9/29/2011

Key acronyms

PHA = process hazard analysis

Hazard and Risk Analysis
y HAZOP = hazard and operability [study]
FMEA = failure modes & effects analysis
SAND No. 2011-0991 C

Sandia National Laboratories is a multi-program laboratory

managed and operated by Sandia Corporation, a wholly owned
subsidiary of Lockheed Martin Corporation, for the U.S.
Department of Energy's National Nuclear Security Administration
under contract DE-AC04-94AL85000. 2

Hazard and risk analysis resources Hazard and risk analysis resources

CCPS 2008a. Center for Chemical Process Safety, D. A. Crowl and J.F.
D.A. J. F. Louvar 2001. Chemical
Guidelines for Hazard Evaluation Procedures, Process Safety: Fundamentals with Applications,
Third Edition,
Edition NY: American Institute of Chemical 2nd Ed.,
Ed. Upper Saddle River, NJ: Prentice Hall.
Engineers.
Chapter 4 • Non-Scenario-Based
Non Scenario Based Hazard Evaluation Procedures Chapter 10 • Hazards Identification
4.1 Preliminary Hazard Analysis
Chapter 11 • Risk Assessment
4.2 Safety Review
4.3 Relative Ranking
4.4 Checklist Analysis
Chapter 5 • Scenario-Based Hazard Evaluation Procedures
5.1 What-If Analysis
5.2 What-If/Checklist Analysis
5.3 Hazard and Operability Studies
5.4 Failure Modes and Effects Analysis
5.5 Fault Tree Analysis
5.6 Event Tree Analysis
5.7 Cause-Consequence Analysis and Bow-Tie Analysis
5.8 Other Techniques
3 4

1
 9/29/2011

Hazard and risk analysis resources Hazard and risk analysis resources

CCPS 2007a. Center for Chemical Process Safety,
Guidelines for Risk Based Process Safety,
Safety NY:
American Institute of Chemical Engineers.
B. Tyler, F. Crawley and M. Preston 2008.
HAZOP: Guide to Best Practice, 2nd Edition,
Edition
Institution of Chemical Engineers, Rugby, UK.

Chapter 9 • Ha
Hazard
ard Identification and Risk Analysis
Anal sis
9.1 Element Overview
9.2 Key Principles and Essential Features
9.3 Possible Work Activities
9.4 Examples of Ways to Improve Effectiveness
9.5 Element Metrics
9.6 Management Review

5 6

Hazard and Risk Analysis Hazard and Risk Analysis

• Basic risk concepts • Basic risk concepts

• Experience-based vs predictive approaches
• Qualitative methods (What-If, HAZOP, FMEA)
• Analysis of procedure-based operations
• Team meeting logistics
• Documenting hazard and risk analyses
• Implementing findings and recommendations

7 8

2
 9/29/2011

Hazard vs Risk RISK

Fundamental definitions: Constituents of risk:

HAZARD • Likelihood and

Presence of a material or condition
that has the potential for causing • Severity
loss or harm of Loss Events
RISK
A combination of the severity of
consequences and the likelihood of Risk = f ( Likelihood, Severity )
occurrence of undesired outcomes

Source: R.W. Johnson, “Risk Management by Risk Magnitudes,” Chemical Health & Safety 5(5), 1998

9 10

RISK RISK

General form of risk equation: Example units of measure:

Risk = Likelihood · Severity n Risk = Likelihood · Severity

Most common form: injuries loss events injuries

= x
year year loss event
Risk = Likelihood · Severity
$ loss loss events $ loss
= x
year year loss event

11 12

3
 9/29/2011

Costs vs Risks Costs + Risks

Another way of understanding risk is to • Costs are certain, or expected, liabilities

compare risks with costs: e.g., 30,000 km/year, 10 km/L, $1.00/L = $3,000/year

Costs Risks
Near certain; expected
Cost estimates are usually available
Higher-precision estimates
Predictable benefits if cost incurred
Incurred every year over life of project
Source: R.W. Johnson, “Risk Management by Risk Magnitudes,” Chemical Health & Safety 5(5), 1998
Uncertain; unexpected; probabilistic • Risks
Ri k are uncertain
t i liabilities
li biliti
Risk estimates are usually not available
e.g., $10,000 collision, 1/20 year = $500/year
Lower-precision estimates, if available
Negative consequences if outcome realized
Liability incurred only if outcome realized
• Costs + Risks = Total Liabilities
$3,000/year + $500/year = $3,500/year

13 14

What Is a “Process Hazard Analysis”? What Is a “Process Hazard Analysis”?

A Process Hazard Analysis

PHA A Process Hazard Analysis
PHA
is a structured team review of an operation is a structured team review of an operation
involving hazardous materials/energies, to involving hazardous materials/energies, to
– identify
id tif previously
i l unrecognized
i d hazards,
h d – identify
id tif previously
i l unrecognized
i d hazards,
h d
Already
– identify opportunities to make the operation – identify opportunities to make the operation addressed
inherently safer, inherently safer,
– identify loss event scenarios, – identify loss event scenarios,
– evaluate the scenario risks to identify where – evaluate the scenario risks to identify where
existing safeguards may not be adequate, and existing safeguards may not be adequate, and
– document team findings and recommendations. – document team findings and recommendations.

15 16

4
 9/29/2011

What Is a “Process Hazard Analysis”? Hazard and Risk Analysis

A Process Hazard Analysis

PHA • Basic risk concepts
• Experience
Experience--based vs predictive approaches
is a structured team review of an operation
involving hazardous materials/energies, to
– identify
id tif previously
i l unrecognized
i d hazards,
h d
– identify opportunities to make the operation
inherently safer,
– identify loss event scenarios,
Focus
– evaluate the scenario risks to identify where of this
existing safeguards may not be adequate, and module
– document team findings and recommendations.

