Hazid Hazop Sil Tor

Project: CONSTRUCTION OF NEW PIPELINE FROM
GUEBIBA TO CFTP
HAZID/HAZOP/SIL/ TOR
HAZID/HAZOP/SIL TOR
CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA/TB TO CFTP
001/AR03/13
03/12
HAZID/HAZOP/SIL TOR
PAGE: 2 /24
TABLE OF CONTENTS
1.
INTRODUCTION..........................................................................................3
1.1
ABBREVIATIONS............................................................................................................ 4
Compagnie Franco-Tunisienne des Ptroles.........................................................................4
2.
HAZID STUDY............................................................................................ 5
2.1
2.2
2.3
3.
HAZOP STUDY........................................................................................... 7
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
4.
SCOPE & OBJECTIVES OF THE HAZID STUDY.........................................................................5

HAZID TECHNIQUE....................................................................................................... 5
HAZID RECORDING....................................................................................................... 6
SCOPE & OBJECTIVES OF THE HAZOP STUDY.....................................................................7
HAZOP METHODOLOGY................................................................................................. 7
HAZOP TECHNIQUE................................................................................................... 8
HAZOP RECORDING.................................................................................................... 11
HAZOP NODES......................................................................................................... 11
HAZOP TEAM........................................................................................................... 11
HAZOP FOLLOW UP................................................................................................... 11
HAZOP RECOMMENDATIONS......................................................................................12
PROCESS SYSTEMS / FACILITIES.......................................................................................12
REPORT.................................................................................................................. 12
SAFETY INTEGRITY LEVEL (SIL).....................................................................13
4.1
SCOPE & OBJECTIVES OF THE SIL STUDY........................................................................13
4.2
PROBABILITY OF FAILURE............................................................................................... 13
4.3
SIL CLASSIFICATION..................................................................................................... 14
1.1.1 RISK GRAPH TECHNIQUE...........................................................................................14
1.1.2 LAYER OF PROTECTION ANALYSIS..................................................................................15
4.4
RISK MATRIX.............................................................................................................. 15
4.5
RISK REDUCTION........................................................................................................ 16
4.6
RISK ANALYSIS TEAM.................................................................................................... 16
4.7
SIL RECORDING......................................................................................................... 17
5.
APPENDICES............................................................................................ 18
5.1
PROCESS SAFETY RISK GRAPH......................................................................................... 18
5.2
COMMERCIAL RISK GRAPH............................................................................................. 20
5.3
ENVIRONMENTAL RISK GRAPH......................................................................................... 21
5.4
TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF
INDEPENDENT PROTECTION LAYERS (IPLS)............................................................................23
HAZOP/HAZID/SIL/SIMOPS ToR
NO.
REV. 0
PAGE: 3 / 24
1. INTRODUCTION
This document provides significant aspects and considerations of HAZID, HAZOP, and SIL study related to
the construction of new pipeline from guebiba/tb to cftp project.
NO.
REV. 0
PAGE: 4 / 24
2. Abbreviations
The following abbreviations will be used:
CFTP
Compagnie Franco-Tunisienne des Ptroles
HAZID
Hazard Identification
HAZOP
Hazard & Operability
SIL
Safety Integrity Level
SIF
Safety Instrumented Function
P&ID
Piping & Instrumentation Diagrams
SLC
Safety Life Cycle
LOPA
Layer of Protection Analysis
CIL
Commercial Integrity Levels
E/E/PES
Electrical/electronical/programmable electronical systems
IPF
Instrumented Protective Function
IEC
International Electrotechnical Commission
EIL
Environmental Integrity Levels
NO.
REV. 0
PAGE: 5 / 24
3. HAZID Study
3.1 SCOPE & OBJECTIVES OF THE HAZID STUDY
For this project, HAZID (Hazard Identification) analysis is required: the overall objective is to produce a
facility in respect of which all risks to the human, Environment, company reputation and the assets
have to be identified and minimized.
The HAZID worksheet objectives are:
To systematically analyse the Project for potential hazards identification.
To list all the needed documents about the project, that must be prepared in the following basic or
detail design phase.
Considering the simplicity of the design, the risk-ranking for the recommendations has been limited to
cases where a clear critical consequence was specified and the recommendation is proposed as a
choice between different solutions.
For all the recommendations requiring further analysis, design and / or engineering studies /
documents, operating procedures development, or other efforts that however must be done or
prepared, the risk ranking will be considered superfluous.
3.2 HAZID TECHNIQUE
The HAZID Review will be conducted as a guided brainstorming, by means of guidewords applied to the
project.
The specific intention of this Hazards review is to highlight and estimate hazards deriving from the new
pipeline from Guebiba/TB to CFTP, not only at normal operation phase but also during construction,
commissioning and maintenance activities.
The analysis is concentrated on the inherent external and internal hazards for the project, and is focussed
on specific parts of the selected process, philosophies and operational concepts.
A part is dedicated to the environmental aspect where potential impacts, corresponding causes,
consequences and associated protections are identified, this analysis enables quick and yet trustful setting
of documented Environmental Protection and regulatory compliance measures.
With the help of guidewords, hazards will be identified together with potential means of control and
mitigation.
For each hazard, a qualitative assessment of the expected likelihood and severity of consequences will be
given, on the basis of the risk assessment documents.
The minutes of the HAZID Review detailing the hazards, causes and consequences, risk-ranking,
recommendations and residual risk ranking will be recorded in HAZID Worksheets.
NO.
REV. 0
PAGE: 6 / 24
Figure 1: HAZID PROCEDURE

