What is HAZOP?
A HAZOP study is a detailed hazard and operability problem identification process, carried out by a team. HAZOP deals with the identification of potential deviations from the design intent, examination of their possible causes and assessment of their consequences. See below for an explanation. Follow this link to see Safety Engineering Solutions HAZOP capabilities.
The primary objectives of HAZOP are for:
identifying potential hazards in the system. The hazards involved may include both those essentially relevant only to the immediate area of the system and those with a much wider sphere of influence, e.g. some environmental hazards;
identifying potential operability problems with the system and in particular identifying causes of operational disturbances and production deviations likely to lead to nonconforming products.
An important benefit of HAZOP studies is that the resulting knowledge, obtained by identifying potential hazards and operability problems in a structured and systematic manner, is of great assistance in determining appropriate remedial measures.
A characteristic feature of a HAZOP study is the ”examination session” during which a multidisciplinary team under the guidance of a study leader systematically examines all relevant parts of a design or system. It identifies deviations from the system design intent utilizing a core set of guide words. The technique aims to stimulate the imagination of participants in a systematic way to identify hazards and operability problems. HAZOP should be seen as an enhancement to sound design using experience-based approaches such as codes of practice rather than a substitute for such approaches.
There are many different tools and techniques available for the identification of potential hazards and operability problems, ranging from Checklists, Fault Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA) to HAZOP. Some techniques, such as Checklists and What-If/analysis, can be used early in the system life cycle when little information is available, or in later phases if a less detailed analysis is needed. HAZOP studies require more details regarding the systems under consideration, but produce more comprehensive information on hazards and errors in the system design.
The term HAZOP has been often associated, in a generic sense, with some other hazard identification techniques (e.g. checklist HAZOP, HAZOP 1 or 2, knowledge-based HAZOP).
The use of the term with such techniques is considered to be inappropriate and is specifically excluded from this document.
Before commencing a HAZOP study, it should be confirmed that it is the most appropriate technique (either individually or in combination with other techniques) for the task in hand. In making this judgement, consideration should be given to the purpose of the study, the possible severity of any consequences, the appropriate level of detail, the availability of relevant data and resources.
This standard has been developed to provide guidance across many industries and types of system. There are more specific standards and guides within some industries, notably the process industries where the technique originated, which establish preferred methods of application for these industries. For details see the bibliography at the end of this text.
A HAZOP study is a detailed hazard and operability problem identification process, carried out by a team. HAZOP deals with the identification of potential deviations from the design intent, examination of their possible causes and assessment of their consequences.
Key features of HAZOP examination include the following.
• The examination is a creative process. The examination proceeds by systematically using a series of guide words to identify potential deviations from the design intent and employing these deviations as “triggering devices” to stimulate team members to envisage how the deviation might occur and what might be the consequences.
• The examination is carried out under the guidance of a trained and experienced study leader, who has to ensure comprehensive coverage of the system under study, using logical, analytical thinking. The study leader is preferably assisted by a recorder who records identified hazards and/or operational disturbances for further evaluation and resolution.
The examination relies on specialists from various disciplines with appropriate skills and experience who display intuition and good judgement.
• The examination should be carried out in a climate of positive thinking and frank discussion. When a problem is identified, it is recorded for subsequent assessment and resolution.
• Solutions to identified problems are not a primary objective of the HAZOP examination, but if made they are recorded for consideration by those responsible for the design.
HAZOP studies consist of four basic sequential steps:
• Define scope and objectives
• Define responsibility
• Select team
• Plan the study
• Collect data
• Agree style of recording
• Estimate the time
• Arrange a schedule
• Divide system into parts
• Select a part and define design intent
• Identify deviation by using guide words on each element
• Identify consequences and causes
• Identify whether a significant problem exists
• Identify protection, detection, and indicating mechanisms
• Identify possible remedial/mitigating measures (optional)
• Agree actions
• Repeat for each element and then each part of the system
4. Documentation and follow-up
• Record the examination
• Sign off the documentation
• Produce the report of the study
• Follow up that actions are implemented
• Re-study any parts of system if necessary
• Produce final output report
The basis of HAZOP is a “guide word examination” which is a deliberate search for deviations from the design intent. To facilitate the examination, a system is divided into parts in such a way that the design intent for each part can be adequately defined. The size of the part chosen is likely to depend on the complexity of the system and the severity of the hazard. In complex systems or those which present a high hazard the parts are likely to be small. In simple systems or those which present low hazards, the use of larger parts will expedite the study. The design intent for a given part of a system is expressed in terms of elements which convey the essential features of the part and which represent natural divisions of the part.
