GUIDELINES FOR Hazard Evaluation...
Transcript of GUIDELINES FOR Hazard Evaluation...
GUIDELINES FOR
Hazard EvaluationProcedures
Second Edition with Worked Examples
CENTER FOR CHEMICAL PROCESS SAFETYof the
American Institute of Chemical Engineers345 East 47th Street, New York, NY 10017
Copyright © 1992
American Institute of Chemical Engineers
345 East 47th Street, New York, NY 10017
All rights reserved. No part of this publication may be reproduced, storedin a retrieval system, or transmitted in any form or by any means, electronic,mechanical, photocopying, recording, or otherwise without the prior permissionof the copyright owner.
Library of Congress Cataloging-in-Publication Data
Guidelines for hazard evaluation procedures : with worked examples-—2nd ed.
p. cm.
Includes bibliographical references and index.
ISBN 0-̂ 8169-0491-X
1. Chemical plants Safety measures. 2. Petroleum refineries—Safety measures. 3. Hazardous materials—Safety MeasuresI. American Institute of Chemical Engineers. Center for ChemicalProcess Safety. II. Title: Hazard evaluation procedures.TP155.5.G77 1992660'.2904-<lc20 91-41715
CIP
This book is available at a special discount when ordered in bulk quantities.For information, contact the Center for Chemical Process Safety at theaddress given above.
Third printing April 1995
It is sincerely hoped that the information presented in this document will lead to an even more impressivesafety record for the entire chemical industry; however, neither the American Institute of ChemicalEngineers, its consultants, CCPS Subcommittee members, their employers, their employers' officers anddirectors, nor JBF Associates, Inc. warrant or represent, expressly or implied, the correctness or accuracyof the information presented in this document. Furthermore, the chemical process plant described in PartII of this book, as well as the people and companies, is fictitious; any similarity to existing plants orcompanies or to living people is purely coincidental. Therefore, the users of this document accept any legalliability or responsibility whatsoever for the consequence of its use or misuse.
Abbreviations
ACGffl American Conference of Government and Industrial Hygienists
AIChE American Institute of Chemical Engineers
AIChE^4)ffiRS American Institute of Chemical Engineers — Design Institutefor Emergency Relief Systems
AIChE—DEPPR American Institute of Chemical Engineers — Design Institutefor Physical Property Data
АША American Industrial Hygiene Association
API American Petroleum Institute
ARC Accelerating Rate Calorimeter
ASSE American Society of Safety Engineers
CCA Cause-Consequence Analysis
CCF Common Cause Failure
CCPS Center for Chemical Process Safety
CEI Chemical Exposure Index
CMA Chemical Manufacturers Association
CPI Chemical Process Industry
CPQRA Chemical Process Quantitative Risk Analysis
EPA Environmental Protection Agency
ERPG Emergency Response Planning Guidelines
ETA. Event Ttee Analysis
F&EI Fire and Explosion Index
FMEA Failure Modes and Effects Analysis
FMECA Failure Modes, Effects, and Criticality Analysis
FTA Fault Ttee Analysis
HAZOP Hazard and Operability Analysis
Ш Hazard Identification
HE Hazard Evaluation
HEP Hazard Evaluation Procedures
HRA Human Reliability Analysis
IChemE Institution of Chemical Engineers (United Kingdom)
ICI Imperial Chemical Industries
ГОШ Immediately Dangerous to Life and Health
L-CLQ Lethal Concentration Low
ЬСзд Lethal Concentration, 50% Mortality
LD^ Lethal Dose, 50% Mortality
LEL Lower Explosive Limit
LFL Lower Flammable Limit
MSDS Material Safety Data Sheet
MORT Management Oversight and Risk Tfree
OSHA Occupational Safety and Health Administration
PEL Permissible Exposure Level
PFD Process Flow Diagram
PHA Preliminary Hazard Analysis
Р&ГО Piping and Instrumentation Diagram
PSM Process Safety Management
R&D Research and Development
SCBA Self Contained Breathing Apparatus
SHI Substance Hazard Index
STEL Short Term Exposure Limit
TLV Threshold Limit Value
UEL Upper Explosive Limit
UFL Upper Flammable Limit
VSP Vent Sizing Package
Glossary
Accident, accident scenario, or accident sequence: An unplanned event or sequence ofevents that results in undesirable consequences. An incident with specific safetyconsequences or impacts.
Acute hazard: The potential for injury or damage to occur as a result of aninstantaneous or short duration exposure to the effects of an accident.
Administrative control: A procedural requirement for directing and/or checkingengineered systems or human performance associated with plant operations.
