Layer of Protection Analysis

Name: Layer of Protection Analysis | Simplified Process Risk Assessment
Brand: Wiley-AIChE
Price: 210.99 EUR
Availability: OnlineOnly

Simplified Process Risk Assessment

CCPS (Center for Chemical Process Safety)(Author)

Wiley-AIChE (Publisher)

Published on 30. November 2011

292 pages

E-Book

ePUB with Adobe-DRM

System requirements

978-1-118-21627-9 (ISBN)

€210.99incl. 7% vat

System requirements

for ePUB with Adobe-DRM

E-Book Single Licence

Available for download

Description

More details

Other editions

Person

Content

Preface. Acknowledgments. Acronyms and Abbreviations. 1. Introduction. 1.1 Audience. 1.2 History of LOPA. 1.3 Use of LOPA in the Process Life Cycle. 1.4 Linkage to Other CCPS Publications. 1.5 Annotated Outline of the LOPA book. 2. Overview of LOPA. 2.1 Purpose. 2.2 What is LOPA? 2.3 What LOPA Does. 2.4 When to Use LOPA. 2.5 How LOPA Works. 2.6 How to Implement LOPA. 2.7 Limitations of LOPA. 2.8 Benefits of LOPA. 2.9 Introduction of Continuing Examples. 3. Estimating Consequences and Severity. 3.1 Purpose. 3.2 Consequences of Interest. 3.3 Consequences Evaluation Approaches for LOPA. 3.4 Continuing Examples. 3.5 Link Forward. 4. Developing Scenarios. 4.1 Purpose. 4.2 LOPA Scenarios and Components. 4.3 Identifying and Developing Candidate Scenarios. 4.4 Continuing Examples. 4.5 Link Forward. 5. Identifying Initiating Event Frequency. 5.1 Purpose. 5.2 Initiating Events. 5.3 Frequency Estimation. 5.4 Expression of Failure Rates. 5.5 Continuing Examples. 5.6 Limitations (Cautions). 5.7 Link Forward. 6. Identifying Independent Protection Layers. 6.1 Purpose. 6.2 Definition and Purpose of an IPL. 6.3 IPL Rules. 6.4 LOPA IPL Assessment. 6.5 Example of IPLs. 6.6 Preventive IPLs versus Mitigation IPLs. 6.7 Continuing Examples. 6.8 Link Forward. 7. Determining the Frequency of Scenarios. 7.1 Purpose. 7.2 Quantitative Calculation of Risk and Frequency. 7.3 Look-up Table Determination of Risk of Frequency. 7.4 Calculation of Risk of Frequency with Integer Logarithms. 7.5 Continuing Examples. 7.6 Link Forward. 8. Using LOPA to Make Risk Decisions. 8.1 Purpose. 8.2 Introduction. 8.3 Comparing Calculated Risk to Scenario Risk Tolerance Criteria. 8.4 Expert Judgment. 8.5 Using Cost-Benefit to Compare Alternatives. 8.6 Comparison of Approaches, Pros and Cons. 8.7 Cumulative Risk Criteria versus Scenario Criteria. 8.8 Continuing Examples. 8.9 Cautions. 8.10 Link Forward. 9. Implementing LOPA. 9.1 Purpose. 9.2 Is the Company ready for LOPA? 9.3 What Is the Current Foundation for Risk Assessment? 9.4 What Dare Are Required? 9.5 Will the IPLs Remain in Place? 9.6 How Are the Risk Tolerance Criteria Established? 9.7 When IS LOPA Used? 9.8 Typical Implementation Tasks. 10. Using LOPA for Other Applications. 10.1 Purpose. 10.2 Using LOPA in Capital Improvement Planning. 10.3 Using LOPA in Management of Change. 10.4 Using LOPA in Mechanical Integrity Programs or Risk-Based Inspection/Risk-Based Maintenance Programs. 10.5 Using LOPA in Risk-Based Operator Training. 10.6 Using LOPA in emergency Response Planning. 10.7 Using LOPA to Determine a Credible Design Basis for Overpressure Protection. 10.8 Using LOPA in Evaluating Facility Siting Risks. 10.9 Using LOPA to Evaluate the Need for Emergency Isolation Valves. 10.10 Using LOPA to Evaluate Taking a Safety System Out of Service. 10.11 Using LOPA during Incident Investigations. 10.12 Using LOPA in the Determination of SIL for SIF. 11. Advanced LOPA Topics. 11.1 Purpose. 11.2 Counting Multiple Functions in One BPCS as IPLs in the Same Scenario. 11.3 Summation of Risk for Multiple Scenarios. 11.4 Using LOPA to Develop F/N Curves. 11.5 Operator Response Issues. 11.6 Normal Plant Operations as "Tests: of IPL Components. 11.7 Focused Fault Tree/Event Tree Analysis of IPL Components. Appendix A. LOPA Summary Sheets for the Continuing Examples. Appendix B. Worked Examples from CCPS's Safe Automation Book. Appendix C. Documentation for a LOPA Study. Appendix D. Linkage with Other Publications. Appendix E. Industry Risk Tolerance Criteria Data. Appendix F. High Initiating Event Frequency Scenarios. Appendix G. Additional Reading. References. Glossary of Terms. Index.

