this project is funded by the european union projekat finansira evropska unija

This Project is funded by the European Union

Project implemented by Human Dynamics Consortium

This project is funded by the European Union

Projekat finansira Evropska Unija


Projekat realizuje Human Dynamics Konzorcijum

HAZARD IDENTIFICATION: PRINCIPLES, METHODOLOGY, EXISTING APPROACHES

Antony ThanosPh.D. Chem. [email protected]



Hazard• State, action or physical-chemical

characteristic with potential of harm to equipment, human health or the environment

• Examples: Work at height – Hazard of fall Toxic material handling (e.g.

production of NH3) – Hazard of toxic release and toxic effects to human via dispersion and inhalation of toxic substance



• Hazard source examples: Failures of control systems, e.g.

instrument failure, controller failure, control valve failure

Mechanical failures, e.g. corrosion, weld defects, human error in design

Operator errors External sources, e.g. earthquakes,

missiles from accidents in other equipment

Management failures, as lack of operating / maintenance procedures



• Accident : The event that leads to harm to human, environment or equipment

• Accident probability : The probability of evolution of a hazard to an accident Hazard : natural gas equipment

(e.g. valve) Accident : leak with ignition Probability of accident : 10-4 per

year



• Consequence : The outcome (effects) of an accident

• Examples : Injury from fall from height Pulmonary damage due to

inhalation of released NH3

Burns from thermal radiation of fire in gasoline tank



• Hazard Identification : Use of techniques for identifying hazards, causes of accidents and effects Techniques do not automatically

reveal hazards, but facilitate the systematic examination of hazards, taking into advantage of existing knowledge of systems examined

““Few accidents occur because the Few accidents occur because the design team lack knowledge; Most design team lack knowledge; Most errors in design occur, because the errors in design occur, because the design team fail to apply their design team fail to apply their knowledge”, Trevor Kletzknowledge”, Trevor Kletz



Not all hazards or causes/effects are guarantied to be found

Results quality are strongly dependent on personnel experience

The prudent application Hazard Identification Techniques can identify important accidents, their causes and effects



• Safety reviews/audit/inspections The simplest technique Not strictly formed technique Evaluation of information from :

oVisits to workplaces

oReview of drawings, operation procedures

o Interviews with personnel

oRecords of events



• Checklists Written list of questions (usually

require answers in YES/NO form). Level of detail strongly depends on

author experience Extent can be :

oMinimal. Too generic, but easily applied in different processes within a company

oVery detailed, focusing in a specific process only



• Checklists (cont.) Examples :

oAre there available and valid test certificates for each safety valve ?

o Is every equipment grounded ?

oAre there dry-run protection provisions for pumps ?

oCan pump shut-off pressure exceed downstream pipe design pressure ?



• Checklists (cont.) Advantages

oVery useful in compliance checking with standards, legislation requirements etc.

oCan be used by non-experience personnel

oAdaptable to analysis depth desired

Disadvantage: Hazards not foreseen by questions cannot be identified



• Preliminary Hazard Analysis Applied usually in initial design of

layout planning Examines basic characteristics for:

oRaw materials, intermediates/final products, wastes

oEquipment: high pressure systems, reactors

oFactors causing accidents and safety equipment

oProcedures for operation, control, maintenance



• Preliminary Hazard Analysis (cont.) Hazard attributed to ranking

scheme such as :

o I, Insignificant

o II, Limiting

o III, Critical

o IV, Catastrophic



• Preliminary Hazard Analysis (cont.) Advantage: Applicability even in

early stage of design, with rather limited information, permitting interventions for risk control with minimum cost, e.g. identification of intermediate products with special hazards (Bhopal accident), permitting examination of different production process

Disadvantage: Not strictly defined technique. Information collected within discussions without systematic structure.



• Preliminary Hazard Analysis (cont.) Results presented usually in sheet

form Example of results for LPG road tankerHazard Cause Effects Cat.Mitigation/Prevention

measuresFlammable1. Hose ruptureUncontrolled leak, III a.Procedures require release due to tankerpotential off-sitehandbrake on

movement consequences during loading



• Relative Ranking Calculation of qualitative or

quantitative index of hazard, based on characteristics of hazardous processes

Examples : DOW F&EI (Fire and Explosion Index), MOND Toxicity index

F&EI= MF*(1+GPH)*(1+SPH) MF: Material factor, based on NFPA flammable and reactivityranking, or calculated on physicochemical propertiesGPH : General Process Hazard SPH: Specific Process HazardGPH/SPH : Calculated as Sum of penalties of partialvalues available in tables



