HAZOP

Hazard & Operability Studies

EXIT

HAZARD STUDY
HAZAN
SAFETY AUDIT DOW INDICES (HAZARD RANKING) ACCIDENT ANALYSIS

HAZOP
HAZARD & OPERABILITY

SCENARIO DEVELOPMENT

EIA

QUANTITATIVE RISK ASSESSMENT (QRA) EMERGENCY MANAGEMENT PLAN (EMP)

The above diagram of inter-relationships shows that there are there are four main areas of hazard study namely : Hazard analysis (HAZAN), Hazard and Operability study (HAZOP), Scenario development, Quantitative Risk Assessment (QRA) and finally Emergency Management Plan (EMP). These inter-relationships are more elaborated in the following diagram :

HAZARD CHECK LIST SAFETY AUDIT DOW INDICES ACCIDENT ANALYSIS

SYSTEM DESCRIPTION HAZARD IDENTIFICATION SCENARIO DEVELOPMENT

HAZAN

HAZOP

ACCIDENT PROBABILITY

ACCIDENT CONSEQUENCE
QRA
NO

RISK DETERMINATION RISK AND/OR HAZARD ACCEPTABILITY

YES

EIA

BUILD AND/OR OPERATE

EMP

ADAPTED FROM GUIDELINES FOR HAZARDS EVALUATION PROCEDURES, AMERICAN INSTITUTE OF CHEMICAL ENGINEERS, NEW YORK, 1985, P 1-9

Introduction & Overview

"....the application of a formal systematic critical examination of the process and engineering intentions of new or existing facilities, to assess the hazard potential of mal-operation or malfunction of individual items of equipment and the consequential effects on the facility as a whole.

Formal, structured approach to identification

[courtesy: Chemical Industries Association]

of potential hazards and operability problems Line by line / by equipment evaluation of the design Team exercise - input from all engineering and design disciplines, plus operations Structured brainstorming to look for deviations from the design intent.
EXIT

Introduction & Overview

(Contd.)

The HAZOP method has been widely used in the

process industries, particularly in the 1980s and 90s, and has developed a strong reputation as being an effective and thorough means of identifying hazards in process plants
A synthetic experience that makes it almost as

easy to spot problems in prospect as it is in retrospect.

Technique formalized by ICI (UK) in late 60s
EXIT

HAZOPS - What ?
THE BASIC CONCEPT
Essentially the HAZOPS procedure involves taking a full

description of a process and systematically questioning every part of it to establish how deviations from the design intent can arise. Once identified, an assessment is made as to whether such deviations and their

consequences can have a negative effect upon the safe

and efficient operation of the plant. If considered

necessary, action is then taken to remedy the situation.

EXIT

HAZOPS - What ?

(Contd.)

This critical analysis is applied in a structured way by the

HAZOP team, and it relies upon them releasing their imagination in an effort to discover credible causes of deviations. In practice, many of the causes will be fairly obvious, such as pump failure causing a loss of circulation in a cooling water facility . The great advantage of this technique is that it encourages the team to consider other less obvious ways in which a deviation may occur, however unlikely they may seem at first consideration. Much more than a mechanistic check-list type of review. The result is that there is a good chance that potential failures and problems will be identified which had not previously been experienced in the type of plant being studied.

EXIT

HAZOPS - Why ?
HAZOP studies are mainly intended to :

Check the design and consider whether any of

the conditions which may occur from either a mal-function or mal-operation, which may cause a general hazard to people working on the installation, to the general public or to plant and equipment; Check whether the precautions incorporated into the design are sufficient to either prevent the hazard occurring or reduce any consequence to an acceptable level;
EXIT

HAZOPS - Why ?

(Contd.)

HAZOP studies are mainly intended to :

consider any safety interfaces which exist with other

installations or parts of this installation;

ensure that the plant can be started, maintained and

shutdown safely, and;

where appropriate recommend changes to the process

design or its operation that increase process safety or enhance unit operability.

