Process Safety and Environmental Protection 179 (2023) 137–156

Contents lists available at ScienceDirect

Process Safety and Environmental Protection

journal homepage: www.journals.elsevier.com/process-safety-and-environmental-protection

HAZOP using Stateflow software: Methodology and case study

Meng Fei Chia, Pavan Kumar Naraharisetti *
Newcastle University in Singapore, Faculty of Science, Agriculture & Engineering, Newcastle University, Newcastle Upon Tyne NE1 7RU, UK

A R T I C L E I N F O A B S T R A C T

Keywords: Safety is paramount to any process plant facilities and its design process. To ensure that safety is considered in
Process safety design stages, process safety analysis such as hazard and operability studies are often carried out to address safety
HAZOP concerns throughout the stages of plant design to operation. However, conventional HAZOP studies are labor-
Automation
intensive and expensive. This paper aims to provide a semi-automated HAZOP study using a computer-aided
Matlab
Stateflow
tool called Stateflow. It describes the rule-based approach and algorithm used to develop the automated
HAZOP process. The paper also highlights the limitations and challenges faced and finishes with the potential
areas for further works on Stateflow to enhance the HAZOP automation capabilities.

1. Introduction study has been widely adopted by companies as a safety assessment

method for analysing the adequacy of the safety measures in place for a
The hazard and operability study, henceforth known as HAZOP, is a plant.
concept that were originally developed in the Imperial Chemical In­ HAZOP process is a time and effort consuming process that requires
dustries (ICI) in Europe dating back to 1964. As described in docu­ tremendous number of manhours and relevant knowledge of expertise to
mentation (Kletz, 1997), a team had met consistently for four months to ensure a fruitful outcome is achieved. Despite the heavy resources
examine a phenol plant with a “critical examination” technique and required, the need for it is justified as an effective means of preventing
modifying the approach to what was recognisably known as HAZOP accidents and providing a sound and robust engineering design that is
today although it was modified during later studies. safe. Safety is expensive, but accidents cost more, in a study that have
A HAZOP study is a systematic process to conduct a structured shown that accident prevention having benefits that outweigh the cost
analysis of a system, process or operation where details of its design are by as much as 3 times (Ikpe et al., 2012).
available and carried out by a team of participants with different subject The information highway lead to a globalisation of products, mar­
matter expertise, from the designer to the operator and vendor. In the kets, speeding up processes and connecting the world together (Berke­
Hazard Study (HS) methodology developed by ICI using six different ley, 1962). In the 21st century where computer technology is present in
stages (Crawley and Tyler, 2015) to sequence out safety studies, it is every industrial process, tools have been developed to help aid in solving
often carried out at the third stage, which is the detailed design stage of a daily problems and automating these manual processes. In a literature
plant where the design has no major changes and modification that review (Dunjó et al., 2010) it is presented that almost 40% of
deviates far from the original intended design. HAZOP’s principal ob­ HAZOP-related research is on automation of the process. Allowing
jectives are to identify the deviation from normal operational condi­ computers to aid in the tedious HAZOP allows some drawbacks of
tions, their causes and consequences, as well as the preventive and conventional HAZOP to be overcome, but it is not possible to entirely
mitigative measures to counteract the deviations so as to ensure the exclude the involvement of the human expert team in a HAZOP study.
system is safe for operation. This is due to the complexity of the reasoning mechanism and logical
The first paper on hazard and operability study was published in a thoughts required to be in place for analysing the interactions of the
few years later (Lawley, 1974) and became the standard procedure and plant processes and its operations. For a more comprehensive review on
became more widely used after the Flixborough disaster occurred during the latest state of the art in HAZOP automation, the readers are referred
the same year. The term “HAZOP” was not widely adopted in formal to Single and co-workers (Single et al., 2019) have opined “Com­
publications until 1983 when Keltz conducted the workshop and had puter-aided HAZOP systems should be integrated with computer-aided
this term incorporated into his notes (Kletz, 1983). To date, HAZOP design- or process simulation software using common data models

* Corresponding author.
E-mail address: [email protected] (P.K. Naraharisetti).

https://doi.org/10.1016/j.psep.2023.09.005
Received 7 April 2023; Received in revised form 3 August 2023; Accepted 4 September 2023
Available online 9 September 2023
0957-5820/© 2023 The Author(s). Published by Elsevier Ltd on behalf of Institution of Chemical Engineers. This is an open access article under the CC BY license
(http://creativecommons.org/licenses/by/4.0/).
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

based on the digital representation of the process plant.” As the manual process involves an expert team of humans, it is
subjected to cognitive biases (Baybutt, 2016). Overconfidence bias, herd
2. HAZOP methodology mentality, confirmation bias, framing cognitive bias, representative
heuristics are some of the biases that could implicate the result of
The estimated cost of about 1% sales or 10% profit in chemical HAZOP as such biases are subconsciously employed during the course of
company is spent on carrying out safety analysis (Zhao et al., 2009). the study and difficult to detect and override.
HAZOP requires tremendous amount of time and effort to look at and the Although the guidelines for deviations are clearly established in the
manhours of experts involved as a correlation to the cost per manhour is guide (Crawley and Tyler, 2015), the way the causes and consequences
significantly high. In addition, legislation and requirement for HAZOP to are written can vary due to the nature of the processes. The records of
be updated and reviewed again upon any significant change to the plant the HAZOP study can be phrased differently across different studies, and
or after a certain period of time (5 years or 10 years, depending on plant difficult to interpret as a result of inconsistency in wordings and ex­
process) involves many expensive manhours to be in place. pressions or can be perceived differently by different people.
Nodes are defined for the design typically on the piping and instru­
mentation diagram (P&IDs) and process flow diagram (PFD) to divide 2.2. Literature on automation of HAZOP
complex processes involved in a plant into sections for review. A node
can be pipe sections and vessels in which process chemicals are, or may One of the earliest attempts of automation was carried out (Parmar
be, present. Wu and Lind (2018) explains that the complexity and extent and Lees, 1987) using qualitative propagation equations to propagate
of the node is not explicitly elaborated in traditional HAZOP method faults at each process unit. The causes are generated by searching the
procedures. A proposed criterion for selecting and sizing of nodes for initial event and consequences by searching for the terminal event. The
HAZOP studies is suggested by Dunjó et al., (2011). Node selections system was efficient in identifying immediate causes and consequences
usually relies on experiences from the HAZOP team leader to divide and but had limited effectiveness in propagating deviations. It was also too
group the design into their design intent as much as possible. Mathe­ process-specific to the water separation system it was meant to
matical approaches using matrix calculus and graph theory was pre­ demonstrate.
sented by Sauk et al. (2015) and this was done to determine an optimal A quasi-steady state qualitative simulation approach to automate
order of HAZOP nodes. HAZOP analysis was proposed in the 1989s (Waters and Ponton, 1989).
Once the consequences are established through HAZOP, the existing The top-down approach here is highly like other techniques such as
safeguards and protections of the system against the consequences or the fault-tree analysis with which it was compared. However, the approach
scenarios envisaged can be recorded down as the next step. One was highly combinatorial and time consuming for practical application.
approach would be to ignore the existence of any safeguards and derive Subsequently, a system called HAZOPEX was used for safety man­
the worst-case scenario, which has the advantage of being more prudent agement to support the process designers in the HAZOP analysis (Suokas
and misjudgement of the need for protection can be minimised. It is et al., 1990). Its purpose was to identify defects and error in design in the
argued that such approach can be unrealistic to ignore any existing early stage to have better and more economic possibilities for corrective
safeguards if the system is well-designed. actions to be taken (Heino et al., 1988). It utilizes a knowledge base to
A risk assessment then assigns the risk level by considering the generate all possible deviations systematically, where the user can
likelihood and the severity of the consequences. Statistically the level of choose to accept, reject, or complement the suggestions. More efforts
risk can be represented as the product of the probability the harm occurs were required to filter the abnormal causes and the system was more
multiplied by the severity of the harm. In most cases neither the likeli­ focused on the causes rather than the consequences and measures.
hood nor severity can be indicated with accuracy and precision as it is a In the 1990 s, a group of researchers developed an inductive and
leading indicator. Risk matrices, when defined properly and used deductive methodological approach for chemical reactions hazards
correctly (Busby and Kazarians, 2018) can be applied to quantitatively (Nagel, 1991) and the approach was only limited to this aspect.
assess the risk presented. With an experienced team and sound judge­ Later, another group of researchers developed a rule-based approach
ment, the process efficiency of qualifying the risk increases. to map out the networks for consequence reasoning using both forward
Following the risk assessment, recommendations, and actions to be and backward chaining (Chae et al., 1994). Their process focuses more
taken to remediate the problem are proposed and recorded in the on individual equipment deviations, causes, and consequences and
HAZOP study. The positive actions should be unanimously agreed by the contains a limited knowledge based of six different equipment type. It
team and as this benefits the design of the plant to improve its safety. does not consider the fault propagation along the same nodes which
The HAZOP study then continues to another node or section to repeat negates the purpose of a HAZOP study covering the plant in totality from
the entire process of analysis. an overall point of view.
OptHAZOP that was developed (Khan and Abbasi, 1997b) proposed
2.1. Drawbacks of a conventional HAZOP study a study procedure and technique that relied on an expert knowledge
base with a large collection of facts, rules and information regarding
With increasing complexity of plants and operations, HAZOP studies various components of process plants.to generate cause and conse­
become increasingly tedious and time-consuming. A typical chemical quences to reduce the time required to brainstorm for them, hence better
process could take anytime from 1 to 8 weeks, involving a team of 4–10 efforts can be put into proposing recommendations for mitigation of
members or more (Venkatasubramanian et al., 2000). these consequences. Most of the plants have similar failure and causes,
As HAZOP is a very thorough systematic approach to carry out consequences may differ due to capacity, chemical use, or operating
process hazard analysis, much of the time spent is used to identify conditions.
failures and hazards (Khan and Abbasi, 1997b). Of these identified, most TOPHAZOP was a software (Khan and Abbasi, 1997c) using knowl­
of them are routine causes and consequences (Venkatasubramanian and edge base divided into two segments, process-general knowledge and
Vaidhyanathan, 1994) because the process units are common in many process-specific knowledge to of 15 process units to propagate the fail­
plants, such as pumps, tanks, and valves etc. The repetitive nature of ure cause and consequences. Subsequently, a new software EXPERTOP
such analysis results in reduced efforts and concentration over time over was developed (Khan and Abbasi, 2000) where it supplements their
mundane tasks like this. Cognition, reliability and reasoning capacities previous works to add on an inference engine and graphical user
may decrease drastically when repetitive tasks are carried out, or large interface on top of the existing knowledge base design in TOPHAZOP.
amounts of data are presented, and the conditions becomes stressful to The limitation in it was the inability to propagate the deviation to all
the HAZOP team (Iyun, 2012). downstream units for possible causes and consequences.

