Safety Engineering of Process Plants (CH 404)

Module IV
 Safety Inspections
• Best ways to identify potentially fatal or harmful things is to conduct workplace inspections.
• Been identified, they can be properly addressed.
• Inspections be part of your safety/loss prevention program.

 The inspection process seeks to identify potential causes of incidents or accidents, which is the first step in their
prevention.
 Unsafe acts that are observed should be addressed, as should unsafe conditions.
 Accidents are a disruption to daily operations, and this in turn reduces operational efficiency.
 WHAT TO INSPECT?
• Workplace means all buildings/structures must be inspected.
• When looking at inside operations,
• don’t forget to check work areas, areas accessible to the public, storage and maintenance areas, and equipment
rooms.
• Open locked doors and look.
• When inspecting external areas,
• remember to address security in parking areas, walking-working surfaces, storage and maintenance buildings,
equipment buildings and vacant buildings.
• Emergency exits

Checklist Categories

 Building Safety  Electrical Safety

 Office Safety  Emergency Equipment
 Fire Safety  Storage Methods
 What to Look for?
 Indoor air quality problems
 Include those caused by mold or asbestos or by an improperly operating HVAC (heating, ventilation and air
conditioning) system.
 NATIONAL FIRE PROTECTION ASSOCIATION (NFPA) addresses items such as firefighting equipment, exit signs, and
exit pathways.
 You should get a copy of the report every time they inspect your site.
 Housekeeping
 Items such as facility cleanliness, proper storage of materials and supplies, and related activities.
 Ensure safety guards or safety devices on machines, equipment, etc.
 Follow the manufacturers recommended guidelines/procedures, or safety standards.
 Disabling a safety device is strictly prohibited.
 Unsafe conditions include slip, trip and fall hazards, electrical hazards, or any condition that can cause injury.
 Also include environmental systems
 When conducting your inspections, observe employees performing their job tasks.
 Are they following proper work procedures, obeying safety rules, wearing required PPE, using ladders instead of
chairs? If not, it needs to be noted and reported.
 TYPES OF INSPECTIONS
 Formal Inspections are those that are scheduled in advance.
 They may include the Safety Officer and Safety Committee members.
 Daily, all employees are required to conduct informal visual inspections of their work areas prior to beginning
operations.
 Supervisors should continuously monitor work areas for developing hazards or unsafe practices.
 Special function inspections are conducted after accidents and upon the introduction of new equipment or new
procedures.
 They may be conducted by other regulatory agencies.
 Annual walk-through inspection
 Purpose of Safety Inspections

 Identify potential hazards so they are corrected before an

injury occurs

 Implement or improve safety programs The person conducting the inspection:

 Increase safety awareness
 Display concern for workers’ safety
 Communicate safety standards of performance
• Must have the requisite PPE to safely perform the job
• They must be knowledgeable on how to locate safety and
health hazards
• They should have the authority, given by management, to

The person conducting the hazard inspections should act and make recommendations.

 Be thoroughly-versed in the facility’s operation  If unsafe conditions are revealed, this person should also

 Knowledgeable of relevant regulations, codes & company have the authority to shutdown an operation and notify

policies management.

 Competent regarding the inspection steps

 Capable of collecting, evaluating & reporting the data
A dedicated person can be educated and trained to successfully
assume this task.
 Hazard Inspection Guidelines
Hazard inspection guidelines will be determined prior to
conducting field inspections.
 Decide what to inspect (as well as what will NOT be
inspected, i.e., those aspects outside the scope of the safety
inspection).
 Prepare an inspection sequence
 Use a checklist
 Ask employees in area for input
 Record observations – location & nature of hazards
 Document the inspection participants
Safety Inspections Steps
Steps in a Safety Inspection are generally:
1. Research of the area and/or operation to be viewed.
2. Organize the documents and PPE which will be required
3. Analyze findings of the inspection
4. Record the findings and recommendations
5. Follow-up with reporting-out the final report to proper
committees
Now we are going to review action that needs to be taken once you’ve completed your inspection.
Sign & Date the inspection form
 Findings from Inspection
• If a hazard was found, make sure that it is properly recorded and reported to the appropriate people.

• Unsafe conditions must be addressed within a reasonable time period.

