SA SAFETY

Safety Engineering,
Risk Analysis
and Asset Integrity
Safe design from concept to operation

INERCO is currently developing major worldwide projects in the matter of industrial safety for large engineering
companies and operators in industries such as Oil & Gas (upstream and downstream), petrochemical, chemical,
mining and energy.

Keywords
Safety, Tools in the field of risk analysis, Risk management

Juan Santos Remesal Gabriela Reyes Delgado

Manager Industrial Safety Division INERCO Process Safety Area Manager INERCO
Alfredo Ramos Rodriguez Pastora Fernández Zamora
Head of Industrial Safety Department INERCO Risk Assessments Area Manager INERCO

62 Industria Química Special Achema 2015


IN EACH SECTOR advanced safety
criteria as well as applicable
international standards and
regulations are used. The set of tools
applied in the projects goes from,
among others, HAZID/HAZOP Studies,
SIL Analysis (SIL Index Determination,
Safety Requirement Specification
or SRS and SIL Verification), LOPA
Analysis, Fire & Gas system design,
Quantitative Risk Analysis and
ALARP, to studies as RAMS Analysis,
Risk-Based Inspection (RBI) and
Risk Centered Maintenance (RCM),
BOW-TIE, Safety Critical Elements
Determination and design standards
for these elements.
Thus, both the promoters of
these projects, as the engineering
companies that developed them,
implement, at the different stages of
the project, risk analysis tools focused
on increasing safety levels and achieve
goals such as:
• Identification of hazards from
external sources that can potentially
affect on plant inside.
• Identification of hazards from
internal sources that may lead to
an accident scenario, due to the
hazardous characteristics associated
with the substances present and to
operations during construction and
operation phases of the plant.
• Estimation of the consequences.
According to the hazardous
characteristics of the substances
capable of causing any risk situation
quantifying the effects and
consequences.
• Estimation of the probability of
occurrence for the identified hazards,
so that the overall risk of the facilities
can be known, once its consequences
are assessed.
• Identification of those points in
the facilities where improvements
might be needed in the design,
inspection and maintenance to reach
a safer operation.
• Identification of areas, facilities,
equipment and processes that
contribute the most to risk, in order
www.industriaquimica.es
SAFETY ENGINEERING, RISK ANALYSIS AND ASSET INTEGRITY
to establish adequate mitigation or
protection measures to have in all
cases an acceptable risk associated
with the facilities.
• Defining the strategic action plan
in emergencies and development of
emergency and contingency plans.
Among others, the most widely used
tools in the field of risk analysis are:
• HAZID Analysis
• HAZOP Analysis
• Bow-Tie Analysis
• SIL analysis (SIL Index Determination,
Safety Requirement Specification or
SRS and SIL Verification)
• QRA or HAZAN Analysis
• FHA/FEHA
• FMEA Analysis
• RAMS Analysis
• Risk-Based Studies Inspection
(RBI) and Risk Centered Maintenance
(RCM)
• Safety Critical Elements (SCEs) and
Performance Standards (PSs)
• EERA
• SVA
HAZID (HAZARD
IDENTIFICATION) ANALYSIS
HAZID analysis is a tool to identify
hazards and make an initial assessment
of the risks. It aims to identify at an
early stage all the hazards that the
project can be exposed to, from an
internal and external point of view.
The areas where hazards are identified
and risks are assessed include
geographic location, environmental
conditions, requirements in matter of
environmental, engineering, safety,
security or prevention of occupational
hazards.
The timing of a HAZID study is
critical to maximize profit. Inevitably a
HAZID will lead to changes in design
or operational changes of the plant.
It takes time to implement these
changes, the optimal time for a HAZID
is in basic engineering and before
starting the detailed design.
The expected results of this type
of study are, that in an early stage,
hazards in all these areas are known
sooner, before taking decisions that
lead us to take significant risks or
incur into significant costs due to
the need to implement mitigation
measures; to have a hazard register of
the identified hazards and a corrective
action plan in which the strategy of
risk management is indicated and
measures to avoid, reduce or control
them during design phase are in
place; the measures taken can be
planned, implemented and audited
or controlled in time by the project
management; and delays in the
design or construction and budgetary
slippages by unidentified hazards are
avoided.
HAZOP (HAZARD AND
OPERABILITY) ANALYSIS
HAZOP studies are conducted in order
to identify all those deviations from
the design conditions that can lead
to accidents, or constitute serious
operability problems, with special
attention to deviations that can cause
accidents with major consequences.
The team working on a HAZOP
follows an analytical structure through
a set of guidewords (no, more, less,
etc.) to examine deviations from the
normal process conditions at key
points (called NODES) of the unit.
These guidewords are applied to
the most relevant parameters (flow,
pressure, temperature, level, etc.)
in order to identify potential causes
that can lead to this situation, the
consequences of the deviation of
these parameters from the expected
values and safeguards installed to
avoid them.
As a result of the development and
application of HAZOP methodology to
industrial facilities, recommendations
would be obtained, for example,
concerning the design conditions of
the facilities (lines, equipment, need
for additional instrumentation, valves,
instrumentation and equipment
accessibility, etc.), alarm configuration
in controllers and indicators, status
indication of motors, verification of
Industria Química 63
SAFETY

