I have completed a Controls Hazard and Operability (CHAZOP or C-HAZOP) study, but how do I know if I have done enough? What is the next step?

In a CHAZOP study, hazards arise from failures related to the control system elements. Failure of the control system elements may cause: operators unable or partially unable to monitor process status of the plant that is still in control, control system enters unpredictable operating mode, hardware inputs and outputs frozen or in unpredictable states, operator cannot make changes or activate/deactivate overrides or bypasses, operators is unable to turn on or off equipment, or the operator is unable to stop the process when required. All of these events can develop into severe accidents.

When do we require advanced process hazard analysis (PHA) methodologies? CHAZOP is a qualitative PHA methodology where the team’s objective is to brainstorm and identify potential hazards, and verify there is an adequate level of protection based on the consequences associated with those hazards. The PHA standard implemented by the facilities operating company will provide guidance to highlight scenarios which require more thorough review. Scenarios which have complex consequences and scenarios with high inherent risk, typically health and safety scenarios, tend to be reviewed with a more quantitative methodology.

The next step with high inherent risk and complex scenarios is to review them in a Layer of Protection Analysis (LOPA) study. LOPA is a semi-quantitative PHA methodology, where the PHA team evaluates the independence of safeguards, as well as applies more accurate failure rate data. The improved failure rate data is used to determine a frequency of the consequence identified in CHAZOP, which is compared to tolerable frequency.

Prior to conducting the LOPA study, it is very important to understand the scope of the LOPA. The LOPA scope is always a subset of the CHAZOP scope, which is chosen as per the PHA standards of the operating company. The LOPA methodology is used to gain a better understanding of the scenarios identified in the CHAZOP, not to identify further hazards. Therefore, the LOPA will be limited to the type of identified control system related hazards identified in the initial CHAZOP study.