Process Safety & Sustainability

We believe that getting process safety right, adds value, and ensures a cost-effective design and efficient operation. Our approach to process safety is to work closely with you to help you ensure your plant meets all safety and risk management requirements. We want to understand your concerns and your plant and will tailor our service to meet your requirements efficiently and cost-effectively, we do not believe in a one size fits all approach.

Many process safety services have been commoditized and are offered on a cheapest first-cost approach. This is short-sighted and will increase costs and risks in the longer term. We provide high quality process safety services, tailored to your specific needs, but with a longer-term perspective that considers long-term costs and risk control. We incorporate sustainable design principles into our services ensuring any recommendations have the right balance of capital and operating costs, environmental and safety performance.

We use innovative techniques to provide better, cost-effective process safety solutions. For example, our dynamic simulations allow us to really understand what happens when things go wrong, during start-ups or non-steady state operations, allowing evidence-based decisions to be made rather than relying on risky assumptions, and our approach to running LOPA workshops simultaneously developing a bowtie, really brings the review team on board for greatly improved participation. Our innovative ReliefFLOW software combines system capacity calculations with the ability to rapidly try different sizing options, making it a great tool for both design and review. It can perform most relief calculations, including two-phase flow and dynamic cases.

Industrial emissions account for nearly a third of global greenhouse gas emissions and are a major contributor to climate change and other environmental problems. In recent years, the world has woken up to this challenge, and many countries and economic sectors are making plans to reduce their emissions. The industrial sector must reduce its emissions too, changing the way industry goes about its business is a major part of the solution.  Much of industry and many of our clients have made commitments, and are transitioning to Net Zero, and Flex Process is with them. Now we must make changes to our plant to turn these commitments into reality.

The principles of Inherent Safety can be applied throughout the lifecycle of a plant but are especially effective in the early stages of process development when inherent safety and environmental improvements can be incorporated into the design at negligible cost and sometimes with major savings as the use of hazardous chemicals is reduced or eliminated, and equipment is smaller, made from cheaper materials or is not required. It can also be applied at later stages of a project but is less effective.

Many of the principles of inherent safety can be applied via special workshops where opportunities for improvements are identified and discussed. Flex Process has experience in facilitating these workshops which should ideally be done very early in the project during the R&D and conceptual design stage when little information is available on the design details or operating procedures.

These workshops are also useful during safety case preparation and updates where it is necessary to show that the principles of inherent safety have been considered to demonstrate ALARP.

In a Process Hazard Analysis’ study, we identify what could go wrong by systematically reviewing the design of a process, generally by using a set of guidewords. Essentially, it is a systematic brainstorming process to ask:

design support
  • What can go wrong?
  • How bad is it?
  • How likely is it?
  • What systems do we have to manage it?

The principles of inherent safety can be applied throughout the lifecycle of a plant but are especially effective in the early stages of process development when inherent safety and environmental improvements can be incorporated into the design at negligible cost, and sometimes with major savings as the use of hazardous chemicals is reduced or eliminated, and equipment is smaller, made from cheaper materials or not required. It can also be applied at later stages of a project but is less effective.

Production,Of,Sustainable,Fuel,Called,Bio,Gas.,New,Factory,In

Flex Process can assist you by facilitating inherent safety reviews to identify opportunities for applying inherent safety to a new or existing design. The principles of Inherent Safety can be applied throughout the lifecycle of a plant but are especially effective in the early stages of process development such as during the R&D and conceptual design stage when little information is available on the design details or operating conditions. At this stage inherent safety and environmental improvements can be incorporated into the design at negligible cost or even with major savings, as the use of hazardous chemicals is reduced or eliminated, and equipment is smaller, made from cheaper materials or is not required. Inherent safety principles can also be applied at later stages of a project but are generally less effective.

Many of the opportunities for improvements based on inherent safety principles can be identified via special reviews or workshops.  These workshops are also useful during safety case preparation and updates where it is necessary to show that the principles of inherent safety have been considered to demonstrate ALARP.

Many of the findings resulting from these reviews require further engineering development such as using different process routes, process intensification, inventory reduction and modifying the plants operating conditions. Flex Process is ideally suited to helping you in this area, as our advanced process modelling capabilities can be used to develop and confirm the design, especially novel designs, before any significant investment is made in detailed engineering or hardware. This can potentially save significant costs and often can prevent re designs and rework.

For more information on the principles of inherent safety and how we can help you with inherent safety reviews follow this link

This study ensures that the safety, health, and environmental hazards of all the materials involved, and their potential interactions, are understood. In practice it also helps align the project team members about the project process safety and other HSE requirements.

Hazard analysis

The review identifies other studies that may be needed including contact with the regulators who may place restrictions which could cause delays if they are not consulted early enough. This enables a good project plan to be developed mapping out additional specialist SHE studies, information requirements, and permitting requirements that will be needed. Any major hazards or issues that could be ‘show-stoppers’ should be identified and the project design or plan changed accordingly. At this stage in the project, changes can be incorporated at negligible cost.

This review consists of several checklist-based reviews, which together ensure that the team have an adequate understanding of the project, processes, and materials, so that they can address health, safety, and environmental issues. If an inherent safety review has not already been done, then this study should be performed at the same time.

The review will:

  • Identify potential hazards that must be considered.
  • Review lessons from other similar plants and processes
  • Identify information and data needs (relevant standards or codes of practice) and gaps where further research or additional work may be needed.
  • Defines the scope for any further studies that may be required.
  • Identifies and considers any constraints likely to be placed on the project (due to its location relative to other plant or the public) and any emission standards for gaseous or liquid effluents, noise, health exposures etc.

This is where the "Environmental Impact Assessment" starts with the identification of major air emissions, liquid effluents and waste streams, and consideration of emission control requirements or the application of "Best Available Technique". Similarly, the overall approach for occupational hygiene and worker exposure concerns should be considered.

This review does not require much time to do, but when properly applied, it will provide a solid foundation for subsequent project design and PHA studies. This will prevent further developing poor or unviable designs, will significantly improve the HSE performance of the finished plant, and drastically reduce delays and additional costs due to unexpected add-on safety requirements later in the project.

A HAZID is used to identify potential hazards. It can be used to identify hazards in a major project and for changes to existing operations. It is normally only used on larger projects rather than on routine day-to-day type modifications. For most projects this is the first highly structured study that they undergo.

The HAZID technique identifies hazards based on the premise that most major process safety incidents involve loss of containment. It uses prompts covering a range of mechanisms for loss of containment to identify these potential hazards. These will include both process and non-process hazards, relating to the process design itself, and external threats.

HAZID

The HAZID methodology is at a higher level compared to a HAZOP study and can be conducted at a unit or system level with less documentation than a HAZOP study. HAZID is typically applied at the end of the FEED stage and is used to identify MAH’s (Major accident hazards) to enable controls to be specified/implemented and for developing a safety case or assessing ALARP. HAZID and HAZOP studies are different and complementary activities that may be conducted at different project lifecycle stages as design details and documentation are developed. Performing a HAZID does not obviate the need for performing a HAZOP. Both types of studies are required.

