Accepted Manuscript

Title: Fuzzy-based HAZOP Study for Process Industry

Author: Junkeon Ahn Daejun Chang

PII: S0304-3894(16)30552-0
DOI: http://dx.doi.org/doi:10.1016/j.jhazmat.2016.05.096
Reference: HAZMAT 17785

To appear in: Journal of Hazardous Materials

Received date: 21-3-2016

Revised date: 29-5-2016
Accepted date: 31-5-2016

Please cite this article as: Junkeon Ahn, Daejun Chang, Fuzzy-based
HAZOP Study for Process Industry, Journal of Hazardous Materials
http://dx.doi.org/10.1016/j.jhazmat.2016.05.096

This is a PDF file of an unedited manuscript that has been accepted for publication.
As a service to our customers we are providing this early version of the manuscript.
The manuscript will undergo copyediting, typesetting, and review of the resulting proof
before it is published in its final form. Please note that during the production process
errors may be discovered which could affect the content, and all legal disclaimers that
apply to the journal pertain.
Fuzzy-based HAZOP Study for Process Industry

Junkeon Ahn and Daejun Chang*

Graduate School of Ocean Systems Engineering, Department of Mechanical Engineering, Korea

Advanced Institute of Science and Technology 291, Daehak-ro Yuseong-gu, Daejeon 34141, Republic
of Korea

Keywords: Process industry; Risk analysis; Fuzzy logic; Fuzzy HAZOP; Fuzzy risk matrix

*Corresponding author:

Tel: +82-42-350-1514, Fax: +82-42-350-1510, E-mail: djchang@kaist.edu

Highlights

 HAZOP is the important technique to evaluate system safety and its risks while process
operations.

 Fuzzy theory can handle the inherent uncertainties of process systems for the HAZOP.

 Fuzzy-based HAZOP considers the aleatory and epistemic uncertainties and provides the
risk level with less uncertainty.

 Risk acceptance criteria should be considered regarding the transition region for each risk.
Abstract

This study proposed a fuzzy-based HAZOP for analyzing process hazards. Fuzzy theory was used to
express uncertain states. This theory was found to be a useful approach to overcome the inherent
uncertainty in HAZOP analyses. Fuzzy logic sharply contrasted with classical logic and provided
diverse risk values according to its membership degree. Appropriate process parameters and
guidewords were selected to describe the frequency and consequence of an accident. Fuzzy
modeling calculated risks based on the relationship between the variables of an accident. The
modeling was based on the mean expected value, trapezoidal fuzzy number, IF-THEN rules, and the
center of gravity method. A cryogenic LNG (liquefied natural gas) testing facility was the objective
process for the fuzzy-based and conventional HAZOPs. The most significant index is the frequency to
determine risks. The comparison results showed that the fuzzy-based HAZOP provides better
sophisticated risks than the conventional HAZOP. The fuzzy risk matrix presents the significance of
risks, negligible risks, and necessity of risk reduction.

1. Introduction

Risk-based design methodology plays a central role in designing process systems. The concept of
this methodology is to express an accident as a risk that is the combination of the frequency and
consequence of the accident and to reflect suitably preventive or mitigating measures in an attempt to
reduce the risk when the risk is unacceptably significant [1,2]. After establishing the safety target, an
analyst evaluates the risk and makes a judgement on whether the design achieves the target [3,4]. As
a goal-directed methodology, it contrasts with deterministic design methodologies that rely on the
regulations of authorities, industrial standards, or previous projects [5].

Risk-based design consists of three steps: hazard identification, risk analysis, and decision making [2].
A hazard is defined as a situation that has the potential to cause harm to human safety, assets, and
the environment. It may be a physical situation, an activity, or a material [3]. Risk is the combination of
the frequency of an event and its consequence [4]. Practically, risk is estimated by numerically
multiplying the frequency and consequence of the event. The hazard identification step finds inherent
hazards by analyzing the system and identifies the causes, likelihood, impacts, and safety measures
[3]. The risk analysis step determines the risks considering the likelihood and damage scale [5]. The
final step makes a decision on whether the current design should be accepted, what safety measures
should be taken for each hazard if the risk is unacceptable, and how much the risk is reduced with the
safety measures [4,5]. These measures should either lower the accident frequencies or mitigate its
damage scales [5].

The purpose of risk analysis is to estimate risks due to an accident [4]. An analyst assesses the risks
while considering the probable scenarios during the lifecycle of a process system [5]. The risks should
be evaluated in terms of personnel, assets, and the environment using risk acceptance criteria [6].
The most important indicator for evaluation is the risk to personnel or safety. If the risk is less than the
allowable level, then the system will be deemed safe [2].

Among the several methods widely used for risk analysis, HAZOP (hazardous operability) is an
important method for identifying hazards that may affect the safety and operability of a system at
progressive phases. This method assumes the process deviations from the planned operations based
on the use of guidewords [3]. Multidisciplinary experts should review whether the safety measures are
sufficient, and if such measures are not sufficient, they should propose additional ones [3,4]. HAZID
(hazard identification) identifies hazards based on a concept design, whereas HAZOP considers the
hazards of each component from the concept to operation and safety measures of P&ID (piping and
instrumentation diagram) [2,3]. In contrast to HAZID, the purpose of HAZOP is to eliminate or
minimize potential hazards in detail; HAZOP should handle the unresolved hazards in HAZID [4]. Both
methods have similarities; many experts attend the workshop, guidewords are used to assume
accident scenarios, and the existing and additional safety measures should be reported.

