Gerry Brennan, Lead Principal Consultant, ABB Consulting / Piper 25 Conference June 18-20 2013

Periodic Hazard Review as an essential part of your PSM system

Periodic Hazard Review as an essential part of your PSM system

Contents
Process
Need

Safety Management HAZOP vs HAZID

for periodic hazard review

Techniques:
Learning

points from experience of periodic hazard review

Process Safety versus Personal Safety

Process Safety

Major Accident Hazards

Personal Safety

Slips, trips and falls

Very Unlikely

Possible

What is Process Safety?

The prevention of unplanned & uncontrolled loss of containment from plant and process equipment that might cause harm to people or the environment.

Process Safety Management

Commit to Process Safety

Manage Risk
Operating Safe

Process safety culture Compliance with standards Process safety competency Workforce Involvement

Procedures

work practices integrity and Reliability Management

Asset

Contractor Training

Stakeholder Outreach

and Performance Assurance of Change

Management

Operational

Readiness

Understand Hazards and Risk

Process Hazard

Conduct

of operations Management

knowledge management

Emergency

Identification and Risk Analysis

Learn from Experience

Incident

Investigation and Metrics Management Review and Continuous Improvement

Measurement Auditing

Guidelines for Risk Based Process Safety, CCPS 2007

Why is periodic hazard identification and risk analysis needed?

Plant Safety Performance

Hardware wearout
Learning phase Creeping Changes in plant

Change in people
Loss of corporate memory Accident
Life of Plant

HAZOP

Ongoing risk assessment?

Objective for Periodic Hazard Review

Evaluate controls for the hazards of the process as they are currently understood because

Process changes have introduced new hazards New knowledge on hazard consequences is available Recent incidents have revealed new scenarios Barriers previously credited have changed

HAZOP or HAZID?
HAZOP

Loss of Containment

FAULT TREE

EVENT TREE

HAZID Prevention/Control Measures Mitigation Measures

CONSEQUENCES

CAUSES

Methodology
1.

Split process into sections;

HAZOP node is a process line HAZID node is unit operation, typically 1 or more P&IDs

2.

Describe design intent for node;

operating parameters
key aspects of process control system protective systems, trips/relief's/bunds

3. 4. 5. 6.

Apply guidewords - can it happen? Assess consequences - does it matter?

Assess design safeguards - are they adequate?

Agree actions required to reduce risk

HAZOP Guidewords (IChemE)

No (not, none) More (more of, higher) Less (less of, lower) As well as (more than) Part of Reverse

With appropriate process parameter

Flow Pressure Temperature Level Concentration

Other than
Earlier/later than

Mixing
Etc.

Look for deviations from intent

HAZID Guidewords

Burst

Internal Explosion Overpressure

Runaway Reaction
Impact Corrosion Wear Temperature extreme Vent/Drain Overflow Flange/Seal

Puncture

Weakening

Openings

Look for causes of Loss of Containment

Comparison application to offshore installations

Re-HAZOP of UK and overseas platforms during 20102013

Hazard Study Equivalent days per platform: 90-150 Recommendations for improvement: ~500

HAZID of UK Platforms during 2011-13

Hazard Study Equivalent days per platform: 15 Recommendations for improvement: ~100

Learning Points from experience of periodic hazard review

1. Write down clear Terms of Reference

Scope of review; what is included/excluded

Timescale; duration of commitment;

Team leader; competence Hazard study team; essential disciplines Method; guidewords, recording detail, recording tool; stipulations about safeguards Time required; hours of work; how many days per week? Meeting room; lighting; space; projection; away from the installation Data Gathering; up to date PIDs, process information;

2. Specify the right team

Leader Operations Manager Independent Team Member Operator or Supervisor Process, Engineering / Maintenance

Other specialists as required

3. Choose process node carefully

HAZOP: line or vessel

HAZID: system by system

4. Correct level of detail in records

Example of poor recording

GW

Cause

Consequence

Safeguard

Recommendation

No Flow

Valve closed , etc

Overpressure of Vessel XXXX

Alarm and trip

Consider pressure relief on Vessel xxxx

Individual causes should be detailed. Manual valve HVxxx closed through human error, OR Flow control failure FICxx, OR spurious closure XV xxx

Sequence should be determined Tell the Hazard story. No flow causing build up in pressure this will be slow as feed is low at y m3/min. Overpressure maximum up to 4x design, but as slow rate of pressure rise line leakage at 2 to 3x design. Release of flammable substance into local process area. 1 to 2 fatalities if ignited normal occupancy.

Separate safeguards. Alarm response detailed. Trip tags and actions.

Consider should be avoided. Should detail HAZOP team concern Normal design practice to have pressure relief. Should be a review to determine if relief is required against design requirements and protection required to avoid fatality consequences.

5. Recording: Can Link Hazop to bow tie

GW

Cause

Hazard

Consequence

Sev erity

Safeguard

Recommendation

6. Hazard Study Recommendations

Need to carefully word to avoid confusion

Person given action may not have been at the meeting

Add instructions for securing of double block and bleed isolations on the fuel gas supply line XYZ123 to the Burner 1-B-07 prior to maintenance into plant operating instruction 23, in order to protect against the flow of fuel into the burner and risk of explosion at start-up Complete simple design checks before report is issued Keep a separate list of observations for project team

Use what where why format

Limit the number of actions generated

7. Hazard study followed by LOPA

Hazard study provides the list of initial failures and the risk screening to pick out significant hazard scenarios

Layer of Protection Analysis (LOPA) provides a more detailed risk estimate

Increasingly applied where there is a significant consequence or a Safety Instrumented Function

7 Cont: But there some points to bear in mind..

Scope of LOPA: Only those with a SIF? Which severity level? If HAZOP records are sketchy, lengthy discussion in LOPA is likely Failure sequence not quantifiable: Must be an equipment or human failure

Poor: Operator error Good: Block valves HV1 and HV2 left closed after maintenance

Poor logic in HAZOP: e.g. failure of a safeguard as cause Failure to determine ultimate consequence and hence all safeguards SIF cant be identified as no tag number on HAZOP record

Also other safeguards, e.g. alarms, procedures, relief systems

LOPA is top down from hazardous event, HAZOP is bottom up from cause

Need to cross reference all causes in HAZOP record

8. Evergreen Records and revalidation programmes

Goals:

Accurate, current, detailed description of hazards and safeguards available for reference in ORAs, MOCs Reduce resources demanded for periodic process hazard review

Method:

Update the periodic review record with Recommendations Closures and risk assessment results (such as LOPA); Revalidate the periodic review of hazards, every 5 years

8 Cont.: Revalidation Method

Select first node Ask the following questions

Have all the recommendations been completed? Have the changes since the baseline Hazard Study been fully assessed? Have there been any relevant process safety incidents, has the learning from these been acted upon? Are there any current concerns? Is there any new knowledge or relevant good practice applicable to this node? In view of the above, does the hazard study need repeating?

Repeat over all nodes Table updated and new recommendations in the revalidation report

 ABB Group June 19, 2013 | Slide 24