ELA980 Unit 1 - The LOPA Process

Copyright ©American Institute of Chemical Engineers 2018. All rights reserved.

1

SAChE® Certificate Program

Level 3, Course 1.1: Risk Review Using LOPA (Layer of Protection Analysis)

Unit 1 – The LOPA Process

Narration:

[No narration]


2

Getting Started

Narration (female voice):

If this is your first time taking a SAChE course, please take a few minutes to explore the

interface. This slide will explain how to use the controls to navigate through the course.

All of the units in the course use the same interface.

• This interface has four main features that you should be aware of:

• Here is the left navigation bar. It contains a list of the slides as well as the

narrative transcript. At any point in the course, if you would like to revisit any

content, click the slide title to jump back.

• You may also use the Previous button on the bottom of the player. To advance

forward, use the Next button.

• The Search feature allows you to search for content using any word in the

current unit.


3

• On the top menu bar you will find the Help, Abbreviations, Glossary, Resources

and Exit options. The resources included in this course include any unit-specific

attachment as well as a printable copy of the unit slides and narrative. Use the

Exit tab to leave this unit at any time.

Click the arrows if you want to learn more about the interface features. Click ‘Next’

when you’re ready to continue.


4

About This Training Program

Narration (male voice):

Welcome to the American Institute of Chemical Engineers’ online Process Safety training

program. This course will introduce you to Risk Review Using LOPA (Layer of Protection

Analysis). It’s divided into three units:

• Unit 1 – The LOPA Process;

• Unit 2 – Core Attributes of Independent Protection Layers; and

• Unit 3 – Enabling Conditions and Conditional Modifiers.

Each unit takes about 30 to 45 minutes to complete. At the end of each unit, you will be

presented with a quiz. You must pass the quiz in order to have the unit marked as

complete so be sure to pay close attention to the content and answer all of the review

questions along the way. After completing all of the units in the course, you will take a

final exam. You must pass the exam to have the course marked as completed.


5

Objectives


This is the first of three units in the Risk Review Using LOPA (Layer of Protection

Analysis) course. By the end of this unit, titled “The LOPA Process,” you will be able to:

• Describe when in the life cycle of a chemical process LOPA can be used and in

what situations LOPA can be helpful; and

• Describe the LOPA process and the common elements of a LOPA.


6

SECTION 1: Introduction

Narration:

[No narration]


7

What is Risk?


We’re going to begin this unit by defining “risk.”

Risk is a measure of human injury, environmental damage, or economic loss in terms of

both the incident likelihood and the magnitude of the loss or injury.

A simplified version of this relationship expresses risk as the product of the likelihood

and the consequences (that is, Risk = Consequence x Likelihood) of an incident.


8

Qualitative Risk Matrix


Risk can be illustrated as a matrix with consequence severity on the X-axis and

frequency or probability on the Y-axis. Risk increases on the diagonal as shown.

Each company establishes its own risk matrix. Colors may be used to classify risk, such as

green for tolerable, yellow for marginal, and red for unacceptable.


9

What is a Layer of Protection Analysis (LOPA)?


A Layer of Protection Analysis is an approach that analyzes an incident scenario to

compare the scenario risk estimate to risk criteria for determining where additional risk

reduction or more detailed analysis is needed.

Incident sequences, developing scenarios, and understanding the types of

“consequences of concern” – such as toxic releases, fires, and explosions – are covered

in other SAChE courses. The scenarios used in a LOPA are typically identified during a

scenario-based hazard evaluation procedure such as a HAZOP Study (also detailed in

other SAChE courses).


10

LOPA Goal


The goal of a LOPA is to focus on scenarios with greatest risk, such has those with high

severity and high frequency (the red region of a risk matrix). The LOPA method

evaluates which safeguards, also called layers of protection, can be credited as

independent protection layers (IPLs) for risk management.

Examples of safeguards, or layers of protection, are shown here. You will learn in Unit 2

of this course which layers of protection can be considered as an IPL for use in the LOPA

method.


11

Part 2


12

Key Questions When Assessing Risk


LOPA can help answer these key questions when assessing risk:

• How safe is "safe enough?"

• How many protection layers are needed?

Keep in mind that these are overview questions relating to risk reduction. They are not

specific to the LOPA method.


13

LOPA – A Structured Approach


This structured approach:

• Reduces emotionalism in decision making;

• Provides clarity and consistency;

• Documents the basis of the decision; and

• Facilitates understanding of risk and layers of protection among plant personnel.


