overview of process hazard analysis (pha)

Overview of Process Hazard

Analysis(PHA)

1

DR. AA, Process Control and Safety Group

Factors Influencing Incidents

2

Causes of Accidents and Incidents

Incidents and Accidents are caused by

either unsafe behaviours (substandard

practice) and/or unsafe conditions

(substandard designs).

Unsafe behaviours are handled by Occupational Safety Program,

Unsafe conditions are managed through Process Safety Programs.

3

Accident Causation Models

4

DOMINO EFFECT

5

LOSS CAUSATION MODEL

LACK OF

CONTROL

INADEQUATE

PROGRAM

BASIC

CAUSES

PERSONAL

FACTORS

&

JOB

FACTORS

IMMEDIATE

CAUSES

SUB

STANDARD

ACTS

&

CONDITIONS

INCIDENT

CONTACT

WITH

ENERGY

OR

SUBSTANCE

LOSS

PEOPLE

PROPERTY

PROCESS

PLANET

LOSS CAUSATION

PROBLEM SOLVING

Workers

exposed

to hazards

THRESHOLD

OSH-MS

Safe Operating Procedures, Training,

Supervision, Maintenance, PPE

Activity: PREVENTION Activity: MITIGATION

6

ACCIDENT RATIO STUDY

SERIOUS OR DISABLING

Including disabling and serious injuries

MINOR INJURIES

Any reported injury less than serious

PROPERTY DAMAGE ACCIDENTS

All types

INCIDENTS WITH NO VISIBLE

INJURY OR DAMAGE

Near-miss accident

10

30

600

1

7

Process Hazards

HAZARDOUS MATERIALS + PROCESS CONDITIONS

Flammable materialsCombustible materialsUnstable materialsReactive materialsCorrosive materialsAsphyxiatesShock-sensitive materialsHighly reactive materialsToxic materialsInert gasesCombustible dusts

High temperaturesExtremely low temperaturesHigh pressuresVacuumPressure cyclingTemperature cyclingVibration/liquid hammeringRotating equipmentIonizing radiationHigh voltage/currentErosion/Corrosion

Human Factors or Errors

HUMAN FAILURE

ERRORS VIOLATIONS

• Deliberate actions

• Different from those prescribed

• Carries known associated risks

• Ignores operational procedures

• Violation errors occur because of a

perception of lack of relevance, time

pressure or laziness.

• Competency exists

• Intentions are correct

• Slips occur while

carrying out habitual,

routine, skill based

activity.

• Incorrect intention

• Inadequate knowledge

• Incorrect information processing

• Inadequate training

• Mistakes occur because of incorrect

assumptions or incorrect “tunnel

vision” application of rules.

SLIPSMISTAKES

Process Hazard Analysis(PHA)

Methodologies

10

DR. AA, Process Control and Safety Group

PHA Methodologies

11

Process Hazards Analysis

PROCESS HAZARDS ANALYSIS

What can go

wrong?

How likely is

it?

What are the

consequences?

PROCESS HAZARDS ANALYSIS STRUCTURE

FOUNDATION FOR PROCESS HAZARDS ANALYSIS

HistoricalExperience

PHA Methodology

Knowledge and Intuition

Qualitative Risk Analysis

Process Hazards Analysis is the predictive identification of hazards, their cause & consequence and the qualitative estimation of likelihood and severity.

Qualitative vs. Quantitative

PROCESS HAZARDS ANALYSIS RISK ANALYSIS

IDENTIFIES HAZARDS, estimates likelihood and severity, suggests improvements.

USE ON EVERY PROJECT

QUALITATIVE - based on experience, knowledge and creative thinking.

Most often done by MULTIDISCIPLINARY TEAM

Several methodologies available What-if or Hazid What-if/Checklist HAZOP FMEA Preliminary Hazards Analysis

ASSESSES HAZARDS

SELECTIVE - use when other methods prove inadequate or excessive in cost.

