Prepared in collaboration with Maeve Gillis
Introduction
A Hazard and Operability Study, commonly referred to as a HAZOP study, is a structured analysis in process design to identify potential process safety incidents that a facility is vulnerable to. A HAZOP study uses guide words to systematically determine possible failures that could result from operation of equipment outside of design conditions. This out of design condition can occur due to possible mal-operation or mal-function of individual items of equipment, instruments, or control system.
HAZOP studies are routinely performed on:
- New plants where the design is nearly firm and documented
- Existing plants as a part of a periodic hazard analysis or a management of change process
A list of necessary actions and recommendations will be prepared in the form of HAZOP report in order to improve the safety and mitigate the consequences of hazards. The steps in a HAZOP Process are:
- Identify System
- Use Guide Words and Process Parameter
- Identify Cause
- Identify Consequences
- Identify Safeguards
- Provide Recommendations
This tutorial includes a HAZOP study for the explosion at the Caribbean Petroleum Company (CAPECO), which has been used in the first Material & Energy Balances Safety Module. A HAZOP study could have exposed flaws in the design and prevented the incident.
HAZOP Process
Step 1: Identify System
The first step in a HAZOP study is to select a piece of equipment or a section in which deviations from design set points are evaluated. Figure 1 shows a tank selected as the piece of equipment to analyze.
Step 2: Use Guide Words and Process Parameter
The next step is to identify each process parameter (e.g. flow rate) that is relevant to that equipment’s operation. With the process parameter in mind, Guide Words are used to systematically consider all abnormal operating scenarios. Appropriate Guide Words must be systematically applied to the process parameter to analyze whether or not the scenario is possible. The HAZOP guide words are shown below in Table 1.
Table 1. HAZOP Guide Words and Definitions
| No. | Guide Word | Meaning | Process Parameters | Example |
| 1 | No or Not | The complete negation of the intention from the design | Flow | No flow to Tank when there should be |
| 2 | More | There is a quantitative increase in whatever is being identified | Flow; Temperature; Pressure; Level; Concentration | Gas Temperature more than normal operation |
| 3 | Less | There is a quantitative decrease in whatever is being identified | Flow; Temperature; Pressure; Level; Concentration | Tank Level less than normal operation |
| 4 | As Well As | There is a qualitative modification, or a qualitative increase | Quality | Impurities as well as expected composition; Extra phase present (gas as well as liquid); Additional product formation |
| 5 | Part Of | There is a qualitative modification or decrease | Quality | Pump reaching part of full speed; Another scenario: component missing |
| 6 | Reverse | Opposite of the design intent | Flow; Reaction | Reverse flow through check valve; Reverse chemical reaction |
| 7 | Other Than | There was a complete substitution | Quality | Acid added other than water |
| 8 | Early | Something occurred earlier than intended (clock time) | Applicable mainly for Batch Process | Cooling water started earlier than intended time |
| 9 | Later | Something occurred later than intended (clock time) | Applicable mainly for Batch Process | Cooling water started later than intended time |
| 10 | Before | A step was performed before it should have in the process sequence | Applicable mainly for Batch Process | Cooling water started later than intended time |
| 11 | After | A step was performed after it should have in the process sequence | Applicable mainly for Batch Process | Heating step performed after cooling step |
| 12 | Other | Encompasses general issues not well described by the other guide words | Start-up/Shut-down; Corrosion; Leak; Utility failure; etc. | Tank Corrosion; Reboiler Changeover; Leak from valve; Power failure |
In Figure 1, one of the process parameters is the inlet flow rate. The relevant guide words that can be applied to flow rate are “No, More, Less, Reverse”. Other process parameters may include temperature, pressure, flow rate, pH,c oncentration, viscosity, volume, etc.
Using the guide word and parameter, we can analyze the deviations from normal operating conditions that the equipment could incur. A deviation is any divergence from normal operating behavior.
Guide Word + Parameter = Deviation
Here are some quick examples:
| Guide Word | Parameter | Deviation |
| More | Pressure | More Pressure |
| Less | Level | Less level |
| No | Flow | No flow |
Note: Not every guide word will apply to each scenario. For example, there is no physical meaning to a temperature reading being related to the guide word “part of”.
Next step is to look into the Cause, Consequence, Safeguards provided, and any additional safeguard required.
Step 3: Identify Cause
The HAZOP team identifies the potential reasons which would result in the variation in process parameter. There could be several causes which can lead to a variation. All such causes need to be identified.
Table 2. Typical Causes of Deviations in Process Parameters
| Deviation | Typical Causes |
| No flow | Valve Closed; Pump failure; Incorrect pressure difference; Major leakage etc. |
| Less flow | Pump cavitation; Fouling; partial blockage; etc. |
| More flow | Valve full open; Increased pump speed; Increased pressure differential; etc. |
| Reverse flow | Pump trip; Incorrect differential pressure; check valve passing |
| More (High) Pressure | Closed discharge; pressure control failure; excessive reboiling; loss of reflux |
| Less (Low) pressure | Pump/compressor failure |
| More (High) temperature | Heater control failure; Runaway reaction |
| Less (Low) temperature | Loss of heating; Fouled exchanger |
| More level | Level control failure; More input than output |
| Less level | Level control failure; Less input than output |
| Other Composition Than Usual | Leaking exchanger tubes; Feed Change; Wrong additives; additional reactions |
Step 4: Identify Consequences
The HAZOP team identifies potential results of a deviation on the system in case it occurs. The result could be potential damage to equipment, personal injury, environmental impact. While writing consequences, the team does not consider any safeguards to be functioning.
Example: “High level (deviation) in tank leads to overfill of tank causing release of flammable material, fire and explosion.” While writing consequences, any existing safeguards (e.g. high-level alarms, overfill protection system) are assumed to be not working.
Step 5: Identify Safeguards
The HAZOP team looks into the existing system to identify design and operating features which have been implemented to prevent the deviation, cause, or consequence. Safeguards could be an engineering or procedural barrier. All the existing protections should be identified and listed in the table.
Common Examples:
- Process alarms
- Standard operating procedure (SOP)
- Pressure safety valves
Step 6: Provide Recommendations
The HAZOP team evaluates whether the available safeguards are adequate to protect the system from proceeding to undesirable consequences. The number of safeguards required are calculated based on a risk matrix (not considered in this tutorial). If the existing safeguards are found inadequate, HAZOP team provides action plans to prevent/sense/mitigate the hazard/consequence. For the simplicity, we will list all the recommendations in our HAZOP study.
Examples:
- Addition of a trip action
- Adding a backup cooling water system in a reactor in case existing cooling water supply (safeguard) stops
- Overfill protection system in tanks
Note: Safeguards are protections in place while Recommendations are a lists of protections that
should be added. Safeguards and Recommendations are different.
HAZOP Implementation
The HAZOP study forces engineers to consider all deviations from normal operating conditions and the associated hazards. After completing a HAZOP study, the next step is to implement protections or safeguards. Each safeguard must be capable of independently preventing the deviation.
While HAZOP is a qualitative study, a Layer of Protection Analysis (LOPA) is semi-quantitative. Engineers implement protections to the equipment that prevent the mathematically highest impact scenarios in terms of risk and probability. Please see the LOPA Tutorial for more information.
A typical HAZOP worksheet will look like this:
Note: Following causes are not considered in HAZOP study:
- Simultaneous occurring of two unrelated incidents is not considered due to very low probability (e.g. more reactant level and failure of cooling jacket in a reactor)
- Simultaneous failure of more than one independent protection devices is not considered due to low probability (e.g. simultaneous failure of high-level alarm and overfill protection system)
- Natural Calamity (e.g. Earthquake, Flood, Cyclones etc.)
- Sabotage
Note: An independent failure is one that does not influence the occurrence of a second failure and vice versa. For example, a pump and level transmitter could both fail on their own while a process in is operation. The failure of the pump did not cause the failure of the level transmitter.
While completing a HAZOP, please consider the following:
- Failure of pressure safety valves/rupture discs are Not taken as a cause due to them being the last layer of defense. Pressure safety valves shall be considered as a safeguard.
- Design related issues are Not considered as a cause because it is assumed that design calculations are correct. (e.g. incorrect line sizes in original designs)
- It is assumed that all the equipment and control systems are working as per design intent. (e.g. we don’t take incorrect pressure setpoints of relief valve)
- In the case of multiple units of equipment (e.g. valves/Reboiler/Pumps), ensure to mention the equipment name defined in the figure (e.g. Valve X1, pump Y1) for clarification.
- It is also possible that there is no safeguard present for a system. In this case, specify “None” in “Safeguard” column.
- Standby equipment (pumps, reboilers etc.) can be considered as safeguards in the event of failure of existing equipment. This is because standby equipment can be taken inline to prevent any economic penalty or hazardous situation.
- One “Deviation” can be a cause of another “Deviation” (e.g. More flow can be a cause of More level)
- A protection system can be a cause and a safeguard for different cases. (e.g. level transmitter failure can be a cause for high level, but a level transmitter can act as safeguard in case of more flow)
- Specify only those causes which can independently lead to a “Deviation” (e.g. a closed tank outlet valve and more inlet flow can independently lead to high tank level)
- Standard Operating Procedure, if available, can be taken as safeguard when there is manual operation.
- Do not consider cases where two unrelated/independent causes can simultaneously occur.
Knowledge Check
There is a HAZOP knowledge check quiz available.
References
- “HAZOP.” Creative Safety Supply, 27 Jan. 2017, www.creativesafetysupply.com/articles/hazop/
- “Training Guide: Hazard & Operability Analysis (HAZOP).” Risk Management Training Guides, Product Quality Research Institute, https://pqri.org/wpcontent/uploads/2015/08/pdf/HAZOP_Training_Guide.pdf
- “Risk Assessment.” Chemical Process Safety: Fundamentals with Applications, by Daniel A. Crowl and Joseph F. Louvar, 3rd ed., Pearson, 2011, pp. 525–526.
- Haugen, Stein, and Marvin Rausand. “Risk Assessment.” 9. HAZOP. Department of Production and Quality Engineering. Norwegian University of Science and Technology, Department of Production and Quality Engineering. Norwegian University of Science and Technology, https://www.ntnu.edu/documents/624876/1277591044/chapt09-
hazop.pdf/9e85796d-dc7f-41f8-9f04-9e13a4ce3893