14

LOPA – Semi-quantitative Risk Assessment


A LOPA is often called a “semi-quantitative” risk assessment since it deals with order-of-

magnitude estimates of risk. It can be used to bridge the gap between a qualitative

hazard identification and risk analysis, such as a HAZOP, and a Quantitative Risk Analysis,

also knows as a QRA.

QRAs are the systematic development of numerical estimates of the expected frequency

and severity of potential incidents based on engineering evaluation and mathematical

techniques. QRAs require sophisticated, often proprietary, source and dispersion-based

modeling software. The LOPA method is an excellent screening method to use before

investing time and resources on a QRA for a specific scenario.

Source models, dispersion models, and QRAs are discussed in more detail in other

SAChE Courses.


15

Common Elements of LOPA


While LOPA methods used by various companies differ, they have common elements.

These include:

• A method for selecting scenarios;

• A consequence classification method that can be applied throughout the

company;

• Specific rules for considering safeguards as IPLs;

• Specified default data for initiating event frequencies (IEFs) and IPL probabilities

of failure on demand (PFDs);

• A specified procedure for performing the required calculations;


16

• Numerical risk tolerance criteria. Individual companies use different criteria,

examples of which include:

o Frequency of fatalities;

o Frequency of fires;

o Required number of independent protection layers (IPLs); and

o Maximum frequency for specific categories of consequences based on

severity measures, such as release size and characteristics or value of lost

production.

• And a specified procedure for determining whether the risk associated with a

scenario meets the risk tolerance criteria for an organization, and if it does not,

how this is resolved and documented.


17

When to Use LOPA


LOPA can effectively be used at any point in the life cycle of a process or facility but is

most frequently used during:

• The design stage when the process flow diagrams and the piping and

instrumentation diagrams (P & IDs) are usually complete; and

• The operations and maintenance stage, when modifications are going to be

made to an existing process or its control or safety systems.


18

Situations Requiring LOPA


LOPA is typically applied after a qualitative hazard evaluation, such as a process hazard

analysis (PHA).

LOPA can be applied when the hazard evaluation team or others believe a scenario is

too complex for the team to make a reasonable risk judgment. That is, the

consequences are perceived to be too severe to rely solely on qualitative risk judgment.

LOPA can be used any time when more than qualitative judgment of risk is required, but

companies often establish consequence severity or risk-based criteria for when PHA-

generated scenarios must be taken to LOPA.


19

Example “Onion Skin” Diagram


The layers of protection analyzed in LOPA can be represented by an example onion skin

diagram shown here.

After the process is designed to minimize risk, the residual risk can be managed using

the IPLs identified in a LOPA.


20

Inherently Safer Design Approaches and LOPA


Inherently safer design approaches to process safety are used to eliminate or minimize a

hazard. This reduces the need for layers of protection that would otherwise be required

to manage the risk of a process.

Inherently safer design reviews should be done prior to LOPA so that the number of

likely scenarios can be reduced. LOPA can also be used to identify where inherently

safer approaches would be useful.


21

SECTION 2: The LOPA Process

Narration:

[No narration]


22

Management Systems to Support LOPA


In this section, we will discuss various concepts important to the understanding of the

LOPA process. Then in Section 3, we will list the steps involved in conducting a LOPA and

look at an example.

The LOPA process is just a part of an overall process safety and risk management

program. An effective process safety management system includes twenty key elements

as shown in the CCPS Risk Based Process Safety model. For the purposes of this LOPA

course, the orange “Hazard Identification and Risk Analysis” column on the “Understand

Hazards and Risk” foundational block is where a LOPA is used.

Keep in mind that the success of your LOPA effort hinges on effective implementation of

many of the blue “Manage Risk” pillar elements, as well. In particular, equipment

reliability is sustained in the “Asset Integrity and Reliability” element and human

performance is managed in both the “Operating Procedures” and “Training and

Performance Assurance” elements.


23

Management systems supporting LOPA are beyond the scope of this course. You can

learn more by referring to the CCPS book: Guidelines for Risk Based Process Safety for a

detailed discussion of management systems. These systems are also discussed in other

SAChE courses.


24

Scenario Development


As we begin to discuss the LOPA process, it is important to remember that LOPA is not a

technique for identifying scenarios. LOPA is a simplified method to estimate the risk

associated with a previously identified scenario and to ensure that there are sufficient

IPLs in place to manage the risk.

