and by whom the recommendation will be completed and the plant to meet new
deadline
 Interim solutions that have been put in place along with consent of all responsible areas
12.4 Rejections / Waivers
At times some of the approved recommendation might be found not workable and need to be
dropped. This change should be documented, associated risk understood and a waiver taken from
Manufacturing HSE Chairman.
51
SECTION – 13 CHANGES FOR NEW FACILITIES /
MODIFICATIONS PHA
This section gives the changes in the general PHAs for conducting and issuing a Project PHAs.
13.1 Changes for New Facilities / Projects
 Team leader in this case will be the Process Engineer, Instrument or Electrical engineer /
Supervisor or Safety Resource. This will be consented by Safety Advisor, Production / Project
Manager and concerned area production Unit Manager
 All the team leader’s responsibilities given in Section 6.5.1 will be applicable to Process,
Instrument or Electrical engineer / supervisor
 What If / Checklist method shall be preferably used
 Scenarios are thoroughly documented, including consequence and safeguards
 The Project Leader should work with the Safety Advisor when developing the Charter and
selecting PHA Team Members
 Outstanding action items should be written such that they are specific and accomplishable
Rest of the requirements for conducting a PHA are same as elaborated in this procedure.
13.2 Addressing Queries Raised during the PHA
 The queries raised during hazard identification and hazard evaluation (PHR) process, those
have already been mentioned in the proposal shall not be given in the final PHA report
 New queries which have not been addressed in the design shall be evaluated
 Action items addressed during the course of the PHA shall be documented along with risk
evaluation in the PHR sheet for record purpose and shall not appear in the recommendations
list
13.3 Management of Change or Test Run Authorization PHA
 Team leader in this case will be the Process / Instrument or Electrical engineer / supervisor.
This will be consented by site Safety Advisor, Production Manager and concerned area
operations Unit Manager.
 All the team leader’s responsibilities given in Section 6.5.1 will be shifted to Process, Instrument
or Electrical engineer / supervisor
 Preferably What If / Checklist method should be used
52
 Scenarios are thoroughly documented, including consequences and safeguards
 The originator of Change or Test Run document should work with Safety Advisor and Area
Unit Manager to determine the scope of PHA
 Outstanding action items should be written such that they are specific and accomplishable
Rest of the requirements for conducting a PHA are same as elaborated in this procedure.
53
SECTION - 14 REFERENCES AND LEVEL-3 PROCEDURES
14.1 References
Following is the list of reference documents / reports helpful during any PHA.
 DuPont PHA Manual

 Resource Manual for Process Hazard Analysis
 Emergency Response Manual
 Operating Manuals
 Maintenance Manuals
 Exxon BPs / DPs
 PSM Level-2 Procedures
PSM 13 Level-2 Procedures on Process Safety Information
PSM 22 Level-2 Procedures on Emergency Preparedness and Contingency Planning
14.2 Level-3 Procedures / Documents
 Health, Safety and Environment Design checklist to be filled in along with design (Process, I&E,
Mechanical) specifications.
 Cyclical PHA Schedule / Plan
 PHA Recommendations / Tracking System
 PHA Reports
 PHA Report Contents / Format (PHA Resource Material Tab 16)
54
SECTION - 15 ATTACHMENTS
15.1 Appendix A Detailed description of facility siting methodology
A.1 Introduction
This appendix provides an overview of the facility-siting methodology. The methodology is
illustrated by a flowchart shown in Figure A-1. While portions of this methodology may be
conducted by an individual, the overall evaluation process typically incorporates a teambased
approach (e.g., the approach used for a PHA).
The objective of this methodology is to determine if a building provides adequate protection
for the housed occupants or functions. At the completion of each step of the evaluation,
one of the following conclusions should be made:
 The building is suitable for service
 The building does not provide adequate protection, and appropriate remedial action is
necessary
 It is not yet clear if the building is suitable, and additional evaluation is necessary
If the building is suitable for service, the team’s analysis of the building is complete. If the
building does not provide adequate protection, the team should proceed to the
riskmanagement process to identify suitable means of mitigating the risk. If it is not yet clear
if the building is suitable, the team may choose any subsequent analytical technique to
evaluate the building more rigorously. After potential risk-reduction options are identified,
each option’s effectiveness is evaluated by using one of the analytical techniques provided
within the methodology.
After identifying and evaluating appropriate risk-reduction measures, the team should reach
the conclusion that the building, either as is or with remedial actions, poses a tolerable risk
to its occupants or to its function. This decision is based on a set of conditions defining the
process, the building, and its occupancy or function. Future changes in any of the defining
conditions can invalidate the original decision regarding the suitability of the building.
A.2 Data gathering

