Process Hazards Analysis
Process Hazards Analysis
(PHA)
This page describes some of the Process Hazards Analysis (PHA)
techniques that are used by the process industries as part of their
Process Safety Management (PSM) programs, and discusses when and
where each is best used.
Home
Bookshop
Seminars/Webinars
Incidents
Management
Occupational Safety
Offshore Industries
Onshore Industries
PSM
Bow Tie Analysis
Emergencies
FMEA
HAZOP
HAZOP Team
Incident Analysis
Inherent Safety
MOC
Operating Procedures
PSSR
PHA
Process Safe Limits
SEMS
Technical Safety
Acronyms / Definitions
Annotums
Citations
Examples
Organizations
Privacy / Commercial
Site Map
Contact Us
The techniques discussed are:
●
●
●
●
●
●
●
●
●
Hazard and Operability Study (HAZOP);
Failure Mode and Effects Analysis (FMEA);
What-If;
Checklist;
What-If / Checklist;
Fault Tree Analysis;
Event Tree Analysis;
Indexing; and
Interface Hazards Analysis.
It is important not to draw too sharp a line between the methods; indeed the more
experience a person gains in conducting and leading hazards analyses the more the
techniques seem to merge with one another. Nor is any one of these methods inherently
better than any of the others. They all have their time and place.
Further information on these techniques is provided in Chapters 3 and 4 of the book
Process Risk and Reliability Management.
The Hazard and Operability Method (HAZOP)
The HAZOP (Hazard and Operability) method is probably the most widely used hazards
analysis method. Even those who are not familiar with the hazards analysis process will
often have heard of the term HAZOP, even if they are not really sure what it means.
Because of its importance, this technique is discussed at the HAZOP page. Principles to do
with team selection and management, which can be applied to all types of Process
Hazards Analysis, are discussed in HAZOP Team Selection and Management.
Failure Modes & Effects Analysis (FMEA)
The Failure Modes and Effects Analysis (FMEA) technique is described at the Failure Modes
& Effects page.
Checklist
The Checklist Method uses a set of prepared questions to stimulate discussion and
thinking, often in the form of a What-If discussion. The questions are developed by
experts who have conducted many hazards analyses and who have extensive experience
to do with the design, operation and maintenance of process facilities. Checklists are not
comprehensive − no hazards analysis method can make that claim. Nevertheless, they
should make sure that a complete range questions is asked and that nothing that would
be regarded as obvious is overlooked.
Although checklists are discussed as a separate topic in this section, the reality is
that checklists are used in all types of hazards analysis. For example, checklists to
do with equipment failure are used in FMEAs.
Examples of topics for checklist questions are listed in Table 1.
Table 1
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (1 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
Checklist Question Topics
1.
7.
Equipment
1. Pumps
2. Compressors
3. Pressure Vessels
4. Storage Tanks
5. Piping
6. Valves
Utilities
1. Steam (various pressure levels)
2. Cooling Water
3. Refrigerated Water
4. Process / Service Water
5. Instrument Air
6. Service Air
7. Boiler Feed Water
8. Nitrogen
9. Other Utility Gases
10. Fuel Gas
11. Natural Gas
12. Electrical Power
Pressure Relief
1. Relief Valves
2. Rupture Disks
3. Flare Header and Flare
Instruments And Controls
1. Local Instruments
2. Board Mounted Instruments
3. Distributed Control System (DCS)
4. Control Loops
5. Emergency Loops
Emergency Systems
1. Fire Water
2. Fire Fighting Equipment
3. External Fire
4. Runaway Reactions
Human Factors
1. Operating Procedures
2. Training
Chemicals
8.
Siting
2.
3.
4.
5.
6.
A checklist generally has two sections as illustrated in Figure 1, which is for a Chemical
Storage Checklist.
The top section provides information as to how the checklist is being used. The company,
facility and location are all identified. If some of the information for the checklists answers
comes from discussions and interviews with personnel at the site, their names are entered
here. The titles of all the documents that were reviewed are also entered in the top section
of the checklist.
The bottom section of the checklist consists of the questions themselves. The response
can be 'Yes', 'No' or 'Not Applicable'. Discussions and background information are entered
into the Notes column.