17 18

Experience-based approaches Experience-based approaches

• Some PHA methods determine the adequacy of
safeguards without assessing scenario risks
• This is done on the basis of collective past
experience
• Compare process with recognized and generally
accepted good engineering practices
(RAGAGEPs)
• Effective way to take advantage of past
experience
• Concentrates on protecting against events
expected during lifetime of facility
• Low-probability, high-consequence events
not analyzed
• Not good for complex or unique processes

19 20

5
 9/29/2011

Experience-based approaches Experience-based approaches

Example experience-based approaches: Example experience-based approaches:

• Safety Review • Safety Review
y
• Checklist Analysis y
• Checklist Analysis
Code/Standard/Reg.
Checklist
1.1 The owner/operator
shall … J Item 1
1.2 The owner/operator J Item 2
shall … J Item 3
1.3 The owner/operator
shall … J Item 4
...

21 22

Experience-based approaches Predictive studies

Example experience-based approaches: • Supplement adherence to good practice

• Safety Review • Qualitative to quantitative

• Able to study adequacy of safeguards against
y
• Checklist Analysis low probability / high severity scenarios
– Code / standard / regulatory requirements
checklist • All predictive studies are scenario-based
– See Crowl and Louvar 2001, pages 433-436, approaches
for a checklist of process safety topics

23 24

6
 9/29/2011

Scenario - definition

Scenario: Scenario necessary ingredients:

An unplanned event or incident sequence that results in a • Initiating cause
loss event and its associated impacts, including the success AND
or failure of safeguards involved in the incident sequence.
sequence
• Loss event or safe outcome
- CCPS 2008a

25 26

Scenario necessary ingredients: Example of a simple scenario

• Initiating cause While unloading a tankcar into a caustic storage tank,
“Cause - the tank high level alarm sounded due to the person
AND consequence unloadingg not paying
p y g close attention to the operation.
p
• Loss event or safe outcome pair”
i”
The operator noticed and responded to the alarm
right away, stopping the unloading operation.
Normal production was then resumed.

•What is the initiating cause?

cause?
•What is the consequence?

27 28

7
 9/29/2011

Predictive studies

Example of a more complex scenario Objective of scenario-based approaches:

A reactor feed line ruptures and spills a flammable • Identify and analyze all failure scenarios
feed liquid into a diked area, where it ignites. A fire
– Not generally possible just by inspection
detection system
y initiates an automatic fire
suppression system, putting the fire out. – Systematic approach needed

The loss of flow to the reactor causes the temperature – In reality, many scenarios eliminated by common
sense and experience
and pressure in the reactor to rise. The operator does
• Negligible likelihood (WARNING: Truly negligible?)
not notice the temperature increase until the relief
• Unimportant consequence
valve discharges to the relief header and stack. At
that point, the emergency shutdown system is
activated and the plant is brought to a safe state.
29 30

Predictive studies Hazard and Risk Analysis

Some scenario-based approaches: • Basic risk concepts

• Experience-based vs predictive approaches
• What-If Analysis
• Qualitative methods (What
What--If, HAZOP, FMEA)
• What-If / Checklist Analysis
y
• Hazard and Operability (HAZOP) Study
• Failure Modes and Effects Analysis (FMEA)
• Fault Tree Analysis (FTA)
• Event Tree Analysis (ETA)

31 32

8
 9/29/2011

What-If Analysis What-If Analysis

Concept: Conduct thorough, systematic

examination by asking questions that begin with
“What if...”
• Usually
y conducted by
y a relatively
y small team ((3-5))
• Process divided up into “segments” (e.g., unit
operations)
• Review from input to output of process
• Question formulation left up to the team members

33 34

What-If Analysis What-If Analysis

• Question usually suggests an initiating cause. Answering each “What if …” question:

“What if the raw material is in the wrong
concentration?”
• If so, postulated response develops a scenario.
“If the concentration of oxidant was doubled,
the reaction could not be controlled and a
rapid exotherm would result...”
1 Describe potential consequences and impacts
2 If a consequence of concern, assess cause likelihood
3 Identify and evaluate intervening safeguards
4 Determine adequacy of safeguards
5 Develop findings and recommendations (as required)
6 Raise new questions
Move to next segment when no more questions are raised.

35 36

9
 9/29/2011

Adequacy of safeguards Safeguards

• Determining the adequacy of safeguards is done Evaluating the effectiveness of safeguards

on a scenario-by-scenario basis must take into account:
• Scenario risk is a function of: • Fast enough? • Effective for this scenario?
– Initiating cause frequency
– Loss
L eventt impact
i t • Independent ? • Reliable enough?
– Safeguards effectiveness
Prevention Mitigation
• If the scenario risk is found to be too high,
safeguards are considered inadequate Hazards Regain control
or shut down
– Qualitative judgment
Deviation Mitigated
– Risk matrix
– Risk magnitude Loss Event
Impacts
See SVA Overview for matrix and magnitude approaches.
Unmitigated
37 38

Example: Continuous process Example: Continuous process (continued)

TR Temp
oC
EP 16 produces adipic acid by an
250
Oxidant flow to equal, and S TSH exothermic (heat-releasing) reaction of
follow fuel flow.
an oxidant (30% nitric acid) and a fuel
A/O (mixture of ketone and alcohol). An 200
oxidant-to-fuel ratio greater that 2.0 in Runaway
Oxidant
SP
(30% HNO3)
400 L/min
the
h reactor causes the
h reaction
i to run 150
capacity A/C away (rapid temperature and pressure
build-up). The high temperature Shutdown
Fuel
(KA – 50/50 mixture of 1 100
SP
200-220 L/min shutdown system is intended to protect
ketone and alcohol) 400 L/min Normal
Temperature the reactor by stopping the oxidant flow
capacity Operation
Continuous 50
Flow Reactor
if the reactor temperature reaches 100 oC.
(EP 16) NOTE: RELIEF VALVE CANNOT
At 1: Fuel is 20-25 0C, 7-8 bar g
(Fuel Rich) CONTROL RUNAWAY REACTION. 0
1.0 2.0
Oxidant/Fuel

