Anda di halaman 1dari 6



Safety Engineering,
Risk Analysis
and Asset Integrity
Safe design from concept to operation
INERCO is currently developing major worldwide projects in the matter of industrial safety for large engineering
companies and operators in industries such as Oil & Gas (upstream and downstream), petrochemical, chemical,
mining and energy.
Safety, Tools in the field of risk analysis, Risk management

Juan Santos Remesal

Manager Industrial Safety Division INERCO
Alfredo Ramos Rodriguez
Head of Industrial Safety Department INERCO

62 Industria Qumica

Gabriela Reyes Delgado

Process Safety Area Manager INERCO
Pastora Fernndez Zamora
Risk Assessments Area Manager INERCO

Special Achema 2015


IN EACH SECTOR advanced safety

criteria as well as applicable
international standards and
regulations are used. The set of tools
applied in the projects goes from,
among others, HAZID/HAZOP Studies,
SIL Analysis (SIL Index Determination,
Safety Requirement Specification
or SRS and SIL Verification), LOPA
Analysis, Fire & Gas system design,
Quantitative Risk Analysis and
ALARP, to studies as RAMS Analysis,
Risk-Based Inspection (RBI) and
Risk Centered Maintenance (RCM),
BOW-TIE, Safety Critical Elements
Determination and design standards
for these elements.
Thus, both the promoters of
these projects, as the engineering
companies that developed them,
implement, at the different stages of
the project, risk analysis tools focused
on increasing safety levels and achieve
goals such as:
Identification of hazards from
external sources that can potentially
affect on plant inside.
Identification of hazards from
internal sources that may lead to
an accident scenario, due to the
hazardous characteristics associated
with the substances present and to
operations during construction and
operation phases of the plant.
Estimation of the consequences.
According to the hazardous
characteristics of the substances
capable of causing any risk situation
quantifying the effects and
Estimation of the probability of
occurrence for the identified hazards,
so that the overall risk of the facilities
can be known, once its consequences
are assessed.
Identification of those points in
the facilities where improvements
might be needed in the design,
inspection and maintenance to reach
a safer operation.
Identification of areas, facilities,
equipment and processes that
contribute the most to risk, in order

to establish adequate mitigation or

protection measures to have in all
cases an acceptable risk associated
with the facilities.
Defining the strategic action plan
in emergencies and development of
emergency and contingency plans.
Among others, the most widely used
tools in the field of risk analysis are:
HAZID Analysis
HAZOP Analysis
Bow-Tie Analysis
SIL analysis (SIL Index Determination,
Safety Requirement Specification or
SRS and SIL Verification)
QRA or HAZAN Analysis
FMEA Analysis
RAMS Analysis
Risk-Based Studies Inspection
(RBI) and Risk Centered Maintenance
Safety Critical Elements (SCEs) and
Performance Standards (PSs)

HAZID analysis is a tool to identify
hazards and make an initial assessment
of the risks. It aims to identify at an
early stage all the hazards that the
project can be exposed to, from an
internal and external point of view.
The areas where hazards are identified
and risks are assessed include
geographic location, environmental
conditions, requirements in matter of
environmental, engineering, safety,
security or prevention of occupational
The timing of a HAZID study is
critical to maximize profit. Inevitably a
HAZID will lead to changes in design
or operational changes of the plant.
It takes time to implement these
changes, the optimal time for a HAZID
is in basic engineering and before
starting the detailed design.
The expected results of this type
of study are, that in an early stage,

hazards in all these areas are known

sooner, before taking decisions that
lead us to take significant risks or
incur into significant costs due to
the need to implement mitigation
measures; to have a hazard register of
the identified hazards and a corrective
action plan in which the strategy of
risk management is indicated and
measures to avoid, reduce or control
them during design phase are in
place; the measures taken can be
planned, implemented and audited
or controlled in time by the project
management; and delays in the
design or construction and budgetary
slippages by unidentified hazards are


HAZOP studies are conducted in order
to identify all those deviations from
the design conditions that can lead
to accidents, or constitute serious
operability problems, with special
attention to deviations that can cause
accidents with major consequences.
The team working on a HAZOP
follows an analytical structure through
a set of guidewords (no, more, less,
etc.) to examine deviations from the
normal process conditions at key
points (called NODES) of the unit.
These guidewords are applied to
the most relevant parameters (flow,
pressure, temperature, level, etc.)
in order to identify potential causes
that can lead to this situation, the
consequences of the deviation of
these parameters from the expected
values and safeguards installed to
avoid them.
As a result of the development and
application of HAZOP methodology to
industrial facilities, recommendations
would be obtained, for example,
concerning the design conditions of
the facilities (lines, equipment, need
for additional instrumentation, valves,
instrumentation and equipment
accessibility, etc.), alarm configuration
in controllers and indicators, status
indication of motors, verification of

Industria Qumica 63


Table 1.