138
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

In the same period, a knowledge-based software HAZOPExpert Prolog, one of the first and the advanced logic programming language
(Vaidhyanathan et al., 1996) that uses the framework of process-specific back then to create an expert system consisting of a knowledge base, an
and process-general knowledge, (Vaidhyanathan and Venkatasu­ inference engine and case-specific information that forms the backbone
bramanian, 1996) and the use of Digraph-based HAZOP (HDG) models of an expert system structure. An inference engine can infer new rules
(Vaidhyanathan and Venkatasubramanian, 1995) for process units were from the case-specific data and new user inputs to construction a solu­
developed. The models were developed to be context-independent tion. The advantages over shells are that it allows more flexibility in
manner and can be used to perform analysis over a wider variety of programming, and has advantages of modularising the knowledge base,
processes. The software contains a library for 17 process units: surge allowing faster search to be carried out instead of searching from a single
tank, storage tanks with lights skim, settling tank, surge drum, liquid large database (Earl and Williamson, 1988).
knockoff drum, accumulator, gas liquid separator, heater, shell and tube The usage of knowledge-based expert systems become widely
heat exchanger, fan condenser, shell and tube condenser, stripper, adopted as the framework to carry out automation, as seen in the many
centrifugal pump, compressor, flow control valve, non-return valve and studies and prototypes being developed (Khan and Abbasi, 2000; Rah­
pipe. The performance of the software was successfully applied to three man et al., 2009; Vaidhyanathan and Venkatasubramanian, 1996; Zhao
industrial-scale petrochemical plant case studies by comparison of the et al., 2005; Zhao et al., 2005; Zhao et al., 2009, Chae et al., 1994). This
actual HAZOP team’s results. The system uses a large amount of mem­ was optimal as causes and consequences are all interlinked and required
ory, and therefore restricts its use to large machines. The to be stored in a structured data form, compared to typical databases.
knowledge-based creation proved to be very complex and not available HAZOPExpert was one such knowledge-based system that had much
to other users for modification. further development from a prototype compared to the rest of the tools.
PHASuite was developed subsequently (Zhao et al., 2005) with an It was taken further when the authors subsequently improved the
extensive knowledge engineering framework, comprising of four main framework (Venkatasubramanian and Vaidhyanathan, 1994) with the
parts: information sharing, representation, knowledge base, and use of a digraph-based model (Vaidhyanathan and Venkatasu­
reasoning engine. The approach was based on Petri nets and applied to bramanian, 1995) that could further enhance the representation of the
pharmaceutical batch processes. process system to the tool user. Further on the authors integrated Petri
ExpHAZOP+ (Rahman et al., 2009) utilises the same key concept as nets (Srinivasan and Venkatasubramanian, 1996), mathematical lan­
optHAZOP (Khan and Abbasi, 1997b) and was a further development of guages that can subtask the digraphs to account for operational pro­
EXPERTOP (Khan and Abbasi, 2000), using a unique fault propagation cedures in batch processes. The authors developed a more
algorithm and a knowledge-base to retrieve causes and consequences comprehensive system call PHAzer (Srinivasan, 1998) that uses quali­
downstream from an identified upstream event. It has an enhanced tative digraph-based models of unit operations to identify hazards, dy­
graphical user interface (GUI) and a selection method for equipment namic mathematical models to perform detailed safety evaluation, and
node. It consists of 19 different pieces of equipment but is only able to digraph and fault tree models to synthesize and analyse fault trees
perform a single path based on user selection. (Venkatasubramanian et al., 2000; Vaidhyanathan and Venkatasu­
The works that have been done in this area aims to reduce the bramanian, 1996)
amount of time spent on conventional HAZOP study with the aid of The tool optHAZOP was developed to help improve efficiency in
computer programs. A method was set up (Freeman et al., 1992) to es­ carrying out studies compared to conventional HAZOP processes.
timate the amount of time required to carry out a HAZOP based on Further works were carried out to speed up optHAZOP in a tool called
number of major equipment for analysis, the complexity of the system as TOPHAZOP to identify general and specific cause-consequences of all
well as the experience of the team as the considerable factors. Later on, a probably process-deviations. The entire expert system (termed as
mathematical model was proposed (Khan and Abbasi, 1997a) that EXPERTOP) is also made up of knowledge-base, inference engine and
further refined this method by considering other parameters like prep­ user interface (Khan and Abbasi, 2000). Finally, the author also pro­
aration time, meeting time, delay and report writing. Additionally, the posed a knowledge-based framework to conduct HAZOP on offshore
number of P&IDs and its complexity are also a function of the prepa­ process facilities (Khan, 2005).
ration and study time parameters. A detailed analysis on the time taken for study procedure reveals that
A comprehensive review on the reasons as to why automated HAZOP around 35–42% of the total time for a HAZOP study is spent on identi­
has not found its acceptance was presented (Taylor, 2017). It was fying failures and hazards, and causes of these hazards (Khan and
observed that one of the key challenges of the last century was the Abbasi, 1997b). The amount of time saving with use of optHAZOP takes
translation of the P&IDs (piping and instrumentation diagrams) into the 45% less time than conventional study time with the use of a case study.
automated HAZOP software (Single et al., 2022). Such drawbacks were also claimed the tool TOPHAZOP enabled the study to be completed in
addressed by some researchers who integrated computer aided design 4.5 h, while the same study by conventional HAZOP study took 2.5
(Rossing et al., 2010). P&IDs were also translated into digraphs and used weeks (Khan and Abbasi, 1997c). It was also claimed the HAZOPExpert
in HAZOP (Cui et al., 2008 & Cui et al., 2010). Causal reasoning using tool completed the HAZOP of a sour water stripper plant in 2 h, and a
D-higraphs, that are graphs which have depth and orthogonality were hydrotreator plant in 4 h, much lower than the time spent by the team on
implemented in Visual Basic. This methodology was demonstrated on an the analysis (Vaidhyanathan and Venkatasubramanian, 1996).
industrial case study of pilot plant distillation process (Rodríguez et al.,
2012). 2.4. Knowledge gaps / limitations

2.3. Analysis HAZOP is the most studied PHA method and abundance of research
is carried out to improve and re-adapt HAZOP processes to the modern
Since the mid-1980 s, rule-based approach has seen the kickstart of world. Although there has been numerous research over the past decade
automation of HAZOP. (Parmar and Lees, 1987). A little later it evolved on the automation of HAZOP, and many advances have been made in
to using a more advanced rule-based expert system using IF-THEN al­ this field of work as summarised above, there are still gaps that can be
gorithms and an inference engine to generate the deviations (Heino addressed in this aspect of study.
et al., 1988). This was called the HAZOPEX, an advanced development HAZOP studies are still very much conducted by human expert teams
environment consisting of a Lisp workstation (Symbolics) and a hybrid in the process industry, despite efforts being made to automate the
expert system shell (KEE). process. As a result, the process is subjected to cognitive biases (Baybutt,
Knowledge-based prototypes and expert systems were developed 2016). Groupthink is a phenomenon where a group of people have
subsequently. (Weatherill and Cameron, 1989) adopted the use of common but possibly false beliefs and hence, tend to make decisions the

