Project: CONSTRUCTION OF NEW PIPELINE FROM

GUEBIBA TO CFTP
HAZID/HAZOP/SIL/ TOR

HAZID/HAZOP/SIL TOR

CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA/TB TO CFTP

001/AR03/13 03/12
 HAZID/HAZOP/SIL TOR PAGE: 2 /23

TABLE OF CONTENTS

1. INTRODUCTION............................................................................................................................... 3
1.1 ABBREVIATIONS..........................................................................................................................................4
Compagnie Franco-Tunisienne des Pétroles.............................................................................................4
2. HAZID STUDY.................................................................................................................................. 5
2.1 SCOPE & OBJECTIVES OF THE HAZID STUDY............................................................................................5
2.2 HAZID TECHNIQUE..................................................................................................................................5
2.3 HAZID RECORDING..................................................................................................................................6
3. HAZOP STUDY................................................................................................................................. 7
3.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY.......................................................................................7
3.2 HAZOP METHODOLOGY...........................................................................................................................7
3.3 HAZOP TECHNIQUE...............................................................................................................................8
3.4 HAZOP RECORDING..............................................................................................................................11
3.5 HAZOP NODES.....................................................................................................................................11
3.6 HAZOP TEAM.......................................................................................................................................11
3.7 HAZOP FOLLOW UP.............................................................................................................................11
3.8 HAZOP RECOMMENDATIONS............................................................................................................12
3.9 PROCESS SYSTEMS / FACILITIES..............................................................................................................12
3.10 REPORT................................................................................................................................................ 12
4. SAFETY INTEGRITY LEVEL (SIL)..................................................................................................13
4.1 SCOPE & OBJECTIVES OF THE SIL STUDY.............................................................................................13
4.2 PROBABILITY OF FAILURE........................................................................................................................13
4.3 SIL CLASSIFICATION...............................................................................................................................14
1.1.1 RISK GRAPH TECHNIQUE......................................................................................................................14
1.1.2 LAYER OF PROTECTION ANALYSIS.........................................................................................................15
4.4 RISK MATRIX..........................................................................................................................................15
4.5 RISK REDUCTION....................................................................................................................................16
4.6 RISK ANALYSIS TEAM..............................................................................................................................16
4.7 SIL RECORDING.....................................................................................................................................17
5. APPENDICES.................................................................................................................................. 18
5.1 PROCESS SAFETY RISK GRAPH................................................................................................................18
5.2 COMMERCIAL RISK GRAPH......................................................................................................................20
5.3 ENVIRONMENTAL RISK GRAPH.................................................................................................................21
5.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF
INDEPENDENT PROTECTION LAYERS (IPLS)................................................................................................23
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 3 / 23

1. INTRODUCTION

This document provides significant aspects and considerations of HAZID, HAZOP, and SIL study related to
the construction of new pipeline from guebiba/tb to cftp project.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 4 / 23

2. Abbreviations

The following abbreviations will be used:

CFTP : Compagnie Franco-Tunisienne des Pétroles

HAZID : Hazard Identification

HAZOP : Hazard & Operability

SIL : Safety Integrity Level

SIF : Safety Instrumented Function

P&ID : Piping & Instrumentation Diagrams

SLC : Safety Life Cycle

LOPA : Layer of Protection Analysis

CIL : Commercial Integrity Levels

E/E/PES Electrical/electronical/programmable electronical systems

IPF : Instrumented Protective Function

IEC : International Electrotechnical Commission

EIL : Environmental Integrity Levels

 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 5 / 23

3. HAZID Study

3.1 SCOPE & OBJECTIVES OF THE HAZID STUDY

For this project, HAZID (Hazard Identification) analysis is required: the overall objective is to produce a
facility in respect of which all risks to the human, Environment, company reputation and the assets
have to be identified and minimized.

The HAZID worksheet objectives are:

 To systematically analyse the Project for potential hazards identification.

 To list all the needed documents about the project, that must be prepared in the following basic or
detail design phase.

 Considering the simplicity of the design, the risk-ranking for the recommendations has been limited to
cases where a clear critical consequence was specified and the recommendation is proposed as a
choice between different solutions.