A well performed HAZID will identify all the significant hazards on a plant and will enable controls and other measures to be developed prior to the design being frozen for HAZOP. This ensures that any changes can be performed cost-effectively and provides the foundation for a successful HAZOP during detailed design.

PHR

In many situations this technique is an efficient and effective alternative to HAZOP. Like HAZID, it focusses on identifying major hazards by using prompts covering loss of containment mechanisms to identify these, but also has specific questions relating to the operating history of the plant.  Typically, the output is less detailed than a HAZOP and the findings are at a higher level. These are often more suitable for identifying MAH’s (Major accident hazards) for developing a safety case or demonstrating ALARP. It is ideal when it is necessary to get a quick understanding of the process safety issues on a legacy plant (one built before HAZOP’s became the norm). This is often the situation following an acquisition or a merger when many plants must be reviewed. The technique is also ideal for revalidation PHA’s, especially for those plants that have not undergone many changes since the last HAZOP. It can be alternated with HAZOPs for revalidation PHA’s as the different type of study gives a different perspective, which can be very useful.

It is more cost-effective than running a full HAZOP on an existing operating plant, a PHR typically takes 25-30% of the time

Technically this is not a PHA but is a critical review that should be performed on all projects during detailed engineering, prior to proceeding with HAZOP.  This review ensures that the design is ready for a HAZOP to be performed and will eliminate many of the HAZOP problems commonly experienced. In practice many HAZOPs are done on designs that are incomplete. This review prevents this and ensures maximum value is added in the HAZOP and prevents it from deteriorating into a simple design review as is all too common.

Design, safety & operability review

Most organisations use a simple checklist that considers if documentation is ready prior to the HAZOP; but this study looks beyond the documentation and considers the quality of the engineering design, thus ensuring that the design is ‘HAZOP’ ready and process safety, environmental and operability aspects have been included. A check-list methodology is applied that lists common design issues and problems which are related to different equipment categories. The P&IDs are systematically reviewed, equipment item by equipment item, and the study identifies potential deign and operability issues that should be addressed before the HAZOP. The study can be facilitated by lead process engineers or a process safety engineer and should be attended by the lead engineers responsible for the design as well as any specialist engineers involved with specific equipment items.

HAZOP (Hazard and Operability) is the most well-known of all the PHA techniques, however, it is not always the most appropriate technique to use. Depending on where you are in the project lifecycle, the type of process involved, and the information available, other types of studies or variations of HAZOP, may be more appropriate. The HAZOP study is typically the most detailed process safety study that most plants are subject to at any stage of their lifecycle. HAZOPs are detailed and time-consuming studies which require significant resources.

Besides being a legal requirement, the main justification for these expensive studies is the elimination, prevention, or mitigation of potential hazards. If done properly a HAZOP study will ensure that projects are commissioned promptly and safely and that the need for late changes is minimised. Important and valuable operational spin-offs often result too. This is the "HAZOP" technique referred to in US Federal Legislation on Major Hazard Plants, OSHA 29CFR Part 1910. In safety-case regimes such as the UK, this study along with the HAZID and PHR (if done); together with the recorded responses to any hazards identified often form the basis for the safety case MAHs and subsequent ALARP demonstrations.

The HAZOP technique applies ‘deviation’ methodology to review the design or procedures to identify any hazards or operability issues that could arise. Operability issues typically include potential maintenance and quality problems. For process plant this is based on the study of firm ‘frozen’ Piping and Instrumentation Drawings (P&IDs), also called Engineering Line Diagrams (ELDs) together with outline operating procedures and supplementary information. The study identifies potential deviations from the design intent, and if these are feasible, then consequences are identified and where appropriate, corrective actions are initiated.

The methodology can be applied to both continuous and batch type plants and depending on the intrinsic hazards involved, the detail and depth of study can be adjusted proportionate to the risk. The technique is also combined with some of the other techniques in some circumstances as appropriate, for example different levels of study or techniques may be applied to utilities or vendor packages etc. Variations of the technique that may be appropriate in different circumstances include Modification Hazard Studies/HAZOP’s, Course HAZOP, Procedural HAZOP, What if? and Checklist, Vendor/Package HAZOP and HAZOP by difference (sometimes called HAZOP by Analogy).

A good facilitator will be able to mix and match these techniques to different situations within any given HAZOP study based on the circumstances, thus ensuring the most efficient use of time and resources, providing the maximum value to the client.

The key factor for of a successful HAZOP study is that it is applied at the correct time in the project lifecycle when sufficient well-defined information is available. If it is applied to early, then the study will deteriorate into a design review. The abridged HAZOP known as the Course or FEED HAZOP typically does this.

Although the technique has been widely available since the early 1980s, it is still often applied poorly. Two of the most important shortcomings being that learnings and recommendations from previous incidents at the site or elsewhere are not typically included in the study and that transient operations such as start-up, shutdown, plant upsets and emergencies are only cursory examined. At Flex Process we ensure that these aspects are appropriately covered within the study.

Operational phase modifications are those which are routinely performed on an operating facility to maintain operating capacity, replace and/or upgrade systems and equipment as it reaches its end-of-life, becomes obsolete or as new technologies or more efficient plant become available. Operating or maintenance problems are often designed out and the processing capability or environmental performance of the plant may be enhanced by debottlenecking, energy efficiency, product quality and yield improvements etc.  

During the operational stage of an asset, numerous modifications to the hardware, software or operating procedures will be necessary, and in practice several of these will often run concurrently. Modification hazard studies are required to ensure the modified plant is to the same or to a higher safety standard than the rest of the plant. A common situation is for operating facilities to accept a lower standard of engineering for small modifications than for bigger projects; correct application of modification hazard studies helps to prevent this. 

Modification Hazard studies

Operational plant changes are managed by the site management of change procedure and will utilize the appropriate technique. There are no specific PHA methodologies that relate just to modifications within an operating plant, the technique or combination of techniques chosen will depend on the circumstances, including the size and complexity of the project, the information available, and the perceived or intrinsic risk. Larger modifications may require conceptual stage and FEED stage type reviews such as inherent safety, preliminary hazard assessment and HAZID studies as per the Capital Projects track, but smaller projects will use variations of the standard techniques mentioned previously (HAZOP, What-if? & Checklist and CHAZOP etc.).

The most critical aspect of these studies is that the review scope not only consider causes and consequences within the modified section of the plant, but also considers potential causes upstream or downstream, that have potential consequences within the modified section, and potential causes within the modified section that could have consequences upstream or downstream. Failure to do this is a common problem, typically due to project scope limits and the incorrect expectation that a package can be reviewed in isolation without considering its potential impact on upstream and downstream operations and equipment; and vice versa.

A Coarse HAZOP study (sometimes called FEED HAZOP) may be performed if required for contractual reasons. This study is often performed at the end of the FEED stage or early in detailed engineering, if a HAZID has been performed then this study is not really required except to manage Feed/EPC contractor changes, where safety concerns need to be defined before starting the next contract. 

At this stage inadequate information is available to do a full HAZOP study as the design is not adequately developed, but the HAZOP technique is used, often combined with What-if?/ Checklist.  This is typically applied to the process flow diagram level design (often backed up with very early P&IDs). Some organisations have detailed procedural requirements for this study. 

