Process hazard analysis, hazard identification and scenario definition: Are the conventional tools sufficient, or should and can we do much better?
Introduction
All safety considerations start with recognizing possible hazard events, hence the necessity of hazard identification (HI) via process hazard analysis (PHA). Hazard identification has the objective of defining all possible (non possumus) scenarios or sequences of events in which a hazard with its associated chance of realization will generate risks to people, assets, environment or corporate reputation. The potential causing the hazardous situation can reside within the system for a long time or could result from a set of temporal conditions.
PHA is a basic step towards risk assessment and risk management of a technical system and its process. Throughout the history of process design and operation much was learned by trial and error. Today, properties of materials are not regarded as a problem but 50 years ago they were. Many test methods did not yet exist. Phenomena such as runaway or vapor cloud explosion were unknown. Although sound knowledge of the material properties is a first requirement for a PHA, a conditio sine qua non, we shall assume for this paper that it is adequately represented, and we shall focus on finding out “how things can go wrong”.
Early-on, it became already clear that an individual person is not able to think of all possible ways a mishap can occur. The first more or less formal method to evaluate plant process safety was application of a checklist based on experience. It required investigating properties of substances, reaction patterns, equipment hazards, safety devices, storage and loading, plant layout, emergency planning and the like. Another, even less formal and perhaps older method is ‘What-if?’ For example: what-if valve V1 is shut, while it should be open?
Subsequently, a systematic, scenario oriented method appeared, which was designated Hazard and Operability Study (HAZOP). According to a paper in the 1971 Newcastle Major Loss Prevention in the Process Industries Symposium by Houston (1971) of Imperial Chemical Industries (ICI.), UK, in the case of a new design, safety was initially judged by “how well it will work”. As existing codes of practice fell short, for a new design an “Operability Study” was undertaken. Based on a flow sheet, and later a Piping & Instrumentation Diagram (P&ID), a team of experts systematically examined line by line for possible process deviations, and if one was found, what would cause it, and what would be the consequence. Process deviations from design intent were investigated following a brief checklist of guide words, such as More, Less, etc., with the main ones as we know them from today’s HAZOP (Hazards and Operability).
In his 1997 article on HAZOP, Trevor Kletz (1997), also in ICI at the time, mentioned more details. The HAZOP inception was in 1963/1964 on a new phenol plant design minimized with respect to capital cost, and the team that should operate the plant was given the assignment to perform a ‘Critical Examination’. The latter was known at the time as a formal method asking questions, what is achieved, what else could be achieved, what should be achieved, how, when, and who has achieved it. A team of three worked three days a week for four months and found many operating problems and hazards. It later turned out that elsewhere in ICI the same critical examination technique had been applied before. From this, HAZOP as a formal method emerged and conquered the chemical process world and beyond to across a large variety of design activity. However, even in the first journal publication Lawley (1974), also at ICI, it was separately called the Operability study method and the Hazard analysis method. The method became formalized and an extensive literature evolved on how to efficiently apply it. Dunjó et al. (2010) has summarized the history, the literature of how best to perform HAZOP, as well as the attempts to include human failure and other aspects and applications.
Another systematic method that found general application is Failure Mode and Effect Analysis (FMEA) to which Criticality Analysis (FMECA) can be added to increase its rigor. The method started in 1949 as a military procedure in MIL-P-1629 “Procedures for Performing a Failure Mode, Effects and Criticality Analysis”. Navy-Air converted it to standard MIL-STD-1629 in 1974, being further developed to version A in 1980. The method was applied in design in aerospace and then spread to other industries. Basically, from a piece of equipment the failure modes and their effects shall be identified, subsequently the causes and controls to prevent, and actions to be executed. FMECA, although applied basically as a reliability engineering tool according to the standard, found application too in maintainability, safety analysis, survivability and vulnerability, logistics support analysis, maintenance plan analysis, failure detection, and isolation sub-system design. Hence, where HAZOP is oriented towards operational function as seen in the systems states of temperature, pressure, flow and the like, FMEA is centered on component function and failure. These two methods overlap.
There are many more identification methods created for specific system purposes. These include approaches such as Taylor’s action error analysis (Taylor, 2013), which is a kind of HAZOP on potential operator errors, or sneak analysis developed for electronic circuitry fault finding. A huge range of human factors methods have been developed over the last 25 years (Stanton et al., 2005). However, these methods have generally never reached the level of application in the process industries as have HAZOP and FMEA.