There are several means of identifying scenarios for LOPA. They include commonly used

methods such as:

• Process Hazards Analyses (PHAs), using PHA methods such as:

o Hazard and Operability Studies (HAZOPs);

o What-if or Checklist Analysis; and

o Failure Modes and Effect Analysis (FMEA);

• Plant operational experience;


25

• Review of past plant and industry incident and near miss data; and

• Management of Change (MOC) reviews.

These techniques will not be explained here; they are discussed in detail in other SAChE

courses and the CCPS book: Guidelines for Hazard Evaluation Procedures.


26

Scenario Selection


As stated before, the goal of a LOPA is to focus on scenarios with greatest risk.

Companies may establish criteria such as consequence severity or the risk-level

assessment of the PHA team for the selection of scenarios to be evaluated using LOPA.

During a HAZOP, there may be hundreds of process deviations which can be used to

develop hundreds of scenarios. Even using selection criteria, a large number of LOPA

scenarios may be indicated. One approach to reduce the number of scenarios for LOPA

is to analyze the scenarios for one operation, usually the one presenting the highest risk,

and then apply applicable IPLs to similar operations within the scope of the study.

For example, scenarios considered for the storage tank with the greatest risk can be

assessed and the protection layers needed can be applied to the other, lower-risk,

storage tanks. This can result in a conservative approach for the application of

protection layers.


27

Preventive and Mitigative Safeguards


Once we have selected a scenario, we must identify the layers of protection that can be

considered in the LOPA calculations. We will discuss the difference between a safeguard

and an IPL in detail in Unit 2 of this course. For now, let’s discuss protection layers in

general. As mentioned earlier, some safeguards prevent the consequence from

occurring (which may be referred to as “preventive safeguards”) and some safeguards

are used to reduce the consequence severity (“mitigative safeguards”).

• A high-level switch that shuts a valve to prevent a tank from overflowing is a

preventive safeguard.

• A dike that minimizes the environmental impact of a spill is a mitigative

safeguard.


28

Preventive and Mitigative Safeguards (continued)


When describing how process safety risk is evaluated, remember that:

• A consequence is the undesirable result of a loss event, usually measured in

health and safety effects, environmental impacts, loss of property, and business

interruption costs…

…and that…

• A “consequence of concern” can include toxic releases, fires, explosions, and

runaway reactions.

A preventive or mitigative safeguard may effectively prevent one specific consequence

of concern while contributing to a different but significant consequence.


29

Preventive and Mitigative Safeguards (continued)


For example, a relief device activation might prevent a tank from overpressure but

result in a release of a hazardous material. Since not all safeguards apply to all scenarios,

both scenarios – tank overpressure and relief valve lifting – must be evaluated with

separate LOPA calculations to ensure that there are sufficient IPLs to adequately

manage the risk associated with both scenarios.


30

Overview of Frequency


A scenario begins with a deviation from normal operation, such as an equipment failure

or a human error. This deviation is called the “initiating event,” or IE. To estimate the

likelihood that a consequence of concern will occur, we must consider the frequency

with which the IE will occur and the probability that the sequence will be halted by one

of the layers of protection.

Terms related to LOPA frequency calculations include:

• Initiating Event Frequency (IEF); this is how often the IE is expected to occur. In

LOPA, the IEF is typically expressed in terms of occurrences per year.

• Probability of Failure on Demand (PFD) is the likelihood that a system will fail to

perform a specific function when needed. In LOPA, the PFD is typically expressed

as a decimal value between 0.001 and 1.0. It is a dimensionless number.


31

Overview of Frequency (continued)


It is important to always distinguish between frequencies and probabilities. To calculate

a scenario frequency, you must start with a single event frequency and multiply it by

appropriate probabilities, as shown.


32

Overview of Frequency (continued)


To better understand the frequency calculation, it can be useful to think of the IPLs

applied as filters. They remove a portion of the probability of the undesired

consequence occurring. The undesired consequence of concern occurs at an overall

frequency reduced by each IPL.


33

Level of Analysis for Each Scenario


IEs for each scenario can be defined at several levels of detail. For example, you may

consider the failure of a control loop (such as a flow control system), an element of the

system (such as a valve), or a component of an element (such as a valve seat). The

analysis level needed is generally limited to what is necessary to understand the

required effectiveness of the IPLs and the level of independence that exists between the

IE and the IPLs.

