The use of HAZOP Techniques in Applied Hazard Processes

By Datuk Ir Ahmad Nordeen Salleh LRTS Director/Principal Consultant

Background
Modern safety legislation places responsibility on Owners, Operators and Manufacturers to identify and manage the risks associated with their operations and products and to demonstrate that they are doing so in an effective manner. This has led many of them to appreciate the benefits of doing formal Risk Assessment methods as the starting point in their risk managing process.

Process Hazard Analysis (PHA) Overview

With increased employee, management and public awareness of Safety, people have become less tolerant of Risks. This has resulted in increased concern over the Safety, Health and Environmental impact of a plant-facility and its activities, stronger public opinion, higher litigation and stricter Regulations.

Regulatory Requirements for Major Hazard Installations (MHI)

Factories and Machinery Act (FMA) 1967 - Regular Inspections of Plants and Vessels. Occupational Safety and Health Act (OSHA) 1994 General Duties of Employers. Control of Industrial Major Hazard Accident (CIMAH) 1996 Safety Case, On and Off-site ERP and Information to Public.

PHA in PETRONAS
As part of PETRONAS HSE/S MS program, PHA is now made a mandatory for example Petrochemical complex facility- to provide a framework for a structured approach to assessing risks, and Decisions are based on systematic analysis of risks and identification to reduce risks as low as reasonably practicable.

Aim of PHA system

The aim is to evaluate the risks associated with Process Hazards, assess the Performance of Safeguards in place and make Recommendations to ensure that the Risks are properly managed within tolerable levels

Course Objectives
Provide an understanding of Process Safety Management (PSM) framework and necessary Process Hazard Analysis (PHA) requirements in Applied Hazard Processes. Introduce commonly used tools and techniques available for Hazard Identification and Risk Assessment used in conducting HAZOP analysis. Develop the necessary knowledge to understand what are the fundamental elements to consider in dealing with risky activities of Hazardous Installations, by the review of two major incidents in Oil & Gas Industries.

Course Objectives Day 1

Part 1 - Introduction to hazards, risks, and their management Part 2 - Overview of the Process Safety Management (PSM) framework Part 3 Overview of the Process Hazard Analysis (PHA) process, in particular HAZOP studies Part 4 - Linking Controls through the Safety Management System (SMS) Part 5 Case Studies

Part 1 Hazard & Risk, and their management

Past Oil and Gas and Processing Industry Accidents

Flixborough, 1974 Cyclohexane explosion 28 killed Bophal, 1984 Methyl-isocyanate (MIC) release More than 2000 killed Pasadena, 1989 Polyethylene explosion 23 killed Piper Alpha, 1988 Hydrocarbon explosion 167 killed

What are the Losses from these Accidents?

Fatalities and injuries to the public and staff; Significant costs of damage to company facilities, public property and the environment; Lost production time; Damage to company reputation and loss of customers; Liability of company / senior management for delay in supply, damage to public property or environment, injury / fatality (imprisonment / fines / loss of operating license / loss of job); Costs of investigation, paperwork and legal costs; and Increased insurance premium.

Accident Cost Iceberg

From the financial point of view, costs resulting from death and injury are just a fraction of the overall financial impact on a business

Definitions
HARM - Physical injury or damage to health, damage to the property or/and damage to the environment HAZARD A source of harm to human lives

SAFETY Freedom from danger/harm, the inverse of risk

Examples of hazard: - Ethylene inventory in storage sphere - High pressure steam - Heavy vehicle movements onsite (Note: Loss of containment is the realization of the hazard)

Examples of Natural Disasters

Natural DISASTERS
Tsunamis Earthquakes Windstorms (typhoons, hurricanes, cyclones, etc.) Floods Volcanic Eruptions Meteor strikes

Man-made DISASTERS can be equally bad.

