IS 15656 : 2006

HAZARD IDENTIFICATION AND RISK ANALYSISCODE OF PRACTICE

1 SCOPE

This Code describes specific techniques to prevent human and property losses in the operation and management of process plant. The overall methodology presented in this Code allows systematic
identification of hazards as well as quantification of the risks associated with the operation of process plants. Applied with due expertise and rigour the prescribed methodology can help the user understand the
relative levels of hazards and risk potential in an installation. This aids the selection and prioritization of necessary strategies for accident prevention and limiting their consequences. Therefore, the Code can be used
for improving plant safety performance as well as to reduce human and property losses. Risk analysis is a process that consists of a number of sequential steps as follows:
a. Hazard IdentificationIdentifying sources of process accidents involving release of hazardous material in the atmosphere and the various ways (that is scenarios) they could occur.
b. Consequence AssessmentEstimating the probable zone of impact of accidents as well as the scale and/or probability of damages with respect to human beings and plant equipment and other structures.
c. Accident Frequency AssessmentComputation of the average likelihood of accidents.
d. Risk EstimationCombining accident consequence and frequency to obtain risk distribution within and beyond a process plant.

This Code describes the essential nature of each of the above sequence of steps and describes a variety of techniques for identifying hazards and the quantification of accident consequence and the frequency
towards the final risk estimation.
The Quantitative Risk Analysis (QRA) is most applicable and provides meaningful results when a plant is built, operated and maintained as per design intent and good engineering practices.

2 TERMINOLOGY

For the purpose of this Code, the following technical terms used are interpreted and understood as given below.

2.1

AccidentA specific unplanned event or sequence of events that has undesirable consequences.

2.2
Basic EventA fault tree event that is sufficiently basic that no further development is necessary.

2.3

ConsequenceA measure of the expected effects of an incident.

2.4

ExplosionA sudden release of energy characterized by accompaniment of a blast wave.

2.5
External EventAn event caused by a natural hazard (earthquake, flood, etc) or man-induced events (aircraft crash, sabotage, etc).

2.6

FireA process of combustion characterized by heat or smoke or flame or any combination of these.

2.7
 FrequencyThe number of occurrences of an event per unit of time.

2.8

HazardA characteristic of the system/plant process that represents a potential for an accident causing damage to people, property or the environment.

2.9

Initiating EventThe first event in an event sequence.

2.10

Mitigation SystemEquipment and/or procedures designed to respond to an accident event sequence by interfering with accident propagation and/or reducing the accident consequence.

2.11

ProbabilityAn expression for the likelihood of occurrence of an event or an event sequence during an interval of time or the likelihood of the success or failure of an event on test or on demand.

2.12

RiskA measure of potential economic loss or human injury in terms of the probability of the loss or injury occurring and the magnitude of the loss or injury if it occurs.

2.13

Top EventThe unwanted event or incident at the top of a fault tree that is traced downward to more basic failures using logic gates to determine its causes and likelihood

2.14

Worst Case ConsequenceA conservative (high) estimate of the consequences of the most severe accident identified.
1

3 RISK ANALYSIS METHODOLOGY

The flow chart for risk analysis is given in Fig. 1

3.1

The terms in Fig. 1 are explained as follows.

3.1.1 Goal

Goal for carrying out risk analysis is required as a part of statutory requirement, emergency planning, etc. depending on the nature of industry.
 Fig. 1 Flow Chart for Risk Analysis
2

3.1.2 Location, Layout, Process Parameters

The information on plant location, the layout of equipment, the process conditions, etc, is required for the risk analysis.

3.1.3 Hazard Identification

 Hazard identification is done by comparative and/or fundamental methods leading to qualitative or quantitative results.

3.1.4 Quantification of Hazards

The indices method for hazard identification can assess the hazard potential for the identified scenarios and can be used as a tool for screening.

3.1.5 Select Most Credible Scenario

The credible scenarios which can culminate into an accident out of several major and minor scenarios, possible for the release of material and energy.

3.1.6 Select Worst-Case Scenario

The incident, which has the highest potential to cause an accident of maximum damage, is selected for further analysis.

3.1.7 Estimate Consequences

The consequences of scenarios in the plant in the form of fire, explosion and toxic effects have to be estimated and presented.

3.1.8 Estimate Frequency of Occurrence

The probability or frequency of its occurrence of any incident is to be found out by reliability analysis, which includes fault tree/event tree, etc.

3.1.9 Estimate the Risk

Risk is expressed as the product of frequency of an event and the magnitude of the consequences that result each time the event occurs. The calculated risk can be compared with national or international
values.

3.1.10 Prioritize and Reduce Risk

Based on the estimated risk the contributing factors leading to events/accidents are analysed and prioritized in the risk analysis.

4 STAGES OF PROCESS PLANT AND RISK ANALYSIS

The life span of a process industry comprises a number of stages from conceptual to decommissioning. Each stage of a plant may have hazards, some general and some stage-specific. Hazard identification and
risk analysis techniques that may be applied at different stages of a plant are given in Table 1.

Table 1 Plant Stages vis--vis Hazard Identification and Hazard Analysis Techniques

SL No. Project Stage Hazard Identification/Hazard Analysis Techniques

(1) (2) (3)

i) Pre-design a) Hazard indices

b) Preliminary hazard analysis

 Table 1 Plant Stages vis--vis Hazard Identification and Hazard Analysis Techniques

SL No. Project Stage Hazard Identification/Hazard Analysis Techniques

(1) (2) (3)

c) What-if analysis

d) Checklists

ii) Design/Modification a) Process design checks and use of checklist

b) HAZOP studies

c) Failure modes and effects analysis

d) What-if analysis

e) Fault tree analysis

f) Event tree analysis

iii) Construction a) Checklists

b) What-if analysis

iv) Commissioning a) Checklist

b) Plant safety audits

c) What-if analysis
 Table 1 Plant Stages vis--vis Hazard Identification and Hazard Analysis Techniques

SL No. Project Stage Hazard Identification/Hazard Analysis Techniques

(1) (2) (3)

v) Operation and maintenance a) Plant safety audits

b) What-if analysis

c) Checklists

vi) Decommissioning/Shutdown a) Checklists

b) What-if analysis

5 HAZARD IDENTIFICATION AND HAZARD ANALYSIS

A hazard is generally realised as a loss of containment of a hazardous material. The routes for such loss of containment can include release from pipe fittings containing liquid or gas, releases from vents/relief
and releases from vessel rupture. Adhering to good engineering practices alone may not be adequate for controlling plant hazards thus, a variety of techniques of hazard identification and probability of their
occurrence have been developed for analysis of processes, systems and operations.
The objective of hazard identification is to identify and evaluate the hazards and the unintended events, which could cause an accident. The first task usually is to identify the hazards that are inherent to the
process and/or plant and then focus on the evaluation of the events, which could be associated with hazards. In hazard identification and quantification of probability of occurrence it is assumed that the plant will
perform as designed in the absence of unintended events (component and material failures, human errors, external event, process unknown), which may affect the plant/process behaviour.

5.1 Hazard Identification

Formal hazard identification studies generate a list of failure cases. The list can usually be derived reliably by
3
considering: (a) form in which chemicals are stored or processed, (b) nature of hazard it poses, and (c) quantity of the material contained. The hazard identification methods may be categorized as comparative
methods and fundamental methods. These techniques are also described in A-2.

5.1.1 Comparative Methods

These techniques are based on hazard identification by comparing with standards. The various methods are checklist, safety audit, hazard indices and preliminary hazard analysis.