(Not an actual process configuration; for course exercise only)

39 40

10
 9/29/2011

PROCESS SEGMENT:
SCOPE:
What-If Analysis
INTENT:
REVIEW DATE:

Finding/Recommendation
What If … Consequences Safeguards
Comments Hazard and Operability Study

42

HAZOP Study HAZOP Study

• Developed within process industries Premise:

• Team-based approach • No incidents when system operates as intended
(“normal operation”)
• Needs well-defined system parameters
• Used as hazard and/or operability study method • Failure
F il scenarios
i occur when
h system
t d i t
deviates
– Safety issues dominate for existing process from intended operation (“abnormal situation”)
– Operability issues prevail for new designs
– Many issues relate to both safety and operability

43 44

11
 9/29/2011

HAZOP sequence Study nodes

• Establish review scope A node is a specific point in a process or

procedure where deviations are studied.
• Identify study “nodes”
Typical study nodes:
• Establish Node 1 design/operation intent
– Process vessel
• Identify Deviation 1 from Node 1 intent – Transfer line
• Strictly: Wherever a process parameter changes
• Identify causes, loss events, safeguards • At end of line (vessel interface)
• Line may include pump, valves, filter, etc.
• Decide whether action is warranted
– Procedural step
• Repeat for every node and deviation

45 46

Study nodes Design/operational INTENT

Level
The intent describes the design / operational
Pressure (blanketed) parameters defining normal operation.
Material specifications
– Functions
Flow rate – Limits
Pressure
Temperature Reactor – Compositions
– Procedural steps
It answers one of these questions:
Residence time
Mixing
“What is this part of the process designed to do?”
Level
Pressure “What is supposed to be done at this point in time?”

47 48

12

Design/operational intent
A complete design/operational intent includes:
• Equipment used
• All functions or operations intended to be
achieved in this part of the process
• All intended locations/destinations
• Quantitative limits for all pertinent process
parameters
• Intended stream composition limits
49
Typical design intents
Storage tank
• Contain between 40 and 300 cubic meters of 50%
caustic at atmospheric pressure and ambient
p
temperature.
Transfer line
• Transfer 40 to 45 L/min of [pure] acetone from
drum to mixer at room temperature.
51
9/29/2011
Design/operational intent
Example:
The intent of a reaction vessel might be to
Contain and control the complete reaction of
1000 kg of 30% A and 750 kg of 98% B in EPEP-7
7
by providing mixing and external cooling to
maintain 470-500 ºC for 2 hours, while venting
off-gases to maintain < 1 bar g pressure.
50
Rotary kiln incinerator design intent
Contain and control the thermal incineration of incoming
wastes to allow achievement of at least 99.9%
destruction/removal of organics
• 4.76 Tons/hour
• 33.3 to 66.6 GJ/h heat load
• 1000-1400 C upstream of 2nd air injection point
• At least 2 seconds residence time for gases
• Oxygen at 9-13% at the downstream end of combustion zone
• Slight negative pressure (-100 Pa gage upstream 2nd air inject)
• Kiln rotation 0.05 - 0.5 rpm
• Loads up to 15% Cl2, 3% S, 50% H2O, 30% inerts
13
 9/29/2011

HAZOP Guide Words HAZOP Guide Words

Guide Words are applied to the design intent Guide Word Meaning
to systematically identify deviations from
normal operation. NONE Negation of intent
NONE MORE OF Exceed intended upper limit
MORE OF
LESS OF Drop below intended lower limit
LESS OF
PART OF PART OF Achieve part of intent
AS WELL AS AS WELL AS Something in addition to intent
REVERSE
OTHER THAN REVERSE Logical opposite of intent occurs
OTHER THAN Something different from intent
Guide Words INTENT
53 54

Deviations from Intent Deviations

A deviation is an abnormal situation, outside defined
• Do not begin developing deviations until design or operational parameters.
intent is fully described, documented and
agreed upon Hazards
• List of deviations can be started as soon as
intent is established Deviation
– No Flow
– Low Temperature
Guide Words INTENT – High Pressure (exceed upper limit of normal range)
– Less Material Added
– Excess Impurities
– Transfer to Wrong Tank
– Loss of Containment
– etc.
Deviation
55 56

14
 9/29/2011

HAZOP Deviations Guide

Design Intent
Apply each guide word to intent.
A complete design intent for
each line/vessel/node includes:
• All functions and locations
• Controlled variables’ SOCs
• Expected compositions
• Equipment used
E.g., the intent of a reaction step
might be to “Contain and control No agitation
the complete reaction of 1000 kg No reaction
of 30% A and 750 kg of 98% B
in EP-7 by providing mixing and
external cooling to maintain 470-
500 ºC for 2 hours, while venting
off-gases to maintain < 1 bar g”
NO / NONE MORE OF LESS OF
Containment lost Procedure started too late Procedure started too soon
Procedure step skipped Procedure done too long Procedure stopped too
Initiating causes
Too much [function] soon
No [function] Too much transferred Not enough [function]
No transfer Too much agitation Not enough transferred
• Identify deviation cause(s)
High [controlled variable] Not enough agitation
High reaction rate Low [controlled variable] – Must look backward in time sequence
High flow rate Low reaction rate
High pressure Low flow rate – Only identify local causes (i.e., in current study node)
High temperature Low pressure
– Most deviations have more than one possible cause
L ttemperature
Low t

