Hazard Analysis PDF
Hazard Analysis PDF
Hazard Analysis PDF
DOCUMENT NUMBER
WDFL-0472.RP.70.0001
2
1.1 LIST OF ATTENDEES
HAZAN meeting dates
Monday 28th April
Tuesday 29th April
3
1.2 SUMMARY
A facility Hazards Analysis (HAZAN) review was conducted for the conversion of Tank 200-03 to
Wash Tank service from April 28th to 29th, 2003. The review group included representatives from
Operations, Safety & Environmental, Facilities Engineering and EDO (Design contractor). See the
list of attendees on page 3.
The intent of this project is to convert Tank 200-03 (ABJ 803) to wash Tank service when Tank
200-01 (ABJ 801) is out of service. The two tanks will also be available for use either as Wash
Tank or as Storage Tank. A tank selection button will be used to select which one of the two tanks
is used as a Wash tank at a particular time.
Tank 200-03 is a fixed roof tank (conical shaped) with storage capacity of 200,000 bbls and
operates at atmospheric conditions. The design flow capacity/flow rate under wash tank service is
650,000 barrels fluid per day (BFPD)>
Front end and detailed engineering design will cover fabrication and installation of piping,
instrumentation and structural items required to convert Tank 200-03 to Wash Tank service. The
scope of work includes but not limited to the following:
1. Installation of a 24” inlet header to come off existing 30” Tank 3 bi-directional oil pipeline
and tie-in to the existing 24” inlet Wash Tank header.
2. Installation of a 20” dry oil outlet pipeline, fitting and nozzle and tie-in to the existing 20”
Wash Tank dry oil outlet pipeline.
3. Installation of a 30” wet oil outlet pipeline, fitting and nozzle and tie-in in to the existing
30” Wash Tank wet oil outlet pipeline.
4. Installation of a 16” produced water outlet pipeline, fitting and nozzle and tie-in in to the
existing 16” Wash Tank produced water outlet pipeline.
7. Installation of emergency relief valve on the 24” manholes for protection against excess
pressure.
8. Determine the capacity of the bottom treater pumps to handle the emulsion pad whose
viscosity is 110centipoise @ 120 0F versus the adequacy of the number of emulsion pad
pick up points for the pump.
4
9. Fabrication and installation of a new valve access platform with double handrail, in
accordance to Chevron’s SID manual.
10. Fabrication and installation of extension to the gaugers platform in accordance with
Chevron’s Safety in Design manual.
11. Fabrication and installation of walkway with grating on the tank roof to link all roof
nozzles.
12. Fabrication and installation of 6” rain rail around the top of tank with six (6) 6” down
spouts
13. Installation of 3” sch 40 pipes & fitting as bottom water draw off line around perimeter of
tank.
14. Installation of 10” gate valve on the 10” section of the discharge line of the produced water
transfer pumps for future sand jetting operations.
15. Determine the possibility of using the exhaust or waste heat from the turbines to heat the
crude at the inlet of the wash tank. This is to take care of the difficulty encountered in
treating crude oil during rainy season as a result of low temperature.
16. Installation of an inlet spreader box and 6 x 16’ gas vent lines connecting the roof of the
spreader box to the space above the oil so that gas from the crude oil within the spreader
box does not go back into the crude oil. The gas vent lines in Tank 1 (Wash Tank) are not
sufficient for effective gas venting.
17. The dip hatch should be installed away from the sump area.
18. Installation of 16” OD x 100” long dry oil internal collector pipe located at 22.6 ft. of tank
height.
19. Installation of 24” OD x 120” long wet oil internal collector pipe located at 10 ft. of tank
height.
20. Installation of 12” OD x 60” long free water internal collector pipe located at 1.5 ft. of tank
height.
21. Installation of instrumentation and controls for the Wash Tank (as exists in Tank 1) and tie
in to the existing dehydration control room. Determine the capacity of the control
hardware/software to accommodate the added control requirements.
22. All other piping supports and all other civil works necessary to complete the conversion of
Tank 200-03 to a Wash Tank.
5
1.3 DESIGN REVIEW
Section: General
P&ID: All Project P& ID’s
P&ID Title:
6
15 Can the two tanks be operated Peter U. The two tanks can not be operated Godson
together as Wash tank? Shanomi together as wash tank. Selectors Ajaero/
switch to be provided to select Tayo
which tank to be used as wash at Oluyemi
any particular time.
16 Relief line from main header to tank Roland Yes. Provision already made for Nav
1. Is provision made to tie-in tank 3 to Onovwie this. Kandola
the same relief line?
17 Why is the water line maintained at Sheyi To be noted and considered by Godson
4ft level? Believe water draw-off Tomoye Operations and design team Ajaero
should be designed to operate both at
4ft. and 5ft.?
18 Is it possible to have two points for Godson Nozzle can be provided at two Nav
the Agar probe and be able to switch Ajaero points as desired. Kandola
b/w the two?
19 Why Four (4) different tie-in Roland Design team to review tie-in Nav
points? Onovwie points with Escravos operations Kandola
and Process group
20 Why is the tie in points not Roland See comment under item 19 Nav
between 4 ft and 5ft level? Onovwie Kandola
21` Installation of steel pads 4”x4”x1/4” Godson Design team to confirm with Sheyi
plate beneath the roof support Ajaero Obioma Isiuwa Tomoye?
columns (38) in all. Does roof
support apply to only floating roof
and therefore not required in the
scope of this project.
