HAZOP

System Safety: HAZOP and Software HAZOP, by Felix Redmill, Morris Chudleigh, James Catmur, John Wiley & Sons, 1999

What is HAZOP?
Technique for identifying and analyzing the hazards and operational concerns of a system. Central activity a methodical investigation of a system description (design representation).

What this presentation does not cover:

The book puts a LOT of emphasis on
Selecting the study initiator Selecting the study leader Planning the study Roles during the study Questions vs. follow-up Completion criteria

(P.S. It also tells how to conduct the study itself :-)

Reasonable Limits for this class

This is a human-intensive activity As such, the details on the previous page are of extreme importance authors are experienced and therefore recognize this You wont be able to conduct a HAZOP study on the basis of these slides Goal: Understand what it is set the bar higher

Study process itself in a nutshell

Introductions Presentation of design notation

NO

Examine design methodically one unit at a time YES Is it possible to deviate Examine both from design intent consequences here? and causes of the possible NO deviation
Document results Define follow-up work Time up?
YES

Agree on documentation Sign off

Examine design methodically each unit in turn Suppose the design representation is a collection of state transition tables: Units are states, transitions, event/action pairs For EACH, list the recommended attributes (see table from the Hazop book) For each attribute, use the guide words to trigger the questions about ways to deviate

The suggested guide words

No: negation of design intention; no part of design intention is achieved but nothing else happens More: Quantitative increase Less: Quantitative decrease As well as: Qualitative increase where all design intention is achieved plus additional activity Part of: Qualitative decrease where only part of the design intention is achieved Reverse: logical opposite of the intention Other than: complete substituion, where no part of the original intention is achieved but something quite different happens

When timing matters

Add the following guide words:
Early: something happens earlier in time than intended Late: something happens later in time than intended Before: something happens earlier in a sequence than intended After: something happens later in a sequence than intended

Guide words chosen

Match the system being examined to appropriate table or modify the closest Match the design representation Note: not all guide words apply to all attributes
For attribute speed of an electric motor, omit guide word as well as and part of For attribute data flow on a dfd, less is not used because meaning covered by part of

Generally, study leader selects from the guide words, provides interpretations based on chosen design representation and context, distributes to team in advance of the study

Applications
Originally developed for chemical plants Book has detailed examples for
Software using data flow diagrams Software using state transition diagrams
Includes timing attributes of response time and repetition time

Software using various OO models Digital electronics Communication systems Electromechanical systems

Same guide words, different interpretations

See book excerpts

More detailed outline of the HAZOP process Figure 9.2 For all entities For all attributes For each guide word Is deviation credible? Example matrices

Fig 9.2
HAZOP meeting process