SAChE® Certificate Program Level 1, Course 3: Identifying ... · In Unit 1, you learned how...
Transcript of SAChE® Certificate Program Level 1, Course 3: Identifying ... · In Unit 1, you learned how...
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
1
SAChE® Certificate Program
Level 1, Course 3: Identifying and Minimizing Process Safety Hazards
Unit 2 – Identification of Hazards and Risks
Narration:
[None]
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
2
Objectives
Narration (male voice):
Identification of Hazards and Risks is the second unit in the Identifying and Minimizing Process
Safety Hazards course. By the end of this unit you will be able to:
• Define ‘hazard,’ ‘consequence,’ and ‘risk;’
• List examples of qualitative and quantitative hazard identification methods; and
• Identify the major differences between Hazard and Operability Analysis (or HAZOP),
What-If, Fault Tree, and Layer of Protection Analysis (or LOPA).
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
3
SECTION 1: Definitions
Narration:
[None]
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
4
Case Study
Narration (male voice):
This vessel, part of a processing plant, normally operated at a temperature of 150°F. It received
feed from two upstream units.
One day, one of the units malfunctioned, sending very cold feed to the vessel. This wasn't
immediately a problem because the cold feed mixed with warm feed from the other unit.
Later, however, the other unit experienced an unrelated failure and it too malfunctioned. The
sudden in-flow of only cold material shocked the vessel severely and it fractured from low
temperature embrittlement. Escaping gas ignited and an explosion destroyed much of the
facility.
A process hazards analysis, or PHA, might have prevented this incident. First, by the likelihood of
two units being simultaneously upset, and then by identifying the consequences of that event.
Steps could have been taken to prevent the incident in the first place. For example, suitable
alarms and shutdown procedures could have been established to protect the vessel.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
5
The Identification of Hazards and Risks
Narration (male voice):
In Unit 1, you learned how inherently safer design can remove many potential hazards early in
the development of a process. This doesn’t mean that all hazards have been eliminated,
however. There will be some hazard and risk remaining after inherently safer design is employed,
and even after all practical safeguards are applied.
There’s also the possibility that the design team simply overlooked some potential hazards. This
is often referred to as “residual risk.”
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
6
Process Safety Management
Narration (male voice):
Process Safety Management employs techniques to identify hazards and assess risks. Recall
from the Introduction to Process Safety course that these techniques belong to the foundational
block known as “Understand Hazards and Risks.”
In this unit, we’ll focus on “Hazard Identification and Risk Analysis,” commonly abbreviated as
HIRA. Let’s start by clarifying what we mean by hazard and risk.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
7
What is a Hazard?
Narration (male voice):
A hazard is the chemical or physical condition that has the potential for causing harm to people,
property or the environment.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
8
Part 2
Narration (female voice):
Using the notepaper on the screen, type some examples of industrial hazards. (This is just a
brainstorming exercise; your list will not be evaluated or scored.)
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
9
Examples of Hazards
Narration (female voice):
On the left are examples of industrial hazards that you jotted down on the notepaper on the
previous slide. On the right are some we came up with. Do you see any on the right that are on
your list as well?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
10
What is a Consequence?
Narration (male voice):
A consequence is a measure of some adverse effect from an incident. In other words, how bad is
it?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
11
Part 2
Narration (female voice):
As before, use the notepaper on the screen to type some examples of consequences of
industrial incidents.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
12
Examples of Consequences
Narration (male voice):
On the left are the examples of consequences of industrial incidents that you jotted down on
the notepaper on the previous slide. On the right are some we came up with. Do you see any on
the right that are on your list as well?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
13
What is Risk?
Narration (male voice):
Risk is the combination of what can go wrong, how bad it could be, and how often it might
happen.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
14
Determining Risk
Narration (male voice):
We can think of risk as the combination of frequency (F) and consequence (C), often expressed
as F times C.
For example, the risk of a one million dollar event that has a frequency of once every thousand
years is $1,000/year.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
15
HIRA Study
Narration (male voice):
A hazard identification and risk assessment, or HIRA, study is targeted towards determining:
• What can go wrong? (The hazard.)
