Part 2 - Handouts of Presentations - Updated 201806

HAZOP/ PHA Leadership Training
Part (II)
Handouts of Presentations
Delivered and Complied by:
Said Mohamed Khalifa, CSP

EH&S and Loss Prevention Consultant
Egypt
2018
Lessons learned from Disasters Updated on: Jan. 2018
The Rising Case for Change

“Disasters are Man-made”
Said Khalifa, CSP

HSE and Loss Prevention Consultant
Updated Jan. 2018
Course Title 03.11.2011 1
 1984 – Bhopal, India – Toxic Material
 2,500
immediate
fatalities;
20,000+ total
 Many other
offsite injuries HAZARD:
Highly Toxic
Methyl Isocyanate
2
/
4
9
ARMC 1
 1984 – Mexico City, Mexico –Explosion

 300 fatalities
(mostly offsite)
 $20M damages
HAZARD:
Flammable LPG
in tank
3
/
4
9
 1988 – Norco, LA – Explosion

 7 onsite fatalities, 42 injured
 $400M+ damages
HAZARD:
Flammable
hydrocarbon vapors
4
/
4
9
ARMC 2
 1989 – Pasadena, TX – Explosion and Fire

 23 fatalities, 130 injured; damage $800M+
HAZARD:
Flammable
ethylene/isobutane
vapors in a 10” line
5
/
4
9
Lessons learnt from Disasters
 BP Texas Refinery and other refineries

 ..\..\..\Videos\CSB Videos\BP Texas\BP_Other Disasters
Anniversary Video.mov
 DuPont LaPorte
..\..\..\Videos\CSB Videos\LaPorte_DuPont_2014\EMBARGOED
Animation DuPont La Porte.mov
 Formosa Plastics Corporation

..\..\..\Videos\CSB Videos\Formosa_PVC Explosion_2004.wmv
ARMC 3
Overview of PSM
PHA/ HAZOP Leadership Training

Overview of PSM
:‫عرض وإعداد‬
‫سعيد محمد طه خليفة‬
Said Mohamed Khalifa, CSP
(Certified Safety Professional)
2018
1/29/2018 An Overview of PSM 2
Learning Objectives of this Overview

 Describe the hazard and accident-driven
stimulus for, and main components of
OSHA’s Process Safety Management
standard
 Define Process Hazard Analysis and related

terminology
 Describe major hazard analysis methods
 Assess applicability (via pros and cons) of

major hazard analysis methods
ARMC 1
Overview of PSM
The words HAZARD and RISK

Hazard and Risk unfortunately, are sometimes
used interchangeably.
This leads to confusion as to what is a hazard
versus a risk. Below are the definitions.
 Hazard: any source of potential damage,
harm or adverse health effects on something
or someone under certain work conditions.
Essentially, a hazard is something that can
cause harm or adverse effects.
ARMC 2
Overview of PSM
Hazards
 An inherent physical or chemical
characteristic that has the potential for
causing harm to people, the environment, or
property1
 Hazards are intrinsic to a material, or its
conditions of use.
 Examples
◦ Hydrogen sulfide – toxic by inhalation
◦ Gasoline – flammable
◦ Moving machinery – kinetic energy, pinch points
6
1 /
AICHE Center for Chemical Process Safety
4
Hazard Management:
The World as It Was Before
 Good people
 … doing good things
ARMC 3
Overview of PSM
What is a Process Safety Management

 Integral part of OSHA Occupational Safety and
Health Standards since 1992
 Known formally as: Process Safety Management of
Highly Hazardous Chemicals (29 CFR 1910.119)
 PSM applies to most industrial processes
containing 10,000+ pounds of hazardous
material
In a Few Words,What is PSM?

 The proactive and
systematic identification,
evaluation, and mitigation or
prevention of chemical
releases/ exposure that could
occur as a result of failures in
process, procedures, or
equipment.
ARMC 4
Overview of PSM
What’s Covered by PSM?

 Process Safety  Mechanical Integrity
Information  Hot Work
 Employee Involvement  Management of Change
 Process Hazard Analysis  Incident Investigation
 Operating Procedures  Emergency Planning and
 Training Response
 Contractors  Compliance Audits
 Pre-Startup Safety  Trade Secrets
Review
PSM at Glance
(example)
THE FOLLOWING EXAMPLE

SHOWS HOW THE PSM ELEMENTS
ARE INTEGRATED IN ACTUAL
PRACTICE
ARMC 5
Overview of PSM
PSM at Glance (example)

The following example shows how the PSM elements
are integrated in actual practice
The problem:
Pilot studies
indicate that
higher yields can
be obtained by
maintaining higher
temperatures in a
reaction vessel.
Example (contd.)
 A change in operating temperature must be
approved by all technical and support functions
(MOC).
 The impact of this change is assessed through
revision of the process hazard analysis (PHA),
which results in a recommendation to modify
the pressure relief system.
 The modifications in temperature and pressure
relief system mandate new steps for process
operators (Operating Procedures),
 Operators require training and verification in
the new procedures (Training).
ARMC 6
Overview of PSM
Example (contd.)
 The modifications to the pressure relief
system are made by the supplier
(Contractor Safety) and require that a
portion of the process be shut down for this
work.
 The work includes a brazing operation
requiring a Hot Work Permit (Nonroutine
Work Authorization).
 Potential impacts on the process require a
review of emergency response plans
(Emergency Planning)
Example (contd.)
 The new pressure relief system must be
inspected and tested (Mechanical
Integrity)
 and all factors for safe operation must be
reviewed (Pre-startup Safety Review [PSR])
before that portion of the process is
brought back on line.
 The piping and instrumentation diagrams
(P&IDs) and other engineering drawings
must be revised to show the as-modified
configuration of the system (PSI).
ARMC 7
Overview of PSM
Example (contd.)
 The rationale and information about the
changes must be available for review by
employees and their representatives
(Employee Involvement).
 Using this information, the PHA is updated
to account for potential hazards associated
with the new equipment.
 Also, inspection and maintenance
procedures and training must be updated
(Mechanical Integrity, Operating Procedures,
Training).
Simply, PHA allows the employer to:
 Determine locations of potential safety

problems
 Identify corrective measures to improve safety
 Preplan emergency actions to be taken if safety

controls fail
ARMC 8
Overview of PSM
PHA Requirements
 Use one or more established methodologies
appropriate to the complexity of the process,
 Performed by a team with expertise in

engineering and process operations,
 Includes personnel with experience and

knowledge specific to the process being
evaluated and the hazard analysis methodology
being used.
PHA Must Address …

 Hazards of the process
 Identification of previous incidents with likely

potential for catastrophic consequences
 Engineering and administrative controls

applicable to the hazards and their
interrelationships
ARMC 9
Overview of PSM
PHA Must Address … (cont’d)

 Consequences of failure of engineering and
administrative controls, especially those
affecting employees
 Facility siting; human factors
 The need to promptly resolve PHA findings and

recommendations
2
0
/
4
Hazard Analysis Methodologies
 What-If
 Checklist
 What-If/Checklist
 Hazard and Operability Study (HAZOP)
 Failure Mode and Effects Analysis (FMEA)
 Fault Tree Analysis
 Event Tree Analysis
 An appropriate equivalent methodology
ARMC 10
Overview of PSM
Accident Scenarios May Be Missed

by PHA
 No PHA method can identify all accidents that
could occur in a process
 A scenario may be excluded from the scope of
the analysis
 The team may be unaware of a scenario
 The team consider the scenario but judge it
not credible or significant
 The team may overlook the scenario
Summary
Despite the aforementioned issues with PHA:
 Companies that rigorously exercise PHA are

seeing a continuing reduction in frequency and
severity of industrial accidents
 Process Hazard Analysis will continue to play

an integral role in the design and continued
examination of industrial processes
ARMC 11
Overview of PSM
Using What You Learn

 The ideas and techniques of Process
Hazard Analysis will be immediately useful
in upcoming exercise on Hazard
Evaluation
 Expect to be part of a Process Hazard

Analysis Team early in your professional
career
2
4
/
4
Where to Get More Information

 Chemical Safety and Hazard Investigation
Board’s web site: www.csb.gov
 Crowl and Louvar – Chemical Process Safety:
Fundamentals with Applications
 Kletz – HAZOP & HAZAN: Notes on the Identification
and Assessment of Hazards
2
ARMC 12
Hazard Perception 1/29/2018
Certified PHA/ HAZOP Leadership
Hazard Perception and

Risk Evaluation Techniques
(Process Hazard Analysis)
Said Khalifa, CSP

2018
Definitions:
• Hazard.;
• Risk;
• Hazard identification;
• Risk assessment;
• Hazard analysis,
1/29/2018 HazPerception_PHA 2
ARMC 1
The words HAZARD and RISK unfortunately, are

sometimes used interchangeably. This leads to
confusion as to what is a hazard versus a risk.
Below are the definitions.
• Hazard: any source of potential damage,
harm or adverse health effects on something
or someone under certain work conditions.
Essentially, a hazard is something that can
cause harm or adverse effects.
ARMC 2
Risk
• Risk: the chance or probability that a person
will be harmed or experience an adverse
effect if exposed to a hazard. Factors that
influence the degree of risk are as follows.
– How frequent the person is exposed to the
hazard
– How the person is exposed (via skin contact,
inhalation, etc)
– How severe are the effects due to the exposure
Risk Assessment or Hazard Analysis?
• Risk is considered to be related to the

consequences of a hazard potential being
realized and causing harm. Hence people,
property and the environment may be
considered "at risk" from a nearby hazard.
• Risk is sometimes expressed in mathematical
probability terms involving both failure and
consequences.
ARMC 3
Risk Assessment or Hazard Analysis?
• An analysis is considered to be a technical

procedure following an established pattern.
• An assessment is the consideration of the
results of the analysis in a wider context to
determine the significance of the analytical
findings.
STANDARDS AND CODES

FOR HAZARD IDENTIFICATION AND
RISK ASSESSMENT
1/29/2018 Hazard Percption 8
ARMC 4
Risk Management Process: ISO 31000
Risk Management Process: ISO 17776:2000(E)
1/29/2018 Hazard Percption 10
ARMC 5
OVERALL PROCEDURE
FOR HAZARD ANALYSIS
When do we carry Hazard Analysis?

