Rabu, 04 Juli 2007

Hazard and Operability (HazOp) Studies

General Description

Background.

A HazOp study identifies hazards and operability problems. The concept involves investigating how the plant might deviate from the design intent. If, in the process of identifying problems during a HazOp study, a solution becomes apparent, it is recorded as part of the HazOp result; however, care must be taken to avoid trying to find solutions which are not so apparent, because the prime objective for the HazOp is problem identification. Although the HazOp study was developed to supplement experience-based practices when a new design or technology is involved, its use has expanded to almost all phases of a plant's life. HazOp is based on the principle that several experts with different backgrounds can interact and identify more problems when working together than when working separately and combining their results.

The "Guide-Word" HazOp Is the most well known of the HazOps; however, several specializations of this basic method have been developed. These specializations will be discussed as modifications of the Guide-Word approach, but they are not to be regarded as less useful than the Guide-Word approach. Indeed, In many situations these variations may be more effective than the Guide-Word approach.

Concept.

The HazOp concept is to review the plant in a series of meetings, during which a multidisciplinary team methodically "brainstorms" the plant design, following the structure provided by the guide words and the team leader's experience.

The primary advantage of this brainstorming is that it stimulates creativity and generates ideas. This creativity results from the interaction of the team and their diverse backgrounds. Consequently the process requires that all team members participate (quantity breeds quality in this case), and team members must refrain from criticizing each other to the point that members hesitate to suggest Ideas.

The team focuses on specific points of the design (called "study nodes"), one at a time. At each of these study nodes, deviations In the process parameters are examined using the guide words. The guide words are used to ensure that the design is explored In every conceivable way. Thus the team must identify a fairly large number of deviations, each of which must then be considered so that their potential causes and consequences can be identified.

The best time to conduct a HazOp is when the design is fairly firm. At this point, the design is well enough defined to allow meaningful answers to the questions raised in the HazOp process. Also, at this point it is still possible to change the design without a major cost. However, HazOps can be done at any stage after the design is nearly firm. For example, many older plants are upgrading their control and Instrumentation systems. There is a natural relationship between the HazOp deviation approach and the usual control system design philosophy of driving deviations to zero; thus It Is very effective to examine a plant as soon as the control system redesign is firm.

The success or failure of the HazOp depends on several factors:

* The completeness and accuracy of drawings and other data used as a basis for the study

* The technical skills and insights of the team

* The ability of the team to use the approach as an aid to their Imagination in visualizing deviations, causes, and consequences

* The ability of the team to concentrate on the more serious hazards which are identified.

The process is systematic and It Is helpful to define the terms that are used:

a. STUDY NODES - The locations (on piping and Instrumentation drawings and procedures) at which the process parameters are Investigated for deviations.

b. INTENTION - The intention defines how the plant is expected to operate in the absence of deviations at the study nodes. This can take a number of forms and can either be descriptive or diagrammatic; e.g., flowsheets, line diagrams, P&IDs.

c. DEVIATIONS - These are departures from the intention which are discovered by systematically applying the guide words (e.g., "more pressure").

d. CAUSES - These are the reasons why deviations might occur. Once a deviation has been shown to have a credible cause, it can be treated as a meaningful deviation. These causes can be hardware failures, human errors, an unanticipated process state (e.g., change of composition), external disruptions (e.g., loss of power), etc.

e. CONSEQUENCES - These are the results of the deviations should they occur (e.g., release of toxic materials). Trivial consequences, relative to the study objective, are dropped.

f. GUIDE WORDS - These are simple words which are used to qualify or quantify the intention in order to guide and stimulate the brainstorming process and so discover deviations. The guide words shown in Table 4-3 are the ones most often used in a HazOp; some organizations have made this list specific to their operations, to guide the team more quickly to the areas where they have previously found problems. Each guide word is applied to the process variables at the point in the plant (study node) which is being examined. For example:

Guide Words

Parameter

Deviation

NO

FLOW

NO FLOW

MORE

PRESSURE

HIGH PRESSURE

AS WELL AS

ONE PHASE

TWO PHASE

OTHER THAN

OPERATION

MAINTENANCE

These guide words are applicable to both the more general parameters (e.g., react, transfer) and the more specific parameters (e.g., pressure, temperature).