You will learn more about this “independence” in Unit 2.


34

Level of Analysis for Each Scenario (continued)


For example, consider a loss event initiated by the failure of a pressure control loop that

allows the process pressure to exceed the vessel maximum allowable working pressure

(MAWP) with the potential for vessel rupture due to an internal overpressure.

The pressure control loop malfunctions due to the failure of the control system. The

specific potential causes of the system failure are numerous (for example, failure of

components, loss of utilities, human error, failure of support systems, failure of

interfaces, errors of commission and omission, and so on).

The cause of concern that should be analyzed should be based on the causes of interest

to the company. For example, if loss of utilities is a major concern of the company, loss

of specific utilities (air, water, or power) should be analyzed in separate LOPAs.


35

Level of Analysis for Each Scenario (continued)


Some of the terms shown here are used when describing component failures associated

with instrumented protective systems. These terms will be used later in this unit as you

learn how to apply a LOPA to an example scenario.

Click the buttons for a definition of each.


36

SIF (Slide Layer)

[When “Safety Instrumented Function (SIF)” is clicked…]

A Safety Instrumented Function, or SIF, is a system composed of servers, logic solvers,

and final control elements for the purpose of taking the process to a safe state when

predetermined conditions are violated.


37

SIL (Slide Layer)

[When “Safety Integrity Level (SIL)” is clicked…]

A Safety Integrity Level (SIL) is a discrete level (one to four) allocated to the SIF for

specifying the safety integrity requirements to be achieved by the SIS (see “Safety

Instrumented System”), where an SIL 4 rating is the highest integrity and an SIL 1 rating

is the lowest.


38

SIS (Slide Layer)

[When “Safety Instrumented System (SIS)” is clicked…]

A Safety Instrumented System (SIS) is a separate and independent combination of

sensors, logic solvers, final elements, and support systems that are designed and

managed to achieve a specified Safety Integrity Level (SIL). An SIS may implement one or

more Safety Instrumented Functions (SIFs).

Refer to the CCPS books: Safe Automation of Chemical Process and Guidelines for Safe

and Reliable Instrumented Protective Systems for more information on these topics.


39

Equipment Life Cycles and Failure Rates


Equipment failure rate data is frequently used in estimating IEFs and PFDs. It is

important to manage equipment reliability and integrity to ensure that the data used

are relevant.

A generic “bath tub” curve can be used to illustrate three distinct regions in the life cycle

of some equipment. There is a “break-in” region (Region 1), a useful life region (Region

2), and an end-of-life region (Region 3). Not all equipment follows this exact course, but

this curve is typical.

When using equipment failure rate data, it is generally assumed that there is an

effective Risk Based Process Safety (RBPS) asset integrity program in place to maximize

the time the equipment spends in Region 2, its useful life. During this time, the

equipment has a defined and established constant failure rate value that can be used in

the LOPA.


40

Initiating Event Frequencies (IEFs) – Human Factor Considerations


Managing human performance is important to prevent errors that can initiate LOPA

scenarios and adversely impact the reliability of the safeguards. Human error depends

on many factors that should be considered during the selection of IEF and IPL PFD values.

These factors include:

• Procedure accuracy and procedure clarity;

• Training, knowledge and skills;

• Fitness for duty;

• Workload management;

• Communications;

• Work environment;

• Human-machine interface; and

• Job complexity.


41

Initiating Event Frequencies (IEFs) – Failure and Error Rate Sources


Failure rate data can be based on expert opinion at one end of the spectrum to carefully

collected plant data at the other end. Human error and equipment reliability data can

be obtained from many sources with a wide range of quality. Most equipment failure

rate data that exist are specific to component failure rates.

Data sources can be categorized as:

• Expert judgment: this is data based on the opinion of experts.

• Generic: this is publicly available data that have been aggregated from similar

systems or situations.

• Predicted: this is the application of basic failure rate data for the elemental

components to determine the failure rate of the aggregate system or the error

rate of a specific task.


42

• And site-specific: these are the ideal data for the analysis and are specific to the

plant and the application being analyzed.

Sources of data and their limitations are listed and discussed further in Guidelines for

Initiating Events and Independent Protection Layers in Layer of Protection Analysis.


43

Overview of Consequence Severity


When determining the risk, both the frequency and consequence must be determined.

We have discussed briefly some of the ways the frequency can be determined in a LOPA.

