45
2. PROCESS HAZARD IDENTIFICATION CH4101 Chemical, Biological & Plant Safety Dr. Foo Swee Cheng
2. PROCESS HAZARD IDENTIFICATION
CH4101 Chemical, Biological & Plant Safety Dr. Foo Swee Cheng
PROCESS HAZARD ANALYSIS (PHA) Safety in Project Lifecycle
• Business risk(concept/ research/ development): Preliminary Hazard Analysis (PrHA)
Identify the hazards and their likely amount in accidents: Siting & layout
Select high consequences processes for further analysis by HAZOP
• Design improvement(Process/Piping & Instrumentation Diagram; P&ID): HAZOP
Identify problems that prevent efficient OPERATION
Identify the consequences of process deviations for recommending safeguards
Prevent the causes of deviations/ mitigate the consequences of deviations
Select high consequence scenarios for further analysis by LOPA/ FTA/ ETA/ BowTie
• Further design improvement needed? Quantify the risk by QRA
Quantify the risk for improving detailed design: LOPA/ FTA/ ETA/ BowTie
• Project: Final design Construction Commission Operation Decommission
CH4101 FooSC
Before PI&D
PRELIMINARY HAZARD ANALYSIS Risk Anticipation: Consequence Modelling
Qualitative/ semi-qualitative Risk Consequence Worst Case/ Credible Worst Case
BASIS: Land Use Planning Site selection/ Plant layout
CH4101 FooSC
PRELIMINARY HAZARD ANALYSIS • Obtain data for PrHA/ plant siting & facilities layout decisions
SDS: Safety Data Sheets
Further testing to provide data not in SDS
• Hazardousness rating: GHS categories
• Consequence rating: Total amount present in an individual unit
• consequence modeling: Define the HAZARD ZONE
Thermal radiation: Pool/ jet fires & BLEVE model
Vapor cloud fires (Flash fires); VCF: Dispersion and fire model
Vapor cloud explosions; VCE: Dispersion and explosion model
Toxic: Dispersion & toxicity model CH4101 FooSC
JET FIRE ISOPLETHS
CH4101 FooSC
PLUME DISPERSION ISOPLETHS
CH4101 FooSC
VAPOR JET DISPERSION ISOPLETHS
CH4101 FooSC
EXPLOSION ISOPLETHS
CH4101 FooSC
HAZARD LEVELS
Hazard Level Definition
Low One lost time injury Multiple recordable injuries Emergency response call-out without injury
Medium
Permanent disabilities within localized section of process or building Lost time injuries or hospitalizations outside of local area
High One or more fatalities Injuries or fatalities within community
CH4101 FooSC
HAZARD ANALYSIS: Acceptance criteria
Risk Acceptance Criteria
Extent of Exposure
Hazard Level
Layers of independent Protection Required
Minor on-site (Use location)
Low (L) Normal Controls
Major On-Site Medium (M)
One layer of independent non-procedural safeguards above normal controls
Major Off-Site High (H)
Two layer of independent non-procedural safeguards above normal controls
CH4101 FooSC
HAZARD ANALYSIS: Acceptance criteria
M
H
L
M H L
Normal Control
One Independent Non-procedural Control
Two Independent Non-procedural Control
Haz
ard
Leve
l
Extent of Exposure CH4101 FooSC
After P&ID
Process Hazard Analysis Risk Quantification: Impact Modelling
BASIS: Process Optimization/ Improvement Engineering/ Maintenance/ Emergency Systems
CH4101 FooSC
High Tank level BPCS: LE1 LCH LCV1 Low Tank level BPCS: LE2 LCL LCV2 High/ Low Tank Pressure BPCS: Vent Overflow Protection: Prevention: LE1LIH MV Mitigation: Vent Dike
IDENTIFY CONTROL LOOPS: GASOLINE TANK • 5 control loops: 3 active & 2 passive
T101
Vent
LE1
LE2
LCV1
Tank Truck
LCH
MV
LIH
NRV1
LCL
To Process LCV2 NRV2
Control Loop:
Detection (LE1) ↓
Decision (LCH) ↓
Action (LCV1)