- Guidance for the selection process

- Detect unacceptable process hazards
- Help for process design
- Identify key process modifications that reduce the risk level.
- Assist in the geographical location of the project



- Identify hazards in a more detailed way in the selected

process and in the proposed design
- Risks associated with the geographic location
- Risks on special or critical equipment in the process


Critical Elements studies, Safety
Barriers and performance standards

- Identify all the hazards in the process, assessing the

associated risks
- Identify aspects of the operation not initially contemplated
- Help to establish operating, commissioning and start-up



- Ensure the operation and that the information regarding

quality, legal requirements, process safety and operating
procedures are complete and up to date
- Incorporate lessons learned from recent accidents or
incidents and consider the addition of new equipment,
systems and technologies that will improve safety levels

the design conditions of safety valves

or the need to install or configure
an interlock system or Safety
Instrumented System in the facilities.

The bow-tie analysis is a model that
represents how a hazard can be
released, escalate and how it is
controlled. This methodology is
usually applied to Major Accidents
Hazards (MAH). For each MAH, the
bow-tie methodology allows:
Identification of the hazard
release, escalation and consequence
Identification of controls, e.g.
barrier and escalation factor controls
required to manage hazards.
C a t e g o r i s a t i o n o f c o n t ro l s
into Inherent Safety, Safety Critical

64 Industria Qumica

Element (hardware) or Critical activity

(procedures, processes, operator action).
A clear visual representation
to enable ALARP review to be
An aid in the incident review
process if occurrence of such a major
incident has occurred.

to prevent a specific Threat from

releasing the Hazard, Verifiable how
shall the effectiveness of the barrier be
confirmed? And Independent of other
barriers in the same Threat line, e.g.
no common mode failure.

The role of a barrier on the bow-tie

diagrams is to prevent (Left hand side
of BT) or limit (Right hand side of BT)
the consequence of a major accident.
The barriers are divided into the
following different types: Structural
Integrity (SI), Process Containment
(PC), Ignition Control (IC), Detection
Systems (DS), Shutdown Systems (SD),
Protection Systems (PS), Emergency
Response (ER), Life Saving (LS).
Barriers shall be effective in preventing
the Top Event or Consequence, able

SIL analysis is a risk study applied

to interlock systems or Safety
Instrumented Systems (SIS), in which
the safety level or SIL index (Safety
Integrity Level) is analyzed. In this
sense, the SIL index has a direct
relation with the average Probability
of Failure on Demand and the Risk
Reduction Factor.
Functional Safety regulations and
standards, ANSI-ISA-S84 and IEC61511/61508 establish the different
stages to cover in the Safety Life Cycle



Special Achema 2015


of a Safety Instrumented System, from

initial conception until its removal.
According to the above normative,
there are several methodologies for
the development of SIL analysis, that
may be qualitative (Risk Graphs),
semiqualitative (Calibrated Risk Graph
or Risk Matrices), semiquantitative
( L O PA A n a l y s i s a n d L a y e r s o f
Protection Analysis) or quantitative
(Markov Analysis or Quantitative
Risk Analysis). The methodology
finally used must be selected by the
engineering company according to
specifications, the critical nature of
processes and resources allocated for
the development of the study and will
be based on risk acceptability criteria
established by the Property.


SRS or Safety Requirement Specification
is another step in the life cycle of
Safety Instrumented Systems in which
the safety requirement specification
is developed, essentially the system
operation philosophy. Each safety
function must have an associated
SIL requirement and reliability
requirements for spurious trip. It should
include all operating conditions of the
process, from start-up to shutdown,
including maintenance for each
operation mode of the process.

SIS requirements shall be expressed

and structured so that they are clear,
accurate, verifiable, sustainable,
feasible and written so that they can
be understood and applied. The design
requirements specification for the SIS
shall include the system or system
component function, the actions
that the system or component shall
do under prescribed circumstances
(functional specification) and the
required integrity (reliability and
availability) to operate in these
circumstances (integrity specification).
SIS conceptual design is specified in
SIL Verification, defining the acquisition
of the elements of the SIS according to
safety and reliability criteria, as well as
setting ranges of system maintenance,
to comply with safety specifications
derived from the SIL index determined
in the previous step.


Quantitative Risk Assessment
or HAZard ANalysis is a tool by
which a risk identification followed
by a numerical evaluation of its
consequences and frequencies of
occurrence is performed, to finally
combine both factors and obtain
a risk measure associated to the
activity analyzed on people. This
risk measure can be performed for
both to employees as to the outside
population of the facilities.