P rojec t stage H azar d analyse s
C onc ept hazard survey

definition P re liminary risk a ssessment
P lanning
P e rmission
De ta iled design che cks

design Ha zard and Opera bility / FM E A
Fa ult Tre e Ana lysis
C onstruction c onstruction a udit
pre-c ommissioning che ck
C ommissioning
Opera tion sa fety a udits
ARMC 6
PROCESS HAZARD ANALYSIS

FLOW CHARTS
ARMC 7
A LIST OF RECOGNISED TECHNIQUES AND

THEIR APPLICATIONS
Hazard Survey/Hazard Identifies all stocks of hazardous materials or
Inventory energy, with relevant details of conditions of
storage. (Conceptual design stage)
Design Check List Used for audit of new design, or within design
process itself. (Detailed design stage).
Hazard and Operability For identifying failure modes that could occur
Study/Failure Modes and and might have undesirable consequences.
Effects Analysis (Detailed design stage).
Reliability Studies (single Usually a statistical analysis of failure rates on

equipment). a critical component (e.g. turbine) with a view
to optimizing redundancy or maintenance
provisions. (Detailed design or operational
stage).
1/29/2018 PHA Techniques 16
ARMC 8
A LIST OF RECOGNISED TECHNIQUES AND

THEIR APPLICATIONS
Systems These techniques are used for estimating the
frequency of failures of a system involving many
Reliability/Fault components (e.g. pressure control of a liquefied
Tree Analysis gas storage tank). Dominant causes of failure are
identified. (Detailed design stage).
Event Tree Used to find the various possible outcomes of a

given initiating event (used in Risk Assessment -
Analysis see below).
Cause- A flexible method for presenting system reliability

problems, including features of both fault and
Consequence event trees, with allowance for time delay
Diagrams factors. (Detailed design stage).
A LIST OF RECOGNISED TECHNIQUES AND THEIR

APPLICATIONS
Risk Assessment Quantification of the total risk (to life, property or
production) associated with a hazardous process.
(Preliminary analysis at conceptual stage, followed
by more detailed one during design). Risk
assessment is a general technique which can be
applied to general policy decisions as well as to
single projects.
Construction A check that the plant as built conforms to required

Audit/ Pre- standards and to recommendations made in earlier
safety studies. (Construction stage).
Commissioning
Check.
Safety Audit This normally refers to a check of the plant

hardware and operating procedures after some time
1/29/2018 in operation.
PHA Techniques 18
ARMC 9
FEATURES AND STEPS OF A DETAILED PROCESS

SAFETY STUDY
Subsystem of * Line and valves, etc.
* Equipment
interest
Mode of operation * Normal operation
* Start-up mode
* Shutdown mode
* Maintenance/construction/inspection mode
Trigger event * Human failure

* Equipment/instrument/component failure
* Supply failure
* Emergency/environmental event
* Other cause of abnormal operation, including
instrument disturbance
Effect on * Change in chemical condition

* Change in quantity
subsystem * Change in physical condition
FEATURES AND STEPS OF A DETAILED SAFETY STUDY
Effect on system * Change in chemical condition

* Change in quantity
* Change in physical condition
Hazardous * Release of material
condition * Change in material hazard
characteristics
* Operating limit reached
* Energy source exposed
* Other hazardous condition
Alter events by * Change of process design
* Change of operating limits
* Change of system reliability
* Improvement of material containment
ARMC 10
FEATURES AND STEPS OF A DETAILED SAFETY STUDY

Corrective action * Change control system
* Add/remove materials
How is hazardous * During normal operation
condition * Upon human failure
* Upon component failure
detected?
* In other circumstances
Contingency action * Improve isolation

* Improve protection
Hazard rating * Qualitative
* Quantitative
* Other ratings
END OF INTRODUCTION
QUESTIONS?
ARMC 11
Introduction to HAZOP 1/29/2018
Certified PHA/ HAZOP Leader
HAZOP STUDY TRAINING COURSE
INTRODUCTION TO
HAZOP
Presented by:
Said M. Khalifa
Certified Safety Professional, CSP (since 1997)
2018
DEFINITION OF HAZOP
• A procedure used to review design and
operations of hazardous process facilities.
• It was derived from:-

• Operability Study;
• Hazard Analysis.
1/29/2018 Introduction to HAZOP 2
ARMC 1
SNAP SHOT OF A
HAZOP
ARMC 2
Before
After
ARMC 3
Events that can lead to a HAZARD
Consequences from HAZARD

What happens if we don't?

• More accidents;
• Late modifications;
• Operability problems;
• Frustration.
ARMC 4
Why HAZOP, not Design review?

• It is a design review but is structured,
systematic and complete.
• But still requires a skilled team, with

relevant experience, operating together
Why HAZOp· not Process Safety Review"?
• PSR is an "expert" review but uses one or two

individuals working alone.
• It is not structured or systematic.
• HAZOP uses a team, which can include the

"expert"
ARMC 5
Engineering Codes For Hazard Control
• Simple' to understand
• Legally Enforced ;
• Apply to all.
Engineering Codes For Hazard Control

The Problem:
• Based on experience (no prediction);
• Consensus documents (min. standard
acceptable);
• Basis is arbitrary (no consequence analysis);
• No account of site details (e.g. topography',
procedures, land use);
• Not well enforced later;
• Don't consider cumulative risk.
ARMC 6
Safety Audits (Facility)

• Latest engineering standards.
• Code of practice.
• Pressure relieving systems.
• Blow down.
• ESD.
• Fire proofing;
• Safe guarding systems.
Safety Audits (Activity)

• Operating manuals;
• Working procedures;
• Control of work;
• Emergency preparedness and response plans.
• Organizational culture;
• Incident history,
• Training.
ARMC 7
Justification for HAZOP

“We do not need a system, we employ
good people and rely on their experience
and knowledge”.
“All HAZOP does is harness experience

and knowledge systematically, it is not a
sausage machine”
We don’t do HAZOP as:
• It takes too long time.
• It costs too much.
ARMC 8
Benefits of HAZOP Study

(8 years’ experience of ICI Mond Division in UK)
With
CRITERION HAZOP
WITHOUT
HAZOP
No. of major mods to 0 2-3

plant ~
No. of minor mods to 10-15
3
plant
Time from start-up to 1 3
design
flow sheets rates
ARMC 9
The need for a HAZOP 1/29/2018
the need for HAZOP

Overview of Flixborough
• An explosion at the Nypro plant at Flixborough on
June 1, 1974The
• Nypro factory was located on the east coast of
England.
• was the most serious to occur in the chemical industry
in Great Britain.
• 28 killed, 53 severely injured.
• Hundreds of public suffered from injuries.
• @ 2000 houses and 150 shops were damaged.
• Employment of a Court of Enquiry.
1/29/2018 The need for HAZOP_Flixborough 3
ARMC 1
Description of the process:

• A small part of the site was dedicated to
caprolactam production, which involved the
oxidation of cyclohexane.
• The oxidation was carried out in a series of
six reactors, each reactor being set 14 inches
below its predecessor in the train so as to
permit gravity flow of liquid from reactor to
reactor.
What is Cyclohexane:
• Trade name: Benzene hexahydride, Hexahydrobenzene,
Hexamethylene, Hexanaphthene.
• Formula: C6H12
• Physical Description: Colorless liquid with a
sweet, chloroform-like odor.
• FP: 0°F (- 17 C) BP: 177°F (80 C); LEL: 1.3%;
• Class IB Flammable Liquid: Fl.P. below 73°F and
BP at or above 100°F.
• Incompatibilities & Reactivity: Oxidizers
ARMC 2
What is caprolactam :
• Synonyms & Trade Names: Aminocaproic-lactam, epsilon-
Caprolactam, Hexahydro-2H-azepin-2-one, 2-
Oxohexamethyleneimine.
• Formula: C2H11NO.
• Physical Description: White, crystalline solid or flakes
with an unpleasant odor.
• Combustible Solid.
• Fl.P: 282°F; LEL: 1.4%, BP: 515°F;
• Incompatibilities & Reactivity: Strong oxidizers, (acetic
acid + dinitrogen trioxide)
ARMC 3
Description of the process: (contd.)

• The product of the reaction contained largely
cyclohexane (94%) with cyclohexanone and
cyclohexanol.
• The cyclohexane was subsequently separated by
distillation and recycled.
• Under normal operating conditions, the
cyclohexane in the reactor was at a temperature
of 310°F and a pressure of 120 psig. It was
therefore above its boiling point at atmospheric
pressure.
Description of the process: (contd.)

• The reaction took place between this heated
cyclohexane under pressure and air in the
presence of a catalyst.
• The connecting sections of pipework between
the reactors are of special interest because of
expansions and contractions which occurred
during start-up and shutdown of the plant.
• A bellows section was introduced between each
pair of reactors. The correct operation for the
bellows in conditions of thrust was stress along
the center line of the bellows.
ARMC 4
Events Leading to the Explosion

• On March 27, over two months before the explosion,
cyclohexane was found to be leaking from No.5
reactor. The reactors were constructed of mild steel
plate, with 0.12" stainless steel plate bonded to it on
the inside.
• It was decided to shut down the plant and remove the
reactor for inspection and repair. Calculations
indicated that the reactor section could be operated
satisfactorily with five reactors and efforts were
concentrated on getting the section and plant back on
line by bridging the gap between Nos. 4 and 6
reactors.
ARMC 5
Events Leading to the Explosion, contd.