 For all the recommendations requiring further analysis, design and / or engineering studies /
documents, operating procedures development, or other efforts that however must be done or
prepared, the risk ranking will be considered superfluous.

3.2 HAZID TECHNIQUE

The HAZID Review will be conducted as a guided brainstorming, by means of guidewords applied to the
project.

The specific intention of this Hazards review is to highlight and estimate hazards deriving from the new
pipeline from Guebiba/TB to CFTP, not only at normal operation phase but also during construction,
commissioning and maintenance activities.

The analysis is concentrated on the inherent external and internal hazards for the project, and is focussed
on specific parts of the selected process, philosophies and operational concepts.

A part is dedicated to the environmental aspect where potential impacts, corresponding causes,
consequences and associated protections are identified, this analysis enables quick and yet trustful setting
of documented Environmental Protection and regulatory compliance measures.

With the help of guidewords, hazards will be identified together with potential means of control and
mitigation.
For each hazard, a qualitative assessment of the expected likelihood and severity of consequences will be
given, on the basis of the risk assessment documents.

The minutes of the HAZID Review detailing the hazards, causes and consequences, risk-ranking,
recommendations and residual risk ranking will be recorded in HAZID Worksheets.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 6 / 23

Figure 1: HAZID PROCEDURE

3.3 HAZID RECORDING

The discussion will be recorded by the HAZID Secretary using dedicated software: “LEADER 2015
version”.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 7 / 23

4. HAZOP Study

4.1 SCOPE & OBJECTIVES OF THE HAZOP STUDY

HAZOP (Hazard and Operability Study) is a qualitative methodology that identifies possible deviations from
the correct functioning of the process, analyzing moreover the consequences of such anomalies and the
actions to be taken in order to limit them to the smallest possible areas.

The HAZOP’s targets are:

- To identify possible deviations from the intended operation that can cause personnel or
equipment harm as well as operation disturbances (accidental events),
- To establish how deviations from the design intent can arise,
- To assess whether such deviations and their consequences can have a negative effect upon
the safe and efficient operation of the system,
- To recommend actions, whenever is necessary, in order to remedy to the deviations.

4.2 HAZOP METHODOLOGY

The method used for the HAZOP is a systematic review of the process; therefore the primary words will be
the process parameters: Flow, Pressure, Temperature, Composition, and Level.

And the secondary words, which are combined with a primary keyword, are the different HAZOP
guidewords permit to suggest possible deviations: No, Less, More, Part of, As well as, Reverse, Other
than…etc.

In practice, the process parameters are combined with standard guidewords to set down a list of
deviations from the normal operation of the system under review. The following combinations were used
in this Study:

Table 1: Deviations represented by Parameters and Guidewords

Parameters Guidewords Deviations

No No Flow (complete lack of flow)
Reverse Reverse Flow (flow in the opposite direction than the normal operation)
Flow
More More Flow (higher flow rate than expected)
Less Less Flow (lower flow rate than expected)
More Higher Temperature (than expected)
Temperature
Less Lower Temperature (than expected)
More Higher Pressure (than expected)
Pressure
Less Lower Pressure (than expected)
As well as Contamination
Composition Part of Composition Change (fluid composition different than expected, e.g. off-
spec feed, incorrect chemical dosing, etc.)
Higher Level (higher liquid level in a vessel or tank, up to overfilling
More condition)
Level
Less Lower Level (lower liquid level in a vessel or tank, up to a complete loss
of level)
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 8 / 23

Parameters Guidewords Deviations

Other (any other cause of upset or unsafe condition identified during the
Other Other
HAZOP but not linked to an identified parameter)

4.3 HAZOP TECHNIQUE

HAZOP is a systematic procedure used to review the process design for identification of potential hazards
and operability problems caused by deviation from the design intent of both new and existing process
facilities. The methodological approach is to identify deviations from the design intent using parameters
and appropriate guidewords, and to define any actions necessary to reduce the probability of occurrence
and/or eliminate/mitigate the consequences.

The system will be divided into discrete Nodes (a "node" is a sub-system or a portion of a systems which
can be analyzed alone, e.g. a tank, a header, a pump, even a single line, together with the relevant
connections to the interfaces), and the methodology will be applied thoroughly to each node until all the
system be fully analyzed.