Definitions
ACCIDENTS An event resulting from the actual realisation of a hazard, resulting in injuries and damages. They may be due to sudden unintended deviations from normal operating conditions, in which some degree of harm is caused. Sometimes a neutral term event or incident is used in place of accident

Definitions
RISK The likelihood of a specific undesired event to occur within a specified period or specified circumstances Example: 1. Undesired Event: Car breakdown and stranded in remote area or at night Likelihood: Once in 5 years Risk: Stranded in remote area/at night once in 5 years 2. Undesired Event: Gas explosion in congested processing area and injury Likelihood: Once in 20 years Risk: Injury from gas explosion once in 20 years

Risk - Exercise
Rank the risk (High, Medium or Low) of the following activities or technologies and compare your ranking with those of a risk professional Driving a motor vehicle Smoking Driving a motorcycles Swimming Working in large construction site Commercial aviation Fire fighting Traveling by rail Working in a nuclear power station Skiing

Aspects of Risk
1.Time element involved 2.Two-dimensional (Severity / Likelihood) 3.Ascribed quantity (does not exist as a measurable quantity) 4.It is a probability and hence associated with uncertainty

Understanding Risk
Really answering a series of questions: What can go wrong? (Identification) How likely is it to go wrong? (Likelihood) How bad can it get if it does go wrong (Severity) Do I need to worry about it? What are my options for the Control measures? What is my last course of action? ( quick Decision making) Analysis of actual accidents has shown that one or more of the questions above had not been addressed adequately by an organization.

How Low is Low Enough?

How do we know that a risk is low enough to be acceptable? Risk is not an absolute quantity, it is relative. Therefore, we need some measures of risk, so that relative risks can be compared. Risk of an event can only be understood in comparison with other risks.

Risk Measurement
Risk measurement can be qualitative, semi-quantitative or quantitative Overall process is generally the same, the difference lies in the approaches to frequency and consequence evaluation This difference is reflected in how risks are presented and mitigation measures evaluated

Objectives of Risk Measurement

To identify and rank risks in the order of importance To provide an objective comparison of risk

To help decisions about risk acceptability (compare against set criteria)

To help capital project decisions.

Qualitative Risk Representation

Risk Matrix Approach (next slide contains categories)

Qualitative Risk Representation

Risk Matrix Management Philosophy

Do not have risks in Very High category. Reduce to at least High level.

Reduce High risks to lower levels, or at least to ALARP level.

Reduce Medium risks to Low where possible, or at least to ALARP level. Manage residual risk through effective SMS.

Part 2 Overview of Process Safety Management (PSM)

If you do not manage your risks, theyll manage you

Need to conduct systematic risk assessment Need to develop the appropriate risk profile Need to coordinate and manage a set of activities that control the risks

Proactive Approach Risk Management

Process Safety Management (PSM)

Process Safety Management (PSM) is an Occupational Health and Safety Authority (OSHA) standard. Petronas has implemented a Process Safety Management (PSM) framework based upon the OSHA standard. All Petronas sites are required to comply with and meet the requirements and expectations of the standard.

The PSM standard contains the requirements for the management of hazards associated with processes using hazardous chemicals to help assure safe and healthful workplaces.

Process Safety Management (PSM)

Clarifies the responsibilities of employers and contractors involved in work that affects or takes place near processes to ensure the safety of employees, contractors and public Requires a Process Hazard Analysis (PHA) review. The PHA is a thorough, orderly, and systematic review of what could go wrong and what safeguards must be implemented to prevent releases of hazardous chemicals The PHA methodology must be appropriate to the complexity of the process.

Process Safety Management (PSM)

Mandates:
1. Process Hazard Analysis (PHA) 2. Establishing normal process operating limits Critical Operating Parameters (COPs) and Key Performance Indicators (KPIs) 3. Procedures for all phases of operation i.e. routine operation, start-up, maintenance, abnormal and emergency operation and emergency shutdown 4. Employee and contractor selection, training, and competency standards 5. Communication and consultation with employees 6. Pre-start-up reviews

Process Safety Management (PSM)

Mandates (cont.)
7. Management of Change for processes, permit systems, temporary operation procedures 8. Evaluation of mechanical integrity of critical equipment 9. Emergency action planning, drills, and response

10.Investigation of incidents involving releases or near misses

11.PSM Framework and SMS compliance auditing

Why Process Safety Management (PSM)?

Regulatory requirement Duty of care to protect the health and safety of employees and the public, and the environment from the activities of the company Minimise business interruption Allocate resources in a timely and cost effective manner

Part 3 Process Hazard Analysis (PHA) Techniques

To be considered

Process Hazard Analysis

A Process Hazard Analysis (PHA) is a thorough, orderly, and systematic review of what could go wrong and what safeguards must be implemented to prevent releases of hazards chemicals The Process Hazard Analysis is used to manage process safety by:
Identifying hazards and their control relationships; Characterizing the hazards in terms of potential consequences, their likelihood of occurrence; Gives insight by providing relative risk levels, and their tolerability as individual hazards or as a collective against common criteria; Identifying key control measures used to control these hazar

The PHA methodology must be appropriate to the complexity of the process.

