Overview of

Process Hazard
Analysis
(PHA)

DR. AA, Process Control and Safety Group

1
 Factors
Influencing
Incidents

2
 Causes of Accidents and Incidents

Incidents and Accidents are caused by

either unsafe behaviours (substandard
practice) and/or unsafe conditions
(substandard designs).

Unsafe behaviours are handled by Occupational Safety Program,

Unsafe conditions are managed through Process Safety Programs.

3
Accident Causation Models

4
DOMINO EFFECT

5
 LOSS CAUSATION MODEL
BASIC IMMEDIATE INCIDENT LOSS
LACK OF
CAUSES CAUSES
CONTROL

PERSONAL SUB CONTACT

FACTORS STANDARD WITH PEOPLE
& ACTS ENERGY PROPERTY
INADEQUATE
JOB & OR PROCESS
PROGRAM
FACTORS CONDITIONS SUBSTANCE PLANET

LOSS CAUSATION THRESHOLD

PROBLEM SOLVING
Workers
exposed
OSH-MS to hazards
Safe Operating Procedures, Training,
Supervision, Maintenance, PPE

Activity: PREVENTION Activity: MITIGATION

6
ACCIDENT RATIO STUDY

SERIOUS OR DISABLING
Including disabling and serious injuries
1
MINOR INJURIES
10 Any reported injury less than serious

PROPERTY DAMAGE ACCIDENTS

30 All types

INCIDENTS WITH NO VISIBLE

600 INJURY OR DAMAGE
Near-miss accident

7
 Process Hazards

HAZARDOUS MATERIALS + PROCESS CONDITIONS

Flammable materials High temperatures
Combustible materials Extremely low
Unstable materials temperatures
Reactive materials High pressures
Corrosive materials Vacuum
Asphyxiates Pressure cycling
Shock-sensitive materials Temperature cycling
Highly reactive materials Vibration/liquid
Toxic materials hammering
Inert gases Rotating equipment
Combustible dusts Ionizing radiation
High voltage/current
Erosion/Corrosion
Human Factors or Errors
HUMAN FAILURE

ERRORS VIOLATIONS

• Deliberate actions
• Different from those prescribed
MISTAKES • Carries known associated risks
SLIPS • Ignores operational procedures
• Violation errors occur because of a
perception of lack of relevance, time
pressure or laziness.

• Incorrect intention
• Competency exists
• Inadequate knowledge
• Intentions are correct
• Incorrect information processing
• Slips occur while
• Inadequate training
carrying out habitual,
routine, skill based • Mistakes occur because of incorrect
assumptions or incorrect “tunnel
activity.
vision” application of rules.
Process Hazard
Analysis
(PHA)
Methodologies

DR. AA, Process Control and Safety Group

10
PHA Methodologies

11
Process Hazards Analysis

PROCESS HAZARDS ANALYSIS STRUCTURE

PROCESS HAZARDS ANALYSIS

What can go How likely is What are the

wrong? it? consequences?

FOUNDATION FOR PROCESS HAZARDS ANALYSIS

Historical PHA Knowledge

Experience Methodology and Intuition
Qualitative Risk Analysis

Process Hazards Analysis is

the predictive identification
of hazards, their cause &
consequence and the
qualitative estimation of
likelihood and severity.
Qualitative vs. Quantitative
PROCESS HAZARDS ANALYSIS RISK ANALYSIS

IDENTIFIES HAZARDS, estimates ASSESSES HAZARDS

likelihood and severity, suggests
improvements. SELECTIVE - use when other
methods prove inadequate or
USE ON EVERY PROJECT excessive in cost.

QUALITATIVE - based on QUANTITATIVE - requires

experience, knowledge and creative extensive data and special
thinking. expertise.

