Hazard Analysis Evolution not Revolution

In April 1974 H.G. Lawley (ICI, Billingham, UK) published "Operability Studies and Hazard Analysis" in Chemical Engineering Progress (CEP).

In his article, Lawley highlight a number of timeless concerns:

• There is an increasing need to operate, for economic reasons, more closely to known risk situations;
• Most problems are missed because the system is complex rather than because of a lack of knowledge on the part of the design team.

He acknowledged that conventional approaches are inadequate and proposed an approach called 'Operability Studies' which was an abbreviated form of “Critical Examination” based on the principle that a problem can only arise when there is a deviation from what is normally expected. In his paper he also emphasised that the success of the study is dependent upon an effective system for progressing points raised in the study and for implementing as appropriate (does that sound familiar ?).

Through the work of Lawley, Kletz and others inside & outside ICI we have adopted Process Hazard Analysis (PHA) as the default (but not the only) method to systematically identify deviations.

Not all jurisdictions mandate HAZOP or PHA however OSHA in the US requires that (in accordance with PSM 1910.119(e)(2)) "The employer shall use one or more of the following methodologies that are appropriate to determine and evaluate the hazards of the process being analyzed.":

• What-if,
• Checklist,
• What-if/checklist,
• Hazard and operability study (HAZOP),
• Failure mode and effects analysis (FMEA),
• Fault tree analysis, or
• An appropriate equivalent methodology.

And that "The process hazard analysis shall address":

• The hazards of the process;
• The identification of any previous incident that had a potential for catastrophic consequences in the workplace;
• Engineering and administrative controls applicable to the hazards and their interrelationships, such as appropriate application of detection methodologies to provide early warning of releases.
• Consequences of failure of engineering and administrative controls;
• Facility siting;
• Human factors;
• A qualitative evaluation of a range of the possible safety and health effects on employees in the workplace if there is a failure of controls.

From this you can see an emphasis of controls which is somewhat ironic as the Lawley article did not include a column for Safeguards (controls) that we would recognise today.

Instead he refers to 'contingencies' and noted that:

“Where provision has been made for a contingency, it must be questioned whether the provision is adequate”

The current HAZOP/PHA format often group Safeguards together so it is difficult to judge if these are separate measures and/or if they prevent or mitigate the hazard therefore how confident can we be that the "provision is adequate" i.e. how do we demonstrate and sustain the presence & performance of the "contingencies" (Safeguards, Controls or Barriers).

Furthermore whilst HAZOP/PHA worksheets may assist with structured discussion & documentation, the CCPS BowTie Book acknowledges that "A characteristic of PHAs is their lengthy tabular format, which weakens their usefulness for communications … Bow ties are a useful means of facilitating this communication … and they visually display the scenario.” and other research from the HSE in their report 'Quality Assurance of HAZOP' support this.

The CCPS book goes further:

"There is no reason why a bow tie model should not be based on non-linear analysis such as HAZOP.”

Because "Bow ties provide a fuller list of barriers deployed beyond those normally found in HAZOP or PHA documents".

In his book "HAZOP and HAZAN" Trevor Kletz quipped:

“Although HAZOP is a valuable technique, no-one jumps out of bed on a Monday morning shouting, ‘Hooray! I’ve got a HAZOP today! There is a net loss if, in our eagerness to document it and explain it to everybody, we discover less information worth documenting. If HAZOP and similar systems are not acceptable to creative minds, they will never succeed."

There are well-established methods to maintain momentum without compromising creativity and we'll have to wait and see if/how the current (inevitable) move to Virtual or Remote HAZOP addresses team burnout.

Today is the anniversary of the infamous BP Texas City Refinery Explosion and Fire and the CSB Report and Video have been "must-reads" or "must-sees" for the process industry.