3.3 HAZID RECORDING
The discussion will be recorded by the HAZID Secretary using dedicated software: LEADER 2015
version.
NO.
REV. 0
PAGE: 7 / 24
4. HAZOP Study
4.1 SCOPE & OBJECTIVES
OF
THE HAZOP STUDY
HAZOP (Hazard and Operability Study) is a qualitative methodology that identifies possible deviations from
the correct functioning of the process, analyzing moreover the consequences of such anomalies and the
actions to be taken in order to limit them to the smallest possible areas.
The HAZOPs targets are:
-
To identify possible deviations from the intended operation that can cause personnel or
equipment harm as well as operation disturbances (accidental events),

To establish how deviations from the design intent can arise,
To assess whether such deviations and their consequences can have a negative effect upon
the safe and efficient operation of the system,

To recommend actions, whenever is necessary, in order to remedy to the deviations.
4.2 HAZOP METHODOLOGY

The method used for the HAZOP is a systematic review of the process; therefore the primary words will be
the process parameters: Flow, Pressure, Temperature, Composition, and Level.
And the secondary words, which are combined with a primary keyword, are the different HAZOP
guidewords permit to suggest possible deviations: No, Less, More, Part of, As well as, Reverse, Other
thanetc.
In practice, the process parameters are combined with standard guidewords to set down a list of
deviations from the normal operation of the system under review. The following combinations were used
in this Study:
Table 1: Deviations represented by Parameters and Guidewords
Parameters
Guidewords
Flow
No
Reverse
More
Less
Temperature
More
Less
Pressure
Composition
Level
More
Less
As well as
Part of
More
Less
Deviations
No Flow (complete lack of flow)
Reverse Flow (flow in the opposite direction than the normal operation)
More Flow (higher flow rate than expected)
Less Flow (lower flow rate than expected)
Higher Temperature (than expected)
Lower Temperature (than expected)
Higher Pressure (than expected)
Lower Pressure (than expected)
Contamination
Composition Change (fluid composition different than expected, e.g. offspec feed, incorrect chemical dosing, etc.)
Higher Level (higher liquid level in a vessel or tank, up to overfilling
condition)
Lower Level (lower liquid level in a vessel or tank, up to a complete loss
of level)
NO.
REV. 0
PAGE: 8 / 24
Parameters
Guidewords
Deviations
Other
Other
Other (any other cause of upset or unsafe condition identified during the
HAZOP but not linked to an identified parameter)
4.3 HAZOP TECHNIQUE

