RD 48-022 - Supporting Checklists For HAZOP - 16may Update

Reference Document
RD 48-022
Supporting Checklists for HAZOP
Use and Interpretation of this document

Copyright © 2015 BP International Ltd. All rights reserved.
This document and any data or information generated from its use are classified, as a minimum, BP Internal.
Distribution is intended for BP authorised recipients only. The information contained in this document is subject
to the terms and conditions of the agreement or contract under which this document was supplied to the
recipient's organisation. None of the information contained in this document shall be disclosed outside the
recipient's own organisation, unless the terms of such agreement or contract expressly allow, or unless
disclosure is required by law.
Applicability: Upstream
Issue date: 14 Sept 2015
Issuing authority: Upstream Process Safety SETA
Content Owner: Upstream HAZOP LOPA SME
Legacy identifier RD 48-022
Page 1 of 29 14 Sept 2015

RD 48-022
Table of Contents
............................................................................................................................. Page (TOC Page)
List of Tables

RD 48-022
Foreword
This is the first issue of Reference Document RD 48-022. The contents of this RD are
informative and intended to supplement GP 48-02[6]. The contents were based partially
on the tables in the 2008 version of GP 48-02.

RD 48-022
Introduction
The tables and checklists in this document were designed to be used as references during
a HAZOP. The tables enclosed:
 Provide a memory aid for developing causes and consequences in HAZOP
 Summarise sub-elements included in ”control loop failure”
 Give some guidance on utility nodes and deviations.
 Provide Human Factors and Facility Siting Checklists which can be used to
supplement a HAZOP.

RD 48-022
Scope and exclusions
This RD provides guidance tables and checklists for use as reference during the
preparation and conduct of HAZOP.
Terms and definitions
For the purpose of this RD, the terms and definitions from GP 48-02 and GP 48-03 apply.
Symbols and abbreviations
For the purpose of this RD, the following symbols and abbreviations apply:
AIS Automatic identification system
UV Ultraviolet
BPCS Basic process control system.
DP Differential pressure.
ESD Emergency shutdown.
HAZID Hazard identification.
HAZOP Hazard and operability (study).
HIPO High potential (incident).
HP High pressure.
I/O Input/output
I/P Instrument/Pneumatic
LOPA Layer of protection analysis.
MOC Management of change.
MSDS Material safety data sheet.
NPSH Net positive suction head
P&ID Piping and instrumentation diagrams.
PFD Process flow diagrams.
PHA Process hazard analysis.
PSI Process safety information.
PSV Pressure safety valve
QRA Quantitative risk assessment.
REWS Radar early warning system
R&M Refining and Marketing.
SIF Safety instrumented function.
SIL Safety integrity level.

RD 48-022
SIMOP Simultaneous operation.

SIS Safety instrumented system.
TOR Terms of reference.
Reference tables and checklists for HAZOP
4.1.1 Deviations and causes

Table 1 and Table 2 can be used as memory aids during HAZOP team
brainstorming.
Table 1 covers causes and potential safeguards for parameter deviations such as no
or low flow, high pressure, etc. Table 2 covers causes and potential safeguards for
other deviations such as equipment integrity, instrumentation, etc.
Since process parameters are often interrelated, many causes can come up under
more than one deviation. For easier use of the HAZOP as a reference, a good
technique is to include the cause in its most logical location. To increase consistency
in HAZOP and minimise redundancy in the tables, not every possible cause was
listed with each deviation. Cross referencing is included.
Generic causes are listed in the tables. Causes in an actual HAZOP can be
specifically defined with appropriate equipment names and tag numbers.
Table 1 lists each applicable guideword deviation for the parameters in order of flow,
pressure, temperature, viscosity, mixing, and reaction. There is no intent to imply that
deviations are used in that order or that each of the deviations listed are used and/or
documented for each node.
Table 2 lists other deviations which can be appropriate for use in global or section
nodes or in other nodes. The deviations are listed in an order of application which
can be useful in a global or section node. Again, there is no intent to imply that each
of the deviations listed are used and/or documented for each node.
It can be very helpful to future HAZOP users and teams to leave some notes on why
certain deviations were not covered. For instance, if no flow and high pressure for a
node are very interrelated, the team may choose to cover only one of the deviations.
A reference note can help someone looking for a scenario. A good place to put such
reference notes is in the node intention.
It can also be helpful to be clear in the node name and/or description as to the type
of node, for example, “Separations section node” or “Tank 123 - by analogy to tank
122.”
4.1.2 Control loop failure

“Control loop failure” is the generic term used in Table 1 and Table 2 and in HAZOP
execution to cover failure of any sub-component of a control loop. Where ‘open’ or
‘closed’ are listed, this also covers partial closure of the valve. Table 3 - summarises
typical sub-component failures and potential safeguards for team information.
Where complicated controls are involved, the HAZOP can list each controller to
investigate control system response issues. The LOPA value for control loop failure
is conservative and only the final loop failure is taken to LOPA and understood to be
the combined cause for all BCPS component failures potentially affecting the loop.
For example, a ratio control which cascades to a flow control can be listed as two
separate failures in the HAZOP. The flow control failure would be taken to LOPA
and assigned the BCPS failure value.

RD 48-022
Where instruments are listed in the ‘Potential Safeguards’ column, the

finished safeguard used in HAZOP also includes intended response either from
operator response to alarm or automated system.
Some generic ‘causes’ listed in the table such as ‘water hammer’ or ‘surging’ are
common phenomena in some operations, but are really consequences of more
detailed causes. If one of these generic causes leads to an LOPA level
consequence, the team can investigate further until initiating causes with defined
LOPA frequencies or historical frequencies are reached.
Comments on use of the tables are shown in green italic.
4.1.3 Utility systems and deviations

Table 4 gives guidance on node selection and the depth of coverage for different
utilities. It would primarily be used in planning the HAZOP. The suggested
deviations and other considerations can be used for reference by the HAZOP team.
4.1.4 Facility siting and human factors checklists

Table 5 is a Facility Siting checklist. Table 6 is a Human Factors checklist. These
checklists can be used during the planning or execution of HAZOP.

