hazid hazop sil tor .docx
TRANSCRIPT
Project: CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA TO CFTP
HAZID/HAZOP/SIL/ TOR
HAZID/HAZOP/SIL TOR
CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA/TB TO CFTP
001/AR03/13 03/12
HAZID/HAZOP/SIL TOR PAGE: 2 /25
TABLE OF CONTENTS
1. INTRODUCTION......................................................................................................................... 3
1.1 ABBREVIATIONS....................................................................................................................................4Compagnie Franco-Tunisienne des Pétroles..................................................................................4
2. HAZID STUDY............................................................................................................................. 5
2.1 SCOPE & OBJECTIVES OF THE HAZID STUDY...................................................................................52.2 HAZID TECHNIQUE.............................................................................................................................52.3 HAZID RECORDING.............................................................................................................................6
3. HAZOP STUDY........................................................................................................................... 7
3.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY.............................................................................73.2 HAZOP METHODOLOGY.....................................................................................................................73.3 HAZOP TECHNIQUE........................................................................................................................83.4 HAZOP RECORDING.........................................................................................................................113.5 HAZOP NODES.................................................................................................................................113.6 HAZOP TEAM....................................................................................................................................113.7 HAZOP FOLLOW UP.........................................................................................................................113.8 HAZOP RECOMMENDATIONS....................................................................................................123.9 PROCESS SYSTEMS / FACILITIES........................................................................................................123.10 REPORT...............................................................................................................................................12
4. SAFETY INTEGRITY LEVEL (SIL).......................................................................................13
4.1 SCOPE & OBJECTIVES OF THE SIL STUDY...................................................................................134.2 PROBABILITY OF FAILURE...................................................................................................................134.3 SIL CLASSIFICATION...........................................................................................................................14
1.1.1 RISK GRAPH TECHNIQUE...............................................................................................................141.1.2 LAYER OF PROTECTION ANALYSIS.................................................................................................15
4.4 RISK MATRIX........................................................................................................................................154.5 RISK REDUCTION................................................................................................................................164.6 RISK ANALYSIS TEAM.........................................................................................................................164.7 SIL RECORDING.................................................................................................................................17
5. APPENDICES............................................................................................................................. 18
5.1 PROCESS SAFETY RISK GRAPH.........................................................................................................185.2 COMMERCIAL RISK GRAPH................................................................................................................205.3 ENVIRONMENTAL RISK GRAPH..........................................................................................................215.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF INDEPENDENT PROTECTION LAYERS (IPLS)..................................................................23
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 3 / 25
1. INTRODUCTION
This document provides significant aspects and considerations of HAZID, HAZOP, and SIL study
related to the construction of new pipeline from guebiba/tb to cftp project.
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 4 / 25
2. Abbreviations
The following abbreviations will be used:
CFTP : Compagnie Franco-Tunisienne des Pétroles
HAZID : Hazard Identification
HAZOP : Hazard & Operability
SIL : Safety Integrity Level
SIF : Safety Instrumented Function
P&ID : Piping & Instrumentation Diagrams
SLC : Safety Life Cycle
LOPA : Layer of Protection Analysis
CIL : Commercial Integrity Levels
E/E/PES Electrical/electronical/programmable electronical systems
IPF : Instrumented Protective Function
IEC : International Electrotechnical Commission
EIL : Environmental Integrity Levels
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 5 / 25
3. HAZID Study
3.1 SCOPE & OBJECTIVES OF THE HAZID STUDY
For this project, HAZID (Hazard Identification) analysis is required: the overall objective is to
produce a facility in respect of which all risks to the human, Environment, company
reputation and the assets have to be identified and minimized.
The HAZID worksheet objectives are:
To systematically analyse the Project for potential hazards identification.
To list all the needed documents about the project, that must be prepared in the following
basic or detail design phase.
Considering the simplicity of the design, the risk-ranking for the recommendations has been
limited to cases where a clear critical consequence was specified and the recommendation
is proposed as a choice between different solutions.