5.1.1.1 Checklist

Purpose For quick identification of hazards.

Applicability In all phasesdesign construction, commissioning, operation and shutdown.

Data required Checklist is prepared from prior experience/standard procedure/manual/knowledge of system or plant.

Results Essentially qualitative in nature and leads to yes-or-no decision with respect to compliance with the standard procedure set forth.

5.1.1.2 Safety audit

Purpose For ensuring that procedures match design intent.

Applicability In all phases of the plant and periodicity of review depending on the level of hazard.

Data required Applicable codes and guides, plant flow sheet, P & I diagrams, start-up/shutdown procedure, emergency control, injury report, testing and inspection report, material properties.

Results Qualitative in naturethe inspection teams report deviation from design and planned procedures and recommends additional safety features.

5.1.1.3 Hazard indices

Purpose For identifying relative hazards.

Applicability In design and operation phase used as an early screening technique for fire/explosion potential.

Data required Plot plan of a plant, process flow condition, Fire and Explosion Index Form, Risk Analysis Form, Worksheets.

Results Relative quantitative ranking of plant process units based on degree of risk.

5.1.1.4 Preliminary hazard analysis

Purpose For early identification of hazards.

Applicability In preliminary design phase to provide guidance for final design.

Data required Plant design criteria, hazardous materials involved and major plant equipment.
Results List of hazards (related to available design details) with recommendation to designers to aid hazard reduction.

5.1.2 Fundamental Methods

These techniques are a structured way of stimulating a group of people to apply foresight along with their knowledge to the task of identifying the hazards mainly by raising a series of questions. These methods
have the advantage that they can be used whether or not the Codes of practice are available for a particular process. Three main techniques are available in this family of methods that is What-if Analysis, Failure
Modes and Effects Analysis, (FMEA) and Hazard and Operability Study (HAZOP).

5.1.2.1 What-if analysis

Purpose Identifying possible event sequences related to hazards.

Applicability During plant changes, development stage or at pre start-up stage.

Data required Detailed documentation of the plant, the process and the operating procedure.

Results Tabular listing of accident scenarios, their consequences and possible risk reduction methods.

5.1.2.2 (Failure modes and effects analysis)

Purpose Identifying equipment failure modes and their effects

Applicability In design, construction and operation phases, useful for plant modification.

Data required Knowledge of equipment/system/plant functions.

Results Qualitative in nature and includes worst-case estimate of consequence resulting from failure of equipment.

5.1.2.3 Hazard and operability study

Purpose Identifying hazard and operability problem.

Application Optimal when applied to a new/modified plant where the design is nearly firm.

Detailed process description, detailed 4P&I drawing and operating procedure for batch process.
Data required
Results Identification of hazards and operating problems, recommends change in design, procedure and further study.

5.2 Hazard Analysis

The principle techniques are fault tree analysis (FTA) and event tree analysis (ETA). These techniques are also described in A-3.

5.2.1 Fault Tree Analysis

Purpose Identifying how basic events lead to an accident event.

Applicability In design and operation phases of the plant to uncover the failure modes.

Data required Knowledge of plant/system function, plant/system failure modes and effects on plant/system.

Results Listing of set of equipment or operator failures that can result in specific accidents.

5.2.2 Event Tree Analysis

Purpose Identifying the event sequences from initiating event to accident scenarios.

Applicability In design/operating plants to assess adequacy of existing safety features.

Data required Knowledge of initiating events and safety system/emergency procedure.

Results Provides the event sequence that result in an accident following the occurrence of an initiating event.

6 CONSEQUENCE ANALYSIS METHODOLOGIES

All processes have a risk potential and in order to manage risks effectively, they must be estimated. Since risk is a combination of frequency and consequence, consequence (or impact) analysis is a necessary
step in risk analysis. This section provides an overview of consequence and effect models commonly used in risk analysis.
An accident begins with an incident, which usually results in loss of containment of material. The material may possess hazardous properties such as flammability, explosivity, toxicity, etc. Typical incidents
might include the rupture of a pipeline, a hole in a tank or pipe, runaway reaction, external fire impinging on the vessel and heating it.
Once the incident is defined source models are selected to describe how materials are discharged from the containment. Source models provide a description of the rate of discharge, the total quantity
discharged, the duration of discharge, and the state of discharge, that is liquid, vapour or two-phase flow. Evaporation models are subsequently used to calculate the rate at which the material becomes air-borne.
Next a dispersion model is used to describe how the material is transported downwind and dispersed to specified concentration levels. For flammable releases, fire and explosion models convert the source
model information on the release into energy hazard such as thermal radiation flux and explosion overpressures. Finally effect models convert these incident specific results into effects on people and structures.
Environmental impacts could also be considered but these are beyond the scope of the present Code.
In this Code a brief introduction to the methods of consequence analysis is provided. Annex F shows the steps to be followed in consequence analysis. These models are also described in A-4.

6.1 Source Models

 Source models are used to quantitatively define the loss of containment scenario by estimating the discharge rate, total quantity released, release duration, extent of flash and evaporation from a liquid pool and
aerosol formation and conversion of source term outputs to concentration fields.

6.1.1 Discharge Rate Models

Purpose Evaluation of discharge of material.

Applicability First stage in developing the consequence estimates.

Data required a) Physical condition of storage.

b) Phase at discharge.

c) Path of the discharge (hole size).

Results a) Discharge rate of the gas/liquid/two-phase flow.

b) Duration of release.

c) Phase change during release.

6.1.2 Flash and Evaporation Models

Purpose Estimation of the total vapour.

Applicability During spillage of liquid on surface because of loss of containment.

Data required a) Heat capacity, latent heat, boiling point of liquid.

b) Leak rate, pool area, wind velocity, temperature.

c) Vapour pressure, mass transfer coefficient.

d) Viscosity, density, a turbulent friction coefficient.5

Results a) Amount of vapour from a liquid discharge.
b) Time dependent mass rate of boiling.
 c) Radius or radial spread velocity of the pool.

6.1.3 Dispersion Models

Accurate prediction of the atmospheric dispersion of vapours is central to consequence analysis. Typically, the dispersion calculations provide an estimate of the geographical area affected and the average
vapour concentrations expected. The simplest calculations require an estimate of the released rate of the gas, the atmospheric conditions, surface roughness, temperature, pressure and release diameter. Two types of
dispersion models are usually considered:
a. Positively buoyant or neutrally buoyant, and
b. Negatively buoyant or dense gas.

The dispersion of gases that are lighter than or equal to the density of dispersing medium are considered as positively buoyant and the gases with higher density at the point of dispersion is considered as
negatively buoyant or dense gas. The dispersion is further categorized into puff model that is, instantaneous release or plume model that is continuous release or time varying continuous release.
A large number of parameters affect the dispersion of gases. These include atmospheric stability, wind speed, local terrain effects, height of the release above the ground, release geometry, that is, point, line or
area source, momentum of the material released and the buoyancy of the material released.
Annex C gives the meteorological conditions defining the Pasquill-Gifford Stability Classes denoted by letters A to F, which correlate to wind-speed and cloud cover. The stability is commonly defined in terms of
atmospheric vertical temperature gradient. For local application, the wind speed and cloud cover should be taken from meteorological records. For practical purpose two stability conditions given below can be used to
find the dispersion pattern:
Normal: D at wind velocity of 5 m/s (Windy day time condition), and Extreme calm: F at wind velocity of 2 m/s (Still night-time condition).
Annex D gives the terrain characteristics that affect the mixing of the released gas and air as they flow over the ground; thus the dispersion over a lake would be different from that over a tall building. Values of
the surface roughness vary from 10 m for highly urban area to 0.000 1 m over sea. For most practical purposes flat rural terrain (Few trees, long grass, fairly level grass plains) with surface roughness value of 0.1 is
used.
As the release height increases, the ground level concentration decreases since the resulting plume has more distance to mix with fresh air prior to contacting the ground.

