Addressing Modes of Operation in Process Hazard Analysis (PHA)

Processes experience multiple modes of operation during their life cycle including startup, normal operation, normal shutdown, and emergency shutdown. The hazard scenarios that are possible for a process generally vary from one mode to another. Consequently, all operating modes that can be experienced by a process should be addressed in PHA. Unfortunately, some companies focus their efforts on normal operation to the exclusion of other operating modes. Such practice is unfortunate as it is well established that some other operating modes, for example, startup, are more hazardous and pose risks different than normal operation.

Operators often are less familiar with other operating modes and more prone to making errors because the operations involved are conducted infrequently with less frequently used equipment. Moreover, non-steady state conditions often are the case with more potential for something to go wrong.

Various approaches are possible for addressing modes of operation. While different operating modes may share similar hazard scenarios, they may pose entirely different scenarios, and even similar scenarios may exhibit considerably different risks.

The most thorough and comprehensive approach to addressing multiple modes of operation is to perform a separate PHA study for each mode. However, this approach is employed by few companies owing to the effort involved in performing multiple studies for a single process. Other approaches involve addressing multiple modes of operation within the same study. This can be done in several ways.

One approach is to annotate sections of the process used in the study, that is, nodes in HAZOP studies and systems / subsystems in What If studies, for example, Inlet line (startup) and Inlet line (normal operation). Hazard scenarios for the particular operating mode are recorded in the applicable node or system / subsystem.

Some HAZOP practitioners use the guide word “Other Than” as a reminder to include other modes of operation in the study, or deviations such as “Startup”. While these are formal attempts to consider other modes, they lack the detail provided for normal operation. Another approach is to annotate parameters and deviations in HAZOP studies with the name of the operating mode, for example, No Flow (startup) and More Flow (normal operation). Also, individual causes can be annotated or categorized, for example, Bypass line leak (startup) and Bypass line leak (normal operation). However, it can be difficult to motivate team members to identify causes beyond those for normal operation given the effort typically already expended.

Selection of an appropriate approach should be guided by the modes of operation that need to be addressed, their differences in operation, and the impacts of these differences on the ability of the study team to identify hazard scenarios.

Possible differences between modes of operation include:

  • Differences in design intent, e.g. flow in a line may be the intent for one mode of operation but no flow may be the intent for the line in another mode of operation.
  • Different pieces of equipment may be used, e.g. bypass lines, portable pumps.
  • Variations in the extent of human involvement with the process, e.g. more operators may be required for startup.
  • Different utilities may be involved, e.g. steam may be required for a cleaning operation but not for normal operation.
  • Deviations may vary in HAZOP studies, e.g. No Flow may be important in a charging line during startup but unimportant for normal operation.
  • Different safeguards may be applicable, e.g. a high level alarm is important for a tank filling operation but unimportant for a tank transfer operation.
  • Potential scenario consequences may vary, e.g. operators may be present during startup and would be exposed to a hazardous material release but they may not be present during normal operation.
  • Variations in the likelihoods of scenarios, e.g. the likelihood of a runaway reaction may be greater during startup when key safeguards necessarily are bypassed compared to normal operation when key safeguards are functional.

Practitioners should ensure the approach selected for addressing modes of operation accommodates the important differences between the modes.