139
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

same way. Another type of cognitive bias call group polarization refers of demonstrating that automation can be achieved for a very specific
to the tendency for decisions made in a group to be more extreme than industrial process. Other tools have limited functions that allow end-
the initial inclination of its members, which is often seen during con­ users to build or modify its structures and knowledge-base as they are
ventional HAZOP studies (Baybutt, 2015). Unfortunately, biases are proprietary works from the authors.
subconscious and difficult to detect, and there are no comprehensive The efforts so far carried out on automation concentrates mainly on
theory or practices to mitigate such human thinking. However, being the deviations from steady-state operation of continuous plants. In
aware and understanding its role is important so that the expert team are traditional HAZOP study the operational start up and shut down of a
aware of potentials for poor decision-making during HAZOP practice. plant can be studied, but not with these knowledge-based computer
Even in automation, the biases arise from inputs generated from users emulations.
can form part of the cognitive bias within the errors of the tools unless
machine learning and deep neural networks can be incorporated into 3. Methodology and approach
these programs and tools as a future development.
On the technicality limitations, a certain level of details and maturity In this work, we present the ‘Methodology’ in detail. We envisage a
in the design is needed before a HAZOP, whether conventional or second publication where this methodology would be applied on a case
automated study is carried out. If the design is poor, the large number of study. The goal of this work here is thus to carry out the following:
causes can potentially overload the process (McCoy et al., 1999). This is
also seen in earlier development of automation where the vast amount of 1. Develop a model-based approach using Stateflow software as the tool
data impedes the performance of the computers and taking a very long for simulating process flow identical to how it would be described in
time to derive a HAZOP study output. a P&ID.
The limitations of the computer system in simulating the dynamic 2. Use the model and the capabilities of the software to emulate the
reasoning mechanism and knowledge structures of human makes it running of HAZOP processes and produce an output like a HAZOP
difficult to obtain a fully automated HAZOP by computer (Zhao et al., report.
2009). As in the many studies carried out, the primary aim was not to
replace human involvement in HAZOP study but more of to reduce the The aim of the tool to be developed is to envisage various design and
amount of time taken for HAZOP studies to be carried out by automating process across the industry and to be able to use the knowledge base to
the routine works such as common causes and consequences associated identify causes and consequences for a wide variety of process in the
with the inherent nature of the equipment itself. HAZOP study. While many tools have been developed to perform
It is impossible to have a complete knowledge base that comprises of automated HAZOP as can be seen in the literature, we have explored the
all the known and unknown causes and consequences with increasing possibility of performing the same using existing software tool, which is
complexity and emergence of new technology, of plant process design Stateflow. Stateflow, developed by Mathworks is a control-logic based
and operation. Data acquisition therefore sets the quality tools apart toolbox used to model reactive systems via state machines and flow­
from the others. However, if the efforts and time required to input and charts. This sits effectively within a Simulink model. Simulink is
represent the information in is excessive, the value of the tool becomes extensively used in the chemical process industry, and we envisage that
greatly diminished. It is therefore crucial to figure out an approach to developing a HAZOP methodology within the MATLAB ecosystem will
systematically build up a generic knowledge base that could be applied help integrate HAZOP with other developments in the chemical process
to most, if not all process design plants in general, and a specific industry which use MATLAB. A preliminary work was submitted earlier
knowledge base for each unique process design itself. at a conference (Chia and Naraharisetti, 2021).
The outputs generated by computer tend to be excessive which in
conventional HAZOP these are usually filtered out. Handling a huge 3.1. Components in HAZOP automation
number of data output is one of the most significant challenges from
automation of HAZOP. While certain tools can provide users with con­ To automate HAZOP using computer-aided technology and Stateflow
trol over the output of the data as such that is applied to HAZOPExpert software, the representation of real-life data in a computer language that
(Vaidhyanathan and Venkatasubramanian, 1996), the significant causes could be recognised by the computers and software became an essential
or consequences could still be left out unintentionally. Treatment of the process to be carried out. Conventional HAZOP methodology relies on
data becomes one of the tedious steps to carry out over conventional two main components as inputs; the process plants’ data being analysed
HAZOP study. and the knowledge and expertise of the HAZOP participants. Process
There are also issues on the amount of trust that can be given to plants’ data that are studied in the HAZOP workshop are commonly
automated HAZOP studies. HAZOP is usually carried out by group of P&IDs and PFDs which contains most of the vital design and engineering
experts with considerable experience, responsibility, and authority. For details of the plants. Hence, a digital representation of the plant in the
the team to accept a recommendation for hazard mitigation, it must be software is required before further works can be carried out.
collectively agreed and brainstormed to understand the basis by which The knowledge on the processes, equipment, process variables,
the problem was approached. This cannot be achieved in a computer- causes, consequences, and safeguards can be derived from the experts’
generated HAZOP study. experiences and knowledge. Information acquisition and collection to
To gain acceptance of computer aided HAZOP, the system should be build a library of knowledge is another important component for the
reliable and aims to gain experts trust in their results. The robustness of automation to be able to function and produce meaningful results. The
automated HAZOP processes requires numerous testing and evaluations workflow on the approach to automation of HAZOP is shown in Fig. 1.
against known data to evaluate their accuracy and reliability. The computer-assisted HAZOP automation will then take these two
Most of the current research approaches with the aim to demonstrate components (process plant data and knowledge bases) and with the aid
that HAZOP studies can be automated to a certain extent by producing of algorithms and reasoning methods developed, computes the potential
prototypes specific to a certain area or industry. There is no single hazardous events and the causes as the outcome of process deviations.
software capable of emulating a wider approach due to complexity and These results can then be documented and stored into the digital data­
the dynamics of process plants and emergent of new technologies. base for future references, which is one of the advantages that compu­
The knowledge-base and tools created are diverse in the coding terised HAZOP automation can offer.
language used and methodology to approaching HAZOP studies. Some
of the coding languages used have already became obsolete and no
further development has been made on them after achieving the purpose

140
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Fig. 1. Schematic diagram of sequence for computer-aided HAZOP automation.

3.2. Approaching automation using Stateflow entire automation process. .

HAZOP study is a qualitative method of analysing the safety of a 3.2.1. Data preparation for HAZOP inputs
process facility or system. To use Stateflow software to approach the Data processing using complex categorical data (qualitative expres­
automation process, the computer and program must be able to read, sions such as more, less, temperature, pressure etc.) are not as effective and
process input data, and regurgitate the required HAZOP outputs. As robust as the current state of technology associated with algorithms and
described above, digitalisation of the two data components becomes a machine learning alone are not intelligent enough to automatically
critical step for the subsequent proposed methodology to work. associate all these raw data to produce meaningful and accurate models
A 4-step design approach was used for using Stateflow to carry out in our HAZOP automation research. The use of numbers was decided to
HAZOP automation. In an overview, the approach started with prepa­ be the approach in representation of these categorical data and infor­
ration of raw data and information belonging to the two components mation. Numeric data are continuous data types representing informa­
discussed above (process plant data and knowledge bases) to achieve tion in the form of scalar values. The most commonly used forms of
computer-aided automation. A protocol and data structure were set up numeric data include integer and floats. It is easier to apply data
to translate the textual information into a format that the software was transformation techniques and data processing onto numeric data, such
able to recognise and manipulate. The second step managed the as mathematical operations, grouping, mapping, and other numerical
knowledge base component, where all the information relating the de­ operations which most of the software are capable of carrying out. The
viations to known industrial causes and consequences were transformed other advantage that numeric data have is that it can also be fed into
into an organised database library. Once the library of information has many types of software and computers because of their wide recognis­
been established in the system, the next step would be to set up the ability, hence it is easier to migrate the data from one platform to
digital representation of the other component necessary for the auto­ another.
mation, the process plants’ data. Using Stateflow’s graphical interface, The initial phase of the work was to derive a data structure using
modelling the process plants’ data was carried out by designing units or numerical values for input into the computer and software system. In a
Stateflow blocks which contained unique decision logics, algorithms, conventional HAZOP, the hazards of the plants are identified by
and necessary reasoning methods to propagate HAZOP outputs by applying a process parameter such as flow, temperature, pressure etc. with
computation. The final step will be to convert these data outputs back a guideword to the node, or to a specific segment of the node such as the
into qualitative expression as the HAZOP worksheet to complete the equipment. In order to emulate this in a computer program, the use of

Fig. 2. A 4-step methodology to approaching HAZOP automation.

141
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

hierarchical numbering is adopted for defining the process deviations ensures that enough memory spaces were provided to be tagged to each
associated with the equipment, parameters, and the guide words. qualitative variable that the computer systems could identify. Each layer
The concept of the data structure is derived from data types repre­ is designed with two-digit encoding except for the third layer, where the
sentation in computer data architecture. A byte is made up of 8 bits, first digit denotes the class identifier and hence it has a three-digit
which individually represent a binary figure of either 0 or 1. A word format. The use of double digits provided more possible combinations
consist of 2 bytes, and a doubleword is 4 bytes and so on. Each byte can for the data structure to assign variables to.
represent a character such as numbers, alphabets or symbols which is The other logic is that it was fundamental to keep the inner layers as
mapped out in standard data codes such as ASCII and Unicode. identical across different HAZOP studies as possible so that a single
In the data structure developed for this research, each of the design of the algorithm can be vastly applied to most of the different
abovementioned categories (equipment, process parameter, and guide­ cases and minimal modifications would be required to fit the algorithm
word) was assigned to individual data layers as shown in Fig. 3, into another different HAZOP study. The components of the innermost
including an overall layer which is named class. The innermost layer of layer (guidewords) were well established in many HAZOP practices and
the data structure was made up of the guidewords used in HAZOP. There very widely used across all conventional HAZOP studies. Any addition to
are a typical of eleven general guidewords used for HAZOP, so each of these existing eleven guidewords being used are uncommon cases but the
them was represented with a double digit starting from “11–21″. This is data structure has been robustly designed to cater for that with spare
synonymous to how the combination of 8 bits forms a unique byte which memory spaces. In the process parameter layer, the twenty-five compo­
can code for a character, which in this case is coded for by combination nents may not be applicable for all industries. For example, process
of two digits. The double digits each act as a memory space representing parameters such as reaction and mixing may only be applicable for
individual guideword. In the second layer of the data structure, the process systems that consist of reactive chemicals or equipment like
process parameters are assigned double digits from “31″ onwards. There reactors and agitators. Across different process systems or HAZOP study,
are almost but not limited to, twenty-five common process parameters the equipment and process parameter layer could differ to cater to the
used to describe processes, such as flow, pressure, temperature, level, vis­ specific needs. The overall class layer allows an identifier to distinguish
cosity, reaction, mixing etc. In the third layer of the data structure, different sets of data structure better and this can be achieved by
equipment is represented with a three-digit number starting from changing the first number of the equipment from 101 to 201, 301 and so
“101–199″. The entire data structure can be grouped into class, where on.
each class can represent a library of their own equipment based on the The method used to represent a statement describing a process de­
different process flows, parts of process plants, or even different in­ viation such as “Low flow in heat exchanger” using numerical input is by
dustries that the HAZOP study is applied to. By changing the first digit of concatenating the layers of data structure to form a number string,
the equipment data layer, the library can be differentiated. For example, starting from equipment, then process parameters and finally guideword.
the 101–199 series can represent crude oil distillation system consisting Analogous to how 8 bits form a byte in the computer data architecture
of distillation towers, scrubbers, and the 201–299 series can represent a (Nagi, 2020), these layers of the data structure were concatenated to
hydrogen production plant which have different types of equipment form seven-digit numerical strings, ranging from “1013111–9999999″.
such as electrolyser, gas compressors and so on. This class layer was an Considering the above table, a total of, but not limited to, 385
added option to the data structure and could be omitted if it is not (7 ×5×11) combinations of describing equipment process deviations
necessary to distinguish between process systems or facilities. could be derived from a single class.
The allocation of the data structure in this order of arrangement For example, a deviation describing “no flow in storage tank” will be
stemmed from two logics: coded as “1013111″, and a “high temperature in heat exchanger” will be
The layers are arranged by the number of possible components that described numerically by “1023313″. The structure is straightforward
could make up the layer, starting from the lowest to form the inner layer and can be applied across different process plants for HAZOP because
(guidewords), to the highest that forms the outer layer (equipment). This the way to describe deviation in all process plants are similar in HAZOP
studies. The structure formed the foundation for the algorithm
sequencing and programming which is discussed in the next section.
There were numerous advantages for the setup of the data structure
in this manner. Firstly, it allowed adequate memory space in each layer
for scalability. The guideword and process parameter layers can be
adjusted to increase or decrease the amount of memory spaces needed
for extra qualitative representation, and the third layer store data of up
to ninety-nine equipment in a single class, with each class representing a
node, process, or an entire plant facility. The versatility allowed for
different setups to be made to represent a wide variety of industrial
processes.
Another advantage that the data structure offered is that it is simple
and unique. Each discrete variable or expression was identified with a
unique two-digit number which the computer recognised as a qualitative
variable. The format of using layered data structure hierarchy allowed
easy segregation and modification to each individual layer without
affecting the rest. The concept can be easily learnt by users and coded
into the computer systems for the purpose of this research.