Design Review
1. What is the function of AT 803B? Is it Godson Meant to be low level alarm for dry Sheyi
to check oil/water interface? Ajaero oil. Actually a redundant alarm. Tomoye/
Design team to review AT 803B Nav
function with ESC process &
Operations group
2. Pg.8 of Control & Operating Godson See 1. above
Philosophy. Why is AT 803B tied to Ajaero
water transfer pump?
3. Spectacle blind was installed on lines Tayo Dry oil outlets, water outlets have Roland
1455, 1454 to enable use of tanks for Oluyemi need for spec blind (i.e. all lines Onovwie
storage service.The other lines should common to storage and wash tank Tayo
also have spectacle blinds for positive purpose). Spec blind required to be Oluyemi/
isolation as this is a DPR requirement if added on all lines by design team to Sheyi
the tank is to be used for storage. prevent co-mingling. Tomoye
4. Are we having Pressure alarm/monitor Tayo Yes. With remote indication Yomi
on tank top Oluyemi Ogunkile
de
5. LSL 803A not clouded as new Godson Instrument will be clouded Nav
Instrument Ajaero Kandola
7
Design Review
8
Design Review
9
2.0 WHAT IF? ANALYSIS WORKSHEETS
10
Clarification Notes
The project P & ID’s were divided into 16 sections for the purpose of the “What If” analysis.
11 Nos. P&ID’s were fully analyzed and risk ranking assigned to possible hazardous occurrences.
The remaining P&IDs were not reviewed because they did not impact the project scope of work.
They were included as part of the project P& ID to provide complete view of the facilities
associated with the Wash Tank service.
The section descriptions of the P& ID’s fully reviewed during the “What If” analysis are:
11
Location: Escravos Study Date:
P&ID No.: P&ID Title: P&ID Revision Date:
55-041.TNK.PI.10-3003 Wash Tank ABJ-803 03/02/03
2. VG-60 on line 1455 left • Treated Oil deliver to • Operating procedure 4 2 5 • Spectacle blind to be
open Wash Tank from any • Operators Surveillance provided
of the storage tanks • LOTO provision
• False production
figures
• Upset in Wash Tank
operation
3. VG-60 on line 1042 fail • Pressure build up in • HC Drain vessel has 3 4 5 • Consider installing a RO
close (Internal the line PSH-352 (production or a globe valve
mechanism drop to close • Platform shutdown shut-in), PAH-352, downstream of the ball
valve) • Back pressure PSV-352, TSE valves – Project Team
offshore • Operating procedures
• Possibility of line LOTO procedures
rupture
• Spill / Pollution
12
4. Offshore sends excess • Wash Tank upset • 12 nos. vent & flame 3 3 4 • Convert PSVs to PVSVs
gas • Breaking of other arrestors • Communication between
storage tanks seals • PSVs Platform and Offshore
• Damage to inlet • 2 nos. relief hatches
spreader box on 24” Manways
• Excess gas release • Operating Procedure
to atmosphere
5. Isolation valve on all • Tank out of service • Preventive 4 4 5 • Maintenance access will
outlet lines faulty Maintenance be provided by design
(Maintenance) team (Detail design)
6. AT 803 (Agar Probe) • High water level in • LSL/LAL 803A 3 3 4
faulty the tank] • SOP (Sampling
• Oil to water intervals)
treatment facilities
13
13. Presence of H2S in the • Injuries to personnel • SOP 2 3 3 • Use of monitoring
tank • Tank damage due to • Biocide Instrument
corrosion • Monitoring • On-line monitors to be
• No well test provided
14
22. Tanks hit by lightning • Vent fire • Flame arrestors 3 3 4 • DPR Regulation
• Fire fighting • PE to check DPR
equipment requirement and
• SOP recommend
26. No maintenance access • Tank out of service • Preventive 4 4 5 • Maintenance access will
for PSVs, flame arrestors Maintenance be provided by design
on tank top team (Detail design)
27. Hazardous gas release • Injuries to personnel • SOP 2 3 3 • Use of monitoring
to atmosphere (i.e. H2S) • Tank damage due to • Biocide Instrument
corrosion • Monitoring • On-line monitors to be
• No well test provided
28. High pressure or leak on • Spill / Pollution • Bund wall 2 4 5 • Spill / Pollution
the inlet/outlet lines • Fire • Tanks coated • Fire
• Fire fighting
equipment
15
Location: Escravos Study Date:
P&ID No.: P&ID Title: P&ID Revision Date:
55-041.DHY.PI.10-2001 Wash Tank ABJ-801 03/02/03
55-041.SMP.PI.10-0191 Wash Tank Sump (ABH 803)/Sump Pump (PBH 803)
55-041.TNK.PI.10-3003 Wash Tank ABJ-8003
30. VG-60 on line 1405 left • Crude flow to both • Spectacle blind 4 4 5
open tanks • SOP
• Shipping off spec oil
plus unaccounted oil
to storage tanks
31. High pressure from relief • High level in Wash SOP 4 2 5 • Integrate rupture disc
line (AT 1461) – Rupture Tank monitoring to EDMAC
disc or line open • Incorporate CSO/CSC
when switching between
two wash tanks to SOP
32 Relief line opens to both • Shipping off spec oil • None 4 4 5 • Provide spectacle blind
tanks plus unaccounted oil on CSC/CSO
to storage tanks • Revise SOP
16
Location: Escravos Study Date:
P&ID No.: P&ID Title: P&ID Revision Date:
55-041.SMP.10-0191 Wash Tank ABJ-801 03/02/03
55-041.TNK.PI.10-3003 Wash Tank aABJ-803
39. Sample point left open in • Liquid overflow • SOP 4 3 5 • Design team to automate
error • Pollution • Bund wall pit sump & pump
• Fire • Revise existing P&ID to
reflect automated sump
pit & pump
40. VG-60 on line 1462 left • Line over pressure • SOP 4 3 5
closed • Pump Diaphragm • Bund wall
rupture
• Liquid overflow
• Pollution
17
41 Fire around the sump • Not applicable • Wellhead PSH (dual if 4 3 5
SITP>MAWP)
• Operating procedures