As well as the key issues of SAFETY CULTURE, REGULATORY OVERSIGHT, PROCESS SAFETY METRICS & HUMAN FACTORS , the Investigation Report documents that PHAs on the ISOM unit were poor and even though HAZOP were conducted (1993) and revalidated (1998 & 2003) process safety risks were poorly identified and evaluated:

• Consequences of high level and pressure in the raffinate splitter tower and high level in the blowdown drum and stack were not adequately identified. Overfilling the tower resulting in over-pressurization of the safety relief valves and liquid overflow to the blowdown drum and stack was not identified.
• High heat-up rates or blocked outlets were not identified as potential causes of high pressure.
• The sizing of the blowdown drum for containment of a potential liquid release from the ISOM was not evaluated. The safeguards listed for the blowdown drum and stack to protect against the hazard of overflow, such as the steam-driven pump-out pump and high level alarm, were insufficient to protect against the hazards. No recommendations were made by the PHA team to provide additional safeguards.
• Previous incidents with catastrophic potential were not addressed. The 1998 HAZOP revalidation did not address the two documented incidents involving the blowdown drum that occurred in February 1994, nor was the January 16, 1999, incident addressed in the 2003 HAZOP revalidation.

We know that we cannot rely on PHA/HAZOP alone to make us 'safe' and we certainly can't rely on them to keep us 'safe' (they are a static snapshot with assumptions & predictions of what might go wrong and how it should be prevented or mitigated)

Revalidation of PHA (not just based on time passed, but also following a major incident or major changes - including personnel) is critical to ensure that protection measures are still 'suitable & sufficient' and the CCPS publication "Revalidating Process Hazard Analyses" provides invaluable guidance on this.

Implementing and sustaining protection measures (controls) is the ultimate responsibility of Management and the CCPS Bowtie book notes that "Managers need to understand all key safety information … HAZOP worksheets are poor for this … Managers need to know what the main risks are and how they are safeguarded ..." i.e. you can't manage what you don't understand.

To improve the understanding of less technical personnel and not limit the knowledge to those who participated (or at least attended) the PHA/HAZOP sessions, we proposed a technique where existing worksheet could be enhanced by visualising in bowtie format:

This was published in CEP (Feb 2019) just like Lawley's original article and offers several advantages (because visual information is understood quicker and retained longer) including:

• Improve recollection of participants
• Enhance engagement of stakeholders
• Reduced effort to review/revalidate analysis or after major modification or incident.

And the use of bowties rather than tables can also

• Ensure Safeguards (Barriers) are assigned to appropriate Causes (Threats) and Consequences
• Segregation of Prevention vs. Mitigation measures to provide balanced protection (Resistance and Resilience)
• Show big picture and also individual or one-to-many relationships
• Categorise (colour) components
• Highlight dependence on Threat & Barrier technology & responsibility
• Cause (Threat) likelihood, Safeguard (Barrier) effectiveness & Consequence severity
• Framework for ongoing Analysis (e.g. LOPA) and Safeguard (Barrier) Assurance
• Confirmation of Installation, Operation & Performance via Audits & Incident analysis

The end result is that:

Worksheet information is not lost – scenario knowledge is gained

Duty holders have already invested heavily in PHA/HAZOP studies and our aim is to "praise" not "bury" them, so we have various methods to migrate existing worksheets into bowties.

Fundamentally we believe that the better the PHA/HAZOP is understood, the easier it is to:

• Validate - ensure that the study has been correctly and completely performed
• Implement - ensure Actions are addressed and Safeguards (barriers) are put in place
• Monitor - ensure the Presence and Performance of Safeguards (barriers) is assured
• Modify - ensure existing hazards are not exacerbated or new hazards introduced
• Revalidate - ensure that assumptions are still appropriate for the application

For more information on how we can turn existing worksheets (either in native e.g. PHA-Pro, PHAWorks etc or generic Office or PDF format) into bowties with minimal manual effort, please visit www.VisualHAZOP.com or contact us at analysis@psintegrity.com.