PART OF AS WELL AS REVERSE OTHER THAN

Part of procedure step
skipped
Part of [function] achieved
Part of [composition]
Component missing
Phase missing
Catalyst deactivated
Extra step performed
Wrong procedure Guide Words INTENT
performed
Extra [function] Steps done in wrong order
Transfer from more than
Wrong [function] achieved
one source Reverse [function]
Transfer to more than one Transfer from wrong
Reverse flow
destination source
Reverse mixing
Transfer to wrong Cause Deviation
Extra [composition] destination
Extra phase present Maintenance/test/sampling
Impurities; dilution at wrong time/location 58

Loss events Loss events

• Determine cause and deviation consequences, • Determine cause and deviation consequences,
assuming failure of protection safeguards assuming failure of protection safeguards

• Take scenario all the way to a loss consequence • Take scenario all the way to a loss consequence

q
• Consequences can be anywhere
y and anytime
y • Consequences can be anywhere and anytime

Guide Words INTENT Guide Words INTENT

LOCAL GLOBAL
CAUSES CONSEQUENCES

Cause Deviation Loss Event(s) Cause Deviation Loss Event(s)

59 60

15
 9/29/2011

NODE:

SCOPE:
HAZOP
REVIEW DATE
INTENT:
Study

Safeguards Guide
Deviation Cause Consequences Safeguards
Finding/Recommendation
Word Comments

• Document preventive safeguards that intervene

between the specific Cause-Consequence pair
• Note that different Consequences are possible,
depending on safeguard success or failure (e.g.,
PRV)
Prevention Mitigation

Hazards Regain control

or shut down

Deviation Mitigated

Loss Event
Impacts
Unmitigated
61

Node 1 Fuel Transfer Line

SCOPE: From fuel supply to EP16 inlet, including fuel pump and fuel flow control loop HAZOP
Review Date:
INTENT: Feed fuel (50/50 KA mix) at 50-55 gpm, 20-25 C and 100-120 psig from fuel supply system to Study
reactor EP-16

Guide Word, Finding/Rec. #

Deviation
Cause Consequences Safeguards
Comments Failure Modes and Effects Analysis
NONE Pump stops High oxidant-to-fuel ratio in reactor; [] Cascade control system stops 1, 2
No feed of KA to temperature increase in reactor; reaction oxidant flow automatically
EP16 rate increase; pressure increase in reactor; [] Operator response to high PRV not designed
runaway reaction; vessel rupture explosion, temperature reading (close manual to relieve runaway
with resulting blast effects causing severe oxidant valve); adequate time to reaction
injuries or fatalities to persons nearby and respond, but valve is in same general
NOx plume drifting off-site area as EP16
[] SIL1 high-high temperature trip
system shuts off oxidant feed; off
same temperature sensor as
temperature recorder

NONE Fuel flow control High oxidant

oxidant-to-fuel
to fuel ratio in reactor; [] Operator response to high 1 2
1,
No feed of KA to valve fails closed temperature increase in reactor; reaction temperature reading (close manual
EP16 or commanded to rate increase; pressure increase in reactor; oxidant valve); adequate time to PRV not designed
close runaway reaction; vessel rupture explosion, respond, but valve is in same general to relieve runaway
with resulting blast effects causing severe area as EP16 reaction
injuries or fatalities to persons nearby and [] SIL1 high-high temperature trip
NOx plume drifting off-site system shuts off oxidant feed; off
same temperature sensor as
temperature recorder

NONE Line blocked High oxidant-to-fuel ratio in reactor;
No feed of KA to upstream of pump temperature increase in reactor; reaction
EP16 rate increase; pressure increase in reactor;
runaway reaction; vessel rupture explosion,
with resulting blast effects causing severe
injuries or fatalities to persons nearby and
NOx plume drifting off-site
[] Cascade control system stops 1, 2
oxidant flow automatically
[] Operator response to high PRV not designed
temperature reading (close manual to relieve runaway
oxidant valve); adequate time to reaction
respond, but valve is in same general
area as EP16
[] SIL1 high-high temperature trip
system shuts off oxidant feed; off
same temperature sensor as
64
temperature recorder

16
 9/29/2011

FMEA FMEA level of resolution

• Originally developed for aerospace / military Level of resolution determines detail in FMEA table:
systems
• Subsystem level
• Good for systems with little human interaction
• Equipment (component) level
• Focus is primarily on independent equipment
failures and their effects on the larger system • Component parts

65 66

Equipment failure modes DISCUSSION

EXAMPLE OF EQUIPMENT FAILURE MODES FOR FMEA
What are some common failure modes for the
Equipment Description Failure Modes
following components?
Pump, normally operating a. Fails on (fails to stop when

b.
required)
Transfers off
• Safety relief valve • Check valve
c. Seal rupture/leak
p
d. Pump casing rupture/leak

Heat exchanger, high pressure on a. Leak/rupture, tube side to shell

tube side side
• Float switch • Agitator
b. Leak/rupture, shell side to
external
environment
c.
d.
Tube side, plugged
Shell side, plugged
Which of the failure modes are revealed and
which are latent?

