Guidelines for Hazard Evaluation Procedures -  - E-Book

Guidelines for Hazard Evaluation Procedures E-Book

0,0
131,99 €

Beschreibung

Guidelines for Hazard Evaluation Procedures, 3rd Edition keeps process engineers updated on the effective methodologies that process safety demands. Almost 200 pages of worked examples are included to facilitate understanding. References for further reading, along with charts and diagrams that reflect the latest views and information, make this a completely accessible work. The revised and updated edition includes information not included in previous editions giving a comprehensive overview of this topic area.

Sie lesen das E-Book in den Legimi-Apps auf:

Android
iOS
von Legimi
zertifizierten E-Readern

Seitenzahl: 916

Bewertungen
0,0
0
0
0
0
0



Contents

Acknowledgments

List of Tables

List of Figures

Abbreviations and Acronyms

Glossary

Part I

Preface

Management Overview

Chapter 1 — Introduction to the Guidelines

Chapter 2 — Preparation for Hazard Evaluations

Chapter 3 — Hazard Identification Methods

Chapter 4 — Non-Scenario-Based Hazard Evaluation Procedures

Chapter 5 — Scenario-Based Hazard Evaluation Procedures

Chapter 6 — Selection of Hazard Evaluation Techniques

Chapter 7 — Risk-Based Determination of the Adequacy of Safeguards

Chapter 8 — Analysis Follow-Up Considerations

Chapter 9 — Extensions and Special Applications

Management Overview

1 Introduction to the Guidelines

1.1 Background

1.2 Relationship of Hazard Evaluation to Risk Management Strategies

1.3 Anatomy of a Process Incident

1.4 The Role of Safeguards

1.5 Hazard Evaluation Throughout a Plant Lifetime

1.6 Hazard Evaluation and Regulations

1.7 Limitations of Hazard Evaluation

Chapter 1 References

2 Preparation for Hazard Evaluations

2.1 Infrastructure

2.2 Analysis Objectives

2.3 Developing the Review Scope and Boundaries

2.4 Information Requirements

2.5 Use of Software Programs

2.6 Personnel and Skills

2.7 Schedule and Execution

2.8 Initial Team Review Meeting

Chapter 2 References

3 Hazard Identification Methods

3.1 Analyzing Material Properties and Process Conditions

3.2 Using Experience

3.3 Developing Interaction Matrices

3.4 Hazard Identification Results

3.5 Using Hazard Evaluation Techniques to Identify Hazards

3.6 Initial Assessment of Worst-Case Consequences

3.7 Hazard Reduction Approaches and Inherent Safety Reviews

Chapter 3 References

4 Non-Scenario-Based Hazard Evaluation Procedures

4.1 Preliminary Hazard Analysis

Section 4.1 References

4.2 Safety Review

Section 4.2 Reference

4.3 Relative Ranking

Section 4.3 References

4.4 Checklist Analysis

Section 4.4 References

5 Scenario-Based Hazard Evaluation Procedures

5.1 What-lf Analysis

Section 5.1 References

5.2 What-lf/Checklist Analysis

Section 5.2 References

5.3 Hazard and Operability Studies

Section 5.3 References

5.4 Failure Modes and Effects Analysis

Section 5.4 References

5.5 Fault Tree Analysis

6 Selection of Hazard Evaluation Techniques

6.1 Factors Influencing the Selection of Hazard Evaluation Techniques

6.2 Decision-Making Process for Selecting Hazard Evaluation Techniques

6.3 Example Using the Proposed Selection Criteria

6.4 Hazard Reviews for Management of Changes

6.5 Combined Hazard Reviews

6.6 Hazard Evaluation at Different Plant Lifetime Stages

6.7 Integrating Occupational Safety, Environment, Reliability, Maintainability, Quality, and Security into Hazard Evaluations

