Prestartup Safety Review (PSSR)

Process Hazards Analysis (PHA)


Home

Bookshop
Seminars/Webinars

Incidents
Management
Occupational Safety Offshore Industries
Onshore Industries
PSM
  Bow Tie Analysis
  Emergencies
  FMEA
  HAZOP
  HAZOP Team
  Incident Analysis
  Inherent Safety
  MOC
  Operating Procedures
  PSSR
  PHA
  Process Safe Limits
SEMS
Technical Safety
 
Acronyms / Definitions|
Affiliates
Annotums
Citations
Examples
Organizations
Privacy / Commercial
Site Map

Contact Us
Process Hazards Analysis
This page describes some of the Process Hazards Analysis (PHA) techniques that are used by the process industries as part of their Process Safety Management (PSM) programs, and discusses when and where each is best used.

The techniques discussed are:
  • Hazard and Operability Study (HAZOP);
  • Failure Mode and Effects Analysis (FMEA);
  • What‑If;
  • Checklist;
  • What‑If / Checklist;
  • Fault Tree Analysis;
  • Event Tree Analysis;
  • Indexing; and
  • Interface Hazards Analysis.
It is important not to draw too sharp a line between the methods; indeed the more experience a person gains in conducting and leading hazards analyses the more the techniques seem to merge with one another. Nor is any one of these methods inherently better than any of the others. They all have their time and place.

Further information on these techniques is provided in Chapters 3 and 4 of the book Process Risk and Reliability Management.

The Hazard and Operability Method (HAZOP)

The HAZOP (Hazard and Operability) method is probably the most widely used hazards analysis method. Even those who are not familiar with the hazards analysis process will often have heard of the term HAZOP, even if they are not really sure what it means. Because of its importance, this technique is discussed at the HAZOP page. Principles to do with team selection and management, which can be applied to all types of Process Hazards Analysis, are discussed in HAZOP Team Selection and Management.

Failure Modes & Effects Analysis (FMEA)

The Failure Modes and Effects Analysis (FMEA) technique is described at the Failure Modes & Effects page.

Checklist

The Checklist Method uses a set of prepared questions to stimulate discussion and thinking, often in the form of a What-If discussion. The questions are developed by experts who have conducted many hazards analyses and who have extensive experience to do with the design, operation and maintenance of process facilities. Checklists are not comprehensive - no hazards analysis method can make that claim. Nevertheless, they should make sure that a complete range questions is asked and that nothing that would be regarded as obvious is overlooked.

Although checklists are discussed as a separate topic in this section, the reality is that checklists are used in all types of hazards analysis. For example, checklists to do with equipment failure are used in FMEAs.

Examples of topics for checklist questions are listed in Table 1.

Table 1
Checklist Question Topics

1.      Equipment
1. Pumps
2. Compressors
3. Pressure Vessels
4. Storage Tanks
5. Piping
6. Valves
2.      Utilities
1. Steam (various pressure levels)
2. Cooling Water
3. Refrigerated Water
4. Process / Service Water
5. Instrument Air
6. Service Air
7. Boiler Feed Water
8. Nitrogen
9. Other Utility Gases
10. Fuel Gas
11. Natural Gas
12. Electrical Power
3.      Pressure Relief
1. Relief Valves
2. Rupture Disks
3. Flare Header and Flare
4.      Instruments And Controls
1. Local Instruments
2. Board Mounted Instruments
3. Distributed Control System (DCS)
4. Control Loops
5. Emergency Loops
5.      Emergency Systems
1. Fire Water
2. Fire Fighting Equipment
3. External Fire
4. Runaway Reactions
6.      Human Factors
1. Operating Procedures
2. Training
7.      Chemicals
8.     Siting

A checklist generally has two sections as illustrated in Figure 1, which is for a Chemical Storage Checklist.

The top section provides information as to how the checklist is being used. The company, facility and location are all identified. If some of the information for the checklists answers comes from discussions and interviews with personnel at the site, their names are entered here. The titles of all the documents that were reviewed are also entered in the top section of the checklist.

The bottom section of the checklist consists of the questions themselves. The response can be 'Yes', 'No' or 'Not Applicable'. Discussions and background information are entered into the Notes column.

