Major Hazard Facilities Hazard Identification

2

Overview

This seminar has been split into two sections1. Hazard Identification2. Major Accident Identification and Risk Assessment

The seminar has been developed to provide• Context with MHF Regulations• An overview of what is required• An overview of the steps required• Examples of hazards identified

3

Some Abbreviations and Terms

• AFAP - As far as (reasonably) practicable• DG - Dangerous goods • Employer - Employer who has management control of the

facility• Facility - any building or structure at which Schedule 1

materials are present or likely to be present for any purpose• FMEA/FMECA - Failure modes and effects analysis/ Failure

modes and effects criticality analysis• FTA - Fault tree analysis • HAZID - Hazard identification• HAZOP - Hazard and operability study• HSR - Health and safety representative • LOC - Loss of containment• LOPA – Layers of protection analysis

4

Some Abbreviations and Terms

• MHF - Major hazard facility • MA - Major accident• OHS - Occupational health & safety• PFD – Process Flow Diagram• P&ID – Piping and Instrumentation Diagram• PSV – Pressure safety valve• SMS - Safety management system

5

Topics Covered In This Presentation

• Regulations• Definition – Hazard• Introduction• HAZID Requirements• HAZID Approach• Consultation• Conducting the HAZID• Overview of HAZID techniques• Review and Revision• Sources of Additional Information

6

Regulations

• Hazard identification (R9.43)• Risk assessment (R9.44)• Risk control (i.e. control measures) (R9.45, S9A 210)• Safety Management System (R9.46)• Safety report (R9.47, S9A 212, 213) • Emergency plan (R9.53) • Consultation

Basic outline

7

Regulations

a) All reasonably foreseeable hazards at the MHF that may cause a major accident; and

b) The kinds of major accidents that may occur at the MHF, the likelihood of a major accident occurring and the likely consequences of a major accident.

Regulation 9.43 (Hazard identification) states:The employer must identify, in consultation with employees,contractors (as far as is practicable) and HSRs:

8

Definition

Hazard

Regulatory definition per Part 20 of the Occupational Health and Safety (Safety Standards) Regulations 1994 : “A hazard means the potential to cause injury or illness”

Interpreted: Any activity, procedure, plant, process, substance, situation or other circumstance that has the potential to cause harm.

9

Introduction

• HAZID is critical to safety duties and the safety report• Employer must identify all major accidents and their related

causes using a systematic and documented HAZID approach • The process must be transparent• HAZID results must be reflected in risk assessment, SMS,

adoption of control measures and safety report

10

Introduction

An example - Gramercy Alumina Refinery, US Department of Labor Report ID No. 16-00352, 5 July 1999 at 5am

11

Introduction

Were the hazards identified?

12

Introduction

• HAZID process must be ongoing to ensure existing hazards are known, and

• New hazards recognised before they are introduced:- Prior to modification of facility- Prior to change in SMS or workforce- Before and during abnormal operations, troubleshooting- Plant condition monitoring, early warning signals- Employee feedback from routine participation in work- After an incident

13

Introduction

5%2%

4%1%

5%

1%

4%

4%

7%

8%

10%13%

5%

4%

8%

12%

7%Emergency Preparation

Quality Assurance

Other Training

Industry Guidance

Incident Investigation

Employee Participation

Facility Siting

Internal Auditing and Oversight

Safe Work Practices

Management of Change

Engineering Design & Review

Maintenance Procedures

HAZCOM

Operator Training

Operating Procedures

Process Hazard Analysis

Process Safety Information

• Information from accident investigations can be useful as input to determine contributing causes

14

HAZID Requirements

• A systematic, transparent and comprehensive HAZID process should be used based on a comprehensive and accurate description of the facility

• MAs and the underlying hazards should not be disregarded simply because:

- They appear to be very unlikely- They have not happened previously- They are considered to be adequately controlled by existing

measures

15

HAZID Requirements

The risk diagram can be useful for illustrating this aspect, as shown below

Consequence Severity

Safety Report Influence

OH&S CatastrophicFire & ExplosionMaintenance

Protest picketsPersonal injuryIndustrial stoppage

High technology and high hazard system failures

Class actionsMarket collapse

Fatality (fatalities)

BreakdownsPublic criticism

Staffcomplaints

Rela

tive F

req

uen

cy o

f Occu

rren

ce

Increasing risk

16

HAZID Requirements

• The HAZID process (for MHF compliance) is not intended to identify all personnel safety concerns

• Many industrial incidents are caused by personnel safety breaches, such as the following:

- Person falls from height- Electrocution- Trips/slips- Contact with moving machinery- etc

Exclusions

17

HAZID Requirements

• These are generally incidents that do not relate to the storage or processing of Schedule 9 materials and are covered by other parts of an Employer’s safety management system for a facility such as:

- Permit to work- Confined space entry and management- Working at heights - Work place safety assessments - etc

Exclusions

18

HAZID Approach

• What can go wrong?

• What incidents or scenarios could arise as a result of things going wrong?

• What could cause or could contribute to these incidents?

19

HAZID Approach

• Considers all operating modes of the facility, and all activities that are expected to occur

• Human and system interfaces together with engineering issues• Dynamic process to stay ahead of any changes in the facility

that could erode the safe operating envelope or could introduce new hazards

20

HAZID Approach

The HAZID approach is required to:

• Be team-based• Use a a process that is systematic• Be pro-active in searching for hazards• Assess all hazards • Analyse existing controls and barriers - preventative and

mitigative• Consider size and complexity in selecting approach to use

21

HAZID Approach

• Consideration needs to be given in selecting the HAZID technique

• Some issues to take into account are:- Life cycle phase of plant- Complexity and size - Type of Process or activity covering:

o Engineering or proceduralo Mechanical, process, or activity focussed

22

HAZID Approach

• The HAZID approach can be used in the first stages of the life cycle phase of a project

• Prior to design phase, little information will be available and the HAZID approach will need to be undertaken on flow diagrams

• Assumptions will need to be transparent and documented

Concept

Design

Commission

Production

Decommission

Disposal

Construction

Life Cycle Phases of a Project

23

HAZID Approach

Complexity and Size• The complexity and size of a facility includes the number of

activities or systems, the number of pieces of equipment, the type of process, and the range of potential outcomes

• Some HAZID techniques may get bogged down when they are applied to complex processes

• For example, event tree and fault tree analyses can become time consuming and difficult to structure effectively

• However, simple techniques may not provide sufficient focus to reach consensus, or confidence in the identification of hazards

Conclusion: Start with simple techniques and build in complexity as required

24

HAZID Approach

Type of Process or Activity• Where activities are procedural or human error is dominant

then task analysis may be appropriate (e.g. task analysis, procedural HAZOP, etc)

• Where knowledge of the failure modes of equipment is critical (e.g. control equipment, etc) then FMEA may be appropriate

25

HAZID Approach

Type of Process or Activity• Where the facility is readily shown on a process flow diagram

or a process and instrumentation diagram, then HAZOP may be used

• Where multiple failures need to be combined to cause an accident, or multiple outcomes are possible then fault tree analysis and event tree analysis may be beneficial

26

Consultation

• The MHF Regulations require Employers to consult with employees in relation to:

- Identification of major hazards and potential major accidents- Risk assessment- Adoption of control measures- Establishment and implementation of a safety management

system

- Development of the safety report

27

Consultation

• Consultation is also required in relation to the roles that the Employer defines for employees

• The adequacy of the consultation process is a key step in decision-making with regards to the granting of licences

• A teamwork approach between the Employer, HSRs and employees is strongly advocated for the safety report development process as a whole

28

Consultation

• Employees have a significant effect on the safety of operations, as a result of their behaviour, attitude and competence in the conduct of their safety-related roles