Implementation of the facility-siting methodology involves collecting sufficient information
about the facility to support the analysis. The following is typical information that might be
collected:
Initial hazard screening

- Material safety data sheets
- Process conditions
- Process inventories
Initial building screening
- Building occupancies and functions
55
- Corresponding screening criteria
Consequence screening by comparison to design and spacing criteria

- Information used in initial screening
- Appropriate design and spacing criteria
- Building construction details
- Distances between buildings and process units
Consequence screening by site-specific modeling

- Information used in initial screening
- Criteria that defines intolerable consequences
Qualitative risk assessment

- Risk tolerance criteria or decision-making methodologies
- Detailed process-safety information for the process and equipment
- Information on passive and active mitigation systems
- Operating procedures
- Maintenance practices and records
- Records of past incidents
- Detailed building design and construction information
Quantitative Risk Assessment

- Information used for qualitative risk assessment
- Failure-rate data
The information provided in each successive step of the methodology (shown in the above
bulleted list) becomes more detailed and builds on the information of the preceding steps.
It may be more efficient to collect information in a step-wise fashion and focus on the
particular analysis steps being conducted at that time.
A.3 Initial screening

The initial screening seeks to answer the following questions:
 Are there any hazardous materials or conditions that could pose a danger?
 Are there any buildings in the vicinity of the hazards that should be evaluated further because
of their occupancy or function?
56
If the answer to either question is “no,” then the evaluation is complete, and the study should
be documented. However, if either question is answered “yes,” then further evaluation should
be done. Both of these questions are addressed from the perspective of
 The process, looking outward at surrounding buildings
 The building, looking outward at nearby processes
A.3.1 Hazard screening

A thorough hazard screening should be conducted and documented. This screening
corresponds with the hazard-identification step within a PHA and may be conducted as part
of, or excerpted from, a PHA.
A hazard is an inherent property or characteristic of a material, system, or process that has
the potential for causing serious injury to people and / or property or environmental damage.
The hazards addressed in this standard are those related to the three events of concern
(i.e., explosions, fires, and toxic releases). These include, but are not limited to, the following
hazards:
• Explosion hazards
- Flammability
- Reactivity
- Instability
- High pressures
- High temperatures
• Fire hazards (e.g. flammability)
• Toxic release hazards (e.g., toxicity and volatility)
The screening should review and evaluate the following factors:

 The physical and chemical characteristics of the materials handled
 The type of process (e.g., neutralization, polymerization, and halogenation)
 The nature of the process chemistry (e.g., exothermicity and kinetics)
 The operating conditions
The presence of a hazardous material or condition is not sufficient to warrant concern if the
amount of the material or the size of the system is small. For example, a standard cylinder
of acetylene (e.g., the type used in a welding shop) would probably not be judged as a facility-
siting concern, even though acetylene is highly flammable and potentially unstable. Similarly,
the cylinder of compressed air on a self-contained breathing apparatus would likely be judged
as not posing an undue risk to a nearby building, even though the cylinder pressure was quite
high. The team should exercise sound engineering judgment when determining whether a
hazardous material is present in sufficient quantities to be of concern. If this determination
cannot be easily made, then a consequence screening approach may be helpful (see Section
A.4).
57
Where appropriate, hazards from off-site sources (e.g., adjacent HHP units/areas) should be
considered. There may be situations when significant off-site hazards should be included in
facility siting.
A.3.2 Building screening

