HAZOP Analysis Workflow

Step 1 Select Node Start here for each node

Define node & design intention

Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 1

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow

Step 1 Select Node

Define node & design intention

Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 2

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Design Intent, Parameters and HAZOP Software Setup

• The design intent defines how a component or system is expected to operate and the purpose of the system. This includes
the design and normal operating conditions (e.g. flow, temperature, pressure, level, and other relevant details).
• The HAZOP Chairman should work with the process engineer for the selected process area to develop the design intention
for each node. The HAZOP study will be more efficient if this has been done prior to kickoff.
• With the node list and the design intention for each node, this information can be populated into the HAZOP software prior
to kickoff. The HAZOP study Secretary is responsible for setting up the study in the HAZOP software and populating the
software with this information and other relevant information such as the study team members.
• Design intent must be explained to HAZOP team (typically by the Process Engineer) along with the normal operating
procedure
• All phases of plant operation should be considered during the HAZOP: Start-Up, Normal Operations, Different Operating
Modes (e.g. catalyst activation, equipment regeneration), Transitional Conditions (e.g. product change, furnace decoking)
and Shutdown

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
A clear definition of the Node operational design intent ensures common understanding and facilitates
identification of process deviations and their causes
Node Booster P&IDs Downstream of the Oil Tank, 2 x 50% Booster Pumps will feed the metering unit and the 2
10 Pumps to 02250, x 50% Pipeline Pumps.
suction side 02260,
of pipeline 02270, Upstream of the metering unit, 2 x 50% shell-and-tube heat exchangers will provide cooling
pumps 02280 as necessary to achieve the required oil temperature specification: Less than 200oF.
The Pipeline Pumps will be electric motor driven constant speed pumps with recycle
capabilities. A recycle cooler (shell-and-tube exchanger) sized for minimum flow from one
of the three Pipeline Pumps will be provided. The Pipeline Pumps will feed the Oil Pipeline
Pig Launcher.
Design Conditions/Parameters: Rated Flow 1167 GPM, Differential pressure 90 PSID,
Installed HP 125, Design pressure 250 psig, design temperature 250oF, Duty 3.7
MMBTU/HR, Design pressure 270psig, Design temperature 150oF, Capacity 9000 BPD

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
A clear definition of the Node operational design intent ensures common understanding and facilitates
identification of process deviations and their causes
Node 2 VDU Feed P&IDs Atmospheric residue from surge drum is pumped through the preheat exchanger train, exchanging heat
Preheat Train 001, 002, with HVGO and V.R. (vacuum residue) before final heating in the vacuum heater and feed to VDU
including 003, column.
Preheat 004(1/2)00
Exchanger, 5(1/2)006( Atmospheric residue flow through individual vacuum heater passes is controlled via individual FC/FV
VDU Heater 2/2) arrangements. Individual passes have three skin temperature indication/alarm and outlet process
(Process Side)
individual indication/alarm which also feeds into the heater pass flow balancing control arrangement.
and Velocity
Steam Individual vacuum heater cell firing (Node 3 and 4) is controlled via outlet cell temperature control
Injection arrangement.
To control peak fluid temperatures and reduce probability of coke formation and solidification inside
vacuum heater tubes, injection steam is continually injected (under ratio control with feed) into
individual passes between the convection and radiant section. Emergency steam is also provided in the
event of tube leakage/rupture scenario.

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow
Following, a parameter and guide Word
Select Node
should be selected to define a meaningful
Step 1
process deviation
Define node & design intention The HAZOP session is a unique time where
Step 2 the process is reviewed in a systematic way
of node
 Define prior the HAZOP the parameters
Step 3 Select parameter & guide word relevant for the study taking into
considerations the process and the time
allocated
Step 4 Develop meaningful deviation
 Include specific deviations that allow to
capture operational experience

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail Note: if the deviation is not
considered credible by the
HAZOP team, the HAZOP scribe
shall document the reasons
Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 6

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
Process deviations result from the combination of Guidewords and Parameters