During design steps, risk analysis involves inherent uncertainties. These uncertainties are defined as
the degrees of doubt regarding the parameters or results [3], which cause difficulties for obtaining
exact results. An uncertainty is classified as aleatory or epistemic according to each characteristic [7].
An aleatory uncertainty is the uncertainty related to the random nature of an initiating event. In
general, an accident rarely occurs and has diverse patterns; it is difficult to estimate the exact values
for hazards. In reality, an analyst performs the risk analysis through mathematical modeling of system
features. The modeling should be sufficiently simple to handle the phenomenon data and should also
be capable of drawing practical results [7,10]. Strictly speaking, the modeling results are valid only for
the approximation, which implies that the modeling has aleatory uncertainty. In contrast, an epistemic
uncertainty is the uncertainty due to incompleteness and lack of knowledge of the collective
information [8]. Most experts determine a risk using their own experiences based on subjective
judgements and probabilities [8]. If the expert‟s prediction concerning a certain accident is correct,
then there will be no problem. However, this approach does not always make a precise and correct
decision possible. Because the existing probability is generic data, it makes obtaining satisfactory
prediction results from the risk analysis for a specific system difficult [9]. This means that the
knowledge for making decisions involves epistemic uncertainty [10].

Many studies have addressed the uncertainty for risk analysis. Concerning the nature of uncertainties,
scholars in diverse academic fields of mathematics, science, and engineering performed such studies.
Fuzzy set theory is one of the methods for addressing uncertainty in engineering applications. Chang
et al. studied the influence of uncertainty for determining SIL (safety integrity level) in the process
industry [11]. Komal et al. performed reliability, availability, and sensitivity analyses using t-norm-
based fuzzy logic for quantifying uncertainty [12]. Knezevic et al. proposed the fuzzy-based reliability
analysis with fault tree construction [13]. Markowski et al. studied the concept of fuzzy risk matrix, SIL
determination for piping, and explosion risk analysis using fuzzy set theory [14-17]. Several studies
presented SIL selections with less uncertainty than the existing practices by fuzzification of linguistic
variables [18-23].

Fuzzy set theory is also useful for risk analysis at the design phase. The fuzzy-based risk analysis is
capable of modeling the linguistic variables of causes, phenomena, and impacts, even though the
accuracies of the likelihood, types, and hazards for an accident are not certain. The fuzzy number with
the membership degree addresses the epistemic uncertainty of the linguistic variables, whereas the
fuzzy inference procedures address the aleatory uncertainty as IF-THEN rules. The procedure
describes the arbitrary and ambiguous accident phenomena. Concerning difficulties such as
incompleteness, lack, and approximation of knowledge, fuzzy theory makes scientific decision making
possible. In previous studies, HAZID, HAZOP, FMECA, and SIL determination had the systematic
architecture that the fuzzy theory to be applied [11-23]. Although „fuzzy‟ and „risk analysis‟ are
interesting keywords in terms of risk-based design, there has been little research concerning the
uncertainty at the early phase of process designs.

This study proposes a HAZOP methodology for risk analysis using fuzzy set theory. The objective
system is a cryogenic LNG testing facility, as described in Section 2. The fuzzy logic is described in
Section 3. In the fuzzy-based HAZOP, the possible deviations of the process operations are presumed,
and guidewords are appropriately selected to represent the process variables related to an accident
scenario. Linguistic variables are employed to express the likelihood and damage scales of the
accident. The risk is determined through the use of fuzzy modeling of all the accident scenarios in
Section 4. The fuzzy risk matrix shows the calculated risk in comparison with risk acceptance criteria
according to its membership degree. Both fuzzy and conventional HAZOPs provide the risk results for
the same system in Section 5. Section 6 summarizes and concludes this paper.

2. System Description

A cryogenic LNG testing facility [24] is considered as the target system. The purpose of this facility is
to estimate the mechanical performances of LNG-related equipment. A storage tank stores LNG at -
165 ℃ and 2 bar. The entire process is designed to pass LNG from the storage tank through the
LNG drum and the LNG pump to the test equipment. During its passage, the LNG can be vaporized.
The liquid is delivered to the storage tank, and gas passes to a cooler with liquefied nitrogen.

The LNG drum segment is a major part for process operations. The basic process control logic
manipulates the flow, temperature, pressure, and level for normal operations. Fig. 1 extracts the
segment from the entire process. The LNG drum is a pressure vessel with a 500 m3 capacity and is
supposed to feed LNG to the LNG pump. The function of the pump is to supply the flow to the testing
equipment and to prevent boil-off gas while pressurizing LNG.