• It is noteworthy here that no attempt was
made to check whether any of the other
reactors were suffering from similar cracks.
• Some people appeared to believe that the
cracking in No.5 reactor was caused by the
application of cooling water to the outer mild
steel shell, and although this was
subsequently shown to be the case after
restarting the plant, no inspection of the
other reactors was made.

• A decision was made to bridge the gap
between Nos. 4 and 6 reactors as quickly as
possible.
• The openings to be connected were 28"
diameter, but the only pipe available on the
site was 20" diameter.
• Calculations showed that this pipework could
handle the flow of liquid required and that it
could withstand the internal pressure.
ARMC 6

• The workshop foreman was asked to
fabricate a bypass pipe, using the 20" piping,
and he produced a design sketch in chalk on
the floor of the workshop.
• The difference in levels between successive
reactors required, however, that the
connecting pipe work be in the form of a
dog-leg.
Statement of the Court of Enquiry

"There was not any overall control or
planning of the design, construction,
testing or fitting of the assembly nor was
any check made that the operations had
been properly carried out."
ARMC 7
At this stage the position was as follows:

• No design calculations,
• Did not comply either with the relevant British Standard
or with the bellows manufacturer's recommendations;
• The turning moment under pressure; which was wholly
unrestrained in an upward direction and inadequately
restrained in a downward direction.
• As a result the bellows were subjected to shear forces
for which they were not designed and the 20" pipe was
under high and unknown stresses resulting from the
end loads of 38 tons. This assembly, although
pneumatically tested to 130 psig had not been tested
Up to the reactor design pressure of 160 psig.
At this stage the position was as follows:
• No further checks of leakage were done from

the mild steel outer shell of the other
reactors.
• Nypro believed that the crack in Reactor No.5
was a unique incident in some way.
• Even up to the time of the disaster no one
was sure that the other reactors had not
been affected.
ARMC 8

• The dog-leg pipe was subsequently lagged.
• From this time until May 29, the temporary
pipework gave no trouble.
• On May 29, the plant was shut down for
maintenance work and a leaking valve was
replaced. During the start-up of the plant on
June 1 the explosion occurred
ARMC 9
The Explosion:
• The Court of Enquiry attributed the escape of
the cyclohexane to the collapse of the
temporary bypass pipe.
• The reactors contained a large inventory of
cyclohexane, 50 tons escaped, although the
extensive damage which was caused could
have been caused by the deflagration of 10
to 20 tons of cyc1ohexane.
ARMC 10
The Explosion:
• Because the cyclohexane was above its
boiling point at atmospheric pressure, a
proportion of the liquid. would have flashed
off as the pressure was reduced to
atmospheric.
• 1/8 of the liquid was flashed over to vapor.
However, the remaining liquid sprayed over.
• Hence a large gas cloud would have formed,
lead to UCVE.
The Explosion:
• Another assumption was: “the Court could
find no specific reason for the failure of the
bypass pipe, and it has been suggested
subsequently that a sudden pressure surge
caused the pipe to fail. No.4 reactor was
fitted with a stirrer and some water would
have been left in the base of the reactor after
the shutdown”.
ARMC 11
The Explosion:
• As the reactor contents were heated during
start-up, the temperature rose until boiling at
the hydrocarbon-water interface could have
taken place. The two phases would mix; there
would be a sudden evolution of vapour and a
pressure surge strong enough to rupture the
bypass pipe.
• This is only one of a number of possible reasons
for the explosion, but is one which makes sense
in terms of the known behaviour of the
substances in the process system.
What Could HAZOP Have Done?

• Process information about cyclohexane in the
reactor which could form vapor under an
adiabatic expansion in case of leakage.
• If the bypass modification had been subjected to
a HAZOP study, it would have been realized that
it rendered the plant unsafe.
• Engineering design change, calling for a design
study, safety testing, and proper reference to the
relevant British Standard and code of practice.
ARMC 12

• A HAZOP study could have ensured that the
right standards and codes of practice had
been followed, that the correct materials of
construction had been used, and that there
were no unforeseen effects on the protective
systems, electrical classifications, or other
features of the plant design.

• A HAZOP study would have increased the
awareness of the personnel involved of the
consequences of a major leakage, and of the
fact that flashing would occur.
• Due to. the lack of this awareness; there was
no concern expressed about restarting the
plant without examining the other reactors
for cracks or trying to find the cause of the
crack in No.5 reactor. (pre-start up review)
ARMC 13

• At the time of the bypass installation, the key
post of Works Engineer was vacant. It could
be argued that the qualified mechanical
engineer who should have occupied this post
would have appreciated the need for proper
design studies on any proposed bypass
system. This technique would have ensured
that the safety of the plant did not depend
on the staffing level at a particular time.
ARMC 14
HAZOP Methodology 1/29/2018
THE HAZOP METHODOLOGY

(IEC 61882:2001)
Said Khalifa, CSP

2018
03.11.2011 Course Title 1
Definition of a HAZOP
• A procedure used to review design and

operations of hazardous process facilities.
It was derived from:-
•HAZ Hazard Identification/ Analysis;
•OP Operability Issues/ Problems
ARMC 1
Definition of a HAZOP, contd.
• A HAZOP study is a detailed hazard and

operability problem identification process,
carried out by a team. HAZOP deals with the
identification of potential deviations from the
design intent, examination of their possible
causes and assessment of their
consequences.
Key features of HAZOP examination

include the following
• The examination is a creative process. The
examination proceeds by systematically using
a series of guide words to identify potential
deviations from the design intent and
employing these deviations as “triggering
devices” to stimulate team members to
envisage how the deviation might occur and
what might be the consequences.
ARMC 2

include the following, contd.
• The examination is carried out under the

guidance of a trained and experienced study
leader, who has to ensure comprehensive
coverage of the system under study, using
logical, analytical thinking. The study leader
is preferably assisted by a recorder who
records identified hazards and/or operational
disturbances for further evaluation and
resolution.

• The examination relies on specialists from
various disciplines with appropriate skills and
experience who display anticipation/
obviousness and good judgement.
• The examination should be carried out in a
climate of positive thinking and frank
discussion. When a problem is identified, it is
recorded for subsequent assessment and
resolution.
ARMC 3

• Solutions to identified problems are not a
primary objective of the HAZOP examination,
but if made they are recorded for
consideration by those responsible for the
design.
HAZOP DEFINITIONS
ARMC 4
HAZOP Definitions
• System or subsystem under study.

• Part: section of the system which is the
subject of immediate study.
– NOTE : A part may be physical (e.g. hardware) or
logical (e.g. step in an operational sequence).
• Characteristics: qualitative or quantitative
property of an element.
HAZOP Definitions
• Design intent: designer’s desired, or specified range
of behaviour for elements and characteristics
• Element: constituent of a part which serves to
identify the part’s essential features. The choice of
elements may depend upon the particular
application. (the choice is explained in the next slide)
• Guide word: word or phrase which expresses and
defines a specific type of deviation from an
element’s design intent.
ARMC 5
But elements can include features such as:
The operational characteristics (P, T, L, etc.)

the material involved,
the activity being carried out,
the equipment employed etc.
Material should be considered in a general
sense and includes data, software, etc.
HAZOP STUDIES CONSIST OF FOUR BASIC

SEQUENTIAL STEPS:
1/29/2018 HAZOP Mthedology 12
ARMC 6
The HAZOP Study Procedure
Definition (6.1-3)
• Define scope and objectives
• Define responsibility
• Select team
Preparation (6.4)
• Plan the study
• Collect data
• Agree style of recording (6.6.2)
• Estimate the time
• Arrange a schedule
Examination (6.5)
• Divide system into parts
• Select a part and define design intent
• Identify deviation by using guide words on each element
• Identify consequences and causes
• Identify whether a significant problem exists
• Identify protection, detection, and indicating mechanisms
• Identify possible remedial/mitigating measures (optional)
• Agree actions
Repeat for each element and then each part of the system
Documentation and follow-up (6.6-7)

• Record the examination
• Sign off the documentation
• Produce the report of the study
• Follow up that actions are implemented
• Re-study any parts of system if necessary
• Produce final output report
Timing of a HAZOP Study

• “Concept" phase studies
• Design _phase studies
– on first P&IDs
– At design freeze
• Late design phase
• Operating phase studies
– Post start-up
– modifications
– periodic
ARMC 7
HAZOP OBJECTIVES
• Identify all deviations, causes and problems
associated with deviations.
• Decide action to control hazard or operability
problem .
• If decision cannot be made immediately, decide
on what information or action is required.
• Ensure that actions decided upon are followed
through .
HAZOP Team
• Leader
• Secretary
• Team members
• '
– Design engineer(s)
– Process engineer(s)
– Operations representative
– Safety specialist
– Instrument engineer·
– Electrical engineer
ARMC 8
HAZOP Team for an Exiting Plant

• Plant Manager
• Process supervisor I Engineer
• Plant Maintenance
• Instrument Engineer ·
• Safety Engineer
• Independent Chairman
HAZOP Team for new Plant

• Design Engineer
• Process Engineer
• Commissioning Manager
• Instrument Design Engineer
• Safety Engineer
• Independent Chairman
ARMC 9
HAZOP Team
Chairman can also be secretary and
Safety Dept. Representative
Contractor(s) and the Client should
be involved
• Should have authority to decide
when and when, avoid deputies
HAZOP, when and how long?

