HAZOP

System Safety: HAZOP and Software HAZOP,

by Felix Redmill, Morris Chudleigh, James
Catmur, John Wiley & Sons, 1999

What is HAZOP?
Technique for identifying and analyzing the
hazards and operational concerns of a system.
Central activity a methodical investigation of
a system description (design representation).

What this presentation does not

cover:
The book puts a LOT of emphasis on

Selecting the study initiator

Selecting the study leader
Planning the study
Roles during the study
Questions vs. follow-up
Completion criteria

(P.S. It also tells how to conduct the study

itself :-)

Reasonable Limits for this class

This is a human-intensive activity
As such, the details on the previous page
are of extreme importance authors are
experienced and therefore recognize this
You wont be able to conduct a HAZOP
study on the basis of these slides
Goal: Understand what it is set the bar
higher

Study process itself in a nutshell

Introductions
Presentation of design notation

NO

Examine design methodically one unit at

a time
YES
Is it possible to deviate
Examine both
from design intent
consequences
here?
and causes of the
possible
NO
deviation
Document results
Define follow-up work
Time up?

YES

Agree on documentation
Sign off

Examine design
methodically each unit in turn
Suppose the design representation is a
collection of state transition tables:
Units are states, transitions, event/action
pairs
For EACH, list the recommended attributes
(see table from the Hazop book)
For each attribute, use the guide words to
trigger the questions about ways to deviate

The suggested guide words

No: negation of design intention; no part of design
intention is achieved but nothing else happens
More: Quantitative increase
Less: Quantitative decrease
As well as: Qualitative increase where all design
intention is achieved plus additional activity
Part of: Qualitative decrease where only part of the
design intention is achieved
Reverse: logical opposite of the intention
Other than: complete substituion, where no part of the
original intention is achieved but something quite
different happens

When timing matters

Add the following guide words:
Early: something happens earlier in time than
intended
Late: something happens later in time than
intended
Before: something happens earlier in a
sequence than intended
After: something happens later in a sequence
than intended

Guide words chosen

Match the system being examined to
appropriate table or modify the closest
Match the design representation
Note: not all guide words apply to all attributes
For attribute speed of an electric motor, omit
guide word as well as and part of
For attribute data flow on a dfd, less is not
used because meaning covered by part of

Generally, study leader selects from the guide

words, provides interpretations based on
chosen design representation and context,
distributes to team in advance of the study

Applications
Originally developed for chemical plants
Book has detailed examples for
Software using data flow diagrams
Software using state transition diagrams
Includes timing attributes of response time and
repetition time

Software using various OO models

Digital electronics
Communication systems
Electromechanical systems

Same guide words, different interpretations

See book excerpts

More detailed outline of the HAZOP
process Figure 9.2
For all entities
For all attributes
For each guide word
Is deviation credible?
Example matrices

Fig 9.2
HAZOP
meeting
process