TABLE 4-3 HAZOP GUIDE WORDS AND MEANINGS

Guide Words

Meaning

No

Negation of the Design Intent

Less

Quantitative Decrease

More

Quantitative Increase

Part Of

Qualitative Decrease

As Well As

Qualitative Increase

Reverse

Logical Opposite of the Intent

Other Than

Complete Substitution

With the general parameters, meaningful deviations are usually generated for each guide word. Moreover, it is not unusual to have more than one deviation from the application of one guide word. For example, "more reaction" could mean either than a reaction takes place at a faster rate, or that a greater quantity of product results. With the specific parameters, some modification of the guide words may be necessary. In addition, it is not unusual to find that some potential deviations are eliminated by physical limitation. For example, if the design intention of a pressure or temperature is being considered, the guide words "more" or "less" may be the only possibilities.

There are other useful modifications to guide words such as:

* SOONER or LATER for OTHER THAN when considering time

* WHERE ELSE for OTHER THAN when considering position, sources, or destination

* HIGHER and LOWER for MORE and LESS when considering elevations, temperatures, or pressures.

Finally, when dealing with a design Intention involving a complex set of interrelated plant parameters (e.g., temperatures, reaction rates, composition, or pressure), it may be better to apply the whole sequence of guide words to each parameter individually than to apply each guide word across all of the parameters as a group. Also, when applying the guide words to a sentence it may be more useful to apply the sequence of guide words to each word or phrase separately, starting with the key part which describes the activity (usually the verbs or adverbs). These parts of the sentence usually are related to some impact on the process parameters. For example, in the sentence "The operator starts flow A when pressure B is reached", the guide words would be applied to:

* flow A (no, more, less, etc.)

* when pressure B is reached (sooner, later, etc.)

Guidelines for Using Procedure

The concepts presented above are put into practice in the following steps:

1. Define the purpose, objectives, and scope of the study

2. Select the team

3. Prepare for the study

4. Carry out the team review

5. Record the results.

It is important to recognize that some of these steps can take place at the same time. For example, the team reviews the design, records the findings, and follows up on the findings continuously. Nonetheless, each step will be discussed below as separate items.

1. Define the Purpose, Objectives, and Scope of the Study.

The purpose, objectives, and scope of the study should be made as explicit as possible. These objectives are normally set by the person responsible for the plant or project, assisted by the HazOp study leader (perhaps the plant or corporate safety officer). It is important that this interaction take place to provide the proper authority to the study and to ensure that the study is focused. Also, even though the general objective is to identify hazards and operability problems, the team should focus on the underlying purpose or reason for the study. Examples of reasons for a study might be to:

* Check the safety of a design

* Decide whether and where to build

* Develop a list of questions to ask a supplier

* Check operating/safety procedures

* Improve the safety of an existing facility

* Verify that safety instrumentation is reacting to best parameters.

It is also important to define what specific consequences are to be considered:

* Employee safety (in plant or neighboring research center)

* Loss of plant or equipment

* Loss of production (lose competitive edge in market)

* Liability

* Insurability

* Public safety

* Environmental impacts.

For example, a HazOp might be conducted to determine where to build a plant to have the minimal impact on public safety. In this case, the HazOp should focus on deviations which result in off-site hazards.

2. Select the Team.

Ideally, the team consists of five to seven members, although a smaller team could be sufficient for a smaller plant. If the team is too large, the group approach fails. On the other hand, if the group is too small, it may lack the breadth of knowledge needed to assure completeness. The team leader should have experience in leading a HazOp. The rest of the team should be experts in areas relevant to the plant operation. For example, a team might include:

* Design engineer

* Process engineer

* Operations supervisor

* Instrument design engineer

* Chemist

* Maintenance supervisor

* Safety engineer (if not HazOp leader).

The team leaders most important job is to keep the team focused on the key task: to identify problems, not necessarily to solve them. There is a strong tendency for engineers to launch into a design or problem-solving mode as soon as a new problem comes to light. Unless obvious solutions are apparent, this mode should be avoided or it will detract from the primary purpose of HazOp, which is hazard identification.

In addition, the team leader must keep several factors in mind to assure successful meetings: (1) do not compete with the members; (2) take care to listen to all of the members; (3) during meetings, do not permit anyone to be put on the defensive; (4) to keep the energy level high, take breaks as needed.

3. Prepare for the Study.

The amount of preparation depends upon the size and complexity of the plant. The preparative work consists of three stages: obtaining the necessary data; converting the data to a suitable form and planning the study sequence; and arranging the meetings.

a. Obtain the necessary data.

Typically, the data consist of various drawings in the form of line diagrams, flowsheets, plant layouts, isometrics, and fabrication drawings. Additionally, there can be operating instructions, instrument sequence control charts, logic diagrams, and computer programs. Occasionally, there are plant manuals and equipment manufacturers manuals. The data must be inspected to make sure they pertain to the defined area of study and contain no discrepancies or ambiguities.

b. Convert the data into a suitable form and plan the study sequence.