Buildings are screened based on their levels of occupancy and the degree to which the functions
housed within the building are critical to process safety.
As a part of the building screening process, the maximum, legal occupant load for a given
area must be understood. The criteria for determining occupant load are provided by NFPA
101.
The following information has been compiled from NFPA 101 and should be used to determine
the occupant load for a given area or building
When determining the occupant load of assembly areas, the net area is the actual occupied area,
not including hallways, closets, and columns. All other areas are determined by utilizing the gross
square footage (inside wall to inside wall) of the space in question. See the below examples:
 Building or area dedicated to office use

80 ft x100 ft = 8,000 ft2 of gross space
8,000 ft2/100 ft2 per person = 80 maximum occupant load
 Area used for assembly (conference center)
50 ft x 60 ft = 3000ft2 gross space
Deduct 500 ft2 for corridors, restrooms, and closets = 2500 ft2 of net space Note:
Normal usage is with tables and chairs.
2,500 ft2/15 ft2 per person = 167 maximum occupant load
The occupant load in any building or portion of the building shall not be more than the number of
persons determined by dividing the floor area assigned to that use by the occupant load factor for
that use.
* The occupant load for storage occupancy shall be determined on the basis of the maximum probable population of the
space under consideration.
A.3.2.1 Occupancy screening criteria

In any effort, resources should be directed to where they may be the most effective. Thus, in the
facility-siting methodology effort, it is appropriate to set occupancy screening criteria at a level
where no further evaluation is warranted. This prevents the diversion of attention from a highly
occupied structure (e.g., office building) to an infrequently occupied structure (e.g., analyzer house).
The occupancy screening criteria established by this standard is equivalent to two full-time
occupants. Taking into account routine occupancy patterns and intermittent visits by personnel not
assigned to the building, a building is considered to be occupied if the cumulative occupancy is 336
58
person-hours or more per week. Buildings with occupancies above this threshold should be further
evaluated.
Although some portable trailers and similar temporary structures may not fulfill the 336
personhours-per-week criteria, they may be used infrequently by a large number of personnel for
Area Use m2 per person ft2 per person
Assembly (without seats) 0.65 (net) 7 (net)
Assembly (with seating) 1.4 (net) 15 (net)
Business 9.3 100
Industrial 9.3 100
Storage * *
meetings and planning sessions. Sites should consider the peak building occupancy and include it as
part of the facility-siting study. Also, the 336 person-hours-per-week criteria are occasionally
unfulfilled for day-only occupancy of any building (e.g., 8 people, each with 40 hours per week). In
these cases, the facility-siting assessment team should use their judgment to determine whether
these buildings should be included in the evaluation.
Given sufficient warning, many personnel should have the ability to evacuate the building in the event
of an emergency. However, such evacuations are not considered when calculating the building
occupancy level. Similarly, buildings where it is mandatory or typical for personnel to remain during
an emergency (e.g., a control room) or where personnel typically assemble during an emergency
(e.g., a temporary safe haven) are considered occupied regardless of the calculated occupancy level.
Sites should be aware of intermittent patterns of unusually high occupancy (e.g., training or safety
meetings) in a building. In these cases, the site should consider further evaluation for the building,
even if it fails to meet the occupancy screening criteria. Alternatively, the site should consider
relocating the meeting so that the high concentration of personnel is not within the area potentially
affected by an incident.
Sites should use care when defining what comprises a building. A group of contiguous, small buildings
may be more appropriately classified as a single building for the purposes of applying the occupancy
screening criteria. Furthermore, a facility population should not be subdivided into a number of
smaller buildings to circumvent the occupancy screening criteria.
A.3.2.2 Critical function criteria

Some buildings warrant further consideration if they house a function critical to process
safety, even if the occupancy criteria is not exceeded. Unlike the occupancy criteria, the
critical function criterion does not lend itself to quantitative definition. Sites should identify
and further evaluate buildings that house equipment that directly and significantly affects the
safety of personnel during and immediately after an incident (i.e., equipment critical to
process safety). Examples of equipment that may be housed in these buildings include
 Fire water pump
 Breathing air compressors
 Controls necessary for a safe and orderly process shutdown
59
 Emergency response centers
A.3.3 Decisions based on initial screening