Most often done by Done by ONE OR TWO SPECIALLY

MULTIDISCIPLINARY TEAM TRAINED PEOPLE

Several methodologies available Also called:

 What-if or Hazid • Hazan
 What-if/Checklist • Risk Assessment
 HAZOP • Probabilistic Risk Assessment
 FMEA (PRA)
 Preliminary Hazards Analysis • Quantitative Risk Assessment
(QRA)
 Process Hazard Analysis

Simply, PHA allows the employer to:

• Determine locations of potential safety
problems
• Identify corrective measures to improve safety
• Preplan emergency actions to be taken if
safety controls fail

15
 PHA Must Address …

• The hazards of the process

• Identification of previous incidents with likely potential
for catastrophic consequences
• Engineering and administrative controls applicable to
the hazards and their interrelationships
• Consequences of failure of engineering and
administrative controls, especially those affecting
employees
• Facility siting; human factors
• The need to promptly resolve PHA findings and
recommendations

16
 PROJECT PHASE
Safety issues must be embedded within all project life-cycle

Conceptual Process Project Design, engineering, Hand operation

development sanction construction over

Relationship of six-stage process study system to project life-cyc

Stage 5 Stage 6
Stage 1 Stage 2 Stage 3 Stage 4
Pre- Post-
Process Detailed
Commis commis
Concept design Engineering Construction
sioning sioning

17
 PHA and project phase

Method Project life cycle stage

used
0 1 2 3 4 5 6 7

Checklist X X X X X X X X

RR X X (X) (X)

What-If X X X X

FMEA (X) X X (X)

LOPA X X X

HAZOP (X) X X

PHR X (X)
18
What If

19
 What-If

• Experienced personnel brainstorming a series of

questions that begin, "What if…?”
• Each question represents a potential failure in the
facility or mis-operation of the facility
• The response of the process and/or operators is
evaluated to determine if a potential hazard can occur
• If so, the adequacy of existing safeguards is weighed
against the probability and severity of the scenario to
determine whether modifications to the system
should be recommended

20
 What-If – Steps

1. Divide the system up into smaller, logical

subsystems
2. Identify a list of questions for a
subsystem
3. Select a question
4. Identify hazards, consequences, severity,
likelihood, and recommendations
5. Repeat Step 2 through 4 until complete
21
 What-If Question Areas

• Equipment failures
– What if … a valve leaks?
• Human error
– What if … operator fails to restart pump?
• External events
– What if … a very hard freeze persists?

22
 What If

What If…? Initiating Cause Consequence

1. There is 1.1 External fire in 1.1 potential increase in temperature and

higher the process area pressure leading to possible leak or
pressure in the rupture. Potential release of flammable
vessel material to the atmosphere. Potential
personnel injury due to exposure.
1.2 pressure 1.2 potential for vessel pressure to
regulator for inert increase up to the inert gas supply
gas fails open pressure. Potential vessel leak leading to
release of flammable material to the
atmosphere. Potential personnel injury
due to exposure.

23
Checklist

24
 Checklist

• Review an installation against known hazards

identified on previous studies of similar plant
• Examine the checklist for relevance to plant
being studied
– Ask questions based on a pre-defined list
• The checklist is a corporate memory of what
could go wrong
– Should be augmented by industrial-wide experience
when available

25
 Strength of checklist

• Is quick and simple to perform and is easily

understood
• Makes use of existing experience and
knowledge of previous systems
• Helps check compliance with standard practice
and design intention
• Ensures that known hazards are fully explored

26
 Weakness of checklist

• Does not provide a list of initiating events

(failure cases) for a QRA
• May not be comprehensive and does not
encourage analysts to consider new or unusual
hazards
• Highly dependent upon the quality of the
prepared checklists

27
 Checklist Question Categories

• Causes of accidents
– Process equipment
– Human error
– External events
• Facility Functions
– Alarms, construction materials, control systems,
documentation and training, instrumentation, piping,
pumps, vessels, etc.

