Sunteți pe pagina 1din 12

HAZID Techniques Contents

HAZARD IDENTIFICATION .................................................................................................... 2 OBJECTIVES OF HAZARD IDENTIFICATION .......................................................................... 2 ASSUMPTIONS IN HAZARD IDENTIFICATION ........................................................................ 3 TECHNIQUES OF HAZARD IDENTIFICATION........................................................................ 4 PAST EXPERIENCE .............................................................................................................. 4 METHODICAL LEAK/RUPTURE ......................................................................................... 5 ENGINEERING CODES AND STANDARDS ........................................................................... 7 HAZARD REVIEW................................................................................................................ 7 HAZARD CHECKLIST .......................................................................................................... 9 WHAT IF ANALYSIS ..................................................................................................... 10 FAILURE MODE & EFFECT ANALYSIS .............................................................................. 11 HAZOP ............................................................................................................................ 12 FTA ................................................................................................................................... 12 ETA ................................................................................................................................... 12

H A Z I D

T E C H N I Q U E S

Hazard Identification (HAZID) Techniques


Hazard identification is the first, and in many ways the most critical step involved in a risk assessment. An overlooked hazard is likely to introduce more error into the overall risk estimate than an inaccurate consequence model or frequency estimate. Furthermore, an omission will invariably result in underestimation of the risk. Hazard identification is a qualitative review of possible accidents that may occur, in order to select failure cases for detail modeling. Hazard assessment includes a range of relatively simple techniques for gaining an appreciation of the range and magnitude of hazards on an installation and suggesting appropriate mitigation measures. These techniques are useful forms of risk management (or qualitative risk assessment) in their own right, since they are relatively easy to understand and apply.

Hazard Identification
Hazard Identification is often referred to as the most important step in risk assessment, since what has not been identified will not be evaluated, and hence cannot be mitigated. If an accident occurs on an installation due to a hazard that was not identified, it can be very embarrassing, particularly if the hazard is relatively obvious. In the past, it was usually considered acceptable to identify and study in detail just one or a few of the major hazards, in particular those deemed just credible, whilst dismissing others of even greater consequence on the grounds that they would never happen. This approach is now considered inadequate. Events with lesser consequences, but with relatively higher frequency, may contribute as significantly to the overall risk as major events with very low frequency and therefore all should be identified and examined.

Objectives of Hazard Identification


Those active in the business of risk assessment have noted a strong trend to emphasize different parts of a risk assessment to greater or lesser degrees. The most common emphasis is on engineering calculations (frequency and consequences) and not enough on the up-front activities such as understanding the true needs and the hazard identification, and on the back-end interpretation of results and communication. 2

H A Z I D

T E C H N I Q U E S

The key objectives of hazard identification can be summarized as follows: Primary Objectives Completeness Knowledge-based Multi-disciplinary Secondary Objectives Auditable Structured Efficient Possible to track the process, well documented To ensure completeness and quality of documents Focus on immediate problem, useful purposes Full list of potential hazards Be aware of past accidents and other work Allow lateral thinking from diverse experiences

Some of these goals are conflicting, and not all techniques deliver all these properties equally well at all phases of the lifecycle.

Assumptions in Hazard identification


It should be kept in mind that risk assessments, in order to be manageable, relies on a set of assumptions regarding the design and operation of the systems under analysis. Some of the assumptions that are frequently made may have a significant impact on the hazard identification process. These should be kept in mind in order not to oversimplify the scope of the risk study. Examples of such assumptions are: The design is adequate, the system will not fail if all components are functioning and the procedures are followed. (NOTE: as much as 30 to 40% of the failure events may be due to design errors.) The system is constructed in accordance with the drawings and specifications (NOTE: this is not always the case. As built drawings frequently do not reflect the operating plant.) The components used are similar in design and quality to industry average. (NOTE: This assumption is crucial when selecting failure rates for components.) The system is operated according to the procedures. At least, the operators will not deliberately violate procedures or make short cuts. (NOTE: As much as 40 to 50% of the failure events may be due to human error of some kind in construction, operation, maintenance, etc.) Just as hazard identification is the most important step in risk assessment, so is system definition the most important step in hazard identification. A clear statement of what has been examined is a vital part of the system review and a great asset when, as frequently happens, the system is to be modified and a new hazard analysis is required. 3

H A Z I D

T E C H N I Q U E S

System definition is not difficult nor time-consuming: what is required is clear and explicit specification of the features to be included within the boundary of the system studied and, just as importantly, those features outside the boundary which could affect the system and which should also be considered. Typical external features might be reservoir characteristics, marine conditions, and seismic activity. As the system evolves, either on paper or in reality, items will be added or deleted. It is important to ensure that these changes are incorporated into the system definition and the subsequent hazard identification.

Techniques of Hazard Identification


There are a number of techniques for hazard Identification. Their purpose is to identify the hazards themselves or the failure cases that might initiate them. Some of these techniques are: Past Experience Methodical Leak/Rupture Engineering Codes and Standards Hazard Review Hazard Checklist What-If (What-If Checklist Technique) Hazard and Operability Study (HAZOP) Failure Modes, Effects and Criticality Analysis (FMECA) Fault Tree Analysis (FTA) Event Tree Analysis (ETA)

Past Experience

It is crucial to the safe design and operation of any facility that experienced engineering staff be involved. Their knowledge can be invaluable in identifying situations they have found to cause problems in the past, and in selecting suitable codes and procedures. However, the value of experience is limited in at least two respects: uncommon hazards, possibly with severe consequences, may be outside this experience; secondly, even if the hazards are known, there is no guarantee they will be considered. The best use of engineers experience is in application of a structured technique such as FMEA or HAZOP. Having pointed out the weakness of relying on past experience for hazard identification, it is of course important to emphasise that past experience can be a very important input to risk quantification, and to understanding the risk mechanism causing damage and injury. Every installation operator should therefore systematically collect and analyse information on accidents and nearmisses. A useful starting point in any QRA is to search through relevant data bases to determine what accidents have occurred on the plant or process under 4

H A Z I D

T E C H N I Q U E S

investigation. Data bases such as World Offshore Accident Databank (WOAD) can give valuable insight into previous accidents. Incident/event lists are a useful means of learning from the past, but by their historical nature they cannot foresee new types of incidents associated with larger scale or novel technology, and they are unlikely to include infrequent incidents associated with existing technology.

Methodical Leak/Rupture

The methodical leak/rupture or generic failure approach is a means of failure case identification that generates failure cases by conceptually breaking open every pipe and vessel on a P&ID over a range of hole sizes. The number of sizes can be varied, but in general would be chosen to represent small, medium, and large release events (including catastrophic rupture). This method was adopted for example in the Rijnmond demonstration QRA (Rijnmond Public Authority, 1982). Such an approach can lead to large numbers of failure cases and some screening of cases is usually undertaken to reduce the number e.g. if topsides risk is the issue being addressed, then all subsea releases that cannot affect topsides zones can be omitted e.g. below a water depth where the rate of gas/oil released could not lead to flammable gas accumulations at surface or where they could affect installation buoyancy etc. Methodical rupture is, as its name implies, methodical but limited. In principle, since every line and vessel is allowed to fail in a representative range of hole sizes, all possible failure events are incorporated. The problem is that each event will be associated with a generic failure frequency and this may be inappropriate for the specific circumstances. Therefore, methodical rupture needs to be supplemented with site specific assessments. These will address causes of failure that would tend to modify significantly the generic frequencies. Examples might be highly corrosive fluids, systems particularly subject to human error, and escalation events. An example of escalation is the BLEVE of pressurized flammable liquefied gas vessels (Boiling Liquid Expanding Vapour Explosions). These are most often due to initiating events unrelated to the vessel itself (e.g. impinging jet fire from nearby item). The failure events themselves tend not to be altered, rather their frequency is modified upwards or downwards to reflect the site specific deviation from generic. Potential accidents associated with any plant, section of a plant or pipeline can be divided into two categories : There is a possibility of failure associated with each mechanical component of the plant (vessels, pipes, pumps or compressors). These are generic failures and can be caused by such mechanisms as corrosion, vibration or external impact (mechanical or overpressure). A small event (such as a leak) may 5

H A Z I D

T E C H N I Q U E S

escalate to a bigger event, by itself causing a larger failure (note - historic frequency data would generally be used for these types of incidents). There is also a likelihood of failures caused by specific operating circumstances. The prime example of this is human error, however it can also include other accidents due, for example, to reaction runaway or the possibility of ignition of leaking tank gases due to hot work. Human error failures would include, for example, failure to connect the unloading hose correctly leading to a full bore rupture. It would be expected that the operator will have a management system to protect against such examples of human error (note historic frequency data would generally not be available and therefore fault tree analysis would generally be used for these types of incidents). The first stage of accident requires consideration of each component under its normal operating conditions. It may also require consideration of some components under abnormal conditions. In principle, an essential first stage in failure case identification of such a facility is therefore the complete itemisation of every significant mechanical component in the plant which could fail, together with its operating conditions, contents and inventory. The range of possible releases for a given component covers a wide spectrum, from a pinhole leak up to a catastrophic rupture (of a vessel) or full bore rupture (of a pipe). It is both time-consuming and unnecessary to consider every part of the range; instead, representative failure cases are generated. For a given component these should represent fully both the range of possible releases and their total frequency. In general, the following typical types of failures are considered: For vessels: Rupture Large leaks (mainly connection failures) Medium and small leaks (due to corrosion, impact and other such cases) For pipes: Full bore rupture Leaks, the number of categories depending upon the diameter of the pipe. Failures of other components are dealt with in a similar manner giving releases which are representative of accidents to that type of component. All of the first class of failures (generic failures) are covered by these generic types, as are some of those in the second class (specific class). This process may be thought of as a systematic breaking exercise. Identification of specific failures are based on the formal methods of hazard identification 6

H A Z I D

T E C H N I Q U E S

discussed elsewhere in this module since they require engineering experience, awareness of specific failure modes and knowledge of the process under review.

Engineering Codes and Standards

Engineering codes and standards set out design standards which are considered necessary to produce a safe installation. However, in general they are consensus documents which represent the minimum considered acceptable for equipment or processes of a particular type, and often they do not specify the hazard(s) which they are intended to prevent. They tend not to allow for infrequent major incidents or for local features (such as installation configuration). For these reasons, although engineering codes are necessary for design, and in many countries their use is required by law, they are insufficient for hazard identification and need to be supplemented by other techniques. A hazard review (also known as a hazard survey) is a mainly intuitive, qualitative review of an installation to identify the hazards that are present and to gain qualitative understanding of their significance. How to Perform a Hazard Review ? A hazard review should address issues such as: Previous safety assessments - What is other peoples assessment of the hazards? For many types of installation, previous safety assessments may be sufficient to give an outline appreciation of the hazards. Survey of previous accidents - Have similar installations suffered accidents in the past? This is one of the easiest (and most frequently overlooked) ways of identifying hazards. It provides a simple intuitive warning of the types of accidents that may occur, although it cannot be comprehensive, especially for new types of installation. Nevertheless, this is a very important first step, and ensures that the lessons from previous accidents are not overlooked. Previous experience - If the installation already exists, has it suffered any near misses or operating problems? Operating personnel are likely to have ideas on potential accidents based on their own experience. This may be structured in a HAZOP or FMECA. However, they may tend to concentrate on relatively frequent problems and overlook less likely major accidents. Hazardous materials data - What hazardous materials will be handled on the installation? The intrinsic hazards of common materials handled offshore such as oil, gas, condensate, H2S, diesel oil etc. have a major impact on the risks of the installation as a whole. Guidelines and Codes of Practice - Does the installation conform to good engineering practice? Codes of practice for design and operation of offshore installations include lessons learned from previous accidents. Complying with 7

Hazard Review

H A Z I D

T E C H N I Q U E S

these standards therefore ensures a high level of safety for a standard installation. However, because they are written as guides for design or operation, these documents usually do not specify the hazards that each measure is intended to control, and therefore are difficult to use for identifying hazards. Good access to information is critical for a hazard survey. Hazard reviews can involve a detailed area-by-area walk through of the installation if the unit is nearing completion or in operation. This improves the ability to understand physical interactions between systems e.g. the potential vulnerability of the fire water main to blast potential in a given area or the line of sight between potential fires and e.g. escape routes. Typical checklists used during hazard reviews should aim to consider in each area Sources of hazard in an area Potential for escalation to other neighboring or local areas or systems Potential to affect emergency systems in an area Potential to affect personnel in the area or close by The impact on the emergency response process Having considered the installation area by area a broader review should be undertaken for incidents that can affect large parts of the installation. These could cover issues such as Helicopter crash Ship collision Structural failure Ballast failure/ stability reduction Strengths and Weaknesses of Hazard Reviews The strengths of hazard review are: Its lack of structure forces the analyst to consider hazards from first principles, minimizing the risk of overlooking hazards. It makes use of existing experience from a wide range of sources. It requires minimal information about the installation, and so is suitable for concept design phase. The weaknesses of hazard review are: Its lack of structure makes it difficult to audit. It is limited to previous experience, and thus has limited value for novel installations. 8

H A Z I D

T E C H N I Q U E S

It does not produce a full list of failure cases.

Hazard Checklist

Checklists incorporate past experience in convenient lists of dos and donts. One useful source is AIChE (1985). Checklists may be valuable in the design process for revealing an otherwise overlooked hazard. They are easy to use and can be expected to reveal most common hazards. However, they need supplementing for the same reasons as engineering codes and historical reviews. The checklist procedure for hazard identification may also be called a Process Review. The procedure is straightforward, and more comprehensive than the Inventorisation procedure, and it identifies more than simply hazardous materials. However, the procedure cannot be as effective as HAZOP, simply because it is not as thorough. The checklist used is normally a written list of hazardous event categories, developed by consideration of past accidents in the process industries. However, before such a list is used, it is often worthwhile to consider the actual process being studied, and its operating history, to decide whether any additional event types should be added to the list. Occasionally Process Reviews are carried out without formal use of a checklist. In practice, the members of the team employ a mental checklist, but of course this is much more liable to error by omission of an event type! Checklist Development The hazard checklist is developed by an individual who understands how the design and operating practices are intended to deal with known hazards. It is written in general terms, in order to apply to as many installations as possible, but may be customised for individual installations or operators. How to Perform a Checklist Analysis The checklist analysis is carried out by a team, using the checklist to stimulate thought and documenting recommendations which arise. It is not sufficient simply to answer yes or no to the questions. Strengths and Weaknesses of Hazard Checklists The strengths of a hazard checklist are: It is quick and simple to carry out. It makes use of existing experience and knowledge of previous problems. 9

H A Z I D

T E C H N I Q U E S

It is easy to understand, and is suitable for operating personnel to carry out. It helps check for compliance with standard practice and design intentions. The weaknesses of a hazard checklist are: It does not encourage analysts to consider new or unusual hazards.

What If Analysis

WHAT-IF analysis is a multidisciplinary team oriented analytical technique that utilizes creative brainstorming to examine a process or operation. When compared with HAZOP, it lacks the structure provided by the guideword approach. Also, unless the leader imposes a pattern (e.g. dividing the process down into subunits and/or following the flow of the operation from the introduction of raw materials through to product recovery) upon the analysis, it can be anything but systematic. However, the What-If technique has a good reputation for effectiveness as a hazards identification tool which is easy to focus and useful as an educational instrument. The technique appears to have its roots in the military as a tool for planning for contingencies. It is a team based approach which asks many of the same questions which might be raised during a HAZOP while not dwelling on topics which probably will not result in new understanding of potential hazards. It is simple to use and generally requires commitment of fewer resources than a HAZOP study. Although it tends to produce excellent team participation, the What-If methodology lacks the structure of a HAZOP or a checklist, and is therefore highly dependent upon the study leader to ensure that the right questions are asked and answered. Although the questions can be answered as they are raised, it is sometimes more effective and efficient to pose and record as many questions as possible in a "brainstorming" manner before trying to answer them. Interrupting the train of thought when brainstorming may result in questions being forgotten or perhaps never even being posed. Additional questions can always be added to the discussion list as they are raised. WHAT-IF questions often may often begin with the words "What-If" but they don't have to. "How could", "Is it possible," or any other form of question is perfectly acceptable. The intent is to ask questions that will cause the group to carefully consider and think through the potential scenarios and ultimate consequences that such an error or failure might precipitate. Team discussions during a What-If review should be similar in all aspects to those encountered during a HAZOP study.

10

H A Z I D

T E C H N I Q U E S

What-If Method Application Commonly used to examine proposed changes to an existing facility/unit. Can also be used during process development or at pre-startup Can study refining units, gas plants, reactors, platforms, raw materials, products, storage, materials handling, in-plant environment, operating procedures, work practices, management practices, plant security, etc. Input information includes detailed documentation of the facility/unit, the process, and the operating procedures, and perhaps interviews with operators and maintenance mechanics. Users should be experienced. What-If Advantages & Disadvantages
Advantages Disadvantages

Easy to use Rapid focus on major plant hazards Group technique

Unstructured format Complete coverage not guaranteed Recording of results is inherently sparse Hard to achieve quality control

Failure Mode & Effect Analysis

Failure Mode and Effects Analysis (FMEA) is a technique which is used to identify hazards or ways in which components or systems can fail to perform their design intention. It will also identify the effects of those functional failures on the system of which those components or sub-systems are a part. It is largely a qualitative technique. Concepts of FMEA Aspect of concern (what)

How

Consequence

Failure mechanism

Failure mode

Failure effect

11

H A Z I D

T E C H N I Q U E S

Application of FMEA An FMEA becomes a Failure Mode, Effects and Criticality Analysis (FMECA) if a certain probability of occurrence is assigned to a certain effect. It is an analysis which is usually carried out during the design phase of a system. The purpose is then to identify areas where improvements are needed to meet performance requirements. An FMEA can however be applied to systems already in operation to determine possible failures and associated losses. The results of an FMEA/FMECA are often used to assist in maintenance planning. Past Experience - to search through relevant data -bases to determine what accidents have occurred on the plant or process under consideration.

HAZOP FTA ETA

- a systematic review of the process plant design, to evaluate the effects of deviations from normal operating conditions. - a logical representation of the various events or component failures that may combine to cause one hazardous event. - a logical representation of the various events that may follow from an initiating event. ----------x---------

12