The selection of elements to be examined is to some extent a subjective decision in that there may be several combinations which will achieve the required purpose and the choice may also depend upon the particular application. Elements may be discrete steps or stages in a
procedure, individual signals and equipment items in a control system, equipment or components in a process or electronic system, etc.
In some cases it may be helpful to express the function of a part in terms of:
• the input material taken from a source;
• an activity which is performed on that material;
• a product which is taken to a destination.
Thus the design intent will contain the following elements: materials, activities, sources and destinations which can be viewed as elements of the part.
Elements can often be usefully defined further in terms of characteristics which can be either quantitative or qualitative. For example, in a chemical system, the element “material” may be defined further in terms of characteristics such as temperature, pressure and composition. For
the activity “transport”, characteristics such as the rate of movement or the number of passengers may be relevant. For computer-based systems, information rather than material is likely to be the subject of each part.
The HAZOP team examines each element (and characteristic, where relevant) for deviation from the design intent which can lead to undesirable consequences. The identification of deviations from the design intent is achieved by a questioning process using predetermined
“guide words”. The role of the guide word is to stimulate imaginative thinking, to focus the study and elicit ideas and discussion, thereby maximizing the chances of study completeness.
Whilst HAZOP studies have proved to be extremely useful in a variety of different industries, the technique has limitations that should be taken into account when considering a potential application.
HAZOP is a hazard identification technique which considers system parts individually and methodically examines the effects of deviations on each part. Sometimes a serious hazard will involve the interaction between a number of parts of the system. In these cases the hazard may need to be studied in more detail using techniques such as event tree and fault tree analyses.
As with any technique for the identification of hazards or operability problems, there can be no guarantee that all hazards or operability problems will be identified in a HAZOP study. The study of a complex system should not, therefore, depend entirely upon HAZOP. It should be used in conjunction with other suitable techniques. It is essential that other relevant studies are co-ordinated within an effective overall safety management system.
Many systems are highly inter-linked, and a deviation at one of them may have a cause elsewhere. Adequate local mitigating action may not address the real cause and still result in a subsequent accident. Many accidents have occurred because small local modifications had unforeseen knock-on effects elsewhere. Whilst this problem can be overcome by carrying forward the implications of deviations from one part to another, in practice this is frequently not done.
The success of a HAZOP study depends greatly on the ability and experience of the study leader and the knowledge, experience and interaction between team members.
HAZOP only considers parts that appear on the design representation. Activities and operations which do not appear on the representation are not considered.
System Lifecycle and HAZOP
HAZOP studies are one of the structured hazard analysis tools most suitable in the later stages of detailed design for examining operating facilities, and when changes to existing facilities are made. Application of HAZOP and other methods of analysis during the various lifecycle phases of a system is described in more detail below.
Concept and definition phase
In this phase of a system’s life cycle, the design concept and major system parts are decided but the detailed design and documentation required to conduct the HAZOP do not exist. However, it is necessary to identify major hazards at this time, to allow them to be considered in the design process and to facilitate future HAZOP studies. To carry out these studies, other basic methods should be used. (For descriptions of these methods, see IEC 60300-3-9.)
Design and development phase
During this phase of a life cycle, detailed design is developed, methods of operation are decided upon and documentation is prepared. The design reaches maturity and is frozen. The best time to carry out a HAZOP study is just before the design is frozen. At this stage the design is sufficiently detailed to allow the questioning mechanism of a HAZOP to obtain meaningful answers. It is important to have a system that will assess the implications of any changes made after the HAZOP has been carried out. This system should be maintained throughout the life of the system.
Manufacturing and installation phase
It is advisable to carry out a study before the system is started up, if commissioning and operation of the system can be hazardous and proper operating sequences and instructions are critical, or when there has been a substantial change of intent in a late stage. Additional data such as commissioning and operating instructions should be available at this time. In addition, the study should also review all actions raised during earlier studies to ensure that these have been resolved.
Operation and maintenance phase
The application of HAZOP should be considered before implementing any changes that could effect the safety or operability of a system or have environmental effects. A procedure should also be put in place for periodic reviews of a system to counteract the effects of “creeping change”. It is important that the design documentation and operating instructions used in a study are up to date.