Chapter 1

Introduction

Layer of protection analysis (LOPA) is a semiquantitative tool for analyzing and assessing risk. This book

describes the LOPA process,
discusses the strengths and limitations of LOPA,
describes the requirements for implementing LOPA in an organization, and
provides worked examples that show how several different companies have applied LOPA.

This chapter

identifies the audience for this book,
provides the history of LOPA,
shows the use of LOPA in the process life cycle,
discusses the linkage to other publications, and
provides an annotated outline for the book.

1.1. Audience

This book is intended for:

Executives who are considering expanding their corporate strategy for managing risk by adding LOPA to their existing risk analysis process. For the executive audience, the following chapters are recommended. Chapter 2 summarizes the LOPA method and its benefits. Chapter 9 discusses the questions that an organization must answer when deciding whether to use LOPA and the required steps to implement the process effectively. Chapter 10 describes other processes (such as management of change, identification of safety critical equipment, etc.) which can be enhanced by LOPA. The appendices contain summary forms and worked examples that demonstrate the LOPA product.
Safety specialists who are familiar with existing methods (such as HAZOP, fault tree analysis, event tree analysis, etc.) or who may already have some experience with LOPA (analysts, participants, reviewers, auditors, etc.). For this audience, Chapters 3 through 8 discuss the steps of the LOPA process in detail, with several continuing examples used to demonstrate the method. The appendices contain additional worked examples and other supporting documentation.
Process and process control engineers, chemists, operations and maintenance personnel, and others who may participate in LOPA reviews or who may be affected by LOPA recommendations. This includes those who implement the recommendations and those who receive the outcomes from LOPA. Chapters 1, 2, and 6 may be helpful for this audience.
Persons around the world who are responsible for compliance with process safety regulations - including the US Process Safety Management rule (OSHA, 1992), Seveso II Regulations in EU member countries-and related standards - including ISA S84.01 (ISA, 1996), IEC 61508 (IEC, 1998) and IEC 61511 (IEC, 2001).

1.2. History of LOPA

In a typical chemical process, various protection layers are in place to lower the frequency of undesired consequences: the process design (including inherently safer concepts); the basic process control system; safety instrumented systems; passive devices (such as dikes and blast walls); active devices (such as relief valves); human intervention; etc. There has been much discussion among project teams, hazard analysts, and management about the number of and strength of protection layers (see text box below). Decisions were sometimes made using subjective arguments, emotional appeals, and occasionally simply by the loudness or persistence of an individual.

LOPA has its origins in the desire to answer these key questions using a rational, objective, risk-based approach. In LOPA, the individual protection layers proposed or provided are analyzed for their effectiveness. The combined effects of the protection layers are then compared against risk tolerance criteria. Characteristics of the answers provided by LOPA are listed in the text box above.

KEY QUESTIONS FOR PROTECTION LAYERS

How safe is safe enough?
How many protection layers are needed?
How much risk reduction should each layer provide?

LOPA answers the key questions about the number and strength of protection layers by

providing rational, semiquantitative, risk-based answers,
reducing emotionalism.
providing clarity and consistency,
documenting the basis of the decision,
facilitating understanding among plant personnel.