Typical Process Deviations

Guideword + Parameter = Deviation
Guideword

Parameter More Of Less Of None Of Reverse Part Of As Well As Other Than

Level High Level Low Level No Level

Loss of
Flow High Flow Low Flow No Flow Reverse Flow
Containment

Pressure High Pressure Low Pressure Vacuum Partial Pressure

Criogenic
Temperature High Temperature Low Temperature
(Sub Zero)

Change of Wrong Wrong Material

Composition Additional Phase Loss of Phase Contaminant
State Concentration Corrosive
7

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
HAZOP can also be applied to batch processes, using Adhoc guidewords applied to “ACTION”

Typical Guidewords for batch processes

Guideword Deviation
No Action not executed
More Of Too much of action
Less Of Too little of action
As well as Additional action executed although not required
Part Of Action partially executed
Other Than Incorrect action
Before Action executed too early
After Action executed too late
Sequence Action executed in the wrong order / sequence
Repetitive Action executed repetitively

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
Some deviations need to be identified by using additional prompts to complement standard Parameter-
Guide Word combinations
Additional prompts for Parameter (Examples)

• Corrosion / Erosion • Mixing Other node specific issues

• Service Failure / Loss of Utilities • Stirring • Sequence
• External fire • Reaction • Time
• Maintenance • Viscosity • Purge
• Sampling • Speed
• Relief System • Vibration
• Material
• Start-up / (Emergency) Shutdown

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
Among the proposed deviations, select the one which better represents the described hazard (and justify the
selection). Both may be right (1/2)

Deviation Notes
Hazard
(Guideword - Parameter) (Reason for selection)
Potential plugging or rupture of line with Low – Temperature
normally no Flow (“dead leg”) due to
freezing No - Flow

Carry over of gas from high pressure High - Flow

separator (upstream) to low pressure
separator (downstream) and potential No - Level
overpressure

Line rupture due to thermal expansion of High – Temperature

trapped liquid
High – Pressure

10

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
Among the proposed deviations, select the one which better represents the described hazard (and justify the
selection). Both may be right (2/2)

Deviation Notes
Hazard
(Guideword - Parameter) (Reason for selection)
Pump discharge line exposed to pump shut off No - Flow
pressure due to line intercepted in error (e.g. due
to operator’s error of control valve failing
closed) High – Pressure

Catastrophic failure (implosion) of vessel due to Additional phase (steam condensation)

operational error during steam out (e.g.
atmospheric vent left in closed position)
No – Pressure (Vacuum)

Operator’s exposure to ammonia during Flow – Other Than (Loss of

sampling containment)
Wrong Concentration

11

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Exercise

Practice with HAZOP Deviations

In this exercise, you will practice the use of HAZOP

deviations in typical situations of day-to-day operations:
For each parameter-guideword combination provided
thereafter, provide a practical example of hazard which can
be identified applying that combination

20 min 12

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)
For each parameter-guideword combination, provide a practical example of hazard which can be identified applying
those combinations

Parameter Guideword Practical example of HAZARD which can be identified with this deviation

Level High

Flow Reverse

Pressure No

Temperature Low

Containment As Well As

More
Composition
Part of

13

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow
After producing the deviations,
Step 1 Select Node
identify all its possible causes
Define node & design intention
Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Causes generally fall into one of these 3 categories:

Step 5 Identify all possible causes for the deviation human error, equipment or instrument failure and
external events

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 14

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

General Rules on Selecting and Recording Causes (1/2)

• For any deviation, there are likely multiple causes. All potential causes should be discussed and recorded. It is often
recommended to start with the causes that may result in the worst possible consequence
• Causes identified for the deviation must be within the node being studied. At the start of study, impacts from
upstream plants / sections with credible impact on Node under study should be discussed.
• Each identified cause should be recorded separately in individual HAZOP worksheet row to enable subsequent
evaluation and risk assessment
• External impact can be considered as a cause if the impact is within the node under review.
• Double jeopardy events shall not be considered. If the causes for a deviation are independent, these are considered
double jeopardy. If the multiple causes are the result of common mode failure such as DCS Screen Failure it
should not be considered double jeopardy event.
• Causes must be specific. Stating “Human Error” or “Failure of valve” is not sufficient description