HAZOP is a systematic procedure used to review the process design for identification of potential hazards
and operability problems caused by deviation from the design intent of both new and existing process
facilities. The methodological approach is to identify deviations from the design intent using parameters
and appropriate guidewords, and to define any actions necessary to reduce the probability of occurrence
and/or eliminate/mitigate the consequences.
The system will be divided into discrete Nodes (a "node" is a sub-system or a portion of a systems which
can be analyzed alone, e.g. a tank, a header, a pump, even a single line, together with the relevant
connections to the interfaces), and the methodology will be applied thoroughly to each node until all the
system be fully analyzed.
The method involves the following steps for each Node:
Define a Node of the process on the P&IDs;
Clarify the design intent and the normal operating conditions of the Node;
Identify a Deviation from the intent or operating conditions by applying parameter and a
Guidewords;
List possible Causes and Consequences of the Deviation (a Deviation can be considered
meaningful if it has credible causes and can result in harmful consequences);
Identify the Safeguards (if any), as shown in project documentation;
Formulate Recommendations (and identify the responsible for implementation/action) if no

sufficient Safeguards are provided.
NO.
REV. 0
PAGE: 9 / 24
The following figure summarizes the HAZOP Procedure that has been applied.
Figure 2: HAZOP PROCEDURE

If a deviation and/or event are found to be realistically possible and to give rise to a significant
consequence, it is discussed in the HAZOP Study Worksheets.
The cases where there are no credible causes of deviation, and/or no events giving rise to significant
consequences, will not been recorded on the Worksheets.
The keyword combinations will be discussed following an iterative process in order to identify potential
problems, as the diagram mentioned below:
NO.
REV. 0
PAGE: 10 / 24
Describe process section
Select a Node and describe design intent
Have all relevant Parameter for this plant section

been considered?
Yes
No
Select a parameter not previously considered (e.g.

Pressure)
Have all relevant guideword for this parameter

been considered?
Yes
No
Select a guideword previously considered

(e.g. More)
Determine cause of deviation from design intent;

assess potential hazard/operational problem
associated with the defined cause
Are there any causes for this deviation not

previously discussed and recorded?
Yes
Record the new cause
No
Are associated consequences of any significance?
Yes
Record the consequence/s
Record any Safeguards identified
No
Having regard to the consequences and

Safeguards, is an Action necessary?
Yes
Record the agree Action
No
NO.
Rev. 0
PAGE: 11 /24
4.4 HAZOP RECORDING

The HAZOP discussion will be recorded by the HAZOP Secretary using dedicated software: LEADER
2015 VERSION.
This software leads to:
-
A complete sets of topics added instantly;