The LNG drum has five level alarms: HH (high-high), H (high), NL (normal), L (low), and LL (low-low).
Level switches (LS) for each level setting deliver information about the level of LNG to the level
transmitter (LT). To control the LNG flow, the level indicator controller (LIC) actuates the control valve
(CV-001). If deviations occur in the LNG drum, the process safety valve (PSV-001) or the block valve
(BV-001) will shut down the process operation by discharging NG or LNG out of the drum.
 HH
H
L
LL
PIC
301

PSV-001
PT
301

BOG from Testing Equipment BOG Vent

LNG from Testing Equipment

LS LZA HH
301 301

LS LZA H
LIC LT 302 302
301 301

HH 95%
H 90%
NL 80%
L 40%
LL 10% LNG Drum

LNG from Storage Tank

LS LZA
CV-001 303 303 L

LS LZA
304 304 LL

TI PI
2101 402

TE PT
2101 402 LNG to Testing Equipment

BV-001
LNG Pump

Fig. 1. Process diagram of LNG drum segment

A bow-tie model helps to understand the causes and consequences of accidents in the process
operations. Fig. 2 illustrates the bow-tie model for the LNG drum segment, including the relationship
between the hazards and their consequences for the segment failure. The LNG drum segment
includes not only the LNG drum but also the surrounding valves, pumps, and the process control
system. Diverse hazards and consequences will occur due to accidents in the segment. If the process
safety valve fails to function, then the level, temperature, and pressure will deviate from the normally
acceptable operation range, which means that hazardous events may occur. To describe the
accidents, relevant process parameters and guidewords should be adapted.
 Controller
Piping
failure
failure
LNG Pump runaway

Power
Trans. LNG Pump
failure failure LNG spill

Lubrication
Insulation ＂LNG Drum
failure Piping rupture
failure segment＂ failure

Top Event
High level in LNG Drum
PSV
failure
Power
supply
failure Fire and explosion
BPCS
failure
Signal
cards
failure

Hazards by Guidewords Consequences

Fig. 2 Bow-tie model of hazards and consequences concerning LNG drum

3. Fuzzy Logic

3.1. Fuzzy Theory

Fuzzy set theory is a mathematical theory for expressing uncertain states. This theory is based on
inadequate and inaccurate information when a human makes a rational judgment using ambiguous
logics. Zadeh introduced a fuzzy set to explain the number sets of ambiguous logics [25]. Fuzzy
theory is a rule-based methodology to state uncertainty. It considers approximations or subjective
numbers and quantifies the ambiguity and vagueness of linguistic descriptions [26,27].

Fuzzy logic provides a useful means to overcome uncertainties. Because fuzzy logic permits the
principle of the excluded middle to represent any middle state, it is able to consider the uncertainties.
This sharply contrasts with classical (crisp) logic. It substitutes the “zero or one” state of the crisp logic
by a variety of states with membership degrees. The fuzzy set is defined by membership functions
that show the degree to which an element belongs to the fuzzy set. It implies that the crisp set has a
unique membership as zero or one, whereas the fuzzy set has diverse types of membership functions
and the membership degree of an element in the closed interval [0, 1]. Fig. 3 depicts the concept of
the crisp set and fuzzy set on the risk value [15]. This figure shows that there are more or less
deviations from risk 10 where the risk is approximately 10.
 Fig. 3. Crisp set and fuzzy set for state in risk value

Fuzzy set Q with respect to a universal set U is characterized by the following equation.

Q  {(u, Q ); u U , Q [0, 1]}

(1)

The larger the membership degree μQ is, the stronger the degree of belongingness to the fuzzy set Q
for element u. It indicates the extent to which u belongs to Q.

A fuzzy number is an uncertain and ambiguous number. It is a special case of fuzzy set Q whose
membership functions are convex and normalized. Many different membership functions, such as the
exponential, triangular, trapezoidal, Gaussian, L-R type, sigmoid curve, quadratic and cubic
polynomial curves, and piece-wise linear functions, have been proposed for representing the
vagueness of fuzzy numbers. As shown in Fig. 4, fuzzy number Q is considered in equation (2) as a
trapezoidal shape in the closed interval [a, d]. α and β represent the left and right spread.

0, ua
u  a
 , aub
b  a

Q (u )  1, buc (2)
d  u
 , cud
d c
0, d u

where μQ : [a, b] → [0, 1] and μQ : [c, d] → [1, 0] are the left and right membership functions of fuzzy
number Q with a≤b≤c≤d. The core C(Q) and support S(Q) are defined as the following equations. The
support S(Q) always involves the core C(Q).

C (Q)  {u | Q (u)  1, u U }
(3)

S (Q)  {u | Q (u)  0, u U }
(4)
 Fig. 4. Fuzzy number and its membership with symbols

3.2. Fuzzy Modeling

Fuzzy modeling is based on the relationships between the causes and consequences of a
phenomenon. It uses fuzzy logics with respect to the linguistic descriptions to represent input and
output variables. The modeling consists of three steps: fuzzification, fuzzy inference, and
defuzzification.