For all the recommendations requiring further analysis, design and / or engineering
studies / documents, operating procedures development, or other efforts that however
must be done or prepared, the risk ranking will be considered superfluous.
3.2 HAZID TECHNIQUE
The HAZID Review will be conducted as a guided brainstorming, by means of guidewords
applied to the project.
The specific intention of this Hazards review is to highlight and estimate hazards deriving from
the new pipeline from Guebiba/TB to CFTP, not only at normal operation phase but also during
construction, commissioning and maintenance activities.
The analysis is concentrated on the inherent external and internal hazards for the project, and
is focussed on specific parts of the selected process, philosophies and operational concepts.
A part is dedicated to the environmental aspect where potential impacts, corresponding
causes, consequences and associated protections are identified, this analysis enables quick
and yet trustful setting of documented Environmental Protection and regulatory compliance
measures.
With the help of guidewords, hazards will be identified together with potential means of control
and mitigation.
For each hazard, a qualitative assessment of the expected likelihood and severity of
consequences will be given, on the basis of the risk assessment documents.
The minutes of the HAZID Review detailing the hazards, causes and consequences, risk-
ranking, recommendations and residual risk ranking will be recorded in HAZID Worksheets.
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 6 / 25
Figure 1: HAZID PROCEDURE
3.3 HAZID RECORDING
The discussion will be recorded by the HAZID Secretary using dedicated software: “LEADER
2015 version”.
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 7 / 25
4. HAZOP Study
4.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY
HAZOP (Hazard and Operability Study) is a qualitative methodology that identifies possible
deviations from the correct functioning of the process, analyzing moreover the consequences
of such anomalies and the actions to be taken in order to limit them to the smallest possible
areas.
The HAZOP’s targets are:
- To identify possible deviations from the intended operation that can cause
personnel or equipment harm as well as operation disturbances (accidental events),
- To establish how deviations from the design intent can arise,
- To assess whether such deviations and their consequences can have a negative
effect upon the safe and efficient operation of the system,
- To recommend actions, whenever is necessary, in order to remedy to the
deviations.
4.2 HAZOP METHODOLOGY
The method used for the HAZOP is a systematic review of the process; therefore the primary
words will be the process parameters: Flow, Pressure, Temperature, Composition, and Level.
And the secondary words, which are combined with a primary keyword, are the different
HAZOP guidewords permit to suggest possible deviations: No, Less, More, Part of, As well as,
Reverse, Other than…etc.
In practice, the process parameters are combined with standard guidewords to set down a list
of deviations from the normal operation of the system under review. The following
combinations were used in this Study:
Table 1: Deviations represented by Parameters and Guidewords
Parameter
sGuidewords Deviations
Flow
NoReverse
MoreLess
No Flow (complete lack of flow)Reverse Flow (flow in the opposite direction than the normal operation)More Flow (higher flow rate than expected)Less Flow (lower flow rate than expected)
Temperature
MoreLess
Higher Temperature (than expected)Lower Temperature (than expected)
PressureMoreLess
Higher Pressure (than expected)Lower Pressure (than expected)
CompositionAs well as
Part ofContamination Composition Change (fluid composition different than expected, e.g. off-spec feed, incorrect chemical dosing, etc.)
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 8 / 25
Parameter
sGuidewords Deviations
LevelMoreLess
Higher Level (higher liquid level in a vessel or tank, up to overfilling condition)Lower Level (lower liquid level in a vessel or tank, up to a complete loss of level)
Other OtherOther (any other cause of upset or unsafe condition identified during the HAZOP but not linked to an identified parameter)
4.3 HAZOP TECHNIQUE
HAZOP is a systematic procedure used to review the process design for identification of
potential hazards and operability problems caused by deviation from the design intent of both
new and existing process facilities. The methodological approach is to identify deviations from
the design intent using parameters and appropriate guidewords, and to define any actions
necessary to reduce the probability of occurrence and/or eliminate/mitigate the consequences.
The system will be divided into discrete Nodes (a "node" is a sub-system or a portion of a
systems which can be analyzed alone, e.g. a tank, a header, a pump, even a single line,
together with the relevant connections to the interfaces), and the methodology will be applied
thoroughly to each node until all the system be fully analyzed.