A vast Leader Library, puts hundreds of standard HAZOP deviations;
Add own custom topics to any section, to the library, or to the project template that can be
created;
Copy, reorder, and renumber topics.
The record will be made during the session using laptop, and will be projected onto a suitable screen
so that all team members can see inputs to the record as it is produced.
4.5 HAZOP NODES
In order to perform the analysis and focus the teams attention on a specific area, the different process
systems will be divided into a convenient number of discrete nodes. Each node represents a section of
the system that can be composed by one or more items with homogeneous characteristics in terms of
pressure, temperature or service. A new node starts when main process parameters change or isolation
is present.
4.6 HAZOP TEAM
The HAZOP shall be carried out by a multidisciplinary team to ensure all aspects of the plant and its
operations are covered. The team members specialists include process design, instrumentation and
control, mechanical engineering, safety and operation.
The chairman has to:
Select the teams members
Plan and prepare the study,
Chair the HAZOP meetings: Trigger the discussion using guidewords and parameters,
Follow up progress, Ensure completeness of the analysis.
The team will include a nominated scribe, responsible for recording discussion and findings.
4.7 HAZOP FOLLOW UP
The HAZOP Actions Coordinator will be responsible for ensuring the Action Items are forwarded to the
parties responsible for action implementation, and for recording the status of the actions.
The relevant discipline specialists should close-out the addressed actions, indicating the resolution and
providing references and evidence of implementation. The action sheet completed with close-out
NO.
Rev. 0
PAGE: 12 /24
information shall be returned to the HAZOP Actions Coordinator. The HAZOP Actions Coordinator should
review the responses and proceed until full resolution of all pending issues.
When an action is closed, the HAZOP Actions Coordinator should mark the action as CLOSED in the
action status column. When all actions will be closed, the Coordinator can issue the close-out report
(i.e. the collection of all the resolutions and action close-outs). All Actions shall be ideally closed
before the end of the Engineering Phase.
4.8 HAZOP RECOMMENDATIONS
The analysis results of the HAZOP study shall be represented by a series of recommendations which
take the form of suggested design changes, requirements of verification and additional studies or
suggestions for specific operational procedures to be implemented. The recommendations will be
managed in the activity of follow-up and implemented during the project development.
4.9 PROCESS SYSTEMS / FACILITIES
To ensure process integrity and to identify process hazards and operational problems for process
systems or facilities, a systematic review of the P&IDs shall be made.
4.10
REPORT
The HAZOP Report is a key document pertaining to the safety of the plant. It should provide sufficient
information on each element so that, either read alone or together with available and clearly cross
referenced documents, an assessment can be made of the adequacy of the HAZOP study carried out.
The contents of such a summary might typically be:
-
Introduction;
System definition and delimitation;
Documents (on which the analysis is based);
Methodology;
Team members;
HAZOP results:
Reporting principles,
Classification of recordings,
Main results;
HAZOP study worksheet.
Appendices:
P&IDs (marked),
List of participants.
NO.
Rev. 0
PAGE: 13 /24
NO.
Rev. 0
PAGE: 14 /24
5. Safety Integrity Level (SIL)

5.1 SCOPE & OBJECTIVES OF THE SIL STUDY
The analysis of hazards and risks gives rise to the need to reduce the risk and within the SLC of the
standards this is identified as the derivation of the safety requirements. There may be some overall
methods and mechanisms described in the safety requirements but also these requirements are then
broken down into specific safety functions to achieve a defined task.
In parallel with this allocation of the overall safety requirements to specific safety functions, a
measure of the dependability or integrity of those safety functions is required.
What is the confidence that the safety function will perform when called upon?
This measure is the SIL. More precisely, the safety integrity of a system can be defined as:
"The probability (likelihood) of a safety-related system performing the required safety functions
under all the stated conditions within a stated period of time."
Thus the specification of the safety function includes both the actions to be taken in response to the
existence of particular conditions and also the time for that response to take place. The SIL is a
measure of the reliability of the safety function performing to specification.
5.2 PROBABILITY
OF FAILURE
To categorise the safety integrity of a safety function the probability of failure is considered in effect
the inverse of the SIL definition, looking at failure to perform rather than success.
It is easier to identify and quantify possible conditions and causes leading to failure of a safety function
than to guarantee the desired action of a safety function when called upon.
Two classes of SIL are identified, depending on the service provided by the safety function
For safety functions that are activated when required (on demand mode) the probability of
failure to perform correctly is given, whilst

For safety functions that are in place continuously the probability of a dangerous failure is
expressed in terms of a given period of time (per hour) (continuous mode).
The probabilities of failure are related to one of four safety integrity levels, as shown in Table 1:
Table 2: Probability of failure
Probability of failure
Safety Integrity
Level (SIL)
b
4
3
2
1
a
Mode of operation on demand (average

probability of failure to perform its design
function upon demand)
Mode of operation continuous

