Do companies get the most out of Hazard & Operability (HazOp) analysis?
by Stefano Milanese, Emanuele Salvador, Michele Piola
November 2019
How to break through constraints in hazard identification

HazOp analysis is undoubtedly one of the most effective hazard identification techniques in the manufacturing industry. In fact, it is rigorous, reliable and repeatable. However, complex organizations often struggle to integrate safety and operations synergically in this kind of study: dependence on traditional risk assessment schemes consumes time and resources. Based on our experience, HazOp can include further topics that are not typically considered in this methodology. It also proves to be a powerful tool to promote involvement and awareness across departments.

The process industry is characterized by risks that may lead to significant impact on people, assets, business, environment and reputation. Hence, hazard identification is the first step in managing those risks effectively.

The HazOp study originated in the early 1960s at ICI, a major international company headquartered in the UK. At the beginning, the aim was to optimize plant operability. Soon after, it spread over several companies as they recognized the importance of identifying hazards when process variables deviated from design intent. Over the years it has become the main hazard identification technique in the process industry. Its advantage stems from a systematic and rigorous approach, which allows companies to gain insight into safety and operational issues. The approach can be tailored to specific client/project requirements. It is easily applicable to oil & gas processing plants and power generation facilities, as well as chemical, pharmaceutical and other manufacturing plants.

Several guidelines and publications have been issued over the last 40+ years to explain how to effectively conduct HazOp assessments, while maximizing benefits and avoiding common mistakes. HazOp is a consolidated methodology, and there is not much left to add to the approach.

Despite its benefits, HazOp analysis typically requires significant effort, as it is time consuming and involves key figures from different departments and functions. An assessment of new units or a review of existing ones may require several weeks of analysis and impact the site’s work organization.

It is therefore essential to break through traditional boundaries in this kind of analysis, as they often limit effectiveness and reduce arisen benefits, no matter how thoroughly scenarios or plant issues are discussed. Taken for granted that the assessment has been carried out properly, latent synergies can be further exploited by the HazOp team.

1. Take time for a walk

In a typical HazOp session, paper dominates the scene: master copies of piping and instrumentation diagrams (P&IDs) hang on the wall and participants sit around a table covered in piles of process documents. However, focusing on P&IDs may lead to misconceptions if proper attention is not given to the as-built layout. It is not easy to keep on top of potential issues due to items’ proximity or domino effects; therefore, such considerations are rarely included in this kind of study. Moreover, the time available for operators to carry out the required actions after activation of an alarm is often roughly estimated because the team doesn’t know actual distances between equipment, control rooms and other items.

Based on Arthur D. Little’s experience, a preliminary on-field visit can add value to the study. The visit should follow the process flow (e.g., from raw-material inlet to final-product storage tanks), focusing on critical equipment proximity, distance from the control room, and ease of access to process items such as valves, pumps, compressors, etc.

2. Break through traditional schemes

Nowadays, safety and operations within the process industry must be much more integrated than they were in earlier times, when the first hazard identification studies came to light. We believe at least four topics contribute to improving such interaction.

Asset integrity: A comprehensive analysis of safety and operability hazards should lead to discussions about the current or expected performance of plant equipment. While a complete definition of performance requirements is part of asset integrity management, HazOp can be used to identify “safety/ operational/environmental critical elements” (SCEs/OCEs/ECEs). This identification follows a simplified, risk-based approach made up of four questions:

  1. Could failure lead to the scenario?
  2. Could failure contribute substantially to the scenario?
  3. Is the purpose of the element to prevent the scenario?
  4. Is the purpose of the element to mitigate the scenario?

This approach applies to all scenarios that have been identified as “relevant” based on a HazOp scenario classification. (See the next section – “Risk-based classification of HazOp scenarios”.)

Furthermore, specific inspections for asset integrity should be undertaken whenever alarms are activated (e.g., high temperature).

Operating manuals: Nowadays, most accidents in the process industry are blamed on human error due to the wrong application of existing procedures or the application of wrong or incomplete operating instructions. Discussion of incidental scenarios during HazOp sessions could highlight the need to update the operating manuals, which would require issuing of new procedures or updating of existing ones. For instance, analysis of sample connections may include a series of operations to provide safe isolation between the sample bottle and the process fluid, which are not clearly indicated in the operating manual. Hence, during each step of the sampling procedure, the HazOp assessment should consider potential operating errors which may cause loss of containment.

