HAZOP, SIL and LOPA Course: Kermanshah Polymer Company

HAZOP, SIL and LOPA Course
Prepared by: Sadra Khoshbazm
Kermanshah Polymer Company

Content
 Section 1: Protection Layers
Prepared By: S.Khoshbazm

 Section 2: Introduction to P&ID document
 Section 3: HAZOP Study
 Section 4: SIL Study (LOPA Method)

Main References
Reference Title
IEC-61511 part 1-3 Functional safety – Safety instrumented
systems for the process industry sector.
IEC-61508 part 5 Functional Safety of
Electrical/Electronic/Programmable

Electronic
(E/E/PE) Safety Related Systems.
CCPS Layer of Protection Analysis - Simplified
Process Risk Assessment.
OREDA Offshore Reliability Data Handbook-2002.
GS-EP-SAF-041 Technological risk assessment methodology
Course in a Glance
Layers of Protection

P& SIL
HAZ
(LOP
ID OP A)
Also other Studies such as:
RAM (Reliability, Availability and Maintainability)
QRA (Quantitative Risk assessment)
are P&ID base.
Section 1
Protection Layers

1st Layer: Process Design
 Process Design (Inherently Safe Design):

• Design of wellhead and flow lines for maximum shut-
in pressure of wellhead
• Design of compressor suction line for settle out

pressure, etc.
• Batch size might be limited
• Inventory lowered
• Chemistry modified
Video
• etc.
Question:
which principles (minimization, substitution, moderate, simplicity) of
inherently safe design could be study and recommended in HAZOP?
2st Layer: Basic Process Control Systems
 The first level of protection during normal operation.

 Composed of Measuring Means (Sensor + Transmitter), Logic
Solver (Controller) and Final element (e.g. Valve+ actuator)
 The failure of the BPCS can be an initiating event or cause.

 Flow, Pressure, Temperature and Level are most importance process
variables which control by BPCS.
 BPCS cant prevent all process upsets so needs other safeguards
such as shutdown system to prevent hazardous situation
Video
3rd Layer: alarms, Operator Interventions
• Second level of protection during normal operation
• Alarm has an annunciator and visual indication

• No action is automated!
• require analysis by a person - A plant operator must

decide.
• Digital computer stores a record of recent alarms

4th Layer: Safety Instrumented Systems
Hazardous Scenario:
1) Block valve closed
2) BPCS opens but cant prevent high level
3) So we need another safeguard such as

shutdown system to prevent very high
level
4) Shutdown system could be a

independent LT that close a SDV on
inlet line to column when level is very
high.
Questions:
How much shutdown system should be reliable?
How much money to be spent for buying shutdown system?
4th Layer: Safety Instrumented Systems
‫ک‬EE‫ستاز ی‬E‫عبارت‬
‫ا‬ ‫مود و‬EE‫ ن‬E‫رجمه‬EEE‫یمنی“ ت‬E‫بزار دقیقا‬E‫ ا‬E‫یستم‬EE‫ورت”س‬EE‫ ص‬E‫ه‬EEE‫نب‬E‫وا‬EEE‫ را میت‬SIS 
‫ در زمانی‬E‫ه‬EEE‫نک‬E‫ی‬E‫هدف‬
‫ا ا‬EEE‫یب‬E‫ای‬E‫ه‬E ‫ین‬E‫جزا‬E‫یو ا‬E‫ر هایمنطق‬E‫نترل‬EEE‫ ک‬،‫نورها‬EE‫لاز س‬E‫ متشک‬E‫یستم‬EE‫س‬
E‫یستم‬EE‫ س‬E‫ه‬EEE‫یبیب‬E‫س‬E‫د آ‬E‫ن‬E‫توا‬EEE‫ ب‬E‫ه‬EEE‫د (ک‬E‫یای‬EEE‫ وجود ب‬E‫ه‬EEE‫فب‬E‫نحرا‬E‫یندیا‬E‫را‬EEE‫لف‬EE‫رما‬EE‫ط ن‬E‫ی‬E‫را‬EE‫ از ش‬E‫ه‬EEE‫ک‬

.‫رساند‬EEE‫یمنب‬E‫یط ا‬E‫را‬EE‫ ش‬E‫ه‬EEE‫توماتیکب‬E‫ورت‬E
‫ ا‬E‫ ص‬E‫ه‬EEE‫یند را ب‬E‫را‬EEE‫رساند) ف‬EEE‫ب‬
‫ه موارد زیر اشاره‬E‫ی توان ب‬E‫نایع فرایندی( م‬E‫ )در ص‬SIS ‫داق های‬E‫ی از مص‬E‫ه طور کل‬E‫ ب‬
:‫نمود‬
- Emergency Shutdown System (ESD) /Shutdown System (SD)
- High Integrity Protection System (HIPS)
- Burner Management System
- Fire and Gas System (F&G)
10
SD CAUSES
4th Layer: Schematic of Restricted Area/ Fire Zone / Unit/ equipment

11
4th Layer: Shutdown Levels
Generally 4 Levels:
 ESD Levels :
– ESD 0 (Restricted Area)

– ESD 1 (Fire Zone)
 SD Levels :
– SD 2 (Unit)
– SD 3 (equipment)
12
SD CAUSES
4th Layer: Shutdown Levels
CAUSES SHUT-DOWN TYPE

Push button ESD-0 ESD-1 SD-2 SD-3
ESD-0 (direct action) ESD-1
Gas detection in tech. room ESD-1
Outdoors gas detection ESD-1