(probability of dangerous failure per
hour)
A single E/E/PES is not sufficient

10-5 to < 10-4
10-9
10-4 to < 10-3
10-8
10-3 to < 10-2
10-7
10-2 to < 10-1
10-6
No special safety requirements
to
to
to
to
<
<
<
<
10-8
10-7
10-6
10-5
NO.
Rev. 0
PAGE: 15 /24
5.3 SIL CLASSIFICATION

The following methods will be used for Target Safety Integrity:
Risk Graph
Layer of Protection Analysis (LOPA)
Both these methods are included in the IEC61508 and IEC61511 standard. The risk graph is a qualitative
technique, the results tend to be quite subjective and lead to SIL levels biased on the high side. The
Layers of protection analysis technique is quantitative and more accurate and it is becoming the widely
accepted technique for SIL determination.
5.3.1
RISK GRAPH TECHNIQUE
The risk graph method is a qualitative approach to determine the level of integrity required for the
identified Instrumented Protective Functions (IPF) for the project. The approach is based on the
International Electro technical Commission standard, IEC61511.
Risk graph analysis uses four parameters to make a SIL selection. These parameters are consequence
(C), occupancy (F), probability of avoiding the hazard (P), and demand rate (W).
-
Process Safety Risk Analysis
Each loop shall be reviewed on the following basis:
Consequence Severity
Personnel Exposure
Alternatives to Avoid Danger
Demand Rate
The SIL rating is calculated using the response to the 4 questions and the appropriate SIL level is
generated using the IEC risk graph attached in Appendix (6.1).
-
Commercial Risk Analysis
Each of the loops reviewed shall be subjected to an Asset Protection Review. This shall be carried out
on the following basis:
Demand Rate
The risk graph for asset / economic loss is provided in Appendix. Before this chart is used, it must be
calibrated for the specific plant it is used on. Consequence severity should represent the meaningful
range of negative impacts towards important asset or economic objectives (e.g. reliability,
replacement or repair costs)
NO.
Rev. 0
PAGE: 16 /24
The equivalent CIL rating is calculated using the response to the 2 questions and the appropriate
equivalent CIL level is generated using the IEC risk graph attached in Appendix (6.2).
-
Environmental Risk Analysis
Each of the loops reviewed shall be subjected to an Environmental Review. This shall be carried out on
the following basis:
Demand Rate
Environmental protective functions should be assessed against a risk graph that provides the range of
negative consequences with respect to important environmental objectives for the specific plant, area
of operation and local legislative requirements. For example, violation of discharge permits or flare
consents spills of varying magnitude.
The equivalent EIL rating is calculated using the response to the 2 questions and the appropriate
equivalent EIL level is generated using the IEC risk graph attached in Appendix (6.3).
5.3.2
LAYER
OF
PROTECTION ANALYSIS
LOPA is one of the techniques developed in response to a requirement within the process industry to be
able to assess the adequacy of the layers of protection provided for an activity. Initially this was driven
by industry codes of practice or guidance and latterly by the development of international standards
such as IEC61508 and IEC61511.
Once the tolerable frequency for a SIF is established, all causes of the initiating event are listed. For
each cause of the initiating event, its likelihood is established. The layers of protection and associated
PFD for each cause are then listed. The mitigated event frequency for each cause is determined. After
each cause is analyzed the total event frequency due to all causes for the initiating event is
determined. The SIL is determined by comparing the established tolerable frequency (goal) with the
total mitigated event frequency.
5.4
RISK MATRIX
The risk matrix is a method categorizing the frequency or likelihood and severity of a risk event using
multiple qualitative levels. The risk matrix tolerance will represented with risk matrix. The OMV risk
matrix is shown below:
Frequency (Cases Per Year)

E
Frequent (> 1*10^-2/year)
D Probable (1*10^-2 to 1*10^-4/year)
C Seldom (1*10^-4 to 1*10^-5/year)
Intolerable Region
Tolerable if ALARP Region
NO.
Rev. 0
PAGE: 17 /24
B
A
Unlikely (1*10^-5 to)