67 68

17
 9/29/2011

REVIEW DATE System:

P&ID:
FMEA

Component Component Immediate to Ultimate Finding/Recommendation

Failure Mode Safeguards
ID Description Effects Comments

Completing the FMEA table

• Complete in deliberate, systematic manner

– Begin at process boundary (usually input)
– Evaluate each item in order of flowsheet
– Complete each item before continuing
• Table entries:
– Equipment identification
– Equipment description (type, operation
configuration, service characteristics)
– Failure modes (all are listed)
– Effects (scenario elements)
– Safeguards
– Findings and recommendations
69

Summary of scenario-based approaches PHA method selection guide

HAZOP What-If/Checklist FMEA FTA ETA
By deviation By checklist item By component By loss event By cause
Best for process Best for relatively Best for mechanical Best for complex Best to study one or
operations standard operations and electrical systems systems/operations only a few causes
Hazards
+ $ =2 3 Good for continuous Good for continuous Good for continuous Good for continuous Good to analyze
and procedure-based and procedure-based operations operations; possible administrative and
operations operations for procedure
procedure-based
based engineering controls
D i ti
Deviation Loss Event
E ent
Impacts Higher level of effort Lower level of effort Higher level of effort Highest level of effort Higher level of effort
: KDW,I
Can analyze complex Mostly appropriate for Best analyzes Can analyze complex Can analyze complex
)0 ($ processes with simpler operations processes with single- processes with processes with
multiple safeguards point failures multiple safeguards multiple safeguards
Distinguishes Does not distinguish Does not distinguish Distinguishes
Distinguishes Distinguishes
between causes and between causes and between causes and between causes and between causes and
safeguards safeguards safeguards safeguards safeguards
Only looks at causes Only studies causes Looks at all failure Only studies causes Looks at all
that could lead to from checklist and modes of all and safeguards safeguards protecting
deviations what-if questioning components related to top event against cause
71 72

18
 9/29/2011

Hazard and Risk Analysis Procedure-based operations

• Basic risk concepts • Batch processes

• Experience-based vs predictive approaches • Continuous processes:
• Qualitative methods (What-If, HAZOP, FMEA) – Start-up
• Analysis of procedure-
procedure-based operations – Shutdown
– Production changes
• Receipt and unloading of chemicals
• Loading of product
• Sampling
• Maintenance

73 74

Why analyze procedure-based operations? Batch vs continuous processes

• Typical petrochemical facility time distribution:

< 10% of the time in “abnormal operations”
Batch Continuous
• IChemE analysis of 500 process safety incidents:
• Transient
a se tp process
ocess • Steady-state
Steady state process
53% of the incidents occurred during parameters parameters
“abnormal operations” (startup, shutdown, • Many operations are time- • Operations do not generally
dependent have time-dependencies
responding to avoid a shutdown)
• Manual operations / control • Process control is usually
References: common automatic
S.W. Ostrowski and K.Keim, “A HAZOP Methodology for Transient Operations,” presented at • Only part of system in use • Entire system almost always
Mary Kay O’Connor Process Safety Center International Symposium, October 2008
I.M. Duguid, “Analysis of Past Incidents in the Oil, Chemical and Petrochemical Industries,”
at any time in use
IChemE Loss Prevention Bulletin 144, 1999

75 76

19
 9/29/2011

PHA of continuous operations PHA of procedure-based operations

• Address continuous flows from input to output Procedures usually follow these general steps:
• Address startup, shutdown and transient steps 1. Prepare vessel
as procedure-based operations 2. Charge vessel
3. Reaction with monitor/control
4. Discharge
5. Purge

Which step is most like a continuous operation?

77 78

PHA of procedure-based operations PHA of procedure-based operations

Suggested approach: • PHA of procedure-based operation follows order of

• Select study nodes as for continuous process
• Group procedures by nodes
• Conduct procedure-based PHA
• When procedure completed, do equipment-based
PHA as for a continuous process
procedural steps
• All rules of continuous HAZOP Study apply
– Local causes
– Global consequences
– All safeguards pertinent to cause-consequence pairs
• Consequence and safeguards considered at each
succeeding step, until consequence occurs

79 80

20
 9/29/2011

Three approaches DISCUSSION

• What
What--If Analysis of each operating step Give one or two examples of a deviation from a
procedural step for each HAZOP guide word.
• Two
Two--Guide-
Guide-Word Analysis
NONE
– OMIT (all or part of the step is not done)
– INCORRECT (step is performed wrong) MORE OF
• Operator does too much or too little of stated task
LESS OF
• Wrong valve is closed
• Order of steps is reversed PART OF
• Etc.
AS WELL AS
• HAZOP Study of each step or group of steps
– All seven guide words used REVERSE
– Extra guide word of “MISSING” sometimes used OTHER THAN
81 82

Example batch process Example batch process

Treat one batch per day of inorganic neutral/alkaline Vent Procedure:
waste to oxidize cyanide. Materials are fiber-reinforced Waste Storage 1. Charge reactor with 5.3 m3 of cyanide waste.
plastic (FRP) for all tanks, vessels and lines, except acid Tank
2. Add 24.8 m3 service water to dilute waste to 0.3% (initially at 1.7%).
and service water lines which are carbon steel. 40 m3 3. Add caustic (NaOH) on pH control to bring pH to 11.5.
High pressure
4. Add sodium hypochlorite (NaOCl) on ORP control.
shutoff 5 React with agitation for 6 hours; caustic and NaOCl to remain on
5.
V1 auto-addition to maintain pH and ORP.
Acid V2 Service
Caustic water 6. Send sample of reactor contents to lab to test for cyanide oxidation.
Hypochlorite
V3 Flow
totalizer 7. If lab approves, continue.
Vent to scrubber (normal venting only)
8. Add sulfuric acid (93%) on pH control to bring pH to 2.5.
Reactor Shut all
HHL incoming
paths
Select control pH Potential consequences:
---------------------- HL Alarm • Concentration > 0.3% releases HCN during oxidation.
Select pH/ORP ORP
40 m3 • Addition of acid before oxidation is complete releases all available CN- as HCN.
Overflow to sump • Excess NaOCl releases chlorine gas when acid is added.
with water seal

83 84

21
 9/29/2011

“Actual procedure” for Step 1 PHA GROUP EXERCISE

1. Charge reactor with 5.3 m3 of cyanide waste. • Divide into teams and conduct PHA of Step 1
• Use one or more of the three procedure-based
1.1 OPEN valve V1 to create path from cyanide waste storage tank to reactor.
approaches
Note: Valve V3 automatically opens when a flow totalizer value is set.
• Be prepared to present your most important
1.2 ENTER flow totalizer value of 5.3 via controller keyboard.
findings and any problems with, or comments on,
1.3 START waste transfer pump. your selected approach
1.4 VERIFY pump automatically stops when 5.3 m3 is transferred.
1.5 CLOSE valve V1 at waste storage tank.