6.1.3.1 Positively buoyant or neutral dispersion model

Purpose Prediction of average concentrationtime profile.

Applicability Used in prediction of atmospheric dispersion of lighter gases than air.

Data required Discharge rate, release duration, stability class, wind speed, location, averaging time, roughness factor.

Results Downwind concentration, area affected, duration of exposure.

6.1.3.2 Negatively buoyant or dense gas model

Purpose Prediction of average concentrationtime profile.

Applicability Used in prediction of atmospheric dispersion denser than air.

Data required Discharge rate, release duration, density of air, density of fluid, location.
Results Downwind concentration, area affected, duration of exposure.

6.2 Fires and Explosions Models

These models are used only when the material released is flammable and the vapour cloud concentration is within the flammable range. The various types of fire and explosion models are:
a. Pool fires,
b. Jet fires,
c. Flash fires,
d. Vapour cloud explosions,
e. Boiling liquid expanding vapour explosions (BLEVE), and
f. Physical explosions.

6.2.1 Pool Fire Model

Purpose Calculation of thermal radiation.

Applicability Fire resulting from burning of pools of flammable liquid spilled.

Data required Quantity, pool diameter, heat of combustion and vaporization, density of air, temperature, view factor, etc.

Results Thermal radiation flux at a distance.

6.2.2 Jet Fire Model

Purpose Calculation of thermal radiation.

Fire resulting from combustion of material as it is being released from 6pressurized process unit.
Applicability

Data required Flow rate, hole diameter, heat of combustion and vaporization, density of fluid, temperature, view factor, etc.
Results Thermal radiation flux at a distance.

6.2.3 Flash Fire Model

Purpose Calculation of thermal radiation.

Applicability Fire resulting from non-explosive combustion of a vapour cloud.

Data required Material released, dispersion coefficients, flame emissivity, view factor, atmospheric attenuation.

Results Thermal radiation flux at a distance.

6.2.4 Vapour Cloud Explosion Model

Purpose Calculation of overpressure.

Applicability Explosion of a flammable cloud formed due to release/flashes to vapour.

Data required Mass of flammable material in vapour cloud, heat of combustion of material, etc.

Results Overpressure at a distance.

6.2.5. Boiling Liquid Expanding Vapour Explosion (BLEVE) Model

Purpose Calculation of thermal radiation.

Applicability Release of a large mass of pressurized superheated liquid to the atmosphere.

Data required Mass involved in fire ball, radiative fraction of heat of combustion, heat of combustion for unit mass, atmospheric transmissivity.

Results Thermal radiation flux from the surface of fireball.

6.2.6 Physical Explosion Model

Purpose Calculation of missile damage

Applicability Vessel rupture resulting in release of stored energy producing a shock wave.

Data required Pressure, volume, heat capacity, mass of container, ratio of heat capacities, temperature.

Results Overpressure at a distance, fragment size and velocity

6.3 Effect Model

This model is described in A-5.

Applicability Method of assessing property damage and human injury/fatality due to:

a. thermal radiation.
b. overpressure.
c. toxic exposure.

Data In the Probit function Pr = a + b In V the causative factor V in the Probit Equation varies as follows;
required a. Fire: Pr = a + b In (tI4/3), t is duration of exposure and I is thermal intensity
b. Explosion: Pr = a + b In (Ps), where Ps is the peak over pressure
c. Toxicity: Pr = a + b In (Cntc), where C = concentration in ppm by volume, tc = exposure time, in minutes and n = constant.

The constants a and b in the probit equation are calculated from the experimental data and are available in Methods for determination of possible damage to people and objects resulting from release of hazardous
materials [see Foreword (f)].
Results The percent of fatality or the percent of damage to equipment.

7 RISK CALCULATION

7.1

Risk can be defined as a measure of economic loss, human injury or environmental damage both in terms of likelihood and magnitude of loss, injury or damage. In this document only the property damage, that
is, economic loss and human loss have been considered. Risk is expressed as the product of frequency of an event and the magnitude of the consequences that result each time the event occurs. The mathematical
expression for risk is:
R = FC
where

R = risk (loss or injury per year);

F = frequency (event per year); and

C = consequence (loss or injury per event).

7.2

In many cases the hazard cannot be completely eliminated though the probability of occurrence can be reduced with addition of safety measures and at a financial cost.

7.3

The basic approach for estimating frequency has been discussed in 5.2.

7.4

The consequence in terms of deaths/year or in terms of monetary loss per year can be estimated by the methods of consequence analysis described in 6.
7.5 Risk Criteria

Risk criteria are the acceptable levels of risk that can be tolerated under a particular situation. In many countries
7
the acceptable risk criteria has been defined for industrial installations and are shown in Annex E. These criteria are yet to be defined in the Indian context, but values employed in other countries can be used
for comparison.

8 GUIDELINES FOR APPLICATION OF RISK ANALYSIS TECHNIQUES

This Code essentially outlines the various approaches and techniques that may be used during the risk analysis of a process plant. This concluding section enumerates some of the critical features of the
methodology of risk analysis so as to aid the prospective users apply the Code most effectively:
a. While undertaking a risk analysis, careful consideration of the various possible approaches/techniques is necessary, since each have their individual strengths and limitations.
b. The method of risk analysis requires realistic accident scenario assumptions as well as comprehensive plant operational information and, in particular, reliable data pertaining to component/system failure
frequencies, human error rates, etc. In the event of any uncertainties relating to the relevant information and data, the use of experience and judgment would be critical to obtaining risk estimates that provide
reliable support to subsequent decision-making.
c. All assumptions applied during a risk analysis exercise need be documented with clarity, so as to enable better comparison and communication.
d. In specific instances, the risk analysis method may require consideration of the external events as probable causative factors in large-scale hazardous chemical releases.
e. Wherever feasible the risk analysis for a process plant should incorporate possible environmental consequences as well as possible human health effects that are immediate and/or delayed.
f. Risk analysis need be undertaken newly in the event of any major changes introduced in the plant configuration. It must also be updated periodically whenever improved plant operational information and
equipment/human failure data becomes available. Further, it is advisable to improve risk calculations using newer analytical methods as and when they are developed.

With the techniques used for the analysis large number of results based on numbers of accident scenarios used, the various weather classes chosen, the assumptions in calculating each cases would be available.
But finally it is very important to summarize all the results in one format providing clearly what factor appear to be important in overall analysis. A format has to be chosen for presenting the results of the analysis and
acceptability is to be established either in terms of risk criteria or distance under consideration which face the consequence or % damage up to a distance under consideration.
One typical format for reporting the analysis is given in Annex B.
8

ANNEX A
DETAILS OF CHEMICAL PROCESS RISK ANALYSIS METHODS
(Clauses 5.1, 5.2 and 6)

A-1 HAZARD IDENTIFICATION AND RISK ANALYSIS SEQUENCE

The purpose of hazard identification and risk analysis is to identify possible accidents and estimate their frequency and consequences. Conceivably the initiating event could be the only event but usually it is not
and as a matter of fact there a number of events between the initiating event and the consequence and these events are the responses of the systems and the operators. Different responses to the same initiating event
will often lead to different accident sequences with varying magnitude of consequences.
While identifying the hazard(s) a filtering process is carried and only portions with potential risk are involved for risk analysis. Hazard is not considered for further analysis, if (a) it is unrealisable, and (b) if it is
not very significant. In many cases, once the hazard has been identified the solution is obvious. In some more cases the solution is obtained from experience. In many other cases it is taken care of by Codes of practice
or statutory requirement.