EXIT

HAZOPS - When ?
HAZOP studies are best performed on:

new plants where the design is nearly firm

and documented;
existing plants as part of a periodic hazard

analysis or a management of change process. (as for e.g. changes initiated through PCOs
etc)

EXIT

FUNDAMENTAL ASSUMPTION

When a process is operating within its design envelope, the potential for hazards or operability problems does not exist. It is also a primary assumption that the original process design and the equipment standards applied are correct.
EXIT

HAZOPS - How ?
HAZOP studies the stages in the conduct of the study
Select a section (node) Select a Parameter Apply guidewords to identify potential deviations Brainstorm all possible causes (stay within the section) Select the first identified cause Develop ultimate potential consequence(s) (look inside and outside

the section)
List existing safeguards (look inside and outside the section) Develop risk ranking Propose recommendations (weigh consequences and safeguards)

Repeat for each cause / deviation / parameter / section

Follow up and recording

EXIT

How To Lead A HAZOP

His role is to:

Organize a team
Act as a facilitator to bring to bear the expert knowledge of the team members in a structured interaction. Get the team to think the unthinkable. Focus more on the human element. Not to identify hazards and operability problems, but rather to ensure that such identification takes place.

Manage the personal interactions between the team members. Obtain balanced contributions and to minimize the effect on individuals when the design is subject to criticism.
EXIT

Organizing a HAZOP Study

Persons needed:
Chairman Scribe Process & Systems Engineer(s) Operations Representative(s) Other engineering disciplines (Control, Electrical, etc.)

Documents needed:
Design Basis P&IDs Cause & Effects Diagrams Operating Philosophy/ Instructions..

Dedicated room and facilities Dedicated (available full time) team members
EXIT

Organizing a HAZOP Study

Roles and responsibilities:
Chairman ensures all are:

(Contd.)

familiar with technique, directs on selection of nodes, parameters, etc. ensures meeting stays on track Produces report

Scribe:
records proceedings, prepares action lists after each session

Team members actively and freely participate

Recording of Study (HAZOP Software or Manually) Assigning and close out of recommendations
Follow up by Chairman/ designated Project Engineer Prepare close out report
EXIT

Selection of a Team Leader

there needs to be a person appointed who will be in overall charge; with Hazop Studies this person is usually called the Chairman or Study Leader..... Ideally, he should not have been too closely associated with the project under review as there might be a risk of him not being sufficiently objective in his direction of the team.

He should be carefully chosen and be fully conversant with the Hazop methodology and is capable of ensuring smooth and efficient progress of the study

EXIT

Selection of a Scribe
Another important member of the team will be the Scribe or the Secretary.....

His contribution to the discussion may be minimal, as his main function during the sessions will be to record the study as it proceeds. He will therefore need to have sufficient technical knowledge to be able to understand what is being discussed.
He helps organise the various meetings, takes notes during the examination sessions and circulates the resultant lists of actions or questions.
EXIT

Typical HAZOPS Ground Rules

Start on time peers No bad ideas Safe environment

All

Everyone contributes
Do not design it here Leader/facilitator limits opinions Frequent breaks
EXIT

Supplementary Ground Rules

Diversity is good Present your views but avoid arguing for them Listen to others Look for compromise Do not change your views to avoid conflict Be suspicious of agreements reached too easily Avoid majority votes, seek consensus

EXIT

Terminology
Section/Node Study reference section of the process: used to organize the study into manageable segments Intentions How the process sections are expected to operate Parameters Process and operating variables such as flow, pressure and temperature Guidewords no more less as well as part of reverse and other than Deviations Departures from the design and operating intentions (Guide word + Parameter) Causes Reasons why deviations may occur (possible causes) Consequences Results of the unique cause - a hazard causing damage, injury, or other loss (potential consequences) Safeguards Design and operating features that reduce the frequency or mitigate the consequences (existing systems and procedures) Risk Ranking Evaluation of the possibility that an identified consequence will occur, and will cause harm Recommendations Recommendations for design or operating changes, or further study

EXIT

Keywords/ Guidewords
An essential feature in this process of questioning and systematic analysis is the use of keywords to focus the attention of the team upon deviations and their possible causes. These keywords are divided into two sub-sets:

Primary Keywords which focus attention upon a particular aspect of the design intent or an associated process condition or parameter. Secondary Keywords which, when combined with a primary keyword, suggest possible deviations.
The entire technique of Hazops revolves around the effective use of these keywords, so their meaning and use must be clearly understood by the team.
EXIT

