HAZOP

System Safety: HAZOP and Software HAZOP,

by Felix Redmill, Morris Chudleigh, James
Catmur, John Wiley & Sons, 1999
 What is HAZOP?
• Technique for identifying and analyzing the
hazards and operational concerns of a system.
• Central activity – a methodical investigation of
a system description (design representation).
 What this presentation does not
cover:
• The book puts a LOT of emphasis on
– Selecting the study initiator
– Selecting the study leader
– Planning the study
– Roles during the study
– Questions vs. follow-up
– Completion criteria
(P.S. It also tells how to conduct the study
itself :-)
Reasonable Limits for this class
• This is a human-intensive activity
• As such, the details on the previous page
are of extreme importance – authors are
experienced and therefore recognize this
• You won’t be able to conduct a HAZOP
study on the basis of these slides
• Goal: Understand what it is – set the bar
higher
 Study process itself in a nutshell
Introductions
Presentation of design notation
Examine design methodically one unit at
a time
Is it possible to deviate YES
Examine both
from design intent consequences
here? and causes of the
NO
possible
NO deviation

Document results
Define follow-up work
YES
Time up? Agree on documentation
Sign off
Examine design
methodically each unit in turn
• Suppose the design representation is a
collection of state transition tables:
• Units are states, transitions, event/action
pairs
• For EACH, list the recommended attributes
(see table from the Hazop book)
• For each attribute, use the guide words to
trigger the questions about ways to deviate
 The suggested guide words
– No: negation of design intention; no part of design
intention is achieved but nothing else happens
– More: Quantitative increase
– Less: Quantitative decrease
– As well as: Qualitative increase where all design
intention is achieved plus additional activity
– Part of: Qualitative decrease where only part of the
design intention is achieved
– Reverse: logical opposite of the intention
– Other than: complete substituion, where no part of the
original intention is achieved but something quite
different happens
 When timing matters
• Add the following guide words:
– Early: something happens earlier in time than
intended
– Late: something happens later in time than
intended
– Before: something happens earlier in a
sequence than intended
– After: something happens later in a sequence
than intended
 Guide words chosen
• Match the system being examined to
appropriate table or modify the closest
• Match the design representation
• Note: not all guide words apply to all attributes
– For attribute “speed” of an electric motor, omit
guide word “as well as” and “part of”
– For attribute “data flow” on a dfd, “less” is not
used because meaning covered by “part of”
• Generally, study leader selects from the guide
words, provides interpretations based on
chosen design representation and context,
distributes to team in advance of the study
 Applications
• Originally developed for chemical plants
• Book has detailed examples for
– Software using data flow diagrams
– Software using state transition diagrams
• Includes timing attributes of response time and
repetition time
– Software using various OO models
– Digital electronics
– Communication systems
– Electromechanical systems
• Same guide words, different interpretations
 See book excerpts
• More detailed outline of the HAZOP
process – Figure 9.2
– For all entities
• For all attributes
– For each guide word
» Is deviation credible?
• Example matrices
Fig 9.2
HAZOP
meeting
process