85 86

PROCESS SEGMENT: PROCESS SEGMENT:

SCOPE: SCOPE:
What-If Analysis What-If Analysis
INTENT: INTENT:
REVIEW DATE: REVIEW DATE:

Finding/Recommendation Finding/Recommendation
What If … Consequences Safeguards What If … Consequences Safeguards
Comments Comments
1. Charge reactor with 5.3 m3 of cyanide waste.
1.1 OPEN valve V1 to create path from cyanide waste storage tank to reactor.

22
 9/29/2011

PROCESS SEGMENT: NODE:

SCOPE:
What-If Analysis SCOPE:
HAZOP
INTENT:
REVIEW DATE: REVIEW DATE
INTENT:
Study
Finding/Recommendation
What If … Consequences Safeguards
Comments Guide Finding/Recommendation
Deviation Cause Consequences Safeguards
Word Comments
1. Charge reactor with 5.3 m3 of cyanide waste.
1.1 OPEN valve V1 to create path from cyanide waste storage tank to reactor.

NODE: NODE:

SCOPE:
HAZOP SCOPE:
HAZOP
REVIEW DATE
INTENT:
Study REVIEW DATE
INTENT:
Study

Guide Finding/Recommendation Guide Finding/Recommendation

Deviation Cause Consequences Safeguards Deviation Cause Consequences Safeguards
Word Comments Word Comments

23
 9/29/2011

Hazard and Risk Analysis Team meeting logistics

• Basic risk concepts
• Experience-based vs predictive approaches
• Qualitative methods (What-If, HAZOP, FMEA)
• Analysis of procedure-based operations
• Team meeting logistics
The following are common to all PHA team reviews:
• Team composition
• Preparation
• First team review meeting
• Final team review meeting

93 94

PHA team composition PHA preparation

5 to 7 team members optimum At initial scheduling of review and

designation as team leader:
• Team leader (facilitator) – hazard analysis
expertise
• Scribe – responsible for PHA documentation
• Key members – should have process/engineering
expertise, operating and maintenance experience
• Supporting members – instruments, electrical,
mechanical, explosion hazards, etc.
J Become familiar with the plant’s PSM
procedures
J Determine exact scope of PHA
J With PSM Coordinator, select one or more
PHA methods that are appropriate to the
complexity of the process
(Different techniques can be used for different
parts of the process)

95 96

24

PHA preparation
~ 6 weeks before start date of team review:
K Compile process safety information for
process to be studied
K Obtain procedures for all modes of operation
K Gather other pertinent information
K Determine missing or out-of-date information
K Make action plan for updating or developing
missing information prior to the start of the
team reviews
97
PHA timing
Plan PHA team review in half-day sessions
of 3 to 3½ hours duration.
– Optimum: 1 session/day, 4 sessions/week
– Maximum: 8 sessions/week
• Schedule sessions on a long-term plan
• Schedule at set time on set days
• PHA team reviews usually take one or two
days to get started, then ~ ½ day per typical
P&ID, unit operation or short procedure
99
9/29/2011
PHA preparation
~ 4 weeks before expected start date:
K Confirm final selection of review team members
K Give copy of PHA Procedures to scribe;
emphasize the necessity for thorough
documentation
K Estimate the number of review-hours needed to
complete PHA team review, or check previous
estimate
K Establish an initial schedule of review sessions,
coordinated with shift schedules of team
members
98
PHA preparation
~ 2 to 3 weeks before start date:
K Obtain copies of all incident reports on file
related to the process or the highly hazardous
materials in the process
K Reserve meeting room
K Arrange for computer hardware and software to
be used, if any
K Divide up process into study nodes or segments
K Develop initial design intent for each study node,
with the assistance of other review team
members as needed
100
25
 9/29/2011

PHA preparation PHA preparation

During the week before the start date:
K Select and notify one person to give process
overview
K Arrange for walk-around of facility
facility, including
any necessary training and PPE
K Secure projector and spare bulb
K Arrange for refreshments and lunches
Immediately before each meeting:
K Check out meeting room and facilities,
including heating/air conditioning
K Set up computer and projection equipment
K Lay out or tape up P&IDs and plant layout
diagrams

101 102

First team review meeting First team review meeting

1 Attendance 2 Scope and objectives

– Go over emergency exits, alarms and evacuation – Go over exact boundaries of system to be studied
procedures
– Explain purpose for conducting the PHA
– Introduce team members and their background /
area of expertise
– Ensure all required team members are present
– Document attendance for each half-day session
– Emphasize need for punctuality and minimal
interruptions