If hazardous materials or conditions exist for a particular building and either the occupancy or
function criteria are exceeded, then that building must be further evaluated (see Section A.4, A.5,
or A.6). If further evaluation is not necessary, then the basis for that decision should be documented.
A.4 Consequence screening

Consequence screening should be conducted if hazardous materials or conditions are
present or if there are nearby buildings that exceed the applicable occupancy or critical
function criteria. Consequence screening attempts to answer the following questions:
 Given the hazardous materials or conditions identified, could the sequence of events lead
to an event of concern (i.e., explosion, fire, or toxic release)?
 What is the likely severity of the event? What is the possible intensity of its effect (e.g.,
overpressure, thermal radiation, or concentration) at the buildings of concern?
 What are the possible consequences to the building, the occupants, or the function that it
houses?
 Are these consequences tolerable?
Consequence screening incorporates the results of PHAs conducted. Consideration should

be given to all phases of the operation (e.g., start up, routine operation, routine shutdown,
emergency shutdown, and maintenance turnaround) to identify and evaluate the most
hazardous phases of operation.
There are two procedures for consequence screening. One is a comparison to design and
spacing criteria, and the other is site-specific modeling. Either of these procedures can be
used to address a particular situation. The first procedure is less detailed and less rigorous
and can be applied more simply and quickly; however, its results are more conservative. The
second procedure is more detailed and can be used to more realistically model the
consequences of proposed scenarios. The siting team may want to first screen by
comparison to design and spacing criteria, and then proceed to site-specific modeling, if
necessary.
A.4.1 Consequence screening by comparison to design and spacing criteria [Last

This type of consequence screening initially involves estimating the magnitude of the undesired event
(e.g., the estimated energy yield for an explosion or the size of the toxic release). Next, a
conservative minimum spacing distance is determined for each building of concern, based on the
nature of the building and its ability to withstand and protect occupants from the challenge posed
by the undesired event (i.e., fire, explosion, or toxic gas release).
For example, when the event of concern is an explosion, a maximum permissible overpressure is
specified for the building. This overpressure is likely to cause sufficient damage which could pose a
threshold potential for serious or fatal injury to the occupants of a building. The minimum acceptable
spacing distance to limit the overpressure at the building to the specific value is then determined
from the Facility Siting Guidance Manual as a function of the nature and magnitude of the explosion.
60
No further evaluation is necessary if the building is located beyond the minimum spacing for the
event of concern.
See the Facility-Siting Guidance Manual for specifics and applicable spacing criteria that are defined
for use with this standard.
A.4.2 Consequence screening by site-specific modeling

This type of consequence screening uses standard consequence assessment methods to determine
the potential effects of the event of concern at the building under evaluation. In this screening step,
the modeling can address the actual conditions likely to be present in the facility (e.g., temperatures,
pressures, inventories, building design, and construction details). However, the input used in these
evaluations should be conservative, yet realistic. For example, the maximum physical quantity of
flammables would be considered rather than the maximum permitted inventory that might typically
be present. The term “evaluation case” refers to the set of conservatively realistic assumptions
applied to define the evaluation.
If the evaluation case indicates that the injuries to the occupants or the damage to the building
function does not exceed the level of concern, then no further evaluation is indicated. For building
occupants, this level of concern has been established as an individual occupant vulnerability of 0.10.
Refer to the Facility-Siting Guidance Manual for additional guidance and applicable decision criteria.
For building functions critical to process safety, the level of concern corresponds to an interruption
of the function.
A.4.3 Decisions based on consequence screening

If the consequence screening of a particular building indicates that the magnitude of the event and
the distance between the event and the building are such that the injuries to the occupants or the
damage to the building function exceeds the threshold criteria, then further evaluation is indicated.
If these criteria are established, the team should proceed to Section A.5 or Section A.6. If further
evaluation is not indicated, the basis for that decision should be documented according to Section
5.5.
A.5 Risk assessment

