Getting the full benefits of a Hazard and Operability Study (HAZOP) Workshop

In this article:

1. The HAZOP facilitation team and roles

2. HAZOP preparation phase

3. The HAZOP workshop

4. Limiting the number of participants

5. Facilitation ground rules

6. The role of the scribe

7. The documentation and reporting phase

8. HAZOP worksheet

9. Methods of recording

10. Ensuring a high-quality HAZOP

A Hazard and Operability Study (HAZOP) is a well-known risk analysis technique. It can be applied in any industry but is most widely used in the chemical, processing, and energy industries. The HAZOP method is based on a structured, multi-discipline approach in a workshop setting, where the design, operation, or system in question is split into nodes (sub-systems), and a set of parameters and guidewords are used for the identification and evaluation of hazards. A HAZOP can be applied for a variety of systems and activities, such as continuous or batch process systems, electrical systems (EHAZOP), computer systems, modifications, and procedures. This article focuses on the application of HAZOP for process systems in the energy industry.

A HAZOP is a powerful tool, which can give valuable input about process risks inherent in the design or related to various operational modes of a processing facility. However, it is also evident that the outcome and success of the HAZOP correlate with the skills and experience of the facilitation team and participants.

The HAZOP facilitation team and roles

The facilitation team, normally consisting of a facilitator and a scribe, is responsible for the efficiency, continuity, structure, and quality of the HAZOP. Through human interaction, a HAZOP combines process safety knowledge, operational experience, and hazard identification expertise. Hence, it is important that the facilitation team is skilled and trained to obtain the highest possible quality of the HAZOP, focusing on process safety theory, knowledge about the HAZOP methodology, and particularly workshop leadership skills to ensure that the expertise and experience of the participants are fully utilized in a constructive manner.

This article presents experience-based advice on how to ensure the optimal outcome of a HAZOP with regard to effectiveness and brainstorming. This article will focus on the three phases of a HAZOP where the facilitation team is usually involved

• The HAZOP preparation phase

• HAZOP workshop

• The documentation and reporting phase

HAZOP preparation phase

The quality of a HAZOP depends to a large degree on the efforts made during the planning of the HAZOP. At the latest, during the last two weeks prior to the HAZOP, it is recommended to perform the following activities:

• Start-up meeting to agree on the battery limits and intention with the HAZOP. In the start-up meeting, the participant list, agenda, and venue for the HAZOP should be agreed upon. It is important that the number of days for the HAZOP is set according to the scope of the HAZOP. Too limited time available for a HAZOP can reduce the quality of the HAZOP.
  

• The design should be frozen in good time before the HAZOP. This is to ensure that the P&IDs used in the HAZOP contain a minimum of drawing errors and other minor issues that might draw focus from the risk identification process.
  

• The facilitator should prepare or give input to a Terms of Reference (ToR), which should be distributed to the HAZOP participants at least one week prior to the workshop. The ToR is an agreement between the HAZOP participants on how to conduct the HAZOP. Hence, the document describes the methodology, nodes, guide words, participant list, and agenda for the HAZOP. It is important that all HAZOP participants read the ToR prior to the HAZOP, to be well prepared.

The HAZOP workshop

A core activity in a HAZOP process is the HAZOP workshop. The workshop is a brainstorming process, facilitated by the HAZOP facilitator, and documented by the HAZOP scribe. It should be both well prepared, organized, and recorded properly to get the full benefits of the methodology. The following sections give guidance on how to optimize the outcome of a HAZOP.

Limiting the number of participants

A possible pitfall in a HAZOP analysis is including too many participants. In the workshop, all participants should actively share their experiences and contribute to the risk assessment. Too many participants can limit the discussions and creativity, as the threshold to contribute increases. Further, it increases the likelihood of participants not being focused, or having “separate meetings”. As a rule of thumb, a HAZOP should have a maximum of 15 participants, including the facilitation team, to ensure a good group dynamic.

Operators and maintenance technicians often have valuable input to design, related to their experience with operating and maintaining the system or similar systems. Hence, it is critical that personnel with operational experience are attending the HAZOP. The following disciplines should attend a process HAZOP (with other disciplines being called upon as necessary):

• Process;

• Safety;

• Controls/Instrument/SAS;

• Operation/maintenance;

• Facilitator;

• Scribe.

Facilitation ground rules

An important role of the HAZOP facilitator is to ensure progress, and optimal group dynamics and keep the group’s focus on the intention of the HAZOP analysis. The following ground rules for facilitation should be applied:

• Always avoid more than one conversation at a time. It is the responsibility of the facilitator to stop multiple participants from talking at once.
  

• Ensure that all parties are actively contributing, and avoid that one party or discipline dominates the discussions.
  