The method involves the following steps for each Node:
Define a Node of the process on the P&IDs;
Clarify the design intent and the normal operating conditions of the Node;
Identify a Deviation from the intent or operating conditions by applying parameter and a
Guidewords;
List possible Causes and Consequences of the Deviation (a Deviation can be considered
“meaningful” if it has credible causes and can result in harmful consequences);
Identify the Safeguards (if any), as shown in project documentation;
Formulate Recommendations (and identify the responsible for implementation/action) if
no sufficient Safeguards are provided.
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 9 / 25
The following figure summarizes the HAZOP Procedure that has been applied.
Figure 2: HAZOP PROCEDURE
If a deviation and/or event are found to be realistically possible and to give rise to a significant
consequence, it is discussed in the HAZOP Study Worksheets.
The cases where there are no credible causes of deviation, and/or no events giving rise to
significant consequences, will not been recorded on the Worksheets.
The keyword combinations will be discussed following an iterative process in order to identify
potential problems, as the diagram mentioned below:
HAZOP/HAZID/SIL/SIMOPS ToRNO. REV. 0 PAGE: 10 / 25
Yes
Describe process section
Record the consequence/s
Record any Safeguards identified
Having regard to the consequences and Safeguards, is an Action necessary?
Record the agree Action
Yes
Select a guideword previously considered (e.g. More)
Are there any causes for this deviation not previously discussed and recorded?
Record the new cause
Are associated consequences of any significance?
No
Yes
Yes
Determine cause of deviation from design intent; assess potential hazard/operational problem
associated with the defined cause
Select a Node and describe design intent
Have all relevant Parameter for this plant section been considered?
Select a parameter not previously considered (e.g. Pressure)
Have all relevant guideword for this parameter been considered?
No
Yes
No
No
No
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 11 /25
4.4 HAZOP RECORDING
The HAZOP discussion will be recorded by the HAZOP Secretary using dedicated software:
“LEADER – 2015 VERSION”.
This software leads to:
- A complete sets of topics added instantly;
- A vast Leader Library, puts hundreds of standard HAZOP deviations;
- Add own custom topics to any section, to the library, or to the project template that
can be created;
- Copy, reorder, and renumber topics.
The record will be made during the session using laptop, and will be projected onto a
suitable screen so that all team members can see inputs to the record as it is produced.
4.5 HAZOP NODES
In order to perform the analysis and focus the team’s attention on a specific area, the
different process systems will be divided into a convenient number of discrete nodes. Each
node represents a section of the system that can be composed by one or more items with
homogeneous characteristics in terms of pressure, temperature or service. A new node
starts when main process parameters change or isolation is present.
4.6 HAZOP TEAM
The HAZOP shall be carried out by a multidisciplinary team to ensure all aspects of the plant
and its operations are covered. The team member’s specialists include process design,
instrumentation and control, mechanical engineering, safety and operation.
The chairman has to:
Select the team’s members
Plan and prepare the study,
Chair the HAZOP meetings: Trigger the discussion using guidewords and parameters,
Follow up progress, Ensure completeness of the analysis.
The team will include a nominated scribe, responsible for recording discussion and findings.
4.7 HAZOP FOLLOW UP
The HAZOP Actions Coordinator will be responsible for ensuring the Action Items are
forwarded to the parties responsible for action implementation, and for recording the status
of the actions.
The relevant discipline specialists should close-out the addressed actions, indicating the
resolution and providing references and evidence of implementation. The action sheet
completed with close-out information shall be returned to the HAZOP Actions Coordinator.
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 12 /25
The HAZOP Actions Coordinator should review the responses and proceed until full
resolution of all pending issues.
When an action is closed, the HAZOP Actions Coordinator should mark the action as
“CLOSED” in the action status column. When all actions will be closed, the Coordinator can
issue the close-out report (i.e. the collection of all the resolutions and action close-outs). All
Actions shall be ideally closed before the end of the Engineering Phase.