103 104

26

First team review meeting
3 Methodology
– Familiarize team members with methodology to
be used
– Explain why selected methodology is appropriate
for reviewing this particular process
105
First team review meeting
5 Process overview
– Prearrange for someone to give brief process
overview, covering such details as:
• Process, controls
• Equipment, buildings
• Personnel, shift schedules
• Hazardous materials, process chemistry
• Safety systems, emergency equipment
• Procedures
• What is in general vicinity of process
– Have plant layout drawings available
107
9/29/2011
First team review meeting
4 Process safety information
– Review what chemical, process, equipment and
procedural information is available to the team
– Ensure all required information is available
before proceeding
106
First team review meeting
6 Unit tour
– Prearrange for tour through entire facility to be
included in team review
– Follow all safety
ypprocedures and PPE requirements
q
– Have team members look for items such as:
• General plant condition
• Possible previously unrecognized hazards
• Human factors (valves, labeling, etc.)
• Traffic and pedestrian patterns
• Activities on operator rounds (gauges, etc.)
• Emergency egress routes
108
27
 9/29/2011

First team review meeting First team review meeting

7 Review previous incidents 8 Review facility siting

– Review all incident and near-miss reports on file
for the process being studied
– Also review sister-plant
sister plant and industry
industry-wide
wide
incidents for the type of process being studied
– Identify which incidents had potential for
catastrophic on-site or off-site / environmental
consequences
– Make sure detailed assessment (e.g., HAZOP
Study) covers all previous significant incidents
– Discuss issues related to whether buildings
intended for occupancy are designed and
arranged such that people are adequately
protected
t t d against
i t major
j incidents
i id t
– Various approaches are possible:
• API Recommended Practices 752, 753
• Topical review (e.g., CCPS 2008a page 291)
• Checklist review (e.g., Appendix F of W.L. Frank and
D.K. Whittle, Revalidating Process Hazard Analyses,
NY: American Institute of Chemical Engineers, 2001)

109 110

First team review meeting First team review meeting

9 Review human factors 9 Review human factors (continued)

– Discuss issues related to designing equipment,
operations and work environments so they
match human capabilities, limitations and needs
– Human factors are associated with:
• Initiating causes (e.g., operational errors causing
process upsets)
• Preventive safeguards (e.g., operator response to
deviations)
• Mitigative safeguards (e.g., emergency response
actions)
– Various approaches are possible:
• Ergonomic studies
• Topical review of positive and negative human
factors (e.g., CCPS 2008a pages 277-279)
• Checklist review (e.g., Appendix G of W.L. Frank and
D.K. Whittle, Revalidating Process Hazard Analyses,
NY: American Institute of Chemical Engineers, 2001)

111 112

28
 9/29/2011

First team review meeting Final team review meeting

10 Identify and document process hazards To do during the final team review meeting:
– See earlier module on Hazards and Potential – Ensure entire scope of review has been covered
Consequences
– Read through all findings and recommendations to
– Also an opportunity
pp y to address inherent safety
y issues • Ensure each finding and recommendation is
understandable to those needing to review and
implement them
• Consolidate similar findings
– Ensure all previous significant incidents have been
addressed in the PHA scenarios

113 114

Hazard and Risk Analysis PHA report

• Basic risk concepts Goal: Record the results such that study is
• Experience-based vs predictive approaches understandable, can be easily updated, and
supports the team’s decisions.
• Qualitative methods (What-If, HAZOP, FMEA)
– System studied
• Analysis of procedure-based operations – What
Wh t was done
d
• Team meeting logistics – By whom
• Documenting hazard and risk analyses – When
– Findings and recommendations
– PHA worksheets
– Information upon which the PHA was based

115 116

29
 9/29/2011

Report disposition Hazard and Risk Analysis

• Draft report • Basic risk concepts
– prepared by scribe
• Experience-based vs predictive approaches
– reviewed by all team members
– presented to management, preferably in a face-to-face • Qualitative methods (What-If, HAZOP, FMEA)
meeting • Analysis of procedure-based operations
• Management input considered by review team • Team meeting logistics
• Final report • Documenting hazard and risk analyses
– prepared by scribe
– reviewed by all team members • Implementing findings and recommendations
– accepted by management
– kept in permanent PHA file

117 118

Implementing findings & recommendations Implementing findings & recommendations

What is the most important product of a PHA?
1. The PHA report
2. A deeper understanding gained of the system
3. Findings and recommendations from the study
What is the most important product of a PHA?
1. The PHA report
2. A deeper understanding gained of the system
3. Findings and recommendations from the study
4. The actions taken in response to the findings
and recommendations from the study

119 120

30
 9/29/2011

Implementing findings & recommendations Implementing findings & recommendations

• Findings and recommendations are developed Wording of findings and recommendations:

throughout team review • Be as general as possible in wording of finding, to allow
– Analysis of hazards; inherent safety options flexibility in how item is resolved
– Facility siting review Install reverse flow protection in Install a Cagey Model 21R swing
– Human factors review Line 112-9 to prevent backflow
f i t d off
instead check valve in the inlet flange
f
of raw material to storage connection to the reactor
– HAZOP, What-If, etc.
• Describing the concern as part of the finding will help
• Basis for determining whether finding or ensure the actual concern is addressed
recommendation is warranted:
• Use of words such as these warrants follow-up to ensure
– CHECKLIST REVIEW: Code/standard is violated the team’s concern was actually addressed:
– PREDICTIVE ANALYSIS: Scenario risk is too high
– CONSIDER… – INVESTIGATE…
(also if code/standard is violated)
– STUDY… – _________…
121 122

PHA risk-control actions PHA action item implementation

Example risk-control actions: The employer shall establish a system to promptly

address the team's findings and recommendations;
• Alter physical design or basic process control system
assure that the recommendations are resolved in a
• Add new layer of protection or improve existing layers timely manner and that the resolution is documented;
• Change operating method document what actions are to be taken; complete
• Change process conditions actions as soon as possible; develop a written
schedule of when these actions are to be completed;
• Change process materials communicate the actions to operating, maintenance
• Modify inspection/test/maintenance frequency or and other employees whose work assignments are in
method the process and who may be affected by the
• Reduce likely number of people and/or value of recommendations or actions.
property exposed
- OSHA PSM Standard, 29 CFR 1910.119(e)(5) and U.S. EPA RMP Rule, 40 CFR 68.67(e)