For buildings that call for further assessment (i.e., buildings not removed from further consideration
based on the screening procedures described in Sections A.3 and A.4), a more rigorous examination
should be made to determine whether they provide an adequate degree of protection for the
occupants or the building function. The remaining evaluation techniques are based on a risk-based
approach (i.e., they address the likelihood of an event and the consequences should the event occur).
Risk is a measure of human injury, in terms of both the incident likelihood (i.e., frequency) and the
magnitude of the injury (i.e., consequences). For example, if the concern is fatal injuries resulting
from explosions, the risk can be expressed as: Risk = Frequency x Consequences
= (Explosions/year) x (Fatalities/explosion)
= Fatalities/year
61
A process typically presents a variety of potential incident scenarios for evaluation. The
riskassessment approach is predicated on a thorough effort to identify and evaluate the significance
of such scenarios. Thus, risk assessment should be based on a thorough PHA.
Risk can be addressed either qualitatively or quantitatively. Either approach may be used individually
or successively in the order presented.
A.5.1 Qualitative risk assessment

This technique is based on making qualitative evaluations of both the incident consequence and
frequency and then combining the consequence and frequency as a qualitative assessment of the
incident risk.
These evaluations can be performed within the context of a thorough PHA. For example, when
performing a Hazard and Operability Analysis, the PHA team explicitly addresses the consequences
of a particular process upset or failure. If there are potential consequences of concern, then the
team lists the identifiable causes of the upset or failure and evaluates the existing process features
that protect against the causes (either by reducing the consequences or the frequency of the event).
The team then evaluates the adequacy of the current level of protection and recommends additional
protection, where warranted. A qualitative evaluation of the perceived level of risk (both
consequences and frequency) existing without additional protection should indicate if additional
protection is warranted.
As it evaluates the various incident scenarios, the PHA team can maintain a perspective of the overall
level of risk posed to building occupants or function by the process under evaluation. This
perspective provides the basis for a qualitative consensus evaluation by the team at the conclusion
of the PHA. The result is one of the following conclusions:
 The perceived level of risk is tolerable

 The perceived level of risk is not tolerable, and risk-reduction measures are warranted
 The results of the qualitative evaluation are inconclusive, and further quantitative evaluation
is warranted
A.5.2 Quantitative Risk Assessment (QRA)
In QRA, credible incident scenarios are identified as a possibly single event or a whole range of
possible events. For each event, consequence modeling and frequency estimation techniques are
applied. Scenarios perceived to have similar consequences may be grouped as long as the individual
frequencies are aggregated.
The risk for each scenario or group of scenarios is calculated as the product of the consequence
and the frequency. The total risk to a building occupant is calculated by the summation of these risk
values. The tolerability of the risk is then determined by comparison to corporate risk guidelines.
When assessing the tolerability of risk, it is appropriate to look at both the risk to the individual and
the risk to groups of people within buildings (i.e., aggregate risk, which is a measure of the risk to
the business).
62
For additional guidance on risk calculations and risk-based decision making, see Guidelines for
Chemical Process Quantitative Risk Analysis and Tools for Making Acute Risk Decisions with
Chemical Process Safety Applications (see Section 2). When completing a QRA, the assistance of a
PS&FP engineering consultant is typically used. The relative costs of conducting such an evaluation
and of implementing risk-reduction measures may indicate that the evaluation is necessary and
should be considered before committing to a QRA.
A.5.3 Decisions based on risk assessment

The team may use one or both of the risk assessment techniques (i.e., qualitative and
quantitative) to evaluate a building. If either technique indicates that there is a tolerable level
of risk associated with the building, then further evaluation is not necessary and the basis
for that decision should be documented. If there are remaining concerns for a particular
building, then the team should identify potential risk-reduction measures (see Section A.6).
A.6 Risk management

If the team decides (at any point during the screening and assessment process described in
Section A.3, A.4, and A.5) that remedial action is indicated to make the building suitable for
its intended purpose, then the team should proceed to the risk-management step.
A.6.1 Definition of risk management

Risk management encompasses the following steps:
• Identifying suitable risk-reduction activities, including
- Proposing alternatives
- Evaluating benefits and costs to determine the most cost-effective alternative
• Implementing the alternative
• Helping ensure that the risk-reduction alternative remains in effect
Although the term “risk-reduction alternative” has been used, the variables (i.e.,
consequence or frequency) can reduce the risk. For example, the team might proceed to
the risk-reduction step directly from a consequence screening procedure without estimating
the risk (i.e., without analyzing the frequency). Alternatively, the team may have reached the
risk-management step after having completed a QRA. In the first case, the team should focus
on those risk-reduction measures that affect the consequences of the incident. In the latter
case, the team has the option of reducing risk by lowering the incident consequences and/or
decreasing the frequency of the incident.
A.6.2 Risk-reduction alternatives