15

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

General Rules on Selecting and Recording Causes (2/2)

• The team must not only focus on causes associated with instrument failure. Other causes such as equipment failure,
human error, process upset, utility failures and external factors (e.g. external fire) should also be considered
Illustrative
Deviation Causes
More Flow Bypass valve open Worn/removed restriction orifice plate Wrong valve open
Increased pumping capacity Cross connection of systems Wrong line-up / Misdirected flow
Operation of pumps in parallel Control valve trim changed Slug flow / surge
Reduced delivery head requirement Control faults Water hammer
Change in fluid density Line rupture / large leakage Increased feed upstream unit
Exchanger tube leakage
Less Flow Line restriction Fouling of equipment Inadvertently throttled manual valve
Filter fouled Density/viscosity change Incorrect valve sizing
Defective pump impellor Competing flows Surge
No flow Block valve closed Equipment failure Isolation in error
Wrong line-up Loss of utilities Power failure
Slip blind not removed Control loop failure Plugged line
Incorrectly installed check valve Incorrect pressure differential

16

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow
Next, consequences of deviations must
Step 1 Select Node
be analyzed
Define node & design intention
Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 17

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)
As with causes, identification of consequences is heavily dependent on knowledge of the process technology, its
control philosophy, and the equipment
Consequences of Deviations
 For a selected cause, the direct consequence could be at the process level. However the ultimate worst-case consequence(s) should
be agreed based upon the credible subsequent accident sequence, usually involving a fire, explosion, or release of toxic material
 Descriptions may be qualitative or quantitative estimates of the effects of an accident in terms of factors such as human impacts
(injuries, fatalities, illnesses), economic loss, and environmental damage.
 Safety impact shall always be evaluated. Where Environment and/or Asset Loss consequence potential is greater this shall be
evaluated on a separate row.
 When establishing consequences, do not consider the action of existing safeguards
 Common error is to take credit for safeguards when developing consequences. Always consider:

Operator is not available or is not paying attention Alarms and safety interlocks do not function

Control valves are in manual Procedures are not followed or are not understood

18

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)
As with causes, identification of consequences is heavily dependent on knowledge of the process technology, its
control philosophy, and the equipment
Consequences of Deviations
 Causes/consequences need to be fully developed to understand potential location affected.
 For Example: A crude oil heat exchanger developed leak allowing crude at high pressure to enter glycol / water heating medium.
This contaminated entire glycol / water system. Oil / water / glycol mixture was discharged via heating medium relief valve, located
hundreds of meters away in boiler house
 The recorded consequence description should describe the event escalation pathway, but remain concise. For example:
“Hydrocarbon within the shell-side of the heat exchanger is exposed to an increase in temperature. Thermal expansion of
hydrocarbons and over pressurization of tubes resulting in a loss of hydrocarbon containment. Escalation of external fire potentially
resulting in fatality or major asset damage.”
Shorter: “Increase in Temperature and Pressure of the hydrocarbon shell-side leading to loss of containment and fire escalation.
Potential for single fatality and major asset damage”
 Remember: “Cause” is within Node, but “Consequences and Safeguards” can be outside it
 Where the impact occurs in other section or plant, a recommendation should be made and tracked to ensure other section/plant
considers the impact of the identified Cause ‘to close the loop'

19

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow
Next, safeguards to protect against
Step 1 Select Node
deviations must be identified
Define node & design intention
Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 20

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)

When identifying, defining, or evaluating safeguards, the hierarchy of layers of protection must be considered

 The team members need a good knowledge of the plant to

explain accurately the safeguards already in place
 The discussion should refer to the basic process control
system as well as any engineering controls or
administrative procedures which are in place
 The team discussion should also include evaluation of the
extent to which identified safeguards are/would be
effective

