What is HAZOP? A HAZOP study is a structured and systematic investigation of a planned or existing plant or operation to identify and evaluate hazards that may represent risks to personnel, property, environment, or prevent efficient operation. This is a guide words-based qualitative technique carried out by a multidisciplinary team (HAZOP team) during a set of meetings. It is a versatile study technique and can be applied to a wide range of applications, both continuous systems as well as batch processes. The applicable international standard is: IEC 61882. “Hazard and operability studies (HAZOP studies)—Application guide.” The basic scope of the standard is: “This International Standard provides a guide for HAZOP studies of systems utilizing the specific set of guide words defined in this document. It also gives guidance on application of the technique and on the HAZOP study procedure, including definition, preparation, examination sessions and resulting documentation and follow-up.”

The various characteristic are as follows:

At the outset, discussions on the study process were presented, so that the reader can develop the concept of objective and purpose. It is needless to state that for effective analysis, scope and boundary must be defined properly.

In this clause participants in HAZOP are discussed. The responsibility, qualification, and experience of each of the team members are discussed here. However, this is a general guideline; based on company policy and plant requirements the team formation may vary. In this connection generalized citation in Fig. IV/1.1.4-1 may be referred to.

To take up or start HAZOP studies, information about the plant is necessary and this is detailed in the following:

With the background information sought in the previous clause, there will now be a stage for preparing and planning before actual HAZOP can be undertaken. Some of these points are related to standard norms for HAZOP and some are for planning of HAZOP:

There are several influencing factors for a HAZOP study to make it effective. The majority of these influencing factors are as follows:

The following points may be noted as advantages and disadvantages of the study:

Guided word is very meaningful in HAZOP. Guided words with meanings and comments are listed in Table IV/1.1.9-1.

It is necessary that the team begins the study with full intention in mind. The team must know and understand the exact scope and boundary of the study and the stage of the project for which the study is intended. With available information or having a good knowledge of the system in question, it will be possible to develop a conceptual model of the system for which the study is intended. As discussed earlier, the team leader actually leads and imparts the detailed idea to the team members through a conceptual model and clears up any doubts about the entire system. Then a full description can be presented by the process person with all key parameters and HAZOP study intention formulated and recorded. To get a quality study it is better to have a detailed and comprehensive study intention. The intention of the study may be focused on equipment, material, conditions, controls, changes, etc. All these shall be spelt out in detail. During a detailed description, the scope and boundary definition along with interface points, which are extremely important, must be elaborated clearly, so that nothing is missed and unnecessary wastage of time is avoided.

There are several steps in HAZOP methodology and risk assessment, which starts with finding deviations to identify hazards.

As discussed earlier, cause and consequence are closely coupled. However, in some approaches safeguards are not considered initially and only consequences are considered pertinent to all causes. Finally, safeguards are applied to obtain the final recommended action. Normally, it is the prerogative of team leaders to decide when to carry out the consequence analysis. In most cases it is seen that such exercises are done after each subsystem study is complete, so that all causes and consequences can be carefully studied. It is necessary to see if the system goes beyond the intended operating range or into the danger zone. The consequence may be immediate or long term; it may be within the plant and outside the plant (especially environmental impacts). Another important part is the development of consequences and how operating personnel are informed of these through use of a pretrip alarm, interlock, and trip sequence. A sequence of event recording is done to check the system. This will be helpful in detecting human error. In consequence analysis, various safeguards play a major role and shall be seen together.

There are several ways to look into the problem:

There a number of factors that affect the study intensely. Some of these points were discussed earlier. In Table IV/1.2.5-1 these are put forward in a consolidated manner.

As discussed earlier, it is difficult to consider a section of a plant within the scope of this book. For this reason a simple generic example has been chosen. A shell and tube-type heat exchanger is used in most plants. In the heat exchanging process, as shown in Fig. IV/1.2.6-1, fluid passes through the tube and cooling water passes through the shell to cool the process fluid to the desired temperature with suitable control (not shown). Here, a few points should be noted. In the particular example, only the HAZOP worksheet has been shown for cooling water. In this case, three of the most relevant guide words—“None,” “More,” “Less”—have been associated with parameter flow. Here, flow parameter is chosen first, then the relevant guide word has been associated with it to obtain the deviation.