Table 1.

PROJECT PHASE RISK ANALYSIS METHODOLOGY EXPECTED RESULTS

- Guidance for the selection process

HAZID - Detect unacceptable process hazards
CONCEPTUAL ENGINEERING CHECKLIST - Help for process design
WHAT IF - Identify key process modifications that reduce the risk level.
- Assist in the geographical location of the project

PHA
HAZID - Identify hazards in a more detailed way in the selected
CHECKLIST process and in the proposed design
BASIC ENGINEERING
WHAT IF - Risks associated with the geographic location
FMEA - Risks on special or critical equipment in the process
HAZOP

CHECKLIST
WHAT IF
FMEA
PHA
HAZOP
BOW-TIE - Identify all the hazards in the process, assessing the
Critical Elements studies, Safety associated risks
DETAILED ENGINEERING Barriers and performance standards - Identify aspects of the operation not initially contemplated
SIL/VERIFICATION AND SRS - Help to establish operating, commissioning and start-up
QRA procedures
FHA
RAMS
RBI/RCM
EERA
SVA

CHECKLIST
HAZOP
- Ensure the operation and that the information regarding
SIL/VERIFICATION AND SRS
quality, legal requirements, process safety and operating
FHA
procedures are complete and up to date
FACILITIES IN OPERATION QRA
- Incorporate lessons learned from recent accidents or
RAMS
incidents and consider the addition of new equipment,
RBI/RCM
systems and technologies that will improve safety levels
EERA
SVA

the design conditions of safety valves
or the need to install or configure
an interlock system or Safety
Instrumented System in the facilities.
BOW-TIE ANALYSIS
The bow-tie analysis is a model that
represents how a hazard can be
released, escalate and how it is
controlled. This methodology is
usually applied to Major Accidents
Hazards (MAH). For each MAH, the
bow-tie methodology allows:
• Identification of the hazard
release, escalation and consequence
scenarios.
• Identification of controls, e.g.
barrier and escalation factor controls
required to manage hazards.
• C a t e g o r i s a t i o n o f c o n t ro l s
into Inherent Safety, Safety Critical
Element (hardware) or Critical activity
(procedures, processes, operator action).
• A clear visual representation
to enable ALARP review to be
undertaken.
• An aid in the incident review
process if occurrence of such a major
incident has occurred.
The role of a barrier on the bow-tie
diagrams is to prevent (Left hand side
of BT) or limit (Right hand side of BT)
the consequence of a major accident.
The barriers are divided into the
following different types: Structural
Integrity (SI), Process Containment
(PC), Ignition Control (IC), Detection
Systems (DS), Shutdown Systems (SD),
Protection Systems (PS), Emergency
Response (ER), Life Saving (LS).
Barriers shall be effective in preventing
the Top Event or Consequence, able
to prevent a specific Threat from
releasing the Hazard, Verifiable – how
shall the effectiveness of the barrier be
confirmed? And Independent of other
barriers in the same Threat line, e.g.
no ‘common mode failure’.
SIL ANALYSIS (SAFETY
INTEGRITY LEVEL)
SIL analysis is a risk study applied
to interlock systems or Safety
Instrumented Systems (SIS), in which
the safety level or SIL index (Safety
Integrity Level) is analyzed. In this
sense, the SIL index has a direct
relation with the average Probability
of Failure on Demand and the Risk
Reduction Factor.
Functional Safety regulations and
standards, ANSI-ISA-S84 and IEC-
61511/61508 establish the different
stages to cover in the Safety Life Cycle