3.2.2. Setting up the knowledge base

Conventional HAZOP study is very knowledge-intensive and relied
heavily on the working team’s area of expertise to produce a quality
study report. Knowledge is information and facts which can be classified
as explicit, tacit, and implicit knowledge (Bayne et al., 2014). Explicit
knowledge is represented by the cause and implicit knowledge in
Fig. 3. Hierarchical organisation of the data structure. HAZOP are represented by consequences and recommendations. HAZOP

142
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

causes can be articulated based on reference to past HAZOP works, (structural failures). Another example of causes in “no flow in pumps”
knowledge, experiences and other reputable sources, while conse­ could be due to pump fault (mechanical failure) and faulty sensors (in­
quences can be deduced by analysing the causes to gauge the likely struments malfunction). This set of knowledge database aimed to collect
outcome from these causes. Causes in general do not differ much among and associate causes as a result of each process deviation that is solely
different process facilities, but the extent of consequences depends on due to the equipment and their accessories, rather than the plant process
the process conditions, process fluids, and the process types taking place. as a whole.
The aim was to build a knowledge base that can include all known The other set of knowledge data was made up of process-specific
causes gathered from the abovementioned sources relating to a certain knowledge which contained information on hazardous causes relating
equipment, process, or industry. As consequences are a function of to the process design, process fluids in the plants, as well as the complex
causes, the cause-consequence relationship can be considered as further interactions between the process unit in the plants. Thermodynamic
works for building and expanding the knowledge base. It is determined properties of the process fluids made up a portion of this database for
that recommendations which is a part of HAZOP study outcome will not propagation of deviations and causes due to the nature of the fluids
be included into the knowledge base and automation process due to its using the algorithm designed. One such example the use of cryogenic
complexity involving economic and technical feasibility. fluids can potentially result in freezing of equipment that could poten­
The knowledge base structure is represented by 2 different sets of tially be a cause for process deviations. A framework approach repre­
knowledge data. One set of data consisted of the equipment-specific sented by a cause-and effect table contained information on causes that
knowledge containing data on hazardous causes that are inherent in could arise due to interaction between two process units in the plants.
the equipment. For setting up a knowledge base only inherent causes are On the basis of layout and arrangement of the process plants to be
used. That is causes known to the equipment rather than relational studied and the model built in Stateflow, hazardous causes can be
causes because of interaction between two unit-operations are used. For derived from the matrix. Such causes could be due to configurational
example, in heat exchangers, there are well-documented causes of no defects learnt from past experiences from other plants. It could also be
flow (because of tube rupture, tube blockage, etc), or for mechanical faults in an upstream equipment causing hazardous scenarios being
equipment, no flow can be a result of pump faulty, or instrument errors. created in the downstream process units. This framework formed part of
So other than causes that is due to a previous unit ops connected (such as the fault propagation method used in the design of the algorithm for this
no flow in heat exchanger because of a faulty pump upstream), the no research work and set the path for future development into a multi-
flow can also be due to the equipment itself being faulty as a example dimensional matrix to further emulate complex network of in­
case to illustrate. Hence, these causes are often independent of the plant teractions between all the equipment in the plants.
arrangement, process fluids, or any interactions directly with other Fig. 4 shows the “Process specific knowledge” and “Equipment spe­
processes or equipment, and are purely inherited from the design and cific knowledge”. Process specific knowledge represents both the “pro­
characteristics of the equipment themselves. The equipment attributes cess fluid data” and “cause and effect matrix”. Process fluid data relates
are also input into this database for propagation of causes using the to the physical and chemical properties of the fluid. For example,
algorithms. These causes can be due to mechanical failure, structural whether the fluid will freeze or if any precipitates can form due to
failure, instrument malfunctions, operating beyond design limits, or changing operating conditions can be obtained from this information.
other failure modes that were often pointed out in HAZOP studies. Similarly, the equipment specific knowledge also has information
An example of such causes in a “no flow in a heat exchanger” process related to the equipment, that is the physical attributes of the equip­
deviation can possibly be due to ruptured tubes, blocked tubes ment, which is called equipment data and the ‘inherent cause table’,

Fig. 4. Schematic representation of the knowledge base components. Sample Cause-effect relationships for process data are given in Table 2.

143
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

which relates to how an equipment can fair. For example, a ‘tube

rupture’ or ‘tube blockage’ is an ‘inherent cause’ which can result in ‘no
flow’. Another example would be that of a motor operated valve. The
details of the same can be collected as ‘equipment data’ and the valve
position can be linked to ‘low’ or ‘no’ flow. Thus, if there is expected
flow, the cause which is the closed or partially open valve can be
eliminated.
Sample “cause and effect matrix” is shown in Table 2 which shows
576 variables that can be represented by a 0–1 binary matrix indicating
if there a particular cause and effect are related.

3.3. Software methodology

3.3.1. Digital representation of study node in Stateflow

In order to carry out the HAZOP automation, a plant model has to be
built using Stateflow as the tool to digitally represent the node of interest
using the P&ID as a design basis. The ability of Stateflow to support
hierarchical organisation provided the foundation for the topological
Fig. 6. Layered diagram of the hierarchy levels of the components in a pro­
structure of the model and algorithm. The topology of the structure is
cess unit.
presented in Figs. 5 and 6.
In conventional HAZOP, the first step is to initiate a deviation to
blocks (if the unit falls in between other process units on the P&ID). The
analyse the causes and consequences. This process was built into
blocks provided an easy drag-and-drop function for construction and
Stateflow using selector switches. It allowed easy toggling between de­
arrangement of the model and process systems in the Stateflow
viations as they are generic and can be used to describe all process op­
environment.
erations. The deviation would trigger the states in subsequent blocks
Within the block, the second level sub-state contained process pa­
representing process units to be active and relay the inputs along the
rameters assigned in a parallel decomposition. Parallelism (Fig. 9) in
connected blocks given the conditions are fulfilled. Within each block,
Stateflow allows this hierarchical level to run simultaneously by
the states can then be linked to hazardous causes such as tank empty, tank
configuring the state charts as parallel (AND) states. Each process
overflow in the data format proposed. Examples of such switches are
parameter formed a subsystem that could be independently triggered by
shown in Fig. 7.
the inputs into the superstate block.
Process units were represented in Stateflow working environment as
This hierarchy level is designed to be block or process unit-specific; it
superstate blocks as shown in Fig. 8. Within each block, the sub-states
only contained the relevant parameters applicable to a process unit. For
contained all the necessary information and algorithm for the process
example, in a continuous stirred tank reactor, parameters such as
unit’s behaviour in different deviation scenarios. The blocks consisted of
agitation, and speed, etc are present whereas in a heater these parameters
input and output ports, and these ports could be connected to the
are absent. The specificity provided each process unit with their own
selector switches (if the unit is the start of the node) or to other unit

Fig. 5. Network hierarchical diagram of the sub-components in the systematic modelling.

144
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Fig. 7. Selector switches representing initial deviations in Stateflow.

Fig. 8. Representation blocks of equipment/process units in Stateflow.

145
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Fig. 9. Parallel representation of process parameters in Stateflow.

behavioural path and state transitions given the input conditions b. Deviation of the process unit upstream
resulted from a selected deviation. The state pathways and outputs 2. Determines the starting state of the current process unit.
would then be correlated to the knowledge base to produce relevant 3. Looks for equipment-specific knowledge database due to deviation.
causes as the result. 4. Looks for process-specific knowledge database due to name/type of
process unit.
3.3.2. Algorithm for the HAZOP automation 5. Relays a compatible output to the next block.
Within each individual parameter state, the algorithm contained
decision pathways on how the inputs were to be managed. Each The algorithm would check and assign the states for the process unit
guideword is represented as a discrete state described by numeric digits after receiving the inputs. The decision of the states it entered are given
in accordance with the methods of the data preparation. The dynamics by the inputs, which goes through the algorithm to check for the cor­
of the process interactions between the equipment are mapped onto responding transitions to be triggered based on the conditions being
transitions. The transitions linked the source to a destination state met. A diagram showing the state environment within a process
within the Stateflow diagram. The conditions which determine the parameter parent state is shown in Fig. 10. The resultant states could be
occurrence of a change in state is coded within the transitions. The al­ like the previous block, or it could be derived from a combination of
gorithm flows in the following manner. conditions met and follow the transition pathways to reach a certain
state. The algorithm then checks for actions to be triggered, such as
1. Reads the input signals and determines the following. producing a specific output data and then executes them. These output
a. Name/type of process unit upstream data were then passed on to the next process unit or cross-referenced

Fig. 10. Stateflow environment of a process parameter (Pressure) sub-state in Stateflow.

