cf lecture 12 hazard identification

7/27/2019 CF Lecture 12 Hazard Identification

1/78

Hazard IdentificationWhy? To identify hazards so that they can be

eliminated or controlled.

How? Using a number of available procedures.


2/78

P-36

platform on

transport

barge


3/78


4/78


5/78


6/78


7/78


8/78


9/78

Other examples of accidents due to

undetected hazards. Titanic 1912. Bulkheads not full height.

Water flooded into adjacent compartments.

Alexander Keilland 1980. Undetectedcracks in bracing member. Leg detached

from rig which capsized.

Esso Longford 1998. No HAZOP. Heat

exchanger failed due to low temperatures.


10/78

How many hazards can you identify?


11/78

Approach to all Hazard Identification methods

Identify process hazards

Review previous incidents

Analyze engineering and administrative controls and consequencesof control failures

Consider facility location

Address human factors

Evaluate effects of incidents on employees

Decide when action items are warranted


12/78


13/78

Brainstorming

Rules Postpone and withhold your judgement of ideas.

Encourage wild and exaggerated ideas.

Quantity counts at this stage, not quality.

Build on the ideas put forward by others.

Every person and every idea has equal worth.

By its very nature a brainstorming

session cannot be structured, but it

can be guided.


14/78

HAZARD IDENTIFICATION METHODS

Check List

What If

Hazid Hazop

Task Analysis

Fault Tree Analysis Failure Modes & Effects Analysis


15/78

Safety Analysis

QualitativeCheck Lists

What If Reviews

Hazop Reviews

QuantitativeEvent Trees

Fault TreesFailure Mode and Effects Analysis (FMEA)


16/78

Process Hazard Identification

Selection of the most appropriate methods for each facility or processand provide the rationale for their selections.

Sometimes a combination of methods may be most appropriate.

Depends on many factors including the size and complexity of theprocess and existing knowledge of the process.

All Hazard Identification methods are subject to certain limitations.

Hazard Analysis depends on good judgement, therefore assumptionsmade must be documented, understood, and retained for future

hazard reviews.


17/78

Consider each situation to be unique

Each may require a different approach

Each is dependant upon process complexity

Increasing Expertise Required

Obvious low hazard

or simple process

Obvious high hazard or

complicated process

Supervisor Expert Team

Hazard Identification


18/78

Checklist Analysis

A checklist analysis is used to verify the status of a system.

The checklist analysis method is versatile, easy to use and can beapplied at any stage in the life of a process. It is primarily used toindicate compliance with standards and practices. It is also a cost-effective way to identify common and customarily recognizedhazards.

Checklists also provide a common basis for management review ofassessments.

Many organizations use standard checklists to control thedevelopment of a process or an entire project from initial designthrough decommissioning.

The completed checklist must be approved by all relevant staffmembers and managers before a project can move from one stageto the next.


19/78

Process Hazards Checklist Analysis

Storage. Storage tanks, dykes, emergency valves, inspection, maintenance,procedures, specifications, limitations

Materials Handling. Pumps, conveyors, ducts, piping, procedures

Process Equipment and Systems. Procedures, conformance, loss of utilities,vessels, relief devices, hazards, electrical, ignition sources, compatibility

Personnel Protection. Protection, ventilation, exposure, hazards manual,environmental

Controls and Emergency Devices. Controls, calibration, inspection, alarms,interlocks, relief devices, emergencies, process isolation

Waste Disposal. Ditches, vents, characteristics,

Sampling. Sample points, procedures, sample analysis

Maintenance. Decontamination, vessel opening, procedures


20/78

Cooling Water Chlorination System


21/78

MATERIAL

Do a l l ra w m a t e ri a l s co n t i n u e t o co n f o rm t o o ri g i n a l sp e ci f i ca t i o n s? Yes. The drums are ordered with the same chlorine specification used

since startup.

Is e a ch re ce ip t o f m a t eri a l ch e cke d ? Yes. The supplier once sent acylinder of phosgene.

