A HAZOP (Hazard and Operability) study is a systematic study carried out by the application of “guidewords” to identify all deviations from design intent with undesirable effects for safety or operability. It is important to ensure that the HAZOP study (and meeting) covers all its required scope for the design, installation, operation and maintenance of water packages and water facilities under study.
Identifying significant safety issues and important operating concerns is the main focus of a HAZOP. Each threat to a water system or facility should systematically be identified and evaluated, then subsequently eliminated or mitigated. In HAZOP terms, each risk should be reduced to “as low as reasonably practical.” A significant safety concern is one which has the potential for a serious or major incident, while a substantial operating concern is an issue which required more than a four to five minute discussion.
A good recommendation for safety and operability of any water system or water facility is “simplicity.” In HAZOP, it should be properly noted to eliminate anything that “can be left out or simplified.” Too complex and too instrumented a water system is as unsafe and problematic as the lack of protection and control. Multiple layers of protection can be used to protect a water system, mechanical items or facility, but optimization should be necessary. Optimum number of protection layers need to be selected and orchestrated properly for a relatively simple and robust system.
HAZOP study in water systems
A HAZOP is a hazard study which concentrates on how the design will cope with abnormal conditions, rather than on how it will perform under normal conditions. The study is comprised of a review on the operation of each system and sub-system, examining each for possible causes of a wide range of abnormalities and their consequences.
HAZOP provides the opportunity to think creatively and examine ways in which hazards or operating problems might arise. To reduce the chance of missing something, a HAZOP is carried out in a systematic manner, using “guidewords” to consider each system and each type of hazard in turn. The study is carried out by a team so that input from all areas of functional expertise can be provided.
The results of a HAZOP depend heavily upon the experience and attitudes of the team members and on the leadership style adopted. In a HAZOP study, the members of the team should have good experience, knowledge and skills as well as be authorized to approve actions decided upon.
The optimum number for a HAZOP study team for ordinary facilities is five to seven. The situation is different for water machinery packages, such as water pump packages. The optimum number for a HAZOP study team for a water machinery package is six to nine. A large study team should be avoided, as it tends to adversely affect the meeting dynamics and effectiveness. If the study team is too small (say below five), it may lack the experience, knowledge, representation and diversity needed for an effective HAZOP study.
The individuals in a HAZOP will be responsible for providing expertise in his or her respective disciplines as it applies to the hazard analysis of water units and facilities being studied. Some experts may attend the HAZOP on a full-time basis and some of the engineers may be “on-call,” or attend only when needed.
It is necessary for HAZOP team members to have relevant experience, knowledge and authority so that they can make firm commitments and decisions in their areas of responsibility on the issues and matters that will be discussed during the HAZOP meetings. The selection of the technical members needs to ensure that the majority of the questions likely to be raised during the study can be answered at the meetings.
For major risk areas, the need for action is assessed quantitatively by “hazard study,” “reliability analysis” or similar. For less significant risks, the need for action can be based on experience and judgment. All actions can be appropriately addressed by the nominated HAZOP team members. The main aim of the meeting is to find problems needing solution, rather than the actual solution.
If the group becomes tied down by trying to resolve a problem, the issue can be noted as requiring further review outside the meeting and the study can be continued. As a general rule, approximately four to six minutes should be allocated to resolve any issues identified during a HAZOP study. If a solution cannot be agreed to within this timeframe then the issue is recorded and the study proceeds.
The reason for this approach is that a positive, open, questioning mindset is required from the team members. This allows creative brainstorming to identify possible abnormal water system conditions that may lead to potential hazardous events or significant operability problems. Teams that become tied down trying to resolve all issues one by one — in particular, problems that require further calculations, etc. — lose their creativity and thus the basis for the study effectiveness is lost.
HAZOP and operation
It is necessary to review all modes of operation of water facilities and water units under study. In HAZOP, guidewords usually need to be applied for each mode of operation. The operating conditions and operating procedures should receive considerable attention. Care must be taken to identify the less obvious modes, particularly those associated with shut-down systems and shut-down situations as well as the subsequent start-up.
Engineering specifications at tie-in points should carefully be checked to ensure that they either match or are compatible. Attention needs to be paid to piping/hosing specifications at tie-ins and battery limits. In many situations, the piping/connection specifications at both sides (of a battery limit) are not matched while the operating conditions seem the same. In this case, usually the higher specification (higher piping class and flange class) should be used for the tie-in.
Emergency shutdowns, alarms and interlocks in particular need to be reviewed to ensure that they are adequate. There can be some modifications and changes in different stages of a water facility project and the impacts of modifications on each section and sub-system should also be identified and assessed. Based on experiences, many of operational or generally post-start-up problems have not been identified at the HAZOP stage for water facilities and units. Generally, more care is needed for operational and maintenance issues in HAZOPs. An important consideration is the “fail safe” requirement. If a system or a sub-system fails, then it should fail in a safe position or mode.