Fuzzification means transforming a crisp value into a fuzzy value. In contrast to the fuzzification of
numerical variables, it is difficult to determine the fuzzy interval using linguistic variables. Many
techniques are used to determine membership functions, such as rank ordering, neural networks,
genetic algorithms, and inductive reasoning [27]. Because these are based on the subjective opinions
of humans, membership degrees and fuzzy intervals depend on the intuitions of experts [13]. On the
other hand, Dubois et al. proposed the interval bounded using the mean expected value and
possibility distribution [26,28]. This is a numerical technique for reducing the uncertainty resulting from
subjective intuitions [19-21].
 Fig. 5. Possibility distribution F(u) of element u with fuzzy set Q

Fig. 6. Fuzzy number Q with expected mean value, lower bound, and upper bound

Possibility distribution function F(u) with respect to fuzzy set Q is illustrated in Fig. 5, where R, Q, and
U are the crisp set, fuzzy set, and universal set, respectively. The possibility distribution F(u) refers to
the distribution that element u belongs to either the fuzzy set Q or non-fuzzy set. The fuzzy interval is
calculated by taking the expected values on the maximum distribution F*(u) and minimum distribution
F*(u) as the upper and lower bounds, respectively. The expected values in each interval are
determined as the following equations with respect to the trapezoidal fuzzy number Q [19,20,26,28].


E[Q]   F (u )du  [ EL , EU ] (5)

  b 
EL   F * (u )du  b   Q (u )du  b  (6)
  2

  
EU   F* (u )du  c   Q (u )du  c  (7)
 c 2
Here, EL and EU refer to the bounds of linguistic variables for fuzzification, and E[Q] is considered to
be the mean expected value of each fuzzy interval. This represents vagueness and ambiguity as
overlapping individual fuzzy intervals. a, b, c, and d can be obtained from equations (8) to (11) using
EL, EU, and E[Q] as shown in Fig. 6.

  2b  2 EL
 2(b  EL )
 E  E[Q]  (8)
 2 L  EL 
 2 
 E[Q]  EL

  EU  E[Q] (9)

a  b  (10)

d c (11)

Fuzzy inference procedures derive the conclusions through the use of IF-THEN implications that are
based on the input and output variables of a phenomenon. For instance, the fuzzy rules for two inputs
and one output are as follows.

IF x is AN and y is BN, THEN z is CN. (N = 1, 2, 3, …., k)

AN: x input as N-th

BN: y input as N-th

CN: z output as N-th

To obtain a fuzzy output from the above rules, Mamdani‟s arithmetic algorithm is used. The degree of
compatibility wn is defined as follows:

wN  min{ AN , BN } . (12)

The fuzzy output with the compatibility is given by:

C*  min{wN , C } .
N N
(13)

The final fuzzy output with respect to each fuzzy output is as follows:

C  max[min{w1 , C }, min{w2 , C },
1 2
, min{wk , Ck }] . (14)
Because it uses the maximum and minimum arithmetic operations, the overall inference procedures
are called the max-min inference algorithm.

Defuzzification refers to transforming the fuzzy output into a crisp value. Many defuzzification
techniques, such as max-membership, center of gravity, weighted average, and min-membership,
have been utilized. The defuzzified value z* of the fuzzy set C is given by the center of gravity method
as follows:

z *


a
u  C du
. (15)
d
 a
C du

4. Fuzzy-based HAZOP

HAZOP is an analytical method for identifying the individual and dynamic hazards for process
operations. An experienced leader in an independent position suggests guidewords with respect to
the process parameters. In practice, the HAZOP refers to flow, temperature, pressure, level, reaction,
mix, isolate, drain, inspect, maintain, start-up, and shut down [1]. The guidewords are selected in
accordance with the process parameters and operation conditions: no, less, low, more, high, reverse,
fluctuation, and early. The HAZOP participants discuss process systems using the guidewords in
detail. These participants are all experts who have diverse experiences and knowledge for the
systems. The identified hazards, consequences, risks, and recommendations should be recorded in a
standard form [1-3].

HAZOP linguistically represents the participants‟ opinions regarding the system. The frequency and
consequence of an accident are summarized in Tables 1 and 2. These are combined to express the
accident. It is effective to systematically distinguish causes with consequences with respect to
technical faults or human errors. However, the completeness of linguistic descriptions depends on the
facilitation of a HAZOP leader and on the knowledge of the participants. It is sometimes difficult to
precisely describe the system conditions [3].

Table 1. Frequency level description

Frequency Interval,
Index Linguistic Term Description
Event/year
So unlikely that it can be assumed
1 Improbable 10-6 > X that occurrence may not be
experienced
Unlikely but possible to occur in the
2 Remote 10-3 > X > 10-6
life of an item
Likely to occur sometime in the life
3 Occasional 10-2 > X > 10-3
of an item
Will occur several times in the life of
4 Probable 10-1 > X > 10-2
an item
5 Frequent X > 10-1 Likely to occur frequently
Table 2. Consequence category description

Index Linguistic Term Definition

Very minor or no injury; less than minor component or

1 Negligible
environment damage
Single injury with minor health effects; minor system or
2 Marginal
environment damage
Single injury with disability; major system or environment
3 Moderate
damage
Multiple and serious injuries; system loss or severe
4 Critical
environment damage
5 Catastrophic Fatality; system loss or severe environment damage

