Questions of the Week
Primatech posts weekly questions relating to various aspects of safety, security and risk on the home page of our website together with answers to provide visitors with the opportunity to test and improve their knowledge of these subjects. This page contains questions and answers that have appeared in previous weeks.
Should a Process Hazard Analysis (PHA) team address only single causes of failure or is there also a need to also address multiple causes of failure?
The primary argument for addressing only single cause failures is that corrective actions taken to protect against them will also protect against multiple failures. While it is true that actions taken to prevent single failures that can contribute to multiple failures will help to prevent the multiple failures, there are several reasons to consider multiple failures as credible PHA scenarios including:
- Multiple failures may occur as a result of dependency between the single failures, such as miscalibration of identical instruments on two different vessels resulting in simultaneous overfill of both vessels.
- Multiple failure scenarios may have more severe consequences than scenarios involving any one of their contributors.
- Protective actions against single failures may not have been necessary because of the lower level of consequence for the single failure versus the higher level of consequence for the multiple failure case.
When should a Process Hazard Analysis (PHA) be conducted on a procedure?
Consideration should be given to conducting a PHA on procedures when:
- A procedure relates to a high risk process or activity, for example, startup or shut down for a complex manual valving operation in a reactive batch process.
- A process experiences numerous incidents related to human failures.
- A procedure is questionable, for example, when operators have complained about the difficulty of using it.
- Developing new procedures to improve their quality.
How does Layers of Protection Analysis (LOPA) relate to Process Hazard Analysis (PHA)?
PHA is used to identify hazard scenarios and provide a qualitative estimate of their risk. LOPA provides a more quantitative estimate of the risk of a hazard scenario and is used to compare risk estimates with risk tolerance criteria. Criteria can be established for individual scenarios, a process, or a facility. Summations of LOPA risk estimates are used to evaluate process and facility risk. LOPA risk estimates are used to help make decisions on the implementation of recommendations to reduce risk and to determine safety integrity levels for safety instrumented functions.
Is Layers of Protection Analysis (LOPA) required by OSHA?
LOPA is not specifically required by OSHA. However, OSHA has endorsed the IEC 61511 / ISA 84 standard on safety instrumented systems as a recognized and generally accepted good engineering practice covered by the Process Safety Management (PSM) standard. LOPA is one of several techniques identified in the IEC 61511 / ISA 84 standard that can be used for the determination of safety integrity levels, although no specific techniques are endorsed or required.
What is the most important human factors issue for Process Hazard Analysis (PHA) team members?
PHA team members may have similar experience and backgrounds but they may have very different personalities which can have a marked impact on how well they work together as a team. Careful selection of team members is critical for a successful study.
What human factors should I address in my Process Hazard Analysis (PHA) study?
OSHA has provided these examples but other factors should also be considered:
- Operator / process and operator / equipment interface.
- Number of tasks operators must perform and the frequency.
- Evaluation of extended or unusual work schedules.
- Clarity and simplicity of control displays.
- Automatic instrumentation versus manual procedures.
- Operator feedback.
- Clarity of signs and codes.
Is a recommendation required for every hazard scenario identified in a Process Hazard Analysis (PHA) study?
No. Recommendations for risk reduction measures are needed only when the risk of a scenario exceeds a tolerable value, often established using a risk matrix.
What is an enabler?
An enabler for a hazard scenario is an event or a condition that must be present or active for the scenario to proceed. They do not by themselves initiate a hazard scenario but they make the scenario possible. Sometimes they are referred to as contributing causes. Examples include a disabled alarm, a bypassed safety, and preventive maintenance not performed.
What are some sources of human failures?
What is meant by "process safety"?
The prevention or minimization of the consequences of catastrophic releases of toxic, reactive, flammable or explosive chemicals to avoid adverse impacts on people including employees and members of the public, the environment, the process, equipment, and property.