Process hazard analysis, hazard identification and scenario definition: Are the conventional tools sufficient, or should and can we do much better?

https://doi.org/10.1016/j.psep.2017.01.025Get rights and content

Highlights

  • The weakest link in risk assessments is hazard identification/scenario definition.

  • Existing methods, such as HAZOP and FMEA, do not guarantee completeness.

  • Attempts to semi-automate HAZOP on plant do not seem to be fully satisfactory.

  • Only a system approach can provide completeness on plant, people, and procedures.

  • New possibilities are reviewed including an operational use of HAZID results.

Abstract

Hazard identification is the first and most crucial step in any risk assessment. Since the late 1960s it has been done in a systematic manner using hazard and operability studies (HAZOP) and failure mode and effect analysis (FMEA). In the area of process safety these methods have been successful in that they have gained global recognition. There still remain numerous and significant challenges when using these methodologies. These relate to the quality of human imagination in eliciting failure events and subsequent causal pathways, the breadth and depth of outcomes, application across operational modes, the repetitive nature of the methods and the substantial effort expended in performing this important step within risk management practice. The present article summarizes the attempts and actual successes that have been made over the last 30 years to deal with many of these challenges. It analyzes what should be done in the case of a full systems approach and describes promising developments in that direction. It shows two examples of how applying experience and historical data with Bayesian network, HAZOP and FMEA can help in addressing issues in operational risk management.

Introduction

All safety considerations start with recognizing possible hazard events, hence the necessity of hazard identification (HI) via process hazard analysis (PHA). Hazard identification has the objective of defining all possible (non possumus) scenarios or sequences of events in which a hazard with its associated chance of realization will generate risks to people, assets, environment or corporate reputation. The potential causing the hazardous situation can reside within the system for a long time or could result from a set of temporal conditions.

PHA is a basic step towards risk assessment and risk management of a technical system and its process. Throughout the history of process design and operation much was learned by trial and error. Today, properties of materials are not regarded as a problem but 50 years ago they were. Many test methods did not yet exist. Phenomena such as runaway or vapor cloud explosion were unknown. Although sound knowledge of the material properties is a first requirement for a PHA, a conditio sine qua non, we shall assume for this paper that it is adequately represented, and we shall focus on finding out “how things can go wrong”.

Early-on, it became already clear that an individual person is not able to think of all possible ways a mishap can occur. The first more or less formal method to evaluate plant process safety was application of a checklist based on experience. It required investigating properties of substances, reaction patterns, equipment hazards, safety devices, storage and loading, plant layout, emergency planning and the like. Another, even less formal and perhaps older method is ‘What-if?’ For example: what-if valve V1 is shut, while it should be open?

Subsequently, a systematic, scenario oriented method appeared, which was designated Hazard and Operability Study (HAZOP). According to a paper in the 1971 Newcastle Major Loss Prevention in the Process Industries Symposium by Houston (1971) of Imperial Chemical Industries (ICI.), UK, in the case of a new design, safety was initially judged by “how well it will work”. As existing codes of practice fell short, for a new design an “Operability Study” was undertaken. Based on a flow sheet, and later a Piping & Instrumentation Diagram (P&ID), a team of experts systematically examined line by line for possible process deviations, and if one was found, what would cause it, and what would be the consequence. Process deviations from design intent were investigated following a brief checklist of guide words, such as More, Less, etc., with the main ones as we know them from today’s HAZOP (Hazards and Operability).

In his 1997 article on HAZOP, Trevor Kletz (1997), also in ICI at the time, mentioned more details. The HAZOP inception was in 1963/1964 on a new phenol plant design minimized with respect to capital cost, and the team that should operate the plant was given the assignment to perform a ‘Critical Examination’. The latter was known at the time as a formal method asking questions, what is achieved, what else could be achieved, what should be achieved, how, when, and who has achieved it. A team of three worked three days a week for four months and found many operating problems and hazards. It later turned out that elsewhere in ICI the same critical examination technique had been applied before. From this, HAZOP as a formal method emerged and conquered the chemical process world and beyond to across a large variety of design activity. However, even in the first journal publication Lawley (1974), also at ICI, it was separately called the Operability study method and the Hazard analysis method. The method became formalized and an extensive literature evolved on how to efficiently apply it. Dunjó et al. (2010) has summarized the history, the literature of how best to perform HAZOP, as well as the attempts to include human failure and other aspects and applications.

