HAZARD OPERABILITY CHAPTER NO.

8
8.1 History & Application:
HAZOP was initially instigated by Dr H G Lawley and associates of ICI at Wilton in the United
Kingdom in the 1960’s. Subsequently, C J Bullock and A J D Jenning from ChE Dept. Teesside
Polytechnic under supervision of T.A. Kletz applied the method at higher institution (post-
graduate level). In 1977, Chemical Industries Association published the edited version. Later on
it was used by ICI, and the use of checklists was also promoted. The technique gained popular
acclaim within the chemical industries after the ‘Fix Borough disaster’, which resulted in the
deaths of 28 people owing to a chemical plant explosion - many of the deceased were ordinary
house holders living nearby. Through the general exchange of ideas and personnel, the system
was adopted by the petroleum industries, which has a similar potential of major disasters. This
was then followed by the food and water industry, where the hazard potential is as great, but
of a different nature, the concern being more to do with contamination rather than explosions
or chemical release.

8.2 Introduction:
HAZOP has been used and develop for decades in order to identify the potential hazard and
operability problems caused by deviation from the design intent of both the new and existing
process plants. Before going further, it is best to clarify some aspects of these statements. The
concept of HAZOP involves investigating how the plant might deviate from the design intent. If,
in the process of identifying problems during a HAZOP study, a solution becomes apparent, it is
recorded as part of the HAZOP result; however, care must be taken to avoid trying to find
solutions which are not so apparent, because the prime objective for the HAZOP is problem
identification. Although the HAZOP study was developed to enhance a new design’s experience-
based practices, its use has several dimensions, with experts belonging to different
backgrounds interacting and identifying more problems when working together than when
working separately and combining their results.

8.2.1 Hazard:

A hazard is defined as any operation that could possibly cause a release of toxic, flammable or
explosive chemicals or any action that could result in injury to personal or harm to the
environment.
8.2.2 Operability:

Operability can be defined as any operation inside the design envelope that would cause a
shutdown that could possibly lead to a violation of environmental, health or safety regulations
or negatively impact profitability.

8.2.3 Types of HAZOP:

The HAZOP technique was originally developed to assess plants

PROCESS HAZOP and process systems.

A “family” of specialized HAZOPs, more focused on human errors

HUMAN HAZOP
than technical failures.

Review of procedures or operational sequences, sometimes

PROCEDURE HAZOP
denoted SAFOP Safe Operation study.

SOFTWARE HAZOP Identification of possible errors in the development of Software

8.2.4 The Reasons for such Widespread Use of HAZOPs:

Safety and reliability in plant design relies upon the application of various codes of practice, or
design codes and standards. These standards represent the accumulation of knowledge and
experience of both individual experts and the industry as a whole. Such application is usually
backed up by the experience of the engineers involved, who might well have been previously
concerned with the design, commissioning or operation of similar plant.

Although codes of practice are extremely valuable, it is however considered important to

supplement them with an imaginative anticipation of deviations which might occur because of
equipment malfunction or operator error. Furthermore, most companies will admit that for a
new plant, design personnel are under pressure to keep the project on schedule. This pressure
always results in errors and oversights. The HAZOP Study is an opportunity to correct these
before such changes become too expensive, or impossible to accomplish.

Even though no statistics are available to verify the claim, it is generally believed that the
HAZOP methodology is perhaps the most widely used aid to loss prevention. The reason for this
can most probably be summarized as follows:

 It is easy to learn.
  It can be easily adapted to almost all the operations that are carried out within process
industries.
 No special level of academic qualification is required.

8.2.5 When to perform a HAZOP?

The HAZOP study should preferably be carried out as early in the design phase as possible, so as
to have influence on the design. On the other hand; to carry out a HAZOP we need a rather
complete design. As a compromise, the HAZOP is usually carried out as a final check when the
detailed design has been completed. A HAZOP study may also be conducted on an existing
facility to identify modifications that should be implemented to reduce risk and Operability
problems.

HAZOP studies may also be used more extensively, including:

 At the initial concept stage when design drawings are available.

 When the final piping and instrumentation diagrams (P&ID) are available.
 During construction and installation to ensure that recommendations are implemented.
 During commissioning.
 During operation to ensure that plant emergency and operating procedures are
regularly reviewed and updated as required.