HAZOP requires risk acceptance criteria to estimate the risks of identified hazards and consequences.
Risk acceptance criteria are the standards used to help evaluate the significance and acceptability of
the risks [3,4]. These criteria normally have three regions: negligible, ALARP (as-low-as reasonably
practicable), and unacceptable. The negligible region means that a risk does not require additional
safety measure. When a risk is handled by existing or additional measures, the risk is in the ALARP
region. The unacceptable region means that a risk is not tolerable in the present design, and this
requires design modifications. If the risks to personnel, assets, and the environment are acceptable
with respect to the risk acceptance criteria, then the present design will be available. Because the
criteria vary, it is impossible to express with precision what is or is not acceptable to personnel, assets,
and the environment [3].

Fuzzy-based HAZOP uses fuzzy modeling, as shown in Fig. 7, to determine the risks of process
deviations. Table 3 presents the likelihood Pf of accidents that refer to the relevant literature [29-32].
The fuzzy modeling overcomes uncertainties by combining the rules and overlapping intervals of
fuzzy numbers for the accidents.

Fuzzification for HAZOP consists of transforming the linguistic descriptions in Figs. 1 and 2 into
trapezoidal fuzzy numbers. If the frequency is occasional, then its interval will range from 10-3 to 10-2.
The lower and upper bounds of the interval shall be EL and EU. When the frequency is probable, its
interval ranges from 10-2 to 10-1. Considering occasional and probable, the threshold value EL should
be 10-2. To select an appropriate fuzzy number by a membership degree, the threshold value makes
overlapping intervals of two fuzzy numbers. For the fuzzification of consequences and risk levels, the
same principle determines each fuzzy interval. Table 4 and Fig. 8 present fuzzy numbers and
membership functions by calculating the expected mean value regarding two inputs and one output.
Because the frequency has infinitesimal values, it is necessary to show the frequency using an
algebraic expression.
Table 3. Failure rate and likelihood for LNG drum segment failure

Causes λ, 10-6 hours λ, 1/year Pf, 1/year Reference

CV-001 failure - - 0.10000 CCPS 2015

Piping leak - 0.00015 0.00015 OGP

BPCS* failure - - 0.10000 CCPS 2015

LNG pump failure 0.00077 6.74187 0.99882 OREDA 2009

PSV failure 0.00000 0.02488 0.02457 OREDA 2009

Insulation failure - - 0.02222 CCPS 2015

*BPCS: basic process control system

If-then Rule
Fuzzy Input Fuzzy Output
with HAZOP

Consequence INFERENCE
FUZZIFIER DEFUZZIFIER Risk
Frequency SYSTEM

Fuzzy Consequence
Fuzzy Risk
Fuzzy Frequency

Fig. 7. Fuzzy modeling procedures for risk analysis

Table 4. Fuzzy interval and expected mean value of frequency, consequence, and risk level

Symbol
EL E[Q] EU b c α β a d
Description
Frequency
Improbable 1.E-07 5.E-07 1.E-06 3.E-07 8.E-07 4.E-07 5.E-07 1.E-07 1.E-06
Remote 1.E-06 5.E-05 1.E-03 3.E-05 5.E-04 5.E-05 1.E-03 2.E-05 1.E-03
Occasional 1.E-03 5.E-03 1.E-02 3.E-03 8.E-03 4.E-03 5.E-03 1.E-03 1.E-02
Probable 0.01 0.05 0.1 0.03 0.075 0.04 0.05 0.01 0.125
Frequent 0.1 0.5 1 0.3 0.75 0.4 0.5 0.1 1.25

Consequence
Negligible 0.5 1.0 1.5 0.75 1.25 0.5 0.5 0.25 1.75
Marginal 1.5 2.0 2.5 1.75 2.25 0.5 0.5 1.25 2.75
Moderate 2.5 3.0 3.5 2.75 3.25 0.5 0.5 2.25 3.75
Critical 3.5 4.0 4.5 3.75 4.25 0.5 0.5 3.25 4.75
Catastrophic 4.5 5.0 5.5 4.75 5.25 0.5 0.5 4.25 5.75

Risk Level
Negligible 0.5 4 7.5 2.25 5.75 3.5 3.5 1.25 9.25
ALARP 7.5 13 17.5 10.25 15.25 5.5 4.5 4.75 19.75
Unacceptable 17.5 22 25.5 19.75 23.75 4.5 3.5 15.25 27.25
Fig. 8 Fuzzy numbers and membership functions of frequency (A), consequence (B), and risk
level (C)
Concerning two fuzzified variables, 25 IF-THEN rules should be generated. Representative examples
are presented in the following.

IF frequency is occasional and consequence is critical, THEN risk level is ALARP.

IF frequency is improbable and consequence is catastrophic, THEN risk level is negligible.

IF frequency is probable and consequence is catastrophic, THEN risk level is unacceptable.

To express a final risk, the fuzzy output should be defuzzified using the center of gravity method. The
risk is a crisp value for a given process deviation.