146
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Table 1 compatibility within the configuration. If the fault or deviation input

Data structure numerical representation. was not at the start of the study node, the blocks prior to where faults
Equipment Process Parameters Guidewords were input will not have the data passed to them. This could result in
some of the hazards and causes not detected upstream and would’ve
Storage Tank 101 Flow 31 No 11
Heat Exchanger 102 Pressure 32 Less 12 produced an incomplete or inaccurate hazardous causes output from the
Valves 103 Temperature 33 More 13 automation.
Pump 104 Level 34 Reverse 14 For example, a valve closure downstream can cause high pressure to
Pressure Vessel 105 Time 35 As Well As 15 build up in all the equipment situated before this valve. The algorithm
Boilers 106 Part of 16
has not considered high pressure as a deviation in the equipment up­
……
Compressors 107 Other than 17
…… Early 18 stream to be included in the HAZOP output. It is important to highlight
Late 19 here that existing research accounts for the back propagation. However,
Before 20 the current work using StateFlow is only a start, and we intend to
After 21
explore back propagation in our future work.

back to the knowledge base to produce the resultant hazardous causes 3.4. Obtaining software outputs and translating back into HAZOP format
outputs.
Consider an example where a heat-exchanger is located downstream The outputs derived from Stateflow algorithm were quantitatively
of a pump. Step 1 would be to read the Pump and Flow parameter represented and required to be translated back into meaningful HAZOP
(104–31–11, referring to Table 1), Step 2 indicates that there is no flow descriptions of the deviations and causes using qualitative expressions. .
(referring to guideword ‘No’ in Table 1). Considering the ‘equipment In Stateflow, the lookup index function block provided a means to
specific knowledge’ in Fig. 4, Step 3 would look for the causes for this connect the knowledge base table to the data outputs from running the
deviation within this equipment, the pump. Step 4 would look for the automated HAZOP simulation. The knowledge base data consisting of
process specific information that related to the pump which may cause tables were loaded into the software Simulink and each data table was
‘no flow’. Finally, in Step 5, the information that there is no flow from represented as a two-dimensional lookup index function block. The ports
the pump is relayed to the downstream equipment which is the heat- u1 and u2 are functions corresponding to the row and column headers of
exchanger. the matrix table respectively.
f (u1 ) = (x1 , x2 , x3 …), where xn = outputs for causes
3.3.3. Fault propagation method
One of the key concepts to achieve in the automation of HAZOP f (u2 ) = (y1 , y2 , y3 …), where yn = outputs for effects
study was to examine all the possible causes happening to the system in
the event of an upset occurring anywhere along the process. The idea of Each set of variables from the f(u1 )and f(u2 ) would result in a final
fault propagation has been applied in many of such automation of output indexed value corresponding to the lookup table. This value is
HAZOP researchers (Parmar & Lees, 1987; Rahman et al., 2009; Waters then mapped onto the final output file “out. V1″ to produce a HAZOP
and Ponton, 1989) with certain levels of success and difficulties. worksheet with 5 columns; hazard no., parameter, guideword, deviation,
The fundamental concept of fault propagation in Stateflow was that causes as shown in Table 3 below.
the process faults and deviations can be relayed down connecting pro­
cess unit blocks by use of connecting data outputs and inputs to transfer 3.5. Advantages of HAZOP Automation with Stateflow
the faults downstream. The faults are described by the deviation
guidewords as used in HAZOP and in Stateflow, data structure con­ The approach of adopting HAZOP automation using Stateflow has
taining this information were encoded into the data representation the following advantages examined in detail below..
format and outputs to relay down to the next connecting equipment as With a computer-based aided approach to perform automation on a
part of the algorithm to look up the cause-and-effect table for process- conventional labour-intensive process, the time-saving factor was ach­
specific causes. ieved as part of the objective of carrying out the works. However, the
This was possible in Stateflow because actions could be specified to pre-HAZOP preparations required a significant amount of time and input
trigger upon entering a state or transition in the chart. The action for and formed the most labour-intensive part in order to perform the
fault propagation was to trigger an output from the block to contain the automation works. These preparation works far exceeded the manhours
fault information and pass to the next connecting block which receives required in an actual HAZOP desktop study setting. Despite such tedious
and processes the inputs. The algorithm was designed such that the manhours consumed, it is notable that the amount of time can be
faults were part of the package data to be sent out and analysed by each significantly reduced with the model library and the knowledge base
individual equipment block downstream from where the fault being set up and developed further. This could be seen as the potential
initialised. driving factor to propel towards automation of HAZOP processes using
The alternative development for Stateflow using actual process pa­ Stateflow. Further, Matlab and Simulink are widely used in the process
rameters could be carried out for better quantification of hazardous industry, including for process control. Thus, we believe that this
scenarios. Actual process operating conditions, operating parameter development would help end users to use the Matlab ecosystem to work
ranges and other equipment related data could be entered into the from plant design, safety studies, process simulation and process control.
database of the process unit block. Deviations above and below these It is possible that P&ID drawn in this ecosystem can be linked to
ranges could be numerically programmed into Stateflow transition StateFlow to aid in automation of HAZOP. .
pathways to produce faults instead of producing data-represented out­ The use of Stateflow allowed high traceability and reproducibility of
puts that code for the faults. Outputs of the process parameters values the HAZOP process. The outputs produced by Stateflow were generated
could be propagated or escalated across the entire study node. This can on scenario basis and recorded as outputs based on the runs carried out.
be achieved by specifying the transition conditions to represent using The computerised method also allowed the records to be saved and
process parameter values instead of the qualitative representation using extracted when necessary for the HAZOP study. This overcame the
the numerical method in our data structure. challenges of physical HAZOP records that could be easily lost or
One of the drawbacks despite being able to carry out fault propa­ replaced in a plant facility over time.
gation along the study node was that it did not have backward Users could make adjustments to Stateflow software during the
entire process, such as modifying the existing plant layout, addition/

147
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Table 2
Cause and Effect matrix of the process-specific knowledge base.
CAUSE Storage Tank

Flow Pressure Temperature Level

EFFECT No Less More No Less More Less More No

101211 101212 101213 101221 101222 101223 101232 101233 101241
Storage Tank Flow No 101211 1 25 49 73 97 121 145 169 193
Storage Tank Flow Less 101212 2 26 50 74 98 122 146 170 194
Storage Tank Flow More 101213 3 27 51 75 99 123 147 171 195
Storage Tank Pressure No 101221 4 28 52 76 100 124 148 172 196
Storage Tank Pressure Less 101222 5 29 53 77 101 125 149 173 197
Storage Tank Pressure More 101223 6 30 54 78 102 126 150 174 198
Storage Tank Temperature Less 101232 7 31 55 79 103 127 151 175 199
Storage Tank Temperature More 101233 8 32 56 80 104 128 152 176 200
Storage Tank Level No 101241 9 33 57 81 105 129 153 177 201
Storage Tank Level Less 101242 10 34 58 82 106 130 154 178 202
Storage Tank Level More 101243 11 35 59 83 107 131 155 179 203
Storage Tank Level As well as 101245 12 36 60 84 108 132 156 180 204
Heat Exchanger Flow No 102211 13 37 61 85 109 133 157 181 205
Heat Exchanger Flow Less 102212 14 38 62 86 110 134 158 182 206
Heat Exchanger Flow More 102213 15 39 63 87 111 135 159 183 207
Heat Exchanger Pressure No 102221 16 40 64 88 112 136 160 184 208
Heat Exchanger Pressure Less 102222 17 41 65 89 113 137 161 185 209
Heat Exchanger Pressure More 102223 18 42 66 90 114 138 162 186 210
Heat Exchanger Temperature Less 102232 19 43 67 91 115 139 163 187 211
Heat Exchanger Temperature More 102233 20 44 68 92 116 140 164 188 212
Valves Flow No 103211 21 45 69 93 117 141 165 189 213
Valves Flow Less 103212 22 46 70 94 118 142 166 190 214
Valves Flow More 103213 23 47 71 95 119 143 167 191 215
Valves Flow Reverse 103214 24 48 72 96 120 144 168 192 216

removal of equipment, configurations, parameters and re-run the to the equipment and the interaction with the immediate upstream
simulation to produce multiple HAZOP scenarios and identified causes. equipment. Other aspects of hazardous causes such as operation pro­
This reduced the time and efforts required in conventional desktop study cedures error, maintenance aspect of equipment, were not covered in
to re-review the HAZOP report as a result of plant upgrades or modifi­ this knowledge base and simulation, which are works for further
cations and highly value-add to the automation advantages due to its development in the future.
repeatability. Extensive development of the database was required due to the large
Specifically, to the knowledge base approach, it helped to overcome number of processes and equipment currently in the world. Considerable
one of the problems in HAZOP studies. Inconsistencies that resulted efforts and amount of time will be required for knowledge acquisition
from different HAZOP studies across the industries is due to the differ­ before the database can be as complete as possible and effectively
ence in participation of the knowledge experts and their experiences. applied to the model. The interactions between different equipment are
The quality of the HAZOP study is very much reliant on the above­ highly combinatorial and non-exhaustive, partly due to continuous
mentioned factors other than some identified earlier as drawbacks of emergence of new technology in the market. As a result, there is a limit
HAZOP studies. In the knowledge-based approach, a collection of user to the completeness of HAZOP automation that the software can
inputs from expertise and experiences helped to draw commonality achieve.
between different individuals and establish a growing knowledge Since we are in the early stage of development, the methodology
domain over time. This domain can then be utilised to refine the required manual effort to develop the knowledge database, and this is
methods and algorithms to cover automation studies more effectively expected in the development of any new methodology. As more analyses
and reliably. are conducted, the knowledge database is updated each time by adding
The hierarchy and architecture of the knowledge-based system, al­ new items and making them available for future use. This would be part
gorithms, and Stateflow charts allowed for huge flexibility in the design of agile development and is currently a drawback of the methodology
of the system for automation to take place. In all of these components, and is expected to be an advantage as we do more number of HAZOPs.
the design and structure allow for further expansion of knowledge ma­
trix, state diagrams, state charts, and conditional transitions within the
3.7. Further works
software. By grouping deviations and causes directly to equipment uti­
lising state hierarchies and data structure, hazards and hazardous causes
The database has only two-dimensional data inputs which are
can be directly identified within the system containing the equipment.
inadequate for the more complex plants. Escalation of hazards could be
The Stateflow objects are highly customisable to different industries,
an effect of multiple components as the underlying root causes, therefore
processes, and operating conditions with a similarity in data structures
continuous enhancement of the knowledge base is essential, to turn it
and algorithm. Users can modify the base case to cater to different
into a multi-dimensional array of information network that an algorithm
design needs for the HAZOP studies being carried out.
is able to manage, process, and extract the relevant hazardous causes
related to a process deviation. The format of building and expanding the
3.6. Limitations of HAZOP automation with Stateflow database can be explored further in future works.
The current automation has not included consequences derived from
One of the major limitations of HAZOP automation with Stateflow the causes as part of the HAZOP study output. A rule-based approach can
was the quality of the data outputs. The causes and deviation outputs be utilised to develop consequential modelling using rules network as
from the software produces outputs for inherent and effected causes due the transition methods to construct visual flows in Stateflow such as ‘IF

148
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Storage Tank Heat Exchanger Valves