Outdoors fire detection ESD-1
Low UPS battery voltage ESD-1
ESD-1 (direct action) SD-2
Relevant process fault SD-2
Loss of containment SD-2
LSHH flare KO drum, PSLL air SD-2
Low fuel gas pressure SD-2
SD-2 (direct action) SD-3
Equipment Fault SD-3
Fire detection inside package SD-3
Gas detection inside package SD-3
13
5th Layer: Physical Protections
SD CAUSES(Pre-release Protection)
1) Pressure Safety/Relief Valve
Safety Valve is a one type of valve that automatically

actuates when the pressure of inlet side of the valve

increases to a predetermined pressure, to open the
valve disc and discharge the fluid ( steam or gas ) ; and
when the pressure decreases to the prescribed value, to
close the valve disc again.
Video
14
5th Layer: Physical Protections
SD CAUSES(Pre-release Protection)
2) A rupture disc is a thin diaphragm (generally a solid

metal disc) designed to rupture (or burst) at a designated
pressure. It is used as a weak element to protect vessels

and piping against excessive pressure (positive or
negative).
15
6th Layer: Physical Protection
SD CAUSES(Post release Protection)
• Passive devices which provide a high level of

protection if designed and maintained correctly.
• Passive fire protection such as firewall, blast

wall, fireproofing, dike, etc.
• Active fire protection such as automatic
deluge systems, foam systems, or gas detection
systems, etc.
16
7th Layer: Plant Emergency Response
SD CAUSES
• E.g. fire brigade, facility

evacuation ,etc.

• are not normally considered
as IPLs since they are
activated after the initial
release and there are too many
variables (e.g., time delays)
affecting the overall
effectiveness in mitigating a
scenario.
17
8th Layer: CommunitySDEmergency
CAUSES Response
• E.g. evacuation, shelter in

place

• are not normally considered as
IPLs since they are activated
after the initial release and
there are too many variables
(e.g., time delays) affecting the
overall effectiveness in
mitigating a scenario.
18
SD CAUSES
Prevention Layers vs. Mitigation Layers
Which layers can prevent release of fluid from an equipment?
Which layers can mitigate effects of release from an equipment?
Which layers to be considered in HAZOP?

Section 2

Piping and Instrumentation Diagram
(P&ID Development)
What is P&ID?

P&ID is basis for HAZOP Study
Process engineer
Instrument and Control P&ID Preparation
Engineer
Piping Engineer
What is P&ID Development?
Instructions document that defines the general

standards and rules for presentation and
identification of equipment, piping and
instrumentation on the P&I diagram’s to be

applied as a basis.
Example: Instrument Nozzle Sizes
Basically, the instrument nozzle size should be determined based on the

following criteria. (The following criteria should be confirmed by Instrument
dept.)
Nozzle Size Service
PG, PI, PIC 2" Vessel, H/Ex
PG, PI, PIC 1" Piping
PDI 2" Vessel

PDT 1" Piping
TW, TG, TI, TIC 2" Line, Vessel, H/Ex
LG 2" Ordinary Service
LG 2" Cold Service(Large
chamber)
LG 2" To stand piping connection
LI, LIC 2" External displacement type
LI,LIC 4" or6" Internal displacement type
LI,LIE 2" DP cell type
LI, LIC 3" DP with remote seal
LI 2" Float type
LI guide 2" x2" - ditto -
Analyzer 2" Ordinary Service
S, SC 2" All Service
Example : Control Valve Type Selection Guide lines
Globe Valve general use
Butterfly Valve large line diameter, low differential pressures

Angle Valve high differential pressures, slurry service
Diaphragm Valve corrosive service, toxic service
Ball Valve on/off control

Example 3: Pump Isolation
Centrifugal Pump

Reciprocating Pump
Example: Relief Valve Isolation
Closed Relief System

Example: Relief Valve Isolation
Open Relief System

Example: Size of Drain and Vent
•Vessel/Tower
Blow-
Vessel Volume, Vent Drain Pump-out Steam-out
down
m3
Up to 1.4 1" 1" 1" 1" 2"
1.4 to 5.7 1" 1.5" 1.5" 1" 3"

5.7 to 17 2" 2" 2" 1" 3"
17 to 71 2" 3" 3" 2" 4"
71 and over 2" 3" 3" 3" 4"
•Heat Exchange
Size of vent and drain should be 3/4", otherwise instructed.
•Pump and Compressors
Basically, size of vent and drain should be 3/4". However, size of
vent and drain on pump and compressor casing should being
accordance with vendor's standard..
•Piping
Size of vent and drain should be 3/4", otherwise instructed.
Example: Valve failure mode
Valve failure action on interruption of the operating
medium (pneumatic, electric or hydraulic supply) should
be generally determined as follows in principle.
•Shut down/isolating valves to take "fail to close"
position

•Blow-down valves to take "fail to open" position
•Compressor anti-surge valve to take "fail to open"
position.
•Pump minimum flow valve to take "fail to open"
position
Example: Drain/Purge for Control Valves
•If the control valve is fail-to-close (FC) type, bleeds (purge) should
be provided both upstream and downstream of the control valve.
•1f the control valve is fail-to-open (FO) type, only one downstream
bleed shall be installed.
•For the control valve sizes below or equal to 6", however, only one

downstream bleed is provided regardless of the valve fail action
modes (either FC or FO).
HAZOP Study
Section 3
What is HAZOP?
•HAZOP is abbreviation for HAZard and Operability.
Which one of the following items to be considered in HAZOP?

