hazid hazop sil tor .docx

Project: CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA TO CFTP

HAZID/HAZOP/SIL/ TOR

HAZID/HAZOP/SIL TOR

CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA/TB TO CFTP

001/AR03/13 03/12

HAZID/HAZOP/SIL TOR PAGE: 2 /25

TABLE OF CONTENTS

1. INTRODUCTION......................................................................................................................... 3

1.1 ABBREVIATIONS....................................................................................................................................4Compagnie Franco-Tunisienne des Pétroles..................................................................................4

2. HAZID STUDY............................................................................................................................. 5

2.1 SCOPE & OBJECTIVES OF THE HAZID STUDY...................................................................................52.2 HAZID TECHNIQUE.............................................................................................................................52.3 HAZID RECORDING.............................................................................................................................6

3. HAZOP STUDY........................................................................................................................... 7

3.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY.............................................................................73.2 HAZOP METHODOLOGY.....................................................................................................................73.3 HAZOP TECHNIQUE........................................................................................................................83.4 HAZOP RECORDING.........................................................................................................................113.5 HAZOP NODES.................................................................................................................................113.6 HAZOP TEAM....................................................................................................................................113.7 HAZOP FOLLOW UP.........................................................................................................................113.8 HAZOP RECOMMENDATIONS....................................................................................................123.9 PROCESS SYSTEMS / FACILITIES........................................................................................................123.10 REPORT...............................................................................................................................................12

4. SAFETY INTEGRITY LEVEL (SIL).......................................................................................13

4.1 SCOPE & OBJECTIVES OF THE SIL STUDY...................................................................................134.2 PROBABILITY OF FAILURE...................................................................................................................134.3 SIL CLASSIFICATION...........................................................................................................................14

1.1.1 RISK GRAPH TECHNIQUE...............................................................................................................141.1.2 LAYER OF PROTECTION ANALYSIS.................................................................................................15

4.4 RISK MATRIX........................................................................................................................................154.5 RISK REDUCTION................................................................................................................................164.6 RISK ANALYSIS TEAM.........................................................................................................................164.7 SIL RECORDING.................................................................................................................................17

5. APPENDICES............................................................................................................................. 18

5.1 PROCESS SAFETY RISK GRAPH.........................................................................................................185.2 COMMERCIAL RISK GRAPH................................................................................................................205.3 ENVIRONMENTAL RISK GRAPH..........................................................................................................215.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF INDEPENDENT PROTECTION LAYERS (IPLS)..................................................................23

HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 3 / 25

1. INTRODUCTION

This document provides significant aspects and considerations of HAZID, HAZOP, and SIL study

related to the construction of new pipeline from guebiba/tb to cftp project.


2. Abbreviations

The following abbreviations will be used:

CFTP : Compagnie Franco-Tunisienne des Pétroles

HAZID : Hazard Identification

HAZOP : Hazard & Operability

SIL : Safety Integrity Level

SIF : Safety Instrumented Function

P&ID : Piping & Instrumentation Diagrams

SLC : Safety Life Cycle

LOPA : Layer of Protection Analysis

CIL : Commercial Integrity Levels

E/E/PES Electrical/electronical/programmable electronical systems

IPF : Instrumented Protective Function

IEC : International Electrotechnical Commission

EIL : Environmental Integrity Levels


3. HAZID Study

3.1 SCOPE & OBJECTIVES OF THE HAZID STUDY

For this project, HAZID (Hazard Identification) analysis is required: the overall objective is to

produce a facility in respect of which all risks to the human, Environment, company

reputation and the assets have to be identified and minimized.

The HAZID worksheet objectives are:

To systematically analyse the Project for potential hazards identification.

To list all the needed documents about the project, that must be prepared in the following

basic or detail design phase.

Considering the simplicity of the design, the risk-ranking for the recommendations has been

limited to cases where a clear critical consequence was specified and the recommendation

is proposed as a choice between different solutions.

