Hazard Identification
Why? To identify hazards so that they can be eliminated or controlled. How? Using a number of available procedures.
�P-36 platform on transport barge
�������Other examples of accidents due to undetected hazards.
Titanic 1912. Bulkheads not full height. Water flooded into adjacent compartments. Alexander Keilland 1980. Undetected cracks in bracing member. Leg detached from rig which capsized. Esso Longford 1998. No HAZOP. Heat exchanger failed due to low temperatures.
�How many hazards can you identify?
�Approach to all Hazard Identification methods
Identify process hazards Review previous incidents Analyze engineering and administrative controls and consequences of control failures Consider facility location Address human factors Evaluate effects of incidents on employees Decide when action items are warranted
�Sources of Information
Legislation and supporting Codes of Practice HSE guidance Process Information Product Information Relevant national and industry standards Industry and trade association guidance Experienced Personnel Accident/ Incident databases Specialist advice
�Brainstorming
Rules
Postpone and withhold your judgement of ideas. Encourage wild and exaggerated ideas. Quantity counts at this stage, not quality. Build on the ideas put forward by others. Every person and every idea has equal worth.
By its very nature a brainstorming session cannot be structured, but it can be guided.
�HAZARD IDENTIFICATION METHODS
Check List What If Hazid Hazop Task Analysis Fault Tree Analysis Failure Modes & Effects Analysis
�Safety Analysis
Qualitative
Check Lists What If Reviews Hazop Reviews
Quantitative
Event Trees Fault Trees Failure Mode and Effects Analysis (FMEA)
�Process Hazard Identification
Selection of the most appropriate methods for each facility or process and provide the rationale for their selections. Sometimes a combination of methods may be most appropriate. Depends on many factors including the size and complexity of the process and existing knowledge of the process. All Hazard Identification methods are subject to certain limitations. Hazard Analysis depends on good judgement, therefore assumptions made must be documented, understood, and retained for future hazard reviews.
�Hazard Identification
Consider each situation to be unique Each may require a different approach Each is dependant upon process complexity
Obvious low hazard or simple process Obvious high hazard or complicated process
Increasing Expertise Required
Supervisor Expert Team
�Checklist Analysis
A checklist analysis is used to verify the status of a system. The checklist analysis method is versatile, easy to use and can be applied at any stage in the life of a process. It is primarily used to indicate compliance with standards and practices. It is also a costeffective way to identify common and customarily recognized hazards. Checklists also provide a common basis for management review of assessments. Many organizations use standard checklists to control the development of a process or an entire project from initial design through decommissioning. The completed checklist must be approved by all relevant staff members and managers before a project can move from one stage to the next.
�Process Hazards Checklist Analysis
Storage.
Storage tanks, dykes, emergency valves, inspection, maintenance, procedures, specifications, limitations
Materials Handling. Pumps, conveyors, ducts, piping, procedures Process Equipment and Systems.
Procedures, conformance, loss of utilities, vessels, relief devices, hazards, electrical, ignition sources, compatibility
Personnel Protection. Protection, ventilation, exposure, hazards manual,
environmental
Controls and Emergency Devices. Controls, calibration, inspection, alarms,
interlocks, relief devices, emergencies, process isolation
Waste Disposal. Ditches, vents, characteristics, Sampling. Sample points, procedures, sample analysis Maintenance. Decontamination, vessel opening, procedures
�Cooling Water Chlorination System
�MATERIAL
Do all raw materials continue to conform to original specifications? Yes. The drums are ordered with the same chlorine specification used since startup. Is each receipt of material checked? Yes. The supplier once sent a cylinder of phosgene. Since then, a test is performed by the maintenance staff. In addition, the fusible plugs are inspected for evidence of leakage, before a cylinder is hooked up. Does the operating staff have access to Material Safety Data Sheets? Yes. All staff are familiar with the process chemistry, including the hazards of Chlorine. Is fire fighting and safety equipment properly located and maintained? Yes. This system is on a concrete building roof. Because there are no flammable materials involved in this system, if a fire occurs, there will be no special effort by fire fighting crews to concentrate on the roof area.