•Decreasing temperature and pressure operating condition (Moderate)
•Substitution of Hazardous material with less hazardous materials

•Replace batch reactor with plug reactor (minimization)
•Closure of a 20 inch manual valve by failure or error
•Opening of a capped drain valve of a Pump
•Atmospheric Corrosion due to air humidity
•Opening of control valve bypass valve
•Opening of a Locked Closed Valve
•Closure of a Locked Open valve
•Vehicle (Third party damage)
•Strike, storm, Wind
•Dropped object
•Sabotage
Strength/ Weakness
Basis:
A hazard does not occur if the process is always
operated within its design intention

•Strengths:
-Multi-disciplinary team effort (brainstorming)
-Systematic and qualitative method
-Cost effective
-Easy to learn
•Weakness
-You don't know what you don’t know
-Time Consuming
HAZOP Steps
Step 1
Receive and Study of Documents
Step 2
Node Definition
Step 3
Deviations Definition

Step 4
Causes Identification
Step 5
Consequence Identification
Step 6
Safeguards Identification
Step 7
Recommendation
HAZOP Worksheets
Node: (Step 2)
Deviation: (Step 3)
Cause Consequence Safeguards Recommendation

(Step 4) (Step 5) (Step 6) (Step 7)
Step 1: Receive and Study of Documents
P&ID
ESD Process

Philosophy Description
Most Important Documents
Control
PFD
Philosophy
Cause &
Effect
diagram
Step 1: Receive and Study of Documents
Other required documents:

Process Design Criteria
Isolation Philosophy

Process datasheet
Design Basis
Plot Plan
MSDS
Etc.
And each document which help us to better understanding of P&ID
Step 2: Node Definition
A node is a speciﬁc location in the process in which (the

deviations of) the design/process intent are evaluated.
Examples might be:

•Separator
•Storage tanks with relevant pumps
•K.O drum, compressor and air cooler
•etc
There is not a general rule for Node definition and
strongly depends on HAZOP leader experience, stage
of project, complexity of process and available time.
Step 2: Node Definition
Two important note in Node definition
1) Size of Node
More equipment in a node leads to increase number of deviations
and causes so decreasing performance of team members in HAZOP
meetings, also less equipment in a node leads to increase time of

HAZOP Study.
2) Dependability of equipments in a Node

Equipment which changing their process parameters (level, flow,
pressure, etc) affect on other equipment brought in one Node.
for example decreasing level in a storage tank leads to pump
damage due to suction lose so tank and pump considered in one
node.
Step 3: Deviation Definition
Design Intent
designer’s desired, or specified range of behavior for
elements and characteristics (e.g. pressure, temperature,
composition, pH, etc)

The verification of design intent (see IEC 61160), is
outside of the scope of the HAZOP study.
Practice
According to PFD and P&ID
explain the design intent
Deviation = Guidewords + Parameter
Most Applicable Deviations in HAZOP Study

Deviations Guide Word Parameter

No/Less Flow No/Less Flow
More Flow More Flow
Reverse/Misdirected Flow Reverse/Misdirected Flow
High Temperature High Temperature
Low Temperature Low Temperature
High Pressure High Pressure
Low Pressure Low Pressure
High Level High Level
Low Level Low Level
Define these 9 deviations for each node even if no

causes to be identified
Deviation = Guidewords + Parameter

Less Applicable Deviation ins HAZOP Study
Deviations Guide Word Parameter
High/Low pH High/Low pH
Impurities Present As well as Purity
High Reaction Rate More Reaction

Low Reaction Rate Less Reaction
Start-
Start-up/Shutdown hazards Other than
up/Shutdown
High Agitation/Recirculation High Agitation
Contaminants As well as Composition
High vibration High Vibration
Isolation Problem Other than Maintenance
Purging Problem Other than Maintenance
Evacuation Problem Other than Maintenance
Maintenance Hazards Other than Maintenance
Etc.
Define these deviations if necessary

HAZOP Assumption:
In the lines that their flow is controlled either by a
simple loop or a cascade one, the deviation that is
studied is the one that is related to the main design

objective of the control valve. It means that the
deviation is not always the flow deviation and
can be temperature, pressure, liquid level, etc.
It is a convention that gives the best result and
also keeps the volume of the report from
becoming unnecessarily large.
Step 4: Causes Identification
•The reason(s) why the deviation could occur.
•Several causes may be identiﬁed for one deviation.

Most important and applicable causes during
HAZOP study are as following:
1) Closure or/and Opening of Valves

2) Failure of Machinery (e.g. Rotary Equipments)
Valves could be classified to 3 types:

a) Control Valves (BPCS)
b) On/Off Valves (SDV, ESDV, XV, MOV, etc)
c) Manual Valves
“Failure of TV/PV/FV/LV/etc or any element in its

control system to close/open more”|

Example:
• Failure of LV-101 or any element in its control system
to close more.
• Failure of LV-101 or any element in its control system
to open more.
• Failure of PV-103 or any element in its control system

to close more.
• Failure of PV-103 or any element in its control system
to open more.

HAZOP Assumption:
1) Leaving a control valve bypass open can cause
MORE FLOW to occur. However, this is a remote
possibility, and furthermore, the control valve itself

will compensate for such an event. So, this is not
recorded as a cause.
2) Only loop failures will be considered, not

individual control valve/electronic failures.
3) Both fail safe position and the opposite

position will be considered fore control valves
separately
4) Erroneous opening of two valves in series or

valves with poor access is considered to be
rare cases and are omitted from the study.
b) On/Off Valves
“Closure of SDV/ESDV/XV/MOV/etc by failure or error”

Example:
• Closure of SDV-0231 by failure or error.
• Closure of ESDV-0456 by failure or error.
• Closure of MOV-102 by error.
• Closure of XV-0531 by failure or error.
• Etc
HAZOP Assumption:
1) Opening of PSV's, BDV’s is a consequence of overpressure, so it
has not been considered as a cause of “Less Pressure” or
“Misdirected Flow”. Opening of BDV/PSV could be considered
in low temperature deviation.
c) Manual Valves
“Closure of any manual valve by failure or error”
HAZOP assumption:
1) All drain and bleed valves are plugged or capped on

their open ends. Thus, drains or vent valves are not
normally considered a potential hazard source except
in special cases.
2) The inadvertent opening/closing of LC/LO/CSC/CSO
valves is not considered because administrative
controls like permit to work system are considered
adequate safeguards to prevent this situation.
3) Closure of valves greater than 8 inch is remote
possible and are not considered in HAZOP Study
2) Failure of Machinery (e.g. Rotary Equipments)
•Pump failure or trip due to any reason.