Chapter 6 References

7 Risk-Based Determination of the Adequacy of Safeguards

7.1 Scenarios from Scenario-Based Hazard Evaluations

7.2 Severity of Consequences

7.3 Frequency of Initiating Causes

7.4 Effectiveness of Safeguards

7.5 Risk Estimation using Risk Matrix or Direct Calculation

7.6 Layer of Protection Analysis

Chapter 7 References

8 Analysis Follow-Up Considerations

8.1 Development of Recommendations

8.2 Prioritization of Hazard Evaluation Results

8.3 Documentation of Hazard Evaluations

8.4 Development of a Management Response to a Hazard Evaluation

8.5 Resolution of Action Items

8.6 Communication of Special Findings/Sharing of Information

8.7 Use of Hazard Evaluation Results over the Plant Lifetime

Chapter 8 References

9 Extensions and Special Applications

9.1 Hazard Evaluation of Procedure-Based Operations

Section 9.1 References

9.2 Hazard Evaluation of Processes Controlled by Programmable Systems

Section 9.2 References

9.3 Hazard Evaluation of Chemical Reactivity Hazards

Section 9.3 References

9.4 Combinations of Tools

9.5 Human Factors and Human Reliability Analysis

Section 9.5 References

9.6 Facility Siting

Section 9.6 References

Part II

Preface to the Worked Examples

Management Overview of the Worked Examples

10 Introduction to the Worked Examples

10.1 Purpose

10.2 Instructional Strategy

10.3 How to Use the Worked Examples

Chapter 10 Reference

11 Description of the Example Facility and Process

11.1 Company and Facility Background

11.2 Process Overview

11.3 Description of the Process Lifetime

12 Hazard Identification for the Example Process

12.1 Analysis of Material Properties

12.2 Review of Experience

12.3 Interaction Matrix

12.4 Hazard Evaluation Techniques Used for Hazard Identification

12.5 Summary

Chapter 12 References

13 Research and Development Phase

13.1 Problem Definition

13.2 Analysis Description

13.3 Discussion of Results

13.4 Follow-up

13.5 Conclusions and Observations

14 Conceptual Design Phase

14.1 Problem Definition

14.2 Analysis Description

14.3 Discussion of Results

14.4 Follow-up

14.5 Conclusions and Observations

15 Pilot Plant Operation Phase

15.1 Problem Definition

15.2 Analysis Description

15.3 Discussion of Results

15.4 Follow-up

15.5 Conclusions and Observations

15.6 Cause-by-Cause Alternative Approach

15.7 Extension of Cause-by-Cause Approach Using Scenario Risk Estimates

16 Detailed Engineering Phase

16.1 Problem Definition

16.2 Analysizs Description

16.3 Results

16.4 Follow-up

16.5 Conclusions and Observations

17 Construction/Start-up Phase

17.1 Problem Definition

17.2 Analysis Description

17.3 Discussion of Results

17.4 Follow-up

17.5 Conclusions and Observations

18 Routine Operation Phase

18.1 Problem Definition

18.2 Analysis Description

18.4 Follow-up

18.5 Conclusions and Observations

19 Routine Operation Phase

19.1 Problem Definition

Available Resources

19.2 Analysis Description

19.3 Discussion of Results

19.4 Follow-up

19.5 Conclusions and Observations

20 Plant Expansion Phase

20.1 Problem Definition

20.2 Analysis Description

20.3 Discussion of Results

20.4 Follow-up

20.5 Conclusions and Observations

Chapter 20 Reference

21 Incident Investigation Phase

21.1 Problem Definition

21.2 Analysis Description

21.3 Discussion of Results

21.4 Follow-up

21.5 Conclusions and Observations

22 Decommissioning Phase

22.1 Problem Definition

22.2 Analysis Description

22.3 Discussion of Results

22.4 Follow-up

22.5 Conclusions and Observations

Appendices

Appendix A - Additional Checklists and Forms

A1

A2

A3

A4

B - Supplemental Questions for Hazard Identification

I. Process

II. Equipment

III. Operations

IV. Maintenance

V. Personnel Safety

VI. Fire Protection

VII. Environmental Protection

VIII. Management and Policy Issues

C - Symbols and Abbreviations for Example Problem Drawings

D - Software Aids

E - Chemical Compatibility Chart

Compatibility Chart Exceptions: Nonreactive Combinations

Compatibility Chart Exceptions: Reactive Combinations

Appendix E References

F - Organizations Offering Process Safety Enhancement Resources

Selected Bibliography

Index

This book is one in a series of process safety guideline and concept books published by the Center for Chemical Process Safety (CCPS). Please go to www.wiley.com/go/ccps for a full list of titles in this series.

It is sincerely hoped that the information presented in this document will lead to an even more impressive safety record for the entire industry. However, neither the American Institute of Chemical Engineers, its consultants, CCPS Technical Steering Committee and Subcommittee members, their employers, their employers' officers and directors, nor ABSG Consulting Inc. and its employees warrant or represent, expressly or by implication, the correctness or accuracy of the content of the information presented in this document. As between (1) American Institute of Chemical Engineers, its consultants, CCPS Technical Steering Committee and Subcommittee members, their employers, their employers' officers and directors, and ABSG Consulting Inc. and its employees and (2) the user of this document, the user accepts any legal liability or responsibility whatsoever for the consequence of its use or misuse.

Copyright © 2008 by American Institute of Chemical Engineers, Inc. All rights reserved.

A Joint Publication of the Center for Chemical Process Safety of the American Institute of Chemical Engineers and John Wiley & Sons, Inc.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750–8400, fax (978) 750–4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748–6011, fax (201) 748–6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic format. For information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available.

ISBN 978-0-471-97815-2

10 9 8 7 6 5 4 3 2 1

Acknowledgments

The Center for Chemical Process Safety (CCPS) thanks all of the members of the HEP3 (Hazard Evaluation Procedures, 3rd Edition) Subcommittee of CCPS’ Technical Steering Committee for providing input, reviews, technical guidance and encouragement to the project team throughout the preparation of this book. CCPS also expresses appreciation to the members of the Technical Steering Committee for their advice and support.