Figure 1
Chemical Storage Checklist
Checklist 10.2: Chemical Storage
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (2 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
Company
Facility
Location
Persons
Interviewed
Name
Documents
Reviewed
Title
Document Title
Date
Date
Notes
Question
10.2.1
Are chemicals separated according to
the following categories:
●
●
●
●
●
●
10.2.2
10.2.3
Solvents, which include
flammable/combustible
liquids and halogenated
hydrocarbons
Inorganic mineral acids (e.g.,
nitric, sulfuric, hydrochloric,
and acetic acids).
Bases (e.g., sodium
hydroxide, ammonium
hydroxide)
Oxidizers
Poisons
Explosives or unstable
reactives.
Are caps and lids on all chemical
containers tightly closed to prevent
evaporation of contents?
Is a Material Safety Data Sheet
(MSDS) provided for each chemical
at the facility?
10.2.4
Are hazardous chemicals
purchased in as small a quantity
as possible?
10.2.5
Are the MSDS readily accessible?
10.2.6
Is there a HazMat team?
10.2.7
Are all chemicals properly logged
in on receipt?
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (3 sur 9)07/03/2012 11:56:55
Y / N / NA
Notes
Process Hazards Analysis
10.2.8
Is there a list of which chemicals are
present at any one time?
10.2.9
Are all chemical containers
properly labeled?
10.2.10 Is the safety diamond system
used?
10.2.11 How are chemicals being
brought into the facility
checked?
10.2.12 Are flammable or toxic chemicals
stored near accommodation or
office areas?
10.2.13 Are chemical drums and totes
lifted over areas where people are
present?
10.2.14 Are chemicals stored on stable
flooring?
10.2.15 Are chemical storage areas
properly vented?
10.2.16 Are chemicals ever stored in a
domestic refrigerator?
10.2.17 Are storage shelves large enough?
10.2.18 Are storage shelves secure?
10.2.19 Do storage shelves have proper
lips?
10.2.20 Are island shelf assemblies
avoided?
10.2.21 Are there procedures for response to
chemical spills in the chemical
storage area?
10.2.22 Is the storage area made of
flammable materials?
10.2.23 Does the storage area have an
effective fire, smoke and gas warning
system?
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (4 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
10.2.24 Does the storage area have an
effective fire control system?
10.2.25 Are incompatible chemicals stored in
the same area?
The What-If Method
The What-If method (spelled here in the same way as it is printed in the OSHA
regulation, i.e., hyphenated but with the question mark omitted) is the least structured of
the hazards analysis techniques. This method also takes the least amount of time.
A What-If analysis is conducted by a team very experienced analysts, engineers and
operations experts. They are adept at the identification of incident scenarios based on
their experience and knowledge. Because it has relatively little structure, the success of a
What-If analysis is highly dependent on the knowledge, thinking processes, experience
and attitudes of the individual team members. The method does, however, allow the team
members to be creative - the very lack of structure allows them to expand their horizons.
Since there is relatively little prompting from formal guidewords, it is vital that the team
members prepare very thoroughly before the meetings start; the free-ranging nature of
the discussion will require that everyone be up to speed on the process and its general
hazards before the meetings start.
Issues that can be discussed during a What-If review include the following:
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Emergency shut down systems
Vents
Flares
Piping systems
Electrical classification areas
Truck / rail / ship / barge movements
Effluents and drains
Noise
Leaks
Operating procedures
Maintenance procedures
Machinery, including cranes, hoists and fork lifts
Public access and perimeter fencing
Adjacent facilities
Buried cables
Overhead cables
Special weather problems, including freezing, fog, winterization, rain, snow, ice,
high tides and high temperatures
Toxicity of construction materials
Demolition safety
A What-If analysis can be organized in one of two ways. The first is to divide the facility
into nodes, rather like a HAZOP, except that the nodes are typically bigger and more
loosely defined. The second approach is to organize the analysis by major items of
equipment rather like an FMEA, and then to discuss the different types of failure mode for
each. These two approaches are discussed below. Guidance to do with utilities, batch
processes, operating procedures and equipment layout is also provided.
Node / Functional Area Review
Nodal analyses are usually organized around major sections of the process such as a
distillation column or a pig launching system. Team members ask questions such as ‘WhatIf there is high pressure?’ or ‘What-If the operator forgets to do this?’ or ‘What-If there is
an external fire in this area?’