• A follow-up inspection may be necessary.
• Unsafe acts can normally be corrected immediately.
• Often, root-cause analyses reveal that unsafe acts are a result of incorrect training or lack of training.
• After a problem has been detected, management has the ultimate responsibility to take the necessary steps
to correct it.
• Once a problem has been corrected, prudent steps should be taken to ensure that it doesn’t return.
• Job safety observations may be used to ensure that proper job procedures are being used.
• These observations should be conducted immediately and intermittently.
• When possible, employees should be involved in the inspection process.
• In part because of their job/task knowledge, they are often able to develop safer, more efficient processes.
• Always document corrective actions on the inspection form
 IMPLEMENTING CONTROLS
• Engineering controls include replacing equipment with safer models and removing unsafe equipment from the work area.
• Administrative controls include restricting access to hazardous areas, the use of signs to communicate information,
ensuring site security, and employee training.
• Written policies & procedures by management.
• Protective equipment must be used as a last option after consideration has been given to engineering and administrative
controls.
• When PPE is used, employees must be trained in its use, and they must be monitored to ensure they are using the
PPE properly.
• There should be a written program on how to purchase, use, maintain, store, disposal & replacement of PPE.
Document Your Findings

 All findings, along with corrective action recommended (including training), should be fully documented.
 When items recorded on the Hazard Control Log or Inspection Checklists have been corrected.
 The type of documentation that is used is not as important as ensuring it is done in a timely and thorough manner.
 SAFETY AUDITING
• Auditing involves an examination of the company's safety inspection process, its training program, and the safety
systems that are in place.
• Process that identifies unsafe conditions and unsafe acts in the plant and recommends safety improvement.
• Walk through safety audit
• Intermediate safety audit
• Comprehensive safety audit

• Walk through safety audit

 Least expensive, Team
 Noting conditions via naked eyes during walk through • Safety manager
• Safety consultant
 Recommendations discussed with line managers and supervisors • Insurance Inspector
• Intermediate Audit • Electrical Inspector
 More detailed and review on plant design and operations • Manager-Civil/E/C/O&M

 Detailed measurement of high-risk zones

 Test on unsafe equipment and operations
 Weakness in plant design, equipment and sub systems and O&M procedures
 • Functional Audit
• Comprehensive Audit
 Organizational weakness
 Full scale audit on safety factors in plant based on  Training
 Engineering  Clarity of responsibilities
 Analysis  Delegation
 Testing  Documentation
 Measurement
 Module analysis • Safety Facility Audit

 Leads to the improvement in plant design, renovation, Ops, Staffing  Reviews unsafe conditions
 Classification of risk in facilities
• Envelope Audit
 High
 Civil works  Medium
 Switch yards and electrical plant aux  Low
 Stores  Recommendations
 Offices and Canteens and security arrangements
 Ventilation sys and lightening
 Job Safety Analysis (JSA)

Job Safety Analysis (JSA) is a systematic procedure that breaks each job/task into key training
sequences, identifies safety elements of each job/task step and coaches the employee on how to
avoid potential safety hazards.
• Another commonly used term for this process is called a Job Hazard Analysis or JHA.
• Both a JSA and JHA are considered the same thing.

If you look at an operation, you might see five or six risks or hazards.
But when you break the operation down into simple discrete steps, you might realize that there are five or six
risks or hazards associated with each step in the operation.
As you can already see, JHAs provide a system for easily understanding process hazards or risks.

When is a JSA recommended?

• A job/task has a high injury rate.

• A job/task has the potential to cause severe or disabling injuries or illness, even if there is no
history of previous incidents.
• An employee has a safety concern about a job.
• Jobs that are new to your operation or have undergone changes in processes and procedures
 Why Perform JHAs?
 JHAs not only help us identify existing hazards or risks associated with each step in a process,
 It also helps us identify potential hazards or risks.
 Some are not as evident until you break the process down into simple discrete steps and examine each individual
step in the operation.
 JHA also helps us prioritize corrective actions.
 Not that all hazards and risks aren’t important.
 But we need an organized, prioritized way of going about dealing with workplace hazards.
 When a JHA is properly conducted, we are able to reduce, control, or eliminate workplace hazards or risks.
 Because if we reduce or eliminate hazards, we reduce or eliminate the risk of accidents, injuries, and process-
related illness.
 What Are the Benefits of JHAs?

 The main benefit of course is that JHAs reduce accidents, injuries, and illness, thereby improving safety performance.
 Because JHA reduces injuries and illness, it also reduces absences.
 This means we have more fully qualified people on the job every day, which means you don’t have to do extra work to
cover for sick or injured co-workers.
 And it also means that each one of us is safer on the job.
 When we’re fully staffed, people aren’t stressed or overburdened, which means they can take their time and work
safely.
 More people at work every day means increased productivity as well.
 It means we’re able to meet production schedules and keep our organization operating at peak performance.
 JHAs also help improve workplace morale.
 When people feel safe in the workplace, they’re happier and more satisfied with their job.
 And that means we can all do our best and contribute to the success of the organization.
 Another very important aspect of JHAs is that it helps us comply with OSHA and similar workplace regulations.
 When we know about all the hazards, we can take the necessary steps to protect everyone as the regulations require.
 Which Elements of a Process Are Analyzed?
 During JHA inspections the people conducting the inspection will be looking closely at all the discrete elements involved in
an operation or process from start to finish.
 Preparation prior to start-up;
• Start-up;
• Activities that take place during the operation or process;
• Shutdown; and
• Maintenance.
 All the elements must be analyzed because there may be—and usually are—hazards and risks associated with all of them.
 Steps in the JHA Process
 Step One : Process hazard analysis is to break the process down into all the simple, discrete tasks that make up the
process.
 Step Two : Identify the hazards involved in each task that must be performed to complete the process.
 Some hazards and risks may be repeated in several or all the tasks that make up the process.
 Step Three : Evaluating each hazard so that you can determine what to do about it and how to prevent injuries or work-
related illness.
 Step Four: Determine safe procedures and protective measures to prevent accidents, injuries, and illness as a result of
each hazard or risk.
 Step Five : A JHA might also have to be revised if hazards are eliminated, reduced, or controlled thanks to the previous
hazard analysis.
 HAZARD SURVEY AND ANALYSIS