A-2 HAZARD IDENTIFICATION AND QUANTIFICATION

A-2.1 Checklist

These are simple and quick means of applying the experience to designs or situations to ensure that the features appearing in the list are not overlooked. Checklists are used to indicate compliance with the
standard procedure. It is intended for standard evaluation of plant hazards and a convenient means of communicating the minimal acceptable level of hazard evaluation that is required for any job generally leading to
yes-or-no situation.
 The checklist is frequently a form for approval by various staff and management functions before a project can move from one stage to the next. It serves both as a means of communication and as a form of
control and can highlight a lack of basic information or a situation that requires a detailed evaluation.
Checklists are qualitative in nature; limited to the experience base of the author of the checklist, hence, should be audited and updated regularly. It is a widely used basic safety tool and can be applied at any
stage of a project or plant development. Accordingly it is named as Process checklist, System checklist, Design checklist, etc.
A process or system checklist can be applied to evaluating equipment, material, or procedures and can be used during any stage of a project to guide the user through common hazards by using standard
procedures.

A-2.2 Safety Audit

It is an intensive plant inspection intended to identify the plant conditions or operating procedures that could lead to accidents or significant losses of life and property. It is used to ensure that the implemented
safety/risk management programs meet the original expectations and standards. It is also called Safety review, Process review, and Loss prevention review. In essence, safety audit is a critical appraisal of
effectiveness of the existing safety programme in a plant.
The review looks for major hazardous situation and brings out the areas that need improvement. The steps for the identification process are:
a. Obtaining response from plant on a pre-audit questionnaire;
b. Preparation of checklist, inspection and interview plant personnel; and
c. Preparation of safety audit report in the form of recommendation.

The results are qualitative in nature. The review seeks to identify inadequacy in design, operating procedures that need to be revised and to evaluate the adequacy of equipment maintenance or replacement.
Assigning grades for effectiveness of safety management of the plant in the areas such as organization, operating procedures, monitoring, maintenance, etc is possible, a score card can be prepared to get an appraisal
of safety status of plant.
While this technique is most commonly applied to operating plants it is equally applicable to pilot plants, storage facilities or support functions.
The periodicity of such studies depends on the risk involved in the process and the commitment of the management. It usually varies from once in a year to one in seven years.

A-2.3 Hazard Indices

Hazard indices can be used for relative ranking of process plants from the point of view of their hazard potentials. The most well known techniques are: DOW fire and explosion index, Mond fire, Explosion
and toxicity index
9
and Chemical exposure index. All these methods provide a direct and easy approach to a relative ranking of the risks in a process plant. The methods assign penalties and credits based on plant features.
Penalties are assigned to process materials and conditions that can contribute to an accident. Credits are assigned to plant safety features that can mitigate the effects of an incident. These penalties and credits are
combined to derive an index that is relative ranking of the plant risk. The following chart describes the use of such indices:
10
The detailed methodology of using the Mond and the DOW indices for the hazard identification are not provided in this standard, for which users may look at different guides [see Foreword (c) and (d)].
The Chemical exposure index (CEI) method is a further developed technique derived from DOW F & E indices, useful for identification of hazards arising out of toxic chemicals present in a plant. It is also a tool
to find out the requirement for further hazard assessment for such chemicals.
It provides a simple method of rating the relative acute health hazards potential to people in the neighbourhood plants or communities from possible chemical release incidents. The methodology utilizes
expression for estimating airborne quantity released from hazardous chemicals. The CEI system provides a method of ranking one hazard relative to other hazard but it is neither intended to define a particular design
as safe/unsafe nor to quantify/determine absolute measurement of risk. Flammability and explosion hazards are not included in this index.

A-2.4 Preliminary Process Hazard Analysis

It is used during the conceptual, early development, early design phase, of a plant. The method is intended for use only in the preliminary phase of plant development for cases where past experience provides
little or no insight into potential safety problems, for example, a new plant with new process. Early identification of most of the hazards could be possible resulting in effective saving in cost that could otherwise result
from major plant redesigns if hazards are discovered at a later stage. It is very useful for site selection. It does not preclude the need for further hazard assessment; instead it is a precursor to subsequent hazard
analysis. Items for consideration consist of meticulous preparation of a list of hazards:
a. Raw materials, intermediates, by-products, final products;
b. Plant equipment (high pressure systems);
c. Interface among system components (material interactions, fire);
d. Environment (earthquake, vibration, extreme temperature); and
e. Operations (test maintenance and emergency procedure) Safety equipment.

Example:
Toxic gas A is one of the components used in process; causes for the dangers:
a. The hazards due to storing the gas;
b. Hazards from the excess gas after the use;
c. Lines supplying the gas A; and
d. Leakage during the receipt of the gas etc.

The effects of these causes can be:

a. Injury /Fatality to persons inside the plant or nearby areas, and
b. Damage of property due to explosion.

Safety measures/corrective actions provided to minimize effect:

a. Whether less toxic material can be used;
b. Minimizing the inventory for the storage of the material;
c. Procedure for safe storage of the gas with enclosure system;
d. Provision of plant warning system;
e. Training for operators on properties, effect of material; and
f. Informing neighboring localities about the toxic effect.

The final results of the identification process can be recorded as:

Hazard Causes Effects Preventive Measures

A-2.5 Failure Modes and Effects Analysis

The method is a tabulation of system/plant equipment, their failure modes, and each failure modes effect on system/plant. It is a description of how equipment fails (open, closed, on, off, leaks, etc) and the
potential effects of each failure mode. The technique is oriented towards equipment rather than process parameters. FMEA identifies single failure modes that either directly result in or contribute significantly to an
important accident. Human/operator errors are generally not examined in a FMEA; however, the effects of a mal-operation are usually described by an equipment failure mode. The technique is not efficient for
identifying combinations of equipment failures that lead to accidents. A multidisciplinary team of professionals can perform FMEA.
FMEA has following six main steps:
a. Determining the level of resolution,
b. Developing a consistent format,
c. Defining the problem and the boundary conditions,
d. Listing various failure modes,
e. Each effects of the failure mode, and
f. Completing the FMEA table.

The level of resolution depends on the requirement of the plant, namely plant level, system level or in other words whether the study is for a whole plant or a portion of plant or a particular system or
individual equipment. Marking the portion of study on the drawing can indicate the physical system boundaries and stating the operating
11
conditions at the interface. Identification of the equipment is necessary to distinguish between two or more similar equipment by any number and description of the equipment is required to give brief details
about process or system.
All the failure modes consistent with the equipment description are to be listed considering the equipments normal operating conditions.
Example of various failure modes of a normally operating pump is:
a. Fails to open or fails to close when required,
b. Transfers to a closed position,
c. Valve body rupture,
d. Leak of seal, and
e. Leak of casing.

The effects for each failure mode, for example, the effects of the fails to open condition for the pump is: (a) loss of process fluid in a particular equipment, and (b) overheating of the equipment. The effect of
pump seal leak is a spill in the area of the pump; if the fluid is flammable a fire could be expected, and so on.
The analyst may also note the expected response of any applicable safety systems that could mitigate the effect.
Example of the tabulated format may be:
Plant
System
Boundary
Condition
Reference

Equipment Description Failure modes Effect

A-2.6 Hazard and Operability Study (HAZOP)

The HAZOP study is made to identify hazards in a process plant and operability problems, which could compromise the plants ability to achieve design intent. The approach taken is to form a multi-disciplinary
team that works to identify hazards by searching for deviations from design intents. The following terms are used for the process for analysis:
a. IntentionsIntention defines how the plant is expected to operate,
b. DeviationsThese are departures from intentions,
c. CausesThese are reasons why deviations might occur, and
d. ConsequencesResults of deviations should they occur.