The method involves the following steps for each Node:

 Define a Node of the process on the P&IDs;

 Clarify the design intent and the normal operating conditions of the Node;

 Identify a Deviation from the intent or operating conditions by applying parameter and a
Guidewords;

 List possible Causes and Consequences of the Deviation (a Deviation can be considered
“meaningful” if it has credible causes and can result in harmful consequences);

 Identify the Safeguards (if any), as shown in project documentation;

 Formulate Recommendations (and identify the responsible for implementation/action) if no

sufficient Safeguards are provided.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 9 / 23

The following figure summarizes the HAZOP Procedure that has been applied.

Node Selection
HAZOP PROCEDURE

• On the basis of the Guidewords and the Parameters

Deviation Selection selected a Deviation is identified.

Guidewords Parameters Deviations

Causes Identification No Flow No Flow
Less Temperature Less Flow
More Pressure More Flow
Consequences Reverse Level Reverse flow
identification Other Composition Less Temperature
As Well As Phase More Temperature
Operation Other Composition
Safeguards Maintenance Less Level
Etc. Etc.

Recommendations

Figure 2: HAZOP PROCEDURE

If a deviation and/or event are found to be realistically possible and to give rise to a significant
consequence, it is discussed in the HAZOP Study Worksheets.

The cases where there are no credible causes of deviation, and/or no events giving rise to significant
consequences, will not been recorded on the Worksheets.

The keyword combinations will be discussed following an iterative process in order to identify potential
problems, as the diagram mentioned below:
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR REV. 0
PAGE: 10 / 23

Describe process section

Select a Node and describe design intent

Have all relevant Parameter for this plant section

been considered? Yes

No

Select a parameter not previously considered (e.g.

Pressure)

Have all relevant guideword for this parameter

Yes been considered?

No

Select a guideword previously considered

(e.g. More)

Determine cause of deviation from design intent;

assess potential hazard/operational problem
associated with the defined cause

Are there any causes for this deviation not

previously discussed and recorded? No

Yes

Record the new cause

No Are associated consequences of any significance?

Yes

Record the consequence/s

Record any Safeguards identified

Having regard to the consequences and

No
Safeguards, is an Action necessary?

Yes

Record the agree Action

 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 11 /23

4.4 HAZOP RECORDING

The HAZOP discussion will be recorded by the HAZOP Secretary using dedicated software: “LEADER –
2015 VERSION”.

This software leads to:

- A complete sets of topics added instantly;

- A vast Leader Library, puts hundreds of standard HAZOP deviations;
- Add own custom topics to any section, to the library, or to the project template that can be
created;
- Copy, reorder, and renumber topics.

The record will be made during the session using laptop, and will be projected onto a suitable screen
so that all team members can see inputs to the record as it is produced.

4.5 HAZOP NODES

In order to perform the analysis and focus the team’s attention on a specific area, the different
process systems will be divided into a convenient number of discrete nodes. Each node represents a
section of the system that can be composed by one or more items with homogeneous characteristics in
terms of pressure, temperature or service. A new node starts when main process parameters change or
isolation is present.

4.6 HAZOP TEAM

The HAZOP shall be carried out by a multidisciplinary team to ensure all aspects of the plant and its
operations are covered. The team member’s specialists include process design, instrumentation and
control, mechanical engineering, safety and operation.

The chairman has to:

 Select the team’s members

 Plan and prepare the study,

 Chair the HAZOP meetings: Trigger the discussion using guidewords and parameters,

 Follow up progress, Ensure completeness of the analysis.

The team will include a nominated scribe, responsible for recording discussion and findings.

4.7 HAZOP FOLLOW UP

The HAZOP Actions Coordinator will be responsible for ensuring the Action Items are forwarded to the
parties responsible for action implementation, and for recording the status of the actions.

The relevant discipline specialists should close-out the addressed actions, indicating the resolution and
providing references and evidence of implementation. The action sheet completed with close-out
information shall be returned to the HAZOP Actions Coordinator. The HAZOP Actions Coordinator
should review the responses and proceed until full resolution of all pending issues.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 12 /23

When an action is closed, the HAZOP Actions Coordinator should mark the action as “CLOSED” in the
action status column. When all actions will be closed, the Coordinator can issue the close-out report
(i.e. the collection of all the resolutions and action close-outs). All Actions shall be ideally closed
before the end of the Engineering Phase.