Figure 1
Chemical Storage Checklist

Checklist 10.2:  Chemical Storage

Company

Facility

Location

Persons Interviewed

Name

Title

Date






Documents Reviewed

Document Title

Date




Notes

Question

Y / N / NA

Notes

10.2.1

 Are chemicals separated according to the following categories:
  • Solvents, which include flammable/combustible liquids and halogenated hydrocarbons
  • Inorganic mineral acids (e.g., nitric, sulfuric, hydrochloric, and acetic acids).
  • Bases (e.g., sodium hydroxide, ammonium hydroxide)
  • Oxidizers
  • Poisons
  • Explosives or unstable reactives.

10.2.2

 Are caps and lids on all chemical containers tightly closed to prevent evaporation of contents?


10.2.3

 Is a Material Safety Data Sheet (MSDS) provided for each chemical at the facility?

10.2.4

Are hazardous chemicals purchased in as small a quantity as possible?

10.2.5

Are the MSDS readily accessible?

10.2.6

Is there a HazMat team?

10.2.7

Are all chemicals properly logged in on receipt?

10.2.8

 Is there a list of which chemicals are present at any one time?

10.2.9

Are all chemical containers properly labeled?

10.2.10

Is the safety diamond system used?

10.2.11

How are chemicals being brought into the facility checked?

10.2.12

Are flammable or toxic chemicals stored near accommodation or office areas?

10.2.13

Are chemical drums and totes lifted over areas where people are present?

10.2.14

Are chemicals stored on stable flooring?

10.2.15

Are chemical storage areas properly vented?

10.2.16

Are chemicals ever stored in a domestic refrigerator?



10.2.17

Are storage shelves large enough?



10.2.18

Are storage shelves secure?



10.2.19

Do storage shelves have proper lips?



10.2.20

Are island shelf assemblies avoided?



10.2.21

 Are there procedures for response to chemical spills in the chemical storage area?



10.2.22

 Is the storage area made of flammable materials?



10.2.23

 Does the storage area have an effective fire, smoke and gas warning system?



10.2.24

 Does the storage area have an effective fire control system?



10.2.25

 Are incompatible chemicals stored in the same area?



The What-If Method

The What-If method (spelled here in the same way as it is printed in the OSHA regulation, i.e., hyphenated but with the question mark omitted) is the least structured of the hazards analysis techniques. This method also takes the least amount of time. 

A What-If analysis is conducted by a team very experienced analysts, engineers and operations experts. They are adept at the identification of incident scenarios based on their experience and knowledge. Because it has relatively little structure, the success of a What-If analysis is highly dependent on the knowledge, thinking processes, experience and attitudes of the individual team members. The method does, however, allow the team members to be creative - the very lack of structure allows them to expand their horizons. Since there is relatively little prompting from formal guidewords, it is vital that the team members prepare very thoroughly before the meetings start; the free-ranging nature of the discussion will require that everyone be up to speed on the process and its general hazards before the meetings start.

Issues that can be discussed during a What-If review include the following:
  • Emergency shut down systems
  • Vents
  • Flares
  • Piping systems
  • Electrical classification areas
  • Truck / rail / ship / barge movements
  • Effluents and drains
  • Noise
  • Leaks
  • Operating procedures
  • Maintenance procedures
  • Machinery, including cranes, hoists and fork lifts
  • Public access and perimeter fencing
  • Adjacent facilities
  • Buried cables
  • Overhead cables
  • Special weather problems, including freezing, fog, winterization, rain, snow, ice, high tides and high temperatures
  • Toxicity of construction materials
  • Demolition safety
A What-If analysis can be organized in one of two ways. The first is to divide the facility into nodes, rather like a HAZOP, except that the nodes are typically bigger and more loosely defined. The second approach is to organize the analysis by major items of equipment rather like an FMEA, and then to discuss the different types of failure mode for each. These two approaches are discussed below. Guidance to do with utilities, batch processes, operating procedures and equipment layout is also provided.

Node / Functional Area Review

Nodal analyses are usually organized around major sections of the process such as a distillation column or a pig launching system. Team members ask questions such as ‘What-If there is high pressure?’ or ‘What-If the operator forgets to do this?’ or ‘What-If there is an external fire in this area?’