8.2.6 Success or failure of the HAZOP:

The success or failure of the HAZOP depends on several factors:

 The completeness and accuracy of drawings and other data used as a basis for the
study.
 The technical skills insights of the team.
 The ability of the team to use the approach as an aid to their imagination in visualizing
deviations, causes, and consequences.
 The ability of the team to concentrate on the more serious hazards which are identified.

8.3 Objectives of HAZOP Study

The objectives of a HAZOP study can be summarized as follows:

 To identify (areas of the design that may possess a significant hazard potential.
 To identify and study features of the design that influence the probability of a hazardous
incident occurring.
 To familiarize the study team with the design information available.
  To ensure that a systematic study is made of the areas of significant hazard potential.
 To identify pertinent design information not currently available to the team.
 To provide a mechanism for feedback to the client of the study teams detailed
comments.

8.4 Features of HAZOP Study:

Subsystems of interest Line and valve, etc.

Equipment, Vessels
Modes of operation Normal operation
Start -up mode
Shutdown mode
Maintenance /construction / inspection mode
Trigger events Human failure
Equipment /instrument/component failure
Supply failure
Emergency environment event
Other causes of abnormal operation, including
instrument disturbance
Effects within plant Changes in chemical conditions
Changes in inventory
Change in chemical physical conditions
Hazardous conditions Release of material
Changes in material hazard characteristics
Operating limit reached
Energy source exposed etc.
Corrective action Change of Change of operating limits
process design Change of system reliability
Improvement of material containment
Change control system
Add/remove materials
How would hazardous During normal operation
Conditions detected? Upon human failure
Upon component failure
In other circumstances
Contingency actions Improve isolation
Improve protection
8.5 HAZOP Study Methodology:
A HAZOP study is conducted in the following steps:

8.5.1 Specify the purpose, objective, and scope of the study:

The purpose may be the analysis of a yet to be built plant or a review of the risk of an existing
unit. Keeping in view the purpose and circumstances of the study, the objectives listed above
can be made more specific. The range of the study lies within the physical unit boundaries, and
also the choice of events and variables considered. For example, at one time HAZOP's were
mainly focused on fire and explosion endpoints, while now the scope may include toxic release,
offensive odor, and environmental end-points. The initial establishment of purpose, objectives,
and scope is very important and should be precisely set down so that it will be clear, now and in
the future, what was and was not included in the study. Responsible management is required
to make these decisions

8.5.2 Select the HAZOP study team:

As many other experts are to be included in the team, covering all aspects of design, operation,
process chemistry, and safety; a team leader should be skilled in interpersonal techniques in
order to facilitate successful group interactions, as well as having a grasp of HAZOP. He should
instruct the team in the HAZOP procedure, in addition to emphasizing the fact that the end
objective of a HAZOP survey is to identify hazards; solutions to problems are a separate effort.

8.5.3 Collect data:

Theodore16 has listed the following materials that are usually needed:

1. Process description
2. Process flow sheets
3. Data on the chemical, physical and toxicological properties of all raw materials,
intermediates, and products.
4. Piping and instrument diagrams (P&IDs)
5. Equipment, piping, and instrument specifications
6. Process control logic diagrams
7. Layout drawings
8. Operating procedures
9. Maintenance procedures
10. Emergency response procedures
 11. Safety and training manuals

8.5.4 Conduct the Study:

Using the information collected, the unit is divided into study "nodes" and the sequence
diagrammed in Figure above is followed for each node. The points in the process where process
parameters (pressure, temperature, composition, etc.) have known and intended values are
termed as “Nodes”. These values change between nodes as a result of the operation of various
pieces of equipment such as distillation columns, heat exchanges, or pumps. Various forms and
work sheets have been developed to help organize the node process parameters and control
logic information. When the nodes and parameters are identified, each node is studied by
applying the specialized guide words to each parameter. These guide words and their meanings
are thought to be the key elements of the HAZOP procedure.

The key words are divided into two subsets.

Primary Key Words:

Primary key words focus on a particular aspect of the design intent or an associated
process condition or parameter.

These reflect both the process design intent, and the operational aspects of the plant
being studied. Typical process oriented words might be as follows.