• When:
– As the P&ID are available.
– Delay detailed design or accept
modifications?
• How long?
– old technology 2 to 3 hours per plant item.
– New invention 3 to 4 hours per main plant
item
ARMC 10
Early HAZOP Guidewords

Guide word Process Deviations
No, Not, None The complete negation of the design intention
More of Quantitative increase of any physical property

Less of Quantitative decrease of any physical property
As Well As A qualitative increase in ……
Part of A qualitative decrease in …..
Reverse The logical opposite of the design intention.
Other than The complete substitute
Others Mode of operations, emergency, safety, etc.,
Deviations generated by each guideword

Guideword Deviations
No forward flow when there should be, i.e. no flow or reverse
NONE -
flow.
MORE OF More of any relevant physical proper ty than there should be,
e.g. higher flow (rate or total quantity ), higher tem pera ture,
higher pressure , higher viscosity , etc.
LESS OF Less of any releva nt ph ysical property than there should be,
e.g. lower flow (rate or tota] qu antity), lower tem perature,
Jower pressure , etc.
PART OF Composition of system diff erent from what it should be, e.g,.
change in ratio of components, component missing, etc.
MOR E THAN More components present in the system than there should be,
e.g. extra phase present (vapour, solid), impurities (air, wa ter,
acids, corrosion produc ts), etc.
OTHER What else cam happen apart from normal operation, e.g. start-
THAN up, shu tdown, uprating, low rate r un n in g ,, alternative operation
mode, failure of plant services maintenance, catalyst change, etc.
ARMC 11
More Developed Guidewords

Guide
Process Deviation Comments
word
No, Not, The complete negation of No part of the design
None the design intention intention is achieved.
Quantitative increase of Refer to flow, temp.,
More of
any physical property pressure
Refer to flow, temp.,
Quantitative decrease of
Less of pressure
any physical property
All intentions are achieved

As Well As A qualitative increase in ……
+ something else.
A qualitative decrease in Some of the design
Part of
….. intentions not achieved.
Guide words relating to clock time and order or sequence
Guide word Meaning
EARLY Relative to the clock time
LATE Relative to the clock time
Relating to order or
BEFORE
sequence
Relating to order or
AFTER
sequence
10/25/2015 04-HAZOP Examination Process 24
ARMC 12
PHA/HAZOP
ADNOC PRACTICE
CP-24
APPLY TO ALL PIPING SECTIONS
Wrong routing - blockage - incorrect slip plate - incorrectly fitted

check valve - burst pipe - large leak - equipment failure (C.V.,
NO FLOW
isolation valve, pump, vessel, etc.) - incorrect pressure
differential - isolation in error.
Line restrictions - filter blockage - defective pumps - fouling of

LESS FLOW
vessels, valves, orifice plates - density or viscosity changes.
Defective check valve - siphon effect - incorrect pressure

REVERSE FLOW differential - two-way flow - emergency venting - incorrect
operation - in-line spare equipment.
Increased pumping capacity - increased suction pressure -

reduced delivery head - greater fluid density - exchanger tube
MORE FLOW leaks - restriction orifice plates deleted - cross connection of
systems - control faults - control valve trim changed - running
two pumps.
August 2015 Opening Slide 26
ARMC 13
APPLY TO VESSELS AND TANKS ONLY
MORE LEVEL Outlet isolated or blocked - inflow greater than outflow - control
failure - faulty level measurement - gravity liquid balancing.
LESS LEVEL Inlet flow stops - leak - outflow greater than inflow - control
failure - faulty level measurement - draining of vessel.
MORE MIXING Agitator set at wrong speed.
LESS MIXING Agitator set at wrong speed - drive stops - agitator blade drops
off.
Reverse REACTION Wrong reactant mix - high temperature - incompatible
chemical.
LESS REACTION Wrong reactant mix - low temperature - insufficient catalyst -
channeling.
HAZOP Deviations: Vessels and Tanks Only, apply once to the entire unit
Grounding arrangements - insulated vessels/equipment - low conductance
fluids - splash filling of vessels - insulated strainers and valve components -
IGNITION
dust generation - powder handling equipment - electrical classification -
SUPPRESSION
flame arresters - hot work - hot surfaces - auto-ignition - pyrophoric
materials.
Toxic properties of process materials - fire and gas detection
system/alarms - emergency shut-down arrangements - fire fighting
response time - emergency and major emergency training - contingency
plans - T.L.V.'s of process materials and methods of detection - noise levels
SAFETY
- security arrangements - knowledge of hazards of process materials - first
aid/medical resources -effluent disposal - hazards created by others
(adjacent storage areas/process plant etc.) - testing of emergency
equipment - compliance with local/national regulations.
Installed/non-installed spare equipment - availability of spares - modified
SPARE EQUIPMENT specifications - storage of spares - catalogue of spares - test running of
spare equipment.
The distance between various units for safety and fire exposure - "General
FACILITY LAYOUT Recommendations for Spacing" by Oil Insurance Association or Industrial
Risk Insurers - API - NFPA, OSHA 1910.119.
Control room layout - alarms - valve access and location - human error -
HUMAN FACTORS
OSHA 1910.119.
ARMC 14
HAZOP Deviations: Batch Facilities
APPLY TO BATCH operations
Feed continues - agitation continues - reaction continues -

TIME TOO LONG pump runs dry - distillation passes end point - material added
too slowly - too much material added.
Purge cycle cut short - reaction dies - agitation stops - pump

TIME TOO SHORT out is stopped - distillation is stopped before end point -
component added too quickly - insufficient component added.
Incorrect step is initiated - step is accomplished too quickly -

WRONG TIME
step is permitted to lag.
Agitator started late - agitator stopped late - pump started late
STEP TOO LATE - pump stopped late - valve opened late - valve closed late -
component is charged late.
Agitator started early - agitator stopped early - pump started
STEP TOO EARLY early - pump stopped early - valve opened early - valve closed
early - component is charged too soon.
HAZOP Deviations: Batch Facilities
Pump is not started - pump is not stopped - agitation is not

started - agitation is not stopped - system is not purged -
STEP LEFT OUT
sample is not taken - equipment is not stowed away -
component is not charged.
STEP BACKWARDS A prior step is repeated - component is double charged.
PART OF STEP Sample not taken - some components not charged - batch is
LEFT OUT not cooled - vessel is not depressurized.
Both pumps are started - both pumps are stopped - additional

EXTRA ACTION
valves are opened - additional valves are closed - additional
INCLUDED
components are charged to the system.
Wrong piece of equipment is started - wrong piece of
equipment is stopped - equipment is started rather than
WRONG ACTION stopped - equipment is stopped rather than started - incorrect
TAKEN valve is opened - incorrect valve is closed - valve is opened
rather than closed - valve is closed rather than opened - wrong
component is charged.
ARMC 15
NO LESS MORE REVERSE

FLOW X X X X
TEMPERATURE X X
PRESSURE X X
LEVEL X X
Chemical Others
Composition
Physical State X
Type of use:
Normal ops. X
Start up X
Shutdown X
HAZOP PROCESS MAP
ARMC 16
Start HAZOP Process Map
(Life-cycle based)
Updated 201510
Define Objectives of the Study (B&W)
Select System or Subsystem
Explain overall design
Select PART to study
Examine and agree design intent
Identify relevant elements

(use matrix)
Identify whether any of the elements can be

usefully sub-divided into characteristics
Select an element
(and characteristic if any)
Select a guide word
Apply the guide word to the selected elements

NO (and to each of its characteristics as relevant)
to obtain a specific interpretation
Investigate causes,
Move on to the next Is deviation consequences and
NO YES
deviation/ Guideword credibel? protection or indication, and
document NO
Is it hazardous or does it prevent efficient

operations? Yes
(Consequence Analysis)
Identify all Safeguards/ Protection

(will the operator know that there is deviation?)
What changes in the plant or method will prevent

deviation or make it less likely or protect againt adverse
consequences?
Consider other
Is the cost of the change jutified? NO changes or agree to
accept the HAZARD
Yes
Agree on necessary action (change(s)

or recommendation
Have all
Have all PARTS All Elements & Parts are
NO
examined
NO ELEMENTS been
examined? examined?
YES
Screen recommendations and action items to set priorities of implementation
Agree who is responsible for the action
Follow up to close open

Date Issued: 31/10/2015 action items
How to conduct HAZOP 1/29/2018
PHA/ HAZOP Leadership
How to conduct
HAZOP Study
Said Khalifa, CSP

2018
1/29/201
How to conduct HAZOP study 1
8
HAZOP OBJECTIVES
 Identify all deviations, causes and

problems associated with deviations.
 Decide action to control hazard or
operability problem .
 If decision cannot be made immediately,
decide on what information or action is
required.
 Ensure that actions decided upon are
followed through .
2
How to conduct HAZOP study 1/29/2018
ARMC 1
The Timing of Hazop Studies
 Concept Phase Studies

 process to be used
 storage inventories
 site selection
 site layout plant capacity
 Design Phase Studies
 before the piping and instrumentation diagrams
are complete.
 "detailed design freeze" stage
1/29/201
8
The Timing of Hazop Studies

 HAZOP Studies pre start-up
 change of intent occurred at-a very late stage
 If the operating instructions are very critical.
 If the new plant is a copy of an existing plant
 HAZOP Studies on Existing Plants
1/29/201
8
ARMC 2
Responsibility for HAZOP Studies

(the plant manager)
 Develop and use safe operating procedures.
 Ensure that HAZOP studies are conducted for
each unit on a periodic basis, and for
modifications.
 Provide for appropriate participation and
leadership for these HAZOP studies.
 Appoint a HAZOP coordinator at each plant
site to coordinate and facilitate the HAZOP
program.
 Follow up on action recommendations
developed by the HAZOP study.
1/29/201
8
Responsibility for HAZOP Studies

(the project manager)
 Appoint a secretary and team leader.
 Ensure that the study is scheduled at the proper time in the
design phase.
 Make available the appropriate personnel to participate in
the study as team members.
 Make certain that adequate time is allotted in the project
schedule for conducting and following up the HAZOP study
activities.
 Assist the HAZOP study leader in arranging for meeting
sites, outside, members and vendor representations.
 Include appropriate considerations in the design stage for
safety and loss prevention and ensure that all applicable
design checklists are reviewed &
 Ensure that normal safety design is not omitted just
because a HAZOP study is to be carried out.
1/29/201
8
ARMC 3
Team Functions
Team Leader
 The team leader must take the final
responsibility for ensuring that all the
tasks involved in planning, running,
recording, and implementing the study are
carried out during the study his main task
is to ensure that the team works together
towards a common goal.
1/29/201
8
Team Functions
Secretary
 The secretary should take notes of the study
and record recommendations in enough detail
for them to be understood. He should refrain
from taking part in the discussions.
Members
 The individual members should use their
experience, training and judgment to
identify any issue which should be
discussed by the team as a whole, and put
it forward. They should then assist the
team in resolving issues by suggesting
changes that may overcome the problem
they should be prepared to assist the team
in arriving at a consensus.
1/29/201
8
ARMC 4
The Detailed Procedure

for a HAZOP Study
1/29/201
8
Steps to carry out the study
1. Defining the objectives and scope.
2. Selecting the HAZOP team members.
3. Preparing for the study.
4. Undertaking the study.
5. Conducting the follow-up actions.
6. Recording the results.
1/29/201
8
ARMC 5
Factors which affect the study
 The nature and stage of the project.