• How bad could it be? (The consequence.)
• And how often might it happen? (The likelihood.)
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
16
Hazard Identification Tools
Narration (male voice):
Hazard identification tools should provide a thorough, orderly, systematic approach to identify,
evaluate, and control the hazards of processes involving highly hazardous chemicals. These
approaches can be qualitative and/or quantitative.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
17
Common Methodologies
Narration (female voice):
Shown here are some common methodologies. We’ll explore each of these later in this unit.
Based on the definitions of ‘hazard’ and ‘risk,’ which category of methodologies – qualitative or
quantitative – do you expect will focus more on identifying hazards? Make a selection.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
18
After selection (Slide Layer)
Narration (female voice):
The qualitative methods are generally considered to be hazard identification techniques.
In the next section of this unit, we’ll outline and compare the Hazard and Operability (or HAZOP)
Analysis and What-If methodologies. These are the most commonly used hazard identification
techniques in the chemical process industries.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
19
SECTION 2: Qualitative Hazard Identification Methods
Narration:
[None]
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
20
Qualitative Methods
Narration (male voice):
Hazard and Operability Analysis is a structured, systematic technique used to identify potential
hazards and operational problems caused by deviations from the process design intent. For each
unit in a process, a set of guide words and parameters are systematically applied to attempt to
outline all possible deviations from normal operation.
HAZOP is typically applied during detailed operation and during ongoing routine operations.
Later in this course, we’ll compare various HAZOP techniques relative to where they’re most
appropriately applied.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
21
Significant Elements of HAZOP
Narration (male voice):
Here are some significant elements of HAZOP:
• The analysis is conducted by a multi-disciplinary team;
• The analysis breaks up a process into discrete nodes (such as a line between vessels);
• The analysis uses ‘guide words’ (such as “no,” “more,” “less,” or “other than”) to
identify deviations;
• The analysis uses parameters (such as flow, level, temperature, or composition) to
accompany guide words;
• HAZOP determines consequences;
• HAZOP assesses safeguards; and
• HAZOP determines follow-up action.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
22
HAZOP Resource Requirements
Narration (female voice):
In order to conduct an effective HAZOP, a variety of resources are required. Roll your mouse
pointer over each arrow button to explore these resources.
[When first arrow is moused over…]
Detailed process information, including operating procedures.
[When second arrow is moused over…]
Accurate, up-to-date piping and instrumentation diagrams (P&IDs).
[When third arrow is moused over…]
Team member expertise and knowledge of the process, instrumentation, operation, and
maintenance.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
23
[When fourth arrow is moused over…]
A trained and experienced team leader or facilitator.
[When fifth arrow is moused over…]
Five to seven people for a large, complex process (it’s not unusual to rotate members in and out
of the team).
[When sixth arrow is moused over…]
An effective action assignment, follow-up and tracking system.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
24
HAZOP Ingredients
Narration (male voice):
This diagram illustrates the ingredients of a proper HAZOP.
• On the left, notice that seven key factors go into the HAZOP team exercise.
• Documentation about the process is examined.
• For each unit in the process, guide words and parameters are applied to attempt to outline all
possible deviations from normal operation.
• Recommended actions are implemented and follow-up is performed.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
25
HAZOP Methodology – Typical Time Requirements
Narration (male voice):
HAZOP analysis requires a considerable amount of time and effort from a complete team of
experts as shown in this chart.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
26
HAZOP Study – Sample Page
Narration (male voice):
Here is a sample page from a HAZOP study. Let’s examine this to better understand what the
HAZOP team has done:
• Notice in the second column that the team uncovered a potential hazard; that is, a
deviation.
• In the third and fourth columns they have determined possible causes of and
consequences if this hazard is able to progress unchecked.
• From their knowledge of the operation, they’ve determined what safeguards are in
place - and whether they’re sufficient - in the fifth column.