The method uses guidewords, which are used to quantify or qualify the intention in order to guide and stimulate the hazard identification process. The guidewords are used to generate deviations from the
design intent. The team then identifies cause and consequences of the deviations.
HAZOP guidewords and their meanings:
Guidewords Meaning

No Negation of Design Intent

Less Quantitative Decrease

More Quantitative Increase

Part of Qualitative Decrease

As well as Qualitative Increase

Reverse Logical Opposite to Intent

Other than Complete Substitution

The HAZOP study requires that the plant be examined for every line. The method applies all the guidewords in turn and outcome is recorded for the deviation with its causes and consequences.
Example:
a. For a particular line,
b. Taking any guide word for example No,
c. Deviation in process parameters, namely flow/temperature,
d. For each deviation the causes for such deviations,
e. Consequences may be several C1, C2, C3, etc, and
f. Measures to rectify the root cause for deviation.

The tabulation of the results is made as follows:

Guideword Deviation Causes Consequences Action

A-2.7 What-If Analysis

What-if analysis is used to conduct a thorough and systematic examination of a process or operation by asking questions that begins with What-If. The questioning usually starts at the input to the process and
follows the flow of the process. Alternately the questions can centre on a particular consequence category, for example, personnel safety or public safety. The findings are usually accident event sequences. Effective
application of the technique requires in-depth experience of plant operation.
Two types of boundaries that may be defined in a What-If study are: (a) Consequence category being investigated, and (b) Physical system boundary. The consequence categories are mainly: (a) public risk, (b)
worker risk, and (c) economic risk, for specific plant. The purpose of physical boundaries is to keep the investigating team focused on a particular portion of a plant in which consequence of concern could occur. The
typical information required for What-if analysis is:
12
a. Operating conditions, physical and chemical properties of materials, equipment description;
b. Plot plan;
 c. Process and Instrumentation diagram of the plant including alarms monitoring devices, gauges etc;
d. Responsibilities and the duties of the operating personnel, communication system etc; and
e. Procedures for preventive maintenance, work permit system, for hazardous job, tackling emergency situations.

The results are described in a chart, for example, for reaction of two substances A (toxic) and B.

What-If Hazard Recommendation

Wrong delivery instead of B Not likely

Actual product B is in wrong concentration Toxic gas may be released Concentration of B is to be checked

B is contaminated Not likely

Inlet Valve for B is closed Unreacted A will be released Alarm/shut-off for valve for the supply line for A

A-3 QUANTIFICATION TECHNIQUES

A-3.1 Fault Tree Analysis (FTA)

It is a deductive technique that focuses on one particular accident event and provides a method for determining basic causes of that event. This method is used to identify combinations of equipment failures
and human errors that can result in an accident or an initiating event. The solution of the fault tree is a list of the sets of equipment failures/human error that are sufficient to result in the accident event of the interest.
FTA allows the safety analyst to focus on preventive measures on these basic causes to reduce the probability of an accident.
Essentially the fault tree is a graphical representation of the interrelationships between equipment failures and a specific accident. The equipment faults and failures that are described in a fault tree can be
grouped into three classes, namely:
a. Primary faults and failuresattributed to the equipment and not to any other external cause or condition.
b. Secondary faults and failuresattributed to other external cause or condition.
c. Commands faults and failuresattributed neither to equipment intended nor to any external cause but due to some source of incorrect command.

There are four steps in performing the fault tree analysis:

a. Problem definitions,
b. Fault tree construction,
c. Fault tree solution (determining minimal cut sets), and
d. Minimal cut set ranking.

A-3.1.1 Problem Definitions

This consists of: (a) defining accident eventtop event of the fault tree analysis, (b) defining analysis boundary including unallowed events, existing events, systems physical boundary, level of resolution, and
other assumptions.

A-3.1.2 Fault Tree Construction

It begins with the top event and proceeds level by level using symbols namely Or And etc. until all the fault events have been developed to their basic contributing causes.

A-3.1.3 Fault Tree Solution

 The completed fault tree provides useful information by displaying the interactions of the equipment failures that could result in an accident. The matrix system of analysis gives the minimal cut sets, which are
useful for ranking the ways in which accident may occur, and they allow quantification of the fault tree if appropriate failure data are available.

A-3.1.4 Minimal Cut Set Ranking

Minimal cut set analysis is mathematical technique for manipulating the logic structure of a fault tree to identify all combinations of basic events that result in occurrence of the top event. The ranking of
minimal cut sets is the final step for the fault tree analysis procedure. The basic events called the cut sets are then reduced to identify those minimal cut sets which contain the minimal sets of events necessary and
sufficient to cause the top event. Ranking may be based on number of basic events that are minimal cut set, for example, one event minimal cut is more important than two event minimal cut set; a two event minimal
cut set is more important than three event minimal cut set and as on. This is because of the chance of occurrence of one event is more than that of two events to occur. Moreover, the human error is ranked at top, then
the active equipment failure, then passive equipment failure.
13
Example:

Fig. 2 Fault Tree for No Light in Room on Demand

In Fig. 2 the causes B1, B2, B3, B4 and B5 are the basic events, which can lead to Top event T, which is No light in room on demand and the mathematical expression for that top event is

T = G1 G2

= (B1 + B2) (B3 + B4 + B5)

= B1B3 + B2B3 + B1B4 + B2B4 + B1B5 + B2B5 (6 minimal cut sets)

This indicates the occurrence of either of basic events B1 or B2 along with occurrence of any of the basic events B3, B4 & B5 would lead to top event T (see Chart on page 15).
In Fig. 3 the logic structure is mathematically transformed using Boolean Algebra into a minimal cut Fault tree.

T = G1 G2
 = (B1 + G3) + (B2 + G4)

= [B1 + (B3 B4)] (B2+B5+B6)

which shows that any of the basic events B1-B6 should be in combinations as in the above expression to cause failure of the top event.

A-3.2 Event Tree Analysis (ETA)

ETA is a forward thinking process, begins with an initiating event and develops the following sequences of events that describe potential accidents accounting for: (i) successes, and (ii) failures of the available
safety function as the accident progresses. The safety function includes operator response or safety system response to the initiating event. The general procedure for the event tree analysis has four major steps:
a. Identifying an initiating event of interest,
b. Identifying safety functions designed to deal with the identifying event,
c. Construction of the event tree, and
d. Results of accident event sequence.

A-3.2.1 Identifying an Initiating Event

This identification of the event depends on the process involved and describes the system or equipment failure, human error or any other process upset that can result in other events.

A-3.2.2 Identifying Safety Functions

The safety functions/safety systems available to mitigate

14
the situation and deal with the identifying event include automatic shut down system, alarm system that alert the operator, operator action, containment method, etc. The analyst needs to identify all safety
functions that can influence the sequence of events following the initiating event. The successes and the failures of the safety functions are accounted in the event tree.
 Fig. 3 Fault Tree for Damage to Reactor Due to High Process Temperature

A-3.2.3 Construction of the Event Tree

The event tree describes the chronological development of the accidents beginning with the initiating event. Considering each safety functions to deal with the initiating event one nodal point is generated with
the two alternatives (A1 and A2) that is the success and failure of the safety system. At the first nodal point two alternatives are found to consider the second safety system/component to deal with the event. The
success and failure of the second safety system also give branching to the two alternatives A3 and A4.