5. Results and Discussion

Fuzzy-based and conventional HAZOPs are performed for the LNG drum segment. Table 5
summarizes the results from both HAZOPs using eight guidewords. The risks are shown as the
highest values with respect to personnel, assets, and the environment. All the risks of the LNG drum
segment are acceptable; there is no need to implement risk reduction measures even though the
most severe accident is high pressure.

The frequency index has a larger impact than the consequence index on determining the risk.
Although the consequence indices are the same with both HAZOPs, the different frequency indices
affect the risks due to their membership degree by Mamdani‟s arithmetic operations; it implies that the
fuzzy input with the lowest membership degree is reflected to calculate its output. Even if the IF-THEN
rules consist of a large number of inputs and outputs, the minimum membership degree determines
the final fuzzy output.

In most cases, fuzzy-based HAZOP provides lower risks than the conventional HAZOP for identical
hazards. The risks are reflected in the process design that should not have excessive safety capability.
If the risks are overestimated, then risk analyses such as SIL assignment or fire and explosion
analyses may result in conservative protection measures. Because these analyses also consider
redundancy or design modifications for further risk reductions, the risks lead to cost increases and
system complexity in the process design.

It is possible that the fuzzy-based HAZOP provides sophisticated risks, such 11, 13, 17, and 19, as
prime numbers. Generally, the conventional HAZOP presents the risks that are expressed as
composite numbers, such as 10, 12, 15, 16, and so forth, by combining positive integers for each
hazard. It may keep an analyst from assigning the proper indices of the frequency and consequence.
In contrast, the fuzzy-based HAZOP enables the risks to be calculated as prime numbers according to
their membership degree of the frequency and possible consequence.

The fuzzy-based HAZOP presents the risks using the fuzzy risk matrix, which ranks the risks in order
of significance, filters insignificant risks out, or evaluates the risk reduction measures of each hazard.
This is consistently used for personnel, assets, and the environment. Figs. 9 and 10 compare the
conventional and fuzzy-based risk matrices from the perspective of how risks correspond with risk
acceptance criteria. Considering the five categories of the frequency and consequence, both matrices
show the risks ranking from 1 to 25 and risk acceptance criteria. The conventional risk matrix has
three regions: negligible (1 to 6), ALARP (8 to 16), and unacceptable (20 to 25). This cannot
appropriately designate risks such as 7, 17, 18, and 19. The fuzzy risk matrix has seven regions for
the risk acceptance criteria, including the transitional regions. It indicates that the risks may be in
diverse ranges rather than a single value. The conventional risk matrix designates the risk as 12,
whereas the fuzzy risk matrix designates the risk as a range from 9 to 16, where the frequency and
consequence are occasional and critical. This result implies that the risks should be evaluated by
specific categories regarding the membership degrees of risks.

Table 5. Comparison of results with conventional and fuzzy HAZOPs

Conventional Fuzzy
Guidewords Causes Consequences
F C R Log(F) C R
1. Feed LNG closure due to
1. LNG pump
piping blocked or CV-001
No Flow runaway 5 3 15 -0.99 3 12
failure
2. LNG spill
2. Piping leak
Less
1. Piping or CV-001 failure LNG pump runaway 5 3 15 -0.99 3 12
Flow
1. CV-001 failure
Reverse 1. Piping failure
2. High level in LNG drum 5 2 10 -0.69 2 13
Flow 2/3. Process upset
3. BPCS logic failure
1. Feed LNG increase
Piping rupture, high
More Flow 2. BPCS logic failure 5 3 15 -0.69 3 13
level in LNG drum
3. CV-001 failure as open
1. CV-001 failure of closure 1/2. High level in
High Level 2. LNG pump blocked LNG drum 5 3 15 0.05 3 13
3. PSV-001 failure 3. LNG drum rupture
1. LNG pump
1. CV-001 failure
Low Level runaway 5 3 15 -0.9 3 12
2. Piping leak
2. LNG spill
High 1. LNG drum insulation failure
Fire, explosion 4 4 16 -1.35 4 13
Temperature 2. Piping insulation failure
1. LNG drum insulation failure
High
2. Piping insulation failure Fire, explosion 4 4 16 -1.16 4 14
Pressure
3. PSV-001 failure
 Consequence
Crisp Risk Matrix
Negligible Marginal Moderate Critical Catastrophic
1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5
Improbable
1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5
2 2 4 4 4 4 6 6 6 6 8 8 8 8 10 10
2 2 4 4 4 4 6 6 6 6 8 8 8 8 10 10
Remote 2 2 4 4 4 4 6 6 6 6 8 8 8 8 10 10
2 2 4 4 4 4 6 6 6 6 8 8 8 8 10 10
Frequency

2 2 4 4 4 4 6 6 6 6 8 8 8 8 10 10
3 3 6 6 6 6 9 9 9 9 12 12 12 12 15 15
Occasional 3 3 6 6 6 6 9 9 9 9 12 12 12 12 15 15
3 3 6 6 6 6 9 9 9 9 12 12 12 12 15 15
4 4 8 8 8 8 12 12 12 12 16 16 16 16 20 20
Probable 4 4 8 8 8 8 12 12 12 12 16 16 16 16 20 20
4 4 8 8 8 8 12 12 12 12 16 16 16 16 20 20
5 5 10 10 10 10 15 15 15 15 20 20 20 20 25 25
Frequent
5 5 10 10 10 10 15 15 15 15 20 20 20 20 25 25