The CCPS staff liaison for this project was Bob Ormsby, who also coordinated meetings and facilitated subcommittee reviews and communications. The subcommittee had the following members, whose significant efforts and contributions are gratefully acknowledged:

Jonathan Babcock Eli Lilly and Company Bob Lenahan Bayer BMS Kumar Bhimavarapu FM Global Donald Lorenzo ABS Consulting Christine E. Browning Eastman Chemical Company Narayanan Sankaran UOP Paul Butler Buckman Laboratories John C. Stoney BP Ken Harrington, HEP3 Subcommittee Chair Chevron/Phillips Angela Summers SIS-TECH Solutions, LP Wayne Jamison Intel Tim Wagner The Dow Chemical Company Jim Johnston Wyeth Joe Wilson Syngenta

Unwin Company (Columbus, Ohio) prepared this Third Edition of the Guidelines for Hazard Evaluation Procedures, building on the previous work of Battelle Memorial Institute (First Edition) and JBF Associates, Inc. (Second Edition). Robert W. Johnson was Unwin Company’s lead author and project manager for the Third Edition. John F. Murphy was a principal author, and Steven W. Rudy, John E. Corn, and Bryan T. Haywood authored and reviewed particular sections within their areas of expertise. William G. Bridges and Revonda Tew of Process Improvement Institute, Inc. (Knoxville, Tennessee) contributed the new section on hazard evaluation of procedure-based operations.

CCPS and the Unwin Company project team also gratefully acknowledge the valuable suggestions and feedback submitted by the following persons who provided peer review comments on the final draft manuscript.

Jeffrey Castillo Monsanto Company Carol Garland Eastman Chemical Company Richard C. Griffin Chevron Phillips Chemical Company LP Kevin L. Klein Solutia, Inc. Mark M. Moderski Lummus Adrian L. Sepeda CCPS Emeritus Martin Sich Steve Sigmon Honeywell Specialty Materials Robert J. Stack The Dow Chemical Company

In addition, comments on specific sections were provided by Paul Delanoy, Gregory Schultz and David Wechsler of The Dow Chemical Company.