4.8 HAZOP RECOMMENDATIONS
The analysis results of the HAZOP study shall be represented by a series of
recommendations which take the form of suggested design changes, requirements of
verification and additional studies or suggestions for specific operational procedures to be
implemented. The recommendations will be managed in the activity of follow-up and
implemented during the project development.
4.9 PROCESS SYSTEMS / FACILITIES
To ensure process integrity and to identify process hazards and operational problems for
process systems or facilities, a systematic review of the P&IDs shall be made.
4.10 REPORT
The HAZOP Report is a key document pertaining to the safety of the plant. It should provide
sufficient information on each element so that, either read alone or together with available
and clearly cross referenced documents, an assessment can be made of the adequacy of the
HAZOP study carried out.
The contents of such a summary might typically be:
- Introduction;
- System definition and delimitation;
- Documents (on which the analysis is based);
- Methodology;
- Team members;
- HAZOP results:
Reporting principles,
Classification of recordings,
Main results;
HAZOP study worksheet.
- Appendices:
P&IDs (marked),
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 13 /25
List of participants.
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 14 /25
5. Safety Integrity Level (SIL)
5.1 SCOPE & OBJECTIVES OF THE SIL STUDY
The analysis of hazards and risks gives rise to the need to reduce the risk and within the SLC
of the standards this is identified as the derivation of the safety requirements. There may be
some overall methods and mechanisms described in the safety requirements but also these
requirements are then broken down into specific safety functions to achieve a defined task.
In parallel with this allocation of the overall safety requirements to specific safety functions,
a measure of the dependability or integrity of those safety functions is required.
What is the confidence that the safety function will perform when called upon?
This measure is the SIL. More precisely, the safety integrity of a system can be defined as:
"The probability (likelihood) of a safety-related system performing the required
safety functions under all the stated conditions within a stated period of time."
Thus the specification of the safety function includes both the actions to be taken in
response to the existence of particular conditions and also the time for that response to take
place. The SIL is a measure of the reliability of the safety function performing to
specification.
5.2 PROBABILITY OF FAILURE
To categorise the safety integrity of a safety function the probability of failure is considered
– in effect the inverse of the SIL definition, looking at failure to perform rather than success.
It is easier to identify and quantify possible conditions and causes leading to failure of a
safety function than to guarantee the desired action of a safety function when called upon.
Two classes of SIL are identified, depending on the service provided by the safety function
For safety functions that are activated when required (on demand mode) the
probability of failure to perform correctly is given, whilst
For safety functions that are in place continuously the probability of a dangerous
failure is expressed in terms of a given period of time (per hour) (continuous mode).
The probabilities of failure are related to one of four safety integrity levels, as shown in
Table 1:
Table 2: Probability of failure
Probability of failure
Safety Integrity Level (SIL)
Mode of operation – on demand (average probability of failure to perform its design function upon
demand)
Mode of operation – continuous(probability of dangerous failure per
hour)
b A single E/E/PES is not sufficient
4 ≥ 10-5 to < 10-4 ≥ 10-9 to < 10-8
3 ≥ 10-4 to < 10-3 ≥ 10-8 to < 10-7
2 ≥ 10-3 to < 10-2 ≥ 10-7 to < 10-6
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 15 /25
Probability of failure
Safety Integrity Level (SIL)
Mode of operation – on demand (average probability of failure to perform its design function upon
demand)
Mode of operation – continuous(probability of dangerous failure per
hour)
1 ≥ 10-2 to < 10-1 ≥ 10-6 to < 10-5
a No special safety requirements
5.3 SIL CLASSIFICATION
The following methods will be used for Target Safety Integrity:
Risk Graph
Layer of Protection Analysis (LOPA)
Both these methods are included in the IEC61508 and IEC61511 standard. The risk graph is
a qualitative technique, the results tend to be quite subjective and lead to SIL levels biased
on the high side. The Layers of protection analysis technique is quantitative and more
accurate and it is becoming the widely accepted technique for SIL determination.