The coarse HAZOP study assists the owner to have a better cost estimate at a key project gate - where the final investment decision is often made. Contractually this enables costs and resources to be allocated by the EPC contractor who will be performing the detailed design, thus ensuring that these items are included in the scope. This is especially important in fixed price contracts which are the norm in most EPC contracts. 

The exact timing of this study, if required, is part of the project contracting strategy. Sometimes this study is performed by the contractor responsible for detailed engineering at the beginning of that phase. Occasionally two or more potential EPC contractors may perform these studies as part of the bid evaluation for the detailed engineering contract.

Coarse HAZOP

A Procedural HAZOP, sometimes called a Human-HAZOP is a detailed examination of a procedure or transition between operating states. Like HAZOP, it is a guideword driven methodology undertaken by a multi-disciplinary team which must include an experienced plant operator. It is typically applied to operating procedures start-ups, shutdowns, and transitions between operating states, but can also be applied to maintenance and any other procedures where the risk and controls are dominated by human actions.

Aktobe,Region/kazakhstan,-,May,04,2012:,Oil,Refinery,Plant,In

Procedural HAZOP is an underutilised technique that has the potential to target hazards in the most vulnerable stages of plant operations, typically start-ups and shutdowns. A high portion of process safety incidents occur during these operations, and these hazards often go unnoticed in a conventional HAZOP where only a brief discussion under the guideword “start-up/shutdown” takes place. Flex Process apply this technique in ‘normal’ HAZOPs by treating the transition operation as a separate node. This ensures that start-up and shut-down hazards are identified and controlled.

The technique is a focussed form of HAZOP based on the Batch HAZOP methodology that looks at deviations during the steps in a procedure and identifies potential hazards and possible controls. It considers both technical issues and human factors, identifying so called “errors” and “performance influencing factors” that may lead to them. It is an effective and efficient way of including human factors within the PHA/HAZOP process. It is qualitative used in preference to a quantified human risk assessment, which is best used only in high-risk situations.

PHA studies must be revalidated on a regular basis or after any significant changes to the plant or its operation. Typically, these revalidations are carried out every five years.

Revalidation does not mean re-doing the PHA, it means validating that the previous PHA’s are still applicable, and only re-doing those parts where it is necessary. For example, where the PHA is inadequate, where significant changes have occurred, or where the risk has greatly increased.

HAZID

So, revalidation PHA studies are limited scope studies, normally in five parts:

  1. Assessment and validation of previous PHA.
  2. Identification of plant changes.
  3. Review of the status of actions/recommendations from the previous PHA.
  4. Undertake a PHA on those parts of the plant where it is considered necessary.
  5. Reporting.

Revalidation PHAs are often called revalidation HAZOPs, but for those sections requiring review, any appropriate PHA technique can be used.

In practice, especially where numerous plant or operating changes have occurred, or the previous actions/ recommendations have not been fully implemented, it is often more efficient and cost effective to start again with a new PHA.

Control system failures are rarely considered in a PHA, except in terms of an individual control loop failure or upset. This leaves the plant vulnerable to unidentified ‘control system’ risks. The control system will often contain several possible “single points of failure” that can potentially have severe consequences. Control system faults can also present incorrect information to the operator, adversely affecting his decision making; sometimes the operator can even lose control of the plant.

CHAZOP systematically reviews the design and operation of a control and safety system focusing on how it may deviate from the design intent. CHAZOP can be applied to new projects or existing systems and should be used on any significant new or modified control systems, including DCS, SCADA and SIS systems.

CHAZOP

Historically CHAZOP has only occasionally been used, however, increased reliance on computer-controlled and safety-critical systems, increased system integration, replacement of legacy control systems, and recent cyber-attacks on industrial control systems and instrumented safety systems, has raised the importance of this type of study. Currently there is a big focus on cyber security of industrial control systems, but it does not make sense to do a cyber security review until the overall system and architecture have been reviewed for weak points. Many facilities have multiple control systems from different suppliers. Flex Process provide an independent, Non-OEM viewpoint, assisting you to with the CHAZOP process.

There is not a universally excepted CHAZOP methodology, and several proprietary techniques are regularly used. Flex Process use our own guideword-based methodology but can also lead the proprietary methodologies if required. Other techniques such as FMEA are also possible, although these are complex and tedious and should only be used in very unusual circumstances. CHAZOP does not consider the software itself; but reviews the functions of the controller, control system or safety system and the effects of failures or malfunctions.

Most CHAZOP studies are typically done in two steps: preliminary and detailed. The preliminary CHAZOP mainly reviews the functions during failures, considering the proposed architecture and basic functions and redundancy and diversity and reviewing the expected safety protective functions and their expected performance when systems, power or utilities fail. The detailed CHAZOP looks at the failure of systems and major equipment items, failure of inputs and output signals and actuators and a systematic review of control systems and interactions. There is some overlap with functional safety SIF design, but most plant control and safety systems have not been reviewed in this holistic manner.

PSSR, sometimes called an Operational Readiness Review (ORR) is a safety review conducted prior to commissioning of a new or modified plant, to ensure that it is safe to start-up. The PSSR considers hardware, procedures, training, and management system.

For large projects, a PSSR procedure is normally prepared as part of the pre-commissioning and commissioning documentation; for smaller projects and operating phase modifications, standardized procedures and checklists should be applied.

All projects, no matter how small, should undergo a PSSR, but the scope should be appropriate for the type and scale of the changes and the intrinsic risk of the process.

No project or design is perfect and there will always be deficiencies that must be managed. The PSSR ensures that these have been risk assessed and that any additional follow-up actions have been identified and documented for future tracking.

Modification Hazard studies

The PSSR ensures that:

  • The plant meets the original design and operating intent.
  • All regulatory, permit and SHE-related control and monitoring systems are in place (e.g., emissions and exposure monitoring).
  • All operating, maintenance, safety and emergency procedures are in place.
  • All safety, environmental, and health related equipment and systems are in place and operable (ready to be commissioned as the plant starts-up).
  • All engineering safety reviews (HAZOP etc.) have been done, and all resulting actions have been completed.
  • Any site modifications during construction underwent management of change and have been documented.
  • All inspection requirements have been met and documented.
  • All documentation, including process safety information is complete and available.
  • All employee training has been completed.

In many situations additional or alternative risk reduction measures must be implemented in the interim, before final long-term corrective actions can be finalised and implemented, so it is often necessary to manage both short-term and long-term corrective actions.

This review is to manage safety performance of the asset going forward into the operating phase. It should be done in the early operating phase of an asset, ideally after several months of ‘beneficial’ operation. Most projects have design deficiencies and start-up problems that are often hazardous and that will become a long-term burden for the operator if not corrected.

Hazard analysis

Very few projects operate exactly as designed and often encroach close to, or outside of the safe operating envelopes. These issues should be identified during any test-runs or in the first months of operation and be discussed during this review. During commissioning it is often necessary to perform numerous modifications to overcome design faults and operating problems. These can introduce significant hazards into the process, even if they have been through the management of change system. During start-up temporary ‘fixes’ are often made, and these changes can easily become permanent if not properly managed. In addition, the EPC contractor will not have optimised the design, instead focussing on getting the project delivered on schedule and on budget.