 The requirement for full documentation.
 The availability of personnel for the HAZOP
team.
 The number of P&IDs.
 The timing and the duration allowed for the
study.
 The budget available for the study.
 The degree of authority given to the study
team.
1/29/201
8
Undertaking the study
1/29/201
8
ARMC 6
1/29/201
8
Undertaking the Study

There are seven stages which are repeated many
times during a HAZOP:
a) Apply a guideword
b) Develop a deviation
c) Examine possible causes
d) Examine consequences
e) Consider hazards, or operability problems
f) Decide upon action
g) make a record of the discussion and decision
1/29/201
8
ARMC 7
Start HAZOP Process Map
(Life-cycle based)
Updated 201510
Define Objectives of the Study (B&W)
Select System or Subsystem
Explain overall design
Select PART to study
Examine and agree design intent
Identify relevant elements

(use matrix)
Identify whether any of the elements can be

usefully sub-divided into characteristics
Select an element
(and characteristic if any)
Select a guide word
Apply the guide word to the selected elements

NO (and to each of its characteristics as relevant)
to obtain a specific interpretation
Investigate causes,
Move on to the next Is deviation consequences and
NO YES
deviation/ Guideword credibel? protection or indication, and
document NO
Is it hazardous or does it prevent efficient

operations? Yes
(Consequence Analysis)
Identify all Safeguards/ Protection

(will the operator know that there is deviation?)
What changes in the plant or method will prevent

deviation or make it less likely or protect againt adverse
consequences?
Consider other
Is the cost of the change jutified? NO changes or agree to
accept the HAZARD
Yes
Agree on necessary action (change(s)

or recommendation
Have all
Have all PARTS All Elements & Parts are
NO NO ELEMENTS been
examined? examined
examined?
YES
Screen recommendations and action items to set priorities of implementation
Agree who is responsible for the action
Follow up to close open

Date Issued: 31/10/2015 action items
Company XYZ
HAZOP Study
Guide word/ Element Matrix
Study Unit/ System : Document Sequential No.:
Drawing No.: Meeting Date :
Part Considered: Reported by:
Equipment/ line no. Team Leader:
Source: Destination
Design Intent:
Material: Activity/ Process
Elements
Characteristics Materials Other Elements
Corrosion/ Erosion
Knowledge_based
Pressure Relieving
Instrumentations
Spare Equipment
Control System
Contamination
Service Failure
Maintenance
Fire & Safety
Composition
Suppression
Operation
Pressure
Abnormal
Sampling
Checklist
Systems
Systems
Ignition
Change
Temp.
Level
Flow
x x x x x x x x x x x x x x
No, None x
Logical Guide Words
More x x x x
Less x x x x
Reverse x
As well As x x
As Part of x x
Early x x x
Clock Guidewords
Late x x x
Clock guide words
Before x x x
After x x x
Prepared by Said Khalifa 6/3/2018 Page 1

Company XYZ
HAZOP Worksheet
HAZOP Study Worksheet
Study Unit/ System : Sheet No./ No. of Sheets
Drawing No. Rev. Document Sequentioal no.
Part Considered: Meeting Date :
Equipment/ line no. Reported by:
Team Members: Study Team Leader:
Material: Process/ Activity:

Design Intent:
Source: Destination
Ref. No. Guideword/ Deviation Possible Cause Possible Consequences Existing Safeguards Comment Recommendation/ Action/ Discussion Action By
E:\HAZOP 2018\Figures\Hazop Worksheet_Revised 2015 11 14 Date Issued: 6/3/2018

Reporting HAZOP Study 1/29/2018
Reporting HAZAOP Study
Said Khalifa, CSP

2018
1/29/2018 Reporting Hazop 1
Recommendations Implementation
• Action by : for whom an individual or

department has been assigned by the
team leader to determine if the action
is correct , meaningful and necessary
according to he or they have the most
knowledge related to the suggested
action.
1/29/2018
Reference : System Reliability Theory (2nd ed), Wiley, 2004
Reporting Hazop 2
ARMC 1
Reporting and review Report contents

Summary
• Introduction
• System definition and delimitation
• Documents (on which the analysis is based)
• Methodology
• Team members
• HAZOP results
– Reporting principles
– Classification of recordings
– Main results
• Appendix 1: HAZOP work-sheets
• Appendix 2: P&IDs (marked)
1/29/2018
Reporting Hazop 3
Management Flow sheet

• It is used for evaluating and implementing proposed
corrective actions.
• Through
1. The HAZOP team assign the corrective action a high,
medium, or low priority,
2. The HAZOP team prepare the recommended action
worksheet
3. Management review the completed forms
4. Management take final decision (ALARP)
5. Agreed action distributed according to priorities
6. Tracking document or system
7. Review meetings
ARMC 2
Divide recommendation according to priority
• High priority for corrective action

• Is deviations with high risk index numbers of III (red)
• A high priority means immediate action is
necessary to mitigate the occurrence of an
accident or consequence.
risk-coding matrix
1/29/2018 Reporting
Reference : System Hazop
Reliability Theory (2nd ed), Wiley, 2004 6
ARMC 3
• Medium priority for corrective actions

• Is deviations with Medium risk index numbers of II
(Yellow)
• A medium priority means action is recommended.
• Management should evaluate this recommended
action on a cost versus risk-reduction basis and
either take action or accept the risk.
• low priority for corrective action

• Deviations with low risk index numbers of I
(green)
• A low priority means corrective action would
further improve safety, but the facility can be
safely operated if the action is not implemented.
• Most low priority recommendations are
ultimately rejected
ARMC 4
Recommended Action Worksheet

• Action worksheet is required to explain the
recommended actions to management for final
decision.
• The worksheet should describe
– The problem identified by the HAZOP,
– Recommended actions for mitigating the problem,
– The beneficial effects gained by implementing the
recommended action.
• The worksheet help keep track of the status of
recommendations.
HAZOP Study
Hazard Elimination Action Progress Report
Area/ Plant/ Unit Number:

System/ Subsystem / Area Affected:
HAZOP Recommendation Serial No.
Process deviation/ cause:
Summary of the Recommendation:
Assigned to (Department/ Discipline):

Priority: Potential impact and effect on:
High Public
Medium Personnel
Low Assets
Nice to have Process Safety
Productivity
Company Reputation
Existing Risk and control safety systems:
Risk Index Probability Severity
Progress in implementing Recommendation:
Residual Risk (if any):
Re-evaluation and assessment of residual risk:

Acceptable Not acceptable
References and support documents:
Reported by: Date:

Approved by (Responsible
1/29/2018 Department Manager) Reporting Hazop 10
ARMC 5
Cairo Oil Refining Company
HAZOP Study
Hazard Elimination Action Progress Report
Area/ Plant/ Unit Number:

System/ Subsystem / Area Affected:
HAZOP Recommendation Serial No.
Process deviation/ cause:
Summary of the Recommendation:
Assigned to (Department/ Discipline):
Priority: Potential impact and effect on:

High Public
Medium Personnel
Low Assets
Nice to have Process Safety
Productivity
Company Reputation
Existing Risk and control safety systems:
Risk Index Probability Severity
Progress in implementing Recommendation:
Residual Risk (if any):
Re-evaluation and assessment of residual risk:

Acceptable Not acceptable
References and support documents:
Reported by: Date:

Approved by (Responsible
Department Manager)
HAZOP Implementation Tracking Management System

Crude Distillation Unit 4, (CDU 4)
Status
Sequential No. of Part under the Guideword/ Action By Updates on Progress of Implementation
Recommendation/ Action to be taken Target date (Open/
the Action Item study Deviation Depatment of the Actio Item/ Recommendation
Closed)
1.1 Apply Lock Out/ Tag Out, LOTO, procedure.