5.3.1 RISK GRAPH TECHNIQUE
The risk graph method is a qualitative approach to determine the level of integrity required
for the identified Instrumented Protective Functions (IPF) for the project. The approach is
based on the International Electro technical Commission standard, IEC61511.
Risk graph analysis uses four parameters to make a SIL selection. These parameters are
consequence (C), occupancy (F), probability of avoiding the hazard (P), and demand rate
(W).
- Process Safety Risk Analysis
Each loop shall be reviewed on the following basis:
Consequence Severity
Personnel Exposure
Alternatives to Avoid Danger
Demand Rate
The SIL rating is calculated using the response to the 4 questions and the appropriate SIL
level is generated using the IEC risk graph attached in Appendix (6.1).
- Commercial Risk Analysis
Each of the loops reviewed shall be subjected to an Asset Protection Review. This shall be
carried out on the following basis:
Consequence Severity
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 16 /25
Demand Rate
The risk graph for asset / economic loss is provided in Appendix. Before this chart is used, it
must be calibrated for the specific plant it is used on. Consequence severity should
represent the meaningful range of negative impacts towards important asset or economic
objectives (e.g. reliability, replacement or repair costs)
The equivalent CIL rating is calculated using the response to the 2 questions and the
appropriate equivalent CIL level is generated using the IEC risk graph attached in Appendix
(6.2).
- Environmental Risk Analysis
Each of the loops reviewed shall be subjected to an Environmental Review. This shall be
carried out on the following basis:
Consequence Severity
Demand Rate
Environmental protective functions should be assessed against a risk graph that provides
the range of negative consequences with respect to important environmental objectives for
the specific plant, area of operation and local legislative requirements. For example,
violation of discharge permits or flare consents spills of varying magnitude.
The equivalent EIL rating is calculated using the response to the 2 questions and the
appropriate equivalent EIL level is generated using the IEC risk graph attached in Appendix
(6.3).
5.3.2 LAYER OF PROTECTION ANALYSIS
LOPA is one of the techniques developed in response to a requirement within the process
industry to be able to assess the adequacy of the layers of protection provided for an
activity. Initially this was driven by industry codes of practice or guidance and latterly by the
development of international standards such as IEC61508 and IEC61511.
Once the tolerable frequency for a SIF is established, all causes of the initiating event are
listed. For each cause of the initiating event, its likelihood is established. The layers of
protection and associated PFD for each cause are then listed. The mitigated event frequency
for each cause is determined. After each cause is analyzed the total event frequency due to
all causes for the initiating event is determined. The SIL is determined by comparing the
established tolerable frequency (goal) with the total mitigated event frequency.
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 17 /25
5.4 RISK MATRIX
The risk matrix is a method categorizing the frequency or likelihood and severity of a risk
event using multiple qualitative levels. The risk matrix tolerance will represented with risk
matrix. The OMV risk matrix is shown below:
Frequency (Cases Per Year)
E Frequent (> 1*10^-2/year)
D Probable (1*10^-2 to 1*10^-4/year) Intolerable Region
C Seldom (1*10^-4 to 1*10^-5/year) Tolerable if ALARP Region
B Unlikely (1*10^-5 to) Broadly Acceptable Region
A Improbable (<1*10^-7/year)
Consequence Level1
Low2 3 4
5
High
Figure 3: RISK MATRIX
5.5 RISK REDUCTION
It’s important to ensure that the risk reduction achieved for E/E/PES protective layer and
other technologies are sufficient so that the necessary risk reduction is achieved and that
risk is reduced to tolerable levels shown in the Figure below:
Figure 4: IEC - Risk Reduction Model – ALARP Reduction
5.6 RISK ANALYSIS TEAM
The typical SIL classification Team should include the following personnel:
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 18 /25
SIL Facilitator;
Secretary;
Process Engineer;
Safety Engineer;
Instrument Engineer;
Operations Personnel;
Specialist Engineers and Technicians (for example HVAC and Rotating Machinery).
5.7 SIL RECORDING
SIL software tools may be used to facilitate the documentation of the classification process
and the calculation of the IPF loop reliabilities.