�EQUIPMENT Has all equipment been inspected as scheduled? Yes. The maintenance personnel have inspected the equipment in the process area according to company inspection standards. Have pressure relief valves been inspected as scheduled? Yes. Have rupture disks been inspected (for having blown) as scheduled? Not applicable. Are the proper maintenance materials (parts, etc.) available? Yes. They include spare pigtails for the supply cylinders, as well as a rotameter and a pressure check valve. Other items must be ordered. Is there an emergency cylinder capping kit? Yes. PROCEDURES Are the operating procedures current? Yes. Are the operators following the operating procedures? No. It is reported that some staff do not always check the cylinder's fusible plugs for leaks. Staff should be re-reminded of this procedural item and its importance. Are new operating staff trained properly? Yes. Training includes a review of the Hazard Analysis for this process and familiarization with MSDSs. How are communications handled at shift change? There are relatively few open items at the end of a shift. The chlorine cylinders need to be changed only about once every 45 days. If an empty chlorine cylinder needs replaced, it has proven to be easy to schedule the change during a shift. Is housekeeping acceptable? Yes. Are safe work permits being used? Yes.
�Checklist Advantages
List of hazards identified from previous studies and historical data on operating plants Can be tailored to specific materials, equipment, procedures Very simple and low cost Can be applied to any stage in the life of a process Versatile and easy to use
�Checklist Limitations
Does not address new processes, equipment, etc. May miss issues not covered by lists Past data might not contain infrequent, high consequence accident Encourage a tick off mentality Does not deal effectively with hazards that arise from interactions
�De Havilland Comet with square windows
�Later model with round windows
�What If Analysis
What-if analysis is to identify hazards, hazardous situations, or specific accident events that could produce an undesirable consequence. What-if analysis involves the examination of possible deviations from the design, construction, modification, or operating intent of a process.
�Approx Time Requirements
�Advantages of What if analysis
It can be accomplished with a relatively low skill level. The typical What if review is a brainstorming session, all sorts of topics may be randomly addressed as they are thought up. Combined with a checklist format, the review may become simple to answer. It is fast to implement, compared to other qualitative techniques. What if review is a direct question method possibly from a standardized check list from which questions can be easily and rapidly addressed. It can analyse a combination of failures. The option of addressing continuing sequential failures can be investigated. It is flexible. It is readily adaptable to any type of process and questions can focus on specific potential failures.
�Limitations of What if technique
It is based on experience. A what if analysis cannot be relied upon for identifying unrecognized hazards. A review team may fail to investigate deep enough into the process with which they have become superficially familiar. Unless the review team asks the right questions, hazards may not be identified. It is not systematic. It is considered a brainstorming session. Personnel familiar with the facility discuss aspects in a random fashion whatever comes to mind.
�What If /Checklist
Combines the creative, brainstorming feature of what if analysis and the systematic features of the checklist analysis to try and overcome the random approach of What If.
�HAZID (HAZard IDentification) A process where a list of hazards and guidewords is applied to a facility or activity in a systematic manner.
�HAZID
Suitable for application during concept selection, and equally for review of basic development concepts when the following level of information is normally available: operations philosophy sparing and maintenance philosophy process flow schemes preliminary layouts fire and explosion strategies.
�Hazards Release
Guidewords
Gas Liquid Condensate Other Fuel source Ignition Relief Smoke & gas ingress Fuel Confinement Lifting Maintenance Mechanical failure Primary structures Temporary structures
Fire
Explosion Impact Structural Failure
�Hazards Environmental Chemical Logistic Materials Climatic Occupational
Guidewords
Volatiles Liquids Solids Types Handling Protection Aviation Marine Other Corrosion Erosion Earthquake Extreme weather Operational Diving Transport
�HAZID
Divide the item under consideration into nodes, which are manageable sections, with clearly defined limits. Apply the first guideword and ask how could this happen? Determine in what manner the hazard might be realised. What would be the consequence of this? List any existing safeguards or precautions.(Preventive or control measures) List any areas for discussion or any actions which need to be taken. Record everything, drawings used, team members, dates.
�HAZID Worksheet
HAZARD PHASE CAUSE Leak of process gas containing H2S Loss of Production containment EFFECT/ ESCALATION Toxic gas cloud. Risk to personnel on platform PREVENT The amount of process equipment on the platform is being kept to a minimum, with processing of the gas being performed onshore. CONTROL Platform is designed so that the prevalent wind d irection is away from the muster and evacuation areas. DISCUSSION Arrangements for changing from saver sets to BA sets are not clear. ACTION Action 001: Confirm the command and control strategy with regard to H2S and wearing BA.