A-3.2.4 Results of Accident Event Sequence

The sequences of the constructed event tree represent a variety of outcomes that can follow the initiating event. One or more of the sequences may represent the safe recovery and return to normal operation
while the others may lead to shut down of the plant or an accident. Once the sequences are described the analyst can rank the accidents based on severity of the outcome. The structure of the event tree also helps the
analyst in specifying where additional procedures or safety systems are needed in mitigating the accidents or reducing its frequency.
Example:
In the following figure the initiating event is assigned the symbol A, and safety functions the symbols B, C, D. The sequences are represented by symbols (A, B, C, D) of the events that fail and cause that
particular accident. For example an error is simply labelled A to interpret the
15
 initiating event occurring with no subsequent failure of the safety functions B, C and D. Similarly the sequence ACD represents combination of initiating event with success of safety function B and failure of
safety functions C and D.

A-4 CONSEQUENCE ANALYSIS METHODOLOGIES

A-4.1 Discharge Rate Models

Hazardous incidents start with a discharge of a flammable or toxic material from its normal containment. Discharge can take place from a crack or fracture of process vessels or pipe work, an open valve or from
an emergency vent. The release may be in the form of gas, liquid, or two-phase flashing of gas-liquid.
The discharge rate models provide basic input for the following models:
a. Flash and evaporation model to estimate the fraction of a liquid release that forms a cloud for use as input to dispersion models, and
b. Dispersion model to calculate the consequences for atmospheric dispersion of the released gas/liquid.

A-4.2 Flash and Evaporation Models

The purpose of flash and evaporation model is to estimate the total vapour or vapour rate that forms a cloud. Superheated liquid stored under pressure at a temperature above its normal boiling point, will flash
partially or fully to vapour when released to the atmospheric pressure. The vapour produced may entrain a significant quantity of liquids as droplets. The amount of vapour and liquid that are produced during
flashing of a superheated liquid can be calculated from thermodynamics considerations. A significant fraction of liquid may remain suspended as a fine aerosol.
The major use of flash and evaporation models is to provide an initial prediction of cloud massthe source term for further analysis.

A-4.3 Dispersion Models

A-4.3.1 Neutral/Positively Buoyant Plume and Puff Models

 Neutral and positively buoyant plume or puff models are used to predict concentration and time profiles of flammable or toxic materials downwind of a source based on the concept of Gaussian dispersion.
Atmospheric diffusion is a random mixing process driven by turbulence in the atmosphere. Gaussian dispersion models are extensively used in the prediction of atmospheric dispersion of pollutants. The Gaussian
models represent the random nature of turbulence. Input requirements for Gaussian plume or puff modelling are straightforward.
16
Pasquill and Smith provide description of plume and puff discharges [see Foreword (b)] and, that with a risk analysis orientation is given by TNO.
In dispersion model the averaging time for the concentration profile is important and generally the prediction relate to 10 min averages (equivalent to 10 min sampling times).

A-4.3.2 Dense Gas Dispersion Models

The importance of dense gas dispersion has become recognized for some time and many field experiments have confirmed that the mechanisms of dense gas dispersion differ markedly from neutrally buoyant
clouds. Two distinct modelling approaches have been attempted for dense gas dispersion: mathematical and physical.
Detailed descriptions of the mechanisms of dense gas dispersion and the specific implementations for a wide variety of mathematical models are not given in the standard but one may look for in the available
guide [see Foreword (b)]. The major strength of most of the dense gas models is their rigorous inclusion of the important mechanisms of gravity slumping, air entrainment, and heat transfer processes.

A-4.4 Fires and Explosions Models

A-4.4.1 Vapour Cloud Explosions (UVCE) and Flash Fire

When gaseous flammable material is released a vapour cloud forms and if it is ignited before it is diluted below its lower explosive limit, a vapour cloud explosion or a flash fire will occur. Insignificant level of
confinement will result in flash fire. The vapour cloud explosion will result in overpressures.

A-4.4.2 Physical Explosion

When a vessel containing a pressurized gas/liquid ruptures, the resulting stored energy is released. This produces a Shockwave and accelerated vessel fragments. If the contents are flammable then the ignition
of the released gas could result in fire and explosion. The method calculates overpressure.

A-4.4.3 BLEVE and Fireball

A Boiling Liquid Expanding Vapour Explosion (BLEVE) occurs when there is a sudden loss of containment of a pressure vessel containing a superheated liquid or liquified gas. It is sudden release of large mass
of pressurized superheated liquid to atmosphere. The primary cause may be external flame impinging on the shell above liquid level weakening the vessel and leading to shell rupture. Calculations are done for
diameter and duration of fireball and the incident thermal flux.

A-4.4.4 Pool Fire and Jet Fire

Pool fires and jet fires are common fire types resulting from fires over pools of liquid or from pressurized releases or gas and/or liquid. They tend to be localised in effect and are mainly of concern in
establishing potential for domino effects and employee safety. Models are available to calculate various componentsburning rate, pool-size, flame height, flame tilt and drag, flame surface emitted power,
atmospheric transmissivity, thermal flux, etc.
In jet fire modelling the steps followed for the thermal effects are calculation of the estimated discharge rate, total heat released, radiant fraction/source view fraction, transmissivity and thermal flux and
thermal effects.

A-5 METHODS FOR DETERMINING CONSEQUENCE EFFECTS

Methods are available to assess the consequences of the incident outcomes. For assessing the effects on human beings, consequences may be expressed in terms of injuries and the effects on
equipment/property in terms of monetary loss. The effect of the consequences for release of toxic substances and/or fire can be categorized as:
a. Damage caused by heat radiation on material and people,
b. Damage caused by explosion on structure and people, and
c. Damage caused by toxic exposure.

The consequences of an incident outcome are assessed in the direct effect model, which predicts the effects on people or structures based on predetermined criteria. The method increasingly used for probability
of personal injury or damage is given in Probit analysis.
The Probit is a random variable with a mean 5 and variance 1 and the probability (range 0-1) is generally replaced in Probit work by a percentage (range 0-100) and the general simplified form of Probit function
is:
 Pr = a + b In V
Where Probit Pr is a measure of percentage of variable resource, which sustains injury or damage and variable V is a measure intensity of causative factor which harms the vulnerable resource.
The causative factor V:
a. for fire is thermal intensity and time,
b. for explosion is overpressure, and
c. for toxic gas release is toxic dose.

The constants a and b are calculated from the experimental data, which are also available in methods for determination of possible damage to people and objects resulting from release of hazardous materials
[see Foreword (f)]. The percentage of fatality with the Probit value (Pr) calculated
17
from the equation can be obtained using the chart and table given in the methods for determination of possible damage [see Foreword (f)].

A-5.1 Effect of Fire

The effect of fire on a human beings is in the form of burns. There are three categories of burns such as first degree, second degree and third degree burn. Duration of exposure, escape time, clothing and
other enclosures play active role while calculating the effect of fire, however, the primary considerations are duration of exposure and thermal intensity level.
The heat radiation levels of interest are:
a. 4 kW/m2: Causes pain if unable to reach cover within 20 s,
b. 4.7 kW/m2: Accepted value to represent injury,
c. 10 kW/m2: Second degree burn after 25 s,
d. 12.5 kW/m2: Minimum energy required for melting of plastic,
e. 25 kW/m2: Minimum energy required to ignite wood,
f. 37.5 kW/m2: Sufficient to cause damage to the equipment,
g. 125 KJ/m2: causing first degree burn,
h. 250 KJ/m2: causing second degree burn, and
i. 375 KJ/m2: causing third degree burn.