Since then, a test is performed by the maintenance staff. In addition, thefusible plugs are inspected for evidence of leakage, before a cylinderis hooked up.

Do e s t h e o p e ra t i n g s t a f f h a ve a cce ss t o M a t eri a l S af e t y Da t a Sheets? Yes. All staff are familiar with the process chemistry,including the hazards of Chlorine.

I s f i re f i g h t i n g a n d sa f e t y e q u i p m e n t p ro p e rl y l o ca t e d a n d m a i n t a i n e d ? Yes. This system is on a concrete building roof.Because there are no flammable materials involved in this system, if afire occurs, there will be no special effort by fire fighting crews toconcentrate on the roof area.


22/78

EQUIPMENT

H a s a ll e q u i p m e n t b e en i n s p e c t e d a s s c h e d u l e d ? Yes. The maintenancepersonnel have inspected the equipment in the process area according tocompany inspection standards.

H a v e p r e s s u r e r e l ie f v a l v es b e e n i n s p e c t ed a s s c h e d u l e d ? Yes.

H a v e r u p t u r e d i s k s b e e n i n s p e c t e d ( fo r h a v i n g b l o w n ) as s c h e d u l e d ? Notapplicable.

A r e t he pr oper maint enance mat er ials ( par t s, et c. ) avai lable? Yes. Theyinclude spare pigtails for the supply cylinders, as well as a rotameter and apressure check valve. Other items must be ordered.

Is t h e r e a n e m e r g e n c y c y l i n d e r c a p p i n g k i t ? Yes.

PROCEDURES

A r e t h e o p e r at i n g p r o c e d u r e s c u r r e n t ? Yes.

A r e t h e o p e r a t o r s f o l l o w i n g t h e o p e r a t i n g p r o c e d u r e s ? No. It is reported thatsome staff do not always check the cylinder's fusible plugs for leaks. Staffshould be re-reminded of this procedural item and its importance.

A r e n e w o p e r at i n g s t a f f t ra i n ed p r o p e r l y ? Yes. Training includes a review ofthe Hazard Analysis for this process and familiarization with MSDSs.

H o w a r e c o m m u n i c a t i o n s h a n d l e d a t s h i f t c h a n g e ? There are relatively fewopen items at the end of a shift. The chlorine cylinders need to be changedonly about once every 45 days. If an empty chlorine cylinder needs replaced,it has proven to be easy to schedule the change during a shift.

Is h o u s e k e ep i n g a c c e p t ab l e ? Yes.

A r e s a f e w o r k p e r m i t s b e i n g u s e d ? Yes.


23/78


24/78

Does not address new processes, equipment, etc.

May miss issues not covered by lists

Past data might not contain infrequent, high consequence

accident

Encourage a tick off mentality

Does not deal effectively with hazards that arise from

interactions

Checklist Limitations


25/78


26/78

Later model with round windows


27/78

What If Analysis

What-if analysis is to identify hazards,

hazardous situations, or specific

accident events that could produce an

undesirable consequence.

What-if analysis involves the examination

of possible deviations from the design,

construction, modification, or operatingintent of a process.


28/78

Approx Time Requirements


29/78

Advantages of What if analysis

It can be accomplished with a relatively low skill level.

The typical What if review is a brainstorming session, allsorts of topics may be randomly addressed as they arethought up. Combined with a checklist format, thereview may become simple to answer.

It is fast to implement, compared to other qualitative

techniques. What if review is a direct question methodpossibly from a standardized check list from whichquestions can be easily and rapidly addressed.

It can analyse a combination of failures. The option ofaddressing continuing sequential failures can be

investigated.

It is flexible. It is readily adaptable to any type ofprocess and questions can focus on specific potentialfailures.


30/78

Limitations of What if technique

It is based on experience. A what if analysis cannot berelied upon for identifying unrecognized hazards. Areview team may fail to investigate deep enough intothe process with which they have become superficiallyfamiliar. Unless the review team asks the rightquestions, hazards may not be identified.

