2.

PROCESS HAZARD IDENTIFICATION

CH4101 Chemical, Biological & Plant Safety
Dr. Foo Swee Cheng
PROCESS HAZARD ANALYSIS (PHA)
Safety in Project Lifecycle
Business risk(concept/ research/ development): Preliminary Hazard Analysis (PrHA)
Identify the hazards and their likely amount in accidents: Siting & layout
Select high consequences processes for further analysis by HAZOP
Design improvement(Process/Piping & Instrumentation Diagram; P&ID): HAZOP
Identify problems that prevent efficient OPERATION
Identify the consequences of process deviations for recommending safeguards
Prevent the causes of deviations/ mitigate the consequences of deviations
Select high consequence scenarios for further analysis by LOPA/ FTA/ ETA/ BowTie
Further design improvement needed? Quantify the risk by QRA
Quantify the risk for improving detailed design: LOPA/ FTA/ ETA/ BowTie
Project: Final design Construction Commission Operation Decommission

CH4101 FooSC
Before PI&D

PRELIMINARY HAZARD ANALYSIS
Risk Anticipation: Consequence Modelling
Qualitative/ semi-qualitative Risk Consequence
Worst Case/ Credible Worst Case
BASIS: Land Use Planning
Site selection/ Plant layout
CH4101 FooSC
PRELIMINARY HAZARD ANALYSIS
Obtain data for PrHA/ plant siting & facilities layout decisions
SDS: Safety Data Sheets
Further testing to provide data not in SDS
Hazardousness rating: GHS categories
Consequence rating: Total amount present in an individual unit
consequence modeling: Define the HAZARD ZONE
Thermal radiation: Pool/ jet fires & BLEVE model
Vapor cloud fires (Flash fires); VCF: Dispersion and fire model
Vapor cloud explosions; VCE: Dispersion and explosion model
Toxic: Dispersion & toxicity model
CH4101 FooSC
JET FIRE ISOPLETHS
CH4101 FooSC
PLUME DISPERSION ISOPLETHS
CH4101 FooSC
VAPOR JET DISPERSION ISOPLETHS
CH4101 FooSC
EXPLOSION ISOPLETHS
CH4101 FooSC
HAZARD LEVELS
Hazard
Level
Definition
Low
One lost time injury
Multiple recordable injuries
Emergency response call-out without injury
Medium
Permanent disabilities within localized
section of process or building
Lost time injuries or hospitalizations outside
of local area
High
One or more fatalities
Injuries or fatalities within community
CH4101 FooSC
HAZARD ANALYSIS: Acceptance criteria
Risk Acceptance Criteria
Extent of
Exposure
Hazard
Level
Layers of independent
Protection Required
Minor on-site
(Use location)
Low
(L)
Normal Controls
Major On-Site
Medium
(M)
One layer of independent non-
procedural safeguards above
normal controls
Major Off-Site
High
(H)
Two layer of independent non-
procedural safeguards above
normal controls
CH4101 FooSC
HAZARD ANALYSIS: Acceptance criteria
M
H
L
M
H
L
Normal
Control
One Independent
Non-procedural Control
Two Independent
Non-procedural Control
H
a
z
a
r
d

L
e
v
e
l

Extent of Exposure
CH4101 FooSC
After P&ID

Process Hazard Analysis
Risk Quantification: Impact Modelling
BASIS: Process Optimization/ Improvement
Engineering/ Maintenance/ Emergency Systems
CH4101 FooSC
High Tank level BPCS: LE1 LCH LCV1
Low Tank level BPCS: LE2 LCL LCV2
High/ Low Tank Pressure BPCS: Vent
Overflow Protection:
Prevention: LE1LIH MV
Mitigation: Vent Dike

IDENTIFY CONTROL LOOPS: GASOLINE TANK
5 control loops: 3 active & 2 passive
T101
Vent
LE1
LE2
LCV1
Tank Truck
LCH
MV
LIH
NRV1
LCL
To
Process
LCV2
NRV2
Control Loop:

Detection (LE1)

Decision (LCH)

Action (LCV1)
LCV1:
Command
failure
LCV1:
Primary failure
CH4101 FooSC
CONTROL SYSTEM FAILURE LOGIC
Example: LCV1 LCH LE1
Final ACTION element: LCV1
LCV1 fails system fails
Failure modes of LCV1
LCV1 Primary failure: LCV1 failed
LCV1 has failed and cannot perform function
LCV1 command failure: LCH or LE1 has failed, LCV1 works
LCV1 fails to perform function as
LCH failed to command LCV1 to perform function
LE1 failed to command LCV1 to perform function