Table 1 - Parameter Deviations: Causes and Potential Safeguards
Deviation Generic causes (1) Potential Safeguards (2) &

Comments
More flow Control loop failure towards open Flow meters which can indicate
Bypass valve open increased flow. Limitations:
Focusing on flow Increased pumping capacity Worn (enlarged) dP meter
through 1 orifice plate or cross-section
Larger impeller installed (where a similar larger impeller is will result in meter reading
identified line per easily available)
deviation is lower than actual flow.
helpful in Operation of pumps in parallel Level trends which can indicate
keeping Reduced delivery head high rate of increase in
discussion Increase in fluid density destination or high rate of
organised. decrease from source.
Restriction orifice
Focus discussion
Worn - watch for common mode failure with flow meters in
on actual flow
erosive service.
(not measured
flow) through the Removed
intended line. Eroded choke valve
Well kick
Slug flow (3)
Increased flow from upstream process (3)
Wrong valve open or passing - can also result in Less flow
somewhere else.
More PSVs lined up than design (example: flare design based
on 2oo3 PSV valves lined up but all 3 lined up)
Exchanger tube leaks - see Composition and Contamination
See also causes listed in misdirected flow.
Less, low or no Control loop failure towards closed Flow meters which can indicate
flow Remote valve loop failure closed reduced flow.
Manual valve throttled Fouling of dP meter orifice
Focusing on flow plate or cross-section will
Fouling of orifice plates, lines, valves, or exchanger tubes - result in meter reading high.
through 1 watch for common mode failure with flow meters in fouling
identified line per service. Level trends which can indicate
deviation is low rate of increase in
helpful in Strainer or Filter fouled destination or low rate of
keeping Pump failure - mechanical or electrical decrease from source.
discussion Pump cavitation or Inadequate NPSH
organised.
Change in fluid density (3)
Change in viscosity (3)
Competing pump heads and flows or incorrect pressure
differential
Check valve stuck towards closed
Wrong valve open or passing - may also result in Misdirected
or More flow somewhere else.
Surging
See also causes listed in misdirected flow and high pressure.
Misdirected Valve open in error or leaking Flow meters which indicate
flow Drain or vent valve open in error or leaking increased flow to misdirected
location.
Rupture disk / relief valve leaking/ruptured
This is a good Flow meters which indicate
deviation to use reduced flow to intended
for flow through location.
lines which do Level trends which can indicate
not normally see high rate of increase in
flow. misdirected location.
Rupture disk burst indicators
Temperature or other indicators
of relief valve lift

RD 48-022

Comments
Reverse flow Describe line up and/or conditions needed for reverse flow. Level trends in tanks
Incorrect differential pressure (pump shutdown, competing Check valves - list where some
Ask “How could pump heads, etc.) leakage is tolerable; these are
we get reverse Siphon effect not usually bubble tight or
flow in this line?” positive shutoff devices.
In-line spare equipment inadvertently lined up
Pressure indications and
Malfunctioning, omitted, or wrong type of check valves (check comparisons in system
valves most often safeguards against reverse flow but can be
causes where a pressure differential frequently exists) Pressure differential interlock
On compressor, inter-stage valve doesn’t close. Low pressure or flow from
compressor
Connections to utilities (e.g., water, N2, or flush systems)
Wrong Ratio/ Specific human error which causes the deviation - example: Temperature, pressure, or flow
Composition testing error resulting in wrong setpoints entered into indicators
controllers. Sample or analyser results
Control loop failure - where complicated controls are involved,
can list each controller to investigate control system actions
(i.e.: ratio control loop failure (master) and flow control loop
failure (cascade)
Leaking valves or exchanger leaks from systems with similar
materials (if very different, better covered in “contamination.”)
Change in feedstock composition
process upset upstream
purchased raw material composition change (out-of-spec or
permanent change)
Tower tray damage
Wrong recycle or reflux ratio
Density layering in tanks and changes which can cause mixing
or reversal of layers.

RD 48-022

Comments
Contamination Leaking valves - from interfaces with materials which don’t
belong in the line or equipment under conditions studied. On-line analysers
Air, water, nitrogen Sample results
Other process materials
Ingress of air - leaking flanges or valves for systems under Pressure indications
vacuum
Exchanger tube leak/rupture - where heating/cooling media is
a different fluid
Contamination of feedstock - look for interfaces where
contamination could occur in upstream processes, ask
suppliers about possible contamination (off-spec material)
Process control upset - reaction intermediates, reaction by-
product’s, material not removed, precipitates
Contaminants from corrosion (Rust, materials in alloys)
Wrong additives or catalysts - look for other available
Clear labelling and storage
materials onsite or available from supplier in similar containers
procedures
which could be charged instead.
Catalyst poisons - look for available materials which could
poison catalysts
Materials introduced during shutdown - such as water or
solvent flush remaining in system
High pressure Causes which block flow Inherently safe equipment

Pressure control loop failure design pressure
Control valve closed Specification of pipes, vessels,
fittings, and instruments
Remote valve closed
Pressure indications
Manual valve closed
Slip blind installed from earlier shutdown (cover if installing
blind is regular and predictable)
Spectacle or figure 8 blind in wrong position
Check valve installed backwards (typically start-up issue)
Plugged line from severe fouling
Surge problems
Leakage from interconnected HP system (HP to LP interface) Level indicator on level
preventing gas breakthrough
Gas breakthrough
Thermal overpressure
Positive displacement pumps
Increased centrifugal pump suction pressure - start up of
spare pump Gauges available for
troubleshooting ejectors
Failure of ejector (educator) system
Excessive heating
Heating or mixing results in flash vaporization (water and hot
process material)
Exchanger tube or gasket leak from higher pressure system Oxygen analysers in vacuum
systems where air ingress is a
Flange leakage in system under vacuum concern
Where overpressure protection has a relief device to
atmosphere, the secondary consequence is also evaluated.
This can also be covered in Leak/Rupture.
See also causes in High Reaction.
Page 10 of 29 14 Sept 2015

RD 48-022

Comments
Less/low Pumped fluid Pressure indications
pressure Restricted pump Vacuum relief
Inadequate NPSH
Cooling
Condensation
Gas dissolving in liquid
Compressor suction line restriction
Blockage of blanket gas
See also causes listed in rupture/leak.
Vacuum Latent failure in vent/blanket system - will pull vacuum on next
pump out or cool down
To use this Block in vent or blanket system Inspections and historical
deviation, ask Fouling in vacuum relief device(s) performance
“How can we pull Relief device removed for maintenance and flange covered CoW procedures and training
a vacuum on this with board or plastic
system?”
Error in vessel or column drainage procedure (done too fast, Procedures and training
etc.)
Vacuum relief
Rapid lowering of temperature (Example: purge hot line with
cold nitrogen)
Compressor suction line blocked - manual valve blocked in Vibration alarms/shutdown
error or loop failure
High Temperature control loop failures Temperature alarms/shutdowns
temperature Cooler failures
Loss of cooling media flow - blocked valves, loop failures,
etc.
Cooling media too hot - problems in service temperature
control
Fouled exchanger tube or shell
Air cooler malfunction
Heater failures
Cooling media too hot - problems in media temperature
control
Heating medium (or media?) leak into process - exchanger
tube failures, seal failures
Heat tracing failure
Abnormal or non-standard operations - describe specific
operation/failure such as decoking temperature control failure
or regeneration temperature control failure
Exothermic reaction - mixing acids/bases, etc.
Internal fire - if materials identified which are susceptible
Pressure relief
External fire - consider for vessels within 30ft/10m of solid floor
Hot weather operations
Low flow or concentration of reaction diluent
See also High reaction and High pressure
Page 11 of 29 14 Sept 2015