001-CDU4-01-001 That is to say, block valves should be car-sealed or
No flow chain and locked. Revise operating procedures.
001-CDU4-01-002 1.4 Enhance frequency of PM
001-CDU4-01-003 Less Flow 2.1 install PDI after and before filters
001-CDU4-01-004 Reverse flow 3.1 Install NRV downstream of 1/2" injection line.
Crude oil filters 4.1 Install closed drain system to avoid release of
001-CDU4-01-005 Sampling volatile vapors and decrease load on the API
separator.
5.1 Revise the operating procedure to drain the
001-CDU4-01-006 More Pressure
standby filter and keep the drain valve open.
6.1 Extend the gas detection system to cover this
001-CDU4-01-007 Less pressure
area.
Composition
001-CDU4-01-008
change
8.1 Fabricate drip bans underneath filter under
001-CDU4-01-009 Maintenance
maintenance to avoid pollution
Final decision
• Management should evaluate this
recommended action on a cost versus risk-
reduction basis and either take action or
accept the risk.
• ALARP (As Low As reasonable
Practices) principals
ARMC 6
Priority for Implementation

• High priority recommendations are sent to
senior plant management to assure that these
managers are informed of significant safety
problems.
– Senior managers, after reviewing the worksheet,
assign it to the appropriate plant group for
implementation.
• Medium priority recommendations are sent to
the affected department manager for review.
• Low priority recommendations are forwarded
to plant area managers in the appropriate
department.
Recommended implementation
period
• Guidelines are suggested for implementation
of hazard analysis recommendations
according to
– High priority action (resolved within 4 months)
– Medium Priority action (resolved within 4-6
months
– Lower priority action (resolved following medium
priority)
ARMC 7
tracking document
• The resolution of each recommendation
should be recording in a tracking document
• All recommended actions should be entered
into a computerized information management
system so that management can monitor the
progress of outstanding corrective action
requests.
• Management to assure progress .
Review meetings
• Review meetings should be arranged to monitor
completion of agreed actions that have been
recorded. The review meeting should involve the
whole HAZOP team. A summary of actions
should be noted and classified as:
– Action is complete
– Action is in progress
– Action is incomplete, awaiting further information
Based on Kyriakdis (2003)

ARMC 8
Conclusions
• HAZOP Results
• Advantages
• Success factors
• Pitfalls and objections
1/29/2018
Reporting Hazop 17
HAZOP Results
• Improvement of system or operations
– Reduced risk and better contingency
– More efficient operations
• Improvement of procedures
– Logical order
– Completeness
• General awareness among involved parties
• Team building
1/29/2018 Reference : System Reliability Theory

Reporting Hazop(2nd ed), Wiley, 2004 18
ARMC 9
Advantages
• Systematic examination
• Multidisciplinary study
• Utilizes operational experience
• Covers safety as well as operational aspects
• Solutions to the problems identified may be indicated
• Considers operational procedures
• Covers human errors
• Study led by independent person
• Results are recorded
1/29/2018
Reporting Hazop 19
Success factors
• Accuracy of drawings and data used as a basis for the
study
– the accuracy of the information used
– the quality of the design
• Experience and skills of the HAZOP team leader
• Technical skills and insights of the team
• Ability of the team to use the HAZOP approach as an
aid to identify deviations, causes, and consequences
• Ability of the team to maintain a sense of proportion,
especially when assessing the severity of the potential
consequences.
1/29/2018
Reporting Hazop 20
ARMC 10
Pitfalls and objections

• Time consuming
• Focusing too much on solutions
• Team members allowed to divert into endless
discussions of details
• A few of the team members dominate the discussion
• “This is my design/procedure”
– Defending a design/procedure
– HAZOP is not an audit
• “No problem”
• “Wasted time”
1/29/2018 Reference : System Reliability Theory

Reporting Hazop(2nd ed), Wiley, 2004 21
ARMC 11
2/8/2018
WORKED EXAMPLE
Oil Vaporizer
what if/ checklist
Presented by:
Said M. Khalifa
Certified Safety Professional, CSP (since 1997)
2017
Interlock shuts
main valve TCV
I-5
TSH
FAL
Vaporized oil
Heating coil
TE FC
FE
FCV
Interlock shuts Liquid oil
main valve TCV
I-4 Firebox
Burners
PSHH
Pilot Main
valve valve TC
Natural
PRV PV TCV
gas
IEC 456/01
1
2/8/2018
DISCRIPTION OF THE PROCESS

 The oil vaporizer consists of a furnace containing a heating coil
and burners, which are fired by natural gas.
 The oil enters the heating coil as a liquid, is evaporated, and
leaves the coil as a superheated vapour.
 The natural gas entering the burners combines with external air
and burns in a hot flame. The combustion gases leave through
the stack.
 The oil flow is controlled by a flow control set which includes: a
flow control valve, FCV, a flow element, FE, that measures the
oil flow, a flow controller, FC, and a low flow alarm, FAL, which
alarms if the oil flow reduces below a set point.
DISCRIPTION OF THE PROCESS, CONTD.

 The natural gas flow passes through a self-actuating
pressure-reducing valve, PRV, to the main burner control
valve TCV, and a pilot valve PV. The main burner control
valve is actuated by the temperature controller TC which
receives the signal from the temperature element TE, which
measures the oil vapour discharge temperature.
 The high/high pressure switch, PSHH on the natural gas line
is interlocked, via I-4 to close the main burner control valve,
TCV, if the gas pressure is too high. There is also a high
temperature switch, TSH, on the vaporized oil outlet to close
the main burner control valve, TCV, if the oil is superheated
above a maximum temperature. Finally, there is a flame
detector device (not shown) which will close both gas valves
should the flame go out
2
2/8/2018
CHECKLIST APPLIED TO A FURNACE OIL HEATER
 What does the equipment actually do? In what

ways can the equipment actually fail?
 What are the major hazards associated with the
material being handled by the equipment?
 What potential interactions between upstream or
downstream equipment or conditions could lead
to problems?
 Could an external event give problems?
 Could supporting utility failure(s) give problems?
CHECKLIST APPLIED TO A FURNACE OIL HEATER
 Could environmental conditions give problems,

e.g., low temperatures?
 Could individual component failures, e.g.,
control valves, level switches, give problems?
 Any problems with start-up or shut down?
 Any problems maintaining equipment or

individual components?
 Sparing philosophy, equipment reliability?
3
2/8/2018
USING THE HAZOP METHODOLOGY
Guide
No. Element Deviation Possible causes Consequences Safeguards Comments Actions required Action by
word
Consider low flow element
Supply failure Vaporizer coil Low flow alarm FAL Safeguard FE to close main burner
depends on quick valve
operator response LB
Flow control valve
overheats and may fail High TCV
PCV closed
1 No Oil flow No oil flow temperature trip TSH
Plugging of coil Oil in vaporizer will boil: Low flow alarm FAL Check whether these
safeguards are adequate
Possible overheating and
Blockage down- High and the ease with which the NE
coking of
stream of vaporizer coil could be cleaned
heating coil temperature trip TSH
Investigate effect of liquid
Unvaporized liquid
oil on the process
Consider interlocking the
Flame out in the oil fed to the process furnace flame out signal
2 No Heat No heat None DH
furnace with closure of FCV
Consider providing a low oil

outlet temperature alarm
4
FTA/ ETA Analysis 2/8/2018
Certified PHA/ HAZOP Leadership
FAULT & EVENT TREE ANALYSIS

(combined Presentation)
Said Khalifa, CSP

2018
8/11/2017 FTA/ ETA Analysis 1
About Fault Tree Analysis

• Fault tree analysis (FTA) is concerned with the
identification and analysis of conditions and factors that
cause or may potentially cause or contribute to the
occurrence of a defined top event
• FTA is often applied to the safety analysis of systems
(such as transportation systems, power plants, or any
other systems that might require evaluation of safety of
their operation).
• Fault tree analysis can be also used for availability and
maintainability analysis.
• However, for simplicity, in the rest of this presentation,
the term “reliability” will be used to represent these
aspects of system performance.
ARMC 1
About FTA, contd.

• There are two types of FTA; qualitative or
quantitative .
• The qualitative one is called “traditional FTA”, no
concern on probability or occurrence of faults/
events.
• The quantitative one use probabilities of occurrence
of events or faults. In this case, the final result is the
probability of occurrence of a top event representing
reliability or probability of fault or a failure.
About FTA, contd.
• Fault Tree Analysis (FTA) is one of the most important logic

and probabilistic techniques used in Probabilistic Risk
Assessment (PRA) and system reliability assessment.
• Fault Trees are deductive method for identifying ways in

which hazards can lead to accident.
• The approach starts with a well defined accident , fault , or

top event, and works backwards towards the various
scenarios that can cause the accident.
ARMC 2
Why FTA is Carried Out?
• Identify causes of a failure.
• Monitor and control safety performance of a

complex system.
• To identify the effects of human errors on the

system.
• Minimize and optimize resources.
The Fault Tree

• Fault tree is the logical model of the relationship of the
undesired event to more basic events.
• The top event of the Fault tree is the undesired event.
• The middle events are intermediate events and the

basic events are at the bottom.
• The logic relationship of events are shown by logic

symbols or gates.
ARMC 3
Basic Fault Tree Structure
Events of a Fault tree

Basic Event: A lower most event that can not be
further developed.
Intermediate Event: This can be a intermediate

event (or) a top event. They are a result logical
combination of lower level events.
Undeveloped Event: An event which has scope

for further development but not done usually because of
insufficient data.
External Event: An event external to the system

which can cause failure.
ARMC 4
Basic Gates Of a Fault tree

OR Gate: Either one of the bottom event
results in the occurrence of the top event.
AND Gate: For the top event to occur all the

bottom events should occur.
Inhibit Gate: The top event occurs

only if the bottom event occurs and
the inhibit condition is true.
STEPS IN CARRYING OUT A FAULT TREE ANALYSIS

1. Identify the objective for the FTA.
2. Define the top event of the FT.
3. Define the scope of the FTA.
4. Define the resolution of the FTA.
5. Define ground rules for the FTA.
* The first five steps involve the problem formulation for an
FTA.
6. Construct the FT.
7. Evaluate the FT.
8. Interpret and present the results.
• The remaining steps involve the actual construction of the
FT, the evaluation of the FT, and the interpretation of the FT
results.
ARMC 5
FAULT TREE CONSTRUCTION`
Consider the following block diagram. Let I/P and O/P be the
input And output terminals. There are two sub-systems A and B
that are connected in series.
X1 X3
INPUT OUTPUT
X2 X4
SUB - SYSTEM (A) SUB - SYSTEM (B)
For this the fault tree analysis diagram shown in next slide
F (S) Top event
OR
intermediate event
F (A) F (B)
AND AND
Basic event
F( X 1) F( X 2) F( X 3) F( X 4)
ARMC 6
FTA PROCEDURE
Procedure
Define Top Event:
• Use PHA, P&ID, Process description etc., to define the top event.
• If its too broad, overly large FTA will result. E.g. Fire in process.
• If its too narrow, the exercise will be costly. E.g. Leak in the valve.
• The boundaries for top event definition can be a System, Sub-system,

