CHPE 5612: Chemical Process Safety

Chapter 10 by Dr. Omar Houache

Hazards are everywhere

Unfortunately, a hazard is not always identified until an accident occurs. It is essential to identify the hazards and reduce the risk well in advance of an accident. For each process in a chemical plant the following questions must be asked: 1. What are the hazards? (Hazard Identification) 2. What can go wrong and how? 3. What are the chances? Risk Assessment 4. What are the consequences?

Definitions
HAZARD: A hazard introduces the potential for an unsafe condition, possibly leading to an accident. RISK is the probability or likelihood of a Hazard resulting in an ACCIDENT

INCIDENT is an undesired circumstance that produces the potential for an ACCIDENT

ACCIDENT is an undesired circumstance that results in ill health, damage to the environment, or damage to property HAZARD INCIDENT ACCIDENT (includes near misses)

Definitions
Risk assessment is sometimes called hazard analysis. Hazard identification and risk assessment are sometimes combined into a general category called hazard evaluation. A risk assessment procedure that determines probabilities is frequently called probabilistic risk assessment (PRA), whereas a procedure that determines probability and consequences is called quantitative risk analysis (QRA). Figure 10-1 illustrates the normal procedure for using hazards identification and risk assessment.

HAZID Approach

What can go wrong? What incidents or scenarios could arise as a result of things going wrong? What could cause or could contribute to these incidents?
6

HAZID Approach
Life Cycle Phases of a Project

Concept
Design Construction Commission Production

The HAZID approach can be used in the first stages of the life cycle phase of a project Prior to design phase, little information will be available and the HAZID approach will need to be undertaken on flow diagrams Assumptions will need to be transparent and documented

Decommission
Disposal

Conducting the HAZID Consider the Past, Present and Future

What has gone wrong in the past? Root Cause Historical Records Process Experience Near Misses What could go wrong currently? HAZID Workshop HAZOP Study Scenario Definitions Checklists
What could go wrong due to change? Future conditions Change Management What-If Judgement Prediction unforeseeable

Historical conditions

Identified Hazards

Existing conditions

Conducting the HAZID It is tempting to disregard Non-Credible Scenarios BUT Non-credible scenarios have happened to others Worst cases are important to emergency planning

Conducting the HAZID

Issues for consideration Equipment can be off-line Safety devices can be disabled or fail to operate Several tasks may be concurrent Procedures are not always followed People are not always available How we act is not always how we plan to act Things can take twice as long as planned Abnormal conditions can cross section limits
Power failure

10

Conducting the HAZID HAZID Process

Define boundary System description

Divide system into sections Analyse each section

asset or equipment failure external events process operational deviations hazards associated with all materials human activities which could contribute to incidents interactions with other sections of the facility

Existing studies Selected methods

Systematically record all hazards Independent check Hazard Register

11

Revisit after risk assessment

Conducting the HAZID

Recording Detail The level of detail is important for: - Clarity - Transparency and - Traceability A system (hazard register) is required for keeping track of the process for each analysed section of the facility The items to be recorded are: - Study team - System being evaluated - Identified hazard scenario - Consequences of the hazard being realised - Controls in place to prevent hazard being realised and their adequacy 12 - Opportunity for additional controls

HAZID Techniques - Overview

Checklists - questions to assist in hazard identification Brainstorming - whatever anyone can think of

13

Increasing effort required

What If Analysis - possible outcomes of change

HAZOP (Hazard and operability study )- identifies process plant type incidents FMEA/FMECA (Failure modes and effects analysis/ Failure modes and effects criticality analysis )equipment failure causes Task Analysis maintenance activities, procedures Fault Tree Analysis - combinations of failures

Checklists Simple set of prompts or checklist questions to assist in hazard identification Can be used in combination with any other techniques, such as What If Can be developed progressively to capture corporate learning of organisation Particularly useful in early analysis of change within projects

14

Checklists
Initiating Events Overfills And Spills General Causes Improper Operation Initiating Causes Operating Error Inadequate / Incorrect Procedure Failure To Follow Procedure Outside Operating Envelope Inadequate Training Wet H2S Cracking General Process Cooling Water Steam / Condensate Service Water Missiles Crane Vehicles
15