HAZOP Study Procedure
Initiation of the study
The study is generally initiated by a person with responsibility for the project, who in this guide is called “project manager”. The project manager should determine when a study is required, appoint a study leader and provide the necessary resources to carry it out. The need for such a study will often have been identified during normal project planning, due to legal requirements or company policy. With the assistance of the study leader, the project manager should define the scope and objectives of the study. Prior to the start of a study, someone with an appropriate level of authority should be assigned responsibility for ensuring that actions/recommendations from the study are implemented.
Definition of scope and objectives of the study
The objectives and scope of a study are inter-dependent, and should be developed together. Both should be clearly stated, to ensure that:
• the system boundaries, and its interfaces with other systems and the environment are
• the study team is focused, and does not stray into areas irrelevant to the objective.
Scope of the study
This will depend upon a number of factors, including:
• the physical boundaries of the system;
• the number and level of detail of the design representations available;
• the scope of any previous studies, whether HAZOP or other relevant analyses, carried out on the system;
• any regulatory requirements which are applicable to the system.
Objectives of the study
In general, HAZOP studies seek to identify all hazards and operating problems regardless of type or consequences. Focusing a HAZOP study strictly on identifying hazards will enable the study to be completed in shorter time and with less effort.
The following factors should be considered when defining objectives of the study:
• the purpose for which the results of the study will be used;
• the phase of the life cycle at which the study is to be carried out;
• persons or property that may be at risk, e.g. staff, the general public, the environment, the system; operability problems, including effects on product quality;
• the standards required of the system, both in terms of safety and operational performance.
Roles and responsibilities
The role and responsibilities of a HAZOP team should be clearly defined by the project manager and agreed with the HAZOP study leader at the outset of the study. The study leader should review the design to determine what information is available and what skills are required from the study team members. A programme of activities should be developed, which reflects the milestones of the project, to enable any recommendations to be carried out in a timely fashion.
It is the study leader's responsibility to ensure that an appropriate communication system is set up and is used for transferring the result of the HAZOP study. It is the responsibility of the project manager to ensure that the results of the study are followed up and decisions regarding implementation made by the design team are properly documented.
The project manager and the study leader should agree whether the HAZOP team activity is to be confined to identification of hazards and problem areas (which are then referred back to the project manager and design team for resolution) or whether they are also to suggest possible remedial/mitigating measures. In the latter case there also needs to be agreement as to the responsibility and mechanism for selecting preferred remedial/mitigating measures and securing appropriate authorization for action to be taken.
A HAZOP study is a team effort, with each team member being chosen for a defined role. The team should be as small as possible consistent with the relevant technical and operating skills and experience being available. This will generally involve at least four persons and rarely more than seven. The larger the team, the slower the process. Where a system has been designed by a contractor, the HAZOP team should contain personnel from both the contractor and the client.
Recommended roles for team members are as follows:
– Study leader: not closely associated with the design team and the project. Trained and experienced in leading HAZOP studies. Responsible for communications between project management and the HAZOP team. Plans the study. Agrees study team composition.
Ensures the study team is supplied with a design representation package. Suggests guide words and guide word – element/characteristic interpretations to be used in the study. Conducts the study. Ensures documentation of the results.
– Recorder: documents proceedings of the meetings. Documents the hazards and problem areas identified, recommendations made and any actions for follow-up. Assists the study leader in planning and administrative duties. In some cases, the study leader may carry out this role.
– Designer: explains the design and its representation. Explains how a defined deviation can occur and the corresponding system response.
– User: explains the operational context within which the element under study will operate, the operational consequences of a deviation and the extent to which deviations may be hazardous.
– Specialists: provide expertise relevant to the system and the study. May be called upon for limited participation with the role revolving amongst different individuals.
– Maintainer: maintenance staff representative (when required).
The viewpoint of the designer and user are always required for the study. However depending on the particular phase of the life cycle in which the study is carried out, the type of specialists most appropriate to the study may vary.
All team members should have sufficient knowledge of the HAZOP technique to enable them to participate effectively in the study, or suitable introduction should be provided.
The study leader is responsible for the following preparatory work:
a) obtaining the information;
b) converting the information into a suitable format;
c) planning the sequence of the meetings;
d) arranging the necessary meetings.
In addition, the study leader may arrange for a search to be made of databases, etc. to identify incidents which have occurred with the same or similar technologies. The study leader is responsible for ensuring that an adequate design representation is available. If the design representation is flawed or incomplete, it should be corrected before the study begins. In the planning stage of a study, the parts, elements and their
characteristics should be identified on the design representation by a person familiar with the design.