Process Hazard Analysis (PHA) Process

Define the context Training, Support and Communication Hazard Identification Monitor and Review

Risk Assessment Risk Analysis Risk Evaluation

Treating Risk

Define Context
The PHA Framework requires The context to be framed. This refers to the following activities:
Involving the appropriate people at the appropriate stages (consultation, involvement of designers, operators, maintainers, contractors, specialist consultants) Defining the exact purpose of the study, the general approach that will be taken, and how the results will be used Gathering and preparation of the necessary information, and Identification of plant / activity areas to be assessed The PHA methodology must be appropriate to the

Define Context
The following information is generally useful / required at some point in the process: Safety Management System Information (corporate policies, risk criteria, design philosophies, manning philosophies, training philosophies) Plant design information (design basis, hazard registers, civil & mechanical, capacity and inventory) Process technology information (materials, flammability, toxicity, process chemistry, materials of construction, P&IDs, electrical classifications, operating procedures) Process Safety Information (interlocks, detection, or suppression systems and relief system design

Hazard Identification (HAZID)

A systematic review of the system to identify the type of inherent hazards that are present, together with the ways in which they could be realised (what can go wrong and under what circumstances)
The Hazard Identification (HAZID) identifies Control Measures (CM) both on the prevention and protection side of the Event Sequence Documentation and knowledge generated in this phase of the PHA is crucial for effective Risk Assessment.

Hazard Identification (HAZID)

Hazard Identification has the following objectives:
Determine the type and range of hazardous consequences Determine the Event Sequence that could lead to a Major Accident Event Initial evaluation of the significance of the identified hazards including consideration of existing / proposed safeguards Remember: Unidentified hazards may undermine the effectiveness of the whole PHA process

Hazard Identification Incident Event Sequence

The incident event sequence consists of:
Initiating events equipment or component failures / human actions Hazardous incidents - loss of containment / loss of control Outcome events - fire / explosion / toxic gas release Incident consequences - immediate physical effects / ultimate harm to vulnerable targets (people, property, environment) Incident escalation

Hazard Identification Methodology

INPUT
Databases Previous work Experience Site visits Plant facilities Safety systems Assumptions

PROCESS

OUTPUT

HAZARD IDENTIFICATION

Failure cases and consequences

Hazard Identification (HAZID) Techniques

Site Inspection

Brainstorming
What-if Techniques (SWIFT)

Checklists / Scenario based studies (i.e. HAZID)

Hazard and Operability Study (HAZOP)

Failure Mode and Effects Analysis (FMEA); or

Fault Tree Analysis (FTA)

HAZOP Definition & History

It is a design review technique used for hazard identification and design deficiencies which may give rise to operability problems. It is commonly applied where the operations involved can be hazardous and the consequences of failure to control the hazards may be significant in term of damage to life, the property and the environment

HAZOP Definition & History

It was developed in the UK Chemical and Petrochemical industries in 1977, in order to assess the safety of complex plant and processes which had significant hazard potential. It has been used extensively since then in safety studies for industrial, nuclear and chemical plant, including offshore installations.

Hazard and Operability Studies (HAZOP) techniques

It is a systematic technique for identifying hazards and operability problems; Consider various deviations from design intent by application of guidewords; Identifies possible causes of these deviations; Evaluates existing safeguards; Recommends actions, if necessary, to overcome the problems identified; and Record results, including making recommendations. Note that it is not very effective for mechanical failure or loss of containment hazards, but more effective for process hazards

HAZOP Guidewords
NO MORE LESS PART OF AS WELL AS REVERSE OTHER THAN

No Less Flow Temperature Pressure Level Chemical comp. Physical state Type of use: normal start-up shutdown X X X X

More Reverse

X
X X

X
X X

X
Other

The HAZOP Methodology

Select a System Select a Sub-System of chosen System (e.g. feed line to vessel) Apply a Guide Word

Deviation
Examine Possible Causes

Examine Consequences
Assess Safeguards Decide on any required Actions Repeat for other Guide Words Repeat for all Sub-Systems HAZOP Completed