Using this approach, many of the individuals on the team will probably find themselves instinctively following the HAZOP guideword approach. Consequently, a What-If analysis of this type tends to take the form of a faster-than-normal HAZOP. However, the scribe will not need to take notes for every deviation guideword — only meaningful discussions will be recorded. Also, this type of What-If discussion will jump around from node to node more than would be normal in a HAZOP, thus placing greater pressure on the leader and scribe to achieve results and to come to relevant conclusions.

Some What-If questions that can be used for a nodal analysis are listed below.
  • What-If the system is bypassed?
  • What-If the flow stops?
  • What-If there is contamination?
  • What-If there is a power failure?
  • What-If there is corrosion or erosion?
  • What-If there is an external impact?
  • What-If the operator fails to pay attention?
  • What-If the operator skips a step?
  • What-If there is an instrument error?
  • What-If an interlock is bypassed?

Equipment and Function Review

In the second approach to a What-If analysis, the hazards analysis discussions are organized around equipment types and their function. Examples of equipment type are listed below.
  • Pressure Vessels
  • Pumps
  • Compressors
  • Distillation Columns
  • Absorbers
  • Storage Tanks
  • Vents
  • Flares
  • Piping systems
What-If questions to do with issues such as leaks and over-pressure can be asked for each equipment type.

Utility Systems

The analysis of utility systems such as steam headers and instrument air systems can be difficult because it is not always clear where the nodal boundaries are located. A discussion that starts in one area can become very far-reaching and include almost the entire facility.

Utility systems have a large number of interfaces with the process, any of which could leak. Sometimes the leak will be from the utility into the process; in other cases the leak will be from the process to the utility. Either way, it can be difficult to detect the source of a problem.

One way of analyzing utility systems is for the team leader and scribe to note potential interface problems as they are discussed during the process analysis. These notes can then be discussed as a group when the utilities themselves are being analyzed.

Batch Processes

Process hazards analysis methodologies were developed initially for large, continuous processes such as petrochemical plants and refineries. However, many plants are smaller and operate primarily in a batch mode. Batch plants are often found in the pharmaceuticals and food processing industries. Even processes which are primarily continuous do have some batch operations, such as truck loading and unloading.

Because batch processes are dynamic (time is a variable,) an analysis of their operation is more complex than for a steady-state process. One way of handling this additional complexity is to systematically work through the operating procedures using a What-If approach - in which deviation guidewords serve as prompt questions. For example, if the instruction is, ‘Add 100 liters of water to V‑100’, the team might ask questions such as:
  1. What if the vessel is over-filled? (High level)
  2. What if the liquid is not water? (Contamination)
  3. What if there is less than 100 liters of water available? (Low Flow)?
  4. What-If V-100 is over-pressured? (High Pressure)
  5. What-If the water is added too soon? (High Flow)
    6. What-If the water is added too late? (Low Flow)
  6. What-If the step is omitted altogether? (Low Flow)
Once the discussion for this step is complete, the team can then analyze the next step in the operating procedures.

Other 'step' questions include:
  1. Step done early 
  2. Step done late
  3. Step omitted
Once the discussion for this step is complete, the team can then analyze the next step in the operating instructions.

Operating Procedures

Some hazards analysis teams elect to analyze operating procedures in addition to process systems. A What-If approach is an effective method of conducting such an analysis. The team works through each step of the procedure asking a series of What-If questions, including the following:
  1. What-If the instruction is missed/over-looked/ignored?
  2. What-If two instructions are done in the wrong order?
  3. What-If this step is done out-of-sequence (early)?
  4. What-If this step is done out-of-sequence (late)?
  5. What-If this step is done too slowly?
  6. What-If this step is done too quickly?
  7. What-If the instruction is carried out partially (such as a valve being only partly closed)?
  8. Does the operator have the information that he or she needs to conduct this step? For example, can all relevant gauges be read?
  9. Can this step be performed at night?

Layout Reviews

When determining risks to do with the layout of equipment, issues to consider include:
  • Ease of escape in the event of a fire or other serious event;
  • Noise zones;
  • Vehicle movement;
  • Accessibility for emergency vehicles; and
  • Dropped objects from cranes and other lifting equipment.