123 124

31
 9/29/2011

1 - Document findings & recommendations 2 - Present findings & recommendations

Example form: PHA team Line management

ORIGINAL STUDY FINDING / RECOMMENDATION
 PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
ORIGINAL STUDY FINDING / RECOMMENDATION Source:
Source Name
Finding No. 1 Risk-Based Priority (A, B, C or N/A)

Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other Finding / Rec-
ommendation

Source Name Date of Study or Date Finding / Recommendation Made

Fi di
Finding No.
N Ri k B
Risk-Based
d Priority
P i it (A,
(A B,
B C or N/A) ORIGINAL STUDY FINDING / RECOMMENDATION
Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name

Finding / Rec- Finding No.

Finding / Rec-
2 Risk-Based Priority (A, B, C or N/A)

ommendation ommendation

Date of Study or Date Finding / Recommendation Made

ORIGINAL STUDY FINDING / RECOMMENDATION

Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name
Finding No. 3 Risk-Based Priority (A, B, C or N/A)

Date of Study or Date Finding / Recommendation Made Finding / Rec-

ommendation

Date of Study or Date Finding / Recommendation Made

Note that this can also be used for incident ORIGINAL STUDY FINDING / RECOMMENDATION
Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other

investigation and compliance audit findings.

Source Name
Finding No.
Finding / Rec-
4 Risk-Based Priority (A, B, C or N/A)

ommendation

125
Date of Study or Date Finding / Recommendation Made
126

2 - Present findings & recommendations 3 - Line management response

PHA team Line management For each PHA team finding/recommendation:

ORIGINAL STUDY FINDING / RECOMMENDATION
Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name ACTION COMMITTED TO BY MANAGEMENT
Finding No. 1 Risk-Based Priority (A, B, C or N/A)
Finding / Rec-
ommendation Specific Action
To Be Taken
Date of Study or Date Finding / Recommendation Made

ORIGINAL STUDY FINDING / RECOMMENDATION

Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name
Finding No.
Finding / Rec-
2 Risk-Based Priority (A, B, C or N/A)

ommendation
To Be Completed By [date] Time extension requires management approval
Date of Study or Date Finding / Recommendation Made
Responsible Person [person or position]
ORIGINAL STUDY FINDING / RECOMMENDATION
Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name
Finding No. 3 Risk-Based Priority (A, B, C or N/A)
Finding / Rec-
ommendation Suggestions:
Date of Study or Date Finding / Recommendation Made • Use database or spreadsheet
• Flag imminent and overdue actions
ORIGINAL STUDY FINDING / RECOMMENDATION
Source:  PHA  Incident Investigation  Compliance Audit  Self-Assessment  Other
Source Name
Finding No. 4 Risk-Based Priority (A, B, C or N/A)
Finding / Rec-
ommendation • Periodically report overall status to top management
127
Date of Study or Date Finding / Recommendation Made
128

32
 9/29/2011

Example
ORIGINAL STUDY FINDING / RECOMMENDATION
 Incident Investigation  Compliance Audit  Self-Assessment  Other
Source:
Source Name
 PHA
Formaldehyde Unloading PHA
4 - Document final resolution
Finding No. PHA-UF-11-01 Risk-Based Priority (A, B, C or N/A) B
Finding / Rec- Safeguards against formaldehyde storage tank overfilling are considered to be Document how each action item was implemented.
ommendation inadequate due to the signals for the controlling level indication and the high level
alarm both being taken off of the same level transmitter. Options for consideration: FINAL RESOLUTION
Take manual level reading before unloading into the tank to cross-check adequate
Resolution Details
capacity for unloading; add separate high level switch for the high level alarm. (attach drawings,
Date of Study or Date Finding / Recommendation Made 1 March 2011 procedures, etc.)

ACTION COMMITTED TO BY MANAGEMENT

Associated MOC(s)
Specific Action The following steps are to be taken to adopt and implement finding PHA-UF-11-01:
DATE COMPLETED
To Be Taken (1) Add a separate high level switch on the formaldehyde storage tank, using a
Date Communicated
different level measurement technology than the controlling level sensor.
(2) Add the new level switch, in addition to the high level alarm, to the MI critical How Communicated Attach documentation of the communication(s)
equipment list and schedule for regular functional testing.
(3) Until the new level switch is installed, implement a temporary procedural change
to take manual level readings before unloading into the tank to cross-check
adequate capacity for unloading, ensuring proper PPE is specified and used for
performing the manual level readings.
To Be Completed By 1 September 2011 Time extension requires management approval
Responsible Person I. M. Engineer 130

Communication of actions Communication of actions

Communicate actions taken in response to HOW?

PHA findings and recommendations. • Train through plant training program when needed
TO WHOM? – Use appropriate techniques
– Verify understanding
• To operating, maintenance and other employees
whose work assignments are in the process and • Otherwise inform, such as by
who may be affected by the recommendations or – Safety meetings
actions – Beginning-of-shift communications
– E-mail
• Document communications

131 132

33
 9/29/2011

Communication of actions DISCUSSION

WHAT? WHY?
• Physical changes What are two or more reasons why it is important
to communicate PHA action items to affected
• Personnel or responsibility/accountability updates
employees?
• Operating / maintenance procedures
•
• Emergency procedures; Emergency Response Plan
•
• Safe work practice procedures
•
• Control limits or practices
•

133 134

Final word

The task of the PHA team is to

identify where action is needed,
needed
not to redesign the system.

135

34