The SIL discussion will recorded by the SIL Secretary using dedicated software “LOPA”, It‘s a
tool integrated in the “HAZARD REVIEW SOFTWARE – 2015 VERSION”.
This software leads to:
- A vast integrated Library puts many scenarios (causes, consequences...);
- Various Types of Independent Protection Layers (IPLs);
- Typical Probabilities of Failure on Demand from Literature and Industry;
- Typical Frequencies for Various Types of Initiating Events;
- Complete sets of topics added instantly....
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 19 /25
6. Appendices
6.1 PROCESS SAFETY RISK GRAPH
Figure 1 : IEC Process Safety Risk Graph
- = No safety requirements
NR = Not recommended. Consider alternatives
Table 1: IEC Process Safety Risk Graph DataRisk Parameter Classification Comments
Consequence
(C)
C1 Slight Injury1. The classification system has been
developed to deal with injury and death to
people.
2. For the interpretation of C1, C2, C3 and C4,
the consequences of the accident and normal
healing shall be taken into account.
C2Serious injury or 1
death
C3Death to several
people
C4Very many people
killed
Frequency of,
and exposure
time in, the
hazardous
zone (F)
F1
Rare to often
exposure in the
hazardous zone
3. See comment 1 above.
F2 Frequent to
permanent exposure
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 20 /25
Risk Parameter Classification Comments
in the hazardous zone
Possibility of
avoiding the
hazardous
event (P)
P1Possible under certain
conditions
4. This parameter takes into account:
- operation of a process (supervised (i.e.
operated by skilled or unskilled persons) or
unsupervised);
- rate of development of the hazardous event
(for example suddenly, quickly or slowly);
- ease of recognition of danger (for example
seen immediately, detected by technical
measures or detected without technical
measures);
- avoidance of the hazardous event (for
example escape routes possible, not possible
or possible under certain conditions);
- actual safety experience (such experience
may exist with an identical EUC or a similar
EUC or may not exist)
P2 Almost impossible
Probability f
the unwanted
occurrence (W)
W1
Demand Rate once in
every 30 years or
more.
5. The purpose of the W factor is to estimate
the frequency of the unwanted occurrence
taking place without the addition of any
safety-related systems (E/E/PES or other
technology) but including any external risk
reduction facilities
6. If little or no experience exists of the EUC,
or the EUC control system, or of a similar EUC
and EUC control system, the estimation of the
W factor may be made by calculation. In such
an event a worst case prediction shall be
made.
W2Demand Rate
between 3 – 30 years.
W3Demand Rate
between 0.3 – 3 years
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 21 /25
6.2 COMMERCIAL RISK GRAPH
Figure 2 : Commercial Risk Graph
- = No safety requirements
NR = Not recommended. Consider alternatives
Table 2: Commercial Risk Graph DataRisk Parameter Classification Comments
Consequence
C0No operational upset or
equipment damage
1. Each facility will have specific economic
consequences which should be considered.
These should be established before the
classification commences. Risk graphs should
be selected and calibrated to suit the specific
economic consequences and the local
business model.
C1Minor operational upset or
equipment damage.
C2
Moderate operational
upset or equipment
damage
C3Major operational upset or
equipment damage.
C4
Damage to essential
equipment, major
economic loss or loss of
containment
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 22 /25
Possibility of
avoiding the
hazardous
event (P)
P1Possible under certain
conditions
2. While not used in this example the risk
graph may be adapted to include this
requirement
3. This parameter takes into account:
- operation of a process (supervised (i.e.
operated by skilled or unskilled persons) or
unsupervised);
- rate of development of the hazardous event
(for example suddenly, quickly or slowly);
- ease of recognition of danger (for example
seen immediately, detected by technical
measures or detected without technical
measures);
- avoidance of the hazardous event (for
example escape routes possible, not possible
or possible under certain conditions);
- actual safety experience (such experience
may exist with an identical EUC or a similar
EUC or may not exist)
P2 Almost impossible
Probability f
the unwanted
occurrence
(W)
W1Demand Rate once in
every 30 years or more.