• And, finally, in the sixth column they’ve determined some additional safeguards or
actions that will be needed to effectively handle this risk.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
27
What-If Analysis
Narration (male voice):
What-If Analysis is a free-form, brainstorming technique in which participants ask a series of
targeted, “what-if” type questions appropriate to a section of, or procedural step in, the process.
The answers to these questions can uncover hazards or other undesired events.
The “What-If” method can be used for existing plants, during the process development stage, or
at pre-startup stage. A very common usage is to examine proposed changes to an existing plant.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
28
Significant Elements of What-If
Narration (male voice):
Here are some significant elements of What-If:
• The analysis is conducted by a multi-disciplinary team;
• The analysis is not as structured as many of the other common techniques;
• The analysis is more streamlined than HAZOP;
• The technique is powerful if participants are experienced (more so than for HAZOP;
otherwise, this is an incomplete exercise);
• The analysis determines follow-up action;
• The logistics of reporting, documenting, and action tracking should look similar to other
techniques; and
• The exercise can be pre-populated with seeding questions.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
29
Example What-If Questions
Narration (male voice):
Here are a few example What-If questions:
• What if… the wrong material is delivered?
• What if… Pump A stops running during startup?\
• What if… the operator opens Valve B instead of A?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
30
Identify Solutions to What-If Questions
Narration (male voice):
The Center for Chemical Process Safety (or CCPS) has developed several examples to show how
solutions to What-If questions might be proposed by the team conducting the analysis.
The question might be:
“What if the raw material is the wrong concentration?”
The team would then attempt to determine how the process would respond; for example:
“If the concentration of the acid were doubled, the reaction couldn’t be controlled, and
a rapid exotherm would result.”
In this case, the team might recommend installing an emergency shutdown system. In addition,
or as an alternative, the team might recommend taking special precautions when loading the
raw material.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
31
Continuous Process Example for “What-If” Technique
Narration (female voice):
Study this continuous process illustration prepared as an example developed by CCPS. Use the
notepaper to enter some What-If questions that come to mind. Then click ‘Submit.’
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
32
Continuous Process Example for “What-If” Technique (cont.)
Narration (female voice):
The example process illustration from the previous slide is shown again here. On the left are the
What-If questions you entered. We’ll add some additional questions on the right side of the
slide.
• What if the wrong product is delivered instead of phosphoric acid?
• What if the phosphoric acid is at the wrong concentration?
• What if the phosphoric acid is contaminated?
• What if Valve A is closed or plugged?
• What if the proportion of ammonia is too high when supplied to the reactor?
• What if vessel agitation stops?
• What if Valve C is closed?
Compare your What-If questions to those on the right. Are they similar?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
33
What-If vs. HAZOP
Narration (male voice):
How does the What-If approach differ from a HAZOP analysis?
One of the first things you may have noticed is that a What-If analysis can progress more quickly
than a HAZOP. This is because the questions are more targeted.
An experienced practitioner can develop effective questions - even taking from areas that
generated issues where a HAZOP had been previously performed. A very competent team can
continue from there with new questions that follow from the team’s brainstorming.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
34
What-If/Checklist Analysis
Narration (male voice):
A third type of qualitative method to identify hazards is the What-If/Checklist Analysis. This is
similar to “What-If” but with more structure. It’s combined with a checklist to guide the line of
questioning to be very pertinent to the process while still maintaining the creativity of What-If.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
35
What-If/Checklist Analysis (continued)
Narration (male voice):
For example, here are some questions centered around an exothermic reactor vessel that could
be used as part of a What-if/Checklist Analysis:
• What if the coolant supply pump fails?
• What if the coolant supply valve fails in the closed position?
• What if the cooling jacket leaks?
• What if the vessel temperature sensor fails or becomes badly inaccurate?\
• What if the vessel agitator fails?
• What if the wrong catalyst is added?
• What if the vessel vapor space becomes flammable?
• What if the rupture disc fails prematurely?
• What if the vessel overhead pressure control system malfunctions?