64 Industria Química Special Achema 2015


of a Safety Instrumented System, from
initial conception until its removal.
According to the above normative,
there are several methodologies for
the development of SIL analysis, that
may be qualitative (Risk Graphs),
semiqualitative (Calibrated Risk Graph
or Risk Matrices), semiquantitative
( L O PA A n a l y s i s a n d L a y e r s o f
Protection Analysis) or quantitative
(Markov Analysis or Quantitative
Risk Analysis). The methodology
finally used must be selected by the
engineering company according to
specifications, the critical nature of
processes and resources allocated for
the development of the study and will
be based on risk acceptability criteria
established by the Property.
SRS (SAFETY REQUIREMENT
SPECIFICATION) AND
SIL VERIFICATION FOR
THE CONCEPTUAL
DESIGN OF THE SIS
SRS or Safety Requirement Specification
is another step in the life cycle of
Safety Instrumented Systems in which
the safety requirement specification
is developed, essentially the system
operation philosophy. Each safety
function must have an associated
SIL requirement and reliability
requirements for spurious trip. It should
include all operating conditions of the
process, from start-up to shutdown,
including maintenance for each
operation mode of the process.
www.industriaquimica.es
SAFETY ENGINEERING, RISK ANALYSIS AND ASSET INTEGRITY
SIS requirements shall be expressed
and structured so that they are clear,
accurate, verifiable, sustainable,
feasible and written so that they can
be understood and applied. The design
requirements specification for the SIS
shall include the system or system
component function, the actions
that the system or component shall
do under prescribed circumstances
(functional specification) and the
required integrity (reliability and
availability) to operate in these
circumstances (integrity specification).
SIS conceptual design is specified in
SIL Verification, defining the acquisition
of the elements of the SIS according to
safety and reliability criteria, as well as
setting ranges of system maintenance,
to comply with safety specifications
derived from the SIL index determined
in the previous step.
QRA (QUANTITATIVE RISK
ASSESSMENT) OR HAZAN
(HAZARD ANALYSIS)
Quantitative Risk Assessment
or HAZard ANalysis is a tool by
which a risk identification followed
by a numerical evaluation of its
consequences and frequencies of
occurrence is performed, to finally
combine both factors and obtain
a risk measure associated to the
activity analyzed on people. This
risk measure can be performed for
both to employees as to the outside
population of the facilities.
The general methodology of QRA
development comprises: identifying
accident initiating events, causes and
frequencies, determining the evolution
of initiating events to end accidents,
determining the probability of weather
conditions, the lethal threshold values,
the range of the lethal consequences
and determination of the probability
of people presence nearby and / or
distribution of workers at the facility
and risk quantification through a
combination of all the above factors,
for all scenarios identified.
The results of the QRA will allow,
among other applications, to compare
obtained risk levels with tolerable
individual and social risk levels, or to
identify those accidental scenarios
that contribute the most to risk,
to make decisions on optimal risk
reduction measures to implement in
order to achieve acceptable risk levels
in case that the risk obtained is not
acceptable. It is a dynamic tool to be
updated not only during engineering
but also during operation since
the enlargement and new projects
modify the risk and will be useful for
management and decision making
regarding the safety of the facilities.
FHA (FIRE HAZARD
ANALYSIS), FEHA (FIRE
AND EXPLOSION HAZARD
ANALYSIS) OR CONSEQUENCE
SCOPE ANALYSIS
Fire Hazard Analysis or Fire and
Industria Química 65
SAFETY
Explosion Hazard Analysis is a
structured and systematic approach
to identify and assess fires and
explosions, to ensure, in the design
of the facilities, adequate fire and
overpressure protections for various
equipment and facilities, reducing
the possibility of accidental climbing
and ensuring as far as possible the
integrity of the plant.
Consequence Scope Analysis include
hazard identification, consequences
calculation and risk zones according
to predefined threshold values and
the calculation of vulnerability of
people and property.
T h e re s u l t s a l l o w o b t a i n i n g
information to ensure safe and reliable
operation of the facilities for all phases
of the project.