For all the recommendations requiring further analysis, design and / or engineering

studies / documents, operating procedures development, or other efforts that however

must be done or prepared, the risk ranking will be considered superfluous.

3.2 HAZID TECHNIQUE

The HAZID Review will be conducted as a guided brainstorming, by means of guidewords

applied to the project.

The specific intention of this Hazards review is to highlight and estimate hazards deriving from

the new pipeline from Guebiba/TB to CFTP, not only at normal operation phase but also during

construction, commissioning and maintenance activities.

The analysis is concentrated on the inherent external and internal hazards for the project, and

is focussed on specific parts of the selected process, philosophies and operational concepts.

A part is dedicated to the environmental aspect where potential impacts, corresponding

causes, consequences and associated protections are identified, this analysis enables quick

and yet trustful setting of documented Environmental Protection and regulatory compliance

measures.

With the help of guidewords, hazards will be identified together with potential means of control

and mitigation.

For each hazard, a qualitative assessment of the expected likelihood and severity of

consequences will be given, on the basis of the risk assessment documents.

The minutes of the HAZID Review detailing the hazards, causes and consequences, risk-

ranking, recommendations and residual risk ranking will be recorded in HAZID Worksheets.


Figure 1: HAZID PROCEDURE

3.3 HAZID RECORDING

The discussion will be recorded by the HAZID Secretary using dedicated software: “LEADER

2015 version”.


4. HAZOP Study

4.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY

HAZOP (Hazard and Operability Study) is a qualitative methodology that identifies possible

deviations from the correct functioning of the process, analyzing moreover the consequences

of such anomalies and the actions to be taken in order to limit them to the smallest possible

areas.

The HAZOP’s targets are:

- To identify possible deviations from the intended operation that can cause

personnel or equipment harm as well as operation disturbances (accidental events),

- To establish how deviations from the design intent can arise,

- To assess whether such deviations and their consequences can have a negative

effect upon the safe and efficient operation of the system,

- To recommend actions, whenever is necessary, in order to remedy to the

deviations.

4.2 HAZOP METHODOLOGY

The method used for the HAZOP is a systematic review of the process; therefore the primary

words will be the process parameters: Flow, Pressure, Temperature, Composition, and Level.

And the secondary words, which are combined with a primary keyword, are the different

HAZOP guidewords permit to suggest possible deviations: No, Less, More, Part of, As well as,

Reverse, Other than…etc.

In practice, the process parameters are combined with standard guidewords to set down a list

of deviations from the normal operation of the system under review. The following

combinations were used in this Study:

Table 1: Deviations represented by Parameters and Guidewords

Parameter

sGuidewords Deviations

Flow

NoReverse

MoreLess

No Flow (complete lack of flow)Reverse Flow (flow in the opposite direction than the normal operation)More Flow (higher flow rate than expected)Less Flow (lower flow rate than expected)

Temperature

MoreLess

Higher Temperature (than expected)Lower Temperature (than expected)

PressureMoreLess

Higher Pressure (than expected)Lower Pressure (than expected)

CompositionAs well as

Part ofContamination Composition Change (fluid composition different than expected, e.g. off-spec feed, incorrect chemical dosing, etc.)


Parameter

sGuidewords Deviations

LevelMoreLess

Higher Level (higher liquid level in a vessel or tank, up to overfilling condition)Lower Level (lower liquid level in a vessel or tank, up to a complete loss of level)

Other OtherOther (any other cause of upset or unsafe condition identified during the HAZOP but not linked to an identified parameter)

4.3 HAZOP TECHNIQUE

HAZOP is a systematic procedure used to review the process design for identification of

potential hazards and operability problems caused by deviation from the design intent of both

new and existing process facilities. The methodological approach is to identify deviations from

the design intent using parameters and appropriate guidewords, and to define any actions

necessary to reduce the probability of occurrence and/or eliminate/mitigate the consequences.