This review identifies these issues and allows the learnings to be captured and documented. The review systematically considers all parts of the plant and identifies any design, maintenance or operating issue including examining actual plant performance compared to design expectations and the design operating envelope. Each issue identified is discussed considering the long-term operating perspective and costs. Corrective actions are identified, prioritised and action plans developed.

Flex Process have a proprietary technique that can also be applied at this time, which is to model the plant and optimise the performance, all the while operating within the safe limits. This can often increase capacity of the process and will probably cover the cost of the review.

Unfortunately, many acceptance tests only consider capacity and product quality issues, and safe operation is not examined. Most organisations do not undertake this review thus preventing the plant being made safe and the organisation learning from any issues that have arisen. The plant then lives with the issue for many years, increasing the risk of safety incidents and reducing profitability. It is very common for problems identified during a HAZOP many years later, to be the result of design errors or commissioning changes that have just been lived with.

Flex Process takes a practical approach to Functional Safety. We believe that functional safety is about managing risk throughout the lifecycle of any plant or project. Our focus is not just on SIL rated instruments, that is not the intention of IEC 61508 or IEC 61511. We believe in getting the balance right between different types of controls to manage the risk to ALARP; this provides the most cost-effective solution for our clients.

Our unique modelling abilities enable us to confirm the dynamic behaviour of the plant and determine accurate process safety times for alarms and trip setpoints and performance of the final element of the safety instrumented function. This enables us to move away from estimates and assumptions and base our decisions on engineering facts rather than conjecture.

LOPA, SIL & Functional Safety

Our services meet the requirements of IEC 61508 and the latest edition of IEC 61511.

LOPA & SIL

LOPA is a simplified risk assessment tool; logical, reasonable, and simple, that provides a risk-based answer. As a semi quantitative technique, it reduces subjectivity and emotionalism and provides a documented basis for any decisions. Although the results from LOPA are only order-of-magnitude (OOM) accuracy, they are good enough for many decisions. There is a common tendency to believe that the numbers are far more accurate than they really are, and this can easily lead to poor decisions and often a false sense of security.  LOPA and SIL assignment is a process safety led exercise with instrument and control engineers providing support. A common error is to make this an instrument and control engineer led exercise which can lead to too much emphasis on instrumented safety functions at the expense of other types of protection layers.  Our process safety engineers can help you with developing your LOPAs and ensure that we avoid this trap.

The most common use of the LOPA technique is to determine the required reliability (SIL rating) of an instrumented safety system (SIF), although it can be used to assess non-instrumented hazards where it can be a very useful tool to identify gaps in controls for hazards without a SIF. The focus on SIL studies has a downside, many people believe that many more, higher rated SIL systems are being specified than is actually required. This can add enormously to both the capital cost and the lifecycle cost of maintaining the SIL rated equipment. At Flex Process we avoid this approach, believing that a spread of different layers of protection should be applied to achieve our risk target of ALARP and we ensure that the calculations realistically represent the actual situation.

Our approach to SIL is based on requirements of IEC 61508 and the latest edition of IEC 61511, as well as the latest guidance from CCPS. We often combine our LOPA studies with a Bowtie as this greatly increases team understanding of the scenario and helps to avoid logic errors, which are probably the biggest problem in LOPA studies.

Once the LOPA has determined that a SIL rated function is required, then it is necessary to write a Safety Requirements Specification. IEC 61511/61508 provides a long list of things that should be addressed by an SRS which can be quite daunting. This is necessary to inform the design and procurement of the new system and ensure that the instrument and control engineers, and especially procurement, understand what the requirements for the safety instrumented function (SIF) are.  Getting the SRS right is an important step as it sets the basis for all future work on the SIF.

Safety Requirement Specifications

Sometimes it is necessary to produce an SRS for an existing system or one that is being modified. A 'retrospective' SRS for a legacy SIF is essentially about defining what the existing SIF is, and its performance requirements.  For example, what SIL target has been identified, what is the process safety time, is tight shut-off required, what is the trip setting, and what operational features are required i.e., resets and overrides etc. This information is generally not too difficult to capture and to formally record. The SRS should complement the management of change process, so that any proposed modification can be assessed against the identified functional requirements. In reviewing the information, if a shortfall is identified, then the SRS should reflect the target requirements, not just the 'as-built details.

The important thing about any SRS is that it is based on a good understanding of the scenario that the instrumented system protects against and that the calculations realistically represent the actual situation. Our approach at Flex Process is to ensure that this is the case.

The IEC 61511 standard when referring to Functional Safety Assessments (FSA), calls for “A procedure ...defined and executed...in such a way that a judgement can be made as to the functional safety and safety integrity achieved by the safety instrumented system”. (Part 1, Clause 5.2.6.1.1)

The standard calls for an FSA at up to 5 stages and makes FSA Stage 3 mandatory before the introduction of hazards:

Stage I: After SRS development

Stage 2: After design

Stage 3: After installation, commissioning & validation.

Stage 4: During operation & maintenance

Stage 5: After modification

Aktobe,Region/kazakhstan,-,May,04,2012:,Oil,Refinery,Plant,In

In any project it is better to catch problems as early as possible as fixing them later will be more difficult and expensive. So, although the earlier stages FSAs are optional, they can be beneficial, especially if the design is novel or unfamiliar. If, however, the design is familiar, and no significant issues are anticipated, stages 1 and 2 FSAs can probably be omitted. The FSA Stage 4 is important; this is where assumptions made during the design phase (e.g., failure and demand rates etc.), are evaluated in the light of experience and actual system performance.

FSAS are represented as discrete milestone activities in the safety lifecycle, but that is an unrealistic ideal and in practice an FSA will be informed by on-going project activity and must fit into the overall project schedule. Similarly, although the principle of “...before hazards are introduced” makes good sense, it may not be a practicable option. But, if there is any reason to doubt the proper functioning of a SIF, then it would be irresponsible to introduce hazards.

FSA is different from verification or validation and is concerned with the safety lifecycle processes and confirmation that they have been properly executed, rather than with the specific design or installation of the SIF or SIS. For example, IEC 61511 which identifies FSA scope, prior to the introduction of hazards (up to and including FSA stage 3), as confirmation that:

  • The hazard and risk assessment has been done.
  • Recommendations arising from the hazard and risk assessment (that apply to the SIF/SIS) have been implemented and finalised.
  • FSA related project design procedures are in place and have been properly implemented.
  • Any recommendations from the previous FSA have been completed or resolved.
  • The SIS is designed, constructed, and installed in accordance with the SRS and any differences having been identified and resolved.
  • Safety, operating, maintenance and emergency procedures relating to the SIF/SIS are in place.
  • SIF/SIS validation planning is appropriate, and the validation activities have been completed.
  • Employee training has been completed and the appropriate information about the SIF/SIS has been provided to the operating and maintenance personnel.
  • Plans or strategies for implementing further functional safety assessments are in place.