The study leader is responsible for the preparation of a study plan that should contain the following:
• objective and scope of the study;
• a list of participating members;
• technical details:
− a design representation divided into parts and elements with defined design intent and for each element a list of components, materials and activities and their characteristics;
− a list of proposed guide words to be used, and the interpretation of guide word –element/characteristic combinations;
• a list of appropriate references;
• administrative arrangements, schedule of meetings, including their dates and times and locations;
• form of recording required;
• templates that may be used in the study.
Adequate room facilities and visual and recording aids should be provided to facilitate efficient conduct of the meetings.
The briefing package consisting of the study plan and necessary references should be sent to the study team members in advance of the first meeting to allow them to familiarize themselves with its content. A physical review of the system is desirable.
The success of the HAZOP study strongly depends on the alertness and concentration of the team members and it is therefore important that the sessions are of limited duration and that there are appropriate intervals between sessions. How these requirements are achieved is ultimately the responsibility of the study leader.
Typically a design description may consist of some of the following documentation which should be clearly and uniquely identified, approved and dated:
a) for all systems:
• design requirements and descriptions, flow sheets, functional block diagrams, control diagrams, electrical circuit diagrams, engineering data sheets, arrangement drawings, utilities specifications, operating and maintenance requirements;
b) for process flow systems:
• piping and instrumentation diagrams, material specifications and standards equipment, piping and system layout;
c) for programmable electronic systems:
• data flow diagrams, object-oriented design diagrams, state transition diagrams, timing diagrams, logic diagrams.
In addition, the following information should be provided:
• the boundaries of the object of the study and the interfaces at the borders;
• environmental conditions in which the system will operate;
• operating and maintenance personnel qualifications, skills and experience;
• procedures and/or operating instructions;
• operational and maintenance experience and known hazards with similar systems.
Guide words and deviations
In the planning stage of a HAZOP study, the study leader should propose an initial list of guide words to be used. The study leader should test the proposed guide words against the system and confirm their adequacy. The choice of guide words should be considered carefully, as a guide word which is too specific may limit ideas and discussion, and one which is too general may not focus the HAZOP study efficiently.
The examination sessions should be structured, with the study leader leading the discussion following the study plan. At the start of a HAZOP study meeting the study leader or a team member who is familiar with the process to be examined and its problems should:
outline the study plan, to ensure that the members are familiar with the system and objectives and scope of the study;
outline the design representation and explain the proposed elements and guide words to be used;
review the known hazards and operational problems and potential areas of concern.
The analysis should follow the flow or sequence related to the subject of the analysis, tracing inputs to outputs in a logical sequence. Hazard identification techniques such as HAZOP derive their power from a disciplined step by step examination process. There are two
possible sequences of examination: “Element first” and “Guide word first”. The element first sequence is described below.
a) The study leader starts by selecting a part of the design representation as a starting point and marking it. The design intent of the part is then explained and the relevant elements and any characteristics associated with these elements identified.
b) The study leader chooses one of the elements and agrees with the team whether the guide word should be applied directly to the element itself or to individual characteristics of that element. The study leader identifies which guide word is to be applied first.
c) The first applicable guide word interpretation is examined in the context of the element or characteristic being studied in order to see if there is a credible deviation from the design intent. If a credible deviation is identified, it is examined for possible causes and consequences. In some applications it is found useful to categorize the deviations either in terms of the potential severity of the consequences or in terms of a relative risk ranking
based on the use of a risk matrix. The use of risk matrices is further discussed in IEC 60300-3-9.
d) The team should identify the presence of protection, detection and indication mechanisms for the deviation, which may be included within the selected part or form a portion of the design intentions of other parts. The presence of such mechanisms should not stop the potential hazard or operability problem being explored or listed or attempts being made to reduce the probability of its occurrence or mitigating its consequences.
e) The study leader should summarize the results that are documented by the recorder. Where there is a need for additional follow-up work, the name of the person responsible for ensuring that the work is carried out should also be recorded.
f) The process is then repeated for any other interpretation for that guide word; then for another guide word; then for each characteristic of the element under examination (if analysis at the characteristic level has been agreed for that element); then for each element of the part under study. After a part has been fully examined, it should be marked as completed. The process is repeated until all parts have been analysed.