The system will be divided into discrete Nodes (a "node" is a sub-system or a portion of a

systems which can be analyzed alone, e.g. a tank, a header, a pump, even a single line,

together with the relevant connections to the interfaces), and the methodology will be applied

thoroughly to each node until all the system be fully analyzed.

The method involves the following steps for each Node:

Define a Node of the process on the P&IDs;

Clarify the design intent and the normal operating conditions of the Node;

Identify a Deviation from the intent or operating conditions by applying parameter and a

Guidewords;

List possible Causes and Consequences of the Deviation (a Deviation can be considered

“meaningful” if it has credible causes and can result in harmful consequences);

Identify the Safeguards (if any), as shown in project documentation;

Formulate Recommendations (and identify the responsible for implementation/action) if

no sufficient Safeguards are provided.


The following figure summarizes the HAZOP Procedure that has been applied.

Figure 2: HAZOP PROCEDURE

If a deviation and/or event are found to be realistically possible and to give rise to a significant

consequence, it is discussed in the HAZOP Study Worksheets.

The cases where there are no credible causes of deviation, and/or no events giving rise to

significant consequences, will not been recorded on the Worksheets.

The keyword combinations will be discussed following an iterative process in order to identify

potential problems, as the diagram mentioned below:


Yes

Describe process section

Record the consequence/s

Record any Safeguards identified

Having regard to the consequences and Safeguards, is an Action necessary?

Record the agree Action

Yes

Select a guideword previously considered (e.g. More)

Are there any causes for this deviation not previously discussed and recorded?

Record the new cause

Are associated consequences of any significance?

No

Yes

Yes

Determine cause of deviation from design intent; assess potential hazard/operational problem

associated with the defined cause

Select a Node and describe design intent

Have all relevant Parameter for this plant section been considered?

Select a parameter not previously considered (e.g. Pressure)

Have all relevant guideword for this parameter been considered?

No

Yes

No

No

No

HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 11 /25

4.4 HAZOP RECORDING

The HAZOP discussion will be recorded by the HAZOP Secretary using dedicated software:

“LEADER – 2015 VERSION”.

This software leads to:

- A complete sets of topics added instantly;

- A vast Leader Library, puts hundreds of standard HAZOP deviations;

- Add own custom topics to any section, to the library, or to the project template that

can be created;

- Copy, reorder, and renumber topics.

The record will be made during the session using laptop, and will be projected onto a

suitable screen so that all team members can see inputs to the record as it is produced.

4.5 HAZOP NODES

In order to perform the analysis and focus the team’s attention on a specific area, the

different process systems will be divided into a convenient number of discrete nodes. Each

node represents a section of the system that can be composed by one or more items with

homogeneous characteristics in terms of pressure, temperature or service. A new node

starts when main process parameters change or isolation is present.

4.6 HAZOP TEAM

The HAZOP shall be carried out by a multidisciplinary team to ensure all aspects of the plant

and its operations are covered. The team member’s specialists include process design,

instrumentation and control, mechanical engineering, safety and operation.

The chairman has to:

Select the team’s members

Plan and prepare the study,

Chair the HAZOP meetings: Trigger the discussion using guidewords and parameters,

Follow up progress, Ensure completeness of the analysis.

The team will include a nominated scribe, responsible for recording discussion and findings.

4.7 HAZOP FOLLOW UP

The HAZOP Actions Coordinator will be responsible for ensuring the Action Items are

forwarded to the parties responsible for action implementation, and for recording the status

of the actions.

The relevant discipline specialists should close-out the addressed actions, indicating the

resolution and providing references and evidence of implementation. The action sheet

completed with close-out information shall be returned to the HAZOP Actions Coordinator.


The HAZOP Actions Coordinator should review the responses and proceed until full

resolution of all pending issues.

When an action is closed, the HAZOP Actions Coordinator should mark the action as

“CLOSED” in the action status column. When all actions will be closed, the Coordinator can

issue the close-out report (i.e. the collection of all the resolutions and action close-outs). All

Actions shall be ideally closed before the end of the Engineering Phase.