Risk reduction may be considered in terms of either preventing the incident or reducing its
consequences.
63
Prevention efforts are aimed at interrupting the chain of events that lead to the incident of
concern (i.e., explosion, fire, or toxic release). Thus, preventive measures are primarily
focused on the process and are specifically intended to reduce the frequency of the event.
Preventive measures may include
 Providing higher reliability controls and interlocks
 Providing redundancy in safety systems
 Increasing the frequency of inspection and testing
 Enhancing the effectiveness of other PSM elements (e.g., training and procedures)
Consequence reduction efforts are broader in scope and can include efforts aimed at
 Reducing the magnitude of the event at its source, including
- Reducing the duration of a release of flammable materials by the use of removable

isolation valves.
- Reducing the evaporation rate of a toxic liquid through the use of refrigerated storage,
diking beneath equipment, or the application of foam to a spill.
- Reducing the inventory of an unstable chemical. - Reducing the release rate of
flammable materials by operating at lower pressures.
 Mitigating the event as it is occurring, including
- Using a water spray curtain to dissipate a toxic cloud.

- Relying on a deluge system to control a flammable liquid fire.
 Protecting the exposure that is at risk, including
- Strengthening a building to resist the anticipated explosion pressure.

- Erecting a firewall to protect a building from fire radiation.
- Relocating personnel to a more remote building.
- Upgrading a building to make it a temporary safe haven against toxic exposures.
- Conducting more hazardous operations during “off-shifts” when the facility population
is lower.
A.6.3 Selection of alternatives

When choosing an alternative to implement to help attain the desired benefit, the decision
should be based on a sound evaluation of technical feasibility, effectiveness, cost, and
reliability. After identifying an alternative, the team should evaluate the alternative’s
effectiveness by applying the proper methodology. For example, if consequence screening
by site-specific modeling indicates that risk reduction (i.e., the consequence reduction) is
warranted, then the team would propose alternatives for evaluation and use the same
consequence screening techniques to determine the effectiveness of those alternatives.
64
The basis for selection of risk-reduction alternatives should be documented.
Facility siting methodology chart
65
DuPont Methodology For Risk Assessment And Process Hazard
Analysis
15.2 Appendix B Risk Evaluation Guidelines

B.1 Consequence Evaluation Matrix
Consequence category
Consequence Consequence C-4
Type of Event Consequence category
category category catastrophic
/ Impact major C-3
minor C-1 moderate C-2
Multiple MTC injuries, 1- One or more fatalities;

multiple LWCs; major
2 restricted work case
Medical treatment irreversible health effects
No Significant (RWC) or LWC injuries; (e.g.; those having
On- Site safety case (MTC) injury
injury of health minor irreversible health significant , life – altering
and health of reversible health
impact. effects (e. g ; non – impact, such as loss of a
effects.
incapacitating loss of major limb, organ. Bodily
appendages). or sensory function).
Minor injury or Injury or moderate health
reversible health effects, for which
No Significant
Off-site safety effects, for which emergency medical Death or permanent
injury or health
and health minor medical intervention and / or irreversible health effects.
impact.
treatment is hospitalization is
indicated. indicated.
Discharges to air, land,
Discharges to air, land, and / or water that causes
and / or water that causes one or more of the
one or more of the following (or comparable)
following (or comparable) effects: widespread
Discharges to air, effects: significant (25%) damage to crops or plant
land, and / or water loss and / or short term life that lasts one growing
that impact only a (less than one growing season or longer; long –
No significant season) damage to crops
limited area or only term (one or more year
Environment environmental or plant life. Significant
have short term duration) damage to area
impact. (25%) loss and / or short – wildlife; long- term (one
impact on plant,
wildlife, soil, or term (less than one year or more year duration),
water. duration- damage to area widespread soil
wildlife; localized short – contamination, or surface
term (less than one year or ground water
duration) soil or water contamination having
contamination. significant community
impact.
66
Analysis
B.2 Broad Event frequency categories
Approximate Corresponding
Category Typical Description Quantitative frequency (Per
Year)
F-1 Extremely Not realistically expected to occur (1 in more
Unlikely (or remote) than 10,000 years) < 10 -4
Not expected to occur, but not incredible (1 in