4.8 HAZOP RECOMMENDATIONS

The analysis results of the HAZOP study shall be represented by a series of recommendations which
take the form of suggested design changes, requirements of verification and additional studies or
suggestions for specific operational procedures to be implemented. The recommendations will be
managed in the activity of follow-up and implemented during the project development.

4.9 PROCESS SYSTEMS / FACILITIES

To ensure process integrity and to identify process hazards and operational problems for process
systems or facilities, a systematic review of the P&IDs shall be made.

4.10 REPORT
The HAZOP Report is a key document pertaining to the safety of the plant. It should provide sufficient
information on each element so that, either read alone or together with available and clearly cross
referenced documents, an assessment can be made of the adequacy of the HAZOP study carried out.

The contents of such a summary might typically be:

- Introduction;

- System definition and delimitation;

- Documents (on which the analysis is based);

- Methodology;

- Team members;

- HAZOP results:

 Reporting principles,

 Classification of recordings,

 Main results;

 HAZOP study worksheet.

- Appendices:

 P&IDs (marked),

 List of participants.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 13 /23

5. Safety Integrity Level (SIL)

5.1 SCOPE & OBJECTIVES OF THE SIL STUDY

The analysis of hazards and risks gives rise to the need to reduce the risk and within the SLC of the
standards this is identified as the derivation of the safety requirements. There may be some overall
methods and mechanisms described in the safety requirements but also these requirements are then
broken down into specific safety functions to achieve a defined task.
In parallel with this allocation of the overall safety requirements to specific safety functions, a
measure of the dependability or integrity of those safety functions is required.
What is the confidence that the safety function will perform when called upon?
This measure is the SIL. More precisely, the safety integrity of a system can be defined as:
"The probability (likelihood) of a safety-related system performing the required safety functions
under all the stated conditions within a stated period of time."
Thus the specification of the safety function includes both the actions to be taken in response to the
existence of particular conditions and also the time for that response to take place. The SIL is a
measure of the reliability of the safety function performing to specification.

5.2 PROBABILITY OF FAILURE

To categorise the safety integrity of a safety function the probability of failure is considered – in effect
the inverse of the SIL definition, looking at failure to perform rather than success.
It is easier to identify and quantify possible conditions and causes leading to failure of a safety function
than to guarantee the desired action of a safety function when called upon.
Two classes of SIL are identified, depending on the service provided by the safety function
 For safety functions that are activated when required (on demand mode) the probability of
failure to perform correctly is given, whilst
 For safety functions that are in place continuously the probability of a dangerous failure is
expressed in terms of a given period of time (per hour) (continuous mode).
The probabilities of failure are related to one of four safety integrity levels, as shown in Table 1:

Table 2: Probability of failure

Probability of failure
Mode of operation – on demand (average Mode of operation – continuous
Safety Integrity
probability of failure to perform its design (probability of dangerous failure per
Level (SIL)
function upon demand) hour)
b A single E/E/PES is not sufficient
4 ≥ 10-5 to < 10-4 ≥ 10-9 to < 10-8
3 ≥ 10-4 to < 10-3 ≥ 10-8 to < 10-7
2 ≥ 10-3 to < 10-2 ≥ 10-7 to < 10-6
1 ≥ 10-2 to < 10-1 ≥ 10-6 to < 10-5
a No special safety requirements
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 14 /23

5.3 SIL CLASSIFICATION

The following methods will be used for Target Safety Integrity:
 Risk Graph
 Layer of Protection Analysis (LOPA)
Both these methods are included in the IEC61508 and IEC61511 standard. The risk graph is a qualitative
technique, the results tend to be quite subjective and lead to SIL levels biased on the high side. The
Layers of protection analysis technique is quantitative and more accurate and it is becoming the widely
accepted technique for SIL determination.
5.3.1 RISK GRAPH TECHNIQUE
The risk graph method is a qualitative approach to determine the level of integrity required for the
identified Instrumented Protective Functions (IPF) for the project. The approach is based on the
International Electro technical Commission standard, IEC61511.
Risk graph analysis uses four parameters to make a SIL selection. These parameters are consequence
(C), occupancy (F), probability of avoiding the hazard (P), and demand rate (W).
- Process Safety Risk Analysis

Each loop shall be reviewed on the following basis:

 Consequence Severity

 Personnel Exposure

 Alternatives to Avoid Danger

 Demand Rate

The SIL rating is calculated using the response to the 4 questions and the appropriate SIL level is
generated using the IEC risk graph attached in Appendix (6.1).