RD 48-022

Comments
Low Temperature control loop failures Temperature alarms/shutdowns
temperature Cooler failures
High cooling media flow - loop failures, etc.
Cooling media too cold - problems in service temperature
control, too many fans on in cooling tower, etc.
Cooling media leak into process - exchanger tube failures,
seal failures
Heater failures
Fouled exchanger tube or shell
Low flow or high back pressure
Loss of heating media flow - blocked valves, loop failures, can indicate fouling
etc.
Heating media too cold - problems in media temperature
control
Reducing pressure (Joule-Thompson effect) - Depressuring
compressed or liquefied gas
Endothermic reaction
Cold weather operations
Heat tracing failures - too cold, power off, steam blocked, not
well connected to pipe/vessel, missing insulation
Missing insulation on vessels/piping
See also Low reaction
High level Level control loop failure towards low outlet flow or high inlet Level trends in source or
Consider how flow destination vessels
the vessel could Faulty level measurement (reading low) - incorrect calibration, Discuss where liquid will go if
be overfilled. fouling of sensor or instrument tap. flow continues unchecked (no
Level taps not blown clear when frequent clearing is intended safeguards) and process
(for plugging systems). indicators.
Outlet isolated or blocked Separate level indication on
same vessel:
Inflow greater than outflow
Look for common mode
Flow from other source failure of instruments or
Reverse flow from somewhere else (vent or flare header, etc.) system (model/type, solids,
Density change etc.)
Liquid in vapour lines - look for low points which can When levels don’t match, how
accumulate liquid and potentially lead to water hammer and/or are they checked ?
slug flow to flare Manual gauging - typically
Common mode issues can also be considered in limited to atmospheric vessels
instrumentation. with long process safety time
No/low level Level control loop failure towards high outlet flow or low inlet Level trends in source or
flow destination vessels
Faulty level measurement (reading high) - Incorrect Separate level indication on
calibration, fouling of sensor or instrument tap same vessel
Level taps not blown clear when frequent clearing is intended Look for common mode
(for plugging systems). failure of instruments or
Inlet flow stops system (model/type, solids,
etc.)
Outflow greater than inflow
When levels don’t match, how
Density change are they checked ?
See Leak/rupture and Misdirected flow
Common mode issues can also be considered in
instrumentation.
High viscosity Longer polymer chain Temperature indication
Can be used if Material composition different than normal or expected - more Composition analysis
viscosity affects solids, etc. Viscosity analysis
system Material colder than intended
performance.
Page 12 of 29 14 Sept 2015

RD 48-022

Comments
Low viscosity Shorter polymer chain Temperature indication
Can be used if Material composition different than normal or expected - less Composition analysis
viscosity affects solids, etc. Viscosity analysis
system Material warmer than intended
performance.
More mixing Agitator running too fast Agitation speed indicator

Agitator runs longer than intended - are foaming or emulsions BPCS prompts or recipe stop of
possible? agitator.
Mixing when none intended
No/low mixing Agitator running too slow or not turned on BPCS prompts or recipe start or
Agitator electrical failure stop of agitator.
Agitator mechanical failure - loss of drive or coupling, etc. Power monitor can detect
electrical failure
Agitator blades missing
Amp monitor can detect loss of
Baffles missing, corroded or misaligned work
High reaction Reactor control failures Temperature and pressure
High flow of limiting reagent indication and trends
Typically use this Wrong ratio of reactants On-line analysers
deviation for high Reactor hot spots Sampling
rates of an
intended reaction High reactor temperature - temperature control failure or
other
Excessive catalyst
Runaway reaction or decomposition - discuss failures which
can induce
Pooling of reactants (low reaction) followed by restart of
reaction
Critical temperature or pressure reached
Low or no Reactor control failures Temperature and pressure
reaction Low flow of limiting reagent indication and trends
Wrong ratio of reactants On-line analysers
Low and No can Reactor cold spots Sampling
be separated if
consequences Low temperature
are very different Insufficient catalyst
Insufficient amount of 1 reactant
Channelling - can lead to low reaction in some areas and high
reaction in others
Poisoning of reaction - contaminants, water, etc.
Reverse Identify parameter upsets which can reverse equilibrium Temperature and pressure
reaction reactions such as: indication and trends
Product not removed On-line analysers
Insufficient excess of reactant Sampling
Side reaction Identify parameter upsets which can favour a different reaction On-line analysers
than intended Sampling
high/low temperature or pressure Temperature and pressure
high/low concentrations of minor components in feedstock indication and trends
Wrong reaction Incompatible chemicals mixed Temperature and pressure

Wrong material charged indication and trends
In drain systems Analysers for potential
hazardous off-gas.
Simultaneous spills of incompatible materials
Page 13 of 29 14 Sept 2015

RD 48-022

Comments
More time - too Inspect key sequence steps and identify possible steps which Indicating instruments and
long/too late are time dependant such as: operator action
Manual operation delayed (distractions, operator error)
Control sequence waiting for parameter to reach certain
setting but it doesn’t happen (example: charge stops when
level reaches x in a tank - can stall if line-up is incorrect)
Timers set too longup
Batch reaction taking longer than expected - can material
become unstable?
Material added too late
Heating/cooling turned on/off too late
Less time - too Inspect key sequence steps and identify possible steps which Operating checklist
short/too early are time dependant such as: Prompting by control system for
Timers set too short next step.
Step advanced too fast Recipe programming
Material added too early
Heating/cooling turned on/off too early
Step omitted Inspect key sequence steps and identify possible steps which Operating checklist
could be omitted due to memory lapse, distractions, etc. such Prompting by control system for
as: next step.
material not added Recipe programming
filter not installed Valve key lock systems can be
blanket or vent system not lined up used for some manual
sequence systems (example:
pigging)
Wrong order Inspect key sequence steps and identify possible mistakes Operating checklist
such as: Prompting by control system for
Draining before venting next step.
Opening before venting/draining Recipe programming
Adding chemicals in wrong order Valve key lock systems can be
used for some manual
sequence systems (example:
pigging)
Step incomplete Inspect key sequence steps and identify possible mistakes
such as:
Half a charge Operating checklist
Washed but not rinsed or dried Clear definition of parameters to
Incomplete isolation achieve before moving to next
Step not completed due to communication error (shift step.
handover, unclear responsibilities)
Lack of clear information/indication that step intention
achieved
Additional Inspect key sequence steps and identify possible mistakes

action, SIMOPS such as:
Material added twice
Materials added simultaneously instead of separately
Other operations which could occur simultaneously and
affect sequence.
Page 14 of 29 14 Sept 2015