The emphasis throughout is on confirmation of implementation and completion. The extent and rigour of any assessment is a matter of judgement and depends on the size and complexity of the project, the safety significance, previous experience of similar systems, and standardisation of design features. For many projects, the FSA will not be particularly onerous, but the critical thing is that the person(s) performing the FSA must take a detached view, which requires that the assessor(s) be independent from those executing the work.

The output of the FSA is important, assessments should not simply identify shortcomings or failings, but should also give an indication of their potential significance in the context of the project. Many minor deficiencies might be found, but that does not necessarily mean that the functional safety provisions of the SIF/SIS will be significantly compromised. In most cases the deficiencies will be in traceability and quality assurance, rather than the engineering. The design and implementation may be satisfactory, but the documentation and demonstration of project protocols may not be evident. This needs to be clear in the report. However, where deficiencies are identified that do significantly compromise the functional safety provisions of the SIF/SIS, then that should be unequivocally stated.

At Flex Process we can assist you with your FSAs, providing both process safety expertise and independence, we can also provide you with assurance, in the form of audits, that your Functional Safety systems and procedures are being properly implemented as per your company requirements and IEC61511 requirements.

The terms “Verification” and “Validation” are often used interchangeably and are easily confused. In Functional safety terms they have specific meanings and requirements:

  • Verification: confirmation that the outputs from each individual safety lifecycle phase are consistent with the inputs, objectives, and requirements of that phase.
  • Validation: confirmation after installation that that the SIF (or SIFs) and SIS meet the SRS in all respects.

Both Verification and Validation should be performed by “examination and provision of objective evidence”.

LOPA, SIL & Functional Safety

In practice, this means that verification should be applied to each individual project deliverable: each drawing, each calculation, each specification, each schedule etc. These are all “outputs” or deliverables that become the data input or starting point for the following phases of the project. Thus, the requirement is to critically review all such deliverables before formal, final issue. For any project-based organisation, their typical project engineering check and approval protocols will meet this requirement if applied properly with due engineering diligence.

Validation is about confirming the installed equipment meets the SRS. Unlike verification, validation is typically not implemented as a standalone activity following each design activity, instead it is achieved through a spectrum of installation and commissioning checks e.g., as-built checks, inspections, point-to-point wiring checks, valve stroke tests, system site acceptance testing, function tests etc.

Although these two terms refer to the functional safety requirements, the two complimentary approaches are necessary for any project to deliver the required results.

Flex Process can aid both verification and validation exercises. Besides the immediate QA systems that we have in place that ensure we verify each calculation as we progress a design, we can also assist with independent verification and validation exercises by providing additional oversite to a client or by performing audits. In addition, where assumptions have been made about equipment performance and plant behaviour, our modelling can provide evidence about the effectiveness of SIF performance and validate the assumptions. This is especially true for complex systems.

Flex Process has extensive experience in the field of pressure relief. We can design new relief systems or review and optimise your existing system.  We understand both the complexities of the relief device and how it must be correctly specified for its service, and we understand the issues with the vent or flare header design and the final disposal systems. Our unique ReliefFLOW software enables us to effortlessly bring these factors together to optimise or check an existing or a new design.

Many relief systems have been upgraded and modified over the years and it is unclear if they can safely handle the required relief loads for the design scenarios. Flex Process can help make this determination, providing assurance to stakeholders that the plant is adequately protected.

Pressure Relief

Safety Requirement Specifications

Flex Process has extensive experience in the field of pressure relief. We can design new relief systems or review and optimise your existing system.  We understand both the complexities of the relief device and how it must be correctly specified for its service, and we understand the issues with the vent or flare header design and the final disposal systems. Our unique ReliefFLOW software enables us to effortlessly bring these factors together to optimise or check an existing or a new design.

Many relief systems have been upgraded and modified over the years and it is unclear if they can safely handle the required relief loads for the design scenarios. Flex Process can help make this determination, providing assurance to stakeholders that the plant is adequately protected.

Some pressure relief scenarios are complex because of issues like high temperatures and pressure, chemical reactions, and phase changes. Flex Process can determine the relief rates for these cases including:

  • Exothermic and runway reaction using DIERS methodology.
  • Gas filled vessels.
  • Multicomponent fire cases

In addition, Flex Process specialise in dynamic modelling enabling accurate dynamic simulation models of relief scenarios to be developed enabling optimisation of the design and relief requirements to be accurately predicted.

Flex Process has developed our own software ReliefFLOW – a relief device rating and sizing program which enables us to cost effectively undertake this type of review. It can perform most relief calculations, including two-phase flow, as well as dynamic cases enabling optimisation of the design and stress loads to be accurately calculated providing the necessary input to the piping engineers.

Our original software is ReliefFLOW – a relief device rating and sizing program. It combines system capacity calculations with the ability to rapidly try different sizing options, making it a great tool for both design and review. It can perform most relief calculations, including two-phase flow, as well as dynamic cases.

Pressure Relief

Current risk management approaches typically focus more on demonstrating design safety rather than managing operational safety. Risk management of operating facilities is often neglected, and fewer tools are available to manage it well. Flex Process offer several services that can be used to manage operational risk. Please talk to us for more details.

Understanding risk is difficult. Using a bowtie is a simple way of displaying risk information, making the concepts of risk and risk management much easier to understand.

A bowtie can show the causes of a hazard and the potential consequences, as well as controls or barriers that are, or should be, put in place to control them. Details of the barriers and any degradation measures can also be shown, going as far as showing the people who are responsible for managing these if required. If risk calculations have been performed, then this information can also be displayed.

Thus, bowties enable a systematic analysis of potential incidents and risks, showing how unwanted events can occur and what measures are necessary to stop them. This is all presented visually which shows the importance of controls working correctly. The detail of the bowtie can be adjusted to only provides relevant information to specific groups (management, engineers, personnel involved in operational or maintenance activities etc.).

This makes bowties a great tool for managing operational risk, although in practice, bowties are most often used in the design phase, especially offshore, to test the adequacy and relevance of barriers.  Current risk management approaches typically focus more on demonstrating design safety, rather than managing operational safety, so this technique is a welcome addition to the risk management armoury.

Bowties are closely related to the swiss cheese model of risk, although the swiss cheese model is a linear representation of safety, whereas in a bowtie, more than one risk scenario is typically shown, with multiple causes and potential outcomes (consequences) displayed. In the swiss cheese model, each cheese slice represents a barrier, but these are never 100% effective having “holes” of changing size and position. When these holes line up is when we have an incident. The bowtie shows each barrier in relation to the risk that the barrier is controlling. Since bowties are so good for displaying barriers, they are often integral to an organisation’s barrier management practices. Link to Barrier Management.

In general, workshops are the most effective way of creating bow ties. These follow a similar process and resources as a HAZOP workshop. Brainstorming sessions assess the threats and consequences of loss of control of the hazards and the group confirms or improve risk treatment strategies so that risks are managed suitably and meet corporate requirements, good practice and ALARP.  Bowties are often used for safety case preparation, ALARP demonstration and developing a basis of safety etc. A popular use is to develop generic bow ties that can be used as a starting point for bow tie development for the system that is under review. This greatly aids the process of developing a bow tie and helps to standardise the risk management approach across an organisation.

Similar process and resources as a HAZOP workshop.