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
36
1.36 Qualitative Methods Summary
Narration (male voice):
In this section we have explored three qualitative methods:
• HAZOP;
• What-If; and
• What-If/Checklist.
Remember that these are qualitative methods focused on hazard identification.
We’re going to look at quantitative methods next. But first, check your knowledge by answering
the question on the next slide.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
37
SECTION 3: Quantitative Hazard Identification Methods
Narration:
[None]
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
38
Quantitative Methods
Narration (male voice):
Quantitative methods are used to evaluate the aspect of frequency or probability of the hazard
progressing to an adverse event.
There are several quantitative methods available. In this section of Unit 2, we’re going to look at
two of them:
• Fault Tree Analysis (FTA); and
• Layer of Protection Analysis, or LOPA.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
39
Fault Tree Analysis
Narration (male voice):
Fault Tree Analysis is a technique which utilizes logic diagrams that graphically analyze the
combinations of failures that can lead to a specific catastrophic event or other “consequence of
interest.”
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
40
Significant Elements of Fault Tree Analysis
Narration (male voice):
Here are the significant elements of Fault Tree Analysis:
• It focuses on one particular incident or failure at a time (referred to as the ‘top event’)
and backtracks through all the events leading to that failure to determine the potential
causes;
• The frequency of the top event can be quantified by assigning failure rates, repair times,
and probabilities to basic causes;
• The method uses standard symbols to display the combinations of failures and failure
pathways; and
• Fault Tree Analysis is the technique often employed in situations where another
exercise (such as HAZOP) has highlighted a significant consequence of interest and more
detailed analysis is needed.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
41
Standard Symbols
Narration (female voice):
Shown here are standard symbols used to display the combinations of failures and failure
pathways. Click each symbol if you would like to learn what it represents. Your ability to use
these symbols, however, is beyond the scope of this course so you will not need to know their
meaning on the end-of-unit quiz.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
42
OR Gate (Slide Layer)
[Non-narrated text that appears when ‘OR Gate’ symbol is selected…]
OR Gate: The output occurs if one or more of the inputs to the gate exists.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
43
AND Gate (Slide Layer)
[Non-narrated text that appears when ‘AND Gate’ symbol is selected…]
AND Gate: The output occurs if all of the inputs to the gate exist simultaneously.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
44
BASIC EVENT (Slide Layer)
[Non-narrated text that appears when ‘BASIC EVENT’ symbol is selected…]
BASIC EVENT: Represents a basic fault that requires no further development into more basic events.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
45
INTERMEDIATE EVENT (Slide Layer)
[Non-narrated text that appears when ‘INTERMEDIATE EVENT’ symbol is selected…]
INTERMEDIATE EVENT: The rectangle is often used to present descriptions of events that occur
because of one or more other fault events.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
46
HOUSE EVENT (Slide Layer)
[Non-narrated text that appears when ‘HOUSEEVENT’ symbol is selected…]
HOUSE EVENT: Represents a condition that is assumed to exist as a boundary condition (probability
of occurrence = 1).
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
47
UNDERDEVELOPED EVENT (Slide Layer)
[Non-narrated text that appears when ‘UNDERDEVELOPED EVENT’ symbol is selected…]
UNDERDEVELOPED EVENT: Represents a fault event that is not examined further because
information is unavailable, its consequences are insignificant, or because a system boundary has
been reached.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
48
TRANSFER SYMBOLS (Slide Layer)
[Non-narrated text that appears when ‘TRANSFER SYMBOLS’ is selected…]
TRANSFER SYMBOLS: The transfer ‘In’ symbol indicates that the fault tree is developed further at the
occurrence of the corresponding transfer ‘Out’ symbol. The symbols are labeled to ensure they can
be differentiated.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
49
Example Section of a Fault Tree
Narration (male voice):
Take a few minutes to examine this example section of a Fault Tree. Click ‘Next’ when you’re
ready to continue.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
50
Quantitative Methods – What is Required?
Narration (male voice):
Fault Tree and other quantitative methods tend to require more data and more expertise and
are generally used for situations where their value is optimized.