- Commercial Risk Analysis

Each of the loops reviewed shall be subjected to an Asset Protection Review. This shall be carried out
on the following basis:

 Consequence Severity

 Demand Rate

The risk graph for asset / economic loss is provided in Appendix. Before this chart is used, it must be
calibrated for the specific plant it is used on. Consequence severity should represent the meaningful
range of negative impacts towards important asset or economic objectives (e.g. reliability,
replacement or repair costs)

The equivalent CIL rating is calculated using the response to the 2 questions and the appropriate
equivalent CIL level is generated using the IEC risk graph attached in Appendix (6.2).
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 15 /23

- Environmental Risk Analysis

Each of the loops reviewed shall be subjected to an Environmental Review. This shall be carried out on
the following basis:

 Consequence Severity

 Demand Rate

Environmental protective functions should be assessed against a risk graph that provides the range of
negative consequences with respect to important environmental objectives for the specific plant, area
of operation and local legislative requirements. For example, violation of discharge permits or flare
consents spills of varying magnitude.

The equivalent EIL rating is calculated using the response to the 2 questions and the appropriate
equivalent EIL level is generated using the IEC risk graph attached in Appendix (6.3).

5.3.2 LAYER OF PROTECTION ANALYSIS

LOPA is one of the techniques developed in response to a requirement within the process industry to be
able to assess the adequacy of the layers of protection provided for an activity. Initially this was driven
by industry codes of practice or guidance and latterly by the development of international standards
such as IEC61508 and IEC61511.
Once the tolerable frequency for a SIF is established, all causes of the initiating event are listed. For
each cause of the initiating event, its likelihood is established. The layers of protection and associated
PFD for each cause are then listed. The mitigated event frequency for each cause is determined. After
each cause is analyzed the total event frequency due to all causes for the initiating event is
determined. The SIL is determined by comparing the established tolerable frequency (goal) with the
total mitigated event frequency.

5.4 RISK MATRIX

The risk matrix is a method categorizing the frequency or likelihood and severity of a risk event using
multiple qualitative levels. The risk matrix tolerance will represented with risk matrix. The OMV risk
matrix is shown below:

Frequency (Cases Per Year)          

E Frequent (> 1*10^-2/year)
D Probable (1*10^-2 to 1*10^-4/year)       Intolerable Region
C Seldom (1*10^-4 to 1*10^-5/year)     Tolerable if ALARP Region  
B Unlikely (1*10^-5 to) Broadly Acceptable Region    
A Improbable (<1*10^-7/year)          
1 5
Consequence Level 2 3 4
Low High
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 16 /23

Figure 3: RISK MATRIX

5.5 RISK REDUCTION

It’s important to ensure that the risk reduction achieved for E/E/PES protective layer and other
technologies are sufficient so that the necessary risk reduction is achieved and that risk is reduced to
tolerable levels shown in the Figure below:

Figure 4: IEC - Risk Reduction Model – ALARP Reduction

5.6 RISK ANALYSIS TEAM

The typical SIL classification Team should include the following personnel:

 SIL Facilitator;
 Secretary;
 Process Engineer;
 Safety Engineer;
 Instrument Engineer;
 Operations Personnel;
 Specialist Engineers and Technicians (for example HVAC and Rotating Machinery).

5.7 SIL RECORDING

SIL software tools may be used to facilitate the documentation of the classification process and the
calculation of the IPF loop reliabilities.

The SIL discussion will recorded by the SIL Secretary using dedicated software “LOPA”, It‘s a tool
integrated in the “HAZARD REVIEW SOFTWARE – 2015 VERSION”.