RD 48-022

Comments
Wrong step Inspect key sequence steps and identify possible mistakes
such as:
Blocked instead of opened or vice versa Clear procedures plus training.
Opened or closed the wrong valve (right action, wrong Feedback from process to
place) control operator (limit switch,
Started or stopped the wrong pump flow change, etc.).
Wrong filter installed Clear labelling and storage
Wrong additive added identification of chemicals and
parts.
Low separation Low residence time

Interface level control failure
Can be useful to Level control failure
study separators
Holes in dividing weir
Emulsion forms [3]
Another layer forms at interface (polymer, napthenate, etc)
reducing residence time and impeding separation[3]
Density changes causing layer inversion - can any conditions
or contaminants cause?
Low temperature
High/low Pigging - High/low velocity can reducing liquids removal or Display calculated velocity
velocity chemical spreading efficiency.
Can be useful to Inching valve
study pigging or Velocity limitations
piping with
velocity Identify piping where high velocity could damage protective
restrictions corrosion film (sulphuric acid, etc.)
Notes:
1. Generic causes are listed in this table. Causes in an actual HAZOP can be specifically
defined with appropriate equipment names or numbers.
2. Where instruments are listed, safeguard would also include intended response either from
3. If cause listed leads to LOPA level consequence, investigate further until initiating causes with
defined LOPA frequencies or historical frequencies are reached.
Page 15 of 29 14 Sept 2015

RD 48-022
Table 2- Other Deviations: Causes and Potential Safeguards
Deviation Hazard category & Generic Causes (1) Potential Safeguards (2)
Leak/rupture Discuss different types of leaks and consequences in Toxic gas alarms and actions
processing areas with the focus on detection and emergency Liquid containment HVAC
response. shutdown - manual or automatic
Covering early in
study can avoid Note that most of these ‘causes’ will not go to LOPA as they Evacuation procedures and
repetitive start with a release. assigned responsibilities.
discussion of leak Spurious lift of PSV - this cause can go to LOPA if Drills - tabletop or simulated
detection and consequence is significant.
mitigation in later Multiple exits
deviations. Marking of escape routes
Deviation can fit Visible wind socks
well in section
Identified safe havens and
node
muster points
Communications method during
emergency
Breathing air
For people remaining in
controlroom
Escape air packs
SCBA’s
ESD valves
Isolation valves outside of
potential impact area and
procedures/responsibilities to
operate.
Prior incidents Briefly summarize the causes and consequences of prior
relevant incidents in the HAZOP tables. Can search company
HIPO datebase as well as local tracking system. Can search
A list of relevant web for incidents in similar operations
incidents can be Relevant safeguards in the
prepared prior to Discuss failures which occurred in prior incident.
system under study which could
the HAZOP. Keeping prior incidents together in one node can improve prevent a similar incident.
usability of the HAZOP for reference.
Relief Path for relief impaired Key lock valves

impairment PSV left isolated Strong administrative control
Impairment of Failure of switching valve below parallel PSVs (left so both system on blocking valves
common systems paths restricted - note: recommended valves for this
can fit nicely into service maintain an equivalent flow area throughout the
in global or switch.
section node.
Cover early if Hydrates form downstream of PSV [3]
HAZOP will be Plugging upstream, downstream or impairing PSV (solids,
plating, polymer formation, corrosion, etc.) Pressure indicator between RD
combined with
and PSV to indicate leakage
LOPA to inform Rupture disk leaking under PSV
PFD used in
Valves blocked in header or knock out pot system
LOPA. MOC procedures and
Error or change vs. design conditions verification
Can also be
useful for Rupture disk installed backwards
evaluating a Temperature outside design conditions
single PSV. Process change affecting relief requirements
High backpressure on PSV versus design [3]
Two phase flow versus single phase used in design
Liquid in gas relief system
PSV lifting frequently
Page 16 of 29 14 Sept 2015

RD 48-022
Equipment Internal or external corrosion Appropriate inspections and
integrity Corrosion under insulation testing (discuss specific)
Embrittlement Cathodic piping protection
Suggest Stress corrosion cracking Material specifications and
equipment historical corrosion data
integrity be Subtle composition change
Corrosion inhibitors
discussed in Possible contaminants (e.g., chlorides, H2S, water,
most mercury or ammonia)
nodes/sections. Failure of active protection systems - cathodic, etc.
Equipment Loss of corrosion inhibitor
mechanical Dead leg management
Dead legs
reports can
Wrong material installed Positive material identification
inform potential
issues. Erosion Calculate and display velocity
High fluid velocities where significant
Sand breakthrough
Other solids
Stress & Fatigue Vibration calculations
Vibration Size and material specifications
Small bore pipe Procedures to limit rate of
Temperature cycles temperature cycle (refractory or
piping growth.
Flange tightening after
temperature cycle.
Other Gasket and torque guidelines.
Flange failure Leak monitoring
Failure of tank or basin liners PSV discharge monitoring
Spurious opening of relief device
Water hammer or surging - are there past symptoms of
water hammer?
Stagnant or low points (liquids, freezing)
Structural damage
Abandoned or out of service equipment Mothballing techniques
Leaks from equipment Monitoring of out-of-service or
Process material leak into equipment off-line equipment (level,
pressure, temperature)
Equipment operating outside acceptable limits - normally
cover in other deviations such as high/low temp, pressure, and
level.
Page 17 of 29 14 Sept 2015

RD 48-022
Global or Cover individual no/low, more flow, etc. of utilities in process Process parameter affected
system utility nodes where they are connected. (Example: nitrogen blanket such as blanket pressure or
failure system or water to a specific exchanger.) Exception: local exchanger temperature.
Loss of utilities instrument air failure is considered part of loop failure.
supporting the Cover widespread loss of utilities in section or global nodes.
process covered Instrument air
with the process Utility pressure or flow
nodes. Steam
Separate nodes Nitrogen
can be used to Water systems
cover issues in Heating and cooling media
the utilities. See
Hydraulic power
Table 4
Electrical - blip and longer failure Back up communications
Telecommunications systems. See GP 59-02[10]
HVAC systems - loss of, contamination of UV light can kill mold and
See Table 4 for guidance on covering issues in utility systems. bacteria in HVAC systems
Safety and control system failures covered in CHAZOP, see
GP
Sampling Effect on process Calibration of automatic