Possible Hazard Likelihood

Description Level Specific Individual Item Fleet or Inventory

Frequent A Likely to occur frequently Continuously experienced

Probable B Will occur several times in Will occur frequently

life of an item

Occasional C Likely to occur sometime in Will occur several times

life of an item

Remote D Unlikely but possible to Unlikely but can reasonably be expected to occur
occur in life of an item

improbable E So unlikely, it can be Unlikely to occur, but possible

assumed occurrence may not
be experienced
 Hazard Assessment Matrix
HAZARD CATEGORIES
Frequency of
Occurrence I II III IV
Catastrophic Critical Marginal Negligible

(A) Frequent 1A 2A 3A 4A
(B) Probable 1B 2B 3B 4B
(C) Occasional 1C 2C 3C 4C
(D) Remote 1D 2D 3D 4D
(E) improbable 1D 2E 3E 4E
Hazard Risk Index HRI
1A, 1B, 1C, 2A, 2B, 3A I Unacceptable
1D, 2C, 2D, 3B, 3C II Undesirable (Management decision required)
1E, 2E, 3E, 3E, 4A, 4B III Acceptable with review by management
4C, 4D, 4E IV Acceptable without review
 Frequency of
Description Level Peobability scale
occurrence

Frequent A High 5
Probable B  4
Occasional C Medium 3
Remote D  2
Improbable E Low 1

Risk: ”Chances or possibility of accidental losses or undesired consequences."

The probability of a dangerous event posed by a hazard, over a definite time period of exposure or
The frequency at which such events will occur and results in fatalities to certain number of people and
The consequence of such events in terms of expected number of fatalities per year.
Risk = (Probability) x (Consequences)
Hazard identification techniques
The hazard identification techniques have been divided into four
categories depending on the area in which they are predominantly
applied:-
(i) Process hazards identification
• HAZOP
• Fault tree analysis
• Event tree analysis
(ii) Hardware hazards identification
• Failure Mode and Effect Analysis (FMEA)
(iii) Control hazards identification;
(iv) Human hazards identification.
Process Hazard Analysis (PHA)
• A systematic method designed to identify and analyse hazards
associated with the processing or handling of highly hazardous
material
• PHA analyses
1. The potential causes and consequences of fires
2. Explosions and releases of toxic chemicals
3. The equipment and instrumentation
4. Human actions and other factors which affect the
process.
 HAZARD ANALYSIS METHODS

Hazard may be realized or unrealized

• Realized hazard – has happened in the past and can therefore be identified from experience.
• Unrealized hazard – is a potential for a hazardous situation that has not happened yet but can
be recognized by analysing the characteristic of process/ environment.
 HAZOP
• Definition: A hazard and operability study (HAZOP) is a structured and systematic examination of a planned or existing
process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment or
prevent efficient operation.
• Systematic technique to IDENTIFY potential HAZard and OPerating problems
• A HAZOP is a qualitative technique based on guide-words and is carried out by a multi-disciplinary team (HAZOP team)
during a set of meetings.
• Each pipeline and vessel is evaluated based on deviations in flow, temperature, pressure, etc

HAZOP Process

• A process flow diagram is examined in small sections, such as individual items of equipment or pipes between them.
• For each of these a design Intention is specified.
• The Hazop team then determines what are the possible significant Deviations from each intention, feasible Causes and
likely Consequences.
• It can then be decided whether existing, designed safeguards are sufficient, or whether additional actions are
necessary to reduce risk to an acceptable level.
 HAZOP STUDY - TEAM COMPOSITION Principles of HAZOP
A Team Leader, an expert in the HAZOP Technique Concept
Technical Members, for example •Systems work well when operating under design conditions.
New Design Existing Plant •Problems arise when deviations from design conditions occur.
Design or Project Engineer Plant
Superintendent Basis

Process Engineer Process Supervisor •a word model, a process flow sheet (PFD) or a piping and
(Foreman) instrumentation diagram (P&ID)