Next, we’ll look at another quantitative method: Layer of Protection Analysis.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
51
Layer of Protection Analysis (LOPA)
Narration (male voice):
Layer of Protection Analysis (or LOPA) is a simplified form of quantitative risk analysis. It uses
order of magnitude categories for initiating cause frequency, consequence severity, and
protection failures to analyze and assess the risk of one or more scenarios.
LOPA is often considered to be a “semi-quantitative” method.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
52
Significant Elements of LOPA
Narration (male voice):
Here are some significant elements of LOPA:
• The method is more quantitative than HAZOP;
• However, it is less quantitative than Fault Tree Analysis;
• LOPA focuses on one scenario at a time; and
• It’s another tool for evaluating risk.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
53
When to Use LOPA
Narration (male voice):
LOPA is typically used after a qualitative process hazard analysis (or PHA) when:
• The consequence is judged to be too severe for solely making a qualitative judgment; or
• When the scenario is judged to be too complex for solely making a qualitative judgment.
LOPA is also used as a screening tool prior to more rigorous qualitative risk assessment (or QRA)
to:
• Resolve options for audit action items; and
• Resolve options for consequence analysis follow-up.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
54
Typical LOPA Process
Narration (female voice):
Explore the typical LOPA process by clicking the numbered dots. After exploring all six steps in
the process, advance to the next slide.
[When ‘1’ is clicked…]
Develop a scenario.
[When ‘2’ is clicked…]
Identify initiating events.
[When ‘3’ is clicked…]
Identify a consequence and categorize it by severity.
[When ‘4’ is clicked…]
Identify Independent Protection Layers (or IPLs).
[When ‘5’ is clicked…]
Calculate the risk.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
55
[When ‘6’ is clicked…]
Evaluate the risk.
[After all six numbered dots have been clicked…]
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
56
Example Risk Matrix
Narration (male voice):
The goal of the LOPA exercise is to generate a frequency for your particular event’s consequence
severity. The organization can then set up its own risk matrix to determine how they respond to
the results of the LOPA exercise.
Take a few minutes to study this example risk matrix and then advance to the next slide when
ready.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
57
Evaluating Risk
Narration (male voice):
The safety objective in evaluating risk is to perform only the level of analysis necessary to reach
a confident decision. Be aware, there are several potential vulnerabilities to Quantitative Risk
Assessment:
• Vague scope and objectives;
• Overworking the problem;
• Dictating techniques;
• Inexperienced practitioner or analyst;
• Inappropriate risk characteristics;
• Insufficient resources;
• Over or under conservatism; and
• Unrealistic expectations (such as proposing QRA as proof of safety).
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
58
Method Selection – What to Use
Narration (male voice):
The Center for Chemical Process Safety has published this table suggesting where it’s commonly
appropriate to employ particular hazard identification strategies.
Note that the Checklist method is recommended during conceptual design and the Safety
Review method is recommended during the construction/start-up phase. No specific method
shown is recommended for pilot plant operation but several are commonly used at this stage.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
59
Evaluating Your Hazard Identification Program
Narration (male voice):
You can employ metrics that can act as leading indicators as to how well your hazard
identification program is performing. Here are a few metric examples:
• The number of HAZOP recommendations unresolved by their due date;
• The percentage of repeat recommendations;
• The number of incidents with risk analysis and risk assessment as a root cause; and
• The number of hazard identification and risk analyses that are overdue.
Copyright ©American Institute of Chemical Engineers 2016. All rights reserved.
60
Unit 2 Summary
Narration (male voice):
We’ve reached the end of the second unit in the Identifying and Minimizing Process Safety
Hazards course. Having completed this unit on Identification of Hazards and Risks, you should
now be able to:
• Define hazard, consequence, and risk;
• List examples of qualitative and quantitative hazard identification methods; and
• Identify the major differences between HAZOP, What-If, Fault Tree, and LOPA.
The introduction to the end-of-unit quiz is on the next slide.