FMEA ANALYSIS
(FAILURE MODE
EFFECTS ANALYSIS)
Failure Mode Effects Analysis (FMEA)
is a technique for identifying hazards
associated with equipment of a
process plant. This tool aims in its
application, to establish possible
faults in each and every one of the
elements (process and control) in a
plant, to analyze the consequences of
the failures established in the previous
step, to detect those that may lead to
accidents and to establish protection
measures to prevent equipment
failures that are significant.
The FMEA can be used to
complement other hazard
identification techniques such as
HAZOP analysis of special systems,
as furnaces or electrical / electronic
systems.
The FMEA comes from of a list of
equipment and components of the
plant under study that are likely to
cause a failure, and for each one,
its failure modes are identified.
The analysis is complemented by
determining a risk index using for
example a double-entry matrix
(probability and consequences) that
help to prioritize the definition of
corrective measures.
66 Industria Química
RAMS ANALYSIS
(RELIABILITY, AVAILABILITY,
MAINTAINABILITY
AND SAFETY)
RAMS can be defined as an intrinsic
feature of a facility that measures the
long-term operation of the facility
and that helps in decision making
to reduce the costs derived from
needs of shutdown for maintenance
and reparation in both normal and
scheduled operations as in those
conducted by failures / unexpected
shutdowns. The facility design must
take into account this concept since
its influence is direct in the life cycle
and performance of the facility.
Specifically, the concepts used in the
RMS study are Reliability, Availability,
Maintainability and Safety.
RAMS analysis aims to predict the
performance, availability and safety
of the process systems, as well as to
provide a basis for optimization of
such systems and ensure achievement
of fixed targets for the facility. These
studies are increasingly becoming a
standard requirement for engineering
design. It can be said that RAMS
analysis shall form an intrinsic part of
the original design and that its four
branches are closely linked, so that
each affects the other.
RISK-BASED INSPECTION
STUDIES (RBI) AND
RISK CENTERED
MAINTENANCE (RCM)
RBI methodology facilitates
the definition of maintenance
m a n a g e m e n t p ro g r a m o f t h e
facilities based on the results of
a comprehensive study of the
risks associated with each of its
equipments. This allows to focus on
the maintenance of equipment in
those that suppose a greater risk to
the human environment (workers,
nearby towns), natural (air quality,
water and soil) and socioeconomic
(infrastructure, historical-landscape
heritage, economic activity).
The theoretical basis on which
the RBI methodology is based on,
developed by the American Petroleum
Institute, is described in a series of API
standards, which include the API 580
standards: Risk Based Inspection and
API 581: Risk Based Inspection. Base
Resource Document.
M o re o v e r, a s a c o m p l e m e n t
to the maintenance strategy, the
implementation of a methodology
as Reliability Centered Maintenance,
widely used in industries such as
aerospace and automotive, to the
Oil&Gas industry has as immediate
effect an increase in equipment and
components reliability and thus an
increase in safety levels of the facility.
The methodology aims to establish
a maintenance strategy for each
component or equipment according to
their critical nature in the system that
will be marked by the influence that a
fault in the equipment or component
has on parameters such as safety,
environmental condition, production,
repair costs, etc., in an effective way in
the implementation cost.
It has been proved that the
application of these maintenance
strategies have a direct effect on the
availability of the facilities and so on
exploiting them and in the business.
Both methodologies, RBI and
RCM are complementary and can be
implemented so that the synergies
between the two are used for a
greater economic benefit and to
improve safety levels of any facility.
SAFETY CRITICAL ELEMENTS
(SCES) AND PERFORMANCE
STANDARDS (PSS)
The Safety Critical Elements are
defined through a Bow-Tie Analysis
of the Major Accidents Hazards
(MAH). Barriers for high risk hazards
shall be classified as High Risk Hazards
Critical Elements and will be selected
in accordance with corporative
Standards and good engineering
practices. A Safety Critical Element
(SCE) is any item of hardware, system
or logic software the failure of which
could cause a major Accident Hazard
or whose purpose is to prevent
Special Achema 2015