Framework for Risk Acceptability

Intolerable Risk
Unacceptable region Risk cannot be justified save in extraordinary circumstances

The ALARP demonstration region (Risk is tolerable only if ALARP demonstrated)

DIVERGING LINES INDICATING INCREASING RISK

Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement gained

Broadly Acceptable region (No need for detailed working to demonstrate ALARP)

Necessary to maintain assurance that risk remains at this level. This is also part of ALARP

Negligible Risk

Part 4

Linking Hazard Control Measures to the Safety Management System (SMS) Awareness

Elements of a Safety Management System

A number of different SMS models exist. Almost all of them use the same set of elements:
1. Organisation and responsibility; 2. Employee selection, competency, involvement & communication; 3. Process safety information documentation and information management; 4. *Risk management (Hazard Identification, risk assessment and controls); 5. Safety and integrity in design, construction and commissioning; 6. Operations and maintenance (associated procedures, inspection, testing and monitoring); 7. Management of change; 8. Emergency preparedness and response; 9. Management of third party services (procurement, contractors, others); 10. Incident reporting, investigation and follow-up; 11. Audits and corrective actions, including health surveillance; and 12. Management review for continual improvement.

Implementation of Process Hazard Analysis (PHA) into the Safety Management System (SMS)
All Hazards identified by the Process Hazard Analysis (PHA) must be recorded in Hazard Registers that form part of the Safety Management System (SMS). All control measures identified by the PHA must be managed by elements of the Safety Management System (SMS). Essential control measures identified through the PHA require Performance Standards, Performance Indicators, Testing regimes etc. The lifecycle risk management process ensures that this occurs from project conception through to the end of operational life / decontamination.

Implementation of Process Hazard Analysis into the Safety Management System

Tools / activities commonly comprising parts of the Safety Management System (SMS) include:
Training and skills competency management plans Operating / maintenance procedures Maintenance management systems Inspection, Verification, Audits Emergency Response Plans (ERP)

Implementation of SMS
Plan - Ensure procedures are developed - Ensure work instructions are complete - Develop training modules Do - Conduct training - Start using procedures - Provide assistance initially in using the procedures correctly Check - Verify that procedures are understood - Verify procedures are used correctly Act - Start using procedures routinely - Hold feedback meetings and take remedial actions until system is satisfied.
Plan Do

Act

Check

Some Problems with Implementation into the SMS

Safety culture conflicts with management initiative Lack of understanding of hazards Lack of adequate resources Lack of adequate skills Poor perception of the importance of SMS, seen as unnecessary extra work Not understanding the difference between Process Safety and Occupational Safety

Features of a Safety Management System*

* Ref: Safety Case Guidelines, NOPSA, Australia, 2004

Part 5 Case Studies

Examples

Case Histories of Past Incidents

Lessons can be learnt from the following: Case histories of past incidents in the companys facilities Case histories of incidents in the offshore industry worldwide Investigation reports of past incidents Understand the causes of the incidents and relate to the appropriate SMS element/ procedure Identify if recommendations from previous investigations are applicable to ones own system Take action to ensure these gaps are eliminated

BP Refinery Explosion Texas, USA 2006 - 1

March 2006 Major explosion in a petroleum refinery operated by BP in Texas City 15 fatalities, 170 injuries, extensive property damage US Chemical Safety & Hazard Investigation Board investigation resulted in the Baker Report Major Areas of Improvement identified in the Baker Report Corporate Safety Culture Process safety leadership and accountability Employee empowerment and communication

Lack of resources and high overtime rates Toleration of deviations from safe SOP.

LESSONS FROM TEXAS CITY 23RD MARCH 2005

Baker report findings related to PSM system:
Systemic failures in process risk identification, assessment and analysis; Failure in compliance with Safety Standards; Lack of adequate process safety knowledge and competence at all levels; Failure to set measurable criteria for process safety management; Delays in implementation of external good practice.

NOTE: We in LR have global strength as well as local expertise to help our clients benefit from the lessons of the Texas City accident.

LESSONS FROM TEXAS CITY 23RD MARCH 2005

Business impacts: $21 million in fines for safety breaches by Regulator. $ 2 billions in CAPEX and OPEX to implement required changes in the first 2 years. Senior managers ( including Refinery Managers, Country Managers, Business Stream Managers and CEOs ) are no longer working at BP.