Flow Pressure Composition Separate

Temperature Level Corrode React

Remembering that the technique is called Hazard and Operability studies, added to the above
might be relevant operational words such as:

Isolate Drain Inspect Maintain

Vent Purge Start up Shut down

Secondary Key Words:

Secondary key words when combined with a primary key word, suggest possible
deviations. They tend to be a standard set as listed below:
 Word Meaning Explanation
The design intent does not occur (e.g. flow),
No Negation of design intent
or the optional aspect is not achieved.
in the design intent occur (e.g.
Less Quantitative decrease
Pressure/Less)
in the design intent occur (e.g.
More quantitative increase
Temperature/More)
Part of quantitative decrease

As well as quantitative increase

Logical opposite of the The opposite of the design intent occurs
Reverse
intent (e.g. Flow/Reverse)
The activity occurs, but not in the way
intended (e.g. Flow/Other) could indicate a
Other Complete substitution leak or product flowing where it should not,
or composition/other might suggest
unexpected proportions in a feedstock

Guide Words According to Parameter:

Parameter Guide word / Deviation

Time Too early, too late

Sequence Wrong sequence, omissions, wrong action

Procedure Not available, not applicable, not followed

Measurement Instrument failure, observation error

Organization Unclear responsibilities, not fitted for purpose

Communication Failed equipment, insufficient / incorrect information

Personal Lack of competence, too few, too many

Position Wrong position, movement exceeding tolerances

Power Complete loss, partly lost

Weather Above limitation –causing delayed operation.

Repeated cycling through this process, which considers how and why each parameter might
differ from the intended and the consequence, is an integral part of the HAZOP study.

8.5.5 Write the Report:

It is customary to record as much detail about the events and their consequences as is
uncovered by the study. However, if the HAZOP identifies a not improbable sequence of events
that would result in a disaster, appropriate follow-up action is required. Hence, although risk
reduction action is not a part of the HAZOP, the HAZOP may trigger the need for such action.
The HAZOP studies are time consuming and expensive. Just getting the P & ID's up to date on an
older plant may be a major engineering effort. For processes with significant risk, they are cost
effective when balanced against the potential loss of life, property, business, and even the
future of the enterprise that may result from a major release. Even though considerable man-
hours are spent on the study, it must be kept in mind thatHAZOP Report is a key document
pertaining to the safety of the plant. It is crucial that the benefit of this study is easily accessible
and comprehensible for future reference in case the need arises to alter the plant or its
operating conditions.

The major part of such a report is of course the printed Minutes, which contains the team
members, meeting dates, keywords applied, and of course every detail of the study teams
findings. However, it is usual to include with this a general summary. The contents of such a
summary might typically be:

 An outline of the terms of reference and scope of the study.

 A very brief description of the process which was studied. 
 The procedures and protocol employed.  The Keyword combinations applied should be
listed, together with the explanatory meanings given to the team at the start of the
study.  Also the fact that Action Sheets have been produced and responses will be
recorded should be explained.  A brief description of the Action File (described in the
following section) should be included. 
 General comments.  If, for example, the team were assured that high point vents and
low point drains would be universally provided, mention that statement and its source. 
If certain details of vendor packages were not available, explain and list the items which
were not reviewed. 
 Results. This usually states the number of recommended actions.
 Also included in the HAZOP Report would be an Appendix containing:
o Master copies of the drawings studied
o Copies of technical data used.
o Cause and Effect charts (i.e. matrices showing the executive action of safety
related instruments and trips).
 o Any calculations produced.
o Relevant correspondence between departments, from contractor to vendor, or
client to contractor.

8.5.6 HAZOP METHOD FLOW DIAGRAM

A HAZOP study is conducted in the following steps:

 Deviation Cause Consequences Safeguard Action

In considering the information to be recorded in each of these columns is given below.

Deviation
These are departures from the intention which are discovered by systematically applying the
guide words (e.g. more pressure).

Cause
Causes are the reasons why deviations might occur. Once a deviation has been found to have a
credible cause, it can be treated as a meaningful deviation. These causes can be hardware
failures, human errors, an unanticipated process state (e.g., change of composition), external
disruptions (e.g. loss of power), etc.

Consequences
Consequences are the results of the deviations should they occur (e.g. release of toxic
materials). Trivial consequences, which are relative to the study objective, are dropped.

There are two outlets from which a consequence can arise:1) from the effect of the deviation,
e.g. loss of dosing results in complete separation;2) from the cause itself, e.g. cavitation in
pumps, with possible damage if prolonged.

Safeguards
Safeguards are usually any existing protective devices, which either prevent the cause, or
safeguards against the adverse consequences. For example, you may consider recording, “Local
pressure gauge in discharge from pump might indicate problem was arising”. Note that
safeguard needs not to be restricted hardware where appropriate credit can be taken for
procedural aspects, such as regular plants inspections.

Action
If a credible cause results in a negative consequence, it must be decided whether some action
should be taken. Consequences and associated safeguards are also considered at this stage. If it
is deemed that the protective measures are adequate, then no action should be taken, and
words to that effect are recorded in the action column. Actions fall in two groups:

 Action that removes the cause

 Action that mitigates or eliminates the consequences

Always examine removing the cause first, and only where necessary alleviate the
consequences. In the end, always take into account the label of training experience, especially
of personnel who will operate the plant. If operators do not understand how actions, which
require elaborate and sophisticated protective systems, are to be performed; actions are
wasted. It is not unknown for devices to be disabled, either deliberately or in error, because no
one knows for sure how to maintain and calibrate them. Having gone through the operations
involved in recording a single deviation, these can now be put into the context of the actual
study meeting procedure. From the flow diagram below it can be seen that it is very much an
iterative process, applying in a structured and systematic way the relevant keyword
combinations in order to recognize potential problems.

8.6 Conclusions:
HAZOP Results:

 Improvement of system or operations.

 Reduced risk and better contingency.
 More efficient operations.
 Improvement of procedures.
 Logical order.
 Completeness.
 General awareness among involved parties.
 Team building.

8.7 Advantages:
 Systematic examination.
 Multidisciplinary study.
 Utilizes operational experience.
 Covers safety as well as operational aspects.
 Solutions to the problems identified may be indicated.
 Considers operational procedures.
 Covers human errors.
 Study led by independent person.
 Results are recorded

8.8 Limitation of the HAZOP Technique:

8.8.1 Requires a Well-Defined System or Activity

The HAZOP process is a thorough analysis tool that systematically analyzes each part of a
system. The analysis team must have access to detailed design and operational information, if
they are to apply the HAZOP guide words and address potential accidents that can result from
the guide word deviations. The process methodically identifies specific engineered safeguards
(e.g., instrumentation, alarms, and interlocks) that can be seen in the form of detailed
engineering drawings.

8.8.2 Time Consuming

The HAZOP process systematically reviews credible deviations, identifies potential accidents
that can result from the deviations, investigates engineering and administrative controls to
protect against the deviations, and generates recommendations for system improvements. This
detailed analysis process requires a substantial commitment of time from both the analysis
facilitator and other subject matter experts, such as crew members, engineering personnel,
equipment vendors, etc.

8.8.3 Focuses on One-Event Causes of Deviations

The HAZOP process focuses on identifying single failures that can result in accidents of interest.
If the objective of the analysis is to identify all combinations of events that can lead to accidents
of interest, more detailed techniques should be used.

8.9 HAZOP Study of Shell & Tube Heat Exchanger:

In this study, temperature and level will be used as variables (secondary words) different guide
words (primary words) will be applied to these words

Deviation Cause: Consequence: Action

Recommended:
Pressure
Shell side very high Exchanger outlet Exchanger shell side High pressure
pressure discharge SDV closes. will be over security must be
pressurized. installed on shell
outlet which if
actuated will close all
SDV’s.
Low pressure on Feed pump trips No significance effect Not available
shell side as system remains
within the design
limits
Tube side high Tube ruptures Tube may over High pressure
pressure pressurize, but since security must be
 shell and tube are installed on tube
designed at same outlet which if
pressure hence no actuated will close all
significant effect is SDV’s.
there.
Temperature

Tube side high SDV on tube side High temperature

temperature outlet is suddenly security must be
closed there that will close
tube side SDV’s.
Flow

No flow on shell side Shell side outlet SDV Flow through Low flow security to
closes suddenly compressor will be installed on pump
reduce tube side discharge which if
temperature will actuated will trip
shoot up. feed pump and can
trip the whole plant.