Transient states: Start-up and shutdown operations, as well as emergency procedures, should be included in the study. These operations typically involve less than 10 percent of operating time, but account for more than 50 percent of incidents. Through the assessment of these procedures, some latent deficiencies may be noticed. Countermeasures are then defined and included in operating manuals. Relevant transient states may be:

  • Pre-start-up operations (e.g., purging, nitrogen/oxygen displacement).
  • Start-up of spare equipment (e.g., pumps, compressors or heaters).
  • Emergency operations (e.g., low or fast depressurization).

Training: Specific recommendations should be drafted to ensure future training programs include special operations following activation of alarms, or emergency procedures whenever the HazOp assessment indicates a need for new alarms.

3. Risk-based classification of HazOp scenarios

If the HazOp assessment contains a risk-based classification of the analyzed scenarios, it can be promptly used as input for further assessments (e.g., identification of SCEs/OCEs/ECEs or Safety Integrity Level allocation). We suggest providing a three-level classification based on safety, environment and business interruption consequences. Afterwards, frequency (F) and magnitude (M) can be evaluated, following the company’s risk assessment and acceptance procedure, as illustrated in the example below.

Overall, if further safety studies take HazOp scenarios as input, there will be no need to step back to each scenario to estimate the associated risk. As a result, time will be optimized and risk level will be precise, rather than roughly estimated.

4. Provide comprehensive results

“Reports are written, circulated, read, filed and then forgotten. And then 10 years later, even in the same company, the accident happens again”

Trevor Kletz

Although the company has the final responsibility to structure an investment plan, the HazOp report should be an easily usable and flexible tool. It should allow a clear overview of the number of corrective actions needed, responsibilities and required effort.

Write understandable recommendations: Firstly, clear recommendations are a must. In fact, departments responsible for implementing improvement actions should receive a clear set of recommendations, as it will tell them what to do, why and how. Providing exhaustive recommendations is helpful to prevent re-discussion of scenarios that have already been analyzed weeks or even months before. It also avoids misunderstandings and potential conflicts.

While writing recommendations, we therefore suggest that they:

  • Start with the action to implement.
  • Include the scenario to prevent or mitigate.
  • Do not include irrelevant comments or notes.
  • Specify the need to take certain actions if checks confirm absence of proper safeguards or potential for a scenario to occur

In the following example, confirmation of a pressure safety valve’s adequacy to protect from overpressure is needed. The same recommendation is written four different ways.

The example shows that:

  • If the recommendation is badly written, it is likely to be rejected.
  • If the recommendation is well written, it is much more likely to be accepted and implemented in time, which will result in time saving and resource optimization.

Split recommendations into categories: HazOp analysis should be a means of communicating responsibilities across interested departments: this is fundamental to ensure the effectiveness of its outcome. A HazOp assessment involving several weeks of sessions may lead to a long list of recommendations.

Thus, it is key to classify the required actions into categories, which should be defined and shared with the company prior to starting the HazOp assessment. The following example illustrates typical categories we have considered.

The identified categories can also be divided into further clusters, to provide a comprehensive two-level classification. Based on our experience, the “design” and “instrumentation” categories include the most impacting required actions stemming from HazOp Analysis, and often require detailed engineering studies. Hence, such categories should have special focus and divided into clear clusters, as illustrated below.

How we have applied the approach in complex projects

Case study – HazOp assessment of a breakthrough refinery process

We performed a HazOp study which extensively supported the design phase. It helped the client company address its resources to manage relevant safety and operational issues for start-up, shutdown and normal operations. The review also integrated several aspects (asset integrity operations, operating manual, safety report development, etc.) that were not typically included in such an assessment. Overall, the HazOp was fundamental to enhancing interaction between the production and the process design teams.

Conclusion

Companies can benefit from an integrated approach to hazard identification which breaks through typical boundaries and allows deeper integration between safety and operations.

The HazOp analysis can be used as a tool to not only highlight “typical” deviations from process intention, but also to analyze and integrate several other elements that are not typically contemplated in the traditional hazard identification approach. This way, complex organizations can optimize their efforts, preventing delays and addressing their investments more effectively. In our experience, we have also seen how this approach can strengthen awareness, as it promotes involvement of different figures within the company and leads to fruitful cooperation within departments.