Fig. 9. Risk matrix for conventional HAZOP

Consequence
Fuzzy Risk Matrix
Negligible Marginal Moderate Critical Catastrophic
1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5
Improbable
2 2 2 3 3 4 4 4 5 5 5 6 6 7 7 8
2 2 2 3 3 4 4 4 5 5 5 6 6 7 7 8
2 3 3 3 4 4 4 5 6 6 6 7 7 8 8 9
Remote 2 3 3 4 5 5 5 6 7 7 7 8 9 9 9 10
2 3 3 4 5 6 6 6 7 8 8 9 10 10 10 11
Frequency

3 4 4 4 6 6 6 7 8 9 9 10 11 11 11 13
3 4 4 4 6 6 6 7 8 9 9 10 11 11 11 13
Occasional 3 5 5 5 7 8 8 8 10 11 11 12 13 14 14 15
4 5 5 6 8 9 9 10 11 12 12 14 15 16 16 18
4 5 5 6 8 9 9 10 11 12 12 14 15 16 16 18
Probable 4 6 6 7 9 10 10 11 13 14 14 16 17 18 18 20
5 7 7 8 10 11 11 12 15 16 16 18 19 20 20 23
5 7 7 8 10 11 11 12 15 16 16 18 19 20 20 23
Frequent
5 8 8 9 11 13 13 14 16 18 18 20 21 23 23 25

Fig. 10. Risk matrix for fuzzy HAZOP

6. Conclusions

Fuzzy-based HAZOP evaluates the risks regarding process deviations under uncertain information.
This approach is an alternative to overcome the uncertainties at the design review step of HAZOP for
the risk-based design. It helps the designer make scientific decisions through the use of fuzzy set
theory. Fuzzy modeling is applied to express risks regarding the frequency and consequence of the
process deviations. Fuzzy logic quantifies the ambiguity and vagueness of linguistic descriptions and
calculates risks in accordance with the membership degree. The mean expected value is introduced
to fuzzify linguistic variables. This is to provide the linguistic variables numbers with less uncertainty
due to subjectivity. The fuzzy modeling generates 25 IF-THEN rules and final fuzzy outputs to obtain
the risks.

The LNG drum segment is selected for various accidents. Fuzzy-based and conventional HAZOPs
provide and compare the results of risks with respect to identical hazards and consequences. The
fuzzy-based HAZOP provides lower risks than the conventional HAZOP. For the eight guidewords of
the process deviation, all the risks are in the ALARP criterion; the segment does not require risk
reduction measures.

The fuzzy risk matrix is the traceable means for evaluating the risks with respect to the risk
acceptance criteria. This matrix also indicates that transitional regions should be defined between the
criteria. For the same risk, the region may be different according to the membership degree of the
accident‟s variables. In some cases, it is necessary to examine the suitability of the risk acceptance
criteria.

A comparison study is required for different fuzzy numbers and membership functions. The interval
bounds of linguistic variables and other fuzzification techniques may lead to slightly different
tendencies. If an analyst introduces different types of fuzzy numbers, then the risk will change. In the
fuzzy-based HAZOP, any index may have a larger impact than the others depending on the fuzzy
numbers.

Risk analyses such as SIL assignment and fire and explosion analyses that reflect the results of this
paper appear to be further interesting studies. These are the detailed estimates on the basis of certain
information of the process. Such studies may investigate which HAZOP is reasonably practicable for
safety and economy.
References