Level Flow Pressure Temperature Flow

Less More As well as No Less More No Less More Less More No Less More Reverse
101242 101243 101245 102211 102212 102213 102221 102222 102223 102232 102233 103211 103212 103213 103214
217 241 265 289 313 337 361 385 409 433 457 481 505 529 553
218 242 266 290 314 338 362 386 410 434 458 482 506 530 554
219 243 267 291 315 339 363 387 411 435 459 483 507 531 555
220 244 268 292 316 340 364 388 412 436 460 484 508 532 556
221 245 269 293 317 341 365 389 413 437 461 485 509 533 557
222 246 270 294 318 342 366 390 414 438 462 486 510 534 558
223 247 271 295 319 343 367 391 415 439 463 487 511 535 559
224 248 272 296 320 344 368 392 416 440 464 488 512 536 560
225 249 273 297 321 345 369 393 417 441 465 489 513 537 561
226 250 274 298 322 346 370 394 418 442 466 490 514 538 562
227 251 275 299 323 347 371 395 419 443 467 491 515 539 563
228 252 276 300 324 348 372 396 420 444 468 492 516 540 564
229 253 277 301 325 349 373 397 421 445 469 493 517 541 565
230 254 278 302 326 350 374 398 422 446 470 494 518 542 566
231 255 279 303 327 351 375 399 423 447 471 495 519 543 567
232 256 280 304 328 352 376 400 424 448 472 496 520 544 568
233 257 281 305 329 353 377 401 425 449 473 497 521 545 569
234 258 282 306 330 354 378 402 426 450 474 498 522 546 570
235 259 283 307 331 355 379 403 427 451 475 499 523 547 571
236 260 284 308 332 356 380 404 428 452 476 500 524 548 572
237 261 285 309 333 357 381 405 429 453 477 501 525 549 573
238 262 286 310 334 358 382 406 430 454 478 502 526 550 574
239 263 287 311 335 359 383 407 431 455 479 503 527 551 575
240 264 288 312 336 360 384 408 432 456 480 504 528 552 576

cause AND/OR cause…, THEN consequence’, similar to fault tree analysis before sending it to the fuel gas suction drum for temporary storage. The
structures used in safety assessments. gas will then be sent to the gas engine with the required amount for
consumption and power generation. The schematic representation of the
4. Case study – liquefied natural gas (LNG) fuel supply system process is shown in Fig. 13 below.

A preliminary case study is presented in this work considering a node

4.2. Equipment functions
in a larger system. A well-established plant process was used to test the
accuracy and robustness of the HAZOP automation using Stateflow. A
The functions of the individual equipment in the above process flow
portion of the process was modelled using Stateflow to determine the
diagram are described as follows. LNG Storage Tank (ST) – Stores the
hazards and the causes of three key process parameters, namely flow,
LNG under pressure and provides insulation to store it under cryogenic
temperature, and pressure.
temperature. LNG Pump (LP) – Pumps the LNG out of Storage Tank into
the heat exchanger. Control Valve (CV) – Regulates the flow of LNG into
4.1. Process description the heat exchanger based on the feedback from the outlet temperature of
the natural gas (NG). Heat Exchanger (HE) – Supplies heat from warm
The process involved the production of fuel gas supply from an LNG glycol water to heat up the LNG coming in to produce NG. Temperature
storage tank in cryogenic temperature of minus 163ºC. LNG is made up Sensor (TS) – Detects the outlet temperature of the NG coming out from
of flammable hydrocarbons, primarily consisting of methane (>79%), heat exchanger. Temperature Controller (TC) – Controls the flow of LNG
ethane, propane and a small proportion of other components such as into the heat exchanger. If the outlet of natural gas has low temperature
sulphur and nitrogen. The LNG was stored in a cryogenic storage tank output, it decreases the flow of LNG from tank. If the outlet of natural gas
under pressure and cryogenic temperature to keep it in liquid state, has high temperature output, it increases the flow of LNG from tank.
which is 600 times smaller in volume compared to an equivalent amount Suction Drum (SD) – Temporary stores the natural gas before sending it
of gas. The tank is insulated to reduce heat ingress that would cause the to the gas engines. Gas Engine (GE) – Combust the natural gas to produce
LNG to boil off and increase the internal pressure of the tank. power output.
The gas engine would require a warm natural gas (NG) in order to be This system contained process units that are common across in­
able to burn and generate power. LNG pumped from the tank flowed dustries, such as pumps, tanks, heat exchangers, temperature and tem­
through a control valve into the heat exchanger. The heat exchanger perature sensors and remote-control valves. A model was built in
used glycol water to provide heat to warm up the LNG to at least 10 ºC Stateflow using the process unit blocks and algorithms developed for
this purpose. The process boundary of the study node starts from the
Table 3 storage tank to the outlet of the heat exchanger and Stateflow attempted
Example of a Stateflow HAZOP output table. to produce a HAZOP worksheet based on the study node bounded by this
Hazard Parameter Guideword Deviation Cause limit.
No. The models used in Stateflow includes Storage Tank, Pump, Valve,
1 Temperature Low Low Temperature Closed valve, Pipe, Heat Exchanger and Temperature Sensor. These blocks in State­
in Heat Exchanger no flow from flow have been designed with the algorithm and knowledge base to
hot glycol include known common hazards and causes as a result of process
water.
deviations.

149
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Fig. 11. Output data processing in Stateflow.

150
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Fig. 12. Process flow diagram of LNG fuel supply system.

Fig. 13. Overall GUI for process modelled in Stateflow.

The Graphical User Interfaces (GUI) in Stateflow is shown in Fig. 13

below.
Table 4
Overall tabulation of hazardous causes by process parameters (See Appendix A
5. Results and discussion for details).
Process parameters Number of hazard causes identified
5.1. Stateflow analysis results
Flow 33
High 8
In a total of six (6) Stateflow blocks representing the various Low 12
equipment were being modelled and used to test the automation of No 13
HAZOP, a result of seventy-three (73) hazards counts were generated, Pressure 21
High 8
each representing a cause for the hazard. Three process parameters were
Low 7
considered in the test, with a total of eight (8) deviations being Vacuum 6
modelled. A process variable deviation was selected for each parameter Temperature 19
at the start of the run. After the process report is generated, another High 10
deviation from each process parameter that has not been carried out Low 9
Grand Total 73
were selected and the process repeats until the last deviation has been

151
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

Table 5
Comparison of Automation of HAZOP with Stateflow and conventional HAZOP workshop.
Categories Automation of HAZOP with Stateflow Conventional HAZOP Workshop

No. of hazard causes identified 46 38

Omitted causes (erroneous) (27) N.A.
No. of similar causes identified 30 30

Table 6
Hazardous causes identified in conventional HAZOP.
Hazard Component Parameter Guideword Deviation Cause
No.

3 Storage Tank Flow Low Low flow from Storage Valve position incorrectly opened/closed due to human error (operation)
Tank
7 Storage Tank Flow High High flow from Storage Valve position incorrectly opened/closed due to human error (operation)
Tank
15 Storage Tank Pressure High High pressure in Storage Overfilling of Storage Tank resulting in higher amount of BOG produced
Tank
18 Storage Tank Pressure Low Low pressure in Storage Tank internal cools rapidly due to heat loss to cryogenic fluid.
Tank
19 Storage Tank Pressure Low Low pressure in Storage Overfilling of Storage Tank with cryogenic fluid rapidly
Tank
23 Storage Tank Temperature High High temperature in Loss of lubrication in pump producing heat in tank.
Storage Tank
35 Heat Temperature Low Low temperature in Heat High flow of cryogenic LNG into Heat Exchanger with low outflow
Exchanger Exchanger
37 Heat Temperature High High Temperature in Low/No flow of cryogenic LNG into Heat Exchanger due to human error in operation of
Exchanger Heat Exchanger valves, low/no flow from storage tank etc. (Refer to above Storage Tank deviations)

Fig. 14. Examples of future development of algorithm and statechart.

152
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

in many HAZOP studies due to the commonality in process equipment

used by industries.
There were also eight (8) of these causes in the conventional HAZOP
study that was not identified by the Stateflow model. The causes as
summarised in the Table 6 below are those that discussed about oper­
ation and human errors, as well as details about maintenance. As the
knowledge base focused mainly on equipment and process-specific de­
viation causes, there were a lack of input data into the knowledge base
on maintenance schedules and downtime for the equipment. Lapses in
operation procedures and human errors are difficult to account for
because it could occur anywhere in the operation of the facility and
difficult to point out with the computer algorithm.
Fig. 15. Example of quantitative conditional transitions in Stateflow.

covered. A total of three (3) runs were carried out in total for the 5.3. Advantages of HAZOP automation with Stateflow
maximum number of deviations in any of the process parameters as the
combination of deviations have no effect on the outcome of the auto­ One of the major advantages of HAZOP automation is that users can
mation results at this stage. The HAZOP automation results were sum­ modify the base case to cater to different design needs for the HAZOP
marised in the Table 4 below. studies being carried out. In Fig. 14 below, an example was shown of
how a state can be expanded to incorporate further algorithm inputs
5.2. Conventional HAZOP study results with other equipment components in further stages of developing the
automation process. In Fig. 15, the algorithms for conditions to transit
The original HAZOP was carried out in a conventional setting. A can be changed to actual process parameters to describe deviations more
comparison was set out to study the effectiveness of HAZOP automation precisely to the operating conditions.
using Stateflow versus the conventional HAZOP study that was carried
out. The number of causes identified by both methods were compared, 6. Conclusion
as well as the accuracy of the automated HAZOP in identifying similar
causes that was recorded from the conventional HAZOP. Table 8 Com­ Given the enormous amount of effort, manhour, and cost to perform
parison of Automation of HAZOP with Stateflow and conventional HAZOP of considerable reliability, there are incentives to develop
HAZOP workshop.. automation of HAZOP. The automation reduces the time and effort
After filtering the list of outputs from the automated HAZOP, there involved on routine analytical steps and allows more focus to be placed
were a total of forty-six (46) credible hazardous causes identified by the on non-routine aspects such as process-specific hazards causes and
system. The result was close to the number of relevant hazards discussed consequences.
and recorded in the conventional HAZOP workshop. A total count of In this work, we have presented a ‘Methodology’ to use Stateflow for
thirty-eight (38) causes. See Appendix B for details. performing HAZOP. Although we can identify the ‘causes’ of deviations,
The excess causes identified by the automated HAZOP with Stateflow the methodology could further be developed to link causes with conse­
compared to conventional HAZOP is due to the way the causes were quences. Further, back propagation is one the leading causes of disasters
expressed in both methods. In the automated HAZOP, each discrete in the chemical process industries and more work is needed to include
cause was identified separately, such as “valve partially open” and “valve the same which potentially can identify more severe consequences and
fully open” while in conventional HAZOP, participants would group make this methodology more meaningful. In this manuscript, we have
them together such as “… due to valve partially/fully open which results in given a simple example where we have shown that Stateflow can be used
high flow to Heat Exchanger”. The reasoning logic of the algorithm and to combine guideword, parameter to identify the cause. We have not
software were not able to form associations of discrete causes within a presented a complete example and the same will be presented as sepa­
similar expression. In the conventional HAZOP study carried out, some rate work. In the future, we anticipate that StateFlow can be connected
of the repeated causes were also duplicated with a blanketing statement to P&IDs within the Matlab ecosystem for faster HAZOP.
“Refer to above deviation for causes” which results in the lower count
shown in the table.
From the causes identified with the two different approaches, thirty Declaration of Competing Interest
(30) of them were identified by both the Stateflow approach as well as
the conventional HAZOP study. These causes were the same in both The authors declare that they have no known competing financial
records. Examples of such causes were tank empty, pipe leaking, pipe interests or personal relationships that could have appeared to influence
choked and etc, which were common hazardous causes often identified the work reported in this paper.