• TSEs & SDVs on
wellhead
• PAH/PSH 212, PSV 212
18
46 PBA 567 A/b fails to stop • Low water level • LAH 2 4 5
• Oil to water • SOP
treatment facilities • Preventive
• Damage to pump maintenance check
19
Location: Escravos Study Date:
P&ID No.: P&ID Title: P&ID Revision Date:
55-041.DHY.PI.10-2102 KTI Charge Pumps 03/02/03
55-041.TNK.PI.10-3003 Wash Tank ABJ-803
55-041.DHY.PI.10-2003 Coalescer#1 &2 Wet Oil Charge Pumps
55-041.TNK.PI.10-2010 Coalescer#1 &2 Wet Oil Charge Pumps
20
Location: Escravos Study Date:
P&ID No.: P&ID Title: P&ID Revision Date:
55-041.IAS.PI.10-9604 Export Area Instrument Air system / Instrument Air 03/02/03
55-041.TNK.PI.10-3003 Distribution
Wash Tank ABJ-803
54 No Issue raised
55 No Issue raised
21
3.0 SUMMARY CHECKLIST REVIEW AND ANALYSIS
(API RP 14J)
22
Process Hazards Research and
Analysis Checklist: Plant Layout/Siting Technology
MOC#:
Checklist Questions Y/N/NA Reference/Comments
Do plant setbacks and equipment spacing comply with company, industry, or N/A
insurance requirements?
Can equipment be accessed for maintenance without the need for conducting N Should be addressed at detail
heavy crane lifts over pipeways or other in-service equipment? design
Is the secondary containment or drainage for storage vessels containing N/A
incompatible materials segregated to prevent adverse reactions if spills occur?
Is the unit sufficiently isolated from adjacent unit(s) (e.g., by berms, drainage Y
channels, etc.) to minimize impact if a loss of containment occurs in the
adjacent unit?
Have site-specific hazards such as earthquake, hurricane, lightning, and flood Y
been evaluated?
Are horizontal LPG storage vessels oriented with their ends directed away N/A
from occupied buildings and critical equipment?
Is rotating machinery (i.e., pumps and compressors) located such that a seal N/A
fire will have minimal impact on adjacent or overhead equipment?
Is equipment that is located adjacent to roads or other access ways adequately Y
protected from damage due to vehicle impact?
Are the egress routes (number and path) adequate to safely evacuate the unit in N Should be addressed at detail
the event of emergency? Has the potential for simultaneously blocking all design
egress routes been evaluated (e.g., train crossing, main access road closed due
to maintenance, etc.)?
Is emergency vehicle access to the unit adequate? Y
Is motor vehicle access to the unit adequately controlled [review installation of Y
signs and road barriers]?
Is site security sufficient to prevent unauthorized access to the unit? N Site security team to address
If applicable, are tall structures equipped with aircraft warning lights? N/A
Are electrical power supply lines for the unit routed to minimize the potential N/A
for power loss to the unit due to a fire at other units?
Are redundant instrument or power cables adequately separated to prevent a N/A
single incident (e.g., fire, supporting pole failure, etc.) from resulting in failure
of both cables (i.e., common cause failures)?
23
Has all buried equipment (e.g., process lines, fire water lines, electrical N To be addressed at detail
conduit, and sewers) been identified on drawings and by aboveground markers design
as appropriate?
Are atmospheric vents for flammable or toxic material routed to a safe location Y
(i.e., away from personnel and ignition sources)?
Does all equipment and instrumentation comply with the electrical area Y
classification?
Has equipment that is routinely operated been placed for ready access by the N To be addressed at detail
average size operator? design
Has equipment that must be operated in short time sequence (such as valve N/A
switching) been located to facilitate operator actions [i.e., minimum
separation]?
Is plant surface drainage sufficient to handle maximum expected runoff, Y
including fire water runoff?
Have the possible explosion, fire, and toxic material impacts to nearby Y
occupied or critical buildings been evaluated?
24
Process Hazards
Analysis Checklist: Storage Tanks Research and Technology
25
Does the tank mixer motor meet the electrical classification requirements of the N/A
storage tank area?
PROCESS UPSETS:
Has a stock leak through the tank floor been evaluated [consider the requirements Y
for internal coating of tank floor or secondary containment with external drains
under the tank floor]?
Has a failure of the storage tank roof drain (i.e., leak in internal swing line or roof N/A
drain hose) been evaluated ?
If the storage tank is equipped with a steam heater or bottom coils, has a heater or N/A
coil failure been evaluated [consider potential for tank damage due to possible
boilover or rapid expansion in the tank]?
Has loss of steam (or other heating medium) to the storage tank been evaluated? N/A
Has increased temperature (may be due to loss of product cooling or process upset) N/A
of the stock to the storage tank been evaluated [determine if upset may result in
exceeding flash point of stock]?
Has high vapor pressure stock to the storage tank been evaluated [may occur N/A
during startup or shutdown or be caused by upset at the upstream unit(s)]?
Has loss of level in an upstream pressure vessel been evaluated? Y
Has water carryover or contamination from the storage tank to downstream process Y
units or outside customers been evaluated? [Note: Leaking swing line joints are a
common cause for water carryover from tankage.]