CH4101 FooSC
LVC1 Fails OPEN
LCV1 LCH LE1
Primary
failure
Command
failure
ENV
Corrosion:
High
Humidity
GASOLINE STORAGE TANK:
BEFORE HAZOP
T101
Vent
LE1
LE2
LCL
To
Process
LCV2
NRV2
LCV1
Tank Truck
LCH
MV
LIH
NRV1
CH4101 FooSC
HAZARD IDENTIFICATION: HAZOP REFERENCES
HAZOP: Guide to best practice, 2
nd
ed., IChemE, 2008
Macdonald D, Practical HAZOPs, trips & alarms, Elsevier, 2004
A Guide to Hazard and Operability Studies, Chemical Industry
safety & health council of the Chemical Industries Association
limited, 1979
CCPS, Guidelines for hazard evaluation procedures, AIChE,
2008
Ian Day, Hazop [videorecording] : a team in action CoreMedia
Training Solutions, 1991

CH4101 FooSC
HAZOP METHODOLOGY
Select a study SECTION or NODE from P&ID
Identify OPERATIONAL PARAMETER relevant
eg. Flow; pressure; temperature; concentration
Select meaningful GUIDEWORDS for the parameter
eg. High; low; no; less; more; other than
Combine PARAMETER & GUIDEWORD to form a meaningful
DEVIATIONS
eg. High pressure; low temperature; high flow
Identify possible CAUSES of the deviation
Identify the CONSEQUENCES of the deviation
Evaluate & recommend CONTROL MEASURES for the causes &
consequences
CH4101 FooSC
PROCESS PARAMETERS

CH4101 FooSC
HAZOP GUIDEWORDS

CH4101 FooSC
HAZOP DEVIATION
CH4101 FooSC
HAZOP FLOW CHART
Note Page
CH4101 FooSC
21
HAZOP TEAM MEMBERSHIP
Based on technical specialties
Process Engineering
Operations
Maintenance/ Reliability
Instrumentation
Based on individuals experience/ knowledge in these areas
Inspection/ Materials
Electrical
Safety/ Loss Prevention
Environmental
Packaged Equipment by vendors

CH4101 FooSC
HAZOP
Process Section: Petrol storage tank filling line
Design Intention: Tank T101 to store 6000 m
3
of petrol
Operation Phase: Tank Filling Petrol: MV, LCV1 OPEN, Pump ON
Guide Word: High
Process Parameter: Level
Deviation: HIGH LEVEL
Causes: (1) Petrol supply CONTINUE
(2) LCV1fails OPEN: LCV1-->LCH-->LE1
Consequences: (1) Tank overfill HIGH PRESURE RUPTURE
(2) Tank T101 OVERFLOW
(3) Petrol DISPERSE on ground
(4) Vapor cloud FORMATION/ DISPERSION
(5) FLASH FIRE/ VC EXPLOSION
(6) Pool/tank fire
Safeguards:
(1) MV CLOSED: MV-->HULIH-->LE1
(2) VENT: m1
(3) DIKE (Bund): m3
(4) Foam: m4
(5) Sprinke: m6
Actions: (1) High level ALARM: p2; MV-->HULAH-->LE1
(2) Overflow ALARM: m2; MV-->FA
(3) FOAM: m4; FOAM-->FA
(4) Improve LCV1 reliability: p3
Develop HAZOP
Select parameter: LEVEL
Apply guideword: HIGH
Deviation: HIGH LEVEL
Identify
CAUSES
Consequences
(Exiting) Safeguards
Recommend: Actions
(additional safeguards)
CH4101 FooSC
UPDATED GASOLINE STORAGE TANK:
AFTER HAZOP
T101
Vent
LE1
LE2
LCL
To
Process
LCV2
NRV2
LCV1
Tank Truck
LCH
MV
LIH
NRV1
LAH
CH4101 FooSC
RELIABILITY SYSTEMS
Reliability system representation
A combination of series and parallel network
Series network: System reliability < unit reliability