•Compressor failure or trip due to any reason.
•Blower failure or trip due to any reason.
•Air Cooler failure or trip due to any reason.
•Etc.
Practice
Show on P&ID which valves to

be considered in HAZOP study
as causes and which valves are
not considered.
Other common causes in HAZOP Study:

•Decreased/cut-off of flow from upstream.
•Not receiving in downstream.
•Increasing flow/pressure from upstream due to any reason.
•Plugging of strainer/ demister pad/ filter due to any reason.

•Low ambient temperature
•Equipment (pump, air cooler, etc) not start due to any
reason (during start up)
•Not opening a valve (during start up)
•Contamination
•Leakage/Rupture due to corrosion, erosion, TPD,
•Less heat transfer in heat exchanger/air cooler due to any
reason
•etc.
Step 5: Consequence Identification
How to write consequence?

Example: what happens if a valve upstream of a Centrifugal Compressor
closes?

Step 5: Consequence Identification
How to write consequence?
Decreased flow and pressure of

gas to compressor so possibility of

damage to Compressor due to
surge condition leading to leakage
of gas to atmosphere so possibility
of fire and explosion that leads to
personnel injury and asset damage.
Step 6: Safeguards Identification
Most important safeguards during HAZOP study:
1) BPCS
2) Alarms

3) Operator
4) Interlocks and shutdown
5) Mechanical Protection (prevention)
6) Other equipment safeguards
How to write safeguard?

1) BPCS
e.g.

PIC-201 tries to adjust pressure through PV-201
LIC-203 tries to adjust level through LV-203
TIC-01 tries to adjust temperature through TV-01
FIC-700 tries to adjust pressure through FV-700
Etc.

2)Alarms
e.g. TAH-201; PAL-102; LAH-506

Level Alarm High = LAH
Temperature Alarm High = TAH
Pressure Alarm Low= PAL
.
Practice
Show and write alarms on P&ID.

3) Operator Intervention
e.g.

Operator will be informed by pressure condition in T-201.
Operator may be informed by FAL-201.
Operator will be informed by TAH-304.
Operator will be informed by operating condition.


4) Interlocks and shutdown
e.g.

•Software PSHH-101 actuates alarm and activates ESD-2
•Software LSHH-101 actuates alarm and activates SD-3
•Software FSLL-101 actuates alarm and activates ESD-0
•Software TSHH-101 actuates alarm and activates SD-3


5) Mechanical Protection (Prevention)
e.g. PSV-102; TSV-1002; RD-02

PSV = Pressure Safety Valve
TSV = Temperature Safety Valve
RD = Rupture Disk
Practice
Regarding to P&ID show and write
mechanical protection systems
6) Other important equipment safeguards

• Limit switch on the valve (such as ESDV/XV/BDV/SDV, etc)
•Design temperature of lines or equipment
•Design pressure of equipment or line
•Common failure alarm on air cooler

•Standard Operating Manual (SOP)
•Anti surge valve for compressors
•Common failure alarm on pump
•Minimum flow for pumps
•Running status of pumps
•Supervision of operator
•Sampling and testing
•LO/LC/CSO/CSC
•Overflow line
•Check valve
•Open vent
•etc
Step 7: Recommendation
If safeguards are not adequate for

prevention of hazard so team members

(with brain storming) should addition
safeguards for decreasing risk or
increasing operability.
Section 4:

SIL Study (LOPA Method)
‫)‪Safety Instrumented Function (SIF‬‬
‫‪ SIF ‬بـه صـورت ” کاـرکرد ابزاردقیـق ایمنـی“ قابـل ترجمـه اسـت و عبارت اسـت از یک‬
‫کاـرکرد ایمنـی بـا یـک سـطح یکپاـرچگـی ایمنـی (‪ )SIL‬کـه جهـت رسـیدن بـه ایمنی کارکرد‬
‫الزم می باشد!‬
‫‪Prepared By: S.Khoshbazm‬‬

‫‪‬در شکل زیر ‪ ، PT-0221‬کنترلر منطقی ‪ ESD‬و دو شیر قطع جریان ‪ ESDV-0221A‬و‬
‫‪ ESDV-0222A‬یک ‪ SIF‬محسوب می شود‪.‬‬
‫‪SIF‬‬
‫‪65‬‬
SIS vs. SIF
Safety Instrumented Function (SIF)

The individual SIFs together form the overall SIS:
66
‫)‪Safety Integrity Level (SIL‬‬
‫ت در حقیقت نــشـان دـهندـهـ‬ ‫تـــجـمهـ اـس و‬