Has a hazardous material entering a tank that normally contains a benign material N/A
been evaluated (e.g., hydrocarbon into a water tank or sour stock into a sweet
tank)?
FACILITY SITING:
Is adequate fire water coverage available at or near the storage tank? Is there Y
sufficient access and an adequate staging area for fire-fighting equipment near the
storage tank?
Does the spacing between the storage tank and other tanks or equipment conform Y
with applicable fire codes and local jurisdictional codes, regulations, and practices?
Does the storage tank’s fixed fire protection system provide sufficient water to cool N Other project group
the involved tank and the affected surfaces of surrounding tanks? addressing this
Is the storage tank’s foam system compatible with the tank design and type of stock N/A
or material stored?
For storage tanks containing oxygenate blend stocks or other polar materials, is the N/A
available foam appropriate for use in the event of fire (alcohol-resistant foam
required)?
Are foam injection valves located outside the storage tank secondary containment Y
area? [Note: Foam injection valves located inside the secondary containment area
should be locked open when tank is in-service.]
Does the storage tank’s containment area grading plan consider the need to collect Y
and remove rainwater?
Has site-specific hazards such as earthquake, hurricane, lightning, and floods been Y
evaluated?
HUMAN FACTORS:
Are tank suction and fill lines and valves clearly labeled, including flow direction? N Detail design to address
26
Is the lighting adequate in the unit [consider valve manifold locations and valves Y
requiring operation during emergency conditions, etc.]? Is the emergency lighting
(light fixtures on the emergency power circuit) adequate in the unit?
Are all operating valves accessible during normal or emergency operation? Y
Are manually operated valves positioned to allow proper operation without muscle Y
strain?
Is access adequate at all valve manifolds (including battery or plot limit) for both N Detail design to address
routine and emergency operation and for maintenance? [Review requirements for
changing battery or plot limit blinds.]
Are drain valves located to allow personnel to monitor levels while draining? N/A
Have storage tank valve manifolds been arranged to reduce the likelihood of mis- N Detail design to address
manifolding? Has valve mis-manifolding been evaluated [consider complex
suction, fill, or water draw manifolds]?
PROCEDURES:
Do storage tank startup procedures specify a maximum fill rate until the tank liquid N SOP to address
level covers the fill piping? [Note: possible static electricity concern]
Do procedures specify the safe-fill level of the storage tank? [Note: The tank safe- N SOP to address
fill level may be influenced by site-specific seismic hazards.]
Do procedures specify storage tank minimum level? [Note: possible concern for N SOP to address
floating roof tanks]
Are pressure vents/vacuum breakers routinely inspected? Y
Do procedures specify water removal (water draw) method and frequency? N/A
Is the accuracy of the automatic tank gaging systems checked routinely? N/A
Do procedures specify method and frequency for draining storage tank roofs N/A
(applies to floating roof tanks)?
Do procedures prevent compromising secondary containment areas by leaving N/A
rainwater drain valves open?
Do procedures specify how to either reroute or rerun off-specification product? N/A
Do procedures specify the method and frequency for sampling storage tank N/A
contents?
27
Research and
Technology
Process Hazards
Analysis Checklist: Pumps
Checklist Type: Process Equipment Review Date:
FILENAME: PUMP.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
DESIGN:
Is the pump casing design pressure greater than the maximum pump suction N/A
pressure plus the pump shutoff pressure [consider largest impeller when
determining maximum pump differential]?
Is the downstream piping or equipment design pressure greater than the maximum N/A
pump discharge pressure [consider largest impeller when determining maximum
pump differential], or is the downstream piping or equipment protected from
overpressure in the event that the pump is blocked in?
If a downstream blockage would raise the pump suction pressure, is the N/A
downstream piping and equipment rated for the maximum suction pressure plus the
pump shutoff pressure?
If a downstream blockage would not raise pump suction pressure, is the N/A
downstream piping and equipment rated for the greater of (1) normal suction
pressure plus the pump shutoff pressure or (2) maximum suction pressure plus
normal pump differential pressure?
Has a discharge relief valve been provided for positive displacement pumps? N/A
Is the pump adequately protected from damage when operating at low flow rates
[determine if minimum flow protection is required]?
Is the pump design temperature greater than the maximum operating temperature? N/A
Is the pump material selection appropriate for the expected fluid properties, N/A
including maximum contaminant concentration?
PUMP AUXILIARIES, INCLUDING MECHANICAL SEAL OR PACKING:
Is the selected mechanical seal or packing appropriate for the intended service, N/A
including maximum contaminant concentration?
Has mechanical seal or packing failure been evaluated? N/A
28
Has failure of pump heat removal equipment (e.g., lube oil coolers, gland oil N/A
coolers, stuffing box coolers, seal flush coolers, and seal flush) been evaluated
[consider loss of circulation or supply and plugging of coolers]?
Are pump "run" indicators (running lights or other process indicators) provided at a N/A
continuously staffed location for critical service pumps?
PROCESS UPSETS:
Has the pump stopping been evaluated? N/A
Has blocking in the pump been evaluated? N/A
Has loss of suction to the pump been evaluated? N/A
Has reverse flow through the pump, when it shuts down, been evaluated [assume N/A
the discharge check valve sticks open]?
If the pump is provided with minimum flow protection, have failures of the N/A
minimum flow system been evaluated [consider minimum flow valve (control or
manual) closed and wide open]?
Has the pump stopping and the minimum flow recycle control valve open (trying to N/A
maintain minimum flow) been evaluated?
For manual minimum flow recycle systems (manual valve or restriction orifice), N/A
has the pump stopping been evaluated?