The thermal effect can be calculated with the help of Probit equation for which constants a and b are available. The thermal intensity and duration of exposure gives the value of V. The general equation for the
Probit function is:
Pr = a + b In tI4/3, t is duration of exposure and I is thermal intensity.

A-5.2 Effect of Explosion

The effect of overpressure on human beings is twofold:

a. Direct effect of overpressure on human organs, and
b. Effect of debris from structure damage affecting human.

Direct effect of overpressure on human organ: When the pressure change is sudden, a pressure difference arises which can lead to damage of some organs. Extent of damage varies with the overpressure along
with factors such as position of the person, protection inside a shelter, body weight as well as duration of overpressure. The organs prone to get affected by overpressure are ear drum and lung.
Effect of overpressure on structure/effect of debris from structure damage affecting human: The overpressure duration is important for determining the effects on structures. The positive pressure phase can
last for 10 to 250 milliseconds. The same overpressure can have markedly different effect depending on duration.
The explosion overpressures of interest are:
a. 1.7 bar: Bursting of lung,
b. 0.3 bar: Major damage to plant equipment structure,
c. 0.2 bar: Minor damage to steel frames,
d. 0.1 bar: Repairable damage to plant equipment and structure,
e. 0.07 bar: Shattering of glass, and
 f. 0.01 bar: Crack in glass.

The Probit equation can be applied for calculating the percentage of damage to structure or human beings, the constants a and b being available for various types of structures and the causative
factor V depending on the peak overpressure, Ps. The Probit equation for the overpressure is:
Pr = a + b In(Ps)

A-5.3 Toxic Effect

The critical toxicity values which should be considered for evaluating effect on humans in the event of release of chemicals are:
a. Permissible exposure limits.
b. Emergency response planning guidelines.
c. Lethal dose levels.

A-5.3.1 Threshold Limit Values (TLV)Short Term Exposure Limit Values (STEL)

These are the limits on exposure excursions lasting up to 15 min and should not be used to evaluate the toxic potential or exposure lasting up to 30 min. TLV-STEL limits are used in evolving measures to
protect workers from acute effects such as irritation and narcosis resulting from exposure to chemicals. Use of STEL may be considered if the study is based on injury.

A-5.3.2 Immediately Dangerous to Life and Death (IDLH)

The maximum air borne concentration of a substance to which a worker is exposed for as long as 30 min and still be able to escape without loss of life or irreversible organ system damage. IDLH values also take
into consideration acute toxic reaction, such as severe eye irritation that could hinder escape.

A-5.3.3 Emergency Exposure Guidance Levels (EEGL)

EEGL is defined as an amount of gas, vapour and aerosol that is judged to be acceptable and that will allow exposed individuals to perform specific task during emergency conditions lasting from 1 to 24 h.
18

A-5.3.4 Short Term Public Emergency Guidance Levels (SPEGL)

These are defined as the acceptable concentration for exposures of members of general public. SPEGLs are generally set at 10 - 50 percent of EEGL.
Substances for which IDLH values are unavailable an estimated level of concern can be estimated for median lethal concentration (LC50) or median lethal dose (LD50) levels reported for mammalian species. The
LC50and LD50 are concentrations or the dose that kill 50 percent of the exposed laboratory animals in controlled experiments. Lowest reported lethal concentration (LCLO) or lethal dose level(LDLO) can also be used
as levels of concern.
Probit equations estimate the injury or mortality rate with inputs at two levels:
a. Predictions of toxic gas concentration and duration of exposure.
b. Toxic criteria for specific health effects for particular toxic gas.

The causative factor V, depends on the above two factors. The concentration and exposure time can be estimated using dispersion models:
Pr = a + b In(Cntc)
where

C = concentration in ppm by volume, in ppm;

tc = exposure time in min; and

n = characteristic constant for that chemical.

ANNEX B
FORMAT FOR RISK ANALYSIS REPORT

(Clause 8)

B-1 GENERAL

a. Executive summary,
b. Introduction,
c. Objective and scope,
d. System description, and
e. Methodology adopted.

B-2 HAZARD IDENTIFICATION

a. Hazard Identification methods used and the basis for the selection of the methods,
b. Credible accident sources/worst case scenarios,
c. Source characteristics, and
d. Methodology for hazard identification, namely, HAZOP and worksheets for identified units.

B-3 CONSEQUENCE MODELLING

Result interpretation based on consequence modelling with damage contours clearly drawn to scale on site/plot plan indicating the population affected.

B-3.1 Accident Frequency Estimation

a. System boundaries;
b. Specific assumption, basic frequency data used and its sources; and
c. Calculated frequency of occurrence of the worst accident.

B-4 DETERMINATION OF PLANT RISK

Risk criteria.

B-5 LIMITATIONS
Summary of analytical method, its assumptions and limitations.

B-6 RECOMMENDATIONS

19

ANNEX C
PASQUILL-GIFFORD STABILITY CLASSES

(Clause 6.1.3)
C-1

Insolation category is determined from the table below:

Surface Wind Speed, m/s Daytime insolation Night Time Conditions Anytime

Strong Moderate Slight Thin Overcast of > 4/8 low cloud 3/8 cloudiness Heavy overcast

<2 A A-B B F F D

2-3 A-B B C E F D

3-4 B B-C C D E D

4-6 C C-D D D D D

>6 C D D D D D

NOTES
A. Extremely unstable conditions.
B. Neutral conditions.
C. Moderately unstable conditions.
D. Slightly stable conditions.
E. Slightly unstable conditions.
F. Moderately stable conditions.

ANNEX D
TERRAIN CHARACTERISTICS PARAMETERS

(Clause 6.1.3)

Terrain Classification Terrain Description Surface Roughness Zo Meters

Highly urban Centres of cities with tall buildings, very hilly or mountainous area 3 - 10

Urban area Centres of towns, villages, fairly level wooded country 1-3

Residential area Area with dense but low buildings, wooded area, industrial site without large obstacles 1
 Terrain Classification Terrain Description Surface Roughness Zo Meters

Large refineries Distillation columns and all other equipment pieces 1

Small refineries Smaller equipment, over a smaller area 0.5

Cultivated land Open area with great overgrowth, scattered houses 0.3

Flat land Few trees, long grass, fairly level grass plains 0.1

Open water Large expanses of water, desert flats 0.001

Sea Calm open sea, snow covered flat, rolling land 0.000 1

20

ANNEX E
RISK CRITERIA IN SOME COUNTRIES

(Clause 7.5)

Authority and Application Maximum Tolerable Risk (Per Year) Negligible Risk (Per Year)

VROM, The Netherlands (New) 1.0E - 6 1.0E - 8

VROM, The Netherlands (existing) 1.0E - 5 1.0E - 8

HSE, UK (existing hazardous industry) 1.0E - 4 1.0E - 6

HSE, UK (New nuclear power station) 1.0E - 5 1.0E - 6

HSE, UK (Substance transport) 1.0E - 4 1.0E - 6

HSE, UK (New housing near plants) 3 1.0E - 6 3 1.0E - 7

Authority and Application Maximum Tolerable Risk (Per Year) Negligible Risk (Per Year)

Hong Kong Government (New plants) 1.0E - 5 Not used

21

ANNEX F
FLOW CHART FOR CONSEQUENCE ANALYSIS

(Clause 6)
22

ANNEX G
COMMITTEE COMPOSITION

(Foreword)
Occupational Safety and Health and Chemical Hazards Sectional Committee, CHD 8