LCV1: Command failure
LCV1: Primary failure
CH4101 FooSC
CONTROL SYSTEM FAILURE LOGIC • Example: LCV1 LCH LE1 • Final ACTION element: LCV1 LCV1 fails system fails
• Failure modes of LCV1 LCV1 Primary failure: LCV1 failed LCV1 has failed and cannot perform function
LCV1 command failure: LCH or LE1 has failed, LCV1 works LCV1 fails to perform function as LCH failed to command LCV1 to perform function LE1 failed to command LCV1 to perform function
CH4101 FooSC
LVC1 Fails OPEN
LCV1 LCH LE1
Primary failure
Command failure
ENV
Corrosion: High
Humidity
GASOLINE STORAGE TANK: BEFORE HAZOP
T101
Vent
LE1
LE2 LCL
To Process LCV2 NRV2 LCV1
Tank Truck
LCH
MV
LIH
NRV1
CH4101 FooSC
HAZARD IDENTIFICATION: HAZOP REFERENCES
• HAZOP: Guide to best practice, 2nd ed., IChemE, 2008 • Macdonald D, Practical HAZOPs, trips & alarms, Elsevier, 2004 • A Guide to Hazard and Operability Studies, Chemical Industry
safety & health council of the Chemical Industries Association limited, 1979
• CCPS, Guidelines for hazard evaluation procedures, AIChE, 2008
• Ian Day, Hazop [videorecording] : a team in action CoreMedia Training Solutions, 1991
CH4101 FooSC
HAZOP METHODOLOGY • Select a study SECTION or NODE from P&ID • Identify OPERATIONAL PARAMETER relevant eg. Flow; pressure; temperature; concentration
• Select meaningful GUIDEWORDS for the parameter eg. High; low; no; less; more; other than
• Combine PARAMETER & GUIDEWORD to form a meaningful DEVIATIONS eg. High pressure; low temperature; high flow
• Identify possible CAUSES of the deviation • Identify the CONSEQUENCES of the deviation • Evaluate & recommend CONTROL MEASURES for the causes &
consequences
CH4101 FooSC
PROCESS PARAMETERS
CH4101 FooSC
HAZOP GUIDEWORDS
CH4101 FooSC
HAZOP DEVIATION
CH4101 FooSC
HAZOP FLOW CHART
Note Page CH4101 FooSC
21
HAZOP TEAM MEMBERSHIP • Based on technical specialties Process Engineering Operations Maintenance/ Reliability Instrumentation
• Based on individual’s experience/ knowledge in these areas Inspection/ Materials Electrical Safety/ Loss Prevention Environmental Packaged Equipment by vendors
CH4101 FooSC
HAZOP Process Section: Petrol storage tank filling line
Design Intention: Tank T101 to store 6000 m3 of petrol Operation Phase: Tank Filling Petrol: MV, LCV1 OPEN, Pump ON
Guide Word: High Process Parameter: Level
Deviation: HIGH LEVEL Causes: (1) Petrol supply CONTINUE
(2) LCV1fails OPEN: LCV1-->LCH-->LE1
Consequences: (1) Tank overfill HIGH PRESURE RUPTURE (2) Tank T101 OVERFLOW (3) Petrol DISPERSE on ground (4) Vapor cloud FORMATION/ DISPERSION (5) FLASH FIRE/ VC EXPLOSION (6) Pool/tank fire
Safeguards: (1) MV CLOSED: MV-->HULIH-->LE1 (2) VENT: m1
(3) DIKE (Bund): m3 (4) Foam: m4 (5) Sprinke: m6
Actions: (1) High level ALARM: p2; MV-->HULAH-->LE1 (2) Overflow ALARM: m2; MV-->FA (3) FOAM: m4; FOAM-->FA (4) Improve LCV1 reliability: p3
• Develop HAZOP
• Select parameter: LEVEL
• Apply guideword: HIGH
• Deviation: HIGH LEVEL
• Identify
CAUSES
Consequences
(Exiting) Safeguards
• Recommend: Actions (additional safeguards)
CH4101 FooSC
UPDATED GASOLINE STORAGE TANK: AFTER HAZOP
T101
Vent
LE1
LE2 LCL
To Process LCV2 NRV2 LCV1
Tank Truck
LCH
MV
LIH
NRV1
LAH
CH4101 FooSC
RELIABILITY SYSTEMS • Reliability system representation A combination of series and parallel network
• Series network: System reliability < unit reliability Any one unit fails system fails ALL units work system works
• Parallel network: System reliability > unit reliability Redundancy system Any one unit works system works ALL units fail system fails