The amount of work required in this stage depends on the type of plant. With continuous plants, the preparative work is minimal. The existing, up-to-date flowsheets or pipe and instrument drawings usually contain enough information for the study, and the only preparation necessary is to make sure that enough copies of each drawing are available. Likewise, the sequence for the study is straightforward. The study team starts at the beginning of the process and progressively works downstream, applying the guide words at specific study nodes. These nodes are established by the team leader prior to any meetings. The team leader will generally define the study nodes in pipe sections. These nodes are points where the process parameters (pressure, temperature, flow, etc.) have an identified design intent. Between these nodes are found the plant components (pumps, vessels, heat exchangers, etc.) that cause changes in the parameters between nodes. While the study nodes should be identified before the meetings, it is to be expected that some changes will be made as the study progresses due to the learning process that accompanies the study.

With batch plants, the preparative work is usually more extensive, primarily because of the more extensive need for manual operations; thus, operation sequences are a larger part of the HazOp. This operations information can be obtained from operating instructions, logic diagrams, or instrument sequence diagrams. In some circumstances (e.g., when two or more batches of material are being processed at the same time), it may be necessary to prepare a display indicating the status of each vessel on a time basis. If operators are physically involved in the process (e.g., in charging vessels) rather than simply controlling the process, their activities should be represented by means of process flow charts.

The team leader will usually prepare a plan for the sequence of study before the study starts to make sure that the study team approaches the plant and its operation methodically. This means the team leader must spend some time before the meetings to determine the 93best94 study sequence, based on how the specific plant is operated.

The team leader will often have to prepare a representation of the equipment (logic diagram, flow chart, etc.) tailored to suit the application of the HazOp technique to the equipment. This may include a display of the relationship of the equipment with operators and with other plant equipment. The preparative work will often involve a lengthy dialogue between the project engineer and the team leader and sometimes involves the component manufacturers as well. The team leader will prepare a plan for the study and discuss the equipment representations and the plan with the team before starting the study.

c. Arrange the necessary meetings.

Once the data have been assembled and the equipment representations made (if necessary), the team leader is in a position to plan meetings. The first requirement is to estimate the team-hours needed for the study. As a general rule, each individual part to be studied, e.g., each main pipeline into a vessel, will take an average of fifteen minutes of team time. For example, a vessel with two inlets, two exits, and a vent should take one and a half hours for those elements and the vessel itself. Thus, an estimate can be made by considering the number of pipelines and vessels. Another way to make a rough estimate is to allow about three hours for each major piece of equipment. Fifteen minutes should also be allowed for each simple verbal statement such as "switch on pump", "motor starts", or "pump starts".

After estimating the team-hours required, the team leader can arrange meetings. Ideally, each session should last no more than three hours (preferably in the morning). Longer sessions are undesirable because their effectiveness usually begins to fall off. Under extreme time-pressures, sessions have been held for two consecutive days; but such a program should be attempted only in very exceptional circumstances, (for example, when the team is from out of town and travel every day is not acceptable.)

With large projects, it has been found that often one team cannot carry out all the studies within the allotted time. It may therefore be necessary to use several teams and team leaders. One of the team leaders should act as a coordinator to allocate sections of the design to different teams and to prepare time schedules for the study as a whole.

4. Carry Out the Team Review.

The HazOp study requires that the plant schematic be divided into study nodes and that the process at these points be addressed with the guide words. As shown in Figure 4-4, the method applies all of the guide words in turn and either of two outcomes is recorded: (1) more information is needed, or (2) the deviation with Its causes and consequences. If there are obvious remedies, these too are recorded.

FIGURE 4-4 HAZOP METHOD FLOW DIAGRAM

As hazards are detected, the team leader should make sure that everyone understands them. As mentioned earlier, the degree of problem-solving during the examination sessions can vary. There are two extreme positions:

* A suggested action is found for each hazard as it is detected before looking for the next hazard

* No search for suggested actions is started until all hazards have been detected.

In practice, there is a compromise. It may not be appropriate or even possible for a team to find a solution during a meeting. On the other hand, if the solution is straightforward, a decision can be made and the design and operating instructions modified immediately. To some extent, the ability to make immediate decisions depends upon the type of plant being studied. With a continuous plant, a decision made at one point in a design may not invalidate previous decisions concerning upstream parts of the plant which have already been studied--but this possibility always has to be considered. For batch plants with sequence control, any alteration in the design or mode of operation could have extensive implications. If a question is noted for future evaluation, a note is also made of the person responsible for follow-up.