• Relative Ranking (cont.) MF table values adjusted, if

necessary, depending on process conditions (e.g. material used at temperature over flash point)

GPH example : Extremely sensitive exotherm reactions : GPH=1.25 (nitration)

SPH examples :

oQuantity of flammable material, graph based on potential heat release

oPressure of temperature cycling, SPH=0.3



• Relative Ranking (cont.) F&EI values :

1-60, Light61-96, Moderate97-127, Intermediate128-158, Heavy159, Severe



• Relative Ranking (cont.) Advantages :

oStrictly defined

oEasy to be implemented, due to the rather limited data required

oApplied in either Unit or Site level

oVery useful in evaluation of alternative processes, comparison of different sites, ranking of hazardous areas within on Site



• Relative Ranking (cont.) Disadvantages :

oStrong dependence of outcome from penalties/equations used and assumptions used



• What-if Setting of questions : “What will

happen if…?” for the examination of evolution of undesired initial events (deviations from design ,normal operation.

Examples of questions:

oWhat will happen if gas phase connection valve remains closed during tank loading?

oWhat will happen if tank level is very high?



• What-if (cont.)

Example : LPG road tanker loading station

What if

Hazard / Consequenc

eSafeguards Proposals

Tanker moves

Hose rupture, LPG leak

Handbrake onBlocks on tyres

Break-away couplings



• What-if (cont.) Advantages :

oSimple

oCorrelates hazards, causes and protection measures

oGeneral questions can be applied in every process : e.g. “What will happen if instrument air supply fails?”

oEffectively applied with combination of check lists



• What-if (cont.) Disadvantages :

oNot strictly defined

oSuccess heavily depends on experience of work team and questions set

oHazard can be easily overlooked

oNo evaluation of deviation cause (e.g. why tank level is very low, why tanker moved?)



• FMEA (Failure Mode and Effects Analysis) Focus on events caused by

component failures and not to deviations of operating parameters

Bottom-up approach FMEA development :

o Identification of equipment/component

o Definition of failure type per equipment (failure cause could also be defined)

o Definition of outcomes per failure (assuming that protection measures are not in operation)

o Identification of safeguards (protection measures)

o Proposals



• FMEA (cont.) Examples of failures :

o valves : valve sticks to position, leakage from stem

o mixer : unintended stop of operation

o cooling network: loss of cooling water supply

Example : Regulating valve (open loop) at reactor inlet

FI

LIT



• FMEA (cont.) Example : Atmospheric reactor

feed valveEleme

ntFailure Effects Safeguard

sProposal

Reactant feed valve

Failure in open position

High reactant flow to reactor

High level toreactor, overflow

Local flow indicator in feed lineLevel transmitter signal to DCS

Flow transmitter with signal to DCS and high flow alarm

High/High-High alarm form level transmitterIndependent high-high level switch with interlock to feeding pump operation



• FMEA (cont.) Advantages :

o Direct correlation of hazards and causes

o Easily applied in systems with simple and in-series failures:

Disadvantages : o Emphasis only to component failures

and not deviations caused by failures in other processes

o Not focused on system/process behaviour

o Hard to implement in systems where hazards appear as outcome of failure combinations

o Time consuming



• Fault tree Technique starts from the

expression of hazard (accident) and goes to identification of possible causes (top-down approach)

Application of Boolean algebra operands (AND, OR) for definition of sequence for failures and errors (incl. human) contributing to accident

Results presented in logic diagram form



• Fault tree (cont.) Example : Overfilling of NH3 road

tankerTOXIC RELEASE FROM SAFETY VALVE

OVERFILLINGLOADINGS

OPER.FAILS TO IDENTIFY LI

FAILURE

OPERATORABSENT DURING

LOADINGLEVELINDICATOR (LI)

FAILURE

200 per year OR

AND

10-6 per year

4x10-4 per year

10-3 per year 10-3 per year

2x10-6 per year

1x10-6 per year AND



• Fault tree (cont.) Advantages :

o Correlation of hazards and causes

o Combinations of human errors and equipment failures can be identified

o Accident probability calculations possible, if failure/error database is available

•Disadvantages : o Strong dependence on final accidents

(top events) selected for building trees

o High experience and proper software required

o Time consuming



• HAZOP (HAZard and Operability) Study Hazards and malfunctions are

expressed via deviation of operating parameters from normal values, or due to human errors, equipment failures

Usual parameters to be examined :

oPressure

oTemperature

oFlow

oLevel



• HAZOP (cont.) Usual deviation keywords :

ΟμάδαHAZOP

Keywords

Deviation interpretation

ΝοLack/absence, e.g.