Audit (process safety audit): An inspection of a plant or process unit, drawings,procedures, emergency plans, and/or management systems, etc., usually by anindependent, impartial team. (See 'Safety Review" for contrast.)
Autoignition temperature: The lowest temperature at which a fuel/oxidant mixture willspontaneously ignite under specified test conditions.
Basic event: An event in a fault tree that represents the lowest level of resolution in themodel such that no further development is necessary (e.g., equipment item failure,human failure, or external event).
Branch point: A node with two paths in an event tree or cause-consequence diagram.One path represents success of a safety function and the other path represents failureof the function.
Cause-Consequence Analysis: A method for illustrating the possible outcomes arisingfrom the logical combination of selected input events or states. A combination ofFault Ttee and Event Ttee models.
Checklist (traditional): A detailed list of desired system attributes or steps for a systemor operator to perform. Usually written from experience and used to assess theacceptability or status of the system or operation compared to established norms.
Chronic hazard: The potential for injury or damage to occur as a result of prolongedexposure to an undesirable condition.
Common cause failure: The occurrence of two or more failures that result from a singleevent or circumstance.
Consequence: The direct, undesirable result of an accident sequence usually involvinga fire, explosion, or release of toxic material. Consequence descriptions may bequalitative or quantitative estimates of the effects of an accident in terms of factorssuch as health impacts, economic loss, and environmental damage.
Consequence analysis: The analysis of the effects of incident outcome cases independentof frequency or probability.
CPQRA: The abbreviation for Chemical Process Quantitative Risk Analysis. Theprocess of hazard identification, followed by numerical evaluation of incidentconsequences and frequencies, and their combination into an overall measure of riskwhen applied to the chemical process industry. Ordinarily applied to episodic events.Is related to Probabilistic Risk Assessment (PRA) used in the nuclear industry.
Daw fire and explosion index (F&EI): A method (developed by Dow ChemicalCompany) for ranking the relative fire and explosion risk associated with a process.Analysts calculate various hazard and exposure indexes using material characteristicsand process data.
Emergency response planning guidelines (ERPG): A system of guidelines for airborneconcentrations of toxic materials prepared by the AIHA. For example, ERPG-2 isthe maximum airborne concentration below which, it is believed, nearly allindividuals could be exposed for up to one hour without experiencing or developingserious health effects that could impair an individual's ability to take protectiveaction.
Engineered control: A specific hardware or software system designed to maintain aprocess within safe operating limits, to safely shut it down in the event of a processupset, or to reduce human exposure to the effects of an upset.
Episodic event: An unplanned event of limited duration, usually associated with anaccident.
Episodic release: A release of limited duration, usually associated with an accident.
Error-Ukefy situation: A work situation in which the performance shaping factors arenot compatible with the capabilities, limitations, or needs of the worker. In suchsituations, workers are much more likely to make mistakes, particularly understressful conditions.
Event: An occurrence related to equipment performance or human action, or anoccurrence external to the system that causes system upset. In this document anevent is either the cause of or a contributor to an incident or accident, or is aresponse to an accident's initiating event.
Event sequence: A specific, unplanned series of events composed of an initiating eventand intermediate events that may lead to an incident.
Event tree: A logic model that graphically portrays the combinations of events andcircumstances in an accident sequence.
External event: Event external to the system/plant caused by (1) a natural hazard —earthquake, flood, tornado, extreme temperature, lightning, etc., or (2) a human-induced event — aircraft crash, missile, nearby industrial activity, fire, sabotage, etc.
Failure mode: A symptom, condition, or fashion in which hardware fails. A failuremode might be identified as loss of function; premature function (function withoutdemand); an out-of-tolerance condition; or a simple physical characteristic such asa leak observed during inspection.
Failure Modes and Effects Analysis (FMEA): A systematic, tabular method forevaluating and documenting the causes and effects of known types of componentfailures.
Failure Modes, Effects, and Criticality Analysis (FMECA): A variation of FMEA thatincludes a quantitative estimate of the significance of the consequence of a failuremode.
Fault event: A failure event in a fault tree that requires further development.
Fault tree: A logic model that graphically portrays the combinations of failures that canlead to a specific main failure or accident of interest (Tbp event).
frequency. The number of occurrences per unit time at which observed events occuror are predicted to occur.
Hazard: An inherent physical or chemical characteristic that has the potential forcausing harm to people, property, or the environment. In this document it is thecombination of a hazardous material, an operating environment, and certainunplanned events that could result in an accident.
Hazard analysis: See hazard evaluation.
Hazard and Operabitity (HAZOP) Analysis: A systematic method in which processhazards and potential operating problems are identified using a series of guide wordsto investigate process deviations.
