Professional Documents
Culture Documents
Mihs Hazop
Mihs Hazop
Mihs Hazop
One set of techniques designed to identify hazards to people, plants and the environment
is known as Hazard and Operability studies and widely known as HAZOP.
HAZOP is of two versions. The first versions is “Guide Word Approach” which is explained
as under. This is applicable to process industries only.
HAZOP aims to stimulate the imagination of designers in a systematic way so that they can
identify the potential hazards in a design.
- the accuracy of drawings and other data used as the basis for the study.
- the ability of the team to use the approach as an aid to their imagination in visualizing
deviations, causes and consequences.
- the ability of the team to maintain a sense of proportion, particularly when assessing
the seriousness of the hazards which are identified.
GUIDE WORDS
Negation No or Not The complete negation of No part of the intentions is achieved but nothing
these intentions else happens
Qualitative As well as A qualitative increase All the design and operating intentions are
achieved together with some additional activity
Logical Reverse The logical opposite of This is mostly applicable to activities, for
the intention example reverse flow or chemical reaction. It
can also be applied to substances, e.g.,
‘POISON’ instead of ‘ANTIDOTE’ or ‘D’ instead of
‘L’ optical isomers.
Substitutional Other than Complete substitution No part of the original intention is achieved.
Something quite different happens.
HRR/ISTAR/MSc-HIS/AUG2018 1
This section outlines the elements of a HAZOP. A HAZOP is a formal review of a process, its
equipment and operation in order to identify potential hazards and operational problems. The HAZOP
process assists in reducing the hazards at a facility and reduces the likelihood of commissioning
delays.
Each line or equipment item of the facility is examined systematically by a team utilising a diverse
range of skills relevant to that facility. This group 'brainstorming' approach, using a series of 'what if'
type questions, is
The procedure also provides an excellent two-way communication tool between the designer(s) and
the operator(s), as well as providing training for key prospective production staff, in the case of new
plant.
Essentially, the HAZOP examination procedure systematically questions every part of a process Or
operation to discover qualitatively how deviations from normal operation can occur and whether
further protective measures, altered operating procedures or design changes are required. The
examination procedure uses a full description of the process which will, almost invariably, include a
P&ID or equivalent, and systematically questions every part of it to discover how deviations from the
intention of the design can occur and determine whether these deviations can give rise to hazards.
The questioning is sequentially focused around a number of guide words which are derived from
method study techniques. The guide words ensure that the questions posed to test the integrity of
each part of the design will explore every conceivable way in which operation could deviate from the
design intention. Some of the causes may be so unlikely that the derived consequences will be
rejected as not being meaningful. Some of the consequences may be trivial and need be considered
no further. However, there may be some deviations with causes that are conceivable and
consequences that arc potentially serious. The potential problems are then noted for remedial action.
The immediate solution to a problem may not be obvious and could need further consideration either
by a team member or perhaps a specialist. All decisions taken must be recorded. Appendix 2 provides
a recording example. Secretarial software may be used to assist in recording the HAZOP, but it should
not be considered as a replacement for an experienced chairperson and secretary. The main
advantage of this technique is its systematic thoroughness in failure case identification. The method
may be used at the design stage, when plant alterations or extensions are to be made, or applied to
an existing facility.
Definition of Objectives:
- to check a design
- to decide whether and where to build
- to decide whether to buy a piece of equipment
- to obtain a list of questions to put to a supplier
- to check running instructions
- to improve the safety of existing facilities
HRR/ISTAR/MSc-HIS/AUG2018 2
Team Composition:
- positive attitude
- constructive attitude
- imaginative thinking
Flow Chart:
Preparative work:
Follow-up work:
Recording:
HRR/ISTAR/MSc-HIS/AUG2018 3
A copy of data, P&I, OI, Charts, models etc, a copy of all working
papers
- the file should be retained on the plant
- reports can also be written for the guidance
- info generated by studies can be used to improve future designs
Coolant in
A
Reactor C
B
Coolant out
Less Less flow Partial effect of the Product impurity as A L M Check the flowrate
above
And correct
More More flow Operator error Product impurity as B L H Check the flowrate and correct
As well as As well as Cooling system Slow production L L Maintain cooling system effectively
failure or ineffective and monitor temperatures
Cooling fails
HRR/ISTAR/MSc-HIS/AUG2018 4
Reverse Reverse flow Over pressurization Product mass will flow L M Provide NRV
from reactor of reactor to Supply of B
to supply of B
Vacuum in supply
line
Decomposition of
product Monitor of reactor thk.