Discussions are normally recorded in tabular format, as shown in the generic example in Fig. IV/1.2.6-1. There may be variations in recording format based on the scope; however, the following information is generally included:

The amount of detailing to be included in the record is highly dependent on purpose. Several modes of HAZOP tables are:

The use of computers for HAZOP is quite common. In addition to automated HAZOP (discussed later), computerized recording is also available. The recording programs are basically special spreadsheets. This transition has resulted in thorough and quick recording of HAZOP studies. There are a number of features of use of computers for recording:

Generally, follow-up action is performed by authorized personnel from line management. However, the team leader of the HAZOP team at times is given responsibility to pursue line management personnel for action implementation. For keeping track of action follow-up, Fig. IV/1.3.1-2 may be followed.

The objectives of the study and benefit from it determine the timing of a HAZOP study. When the process design is complete, a full study procedure may be applied. Operating procedures may be examined to ensure that all eventualities have been considered. Modifications generally benefit from a rigorous study. Often an apparently simple, uncomplicated modification can give rise to a greater problem than it was intended to solve. Existing plant and new equipment are other examples of topics that may benefit from the study. Therefore a project may be studied several times in its lifetime with different objective and purpose.

Here, HAZOP in different plant applications has been outlined. HAZOP applications in E/E/PEs are discussed separately later.

Basically, HAZOP may be considered as an initial investment at the beginning to save money at a later date.

In many places HAZOP and CHAZOP are integrated. In this case, there should be one knowledgeable person for E/E/PEs. Again, for small or preliminary CHAZOP, the requirement for a knowledgeable person for E/E/PEs may not be mandatory; instead an efficient HAZOP team can to some extent cope with these requirements. However, for large systems, integration of HAZOP and CHAZOP may not be possible at all. Where attempts are made to integrate, then the team may be too large and it may not be possible for all the members to be present at the same time. In addition, when CHAZOP is discussed, that is, detailing about E/E/PEs, those not having sufficient knowledge may lose interest and fatigue may set in. So, for large projects, HAZOP and CHAZOP are done separately. An intermediate approach could be to include one person knowledgeable in E/E/PE as a representative in HAZOP, who may also be present in CHAZOP, so that some uniformity is maintained. When in a large project several parallel teams are working together such action is not feasible. Normally, a team for CHAZOP consists of one team leader, one scribe, and one member each from the design/implementation team. Inclusion of one member from the vendor at a later design stage for CHAZOP may be beneficial. Usually, in the team an independent observer is also included for verification and validation. A team approach carries more weight in decisions on complex issues. As in the case of HAZOP discussed earlier, all members must be allowed to express themselves freely, especially the designer who should not be defensive in obtaining a better result from CHAZOP.

Before starting CHAZOP some preparations, as discussed in connection with HAZOP, are necessary. The basic information to be collected may be as follows:

HAZOP for process is characterized by the procedure of combining guide words with process parameters. It is usual to use a similar framework for both HAZOP and CHAZOP. There are a few drawbacks in using HAZOP, namely, time, cost, and safety gap. Out of these three, the first two can be minimized by automating the process. It is difficult to remove safety gap because there is no assurance that hazards will not be missed. These are more prominent in the case of E/E/PEs, mainly for ambiguity in interpretation. In HAZOP, “NO” is a very common guide word. In process HAZOP, “no flow” means that there is no flow in the pipeline but in the case of CHAZOP it may mean “no measurable flow” or “no display for flow” or actually “no flow” or there is “no flow in the ini-file.” In the case of CHAZOP one needs to consider various words such as “objects” (e.g., pump/heat exchange), “attribute” (e.g., flow, velocity temperature), and actions (e.g., operator action). Therefore in CHAZOP similar guided words are used but with different meanings and/or implications. Also to get better results it is necessary to add more guided words. All expressions shall be less ambiguous and complete so that hazards are not missed. Later a few words were added such as “early”/“late” to indicate an event or action relative to time and “before”/“after” to indicate the ordering of an action or event (Table IV/1.1.9-2). A few guide words used in various CHAZOP studies are listed in Table IV/1.5.4-1.

General brief outlines are discussed here. It is recommended that both preliminary as well as full CHAZOP are carried, so both the systems have been included in the discussion.

From the foregoing discussions it has been seen how safety aspects are dealt with in various layers and redundancies. Here, failures are taken into account, but control logic is not handled explicitly. There are no means to verify the logic requirements. For hazard analysis it is necessary that process is well represented. In the process and related controls, safety subsystems must be identified and suitable logic built for the safety system. It should be possible to verify the safety logic. In safety logic, all safety critical events shall be identified and then a questionnaire for the safety critical events shall be applied over the entire life cycle, as shown in Fig. IV/1.5.6-1.