Keywords/ Guidewords
Primary Keywords:
These reflect both the process design intent and operational aspects of the plant being studied. Typical process oriented words might be as follows. Flow Pressure Separate (settle, filter, centrifuge) Composition React Reduce (grind, crush, etc.) Corrode Drain Vent Inspect Start-up Temperature Level

Mix Absorb Erode Isolate Purge Maintain Shutdown

EXIT

Other operational words that may be added are:

Keywords/ Guidewords
Secondary Keywords:
when applied in conjunction with a Primary Keyword, these suggest potential deviations or problems. They tend to be a standard set as listed below
No Less The design intent does not occur (e.g. Flow/No), or the operational aspect is not achievable (Isolate/No) A quantitative decrease in the design intent occurs (e.g. Pressure/Less) A quantitative increase in the design intent occurs (e.g. Temperature/More) The opposite of the design intent occurs (e.g. Flow/Reverse) The design intent is completely fulfilled, but in addition some other related activity occurs (e.g. Flow/Also indicating

More
Reverse Also

contamination in a product stream, or Level/Also meaning material in a tank or vessel which should not be there)

EXIT

Keywords/ Guidewords
Secondary Keywords: (Contd.)
Other The activity occurs, but not in the way intended (e.g.

Flow/Other could indicate a leak or product flowing where it should not, or Composition/Other might suggest unexpected proportions in a feedstock)
The design intention is achieved only part of the time (e.g. an air-lock in a pipeline might result in Flow/Fluctuation) Usually used when studying sequential operations, this would indicate that a step is started at the wrong time or done out of sequence As for Early

Fluctuation

Early

Late

EXIT

Selecting Nodes, Parameters and Guidewords

Nodes:(discrete location on the P&ID at which the process parameters are investigated for deviations)
Lines between major pieces of equipment Equipment items (tanks/vessels, columns, reactors) Packages (compressors, chemical injection) Utilities/Services (Air, N2, Steam, Drains,Vents Flare, Sewers..)

Parameters: :(Physical or chemical property associated with the process)

Flow, Pressure, Temperature, reaction others Applicable to the Node

Guidewords:(Simple words used to qualify or quantify the intention and to guide and
stimulate the process for identifying process hazards)

No, More, Less, As well as, others Applicable to the Parameter

Parameter + Guideword = Potential Deviation

EXIT

HAZOP Review Guideline Table Typical Nodes

Deviations Column, Departure from Design Reactor Fired Exchanger Vessel, Pump & Intention Heater Tank Compressor USE THE DEVIATIONS BELOW FOR ALL NODES INDICATED FLOW No, Low, More, Reverse X X X X PRESSURE No, Lower, Higher X X X X X TEMPERATURE Lower, Higher X X X X X LEVEL/INTERFACE No, Lower, Higher X X START-UP/SHUTDOWN Using All the Above X X X X X Lines

X X X

CONSIDER THE FOUR DEVIATIONS BELOW FOR ALL NODES INDICATED CONTAMINANT More REACTION Low, High TOXICITY Sampling, Maintenance CORROSION/EROSION More X X X X X X X X X X X X X X X X

EXIT

Brainstorming Causes
Deviations are used to help team identify causes of upsets, i.e. how does the process break down ? The same cause may apply to two or more deviations Do not criticize causes during brainstorming Do not argue about whether or not a cause belongs in a particular deviation (no flow, less flow); develop it

when it comes up
Do not list the same cause twice; develop it the first time; if a new deviation triggers some thoughts for additional consequences of a previously developed scenario, go back and revise the scenario
EXIT

Common Deviations and Their Causes

Guide Words No, Not, None Process Parameters Flow Wrong routing, blockage, blind flange left in, faulty non-return valve, burst pipe, control valve, isolation valve, pump or vessel failure. Open to atmosphere. Less, Low, Short Partial blockage (filters), vessel or valves failing, leaks, loss of pump efficiency. Part of N/A More, High More than 1 pump operating, reduced delivery head, increased suction pressure, other routes, exchanger tube leaks. Surge, relief, leakage from HP connection (lines and flanges), thermal, rate of pressurising lines.