‫بــــ صوـرـت” سـطح یــکپارچـگی ایـمنی” قاـبـل رـ‬ ‫‪ SIL‬هـ‬
‫تـــمقدار رـیـسک‬ ‫اشد ا‬
‫بـــــستیدـاشتهـ بــــ‬ ‫کـــ یــک‪ SIF‬ای‬ ‫ـهش رـیـسکی(‪ )RRF‬اـست هـ‬ ‫میزاـن اکـــ‬
‫قسیم می‬ ‫بــــ چهـار سـطح ‪1،2،3‬و ‪ 4‬تــــ‬ ‫رسد و طـبق اـستاندارد هـ‬ ‫بــــمقدار قاـبـل قـبول بــــ‬ ‫هـ‬
‫ردد‪.‬‬‫گـــ‬
‫جهیزاـتغیر اـبزـار دـقیقـیاز ق‪EE‬بیل‪Pressure Safety Valve ، Rupture Disk ،‬‬ ‫ی تــــ‬ ‫‪ SIL‬راـبــــ‬
‫نترلـی‬‫ی سـیستم های کـــ‬ ‫تــــیـف نـیـسـ ‪.‬تهمچنیـن طـبق‪ IEC-61511‬راـبــــ‬ ‫‪ Dike‬و غیرـهـ قاـبـل عـر‬

‫تــــیـف نــمی‬
‫عـر‬ ‫نترلـر منطقـی اـستفادـهـ مـی نــمایـند ‪SIL‬‬ ‫بــــ عنواـن کـــ‬
‫کــــاز ‪ DCS‬هـ‬ ‫فــــندی هـ‬ ‫راـی‬
‫ردد‪.‬‬
‫تــــیـفمی گـــ‬
‫عـر‬ ‫یآن حداـکـثر ‪RRF=10‬‬ ‫شـود اـما راـبــــ‬
‫‪67‬‬
Safety Integrity Level Types (SIL)
)‫ت محیطی‬A‫ی و زیس‬A‫ مال‬،‫انی‬A‫ک (انس‬A‫ه های ریس‬A‫ه جنب‬A‫ه هم‬A‫ش دادن ب‬A‫ت پوش‬A‫ جه‬SIL ‫ن‬A‫ در مطالعات تعیی‬
:‫ به صورت زیر تعریف می گردد‬SIF ‫ برای هر‬SIL ‫معموال سه نوع‬
 Safety to life Integrity Level (sIL)

 Environmental Integrity Level (eIL)
 Asset Integrity Level (aIL)

.‫ از بین سه مقدار بدست آمده انتخاب می گردد‬SIL‫و بیشترین مقدار‬
.‫ دیده می شود‬Asset Integrity Level ‫ هزینه های ناشی از قطع تولید در‬
‫مثال‬
--- sIL = SIL
SIL 1 Selected
eIL= SIL ---
aIL= SIL 1
68
‫)‪Probability of Failure on Demand (PFD‬‬
‫بــــآن‬
‫کــــ هـ‬
‫ک ســیستم ایـــ جـز در زـمانـی هـ‬
‫کــــ یـــ‬
‫اـحـتماــلی اـسـت هـ‬ ‫‪ PFD‬نــشـان دـهندـهـ‬
‫بــــ وـظیفهـ خود درـستعمل نــکند‪.‬‬

‫گـــدـیدـهـ اـست هـ‬
‫فـــاـل ر‬
‫عـ‬ ‫ت‬
‫نــیاز اـس و‬
‫‪‬در حالت کلی ‪ PFD‬تاـبع زمان می باشد لذا در مطالعات ‪ SIL‬از مقدار متوسط آن‬

‫در بازه زمانی مشخص (معموال زمان تست) استفاده می شود‪.‬‬
‫‪‬الزم به ذکر است که ‪ PFD‬و ‪ RRF‬کمیت های بدون بعد می باـشند‬
‫‪ ‬آنچـه کـه در مورد ‪ PFD‬بسـیار مهـم اسـت رابطـه کلیدی زیـر جهـت تبدیـل ‪ PFD‬به‬
‫)‪ RRF (Risk Reduction Factor‬و باالعکس است‪:‬‬
‫‪RRF=1/PFD‬‬
‫‪69‬‬
LOPA Concept
LOPA Concept
The Layer Of Protection Analysis (LOPA) uses calculation to measure the

adequacy of protection layers against the potential consequences of process
deviations.

71
Layer of Protection Analysis (LOPA) Procedure
Layer of Protection Analysis Procedure
Step 0 Pre requisites (Risk Matrix / Target Likelihood / Documents/ LOPA Worksheet)
Step 1
SIF and Hazardous Scenario Definition

Step 2 Identification of Initiating Events (determination of Event Likelihood)
Step 3 Identification and Evaluation of Consequences (Safety/Environment/Asset)
Step 4 Identification of IPLs
Step 5 Time at Risk (TAR)
Step 6 Exposure Time Parameter (ETP)
Step 7 Calculation of Likelihood
Step 8 Calculation of RRF/PFD/SIL
72
Step 0: Pre requisites (Risk Matrix / Documents)
Risk Matrix Selection
•Your Organization
•Your Company

•Standards (e.g. ISO 17776/ IEC-61511)
•Guidelines (e.g. CCPS)
•Companies (e.g. Total/ Shell/ Exida)
Most Required Documents

•P&ID
•Cause and Effect Diagram
•HAZOP Study
73
Step 0: Pre requisites (Risk Matrix/ GS-EP-SAF-041)
Frequent‫معم‬
HIGH RISK
‫ول‬
(Risk cannot be justified except
in extraordinary circumstances)
0.01/year
High
‫باال‬
Frequency (Demand Rate)

ALARP
0.001/year
Tolerable only if further risk reduction is
impracticable or if its costs are grossly
Medium
‫متوسط‬
disproportional to the gained improvement.
0.0001/year
LOW RISK
Low
‫پایین‬
It is necessary to maintain
assurance that risk remains at
0.000001/year this level.
‫به ندرت‬
Rare
‫متوسط‬ ‫جدی‬ ‫بزرگ‬ ‫فاجعه انگیز‬ ‫بحرانی‬
Moderate Serious Major Catastrophic Disastrous

74
Consequence (Safety/Asset/Environment)
‫)‪Step 0: Pre requisites (Risk Matrix/ GS-EP-SAF-041‬‬
‫نرخ یا فراوانی تقاضا (‪ )Demand Rate‬معادل ‪ Frequency‬یا ‪ Likelihood‬در‬

‫مطالعات آنالیز ریسک می باشد و معموال دارای واحد ”بر سال“ می باشد‪.‬‬
‫طبقهبندی فرکانس یا نرخ تقاضا (‪)Demand Rate‬‬
‫‬
‫ردیف‬ ‫سطوح نرخ تقاضا‬ ‫تعریف کیفی‬ ‫محدوده‬

‫‪1‬‬ ‫‪Likely‬‬ ‫معمول‬ ‫بیشتر از ‪ 2‬بار در سال‬ ‫سال‪<10^-2 /‬‬
‫‪2‬‬ ‫‪Unlikely‬‬ ‫باال‬ ‫به طور معمول یک بار در سال‬ ‫سال‪ -10^-3 /‬سال‪10^-2 /‬‬
‫سال‪ -10^-4 /‬سال‪10^-3 /‬‬

‫متوسط‬ ‫به طور معمول یک بار در ‪10‬‬
‫‪3‬‬ ‫‪Very Unlikely‬‬ ‫سال‬
‫به طور معمول یک بار در ‪100‬‬

‫‪Extremely‬‬ ‫سال‬ ‫سال‪ -10^-6 /‬سال‪10^-4 /‬‬
‫‪4‬‬ ‫پایین‬ ‫(یک بار برای ‪ 2‬تا ‪ 20‬واحد‬
‫‪Unlikely‬‬ ‫صنعتی مشابه با عمر متوسط‬
‫‪ 25‬سال رخ می دهد)‬
‫‪5‬‬ ‫‪Remote‬‬ ‫به ندرت‬ ‫کمتر از ‪ 500‬سال یک بار‬ ‫سال‪>10^-6 /‬‬
‫‪75‬‬
‫)‪Step 0: Pre requisites (Risk Matrix/ GS-EP-SAF-041‬‬
‫ستون‬ ‫سطوح شدت‬ ‫پیامدانسانی‬
‫‪1‬‬ ‫متوسط‬ ‫صدمات قابل صرف نظر (جزئی)‬
‫‪2‬‬ ‫جدی‬ ‫صدماتـ جدی‬
‫‪3‬‬ ‫بزرگ‬ ‫یک نفر کشته‬
‫‪4‬‬ ‫فاجعهانگیز‬
‫‬ ‫‪ 2‬تا ‪ 5‬نفر کشته‬
‫‪5‬‬ ‫بحرانی‬ ‫بیشتر از ‪ 5‬نفر کشته‬
‫ستون‬ ‫سطوح شدت‬ ‫پیامدزیست محیطی‬

‫‪1‬‬ ‫متوسط‬ ‫زیستمحیطی ندارد‪.‬‬
‫‬ ‫اطالعرسانی به مسئولین دارد‪ ،‬اما پیامدهای‬
‫‬ ‫نشت یا انتشار آالینده نیاز به‬
‫‪ -‬نشت متوسط در محدوده سایت‬
‫‪2‬‬ ‫جدی‬
‫میشود‪.‬‬
‫‪ -‬تخلیه مواد آالینده گزارش ‬
‫‪ -‬نشت و انتشار قابل توجه مواد آالینده به خارج از سایت‪.‬‬
‫‪3‬‬ ‫بزرگ‬
‫‪ -‬تخلیه افراد از سایت‪.‬‬
‫‬ ‫زیستمحیطی با عواقب قابل برگشت در خارج از سایت‬
‫‬ ‫‪ -‬آلودگی های مهم‬
‫آلودگی عمده و پایداری که به خارج از سـایت گسـترده شده اسـت‪ /‬و یا موجـب از دسـت رفتـن گسترده‬
‫‪5‬‬ ‫بحرانی‬
‫زندگی آبزیان ‬
‫ستون‬ ‫سطوح شدت‬ ‫پیامدمالی (با در نظر گرفتن وقفه در تولید)‬

‫‪1‬‬ ‫متوسط‬ ‫کمتر از ‪ 200،000‬یورو‬
‫‪2‬‬ ‫جدی‬ ‫‪ 2،000،000-200،000‬یورو‬
‫‪3‬‬ ‫بزرگ‬
‫‪ 10،000،000-2،000،000‬یورو‬
‫‬
‫‪ 100،000،000-10،000،000‬یورو‬
‫‪5‬‬ ‫بحرانی‬ ‫بیشتراز ‪ 100،000،000‬یورو‬
‫‪76‬‬
Step 0: Pre requisites (Target Likelihood)
Target Likelihood
 The target likelihood of a scenario is a direct result of the severity of
its consequences.
Calibration factor=0.2

77
Step 0: Pre requisites (LOPA Worksheet)
Layer of Protection analysis (LOPA) Worksheet
Step 1
Initiators Interlock ID Final Elements SIF

Safety to Life
Initiating
Haz
Event Consequences Protection Layers (RRF)
ardo
us Exp
Cal.
ALARM Me Time osur Target s
Sce and cha at e
Likelihood
Likelih RRF I
nari Severity nic IPL IPL Likeli ood L
o Desc. Desc BPCS Interve Risk Tim
al 1 2 hood
ntion of e
Operato Bar
r rier
Step Step Step

Step 2 Step 3 Step 4 Step 7 Step 3 Step 8
1 5 6
78
Step 0: Pre requisites (LOPA Worksheet)
Environmental Damage
Haz Initiating
ardo Exp
us ALARM Me Cal.
Time osur Target e
Likelihood.
and cha
Sce at e Likelih RRF I
Severity nic IPL IPL
nari Desc. Desc BPCS Interve Likeli ood L
al 1 2 Risk Tim
o ntion of hood
e
Operato Bar
r rier

Step Step Step Step
Step 2 Step 3 Step 4 Step 3 Step 8
1 5 6 7
Asset Damage
Haz Initiating
ardo Exp
us ALARM Me Cal.
Time osur Target a
Likelihood.
and cha
Sce at e Likelih RRF I
Severity nic IPL IPL
nari Desc. Desc BPCS Interve Likeli ood L
al 1 2 Risk Tim
o ntion of hood
e
Operato Bar
r rier
Step Step Step Step

Step 2 Step 3 Step 4 Step 3 Step 8
1 5 6 7
79
Step 1: SIF and Hazardous Scenario Definition
Step 1
Initiators Logic Solver Final Elements SIF
On high high pressure in V-

201, ESDV-0221 and ESDV-
0222 closes
ESDV-0221; ESDV-
PT-0221 ESD2
0222
80
Step 2: Identification of Initiating Events (determination of
Likelihood) HAZOP WORKSHEET

Node:
Deviation:

Initiating events Such as:

2) Failure of Machinery Equipments
81
Step 2: Identification of Initiating Events (determination of Likelihood)
Initiating Event Likelihood (per year)

BPCS loop failure 0.1
Closure of a manual valve by failure 0.001
Closure of MOV/ESDV/SDV 0.01
Control valve fail to fail-safe position 0.1
Control valve fail to non-fail-safe position 0.01

Failure of rotating equipment such as pumps, fan, compressor, etc 0.1
Strainer/filter plugging 0.1
Mechanical Regulator Valve (PCV) 0.1
Loss of fuel supply 0.1

Loss of water supply 0. 1
TPD (Third Party Intervention) 0.01
External fire 0.01
Human error (Non-routine task, low stress) 0.01/ oppurtunity
Human error (Non-routine task, high stress) 0.1/ oppurtunity
82
Step 3: Identification and Evaluation of Consequences
HAZOP WORKSHEET
Node:
Deviation:

Consequences
‫ قابل اندازه گیری‬Target Likelihood‫در این مرحله بعد از مشخص شدن شدت پیامد مقدار‬
.‫است‬
83
‫‪Step 3: Identification and Evaluation of Consequences‬‬
‫ستون‬ ‫سطوح شدت‬ ‫پیامدانسانی (‪)S‬‬ ‫پیامدزیست محیطی (‪)E‬‬ ‫پیامدمالی (با در نظر گرفتن‬
‫وقفه در تولید)‬
‫(‪)A‬‬
‫نشـت یاـ انتشار آالینده نیاز بـه اطالع‬
‫صدمات قابل صرف نظر (جزئی)‬ ‫کمتر از ‪ 200،000‬یورو‬
‫‪1‬‬ ‫متوسط (‪)A‬‬ ‫رسـانی بـه مسـئولین دارد‪ ،‬اما پیامدهای‬
‫(‪)SA‬‬ ‫(‪)AA‬‬

‫زیستمحیطی ندارد‪)EA( .‬‬
‫‬
‫نشت متوسط در محدوده سایت (‪)EB‬‬

‫‪2،000،000-200،000‬‬
‫‪2‬‬ ‫جدی (‪)B‬‬ ‫صدمات جدی (‪)SB‬‬ ‫یورو(‪)AB‬‬
‫تخلیه مواد آالینده گزارش ‬
‫نشـت و انتشار قابـل توجـه مواد آالینده به‬

‫خارج از سایت‪.‬‬ ‫‪10،000،000-‬‬
‫‪3‬‬ ‫بزرگ (‪)C‬‬ ‫یک نفر کشته (‪)SC‬‬
‫تخلیه افراد از سایت‪)EC( .‬‬ ‫‪ 2،000،000‬یورو(‪)AC‬‬
‫زیسـتمحیطی بـا عواقب‬

‫‬ ‫آلودگیهای مهـم‬
‫‬ ‫‪100،000،000-‬‬
‫‪4‬‬ ‫فاجعهانگیز (‪)D‬‬
‫‬ ‫‪ 2‬تا ‪ 5‬نفر کشته (‪)SD‬‬
‫قابل برگشت در خارج از سایت(‪)ED‬‬ ‫‪ 10،000،000‬یورو(‪)AD‬‬
‫آلودگـی عمده و پایداری کـه به خارج از‬
‫سـایت گسـترده شده اسـت‪ /‬و یا موجب از‬ ‫بیشتراز ‪100،000،000‬‬
‫‪5‬‬ ‫بحرانی (‪)E‬‬ ‫بیشتر از ‪ 5‬نفر کشته (‪)SE‬‬ ‫میشود‪.‬‬
‫دسـت رفتـن گسـترده زندگـی آبزیان ‬ ‫یورو(‪)AE‬‬
‫(‪)EE‬‬
‫‪84‬‬
Step 3: Target Likelihood
Target Likelihood
 The target likelihood of a scenario is a direct result of the severity of
its consequences.