For parallel pump arrangements (one pump operating and an idle spare pump on N/A
standby), has leakage through the spare pump's discharge check valve been
evaluated [concern is for overpressuring the spare pump suction valve and
piping]?
Has operation with higher specific gravity fluid, due to process upset or N/A
startup/shutdown, been evaluated [consider whether or not the pump driver is
adequately sized for water if the pump will be required to transfer or circulate
water during startup or shutdown]?
FACILITY SITING:
Is adequate fire water coverage available for the pump area? N/A
Is there adequate emergency access to the pump? N/A
Can the pump be safely isolated in an emergency? N/A
If emergency isolation valves (either manual, automatic, or remotely operated) are N/A
provided to isolate the pump, are these valves appropriate for the process service
and valve location [review requirements for fire-rating of isolation valves; fail-safe
position of isolation valves; and fireproofing of valve actuator, power cables, and
instrument cables of the isolation valves]?
If emergency isolation valves are provided, has failure of the isolation valves been N/A
evaluated [consider valves closing and valves failing to close when demanded]?
For installations where critical service equipment (e.g., air-cooled heat exchangers N/A
or power/instrument cables) is located above a pump handling flammable material,
is the critical equipment adequately protected in the event of fire at the pump
[review requirements for fireproofing and installation of fixed water or fixed steam
deluge]?
If fixed water or fixed steam deluge is provided, can the valve or station that N/A
actuates the system be operated safely in the event of fire at or near the pump
[consider location of valve/station or the ability to operate valve/station remotely]?
29
Have flexible piping components (e.g., hoses, expansion joints, and tubing) been N/A
reduced or eliminated where possible? If flexible piping components are installed,
are they designed for maximum operating pressure and temperature? Are flexible
connections adequately protected against possible rupture due to mechanical
impact and fire?
Have leaks (at mechanical seal, flanges, etc.) to the atmosphere been evaluated for N/A
pumps located in buildings or shelters [concern is for buildup of explosive
atmosphere with possible fire or explosion]?
For pump installations using an engine driver (gas or diesel driven) are the air N/A
intake and exhaust lines vented to a safe location?
Can critical service pumps be quickly shut down from a safe location? N/A
PROCEDURES:
If emergency isolation valves (either manual, automatic, or remotely operated) are N/A
provided, are procedures in place for the routine testing of these valves?
For critical service pumps, are preventative maintenance procedures in place to N/A
reduce the likelihood of equipment failures that could result in hydrocarbon or
toxic material releases?
For pump installations with auxiliary systems (e.g., lube oil, seal oil, vibration, N/A
etc.), are alarms and shutdowns routinely tested?
30
Research and
Technology
Process Hazards
Analysis Checklist: Instrumentation
Checklist Type: Process Equipment Review Date:
FILENAME: INSTRUMT.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
DESIGN:
Is the instrument specification suitable for the expected fluid properties, including Y
maximum contaminant concentration?
Is the instrument design pressure greater than the maximum operating pressure of Y
the process system to which it is connected?
Is the instrument design temperature greater than the maximum operating Y
temperature of the process system to which it is connected?
Is the instrument installation designed to allow on-line testing and calibration of the Y
instrument?
Are critical safety shutdown systems designed and installed to ensure reliability of N Detail design to address
the shutdown system [consider requirements for redundancy of components,
independence from process control system, and ability to test system to ensure
reliability]?
Are critical safety shutdown systems designed to fail-safe? Does the design Y
require operator action to reset the shutdown system (e.g., manual reset of isolation
valves) after the shutdown system is actuated to prevent unsafe conditions due to
system response when the shutdown trip condition clears?
Are instrument installations that result in moment arm arrangements (multiple or N/A
heavy valves branching from the pipe) adequately designed (e.g., supported or
reinforced, such as bridge welding) to prevent failure of welded connections due to
vibration or mechanical impact?
Are emergency shutdown switches guarded against inadvertent operation [consider N/A
location, switch operation, and guards or covers]?
Are all critical service alarms routed to a continuously staffed location? Y
31
Are redundant instrument or power cables physically separated [i.e., separated to N/A
prevent a single incident, such as fire or mechanical impact, from resulting in
failure of both cables]?
Are instrument sensing lines adequately purged or heat traced to prevent plugging? Y
For plugging services, does the design allow for safely unplugging the instrument
on-line?
Are utility instruments adequately heat traced and insulated or designed to prevent N/A
cold weather freezing and plugging?
Are control valves or emergency isolation valves designed to close under N/A
maximum differential pressure process conditions?
For services where the piping specification changes to a lower design rating after N/A
the control valve, is the downstream piping specification suitable for upset
situations with the control valve wide open?
Are the instruments suitable for the electrical area classification? Y
PROCESS UPSETS:
Has the control valve failing wide open been evaluated? N/A
Has the control valve failing closed been evaluated? N/A
Has the control valve leaking been evaluated? N/A
Has the control valve bypass left open or leaking been evaluated? N/A
For plugging or fouling services, has plugging of the flow orifice or other primary N/A
flow element been evaluated?
Has operation with higher or lower specific gravity fluid (may be due to process Y
upset or startup/shutdown) been evaluated?
Has loss of power to the process unit been evaluated [determine if the process unit Y
is designed fail-safe]?
Has loss of power, including partial loss of power and total loss of power, to the Y
process control system been evaluated?
Has loss of instrument air to the process unit been evaluated [determine if the Y
process unit is designed fail-safe]?
Has inadvertent operation of the safety shutdown system been evaluated? Y
FACILITY SITING:
If emergency isolation valves (either manual, automatic, or remotely operated) are N/A
provided, are these valves appropriate for the process service and valve location
[review requirements for fire-rating of isolation valves; fail-safe position of
isolation valves; and fireproofing of valve actuator, power cables, and instrument
cables of the isolation valves]?