Leakage of reactor
The second version of the HAZOP is “Creative Checklist Approach”. This version has been
developed as a complement to the guide word approach to cover “disturbances”. The
second method uses a check list of known major hazards and nuisances. The checklist
would contain words such as fire, explosion, toxicity, corrosion, dust and smell. The
checklist is initially applied to every material likely to be present, raw materials,
intermediates, finished products, byproducts, and effluents. This establishes qualitatively
whether hazards and nuisances exist and also provides a quantitative data base of the
numerical intensities of different hazards. Thus “fire would result in not only a note that a
material is flammable but numerical measurements such as a “flash point” and flammable
limits”. Any missing data are pinpointed and timely steps taken to collect the data.
The second method continues with the association of the same checklist with each item of
equipment. The materials present in such equipment, together with the inventories, are
known as the “materials hazards”. As the analysis proceeds, the potential for all major
hazards including interactions between units or the unit and its environment are identified.
The flow of hazards can be in both directions. Fore example, the environment may pose
hazards to the unit. Although less well known that the guide word approach, the creative
checklist approach has been found to be a quick and valuable complementary approach.
Finished Products
Intermediates
Byproducts
Effluents
Equipment
Fill up the table with the qualitative as well as quantitative database. Any missing data are
to be pinpointed and timely steps should be taken to collect such data.
HRR/ISTAR/MSc-HIS/AUG2018 5
HAZOP WORKSHEET
Plant/unit : Date :
Members :
P S R P S R
HRR/ISTAR/MSc-HIS/AUG2018 6
The Technique
A HAZOP is organized by dividing the unit to be analyzed into nodes. A node represents a section of
the process where a significant process change takes place. For example, a node might cover the
transfer of material from one vessel to another through a pump. In this case the process change is
the increase in pressure and flow that occurs across the node. Another node might include an
overhead air-cooler on a distillation column. Here temperature and phase are the process variables
that change.
Steps in a HAZOP
The HAZOP process can be organized into the steps shown below.
Steps in a HAZOP
1. Select a node, define its purpose and determine the process safe limits.
2. Select a process guideword.
3. Identify the hazards and their causes using the deviation guidewords.
4. Determine how the hazard is "announced", i.e., how the operator knows a safe limit has been
exceeded.
5. Estimate the consequences (safety, environmental, economic) of each identified hazard.
6. Identify the safeguards.
7. Estimate the frequency of occurrence of the hazard.
8. Risk rank the hazard, with and without safeguards.
9. Develop findings and potential recommendations.
10. Move on to the next process guideword, or to the next node if the guideword discussion is
complete.
The decision as to how big a node may be will depend on the experience of the team, the degree to
which similar process systems have already been discussed, the complexity of the process and the
judgment of the leader.
Figure 1 shows how the first of the Standard Examples can be divided into three nodes. Each node
has been circled with a cloud line.
• Node 1 (blue line) is the Tank, T-100, with its associated equipment and instrumentation (the
process change is level in the tank).
• Node 2 (red line) incorporates two pumps, P-101 A/B, and the flow control valve, FCV-101
(the process changes are flow rate and liquid pressure).
• Node 3 (green line) includes the pressure vessel, V-101, with its associated relief valve, and
other instrumentation (the process changes are pressure, chemical composition and level)
Once the team meetings start, the scribe will place a set of full-size Piping & Instrument Diagrams
(P&IDs), with the nodes marked out, on the wall of the conference room. These master P&IDs will be
the focus point for the team discussions and will serve as the official record of the discussions. Team
members can also be issued with a set of smaller, or shot-down, P&IDs for personal use.
Most team leaders use highlighter-type pens to define the boundaries of each node. As shown in
Figure 1, different colors are used so that the interfaces between the nodes are easily seen. Although
the choice of color is not usually significant, some colors may have designated meanings. For
example, the color blue may mean that the sections so highlighted were not discussed because they
had been covered by a previous HAZOP. The color brown may designate items of equipment and
piping that are deliberately being excluded from the current HAZOP discussion - maybe because they
are out of service. Yellow may indicate that a node has been defined but not yet discussed. At the
HRR/ISTAR/MSc-HIS/AUG2018 7
conclusion of the analysis all nodes should have been colored out, thus confirming that no equipment
or piping items were overlooked.