F-2 Unlikely < 10 -3 to < 10 -4
1,000 years to 1 in 10,000)
Unlikely to occur in the Plant’s lifetime, but
F-3 Unlikely < 10 -2 to < 10 -3
could occur in one of a number of similar plants.
May occur at least in the lifetime of the
F-4 Unlikely > 10 -2
installation (1 in 100 years or less)
Note: If there are multiple initiating events (causes) resulting in the same hazardous event a more conservative
selection of frequency category should be considered or additional tools such as LOPA or FAULT tree should be
used to better evaluate the frequency and resultant risk.
B.2 Event frequency evaluation matrix

Frequency category Frequency Frequency Frequency
Attribute F-1: Extremely category F-2: very category F-3: very category F-4: very
unlikely unlikely unlikely unlikely
Engineering Controls
One or two,
complex, active.
Two or more passive Two or more, at None or one,
Some reliability
Lines of defense system, independent. least one passive. complex, active
issues may have
No reliability issue. Reliable. Poor reliability.
common mod
weakness.
Testing
Well – Documented Regular Tests,
Interlocks, Not checked often.
test protocol. function check may Undefined,
mechanical History of trouble.
Complete function be incomplete. unchecked, or
integrity, and Some tests claimed,
check. Good results. Problems are unappreciated.
emergency not done
Rare failures. uncommon.
system)
One major incident.
No major incidents. Causes not
No major events, very
Perhaps minor completely Many incidents.
few minor events,
Incident history incidents. Causes understood. Near – misses.
Prompt, corrective Questions remain if
understood and Failure to learn.
action taken. corrective action is
learning is captured.
adequate.
Chronis minor upsets Routine upsets,
Process well Rare upsets. Most not all explained or many never
Operating understood. Rare causes understood. acted on. More explained. Excursion
experience upsets are acted on Effective corrective serious ones are common and causes
promptly. action flagged and eventually not well
resolved. understood.
Event frequency evaluation matrix (continued)
67
Analysis
Frequency
Frequency
category Frequency category Frequency category
Attribute category
F-1: extremely F-2: very unlikely F-4: likely
F-3: unlikely
unlikely
Human Factors
Stable process; potential Rapid changes or

hazards are understood. Reasonable rate of
new technology. Fair Rapid changes. New
Data always available to change. May be new
PHAs, not always technology. Incomplete
Rate of change support the standard technology, with some
given deep thought. or poor PHAs. Learning
operating limit and uncertainly. Good
Operational limits as you go.
HSEs. PHAs.
uncertain.
Clear, unambiguous
OPsb. discipline in
Unaware of OPs.
place to follow. Errors
Critical OPs in good Training by word of
flagged and corrected
shape. Others have OPs exist. Not mouth. “black books” or
immediately. Routine
nonfatal errors or updated regularly or other similar informal or
Training and refresher training,
weaknesses. Routine token review. Poor uncontrolled operating
procedure including normal,
audits and reviews. emergency training instruction. Excess
nonroutine, and
Personnel are familiar procedures. verbal directions. Ad
emergency
with procedures. hoc operation. No
procedures. All
emergency training.
contingencies
covered.
Multiple experienced Some new people; re shifts with no

