Combining Stream-Based HAZOPs, LOPAs & STPAs into an All-In-One Assessment
A Systems Approach to Process Hazard Analysis & Risk Assessment
HAZOP is the most commonly applied process hazard analysis (PHA) methodology in the processing industries.
It is also the most flawed!
Why don’t we learn what we should from HAZOPs?
• Tunnel vision - The focus on small nodes obscures the big picture. Systems issues and interface issues are easily missed.
• Guideword overlap causes excessive repetition, tedium, and poorly organized HAZOP reports.
• Ineffective risk ranking often results in many spurios findings.
• No explicit method for evaluating operability.
• Most people don’t like them.
Tunnel Vision: Small Nodes, Contract Driven
As facilities have become more and more complex we have seen increasingly problematic interfaces.
HAZOPs are generally conducted with very small nodes. These small nodes tend to create tunnel vision which may miss interface issues.
Further, it is common practice to HAZOP individual contractor scopes individually. For example, the subsea and topsides systems of an oil development are frequently HAZOPed independently by different teams. Complex subsystems, such as the gas compression system, may be HAZOPed separately by a separate team.
While some division of HAZOPs may be necessary to get the right skill sets in the room at the right time, there is certainly a risk of missing important interface issues.
Guideword Overlap, Tedium, & Disorganized Reports
The guidewords for a typical HAZOP are FLOW, PRESSURE, TEMPERATURE, and LEVEL.
But FLOW deviations cause most PRESSURE, TEMPERATURE, and LEVEL deviations (Figure 1). Discussing all four of the guidewords duplicates effort and causes tedium.
It is now relatively common for facilitators to start with FLOW deviations and effectively do the entire HAZOP under the FLOW deviation guideword. This causes multiple problems, for example:
Ineffective Risk Assessment
Risk assessment in HAZOPs is typically conducted via color-coded risk matrices as seen in Figure 2. These typically rely on ambiguous definitions of probability and consequence.
Further, it is often unclear to participants whether they are ranking the mitigated or unmitigated risk.
Ineffective risk ranking may understate the risk of a serious hazard, but probably more frequently overstates the risks resulting in many spurious findings. Both are problematic.
The inadequacy of risk assessment in HAZOPs is well-recognized. To address this deficiency, many projects perform a Level of Protection Analysis (LOPA) review of high-impact scenarios discovered in the HAZOP.
No Explicit Way to Address Operability
HAZOPs are supposed to identify operability issues, but there is no explicit consideration of operability in a typical HAZOP and no effective way to identify operability issues. Success at identifying operability issues depends more on having the right people in the room, such as experienced operators than on the process itself.
Systems-Based Risk Assessment: The GATE Approach To PHA
GATE Energy has developed a systems approach to PHA that addresses each of the HAZOP process flaws noted above. The 3-step process is illustrated in Figure 3 and includes:
HAZOP Phase 1: FLOW Discussion Based on Stream-Based Nodes
HAZOP Phase 2: PRESSURE, TEMPERATURE and LEVEL Discussion Based on Typical Equipment-Based Nodes
STPA Phase 3: Application as Needed For Significant Risk Scenarios
Phase 1: Stream-Based HAZOP for the Flow Deviation Discussion
FLOW is a fundamentally different property of the system than PRESSURE, TEMPERATURE, and LEVEL. FLOW occurs through the process. PRESSURE, TEMPERATURE, and LEVEL are point functions. The first step is to conduct the FLOW discussion on stream-based node follows an identifiable stream through multiple equipment-based nodes.
Figure 4 shows a single stream-based node for a produced oil stream from the reservoir to the Dry Oil Tank.
In a typical HAZOP, this system would be divided into 6 to 9 equipment-based nodes. Stream-based nodes are much better for the FLOW deviation discussions. Change the flow anywhere in the node and you change it everywhere, or at least everywhere downstream. The stream-based FLOW discussions are used mainly to identify PRESSURE, TEMPERATURE, and LEVEL deviations for each equipment-based node. These are discussed in Phase 2. Because no value judgments and no brainstorming are required in this phase, it can be done as pre-work or conducted with a much smaller team than the equipment-based HAZOP in Phase 2. Stream-based nodes also allow for a meaningful discussion of operability. For example, it is possible to discuss the startup and shutdown of the system in Figure 4.
Phase 2: PRESSURE, TEMPERATURE, LEVEL Discussions
The FLOW discussions in Phase 1 identify all the PRESSURE, TEMPERATURE and LEVEL deviations for each equipment-based node. These deviations are discussed for each equipment-based node in Phase 2.
The stream-based node is an excellent vehicle for the FLOW deviation discussions, but stream-based nodes don’t work for the PRESSURE, TEMPERATURE and LEVEL discussions. Pressure, temperature and level control and safeguarding are all done primarily at the equipment level. For these discussions, we use equipment-based nodes. Equipment-based nodes are what we commonly see in a HAZOP – one equipment item or a very few related items make up a node. The advantage of doing the stream-based FLOW discussions first is that we identify most of the causes of PRESSURE, TEMPERATURE and LEVEL deviations during the FLOW discussion. Then, we only need to discuss PRESSURE, TEMPERATURE and LEVEL deviation once. In addition to simplifying the deviation discussions, this approach also effectively organizes the HAZOP record. LOPA-based risk assessment in this phase adds rigor and repeatability to the risk assessment. This minimizes the spurious findings.
LOPA-based Risk Ranking
A key feature of the GATE System PHA process is more effective risk ranking. Typical risk ranking in HAZOPs is a relatively informal and unstructured process conducted via a color-coded risk matrix (usually red, yellow, green) as seen in Figure 1. This three-level ranking provides an imprecise ranking and measurement of risks and the results are heavily dependent on the experiences of the people in the room. The GATE risk ranking methodology replaces the color-coded matrix with a Required Risk Reduction (RRR) matrix (Figure 5).
The important features of this matrix are:
The frequency axis is a logarithmic scale, with an order of magnitude change from one column to the next.
The consequence axis is also a logarithmic scale with order of magnitude differences between rows.
The numeric cell entries represent the order of magnitude risk reductions required to reach a ‘target’ or ‘maximum acceptable’ risk level (0).
Defendable frequency data, as used in a typical LOPA, is used to make the frequency judgments. For example, a control loop is expected to fail approximately once every 10 years, so a scenario with “Major” potential consequence triggered by a single control valve failure will be a D4 with an RRR = 3.
The SIL value of individual safeguards is used to assess the adequacy of safeguarding.
For a more detailed description of risk ranking using the RRR matrix see the GATE Arrow article here.
Phase 3: Conduct STPA for Significant Hazards
This phase applies the most rigorous hazard assessment methodology currently available to the most significant hazards, the system theoretic process analysis (STPA). The scenarios generated by most PHAs are based on component failures or human errors. STPA takes a fundamentally different perspective. STPA assumes that incidents happen when we lose control. It is possible to lose control even if no component has failed and no human error was made. This is especially true in complex systems.
STPA is the third step in the GATE Risk Management process. Significant risks identified in the HAZOP are studied further using the STPA methodology. For a more detailed discussion of STPA see Arrow Article here.
Viking Can Help
We are on a mission to improve the way industry does process hazard analysis.
With our legacy of experience in process design, materials selection, risk assessment and systems analysis, we can provide effective and efficient design, fabrication, and operational support as the energy industry moves into a renewable future.