85
Step 4: Identification and Evaluation of Independent Protection Layers
HAZOP WORKSHEET
Node:
Deviation:

1) BPCS
Independent 2) Alarm and Operator Intervention

Protection Layers 3) Shutdown System
such as: 4) Mechanical Protection (PSV/RD)
5) Other equipment safeguards
86
Step 4: Identification and Evaluation of Independent Protection Layers
Protection Layer PFD

Basic Process Control System (BPCS), if not
associated with the initiating event being 0.1
considered
Independent SIF (SIL=1,2,3) 0.1,0.01,0.001

Operator response to alarm with sufficient time
0.1
available to respond
Pressure relief valve 0.01
Rupture Disk 0.01
Vacuum breaker 0.01
Overflow line 0.1
Open vent (not including valve) 0.01
Open vent (including valve) 0.1
Flame arrestor 0.01
87
Step 5: Time at Risk (TAR)
Certain causes may lead to consequence only under specific

circumstances or operations.
For example:

 a reverse flow scenario is credible only on “low pressure
operation mode”,
 leakage may contain H2S only during start-up or shutdown
 incident during pigging activities
The reduction factor used is called Time At Risk (TAR).
The Time At Risk to be expressed in the range from 0.01 to 1.
88
Step 6: Exposure Time Parameter (ETP)
Calibrated Risk ‫ در روش‬FA/FB ‫ این پارامتر تنها مختص به پیامد انسانی می باشد و مشابه پارامتر‬
.‫ در نظر گرفته شود‬1 ‫ برای پیامد های مالی و زیست محیطی می بایست‬ETP ‫ مقدار‬.‫ می باشد‬Graph
The ETP shall be equal to 1 in the following cases:

• If the hazard being analyzed is related to an operation which requires

personnel to be present in the affected area to perform the operation;
• Any main event whose consequences can affect a large area of a normally
manned installation (e.g. large gas release);
• If operator is required to intervene locally in response to the hazard.
The ETP shall be expressed in the range from 0.1 to 1; e.g. a not normally
manned offshore, platform where personnel are present 20 hours per week has
an ETP of 0.119.
89
Step 7: Calculated Likelihood
For a single initiating event, the calculated likelihood is then the
multiplication of the initiating event likelihood by the Probability of

Failure on Demand (PFD) of each Independent Layer of Protection
(IPL) associated to this initiating event.
Calculated Likelihood = ∑(Initiating Event likelihood x TAR x

ETP) x PFD1 x PFD2 x … x PFDn.
90
Step 8: Calculation of RRF/PFD/SIL
The Risk Reduction Factor (RRF) required for the additional SIF is then
the ratio between the total calculated likelihood and the target likelihood.
RRF= (Calculated likelihood/ Target likelihood)

PFDavg =1/RRF
Target SIL
Requirements RRF
Level
No Special
a Safety 1<RRF<=10
Requirements
No Safety
(Without ESD Loop
--- Requirements
Risk is Acceptable)
At the end of the LOPA the 3 following parameters are essential for the
next phase in Safety Life Cycle (SIL Verification???):
• SIL assignment
• PFDavg
• RRF. 91
Personal Information
For any questions in any time about following expertise,

please let me know and contact to me.

Expertise:
• Hazard identification by HAZOP Method
• Safety Integrity Level (SIL)
•Reliability, Availability and Maintenance (RAM)
• Functional Safety
• Consequence Modeling and Analysis (PHAST Software)
• Quantitative Risk Assessment (PHAST Risk Software)
• Qualitative/semi-qualitative Risk Assessment
For more information please see my LinkedIn profile
Advice for Contacting
09155017438
s.khoshbazm@gmail.com
sadrakho_100@yahoo.com

HAZOP, SIL and LOPA Course: Kermanshah Polymer Company

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

HAZOP, SIL and LOPA Course: Kermanshah Polymer Company

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HAZOP, SIL and LOPA Course: Kermanshah Polymer Company

Uploaded by

Copyright:

Available Formats

HAZOP, SIL and LOPA Course

Prepared by: Sadra Khoshbazm

Kermanshah Polymer Company

 Section 1: Protection Layers

Prepared By: S.Khoshbazm

 Section 3: HAZOP Study

 Section 4: SIL Study (LOPA Method)

Prepared By: S.Khoshbazm

Prepared By: S.Khoshbazm

Prepared By: S.Khoshbazm

 Process Design (Inherently Safe Design):

Prepared By: S.Khoshbazm

 The first level of protection during normal operation.

Prepared By: S.Khoshbazm

• Second level of protection during normal operation

• Alarm has an annunciator and visual indication

Prepared By: S.Khoshbazm

• require analysis by a person - A plant operator must

• Digital computer stores a record of recent alarms

1) Block valve closed

2) BPCS opens but cant prevent high level

3) So we need another safeguard such as

Prepared By: S.Khoshbazm

4) Shutdown system could be a

Prepared By: S.Khoshbazm

- Emergency Shutdown System (ESD) /Shutdown System (SD)

- High Integrity Protection System (HIPS)

- Burner Management System

- Fire and Gas System (F&G)

Prepared By: S.Khoshbazm

Prepared By: S.Khoshbazm

CAUSES SHUT-DOWN TYPE

Prepared By: S.Khoshbazm

1) Pressure Safety/Relief Valve

Safety Valve is a one type of valve that automatically

Prepared By: S.Khoshbazm

2) A rupture disc is a thin diaphragm (generally a solid

Prepared By: S.Khoshbazm

• Passive devices which provide a high level of

Prepared By: S.Khoshbazm

• E.g. fire brigade, facility

Prepared By: S.Khoshbazm

• E.g. evacuation, shelter in

Prepared By: S.Khoshbazm

Which layers can prevent release of fluid from an equipment?

Which layers can mitigate effects of release from an equipment?

Which layers to be considered in HAZOP?

Prepared By: S.Khoshbazm

Prepared By: S.Khoshbazm

Prepared By: S.Khoshbazm

Instructions document that defines the general

Prepared By: S.Khoshbazm

Basically, the instrument nozzle size should be determined based on the

Prepared By: S.Khoshbazm

Globe Valve general use

Butterfly Valve large line diameter, low differential pressures

Prepared By: S.Khoshbazm

Diaphragm Valve corrosive service, toxic service