Aktobe,Region/kazakhstan,-,May,04,2012:,Oil,Refinery,Plant,In

Barriers are the controls in place to manage your risks. They are the safeguards in a HAZOP and the protection layers in a LOPA. These are the things that need to go right for safety to be assured. This is different to much of process safety which typically focusses on what could go wrong, and how to prevent it. Barrier Management focusses on what needs to go right and how to assure it.

For risk control to be effective requires there to be a continuous barrier management process in place throughout the plant lifecycle, to monitor barrier operation and verify that barriers are not degraded and if necessary, to restore their effectiveness. Technical barriers are normally managed through the asset integrity element of the facility process safety management program and are typically managed better than human barriers which are often not rigorously managed. Flex Process can assist you with your barrier management program through rigorous analysis of your barrier requirements and performance and through assistance with developing management systems and practices for the ongoing performance assurance activities required to keep the barriers working effectively.

Depending on your exact requirements, Flex Process will typically use several techniques to assist you ranging from performing simple health checks, LOPA and SIL setting for instrumented safety functions, through all Functional Safety activities, and review of human and procedural barriers. We typically use bow ties help to make the barrier management process more transparent and ensure that all barriers, including human barriers, are covered. Our advanced modelling techniques and data analysis capability assist with both defining barrier requirements as well as analyzing existing barrier performance. We can also include all barriers in our operating training simulations allowing Operators to understand how the barriers work in the real would without the real plant experiencing alarm overloads and trips.

Flex Process are able to carry out Process Safety Health Checks. These are focussed audits/inspections that typically consider a single area of the plant or a single process and examine the controls or barriers that are in place to manage the known process safety risks. Typically taking one or two days, the health check will look at the type and appropriateness of controls that are in place against good practice. In addition, several deep dives are performed looking at the management and effectiveness of selected controls and any degradation factors. On completion a simple presentation style report is produced detailing the main findings.

PHR

Flex Process can assist with setting up Process Safety Indicators and Dashboards to enable you to effectively monitor the status of your process safety management systems and the health of your barriers, especially safety critical barriers. Indicators can be a mix of both lead and lagging indicators and include a mix of online and other data. The indicators can be displayed on a dashboard which provides assurance to the operators and the management team that all their systems are working properly and that supports immediate decision-making using ‘at-the-moment’ information (e.g., barrier condition as an input to maintenance prioritization) and higher-level decision support all the way up to senior executives. We can design the dashboard to display information at various levels and so that important information is highlighted that is appropriate to different user groups.  Information can be graded to clearly indicate different risk levels and prompts for actions to restore degraded or failed barriers or overdue actions can be included. Talk to Flex Process about how we can assist you with developing your Process Safety Indicators and Dashboards.

Process plant is designed to operate safely within a certain operating window. In recent years there has been a great emphasis by the industry in defining these safe operating windows better and in providing this information to the operators in a useful format so that they can operate the plant better. In many cases the operating windows are not well defined, and no information is available. Flex Process can generate process safety information including safe operating windows and other basic design data from existing plants where this data has never previously been generated or has been lost. For more details of our reverse engineering process and how it can help you click here. Besides the potential to operate the plant safer and the legal requirement to have all necessary process safety information, better definition of the safe operating window can allow facilities to better optimise their processes potentially increasing efficiency, yields and profitability as operators can tweak their processes closer to the limits.

HAZID

Over the years many plants have changed significantly through the accumulation of numerous small changes. These changes may not just be the obvious hardware changes but can also be operational, procedural, software or organisational changes. Many changes are temporary changes that have somehow managed to become permanent, or are just short-cuts, that over time have become the norm. The risk is that these changes are to a lower standard than the rest of the plant, and that as they become the norm, standards are lowered. This is known as Normalisation of Deviance and in recent years has been recognised as an issue in the chemical industry. The CCHAZID methodology is a relatively new technique developed by the Energy Institute to identify these issues so that they can be corrected or managed.

As part of our plant survey work and digital twin development we come across many of these issues that can be fed into the CCHAZID process. If you have a plant that you suspect has undergone numerous small and often undocumented changes then contact Flex Process to see how we can assist you. Flex Process can facilitate these studies for you and can then assist with reviewing and applying the findings using our advanced simulation and other techniques.

Flex Process use many different modelling and simulation techniques to support our clients with their process safety requirements. Depending on your needs we can perform steady state or dynamic modelling, dispersion modelling, CFD or FEA etc. Flex Process is a leader in the field of dynamic process simulation and this technique is especially relevant to improving or verifying process safety performance. There are many examples of where dynamic simulation has assisted with process safety beyond what conventional analysis techniques can achieve. Dynamic simulation can provide a cost-effective approach to managing your process safety requirements, assisting with many different process safety activities such as:

  • Reverse engineering of process details and process safety information.
  • Process design and design verification.
  • Alarm and trip settings including process safety calculations, verification of safe operating envelope and safe trip system design.
  • Scenario development (HAZOPs and other safety studies).
  • Relief, Flare, and de-pressuring studies.
  • Safe operating procedures including start-up and shutdown.
  • Compressor operating controls and shutdown.

Process safety assurance activities are activities specifically undertaken to provide assurance to relevant stakeholder’s (shareholders, management, insurance, etc.), that process safety risks are being appropriately managed.

 

design support

Process Safety audits often just focus on PSM compliance, but this is a minimum standard. There is so much more to modern process safety management than compliance and a well-designed audit program can provide assurance that even complex safety issues are being effectively managed. Our Process Safety experts can assist you by independently leading or assisting with various types of process safety audit which depending on your needs, can be general or targeted audits to various depths, localised to one area or plant, or widespread over an entire organisation. Whatever your audit needs, even if you are only concerned about a single process safety issue, talk to us and we can develop an effective audit program to assist you in understanding your risk.

Mergers and acquisitions are a regular feature of the chemical industry. Conventional environmental and technical due diligence activities do not cover process safety risks, even though these can potentially have a catastrophic impact on the future of the business. Different organisations manage process safety in different ways and to different standards, and often an organisation will reduce costs prior to a merger or acquisition taking place. These factors can easily result in the unwitting transfer of significant risk to the new owner. It is therefore important that process safety aspects are covered in the due diligence activity when planning a merge or acquisition. This must include an assessment of the process safety risks, practices and performance, and culture of the organization or site being acquired. Besides looking for the negative aspects, the assessment should also identify any positive aspects that can be transferred to the parent organisation following the merger, and a customized plan to bring both organisations into alignment.

HAZID

Aktobe,Region/kazakhstan,-,May,04,2012:,Oil,Refinery,Plant,In

Many relief systems have been upgraded and modified over the years and it is unclear if they can safely handle the required relief loads for the design scenarios. Similarly, the design of the pressure relief systems for new projects or for major modifications is typically done by the EPC contractor who rarely optimise the design and commonly introduce errors, especially following design changes. Flex Process has a methodology to review the relief system design and identify problems and improvements. For projects and new build, this can be done before construction which has the potential to avoid post start-up modifications, thus saving significant costs, or from incidents.