Organization Representative(s)

National Safety Council, Navi Mumbai Shri K. C. Gupta (Chairman)

Confederation of Indian Industries, New Delhi Shri A. K. Ghose

Shri Anik Ajmera (Alternate)

Indian Chemical Manufacturers Association, Mumbai Shri V. N. Das

Shri A. A. Panjwani (Alternate)

Airport Authority of India, New Delhi Shri A. N. Khera

Shri M. Durairajan (Alternate)

Atomic Energy Regulatory Board, Mumbai Shri P. K. Ghosh

Bhabha Atomic Research Centre, Mumbai Dr B. N. Rathi

Shri S. Soundararajan (Alternate)

Central Boiler Board, New Delhi Representative

Central Leather Research Institute, Chennai Shri G. Swaminathan

Central Mining Research Institute, Dhanbad Shri J. K. Pandey

 Organization Representative(s)

Central Warehousing Corporation, New Delhi Representative

Century Rayon, Thane Shri H. G. Uttamchandani

Shri S. K. Mishra (Alternate)

Consumer Education & Research Centre, Ahmedabad Dr C. J. Shishoo

Shri S. Yellore (Alternate)

Department of Explosives, Nagpur Representative

Department of Space (ISRO), Sriharikota Shri P. N. Sankaran

Shri V. K. Srivastava (Alternate)

Department of Industrial Policy and Promotion, New Delhi Dr D. R. Chawla

Directorate General Factory Advice Service & Labour Institute, Mumbai Dr A. K. Majumdar

Shri S. P. Rana (Alternate)

Directorate General of Health Services, New Delhi Representative

Directorate General of Mines Safety, Dhanbad Director

Deputy Director (Alternate)

Directorate of Industrial Safety and Health, Mumbai Shri V. L. Joshi

Directorate of Standardization, Ministry of Defence, New Delhi Shri P. S. Ahuja

 Organization Representative(s)

Lt-Col Tejinder Singh (Alternate)

Employees State Insurance Corporation, New Delhi Representative

Hindustan Aeronautics Ltd, Bangalore Shri S. V. Suresh

Hindustan Lever Ltd, Mumbai Shri B. B. Dave

Shri Aditya Jhavar (Alternate)

Representative23
Indian Association of Occupational Health, Bangalore

Indian Institute of Chemical Technology, Hyderabad Shri S. Venkateswara Rao

Indian Institute of Safety and Environment, Chennai Dr M. Rajendran
Dr G. Venkatarathnam (Alternate)
Indian Petrochemical Corporation Ltd, Vadodara Shri P. Vijayraghavan
Shri M. R. Patel (Alternate)
Indian Toxicology Research Centre, Lucknow Dr Virendra Mishra
Dr V. P. Sharma (Alternate)
Ministry of Defence (DGQA), Kanpur Shri M. S. Sultania
Shri Sujit Ghosh (Alternate)
Ministry of Defence (R&D), Kanpur Dr A. K. Saxena
Dr Rajindra Singh (Alternate)
Ministry of Environment & Forest, New Delhi Representative
Ministry of Home Affairs, New Delhi Shri Om Prakash
Shri D. K. Shami (Alternate)
National Institute of Occupational Health, Ahmedabad Dr H. R, Rajmohan
Dr A. K. Mukherjee (Alternate)
National Safety Council, Navi Mumbai Shri P. M. Rao
Shri D. Biswas (Alternate)
NOCIL, Mumbai Dr B. V. Bapat
Shri V. R. Narla (Alternate)
Office of the Development Commissioner (SSI), New Delhi Shri Mathura Prasad
Shrimati Sunita Kumar (Alternate)
Oil Industry Safety Directorate (Ministry of Petroleum & Natural Gas), Delhi Shri S. K. Chakrabarti
Shri V. K. Srivastava (Alternate)
 Organization Representative(s)

Ordnance Factory Board, Kolkata Dr D. S. S. Ganguly

Shri R. Srinivasan (Alternate)
Safety Appliances Manufacturers Association, Mumbai Shri M. Kant
Shri Kirit Maru (Alternate)
SIEL Chemical Complex, New Delhi Shri Rajeev Marwah
Shri Navdeep Singh Birdie (Alternate)
Southern Petrochemical Industries Corporation Ltd, Chennai Shri V. Jayaraman
Shri S. Muruganandam (Alternate)
Steel Authority of India Ltd, Ranchi Shri V. K. Jain
Tata AIG Risk Management Services Ltd, Mumbai Shri Urmish D. Shah
BIS Directorate General Dr U. C. Srivastava, Scientist F & Head (Chem) [Representing Director General (Ex-officio)]
Member Secretary
Shri V. K. Diundi
Director (CHD), BIS24
National Safety Council, Navi Mumbai Shri P. M. Rao (Convener)
SM India Limited, Bangalore Shri Abhijeet Arun Saungikar
Shri Viren Shah (Alternate)
Indian Chemical Manufacturers Association, Mumbai Dr M. S. Ray
Dr S. H. Namdas (Alternate)
Airport Authority of India, New Delhi Shri H. S. Rawat
Atomic Energy Regulatory Board, Mumbai Shri V. V. Pande
Bhabha Atomic Research Centre, Mumbai Dr D. K. Ghosh
Shri S. D. Barambe (Alternate)
Central Food & Technological Research Institute, Mysore Representative
Central Mining Research Institute (CSIR), Dhanbad Shri J. K. Pandey
Centre for Fire, Explosives & Environment Safety, Delhi Representative
Department of Defence Production (DGQA), New Delhi Shri M. S. Sultania
Shri B. Ghosh (Alternate)
Directorate General Factory Advice Services & Labour Institute, Mumbai Dr A. K. Majumdar
Shri S. P. Rana (Alternate)
Indian Telephone Industries Ltd, Bangalore Shri P. Jayaprakash
Shri C. Mahalingam (Alternate)
Industrial Toxicological Research Centre, Lucknow Dr A. K. Srivastava
Dr S. K. Rastogi (Alternate)
ISRO, Shriharikota Shri P. S. Sastry
Shri K. Vishwanathan (Alternate)
Joseph Leslie & Co, Mumbai Shri Vinod Bamaniya
Shri Sameer Dange (Alternate)
Joseph Leslie Drager Manufacturing Pvt Ltd, New Delhi Shri Cyril Pereira
 Organization Representative(s)

Shri Hirendra Chatterjee (Alternate)

National Institute of Occupational Health, Ahmedabad Dr H. R. Rajmohan
Dr A. K. Mukerjee (Alternate)
Oil Industry Safety Directorate, New Delhi Representative
PN Safetech Private Limited, Lucknow Shri Rajesh Nigam
Shri Anil Kumar Srivastava (Alternate)
Reliance Industries Limited, Mumbai Shri N. K. Valecha
Shri S. G Patel (Alternate)
Safety Appliances Manufacturers Association, Mumbai Shri M. Kant
Shri Kirit Maru (Alternate)
Standing Fire Advisory Council, New Delhi Shri Om Prakash
Shri D. K. Shami (Alternate)
Steel Authority of India, Ranchi Shri V. K. Jain
The Chief Controller of Explosives, Nagpur Representative
Vishvesvara Enterprises, Navi Mumbai Shri Mahesh Kudav
Shri Ravi Shinde (Alternate)
Voltech (India), Delhi Shri Pawan Kumar Pahuja
Shri Naresh Kumar Pahuja (Alternate)