Improbable (<1*10^-7/year)
Broadly Acceptable Region

1
Consequence Level
Low
5
High
Figure 3: RISK MATRIX
5.5 RISK REDUCTION

Its important to ensure that the risk reduction achieved for E/E/PES protective layer and other
technologies are sufficient so that the necessary risk reduction is achieved and that risk is reduced to
tolerable levels shown in the Figure below:
Figure 4: IEC - Risk Reduction Model ALARP Reduction
5.6 RISK ANALYSIS TEAM

The typical SIL classification Team should include the following personnel:
SIL Facilitator;
Secretary;
Process Engineer;
Safety Engineer;
Instrument Engineer;
Operations Personnel;
Specialist Engineers and Technicians (for example HVAC and Rotating Machinery).
NO.
Rev. 0
PAGE: 18 /24
5.7 SIL RECORDING

SIL software tools may be used to facilitate the documentation of the classification process and the
calculation of the IPF loop reliabilities.
The SIL discussion will recorded by the SIL Secretary using dedicated software LOPA, Its a tool
integrated in the HAZARD REVIEW SOFTWARE 2015 VERSION.
This software leads to:
-
A vast integrated Library puts many scenarios (causes, consequences...);

Various Types of Independent Protection Layers (IPLs);
Typical Probabilities of Failure on Demand from Literature and Industry;
Typical Frequencies for Various Types of Initiating Events;
Complete sets of topics added instantly....
NO.
Rev. 0
PAGE: 19 /24
6. Appendices
6.1 PROCESS SAFETY RISK GRAPH
Figure 1 : IEC Process Safety Risk Graph
- = No safety requirements
NR = Not recommended. Consider alternatives
Table 1: IEC Process Safety Risk Graph Data
Risk Parameter
C1
C2
C3
Consequence (C)
C4
Classification
Comments
1. The classification system has been developed to
Slight Injury
Serious injury or 1 death deal with injury and death to people.
Death to several people
2. For the interpretation of C1, C2, C3 and C4, the
Very many people killed
consequences of the accident and normal healing

shall be taken into account.
Frequency
of,
and
exposure
time
in,
hazardous
(F)
F1
the
zone F2
Rare to often exposure

in the hazardous zone
Frequent to permanent 3. See comment 1 above.
exposure
in
hazardous zone
the
NO.
Rev. 0
PAGE: 20 /24
Risk Parameter
Classification
4.
This
Comments
parameter
takes
into
account:
- operation of a process (supervised (i.e. operated

P1
Possible under certain by skilled or unskilled persons) or unsupervised);

conditions
- rate of development of the hazardous event (for

example suddenly, quickly or slowly);
Possibility
avoiding
of
- ease of recognition of danger (for example seen
the
immediately, detected by technical measures or
hazardous event
detected
(P)
without
technical
measures);
- avoidance of the hazardous event (for example

P2
Almost impossible
escape routes possible, not possible or possible

under
certain
conditions);
- actual safety experience (such experience may

exist with an identical EUC or a similar EUC or may
not exist)
W1
W2
Probability f the
Demand Rate once in

every 30 years or more.
5. The purpose of the W factor is to estimate the

frequency of the unwanted occurrence taking place
Demand Rate between 3 without the addition of any safety-related systems

30 years.
(E/E/PES or other technology) but including any

external
unwanted
risk
reduction
facilities
6. If little or no experience exists of the EUC, or
occurrence (W)
W3
Demand Rate between