Any one unit fails system fails
ALL units work system works
Parallel network: System reliability > unit reliability
Redundancy system
Any one unit works system works
ALL units fail system fails
A B C
X
Z
Y
CH4101 FooSC
A B C
OR gate
X Y Z
AND gate
FAULT TREE OPERATORS
Series: OR gate
The output: at least one of the inputs
exists
Parallel: AND gate
The output: if all the inputs exist
IF gate or inhibition gate
Output is generated if
Input exists
Condition C verified
Limnios N, Fault Trees, ISTE, 2007
C
CH4101 FooSC
DRAW FAULT TREE
FROM HAZOP
Process Section: Petrol storage tank filling line
Design Intention: Tank T101 to store 6000 m
3
of petrol
Operation Phase: Tank Filling Petrol: MV, LCV1 OPEN, Pump ON
Guide Word: High
Process Parameter: Level
Deviation: HIGH LEVEL
Causes: (1) Petrol supply CONTINUE
(2) LCV1 fails OPEN: LCV1-->LCH-->LE1

Consequences: (1) Tank overfill HIGH PRESURE RUPTURE
(2) Tank T101 OVERFLOW
(3) Petrol DISPERSE on ground
(4) Vapor cloud FORMATION/ DISPERSION
(5) FLASH FIRE/ VC EXPLOSION
(6) Pool/tank fire
Safeguards:
(1) MV closed: MV-->HULIH-->LE1
(2) VENT: m1
(3) DIKE (Bund): m3
(4) Foam: m4
(5) Sprinkler: m6
Actions: (1) High level ALARM: p2; MV-->HULAH-->LE1
(2) Overflow ALARM: m2; MV-->FA
(3) FOAM: m4; FOAM-->FA
(4) Improve LCV1 reliability: p3
Obtain HAZOP record
Select TOP EVENT:
T101 Overflow
Identify BPCS:
LCV1LCHLE1
Identify Protection:
MVHULILE1
Identify Mitigation:
None
Draw Fault Tree
CH4101 FooSC
T101 OVERFILL: FAULT TREE BEFORE IMPROVEMENT
Minimal Cut Sets:
T = [LCV1+LCH+LE1][MV+HU+LI+LE1]
= LE1 + (LCV1 + LCH)(MV + HU + LI)
= LE1 + (LCV1)(MV) + (LCH)(MV) + (LCV1)(HU) + (LCH)(HU) + (LCV1)(LIH) + (LCH)(LIH)
= LE1 + (LCH + LCV1)(MV) + (LCH + LCV1)(HU) + (LCH + LCV1)(LIH)

Primary
failures
T101 OVERFLOW
T101 LEVEL HIGH
LVC1 Fails OPEN
LCV1 LCH LE1
MV LIH LE1
MV CLOSED
HU
Command
failures
CH4101 FooSC
T101 OVERFILL: EVENT TREE BEFORE IMPROVEMENT
Starting: Tank Level High
CH4101 FooSC
No Overflow
Overflow
LE1 LCH LCV1 LIH HU MV
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
N
N
N
N
N
No Overflow
No Overflow
Overflow
Overflow
Overflow
Overflow
Overflow
Overflow
High
Tank
Level
DEVELOP FAULT TREE BY LOGICAL DEDUCTION PROCESS
Top Event: T101 OVERFLOW
Determine the sequence: T101 filling fails to STOP at pre-set level
FILLING: Petrol to T101 ON MV & LCV1 OPEN T101 Level RISING
T101 OVERFLOW (T101 level RISING) MV fails OPEN LCV1 fails OPEN T101
LEVEL reaches pre-set level
Logic Diagram:

CH4101 FooSC
T101 OVERFLOW
T101
level
HIGH
HU MV LE1 LIH
MV Fails OPEN
T101
Filling
LVC1 Fails OPEN
LCV1 LCH LE1
Petrol to
T101 ON
MV & LCV1
OPENS
LCV1 fails OPEN
MV fails OPEN
T101 OVERFLOW
&