QUANTITATIVE - requires extensive data and special expertise.

Done by ONE OR TWO SPECIALLY TRAINED PEOPLE

Also called:• Hazan• Risk Assessment• Probabilistic Risk Assessment

(PRA)• Quantitative Risk Assessment

(QRA)

Process Hazard Analysis

Simply, PHA allows the employer to:

• Determine locations of potential safety

problems

• Identify corrective measures to improve safety

• Preplan emergency actions to be taken if

safety controls fail

15

PHA Must Address …

• The hazards of the process

• Identification of previous incidents with likely potential for catastrophic consequences

• Engineering and administrative controls applicable to the hazards and their interrelationships

• Consequences of failure of engineering and

administrative controls, especially those affecting

employees

• Facility siting; human factors

• The need to promptly resolve PHA findings and

recommendations

16

PROJECT PHASE

Conceptual Process

development

Project

sanctionDesign, engineering,

construction

Hand

over

operation

Stage 1

Concept

Stage 2

Process

design

Stage 3

Detailed

Engineering

Stage 6

Post-

commis

sioning

Stage 5

Pre-

Commis

sioning

Stage 4

Construction

Relationship of six-stage process study system to project life-cycle

Safety issues must be embedded within all project life-cycle

17

PHA and project phase

Method

used

Project life cycle stage

0 1 2 3 4 5 6 7

Checklist X X X X X X X X

RR X X (X) (X)

What-If X X X X

FMEA (X) X X (X)

LOPA X X X

HAZOP (X) X X

PHR X (X)

18

What If

19

What-If

• Experienced personnel brainstorming a series of

questions that begin, "What if…?”

• Each question represents a potential failure in the

facility or mis-operation of the facility

• The response of the process and/or operators is evaluated to determine if a potential hazard can occur

• If so, the adequacy of existing safeguards is weighed against the probability and severity of the scenario to determine whether modifications to the system should be recommended

20

What-If – Steps

1. Divide the system up into smaller, logical

subsystems

2. Identify a list of questions for a

subsystem

3. Select a question

4. Identify hazards, consequences, severity,

likelihood, and recommendations

5. Repeat Step 2 through 4 until complete

21

What-If Question Areas

• Equipment failures

– What if … a valve leaks?

• Human error

– What if … operator fails to restart pump?

• External events

– What if … a very hard freeze persists?

22

What If

What If…? Initiating Cause Consequence

1. There is higherpressure in the vessel

1.1 External fire in the process area

1.1 potential increase in temperature and pressure leading to possible leak or rupture. Potential release of flammable material to the atmosphere. Potential personnel injury due to exposure.

1.2 pressure regulator for inert gas fails open

1.2 potential for vessel pressure to increase up to the inert gas supply pressure. Potential vessel leak leading to release of flammable material to the atmosphere. Potential personnel injury due to exposure.

23

Checklist

24

Checklist

• Review an installation against known hazards

identified on previous studies of similar plant

• Examine the checklist for relevance to plant

being studied

– Ask questions based on a pre-defined list

• The checklist is a corporate memory of what

could go wrong

– Should be augmented by industrial-wide experience

when available

25

Strength of checklist

• Is quick and simple to perform and is easily

understood

• Makes use of existing experience and

knowledge of previous systems

• Helps check compliance with standard practice

and design intention

• Ensures that known hazards are fully explored

26

Weakness of checklist

• Does not provide a list of initiating events

(failure cases) for a QRA

• May not be comprehensive and does not

encourage analysts to consider new or unusual

hazards

• Highly dependent upon the quality of the

prepared checklists

27

Checklist Question Categories

• Causes of accidents

– Process equipment

– Human error

– External events

• Facility Functions

– Alarms, construction materials, control systems,

documentation and training, instrumentation, piping,

pumps, vessels, etc.

28

Checklist Questions

• Causes of accidents

– Is process equipment properly supported?

– Is equipment identified properly?