Commissioning Manager Maintenance Method

Engineer
•use guide words to question every part of process to discover
Instrument Design Engineer Instrument Engineer what deviations from the intention of design can occur and
Chemist Technical Engineer what are their causes and consequences may be.
 PRINCIPLES OF HAZOPS Guide Words

GUIDE WORDS*
NONE
MORE OF
LESS OF
PART OF
MORE THAN
OTHER

CAUSE DEVIATION CONSEQUENCES

(from standard (trivial, important,
condition catastrophic)
or intention) -hazard
-operating difficulties
*COVERING EVERY PARAMETER RELEVANT TO THE SYSTEM
UNDER REVIEW:
i.e. Flow Rate. Flow Quantity, Pressure, Temperature, Viscosity, Components
• STUDY NODES
Deviations Generated by Each Guide Word
• The locations (on P&ID or procedures) at which the process Guide word Deviations
parameters are investigated for deviations. These nodes are points
where the process parameters (P, T, F etc.) have an identified design
intent.
• INTENTION
• The intention defines how the plant is expected to operate in the
absence of deviations at the study nodes.
• DEVIATIONS
• These are departures from the intension which can be discovered by
systematically applying the guide words.
• Process conditions
• activities
• substances
• time
• place
EXAMPLE
Guide Word – Parameter Pairs
 EXAMPLE
 An alkene/alkane fraction containing small amounts of suspended water is continuously pumped from a bulk
intermediate storage tank via a half-mile pipeline into a buffer/settling tank where the residual water is settled out
prior to passing via a feed/product heat exchanger and preheater to the reaction, is run off manually from the
settling tank at intervals.
 Residence time in the reaction section must be held within closely defined limits to ensure adequate conversion of
the alkene and to avoid excessive formation of polymer.
Results of hazard and operability study of proposed olefin dimerization unit: results for line section from intermediate
storage to buffer/settling tank
Guide word Deviation Possible causes
NONE No flow (1)No hydrocarbon available
at intermediate storage.
(2)J1 pump fails (motor
fault, loss of drive,
impeller corroded away
etc.)
(3)Line blockage, isolation
valve closed in error, or
LCV fails shut.
(4)Line fracture
Consequences Action required
Loss of feed to reaction section (a)Ensure good
and reduced output. communications with
Polymer formed in heat exchanger intermediate storage
under no flow conditions. operator
(b)Install low level alarm
on settling tank LIC.
As for (1) Covered by (b)
As for (1) Covered by (b)
J1 pump overheats. (c)Install kickback on J1
pump.
(d)Check design of J1
pump strainers.
As for (1) Covered by (b)
Hydrocarbon discharged into (e)Institute regular
area adjacent to public highway. patrolling & inspection
of transfer line.
Guide word Deviation Possible causes Consequences Action required
MORE OF More flow (5)LCV fails open or LCV Settling tank overfills. (f)Install high level alarm
bypass open in error. on LIC and check
sizing of relief opposite
liquid overfilling.

(g)Institute locking off

procedure for LCV
bypass when not in use.

Incomplete separation of water (h)Extend J2 pump suction

phase in tank, leading to line to 12’’ above tank
problems on reaction section. base.

More pressure (6)Isolation valve closed in
error or LCV closes, with
J1 pump running.
Transfer line subjected to full
pump delivery or surge pressure.
(j)Covered by (c) except
when kickback blocked
or isolated. Check line.
FQ and flange ratings
and reduce stroking
speed of LCV if
necessary. Install a PG
upstream of LCV and
an independent PG on
settling tank.

(7)Thermal expansion in an Line fracture or flange leak. (k)Install thermal expansion

isolated valved section due relief on valved section
to fire or strong sunlight. (relief discharge route to
be decided later in study).

More (8)High intermediate storage Higher pressure in transfer line (l)Check whether there is
temperature temperature. and settling tank. adequate warning of
high temperature at
intermediate storage. If
not, install.
 HAZOP PREPLANNING ISSUES

Preplanning issues addressed in a typical refinery unit HAZOP include the following:

• Verification of as-built conditions shown on the P&IDs

• Line segment boundaries set; markup of P&IDs
• List of support documents compiled
• P&IDs (base study document)
• Process flow diagrams (PFDs)
• Process description
• Operating manuals/procedures
• Processing materials information
• Equipment and material specifications
• Tentative schedules of time to be spent per P&IDs sheet
• Recording technique (computer program or data sheet) determination
• List of standard abbreviations and acronyms compiled
• Criticality rankings devised
• HAZOP training given to all team members (one day)
• Arrange for system or process briefings for team before work begins.
 Fault Tree Analysis
The Fault Tree Analysis includes all segments which may cause, contribute to or be affected by an incident.

The Fault Tree Analysis views potential event sequences which may result in an incident.

• Diagram looks like a tree.