Flex Process has developed our own software ReliefFLOW – a relief device rating and sizing program which enables us to cost effectively undertake this type of review. It can perform most relief calculations, including two-phase flow, as well as dynamic cases.

 

Flex Process can assist with developing or renewing your safety case to meet your COMAH or other regulatory requirements. We can lead this exercise or work with you as part of your team effort to develop the safety case according to HSE guidance. We can assist you in identifying your MAHs and with developing the technical sections and the ALARP determination. Where necessary we can perform consequence modelling and use our advanced modelling experience to develop the MAH scenarios further and review the existing controls or recommend new ones. We can also assist you with developing a prioritised action plan to implement the necessary improvements that we have identified.

It is often necessary to perform an ALARP determination on the existing or proposed risk control measures that are in place to control a hazard. This may be part of safety case preparation or during process design when it is necessary to determine if the existing or proposed risk control measures are adequate, or to evaluate different options. The ALARP principle is a relatively simple principle, but one that is often misunderstood, and can be very difficult to apply. Our Process Safety experts have a thorough understanding of the ALARP principles and will examine your options and assist you with your determination. We will ensure that all your options have been identified and documented, inherent safety options have been considered, your practices have been assessed against good practice requirements and any gaps identified. We will review your options to determine if additional controls are appropriate, including cost-benefit analysis where necessary. We will also ensure that any justifications for not implementing particular measures, do not use reverse ALARP arguments which we often see. Talk to Flex Process about how we can assist you with your ALARP determination.

HAZID

Our design team have years of experience tackling large or small projects, brown or greenfield, conceptual design, FEED, detailed engineering, and operational enhancements.

New build designs are optimised to get the right balance of capital and operating costs, environmental and safety performance.

Existing operating plant can be modified to squeeze out more capacity and optimise yields and energy costs. Our advanced modelling techniques and innovative approach ensure you get value for your money and a safe, efficient, and reliable plant.

Design and Project Services

Just doing a PHA/HAZOP does not make a plant any safer, it is only when the recommendations are implemented that the plant safety is improved. A lot of organisations struggle with this aspect, having forgotten that implementation requires a long-term commitment and the resources required to track and implement PHA/HAZOP recommendations is often far greater than that required to perform the HAZOP in the first place.

A typical PHA/HAZOP generates many different types of recommendations. The main types are listed below.

PHA HAZOP
  • Information need
  • Operating procedure review/update
  • Design check
  • Hardware changes (including instrumentation and software)
  • SIL Determination
  • Maintenance procedures, inspection & testing
  • Risk assessment or specialist review
  • Documentation check/update
  • Training

Depending on the nature of the recommendation and the project or MoC requirements, how these are handled will vary. Typically, there are three main aspects to handling these recommendations and Flex Process can help with all of these:

  • Reviewing the recommendations, approving, rejecting, prioritising, and deciding the way forward including alternative risk reduction approaches.
  • Analysis, design, engineering and implementation of the hardware, software or procedural changes required.
  • Tracking the status/progress of the recommendations or actions.

Reviewing the recommendations, approving, rejecting, prioritising, and deciding the way forward including alternative risk reduction approaches.

In a typical PHA/HAZOP the team assesses the existing risk reduction measures to see if they are adequate and if more are required.  This assessment is qualitative in nature and is based on their engineering judgement, and their knowledge of typical engineering practices and the operational history of the plant (if existing) or similar plants (if new). Recommendations are generated by the team under the guidance of a facilitator who will attempt to get the team to reach consensus.

Recommendations are nearly always qualitative and are always preliminary.  They are ‘preliminary’ since the team may not have all the necessary knowledge to understand the issues involved and will have only considered them for a few minutes during the PHA, so will not have had time to apply a proper engineering analysis. The important thing is that the issue identified by the PHA/HAZOP team is analysed and appropriately resolved. Each recommendation is important, but in many cases, it may be resolved differently to the original recommendation. It a few cases the final decision may be to do nothing; that is acceptable if appropriately justified (i.e., is ALARP) and if it is properly documented.

All recommendations must be formally reviewed by an experienced senior process engineer or approved PHA/HAZOP facilitator, who ideally is independent from the project or operating area. This independence is especially important if an EPC contractor is involved.

Technical reasons for recommendation resolution, including rejection or suggestion of a different action, must be clearly documented, providing:

  • Reasons for alternative actions.
  • Evidence that the ALARP principle has been applied and used to justify rejections. This must show that.
    • Inherent Safety has been considered.
    • The design meets Good Practice.
    • The cost and effort of implementing the change is disproportionate.
    • Simple barrier counting techniques, plotting the residual risk in the “Tolerable if ALARP” region on the risk matrix, and safety layer matrix approaches (for SIL) on their own, are generally not adequate.
    • Reverse ALARP arguments are not acceptable.
  • A formal record should be kept of all decisions.

Flex Process can assist with this review process by providing experienced independent PHA/HAZOP leaders with extensive engineering and operational experience. We can work with your engineering team to review the recommendations, prioritise them, develop the engineering further, and develop appropriate implementation plans. This independent support and our pragmatic approach can often be very cost-effective for clients who do not have adequate resources to manage the large amount of follow-up actions resulting from a typical HAZOP.

Analysis, design, engineering and implementation of the hardware, software or procedural changes required.

Many of the recommendations require engineering evaluation and investigation before any decision can be made and many more require significant engineering or other technical input. Flex Process specialise in advanced modelling and simulation including dynamic modelling. These tools are able to efficiently answer many of the issues that arise in a PHA/HAZOP to accurately determine process conditions during plant upsets and process safety times and limits in the form of safe operating envelops. There are also recommendations to modify management systems, operating and maintenance procedures etc., or to install or upgrade hardware, instrumentation, and software.  Analysing and Implementing these changes requires significant resources which many organisations do not have. Flex Process can assist with this engineering by providing experienced process engineers and process safety experts who can design these changes for you and assist with implementation.

Tracking the status/progress of the recommendations or actions.

In typical PHA/HAZOP terminology the terms “recommendation” and “action” are used interchangeably. Technically, each recommendation resulting from a PHA is just a recommendation and the review process converts these recommendations into specific actions or rejects the recommendation (see above).  A lot of organisations, especially small ones, do not have adequate resources to effectively track and implement the large number of recommendations, especially in the long-term. As independent facilitators, this is a problem that we come across often, where we start to facilitate a HAZOP only to find that many of the actions resulting from previous HAZOPs have not been completed.

All items must be tracked until completion and detailed records kept for review and audit purposes. Typically, some sort of action tracking software will be used which will be dependent on the project requirements or the specific MoC procedure.

For parallel / multiple equipment items or trains, the recommendations must be applied to all sections, not just the train that was reviewed, this may require additional actions to be created after the PHA/HAZOP and tracked. The actual requirements for tracking depend on the PHA type and the stage in the project, but in all cases the Project or Plant manager is responsible for ensuring that recommendations shall be addressed in a timely manner and tracked until closure.

Flex Process can assist with this process by providing experienced independent Process Safety experts who can help you incorporate the necessary actions into your plants MoC system and provide independent reviews and audits to regularly check on progress.