7. The purpose of the W factor is to estimate
the frequency of the unwanted occurrence
taking place without the addition of any
safety-related systems (E/E/PES or other
technology) but including any external risk
reduction facilities
8. If little or no experience exists of the EUC,
or the EUC control system, or of a similar EUC
and EUC control system, the estimation of the
W factor may be made by calculation. In such
an event a worst case prediction shall be
made.
W2Demand Rate between 3
– 30 years.
W3Demand Rate between
0.3 – 3 years
6.3 ENVIRONMENTAL RISK GRAPH
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 23 /25
Figure 3 : Environmental Risk Graph- = No safety requirements
NR = Not recommended. Consider alternatives
Table 3: Environmental Risk Graph DataRisk Parameter Classification Comments
Consequence
C0No release or a negligible
environmental impact
1. Each facility will have specific
environmental; consequences /
regulations which should be
considered. These should be
established before the
classification commences. Risk
graphs should be selected and
calibrated to suit the specific
environmental consequences
and the local business model.
C1Release with minor impact on
environmental – reportable
C2Release with moderate impact on
the environment.
C3Release with temporary major
impact on the environment.
C4Release with permanent major
impact on the environment
Possibility of
avoiding the
hazardous event
(P)
P1 Possible under certain conditions
2. While not used in this
example the risk graph may be
adapted to include this
requirement.
3. This parameter takes into
account:
- operation of a process
(supervised (i.e. operated by
skilled or unskilled persons) or
unsupervised);
- rate of development of the
hazardous event (for example
suddenly, quickly or slowly);
P2 Almost impossible
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 24 /25
Risk Parameter Classification Comments
- ease of recognition of danger
(for example seen immediately,
detected by technical measures
or detected without technical
measures);
- avoidance of the hazardous
event (for example escape
routes possible, not possible or
Probability f the
unwanted
occurrence (W)
W1Demand Rate once in every 30
years or more.
9. The purpose of the W factor is
to estimate the frequency of the
unwanted occurrence taking
place without the addition of
any safety-related systems
(E/E/PES or other technology)
but including any external risk
reduction facilities
10. If little or no experience
exists of the EUC, or the EUC
control system, or of a similar
EUC and EUC control system,
the estimation of the W factor
may be made by calculation. In
such an event a worst case
prediction shall be made.
W2Demand Rate between 3 – 30
years.
W3Demand Rate between 0.3 – 3
years
6.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF INDEPENDENT PROTECTION LAYERS (IPLS)
IPL Type Description
PFOD from Literature
and Industry
PFOD Chosen
for LOPA
Typical Comment for PFOD
BPCS
Basic process control system; automatic control loop independent of the initiating event
10-1 to 10-2 1.00E-01
Used typical value for an automatic control loop in a basic process control system, independent of the initiating event
HAZOP/HAZID/SIL/SIMOPS ToRNO. Rev. 0PAGE: 25 /25
IPL Type Description
PFOD from Literature
and Industry
PFOD Chosen
for LOPA
Typical Comment for PFOD
Human response (10 min available)
Human response with 10 minutes available for response; notification must be independent of initiating event and other IPLs, and operator training must include required response
1 to 10-1 1.00E+00
Used typical value for human response with 10 minutes available for response; notification is independent of initiating event and other IPLs, and operator training includes required response
Human response (40 min available)
Human response with 40 minutes available for response; notification must be independent of initiating event and other IPLs, and operator training must include required response
10-1 to 10-2 1.00E-01
Used typical value for human response with 40 minutes available for response; notification is independent of initiating event and other IPLs, and operator training includes required response
Passive
Passive device (e.g., a dike with good control over drains) that is not required to take an action in order for it to achieve its function in reducing risk
10-1 to 10-3 1.00E-02
Used typical value for a passive device that is not required to take an action in order for it to achieve its function in reducing risk
Relief device
Relief valve or rupture disk (effectiveness is sensitive to service and experience)
10-1 to 10-5 1.00E-03
Used typical value for a relief valve or rupture disk in clean, non-corrosive service; assumes maintenance per industry standards