Action 002: Develop an evacuation strategy that is Breathing apparatus Command and suitable for a sour gas control with environment. is available on the personnel platform wearing B A Action 003: Develop an will be difficult. intervention schedule and ensure that interventi on is kept Saver sets will be to an absolute minimum by provided to all personnel (typically keeping the amount of process up to 15 minutes equipment to a minimum. protection against H2S)
�HAZOP
A formal, systematic and critical examination of the process and engineering intentions of the process design. HAZard Abnormal operations OPerability Normal operations
�HAZOP Objectives
To identify the causes of all deviations or changes from the design intent To determine all major hazards and operability problems associated with these deviations To decide whether action is required to control the hazard or the operability problem To ensure that the actions decided upon are implemented and documented
�Formal procedure for identifying hazards Basic idea generate a list of all the ways in which process failures can occur Determine what may cause each failure and what the results might be Recommend actions to avoid each failure Not quantitative no trade off between risk and consequences
�HAZOP types
Coarse Hazop - Early study to identify basic flaws in design which would be costly to correct later Main Hazop - Primary vehicle for identification of hazards, effects and operability problems Final Hazop - Coverage of systems not sufficiently developed for the Main Hazop Procedural Hazop - Identification of hazards and operability problems arising from procedures such as commissioning, maintenance and other noncontinuous procedures.
�Procedures Coarse Hazop Main Hazop
Hazid
Final Hazop
Commissioning
Identification Phase
Definition Phase
Execution Phase
Prospective Project
Front End Engineering
�HAZOP Leader
HAZOP Leader
Process Engineer Instrument Engineer Operations Representative
HAZOP Secretary
Specialists
(as required) Maintenance Engineer Pipeline Engineer Metallurgist others
�Preparatory Work
Assemble the data Understand the subject Subdivide the plant and plan the sequence Mark up the drawings Devise list of appropriate keywords Prepare table headings and an agenda Prepare a timetable Select the team
�Hazop study
Full size Piping & Instrumentation Diagram (P&ID) displayed. Team members are provided with individual reduced size P&ID copies Introductory talk and brief description of the technique are given by the Hazop chairman. A plant description is provided usually by the process engineer, summarizing the processing facilities, including an account of the function of each equipment item.
�Key aspects for success of Hazop
The accuracy of the drawings and other data used as the basis for the study Technical skills and insights of the team Ability of the team to use as an approach as an aid to their imagination in visualising deviation, causes and consequences Ability of team to maintain sense of proportion
�Node Identification
Divide the facility into process systems and subsystems Follow the process flow of the system under study Isolate subsystems into major components which achieve a single objective
�Parameters
FLOW PRESSURE TEMPERATURE LEVEL PHASE COMPOSITION
�Guidewords
AN TH ER SE TH ER O EV F R O T R PA AS L EL W SS LE AS O M R E O N
FLOW
Parameters
PRESSURE
TEMPERATURE LEVEL PHASE
p p p p p p
p = possible
COMPOSITION (specific component)
Analysis based on appropriate operations identified by the team
Typical Operations: Isolation Maintenance Start-up Shutdown Blowdown
��Hazop study
Select the appropriate NODE Apply the PARAMETER Apply the GUIDE WORD (or DEVIATION) Agree credibility of deviation Determine the potential CAUSES of the deviation Assess the PROTECTION provided against the deviation and its consequences Agree a RECOMMENDATION for action or further consideration to the problem. Reiterate above steps for other GUIDE WORDS Reiterate above steps for other process PARAMETERS Reiterate above steps for other NODES in review
�Operational phases
Maintenance Utility failure Start-up Normal shut down Emergency shut down
�Possible CAUSES
Equipment Failure Operational Errors External Events Product Deviations
�CREDIBLE SCENARIOS
A single human error with or without established operating instructions A single instrument or mechanical failure A single failure coupled with a single instrument or mechanical failure
NON CREDIBLE SCENARIOS
Simultaneous failure of two independent instrument or mechanical systems Failure of both the primary and secondary relief device to operate as designed Immediate change of process characteristics Massive impact from foreign object
�RECOMMENDATIONS
Modify the design Add an alarm Add an interlock Develop or change procedure Review the design
�Documentation
Summary report HAZOP worksheets List of proposed actions The report is updated when all engineering and some procedural actions are completed. At the end of the project, a final report is issued including HAZOP Procedure HAZOP Follow-up Report List of all actions with status (completed, in progress etc) Complete set of P&IDs as used in the HAZOP study
�HAZOP FORM
Unit: Fired Heater
feed
Node: Feed pipe
Parameter: Flow
Location (line or vessel) or procedure (start up)
Process variables
air fuel
produc t
Guide Word Select from official list of words to ensure systematic consideration of possibilities no
Deviation applying guide word to this parameter
Cause process engineering
Consequence process engineering
Action preliminary result which should be reconsidered when time is available
no feed flow
1. feed pump stops
damage to pipes in radiant section, possible pipe failure
1. automatic startup of backup pump on low feed pressure
�2. feed valve closed 3. feed flow meter indicates false high flow (controller closes valve) 4. pipe blockage
2. fail open valve 3. redundant flow meters
4. a) test flow before startup 4. b) place filter in pipe Install remotely activated block valves at feed tanks to allow operators to stop flow
5. Catastrophic failure of pipe
5.a) damage to pipes in radiant section b) pollution and hazard for oil release to plant environment
For 1-5, SIS to stop fuel flow on low feed flow, using separate feed flow sensor
�Advantages of Hazop
It uses a systematic and logical approach. It has specific guideword listing and the process under review is subdivided into small sections for analysis It can analyse a combination of failures. The option of addressing continuing sequential failures can be investigated to the final outcome. It provides an insight into operability features. Operation control methods are fully investigated for potential deviating conditions. Operators present can readily deduct what hazards may be present at the facility.