Not sampled - if no consequence, is sampling necessary? samplers
Use this deviation Failure of on-line sampling system Analysis of trends
for nodes with Sample system fouled.
sampling
operations. If Failure of any active components of the system
sampling (pump, vacuum pump, etc.)
systems are very Failure of on-line analyser
similar, can be a Left in calibration mode
candidate for
Fouling of sensors
covering in a
section node. Analysis result takes too long
Incorrect analysis result
Sample from wrong place for intended analysis (not
representative or not consistent) Sampling procedure
Sampling personal hazards Sample apparatus which
Risk of sampling (e.g., hot or cold, HP or LP, or toxics) minimizes potential for
Too much comes out too fast personnel exposure
Hazards of gauging tanks or silos Industrial hygiene (personnel
monitoring)
Environmental
Appropriate PPE
Sample disposal - appropriate under normal & upset
conditions? Inspection and test plan for
sample containers
If sample is for environmental compliance, what happens if
the result is out-of-spec? Spill and leakage monitoring
Page 18 of 29 14 Sept 2015

RD 48-022
Instrumentation Automatic versus manual control - are any systems routinely Correct system to run as
and control run in manual when automatic control was designed? designed or manage change to
systems Cascade versus automatic control - are any systems routinely reflex new intended operation
run in automatic when cascade control was designed?
Can fit nicely into Common mode failure of instruments (example - multiple level Diversity in instruments
in global or indicators using dP measurements in fouling service) appropriate to potential
section node. Alarm overload - too many alarms due to: consequence.
Unstable process Alarm prioritization and
management - systematic
Running too closely to alarm conditions review of trends of received
More alarms specified than needed alarms.
Expansion of control duties resulting in more alarms than
reasonable per shift
Potential confusion between instruments on similar or parallel Clarity of labelling
systems
Confusion over information on computer systems (example:
graphics too busy, not designed for colour blind people, Good control display design See
incorrect displays). GP 30-45.
Complexity of instrumented controls or interlock system can Troubleshooting procedures and
confuse operators when an error occurs. table top drills.
Auto restart of interlock. (Example: auto restart of system after Manual restart.
low pressure interlock clears. Can release process material if
equipment is breached in pressure excursion.
Process upset takes parameter out of transmitter range Transmitter ranges reflect
potential upset conditions.
Alarms before range exceeded.
Maintenance Work on live systems Appropriate approval procedure

Hot and/or cold taps including engineering
calculations.
Discuss key Hot bolting
maintenance to Equipment isolation and clearing
be done and then Equipment LOTO procedures,
identify potential Isolation errors (blinding, valve in incorrect position or including isolation lists
issues (errors in passing)
Appropriate PPE
procedures, Draining errors
equipment Industrial hygiene (personnel
Purging errors monitoring)
failure)
Cleaning error (residue)
Some
Drying error
maintenance
issues can be too Risk of fire during prep/downtime/maintenance
complicated to Leak during hot bolting Fire prevention procedures
cover in one Metal or packing fires
deviation. Fire watch procedures
Additional Pyrophoric materials
deviations or Confined space Rescue plans and training.
nodes can be Asphyxiation or toxic risks
used.
Egress issue or barrier Appropriate approval
Pressure testing procedures
Pneumatic pressure testing
Hydraulic pressure testing
Accessibility/Ergonomics
Room for removal of large or heavy equipment (example: Plan for access
exchanger bundles) Hoist or room for portable lifting
Heavy load equipment
Disposal of residue or removed equipment
Hazardous Frequently used
General Long lead time spares stocked
Spare not available
Page 19 of 29 14 Sept 2015

RD 48-022
Occupational Conditions identified which could result in: Procedures, training,
safety Slips, trips & falls at grade inspections
Systemic housekeeping issues
This deviation Shortcuts across uneven ground
can be used if
specific issues Access to equipment requires crossing piping or other
are identified obstacles
during walk- Falls from elevation
through or come Poor condition of grating/handrails
up in HAZOP.
Access to frequently used equipment
Uses scaffolding, portable ladders, or portable
equipment.
Involves leaning outside handrails.
Restricted egress
Temporary equipment in the way and left for long periods.
Personnel exposure to chemicals Industrial hygiene monitoring
Filter changes
Low velocity in lab ventilation hoods
See Sampling.
Human Factors Inability to read instruments needed for a task (example: level Change to two person activity or
indication not visible from pump switch or block valve). relocate instrument
Can fit well in Inconsistency between similar systems or operations (e.g., Independent verification
global or section layout, labelling, operation action, or instrument spans)
nodes. Gauging operations - access for dipping tanks, weather
Can review Confusing signs and labelling
human factors Miscommunications
checklist (Table Good practice in radio
6) as a team Between operators commands (confirm start pump
exercise, then Between operations or company interfaces xyz)
explore issues Confusion on operation of valves Communications protocol
found in this between companies
Clarity and immediacy of feedback on changes made
deviation.
Soliciting input “Workaround” techniques used to manage equipment or
from operators to process problem
compile prior to See Instrumentation and Occupational safety.
review can be See Table 6
effective.
Facility Siting Fresh air intake affected vehicle exhaust Restrict parking in area or
Identify types of releases which could reach building (ex: large relocate fresh air intake.
Can review leak in separations area). Automatic HVAC shutdown
facility siting Deterioration of building control measures Confirm building designed for
checklist (Table Loss of positive air pressure identified potential releases
5) as a team (potential blast load, protection
exercise, then Doors propped open from toxic chemicals)
explore issues Penetrations not sealed
found in this Structure of blast wall compromised (piping or other
deviation. routed through structural member)
Discussion of
occupied
buildings can be See Leak/rupture.
included in global See Table 5.
or section nodes.
Page 20 of 29 14 Sept 2015