A B C
X
Z
Y
CH4101 FooSC
A B C
OR gate
X Y Z
AND gate
FAULT TREE OPERATORS • Series: OR gate
The output: at least one of the inputs exists
• Parallel: AND gate
The output: if all the inputs exist
• IF gate or inhibition gate
Output is generated if
Input exists
Condition C verified Limnios N, Fault Trees, ISTE, 2007
C
CH4101 FooSC
DRAW FAULT TREE FROM HAZOP
Process Section: Petrol storage tank filling line Design Intention: Tank T101 to store 6000 m3 of petrol Operation Phase: Tank Filling Petrol: MV, LCV1 OPEN, Pump ON
Guide Word: High Process Parameter: Level
Deviation: HIGH LEVEL Causes: (1) Petrol supply CONTINUE
(2) LCV1 fails OPEN: LCV1-->LCH-->LE1
Consequences: (1) Tank overfill HIGH PRESURE RUPTURE (2) Tank T101 OVERFLOW (3) Petrol DISPERSE on ground (4) Vapor cloud FORMATION/ DISPERSION (5) FLASH FIRE/ VC EXPLOSION (6) Pool/tank fire
Safeguards: (1) MV closed: MV-->HULIH-->LE1 (2) VENT: m1
(3) DIKE (Bund): m3 (4) Foam: m4 (5) Sprinkler: m6
Actions: (1) High level ALARM: p2; MV-->HULAH-->LE1 (2) Overflow ALARM: m2; MV-->FA (3) FOAM: m4; FOAM-->FA (4) Improve LCV1 reliability: p3
• Obtain HAZOP record
• Select TOP EVENT: T101 Overflow
• Identify BPCS: LCV1LCHLE1
• Identify Protection: MVHULILE1
• Identify Mitigation: None
• Draw Fault Tree
CH4101 FooSC
T101 OVERFILL: FAULT TREE BEFORE IMPROVEMENT
Minimal Cut Sets: T = [LCV1+LCH+LE1][MV+HU+LI+LE1] = LE1 + (LCV1 + LCH)(MV + HU + LI) = LE1 + (LCV1)(MV) + (LCH)(MV) + (LCV1)(HU) + (LCH)(HU) + (LCV1)(LIH) + (LCH)(LIH) = LE1 + (LCH + LCV1)(MV) + (LCH + LCV1)(HU) + (LCH + LCV1)(LIH)
Primary failures
T101 OVERFLOW
T101 LEVEL HIGH
LVC1 Fails OPEN
LCV1 LCH LE1
MV LIH LE1
MV CLOSED
HU
Command failures
CH4101 FooSC
T101 OVERFILL: EVENT TREE BEFORE IMPROVEMENT Starting: Tank Level High
CH4101 FooSC
No Overflow
Overflow
LE1 LCH LCV1 LIH HU MV
Y
Y
Y
Y Y
Y
Y Y
Y
N
N N
N N
N N
N N
No Overflow
No Overflow
Overflow
Overflow Overflow
Overflow
Overflow Overflow
High Tank Level
DEVELOP FAULT TREE BY LOGICAL DEDUCTION PROCESS • Top Event: T101 OVERFLOW • Determine the sequence: T101 filling fails to STOP at pre-set level • FILLING: Petrol to T101 ON MV & LCV1 OPEN T101 Level RISING
T101 OVERFLOW (T101 level RISING) MV fails OPEN LCV1 fails OPEN T101 LEVEL reaches pre-set level
• Logic Diagram:
CH4101 FooSC
T101 OVERFLOW
T101 level HIGH
HU MV LE1 LIH
MV Fails OPEN
T101 Filling
LVC1 Fails OPEN
LCV1 LCH LE1
Petrol to T101 ON
MV & LCV1 OPENS
LCV1 fails OPEN
MV fails OPEN
T101 OVERFLOW
&
FILLING TANK T101
BPCS
Protection System
Top Event
CONSEQUENCE OUTCOMES • Depends on plant engineering design/ plant layout/ fire protection
systems/ incident management system; Example: • Consequence Mitigation Hazardousness control measures: e.g. dike/bund; overflow
detection; spill removal/ vapor suppression system Ignition control: Electrical hazardous area zoning & equipment
classification Emergency preparedness & Response
• Prevent Escalation (to adjacent facilities) Thermal isolation: Distancing/ fire proofing/ sprinklers/ water
curtains Material Transfer
CH4101 FooSC
Tank 912 overfilled
Stage 1: Vapor cloud close to source or within dike/ bund of source
Water curtains
Northgate Building
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Tank 912 overfilled
Stage 1: Vapor cloud within dike/ bund of source Stage 2: Vapor cloud covers large part of site (e.g. Phillips 66 explosion/fire: Oct 23, 1989 Pasadena, Texas, USA.)