If emergency isolation valves are provided, has failure of the isolation valves been N/A
evaluated [consider valves closing and valves failing to close when demanded]?
Are critical safety shutdown systems adequately protected in the event of fire? N/A
[Determine if the safety shutdown system’s primary elements or sensors, the power
and instrument cables, and the final elements such as emergency isolation block
valves or equipment shutdown interlocks are adequately fireproofed, fail-safe,
and/or located in a nonhazardous area.]
Are the control building air conditioning and pressurization adequate to protect the N/A
electronic instrumentation? Are they adequate to prevent intrusion of toxics,
flammables, or corrosive contaminants (if applicable)?
32
Are control valves and associated instrumentation accessible for maintenance? N/A
HUMAN FACTORS:
Can critical valves or equipment be closed or shut off from a safe location? Y
Is the lighting adequate in the unit [consider local instrument panels, battery or Y
plot limit valve manifold locations, equipment and valves requiring operation
during emergency conditions, etc.]? Is the emergency lighting (light fixtures on
the emergency power circuit) adequate in the unit?
Are all instrument labels easy to read (clear and in good condition)? N Detail design to address
Are all instrument labels correct and unambiguous? N Detail design to address
Are all instrument labels located close to the items that they identify? N Detail design to address
Do all instrument labels use standard terminology (e.g., acronyms, abbreviations, N Detail design to address
equipment tags, etc.)? Are the instrument labels consistent with nomenclature used
in procedures?
Are all components that are mentioned in procedures (e.g., valves) labeled or N Detail design to address
otherwise identified?
Do switch labels identify discrete positions (e.g., ON or OFF, OPEN or CLOSE)? N Detail design to address
Are the field instruments that are routinely monitored by operations personnel N Detail design to address
easily accessible to ensure information is read in accordance with recommended
frequency [consider instruments or areas that are difficult to reach, such as
climbing 40 feet of ladder or squeezing into close quarters]?
Are the engineering units of similar instruments consistent [e.g., do the pump seal Y
flush rotameters all display flow in either gpm or gph]?
Are field instrument indicators routinely checked for accuracy? N SOP to include
Are field instrument ranges appropriate for the service [e.g., avoid using a 0-2500 N Detail design to address
psig pressure gage on a 100 psig system]?
Are operating ranges for process variables specified in the same engineering units N/A
as the instrument read-out or indicator (i.e., mental conversion of units is avoided)?
Are calculations performed by operations personnel documented in a consistent N/A
manner and periodically checked for correctness?
Does the process control system console layout allow for rapid response to upset Y
situations? If required, does the process control system console layout allow for
response by multiple personnel?
Do the process control system displays adequately present the process information Y
[consider the logical layout of process or equipment configuration information,
consistent presentation of information, visibility of information from various work
positions, and the logical linking of information between displays]?
Do the process control system displays for similar equipment (e.g., parallel trains Y
or similar equipment in series) present the information in a unique manner to avoid
confusion?
Do the process control system displays provide feedback to operations personnel to N Detail design to address
confirm operator actions? Does the feedback provide operators with logical
information (e.g., is 100% valve output equivalent to valve wide open)?
Are critical alarms prioritized to alert operations personnel to upset situations that Y
require immediate response?
Is the cause of "nuisance" alarms (repetitive alarms that operations personnel Y
ignore or acknowledge without investigating) investigated and repaired in a timely
manner?
33
Are equipment "run" indicators (running lights or other process indicators) and Y
valve position indicators provided at a continuously staffed location for critical
equipment, valves, and instruments?
Are the communications facilities between process units adequate for clear and Y
uninterrupted communications during both normal and emergency situations [e.g.,
telephone land lines, radio, computer network, and E-mail, and are systems
redundant and/or secure]?
Is the control room lighting adequate [review direct and indirect lighting]? Is the Y
control room emergency lighting (light fixtures on the emergency power circuit)
adequate?
PROCEDURES:
Do procedures prevent changing alarm set points without proper review and Y
authorization? Are alarm changes (set point or priority) communicated to all
affected employees?
Do procedures prevent changing process control system or safety shutdown system Y
control or logic (software) without proper review and authorization? Are process
control system or safety shutdown system changes communicated to all affected
employees?
Do operating procedures document the alarm set points? Do the procedures Y
specify the expected operator response to the alarm? Do the procedures specify the
potential consequences if the alarm set points are exceeded (i.e., consequences of
deviation)?
Do operating crews communicate unusual instrument status (bypassed or out of Y
service) in writing? Are operating crews provided with written temporary
operating procedures when instruments are bypassed or out of service?
Do procedures require verification that instruments that are deliberately disabled Y
during operation (e.g., shutdown interlocks bypassed to allow testing) are placed
back in service?
Do procedures require control valve bypasses to remain closed during normal N/A
operation [possible concern for loss of level during upset conditions if the bypass
around an LCV is open]?
Do procedures specify proper response to alarm indicators (e.g., lights, horns, or Y
whistles) during emergency situations? Are hypothetical emergency situation drills
periodically performed? Are the alarm indicators routinely tested?
Do procedures require routine testing of critical alarms and safety shutdown Y
systems, including primary elements or sensors, shutdown system control and
logic, and final elements such as emergency isolation valves or equipment
shutdown interlocks [determine the need for on-line testing of safety shutdown
systems]?
Do procedures specify response to potential process control system failures Y
[consider loss of input or output signal(s), loss of display screens (loss of view),
loss of memory devices, loss of equipment or system interfaces (gateways), loss of
power, loss of backup power, loss of control program, etc.]?