The general methodology of QRA

development comprises: identifying
accident initiating events, causes and
frequencies, determining the evolution
of initiating events to end accidents,
determining the probability of weather
conditions, the lethal threshold values,
the range of the lethal consequences
and determination of the probability
of people presence nearby and / or
distribution of workers at the facility
and risk quantification through a
combination of all the above factors,
for all scenarios identified.
The results of the QRA will allow,
among other applications, to compare
obtained risk levels with tolerable
individual and social risk levels, or to
identify those accidental scenarios
that contribute the most to risk,
to make decisions on optimal risk
reduction measures to implement in
order to achieve acceptable risk levels
in case that the risk obtained is not
acceptable. It is a dynamic tool to be
updated not only during engineering
but also during operation since
the enlargement and new projects
modify the risk and will be useful for
management and decision making
regarding the safety of the facilities.


Fire Hazard Analysis or Fire and

Industria Qumica 65


Explosion Hazard Analysis is a

structured and systematic approach
to identify and assess fires and
explosions, to ensure, in the design
of the facilities, adequate fire and
overpressure protections for various
equipment and facilities, reducing
the possibility of accidental climbing
and ensuring as far as possible the
integrity of the plant.
Consequence Scope Analysis include
hazard identification, consequences
calculation and risk zones according
to predefined threshold values and
the calculation of vulnerability of
people and property.
T h e re s u l t s a l l o w o b t a i n i n g
information to ensure safe and reliable
operation of the facilities for all phases
of the project.

Failure Mode Effects Analysis (FMEA)
is a technique for identifying hazards
associated with equipment of a
process plant. This tool aims in its
application, to establish possible
faults in each and every one of the
elements (process and control) in a
plant, to analyze the consequences of
the failures established in the previous
step, to detect those that may lead to
accidents and to establish protection
measures to prevent equipment
failures that are significant.
The FMEA can be used to
complement other hazard
identification techniques such as
HAZOP analysis of special systems,
as furnaces or electrical / electronic
The FMEA comes from of a list of
equipment and components of the
plant under study that are likely to
cause a failure, and for each one,
its failure modes are identified.
The analysis is complemented by
determining a risk index using for
example a double-entry matrix
(probability and consequences) that
help to prioritize the definition of
corrective measures.

66 Industria Qumica

RAMS can be defined as an intrinsic
feature of a facility that measures the
long-term operation of the facility
and that helps in decision making
to reduce the costs derived from
needs of shutdown for maintenance
and reparation in both normal and
scheduled operations as in those
conducted by failures / unexpected
shutdowns. The facility design must
take into account this concept since
its influence is direct in the life cycle
and performance of the facility.
Specifically, the concepts used in the
RMS study are Reliability, Availability,
Maintainability and Safety.
RAMS analysis aims to predict the
performance, availability and safety
of the process systems, as well as to
provide a basis for optimization of
such systems and ensure achievement
of fixed targets for the facility. These
studies are increasingly becoming a
standard requirement for engineering
design. It can be said that RAMS
analysis shall form an intrinsic part of
the original design and that its four
branches are closely linked, so that
each affects the other.

RBI methodology facilitates
the definition of maintenance
m a n a g e m e n t p ro g r a m o f t h e
facilities based on the results of
a comprehensive study of the
risks associated with each of its
equipments. This allows to focus on
the maintenance of equipment in
those that suppose a greater risk to
the human environment (workers,
nearby towns), natural (air quality,
water and soil) and socioeconomic
(infrastructure, historical-landscape
heritage, economic activity).
The theoretical basis on which
the RBI methodology is based on,

developed by the American Petroleum

Institute, is described in a series of API
standards, which include the API 580
standards: Risk Based Inspection and
API 581: Risk Based Inspection. Base
Resource Document.
M o re o v e r, a s a c o m p l e m e n t
to the maintenance strategy, the
implementation of a methodology
as Reliability Centered Maintenance,
widely used in industries such as
aerospace and automotive, to the
Oil&Gas industry has as immediate
effect an increase in equipment and
components reliability and thus an
increase in safety levels of the facility.
The methodology aims to establish
a maintenance strategy for each
component or equipment according to
their critical nature in the system that
will be marked by the influence that a
fault in the equipment or component
has on parameters such as safety,
environmental condition, production,
repair costs, etc., in an effective way in
the implementation cost.
It has been proved that the
application of these maintenance
strategies have a direct effect on the
availability of the facilities and so on
exploiting them and in the business.
Both methodologies, RBI and
RCM are complementary and can be
implemented so that the synergies
between the two are used for a
greater economic benefit and to
improve safety levels of any facility.


