Process Safety Studies 2019
Process Safety Studies 2019
Process Safety Studies 2019
1 2
3 4
1
Nov 2019
PRV
PAHH
PIC/PAH
NOP
Causes Consequences Safeguards
Control system: Maintains stable operation
Trip / shutdown system: Provides primary protection, when Safety
Design and
control system fails (Hazard
Recommendations Operating
Identification)
Relief system: Provides secondary or ultimate protection - Studies
Practices A single study like HazId, Hazop etc.
at best can trap 60% of the causes.
or last line of defence, when control and trip systems fail We do multiple studies. Multi-sieves
PRV
Community Emergency Response
PIC
LOPA - Layers of Evacuation
Plant Emergency Response
PAHH
PALL
T0 Flare Protection Analysis Containment/ Evacuation Procedure
Mitigation
SDV
T0 Compressor
Design to provide Mechanical mitigation, Relief System
Operator Action
5 6
If accidents were
due to human error
then falls are due to
gravity
Health and Safety:
In all aspects of life - social, mental and
physical
Safety studies achieve nothing .. Unless
there is an imbibed Safety Culture
Overloaded power sockets. Files stacked on Detour to: Safety in Engineering
desk.. Fire hazards
Short cuts .. risk your life and that of others
Do we wear at home safety glasses or
harness?
Do you know ..
Water can topple a ship?
7 8
2
Nov 2019
9 10
Historically
Safety Reviews (1960s)
Check Lists (1960s) - Experience + Lessons learnt
PHA: Preliminary Hazard Analysis (1970s) - Haz materials & Operation
What-if Analysis (1970s) - Brainstorming techniques
HAZID (1970-80s) - Hazard Identification - Hazards in Operations
HAZOP (1970-80s) - Hazard & Operability Analysis
FMEA – Failure Modes, Effects Analysis
FTA - Fault Tree Analysis
SIL - Safety Integrity Level
LOPA - Layer of Protection Analysis
Bow-Tie Diagram (1990s)
11 12
3
Nov 2019
13 14
15 16
4
Nov 2019
Helicopter View
High level review to identify hazards or risks - in design and operation 1. Hydrocarbons + flammable 15. Corrosive substances
When: ASAP. FEED stage, based on min info - layout and flow diagrams materials 16. Biological hazards
How? 2. Explosives 17. Ergonomic hazards
3. Pressure hazards 18. Psychological hazards
Team selects areas to study- plot or deck/ area or system wise 4. Differences in height 19. Security-related hazards
Each system or area reviewed against a pre-agreed checklist 5. Objects under induced stress 20. Use of natural resources
▪ Check list, based on historical data, experience, standards 6. Dynamic situation hazards 21. Medical
When a hazard or risk is identified, find 7. Environmental hazards 22. Noise
▪ All potential causes or scenarios that could trigger the hazard
8. Hot surfaces; Hot fluids 23. Entrapment
9. Cold surfaces; Cold fluids 24. Communication
▪ Its potential consequences - direct as well as escalated 10. Open flame 25. Construction Issues
▪ Impact on personnel, assets and environment 11. Electricity 26. Start-up and Shutdown Issues
▪ Effectiveness of safeguards/ risk reduction/ or operating procedures 12. Electromagnetic radiation 27. Onshore
▪ Recommend: additional safeguards or operating procedures 13. Ionizing radiation - Open & 28. FPSO
Closed source
Basis of Safety Studies 14. Asphyxiates; Toxic gas; Toxic
fluids; Toxic solids
Identifies process and non-process hazards (health, environment)
17 18
19 20
5
Nov 2019
Select a Parameter
Other Nodes
Operations team learns about design limits
and
Design team learns about operational constraints
Follow up!! Follow up!!
Recommendations & solutions are team dependent
21 22
23 24
6
Nov 2019
25 26
and
SIL 3 - between 10-3 and 10-4 (0.001 to 0.0001). That is
Layers of Protection (LOPA) once in 1,000 or 10,000 years. Maxm. This is as good as
IPL (Independent Protective Layer) Residual Risk a PSV
based on Frequency of Demand x Consequences SIL 4 - between 10-4 and 10-5 Not practical
or
or
Reduction in SIL Logic SIL Achieved Logic
By 1 level IPL 10 – Operator, Control/trip Solver Based on sensors, final elements, logic solvers, Solver
By 2 levels: IPL 100 - PSV Fails redundancy, their reliability and testing intervals Fails
Data LAHH LAHH
LAHH LAHH
‘B ‘B
HAZOPs, QRAs etc studies, P&IDs, Cause and Effect ‘A’ Fails ‘A’ Fails
Fails SIL Terms: Fails
charts, Maintenance and shutdown details, Relevant
operational information TF= Tolerable frequency. TF of 10-4 means, company can tolerate an
incident once in 10,000 years. Company’s risk appetite!