Back in 1987, Parmer and Less developed a rule-based approach for automation of HAZOP. They developed knowledge representation regarding the propagation of faults/failures from each of the process units, such as pumps, heat exchanger, etc. They tried to include control systems such as sensors, control valves, controllers, etc. In this method they partitioned P&ID into several sections. In one section, a line was chosen for hazard analysis. They tried to find cause from an initial event in the process unit and consequence in the terminal unit. So, hazard analysis was restricted to the limit of the line under study. This is in contrast to the HAZARD analysis principle, which continues to the end of the process. Hence it could show immediate effects/consequences. They used FORTAN language for computer programming. In 1989 Water and Ponton studied automation of HAZOP through their simulation approach. For practical application, on account of its complexity, it did not become so popular. The rule-based approach was also introduced by Heino and Suokas in 1990. They developed rule-based logic to search for the cause and devised it in “If deviation type” and condition is like that… then probable cause will be… Naturally, in industrial applications, where there are so many possibilities, there will be too many rules to search for a cause. As a result this approach was difficult to handle. Also here, cause has more importance than consequence, which is the opposite in the normal HAZOP approach. A modeling language for chemical process and reactions was developed by Henning and Leone in 1990. This was mainly applicable to chemical processes involving reactions. Nagel in 1991 developed inductive and deductive type rules for hazard identification in chemical reactions in chemical plants. The rules although ideal for chemical processes involving complex reactions were not widely used for general industrial applications. In 1994–96 Venkatasubramanian and Vaidhyanathan developed an object-oriented model based on HAZOP expert systems with different approaches for continuous and batch processes. In 1997 Dimitradis, Shah, and Pentelides developed a quantitative approach toward HAZOP automation. In this approach it was necessary to identify the disturbance profile leading to hazards. In many cases, especially with nonlinearity, it was difficult to solve the problem. In the same year Faisal and Abbasi produced TOPHAZOP, a knowledge-based two-compartment general and specific software tool for projects. Objects, attributes, causes, and consequences were included in the model. While objects are developed in a frame structure with their attributes, causes and consequences are generated through rule-based systems by combining the rule with the framework. In 1998 Srinivasan, Shah, Dimitradis, and Venkatasubramanian developed a hybrid knowledge-based mathematical model, and in 1999 Turk developed a discrete model to capture hazards in continuous and sequential chemical process. In addition, there have been several other approaches for automating HAZOP: McCoy (1999), Bartolozzi (2000), Kanga (2003), and Zhao (2005). Of these the HAZOP expert-based system is applicable in a generalized way and is more acceptable on account of its quick process. However, this system requires a huge database and it is not very easy to integrate with CAD. In subsequent clauses, expert system, P&ID integration, and model-based systems will be touched upon. However, wide use of automated HAZOP in industrial scenarios has a long way to go! Some of the developments in this area will be highlighted in later clauses, enabling the reader to grasp some knowledge of automated HAZOP. Digraph shown Fig. IV/1.6.1-1 is often used in automated HAZOP.

HAZOP expert is an object-oriented model-based intelligent technique used to automate the HAZOP process. It is well known that no two plants are identical, hence the problems will be different. At the same time it is also true that the majority of time and effort is spent on routine work in a HAZOP study and there is commonality in this routine work. So, by automating this routine part (which is a major part), time, effort, and cost can be saved. But how can this routine work be matched with plant-specific issues? Another important issue to be noted is that automation is not meant to replace the HAZOP team but to supplement it, so that experts instead of being bogged down with routine work can concentrate on how to address the complex issues pertinent to the plant. To understand HAZOP expert it is better to refer to Fig. IV/1.6.2-1.

HAZOP expert discussed earlier has wide application, but for success it depends too much on a database. Also actual integration of CAD P&ID into the system is not so easy with normal P&ID, which depends too much on drafting, and manual input of process-specific data invites human error. It is now possible for various software packages to have a communication link to other external software packages. So, Intergraph's Smart Plant P&ID (SPPID), which is an asset-centric rule-driven CAD P&ID, is very helpful in integrating P&ID into the computer system. It depends more on plant data than drafting. This is helpful in exchanging specific plant data into the system. From this, an initial model based on signed directed graphs (SDGs) was developed. It had a few shortcomings. Subsequently, a layered directed graph (LDG) model-based HAZOP expert system (LDG HAZOP) was developed to overcome the shortcomings of SDG. The LDG model qualitatively highlights cause and effect relationships between process deviations with the help of HAZOP guide words. Here also a user interface with the system with the help of an I/O system at the user interface module is directly linked with document (DOC) and LDG modules, as shown in Fig. IV/1.6.3-1.

Another way HAZOP can be automated is by multilevel flow modeling (MFM). MFM is described in Fig. IV/1.6.4-1 and it is widely used in risk analysis.