List of Tables

Table

1.1Hazard evaluation synonyms1.2CCPS elements of risk-based process safety1.3Elements of process incidents1.4Governmental regulations related to identifying and evaluating process hazards1.5Classical limitations of hazard evaluations2.1Typical hazard evaluation objectives at different stages of a process lifetime2.2Examples of information used to perform a hazard evaluation2.3Candidates for membership on a hazard evaluation team2.4Important team leader responsibilities3.1Common material property data for hazard identification3.2Examples of hazardous chemical compounds3.3Other parameters commonly used in an interaction matrix3.4Typical hazard identification results3.5Examples of checklist questions used in hazard identification3.6Inherent safety review team composition4.1Time estimates for using the Preliminary Hazard Analysis technique4.2Typical format for a Preliminary Hazard Analysis worksheet4.3Sample page from the H2S system example Preliminary Hazard Analysis table4.4Time estimates for using the Safety Review technique4.5Summary of Relative Ranking indexes4.6Time estimates for using Relative Ranking techniques4.7Data for the Relative Ranking example4.8Results from the Relative Ranking example4.9Time estimates for using the Checklist Analysis technique4.10Sample items from the checklist for the DAP process example5.1Time estimates for using the What-If Analysis technique5.2Typical format for a What-If Analysis worksheet5.3What-if questions for the DAP process example5.4Sample page from the What-If Analysis table for the DAP process example5.5Time estimates for using the What-If/Checklist Analysis technique5.6What-if questions for the chlorine feed line example5.7Example of a hazard checklist5.8Additional safety issues generated by using hazard checklists in the chlorine example5.9Common HAZOP Study terminology5.10Original HAZOP Study guide words and meanings5.11Common HAZOP Study process parameters5.12Time estimates for using the HAZOP Study technique5.13Typical format for a HAZOP Study worksheet5.14Example library of relevant deviations for process section types5.15Inherent safety strategies as HAZOP Study guide words5.16Sample deviations from the HAZOP Study table for the DAP process example5.17Time estimates for using the FMEA technique5.18Typical format for an FMEA worksheet5.19Examples of equipment failure modes used in an FMEA5.20Sample page from the FMEA table for the DAP process example5.21Logic and event symbols used in fault trees5.22Time estimates for using the Fault Tree Analysis technique5.23Rules for constructing fault trees5.24Minimal cut sets for the emergency cooling system example fault tree5.25Time estimates for using the Event Tree Analysis technique5.26Time estimates for using the Cause-Consequence Analysis technique5.27Incident sequence minimal cut sets for “loss of cooling water to the oxidation reactor”6.1Categories of factors that could influence the selection of hazard evaluation techniques6.2Typical information available to hazard analysts6.3Types of processes6.4Summary of typical staff effort estimates for hazard evaluation techniques6.5MOC review documents related to environment, health and safety6.6Some items to consider in a readiness review6.7Comparison between site security and process safety scenario elements7.1Scenarios are unique initiating cause / loss event combinations7.2Example of EHS impact categories and severity magnitudes used in hazard evaluations7.3Example initiating cause frequency scale (order-of-magnitude basis)7.4Example preventive safeguard failure probabilities7.5Example LOPA worksheet from Table B.2 of Reference 58.1Classification of hazard evaluation techniques for the purpose of ranking action items8.2Typical ways of ranking recommendations from hazard evaluations8.3Example ranking of recommendations in qualitative categories of urgency8.4Example of structural importance ranking8.5Prioritization attributes of hazard evaluation techniques8.6Example of a Failure Modes, Effects and Criticality Analysis table8.7Example criticality (impact) categories8.8Example frequency categories8.9Example risk ranking categories8.10Some issues that influence the contents of hazard evaluation reports8.11Items to consider including in hazard evaluation reports8.12Examples of risk management considerations8.13Typical reasons why rejecting a hazard evaluation recommendation might be justified8.14Example action item tracking log8.15Some uses for hazard evaluation results over the life of a project9.1Definitions of guide words for HAZOP Study of procedure-based operations9.2Guide words for Two Guide Word Analysis of procedure-based operations9.3Example Two Guide Word Analysis documentation9.4Example choice of methods for hazard evaluation of all modes of operations9.5Programmable versus manual control9.6Example deviations and causes with programmable control9.7Example positive and negative human factors9.8Time estimates for using the Human Reliability Analysis technique9.9Contributors to error-likely situations9.10HRA event tree incident sequences for the operator response to an alarm example9.11Facility siting considerations related to personnel and property protection10.1Summary of example problems11.1Primary VCM process materials and their primary hazards11.2Summary of lifetime phases for the example VCM process12.1VCM process materials12.2Hazardous properties of VCM process materials12.3Sample questions from the interaction matrix13.1Summary of key characteristics of chemicals used in the VCM manufacturing process13.2Sample What-If questions for the R&D phase example13.3Sample What-If Analysis results for the R&D phase13.4What-if Analysis staff requirements for the R&D phase14.1Partial list of materials in the VCM plant14.2Major equipment in the VCM plant14.3Preliminary questions for the conceptual design Preliminary Hazard Analysis14.4Sample Preliminary Hazard Analysis results for the VCM plant conceptual design14.5Preliminary Hazard Analysis staff requirements for the conceptual design phase15.1Furnace start-up procedure15.2Sample HAZOP Study results for the VCM pilot plant (deviation-by-deviation approach)15.3Sample action items from the VCM pilot plant HAZOP Study15.4HAZOP Study staff requirements for the VCM pilot plant15.5Sample HAZOP Study results for the VCM pilot plant (cause-by-cause approach)15.6Sample action items from the VCM pilot plant HAZOP Study (cause-by-cause approach)15.7Sample HAZOP Study results for the VCM pilot plant, with scenario risk estimates16.1VCM plant incinerator shutdowns16.2Steps in a combined Fault Tree and Event Tree Analysis16.3Fault Tree Analysis steps16.4Sample incident sequence minimal cut sets — incinerator explosion16.5Incinerator safety improvement alternatives16.6Combined FTA/ETA staff requirements for the detailed engineering phase17.1Checklist analysis results for the HC1 storage tank inspection17.2Action items from the HC1 storage tank Checklist Analysis17.3Checklist Analysis and Safety Review staff requirements for construction/start-up phase18.1Sample MOC review action items18.2Safety Review staff requirements for the MOC review19.1Sample HAZOP Study results for the routine operation phase19.2Sample action items from the routine operation phase19.3Sample FMEA results for the routine operation phase19.4HAZOP Study staff requirements for the routine operation phase20.1PVC reactor/site information20.2Relative Ranking results for the plant expansion phase20.3PVC batch reactor operating procedure20.4Sample HAZOP Study results for the PVC reactor20.5Sample recommendations from the HAZOP Study of the PVC batch reactor20.6Relative Ranking staff requirements for the plant expansion phase20.7PVC batch reactor HAZOP Study staff requirements for the plant expansion phase21.1Sample results from the incident investigation FMEA21.2Minimal cut sets for the incident investigation HRA event tree21.3FMEA staff requirements for the incident investigation22.1Sample decommissioning checklist22.2Sample recommendations from the furnace decommissioning What-If/Checklist Analysis22.3Decommissioning What-If/Checklist Analysis staff requirementsA1.1Example What-If checklist used in evaluating hazards of facility/operational changesA2.1Management of change hazard review formA3.1Example reactivity checklistC.1Abbreviations used in example problem drawingsD.1Hazard evaluation software aidsE.1Not dangerously reactive exceptionsF.1Professional and industry organizations offering process safety enhancement resources