21

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)
To ensure the adequacy of existing lines of defense, the PHA team shall consider the following criteria in their evaluation of
control effectiveness

 Independent: Does the successful operation of the line of defense depend on the successful operation of other systems? Is the
safeguard independent to both the cause and other safeguards identified (e.g. Alarm independent to BPCS or ESD)
 Dependable: Does the line of defense perform with a high degree of reliability (e.g., relief valve, dike, containment vessel, or
restricted access)? Is human action called for?
 Auditable: Is the line of defense designed to facilitate regular validation or testing?
 Integrity: Has the line of defense been installed and maintained in an appropriate manner? If so, is validation or testing done on
a regular basis?
 Controls identified should be capable on its own of completely stopping a cause from resulting in the top event or
stopping/reducing the severity of consequences resulting from the top event. For example: PSV design confirmed sized for event,
Alarm with time to act and clear SOP actions to take
 Controls considered need to be appropriate to the ‘scenario timeline’ and available time to act. For example, operator 3hr
monitoring of area, not suitable safeguard against scenario with timeline of 20mins

22

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Analysis Workflow
Finally, the risk level that the
Step 1 Select Node
hazardous scenario so far defined
must be assessed
Define node & design intention
Step 2
of node

Step 3 Select parameter & guide word

Step 4 Develop meaningful deviation

Step 5 Identify all possible causes for the deviation

Step 6 Describe consequences if all safeguards fail

Step 7 List safeguards & protection available

Establish risk level and then evaluate need Repeat for all
Step 8 guide words & parameters
for risk control recommendation 23

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)
Risk can be simply defined as the combination of the probability and the consequence of an unwanted event

Analyzing the risk Risk Concept

The Risk Assessment phase can be summarized in two Risk

simple questions: How important is the
 How often? hazard?
Consequence
 How big? How severe are the typical
consequences?
Risk can be defined as a function of
the frequency/probability of occurrence of a hazardous
scenario

AND Frequency
How often will the undesired
the magnitude of its consequences event occur?

Risk = f (F,C)
24

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Assessing the Consequence Severity

• HAZOP is meant to provide a qualitative assessment of the risk: function of frequency & consequence
• Semi-quantitative (e.g. LOPA) and/or quantitative risk assessment methods can be used to further assess the Catastrophic and
High risks that are identified through HAZOP.
• Consequences shall be evaluated as if no preventative safeguards or post-event mitigations are in place (i.e., the loss or failure
of all engineering and administrative controls) and the hazardous event is allowed to proceed to final consequence.
• The team may base its assessment of the severity of consequences on either a qualitative discussion or interpretation of the
results of Consequences Modelling for the scenario/similar release under consideration.
• In the event of system overpressure and/or exceedance of design temperatures the following ‘rules of thumb’ can be used to
determine the loss of containment potential (hole size and associated safety consequence). Suggested consequence severity
category should be reviewed by the team to confirm appropriate for the specific scenario and process material

25

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Assessing the Consequence Severity

• r: ratio between the release pressure (max pressure that may be reached in the system due to a process upset), divided by the
equipment / piping design pressure Illustrative
1<r Only minor leakage expected (equivalent release diameter ¼”)
1.5
Consequence severity 2 is assumed in case of release of a toxic/highly toxic or flammable/highly flammable fluid. Very Low consequence (consequence severity A as
far as personnel is concerned) expected for the other type of fluid released.
1.5 < r Leakage expected (equivalent release diameter is equal to the area associated to largest flanged connection taking the equivalent area associated to the gasket thickness
 2.5 between two bolts, minimum 1”)

Consequence severity 3 is assumed in case DP > 24 barg and a toxic/highly toxic or flammable/highly flammable fluid is released. Consequence severity 2 is assumed
in the other cases.
2.5 < r Significant Leakage expected (4” release or largest flanged connection lower than 4”)
4
Consequence severity 4 is assumed in case DP > 24 barg and a toxic/highly toxic or flammable/highly flammable fluid is released. Consequence severity 3 is assumed
in the other cases.
r>4 Catastrophic release expected (catastrophic equipment / piping rupture – Full Bore (FB) release, release of section hold-up in a very short period – instantaneous
release)

Consequence severity 5 is assumed in case DP > 24 barg and a toxic/highly toxic or flammable/highly flammable fluid is released. Consequence severity 4 is assumed
in the other cases.