4.8 HAZOP RECOMMENDATIONS

The analysis results of the HAZOP study shall be represented by a series of

recommendations which take the form of suggested design changes, requirements of

verification and additional studies or suggestions for specific operational procedures to be

implemented. The recommendations will be managed in the activity of follow-up and

implemented during the project development.

4.9 PROCESS SYSTEMS / FACILITIES

To ensure process integrity and to identify process hazards and operational problems for

process systems or facilities, a systematic review of the P&IDs shall be made.

4.10 REPORT

The HAZOP Report is a key document pertaining to the safety of the plant. It should provide

sufficient information on each element so that, either read alone or together with available

and clearly cross referenced documents, an assessment can be made of the adequacy of the

HAZOP study carried out.

The contents of such a summary might typically be:

- Introduction;

- System definition and delimitation;

- Documents (on which the analysis is based);

- Methodology;

- Team members;

- HAZOP results:

Reporting principles,

Classification of recordings,

Main results;

HAZOP study worksheet.

- Appendices:

P&IDs (marked),


List of participants.


5. Safety Integrity Level (SIL)

5.1 SCOPE & OBJECTIVES OF THE SIL STUDY

The analysis of hazards and risks gives rise to the need to reduce the risk and within the SLC

of the standards this is identified as the derivation of the safety requirements. There may be

some overall methods and mechanisms described in the safety requirements but also these

requirements are then broken down into specific safety functions to achieve a defined task.

In parallel with this allocation of the overall safety requirements to specific safety functions,

a measure of the dependability or integrity of those safety functions is required.

What is the confidence that the safety function will perform when called upon?

This measure is the SIL. More precisely, the safety integrity of a system can be defined as:

"The probability (likelihood) of a safety-related system performing the required

safety functions under all the stated conditions within a stated period of time."

Thus the specification of the safety function includes both the actions to be taken in

response to the existence of particular conditions and also the time for that response to take

place. The SIL is a measure of the reliability of the safety function performing to

specification.

5.2 PROBABILITY OF FAILURE

To categorise the safety integrity of a safety function the probability of failure is considered

– in effect the inverse of the SIL definition, looking at failure to perform rather than success.

It is easier to identify and quantify possible conditions and causes leading to failure of a

safety function than to guarantee the desired action of a safety function when called upon.

Two classes of SIL are identified, depending on the service provided by the safety function

For safety functions that are activated when required (on demand mode) the

probability of failure to perform correctly is given, whilst

For safety functions that are in place continuously the probability of a dangerous

failure is expressed in terms of a given period of time (per hour) (continuous mode).

The probabilities of failure are related to one of four safety integrity levels, as shown in

Table 1:

Table 2: Probability of failure

Probability of failure

Safety Integrity Level (SIL)

Mode of operation – on demand (average probability of failure to perform its design function upon

demand)

Mode of operation – continuous(probability of dangerous failure per

hour)

b A single E/E/PES is not sufficient

4 ≥ 10-5 to < 10-4 ≥ 10-9 to < 10-8

3 ≥ 10-4 to < 10-3 ≥ 10-8 to < 10-7

2 ≥ 10-3 to < 10-2 ≥ 10-7 to < 10-6


Probability of failure

Safety Integrity Level (SIL)

Mode of operation – on demand (average probability of failure to perform its design function upon

demand)

Mode of operation – continuous(probability of dangerous failure per

hour)

1 ≥ 10-2 to < 10-1 ≥ 10-6 to < 10-5

a No special safety requirements

5.3 SIL CLASSIFICATION

The following methods will be used for Target Safety Integrity:

Risk Graph

Layer of Protection Analysis (LOPA)

Both these methods are included in the IEC61508 and IEC61511 standard. The risk graph is

a qualitative technique, the results tend to be quite subjective and lead to SIL levels biased

on the high side. The Layers of protection analysis technique is quantitative and more

accurate and it is becoming the widely accepted technique for SIL determination.