Using this approach, many of the individuals on the team will probably find themselves
instinctively following the HAZOP guideword approach. Consequently, a What-If analysis of
this type tends to take the form of a faster-than-normal HAZOP. However, the scribe will
not need to take notes for every deviation guideword — only meaningful discussions will
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (5 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
be recorded. Also, this type of What-If discussion will jump around from node to node
more than would be normal in a HAZOP, thus placing greater pressure on the leader and
scribe to achieve results and to come to relevant conclusions.
Some What-If questions that can be used for a nodal analysis are listed below.
●
●
●
●
●
●
●
●
●
●
What-If
What-If
What-If
What-If
What-If
What-If
What-If
What-If
What-If
What-If
the system is bypassed?
the flow stops?
there is contamination?
there is a power failure?
there is corrosion or erosion?
there is an external impact?
the operator fails to pay attention?
the operator skips a step?
there is an instrument error?
an interlock is bypassed?
Equipment and Function Review
In the second approach to a What-If analysis, the hazards analysis discussions are
organized around equipment types and their function. Examples of equipment type are
listed below.
●
●
●
●
●
●
●
●
●
Pressure Vessels
Pumps
Compressors
Distillation Columns
Absorbers
Storage Tanks
Vents
Flares
Piping systems
What-If questions to do with issues such as leaks and over-pressure can be asked for each
equipment type.
Utility Systems
The analysis of utility systems such as steam headers and instrument air systems can be
difficult because it is not always clear where the nodal boundaries are located. A
discussion that starts in one area can become very far-reaching and include almost the
entire facility.
Utility systems have a large number of interfaces with the process, any of which could
leak. Sometimes the leak will be from the utility into the process; in other cases the leak
will be from the process to the utility. Either way, it can be difficult to detect the source of
a problem.
One way of analyzing utility systems is for the team leader and scribe to note potential
interface problems as they are discussed during the process analysis. These notes can
then be discussed as a group when the utilities themselves are being analyzed.
Batch Processes
Process hazards analysis methodologies were developed initially for large, continuous
processes such as petrochemical plants and refineries. However, many plants are smaller
and operate primarily in a batch mode. Batch plants are often found in the
pharmaceuticals and food processing industries. Even processes which are primarily
continuous do have some batch operations, such as truck loading and unloading.
Because batch processes are dynamic (time is a variable,) an analysis of their operation is
more complex than for a steady-state process. One way of handling this additional
complexity is to systematically work through the operating procedures using a What-If
approach - in which deviation guidewords serve as prompt questions. For example, if the
instruction is, ‘Add 100 liters of water to V-100’, the team might ask questions such as:
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (6 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
1.
2.
3.
4.
5.
What if the vessel is over-filled? (High level)
What if the liquid is not water? (Contamination)
What if there is less than 100 liters of water available? (Low Flow)?
What-If V-100 is over-pressured? (High Pressure)
What-If the water is added too soon? (High Flow) What-If the water is added too
late? (Low Flow)
6. What-If the step is omitted altogether? (Low Flow)
Once the discussion for this step is complete, the team can then analyze the next step in
the operating procedures.
Other 'step' questions include:
1. Step done early
2. Step done late
3. Step omitted
Once the discussion for this step is complete, the team can then analyze the next step in
the operating instructions.
Operating Procedures
Some hazards analysis teams elect to analyze operating procedures in addition to process
systems. A What-If approach is an effective method of conducting such an analysis. The
team works through each step of the procedure asking a series of What-If questions,
including the following:
1.
2.
3.
4.
5.
6.
7.
What-If the instruction is missed/over-looked/ignored?
What-If two instructions are done in the wrong order?
What-If this step is done out-of-sequence (early)?
What-If this step is done out-of-sequence (late)?
What-If this step is done too slowly?
What-If this step is done too quickly?
What-If the instruction is carried out partially (such as a valve being only partly
closed)?
8. Does the operator have the information that he or she needs to conduct this step?
For example, can all relevant gauges be read?
9. Can this step be performed at night?
Layout Reviews
When determining risks to do with the layout of equipment, issues to consider include:
●
●
●
●
●
Ease of escape in the event of a fire or other serious event;
Noise zones;
Vehicle movement;
Accessibility for emergency vehicles; and
Dropped objects from cranes and other lifting equipment.