Although the team leader will have prepared for the study, the HazOp technique may expose gaps in the available plant operating information or in the knowledge of the team members. Thus it may sometimes be necessary to call in a specialist on some aspects of how the plant is intended to operate or even to postpone certain parts of the study in order to obtain more information.

Once a section of pipeline or a vessel or an operating instruction has been fully examined, the team leader should mark (e.g., "yellow out") his or her copy to that effect. This action ensures comprehensive coverage. Another way of doing this Is that once every part of a drawing has been examined, the study leader certifies that the examination has been completed in an appropriate box on the flowsheet.

5. Record the Results.

The recording process Is an important part of the HazOp. It is impossible to record manually all that is said, yet it is very important that all ideas are kept. It is very useful to have the team members review the final report and then come together for a report review meeting. The process of reviewing key findings will often fine-tune these findings and uncover others. The success of this process demands a good recording scheme.

First, a HazOp form should be filled out during the meeting (a sample is given in Figure 4-5). This form is best filled out by an engineer who can be less senior than the team members. This recorder is not necessarily part of the team but, as an engineer, can understand the discussions and record the findings accurately. Other means of recording can be developed as best suits the organization. Some have found that when insufficient information is available to make a decision, cards are filled out so that the responsible individual is reminded of the action item. It has also been found useful to tape-record the sessions and have them transcribed. This saves the only complete record of the discussions and the reasoning behind the recorded findings, and it can be invaluable later in the plant life when the plant is modified, or if an event occurs which Is the result of a deviation.

FIGURE 4-5 SAMPLE OF HAZOP WORKSHEET

Example

Consider, as a simple example, the continuous process shown in Figure 4-6. In this process, the phosphoric acid and ammonia are mixed, and a non-hazardous product, diammonium phosphate (DAP), results if the reaction of ammonia is complete. If too little phosphoric acid is added, the reaction is incomplete, and ammonia is produced. Too little ammonia available to the reactor results in a safe but undesirable product. The HazOp team is assigned to investigate "Personnel Hazards from the Reaction".

FIGURE 4-6. CONTINUOUS PROCESS EXAMPLE FOR HAZOP TECHNIQUE

The team leader starts with a study node and applies the guide words to the process parameters. Thus, for study node 1:

I. NO

a. NO & FLOW --- no flow at study node 1

b. Consequences: excess ammonia In reactor and release to work area

c. Causes

-- valve A falls closed

-- phosphoric acid supply exhausted

-- plug in pipe, pipe ruptures

d. Suggested action: automatic closure of valve B on loss of flow from phosphoric acid supply.

II. LESS

a. LESS & FLOW --- reduced flow at study node 1

b. Consequences: excess ammonia in reactor and release to work area. Amount released is related to quantitative reduction in supply. Team member assigned to calculate toxicity level versus flow reduction.

c. Causes:

-- valve A partially closed

-- partial plug or leak in pipe

d. Suggested action: automatic closure of valve B based on reduced flow in pipe from phosphoric acid supply. Set point dependent on toxicity versus reduced flow calculations.

III. MORE

a. MORE & FLOW --- increased flow at study node 1

b. Consequences: excess phosphoric acid degrades product but presents no hazard to workplace.

IV. PART OF

a. PART OF & FLOW --- decreased concentration of phosphoric acid at study node 1

b. Consequences: see II.b (low flow consequences)

c. Causes

-- vendor delivers wrong material or concentration

-- error in charging phosphoric acid supply tank

d. Suggested Action: Add check of phosphoric acid supply tank concentration after charging procedures.

V. AS WELL AS

a. AS WELL AS & FLOW Increase concentration of phosphoric acid

(not a realistic consideration since highest available concentration used to charge supply).

VI. REVERSE

a. REVERSE & FLOW --- reverse flow at study node 1

b. Consequences:

c. Causes: no reasonable mechanism for reverse flow.

VII. OTHER THAN

a. OTHER THAN & FLOW material other than phosphoric acid in line A

b. Consequences: Depends on substitution; team member assigned to test potential substitutions based on availability of other materials at site and similarity in appearance

c. Causes:

-- wrong delivery from vendor

-- wrong material chosen from plant warehouse

d. Recommended Action: Plant procedures to provide check on material chosen before charging phosphoric acid supply tank.

This process then continues by choosing other process parameters and combining them with the guide words.

HazOp Variations

1. Knowledge-Based HazOp

The knowledge-based HazOp is a specialization of the Guide-Word HazOp in which the guide words are replaced by the team's and leader's knowledge and specific checklists. This knowledge base is used to compare the design to established basic design practices which have been developed and documented from previous plant experience. The implicit premise of this version of the HazOp is that the organization has extensive design standards and the team members are familiar with them. An important advantage of this method is that the lessons learned over many years of experience are incorporated into the Company's practices and are thus available for use at all stages in the design and construction of the plant. Thus, the Knowledge-Based HazOp study can help ensure that the company's practices, and therefore its past experience, have indeed been incorporated in the design.