28
 Checklist Questions

• Causes of accidents
– Is process equipment properly supported?
– Is equipment identified properly?
– Are the procedures complete?
– Is the system designed to withstand hurricane winds?
• Facility Functions
– Is is possible to distinguish between different alarms?
– Is pressure relief provided?
– Is the vessel free from external corrosion?
– Are sources of ignition controlled?

29
Hazard Indices

30
 Hazard Indices

• Hazard indices give a quantitative indication of

the relative potential for hazardous incidents
associated with a given plant or process. They
are used to most effect at the early design
stage of a new plant.
• The best known hazard indices are the Dow
Index (1981) and the Mond Index (1979).

31
 Dow Fire and Explosion Index

• Operates like an income tax form.

• Penalties for unsafe situations
•Credits for control and mitigation
• Produces a number - the bigger the number
the greater the hazard.
• Only considers flammable materials
• Not effective for procedures.

32
Dow Fire & Explosion Index

33
 Dow Chemical Exposure Index (CEI)

• Considers toxic materials only.

• Includes simple source and dispersion models.
• Not effective for procedures.

Dow Criteria: If sum of F&EI and CEI > 128,

then more detailed hazard review procedure
required.
34
 Mond Index
Mond Index

Objectives of Mond Index

To Identify, Assess and Minimize potential hazards on
chemical plants units for new and existing processes
About Mond Index
Index primarily concerned with fire and explosion problem.
Toxicity is considered only as possible complicating factor.
Method gives credits for plant safety features (both hardware
and software).

35
 Mond Index Procedure
1. Divide plant into units and each unit is assessed individually
2. Select ion of key material present in the unit.
– Key material is the most dangerous chemicals (inherent properties),
which higher possibility for combustion, explosion or exothermic
reaction.
3. Calculation of Factors
– Material Factor, B
– Special Material hazards, M
– Special Process hazards, S
– Quantity Hazards, Q
– Layout Hazards, L
– Acute Health Hazards, T
4. Calculation of Indices - Dow Index (D), Fire Index (F), Explosion
Index (E), Overall Hazard Rating (R).

36
 Mond Index Criteria

The most important criteria - overall hazard rating, R

Overall Hazard Rating Category

0-20 Mild
20-100 Low
100-500 Moderate
500-1100 High (group 1)
1100-2500 High (group 2)
2500-12,500 Very high
12,500-65,0000 Extreme
> 65,000 Very extreme
37
HAZID

38
 HAZID

• Performed by a team of multidisciplinary

experts
• The analyses are carried out based on area by
area basis
– It is focusing on location of the process
• The discussion proceeds through the
installation’s modules or operations using
guide words to identify potential hazards, its
causes, and possible consequences
• The outcomes are summarised in HAZID Log
Sheet 39
HAZID Guidewords

40
HAZID Guidewords – Port Facility

41
 HAZID Log Sheet

Ref Guide Hazard Conse- Risk Potential Safeguards Action /

No word Description quences cons Freq /mitigating comment
features

42
HAZOP

43
 HAZOP

• Performed by a team of multidisciplinary experts

• The process is divided into distinct subsections or
nodes
– It is focusing on plant component/equipment
• On each node, detailed brainstorming is conducted
facilitated by a HAZOP Leader
– Based on the design intent of each equipment specified by the
node, possible deviations are examined, aided by guidewords
and process parameters
– Causes, consequences are identified and existing protection
prescribed by the design are assessed. Based on these,
recommendations are put forward
• The outcome is summarized in a HAZOP Log Sheet 44
 HAZOP Guidewords
• No: negation of design intention; no part of design intention is
achieved but nothing else happens
• More: Quantitative increase
• Less: Quantitative decrease
• As well as: Qualitative increase where all design intention is
achieved plus additional activity
• Part of: Qualitative decrease where only part of the design
intention is achieved
• Reverse: logical opposite of the intention
• Other than: complete substitution, where no part of the original
intention is achieved but something quite different happen
– Contamination, corrosion, sand deposits etc