or mitigate the effects of a Major
Accident Hazard.
For every SCE selected a
Performance Standard (PS) shall be
developed. A PS is a statement, which
can be expressed in qualitative or
quantitative terms, of the functional
performance required of a SCE, and
which is used as the basis for managing
the risk from the Major Hazards. The
Performance Standards for SCEs shall
be established according to Design
Standards and the results of safety
and environmental studies performed
on the project. Performance Standards
are used as the basis for design and
technical (operational) integrity
verification and are expressed in terms
of functionality, availability, reliability,
survivability and dependencies/
interactions with other SCEs.
Functionality is an expression
used to define what the system or
equipment is required to achieve in
order to ensure design integrity.
Reliability and Availability: Reliability
is defined as the required probability
that the system or equipment will
operate on demand, when required.
Availability is defined as the extent
to which the system or equipment
is required in order to retain its
functional integrity.
Survivability defines the external
loading events such as fires, explosions
or extreme weather, associated with
the various MAHs against which the
system or equipment is required to
retain its functional integrity.
Dependencies and Interactions.
This is used to identify other systems
or equipments that are critical to the
functionality of the primary system
or equipment. By identifying these
dependencies and interactions it is
ensured that all interfaces have been
covered.
EERA (ESCAPE, EVACUATION
AND RESCUE ANALYSIS)
The main objective of the Escape,
Evacuation and Rescue Analysis (EERA)
is to ensure that the facilities meet the
highest level of safety in an emergency
www.industriaquimica.es
SAFETY ENGINEERING, RISK ANALYSIS AND ASSET INTEGRITY
in a reasonable and feasible way. EERA
is a widely used tool in the design of
offshore platforms in which, taking
into account the characteristics of
them, an emergency situation requires
that the measures of evacuation and
rescue are perfectly designed and
analyzed since it is critical to ensure
that people who live in there do
not suffer major consequences. In
ground facilities such as refineries this
type of analysis is used to define the
mobilization of emergency teams, the
initial positioning of them and how
shall be the procedure of each team,
specifying firefighting or refrigeration
equipment to use. This analysis can be
completed with the determination and
analysis of firefighting water needs for
each risk scenario, depending on the
flow demand of each equipment and
the estimated running time.
EERA is a technique for assessing
the performance of emergency
facilities and emergency response
procedures designed for this purpose.
It consists of a structured review of
the realization of escape, evacuation
and rescue facilities and the action
procedures in the representative risk
scenarios and takes as input the results
of a Consequence Scope Analysis.
Performing this analysis in
engineering design phase generates
as the most relevant results and
with direct transfer to facility design,
aspects such as identifying needs of
additional material resources, both
fixed and mobile to equip the facility,
identification of the location of
commanding points, routes of attack
of the firefighting brigades and the
definition of the dimensions of the
attack and evacuation routes and the
possible isolation or zoning of the risks
to prevent the expand of the accident
or domino effect, confinement or
containment dike sizing, safety
distances, etc. All this will end up
being the basis of a pre-fire plan or
specific action procedure for each of
the identified situations and constitute
the operational part of emergency
planning of the facility.
SVA (SECURITY
VULNERABILITY ANALYSIS)
It is increasingly necessary to take
into consideration during the design
of industrial facilities aspects of
protection from the point of view of
intentional threats on facilities. This is
not solely a matter of controlling the
perimeter or to have a security service.
In industrial facilities in which threats
can be addressed to equipment
and systems handling hazardous
substances that may be released
intentionally and affect workers and
nearby population, additional safety
measures shall be applied.
These measures shall be taken
from design and engineering. To do
this, Security Vulnerability Analysis
or SVA can be used as a tool. SVA is
a process that identifies and analyzes
the operational physical vulnerabilities
of the facilities against external threats
determined as credible depending on
the type of installation, geographic
location or environment among others.
CONCLUSIONS
There are countless different tools that
can be used depending on the phase
of activity, the project to develop,
the target objective and the risk
management policy that the company
has set to achieve its safety objectives.
As a reference, in the appended table
it is shown in an illustrative way for the
different phases of activity some of the
most appropriate risk analysis tools
depending on the expected results.
Its application offers significant
safety benefits throughout the lifecycle
of an industrial plant and it is important
to have the necessary experience to
choose those that fit the installation to
evaluate and the target objectives.
In this sense INERCO has over
30 years of experience advising on
risk management and increasing
comprehensive safety levels in the
industrial sector (Oil & gas, chemical,
energy, mining, metallurgy, industrial
engineering, etc.) using the most
effective media in terms of cost-
effectiveness in reducing risk.
Industria Química 67