List of Figures

Overview Interrelation of book chapters

Figure

1.1Aspects of understanding risk1.2Anatomy of a catastrophic incident1.3Basic incident sequence without safeguards1.4Identifying the initiating cause and the loss event in an incident scenario1.5Preventive and mitigative safeguards come into play after an initiating cause1.6Generic “bow-tie” diagram showing relation of safeguards to loss event1.7Emergency cooling system schematic2.1Information available for hazard review3.1Adverse consequences associated with process hazards3.2Typical interaction matrix3.3NOAA Worksheet compatibility chart display3.4Implementation of inherently safer design within a process risk management system4.1DAP process schematic for the Checklist Analysis example5.1Schematic for the chlorine feed line example5.2Example of a simplified checklist for hazard evaluation5.3Overview of the HAZOP Study technique5.4HAZOP Study method flow diagram5.5DAP process schematic for the HAZOP Study example5.6DAP process schematic for the FMEA example5.7Example fault tree structure5.8Sample fault tree with gates and basic events identified5.9Matrix for resolving gates of the sample fault tree5.10Emergency cooling system schematic for the Fault Tree Analysis example5.11Development of the Top event for the emergency cooling system example5.12Development of the first two intermediate events5.13Completed fault tree for the emergency cooling system example5.14First step in constructing an event tree5.15Developing the first safeguard in the sample event tree5.16Developing the second safeguard in the sample event tree5.17Developing the third safeguard in the sample event tree5.18Example of an incident sequence fault tree5.19Event tree for the initiating cause “loss of cooling water to the oxidation reactor”5.20Branch point symbol used in Cause-Consequence Analysis5.21Consequence symbol used in Cause-Consequence Analysis5.22Cause-consequence diagram for “loss of cooling water to the oxidation reactor”5.23Generic “bow-tie” diagram6.1Typical uses for hazard evaluation techniques6.2Criteria for selecting hazard evaluation techniques6.3Example flowchart for selecting a hazard evaluation technique7.1Summary of commonly used approaches to identifying incident scenarios7.2Preventive and mitigative safeguards7.3Example risk matrix using order-of-magnitude frequency and severity categories8.1Example risk matrix9.1Typical usage of procedure-based techniques at some facilities9.2Illustration for case study9.3Example HRA event tree structure9.4HRA event tree for the operator response to an alarm example11.1Schematic of the example VCM manufacturing process12.1Interaction matrix for VCM process materials13.1VCM process block diagram14.1VCM plant layout15.1VCM pilot plant P&ID16.1VCM plant incinerator P&D16.2Example event tree for the VCM plant — generic process upset initiating cause16.3Example event tree for the VCM plant — low fuel gas pressure initiating cause16.4Preliminary fault tree developed for the incinerator shutdown system16.5Final fault tree for the incinerator shutdown system16.6Fault tree for incident scenario 1-7—explosion17.1Schematic of the HC1 storage tank19.1Revised incinerator P&ID20.1VCM plant layout — PVC siting alternatives20.2PVC batch reactor P&ID20.3F&EI calculations for low-pressure PVC reactor site #120.4Radius of exposure calculations for low-pressure PVC reactor site #120.5F&EI calculations for high-pressure PVC reactor site #120.6Radius of exposure calculations for high-pressure PVC reactor site #120.7F&EI calculations for low-pressure PVC reactor site #220.8Radius of exposure calculations for low-pressure PVC reactor site #220.9F&EI calculations for high-pressure PVC reactor site #220.10Radius of exposure calculations for high-pressure PVC reactor site #220.11PVC unit block diagram21.1HC1 column P&ID21.2HRA event tree for loss of overhead condensing22.1Process flow diagram for the VCM furnace areaA3.1Instructions for use of example reactivity checklistC.1Symbols used in example problem drawingsE.1Cargo compatibility chart from CHRIS Manual

Abbreviations and Acronyms

ACC American Chemistry Council ACGIH American Conference of Government and Industrial Hygienists AEGL Acute Exposure Guideline Level AIChE American Institute of Chemical Engineers AIHA American Industrial Hygiene Association ALARP As low as reasonably practicable ANSI American National Standards Institute API American Petroleum Institute ARC® Accelerating Rate Calorimeter; accelerating rate calorimetry ASME American Society of Mechanical Engineers ASSE American Society of Safety Engineers BLEVE Boiling liquid expanding vapor explosion BPCS Basic process control system CCA Cause-Consequence Analysis CCF Common cause failure CCPS AIChE Center for Chemical Process Safety CEI Chemical Exposure Index CHAZOP Chemistry HAZOP or Computer HAZOP CPI Chemical process industry CPQRA Chemical Process Quantitative Risk Analysis CSB U.S. Chemical Safety and Hazard Investigation Board DAP Diammonium phosphate DIERS AIChE Design Institute for Emergency Relief Systems DIPPR AIChE Design Institute for Physical Property Data EHS Environmental, health and safety EPA U.S. Environmental Protection Agency ERPG Emergency Response Planning Guideline ETA Event Tree Analysis F&EI Fire and Explosion Index FMEA Failure Modes and Effects Analysis FMECA Failure Modes, Effects, and Criticality Analysis FTA Fault Tree Analysis HAZOP Hazard and Operability Study [or Analysis] HE Hazard evaluation HEP Hazard evaluation procedures HEP3Guidelines for Hazard Evaluation Procedures, 3rd EditionHRA Human Reliability Analysis IChemE Institution of Chemical Engineers (United Kingdom) ICI Imperial Chemical Industries IEC International Electrotechnical Commission ISA The Instrumentation, Systems, and Automation Society IDLH Immediately dangerous to life and health IPL Independent protection layer LCLo Lethal concentration low Ld50 Lethal dose, 50% mortality LEL Lower explosive limit LFL Lower flammable limit LOPA Layer of Protection Analysis MCS Minimal cut set MSDS Material safety data sheet MORT Management Oversight and Risk Tree NFPA National Fire Protection Association OSHA U.S. Occupational Safety and Health Administration PEL Permissible exposure limit PFD Process flow diagram or Probability of failure on demand P&ID Piping and instrumentation diagram PHA Process hazard analysis1PreHA Preliminary Hazard Analysis1PSF Performance shaping factor PSM Process safety management R&D Research and development SCBA Self-contained breathing apparatus SHI Substance Hazard Index SIF Safety instrumented function SIL Safety integrity level SIS Safety instrumented system SOP Standard operating procedure STEL Short term exposure limit; 15 min time-weighted-average maximum concentration TLV® Threshold Limit Value; occupational exposure limit recommended by ACGIH UEL Upper explosive limit UFL Upper flammable limit VPP [OSHA] Voluntary Protection Program VSP2™ Vent Sizing Package, Version 2 WI What-If [Analysis] WI/CL What-If/Checklist [Analysis]

1 The first and second editions of these Guidelines used the abbreviation “PHA” for Preliminary Hazard Analysis; however, use of this abbreviation has been changed to PreHA to avoid confusion with the now more common term Process Hazard Analysis which is associated with the acronym PHA.