Comparison of a design in the Knowledge-Based HazOp with codes and practices will generate a set of questions which are different from the Guide-Word HazOp. For example, questions might be:

* "Shouldn't the design be like ..."

* "Will this change cover the hazard at the same risk level?"

As a more specific example, consider the discharge from a centrifugal pump. The Guide Word HazOp would apply the guide word REVERSE to identify the need for a check valve. The Knowledge-Based HazOp would identify the need for a check valve because an actual problem was experienced with reverse flow and the use of check valves on a centrifugal pump discharge has been adopted as a standard practice. Figure 4-7 shows an expanded checklist for centrifugal pumps from one company's Knowledge-Based HazOp checklist. The complete checklist can be found in Process Checklist, Personnel Checklist, Fire Checklist.

1. Can Casing Design Pressure be Exceeded?

* Maximum suction pressure + shutoff delta P

- Note: If pump curve not available, shutoff delta P (motor drive) may be estimated as 120 percent of operating delta P and shutoff delta P (turbine-drive) may be estimated as 132 percent of operating delta P.

* Higher than design specific gravity of pumped fluid
- During startup
- During upsets

2. Is Downstream Piping/Equipment Adequately Rated?

* If downstream blockage raises suction pressure:
DP = maximum Suction P + shutoff delta P

* If downstream blockage does not raise suction pressure,
DP = the greater of:
normal suction plus shutoff delta P or
maximum suction plus normal delta P

3. Is Backflow Prevented?

* Check valve in discharge

* Double check valve for delta P >1,000 psi

4. Suction Piping Overpressure (single pumps)

* Suction valve, flange, and connecting piping same as suction line DP

5. Suction Piping Overpressure (parallel pumps)

* Suction valve and intervening component DP>3/4 pump discharge DP

6. Is Damage from Low Flow Prevented?

* Recycle system to ensure 20 percent best-efficiency-point flow

7. Can Fire Be Limited?

* Provide isolation valve(s) if suction vessel(s) inventory is:
- light ends > 2,000 gallons, or
- HC liquid above 6000F > 2,000 gallons, or
- HC liquid >4,000 gallons

* Remote actuated if:
- 10" or larger line size, or
- located in fire risk area (<25 ft. horizontal)
Note: Valve activator and exposed cable fireproofed

FIGURE 4-7. SAMPLE WORKSHEET FOR KNOWLEDGE-BASED HAZOP: CENTRIFUGAL PUMPS

It is also important to note that the Guide-Word HazOp approach can be used to supplement this approach to ensure that new problems are not overlooked when portions of the process involve major changes in equipment technology or novel chemistry. (See C. H. Solomon for more details.)

2. Creative Checklist HazOp

The Creative Checklist HazOp study was developed to address two needs:

* The need for a study that can be carried out earlier in the design, based only on the materials to be used

* The need for a study that can examine adverse interactions resulting from the proximity of the units of the plant, or interaction of the units and the environment.

This form of HazOp utilizes the same basic form as the Guide Word HazOp listed above. At an early stage in a project, the only data available could be a list of all material likely to be used, together with a site plan and a block layout of the site.

First, the materials are compared to a hazards checklist (fire, toxicity, reactivity) and the team determines which hazards could really exist. The hazardous materials are inventoried, and such information as the likely volume of each material is listed.

The second part of this study is to associate each unit of the site plan with the hazards list created in the first part. This results in a series of hypothetical "unit hazards". If the team feels that a given unit hazard is real, they identify potential actions and/or guidelines which should be followed in the subsequent design phase to minimize the risks. Because the study takes place before the site has been finalized, a decision to abandon a site, if necessary, could be made during this study.

This HazOp is very similar to the Preliminary Hazard Analysis (PHA) described in this document. It does have the advantage of conducting the study of an early design by a team rather than by one or two people. Of course, it will also be more expensive because more people are involved.

References

Solomon, C. H., "The Exxon Chemicals Method for Identifying Potential Process Hazards", I Chem E Loss Prevention Bulletin No. 52, August 1983.

Knowlton, E., "Creative Checklist Hazard and Operability Studies", Chemical Manufacturers Association, Process Safety Management Workshop, Arlington, Virginia, May 1985.


Adapted from: Guidelines for Hazard Evaluation Procedures.

Tidak ada komentar:

Posting Komentar