This software leads to:

- A vast integrated Library puts many scenarios (causes, consequences...);

- Various Types of Independent Protection Layers (IPLs);
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 17 /23

- Typical Probabilities of Failure on Demand from Literature and Industry;

- Typical Frequencies for Various Types of Initiating Events;
- Complete sets of topics added instantly....
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 18 /23

6. Appendices

6.1 PROCESS SAFETY RISK GRAPH

W1 W2 W3
C1
- - -

P1
1 - -
F1
C2
P2
2 1 -
Starting
Point P1 2 1 1
F2
P2
3 2 1

C3 3 3 2
F1

F2
NR 3 3
C4
NR NR NR

Figure 1 : IEC Process Safety Risk Graph

- = No safety requirements

NR = Not recommended. Consider alternatives

Table 1: IEC Process Safety Risk Graph Data

Risk Parameter Classification Comments
C1 Slight Injury 1. The classification system has been developed to
C2 Serious injury or 1 death deal with injury and death to people.
C3 Death to several people
Consequence (C) 2. For the interpretation of C1, C2, C3 and C4, the
C4 Very many people killed consequences of the accident and normal healing
shall be taken into account.
Frequency of, Rare to often exposure
F1
and exposure in the hazardous zone
time in, the Frequent to permanent 3. See comment 1 above.
hazardous zone F2 exposure in the
(F) hazardous zone
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 19 /23

Risk Parameter Classification Comments

4. This parameter takes into account:
- operation of a process (supervised (i.e. operated
Possible under certain by skilled or unskilled persons) or unsupervised);
P1
conditions - rate of development of the hazardous event (for
example suddenly, quickly or slowly);

Possibility of
- ease of recognition of danger (for example seen
avoiding the
immediately, detected by technical measures or
hazardous event
detected without technical measures);
(P)
- avoidance of the hazardous event (for example
P2 Almost impossible escape routes possible, not possible or possible
under certain conditions);
- actual safety experience (such experience may
exist with an identical EUC or a similar EUC or may
not exist)
Demand Rate once in
W1 5. The purpose of the W factor is to estimate the
every 30 years or more.
frequency of the unwanted occurrence taking place
Demand Rate between 3 without the addition of any safety-related systems
W2
– 30 years. (E/E/PES or other technology) but including any
Probability f the
external risk reduction facilities
unwanted
6. If little or no experience exists of the EUC, or
occurrence (W)
the EUC control system, or of a similar EUC and
Demand Rate between
W3 EUC control system, the estimation of the W factor
0.3 – 3 years
may be made by calculation. In such an event a
worst case prediction shall be made.

6.2 COMMERCIAL RISK GRAPH

 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 20 /23

C0
W1 W2 W3
C1
- - -
C2
- - -
Starting C3 1 1 -
Point
C4
2 2 1

Figure 2 : Commercial Risk Graph

- = No safety requirements

NR = Not recommended. Consider alternatives

Table 2: Commercial Risk Graph Data

Risk Parameter Classification Comments
No operational upset or
C0
equipment damage
Minor operational upset or 1. Each facility will have specific economic
C1
equipment damage. consequences which should be considered. These
Moderate operational upset should be established before the classification
Consequence C2
or equipment damage commences. Risk graphs should be selected and
Major operational upset or
C3 calibrated to suit the specific economic
equipment damage.
Damage to essential consequences and the local business model.

C4 equipment, major economic

loss or loss of containment
P1 Possible under certain 2. While not used in this example the risk graph
conditions may be adapted to include this requirement
3. This parameter takes into account:
- operation of a process (supervised (i.e. operated
Possibility of
by skilled or unskilled persons) or unsupervised);
avoiding the
- rate of development of the hazardous event (for
hazardous event
example suddenly, quickly or slowly);
(P)
P2 Almost impossible - ease of recognition of danger (for example seen
immediately, detected by technical measures or
detected without technical measures);
- avoidance of the hazardous event (for example
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 21 /23

escape routes possible, not possible or possible

under certain conditions);
- actual safety experience (such experience may
Demand Rate once in every 7. The purpose of the W factor is to estimate the
W1 frequency of the unwanted occurrence taking place
30 years or more.
without the addition of any safety-related systems
Demand Rate between 3 – 30
W2 (E/E/PES or other technology) but including any
Probability f the years.
external risk reduction facilities
unwanted
8. If little or no experience exists of the EUC, or
occurrence (W)
the EUC control system, or of a similar EUC and EUC
Demand Rate between 0.3 –
W3 control system, the estimation of the W factor may
3 years
be made by calculation. In such an event a worst
case prediction shall be made.