Meanwhile, in many countries, major hazard facilities and other process installations are required by law to not only perform hazard identification before the start of operations but also on a regular, repeating basis such as 5 years for the life of the installation. This requirement signifies the importance of the activity. Missing a scenario and therefore not being prepared to prevent and counter the undesirable outcomes may lead to disaster.
In summary, process hazard analysis (PHA), hazard identification (HI) and scenario definition form the cornerstone of the safety management system, and this is a team effort based on knowledge, experience, and human imagination of what can go wrong. In the next section we review the limitations of current methods due to the considerable effort, expense and the potential weaknesses in human imagination. Following that, we formulate some research questions and ways to improve hazard identification and to enhance the effectiveness and efficiency of the effort.
This paper was inspired by two CET published conference papers for the 15th International Symposium on Loss Prevention and Safety Promotion in the Process Industries 2016 in Freiburg, Germany, respectively, the one of Pasman and Rogers (2017) and that of Cameron et al. (2016).
Section snippets
Current challenges and limitations
In considering the question:
“Are the conventional tools sufficient, or should and can we do much better?”,
it is helpful to discuss what is meant by “sufficient”, and what constitutes “much better”.
First, in relation to ‘sufficiency’ or meeting stated needs, practical application of techniques, such as HAZOP or FMEA, over many decades have certainly given excellent insights into the integrity of process designs and important operational aspects. However, these techniques have often been judged
HAZOP automation attempts
Computer assistance of a PHA team has already a long history. Several commercial guidance programs are available, such as ABS Consulting LEADER™ and Dyadem (AcuTech Consulting Group) PHA-Pro. These administrative support software programs will alleviate the task of a HAZOP team but will not replace it.
Attempts to automate HAZOP started in the mid-1980s with Parmar and Lees (1987), applying a rule-based approach, and Cameron (1986) using expert systems based on Prolog. A little later this was
Why a system approach
Many accidents have occurred according to a scenario that no one had conceived. Clearly, scenario identification is the Achilles heel of risk assessment. It should be considered an important initial step to be followed by continuous or frequent monitoring to track system behavior and to respond and learn from periodic unusual system behavior. This is identified as newly developed scenarios paths, as the system changes with time, resulting in new failure outcomes. In process safety with the
Causal relationships visualized
The FSF and general system approaches entail the distinction of four hierarchical classifications of causal relationships. Each is encapsulated within the higher hierarchical space. As Cameron et al. (2016) describe, there are 4 key spaces:
- •
the Lawful State Space (LSS): this is the outer one determining what is possible according to the laws of physics, thermodynamics, chemistry, biology, etc.,
- •
the Capability State Space (CSS): within which for the given design, states can be reached due to all
Conclusions
Process hazard identification and possible scenario definition is subject to failure. It is mainly that current methods such as HAZOP and FMEA, given human limitations, are not providing confidence that these will lead to a complete inventory of all significant possibilities. Besides, the methods are labor-intensive. Three questions have been formulated:
- •
How can we improve the effectiveness of hazard identification and scenario definition?
- •
How can we enhance the efficiency of the effort?
- •
Would it
References (71)
A critique of the Hazard and Operability (HAZOP) study
J. Loss Prev. Process Ind.
(2015)Competency requirements for process hazard analysis (PHA) teams
J. Loss Prev. Process Ind.
(2015)- et al.
CAPE tools for Off-line Process simulation, Design and Analysis
- et al.
The integration of HAZOP expert system and piping and instrumentation diagrams
Process Saf. Environ. Prot.
(2010) - et al.
Hazard and operability (HAZOP) analysis. A literature review
J. Hazard. Mater.
(2010) - et al.
Opportunistic predictive maintenance for complex multi-component systems based on DBN-HAZOP model
Process Saf. Environ. Prot.
(2012) - et al.
Fault propagation behavior study and root cause reasoning with dynamic Bayesian network based framework
Process Saf. Environ. Prot.
(2015) - et al.
OptHAZOP—an effective and optimum approach for HAZOP study
J. Loss Prev. Process Ind.
(1997) - et al.
TOPHAZOP: a knowledge-based software tool for conducting HAZOP in a rapid, efficient yet inexpensive manner
J. Loss Prev. Process Ind.
(1997) - et al.
Towards automation of HAZOP with a new tool EXPERTOP
Environ. Model. Softw.
(2000)