[1] J.E. Vinnem, Offshore Risk Assessment: Principles, Modelling and Appilcations of QRA Studies,
second ed., Springer Verlag, Berlin, (2007).
[2] K. Chang, D. Chang, Offshore Plant Process and Safety Design, Dong Myeong Publishers,
Seoul, (2013).
[3] DNV, Marine Risk Assessment – Offshore, Health and Safety Executive, London, (2002)
Technology Report 2001/063.
[4] IMO, Guidelines for Formal Safety Assessment for Use in the IMO Rule-Making Process,
International Maritime Organization, London, (2002).
[5] D. Chang, Risk-Based Design for Ships and Offshore Installations, Special Issue of the Society of
Naval Architect of Korea, (2005), pp. 113-126.
[6] T. Aven, J.E. Vinnem, Risk Management with Applications from the Offshore Petroleum Industry,
Springer Verlag, London, (2007).
[7] USNRC, Guidance of the Treatment of Uncertainties Associated with PRAs in Risk-Informed
Decisionmaking, NUREG-1855, United States Nuclear Regulatory Commission, Washington,
D.C., (2013).
[8] D. Dubois, Representation, propagation, and decision issues in risk analysis under incomplete
probabilistic information, Risk Anal. 30 (2010) 361-368. doi:10.1111/j.1539-6924.2010.01359.x.
[9] E. Zio, T. Aven, Industrial disasters: extreme events, extremely rare. Some reflections on the
treatment of uncertainties in the assessment of the associated risks, Proc. Saf. Environ. Protect.
91 (2013) 31-45. doi:10.1016/j.psep.2012.01.004.
[10] A.D. Kiureghian, O. Ditlevsen, Aleatory or epistemic? Does it matter? Struct. Saf. 31 (2009) 105-
112. doi:10.1016/j.strusafe.2008.06.020.
[11] K. Chang, S. Kim, D. Chang, J. Ahn, E. Zio, Uncertainty analysis for target SIL determination in
the offshore industry, J. Loss Prev. Proc. Ind. 34 (2015) 151-162. doi:10.1016/j.jlp.2015.01.030.
[12] D. Komal, D. Chang, S. Lee, Fuzzy reliability analysis of dual-fuel steam turbine propulsion
system in LNG carriers considering data uncertainty, J. Nat. Gas Sci. Eng. 23 (2015) 148-164.
doi:10.1016/j.jngse.2015.01.030.
[13] J. Knezevic, E.R. Odoom, Reliability modelling of repairable systems using Petri nets and fuzzy
Lambda-Tau methodology, Reliab. Eng. Syst. Saf. 73 (2001) 1-17. doi:10.1016/S0951-
8320(01)00017-5.
[14] A.S. Markowski, M.S. Mannan, Fuzzy risk matrix, J. Hazard. Mater. 159 (2008) 152-157.
doi:10.1016/j.jhazmat.2008.03.055.
[15] A.S. Markowski, M.S. Mannan, Fuzzy logic for piping risk assessment (pfLOPA), J. Loss Prev.
Proc. Ind. 22 (2009) 921-927. doi:10.1016/j.jlp.2009.06.011.
[16] A.S. Markowski, exLOPA for explosion risks assessment, J. Hazard. Mater. 142 (2007) 669-676.
doi:10.1016/j.jhazmat.2006.06.070.
[17] A.S. Markowski, A. Kotynia, “Bow-tie” model in layer of protection analysis, Proc. Saf. Environ.
Protect. 89 (2011) 205-213. doi:10.1016/j.psep.2011.04.005.
[18] M. Khalil, M.A. Abdou, M.S. Mansour, H.A. Farag, M.E. Ossman, A cascaded fuzzy-LOPA risk
assessment model applied in natural gas industry, J. Loss Prev. Proc. Ind. 25 (2012) 877-882.
doi:10.1016/j.jlp.2012.04.010.
[19] R. Nait-Said, F. Zidani, N. Ouzraoui, Modified risk graph method using fuzzy rule-based
approach, J. Hazard. Mater. 164 (2009) 651-658. doi:10.1016/j.jhazmat.2008.08.086.
[20] R. Nait-Said, F. Zidani, N. Ouzraoui. Fuzzy risk graph model for determining safety integrity Level,
Int J. Qual. Stat. Reliab. (2008) 263895. doi:10.1155/2008/263895.
[21] N. Ouazraoui, M. Bourareche, R. Nait-Said, Fuzzy modelling of uncertain data in the layers of
protection analysis, in: Proceedings of the 2015 International Conference on Industrial
Engineering and Operations Management, Institute of Electrical and Electronics Engineers,
Dubai, (2015), pp. 1-6.
[22] O.Y. Abul-Haggag, W. Barakat, Application of fuzzy logic for the determination of safety integrity
in light of iec, Int. J. Emerg. Technol. and Adv. Eng. 3 (2013) 41-48.
[23] M. Sallak, C. Simon, J.-F. Aubry, A fuzzy probabilistic approach for determining safety integrity
Level, IEEE Trans. Fuzzy Syst. 16 (2008) 239–248. doi:10.1109/TFUZZ.2007.903328.
[24] J. Ahn, Y.Y. Noh, Y. Lee, D. Chang, Evaluation of SIL for cryogenic pump test facility, in: Annuals
Spring and Fall Conference, The Korean Society of Mechanical Engineers, (2012), pp. 1423-
1428.
[25] L.A. Zadeh, Fuzzy sets, Inf. Contr. 8 (1965) 338-353. doi:10.1016/S0019-9958(65)90241-X.
[26] D. Dubois, H. Prade, Fundamentals of Fuzzy Sets, Springer Verlag Science, Berlin, (2000).
[27] T.J. Ross, Fuzzy Logic with Engineering Applications, third ed., Wiley, New York, (2010).
[28] D. Dubois, H. Prade, The mean value of a fuzzy number, Fuzzy Sets Syst. 24 (1987) 279-300.
doi:10.1016/0165-0114(87)90028-5.
[29] N.T.N.U. SINTEF Offshore and Onshore Reliability Data, OREDA Handbook, sixth ed., DNV,
Oslo, (2015).
[30] CCPS, Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection
Analysis, Wiley, New York, (2015).
[31] C.A. Lassen, Layer of Protection Analysis for Determination of Safety Integrity Level, Norwegian
University of Science and Technology, Trondheim, (2008).
[32] International Association of Oil and Gas Producers. OGP Risk assessment data directory,
International Association of Oil and Gas Producers, London 2010, report 434-1.