Vessel/Tanker Shell Failure

Corrosion

Mechanical Impact

Checklists
Advantages Highly valuable as a cross check review tool following application of other techniques Useful as a shop floor tool to review continued compliance with SMS Disadvantages Tends to stifle creative thinking Used alone introduces the potential of limiting study to already known hazards - no new hazard types are identified Checklists on their own will rarely be able to satisfy regulatory requirements

16

Brainstorm Team based exercise Based on the principle that several experts with different backgrounds can interact and identify more problems when working together Can be applied with many other techniques to vary the balance between free flowing thought and structure Can be effective at identifying obscure hazards which other techniques may miss

17

Brainstorm
Advantages Useful starting point for many HAZID techniques to focus a groups ideas, especially at the projects concept phase Facilitates active participation and input Allows employees experience to surface readily Enables thinking outside the square Very useful at early stages of a project or study Disadvantages Less rigorous and systematic than other techniques High risk of missing hazards unless combined with other tools Caution required to avoid overlooking the detail Relies on experience and competency of facilitator
18

What If
What if analysis is an early method of identifying hazards Brainstorming approach that uses broad, loosely structured questioning to postulate potential upsets that may result in an incident or system performance problems It can be used for almost every type of analysis situation, especially those dominated by relatively simple failure scenarios

19

What If
Normally the study leader will develop a list of questions to consider at the study session This list needs to be developed before the study session Further questions may be considered during the session Checklists may be used to minimise the likelihood of omitting some areas

20

What If
Example of a What If report for a single assessed item

21

What If
Advantages Useful for hazard identification early in the process, such as when only PFDs are available What If studies may also be more beneficial than HAZOPs where the project being examined is not a typical steady state process, though HAZOP methodologies do exist for batch and sequence processes Disadvantages Inability to identify pre-release conditions Apparent lack of rigour Checklists are used extensively which can provide tunnel vision, thereby running the risk of overlooking possible initiating events

22

HAZOP A HAZOP study is a widely used method for the identification of hazards A HAZOP is a rigorous and highly structured hazard identification tool It is normally applied when PFDs and P&IDs are available The plant/process under investigation is split into study nodes and lines and equipment are reviewed on a node by node basis Guideword and deviation lists are applied to process parameters to develop possible deviations from the design intent
23

HAZOP results in a very systematic assessment of hazards

HAZOP Example of a HAZOP report for a single assessed item

24

HAZOP
Advantages Will identify hazards, and events leading to an accident, release or other undesired event Systematic and rigorous process The systematic approach goes some way to ensuring all hazards are considered Disadvantages HAZOPs are most effective when conducted using P&IDs, though they can be done with PFDs Requires significant resource commitment HAZOPs are time consuming The HAZOP process is quite monotonous and maintaining participant interest can be a challenge
25

FMEA/FMECA Objective is to systematically address all possible failure modes and the associated effects on a technical system The underlying equipment and components of the system are analysed in order to eliminate, mitigate or reduce the failure or the failure effect Best suited for mechanical and electrical hardware systems evaluations

26

FMEA/FMECA
Example of an FMEA/FMCEA report for a single assessed item
Potential Failure Mode Open indicator switch failed Potential Effects of Failure Wrong indication of valve back to control system causing possible incorrect controller action to be taken Potential Causes of Failure Wear and tear Comments Recommendations

Commissioning and test procedures must ensure that all diverter equipment indicators are correctly wired to the diverter control system

The integrity of the position indicators for the Diverter system equipment is critical to the logic of the control system. It is recommended that the position indicators are discretely function tested prior to commencement of each program

27

FMEA/FMECA
Advantages Generally applied to solve a specific problem or set of problems FMEA/FMECA was primarily considered to be a tool or process to assist in designing a technical system to a higher level of reliability Designed correction or mitigation techniques can be implemented so that failure possibilities can be eliminated or minimized

Disadvantages It is very time consuming and needs specialist skills from different backgrounds to obtain maximum effect Very hard to assess operational risks within an FMEA/FMECA (like they can be within a HAZOP or What if study)