operators on all shifts. never all on a single personnel, but not experienced people.
No significant shift. Occasional brief common. Period of
Skill and fatigue. Some boredom. Excess overtime, fatigue
overwork or People know what they group fatigue for common. Disruptive
performance boredom. Optimal are qualified to do and short period, work schedule. Poor
(operators, stress level. All are their limitations. extensive boredom. morale. Jobs performed
mechanics, Healthy respect for People not expected by people with
well qualified. hazards. to think. People may
supervisors, Possible shift of all questionable skills. No
Dedication evident. inexperienced or assume more than
contractors) High turnover. One or definition of job they
People care. Hazards newly assigned know. Not limitation. Unaware of everyone
clearly understood m hazards.
and appreciated. o understands the hazards.
68
B.3 Risk Evaluation Matrix
Interpretation of risk score is as follows:
Risk
Description Action PHA recommendation
Score
Should be mitigate with engineering and / or
administrative controls to a risk raking of III
I Intolerable or less within a specified time period, Yes
appropriate to the urgency of the
situation.
Should be mitigated with engineering and /
or administrative controls to a risk ranking
II Undesirable of III or less within a specified time period, Yes
appropriate to the urgency of the situation.
Maybe. A PHA
recommendation, an
improvement opportunity or
Should verify that procedures and controls
Tolerable with the lack of need for additional
III are in place and establish emphasis that
controls action may be identified,
they are maintained.
based upon a case-by-case
evaluation of the adequacy of
existing controls.
No. An improvement
opportunity may be
consideration for
IV Tolerable as is No mitigation
presentation to
management (outside the
PHA), if appropr
69

DuPont Methodology For Risk Assessment and Process Hazard Analysis

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DuPont Methodology For Risk Assessment and Process Hazard Analysis

Uploaded by

Copyright:

Available Formats

DuPont Methodology For Risk Assessment And Process Hazard Analysis

SECTION - 1 TABLE OF CONTENTS

3.1.1.xxxi Human Factors

3.1.1.xl Process Hazard Analysis

4.1 PHA Requirements

1. Develop a process which includes:

When to conduct a PHA

Planning and Preparing to Conduct a PHA

Define PHA Charter and Scope

Start PHA Activities

Process Hazard Review

Human Factors, Facility Siting and Inherently Safer Processes

Develop PHA Recommendations

PHA Report and Presentation to Management

Recommendations Follow - up, Tracking, Monthly Stewardship

5.2 Higher Hazard Process (HHP)

5.2.1 Examples of Higher Hazard Processes (HHP)

 Quantities of pressurized fuel gases  Flammables

5.3 Lower Hazard Operations (LHO)

5.3.1 Examples of Lower Hazard Operation (LHO)

 Combustibles maintained below their flash point

5.4 PHA Frequencies

5.4.1 Frequency of PHAs for HHP

5.4.2 Frequency of PHAs for LHO

5.5 When to Conduct a PHA

 New Projects / Facilities

Note: It is recommended to conduct PHA on Developmental / Basic Data and

5.6 New Projects / Facilities

5.6.1 Developmental / Basic Data (Screening Process Hazard Review)

5.6.2 Pre-Authorization (Scope of Work)

5.6.3 Design Review (Detailed PHA)

5.6.4 Base Line PHA

5.7 Existing Facilities

5.7.1 Cyclic PHA

 Hazards and hazardous events characterizations.

5.7.2 Revalidation PHA

A revalidation PHA must be considered in following cases:

5.7.2.i Revalidation Protocol for Cyclic PHAs

5.7.3 Facilities Modifications PHA

5.8 Mothballing / Dismantling of Process Facilities

To mothball or dismantle a process facility in a safe manner, a PHA is recommended.

5.9 Other Areas

Other areas that may require PHAs include the following:

5.10 Process Units Division and Classification for PHAs

5.10.1 Area Classification on the Basis of Hazard

 HHP 5 Years (OSHA / EPA standard compliant)

Classification of different sections / posts of the Plant is given below:

Higher Lower Control &

6.1 Management Responsibility for PHA Activity

The charter should at least include:

 Team and Its Responsibilities

6.1.1 Team Selection

6.2 Team Formation

 Multiple day DuPont PHA Course on PHA methodology or

6.2.3 PHA Team Membership

The membership must include individuals with the following skills:

6.2.4 Full Time Members

6.2.5 Part Time Members (As per requirement)

6.3 Team Charter or Scope

6.4 Team Preparations to Conduct a PHA

6.4.1 PHA Charter – Team Discussion and Understanding

6.4.2 PHA Team Organizational Meeting

 A plan for conducting the study