Appendix A. - Automated HAZOP report generated with Stateflow

Hazard No. Parameter Guideword Deviation Cause

1 Flow Low Low flow in Storage Tank Low Flow due to Low Flow
2 Flow High High flow in Storage Tank High Flow due to High Flow
3 Flow No No flow in Storage Tank No Flow due to No Flow
4 Flow Low Low flow in Pump Low level of liquid in tank
5 Flow Low Low flow in Pump Tank leak, tank rupture
6 Flow Low Low flow in Pump Flowmeter faulty
7 Flow High High Flow in Pump Pump mulfunction
8 Flow High High Flow in Pump Flowmeter faulty
(continued on next page)

153
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

(continued )
Hazard No. Parameter Guideword Deviation Cause

9 Flow No No Flow In Pump Tank empty

10 Flow No No Flow In Pump Tank leak, tank rupture
11 Flow No No Flow In Pump Pump mulfunction
12 Flow No No Flow In Pump Flowmeter faulty
13 Flow Low Low Flow in Pipe NC Valve partly closed
14 Flow Low Low Flow in Pipe Pipe choked
15 Flow Low Low Flow in Pipe Flowmeter faulty
16 Flow High High Flow in Pipe NC Valve fully opened
17 Flow High High Flow in Pipe Flowmeter faulty
18 Flow No No Flow in Pipe NC Valve fully closed
19 Flow No No Flow in Pipe Pipe choked
20 Flow No No Flow in Pipe Flowmeter faulty
21 Flow Low Low Flow in Heat Exchanger Pipe choked
22 Flow Low Low Flow in Heat Exchanger Pipe leaking
23 Flow Low Low Flow in Heat Exchanger Heat exchanger tube fouling/ choked
24 Flow Low Low Flow in Heat Exchanger Heat exchanger tube leak
25 Flow Low Low Flow in Heat Exchanger Flowmeter faulty
26 Flow High High Flow in Heat Exchanger High flow in pipe
27 Flow High High Flow in Heat Exchanger Control system faulty
28 Flow High High Flow in Heat Exchanger Flowmeter faulty
29 Flow No No Flow in Heat Exchanger Pipe choked
30 Flow No No Flow in Heat Exchanger Pipe rupture
31 Flow No No Flow in Heat Exchanger Heat exchanger tube choked
32 Flow No No Flow in Heat Exchanger Heat exchanger tube burst
33 Flow No No Flow in Heat Exchanger Flowmeter faulty
34 Temperature Low Low Temperature in Storage Tank Low Temperature due to Low Temperature
35 Temperature Low Low Temperature in Storage Tank Excessive evaporation of process fluid
36 Temperature Low Low Temperature in Storage Tank Temperature Sensor faulty
37 Temperature High High Temperature in Storage Tank High Temperature due to High Temperature
38 Temperature High High Temperature in Storage Tank Hot fluid flow into tank
39 Temperature High High Temperature in Storage Tank Tank insulation damaged
40 Temperature High High Temperature in Storage Tank Temperature Sensor faulty
41 Temperature Low Low Temperature in Heat Exchanger Excessive process fluid flow into heat exchanger
42 Temperature Low Low Temperature in Heat Exchanger Inadequate flow of heating medium
43 Temperature Low Low Temperature in Heat Exchanger No flow of heating medium due to choke, process error, loss of fluid
44 Temperature Low Low Temperature in Heat Exchanger Temperature Sensor faulty
45 Temperature High High Temperature in Heat Exchanger Excessive heating medium flow
46 Temperature High High Temperature in Heat Exchanger Inadequate flow of process fluid
47 Temperature High High Temperature in Heat Exchanger No flow of process fluid due to choke, process error, loss of fluid
48 Temperature High High Temperature in Heat Exchanger Temperature Sensor faulty
49 Temperature Low Low Temperature in Temperature Sensor NC Valve set to open
50 Temperature Low Low Temperature in Temperature Sensor Temperature Sensor faulty
51 Temperature High High Temperature in Temperature Sensor NC Valve set to close
52 Temperature High High Temperature in Temperature Sensor Temperature Sensor faulty
53 Pressure Low Low Pressure in Storage Tank Low Pressure due to Low Pressure
54 Pressure Low Low Pressure in Storage Tank Process fluid cools
55 Pressure Low Low Pressure in Storage Tank Pressure vacuum valve faulty
56 Pressure Low Low Pressure in Storage Tank Excessive outflow of fluid with no in flow
57 Pressure Low Low Pressure in Storage Tank Pressure Sensor faulty
58 Pressure High High Pressure in Storage Tank High Pressure due to High Pressure
59 Pressure High High Pressure in Storage Tank Process fluid boils
60 Pressure High High Pressure in Storage Tank Pressure relief valve faulty
61 Pressure High High Pressure in Storage Tank Tank overfilling
62 Pressure High High Pressure in Storage Tank Pressure Sensor faulty
63 Pressure Vacuum Vacuum in Storage Tank Vacuum due to Vacuum
64 Pressure Vacuum Vacuum in Storage Tank Process fluid cools
65 Pressure Vacuum Vacuum in Storage Tank Pressure vacuum valve faulty
66 Pressure Vacuum Vacuum in Storage Tank Excessive process fluid outflow
67 Pressure Vacuum Vacuum in Storage Tank Pressure Sensor faulty
68 Pressure Low Low Pressure in Heat Exchanger Heat exchanger tube burst
69 Pressure Low Low Pressure in Heat Exchanger Pressure Sensor faulty
70 Pressure High High Pressure in Heat Exchanger High pressure from storage tank, high flow
71 Pressure High High Pressure in Heat Exchanger Tube fouling/choked
72 Pressure High High Pressure in Heat Exchanger Pressure Sensor faulty
73 Pressure Vacuum Vacuum in Heat Exchanger NA

Appendix B. - Conventional HAZOP

Hazard Component Parameter Guideword Deviation Cause

No.

1 Storage Tank Flow Low Low flow from Storage Pump malfunction
Tank
(continued on next page)

154
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

(continued )
Hazard Component Parameter Guideword Deviation Cause
No.

2 Storage Tank Flow Low Low flow from Storage Low level of inventory in storage tank
Tank
3 Storage Tank Flow Low Low flow from Storage Valve position incorrectly opened/closed due to human error (operation)
Tank
4 Storage Tank Flow Low Low flow from Storage Valve position incorrect position due to faulty instrument control TIT
Tank
4 Storage Tank Flow Low Low flow from Storage Pipe choked due to residues or condensates
Tank
5 Storage Tank Flow Low Low flow from Storage Pipe ruptured
Tank
6 Storage Tank Flow High High flow from Storage Pump malfunction
Tank
7 Storage Tank Flow High High flow from Storage Valve position incorrectly opened/closed due to human error (operation)
Tank
8 Storage Tank Flow High High flow from Storage Valve position incorrect position due to faulty instrument control TIT
Tank
9 Storage Tank Flow No No flow from Storage Empty storage tank
Tank
10 Storage Tank Flow No No flow from Storage Pump stopped, pump faulty
Tank
11 Storage Tank Flow No No flow from Storage Pipe choked due to resisdues or condensates
Tank
12 Storage Tank Flow No No flow from Storage Pipe ruptured
Tank
13 Storage Tank Flow No No flow from Storage Loss of containment of LNG, tank rupture.
Tank
13 Storage Tank Pressure High High pressure in Storage Excessive BOG produce due to heat ingress, loss of insulation integrity
Tank
14 Storage Tank Pressure High High pressure in Storage Failure of relief valve to open
Tank
15 Storage Tank Pressure High High pressure in Storage Overfilling of Storage Tank resulting in higher amount of BOG produced
Tank
16 Storage Tank Pressure Low Low pressure in Storage Excessive LNG removed from tank rapidly
Tank
17 Storage Tank Pressure Low Low pressure in Storage Pressure vacuum valve faulty
Tank
18 Storage Tank Pressure Low Low pressure in Storage Tank internal cools rapidly due to heat loss
Tank
19 Storage Tank Pressure Low Low pressure in Storage Overfilling of Storage Tank with cryogenic fluid rapidly
Tank
20 Storage Tank Pressure Vacuum Vacuum pressure in Pressure vacuum valve faulty
Storage Tank
21 Storage Tank Temperature Low Low temperature in Excessive boil off gas evaporating resulting in cooling
Storage Tank
22 Storage Tank Temperature Low Low temperature in Rapid introduction of LNG from higher tank temperature
Storage Tank
23 Storage Tank Temperature High High temperature in Loss of lubrication in pump producing heat in tank.
Storage Tank
24 Storage Tank Temperature High High temperature in Loss of insulation integrity of the tank
Storage Tank
25 Heat Flow Low Low flow to Heat Refer to above Low Flow from Storage Tank
Exchanger Exchanger
26 Heat Flow Low Low flow to Heat Heat exchanger inlet tubings blocked
Exchanger Exchanger
27 Heat Flow High High flow to Heat Refer to above High Flow from Storage Tank
Exchanger Exchanger
28 Heat Flow No No flow to Heat Refer to above No Flow from Storage Tank
Exchanger Exchanger
29 Heat Pressure High High Pressure in Heat Excessive pump pressure for fluid service into Heat Exchanger
Exchanger Exchanger
30 Heat Pressure High High Pressure in Heat LNG gas boil off and expansion before entering Heat Exchanger
Exchanger Exchanger
31 Heat Pressure High High Pressure in Heat Blocked outlet of heat exchanger
Exchanger Exchanger
32 Heat Pressure Low Low Pressure in Heat Heat exchanger inlet tube leak/rupture
Exchanger Exchanger
33 Heat Pressure Low Low Pressure in Heat Inadequate flow from pump and storage tank coupled with high demand outflow for fuel
Exchanger Exchanger gas
34 Heat Temperature Low Low temperature in Heat Loss of heating medium utility
Exchanger Exchanger
35 Heat Temperature Low Low temperature in Heat High flow of cryogenic LNG into Heat Exchanger with low outflow
Exchanger Exchanger
36 Heat Temperature Low Low temperature in Heat Temperature sensor faulty leading to control system failure of the valve
Exchanger Exchanger
(continued on next page)

155
M.F. Chia and P.K. Naraharisetti Process Safety and Environmental Protection 179 (2023) 137–156

(continued )
Hazard Component Parameter Guideword Deviation Cause
No.