– Are the procedures complete?

– Is the system designed to withstand hurricane winds?

• Facility Functions

– Is is possible to distinguish between different alarms?

– Is pressure relief provided?

– Is the vessel free from external corrosion?

– Are sources of ignition controlled?

29

Hazard Indices

30

Hazard Indices

• Hazard indices give a quantitative indication of

the relative potential for hazardous incidents

associated with a given plant or process. They

are used to most effect at the early design

stage of a new plant.

• The best known hazard indices are the Dow

Index (1981) and the Mond Index (1979).

31

• Operates like an income tax form.

• Penalties for unsafe situations

•Credits for control and mitigation

• Produces a number - the bigger the number

the greater the hazard.

• Only considers flammable materials

• Not effective for procedures.

Dow Fire and Explosion Index

32

33

Dow Fire & Explosion Index

• Considers toxic materials only.

• Includes simple source and dispersion models.

• Not effective for procedures.

Dow Criteria: If sum of F&EI and CEI > 128,

then more detailed hazard review procedure

required.

Dow Chemical Exposure Index (CEI)

34

Mond Index

Objectives of Mond Index

To Identify, Assess and Minimize potential hazards on

chemical plants units for new and existing processes

About Mond Index

Index primarily concerned with fire and explosion problem.

Toxicity is considered only as possible complicating factor.

Method gives credits for plant safety features (both hardware

and software).

Mond Index

35

Mond Index Procedure

1. Divide plant into units and each unit is assessed individually

2. Select ion of key material present in the unit.

– Key material is the most dangerous chemicals (inherent properties),

which higher possibility for combustion, explosion or exothermic

reaction.

3. Calculation of Factors

– Material Factor, B

– Special Material hazards, M

– Special Process hazards, S

– Quantity Hazards, Q

– Layout Hazards, L

– Acute Health Hazards, T

4. Calculation of Indices - Dow Index (D), Fire Index (F), Explosion

Index (E), Overall Hazard Rating (R).

36

The most important criteria - overall hazard rating, R

Overall Hazard Rating Category

0-20 Mild

20-100 Low

100-500 Moderate

500-1100 High (group 1)

1100-2500 High (group 2)

2500-12,500 Very high

12,500-65,0000 Extreme

> 65,000 Very extreme

Mond Index Criteria

37

HAZID

38

HAZID

• Performed by a team of multidisciplinary

experts

• The analyses are carried out based on area by

area basis

– It is focusing on location of the process

• The discussion proceeds through the

installation’s modules or operations using

guide words to identify potential hazards, its

causes, and possible consequences

• The outcomes are summarised in HAZID Log

Sheet 39

HAZID Guidewords

40

HAZID Guidewords – Port Facility

41

HAZID Log Sheet

Ref No

Guide word

Hazard Description

Conse-quences

Risk Potential Safeguards /mitigating features

Action / commentcons Freq

42

HAZOP

43

HAZOP

• Performed by a team of multidisciplinary experts

• The process is divided into distinct subsections or

nodes

– It is focusing on plant component/equipment

• On each node, detailed brainstorming is conducted

facilitated by a HAZOP Leader

– Based on the design intent of each equipment specified by the

node, possible deviations are examined, aided by guidewords

and process parameters

– Causes, consequences are identified and existing protection

prescribed by the design are assessed. Based on these,

recommendations are put forward

• The outcome is summarized in a HAZOP Log Sheet 44

HAZOP Guidewords

• No: negation of design intention; no part of design intention is

achieved but nothing else happens

• More: Quantitative increase

• Less: Quantitative decrease

• As well as: Qualitative increase where all design intention is

achieved plus additional activity

• Part of: Qualitative decrease where only part of the design

intention is achieved

• Reverse: logical opposite of the intention

• Other than: complete substitution, where no part of the original

intention is achieved but something quite different happen

– Contamination, corrosion, sand deposits etc

45

HAZOP Log Sheet

Deviation Causes Consequences Protection Action

Guideword + Parameter

Guideword: No, Less, More, reverse etc

Parameter: Flow, temperature, level etc

Possible causes of the deviation

Effect of deviation of plant safety and operability

Safety provision already considered.- Prevent causes- prevent/ reduce consequence- monitor/ detect