Part I

Hazard Evaluation Procedures

Preface

Management Overview

1 Introduction to the Guidelines

2 Preparation for Hazard Evaluations

3 Hazard Identification Methods

4 Non-Scenario-Based Hazard Evaluation Procedures

5 Scenario-Based Hazard Evaluation Procedures

6 Selection of Hazard Evaluation Techniques

7 Risk-Based Determination of the Adequacy of Safeguards

8 Analysis Follow-Up Considerations

9 Extensions and Special Applications

Appendices (following Part II)

Appendix A – Additional Checklists and Forms

Appendix B – Supplemental Questions for Hazard Identification

Appendix C – Symbols and Abbreviations for Example Problem Drawings

Appendix D – Software Aids

Appendix E – Chemical Compatibility Chart

AppendixF – Organizations Offering Process Safety Enhancement Resources

Preface

The American Institute of Chemical Engineers (AIChE) has been closely involved with process safety and loss control issues in the chemical and allied industries for more than four decades. Through its strong ties with process designers, constructors, operators, safety professionals, and members of academia, AIChE has enhanced communication and fostered continuous improvement of the industry’s high safety standards. AIChE publications and symposia have become information resources for those devoted to understanding the causes of incidents and discovering better means of preventing their occurrence and mitigating their consequences.

The Center for Chemical Process Safety (CCPS) was established in 1985 by AIChE to develop and disseminate technical information for use in the prevention of major chemical incidents. CCPS is supported by nearly 100 sponsoring companies in the chemical process industry (CPI) and allied industries; these companies provide the necessary funding and professional experience for its technical subcommittees.

CCPS’ first project was the preparation of Guidelines for Hazard Evaluation Procedures. The goal of that groundbreaking project was:

“...to produce a useful and comprehensive text prepared to foster continued personal, professional, and technical development of engineers in the areas of chemical plant safety, and to upgrade safety performance of the industry... The document will be updated periodically, and will serve as a basis for additional related topics such as risk management”

CCPS achieved its stated goal with the publication of the Guidelines in 1985, and has since continued to foster the development of process safety professionals in all industries. For example, CCPS has developed 85 Guideline and Concept Books and has sponsored 23 international meetings since its inception. Planning and work on many other projects are also underway. This activity has occurred in the midst of many other changes and events that over the past years have fostered an unprecedented interest in hazard evaluation:

■ A number of incidents have occurred, even though many companies are seeking continuous improvement of process safety and have embraced the ideal of striving for “zero incidents.” Industry is learning from these incidents, and this hard-earned experience is an important additional source of information for process safety professionals in their quest to prevent major chemical incidents in the future.

■ Both private and public organizations, including government agencies, have become more concerned with ensuring the safety of industrial operations. This is exemplified by the formation and activities of the U.S. Chemical Safety and Hazard Investigation Board (Chemical Safety Board, or CSB), which has made several recommendations related to hazard evaluations.

■ Many organizations—including companies, industrial groups, and others concerned with the safe handling of hazardous materials—have made clear and definite commitments to the management of process safety. In 1989, CCPS published Guidelines for the Technical Management of Chemical Process Safety; followed in 2007 by Guidelines for Risk Based Process Safety. These publications outline strategies for companies to consider when designing management systems for use in preventing major chemical incidents. Other organizations have followed suit by proposing their own approaches for process safety management (PSM). In all of these PSM models, the use of hazard evaluation techniques plays a central role in helping to manage the risk of facilities and operations.

■ Many laws and regulations now place demands on organizations that handle hazardous materials. These include U.S. federal and state legislative initiatives, as well as international requirements such as the European Union’s Seveso II Directive. In 1992, the U.S. Occupational Safety and Health Administration (OSHA) promulgated a standard for Process Safety Management of Highly Hazardous Chemicals (29 CFR 1910.119). The U.S. Congress also amended the Clean Air Act by adding chemical incident prevention provisions that included broad-based process safety requirements for companies that use hazardous chemicals (U.S. Environmental Protection Agency’s Risk Management Program Rule, 40 CFR Part 68). These laws and regulations require facility owners and operators to employ hazard evaluation methods such as those recognized by CCPS. These requirements have sparked an increasing demand for practitioners who are qualified to use these methods.

■ International standards related to instrumented protective systems, notably IEC 61511 and its U.S. implementation (ANSI/ISA-84.00.01, IEC 61511 Mod), reference the use of scenario-based hazard evaluation procedures as part of the process of specifying required safety integrity levels for safety instrumented systems.

Because of the experience gained in the use of hazard evaluation techniques since 1985, and the increased impetus for companies to become involved in performing these studies, CCPS decided to revise the original Guidelines for Hazard Evaluation Procedures. Thus, as promised in CCPS’ original project mission statement, a significantly updated and expanded version was produced in 1992—Guidelines for Hazard Evaluation Procedures, Second Edition with Worked Examples. Recognition of further changes in the field of hazard evaluation and refinement in various methodologies led CCPS’ Technical Steering Committee to conclude a Third Edition was warranted and a project was initiated. This project has now been completed and the Guidelines for Hazard Evaluation Procedures, Third Edition is the result. Besides considerable updating of terminology, especially as it relates to the elements of an incident scenario, the major changes from the Second Edition include the following.