Unit, Equipment (or) a Function.
• Some good examples are: Overpressure in vessel V1, Motor fails to

start, Reactor high temperature safety function fails etc.,
ARMC 7
Procedure
•Define overall structure;
•Determine the intermediate events &
combination of failure that will lead to the top
event.
•Arrange them accordingly using logical relationship
Procedure, contd.
Solve the Fault Tree:
• Assign probabilities of failure to the lowest
level event in each branch of the tree.
• From this data the intermediate event
frequency and the top level event frequency
can be determined using Boolean Algebra
and Minimal Cut Set methods.
ARMC 8
Procedure
Perform corrections and make decisions:
 Application of Boolean Algebra and Minimal Cut Set

theory will result in identifying the basic events(A)
and combination of basic events(B.C.D) that have
major influence on the TOP event
 This will give clear insight on what needs to be

attended and where resources has to be put for
problem solving.
Example
ARMC 9
Specifications for the BPC FT

• Undesired top event : Motor does not start
when switch is closed.
• Boundary of the FT : The circuit containing the
motor, battery, and switch.
• Resolution of the FT: The basic components in
the circuit excluding the wiring.
• Initial State of System: Switch open, normal
operating conditions.
FTA worked Example

Motor does not start when switch is closed
Moto fails
to start
OR NO EMF applied to the motor
when EMF
applied
Wire from
battery to
OR No EMF from the battery
motor fails
open
Battery faild
to produce OR NO EMF to Battery
EMF
Wire from
switch to
OR NO EMF across switch
Battery fails
open
Start of Battery Wire from

switch to
OR
Wire from
switch to
Battery fails motor fails
Powered Circuit, BPC open open
ARMC 10
Advantages Of FTA
•Deals well with parallel, redundant or alternative fault
paths.
•Searches for possible causes of an end effect which

may not have been foreseen.
•The cut sets derived in FTA can give enormous insight

into various ways top event occurs.
•Very useful tool for focused analysis where analysis is

required for one or two major outcomes.
Disadvantages Of FTA
• Requires a separate fault tree for each top event and
makes it difficult to analyze complex systems.
• Fault trees developed by different individuals are

usually different in structure, producing different cut
set elements and results.
• The same event may appear in different parts of the

tree, leading to some initial confusion.
ARMC 11
Applications
• Used in the field of safety engineering and
Reliability engineering to determine the
probability of a safety accident or a particular
system level failure.
• Aerospace Engineering.
EVENT TREE ANALYSIS

ETA
ARMC 12
About ETA
• The Event Tree Analysis (ETA) is an inductive logic technique
to model a system with respect to dependability and risk
related measures as well as to identify and assess the
frequency of the various possible outcomes of a given
initiating event.
• According to the IEC 60050(191) the dependability of a system
is defined as the ability to meet success criteria, under given
conditions of use and maintenance.
• The core elements of dependability are the reliability,
availability and maintainability of the item considered.
• Starting from an initiating event the ETA deals with the
question "What happens if..." and thus constructs a tree of
the various possible outcomes.
STEPS INVOLVED IN AN ETA
1. Identify an initiating event of interest.

2. Identify the safety functions designed
to deal with the initiating event.
3. Construct the event tree.
4. Describe the resulting accident event

sequences
ARMC 13
Cooling Coils
Reactor Feed
Cooling Water Out
Cooling
Water In
Reactor
TIC
Temperature
Controller
TIA
Alarm Thermocouple
at
T > TA
High Temperature Alarm
Figure depicts Reactor with high temperature alarm and temperature controller
ARMC 14
Step 1 - Identify the initiating event
• system or equipment failure

• human error
• process upset
[Example]
“Loss of Cooling Water” to an Oxidation Reactor
Step 2 - Identify the Safety Functions Designed to

Deal with the Initiating Event
• Safety system that automatically respond to the initiating

event.
• Alarms that alert the operator when the initiating event

occurs and operator actions designed to be performed in
response to alarms or required by procedures.
• Barriers or Containment methods that are intended to limit

the effects of the initiating event.
ARMC 15
Step 3: Construct the Event Tree

a. Enter the initiating event and safety functions.
Oxidation reactor Operator Automatic

SAFETY high temperature Re-establishes shutdown system
FUNCTION alarm alerts operator cooling water flow stops reaction at
at temperature T1 to oxidation reactor temperature T2
INITIATING EVENT:
Loss of cooling water
to oxidation reactor
FIRST STEP IN CONSTRUCTING EVENT TREE

b. Evaluate the safety functions
SAFETY high temperature reestablishes shutdown system
at temperature T1 to oxidation reactor temperature T2
INITIATING EVENT:
Succes
s
Failure
REPRESENTATION OF THE
8/11/2017 FIRST
FTA/ ETA Analysis SAFETY FUNCTION 41
ARMC 16

b. Evaluate the safety functions
FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Succes
s
If the safety function does not affect the course of the
accident, the accident path proceeds with no branch pt
Failure to the next safety function.
REPRESENTATION OF THE SECOND SAFETY FUNCTION
Step 3: b. Evaluate safety functions.

FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Succes
s
Completed !
Failure
8/11/2017
COMPLETED EVENT TREE
FTA/ ETA Analysis 43
ARMC 17
Step 4: Describe the Accident Sequence

at temperature T1
to oxidation reactor temperature T2
B C D
A Safe condition,
return to normal
operation
AC Safe condition,
process shutdown
INITIATING EVENT:
ACD Unsafe condition,
Loss of cooling water runaway reaction,
to oxidation reactor operator aware of
A problem
AB
Unstable condition,
process shutdown
ABD Unsafe condition,
runaway reaction,
Succes operator unaware
s of problem
Failure
8/11/2017
ACCIDENT SEQUENCES
FTA/ ETA Analysis 44
ADVANTAGES
• Structured, rigorous, and methodical approach.
• Can be effectively performed on varying levels of design

detail.
• Permits probability assessment.
ARMC 18
DISADVANTAGES
• An ETA can only have one initiating event, therefore

multiple ETAs will be required to evaluate the consequence
of multiple initiating events.
• Partial successes/failures are not distinguishable.
• Requires an analyst with some training and practical

experience.
Open Discussion
End of Session
ARMC 19
FMEA 2/8/2018
Failure Modes
and
Effects Analysis, FMEA
Said Khalifa, CSP

2018
2/8/2018 1
What Is FMEA?
FMEA is a failure mode and effects analysis tool that is
used in various industries to:
• Identify failures,
• Evaluate the effects of the failures, and
• Prioritize the failures according to severity of effects.
Prioritization or risk ranking is done mainly using

• Risk Matrix (Risk Priority Number)
• Criticality Analysis (FMECA)
ARMC 1
FMEA 2/8/2018
Reasons for Using FMEA

• To identify specific accident situations
• To consider alternative safety improvements
• To obtain data for quantitative risk analysis (QRA)
• To evaluate hazards from preliminary designs and
operating procedures
• To improve reliability of the process
• To meet regulatory requirements
• To document a systematic process hazard evaluation
• To evaluate complex processes where perceived risks
are significant
• To identify single-point failures
When and Where to Use It?

• as soon as the preliminary designs
• it is usually done in the design phase when
the failure modes have not yet been built in
to the process.
• A good FMEA is an ongoing process
whereby it is continuously updated and
revised over the life of the process.
ARMC 2
FMEA 2/8/2018
It is performed on
• Mechanical equipment such as pumps,
compressors, etc. where there is a history of
component failures.
• Systems for which there are few drawings
or details but where individual components
are readily identifiable.
• Reliability studies or for input into
quantitative risk assessment studies.
Different Types of FMEAs

• The nature of the study and the stage of the process life
cycle it's conducted at, determines the type of the FMEA
to be used.
• There are 6 types of FMEAs namely, machinery-FMEA,
design-FMEA, system FMEA, process-FMEA, application-
FMEA, and product-FMEA.
• Each FMEA follows the same approach. The nature,
purpose, and the scope of the study dictates which type of
FMEA is used and to what extent of detail.
• Most processes, equipment, and designs can be broken
into levels of systems, sub-systems, assemblies, sub-
assemblies, components, parts, etc. Such a breakdown of
the subject study helps to define the scope.
ARMC 3
FMEA 2/8/2018
Methodology
1. Collect pertinent information
2. Establish the purpose, scope, depth of the study
3. Break the system into logical and manageable items
by function, or area location.
4. Identify all potential failure modes for each item.
5. Determine the causes of each failure mode.
6. Identify and list the current controls.
7. Assign a rating for severity, occurrence and detection
for each failure.
8. Determine appropriate corrective actions.
9. Carry out the recommended actions.
Risk Analysis (prioritizing risks)

• Sample of severity ranking:
Rank Description
1 No injury or health effects
2 Minor injury or minor health effects
Lost-time Injury or moderate health

3
effects
Death, multiple injuries or severe

4
health effects (occupational ill)
ARMC 4
FMEA 2/8/2018
Risk Analysis (prioritizing risks) , contd.