Do procedures require physical isolation of power source(s) prior to release of Y
equipment for maintenance work (i.e., lockout/tagout)?
34
Research and
Technology
Process Hazards
Analysis Checklist: Piping and Valves
Checklist Type: Process Equipment Review Date:
FILENAME: PIPING.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
DESIGN:
Is the piping specification suitable for the fluid properties, including maximum Detail design to address all
contaminant concentration? Is the piping specification suitable for potential stress- piping and valves items
corrosion cracking, hydrogen blistering, or other metallurgical concerns, as
applicable?
Are the piping system fabrication requirements [e.g., post weld heat treatment
(PWHT), stress relieving, and nondestructive examination (NDE)] appropriate for
the intended service [consider process upsets including contaminant carryover]?
Is the piping design pressure greater than the maximum operating pressure
[consider maximum pump or compressor discharge pressure]?
Is the piping design temperature greater than the maximum operating temperature
[consider loss of cooling, cooler bypassed, exothermic reaction, etc.]?
Is the piping system adequately designed for thermal growth at maximum
temperature [consider superheated steam, loss of cooling, cooler bypassed, steam-
out, etc.]?
For flashing liquids, is the piping specification suitable to prevent brittle fracture
[consider large pressure drop situations such as venting or draining, etc]?
Is the piping system adequately guided and supported?
Is the piping system adequately designed for cyclical conditions (e.g., pressure,
temperature, and vibration)?
35
Are valve installations that result in moment arm arrangements (multiple or heavy
valves branching from the pipe) adequately designed (e.g., supported or reinforced,
such as bridge welding) to prevent failure of welded connections due to vibration
or mechanical impact?
Are piping dead legs eliminated?
Is the piping system adequately designed to minimize the effects of internal
corrosion or erosion [consider carryover or increased concentration of corrosive
material due to process upset, accumulation of corrosive material in valve seats or
drains, increased erosion or corrosion due to velocity, injection of chemicals such
as anti-foulants]?
Is the piping system adequately designed to minimize the effects of external
corrosion [consider underground installations, insulation on cold piping, exposure
to corrosive atmosphere such as salt water or cooling tower drift, upsets resulting
in release of corrosive materials, etc.]?
Is the piping system adequately designed for cold weather conditions? Where
applicable, are freeze protection and/or heat tracing design adequate?
Is the piping system adequately designed for hot weather conditions?
Does the piping system allow for flushing and/or purging of lines and equipment
for startup or shutdown?
Are process piping connections to utility systems adequately designed and installed
to prevent contamination of the utility system [review requirements for check
valves, double block and bleeds, removable spools, flexible connections, and
blinds]?
Is the piping system adequately designed for thermal expansion of trapped process
material? Is the discharge of the thermal relief device routed to a safe location?
Do the repairs to the piping (materials and methods) comply with the applicable
industry codes and company guidelines?
PROCESS UPSETS:
Have cold weather conditions been evaluated [consider water freezing in low Y
points or in dead-end lines, materials that increase in density, etc.]?
Have hot weather conditions been evaluated [thermal overpressure of blocked-in Y
lines or equipment, etc.]?
Have plugged lines or valves been evaluated? Y
Has rapid closing of automatic valves or check valves been evaluated [determine Y
whether or not hydraulic hammer may occur if a valve closes suddenly; for
example, check valve on the discharge of cooling water supply pump when pump
shuts off]?
Has a valve not opening [may be due to plugging, stem failure, or valve seizing] Y
when demanded been evaluated?
Has a bypass valve (either equipment or control valves) left open or leaking been N/A
evaluated?
FACILITY SITING:
Is adequate fire water coverage available near the piping system (e.g., battery or Y
plot limit manifolds and other valve manifolds)?
Is there adequate access to the piping system in the event of fire or other N Detail design to address all
emergency [consider battery or plot limit manifolds and other valve manifolds that piping and valves items
contain hazardous materials]?
36
If the piping system contains a large inventory of hazardous material (e.g., off-plot
transfer or feed lines), can the piping system be isolated in an emergency?
If emergency isolation valves (either manual, automatic, or remotely operated) are
provided, are these valves appropriate for the process service and valve location
[review requirements for fire-rating of isolation valves; fail-safe position of
isolation valves; and fireproofing of valve actuator, power cables, and instrument
cables of the isolation valves]?
If emergency isolation valves are provided, has failure of the isolation valves been
evaluated [consider valves closing and valves failing to close when demanded]?
Has flange leak been evaluated [consider leaks that may result in flame
impingement on nearby piping or equipment, hydrocarbon release resulting in fire,
and chemical exposure to operators]?
Are the drains and vents located to minimize the potential for damage due to
mechanical impact?
Have flexible piping components (e.g., hoses, expansion joints, and tubing) been
reduced or eliminated where possible? If flexible piping components are installed,
are they designed for maximum operating pressure and temperature? Are flexible
connections adequately protected against possible rupture due to mechanical
impact and fire?
HUMAN FACTORS:
Are battery or plot limit lines/valve labels easy to read (clear and in good Detail design to address all
condition)? piping and valves items
Is the lighting adequate in the unit [consider local instrument panels, battery or
plot limit valve manifold locations, equipment and valves requiring operation
during emergency conditions, etc.]? Is the emergency lighting (light fixtures on
the emergency power circuit) adequate in the unit?
Are all operating valves accessible during normal or emergency operation?
Are manually operated valves positioned to allow proper operation without muscle
strain?