It is not systematic. It is considered a brainstormingsession. Personnel familiar with the facility discussaspects in a random fashion whatever comes to mind.


31/78

Combines the creative, brainstorming feature of

what if analysis and the systematic features of

the checklist analysis to try and overcome the

random approach of What If.

What If /Checklist


32/78

HAZID (HAZard IDentification)

A process where a list of hazards and

guidewords is applied to a facility or

activity in a systematic manner.


33/78

HAZID

Suitable for application during concept selection, and equally

for review of basic development concepts when the following

level of information is normally available:

operations philosophy sparing and maintenance philosophy

process flow schemes

preliminary layouts

fire and explosion strategies.


34/78

Hazards Guidewords

Release GasLiquid

Condensate

Other

Fire Fuel sourceIgnition

Relief

Smoke & gas ingress

Explosion FuelConfinement

Impact LiftingMaintenance

Mechanical failure

Structural Failure Primary structuresTemporary structures


35/78

Hazards Guidewords

Environmental VolatilesLiquids

Solids

Chemical TypesHandling

Protection

Logistic Aviation

MarineOther

Materials CorrosionErosion

Climatic EarthquakeExtreme weather

Occupational OperationalDiving

Transport


36/78

HAZID

Divide the item under consideration into nodes, whichare manageable sections, with clearly defined limits.

Apply the first guideword and ask how could this

happen?

Determine in what manner the hazard might be realised.

What would be the consequence of this?

List any existing safeguards or precautions.(Preventive

or control measures)

List any areas for discussion or any actions which need

to be taken.Record everything, drawings used, team members,

dates.


37/78

HAZID Worksheet

HAZARD PHASE CAUSE EFFECT/ESCALATION

PREVENT CONTROL DISCUSSION ACTION

Loss ofcontainment

Production Leak of processgas containingH2S

Toxic gas cloud.Risk topersonnel onplatform

The amount ofprocessequipment onthe platform isbeing kept to aminimum, withprocessing ofthe gas beingperformedonshore.

Platform is designedso that the prevalentwind direction isaway from themuster andevacuation areas.

Breathing apparatusis available on theplatform

Saver sets will beprovided to allpersonnel (typicallyup to 15 minutesprotection againstH2S)

Arrangementsfor changingfrom saversets to BA sets

are not clear.

Command andcontrol with

personnelwearing BAwill be difficult.

Action 001: Confirm thecommand and control strategywith regard to H2S and wearingBA.

Action 002: Develop anevacuation strategy that issuitable for a sour gasenvironment.

Action 003: Develop anintervention schedule and

ensure that intervention is keptto an absolute minimum bykeeping the amount of processequipment to a minimum.


38/78


39/78

HAZOP Objectives

To identify the causes of all deviations or

changes from the design intent

To determine all major hazards and

operability problems associated with these

deviations

To decide whether action is required to

control the hazard or the operability problem

To ensure that the actions decided upon are

implemented and documented


40/78

Formal procedure for identifying hazards

Basic idea generate a list of all the ways in which

process failures can occur

Determine what may cause each failure and what the

results might be

Recommend actions to avoid each failure

Not quantitative no trade off between risk and

consequences


41/78

Coarse Hazop - Early study to identify basic flaws indesign which would be costly to correct later

Main Hazop - Primary vehicle for identification of

hazards, effects and operability problems

Final Hazop - Coverage of systems not sufficiently

developed for the Main Hazop

Procedural Hazop - Identification of hazards and

operability problems arising from procedures such as

commissioning, maintenance and other non-

continuous procedures.

HAZOP types


42/78

HazidCoarse

Hazop

Main

Hazop

Procedures

Final Hazop

Commissioning

Identification Phase Definition Phase

Prospective Project Front End Engineering

Execution Phase


43/78

HAZOP Leader

HAZOP SecretaryHAZOP Leader Specialists(as required)

Process Engineer

Instrument Engineer

Operations Representative

Maintenance Engineer

Pipeline Engineer

Metallurgist

others


44/78

Preparatory Work

Assemble the data

Understand the subject

Subdivide the plant and plan the sequence

Mark up the drawings Devise list of appropriate keywords

Prepare table headings and an agenda

Prepare a timetable

Select the team


45/78

Hazop study

Full size Piping & Instrumentation Diagram

(P&ID) displayed. Team members are provided

with individual reduced size P&ID copies

Introductory talk and brief description of thetechnique are given by the Hazop chairman.

