PHA to LOPA: Part IITuesday, August 30, 2011
Viewed 4938 times
Continued from Part I
In some cases the screening methods will indicate that a SIF is needed. These screening methods can be designed to determine how many orders of magnitude risk reduction is needed, allowing a required SIL to be documented for a particular SIF. The screening method used to establish compliance with corporate risk criteria should be relatively conservative to allow for the lack of accuracy in the methods. The approach A LOPA rules inherently make it a conservative approach and is well suited to determine SIL requirements. For any SIF identified, there needs to be a safety requirement specification (SRS) developed and a SIL verification performed and documented to ensure that the design, configuration, operation, and mechanical integrity program are capable of maintaining the requisite risk reduction for the life of the application.
There are a few reasons why a more rigorous analysis may be needed. As the screening methods are intended to be conservative, the team may feel that the cost for identified safeguards may be unjustified. There are times when the team is unsure about the severity of consequences and believes that a qualitative evaluation is not appropriate. Finally, if the corporate risk criteria is not met following the screening and the best means to reduce the risk are not straight forward, it is not only appropriate, but generally value added to conduct more rigorous analysis to the extent needed to make an informed decision. Whilst the screening methods are suitable for the entire hazard review team, more rigorous analysis is generally performed by a much smaller group. It is not uncommon for a single person to take the lead and involve other subject matter experts as needed. Once a draft is completed, it can undergo a broader peer review by the whole team. The work may include consequence analysis, fault tree analysis, and/or more rigorous approach B LOPA analysis where it is more appropriate to consider enabling conditions, conditional modifiers, and more rigorous determination of individual initiating events and IPLs. This manner includes a more rigorous evaluation of the BPCS, therefore may make it reasonable to take credit for the alarm layer of protection, even if control failure is the initiating event.
As before, for any SIF necessary to comply with corporate risk criteria, a SRS must be documented and SIL verification performed. Once this, along with the rest of the IPLs is able to show that the corporate risk criteria have been met, the analysis stage of the lifecycle is complete.