45
 HAZOP Log Sheet
• Based on the selected NODE and the design intent of
the node, HAZOP study is conducted. The output is
summarised in HAZOP Log Sheet

Example: Simplified HAZOP Log Sheet

Deviation Causes Consequences Protection Action
Guideword + Possible causes of Effect of deviation Safety Is the protection
Parameter the deviation of plant safety and provision sufficient?
operability already If not, propose
Guideword: No, considered. suitable action or
Less, More, - Prevent recommendation
reverse etc causes
- prevent/
Parameter: Flow, reduce
temperature, consequence
level etc - monitor/
detect

46
LOPA

47
 LOPA

• LOPA is a semi-quantitative risk analysis technique that is applied

following a qualitative hazard identification tool such as HAZOP.
• Similar to HAZOP LOPA uses a multi-discipline team
• LOPA can be easily applied after the HAZOP, but before fault tree
analysis
• LOPA focuses the risk reduction efforts toward the impact events
with the highest risks.
• It provides a rational basis to allocate risk reduction resources
efficiently.
• LOPA suggests the required Independent Layer of Protection (IPL)
required for the system to meet the required Safety Integrity Level
(SIL)

48
 LOPA Methodology

• There are five basic steps in LOPA:

1. Identify the scenarios
2. Select an accident scenario
3. Identify the initiating event of the scenario and
determine the initiating event frequency (events per
year)
4. Identify the Independent Protection Layers (IPL)
and estimate the probability of failure on demand of
each IPL
5. Estimate the risk of scenario

49
LOPA

50
 LOPA
Consequence Initiating Initiating Preventive independent protection Mitigation Mitigated
& Severity event event layers independent consequen
(cause) challenge Probability of failure on demand protection ce
frequency (PFD)
/year
layer (PFD) frequency
/year
Process BPCS Operator SIF
design response (PLC
to alarm relay)

J
f i  f i   PFDij
C I
j 1

 f i I  PFDi1  PFDi 2 ...  PFDiJ

f i C  frequency for consequenc e C for initiating event i
f i I  frequency requency for initiating event i
PFDij  probabilit y of failure on demand of the jth IPL that
protects against consequenc e C for initiating event i 51
Failure Modes,
Effects Analysis
(FMEA)

52
 FMEA – Failure Modes, Effects Analysis

• Performed by a team or a single analyst

• Systematic review
– Considers each component in turn
– Subjectively evaluates effects of failure
• Based on tabular format
• FMECA includes critical analysis

53
 FMEA – Failure Mode Keywords

• Rupture • Spurious start

• Crack • Loss of function
• Leak • High pressure
• Plugged • Low pressure
• Failure to open • High temperature
• Failure to close • Low temperature
• Failure to stop • Overfilling
• Failure to start • Hose bypass
• Failure to continue • Instrument bypassed
• Spurious stop

54
 Example: FMEA on a Heat Exchanger

Failure Causes of Symptoms Predicted Impact

Mode Failure Frequency

Tube Corrosion H/C at Frequent – Critical –

rupture from fluids higher has could
(shell side) pressure happened cause a
than 2x in 10 yrs major
cooling fire
water

 Rank items by risk (frequency x impact)

 Identify safeguards for high risk items

55
Fault-Tree
Analysis
(FTA)

56
 Fault Tree Analysis

• Provides a traceable, logical, quantitative

representation of causes, consequences and event
combinations
• Not intuitive, requires training
• Top-down analysis
• Graphical method that starts with a hazardous event
and works backwards to identify the causes of the top
event
• Intermediate events related to the top event are
combined by using logical operations such as AND
and OR.
• Not particularly useful when temporal aspects are
important 57
Example of FTA

58
 FTA Procedure

identify top event

construct the fault tree develop improvements

analyze qualitatively NO

make
decision:
analyze quanitatively acceptable
?

YES

accept system
FTA Nomenclature
 PHR
Method
Selection
Decision
Tree