5.3.1 RISK GRAPH TECHNIQUE

The risk graph method is a qualitative approach to determine the level of integrity required

for the identified Instrumented Protective Functions (IPF) for the project. The approach is

based on the International Electro technical Commission standard, IEC61511.

Risk graph analysis uses four parameters to make a SIL selection. These parameters are

consequence (C), occupancy (F), probability of avoiding the hazard (P), and demand rate

(W).

- Process Safety Risk Analysis

Each loop shall be reviewed on the following basis:

Consequence Severity

Personnel Exposure

Alternatives to Avoid Danger

Demand Rate

The SIL rating is calculated using the response to the 4 questions and the appropriate SIL

level is generated using the IEC risk graph attached in Appendix (6.1).

- Commercial Risk Analysis

Each of the loops reviewed shall be subjected to an Asset Protection Review. This shall be

carried out on the following basis:



Demand Rate

The risk graph for asset / economic loss is provided in Appendix. Before this chart is used, it

must be calibrated for the specific plant it is used on. Consequence severity should

represent the meaningful range of negative impacts towards important asset or economic

objectives (e.g. reliability, replacement or repair costs)

The equivalent CIL rating is calculated using the response to the 2 questions and the

appropriate equivalent CIL level is generated using the IEC risk graph attached in Appendix

(6.2).

- Environmental Risk Analysis

Each of the loops reviewed shall be subjected to an Environmental Review. This shall be

carried out on the following basis:


Demand Rate

Environmental protective functions should be assessed against a risk graph that provides

the range of negative consequences with respect to important environmental objectives for

the specific plant, area of operation and local legislative requirements. For example,

violation of discharge permits or flare consents spills of varying magnitude.

The equivalent EIL rating is calculated using the response to the 2 questions and the

appropriate equivalent EIL level is generated using the IEC risk graph attached in Appendix

(6.3).

5.3.2 LAYER OF PROTECTION ANALYSIS

LOPA is one of the techniques developed in response to a requirement within the process

industry to be able to assess the adequacy of the layers of protection provided for an

activity. Initially this was driven by industry codes of practice or guidance and latterly by the

development of international standards such as IEC61508 and IEC61511.

Once the tolerable frequency for a SIF is established, all causes of the initiating event are

listed. For each cause of the initiating event, its likelihood is established. The layers of

protection and associated PFD for each cause are then listed. The mitigated event frequency

for each cause is determined. After each cause is analyzed the total event frequency due to

all causes for the initiating event is determined. The SIL is determined by comparing the

established tolerable frequency (goal) with the total mitigated event frequency.


5.4 RISK MATRIX

The risk matrix is a method categorizing the frequency or likelihood and severity of a risk

event using multiple qualitative levels. The risk matrix tolerance will represented with risk

matrix. The OMV risk matrix is shown below:

Frequency (Cases Per Year)

E Frequent (> 1*10^-2/year)

D Probable (1*10^-2 to 1*10^-4/year) Intolerable Region

C Seldom (1*10^-4 to 1*10^-5/year) Tolerable if ALARP Region

B Unlikely (1*10^-5 to) Broadly Acceptable Region

A Improbable (<1*10^-7/year)

Consequence Level1

Low2 3 4

5

High

Figure 3: RISK MATRIX

5.5 RISK REDUCTION

It’s important to ensure that the risk reduction achieved for E/E/PES protective layer and

other technologies are sufficient so that the necessary risk reduction is achieved and that

risk is reduced to tolerable levels shown in the Figure below:

Figure 4: IEC - Risk Reduction Model – ALARP Reduction

5.6 RISK ANALYSIS TEAM

The typical SIL classification Team should include the following personnel:


SIL Facilitator;

Secretary;

Process Engineer;

Safety Engineer;

Instrument Engineer;

Operations Personnel;

Specialist Engineers and Technicians (for example HVAC and Rotating Machinery).

5.7 SIL RECORDING

SIL software tools may be used to facilitate the documentation of the classification process

and the calculation of the IPF loop reliabilities.