28

Task Analysis Technique which analyses human interactions with the tasks they perform, the tools they use and the plant, process or work environment Approach breaks down a task into individual steps and analyses each step for the presence of potential hazards Used widely to manage known injury related tasks in workplace Excellent tool for hazard identification related to human tasks

29

Task Analysis Disadvantages Does not address plant process deviations which are not related to human interaction

Caution Relies on multi-disciplined input with specific input of person who normally carries out the task Often assumed to be the only tool of hazard identification or risk assessment, as it is used generally at the shop floor

30

Fault Tree Analysis Graphical technique approach Provides a systematic description of the combinations of possible occurrences in a system which can result in an identified undesirable outcome (top event) This method combines hardware failures and human failures Uses logic gates to define modes of interaction (ANDs/ ORs)

31

Fault Tree Analysis

Process vessel over pressured
AND

Pressure rises

PSV does not relieve

OR

AND

Process pressure rises

Control fails high PSV too small

Fouling inlet or outlet

Set point too high PSV stuck closed

32

Fault Tree Analysis

Advantages Quantitative - defines probabilities to each event which can be used to calculate the probability of the top event Easy to read and understand hazard profile Easily expanded to bow tie diagram by addition of event tree Disadvantages Need to have identified the top event first More difficult than other techniques to document Fault trees can become rather complex Time consuming approach Quantitative data needed to perform properly

33

Review and Revision The following are examples of when a HAZID revision should occur
Organizational changes New projects HAZID Revision Incident investigation results Abnormal conditions through design envelope changes
34

Process or condition monitoring changes

Safety considerations of the facility layout will include the provision of: Separation between flammable hydrocarbons and ignition sources. Separation between hydrocarbon handling areas and emergency services, main safety equipment, accommodation, temporary safe refuge areas, means of evacuation and escape, muster points and control centers.

35

 Sufficient means of escape to enable efficient and protected evacuation from all areas designated as muster and evacuation stations under foreseeable hazard conditions. Availability of essential services and the main safety equipment under foreseeable hazard conditions, including protecting critical systems and equipment required to function in a fire and explosion emergency. Safe access to systems and equipment for operational and maintenance purposes.

36

HAZOP Hazard and Operability Study

HAZOP - Hazard and operability

HAZOP is a formal and systematic procedure for evaluating a process - It is time consuming and expensive

HAZOP is basically for safety

- Hazards are the main concern - Operability problems degrade plant performance (product quality, production rate, profit), so they are considered as well Considerable engineering insight is required - engineers working independently could (would) develop different results

HAZOP - Hazard and operability

HAZOP keeps all team members focused on the same topic and enables them to work as a team 1+1+1=5

NODE: Concentrate on one location in the process PARAMETER: Consider each process variable individually

(F, T, L, P, composition, operator action, corrosion, etc.)

GUIDE WORD: Pose a series of standard questions about deviations from

normal conditions. We assume that we know a safe normal operation.

HAZOP - Hazard and operability

NODE: Pipe after pump and splitter

PARAMETER*: Flow rate GUIDE WORD: Less (less than normal value) DEVIATION: less flow than normal CAUSE: of deviation, can be more than one CONSEQUENCE: of the deviation/cause ACTION: initial idea for correction/ prevention/mitigation

All group members focus on the same issue simultaneously

* For an expanded list of parameters and associated guide words, see Wells (1996)

HAZOP - Hazard and operability

TYPICAL GUIDEWORDS USED FOR PROCESSES

Guide Word NO or NOT or NONE MORE LESS AS WELL AS PART OF REVERSE OTHER THAN SOONER/LATER THAN

Explanation Negation of the design intent Quantitative increase Quantitative decrease Qualitative increase e.g., extra activity occurs Qualitative decrease Opposite of the intention Substitution Activity occurring a time other than intended

Selected Parameters with Applicable Guide Words (See Wells, 1996, p. 95-6) Flow (no, more, less, reverse) Temperature (higher, lower) Pressure (higher, lower) Level (none, higher, lower) Composition (none, more, less, as well as, other than) Action (sooner, later, insufficient, longer, shorter)

HAZOP - Hazard and operability

Fired heaters are used in process plants and have many potential hazards. Lets perform a HAZOP study!

feed

When do we use a fired heater in a process plant?

product

air

fuel

HAZOP - Hazard and operability

Class Example: Fired Heater
1.
2. 3.