Next, we will provide a brief overview of how the severity of a consequence is

determined and how it will be used in a LOPA.

On the slides that follow, we will briefly discuss the evaluation of consequence severity.

Detailed coverage of consequence evaluation can be found in the CCPS books: Layer of

Protection Analysis, Simplified Risk Assessment and Guidelines for Initiating Events and

Independent Protection Layers in Layer of Protection Analysis. Detailed consequence

evaluation methods can be found in Guidelines for Consequence Analysis of Chemical

Releases.


44

Evaluation of Consequence Severity


In LOPA, a consequence of concern (impact) is the ultimate outcome of a LOPA scenario

assuming failure of all the IPLs in the scenario being evaluated. You must evaluate the

consequence of concern or impact assuming there are no IPLs, or if existing, the IPLs do

not work.

The consequences of concern or impacts that might be of interest to an organization

include a toxic release that results in injury or fatality, a fire or explosion that results in

injury, property damage or business loss, or a spill that results in environmental damage.

The worst credible consequence (impact) is generally assessed, and scenarios are

selected based on the individual organization’s protocol for selecting scenarios.


45

Evaluation of Consequence Severity (continued)


There are two basic approaches to estimating the consequence severity. The first

approach shown here is to classify the release into a consequence category, based on

factors such as the amount of material released and its chemical and physical properties.

Use the scroll bar to view all of the examples.


46

Evaluation of Consequence Severity (continued)


The second approach is to define the consequence severity in terms of impact, such as

the number of fatalities, level of environmental impact, equipment damage or loss of

production.

Again, use the scroll bar to view all of the examples.


47

Inherently Safer Design and Consequence Severity


As discussed earlier, inherently safer design practices can eliminate scenarios or reduce

their consequence severity. Examples of process modifications that can reduce

consequence severity include:

• Minimizing the chemical inventory in process equipment;

• Moderating the conditions in a process;

• Substituting a less hazardous material that can reduce the consequences of a

release;

• Limiting the quantity of a reagent present in a reactor by gradually feeding the

material, rather than adding it in one charge, can reduce the potential for an

uncontrolled chemical reaction; and


48

• Reducing the impact of a fire or explosion on multiple receptors by using proper

equipment spacing and facility siting.

Refer to the SAChE course and the CCPS book: Inherently Safer Chemical Process, A Life

Cycle Approach for more information.


49

Summary of the LOPA Process


In the next section, we’ll explore an example LOPA, but before moving on, let’s

summarize the key points we have discussed about the LOPA process:

• The LOPA process is a part of an overall process safety and risk management

program;

• LOPA is a structured, semi-quantitative method that can be used as part of a risk

assessment;

• LOPA is not a hazard identification method;

• LOPA is most frequently used during the design and operations stages in the

process life cycle; and

• Risk is a function of both likelihood and the potential consequence severity.


50

SECTION 3: Example LOPA

Narration:

[No narration]


51

Example LOPA


In this section, we’ll walk through an example LOPA so that you have a basic

understanding of how the analysis is conducted.


52

The LOPA Process


The basic LOPA process is as follows:

1. Identify the consequences from a hazard identification process, such as a process

hazards analysis, to help screen scenarios for LOPA;

2. Select the incident scenario (cause-consequence pair);

3. Identify the Initiating Event Frequency (IEF) and the applicable Independent

Protection Layers (IPLs) and estimate the Probability of Failure on Demand (PFD)

of each IPL;

4. Calculate the scenario frequency; and

5. Evaluate the risk to reach a decision concerning the scenario.


53

STEP 1: Identify the Consequences


The first step in the LOPA process is to identify the consequences from the hazard

identification process, generally a process hazards analysis. For our example, assume

that a HAZOP has been done on the proposed design of the reactor system of a polymer

plant. Several consequences have been identified from this process hazards analysis.


54

STEP 2: Select the Incident Scenario (Cause-Consequence Pair)


In Step 2, an incident scenario (cause-consequence pair) is selected from the previously

identified scenarios. For our example, the scenario of interest involves the following:

• Cause (that is, the initiating event): The cooing water pump to the polymer

reactor fails during the step where monomer is added to the reactor.

• Consequence: High temperature resulting in a runaway reaction with elevated

pressure and ultimate failure of the reactor vessel due to vessel overpressure.