6.3 ENVIRONMENTAL RISK GRAPH

C0
W1 W2 W3
C1
1 - -
C2 2 1 -
Starting C3 3 3 2
Point
C4
NR NR 3

Figure 3 : Environmental Risk Graph

- = No safety requirements

NR = Not recommended. Consider alternatives

Table 3: Environmental Risk Graph Data

Risk Parameter Classification Comments
Consequence No release or a negligible 1. Each facility will have specific
C0
environmental impact environmental; consequences /
Release with minor impact on regulations which should be
C1
environmental – reportable considered. These should be
Release with moderate impact on the
C2 established before the classification
environment.
commences. Risk graphs should be
C3 Release with temporary major impact
selected and calibrated to suit the
on the environment.
 NO.
HAZOP/HAZID/SIL/SIMOPS ToR Rev. 0
PAGE: 22 /23

Risk Parameter Classification Comments

Release with permanent major impact

C4
on the environment specific environmental
consequences and the local business
2. While not used in this example
the risk graph may be adapted to
P1 Possible under certain conditions
include this requirement.
3. This parameter takes into
account:
- operation of a process (supervised
(i.e. operated by skilled or unskilled
persons) or unsupervised);
- rate of development of the
hazardous event (for example
suddenly, quickly or slowly);
Possibility of avoiding
- ease of recognition of danger (for
the hazardous event
example seen immediately,
(P)
P2 Almost impossible detected by technical measures or
detected without technical
measures);
- avoidance of the hazardous event
(for example escape routes possible,
not possible or possible under
certain conditions);
- actual safety experience (such
experience may exist with an
identical EUC or a similar EUC or
may not exist)
Probability f the Demand Rate once in every 30 years 9. The purpose of the W factor is to
unwanted occurrence W1 estimate the frequency of the
or more.
(W) unwanted occurrence taking place

W2 Demand Rate between 3 – 30 years. without the addition of any safety-

related systems (E/E/PES or other
W3 Demand Rate between 0.3 – 3 years technology) but including any
external risk reduction facilities
10. If little or no experience exists
of the EUC, or the EUC control
system, or of a similar EUC and EUC
control system, the estimation of
the W factor may be made by
calculation. In such an event a worst

HAZOP/HAZID/SIL/SIMOPS ToR
Risk Parameter Classification
6.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF
INDEPENDENT PROTECTION LAYERS (IPLS)
IPL Type Description
Basic process control system;
automatic control loop
BPCS
independent of the initiating
event
Human response with 10 minutes
Human available for response;
response notification must be independent
(10 min of initiating event and other IPLs,
available) and operator training must
include required response
Human response with 40 minutes
Human available for response;
response notification must be independent
(40 min of initiating event and other IPLs,
available) and operator training must
include required response
Passive device (e.g., a dike with
good control over drains) that is
Passive not required to take an action in
order for it to achieve its
function in reducing risk
Relief valve or rupture disk
Relief
(effectiveness is sensitive to
device
service and experience)
NO.
Rev. 0
PAGE: 23 /23
Comments
case prediction shall be made.
PFOD from PFOD
Literature and Chosen Typical Comment for PFOD
Industry for LOPA
Used typical value for an
automatic control loop in a
10-1 to 10-2 1.00E-01 basic process control system,
independent of the initiating
event
Used typical value for human
response with 10 minutes
available for response;
1 to 10-1 1.00E+00 notification is independent of
initiating event and other IPLs,
and operator training includes
required response
Used typical value for human
response with 40 minutes
available for response;
10-1 to 10-2 1.00E-01 notification is independent of
initiating event and other IPLs,
and operator training includes
required response
Used typical value for a passive
device that is not required to
10-1 to 10-3 1.00E-02 take an action in order for it to
achieve its function in reducing
risk
Used typical value for a relief
valve or rupture disk in clean,
10-1 to 10-5 1.00E-03 non-corrosive service; assumes
maintenance per industry
standards