• The involvement of the employees in the identification of hazards and control measures enhances:

- Their awareness of these issues and- Is critical to the achievement of safe operation in practice

29

Conducting the HAZID

HAZID Team Selection

• The team selection for the area or plant is critical to the whole hazard identification process

• Personnel with suitable skills and experience should be available to cover all issues for discussion within the HAZID process

• A well managed, formalised approach with appropriate documentation is required

• Team selection and training in methodology used is to be provided

30

Conducting the HAZID

HAZID Team Selection

• Facilitated multi-disciplinary team based approach • Suitably qualified and experienced independent person to

facilitate• Suitably experienced and qualified personnel for the process,

operations and equipment involved

31

Conducting the HAZID

HAZID Team Selection

• These employees MAY BE the HSRs but DO NOT HAVE TO BE

• However, the HSRs should be consulted in selection of appropriate persons - this process must be documented and be transparent

• No single person can conduct a HAZID• A team approach will be most effective

32

Conducting the HAZID

HAZID Study Team

The typical study team would comprise:• Study facilitator• Technical secretary• Operations management• HSR/Operations representative• Project engineer or project design engineer for new projects• Process engineer• Maintenance representative• Instrument electrical representative

Note: the above team make up is indicative only

33

Conducting the HAZID

HAZID Planning

The following steps are required:

• Planning and preparation • Defining the boundaries and provide system description• Divide plant into logical groups• Review P&IDs and process schematics to ensure accuracy• Optimise HAZID process by means of preplanning work

involving relevant stakeholders (operations, maintenance, technical and safety personnel)

34

Conducting the HAZID – Consider the Past, Present and Future

Existing conditions

Future conditions

Historical conditions

What has gone wrong in the past?

What could go wrong currently?

What could go wrong due to change?

Root CauseHistorical RecordsProcess ExperienceNear Misses

Identified Hazards

HAZID WorkshopHAZOP StudyScenario DefinitionsChecklists

Change ManagementWhat-If JudgementPrediction

unforeseeable

35

Conducting the HAZID

It is tempting to disregard “Non-Credible” Scenarios BUT

• “Non-credible” scenarios have happened to others• Worst cases are important to emergency planning

36

It happened to someone else …

Aftermath of an explosion(U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, SIERRA CHEMICAL COMPANY REPORT NO. 98-001-I-NV, January 1988)

37

Conducting the HAZID

Issues for consideration

• Equipment can be off-line• Safety devices can be disabled or fail to operate• Several tasks may be concurrent• Procedures are not always followed• People are not always available• How we act is not always how we plan to act• Things can take twice as long as planned• Abnormal conditions can cross section limits

– Power failure

38

Conducting the HAZID – HAZID Process

Existing studies

Define boundary System description

Divide system into sections

Systematically record all hazards

Independent check

Revisit after risk assessmentHazard Register

Selected methods

• asset or equipment failure• external events• process operational deviations• hazards associated with all materials• human activities which could contribute to incidents• interactions with other sections of the facility

Analyse each section

39

Conducting the HAZID

Meeting Venue

• Hold on site if possible

• Avoid interruptions if possible

• Schedule within the normal work pattern, or within the safety report activities

• Meetings less than 3 hours are not effective

• Meetings that last all day are also not effective, however practicalities may require all day meetings

• Don’t underestimate the time required

40

Conducting the HAZID

Recording Detail• The level of detail is important for:

- Clarity- Transparency and

- Traceability • A system (hazard register) is required for keeping track of the

process for each analysed section of the facility• The items to be recorded are:

- Study team- System being evaluated- Identified hazard scenario- Consequences of the hazard being realised- Controls in place to prevent hazard being realised and their

adequacy- Opportunity for additional controls

41

HAZID Techniques - Overview

• Checklists - questions to assist in hazard identification

• Brainstorming - whatever anyone can think of

• What If Analysis - possible outcomes of change

• HAZOP - identifies “process plant” type incidents

• FMEA/FMECA - equipment failure causes

• Task Analysis – maintenance activities, procedures

• Fault Tree Analysis - combinations of failures

Increasing effort required

42

Checklists

• Simple set of prompts or checklist questions to assist in hazard identification

• Can be used in combination with any other techniques, such as “What If”

• Can be developed progressively to capture corporate learning of organisation

• Particularly useful in early analysis of change within projects

43

Initiating Events

General Causes Initiating Causes

Overfills And Spills

Improper Operation

Operating ErrorInadequate / Incorrect ProcedureFailure To Follow ProcedureOutside Operating EnvelopeInadequate Training

Vessel/Tanker Shell Failure

Corrosion Wet H2S CrackingGeneral ProcessCooling WaterSteam / CondensateService Water

Mechanical Impact

MissilesCraneVehicles

Checklists

44

Checklists

Advantages• Highly valuable as a cross check review tool following

application of other techniques• Useful as a shop floor tool to review continued compliance

with SMS

Disadvantages

• Tends to stifle creative thinking• Used alone introduces the potential of limiting study to

already known hazards - no new hazard types are identified• Checklists on their own will rarely be able to satisfy regulatory

requirements

45

Brainstorm

• Team based exercise• Based on the principle that several experts with different

backgrounds can interact and identify more problems when working together

• Can be applied with many other techniques to vary the balance between free flowing thought and structure

• Can be effective at identifying obscure hazards which other techniques may miss

46

Brainstorm

Advantages• Useful starting point for many HAZID techniques to focus a

group’s ideas, especially at the project’s concept phase• Facilitates active participation and input• Allows employees experience to surface readily• Enables “thinking outside the square”• Very useful at early stages of a project or study

Disadvantages• Less rigorous and systematic than other techniques• High risk of missing hazards unless combined with other tools• Caution required to avoid overlooking the detail• Relies on experience and competency of facilitator

47

What If

• What if analysis is an early method of identifying hazards• Brainstorming approach that uses broad, loosely structured

questioning to postulate potential upsets that may result in an incident or system performance problems

• It can be used for almost every type of analysis situation, especially those dominated by relatively simple failure scenarios

48

What If

• Normally the study leader will develop a list of questions to consider at the study session

• This list needs to be developed before the study session• Further questions may be considered during the session• Checklists may be used to minimise the likelihood of omitting

some areas

49

What If

Example of a What If report for a single assessed item

50

What If

Advantages• Useful for hazard identification early in the process, such as

when only PFDs are available• What If studies may also be more beneficial than HAZOPs

where the project being examined is not a typical steady state process, though HAZOP methodologies do exist for batch and sequence processes

Disadvantages• Inability to identify pre-release conditions• Apparent lack of rigour • Checklists are used extensively which can provide tunnel

vision, thereby running the risk of overlooking possible initiating events

51

HAZOP

• A HAZOP study is a widely used method for the identification of hazards

• A HAZOP is a rigorous and highly structured hazard identification tool

• It is normally applied when PFDs and P&IDs are available • The plant/process under investigation is split into study nodes

and lines and equipment are reviewed on a node by node basis

• Guideword and deviation lists are applied to process parameters to develop possible deviations from the design intent

HAZOP results in a very a systematic assessment of hazards

52

HAZOP

Example of a HAZOP report for a single assessed item

53

HAZOP

Advantages• Will identify hazards, and events leading to an accident,

release or other undesired event • Systematic and rigorous process • The systematic approach goes some way to ensuring all

hazards are considered

Disadvantages• HAZOPs are most effective when conducted using P&IDs,

though they can be done with PFDs• Requires significant resource commitment• HAZOPs are time consuming• The HAZOP process is quite monotonous and maintaining

participant interest can be a challenge

54

FMEA/FMECA

• Objective is to systematically address all possible failure modes and the associated effects on a technical system