Pressure

Generation of vacuum by pump drain out of vessels, cooling or condensation from vapour or gas dissolving in a liquid. Pump/compressor suction lines blocked. Freezing, loss of pressure, loss of heating, failed exchanger tubes.

N/A

Temperature

N/A

N/A

Fouled cooler tubes, cooling water failure, failed exchanger tubes. Exothermic reaction. Control valve failure, manual error, blocked outlet. Excessive additives, mixing.

Level

Empty tank, vessel.

Control valve failure, manual error, pump out.

High or Low interface level.

Composition viscosity, Mixing failure. Additive density, phase (e.g. chemical injection) failure.

Poor mixing, or Passing through interruption during mixing. isolations, leaking exchanger tubes, phase change, out of spec.

EXIT

Develop Consequences without Safeguards

Identify ultimate potential consequences for each deviation Common error by process hazards review teams is to take credit for safeguards when developing consequences When developing consequences consider the following:
Operator is not available or is not paying attention Control valves are in manual Alarms and safety interlocks do not function Procedures are not followed or are not understood

EXIT

Deviation from design intent

Design Intent defines how a plant or just a part of it is expected

to operate. It may be to produce a certain tonnage per year

of a particular chemical, to manufacture a specified number of cars, to process and dispose of a certain volume of effluent per annum, etc

but in the vast majority of cases it would also be understood that an important subsidiary intent would be to conduct the operation in the safest and most efficient manner possible.
EXIT

Deviation from design intent

(Contd.)

To illustrate, let us imagine that as part of the overall production requirement we needed a cooling water facility. A much simplified statement as to the design intent of this small section of the plant would be "to continuously circulate cooling

water at an initial temperature of xC and at a rate of xx liters per hour".

Fan Cooler

Heat Exchanger

A deviation or departure from the design intent in this case would be a cessation of circulation, or the water being at too high an initial temperature. Note the difference between a deviation and its cause. In this case, failure of the pump would be a cause, not a deviation.
EXIT

Pump

Priority for Safeguards

Cause elimination first, Consequence mitigation second Inherent design cushion (better than minimum consensus standards) Written procedures for :
Operations Maintenance Inspection Testing

EXIT

Priority for Safeguards (cont.)

Training History
Previous incidents (lack of) Equipment inspection (i.e. clean or non corrosive service)

Equipment
PSVs Redundant/ voting systems Independent alarms/ shutdowns Control instruments
EXIT

Qualitatively Estimating Risk SLR R = risk is an assessment of how serious and how

credible is each identified deviation, its causes and consequences; a combination of the likelihood and the severity of the predicted or ultimate consequences R=S*L

S L

= The severity of the predicted consequences = The likelihood of the predicted consequences
developing given the safeguards that are currently in place

EXIT

RISK RANKING MATRIX

1 1 2 3 4 5 2 2 4 6 7 8 Severity 3 3 6 7 8 9 4 4 7 8 9 10 5 5 8 9 10 10

Likelihood

1 2 3 4 5

SEVERITY - FIVE POINT SCHEME FOR SEVERITY LEVEL Class 1 V High Definition In plant fatality; Public fatalities; Extensive property damage; environmental damage; Extended downtime ( > or = 2 days ) Lost time injury; Public injuries or public impact; Significant property damage; Exceeds MEPA standards; Downtime ( 1 to 2 days ) Minor injury; Moderate property damage; No environmental impact; Downtime ( 4 to 24 hours ); Off-spec product No worker injuries; Minor property damage; No environmental impact; Downtime ( < 4 hours ) No worker injuries; No property damage; No environmental impact; Recoverable operational problem
LIKELIHOOD - FIVE POINT SCHEME FOR LIKELIHOOD Class 1 V High 2 High Frequency of Occurrence Possible to occur ( < 5 years ) Possible to occur ( 5 < 15 years )

High

Medium

3 Medium Possible to occur under unusual circumstances ( 15 < 30 years ) 4 Low 5 V Low Possible to occur over the lifetime of the plant ( 30 < 100 years) Could occur, however not likely over plant life (1 / 100 years)

Low

V Low

EXIT

HAZOPS Study Methodology

In simple terms, the HAZOP study process involves applying in a systematic way all relevant keyword combinations to the plant in question in an effort to uncover potential problems. The results are recorded in columnar format under the following headings:

DEVIATION

CAUSE

CONSEQUENCE

SAFEGUARDS

ACTION

In considering the information to be recorded in each of these columns, it may be helpful to take as an example the following simple schematic.