The SIL discussion will recorded by the SIL Secretary using dedicated software “LOPA”, It‘s a

tool integrated in the “HAZARD REVIEW SOFTWARE – 2015 VERSION”.

This software leads to:

- A vast integrated Library puts many scenarios (causes, consequences...);

- Various Types of Independent Protection Layers (IPLs);

- Typical Probabilities of Failure on Demand from Literature and Industry;

- Typical Frequencies for Various Types of Initiating Events;

- Complete sets of topics added instantly....


6. Appendices

6.1 PROCESS SAFETY RISK GRAPH

Figure 1 : IEC Process Safety Risk Graph

- = No safety requirements

NR = Not recommended. Consider alternatives

Table 1: IEC Process Safety Risk Graph DataRisk Parameter Classification Comments

Consequence

(C)

C1 Slight Injury1. The classification system has been

developed to deal with injury and death to

people.

2. For the interpretation of C1, C2, C3 and C4,

the consequences of the accident and normal

healing shall be taken into account.

C2Serious injury or 1

death

C3Death to several

people

C4Very many people

killed

Frequency of,

and exposure

time in, the

hazardous

zone (F)

F1

Rare to often

exposure in the

hazardous zone

3. See comment 1 above.

F2 Frequent to

permanent exposure


Risk Parameter Classification Comments

in the hazardous zone

Possibility of

avoiding the

hazardous

event (P)

P1Possible under certain

conditions

4. This parameter takes into account:

- operation of a process (supervised (i.e.

operated by skilled or unskilled persons) or

unsupervised);

- rate of development of the hazardous event

(for example suddenly, quickly or slowly);

- ease of recognition of danger (for example

seen immediately, detected by technical

measures or detected without technical

measures);

- avoidance of the hazardous event (for

example escape routes possible, not possible

or possible under certain conditions);

- actual safety experience (such experience

may exist with an identical EUC or a similar

EUC or may not exist)

P2 Almost impossible

Probability f

the unwanted

occurrence (W)

W1

Demand Rate once in

every 30 years or

more.

5. The purpose of the W factor is to estimate

the frequency of the unwanted occurrence

taking place without the addition of any

safety-related systems (E/E/PES or other

technology) but including any external risk

reduction facilities

6. If little or no experience exists of the EUC,

or the EUC control system, or of a similar EUC

and EUC control system, the estimation of the

W factor may be made by calculation. In such

an event a worst case prediction shall be

made.

W2Demand Rate

between 3 – 30 years.

W3Demand Rate

between 0.3 – 3 years


6.2 COMMERCIAL RISK GRAPH

Figure 2 : Commercial Risk Graph

- = No safety requirements


Table 2: Commercial Risk Graph DataRisk Parameter Classification Comments

Consequence

C0No operational upset or

equipment damage

1. Each facility will have specific economic

consequences which should be considered.

These should be established before the

classification commences. Risk graphs should

be selected and calibrated to suit the specific

economic consequences and the local

business model.

C1Minor operational upset or

equipment damage.

C2

Moderate operational

upset or equipment

damage

C3Major operational upset or

equipment damage.

C4

Damage to essential

equipment, major

economic loss or loss of

containment


Possibility of

avoiding the

hazardous

event (P)

P1Possible under certain

conditions

2. While not used in this example the risk

graph may be adapted to include this

requirement

3. This parameter takes into account:

- operation of a process (supervised (i.e.

operated by skilled or unskilled persons) or

unsupervised);

- rate of development of the hazardous event

(for example suddenly, quickly or slowly);

- ease of recognition of danger (for example

seen immediately, detected by technical

measures or detected without technical

measures);

- avoidance of the hazardous event (for

example escape routes possible, not possible

or possible under certain conditions);

- actual safety experience (such experience

may exist with an identical EUC or a similar

EUC or may not exist)


Probability f

the unwanted

occurrence

(W)

W1Demand Rate once in

every 30 years or more.

