By Amin Almasi
INTRODUCTION
HAZOP (Hazard and Operability) studies have been done for years for many plants and facilities; however, there are still many managers and engineers in many different industrial and manufacturing sectors who are not familiar with HAZOP and its safety benefits; sometime some engineers even panic if a HAZOP study is asked or if invited to a HAZOP session. This article discusses HAZOP and its effectiveness and usefulness for plants and facilities.
A HAZOP is used to identify major hazards or operability issues related to the design, installation and operation of industrial and manufacturing plants. Major hazards include the release of hazardous materials or energy. This is closely related to risk assessments and safety verifications of facilities. The focus of the study is to address incidents, which may impact on public health and safety, worker safety, economic loss, the environment, and the plant’s reputation.
In a HAZOP study, an industrial or manufacturing facility is broken down into “nodes”. Each node will be examined under the direction of a number of guidewords such as high pressure, low pressure, low flow, high flow, no flow, reverse flow, etc. Some guidewords will become specific to each system or team. For example, operation team, commissioning team etc., each has its own guidewords.
One of the primary purposes of HAZOP is the identification of scenarios that would lead to the release of hazardous materials into the atmosphere, thus exposing workers and people living surrounding a plant to danger. In order to make this determination, it is always necessary to identify, as exactly as possible, all consequences of any credible causes of a hazard.
HAZOP
Ensuring that HAZOP meeting covers the required scope of HAZOP study is an important task. Too often, HAZOP studies failed to cover whole the intended scope or sometimes they exceeded defined battery limits. A clear scope definition is the key for a HAZOP.
Another important element that is essential for a successful HAZOP study is that “all possible modes” of operation, start-up and shutdown for the equipment, machinery, package, etc., should be considered. A machinery, package or facility has different normal, part-load and emergency modes of operation; all modes should be considered, and proper guidewords should be applied for each mode of operation. Care should be taken to identify less obvious modes, particularly those associated with different shut-down situations, such as normal shutdown cases and different emergency shutdown situations in various circumstances, and the subsequent start-up and their combinations.
The scope of a HAZOP study should ensure that all possible deviations from design intent and normal operation are not only identified within the immediate scope of the HAZOP study, but they are also identified with respect to upstream and downstream systems. Past experiences have shown that some post start-up problems have not been identified at the HAZOP stage for machineries, packages, etc., because HAZOP study did not look far enough at the upstream or downstream.
In large machineries, packages or facilities, the HAZOP study is usually conducted in stages. There is a potential for incomplete follow through of problems, issues and consequences and for things to slip between the individual boundaries.
The follow-up of recommendations arising from a HAZOP study is a key part of the HAZOP. The validity and effectiveness of HAZOP study are seriously compromised if recommendations are not followed through.
BATCH OPERATION
In batch operation, production or manufacturing occurs in time-sequential steps in discrete batches. For example, a batch of feedstock or raw materials is fed or charged into a unit, then the industrial or manufacturing process takes place and the products and any other outputs are removed. Such a batch production may be repeated over again and again with new batches. Batch operation is commonly used in smaller scale plants and facilities. Machineries and facilities involved in batch operated units require a special attention. There have been many risks and dangers involved in any batch process. All safety and risks on each step in a batch process and how each step can affect whole the process should carefully be studied and verified.
SAFETY VS. OPERABILITY
“Hazard” is any item or operation that could possibly cause a catastrophic release of toxic or dangerous materials, release of uncontrolled energy or any action that could result in injury to personnel and people. The identification of hazards is the main focus of a HAZOP. However, a HAZOP is also expected to identify “operability problems” which are any operation inside HAZOP scope that would cause a shutdown, particularly those that could possibly lead to a violation of environmental, health or safety regulations or negatively impact profitability. A HAZOP should concentrate on identifying both hazards as well as operability problems. While the HAZOP study is designed to identify hazards through a systematic approach, more than 50 percent of all HAZOP study recommendations are usually operability problems and are not actual hazards.
HAZOP CONSIDERATIONS
Operation and maintenance are important parts of a HAZOP study. A short perspective review of each system at the start of a HAZOP meeting of the system is recommended by an expert. This should be a brief review and the study should be transferred to a line-by-line (system-by-system) basis. A general overview is usually much less affective in a HAZOP. One of the reason is in a line-by-line review the team focus on each item at the same time. Poorly placed valves, inadequate access and potential for non-draining low points can be problematic.
Recommendations should be made when the safeguards for a given hazard scenario, as judged by an assessment of the risk of the scenario, are inadequate to protect against the hazard. Action items are those recommendations for whom an individual or department has been assigned. For some cases, “Data & Information Requests” might be identified as recommendations for follow-up by one of the team members.
Relative priorities of all actions should be determined. After each recommendation has been reviewed, the resolution of each recommendation should be recorded in a tracking document, such as a spreadsheet, and kept on file. Recommendations can include design, operating, or maintenance changes that reduce or eliminate deviations. Recommendations identified in a hazard analysis are considered to be preliminary in nature; additional information or study might be needed or a comprehensive analysis may be required.
CHAZOP
CHAZOP is a HAZOP for “Control” system. In other words, a CHAZOP study is conducted with focus on the control system. This is primarily concerned with control systems and not the underlying process or manufacturing system. The underlying facility/plant has been reviewed using a conventional HAZOP. Two of the important questions in a CHAZOP are:
- Are the control loops adequate for the intended operation?
- Can the control loops create any potential problems?
There are dedicated keywords of CHAZOP. For instance, three most important topics/keywords of CHAZOP are:
- Integration
- Possible interaction
- Control system at the start-up
A critical consideration is proper integration of the machinery or package control system with the plant control system. Possible interactions such the interaction between the machinery control system and another independent control loop can cause an interaction and trouble.
An equipment control system can receive its most important test at the start-up; proper evaluation, precaution and provisions should be respected in CHAZOP for the startup and initial operation. Control loops should be adequate and they cannot create any potential problems operating the machinery or package in different modes under various plant situations.
Controls under normal operation cases, turndown situations, alternative operating cases and emergency situations should be studied and verified. Instrument and actuator locations are important. Any emergency shut-down loop deserves special attention. After all, this is the control loop that should bring the machinery, package or manufacturing facilities to a safe shutdown in a case of emergency.
An alarm review might be required in a CHAZOP. In this way, it is required to re-evaluate justifications for each alarm, their activation points and action required of an operator in the event of an alarm. Some experts believe that this alarm review can take place post start-up when initial operational experience has been gained to better evaluate the situation. However, in author’s view, the best recommendation is to plan for three alarm reviews:
- One: before the commissioning
- Another: after a few weeks of the start-up
- Third review: a few months after the second one
Too often, operation personnel need help to manage the machinery/package and surrounding facilities in the event of infrequent alarms. The alarm review should identify and eliminate nuisance alarms.
SIL / LOPA Assessment
A SIL/LOPA study is to assess the adequacy of the “Safety Protection Layers” (SPLs) or safeguards that are in place to mitigate against hazardous events relating to major process hazards, identify those SPLs or safeguards that do not meet the required risk reduction for a particular hazard, and make reasonable recommendations where a hazard generates a residual risk that needs further risk reduction. This is done by defining “tolerable frequency” (TF). The TF of a deviation is a number which is derived from the level of the risk identified from HAZOP. This indicates the period of occurrence, in terms of years, of the process deviation which the operating company can tolerate. For example, a TF of 10-4 indicates that the operation/owner company can tolerate the occurrence of the deviation once in 10,000 years. The “mitigation frequency” (MF) is derived as a calculation from the likelihood of each cause.
The inputs to SIL/LOPA assessment are the deviations, causes, risk levels and safeguards identified during HAZOP. The SIL/LOPA assessment recommends “Safety Protection Layers” (SPLs) to be designed to meet the process hazard. It is usually possible to integrate SIL/LOPA studies with CHAZOP or even HAZOP. By integrating SIL/LOPA studies and CHAZOP (or HAZOP) into one session, the time and cost to conduct these sessions are reduced, there is more data integrity as the same team conducts both the studies and it removes the subjectivity which comes out of a pure CHAZOP session. An integrated study is usually based on a semi-quantitative technique and applies much more rigor than a CHAZOP or HZOP alone. This determines if the existing safeguards are enough and if proposed safeguards are warranted.
HAZCON
The risk assessment and hazard identification during the construction is known as “HAZCON”. While a HAZCON for a specific machinery, package or equipment might not be common, however, commissioning team and equipment/machinery engineers should attend HAZCON and discuss machinery/package issues related to each unit or facility under HAZCON. Particularly the hazards, problems and issues related to completion activities and machinery pre-commissioning need attention.
Notation:
HAZOP: Hazard and Operability study.
SIL: Safety Integrity Level.
LOPA: Layers of Protection Analysis.
_______
Amin Almasi is a lead mechanical engineer in Australia. He is chartered professional engineer of Engineers Australia (MIEAust CPEng – Mechanical) and IMechE (CEng MIMechE) in addition to a M.Sc. and B.Sc. in mechanical engineering and RPEQ (Registered Professional Engineer in Queensland). He specialises in mechanical equipment and machineries including centrifugal, screw and reciprocating compressors, gas turbines, steam turbines, engines, pumps, condition monitoring, reliability, as well as fire protection, power generation, water treatment, material handling and others. Almasi is an active member of Engineers Australia, IMechE, ASME, and SPE. He has authored more than 150 papers and articles dealing with rotating equipment, condition monitoring, fire protection, power generation, water treatment, material handling and reliability. Email: amin.almasi@ymail.com