• The facilitator should always summarize the discussions so that all participants can understand, and agree, on the results from the HAZOP.
  

• A lengthy discussion of solutions shall not be part of a HAZOP. A HAZOP is a tool for the identification and evaluation of hazards. Evaluating solutions is typically part of the HAZOP closeout.
  

• The facilitator should facilitate the meeting and avoid dominating it. This means that the participants are responsible for the hazard identification and suggesting actions for follow-up. The HAZOP facilitator can stimulate the discussions using his/her own experience, but the facilitator should not dictate hazards or actions without the participant’s acceptance. If the group cannot reach a consensus, the facilitator should however act as the final arbiter
  

• Respect the structure and the Terms of Reference. It is important that the facilitator is always aligned with the Terms of Reference unless otherwise agreed in the workshop.
  

• The responsibility of the facilitator is to ensure that the group is focused on the parameter/guideword currently under review, but without disrupting the creative brainstorming efforts. It is normal that participants raise scenarios related to guidewords/parameters not yet covered. This may especially be the case if the participant feels that this scenario is a key scenario for the node. This impairs the structure of the HAZOP analysis and the overall efficiency.
  

• Avoid discussions that are more related to design review, rather than identification of hazards.
  

• Discussions that are related to systems or hazards outside the scope of the meeting should be aborted as fast as possible to avoid side-tracking. It is however important that the HAZOP identifies causes outside the systems within the HAZOP scope, but with consequences within the system under review, and vice-versa, causes of hazards arising within the system under review, but with consequences in systems outside the scope.
  

• Stop the discussions at the correct time. If a discussion is stopped by the facilitator too early, the HAZOP may lose important information and input. If a discussion is stopped too late, it will have an impact on the progress and concentration of the group. A rule of thumb is that a discussion should be stopped when sufficient information is provided to describe the core cause, consequence, and safeguards, and the team can agree upon whether the hazard is properly mitigated.
  

• When possible, both P&IDs and HAZOP worksheets should be visible to the participants.
  

• Ensure that there are frequent breaks. The concentration of a group normally does not last for more than 60 minutes without breaks. A rule of thumb is breaks of 5-10 minutes every hour. Frequent breaks will also ensure that the participants are more likely to follow the ground rules for the HAZOP.
  

• For in-person HAZOPs, A workshop day should not last for more than 7 hours, as the assessment requires concentration and creativity. It is also recommended that for longer HAZOPs are only scheduled for 3-4 days of HAZOP per week.
  

• For online HAZOPs, each workshop day should not exceed 6 hours, to ensure focus.

The role of the scribe

A key role for a HAZOP is the role of the scribe. The progress, efficiency, and quality of the HAZOP are highly dependent on the skills and performance of the scribe. Further, the quality of the scribing in a HAZOP is depending on the interactions between the facilitator and scribe.

• The scribe and facilitator should be trained in working together as a facilitator-scribe team. A scribe without experience inscribing for the facilitator in question is not expected to perform well. The dynamics and interactions (e.g., structure, speed, dynamic) between the facilitator and scribe require training.
  

• Experience within process systems is essential for the scribe. It is important to understand the discussions and to quickly be able to document discussions and technical identifiers (e.g., tag numbers).
  

• The scribe should be a fast typist. If the speed in the HAZOP is limited due to the efficiency of the scribe, it may also affect the quality of the session as it could negatively influence the creativity and dynamics of the discussions.

It is important that the participants can familiarize themselves and agree with the recordings from the HAZOP analysis. If worksheets shall be shown during the HAZOP, it is recommended to have dual screens, one with the P&IDs and one with the HAZOP worksheet. If worksheets cannot be shown (e.g., when there is only one screen available, which is used for P&IDs and other technical information), it is recommended to summarize the key results, and actions, by the end of each node. For online workshops, the nodes and P&IDs should be shown during the HAZOP discussions, while the worksheet should at least be shown by the end of each node.

The documentation and reporting phase

Independent on methods selected for recording of HAZOPs (by exception or full recording), the HAZOP should be documented to ensure that all assumptions, results, and discussions are understandable for persons not attending the HAZOP. Hence, all HAZOPs should be documented to ensure an auditable trail. The following sections give guidance on means for ensuring proper documentation.

HAZOP worksheet

A HAZOP is documented using a worksheet (MS Excel, Word, or a specific HAZOP software). The worksheet should contain the following columns:

• Node description: The node description should include clear boundaries for the node and describe the relevant design and operating parameters within the node.
  

• ID: Each identified deviation shall have a unique identifier.
  

• Guideword / Parameter: Forming a meaningful deviation from the design intent.
  