26

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Assessing the Consequence Severity

• dT: difference between the release temperature (max temperature that may be reached in the system due to a process upset),
and the equipment / piping design temperature Illustrative
dT <= Only minor leakage expected (equivalent release diameter ¼”)
50 °C
Consequence severity 2 is assumed in case of release of a toxic/highly toxic or flammable/highly flammable fluid. Very Low consequence (consequence severity A as
far as personnel is concerned) expected for the other type of fluid released.
50 °C < Leakage expected (equivalent release diameter is equal to the area associated to largest flanged connection taking the equivalent area associated to the gasket thickness
dT <= between two bolts, minimum 1”)
150 °C
Consequence severity 3 is assumed in case DP > 24 barg and a toxic/highly toxic or flammable/highly flammable fluid is released. Consequence severity 2 is assumed
in the other cases.
dT > Significant Leakage expected (4” release or largest flanged connection lower than 4”)
150 °C
Consequence severity 4 is assumed in case DP > 24 barg and a toxic/highly toxic or flammable/highly flammable fluid is released. Consequence severity 3 is assumed
in the other cases.

27

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Assessing the Unmitigated Frequency and Risk Level

• Unmitigated frequency of the cause associated with the deviation should be estimated based upon the initiating event
frequency
• Unit operational experience and maintenance records can be used to understand actual equipment and instrumented system
reliability
• Generic Initiating Event Failure Frequency data is provided in the following slides for reference.
• Rely on the career experience of the team members at other companies.

28

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Study Technique)

Assessing the Unmitigated Frequency Illustrative

Initiating Event Frequency Initiating Event Frequency

Control System Failures Utility Failures

BPCS control loop failure 0.1/yr Cooling water failure 0.1/yr

Regulator failure 0.1/yr Loss of nitrogen supplied by pipeline 0.1/yr

Loss of Containment Failures Loss of electrical power, dual feed systems 0.01/yr

Pump seal failure 0.1/yr Procedural Failures

Transfer hose failure (with annual inspection or replacement) 0.1/yr Operator failure to execute a non-routine procedure (or a routine procedure under stress or in a fatigued state) 0.1/opportunity

Transfer hose failure (with pressure testing prior to each use) 0.01/yr Operator failure to execute a routine procedure (assumes proper training, no unusual stress or fatigue factors) 0.01/opportunity

Gasket or packing blowout 0.01/yr Lock-Tag-Try procedure failure that causes a hazardous event 0.01/opportunity

Spurious opening of relief valve or rupture disk 0.01/yr Lock-Tag-Try procedure failure that causes a hazardous event while following a written, approved checklist 0.001/opportunity

Damage by external agency (e.g., impact by backhoe and vehicle) 0.01/yr Fire

Piping leak (equivalent to 10% of pipe cross section) 0.001/yr per 100 m of Small external fire (all causes) 0.1/yr
pipe length

Piping failure (full breach) 0.00001/yr per 100 m Large external fire (all causes) 0.01/yr

Atmospheric tank failure 0.001/yr Miscellaneous Failures

Pressure vessel rupture due to non-specific overpressure 0.000001/yr Crane Load drop 0.0001/lift

Electrical Failures Lightning strike 0.001/year

AC electric motor failure, single speed 0.1/yr

AC electric motor failure, variable speed 0.1/yr

DC electric motor failure, single speed 0.1/yr

29

Reference: DuPont Process Hazards Analysis Standard © 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.
HAZOP Process (Study Technique)