7. The purpose of the W factor is to estimate

the frequency of the unwanted occurrence

taking place without the addition of any

safety-related systems (E/E/PES or other

technology) but including any external risk


8. If little or no experience exists of the EUC,

or the EUC control system, or of a similar EUC

and EUC control system, the estimation of the

W factor may be made by calculation. In such

an event a worst case prediction shall be

made.

W2Demand Rate between 3

– 30 years.

W3Demand Rate between

0.3 – 3 years

6.3 ENVIRONMENTAL RISK GRAPH


Figure 3 : Environmental Risk Graph- = No safety requirements


Table 3: Environmental Risk Graph DataRisk Parameter Classification Comments

Consequence

C0No release or a negligible

environmental impact

1. Each facility will have specific

environmental; consequences /

regulations which should be

considered. These should be

established before the

classification commences. Risk

graphs should be selected and

calibrated to suit the specific

environmental consequences

and the local business model.

C1Release with minor impact on

environmental – reportable

C2Release with moderate impact on

the environment.

C3Release with temporary major

impact on the environment.

C4Release with permanent major

impact on the environment

Possibility of

avoiding the

hazardous event

(P)

P1 Possible under certain conditions

2. While not used in this

example the risk graph may be

adapted to include this

requirement.

3. This parameter takes into

account:

- operation of a process

(supervised (i.e. operated by

skilled or unskilled persons) or

unsupervised);

- rate of development of the

hazardous event (for example

suddenly, quickly or slowly);



Risk Parameter Classification Comments

- ease of recognition of danger

(for example seen immediately,

detected by technical measures

or detected without technical

measures);

- avoidance of the hazardous

event (for example escape

routes possible, not possible or

Probability f the

unwanted

occurrence (W)

W1Demand Rate once in every 30

years or more.

9. The purpose of the W factor is

to estimate the frequency of the

unwanted occurrence taking

place without the addition of

any safety-related systems

(E/E/PES or other technology)

but including any external risk


10. If little or no experience

exists of the EUC, or the EUC

control system, or of a similar

EUC and EUC control system,

the estimation of the W factor

may be made by calculation. In

such an event a worst case

prediction shall be made.

W2Demand Rate between 3 – 30

years.

W3Demand Rate between 0.3 – 3

years

6.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF INDEPENDENT PROTECTION LAYERS (IPLS)

IPL Type Description

PFOD from Literature

and Industry

PFOD Chosen

for LOPA

Typical Comment for PFOD

BPCS

Basic process control system; automatic control loop independent of the initiating event

10-1 to 10-2 1.00E-01

Used typical value for an automatic control loop in a basic process control system, independent of the initiating event


IPL Type Description

PFOD from Literature

and Industry

PFOD Chosen

for LOPA

Typical Comment for PFOD

Human response (10 min available)

Human response with 10 minutes available for response; notification must be independent of initiating event and other IPLs, and operator training must include required response

1 to 10-1 1.00E+00

Used typical value for human response with 10 minutes available for response; notification is independent of initiating event and other IPLs, and operator training includes required response

Human response (40 min available)

Human response with 40 minutes available for response; notification must be independent of initiating event and other IPLs, and operator training must include required response

10-1 to 10-2 1.00E-01

Used typical value for human response with 40 minutes available for response; notification is independent of initiating event and other IPLs, and operator training includes required response

Passive

Passive device (e.g., a dike with good control over drains) that is not required to take an action in order for it to achieve its function in reducing risk

10-1 to 10-3 1.00E-02

Used typical value for a passive device that is not required to take an action in order for it to achieve its function in reducing risk

Relief device

Relief valve or rupture disk (effectiveness is sensitive to service and experience)

10-1 to 10-5 1.00E-03

Used typical value for a relief valve or rupture disk in clean, non-corrosive service; assumes maintenance per industry standards

hazid hazop sil tor .docx

Documents

hazid study52

hazop study73

hazid recording63

ptroles hazid

hazid technique52

hazid studyfor

considerations of hazid

hazid study3