• Cause. Describes the initial cause for the deviations (E.g., spurious or unintended closure of a valve).
  

• Consequence: As a base case, consequences should be described without taking safeguards into account, unless there are inherent protection features (e.g., design pressure above maximum possible pressure) If so, the consequence column should explain why there is no consequence from the identified deviation to ensure an auditable trail (i.e. why the design is considered inherently safe).
  

• Safeguards. All relevant safeguards should be listed for each deviation. It is important that safeguards are properly discussed to ensure that they actually provide some risk reduction for the hazard considered. If a LOPA is planned after the HAZOP, it is recommended to spend some time defining whether safeguards qualify as independent protection layers. E.g., Alarms should not be specified as safeguards unless the operator has time and instruction for a dedicated response to mitigate the hazard. Normal operating procedures, normal inspection, and maintenance should not be recorded as safeguards in a HAZOP. However, if special operating procedures or inspection/maintenance routines are required, it should be noted.
  

• Actions. Description of actions for follow-up.
  

• Responsible: Responsible for Company/Department/Person for following up and closing out the HAZOP action.
  

• Comments. Important discussions, which do not fit in the other columns, shall be documented in the comments field.

All recordings should be as specific as possible. I.e., tag numbers and other identifiers should be used to the extent possible, and it should be clearly described where and how the causes and consequences arise, and safeguards work.

Methods of recording

The outcome and value of a HAZOP are linked to the accuracy and completeness of the recordings from the HAZOP. As a rule of thumb, the HAZOP should be recorded such that persons not attending the HAZOP can understand and relate to all identified hazards and deviations, to ensure an auditable trail of the HAZOP.

Three main levels of detail for the recording of a HAZOP:

• HAZOP documented by exception.
  

  • HAZOP items (unique rows) are only created when actions are identified. This should not be confused with “HAZOP by exception”, which means that only one out of two, or more, identical process trains are HAZOPed completely, while the other train is “HAZOPed by exception” from the first process train.
    

• Intermediate recording.
  

  • All credible deviations and hazards are recorded. Causes that have the same consequence and safeguards can be grouped. To ensure an auditable trail, all parameters/guidewords should be recorded, and “No credible scenarios identified” should be added for parameters/guidewords without credible scenarios.
    

• Full recording.
  

  • All causes for deviations or hazards are recorded, even if there is no significant causes or consequences. Further, all causes should have a separate row (e.g., each valve that could cause blockage, and therefore high pressure/low flow).

To ensure an auditable trail, performing HAZOPs documented by exception should be avoided. The decision regarding intermediate or full recording depends on the phase/type of the project and the time available for the study. The full recording is more time-consuming than intermediate recording.

Key principles of the recording from the HAZOP

Independent of the selected level of recording, it is important that the recording follow key principles:

• All actions/recommendations should be recorded such that they are understandable without assessing all columns of the worksheet. This means that the record should specify what is the action and why the action is raised.
  

• All actions should be recorded such that they are possible to close out, meaning that they should have a defined point of closure.
  

• The worksheet should always specify tag numbers.
  

• The P&IDs shall be marked-up with pointers for all action IDs to ease action close-out.

Drawing errors usually capture the focus of some participants even though they should not be discussed as part of the HAZOP. A useful way to prevent spending much time on this is to have a project engineer mark drawing errors on a clean set of P&IDs. Using this methodology, there is no need to describe the drawing errors in the HAZOP worksheet, but scanned versions of the P&IDs can be attached the HAZOP report to ensure an auditable trail.

Ensuring a high-quality HAZOP

A well-documented HAZOP should give clear recommendations for improving safety and optimizing design where possible and give a clear and auditable description of identified hazards of the system, design, or operation considered. However, it is important to emphasize that no matter how well executed a HAZOP is, it can never be a “catch-it-all” for all conceivable hazards in a system, design, or operation.

As the HAZOP is based on the expertise and experience of the participants, there may always be hazards that the team is not able to identify (i.e. “unknown unknowns”), no matter how experienced the team is. Also, due to the nature of the HAZOP, which usually focuses particularly on design as represented by PFDs, mass and energy balances, P&IDs, and C&Es, there will be hazard types that are more suitable to consider in other types of risk assessments. Such hazards could be related to dropped objects, impacts, external fires, leak points, location of F&G detectors, and specific layout issues). Hence, the focus of a HAZOP should be on process and operational hazards.

Further reading

Literature describing the HAZOP methodology is widely available, for instance through IEC 61882, “Hazard and Operability Studies (HAZOP studies) Application Guide” (2016), and through articles and books (e.g. “HAZOP Guide to Best Practice”, 2nd ed. 2008, IChemE).

Read also about "HAZOP vs HAZID – when is one more useful than the other?"