Is the protection sufficient?If not, propose suitable action or recommendation

• Based on the selected NODE and the design intent of

the node, HAZOP study is conducted. The output is

summarised in HAZOP Log Sheet

Example: Simplified HAZOP Log Sheet

46

LOPA

47

LOPA

• LOPA is a semi-quantitative risk analysis technique that is applied

following a qualitative hazard identification tool such as HAZOP.

• Similar to HAZOP LOPA uses a multi-discipline team

• LOPA can be easily applied after the HAZOP, but before fault tree

analysis

• LOPA focuses the risk reduction efforts toward the impact events

with the highest risks.

• It provides a rational basis to allocate risk reduction resources

efficiently.

• LOPA suggests the required Independent Layer of Protection (IPL)

required for the system to meet the required Safety Integrity Level

(SIL)

48

LOPA Methodology

• There are five basic steps in LOPA:

1. Identify the scenarios

2. Select an accident scenario

3. Identify the initiating event of the scenario and

determine the initiating event frequency (events per

year)

4. Identify the Independent Protection Layers (IPL)

and estimate the probability of failure on demand of

each IPL

5. Estimate the risk of scenario

49

LOPA

50

LOPA

Consequence & Severity

Initiating event(cause)

Initiating event challenge frequency /year

Preventive independent protection layers Probability of failure on demand (PFD)

Mitigation independent protection layer (PFD)

Mitigated consequence frequency/year

Process design

BPCS Operator response to alarm

SIF (PLC relay)

iJii

I

i

ij

J

j

I

i

C

i

PFDPFDPFDf

PFDff

...21

1

i event initiating for C econsequenc against protects

that IPL jth the of demand on failure ofy probabilit

i event initiating forrequency frequency

i event initiating for C econsequenc forfrequency

ij

I

i

C

i

PFD

f

f

51

Failure Modes, Effects Analysis

(FMEA)

52

FMEA – Failure Modes, Effects Analysis

• Performed by a team or a single analyst

• Systematic review

– Considers each component in turn

– Subjectively evaluates effects of failure

• Based on tabular format

• FMECA includes critical analysis

53

FMEA – Failure Mode Keywords

• Rupture

• Crack

• Leak

• Plugged

• Failure to open

• Failure to close

• Failure to stop

• Failure to start

• Failure to continue

• Spurious stop

• Spurious start

• Loss of function

• High pressure

• Low pressure

• High temperature

• Low temperature

• Overfilling

• Hose bypass

• Instrument bypassed

54

Example: FMEA on a Heat Exchanger

Failure Mode

Causes of Failure

Symptoms Predicted Frequency

Impact

Tube rupture

Corrosion from fluids (shell side)

H/C at higher

pressure than

cooling water

Frequent –has

happened 2x in 10 yrs

Critical –could

cause a major fire

Rank items by risk (frequency x impact)

Identify safeguards for high risk items

55

Fault-Tree Analysis

(FTA)

56

Fault Tree Analysis

• Provides a traceable, logical, quantitative

representation of causes, consequences and event

combinations

• Not intuitive, requires training

• Top-down analysis

• Graphical method that starts with a hazardous event and works backwards to identify the causes of the top event

• Intermediate events related to the top event are combined by using logical operations such as AND and OR.

• Not particularly useful when temporal aspects are important

57

Example of FTA

58

FTA Procedure

make

decision:

acceptable

?

identify top event

construct the fault tree

analyze qualitatively

analyze quanitatively

accept system

YES

NO

develop improvements

FTA Nomenclature

PHR

Method

Selection

Decision

Tree