Flex Process has experience developing the basis of safety of batch reactor systems. Many reactions are highly complex and difficult to model. Our Engineers will model batch reactors dynamically to develop a thorough understanding of the reaction process including uncontrolled events such as reaction runaways. Where reaction details are unknown, we will work with our partners to test the materials involved and gain reaction data that is then input into our models. All stages of the batch process can be modelled to replicate the control sequence logic and any emergency systems.  We will undertake HAZOPs and LOPAs to identify hazards and potential problems and include any findings in our models. We can simulate the reactor relief cases such as thermal runaway and external fire, sizing your relief system, scrubbers, and dump tank etc, or designing containment systems or high integrity shutdown systems where relief is not viable.

Batch reactor modelling

Safe Operating Envelopes

Process plant is designed to operate safely within a certain operating window. In recent years there has been a great emphasis by the industry in defining these safe operating windows better and in providing this information to the operators in a useful format so that they can operate the plant better. In many cases the operating windows are not well defined, and no information is available. Flex Process can generate process safety information including safe operating windows and other basic design data from existing plants where this data has never previously been generated or has been lost. For more details of our reverse engineering process and how it can help you click here. Besides the potential to operate the plant safer and the legal requirement to have all necessary process safety information, better definition of the safe operating window can allow facilities to better optimise their processes potentially increasing efficiency, yields and profitability as operators can tweak their processes closer to the limits.

Understanding risk is difficult. Using a bowtie is a simple way of displaying risk information, making the concepts of risk and risk management much easier to understand.

A bowtie can show the causes of a hazard and the potential consequences, as well as controls or barriers that are, or should be, put in place to control them. Details of the barriers and any degradation measures can also be shown, going as far as showing the people who are responsible for managing these if required. If risk calculations have been performed, then this information can also be displayed.

Thus, bowties enable a systematic analysis of potential incidents and risks, showing how unwanted events can occur and what measures are necessary to stop them. This is all presented visually which shows the importance of controls working correctly. The detail of the bowtie can be adjusted to only provides relevant information to specific groups (management, engineers, personnel involved in operational or maintenance activities etc.).

This makes bowties a great tool for managing operational risk, although in practice, bowties are most often used in the design phase, especially offshore, to test the adequacy and relevance of barriers.  Current risk management approaches typically focus more on demonstrating design safety, rather than managing operational safety, so this technique is a welcome addition to the risk management armoury.

Bowties are closely related to the swiss cheese model of risk, although the swiss cheese model is a linear representation of safety, whereas in a bowtie, more than one risk scenario is typically shown, with multiple causes and potential outcomes (consequences) displayed. In the swiss cheese model, each cheese slice represents a barrier, but these are never 100% effective having “holes” of changing size and position. When these holes line up is when we have an incident. The bowtie shows each barrier in relation to the risk that the barrier is controlling. Since bowties are so good for displaying barriers, they are often integral to an organisation’s barrier management practices.

In general, workshops are the most effective way of creating bow ties. These follow a similar process and resources as a HAZOP workshop. Brainstorming sessions assess the threats and consequences of loss of control of the hazards and the group confirms or improve risk treatment strategies so that risks are managed suitably and meet corporate requirements, good practice and ALARP.  Bowties are often used for safety case preparation, ALARP demonstration and developing a basis of safety etc. A popular use is to develop generic bow ties that can be used as a starting point for bow tie development for the system that is under review. This greatly aids the process of developing a bow tie and helps to standardise the risk management approach across an organisation.

Similar process and resources as a HAZOP workshop.

Mechanical Assessments & Pipe Stress Analysis

At Flex Process we are often required to undertake mechanical assessments or pipe stress analysis of existing equipment on existing plants where often inadequate mechanical or process engineering data is available. We can analyse the stresses on this equipment to determine its suitability for use under both new and existing conditions, often based on process data that we have had to generate ourselves, based on our advanced modelling and reverse engineering capability. For more details of our reverse engineering process and how it can help you

Hazard analysis

Our process safety experts ensure that human factors are considered during every process safety activity. Look at the following sections to see how we do this.

We also offer process safety training

 

Our process safety experts ensure that human factors are considered during every process safety activity and review. For example, during HAZOPs we may analyse procedures using our procedural or human HAZOP methodology to ensure that adequate controls are in place during operations requiring a lot of operator activities such as start-ups or mixing up batches etc. Similarly, we can analyse safety critical activities and make recommendations to reduce the possibilities for error. Our Alarm management and HMI interface design activities are also about improving operator effectiveness and reducing possibilities for operator error. We can also perform safety culture surveys and make recommendations to assist you with improving the culture. Talk to us to find out how Flex Process can assist you to ensure that human factors are effectively managed in your operations.

Many facilities struggle to manage their alarms and are operating with far too many active alarms that can easily overwhelm the operator making it impossible for him or her to focus on his job of safely operating and optimising the plant. Instead, the operator is in reactive mode and the plant swings between different states that often encroach on the safe operating limits. When a genuine emergency occurs then the operator may not recognise it or be unable to respond appropriately to it, increasing the risk of a serious incident. Flex Process can assist you with managing your alarms, our data analysis capabilities enable us to quickly understand your main alarm issues, we can identify problem alarms and recommend corrections to reduce these.

Alarm Management

We can work with your control system OEM to identify and rectify issues. In many cases, the alarm issue is actually a process problem manifesting as an alarm issue, and this is where Flex Process can add major value. Our process engineering, process safety and dynamic modelling expertise enables us to thoroughly understand the problem and recommend and design changes to eliminate it.  This may involve understanding how far the process will deviate from set conditions when a particular failure occurs, determining the process safety time, or working out how the density changes in a tower during operation will affect the reading on a level transmitter. Our operator training simulation expertise can greatly assist too by preparing your operators for many difficult situations that could realistically occur and that he or she must respond correctly too. Talk to Flex Process about how we can assist you with your alarm management.

Many facilities operate with outdated displays based on P&ID visuals that make it difficult for the operator to really understand what is happening inside the process. From a human factors perspective this is not ideal and can easily lead to problems and incidents and guarantees that the process is not optimised. We can assist you with updating your graphical interface to the latest standards and using our dynamic modelling techniques and our operator training simulator can work with your operators to develop these displays and train them in how to use them to optimise your plant, ensure safe operation and maximise profitability.

CHAZOP

Root Cause Analysis

Root Cause analysis refers to several similar techniques aimed at identifying the underlying or ‘root’ cause of a problem or incident rather than the superficial or immediate cause of the problem. Once we have identified the root cause it is then possible to understand how to fix it or learn from it. We can then apply what we have learnt from this analysis to systematically prevent future issues. Our experienced engineers can assist you to perform a root cause analysis either by independently leading the analysis or by joining your investigating team. Where appropriate, we can often assist you using our advanced modelling techniques that can analyse the performance of the plant during the incident and how the individual controls and barriers did or should have responded. This can be a great aid to really understanding what happened and what needs to be done to be sure it is not repeated. Talk to Flex Process about how we can assist you with your root cause analysis or investigation.

Flex Process currently offer a range of process safety training courses that can be delivered in the UK or overseas. Each course is delivered by a process safety expert and can be tailored to your specific requirements.

Get in touch today