RD 48-022
Ignition Open flames Ability to shut off fuel in the
Flares event of a release
Deviation can fit Pilot lights Permit procedures
well into global or Fired heaters
section node.
Hot work/welding
Electrical
Failure of earthing (grounding) systems
Equipment not rated for electrical zone Appropriate inspections and
testing (discuss specific)
Loss of purge to panels
Lightning
Lightning rods
Static
Splash filling of vessels (low conductance)
Temporary earthing not connected - charging,
loading/unloading Grounding procedures
Insulated vessels, strainers, or other Ground indication for
loading/unloading
Level below educator discharge in vessel
Grounding straps and
Dust generation or build-up in or outside equipment procedures for manual charges.
Other
Hot surfaces
Vehicle traffic
Metal fires where materials are susceptible (diethyl
aluminium, steals in oxygen service, magnesium, etc.)
Non-Standard Any operation which requires bypassing of interlocks Monitoring of ‘out-of-service’
Operation Using back-up equipment of different type or line-up (example: equipment (temperature,
This deviation steam turbine driven pump instead of normal electric) pressure, etc.)
may generate Re-processing out-of-spec materials Controls for different modes
other entire configured in control system
nodes to cover Purging or flushing before or after maintenance
Parameters/operating screens
complex Reverse flow for filter cleaning which make it obvious which
operating modes. Regeneration mode is in progress.
Decoking Operator checklists used
Pigging
Removing solids from equipment
Running with part of unit down
Preparations for severe weather conditions
SIMOPs
Start-up and/or Normal start-up Controls for different modes
shut-down errors in sequence configured in control system
This deviation Normal shutdown Parameters/operating screens
can generate which make it obvious which
other entire errors in sequence mode is in progress.
nodes to cover a Start-up following ESD Operator checklists used
complex start-up Start-up from extended downtime
sequences
Purging/filing of empty vessels or equipment
Sending air to flare if equipment not purged correctly
Start-up temperature control error (example: temperature
rise to fast for equipment with refractory lining)
Page 21 of 29 14 Sept 2015

RD 48-022
Environmental Solids handling errors
This deviation Spent chemicals, catalysts, residues, filter elements
can be used to Contaminated packing or refractory Handling and tracking
explore potential procedures
environmental Disposal of equipment in prior hazardous chemical
issues. Would service.
not typically Liquid handling or remediation errors Active remediation
review types of Soil contamination - past or potential Leak detection
releases already
Tank leak or basin liner failure Spill contingency plans
discussed in
other deviations. Underground piping leaks Soil remediation methods
Pickling fluids specific to potential chemicals
Drain system material
Waste treatment system limitations Recycle or disposal options
Waste treatment incompatibility (what could react or kill
microbes?)
Fire water disposal
Surface water disposal - normal and heavy rain Methods to reduce flaring
Air emissions excursions: Fugitive emission VOC
Flaring limits monitoring
Fugitive emissions Scrubbing or adsorption
Point source emissions
Odour complaints
Compliance with local regulations
Specific permit requirements
Historical performance and relationship with governing
body
Potential effect of change on permit requirements
See Equipment Integrity in this table.
For projects, see also GP 48-06 [8].
Notes:
1. Generic causes are listed in this table. Causes in an actual HAZOP can be specifically
defined with appropriate equipment names or numbers.
2. Where instruments are listed, safeguard would also include intended response either from
3. If cause listed leads to LOPA level consequence, investigate further until initiating causes with
defined LOPA frequencies or historical frequencies are reached.
Table 3- Control loop failure
Deviation Hazard category & Generic Causes Potential Consequences Potential Safeguards
Page 22 of 29 14 Sept 2015

RD 48-022
Deviation Hazard category & Generic Causes Potential Consequences Potential Safeguards
Control Sensor reading incorrectly (1) For initiating causes, Alarms on other
loop failure Fouling of sensor element/instrument taps assume the final element sensors not related
fails in the wrong position for to control loop
Calibrated incorrectly the scenario regardless of
Transmitter failure P&ID fail position.
Other failures - vibrations, ungrounded
meter, etc. Example: a fail closed
Controller responding incorrectly control valve fails in the
Human error in entering setpoint open position. Transmitter
diagnostics
Input/Output card failure
Remote Input/Output card failure
controller power failure
Communication/cable failure
Set point limits,
Controller put in manual instead of control system
auto/cascade and upset occurs (2) clamps or rate of
Programing or logic error change limits
Tuning error or issue Rate of change
Grounding or noise interference limits
Final element not responding correctly (1)
Physical impairment preventing Preventative
opening/closing (corrosion, construction maintenance and
debris) inspection.
Human error in valve operation (pin-lock
valve jammers, hand wheel override, etc.). Commissioning and
I/P or other hardware failures testing procedures
(flushing, etc.)
Incorrect valve sizing, installation or
reduced trim
MoC and
administrative
controls
Notes
1. Final elements typically account for ~70-80% of loop failures. Sensors about ~15-20%. Balance
controllers ~5%.
2. Controllers listed as IPLs are in auto greater than 95% to conform with GP 30-80.
Page 23 of 29 14 Sept 2015

RD 48-022
Table 4 - Guidance on Utility Node Selection and Deviations
System Suggested Nodes Suggested Deviations Other Considerations
Typically cover loss of utility on Do cover:

Process nodes:
individual pieces of equipment in - Overall effect of widespread
Loss of utility
process nodes. loss of utility on process with
common failures leading to the
Utility nodes:
Utility systems can often be loss.
Basic Deviations
covered with coarser node(s) with - Contamination of utility and
General include no/low flow,
one set of Basic Parameter potential effects in utility
high flow, low pressure,
Deviations or using What- system and other connected
high pressure, high/low
if/Checklists. systems.
level, high/low
- Where utilities have pressure
temperature,
Rarely need to cover individual let-downs, cover overpressure
contamination.
sub-headers as nodes. of downstream system.
- Contamination of utility
Basic Deviations
includes tube leaks of process
Coarser node(s) using basic include no/low flow,
into utility.
deviations for distribution systems. high flow, low pressure,
Heating or - Look for potential overpressure
Individual nodes (like process high pressure, high/low
Cooling Media of media from process leaks.
nodes) for circulation pumps and level, high/low
- More thorough coverage for
vessels. temperature,
media with hazardous
contamination.
properties (e.g. ammonia).
Do cover:
No/low pressure, high
Typically cover distribution system - Overpressure for piping
pressure, high
as one node or split by sections with different pressure
compressor exit
geographical coverage area. ratings.
Instrument air temperature,
Individual nodes (like process - Effect on instrumentation on
contamination, Low
nodes) for compressors and low air pressure
temperature/moisture
receivers. - Backup air bottles: function,
content.
maintenance and reliability
Review potential for reactions in
system due to normal flows or Do cover:
simultaneous spills - a reaction - Plugging of normal vents
High reaction, High
Closed drain or matrix is a good tool. Cover specific - High flow on systems with
pressure, high flow,
sewer system issues identified in node. Individual batch pump outs
high/low temperature
nodes (like process nodes) for - Simultaneous spills of
collection vessels and pump out incompatible chemicals
systems.
Emergency equipment such as

Other emergency
lifeboats, air packs, etc. generally N/A May come up as safeguards
equipment
not covered in HAZOP.
Can be one or multiple nodes on

supply system (pumps, tanks)
similar in detail to process nodes.
Coarser nodes can be used for Basic deviations would
Water - Fire -
distribution systems. apply.
Nodes can be split by geographic
coverage area - for example
helideck or weather deck ring.
Full HAZOP at any connections