FILLING TANK T101
BPCS
Protection
System
Top Event
CONSEQUENCE OUTCOMES
Depends on plant engineering design/ plant layout/ fire protection
systems/ incident management system; Example:
Consequence Mitigation
Hazardousness control measures: e.g. dike/bund; overflow
detection; spill removal/ vapor suppression system
Ignition control: Electrical hazardous area zoning & equipment
classification
Emergency preparedness & Response
Prevent Escalation (to adjacent facilities)
Thermal isolation: Distancing/ fire proofing/ sprinklers/ water
curtains
Material Transfer
CH4101 FooSC
Tank 912
overfilled
Stage 1: Vapor cloud close to source or within dike/ bund of source
Water curtains
Northgate
Building
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Tank 912
overfilled
Stage 1: Vapor cloud within dike/ bund of source
Stage 2: Vapor cloud covers large part of site (e.g. Phillips 66 explosion/fire: Oct 23, 1989
Pasadena, Texas, USA.)
Water curtains
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Tank 912
overfilled
Stage 1: Vapor cloud within dike/ bund of source
Stage 2: Vapor cloud covers large part of site
Stage 3: Vapor cloud travels offsite site (e.g. Buncefield fuel depot fire, Dec 11, 2005)
Water curtains
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Northgate
Building fire
FIRE AFTER IGNITION
CH4101 FooSC
Tank 912
overfilled
Northgate
Building
AFTER FIRE
CH4101 FooSC
Northgate Building
Fuji Building
VCE DAMAGE
CH4101 FooSC
TANK OVERFILL MITIGATION: EVENT TREE BEFORE HAZOP
Starting: Tank Overflow
Immediate: Flammable vapor with dike/bund
Early: Flammable vapor within site
Delay: Flammable vapor extended off-site
Tank filling stopped after detection/ ignition
Y
N
T101
OVERFLOW
Early
detection
Immediate
Ignition
Early
Ignition
Y
N
Y
N
Y
N
Delay
detection
Delay
Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition,
transfer extra fuel in tank
Stop filling/ start fire firefighting
Stop filling/
start firefighting
Y
N
Small Pool/Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/
insignificant event
Large On-/Off-site
fire/explosion
Stop filling/
start firefighting
CH4101 FooSC
BOWTIE: CAUSE-CONSEQUENCE DIAGRAM
Combining Fault & Event Trees (Before HAZOP)
Y
N
T101
OVERFLOW
Early
detection
Immediate
Ignition
Early
Ignition
Y
N
Y
N
Y
N
Delay
detection
Delay
Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition,
transfer extra ful in tank
Stop filling/ start fire firefighting
Stop filling/
start firefighting
Y
N
Small Pool/Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/
insignificant event
Large On-/Off-site
fire/explosion
Stop filling/
start firefighting
T101 LEVEL HIGH
LVC1 Fails OPEN
LCV1 LCH LE1
MV LE1
LIH HU
MV CLOSED
CH4101 FooSC
GASOLINE STORAGE TANK
After Adding recommendations in HAZOP
T101
Vent
LE1
LE2
LCL
To
Process
LCV2
NRV2
LCV1
Tank Truck
LCH
MV
LIH
NRV1
LAH
LE3
CH4101 FooSC
TANK OVERFILL: BOWTIE (After HAZOP)
Y
N
Stop filling, transfer extra fuel in tank
Transfer spilled fuel in dike
Y
N
T
1
0
1

O
V
E
R
F
L
O
W

Early
detection
Immediate
Ignition
Early
Ignition
Y
N
Y
N
Y
N
Delay
detection
Delay
Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition,
transfer extra fuel in tank
Stop filling/ start fire firefighting
Stop filling/
start firefighting
Y
N
Small Pool/One Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/
insignificant event
Large On-/Off-site
fire/explosion
Stop filling/
start firefighting
Immediate
detection
CH4101 FooSC
LEARNING OBJECYIVES
After the lecture, students should able to
1) Conduct HAZOP studies
2) Construct fault trees, event trees & BowTie diagrams
3) Recommend additional safeguards
4) Decide the adequacy of safeguards

CH4101 FooSC
REFERENCES
HAZOP, Fault Tree & System Reliability
Kletz T. Hazop & Hazan: Identifying & assessing process industry
hazards. IChemE, 1999
Limnios N, Fault Trees, ISTE, 2007 [online]
Hoyland A, System reliability theory: models & statistical methods,
John Wiley, 1994 [online]
Modarres M, What every engineer should know about reliability & risk
analysis, Marcel dekker, 1993
Nolan DP. Safety & security review for the process industries:
application of HAZOP, PHA, what-if & SVA reviews. Elsevier Science,
2011 [online]
Day I, Hazop [videorecording]: a team in actionCoreMedia, 1991
CH4101 FooSC
END
CH4101 FooSC