Hazard checklist: An experience-based list of hazards, potential accident situations, orother process safety concerns used to stimulate the identification of hazardoussituations for a process or operation.
Hazard evaluation (HE): The analysis of the significance of hazardous situationsassociated with a process or activity. Uses qualitative techniques to pinpointweaknesses in the design and operation of facilities that could lead to accidents.
Hazard identification: The pinpointing of material, system, process, and plantcharacteristics that can produce undesirable consequences through the occurrence ofan accident.
Hazard review: See hazard evaluation.
Human error. Any human action (or lack thereof) that exceeds some limit ofacceptability (i.e., an out-of-tolerance action) where the limits of human performanceare defined by the system. Includes actions by designers, operators, or managers thatmay contribute to or result in accidents.
Human factors: A discipline concerned with designing machines, operations, and workenvironments to match human capabilities, limitations, and needs. Among humanfactors specialists, this general term includes any technical work (engineering,procedure writing, worker training, worker selection, etc.) related to the person inoperator-machine systems.
Human Reliability Analysis (HRA): A method used to evaluate whether necessaryhuman actions, tasks, or jobs will be completed successfully within a required timeperiod. In the Guidelines, HRA is used strictly in a qualitative context. Also usedto determine the probability that no extraneous human actions detrimental to thesystem will be performed.
HRA event tree: A graphical model of sequential events in which the tree limbsdesignate human actions and other events as well as different conditions orinfluences upon these events.
Initiating event: The first event in an event sequence. Can result in an accident unlessengineered protection systems or human actions intervene to prevent or mitigate theaccident.
Intermediate event: An event that propagates or mitigates the initiating event during anaccident sequence.
Likelihood: A measure of the expected probability or frequency of an event'soccurrence.
Minimal cut set: A combination of failures necessary and sufficient to cause theoccurrence of the Tbp event in a fault tree.
Mitigation system: Equipment and/or procedures designed to interfere with incidentpropagation and/or reduce incident consequences.
Mond Index: An extension of the Dow F&EI, developed by ICI, which also addresseschemical toxicity hazards.
Operator. An individual responsible for monitoring, controlling, and performing tasksas necessary to accomplish the productive activities of a system. Often used in ageneric sense to include people who perform all kinds of tasks (e.g., reading,calibration, maintenance).
Performance shaping factor (PSF): Any factor that influences human performance.PSFs include factors intrinsic to an individual (personality, skill, etc.) and factors inthe work situation (task demands, plant policies, hardware design, training, etc.).
Process safety management:. A program or activity involving the application ofmanagement principles and analytical techniques to ensure the safety of processfacilities. Sometimes called process hazard management.
Protective system: Systems including, for example, pressure relief valves, that prevent theoccurrence of or mitigate the effects of an accident.
Quantitative risk analysis: The systematic development of numerical estimates of theexpected frequency and/or consequence of potential accidents associated with afacility or operation based on engineering evaluation and mathematical techniques.
Rare event: An event or accident whose expected frequency is very small. The eventis not statistically expected to occur during the normal life of a facility or operation.
Recovery factors: Feedback factors that limit or prevent the undesirable consequencesof a human error.
Risk: The combination of the expected frequency (eventstyear) and consequence(effects/event) of a single accident or a group of accidents.
Risk assessment: The process by which the results of a risk analysis (i.e., risk estimates)are used to make decisions, either through relative ranking of risk reductionstrategies or through comparison with risk targets.
Risk management: The systematic application of management policies, procedures, andpractices to the tasks of analyzing, assessing, and controlling risk in order to protectemployees, the general public, the environment, and company assets.
Risk measures: Ways of combining and expressing information on likelihood with themagnitude of loss or injury (e.g., risk indexes, individual risk measures, and societalrisk measures).
Safety Review (process safety review): An inspection of a plant or process unit, drawings,procedures, emergency plans, and/or management systems, etc., usually by a team andusually problem-solving in nature. (See 'Audit" for contrast.)
Safety system: Equipment and/or procedures designed to limit or terminate an accidentsequence, thus mitigating the accident and its consequences.
Scribe/recorder A hazard evaluation team member who is responsible for capturing thesignificant results of discussions that occur during an HE team meeting.
Task analysis: A human error analysis method that requires breaking down a procedureor overall task into unit tasks and combining this information in the form of eventtrees. It involves determining the detailed performance required of people andequipment and determining the effects of environmental conditions, malfunctions,and other unexpected events on both.
Top event: The undesired event or incident at the 'top* of a fault tree that is traceddownward to more basic failures using Boolean logic gates to determine the event'spossible causes.