■ A new section on inherent safety reviews has been added, and the hazard evaluation method descriptions have been expanded to indicate how inherent safety concepts can be considered.

■ The hazard evaluation methodologies have been reorganized into scenario-based and non-scenario-based methods, with the recognition that scenario-based methods can be used in conjunction with aids such as risk matrices to determine the adequacy of safeguards and the priority to be placed on follow-up actions.

■ Qualitative and order-of-magnitude quantitative scenario risk estimation approaches are presented in a new chapter. These approaches are now in common use for determining the adequacy of safeguards.

■ A new section summarizing Layer of Protection Analysis (LOPA) has been added, and descriptions are given of how LOPA has been combined with hazard evaluation techniques.

■ Use of the cause-by-cause approach to documenting HAZOP Studies has been emphasized, to lessen the likelihood of overestimating scenario risks or crediting safeguards that do not apply to particular initiating cause / loss event combinations.

■ Other new sections have been added on evaluating procedure-based operations, evaluating the hazards of programmable systems, and addressing issues related to facility siting. New text on addressing human factors has been added to consideration of the Human Reliability Analysis technique.

■ An even greater emphasis has been placed on process life cycle considerations as they relate to hazard evaluations, including hazard reviews for management of change, and a new section discusses integrating hazard evaluations with other considerations such as reliability and security.

■ Additional checklists and forms have been included in the book chapters and in Appendix A.

Part I — Hazard Evaluation Procedures of these Guidelines describes methods used to identify and assess the significance of hazardous situations found in process operations or activities involving hazardous materials. However, these approaches are not limited in their application to the chemical manufacturing industry; they are also appropriate for use in any industry where activities create situations that have the potential to harm workers or the public; damage equipment or facilities; or threaten the environment through hazardous material releases, fires, or explosions.

Part I contains an overview for management and nine chapters. Appendices are located at the end of the book. The following list describes the organization of Part I.

Management Overview

■ Summarizes the use of hazard evaluation techniques as an integral part of a process safety management program

■ Describes how these techniques can be used throughout the life of a process to support many PSM activities

■ Lets managers know what they can realistically expect from a hazard evaluation and discusses important limitations found in the most commonly used techniques

Chapter 1 — Introduction to the Guidelines

■ Describes how hazard evaluation techniques fit into an overall PSM program

■ Relates the use of hazard evaluation techniques to risk management strategies

■ Introduces terminology used for evaluating process hazards in the context of a typical incident sequence of events

■ Introduces the role of safeguards in preventing and protecting against process upsets and mitigating the impacts of loss events

■ Shows how hazard evaluation techniques can be used throughout the lifetime of a process or operation

■ Outlines important theoretical and practical limitations of hazard evaluation techniques and summarizes what practitioners and management can reasonably expect from the use of these approaches

Chapter 2 — Preparation for Hazard Evaluations

■ Describes the infrastructure needed to support a hazard evaluation program

■ Gives examples of appropriate statements of scope for hazard evaluations

■ Outlines the skills and information needed to perform these studies

■ Addresses schedule and logistical considerations associated with the efficient execution of hazard evaluations

Chapter 3 — Hazard Identification Methods

■ Discusses the importance of identifying hazards and the contemporary approaches used in hazard identification

■ Illustrates the use of experience in analyzing material properties and process conditions for hazards

■ Presents several structured approaches for hazard identification, with examples

■ Describes the types of results that can be expected from hazard identification techniques, which can be used in subsequent hazard evaluation efforts

Chapter 4 — Non-Scenario-Based Hazard Evaluation Procedures

■ Explains the difference between scenario-based and non-scenario based hazard evaluations

■ Provides the following information for each of four non-scenario-based hazard evaluation techniques: purpose, description, types of results, resource requirements and analysis procedure

■ Illustrates each method with a brief example

Chapter 5 — Scenario-Based Hazard Evaluation Procedures

■ Provides the following information for each of eight hazard evaluation methods that are capable of being used to generate incident scenarios and evaluate scenario-based risks: purpose, description, types of results, resource requirements and analysis procedure

■ Illustrates each method with a brief example

Chapter 6 — Selection of Hazard Evaluation Techniques

■ Discusses factors that can influence selection of an appropriate hazard evaluation technique

■ Lists selection criteria and provides a flowchart of questions to help choose an appropriate method for a particular application

Chapter 7 — Risk-Based Determination of the Adequacy of Safeguards

■ Gives guidelines for when it is appropriate to perform a more detailed evaluation of scenario risks

■ Introduces the basic concepts of estimating loss event impacts, initiating cause frequency, and safeguard effectiveness

■ Gives examples of how these scenario risk estimates can be compared to risk criteria for determining the adequacy of safeguards

■ Introduces Layer of Protection Analysis (LOPA) as a technique to evaluate scenarios on an order-of-magnitude basis

Chapter 8 — Analysis Follow-Up Considerations

■ Discusses the importance of prioritizing the results and properly documenting a hazard evaluation