What-If / Checklist Method
The What-If / Checklist method is the third of the hazards analysis techniques listed in the
OSHA standard. This approach is basically a combination of the two methods that have
just been discussed. The hazards analysis team works through a checklist. However,
instead of merely answering ‘yes’ or ‘no’ to the questions, the team leader generates a
relatively unstructured 'What-If' discussions around each of the questions.
Indexing Methods
Comparative risk levels can be evaluated using indexing methods. Each design is scored
on a variety of factors contributing to overall risk. For example a design that uses highly
toxic chemicals will score negative points, whereas a facility that is located away from
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (7 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
populated areas receives positive points. Credit is also provided for the use of control and
mitigation measures.
Three commonly used indexing methods are:
●
●
●
The Dow Fire and Explosion Index (Dow 1994);
The Dow Chemical Exposure Index (Dow 1998) and
The Pipeline Risk Management Index (Muhlbauer 2003)
Interface Hazards Analysis
Most hazards analyses review a sub-set of a larger system. For example, a refinery
hazards analysis team may carry out a hazards analysis on just the catalytic cracking unit;
a pipeline company may analyze just the marine loading operations; or an offshore team
may analyze just one platform in a larger complex. Yet these sub-systems are part of
larger systems; which means that hazards can be transferred to or from the other units
across the interfaces.
One large oil production facility, for example, had both onshore and offshore operations.
An operator was carrying out a routine pigging operation on a line that came from an
offshore platform to the onshore gas processing plant. He inadvertently misaligned the
valves around the pig trap and caused a high pressure surge to flow back along the line
coming from offshore. This mishap had no significant effect on the onshore operations
themselves, but the pressure surge caused the offshore platform to shut down, which
triggered a chain reaction that caused many other offshore platforms in the complex to
shut down in sequence. In the end, many millions of dollars of production were lost, and
the company was lucky not to have had a safety or environmental incident. Because
management and the technical staff had not conducted an interface hazards analysis, so
they did not understand the interactions between the different operating units.
Another example of interface operations concerns truck operations. Many process facilities
use trucks from third party companies to bring in chemicals and to export products and
waste streams. It is generally a good idea to invite a representative of the trucking
company to the pertinent process hazards analysis. That way each party can assure itself
that the chances of a mishap are small. The process facility, for example, can evaluate the
procedures to make sure that delivered chemicals are what they should be; the trucking
company representative can check for the possibility of reverse flow of process chemicals
on to their truck.
An Interface Hazards Analysis (IHA) can usually be structured into three areas:
●
●
●
Process fluids (wrong hazards analyses / reverse flow / wrong composition);
Instrument signals;
People interfaces.
No established methodology exists for analyzing system connectivity  for conducting
what is, in effect, an ‘Interface Hazards Analysis’. However such a system can be viewed
as being a collection of black boxes where each black box represents an operating unit,
each of which has been thoroughly analyzed individually.
Figure 2 shows a system consisting of four operating units, each of which can be
connected to each of the others in some manner, except that there is no link between
Block 2 and Block 4. (All the arrows are two-way meaning that connectivity problems can
flow in either direction.)
Figure 2
Interconnectivity
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (8 sur 9)07/03/2012 11:56:55
Process Hazards Analysis
For a system containing N blocks, the total number of connections is 2 * 3 * (N – 1)! (The
number '2' represents the fact that each connection is two-way. The number '3' represents
that fact that there are three types of connection, as discussed above.) Therefore, in the
case of Figure 2, the total number of potential interfaces is 2 * 3 * 3!, which is 36. (30 if
the missing connection between '2' and '4' is considered.)
One way of conducting an Interface Hazards Analysis is with the ‘What-If’ approach. A
hazards analysis team can use a flowchart of the overall process to ask ‘What-If’ questions
such as:
1. What if the flow in this line is stopped suddenly (a pipeline issue)?
2. Can the operators on Unit A shut down any of the equipment on Unit B (an
instrumentation issue)?
3. What does Unit B do if Unit A has a fire (a human communication and response
issue)?
At each interface the analyst will ask questions such as:
●
●
●
●
How do we know?
What is the consequence?
Are the safeguards adequate?
What is the effect of an upset on other units?
home | top of page | view cart
Copyright © Sutton Technical Books 2007-2012. All rights reserved
6340 N. Eldridge Parkway, Ste-I #206
Houston, TX 77041
http://www.stb07.com/process-safety-management/process-hazards-analysis.html (9 sur 9)07/03/2012 11:56:55