• Each branch lists sequence of events (failures) for different paths to the end event.

• Probabilities assigned to each event then used to determine the statistical probability to the end event which is posed.

• An appropriate equivalent methodology may also be adopted for use.

Advantages
• Quantitative - defines probabilities to each event which
can be used to calculate the probability of the top event.
• Easy to read and understand.

Disadvantages
• Need to have identified the top event first.
• More difficult than other techniques to document.
• Complex and time consuming.
• Quantitative data needed to perform properly.
The logic transfer
components used
in a fault tree
 Fault Tree Analysis
The procedure for conducting a FTA is:
1) Prepare and organize the study.
2) Construct fault tree.
3) Analyze fault tree.
4) Quantify fault tree.
5) Evaluate results.
6) Identify any recommendations.
7) Document the results.
8) Resolve recommendations.
9) Follow up on recommendations.
 Fault Tree Analysis
• The fault tree is a graphical representation of the basic causes interactions that may result in a hazardous or undesirable
event.
 Use of deductive logic.
 Logical diagram in the reverse sequence
 Failure frequency are available Fail To Get
To Work On
 Be estimated with the common sense Time

Collision: Collision:
Major Minor
Bike Flat Tire
Stolen Damage Damage
to Bike to Bike

Cyclist Ride Driver

Driver cuts Potential Bike To Hits Cyclist
Cannot
Off Cyclist Calamity Work With Door
Avoid Car
 Fault Tree Analysis
• FTA is not comparable to standard PHA methods.
• It does not identify a full set of hazard scenarios for a process.

• Identify the causes of a particular incident (called a top event) using deductive reasoning.
• Often, it is used when other PHA techniques indicate that a particular type of accident is of special concern and a
more thorough understanding of its causes is needed.
• Thus, it is a useful supplement to other PHA techniques.
• Sometimes FTA is used in the investigation of incidents to deconstruct what happened.
• FTA is also used to quantify the likelihood of the top event.
• It is best suited for the analysis of highly redundant systems.

 FTA identifies and graphically displays the combinations of equipment failures, human failures, and external
events that can result in an incident.

 FTA is not a technique that lends itself to a team-based study.

 Failure Mode and Effect Analysis

FMEA is a systematic list that includes the failure mode, the effects of each failure, the safeguards that exist, and the
additional actions that can be taken
FMEA is a hazard evaluation procedure in which failure modes of system components, typically process equipment, are
considered to determine whether existing safeguards are adequate.

 Failure modes describe how components fail

• (e.g., open, closed, on, off, leaks, etc.).

The effects of each failure mode are the process responses or incident resulting from the component failures, that is,
hazard scenario consequences.

An FMEA becomes an FMECA (failure modes and effects and criticality analysis) when a criticality ranking is included for
each failure mode and effect.

• A criticality ranking is the same as a risk ranking.

 FMEA is used extensively in the aerospace, nuclear, and defense industries.
 Failure Mode and Effect Analysis
 Typically, it is used in the process industries for special applications such as reliability centered maintenance (RCM)
programs and the analysis of control systems.
 FMEA can be conducted at different levels of resolution.
 For PHA purposes, usually it is conducted at the equipment level,
 Valves,
 Pumps,
 Lines.
 For RCM purposes, usually it is conducted at the equipment component level,
 Motor,
 Shaft,
 Impeller,
 Casing,
 Seal,
 Bearings, and so on for a pump.
The procedure for conducting a FMEA is:
• Identify safeguards.
• Prepare and organize the study.
• Perform risk ranking.
• Subdivide the process.
• Identify any recommendations.
• List process equipment.
• Document the results.
• Identify equipment failure modes.
• Resolve recommendations.
• Optionally, identify causes of failure modes.
• Follow up on recommendations
• Specify effects (consequences).
 Definition Of Terms
• Failure Mode

The way in which a specific process input fails

 If it is not detected and either corrected or removed, it may cause a negative “Effect” to occur
 Can be associated with a defect (in discrete manufacturing) or a process input variable that goes outside of specification
 Anything that an operator can see that’s wrong is considered a Failure Mode

 Effect: The adverse impact on customer requirements.