37 Heat Temperature High High Temperature in Low/No flow of cryogenic LNG into Heat Exchanger due to human error in operation of
Exchanger Heat Exchanger valves, low/no flow from storage tank etc. (Refer to above Storage Tank deviations)
38 Heat Temperature High High Temperature in Temperature sensor faulty leading to control system failure of the valve
Exchanger Heat Exchanger

References McCoy, S.A., et al., 1999. HAZID, A computer aid for hazard identification: 1. The
stophaz package and the hazid code: an overview, the issues and the structure.
Process Saf. Environ. Prot. 77 (6), 317–327.
Baybutt, P., 2015. The treatment of domino effects in process hazard analysis. Process
Nagel, C.J., 1991. Identification of hazards in chemical process systems. Massachusetts
Saf. Prog. 34 (3), 220–227.
Institute of Technology.
Baybutt, P., 2016. Cognitive biases in process hazard analysis. J. Loss Prev. Process Ind.
Nagi, K., 2020. From bits and bytes to big data-an historical overview (Available at).
43, 372–377.
SSRN, 3622921.
Bayne, T., et al. (2014). The Oxford companion to consciousness, OUP Oxford.
Parmar, J.C., Lees, F., 1987. The propagation of faults in process plants: Hazard
Berkeley, E.C. (1962). The Computer Revolution.
identification. Reliab Eng 17 (4), 303–314.
Busby, K., Kazarians, M., 2018. Pitfalls of using the wrong risk matrix In PHA and LOPA.
Rahman, S., et al., 2009. ExpHAZOP+: Knowledge-based expert system to conduct
AIChE Spring Meet. Glob. Congr. Process Saf.
automated HAZOP analysis. J. Loss Prev. Process Ind. 22 (4), 373–380.
Chae, H., et al., 1994. Safety analysis using an expert system in chemical processes.
Rodríguez, M., de la Mata, J.L., 2012. Automating HAZOP studies using D-higraphs.
Korean J. Chem. Eng. 11 (3), 153–161.
Comput. Chem. Eng. 45, 102–113.
Chia, M.F. and P.K. Naraharisetti (2021). Matlab-Stateflow for automated HAZOP. 2021
Rossing, N.K., Lind, M., Jensen, N., Jorgensen, S.B., 2010. A functional HAZOP
60th Annual Conference of the Society of Instrument and Control Engineers of Japan
methodology. Comput. Chem. Eng. 34 (2), 244–253.
(SICE).
Sauk, R., et al., 2015. Application of the graph theory and matrix calculus for optimal
CRAWLEY, F., TYLER, B., 2015. HAZOP: Guide to Best Practice. Elsevier Science.
HAZOP nodes order determination. J. Loss Prev. Process Ind. 35, 377–386.
Paperback ISBN: 97803233946049 7 8 - 0 - 3 2 3 - 3 9 4 6 0 - 4eBook ISBN:
Single, J.I., 2022. Automation of the Hazard and Operability method using ontology-
9780128035801.
based scenario causation models. Ph. D. Thesis Tech. Univers. Kaiserslaut. https://
Cui, L., Zhao, J., Zhang, R., 2010. The integration of HAZOP expert system and piping
doi.org/10.26204/KLUEDO/6741.
and instrumentation diagrams. Process Saf. Environ. Prot. 88 (5), 327–334.
Single, J.I., Schmidt, J., Denecke, J., 2019. State of research on the automation of HAZOP
Cui, L., Zhao, J., Qiu, T., Chen, B., 2008. Layered digraph model for HAZOP analysis of
studies. J. Loss Prev. Process Ind. 62, 103952.
chemical processes. Process Saf. Prog. 27 (4), 293–305.
Srinivasan, R. (1998). PHAzer: An intelligent multiple models-based process hazards
Dunjo, J., Fthenakis, V., Darbra, R., Vilchez, J., Arnaldos, J., 2011. Conducting HAZOPs
analyzer, Purdue University.
in continuous chemical processes: Part I. Criteria, tools, and guidelines for selecting
Srinivasan, R., Venkatasubramanian, V., 1996. Petri net-digraph models for automating
nodes. ISSN 0957-5820 Process Saf Environ Prot 89 (4), 214–223, 10.106/j.
HAZOP analysis of batch process plants. Comput. Chem. Eng. 20, S719–S725.
psep.2011.03.001.
Suokas, J., Heino, P., 1990. Expert systems in safety management. J. Occup. Accid. 12
Dunjó, Jordi, Fthenakis, Vasilis, Vílchez, Juan A., Arnaldos, Josep, 2010. Hazard and
(1–3), 63–78.
operability (HAZOP) analysis. A literature review. J Hazard Mater 173 (1-3), 19–32.
Taylor, J.R., 2017. Automated HAZOP revisited. Process Saf. Environ. Prot. 111,
https://doi.org/10.1016/j.jhazmat.2009.08.076. Epub 2009 Aug 25.
635–651.
Earl, W.B. and C.J. Williamson (1988). Control System Synthesis: A Comparison between
Vaidhyanathan, R., et al., 1996. HAZOPExpert: an expert system for automating HAZOP
PROLOG and an Expert System Shell for Distillation Column Control. Barton, ACT.
analysis. Process Saf. Prog. 15 (2), 80–88.
Freeman, R.A., et al., 1992. Plan HAZOP studies with an expert system. Chem. Eng. Prog.
Vaidhyanathan, R., Venkatasubramanian, V., 1995. Digraph-based models for automated
88, 28–32.
HAZOP analysis. Reliab. Eng. Syst. Saf. 50 (1), 33–49.
Heino, P., et al., 1988. An expert system in process design-analysis of process safety and
Vaidhyanathan, R., Venkatasubramanian, V., 1996. A semi-quantitative reasoning
reliability. Proc. Int. Workshop Artif. Intell. Ind. Appl.
methodology for filtering and ranking HAZOP results in HAZOPExpert. Reliab. Eng.
Ikpe, E., et al., 2012. Cost-benefit analysis for accident prevention in construction
Syst. Saf. 53 (2), 185–203.
projects. J. Constr. Eng. Manag. 138 (8), 991–998.
Vaidhyanathan, R., Venkatasubramanian, V., 1996. Experience with an expert system for
Iyun, O.E. (2012). "Plant-wide diagnosis: Cause-and-effect analysis using process
automated HAZOP analysis. Comput. Chem. Eng. 20, S1589–S1594.
connectivity and directionality Information."
Venkatasubramanian, V., et al., 2000. Intelligent systems for HAZOP analysis of complex
Khan, F.I., 2005. Knowledge-based expert system framework to conduct offshore process
process plants. Comput. Chem. Eng. 24 (9–10), 2291–2302.
HAZOP study. 2005 IEEE Int. Conf. Syst., Man Cybern.
Venkatasubramanian, V., Vaidhyanathan, R., 1994. A knowledge-based framework for
Khan, F.I., Abbasi, S.A., 1997. Mathematical model for HAZOP study time estimation.
automating HAZOP analysis. AIChE J. 40 (3), 496–505.
J. Loss Prev. Process Ind. 10 (4), 249–257.
Waters, A., Ponton, J., 1989. Qualitative simulation and fault propagation in process
Khan, F.I., Abbasi, S.A., 1997. OptHAZOP—an effective and optimum approach for
plants. Chem. Eng. Res. Des. 67, 407–422.
HAZOP study. J. Loss Prev. Process Ind. 10 (3), 191–204.
Wu, J., Lind, M., 2018. Management of system complexity in HAZOP for the oil &gas
Khan, F.I., Abbasi, S.A., 1997. TOPHAZOP: a knowledge-based software tool for
industry. IFAC-Pap. 51 (8), 211–216.
conducting HAZOP in a rapid, efficient yet inexpensive manner. J. Loss Prev. Process
Zhao, C., et al., 2005. PHASuite: an automated HAZOP analysis tool for chemical
Ind. 10 (5), 333–343.
processes: part II: implementation and case study. Process Saf. Environ. Prot. 83 (6),
Khan, F.I., Abbasi, S.A., 2000. Towards automation of HAZOP with a new tool
533–548.
EXPERTOP. Environ. Model. Softw. 15 (1), 67–77.
Zhao, C., et al., 2005. PHASuite: an automated HAZOP analysis tool for chemical
Kletz, T.A., 1997. Hazop—past and future. Reliab. Eng. Syst. Saf. 55 (3), 263–266.
processes: part i: knowledge engineering framework. Process Saf. Environ. Prot. 83
Kletz, T.A. HAZOP & HAZAN: Notes on the identification and assessment of hazards, The
(6), 509–532.
Institution of Chemical Engineers, Hazard workshop modules, Rugby, 1983.
Zhao, J., et al., 2009. Learning HAZOP expert system by case-based reasoning and
https://doi.org/10.1016/S0951-8320(96)00100-7.
ontology. Comput. Chem. Eng. 33 (1), 371–378.
Lawley, H.G., 1974. Operability studies and hazard analysis. Chem. Eng. Prog. 70,
105–116.

156