Discuss the first entry in the HAZOP form

Select another guide word for the parameter Select a different parameter for the same node

4.

Select a different node/parameter/guide word

feed

product

air

fuel

HAZOP FORM

Unit: Fired Heater

feed

Node: Feed pipe

(after feed valve, before split)

Parameter: Flow

product

Location (line or vessel) or procedure (start up)

Process variables
air fuel

Guide Word Select from official list of words to ensure systematic consideration of possibilities no

Deviation applying guide word to this parameter

Cause process engineering

Consequence process engineering

Action preliminary result which should be reconsidered when time is available

no feed flow

1. feed pump stops

damage to pipes in radiant section, possible pipe failure

1. automatic startup of backup pump on low feed pressure

2. feed valve closed 3. feed flow meter indicates false high flow (controller closes valve) 4. pipe blockage

2. fail open valve 3. redundant flow meters

4. a) test flow before startup 4. b) place filter in pipe Install remotely activated block valves at feed tanks to allow operators to stop flow

5. Catastrophic failure of pipe

5.a) damage to pipes in radiant section b) pollution and hazard for oil release to plant environment

For 1-5, SIS to stop fuel flow on low feed flow, using separate feed flow sensor

HAZOP - Hazard and operability

HAZOP - PROCESS APPLICATIONS Thorough review at or near the completion of a new process design - Equipment and operating details known - Can uncover major process changes Review of existing processes (periodic update) - Safe operation for years does not indicate that no Hazards exist Review of changes to an existing process that had been HAZOPed Important part of Change Management - No consistency on what type of changes require formal HAZOP

HAZOP - Hazard and operability

MANAGING THE HAZOP PROCESS

The HAZOP group should contain people with different skills and knowledge - operations, design, equipment, maintenance, quality control, .. - do not forget operators!!!
The team should understand the plant well

Documents should be prepared and distributed before the meeting

The HAZOP leader should be expert in the HAZOP process Results must be recorded and retained

HAZOP - Hazard and operability

At the conclusion, every item should be evaluated for further study - the need for and priority of future effort is decided - every item should be evaluated for + severity, + likelihood, and + cost (H/M/L or weightings 1-10) - columns for the three factors above can be added to the standard HAZOP form (See Wells, 1996, p. 104-5) For all significant items, a Hazard Assessment is performed (one or more of methods below) - Fault Tree - Event Tree - Consequence Analysis - Human Error Analysis

Risk management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.

Risk
A Risk is the amount of harm that can be expected to occur during a given time period due to specific harm event (e.g., an accident). Risk is a product of the likelihood of a hazard occurring and the consequences that would follow: RISK = HAZARD X CONSEQUENCE In practice, the amount of risk is usually categorized into a small number of levels because neither the probability nor harm severity can typically be estimated with accuracy and precision.

Risk Matrix
A Risk Matrix is a matrix that is used during Risk Assessment to define the various levels of risk as the product of the harm probability categories and harm severity categories. This is a simple mechanism to increase visibility of risks and assist management decision making.

Risk Matrix
Although many standard risk matrices exist in different contexts individual projects and organizations may need to create their own or tailor an existing risk matrix. E.g., the harm severity can be categorized as:

Catastrophic - Multiple Deaths

Critical - One Death or Multiple Severe Injuries Marginal - One Severe Injury or Multiple Minor Injuries Negligible - One Minor Injury

Risk Matrix
The probability of harm occurring might be categorized as 'Certain', 'Likely', 'Possible', 'Unlikely' and 'Rare'. However it must be considered that very low probabilities may not be very reliable.

Risk Matrix

The resulting Risk Matrix could be :

Negligible Marginal Critical Catastrophic

Certain Likely

High Moderate

High High

Extreme High

Extreme Extreme

Possible
Unlikely Rare

Low
Low Low

Moderate
Low Low

High
Moderate Moderate

Extreme
Extreme High

Risk Matrix

The resulting Risk Matrix could be :

Negligible Marginal Critical Catastrophic

Certain Likely Possible Unlikely Rare

Stubbing Toe Minor Car Accident Major Car Accident Aircraft Crash Major Tsunami