No flow : zero flowNo mixing : mixer failure

More

Value higher than normal, e.g.More Temperature : higher temperature, e.g. high temperature in cooling water due to cooling system failure

LessValue lower than normal, e.g.

Less pressure : Lower pressure, e.g. product withdrawal from tank while PVV stuck

Reverse Usually refers to flow with direction reverse to normal



• HAZOP (cont.) Usual deviation keywords (cont.) :

ΟμάδαHAZOP

Keywords


Part ofFraction of normal value, usually for solutions concentration

As well as

Qualitative increase, as for new phase development, or presence of impurities (e.g. water in anydrous ammonia, corrosive)

Before/after

Errors in operations sequence, e.g. addition of sulphuric acid before water in dilution tank during solution preparation

Early/late

Action in wrong time (e.g. early stop of batch reaction)



• HAZOP (cont.) Usual deviation keywords (cont.) :

ΟμάδαHAZOP

Keywords


Loss of Containm

ent

Any event of “”Loss of Containment”, not attributed to operation deviation, e.g. Leak from tank failure due to weld failure

Collision of road tanker

Utilities failure

e.g. lack of instrument air or electric power for pneumatic/motorized valves (lack of control action), lack of cooling water supply

Environmental Earthquakes, floods, lightnings

Other than

Complete substitution, e.g. wrong stream feed (for example feed of propane in butane line)



• HAZOP (cont.) HAZOP examination sessions

overview

ΟμάδαHAZOP

Step 3Comments, proposals

Step 1Design

comprehension

Step 2Systematic

examination of deviations

Keyword Parameter

• NO• LOW• HIGH• AS WELL AS

• Flow• Pressure • Temperature

HAZOP Table

COMMENTS /

PROPOSALS

SAFEGUARDSCONSEQUENCESCAUSESDEVIATION

P-1

Nr

P-2

HAZOP Team



• HAZOP (cont.) HAZOP steps

ΟμάδαHAZOP

Key-words application

Identificationof deviationcauses

Consequencesidentification

Discussion,comments, proposals

Nextparameter

Design comprehension

Unit Section (P&ID)

Nextsection



• HAZOP (cont.) Unit/Sections (Nodes)

identification based on main activities. Definition of Section borderlines and related drawings

Sections identification examples :

o Pipeline from port to tank

o Tank

o Tank pump-house

o Road tanker loading station

ΟμάδαHAZOP



• HAZOP (cont.) Main equipment definition per

Section Equipment example for Road

tanker loading station :

o Liquid phase piping from pump-house

o Gas phase return piping to tank

o Hoses/loading arms

o Road tanker

ΟμάδαHAZOP



• HAZOP (cont.) Before each session, Leader

defines Section to be examined An outline of operation for Section

has to be given, so that all group members understand the basic elements of process examined

ΟμάδαHAZOP



• HAZOP (cont.) Example : Atmospheric reactor

ΟμάδαHAZOP

FI

LIT



• HAZOP (cont.) HAZOP Table example :

ΟμάδαHAZOP

NoDeviati

onCauses

Consequences

SafeguardsComments,

Recommendations

5

High flow

Failure of feed control valve at open position

High level in reactor (No75) with potential overflow

FI567 (local)

LIT987 (remote indicator)

(R) FIT (remote) with High alarm

HAZARD AND OPERABILITY STUDY Company : ABC S.A. Drawing : S-9871 (31/12/03)

Site : XYZ Site HAZOP Date : 01/10/13Unit : U-1234 Work group : See attendance

list Section: Reactor feed line Rev. : 5



• HAZOP (cont.) HAZOP Table example (cont.):

ΟμάδαHAZOP

NoDeviati

onCauses

Consequences

SafeguardsComments,

Recommendations

75

High level

Failure of either feed (open) or product (closed) valve

Potential overflow

LIT (remote indicator)

(C) Check that error in LIT provides error signal to DCS and last good value is not retained(R) Provide LAH, LAHH from LIT signal(R) Provide LHHS from independent level transmitter forcing trip of feed pump

HAZARD AND OPERABILITY STUDY Company : ABC S.A. Drawing : S-9871 (31/12/03)