The Safety Critical Elements are
defined through a Bow-Tie Analysis
of the Major Accidents Hazards
(MAH). Barriers for high risk hazards
shall be classified as High Risk Hazards
Critical Elements and will be selected
in accordance with corporative
Standards and good engineering
practices. A Safety Critical Element
(SCE) is any item of hardware, system
or logic software the failure of which
could cause a major Accident Hazard
or whose purpose is to prevent

Special Achema 2015


or mitigate the effects of a Major

Accident Hazard.
For every SCE selected a
Performance Standard (PS) shall be
developed. A PS is a statement, which
can be expressed in qualitative or
quantitative terms, of the functional
performance required of a SCE, and
which is used as the basis for managing
the risk from the Major Hazards. The
Performance Standards for SCEs shall
be established according to Design
Standards and the results of safety
and environmental studies performed
on the project. Performance Standards
are used as the basis for design and
technical (operational) integrity
verification and are expressed in terms
of functionality, availability, reliability,
survivability and dependencies/
interactions with other SCEs.
Functionality is an expression
used to define what the system or
equipment is required to achieve in
order to ensure design integrity.
Reliability and Availability: Reliability
is defined as the required probability
that the system or equipment will
operate on demand, when required.
Availability is defined as the extent
to which the system or equipment
is required in order to retain its
functional integrity.
Survivability defines the external
loading events such as fires, explosions
or extreme weather, associated with
the various MAHs against which the
system or equipment is required to
retain its functional integrity.
Dependencies and Interactions.
This is used to identify other systems
or equipments that are critical to the
functionality of the primary system
or equipment. By identifying these
dependencies and interactions it is
ensured that all interfaces have been


The main objective of the Escape,
Evacuation and Rescue Analysis (EERA)
is to ensure that the facilities meet the
highest level of safety in an emergency

in a reasonable and feasible way. EERA

is a widely used tool in the design of
offshore platforms in which, taking
into account the characteristics of
them, an emergency situation requires
that the measures of evacuation and
rescue are perfectly designed and
analyzed since it is critical to ensure
that people who live in there do
not suffer major consequences. In
ground facilities such as refineries this
type of analysis is used to define the
mobilization of emergency teams, the
initial positioning of them and how
shall be the procedure of each team,
specifying firefighting or refrigeration
equipment to use. This analysis can be
completed with the determination and
analysis of firefighting water needs for
each risk scenario, depending on the
flow demand of each equipment and
the estimated running time.
EERA is a technique for assessing
the performance of emergency
facilities and emergency response
procedures designed for this purpose.
It consists of a structured review of
the realization of escape, evacuation
and rescue facilities and the action
procedures in the representative risk
scenarios and takes as input the results
of a Consequence Scope Analysis.
Performing this analysis in
engineering design phase generates
as the most relevant results and
with direct transfer to facility design,
aspects such as identifying needs of
additional material resources, both
fixed and mobile to equip the facility,
identification of the location of
commanding points, routes of attack
of the firefighting brigades and the
definition of the dimensions of the
attack and evacuation routes and the
possible isolation or zoning of the risks
to prevent the expand of the accident
or domino effect, confinement or
containment dike sizing, safety
distances, etc. All this will end up
being the basis of a pre-fire plan or
specific action procedure for each of
the identified situations and constitute
the operational part of emergency
planning of the facility.

It is increasingly necessary to take
into consideration during the design
of industrial facilities aspects of
protection from the point of view of
intentional threats on facilities. This is
not solely a matter of controlling the
perimeter or to have a security service.
In industrial facilities in which threats
can be addressed to equipment
and systems handling hazardous
substances that may be released
intentionally and affect workers and
nearby population, additional safety
measures shall be applied.
These measures shall be taken
from design and engineering. To do
this, Security Vulnerability Analysis
or SVA can be used as a tool. SVA is
a process that identifies and analyzes
the operational physical vulnerabilities
of the facilities against external threats
determined as credible depending on
the type of installation, geographic
location or environment among others.

There are countless different tools that
can be used depending on the phase
of activity, the project to develop,
the target objective and the risk
management policy that the company
has set to achieve its safety objectives.
As a reference, in the appended table
it is shown in an illustrative way for the
different phases of activity some of the
most appropriate risk analysis tools
depending on the expected results.
Its application offers significant
safety benefits throughout the lifecycle
of an industrial plant and it is important
to have the necessary experience to
choose those that fit the installation to
evaluate and the target objectives.
In this sense INERCO has over
30 years of experience advising on
risk management and increasing
comprehensive safety levels in the
industrial sector (Oil & gas, chemical,
energy, mining, metallurgy, industrial
engineering, etc.) using the most
effective media in terms of costeffectiveness in reducing risk.

Industria Qumica 67