What-If / Checklist Method

The What-If / Checklist method is the third of the hazards analysis techniques listed in the OSHA standard. This approach is basically a combination of the two methods that have just been discussed. The hazards analysis team works through a checklist. However, instead of merely answering ‘yes’ or ‘no’ to the questions, the team leader generates a relatively unstructured 'What‑If' discussions around each of the questions.

Indexing Methods

Comparative risk levels can be evaluated using indexing methods. Each design is scored on a variety of factors contributing to overall risk. For example a design that uses highly toxic chemicals will score negative points, whereas a facility that is located away from populated areas receives positive points. Credit is also provided for the use of control and mitigation measures.

Three commonly used indexing methods are:

Interface Hazards Analysis

Most hazards analyses review a sub-set of a larger system. For example, a refinery hazards analysis team may carry out a hazards analysis on just the catalytic cracking unit; a pipeline company may analyze just the marine loading operations; or an offshore team may analyze just one platform in a larger complex. Yet these sub-systems are part of larger systems; which means that hazards can be transferred to or from the other units across the interfaces.

One large oil production facility, for example, had both onshore and offshore operations. An operator was carrying out a routine pigging operation on a line that came from an offshore platform to the onshore gas processing plant. He inadvertently misaligned the valves around the pig trap and caused a high pressure surge to flow back along the line coming from offshore. This mishap had no significant effect on the onshore operations themselves, but the pressure surge caused the offshore platform to shut down, which triggered a chain reaction that caused many other offshore platforms in the complex to shut down in sequence. In the end, many millions of dollars of production were lost, and the company was lucky not to have had a safety or environmental incident. Because management and the technical staff had not conducted an interface hazards analysis, so they did not understand the interactions between the different operating units.

Another example of interface operations concerns truck operations. Many process facilities use trucks from third party companies to bring in chemicals and to export products and waste streams. It is generally a good idea to invite a representative of the trucking company to the pertinent process hazards analysis. That way each party can assure itself that the chances of a mishap are small. The process facility, for example, can evaluate the procedures to make sure that delivered chemicals are what they should be; the trucking company representative can check for the possibility of reverse flow of process chemicals on to their truck.

An Interface Hazards Analysis (IHA) can usually be structured into three areas:
  • Process fluids (wrong hazards analyses / reverse flow / wrong composition);
  • Instrument signals;
  • People interfaces.
No established methodology exists for analyzing system connectivity ¾ for conducting what is, in effect, an ‘Interface Hazards Analysis’. However such a system can be viewed as being a collection of black boxes ¾where each black box represents an operating unit, each of which has been thoroughly analyzed individually.

Figure 2 shows a system consisting of four operating units, each of which can be connected to each of the others in some manner, except that there is no link between Block 2 and Block 4. (All the arrows are two-way meaning that connectivity problems can flow in either direction.)

Figure 2
Interconnectivity

Process Hazards Analysis

 For a system containing N blocks, the total number of connections is 2 * 3 * (N – 1)! (The number '2' represents the fact that each connection is two-way. The number '3' represents that fact that there are three types of connection, as discussed above.) Therefore, in the case of Figure 2, the total number of potential interfaces is 2 * 3 * 3!, which is 36. (30 if the missing connection between '2' and '4' is considered.)

One way of conducting an Interface Hazards Analysis is with the ‘What-If’ approach. A hazards analysis team can use a flowchart of the overall process to ask ‘What-If’ questions such as:
  1. What if the flow in this line is stopped suddenly (a pipeline issue)?
  2. Can the operators on Unit A shut down any of the equipment on Unit B (an instrumentation issue)?
  3. What does Unit B do if Unit A has a fire (a human communication and response issue)?
At each interface the analyst will ask questions such as:
  • How do we know?
  • What is the consequence?
  • Are the safeguards adequate?
  • What is the effect of an upset on other units?


home | top of page | view cart

Copyright © Sutton Technical Books 2007-2012. All rights reserved

6340 N. Eldridge Parkway, Ste-I #206
Houston, TX  77041