List of Safety Instrumented Functions (SIFs) PFD = probability of failure on demand (PFD), that is when SIS fails to
based on above Proof test interval is key to get high SIL protect, user or manufacturer data! Proof test interval is key to get high SIL
How often you test MF = Mitigated frequency. Should be less than reqd TF/ SIL How often you test
27 28
7
Nov 2019
PRV
PAHH
PIC/PAH
NOP
Control system: Maintains stable operation Credit given for Layers of SIL is an excellent
Trip / shutdown system: Provides primary protection, when Protection (LOPA) mathematical tool
control system fails Basic Design, Control System, Economic or Asset protection
Alarms, Trips, Operator alone will demand high SIL
Relief system: Provides secondary or ultimate protection - Response; Pressure Relief Operating and Engg
or last line of defence, when control and trip systems fail Devices. LOPA and owner’s companies yet to go full hog
PRV
risk matrix are used
PIC
SIL studies help delete Community Emergency Response
redundant SIF / Evacuation
29 30
31 32
8
Nov 2019
Graphical method: Combinations of possible events Good for analyzing multiple (combination of)
that results in an undesirable outcome (top event) failures that result in an accident or when
Intermediate events are combined using AND and OR,
logical operators multiple outcomes are possible
Considers both hardware and human failures Traceable, logical, quantitative + visual
Press Rise
representation of causes, consequences and
PAHH Fails
Kaboom and
PSV1 Fails
and or SIS Fails
event combinations
to relieve
PSV2 Fails
SIS Output
Fails
Press Rise
With probabilities of individual events known,
to relieve
PCV Input
PIC Fails
easy to calculate, probability of top event. QRA
or and or DCS Fails
Fails
PCV Fails DCS
Not intuitive. Training required. Difficult to
or PSV set
high
to open Output
Fails document. Can get complex. Time taking
PSV
undersized
33 34
Figure out the ways in which hazards can occur Demonstrates role of barriers in risk reduction
Then apply frequency and probability to find likely events
Meetings
Press Rise
with Lunch
1 /year
20 /year Hi Hi Press
Free Meal
and 0.005 and
2 /year
Invitation /year
RV Dead
0.1
(HOD = 1)
0.005 Threat Consequence
Visitors
15 /year
Lunch with Mistakes are not made in f Hazardous
visitors and and p, but figuring out Threat Consequence
1.5 /year Invitation hazards Event
0.1
Free Meal Common Mistake: Not counting all
or
1.5 /year hazards (known/ unknown), Suppose, Threat Consequence
Training
a clever manager figures out that it is Controls Recovery
5/year
Lunch with cheaper to buy lunch and herd all for
Training and monthly Tool Box/ Brown Bag/ Safety
1.0 /year
Invitation meetings, 12 /year at 1, additional
0.2 (unwanted) lunches = 12
Prevention Mitigation
35 36
9
Nov 2019
Consequence
High Medium High High
Risk of a hazard: its probability x Medium Low Medium High
severity of its consequence. How likely
Low Low Low Medium
and how bad it would be if it happened Risk = Probability x Severity
Low Medium High
UKOOA 5 x 5 Matrix
Severe
Reduce probability or Severity or both 2 LPG Plants were blown
5 Medium Medium High High High while swinging blinds
Many lives Hazard: LPG tank farm. LPG leakage
Critical
Several lives 4 Low Medium Medium High High Risk: Vapor Cloud Explosion
Substantial Mitigate probability: Proper isolation before swinging blind
3 Low Low Medium Medium High
Consequence
37 38
39 40
10
Nov 2019
41 42
ESSA - Emergency Systems Survivability (after a Likely scenarios and their quantified risks to personnel
and public
major event) Analysis Based on: Flammable, toxic fluids, isolatable sections,
Emergency Systems Reliability / Availability potential ignition sources
Consequence: Fire, explosion, toxic etc;
Analysis To demonstrate:
Risk levels meet the specified criteria
Qualitative Vs Quantitative
Knowledge, Experience and Judgment.. Vs Numerical Analysis
43 44
11
Nov 2019
45 46
47 48
12
Nov 2019
49 50
51 52
13
Nov 2019
Team may be unaware of a scenario, may overlook it or decide Before we blame operational errors, consider
it as not credible or significant Equipment can be off-line or under maintenance
You can add redundancy in alarms and shut down valves Safety devices may fail to respond or take time to cut in
(parallel trips, valves in series) but how about the man – to take Hazardous consequences may propagate in several
the right action, in the right time and right sequence ways/ thru multiple systems requiring concurrent
multiple tasks
Failure rates
100% in an emergency respond to avoid a serious accident, with so Limited manpower in modern control rooms
many alarms and phones ringing Procedures may not have covered all situations or
10% in a busy control room with phones ringing been followed or ignored.
1% in a quite control room as in a pumping station Operator may respond based on instinct than plan
0.1% if the button to press is right below the alarm
Hazop worksheets with well documented scenarios are never looked at after the safety studies are over. A tabulation
of equipment based deviations and causes given to plant operators may help them in real situations – to identify less
apparent contributory causes that may cut across plant boundaries and develop operators’ analytical skills
53 54
Copied from: “Cost Effective Outcomes from FPSO Safety Case Brendan Fitzgerald, et al, FPSO Congress, Singapore September 2010”
55 56
14
Nov 2019
57
15