Often, node sizes increase as the HAZOP progresses because many of the identified hazards are
repeated. For example, if a process includes several sets of tank/pump/vessel systems such as that
shown in Figure 1, the team may divide the first discussion into three nodes, as shown, but then treat
subsequent systems as single nodes.
In order to save time, the leader and scribe may pre-select the nodes. In a very simple process, this
decision may make sense. Generally, however, the team as a whole should decide on the nodes,
partly because a HAZOP is a team activity, and partly because the definition and selection of a node
often is affected by the discussions that have taken place with regard to earlier nodes. Also, if the
leader and scribe are from outside the local organization, they may not fully understand all the
process parameters that could affect node selection before the HAZOP starts.
For each node, the process engineer, and others who have knowledge of the system, will explain to
the team the purpose of each node. Table provides examples of purpose descriptions.
Table
Node Purpose Descriptions
Node Name Purpose
Number
1 Tank, T-100, and T-100 contains a working inventory of liquid RM-12 which
associated is supplied by tank (rail) cars from outside suppliers. The
instrumentation. node does not include the tank loading systems.
2 Pumps, P-101 A/B, P-101 A/B transfer liquid RM-12 from Tank, T-100, to
including flow control Vessel, V-100. Flow is controlled by FRC-101, whose set
valve, FCV-101. point is provided by LRC-100 (Node 1). One pump is
operating; the other is on stand-by. A is steam driven; B
is electrically driven. B is usually on stand-by.
3 Pressure Vessel, V- Liquid RM-12 flows into this vessel from various sources.
101, including relief V-101 provides surge capacity, thus smoothing out
valve, PSV-101. fluctuations in flow. A vent line removes residual
quantities of inert gas.
The scribe will enter the node description into the hazards analysis software. The start and stop points
for the node should explained to the team. Operations and maintenance experts will then provide
some history and operating experience about it. Any relevant documentation to do with that node,
such as equipment data sheets or material safety data sheets (MSDS), should be put before the team
at this time.
HAZOP SOFTWARES :
HRR/ISTAR/MSc-HIS/AUG2018 8
HAZOP Manager Version 6.0 is a comprehensive Personal Computer program for the management of
Hazard and Operability Studies (Hazops) and other similar safety-related reviews*. It is currently
helping many companies throughout the world to conduct more efficient and effective studies. The
software incorporates features and facilities that:
• Serve as a framework within which preparation for the review can be structured.
• Ease the task of recording the meeting minutes, and help to maintain the team's focus of
attention and interest.
• Give speedy access to material useful to the study team, such as previously identified
problems, failure rate data and other such historical information.
• Allow professionally formatted reports to be produced with the minimum of effort.
• Permit additional management information to be extracted from the study records.
• Provide a comprehensive and easy to use system for effective action follow-up and close-out,
without the significant administrative burden that this usually entails.
To learn more about the HAZOP Manager software, and how it can help you in your safety, health and
environmental review work, please visit the links displayed in the panel on the left (these are also
listed at the foot of this page).
* As its name suggests, the software is most frequently employed to record and manage Hazop
Studies, as arguably this is the most widely used loss-prevention technique. However, it is designed
to be easily configured for use in other familiar methodologies such as Process Hazards Analysis
(PHA), check-list driven Hazard Identification Reviews (HazId), Risk Assessment Studies, SIL Analysis,
Failure Mode and Effect Analysis (FMEA and FMECA), etc. As an indication of its flexibility, users have
also employed the program for Project Cost & Schedule Risk Management, Workplace H&S Regulatory
Compliance Reviews, Hazards of Construction Reviews, Preliminary Hazards Analysis, Conceptual
Project Studies, and so on. In other words, the software can be utilized for most reviews where it is
required that the results are both recorded and reported, and which generate actions that need
distribution and subsequent verification that they have been satisfactorily completed.
HAZOP+ 2012
• HOME
• ABOUT US
• PRODUCT GUIDE
• SOFTWARE
o Reliability Workbench
o Availability Workbench
o Hazop+ 2012
§ What's New in Version 2012
§ Setup
§ Risk Ranking
§ Study Records
§ Analysis
§ Actions
§ Report Designer
§ Enterprise System
o NAP
o AttackTree+
• LATEST NEWS
• TRAINING
• SUPPORT
• CUSTOMER AREA
• CONTACT US
DOWNLOAD INFORMATION
SCREENSHOTShttp://www.isograph-software.com/2011/_screenshots/haz/2-haz-
riskranking-matrix.pnghttp://www.isograph-software.com/2011/_screenshots/haz/2-
haz-study-all-fullscreen.pnghttp://www.isograph-
software.com/2011/_screenshots/haz/3-haz-study-selected.pnghttp://www.isograph-
software.com/2011/_screenshots/haz/4-haz-study-report-
HRR/ISTAR/MSc-HIS/AUG2018 9
text.pnghttp://www.isograph-software.com/2011/_screenshots/haz/5-haz-actions-
study.png
Home > Software > Hazop+ 2012
The Hazard and Operability Study (or HAZOP Study) is a standard hazard analysis technique used
in the preliminary safety assessment of new systems or modifications to existing ones.
The effects of such behavior is then assessed and noted down on study forms. The categories of
information entered on these forms can vary from industry to industry and from company to
company.
Primatech specializes in Safety, Security and Risk Management for the process industries.
We offer consulting, training courses, webinars, and software to assist our clients in
identifying and reducing the risk of catastrophic accidents posed by hazardous materials
used in their operations. Our services and products help companies to protect employees,
the public and the environment as well as prevent damage to facilities, process equipment
and company reputations, and improve productivity and quality. We help companies comply
with the OSHA Process Safety Management (PSM) standard, EPA Risk Management
Program (RMP) rule, and other government regulations, industry guidelines and
requirements.
Bibliography :
HRR/ISTAR/MSc-HIS/AUG2018 10
The “Controlling” output is the most desirable because it measures deviation and also
corrects that deviation, through actuator.
The requirements for a given SIL are not consistent among all of the functional safety
standards.
In the European Functional Safety standards based on the IEC 61508 standard four SILs
are defined, with SIL 4 being the most dependable and SIL 1 being the least.
There are several methods used to assign a SIL. These are normally used in combination,
and may include:
Ø Risk Matrices
Ø Graphs
HRR/ISTAR/MSc-HIS/AUG2018 11
Ø There are several problems inherent in the use of Safety Integrity Levels. These
can be summarized as follows:
Ø Because SIL has a simple number scheme to represent its levels (1-4), a high-
level understanding of each level is typically all that is necessary to convey SIL at
management levels. This saves management from having to understand the
technical aspects of SIL, while allowing them to discuss their concerns.
Ø The SIL requirements for hardware safety integrity are based on a probabilistic
analysis of the device. In order To achieve a given SIL, the device must meet
targets for the maximum probability of dangerous failure and a minimum Safe
Failure Fraction. The concept of 'dangerous failure' must be rigorously defined
for the system in question, normally in the form of requirement constraints
whose integrity is verified throughout system development. The actual targets
required vary depending on the likelihood of a demand, the complexity of the
device(s), and types of redundancy used.
For continuous operation, these change to the following. (Probability of Failure per
Hour)
FD (Probability of Failure on Demand) and RRF (Risk Reduction Factor) of low demand
operation for different SILs as defined in IEC EN 61508 are as follows:
HRR/ISTAR/MSc-HIS/AUG2018 12
For continuous operation, these change to the following. (Probability of Failure per
Hour)
Hazards of a control system must be identified then analyzed through risk analysis.
Mitigation of these risks continues until their overall contribution to the hazard are
considered acceptable. The tolerable level of these risks is specified as a safety
requirement in the form of a target 'probability of a dangerous failure' in a given period
of time, stated as a discrete SIL.
A Safety Integrity Level (SIL) is a statistical representation of the integrity of the SIS
when a process demand occurs. It is used in IEC 61508/61511 to measure the reliability
of SIS. As demonstrated in the next table, four levels of safety integrity are presented.
The higher the SIL is, the more reliable or effective the SIS is.
The basic steps for the LOPA risk assessment typically are:
HRR/ISTAR/MSc-HIS/AUG2018 13
It calculates the initiating event frequency and the likelihood of failure of independent
protection layers (IPLs) to approximate the risk of a scenario.
Then, LOPA compares the frequency of mitigated consequence with a risk tolerance
criteria established by the organization to decide if existing IPLs or safeguards are
adequate.
HRR/ISTAR/MSc-HIS/AUG2018 14