A plant description is provided usually by the

process engineer, summarizing the processing

facilities, including an account of the function ofeach equipment item.


46/78

The accuracy of the drawings and other data used

as the basis for the study

Technical skills and insights of the team

Ability of the team to use as an approach as an aid

to their imagination in visualising deviation, causes

and consequences

Ability of team to maintain sense of proportion

Key aspects for success of Hazop


47/78

Node Identification

Divide the facility into process systems and

subsystems

Follow the process flow of the system understudy

Isolate subsystems into major components which

achieve a single objective


48/78

Parameters

FLOW

PRESSURE

TEMPERATURE

LEVEL

PHASE

COMPOSITION


49/78

Guidewords

p

p

p

p

p

p

FLOW

Analysis based on appropriate

operations identified by the team

PRESSURE

TEMPERATURE

LEVEL

PHASE

COMPOSITION

(specific component)

NO

MORELESS

ASWELLAS

PA

RTOF

REVERSE

OTHER

THAN

Typical Operations:Isolation

Maintenance

Start-up

Shutdown

Blowdown

Parameters

p = possible


50/78


51/78

Hazop study

Select the appropriate NODE

Apply the PARAMETER

Apply the GUIDE WORD (orDEVIATION)

Agree credibility of deviation

Determine the potential CAUSES of the deviation

Assess the PROTECTION provided against thedeviation and its consequences

Agree a RECOMMENDATION for action or further

consideration to the problem.

Reiterate above steps for other GUIDE WORDS

Reiterate above steps for other process

PARAMETERS

Reiterate above steps for other NODES in review


52/78

Maintenance

Utility failure

Start-up

Normal shut down

Emergency shut down

Operational phases


53/78

Equipment Failure

Operational Errors

External Events

Product Deviations

Possible CAUSES


54/78

CREDIBLE SCENARIOS

A single human error with or without established operating

instructions

A single instrument or mechanical failure

A single failure coupled with a single instrument or

mechanical failure

NON CREDIBLE SCENARIOSSimultaneous failure of two independent instrument or

mechanical systems

Failure of both the primary and secondary relief device to

operate as designed

Immediate change of process characteristicsMassive impact from foreign object


55/78

RECOMMENDATIONS

Modify the design

Add an alarm

Add an interlockDevelop or change procedure

Review the design


56/78

Documentation

Summary reportHAZOP worksheets

List of proposed actions

The report is updated when all engineering and some

procedural actions are completed.

At the end of the project, a final report is issued

including

HAZOP Procedure

HAZOP Follow-up ReportList of all actions with status (completed, in progress

etc)

Complete set of P&IDs as used in the HAZOP study


57/78

HAZOP FORM

Unit: Fired Heater

Node: Feed pipe Parameter: Flow

Location (line or vessel) Process variablesor procedure (start up)

Guide Word Deviation Cause Consequence Action

Select from

official list of

words to ensure

systematic

consideration ofpossibilities

applying guide

word to this

parameter

process

engineering

process

engineering

preliminary result

which should be

reconsidered when

time is available

no no feed flow 1. feed pump stops damage to pipes inradiant section,

possible pipefailure

1. automaticstartup of backup

pump on low feedpressure

fuel

air

feed

product


58/78

2. feed valve

closed

2. fail open valve

3. feed flow meter

indicates false high

flow (controllercloses valve)

3. redundant flow

meters

4. pipe blockage 4. a) test flow

before startup

4. b) place filter in

pipe

5. Catastrophic

failure of pipe

5.a) damage to

pipes in radiantsection

b) pollution and

hazard for oil

release to plant

environment

Install remotely

activated blockvalves at feed

tanks to allow

operators to stop

flow

For 1-5, SIS to

stop fuel flow onlow feed flow,

using separate feed

flow sensor


59/78

Advantages of Hazop

It uses a systematic and logical approach. It hasspecific guideword listing and the process underreview is subdivided into small sections for analysis

It can analyse a combination of failures. The optionof addressing continuing sequential failures can be

investigated to the final outcome.