• The underlying equipment and components of the system are analysed in order to eliminate, mitigate or reduce the failure or the failure effect

• Best suited for mechanical and electrical hardware systems evaluations

55

FMEA/FMECA

Example of an FMEA/FMCEA report for a single assessed item

Potential Failure Mode

Potential Effects of Failure

Potential Causes of Failure

Comments Recommendations

Open indicator switch failed

Wrong indication of valve back to control system causing possible incorrect controller action to be taken

Wear and tear

Commissioning and test procedures must ensure that all diverter equipment indicators are correctly wired to the diverter control system

The integrity of the position indicators for the Diverter system equipment is critical to the logic of the control system.It is recommended that the position indicators are discretely function tested prior to commencement of each program

56

FMEA/FMECA

Advantages• Generally applied to solve a specific problem or set of

problems• FMEA/FMECA was primarily considered to be a tool or process

to assist in designing a technical system to a higher level of reliability

• Designed correction or mitigation techniques can be implemented so that failure possibilities can be eliminated or minimized

Disadvantages• It is very time consuming and needs specialist skills from

different backgrounds to obtain maximum effect • Very hard to assess operational risks within an FMEA/FMECA

(like they can be within a HAZOP or What if study)

57

Task Analysis

• Technique which analyses human interactions with the tasks they perform, the tools they use and the plant, process or work environment

• Approach breaks down a task into individual steps and analyses each step for the presence of potential hazards

• Used widely to manage known injury related tasks in workplace

• Excellent tool for hazard identification related to human tasks

58

Task Analysis

Disadvantages

• Does not address plant process deviations which are not related to human interaction

Caution• Relies on multi-disciplined input with specific input of person

who normally carries out the task• Often assumed to be the only tool of hazard identification or

risk assessment, as it is used generally at the shop floor

59

Fault Tree Analysis

• Graphical technique approach• Provides a systematic description of the combinations of

possible occurrences in a system which can result in an identified undesirable outcome (top event)

• This method combines hardware failures and human failures• Uses logic gates to define modes of interaction (ANDs/ ORs)

60

Fault Tree Analysis

AND OR

PSV does not relieve

Process pressure

rises

Control fails high

PSV too small

Set point too high

PSV stuck closed

Fouling inlet or outlet

Pressure rises

Process vessel over pressured

AND

61

Fault Tree Analysis

Advantages• Quantitative - defines probabilities to each event which can be

used to calculate the probability of the top event• Easy to read and understand hazard profile• Easily expanded to bow tie diagram by addition of event tree

Disadvantages• Need to have identified the top event first• More difficult than other techniques to document• Fault trees can become rather complex• Time consuming approach• Quantitative data needed to perform properly

62

Review and Revision

HAZID Revision

Organizational changes

Process or condition

monitoring changes

Incident investigation

results

Abnormal conditions through design envelope

changes

New projects

The following are examples of when a HAZID revision should occur

63

Sources of Additional Information

• Loss Prevention In The Process Industries, Second Edition, Reed Educational and Professional Publishing, F. P Lees,1996

• Guidelines for Hazard Analysis, Hazardous Industry Planning Advisory Paper No.6, NSW Department of Planning, June 1992

• HAZOP and HAZANs, Notes on the Identification and Assessment of Hazards, Second Edition, Trevor Kletz, The Institution of Chemical Engineers, 1986

64

Sources of Additional Information

• Guidelines for Hazard Evaluation Procedures, Second Edition, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 1992

• Layer of Protection Analysis, Simplified Process Risk Assessment, Centre for Chemical Process Safety, American Institute of Chemical Engineers, 2001

• Hazard Identification and Risk Assessment, Geoff Wells, The Institution of Chemical Engineers, 19.

• MIL-STD-1629A, 1980• Failure Modes and Effects Analysis, J. Moubray, RCM II, 2000

65

Questions?