Undeveloped event. An event in a fault tree that is not developed because it is of nosignificance or because more detailed information is unavailable.
Worst case: A conservative (high) estimate of the consequences of the most severeaccident identified.
Worst credible case: The most severe accident considered plausible or reasonablybelievable.
Acknowledgments
The Center for Chemical Process Safety (CCPS) thanks all of the members of theHazard Evaluation Procedures (HEP) Subcommittee for providing technical guidancein the preparation of this document. CCPS also expresses its appreciation to themembers of the Tfechnical Steering Committee for their advice and support.
The chair of the HEP Subcommittee was Dennis C. Hendershot of Rohm andHaas Company and the CCPS staff liaison was Ray Witter. The Subcommittee hadthe following additional members:
Samuel Y. Bridges Jay E. GiffinElf Atochem North America, Inc. Union Carbide Chemicals &
Plastics Inc.Gus L. ConstanDow Corning Corporation Robert M. Rosen
BASF CorporationWilliam E EarlyStone & Webster Charles J. TWardowski, Jr.Engineering Corporation ICI Americas Inc.
Walter L. Frank Robert C. WadeDu Pont Amoco Oil Company
JBF Associates, Inc. (JBFA) prepared this edition of the Guidelines for HazardEvaluation Procedures, Second Edition with Worked Examples. These Guidelines aredivided into two parts: Part I—Guidelines for Hazard Evaluation Procedures and PartII — Worked Examples for Hazard Evaluation Procedures. J. Steven Arendt wasJBFAs Project Manager and lead author of the HEP Guidelines. David F. Montaguewas lead author of the HEP Worked Examples. The other principal authors onJBFAs team were Myron L. Casada, Donald K. Lorenzo, and David A. Walker.William G. Bridges, David J. Campbell, John Q. Kirkman, and David 1C Whittle alsocontributed to these Guidelines.
Pan I —HEP Guidelines contains several new chapters covering topics such ashazard identification methods, preparation for hazard evaluation studies, and follow-up considerations. The remaining chapters of Pan I are extensively revised versionsof the material from the first edition, developed in 1985 by Battelle ColumbusLaboratories and the following members of the original HEP Subcommittee:
Edwin J. Bassler Gary A PageStone & Webster American Cyanamid
Engineering Corporation Corporation
Harold S. KempAIChE Past President
Walter С KohfeldtExxon Chemical (now retired)
Stanley J. SchechterRohm and Haas Company
Robert A. SmithDow Chemical Company
As a companion to the HEP Guidelines, JBF Associates also developed Part II— Worked Examples for Hazard Evaluation Procedures. The HEP Worked Examplescontains entirely new material designed to help illustrate the real-life application ofhazard evaluation techniques.
The authors of the HEP Guidelines and the HEP Worked Examples are indebtedto the technical publications personnel at JBFA. Kelley S. Alters was the editorfor this project and Curt A. Rogers, Catherine Y. Carter and Sarah Y. Auklkingtonwere the proofreaders. Cora R. Everett and Nicole Lepoutre-Baldocchi created thegraphics. Finally, Angela L. Hardeman prepared the manuscript for publication.
CCPS also gratefully acknowledges the comments submitted by the followingpeer reviewers:
Stanley E. AndersonRohm and Haas Tfexas,
Incorporated
Joseph P. BalkeyUnion Carbide Chemicals &
Plastics Inc.
Charles BurgdorfElf Atochem North
America, Inc.
Arthur F. BurkDu Pont
Donald C. Clagett, Ph.DGE Plastics
Daniel A. CrowlWayne State University
Robert E. DeHart IIMobil Oil Corporation
A. M. Dowell IIIRohm and Haas Tfexas,
Incorporated
Jay EberhardtICI Americas Inc.
Joseph F. LouvarBASF Corporation
William K. LutzUnion Carbide Chemicals &
Plastics Inc.
R. Craig MatthiessenU.S. Environmental
Protection Agency
Ray L. MendelsohnDu Pont
C. Donald MillerUnion Carbide Chemicals &
Plastics Inc.
N. SankaranUNOCAL Corporation
Mike SawyerScience Applications
International Corporation
Mike SherrodStone & Webster Engineering
Corporation
Gary R. Van SciverRohm and Haas Company
Mark EidsonStone & Webster
Engineering Corporation
Barry GibsonDuPont
Kathleen A. HainesICI Americas, Inc.
Steven A. Lapp, Ph.D.Design Sciences, Inc.
Dennis E. WadeMonsanto (now retired)
Johnny O. WrightAmoco Corporation
Their insight and suggestions helped ensure a balanced perspective for the Guidelines.