55

STEP 3: Identify Applicable IPLs and Estimate PFD of Each IPL


Step 3 is to identify the applicable Independent Protection Layers (IPLs) and estimate

the Probability of Failure on Demand (PFD) of each IPL. As was mentioned earlier, not all

safeguards are IPLs; you will learn more about what makes a safeguard an IPL in Unit 2.

The following Independent Protection Layers have been identified as applicable and

have been proposed for the reactor design:

• IPL 1: Automatic detection of low cooling water flow that would turn on the

spare water pump during the monomer addition step (assume this is part of an

SIS, with an SIL 1 performance);

• IPL 2: Automatic shut off of the monomer feed flow if high temperature is

detected during the monomer addition step (assume this is part of an SIS, with

an SIL 2 performance);


56

• IPL 3: Spring-operated pressure relief valve designed for the worst case runaway

reaction scenario; and

• IPL 4: Automatic emergency venting of the reactor to a collection vessel if high

pressure is attained during the monomer addition step (assume this is part of an

SIS, with an SIL 3 performance).


57

STEP 3: Identify Applicable IPLs and Estimate PFD of Each IPL (continued)


Continuing with Step 3, we need to estimate the IEF and the PFD for each IPL. To assist

us with this, we’ll use data from the CCPS book: Guidelines for Initiating Events and

Independent Protection Layers in Layer of Protection Analysis.

• In Data Table 4.9: Pump, compressor, fan, or blower failure is 0.1 events/year.

• In Data Table 5.15: Spring operated pressure relief valve failure is 0.01 for failure

to open enough at set pressure (100% of rating).

• In Data Table 5.14: A Safety Instrumented System (SIS) loop has the following

PFD values for three Safety Integrity Levels:

o SIL 1: 0.1;

o SIL 2: 0.01; and

o SIL 3: 0.001.


58

Problem Statement


For this example, we’ll consider this problem…

The design team would like to install IPL 1, IPL 2, and IPL 3 at this time, delaying the

installation of IPL 4 until a later date.

If the company has determined that the tolerable risk of the reactor exploding is less

than 0.0000001 (1 x 10-7

) events per year, is the proposed design with only the three

IPLs adequate?

If not (that is, if the risk does not meet the tolerable risk criteria), what additional design

features could be added?


59

IPLs Filter Scenario Risk


As we continue with this process, it’s important to remember that each IPL acts like a

filter removing part of the overall scenario risk.


60

STEP 4: Calculate Scenario Frequency


Step 4 in the LOPA process is calculation of the scenario’s frequency. Using the initiating

event frequency and PFDs for each IPL gathered in Step 3, the frequency is 1 x 10-6

events per year for our example.


61

LOPA Event Tree Model


LOPA can be thought of as an event tree with each IPL reducing a portion of the

probability of catastrophic consequences. If the IPL is successful, move up; if not, move

down.


62

STEP 5: Evaluate Risk


The last step in the LOPA process is to decide whether the risk is tolerable with this

scenario and its IPLs.

In our example, the calculated risk is 0.000001 (1 x 10-6

) events per year. This is above

the company’s risk tolerance criteria of 0.0000001 (1 x 10-7

) events per year. Therefore,

the proposed design is not adequate since the risk is not tolerable.

Because the design does not meet the company’s risk tolerance criteria, a more detailed

quantitative risk assessment may be appropriate. Additional IPLs could be added (for

example, IPL 4, which was initially not considered).

Alternately, the proposed IPLs could be made more reliable by designing to higher

Safety Integrity Levels (SILs). Any combination of IPLs that reduce the risk below

0.0000001 (1 x 10-7

) is acceptable.


63

Calculate Scenario Frequency – Different Design


Now suppose the design team decides on using IPL 3 and IPL 4 as safeguards. In this

case, the event frequency happens to be the same as the previous design: 0.000001 (1 x

10-6

) events per year.


64

Unit 1 Summary


We’ve reached the end of the first unit in the Risk Review Using LOPA (Layer of

Protection Analysis) course. Having completed this first unit, titled “The LOPA Process,”

you should now be able to:

• Describe when in the life cycle of a chemical process LOPA can be used and in

what situations LOPA can be helpful; and

• Describe the LOPA process and the common elements of a LOPA.

In Unit 2, you will learn about the core attributes of Independent Protection Layers. But

first, please take the quiz for Unit 1 beginning on the next slide.

ELA980 Unit 1 - The LOPA Process

Documents

Transcript of ELA980 Unit 1 - The LOPA Process