0.3 3 years
the EUC control system, or of a similar EUC and

EUC control system, the estimation of the W factor
may be made by calculation. In such an event a
worst case prediction shall be made.
6.2 COMMERCIAL RISK GRAPH
NO.
Rev. 0
PAGE: 21 /24
Figure 2 : Commercial Risk Graph
Table 2: Commercial Risk Graph Data
Risk Parameter
Classification
C0
C1
Consequence
C2
C3
Possibility of
avoiding the
hazardous event
(P)
Comments
No operational upset or
equipment damage
Minor operational upset or
1. Each facility will have specific economic
equipment damage.
Moderate operational upset
consequences which should be considered. These
or equipment damage
Major operational upset or
commences. Risk graphs should be selected and
equipment damage.
Damage to essential
consequences and the local business model.
should be established before the classification

calibrated to suit the specific economic
C4
equipment, major economic
P1
loss or loss of containment

Possible under certain
2. While not used in this example the risk graph
conditions
may be adapted to include this requirement

3. This parameter takes into account:
- operation of a process (supervised (i.e. operated
NO.
Rev. 0
PAGE: 22 /24
by skilled or unskilled persons) or unsupervised);

- rate of development of the hazardous event (for
example suddenly, quickly or slowly);
- ease of recognition of danger (for example seen
immediately, detected by technical measures or
P2
Almost impossible
detected without technical measures);

- avoidance of the hazardous event (for example
escape routes possible, not possible or possible
under certain conditions);
- actual safety experience (such experience may
exist with an identical EUC or a similar EUC or may
W1
Demand Rate once in every
not exist)
7. The purpose of the W factor is to estimate the
30 years or more.
frequency of the unwanted occurrence taking place

without the addition of any safety-related systems
Probability f the
W2
Demand Rate between 3 30

years.
(E/E/PES or other technology) but including any

external risk reduction facilities
unwanted
8. If little or no experience exists of the EUC, or
occurrence (W)
W3
Demand Rate between 0.3

3 years
the EUC control system, or of a similar EUC and

EUC control system, the estimation of the W factor
may be made by calculation. In such an event a
worst case prediction shall be made.
6.3 ENVIRONMENTAL RISK GRAPH
Figure 3 : Environmental Risk Graph
NO.
Rev. 0
PAGE: 23 /24
Table 3: Environmental Risk Graph Data
Risk Parameter
C0
C1
Consequence
C2
C3
C4
P1
Classification
No release or a negligible
Comments
1. Each facility will have specific
environmental impact
Release with minor impact on
environmental; consequences /
environmental reportable
Release with moderate impact on the
considered. These should be
environment.
Release with temporary major impact
commences. Risk graphs should be
on the environment.
Release with permanent major impact
on the environment
Possible under certain conditions
regulations which should be

established before the classification
selected and calibrated to suit the
specific environmental
consequences and the local business
model.
2. While not used in this example
the risk graph may be adapted to
include this requirement.
3. This parameter takes into
account:
- operation of a process (supervised
(i.e. operated by skilled or unskilled
persons) or unsupervised);
- rate of development of the
hazardous event (for example
suddenly, quickly or slowly);
Possibility of avoiding
- ease of recognition of danger (for
the hazardous event
example seen immediately,
(P)
P2
Almost impossible
detected by technical measures or

detected without technical
measures);
- avoidance of the hazardous event
(for example escape routes
possible, not possible or possible
under certain conditions);
- actual safety experience (such
experience may exist with an
identical EUC or a similar EUC or
Probability f the
unwanted occurrence
W1
(W)
W2
Demand Rate once in every 30 years
may not exist)

9. The purpose of the W factor is to
or more.
estimate the frequency of the
Demand Rate between 3 30 years.
unwanted occurrence taking place

without the addition of any safetyrelated systems (E/E/PES or other
NO.
Rev. 0
PAGE: 24 /24
Risk Parameter
Classification
W3
Comments
Demand Rate between 0.3 3 years
technology) but including any

external risk reduction facilities
10. If little or no experience exists
of the EUC, or the EUC control
system, or of a similar EUC and EUC
control system, the estimation of