Generally, has an external customer focus, but can also include downstream processes.
A product or process that does not perform satisfactorily to design
 Cause: Whatever causes the Failure Mode to occur.
How a specific part of the process (operation or component) can cause a Failure Mode.
A worn spindle (cause) may cause a dimension to be out of tolerance (mode) which may cause the part to not fit
(effect)
 Definition Of Terms

 Severity: An assessment of how serious the Failure Effect (due to the Failure Mode) is to the customer
 Occurrence: An assessment of the likelihood that a particular Cause will happen and result in the Failure Mode
 Detection: An assessment of the likelihood that the current controls will detect the Cause of the Failure Mode or
the Failure Mode itself, should it occur, thus preventing the Failure Effect from reaching your customer.
 The customer in this case could be the next operation, subsequent operations, or the end user

 Current Controls: Systematized methods/devices in place to prevent or detect failure Modes or Causes (before causing
effects)
 Prevention-based controls may include Mistake Proofing, automated controls, setup verifications, Preventive
Maintenance, and
Control Charts
 Detection-based controls may include audits, checklists, inspection, laboratory testing, and Control Charts
 Rating Definitions Typical Scales

Rating Severity
Severity Occurrence
Occurrence Detection
Detection
High 10 Hazardous without warning Very high and almost Cannot detect
inevitable

Loss of primary function High repeated failures Low chance of

detection

Loss of secondary function Moderate failures Moderate chance of

detection

Minor effect Occasional failures Good chance of

detection

No effect Failure unlikely Almost certain

Low 1 detection

Note : Determine if your company has rating scales and rules.

In some companies, rating a “10” on severity may have legal consequences.
 Risk Priority Number (RPN)
 A key output of an FMEA is the “Risk Priority Number”

 The RPN is a calculated number based on information

you provide regarding:
 The likelihood of potential causes of Failure Modes
 The seriousness of the resulting effects
 The current ability of the process to detect the
causes of the Failure Modes before they cause an
effect to reach a customer
 It is calculated as the product of three (3) ratings, each
one related to the severity, frequency, and detect ability
 The Risk Priority Number need not be limited to Severity,
Occurrence, and Detection.
Some examples:
 Add an “Impact” score to estimate the overall impact of
the Failure Mode on the process (10 = high, 1 = low)
 Add an “EHS” rating to a project FMEA to incorporate
possible environmental impact (10 = high, 1 = low)
 Add an “EOC” or Ease Of Completion (10 = easy, 1= hard)
to help prioritize/focus projects

RPN = Severity x Occurrence x Detection

Regardless of RPN, high severity scores should be given special attention.
 9 Strategies To Complete An FMEA

 For each Process Input, determine the ways in which the Process Step can go wrong (Failure Modes)
 For each Failure Mode associated with the inputs, determine Effects
 Identify potential Causes of each Failure Mode
 List the Current Controls for each Cause
 Assign Severity, Occurrence, and Detection ratings to each Cause
 Calculate RPN
 Determine Recommended Actions to reduce High RPNs
 Take appropriate actions and document
 Recalculate RPNs
 FMEA: A Team Tool
 A team approach is necessary.

 Team should be led by the Process Owner who is the responsible manufacturing engineer or technical person, or other

similar individual familiar with FMEA.

 The following should be considered for team

members:

– Design Engineers – Operators

– Process Engineers – Reliability

– Materials Suppliers – Suppliers

– Customers

Identify failure Identify causes Prioritiz Determine and

modes and their of the failure e assess actions
effects modes
and controls
 The FMEA Form - The Analysis Section

PAPERWORK TURN STEAM ON

LOAD DMF LOAD DICY LOAD 2MI 1
TO DICY TANK

BILL OF MATERIALS SCALE ACCURACY

LOAD ACCURACY LOAD ACCURACY
LOAD ACCURACY
ISO PROCEDURES

REWORK
PREHEATING
CLEANLINESS ENVIRONMENT
(HUMIDITY)
ENVIRONMENT Process Map
(HUMIDITY)
RAW MATERIAL RAW MATERIAL
RAW MATERIAL
MIXER SPEED
MIXER SPEED

FMEA
The FMEA Form - The Analysis Section
 Event Trees for Quantitative Risk Analysis
• Event tree analysis evaluates potential accident outcomes that might result following an equipment failure or
process upset known as an initiating event.
• It is a “forward-thinking” process
• potential accidents,
• accounting for both the successes and failures of the safety functions as the accident
• the analyst begins with an initiating event and develops the following sequences of events that
progresses.

 Event trees graphically display the progression of event sequences beginning with a starting event, proceeding to
control and safety system responses, and ending with the event sequence consequences.
 ETA helps analysts to determine where additional safety functions will be most effective in protecting against the
event sequences.
 Typically, ETA is used to analyze complex processes that have several layers of safety systems or emergency
procedures to respond to starting events.
 Event trees are used to follow the potential course of events as the event moves through the various safety
systems.
 The probability of success or failure of each safety intervention is used to determine the overall probability of each
final outcome.

An Event Tree is used to determine the frequency of occurrence of process shutdowns or runaway systems.

Inductive approach

Specify/Identify an initiating even and work forward.