■ Gives general guidelines for communicating these results to managers so they can make appropriate risk management decisions

■ Presents strategies for tracking the changes made as a result of a hazard evaluation

Chapter 9 — Extensions and Special Applications

■ Gives further information on special related topics including human factors; facility siting; and evaluating hazards of procedure-based operations, programmable control systems, and reactive chemical systems

■ Discusses the combining of tools such as HAZOP with LOPA

Appendices. Located at the end of Part II— Worked Examples, the Appendices provide:

■ Example checklists and forms to help analysts perform various hazard evaluations

■ A legend of symbols and abbreviations used in drawings in Part II

■ A list of commercially available software aids for performing hazard evaluations

■ A chemical compatibility chart to aid in identifying hazards

■ A listing of organizations offering process safety enhancement resources.

The Guidelines for Hazard Evaluation Procedures contain information useful to both the inexperienced analyst and the accomplished practitioner. Chapters 1 through 3 are important for both the beginner and experienced hazard analyst. The experienced analyst may wish to scan the ideas on selecting an appropriate hazard evaluation method (Chapter 6); after that, to proceed directly to the appropriate sections in Chapters 4 and 5, which give the detailed steps for performing the chosen technique, and/or to Chapter 9, which gives information on special applications. Chapters 7 and 8 advise all analysts—regardless of their hazard evaluation experience—of ways to prioritize, document, and communicate the results of the hazard evaluations. The Overview figure on the next page shows how these chapters are interrelated.

Part II — Worked Examples for Hazard Evaluation Procedures, the companion to the Guidelines, provides the novice hazard analyst with realistic examples in which various hazard evaluation techniques are used throughout the life of a process. Experienced hazard analysts that are selected to provide in-house training will find Part II extremely helpful as they develop training programs. Moreover, even the experienced practitioner should find the Worked Examples helpful when designing and executing corporate PSM programs.

As was true for the original Guidelines for Hazard Evaluation Procedures and the Second Edition with Worked Examples, these Guidelines do not contain a complete program for managing the risk of chemical operations, nor do they give specific advice on how to establish a hazard analysis program for a facility or an organization. However, they do provide some of the insights that should be considered when making risk management decisions and designing risk management programs. Furthermore, they describe what users can reasonably expect from their performance of high quality hazard evaluations.

These Guidelines cannot replace hazard evaluation experience. This book should be used as an aid for the initial training of hazard analysts and as reference material for experienced practitioners. Only through frequent use will beginners become skilled in hazard evaluation techniques and be able to perform efficient hazard evaluations. Using these Guidelines within the framework of a complete PSM program will help organizations continually improve the safety of their facilities and operations.

Management Overview

A hazard evaluation is an organized effort to identify and analyze the significance of hazardous situations associated with a process or activity. Specifically, hazard evaluations are used to pinpoint weaknesses in the design and operation of facilities that could lead to chemical releases, fires, or explosions. These studies provide organizations with information to aid in making decisions for improving safety and managing the risk of operations. Hazard evaluations usually focus on process safety issues, like the acute effects of unplanned chemical releases on plant personnel or the public. These studies complement more traditional industrial health and safety activities in which protection against slips or falls, use of personal protective equipment, and monitoring for employee exposures to industrial chemicals are considered. Although primarily directed at providing safety-related information, many hazard evaluation techniques can also be used to investigate operability, economic, and environmental concerns.

Hazard evaluation is the cornerstone of an organization’s overall process safety management (PSM) program. Although hazard evaluations typically involve the use of qualitative techniques to analyze potential equipment failures and human errors that can lead to incidents, the studies can also highlight gaps in the management systems of a process safety program. In addition, individual hazard evaluation techniques can be used as a part of many other PSM program elements. For example, hazard evaluation techniques can be used (1) to investigate the possible causes of an incident that has occurred; (2) as part of a facility’s management of change program; and (3) to identify critical safety equipment for special maintenance, testing, or inspection as part of a facility’s mechanical integrity program.

Hazard evaluations should be performed throughout the life of a process as an integral part of an organization’s PSM program. These studies can be performed to help manage the risk of a process from the earliest stages of research and development (R&D); in detailed design and construction; periodically throughout the operating lifetime; and continuing until the process is decommissioned and dismantled. By using this “life cycle” approach in concert with other PSM activities, hazard evaluations can efficiently reveal deficiencies in design and operation before a unit is sited, built, or operated, thus making the most effective use of resources devoted to ensuring the safe and productive life of a facility.

Part I —Hazard Evaluation Procedures contains a brief overview of the purpose, benefits, costs, and limitations of various hazard evaluation techniques for those with a need for basic information. It also contains “how to” details on preparing for hazard evaluations, techniques for identifying hazards, strategies for selecting appropriate hazard evaluation techniques, procedures for using hazard evaluation methods, and advice on documenting and using the results of a study. Part I contains specific steps for performing a hazard evaluation using the following techniques:

■ Preliminary Hazard Analysis ■ Hazard and Operability Study ■ Safety Review ■ Failure Modes and Effects Analysis ■ Relative Ranking ■ Fault Tree Analysis ■ Checklist Analysis ■ Event Tree Analysis ■ What-If Analysis ■ Cause-Consequence Analysis ■ What-If/Checklist Analysis