It provides an insight into operability features.Operation control methods are fully investigated forpotential deviating conditions. Operators presentcan readily deduct what hazards may be present at

the facility.

Li it ti f H t h i


60/78

Limitations of Hazop technique Require well defined system

Time consuming. It may be slower than other methods.The team leader follows a standard format with specialguidewords and deviations that need to be addressed.Because of standardized listings some unimportantissues may be addressed in some portions of thesystem under review.

Provide no numeric ranking of hazards unless coupledwith a risk ranking scheme

Requires trained personnel with moderate level of skillto conduct. The review is thorough and systematicwhich has to be implemented in a proper fashion andaccurately recorded. A specialized leader is used toguide the review team during the process.

Focus on one-event failures


61/78

TASK ANALYSIS

Systematic examination of a task to be

performed, listing all the ways in which it

might be performed in an unsafe manner.Introduction of safeguards and controls to

prevent or minimise the consequences of

a failure.

Sometimes called a job safety analysis.


62/78


63/78


64/78

Failure Mode Effect Analysis

A FMEA is used to examine each potential failuremode of a process to determine the effects

of the failure on the system.

A failure mode is the symptom, condition, or

fashion in which hardware fails.

It may be identified as a loss of function, apremature function (function without demand), anout-of-tolerance condition, or a physicalcharacteristic, such as a leak, observed during

inspection. The effect of a failure mode isdetermined by the system's response to thefailure.


65/78

A FMEA has three steps:

defining the process,

performing the analysis, and

documenting the results.

.


66/78

Application of FMEA


67/78


68/78


69/78

Risk Assessment

Occasional

Seldom

MajorMinor

High High

High

Medium

Medium

Medium

Low

LowLow

Frequent

Substantial

Risk Prioritisation Matrix

Severity

Likelihood


70/78

Personnel Risk Ranking MatrixLevel 5

Level 4

Level 3

Level 2

Level 1

A B C D E

Increasing likelihood

Increasin

gconsequenc

e


71/78


72/78

Severity or Consequence

Level 5 - Multiple Fatalities

Level 4 - Single Fatality, Multiple Injuries

Level 3 - Major Injury Level 2 - Minor Injury

Level 1 - No Injury, Near Miss


73/78

Consequence IncreasingLikelihood

A B C D E

Rating AccidentSeverity

Neverheard ofinindustry

Heard ofinindustry

Incidenthasoccurredin our company

Happensseveralper yearin ourcompany

Happensseveraltimes peryear inlocation

0 NoInjury

1 SlightInjury

2 Minor Injury

3 Major Injury

4 SingleFatality

5 MultipleFatalities

IncreasingRisk


74/78

Swiss Cheese theory


75/78

Are more layers safer?


76/78

Layers of Protection Analysis (LOPA)

A risk assessment tool, often used after a HAZOP, todetermine if protective measures are sufficiently robust, orneed augmenting.

Looks at the various protective methods, or layers, such asInherent Safe Design, engineering controls, administrativecontrols, response systems etc These should be

independent from each other, and are called IndependentProtective Layers (IPL).

Develop order of magnitude estimates for likelihood andconsequence severities.

Determine how much protection each IPL provides, for aparticular fault scenario, and what combination is needed toprovide adequate contingency.


77/78

IPL1 IPL2 IPL3

Safe outcome

Undesired but

tolerable outcome

Undesired but

tolerable outcome

Consequences in

excess of risk criteria

Success

Success

Success

Failure

Failure

Failure


78/78

cf lecture 12 hazard identification

Documents