EXIT

HAZOPS Study Methodology

Mixer

V1
Dosing Tank T1

P1 Strainer S1

Pump P1

Note that this is purely representational, and not intended to illustrate an actual system.

EXIT

HAZOPS Study Methodology

Deviation Cause

(Contd.)

The keyword combination being applied (e.g. Flow/No). Potential causes which would result in the deviation occurring. (e.g. "Strainer S1 blockage due to impurities in Dosing Tank T1" might be a cause of Flow/No). The consequences which would arise, both from the effect of the deviation (e.g. "Loss of dosing results in incomplete separation in V1") and, if appropriate, from the cause itself (e.g. "Cavitation in Pump P1,

Consequence

with possible damage if prolonged").

EXIT

HAZOPS Study Methodology

(Contd.)

Safeguards Any existing protective devices which either prevent the cause or safeguard against the adverse consequences would be recorded in this column. For example, you may consider recording "Local pressure

gauge in discharge from pump might indicate problem was arising".

Note that safeguards need not be restricted to hardware where appropriate, credit can be taken for procedural aspects such as regular plant inspections (if you are sure that they will actually be carried out!).

Action Actions fall into two groups: 1.Actions that remove the cause. 2.Actions that mitigate or eliminate the consequences.
EXIT

HAZOPS Study Methodology

(Contd.)

Always investigate removing the cause first, and only where necessary mitigate the consequences. For example "Strainer S1 blockage due to impurities etc". we might approach the problem in a number of ways:
Ensure that impurities cannot get into T1 by fitting a strainer in the road tanker offloading line. Consider carefully whether a strainer is required in the suction to the pump. Will particulate matter pass through the pump without causing any damage, and is it necessary to ensure that no such matter gets into V1. If we can dispense with the strainer altogether, we have removed the cause of the problem. Fit a differential pressure gauge across the strainer, with perhaps a high dP alarm to give clear indication that a total blockage is imminent. Fit a duplex strainer, with a regular schedule of changeover and cleaning of the standby unit.
EXIT

Preparatory Work
This preparatory work will be the responsibility of the

Chairman, and the requirements can be summarized as follows:

review, etc.......)

1.Assemble the data (PFDs, P&IDs, Layouts, C&E diagrams etc...) 2.Understand the subject (enable him to plan a sensible strategy, duration of the
3.Subdivide the plant and plan the sequence (Split into manageable sections,
endeavour to group smaller items into logical units...)

4.Mark-up the drawings (use distinctive and separate colours, when node spans
two or more drawings, the colours used should remain constant)

5.Devise a list of appropriate Keywords 6.Prepare Table Headings and an Agenda ( like reference drawings, parameter,
node intention, session no.etc...)

7.Prepare a timetable 8.Select the team (chairman also to ensure the core team members are available for
the duration of the review,)
EXIT

RUNNING A HAZOP STUDY

After the preparatory work, the chairman should be in a position to easily guide an efficient and comprehensive study through to a successful conclusion.
However, there are certain guideline to remember: Forbid team members to illustrate their ideas on the master P&IDs.( Establish the rule right at the beginning of the session) Resist temptation to hasten the process by listing potential cause/ consequences if schedule is slipping. Do not allow a separate meeting to develop, with two team members conversing in low voices at the corner of the table. Ensure that all team members participate, even those who might feel unsure of themselves. Recognize and reward with praise the team member/s who contribute to the discussion wholeheartedly and sensibly. However, do not allow them to overshadow the rest of the team.
EXIT

RUNNING A HAZOP STUDY

(Contd.)