• Sample of Likelihood Ranking
Rank Description
1 Not expected to occur during the facility lifetime
2 Expected to occur no more than once during facility lifetime
3 Expected to occur several times during the facility lifetime
4 Expected to occur more than once in a year
Risk Analysis (prioritizing risks) , contd.
• Sample of Risk Ranking Categories

Number Category Description
Should be mitigated with engineering
I Unacceptable and/or administrative controls to a risk
ranking of III or less within a specified time
period such as six months
Should be mitigated with engineering and/or
II Undesirable administrative controls to a risk ranking of Ill
or less within a specified time period such as
l2 months
Should be verified that procedures or
Ill Acceptable with controls are in place
controls
IV Acceptable as is No mitigation required
ARMC 5
FMEA 2/8/2018
Effect Rank Criteria

Might be noticeable by the operator (Process). Improbable I
None 1 not noticeable by the user (Product).
Sample of Very No downstream effect (Process). Insignificant I negligible effect
slight 2 (Product).
Severity
Values User will probably notice the effect but the effect is slight (Process &
Slight 3
used in Product).
Risk Minor
Local and/or downstream processes might be affected (Process). User
4 will experience minor negative impact on the product (Product).
Priority
Impacts will be noticeable throughout operations (Process). Reduced
Number performance with gradual performance degradation. User
Moderate 5
Calculation dissatisfied (Product).
Disruption to downstream process (Process). Product operable and
Severe 6 safe but performance degraded. User dissatisfied (Product).
High Significant downtime (Process). Product performance severely
Severity 7 affected. User very dissatisfied (Product).
Very High Significant downtime and major financial impacts (Process). Product
Severity 8 inoperable but safe. User very dissatisfied (Product).
Extreme Failure resulting in hazardous effects highly probable. Safety and
Severity 9 regulatory concerns (Process and Product).
Injury or harm to operating personnel (Process). Failure resulting in

Maximum
10 hazardous effects almost certain. Non-compliance with government
Severity
regulations (Product).
Sample of Occurrence used in RPN

Occurrence Rank Criteria
Extremely Unlikely I Failure highly unlikely.
Remote Likelihood 2 Rare number of failures likely.
Very Low Likelihood 3 Very few failures likely.
Low Likelihood 4 Few failures likely.

Moderately Low Likelihood 5 Occasional failures like l y.
Medium Likelihood 6 Medium number of failures likely.
Moderately High Likelihood 7 Moderately high number of failures

likely.
High Likelihood 8 High number of failures likely.
Very High Likelihood 9 Very high number of failures likely.
Extremely Likely 10 Failure almost certain.
ARMC 6
FMEA 2/8/2018
Sample of Detection used in RPN

Detection Rank Criteria
Controls will almost certainly detect the existence of the defect.
Extremely Likely 1
Very High Controls have very high probability of detecting existence of

2
Likelihood failure.
High Likelihood 3 Has high effectiveness for detection.
Moderately High
4 Has moderately high effectiveness for detection.
Likelihood
Medium
5 Has medium effectiveness for detection.
Likelihood
Moderately Low
6 Has moderately low effectiveness for detection.
Likelihood
Low Likelihood 7 Has low effectiveness for detection.
Very Low
8 Has lowest effectiveness in each applicable category.
Likelihood
Remote Controls have very low probability of detecting existence of
9
Likelihood defect.
Extremely Controls will almost certainly not detect the existence of a
10
Unlikely defect.
FMEA Worksheet Format

 Potential Failure Modes
 Potential Causes of Failure Modes
 Potential Effects of Failure Modes
 Current Controls (Existing Safeguards)
 Severity
 Occurrence/Likelihood
 Detection (RPN),
 Risk Ranking, Risk Priority Number (RPN) or Criticality Analysis
 Recommendations/Corrective Actions
 Responsibility
 Target Completion Date
 Actions Taken
 New Risk Ranking, Risk Priority Number or Criticality Analysis results
 Comments
ARMC 7
FMEA 2/8/2018
25/1/2018 03-Process Hazard Analaysis 15
Benefits of FMEA
• Better company image and competitiveness
• Compliance with regulations, standards, and specifications
• Continuous improvement of product quality, reliability, and safety
• Defining corrective action.
• Documentation of the reasons for changes
• Improved reliability, productivity, quality, safety, and cost efficiency
• Increased liability prevention
• Increasing customer satisfaction
• Recognition and evaluation of potential failures and their effects
• Reduction of downtime
• Reduction of manufacturing process deviations
• Selection of alternative materials, parts, devices, components and tasks.
• Selection of optimal system design
ARMC 8
FMEA 2/8/2018
ARMC 9
2/8/2018
QRA Case Study

Failure of LPG Cylinder
Said M. Khalifa, CSP

EH&S and Loss Prevention Consultant
Egypt
2018
What is QRA?
 Quantitative Risk Assessment, QRA.
 After the hazard analysis, we might need to quantify the high risk
in mathematical modeling in order to assess the harm on people,
asset , reputation of the organization as well as the environment.
 It needs highly experienced professional with good knowledge of
process and the use of mathematical modeling software.
 It is highly expensive and time-consuming process.
 Used basically by the insurance agents and is required by legislative
authorities in early phase of the project basic design phase.
2 QRA_LPG Cylinder 2/8/2018
1
2/8/2018
What is LPG?
 Liquefied Petroleum Gas, LPG.
 Mixture of propane and butane gases.
 Used in cooking and heating.
 Stored as liquefied gas under normal temperature.
 Vapor pressure is a function of the ambient temperature.
 Domestic cylinder has a capacity of 12 Kg.
Let us see how a LPG cylinder can

fail ?
Event Analysis of LPG Release
2
Failure Case Definition Tree
Define Inventory and Storage

Conditions of Hazardous
Materials
Flammable Toxic
Nature of Hazard
Gas Liquid or Tow-Phase Gas Liquid or Tow-Phase

Phase in the
process or storage
vessel
Bleve Other Cases
Release case
Event tree Flammable Gas Flammable Liquid Toxic Gas Event Toxic Liquid
or model Bleve Model
Event Tree Event Tree Tree Event Tree
Failure Liquid Event Tree
Is the
release Is there immediate Does pool
Does the pool ignite?
instantaneo ignition? form?
us?
Fireball
Yes Assess fire damage
Adiabatic Expansion Pool fire

Yes Yes Assess fire damage
Calculate spread
and Vaporisation
Yes
Assess pollution
No use gas event trees
No to model gas
behavior
Release Use gas event

No trees to model gas
case behavior
Jet flame
Yes Assess fire damage
Estimate Duration
No Calculate release rate Pool fire
Assess fire damage
Calculate spread Yes
and Vaporisation
Yes
Assess pollution
No use gas event trees
to model gas
No
behavior
Use gas event

No trees to model gas
behavior
2/8/2018
Consequence Analysis of Release

of LPG
Adiabatic Expanion
4
2/8/2018
Fireball/ BLEVE
Radiation from fireball/ BLEVE

Radiation Intensity Vs. Distance
1.2
1
1
Radiation (KW/m2)
0.8 0.75
0.6
0.5
0.4
0.2
0.1
0 Distance (m)
0 20 40 60 80 100 120 140 160
5
2/8/2018
The following have given as the heat flux levels that might be
considered critical in any hazard analysis:
Heat Flux Effect

(KW/m2)
0.7 Exposed skin redness and burns on prolonged exposure
1.75 Pain threshold reached after 60 seconds
2 PVC insulated cables damage
5 Pain threshold reached after 15 seconds
6.4 Pain threshold reached after 8 seconds,
second degree burns after 20 seconds
9.5 Pain threshold reached after 6 seconds
12.5 Wood ignites after prolonged exposure in the presence of pilot flame
15 Limit of class 2 buildings materials
16 Severe burns after 5 seconds
25 Wood ignites on prolonged exposure without piolt flame
30 Limit of class 1 building materials
11 2/8/2018
Fatal Radiation Exposure Levels

Radiation Level Exposure in seconds for % Fatality Levels
(kW/sq. meter)
1% 50% 99%
1.6 500 1300 3200
4 150 370 930
12.5 30 80 200
37.5 8 20 50
6
2/8/2018
Effect of overpressure from explosion on the nearby buildings

Extent of Damage vs. Distance
1.2
1 Heavy plant damage

1
0.8 0.75 Repairable plant damage
0.6
0.5
Major glass damage
0.4
0.2
0.1
10% glass damage
0
0 20 40 60 80 100 120 140 160

Part 2 - Handouts of Presentations - Updated 201806

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Part 2 - Handouts of Presentations - Updated 201806

Uploaded by

Copyright:

Available Formats

HAZOP/ PHA Leadership Training

Delivered and Complied by:

Said Mohamed Khalifa, CSP

The Rising Case for Change

Said Khalifa, CSP

Course Title 03.11.2011 1

The Rising Case for Change

 1984 – Bhopal, India – Toxic Material

The Rising Case for Change

 1984 – Mexico City, Mexico –Explosion

The Rising Case for Change

 1988 – Norco, LA – Explosion

The Rising Case for Change

 1989 – Pasadena, TX – Explosion and Fire

Lessons learnt from Disasters

 BP Texas Refinery and other refineries

 Formosa Plastics Corporation

Course Title 03.11.2011 6

PHA/ HAZOP Leadership Training

1/29/2018 An Overview of PSM 2

Learning Objectives of this Overview

 Define Process Hazard Analysis and related

 Describe major hazard analysis methods

 Assess applicability (via pros and cons) of

1/29/2018 An Overview of PSM 3

The words HAZARD and RISK

1/29/2018 An Overview of PSM 4

1/29/2018 An Overview of PSM 5

 … doing good things

1/29/2018 An Overview of PSM 7

What is a Process Safety Management

1/29/2018 An Overview of PSM 8

In a Few Words,What is PSM?

1/29/2018 An Overview of PSM 9

What’s Covered by PSM?

1/29/2018 An Overview of PSM 10

THE FOLLOWING EXAMPLE

1/29/2018 An Overview of PSM 11

PSM at Glance (example)

1/29/2018 An Overview of PSM 12

1/29/2018 An Overview of PSM 16

Simply, PHA allows the employer to:

 Determine locations of potential safety

 Identify corrective measures to improve safety

 Preplan emergency actions to be taken if safety

1/29/2018 An Overview of PSM 17

 Performed by a team with expertise in

 Includes personnel with experience and

1/29/2018 An Overview of PSM 18

PHA Must Address …

 Identification of previous incidents with likely

 Engineering and administrative controls

1/29/2018 An Overview of PSM 19

PHA Must Address … (cont’d)

 Facility siting; human factors

 The need to promptly resolve PHA findings and

Hazard Analysis Methodologies

1/29/2018 An Overview of PSM 21

Accident Scenarios May Be Missed

1/29/2018 An Overview of PSM 22

 Companies that rigorously exercise PHA are

 Process Hazard Analysis will continue to play