Identifies how a failure can occur and the probability of occurrence

Identify an initiating event

 May have been identified during a HAZOP as a potential event that could result in adverse consequences.
 Usually involves a major piece of operating equipment or processing step, i.e., a HAZOP “Study Node”.
 Procedure Identify safety functions

The procedure for conducting an ETA is:

 From PID, process flow sheet, or procedures find what
1) Prepare and organize the study.
safety systems are in place and what their functions
2) Identify a starting event.
are.
3) Identify controls and safeguards that respond to
 These can include things such as automatic controllers,
the event.
alarms, sensors, operator intervention, etc.
4) Construct the event tree.
 On you Event Tree write across the top of the page in
5) Describe the event sequence outcomes.
the sequence of the safety interventions that logically
6) Optionally, calculate the frequencies of the
occur.
outcomes.
 Give each safety intervention an alphabetic letter
7) Identify any recommendations.
notation.
8) Document the results.
9) Resolve recommendations.
10) Follow up on recommendations.
 Construct the Event Tree
Horizontal lines are drawn between functions that apply

Vertical lines are drawn at each safety function that applies

Success – upward
Compute frequency of failures
Failure – downward

Indicate result of event

Circle – acceptable result

Cross-circle – unacceptable result

B is the failure per demand or the unavailability of safety function B

Step 1 Identify the initiating event Step 2 Identify the Safety Functions Designed to Deal with the Initiating
Event
• system or equipment failure
Safety system that automatically respond to the initiating event.
• human error
• Alarms
• process upset
• Barriers or Containment methods
• [Example]
“Loss of Cooling Water” to an Oxidation
Reactor

Step 3: Construct the Event Tree Step 4: Describe the Accident Sequence

a. Enter the initiating event and safety functions.

b. Evaluate the safety functions
 Consequence of chemical hazards

 Risk assessment includes incident identification and consequence analysis.

 Consequence analysis describes the expected damage.
 Loss of life,
 Damage to the environment or
 Capital equipment, and days outage
The health risks of chemicals depend on several factors, including:
1. The type of chemical
2. The amount you're exposed to
3. When and how long you are exposed
4. How you're exposed (through food, water, air, products)
5. Age and general state of health
Potential health effects
• Accidents or incorrect use of household chemical products may cause immediate health effects,
such as skin or eye irritation or burns, or poisoning.

• There can also be longer-term health effects from chemicals. When these occur, they are usually
the result of exposure to certain chemicals over a long period of time.

• Depending on the chemical, these longer-term health effects might include:

• organ damage • reproductive problems and birth defects

• weakening of the immune system • cancer
• development of allergies or asthma • effects on the mental, intellectual or physical development of
children
Environmental effects
• Killing organisms in a lake or river
• Destroying animals and plants in a contaminated area
• Causing major reproductive complications in animals, or otherwise limit the ability of an
ecosystem to survive.
• Certain hazardous substances also have the potential to explode or cause a fire,
threatening both animals and human populations.
Acute toxicity and chronic toxicity
Some hazardous substances produce toxic effects in humans or the environment after a
single, episodic release. These toxic effects are referred to as the acute toxicity.
Other hazardous substances produce toxic effects in humans or the environment after
prolonged exposure to the substance, which is called chronic toxicity
Probit equations
A probit equation is used to quantify the relationship between the concentration of
a dangerous material and its effect on people.
In other words, it is an approach for the determination of the effects of received
dose
• The word "probit" was invented by the American biologist Chester Bliss in 1934
and is a blending of the words " probability" and "unit“
• Probit equations are available for a variety of exposures, including exposure to
toxic materials, heat, pressure and radiation, impact and sound
A probit function for the acute inhalation toxicity of a substance describes the
human lethality rate in an exposed population as a function of any combination
of the exposure concentration and exposure duration.
 Different probit functions used for calculation

The fatality rate of personnel exposed to harmful agents over a given period of time can be calculated by use of probit
functions that typically take the form:
Pr =k1+k2(ln V)
Pr = probit, (value range 2.67 – 8.09 representing 1 – 99.9% fatality) a measure of the percentage of the vulnerable
resource that might sustain damage, V = the product of intensity of received hazardous agent to an exponent “n” and the
duration of exposure in seconds or minutes For thermal radiation, V= I4/3t and is called the thermal dose, with units
(kW/m2 ) 4/3 seconds

The toxicity probit functions are of the form

Pr = a + bln(Cn .t)
with concentration C in mg/m3 and exposure time t in minutes. The parameters a, b and n are constants with a value
depending on the substance and are derived from experiments.
Fatality probability can then be determined by evaluation of Y on a probit transformation chart
Risk
• Risk can be defined as the chance or probability that a person will be harmed or
experience an adverse health effect if exposed to a hazard.
• For every accident, there are potentially many people and different populations at risk—
the so-called risk populations.
 For an incident in a chemical plant,
 Example, risk populations would include the workers in the plant, workers in
adjacent plants, and the people living nearby in the surrounding community
since they may be seriously affected by a plant incident.
There are two methods of risk determination
1. Qualitative risk determination
2. Quantitative risk determination
 qualitative risk analysis is based on a person's perception or judgment while
quantitative risk analysis is based on verified and specific data
 QUANTITATIVE RISK DETERMINATION