An alternative method of guide word application to that described above, is to apply the first guide word to each of the elements within a part in turn. When this has been completed, the study proceeds with the next guide word which again is applied to all elements in turn. The process is repeated until all the guide words have been used for all the elements in that particular part before moving on to another part.
The selection of which sequence to be followed in any particular study should be made by the study leader and his team. It is influenced by the detailed manner in which the HAZOP examination is conducted. Other factors involved in the decision include the nature of the technologies involved, the need for flexibility in the conduct of the examination and, to some extent, the training which the participants have received.
The primary strength of HAZOP is that it presents a systematic, disciplined and documented approach. To achieve full benefits from a HAZOP study, it has to be properly documented and followed up. The study leader is responsible to ensure that suitable records are produced for each meeting. The recorder should have good technical knowledge of the subject being studied, linguistic skills and good ability to listen and pay attention to details.
Styles of recording
There are two basic styles of HAZOP recording: full, and by exception only. The method of recording should be decided before any sessions take place, and the recorder advised accordingly.
• Full recording involves recording of all results of applying each guide word – element/characteristic combination to every part or element on the design representation.
This method, though cumbersome, provides the evidence that the study has been thorough and should satisfy the most stringent audit requirements.
• By exception recording involves recording only the identified hazards and operability problems together with the follow-up actions. Recording by exception results in more easily managed documentation. However, it does not document the thoroughness of the study and is therefore less useful for audit purposes. It can also lead to covering the same ground again at some future study. By exception recording is therefore a minimum
requirement and should be used with care.
In deciding the form of reporting to be employed, the following factors should be considered:
• regulatory requirements;
• contractual obligations;
• company corporate policy;
• needs for traceability and auditability;
• the magnitude of the risks posed by the system concerned;
• the time and resources available.
Output of the study
The output from a HAZOP study should include the following:
• details of identified hazards and operability problems together with details of any provisions for their detection, and/or mitigation;
• recommendations for any further studies of specific aspects of the design using different techniques, if necessary;
• actions required for addressing uncertainties discovered during the study;
• recommendations for mitigation of the problems identified based on the team’s knowledge of the system (if within the scope of the study);
• notes which draw attention to particular points which need to be addressed in the operating and maintenance procedures;
• a list of team members for each session;
• a list of all the parts considered in the analysis together with the rationale where any have been excluded;
• listing of all drawings, specifications, data sheets, reports, etc quoting revision numbers used by the team.
With “by exception” recording, these outputs will normally be contained fairly concisely within the HAZOP worksheets. With full recording, the required outputs may need to be “distilled out” from the overall study worksheets.
The recorded information should conform to the following:
• every hazard and operating problem should be recorded as a separate item;
• all hazards and operating problems together with their causes should be recorded regardless of any protection or alarm mechanism already existing in the system;
• every question raised by the team for study after the meeting, should be recorded, together with name of a person who is responsible to answer it;
• a numbering system should be adopted to ensure that every hazard, operational problem, question, recommendation, etc. is uniquely identifiable;
• the study documentation should be archived for retrieval, as and when required, and referenced in the hazard log for the system (if such exists).
Precisely who should receive a copy of the final report will be largely dictated by internal company policy or by regulatory requirements but should normally include the project manager, the study leader and the person assigned responsibility for ensuring that follow-up actions/recommendations are implemented
Signing off the documentation
At the end of the study, the report of the study should be produced and agreed upon by the team. If agreement cannot be reached, reasons should be recorded.
Follow-up and responsibility
HAZOP studies are not aimed at redesigning a system. Nor is it usual for the study leader to have the authority to ensure that the study team's recommendations are acted upon. Before any significant changes resulting from the findings of the HAZOP have been implemented, and once the revised documentation is available, the project manager should consider reconvening the HAZOP team to ensure that no new hazards or operability or
maintenance problems have been introduced. In some cases, the project manager may authorize the HAZOP team to implement the recommendations and carry out design changes. In this case the HAZOP team may be required to do the following additional work:
• agree on outstanding problems and revise the design or the operating and maintenance procedures;
• verify the revisions and changes and communicate them to the project management and receive their approval;
• conduct further HAZOP studies of revisions, including system interfaces.
The program and results of HAZOP studies may be subjected to internal company or regulatory authority audits. Criteria and issues which may be audited should be defined in the company’s procedures. These may include: personnel, procedures, preparations.
Safety Engineering Solutions Are Here to Help
We can facilitate your HAZOP. Please call Safety Engineering Solutions today on +44(0)7808-889684 or send a request for contact.