Water curtains
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Tank 912 overfilled
Stage 1: Vapor cloud within dike/ bund of source Stage 2: Vapor cloud covers large part of site Stage 3: Vapor cloud travels offsite site (e.g. Buncefield fuel depot fire, Dec 11, 2005)
Water curtains
STAGES OF CONSEQUENCE DEVELOPMENT
CH4101 FooSC
Northgate Building fire
FIRE AFTER IGNITION
CH4101 FooSC
Tank 912 overfilled
Northgate Building
AFTER FIRE
CH4101 FooSC
Northgate Building
Fuji Building
VCE DAMAGE
CH4101 FooSC
TANK OVERFILL MITIGATION: EVENT TREE BEFORE HAZOP Starting: Tank Overflow
• Immediate: Flammable vapor with dike/bund • Early: Flammable vapor within site • Delay: Flammable vapor extended off-site • Tank filling stopped after detection/ ignition
Y N
T101 OVERFLOW
Early detection
Immediate Ignition
Early Ignition
Y
N Y
N Y
N
Delay detection
Delay Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition, transfer extra fuel in tank
Stop filling/ start fire firefighting
Stop filling/ start firefighting
Y
N
Small Pool/Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/ insignificant event
Large On-/Off-site fire/explosion
Stop filling/ start firefighting
CH4101 FooSC
BOWTIE: CAUSE-CONSEQUENCE DIAGRAM Combining Fault & Event Trees (Before HAZOP)
Y N
T101 OVERFLOW
Early detection
Immediate Ignition
Early Ignition
Y
N Y
N Y
N
Delay detection
Delay Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition, transfer extra ful in tank
Stop filling/ start fire firefighting
Stop filling/ start firefighting
Y
N
Small Pool/Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/ insignificant event
Large On-/Off-site fire/explosion
Stop filling/ start firefighting T101 LEVEL HIGH
LVC1 Fails OPEN
LCV1 LCH LE1
MV LE1 LIH HU
MV CLOSED
CH4101 FooSC
GASOLINE STORAGE TANK After Adding recommendations in HAZOP
T101
Vent
LE1
LE2 LCL
To Process LCV2 NRV2 LCV1
Tank Truck
LCH
MV
LIH
NRV1
LAH LE3
CH4101 FooSC
TANK OVERFILL: BOWTIE (After HAZOP)
Y
N
Stop filling, transfer extra fuel in tank Transfer spilled fuel in dike
Y N
T101
O
VERF
LOW
Early detection
Immediate Ignition
Early Ignition
Y
N Y
N Y
N
Delay detection
Delay Ignition
Y
N
Stop filling/ start firefighting
Stop filling, suppress ignition, transfer extra fuel in tank
Stop filling/ start fire firefighting
Stop filling/ start firefighting
Y
N
Small Pool/One Tank Fire
Small spill control
Large onsite fire/explosion
Large spill control
On-/Off-site fire/explosion
Impossible/ insignificant event
Large On-/Off-site fire/explosion
Stop filling/ start firefighting
Immediate detection
CH4101 FooSC
LEARNING OBJECYIVES
• After the lecture, students should able to
1) Conduct HAZOP studies
2) Construct fault trees, event trees & BowTie diagrams
3) Recommend additional safeguards
4) Decide the adequacy of safeguards
CH4101 FooSC
REFERENCES HAZOP, Fault Tree & System Reliability
• Kletz T. Hazop & Hazan: Identifying & assessing process industry hazards. IChemE, 1999
• Limnios N, Fault Trees, ISTE, 2007 [online]
• Hoyland A, System reliability theory: models & statistical methods, John Wiley, 1994 [online]
• Modarres M, What every engineer should know about reliability & risk analysis, Marcel dekker, 1993
• Nolan DP. Safety & security review for the process industries: application of HAZOP, PHA, what-if & SVA reviews. Elsevier Science, 2011 [online]
• Day I, Hazop [videorecording]: a team in actionCoreMedia, 1991 CH4101 FooSC
END
CH4101 FooSC