6.4 TYPICAL PROBABILITIES OF FAILURE ON DEMAND (PFODS) FOR MENTIONED TYPES OF
INDEPENDENT PROTECTION LAYERS (IPLS)
IPL Type
Description
BPCS
Basic process control system;

automatic control loop
independent of the initiating
event
Human
response
(10 min
available)
PFOD from
Literature and
Industry
PFOD
Chosen
for LOPA
10-1 to 10-2
1.00E-01
Human response with 10 minutes

available for response;
notification must be independent
of initiating event and other IPLs,
and operator training must
include required response
1 to 10-1
1.00E+00
Human
response
(40 min
available)
Human response with 40 minutes

notification must be independent
of initiating event and other IPLs,
and operator training must
include required response
10-1 to 10-2
1.00E-01
Passive
Passive device (e.g., a dike with

good control over drains) that is
not required to take an action in
order for it to achieve its
function in reducing risk
10-1 to 10-3
1.00E-02
Relief
device
Relief valve or rupture disk

(effectiveness is sensitive to
service and experience)
10-1 to 10-5
1.00E-03
Typical Comment for PFOD

Used typical value for an
automatic control loop in a
basic process control system,
independent of the initiating
event
Used typical value for human
response with 10 minutes
notification is independent of
initiating event and other IPLs,
and operator training includes
required response
Used typical value for human
response with 40 minutes
notification is independent of
initiating event and other IPLs,
and operator training includes
required response
Used typical value for a passive
device that is not required to
take an action in order for it to
achieve its function in reducing
risk
Used typical value for a relief
valve or rupture disk in clean,
non-corrosive service; assumes
maintenance per industry
standards

Hazid Hazop Sil Tor

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Hazid Hazop Sil Tor

Caricato da

Copyright:

Formati disponibili

Project: CONSTRUCTION OF NEW PIPELINE FROM

CONSTRUCTION OF NEW PIPELINE FROM GUEBIBA/TB TO CFTP

SCOPE & OBJECTIVES OF THE HAZID STUDY.........................................................................5

Compagnie Franco-Tunisienne des Ptroles

Hazard & Operability

Safety Integrity Level

Safety Instrumented Function

Piping & Instrumentation Diagrams

Safety Life Cycle

Layer of Protection Analysis

Commercial Integrity Levels

Electrical/electronical/programmable electronical systems

Instrumented Protective Function

International Electrotechnical Commission

Environmental Integrity Levels

To systematically analyse the Project for potential hazards identification.

Figure 1: HAZID PROCEDURE

THE HAZOP STUDY

equipment harm as well as operation disturbances (accidental events),

the safe and efficient operation of the system,

4.2 HAZOP METHODOLOGY

4.3 HAZOP TECHNIQUE

Define a Node of the process on the P&IDs;

Identify the Safeguards (if any), as shown in project documentation;

Formulate Recommendations (and identify the responsible for implementation/action) if no

Figure 2: HAZOP PROCEDURE

Describe process section

Select a Node and describe design intent

Have all relevant Parameter for this plant section

Select a parameter not previously considered (e.g.

Have all relevant guideword for this parameter

Select a guideword previously considered

Determine cause of deviation from design intent;

Are there any causes for this deviation not

Record the new cause

Are associated consequences of any significance?

Record the consequence/s

Record any Safeguards identified

Having regard to the consequences and

Record the agree Action

4.4 HAZOP RECORDING

A complete sets of topics added instantly;

Select the teams members

Plan and prepare the study,

Follow up progress, Ensure completeness of the analysis.

System definition and delimitation;

Documents (on which the analysis is based);

HAZOP study worksheet.

5. Safety Integrity Level (SIL)

failure to perform correctly is given, whilst

Mode of operation on demand (average

Mode of operation continuous

A single E/E/PES is not sufficient

5.3 SIL CLASSIFICATION

RISK GRAPH TECHNIQUE

Process Safety Risk Analysis

Each loop shall be reviewed on the following basis:

Alternatives to Avoid Danger

Commercial Risk Analysis

Environmental Risk Analysis

Frequency (Cases Per Year)

Unlikely (1*10^-5 to)

Broadly Acceptable Region