Basic deviations,
Water - Potable between potable water and other -
contamination.
water or utility systems.
Can be one or multiple nodes on Do cover:

Basic deviations,
supply system (pumps, tanks). - Permanent interfaces
Water - Utility reverse flow,
Coarser node(s) can be used for - Where hose connected to
contamination.
distribution systems. process routinely.
Page 24 of 29 14 Sept 2015

RD 48-022
Table 5 - Facility Siting Checklist
I. Spacing Between Process Components

Are there safe exit routes from each unit? Are they kept clear?
Has equipment been adequately spaced and located to safely permit anticipated maintenance (e.g., pulling heat
exchanger bundles, dumping catalyst, lifting with cranes) and hot work?
Is there adequate access for emergency vehicles (e.g., fire trucks)?
When provisions have been made for pressure relief and venting, are the vents directed away from personnel and
equipment locations? (Examples: Discharge tail pipes of atmospheric pressure relief devices, steam tail pipes, etc.)
II. Location of Large Inventories
Is temporary storage provided for raw materials and for finished products at appropriate locations?
Are the inventories of highly hazardous chemicals held to a minimum?
III. Motor Control Centres
Is the motor control centre (MCC) location and entry easily accessible to operators?
Are circuit breakers easy to identify?
Can approved personnel safely open circuit breakers?
Are warning signs available for: Doors always closed? No-smoking?
Is the MCC designed and designed for shelter-in-place? If so, is it equipped with appropriate personal protective
equipment? See GP 44-30 & 31 on-shore, 32 offshore
IV. Occupied Buildings (including Control Rooms, Accommodations)
Are occupied permanent and portable buildings conformant to GP 44-30 & 31 on-shore, 32 offshore? Discuss non-
conformances and plans.
Are emergency exits provided for multi-story control buildings?
Are critical pieces of equipment in the control room stored in appropriate places and well protected?
Are open pits, trenches, or other pockets where inert, toxic, or flammable vapours could collect located away from
occupied buildings or equipment handling flammable fluids?
Where piping, wiring, and conduit enter the building, is the building sealed at the point of entry? Have other potential
leakage points into the building been adequately sealed?
Are fresh air intakes located to minimize entry of contaminants and toxic gases? Is there an automatic shutdown of the
HVAC system in the event of a release?
Is a positive pressure maintained?
Is the roof of the building free from heavy equipment and machinery?
V. Location of Machine Shops, Welding Shops, Electrical Substations, Roads, Rail Spurs, and Other Likely
Ignition Sources
Are likely ignition sources (e.g., smoking areas, maintenance shops, roads, rail spurs) located away from release points
for volatile substances (both liquid and vapour)?
Are personnel exclusion zones for flare and fired heater systems defined and appropriate warning signs and/or entry
controlled?
Are policies and procedures in place for the control of hot work and ignition sources?
VII. Unit Layout & Traffic
Is vehicular traffic within the plant controlled and away from highly hazardous inventories?
Is there adequate access for emergency vehicles (e.g., fire trucks, portable firefighting equipment)? Are access roads
free of the possibility of being blocked by trains, highway congestion, spotting of rail cars, etc.?
Are adequate traffic signs provided?
Is vehicular traffic appropriately restricted from areas where pedestrians could be injured or equipment damaged?
Are warning signs posted where cooling towers can generate fog?
Are control valve stations and other vessels at risk for vehicle impact adequately barricaded?
Are pipe bridges located such that they are not over equipment, including control rooms and administration buildings?
Are areas appropriately sloped to drain to appropriate sewers?
Page 25 of 29 14 Sept 2015

RD 48-022
VIII. Emergency Response

Are the emergency alarm systems in place, functions, and tested on a pre-determined schedule?
Is a system in place to notify neighbouring units, facilities, and residents if a release occurs?
Do personnel know how to respond when notified of a release? i.e. know when to shelter in place and when to
evacuate?
Are escape routes, shelter-in-place areas, and muster points identified within the unit and the control rooms?
Are signs and directions in the unit adequate for personnel to exit safely?
Are drills for emergency response conducted periodically and learnings from those drills communicated to personnel?
Are large inventories or release points for highly hazardous chemicals located away from publicly accessible roads?
Is the firefighting equipment maintained and inspected on a periodic basis?
Is passive fire protection in good condition?
Is communications equipment adequate and easily accessible? See GP 59-02.
Have the community and mutual aid responders been made aware of potential hazards and what to do in the event of an
emergency?
VIII. Additional Questions for Offshore
Are the emergency alarm systems in place, functions, and tested on a pre-determined schedule?
Are occupied buildings and hydrocarbon inventories located where they might be vulnerable to helideck incidents?
Are buildings or hazardous chemical inventories vulnerable to dropped objects from facility or supply boat cranes?
Are subsea pipelines and risers vulnerable to dropped objects?
Are risers vulnerable to visiting vessels?
Is a system in place to notify mutual aid resources and marine authorities?
Are AIS and REWS radar systems operational and monitored? See SDP EP 5.6-0002.
Are there clear criteria and a procedure for total abandonment?
Page 26 of 29 14 Sept 2015

RD 48-022
Table 6- Human Factors Checklist
I. Housekeeping and General Work Environment

Are adequate signs posted near maintenance, clean up, or staging areas to warn workers of special or unique hazards
associated with the areas?
Are adequate barriers erected to limit access to maintenance, clean up, or staging areas?
Are working areas generally clean?
Are provisions in place to limit the time a worker spends in an extremely hot or cold area?
Is noise maintained at a tolerable level?
Are alarms audible above background noise both inside the control room and in the process area?
Are normal and emergency lighting sufficient for all area operations?
Is the general environment conducive to safe job performance?
II. Accessibility/Availability of Controls and Equipment
Are the right tools (including special tools) available and used when needed?
Is access to all controls adequate?
Can operators/maintenance workers safely perform all required routine/emergency actions, considering the physical
arrangement of equipment (e.g., access to equipment, or proximity of tasks to rotating equipment, hot surfaces, and
hazardous discharge points)?
Are valves that require urgent manual adjustments (e.g., emergency shutdown) easily identifiable and readily
accessible?
III. Labelling
Is all important equipment (vessels, pipes, valves, instruments, controls, etc.) legibly, accurately, and unambiguously
labelled?
Does the labelling program include components (e.g., small valves) that are mentioned in the procedures even if they
are not assigned an equipment number?
Has responsibility for maintaining and updating labels been assigned?
Are emergency exit and response signs (including wind socks) adequately visible and easily understood?
Are signs that warn workers of hazardous materials or conditions adequately visible and easily understood?
Is adequate information about normal and upset process conditions clearly displayed in the control room?
Are the controls and displays arranged logically to match operators’ expectations?
Are the alarms displayed by priority?
Are critical safety alarms easily distinguishable from control alarms?
Have charts, tables, or graphs been provided (or programmed into the computer) to reduce the need for operators to
perform calculations as part of the operation?
Do the displays provide an adequate view of the entire process as well as essential details of individual systems?
Do the displays give adequate feedback for all operational actions?
Are instruments, displays, and controls promptly repaired after a malfunction?
Do administrative features exist that govern when instruments, displays, or controls are deliberately disabled or
bypassed and that govern their return to normal service at the appropriate time?
V. Controls
Is the layout of the consoles logical, consistent, and effective?
Are the controls distinguishable, accessible, and easy to use?
Do operators believe that the control logic and interlocks are adequate?
Does a dedicated emergency shutdown panel exist? If so, is it in an appropriate location?
Page 27 of 29 14 Sept 2015