Another systematic method that found general application is Failure Mode and Effect Analysis (FMEA) to which Criticality Analysis (FMECA) can be added to increase its rigor. The method started in 1949 as a military procedure in MIL-P-1629 “Procedures for Performing a Failure Mode, Effects and Criticality Analysis”. Navy-Air converted it to standard MIL-STD-1629 in 1974, being further developed to version A in 1980. The method was applied in design in aerospace and then spread to other industries. Basically, from a piece of equipment the failure modes and their effects shall be identified, subsequently the causes and controls to prevent, and actions to be executed. FMECA, although applied basically as a reliability engineering tool according to the standard, found application too in maintainability, safety analysis, survivability and vulnerability, logistics support analysis, maintenance plan analysis, failure detection, and isolation sub-system design. Hence, where HAZOP is oriented towards operational function as seen in the systems states of temperature, pressure, flow and the like, FMEA is centered on component function and failure. These two methods overlap.

There are many more identification methods created for specific system purposes. These include approaches such as Taylor’s action error analysis (Taylor, 2013), which is a kind of HAZOP on potential operator errors, or sneak analysis developed for electronic circuitry fault finding. A huge range of human factors methods have been developed over the last 25 years (Stanton et al., 2005). However, these methods have generally never reached the level of application in the process industries as have HAZOP and FMEA.

Meanwhile, in many countries, major hazard facilities and other process installations are required by law to not only perform hazard identification before the start of operations but also on a regular, repeating basis such as 5 years for the life of the installation. This requirement signifies the importance of the activity. Missing a scenario and therefore not being prepared to prevent and counter the undesirable outcomes may lead to disaster.

In summary, process hazard analysis (PHA), hazard identification (HI) and scenario definition form the cornerstone of the safety management system, and this is a team effort based on knowledge, experience, and human imagination of what can go wrong. In the next section we review the limitations of current methods due to the considerable effort, expense and the potential weaknesses in human imagination. Following that, we formulate some research questions and ways to improve hazard identification and to enhance the effectiveness and efficiency of the effort.

This paper was inspired by two CET published conference papers for the 15th International Symposium on Loss Prevention and Safety Promotion in the Process Industries 2016 in Freiburg, Germany, respectively, the one of Pasman and Rogers (2017) and that of Cameron et al. (2016).

Section snippets

Current challenges and limitations

In considering the question:

“Are the conventional tools sufficient, or should and can we do much better?”,

it is helpful to discuss what is meant by “sufficient”, and what constitutes “much better”.

First, in relation to ‘sufficiency’ or meeting stated needs, practical application of techniques, such as HAZOP or FMEA, over many decades have certainly given excellent insights into the integrity of process designs and important operational aspects. However, these techniques have often been judged

HAZOP automation attempts

Computer assistance of a PHA team has already a long history. Several commercial guidance programs are available, such as ABS Consulting LEADER™ and Dyadem (AcuTech Consulting Group) PHA-Pro. These administrative support software programs will alleviate the task of a HAZOP team but will not replace it.

Attempts to automate HAZOP started in the mid-1980s with Parmar and Lees (1987), applying a rule-based approach, and Cameron (1986) using expert systems based on Prolog. A little later this was

Why a system approach

Many accidents have occurred according to a scenario that no one had conceived. Clearly, scenario identification is the Achilles heel of risk assessment. It should be considered an important initial step to be followed by continuous or frequent monitoring to track system behavior and to respond and learn from periodic unusual system behavior. This is identified as newly developed scenarios paths, as the system changes with time, resulting in new failure outcomes. In process safety with the

Causal relationships visualized

The FSF and general system approaches entail the distinction of four hierarchical classifications of causal relationships. Each is encapsulated within the higher hierarchical space. As Cameron et al. (2016) describe, there are 4 key spaces:

  • the Lawful State Space (LSS): this is the outer one determining what is possible according to the laws of physics, thermodynamics, chemistry, biology, etc.,

  • the Capability State Space (CSS): within which for the given design, states can be reached due to all

Conclusions

Process hazard identification and possible scenario definition is subject to failure. It is mainly that current methods such as HAZOP and FMEA, given human limitations, are not providing confidence that these will lead to a complete inventory of all significant possibilities. Besides, the methods are labor-intensive. Three questions have been formulated:

  • How can we improve the effectiveness of hazard identification and scenario definition?

  • How can we enhance the efficiency of the effort?

  • Would it

References (71)

  • T.A. Kletz

    Hazop–past and future

    Reliab. Eng. Syst. Saf.

    (1997)
  • S.A. McCoy et al.

    HAZID, a computer aid for hazard identification: 4. Learning set, main study system, output quality and validation trials

    Process Saf. Environ. Prot.

    (2000)
  • J. Morbach et al.

    OntoCAPE—a large-scale ontology for chemical process engineering

    Eng. Appl. Artif. Intell.

    (2007)
  • M. Naderpour et al.

    An abnormal situation modeling method to assist operators in safety-critical systems

    Reliab. Eng. Syst. Saf.

    (2015)
  • E. Németh et al.

    Prediction-based diagnosis and loss prevention using qualitative multi-scale models

    Inf. Sci.

    (2007)
  • N. Paltrinieri et al.

    Dynamic Procedure for Atypical Scenarios Identification (DyPASI): a new systematic HAZID tool

    J. Loss Prev. Process Ind.

    (2013)
  • Sh. Rahman et al.

    ExpHAZOP+: knowledge-based expert system to conduct automated HAZOP analysis

    J. Loss Prev. Process Ind.

    (2009)
  • J. Rasmussen

    Risk management in a dynamic society: a modelling problem

    Saf. Sci.

    (1997)
  • M. Rodriguez et al.

    Automating HAZOP studies using D-higraphs

    Comput. Chem. Eng.

    (2012)
  • N.L. Rossing et al.

    A functional HAZOP methodology

    Comput. Chem. Eng.

    (2010)
  • B.J. Seligmann et al.

    A blended hazard identification methodology to support process diagnosis

    J. Loss Prev. Process Ind.

    (2012)
  • R. Srinivasan et al.

    Petri Net-DIGRAPH models for automating HAZOP analysis of batch process plants

    Comput. Chem. Eng.

    (1996)
  • R. Srinivasan et al.

    Automating HAZOP analysis of batch chemical plants: part I. The knowledge representation framework

    Comput. Chem. Eng.

    (1998)
  • R. Srinivasan et al.

    Automating HAZOP analysis of batch chemical plants: part II. Algorithms and application

    Comput. Chem. Eng.

    (1998)
  • R. Vaidhyanathan et al.

    Digraph-based models for automated HAZOP analysis

    Reliab. Eng. Syst. Saf.

    (1995)
  • R. Vaidhyanathan et al.

    A semi-quantitative reasoning methodology for filtering and ranking HAZOP results in HAZOPExpert

    Reliab. Eng. Syst. Saf.

    (1996)
  • V. Venkatasubramanian et al.

    Intelligent systems for HAZOP analysis of complex process plants

    Comput. Chem. Eng.

    (2000)
  • C. Zhao et al.

    Roles of ontology in automated process safety analysis

    Comput. Aided Chem. Eng.

    (2003)
  • J. Zhao et al.

    Learning HAZOP expert system by case-based reasoning and ontology

    Comput. Chem. Eng.

    (2009)
  • Bayesfusion, 2015. http://download.bayesfusion.com/files.html?category=Academia. (Accessed 12 August...
  • I.T. Cameron

    Expert Systems for Hazard and Operability Studies

  • I.T. Cameron et al.

    A functional systems approach to the development of improved hazard identification for advanced diagnostic systems

  • I.T. Cameron et al.

    New visualizations in the development of function and failure in process design and operations

    Chem. Eng. Trans.

    (2016)
  • G. Cooper et al.

    A Bayesian method for the induction of probabilistic networks from data

    Mach. Learn.

    (1992)
  • L. Cui et al.

    Layered digraph model for HAZOP analysis of chemical processes

    Process Saf. Prog.

    (2008)
  • Cited by (0)

    View full text