�Limitations of Hazop technique
Require well defined system Time consuming. It may be slower than other methods. The team leader follows a standard format with special guidewords and deviations that need to be addressed. Because of standardized listings some unimportant issues may be addressed in some portions of the system under review. Provide no numeric ranking of hazards unless coupled with a risk ranking scheme Requires trained personnel with moderate level of skill to conduct. The review is thorough and systematic which has to be implemented in a proper fashion and accurately recorded. A specialized leader is used to guide the review team during the process. Focus on one-event failures
�TASK ANALYSIS Systematic examination of a task to be performed, listing all the ways in which it might be performed in an unsafe manner. Introduction of safeguards and controls to prevent or minimise the consequences of a failure. Sometimes called a job safety analysis.
�FAULT TREE ANALYSIS
Sequence of faults and causes leading to a hazardous event
�Failure Mode and Effects Analysis (FMEA)
A systematic approach that identifies potential failure modes in a system, product, or manufacturing / assembly operation caused by either design or manufacturing / assembly process deficiencies. It also identifies critical or significant design or process characteristics that require special controls to prevent or detect failure modes.
�Failure Mode Effect Analysis
A FMEA is used to examine each potential failure mode of a process to determine the effects of the failure on the system. A failure mode is the symptom, condition, or fashion in which hardware fails. It may be identified as a loss of function, a premature function (function without demand), an out-of-tolerance condition, or a physical characteristic, such as a leak, observed during inspection. The effect of a failure mode is determined by the system's response to the failure.
�A FMEA has three steps: defining the process, performing the analysis, and documenting the results.
.
�Application of FMEA
�Risk Assessment
What is the difference between Risk and Hazard? How do we measure risk?
�Assessment of a risk involves the rating of two factors which affect the risk
The severity of the hazard The likelihood of an occurrence of harm from the hazard
�Risk Assessment
Risk Prioritisation Matrix
Frequent
Medium
High
High
Likelihood
Occasional
Low
Medium
High
Seldom
Low
Minor
Low
Substantial
Medium
Major
Severity
�Increasing consequence
Personnel Risk Ranking Matrix
Level 5 Level 4 Level 3 Level 2 Level 1 A B C D E
Increasing likelihood
�Likelihood or Frequency
Level E - Daily Level D - Monthly Level C - Yearly Level B - Every 10 years Level A - Once in a lifetime
�Severity or Consequence
Level 5 - Multiple Fatalities Level 4 - Single Fatality, Multiple Injuries Level 3 - Major Injury Level 2 - Minor Injury Level 1 - No Injury, Near Miss
�Consequence Rating Accident Severity
IncreasingLikelihood A B Never Heard of heard of in in industry industry
C Incident has occurred in our company
D Happens several per year in our company
E Happens several times per year in location
0 1 2 3 4 5
NoInjury Slight Injury Minor Injury Major Injury Single Fatality Multiple Fatalities
I nc
r ea
sin
gR
i sk
�Swiss Cheese theory
�Are more layers safer?
�Layers of Protection Analysis (LOPA)
A risk assessment tool, often used after a HAZOP, to determine if protective measures are sufficiently robust, or need augmenting. Looks at the various protective methods, or layers, such as Inherent Safe Design, engineering controls, administrative controls, response systems etc These should be independent from each other, and are called Independent Protective Layers (IPL). Develop order of magnitude estimates for likelihood and consequence severities. Determine how much protection each IPL provides, for a particular fault scenario, and what combination is needed to provide adequate contingency.
�IPL1
IPL2
IPL3
Success Failure Failure Success
Safe outcome Undesired but tolerable outcome
Success Failure
Undesired but tolerable outcome Consequences in excess of risk criteria
�Summary
Hazard identification requires many different approaches No one method will give you all the answers No substitute for experience or past records Cultivate the ability to think the unthinkable Remember that all estimates are just that, estimates Update and review as appropriate Never be surprised at what people will do!