RD 48-022
VI. Workload and Stress Factors

Is the control room always occupied (i.e., assigned duties do not require the control room operator to be absent from
the control room)?
Are the number and frequency of manual adjustments required during normal and emergency operations limited so that
operators can make the adjustments without a significant chance of mistakes as a result of overwork or stress?
Can additional operators (e.g., from other areas or from off site) be called in quickly to help during an emergency?
Is the staffing level appropriate for all modes of operation (normal, emergency, etc.)?
VII. Procedures
Do written procedures exist for all operating phases (i.e., normal operations, temporary operations, emergency
shutdown, emergency operation, normal shutdown, and start-up following a turnaround or after an emergency
shutdown)?
Are safe operating limits documented, providing consequences of deviating from limits and actions to take when
deviations occur?
Are procedures current (i.e., are they revised when changes occur)?
Do operators believe that the procedure format and language are easy to follow and understand?
Are the procedures accurate (i.e., do they reflect the way in which the work is actually performed)?
Is responsibility assigned for updating the procedures, distributing revisions of the procedures, and ensuring that
workers are using current revisions of the procedures?
Are temporary notes or instructions incorporated into revisions of written operating procedures as soon as practical?
Do procedures address the personal protective equipment required when performing routine and/or non-routine tasks?
VIII. Training (Employees and Contractors)
Are new employees trained in the hazards of the processes?
Do operators and maintenance workers receive adequate training in safely performing their assigned tasks before they
are allowed to work without direct supervision?
Do operator and maintenance worker training include training in appropriate emergency response?
Are periodic emergency drills conducted?
Does a periodic refresher training program exist?
When changes are made, are workers trained in the new operation, including an explanation of why the change was
made and how worker safety can be affected by the change?
Are operators and maintenance workers trained to report near misses as part of the incident investigation program?
Page 28 of 29 14 Sept 2015

RD 48-022
Supporting references
BP
[1] BP Policy 000030, Risk Management (replaces GDP 3.1-0001, Assessment, Prioritization and
Management of Risk)
[2] GDP 5.0-0001, Integrity Management.
[3] GP 44-30, Design and Location of Occupied Permanent Buildings in Onshore Facilities.
[4] GP 44-31, Design and Location of Occupied Portable Buildings in Onshore Facilities.
[5] GP 44-32, Protection of Personnel from Explosion, Fire, and Toxic Hazards on Offshore Facilities
[6] GP 48-02, Hazard and Operability (HAZOP) Study
[7] GP 48-03, Layers of Protection Analysis (LOPA)
[8] GP 48-06, Environmental Impact Identification (ENVID) Workshop
[9] GP 48-50, Major Accident Risk (MAR) Process
[10] GP 59-02, Emergency Communications - Design Principles
[11] GN 48-021, HAZOP Update and Revalidation for Upstream
[12] GN 48-022, Alternative Process Hazard Analysis Techniques for Upstream
[13] RD 48-021, Effective Facilitation Techniques (Upstream)
[14] SDP EP 5.6-002, Close Approach and Dynamic Positioning
Page 29 of 29 14 Sept 2015

RD 48-022 - Supporting Checklists For HAZOP - 16may Update

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

RD 48-022 - Supporting Checklists For HAZOP - 16may Update

Hochgeladen von

Copyright:

Verfügbare Formate

Reference Document

Use and Interpretation of this document

Page 1 of 29 14 Sept 2015

Page 2 of 29 14 Sept 2015

Page 3 of 29 14 Sept 2015

 Provide a memory aid for developing causes and consequences in HAZOP

 Summarise sub-elements included in ”control loop failure”

 Give some guidance on utility nodes and deviations.

Page 4 of 29 14 Sept 2015

Scope and exclusions

Terms and definitions

Symbols and abbreviations

Page 5 of 29 14 Sept 2015

SIMOP Simultaneous operation.

Reference tables and checklists for HAZOP

4.1.1 Deviations and causes

4.1.2 Control loop failure

Page 6 of 29 14 Sept 2015

Where instruments are listed in the ‘Potential Safeguards’ column, the

4.1.3 Utility systems and deviations

4.1.4 Facility siting and human factors checklists

Page 7 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Page 8 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Page 9 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

High pressure Causes which block flow Inherently safe equipment

Page 10 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Page 11 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Page 12 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

More mixing Agitator running too fast Agitation speed indicator

Wrong reaction Incompatible chemicals mixed Temperature and pressure

Page 13 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Additional Inspect key sequence steps and identify possible mistakes

Page 14 of 29 14 Sept 2015

Deviation Generic causes (1) Potential Safeguards (2) &

Low separation Low residence time

Page 15 of 29 14 Sept 2015

Table 2- Other Deviations: Causes and Potential Safeguards

Relief Path for relief impaired Key lock valves

Page 16 of 29 14 Sept 2015

Page 17 of 29 14 Sept 2015

Sampling Effect on process Calibration of automatic

Page 18 of 29 14 Sept 2015

Maintenance Work on live systems Appropriate approval procedure

Page 19 of 29 14 Sept 2015

Page 20 of 29 14 Sept 2015

Page 21 of 29 14 Sept 2015

Table 3- Control loop failure

Page 22 of 29 14 Sept 2015

Page 23 of 29 14 Sept 2015

Table 4 - Guidance on Utility Node Selection and Deviations

System Suggested Nodes Suggested Deviations Other Considerations

Typically cover loss of utility on Do cover:

Emergency equipment such as

Can be one or multiple nodes on

Full HAZOP at any connections

Can be one or multiple nodes on Do cover: