Parts I and II of this article provide a framework for when it is appropriate to make the transition from qualitative analysis to more quantitative during the hazard review work process. It further illustrates that LOPA can be used as part of what is considered more qualitative analysis as well as for more fully quantitative analysis. Figure 1 outlines the overall work process with key decision points that comprise the analysis portion of the safety lifecycle.
When process hazard review teams perform a HAZOP, the main objective is to identify hazards and start the process of determining whether the risk presented is tolerable or not. Hazards are identified by consideration of deviations from expected operation. As part of this exercise, potential consequences are identified and documented: what various causes, or initiating events could lead to these consequences, and what if any safeguards exist that prevent the propagation so that the hazard does not occur.
Safeguards may include such things as the inherent robustness of the design, alarms, interlocks, permissives, relief devices, etc. The interlocks and permissives may or may not be safety instrumented functions. During the team review, the performance of a qualitative screening can be effective in making this determination. The more thought a company has put into the execution of this screening exercise helps to improve the quality, consistency, and efficiency of the HAZOP. Qualitative screening methods may include use of a risk matrix, risk grid, or even simple approach A LOPA as defined by the CCPS guideline book, Layer of Protection Analysis.
When using LOPA as part of the screening analysis, it is important to strictly adhere to the requirements of effectiveness, independence, and auditability for independent layers of protection (IPL). The IPL must be capable of performing its intended function in order to take any credit. Second, all IPLs must be fully independent of the initiating event and other IPLs, including potential SIFs. This means at the screening stage, if the initiating event is control failure and the alarms are included in the basic process control system (BPCS), then no credit should be assumed for the alarm layer of protection. Finally, any risk reduction credit claimed for IPLs needs to be auditable with respect to the technical basis for credit claimed. One method to accomplish this is to use the data in the forthcoming CCPS book to be titled, Guidelines for Independent Protection Layers and Initiating Events. This book provides data for use in Type A LOPA analyses and additionally includes assumptions that should be in place in order to take the risk reduction credit. If a company reviews and is able to document in a reusable format that its management systems and designs are able to satisfy those assumptions, then using the simple A LOPA approach can be accomplished fairly quickly by the team, making it viable as a screening method.
To be continued in Part II…