Site : XYZ Site HAZOP Date : 04/10/13Unit : U-1234 Work group : See attendance

list Section: Reactor vessel Rev. : 5



• HAZOP (cont.) HAZOP Study organisation

HAZOP team structure

oLeader/facilitator

oRecorder (Scribe)

oMembers (design, operator, maintenance, H&S, I&C, inspection)

ΟμάδαHAZOP

Teamformation

P&IDsstudy

Examinationsessions



• HAZOP (cont.) HAZOP Team. Usual 4-12 members

(very small groups lack broad disciplines, very large groups proceed very slow and have limited discussions between members)

HAZOP examination sessions organisation:

oPredefined

oParticipants presence verified

oParticipants do not leave during meeting (dedicated time)

ΟμάδαHAZOP



• HAZOP (cont.) HAZOP examination sessions :

oUsually 2-3 hours, up to 4-6 hours

oLonger sessions result to actually slower progress and bad quality of results due to group fatigue

oSessions must not be interrupted

oSuccessive days should be avoided if possible

ΟμάδαHAZOP



• HAZOP (cont.) Necessary support material for

examination session to begin :

o Updated P&IDs

““Carrying out a HAZOP on a Carrying out a HAZOP on a incorrect line diagram is the incorrect line diagram is the most useless occupation in the most useless occupation in the world”,world”, Trevor KletzTrevor Kletz

o Plot plans

o Flow sheets

o Operating manuals, control documentation

ΟμάδαHAZOP



• HAZOP (cont.) Necessary support material for

examination session to begin :

o ESD procedures

o Equipment specifications

o SDS

o Accident reports

• Support material available to HAZOP team at least 1 week before sessions to begin

ΟμάδαHAZOP



• HAZOP (cont.) HAZOP examination session room :

o Sufficient space, isolate from other activities

o Big table available

o Laptop for HAZOP table entry during session

o Wall/floor stand for drawings

o Projector for clarifications presentation (if necessary, especially in large groups)

ΟμάδαHAZOP



• HAZOP (cont.) Advantages :

oWidely applied and recognised

oSystematic and comprehensive -nevertheless creative- technique

oSystem (process) oriented

oCovers both causes and effects of hazards, along with safeguards, in a robust format

oHuman errors and equipment failures can be identified



• HAZOP (cont.) Disadvantages :

oMature design data are needed (not suitable for early design stages)

o Interactions between sections not straightforward examined

oSpecial hazards need use of special keywords

oPlant layout issues not inherently taken into account



• HAZOP (cont.) ““A HAZOP is no substitute for A HAZOP is no substitute for

knowledge and experience. It is knowledge and experience. It is not a sausage machine which not a sausage machine which consumes line diagrams and consumes line diagrams and produces lists of modifications. It produces lists of modifications. It merely harnesses the knowledge merely harnesses the knowledge and experience of the team in a and experience of the team in a systematic and concerned waysystematic and concerned way””, , Trevor KletzTrevor Kletz



• Conclusion Not suit fits allNot suit fits all Technique selection depends on:

oproject maturity stage (concept, early design, detailed design, existing establishment)

osystem complexity

orequired outcomes (quantitative/ qualitative results)



• Literature for Hazard Identification Techniques

Lees’ Loss Prevention in the Process Industries, Elsevier Butterworth Heinemann, 3nd Edition, 2005

Guidelines for Hazard Evaluation Procedures, CCPS-AICHE, 2nd Edition,, 1995

HSL, Review of Hazard Identification Techniques, HSL/2005/58

Nolan D., Application of HAZOP and What-if Safety Reviews to the Petroleum, Petrochemical and Chemical Industries, Noyes Publications, 1994

Vincoly J., Basic Guide to System Safety, John Wiley and Sons, 2nd Edition, 2006

DOE Handbook, Chemical Process Hazards Analysis, US DOE, DOE-HDBK-1100-2004

DOW Fire and Explosion Index, AICHEJ, 7th Edition, 1994



• Literature for Hazard Identification Techniques (cont.)

BS API RP 14C, Recommended Practice for Analysis, Design, Installation and Testing of Basic Surface Safety Systems for Off-shore Porduction Platforms, 7th Edition, 2001

IEC 60300, Dependability management , Part 3-1 Application guide – Analysis techniques for dependability – Guide on methodology, 2003

IEC 61882, Hazard and Operability Studies (HAZOP), Application Guide, 2001

this project is funded by the european union projekat finansira evropska unija

Documents