The follow-up of recommendations arising from a HAZOP study is a key part of any HAZOP. The validity and effectiveness of the HAZOP study are seriously compromised if the recommendations are not followed through.
Practical notes on HAZOP
It is necessary to be thorough in listing causes of deviations in any HAZOP study. A deviation is considered realistic if there are sufficient causes to believe it can occur. However, only credible causes should be listed. Team judgment is used to decide whether to include events with a very low probability of occurring. Still, good judgment should be made by the team in determining what events have a low probability of occurring so that credible causes are not overlooked.
It is necessary to use proper guidewords in HAZOP for each line and each node. The following guidewords are noted as examples:
- High Flow/High Level
- Low Flow/Low Level
- Zero Flow/Empty
- Reverse Flow/Leak
- High Pressure
- Low Pressure
It should be verified that sufficient instrumentations are provided for operation and control. Optimum instrumentations and controls have always been encouraged and should be in correct locations. Proper alarms and trips need to also be identified. Too many instruments are as bad as not having enough. It is important to use the right materials of construction for each water equipment and facility. There have been many failures and damages, including many risks and safety issues, regarding the materials of construction.
Different start-up scenarios, such as first start-up, normal start-up, start-up after abnormal shutdown, etc., should be carefully reviewed and risks, safety issues and procedures should be evaluated. The same is to be done for shutdown scenarios. Other threats to be evaluated and covered are:
- Manufacturing, construction and installation defects
- External or internal corrosion
- External or internal erosion
- Earthquake, high-wind, ground movement and flooding.
One of the risks in a water system is vehicle or crane impact particularly during the construction or overhaul. Proper mitigation methods should be formulated for each risk and safety issue. Some examples include applying internal or external coatings to protect against corrosion, increasing the thickness to mitigate corrosion and erosion and others.
Flexible hoses, rubber hoses or similar instances might be sources of problems, leakages and danger. They may be avoided in some high reliability water systems.
HAZOP and abnormal situations
It is always useful to properly distinguish between “normal,” “abnormal” and “emergency” situations. Abnormal situations are undesirable disturbances or incidents which the control system and the basic operational procedure are not able to cope, requiring a human experienced operator to intervene to supplement the actions. An abnormal situation could be a simple upset condition quickly recognized and rectified by an operator action or a complex situation that could escalate to a critical safety incident where an emergency shut-down and evacuation are required. Prevention, early-detection and mitigation are key elements to managing abnormal situations in order to reduce unplanned shutdowns.
Studies of different abnormal situations have indicated two major sources of problems which are “alarm flood situation” and “shift handover.” All these studies specified that the focus should be on human operation factors, reliability and safety. The HAZOP assessment plays an important role in this regard. An optimum number of alarms and trips are to be identified and enforced in a HAZOP.
Too many alarms could be harmful which can result in “alarm flood situation” and other operational problems. An alarm optimization exercise should also be included in any HAZOP. Another important topic is the ability to handle water system disturbances that generate alarm floods. In other words, too often the risks and issues missed in the HAZOP study or not properly mitigated, such as those solved by just adding alarms, are responsible for alarm floods.
“Alarm management” processes and practices need to be employed to prevent alarm floods and to reduce the information overload to operators. The result of such a practice could minimize the potential damage caused by an operator missing a critical alarm. By using timely alarms that lead an operator to corrective actions, the goal is to improve safety to eliminate risks and increase efficiency.
Most effective “alarm management” methods include a combination of work processes, water system specific practices and software technologies. A successful approach is a continuous process started at the design and continued to the HAZOP, commissioning and operation; such a successful “alarm management” practice can reduce total alarms to less than 50 percent and, at the same time, can improve the overall safety and reliability. As an indication, for an “alarm management” approach the cost of various events, alarms and their levels need to be evaluated and the frequency of events must also be estimated. The end result should be fewer abnormal situations and safer operation combined with lower operating costs.
Amin Almasi is a rotating machine consultant in Australia. He is a chartered professional engineer of Engineers Australia (MIEAust CPEng – Mechanical) and IMechE (CEng MIMechE) in addition to a M.Sc. and B.Sc. in mechanical engineering and RPEQ (Registered Professional Engineer in Queensland). He specializes in rotating machines including compressors, gas turbines, steam turbines, engines, pumps, condition monitoring and reliability. Almasi is an active member of Engineers Australia, IMechE, ASME and SPE. He has authored more than 100 papers and articles dealing with rotating equipment, condition monitoring and reliability.