Case Study: The Piper Alpha Disaster

Worth Noting

Background
In 1988, Britain suffered one of its worst industrial disasters when the Piper Alpha oil platform was destroyed by fire and explosion, resulting in 167 fatalities The catastrophe caused significant changes to the manner by which safety was regulated and managed in the U.K. offshore oil industry

What Happened?
The Piper Alpha platform was operated by Occidental Petroleum Ltd. The platform was linked to the adjacent installations Tartan, Claymore and the MCP01 by sub-sea pipelines Immediate cause of the accident was due to communication problems relating to shift handover and Permit to work procedures. Night shift workers unaware of the safety valve of a condensate pump was removed An ignition of gas leaking from the blank flange caused fire. Fire spread rapidly and later a major explosion occurred due to rupturing of pipeline carrying gas to Piper from nearby Tartan platform

Offshore Installation Manager (OIM) on Piper Alpha

The OIM on Piper Platform did not attempt to call in helicopters; or to communicate with vessels around the installation; or with the shore or other installations; or with personnel on the Piper One survivor said that at one stage people were shouting at the OIM and asking for instructions and procedures. Reasons for OIM inadequate leadership and poor decision making: - The OIM would have been under considerable stress as he was in a situation which he had not been properly trained. - Smoke inhalation might had weakened his ability to take decisive action and command.

The Response on the Claymore Platform

The OIM on Claymore Platform refused the Operating Superintendents request to shut down the main oil line, the OIM wanted to maintain production The OIM was reluctant to take the responsibility for shutting down oil production

The delay in Claymores shutdown was deemed to have exacerbated the situation on Piper

The Response on the Tartan Platform

The Tartan OIM failed to shutdown his oil and gas production with sufficient speed.

An explosion on Piper was caused by the gas riser pipeline from Tartan fracturing and pouring more hydrocarbons onto the already blazing platform. OIM had not been trained in emergency response for an event of this magnitude.

Crucial Role of an On-Scene Commanders

The ability of site managers of remote, hazardous sites to command of an emergency should be good. Site managers in high-risk industries may have several hundred staff under their charge and therefore have to act as the on-scene commander should an emergency arise. Decisions taken in the opening minutes of a site incident can prevent an emergency escalating into a crisis. Note that how crucial it is to train the Site Manager as the On-scene Commander during the EMERGENCY!

Piper Alpha Accident

Re-connected a pump still under maintenance without adequate checks) condensate release No blast wall only firewall, which failed in the explosion in module C and damaged fire pumps (firewater pumps could not operate, loss of power, control room failure, alarm failure, radio telecommunication room failure) Rupture of firewall between modules B & C, and pipe rupture in

module B, large crude leak and fire

Smoke and gas into living quarters, no order to evacuate Escalation continued riser failure (Tartan to Piper Alpha not shut down) No alternative escape available except jumping into sea. Most of those who jumped survived. Living quarters collapsed into sea 167 lives lost on platform, and 2 rescuers

Piper Alpha Accident (cont.)

Permit to work failure/ not followed Ad hoc decision to keep production going no hazard identification of decisions Poor design No blast wall between modules to prevent escalation Poor design Emergency systems not protected from incidents Living quarters was the temporary refuge no integrity assessment (smoke was allowed to ingress) Emergency equipment did not work deluge nozzles blocked Emergency response procedures failure, no order to evacuate platform A number of new contractors not familiar with procedures Auditing was ineffective did not identify deficiencies

Lessons Learnt from Piper Alpha

Most of the Piper Alpha workforce made their way to the accommodation, according to emergency procedures, where they expected someone would be in charge and would lead them to safety but they were let down The Public Inquiry chaired by Lord Cullen criticised the performance of Piper Alpha OIM, as well as the OIMs on duty on the adjacent Claymore and Tartan platforms, on the night of the disaster The Public Inquiry Report recommended: Safety Management System should include an operators criteria for the selection of OIMs and their command ability A system of exercises should be used to train OIMs and their deputies in decision making during emergency situations

Concluding Remark
As an experienced engineer, I believe that every successful Organizational Enterprise in business, especially those in hazardous and risky installations, or even Institution of Higher Learning should be able to demonstrate its excellence in SMS practices. After all, it is now a legal requirement. And there are so much to be gained by implementing SMS.

CONCLUSION
END OF PRESENTATION (Question & Answer Session)

TERIMA KASIH