• Risk indices are single numbers or tabulation of numbers which are correlated to the magnitude of risk.
• Some risk indices are relative values with no specific units, which only have meaning within the context of the
risk index calculations.
• The main two risk sets are:
• Individual risk
• Societal risk

 Individual risk calculations are normally performed when considering a plant employee exposed to plant hazards.
 In contrast, with societal risk, a group of people is exposed to one or more hazards.
 Societal risk calculations are normally performed when considering the risks to a community surrounding a chemical
plant and exposed to multiple plant hazards.
 Individual risk

(x,y) denotes the location

Risk contour plot The procedure for determining the individual risk
contours is as follows:
1. Identify all the incidents and incident outcome
cases.
2. Estimate the frequency for all incident outcome
cases.
3. Determine the effect zone and probability of
fatality at every location for all incident outcome
cases.
4. Estimate the individual risk at every location by
summing the risk for all incident outcome cases.
5. Plot individual risk estimates on the map.
6. Draw individual risk contours connecting points
of equal risk.
 Societal risk
 It is based on the principle that often fatalities are the best way to express the seriousness of an accident and provides
a simplified basis for risk evaluation.
 Societal risk is defined as the relationship between frequency and the number of fatalities in a given population from
an undesired event.
 Societal risk evaluation is concerned with estimation of the chances of more than one individual being harmed
simultaneously by a same accident.

Depending on the scope and objectives of the LOPA study, risk tolerance
criteria
may be needed for: • different hazardous events, for example:
• different types of receptors, for example: – fire
– people – explosion
– environment – toxic material release
– property – runaway reaction
• different classes of a receptor, for example: • different levels of harm, for example:
– employees versus the public – multiple versus single fatalities, fatalities versus injuries
– on-site property versus off-site property – environmental remediation versus cleanup
For individual and societal risk, the unit of risk is the loss of life/yr.
FN curve
• F-N Curve is the complementary cumulative distribution plot curve
• When the frequency of events which causes at least N fatalities is plotted against the
number N on log log scales, the result is called F-N curves (Bedford, 2004).
• The F is the cumulative frequency of experiencing N or more fatalities.
• If the values plotted on the y-axis are the discrete frequency of experiencing exactly N
fatalities, the so called curve is fN-curves.
• Societal risk is generally expressed by f-N or F-N curves which reflects the risks having
low hazard and high consequence, and the curves can be used for various geographical
units such as country, province, state etc.
The F-N curves are developed based on
• historical data,
• the quantitative risk analysis (QRA) results, and
• criteria for judging the tolerability of risk.
Properties of F - N Curves
1. F-N curves are constructed based on historical data in the form of
number of landslides and related fatalities.
2. They in fact represent current situation i.e. the situation we live now.
3. F-N curves form the basis of developing societal acceptability and
tolerability levels.
4. The F-N curves can be constructed for various geographical units such as
country, province, state etc.
5. The number of landslides and related fatalities within the considered
geographical unit determine the acceptability and tolerability criteria.
An F-N curve is drawn using the following
procedure:
1. Identify all incidents and incident outcome cases.
2. Estimate the frequency for each incident outcome case. This is done using any
number of methods presented in this chapter.
3. Estimate the impact zones and the probability of fatality at every location in
the effect zone.
4. Superimpose the impact zone for each incident outcome case over the
population distribution.
5. Determine the total number of fatalities (N) for each incident outcome case.
6. Create the F-N plot using the results of step 5
• ALARP – as low as
reasonably
practicable

• Acceptability/
Tolerability requires
risk perception
research.
Basic Definitions
• Acceptable risk: A risk which everyone impacted is prepared to accept. Action to further
reduce such risk is usually not required unless reasonably practicable measures are
available at low cost in terms of money, time and effort.
• Tolerable risk: A risk within a range that society can live with so as to secure certain net
benefits. It is a range of risk regarded as non-negligible and needing to be kept under
review and reduced further if possible.
• ALARP (As Low As Reasonably Practicable) principle: Principle which states that risks,
lower than the limit of tolerability, are tolerable only if risk reduction is impracticable or
if its cost is grossly in disproportion (depending on the level of risk) to the improvement
gained.
• Individual Risk (IR): The risk to a person in the vicinity of a hazard. This includes the
nature of the injury to the individual, the likelihood of the injury occurring, and the time
period over which the injury might occur. IR is also known as location-specific risk.
• Societal Risk (SR): A measure of risk to a group of people. It is most often expressed in
terms of the frequency distribution of multiple casualty events.
• To plot a FN curve, See the solved problem in Chemical Process Safety
Fundamentals with Applications, 4th Edition (Daniel A. Crowl Joseph
F. Louvar), Example 12-9 page 729