The genesis of this method was suggested in two publications:

1. In the late 1980s, the then Chemical Manufacturers Association published the Responsible Care® Process Safety Code of Management Practices which included "sufficient layers of protection" as one of the recommended components of an effective process safety management system (American Chemistry Council, 2000). The Chemical Manufacturers Association is now the American Chemistry Council.

2. In 1993, CCPS published its Guidelines for Safe Automation of Chemical Processes (CCPS, 1993b). Although it was called the risk-based SIS integrity level method, LOPA was suggested as one method to determine the integrity level for safety instrumented functions (SIFs). (See Table 7.4 in Safe Automation; CCPS, 1993b.) "Interlock" is an older, imprecise term for SIF. The method used was not as fully developed as the LOPA technique described in this book. However, it did indicate a path forward, which was pursued by several companies independently. The reasons for this effort included the desire to

classify SIF to determine the appropriate safety integrity level (SIL) (this was the starting point for some companies),
develop a screening tool to reduce the number of scenarios requiring a full (chemical process) quantitative risk assessment (CPQRA),
develop a tool that would identify "safety critical" equipment and systems to focus limited resources,
develop a semiquantitative tool to make consistent risk based judgments within an organization,
harmonize terminology and methodology with recently developed and developing international process sector standards, and
facilitate communication (e.g., SIS, SIF, SIL, IPL) between the hazard and risk analysis community and the process control community (e.g., integrators, manufacturers, instrument and electrical engineers, plant personnel).

The initial development of LOPA was done internally within individual companies, in some cases focusing on existing processes, e.g., converting a control system to DCS. However, once a method had been developed and refined, several companies published papers describing the driving forces behind their efforts to develop the method, their experience with LOPA, and examples of its use (Dowell, 1997; 1998; 1999a; 1999b; Bridges and Williams, 1997; Fuller and Marszal, 1999; Lorenzo and Bridges, 1997; Ewbank and York, 1997; Huff and Montgomery, 1997). In particular, the papers and discussion among the attendees at the CCPS International Conference and Workshop on Risk Analysis in Process Safety in Atlanta in October 1997 brought agreement that a book describing the LOPA method should be developed.

In parallel with these efforts, discussions took place on the requirements for the design of safety instrumented functions (SIF) to provide the required PFDs (probability of failure on demand). United States (ISA S84.01, (ISA, 1996)) and international standards (IEC 61508, (IEC, 1998) and IEC 61511, (IEC, 2001)) described the architecture and design features of SIFs. Informative sections of the ISA and IEC standards suggested methods to determine the required SIL (safety integrity level), but LOPA was not mentioned until the draft of IEC 61511, Part 3 appeared in late 1999. These issues were summarized in the CCPS workshop on the application of ISA S84.01 (CCPS, 2000c).

In response to all this activity, CCPS assembled in 1998 a team from A. D. Little, ARCO Chemical, Dow Chemical, DuPont, Factory Mutual, ABS Consulting (includes former JBF Associates), International Specialty Products, Proctor and Gamble (P&G), Rhodia, Rohm and Haas, Shell (Equilon), and Union Carbide to tabulate and present industry practice for LOPA in this book.

This book extends the method outlined in Safe Automation of Chemical Processes (CCPS, 1993b) by

developing concepts and definitions for use throughout industry,
showing how numerical risk tolerance criteria have been developed by different companies,
defining the requirements for a safeguard to be considered an independent protection layer (IPL),
demonstrating how LOPA can be used for purposes other than the classification of SIF systems, and
recommending documentation procedures to ensure consistency of application within an organization.

While the LOPA methods used by various companies differ, they share the following common features:

a consequence classification method that can be applied throughout the organization;
numerical risk tolerance criteria. Individual companies use different criteria which include:

frequency of fatalities,

frequency of fires,

required number of independent protection layers (IPLs), and

maximum frequency for specified categories of consequence based on release size and characteristics or lost production;

a method for developing scenarios;
specific rules for considering safeguards as IPLs;
specified default data for initiating event frequencies and values for IPLs;
a specified procedure for performing the required calculations; and
a specified procedure for determining whether the risk associated with a scenario meets the risk tolerance criteria for an organization and, if it does not, how this is resolved and documented.

1.3. Use of...

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Layer of Protection Analysis

Description

More details

Other editions

Additional editions

Person

Content

System requirements