If discussion wanders away from the matter under consideration, refocus the attention of the team either by requesting that the Secretary read out what he has recorded, or by asking for an action to be formulated. The Chairman should be independent and unbiased, and should not be perceived as constantly favoring one section of the team as opposed to another
Take as an example the situation where the client wishes to have an additional High Level Alarm, but the contractor strongly disputes its necessity. Consider the following actions:
"Fit a High Level Alarm". In the view of the contractor, the Chairman has sided with the client. He may, wrongly or otherwise, perceive this to be a biased decision. The action "Justify the requirement for a High Level Alarm" is addressed to the client. The Chairman favors the contractor's argument, but is not dismissing altogether the views of the client. Both parties are likely to be content with this formula. The action "Justify the absence of a High Level Alarm" is addressed to the contractor. The Chairman favors the client's argument, but is not dismissing altogether the views of the contractor. As before, neither party will have cause to feel aggrieved.

EXIT

The Report
The HAZOP Report is a key document pertaining to the safety of the plant. It is crucial that the benefit of this expert study is easily accessible and comprehensible for future reference in case the need arises to alter the plant or its operating conditions. The major part of such a report is the printed Minutes, in which is listed the team members, meeting dates, Keywords applied, and every detail of the study teams findings. However, with this is included a general summary. The contents of such a summary might typically be: - An outline of the terms of reference and the scope of study - A very brief description of the process which was studied - The procedures and protocol employed. - A brief description of the Action File should be included - General comments - Results. (usually states the number of recommended actions) - Appendix (master copies of dwgs., studied, tech data used, cals produced, C&E charts, corr. bet contractor to vendor, or client to contractor etc. )
EXIT

HAZOP Method Flow Chart

Explain design intent

Select Process Parameter

Apply Guidewords

Identify credible Deviations

Identify credible Causes

Examine Consequences Select a Node Identify existing Safeguards

Repeat for all Nodes

Repeat for all Parameters

Repeat for all Guidewords

Develop Recommended Actions

Assess Risk

EXIT

HAZOP : DETAILED SEQUENCE OF EXAMINATION

(COURTSEY: Chemical Industry Safety and Health Council, 1977/3)
Beginning
11 12 13 14 15 16 17 18 19 20 Repeat 6-10 for all meaningful deviations derived from the first guide words Repeat 5-11 for all the guide words Mark line as having been examined

1 2 3 4 5 6 7 8 9 10

Select a vessel Explain the general intention of the vessel and its lines Select a line Explain the intention of the line Apply the first guide words Develop a meaningful deviation Examine Possible causes Examine Consequences Detect Hazards Make suitable record

11 12 13 14

Repeat 5-12 Mark vessel as completed Repeat 1-22 for all vessels on flow sheet Mark flow sheet as completed

Repeat 313 for each line

Select an auxiliary (e.g. heating system) Explain the intention of the auxiliary Repeat 5-12 for auxiliary Mark auxiliary as having examined Repeat 5-18 for all auxiliaries Explain intention of the vessel

15

Repeat 1-24 for all flow sheets

End

EXIT

HAZOP Procedure: Flow diagram

Select a section of the Plant Have all the relevant Primary Keywords for this plant section been considered ? No Select a Primary Keyword not previously considered. (e.g. pressure) Yes Have all the relevant Secondary Keywords for this Primary Keyword been considered ? No Select a Secondary Keyword not previously considered. (e.g. More) Are there any causes for this deviations not previously discussed and recorded ? Yes Record this new cause. No Are associated consequence of any significance? Yes Record the consequence/s Record any Safeguards identified. No Having regard to the Consequences and Safeguards, is an action necessary? Yes Record the agreed action Yes

No

EXIT

The reasons for such widespread use of HAZOPS

Although no statistics are available to verify the claim, it is believed that the HAZOP methodology is perhaps the most widely used aid to loss prevention. The reason for this can most probably be summarized as follows:
It is easy to learn. It can be easily adapted to almost all the operations that are carried out within process industries. No special level of academic qualification is required. One does not need to be a university graduate to participate in a study.

EXIT

HAZOP Summary
HAZOP is a qualitative, verbal and an interactive group process that attempts to identify hazards and

subsequently recommend modifications in order to

eliminate unacceptable risk situations Provides a means to reveal potential hazards and operability problems at design stage Creative approach to identifying hazards Systematic and thorough
EXIT

HAZOP Summary
Formal Record of Study Minimizes cost to implement appropriate safeguards in new or modified facilities Participants gain a thorough understanding of the facility

Always Remember the primary assumption in a HAZOP study is that the original process design and the equipment standards applied are correct.
EXIT

EXIT