Assessing the Risk Reduction Factor

• The risk reduction factor should be calculated based upon the team’s assessment of the effectiveness of the controls and
safeguards in place (this is a qualitative assessment)
• Generic Probability of Failure on Demand (PFD) data is provided in following slide for reference.
• The maximum risk reduction that can be considered for the BPCS and ESD system is the associated SIL verified rating for the
systems.
• Typically, where available, the maximum risk reduction taken for the BPCS is 2 orders of magnitude: one order of magnitude
reduction for an automatic BPCS action and second for alarm with competent operator time to act in accordance with written
SOP actions. REMINDER: Independence ruleset
• The total risk reduction from all safeguards is calculated based upon the sum of the individual safeguard PFDs (risk reduction
factors)
• The majority of safeguards are considered to act reducing the likelihood of the event, not the magnitude of the
consequence. This reflects the reliability and Probability of Failure on Demand of the safeguard
• Rely on the career experience of the team members at other companies.

30

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

 HAZOP Process (Study Technique)

Assessing the Risk Reduction Factor

Illustrative
Safeguard/Mitigation PFD Safeguard/Mitigation PFD

Basic Process Control System action 0.1 Operator response to alarm (2)
0.1

SIL-1 safety SIF 0.1 Trench/drainage system 0.1

SIL-2 safety SIF 0.01 Fire suppression system 0,1

SIL-3 safety SIF 0.001 Fireproofing 0.01

Relief valve (1)

0.01 Dike 0.01

Rupture disk 0.01 Underground drainage system 0.01

Rupture disk/relief valve in series (1)

0.02 Blast enclosure 0.001

Explosion blow-out panel 0.01 Flame/detonation arrestors 0.01

Explosion blow-out panels — multiple (overpressure prevented only if all or most 0.1 Double dissimilar check valves 0.1
function as designed)

Open vent line (no valves) 0.01 Water sprays 0.1

Flare stack 0.1 Shelter-in-place/evacuation 0.1

Scrubber 0.1

(1)
PFD for relief devices need to be increased to 10-1 for devices with long inspection frequencies or dirty / corrosive service. When a rupture disc and relief device is installed in series, the value for each need to added (i.e. for 2 devices in series with a PFD of 10-2,
the value would be 2 X 10-2).
(2)
When human response is required in 40 minutes or less, there is a high probability of making a wrong response, so in most cases the PFD value is 1.0 (No risk reduction). For a well-defined human action in less than 40 minutes (but never less than 15 minutes
(DCS), 30minutes (manual onsite)), where the response needed is obvious and there is immediate feedback that the action has been effective, and then a human action PFD of 10-1 might be appropriate.
Reference: DuPont Process Hazards Analysis Standard

31

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Example)

HAZOP Example

Looking at the diagram on the previous slide, fill in the blanks below.

Before Risk Reduction Residual Risk Rating

Guide
Deviation Cause Consequence Safeguard
Word S F R S F R

Level High … … ….

32

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Example)

HAZOP Example

Looking at the diagram on the previous slide, fill in the blanks below.

Before Risk Reduction Residual Risk Rating

Guide
Deviation Cause Consequence Safeguard
Word S F R S F R

Pressure High … … ….

33

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.

HAZOP Process (Example)

HAZOP Example

Looking at the diagram on the previous slide, fill in the blanks below.
Before Risk Reduction Residual Risk Rating
Guide
Deviation Cause Consequence Safeguard
Word S F R S F R

Level High Level control Increase in liquid level with V180 Level switch LSHH214
loop 213 with risk of carryover of liquid to interlocks to alarm
failure resulting compressor C130. Damage to LAHH214 and closes
in control valve compressor resulting in unit ESDV172 and shuts down
LCV going failure and potential loss of compressor C130
fully closed. containment which if ignited could downstream of V180
result in localized fire. Potential
for injury to personnel within
vicinity.

Level High LCV213 fail Filling V180 and liquid carryover LSHH214 interlock acts to
closed (loss IA) to C130. close ESDV172 and stop
C130 damage and potential casing C130 downstream
failure and LoC with
explosion/fire. Possible local
casualties.

34

© 2022 DSS Sustainable Solutions Switzerland SA. All rights reserved.