Is access adequate at all valve manifolds (including battery or plot limit) for both
routine and emergency operation and for maintenance? [Review requirements for
changing battery or plot limit blinds.]
Are elevated valves accessible during normal or emergency operation (i.e., access
provided by ladders/platform or chain operator)?
Are valve chain operators properly maintained?
Can critical valves or equipment be closed or shut off from a safe location in a
timely manner?
Has equipment that must be operated in short time sequence (such as valve
switching) been located to facilitate operator actions [i.e., minimum separation]?
Have valve manifolds been arranged to reduce the likelihood of mis-manifolding?
Has valve mis-manifolding been evaluated?
PROCEDURES:
Do procedures require that all drain and vent valves are either plugged, capped, or Detail design to address all
blinded? piping and valves items
Do procedures specify which blinds are to be removed and which spectacle blinds
are to be turned prior to or during startup?
37
Do procedures require routine testing of emergency isolation valves [determine the
need for on-line testing of safety shutdown systems]?
Do procedures control the position of critical valves (e.g., locked or car sealed
open valves beneath relief valves, equipment bypasses or isolation, and area
containment drains)?
Are piping systems inspected at an appropriate interval (depending upon service
and history) to confirm fitness for continued service?
Do procedures require new gaskets (and bolts if needed) to be installed when a
flange closure is opened or broken? Do the procedures provide guidance on the
proper gasket material for the process service?
Do procedures require tightness-testing of all flange bolts prior to startup [concern
is for flanges that were opened during shutdown or flange bolts that may have
loosened due to thermal expansion and contraction]? Do the procedures provide
guidance to prevent over- or under-tightening flange bolts?
Do procedures specify the proper settings for pipe spring hanger supports? Do the
procedures require checking the pipe spring hanger settings prior to each startup
and during normal operation?
Are maintenance personnel trained in the use of piping specifications? Is a process
in place to verify the latest piping specification is used?
For piping modifications and repairs, do procedures require verification that the
repair material to be installed meets the requirements of the piping specification?
Is a program in place for routine testing and inspection of pressure relief devices?
Is documentation maintained regarding the test plan and results for each relief
device [i.e., last test date, results from last test, next test date, etc.]?
Is a program in place for routine testing of flexible piping components (e.g., hoses,
expansion joints, and tubing)?
Are a representative number of new and refurbished valves inspected for the proper
valve packing material upon receipt from the vendor or contract shop?
Do operating crews communicate unusual equipment or instrument status
(bypassed or out of service) in writing? Are operating crews provided with written
temporary operating procedures when equipment or instruments are bypassed or
out of service?
Are the hazards associated with drawing samples communicated to the personnel
responsible for taking the samples and performing the sample analysis? Does the
sampling procedure provide warnings and cautions about the hazards associated
with drawing, transporting, and performing sample analysis? Does the sampling
procedure specify the personnel protective equipment (PPE) to be worn when
drawing or handling the sample?
Is the minimum pressurizing temperature (MPT) of the piping systems documented
and communicated to operations and maintenance personnel?
38
Research and
Technology
Process Hazards
Analysis Checklist: Static Electricity
Checklist Type: Facility Review Date:
FILENAME: Static.DOC PHA Leader:
Chklist/Rev. Date: August 21, 1998 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
TRAINING & COMMUNICATION
Have personnel been alerted to the static hazards associated with the use of plastic Y
buckets and other insulated containers?
Have personnel involved with vacuum truck operations been trained in static Y
electricity hazards and prevention methods?
Have personnel involved in tank and vessel cleaning activities been trained in static Y
hazards and prevention methods?
Have personnel involved in the loading/offloading of static accumulating liquids Y
been trained in how to recognize static electricity hazards and precautions?
TANK TRUCK & RAIL CAR LOADING OF STATIC ACCUMULATORS
For products handled at temperatures < (flash point - 15°F) N/A
Diesel, lube oils and similar high flash products are often static
accumulators, but do not present a high risk of static ignition unless
there is a flammable mixture of air/vapor present. “Switch loading” is
when a high flash product is loaded into a rail car or tank truck after a
previous load of an intermediate or high vapor pressure product. In
this case, there can be a flammable mixture of vapor and air present
and hence static ignition is a concern.
Do procedures include precautions to prevent switch loading? (e.g.
checking the tank truck or rail car for HC gas prior to loading)
If switch loading and/or splash loading may occur, the following questions “for
products handled at temperatures >flash point” apply.
For products handled at temperatures > (flash point - 15°F)
39
1. Are tank trucks and rail cars routinely inspected for internal spark promoters? N/A
(chains, markers and probes that do not extend to the bottom of the
compartment)
2. Is the loading rack designed and operated to ensure a relaxation time of at least N/A
30 seconds downstream of the filter?
3. Are flow rates limited to the velocity recommended in API RP 2003? N/A
1 m/sec until the outlet is submerged, then the velocity (m/sec) is limited to .5/d
where d is the inside diameter of the downspout (m)
4. Is flow indication available so operators can check initial flow rates? N/A
5. Do procedures require waiting at least 1 minute before the loaded tank is gauged N/A
or sampled?
6. Are bottom loaded cars & trucks routinely inspected for splash deflectors? N/A
7. Are top-loading fill pipes fitted with telescoping downspouts? N/A
8. For top loading, is the rack equipped with appropriate bonding or grounding N/A
cables? (Bottom loading is inherently bonded)
9. Do top loading procedures require use of a bonding cable and extending the N/A
downspout to the bottom of the car or truck?
MARINE LOADING OF STATIC ACCUMULATORS
Do the procedures require inerting cargo tanks before and during loading of static N/A
accumulating products? (when an inert system exists)
For loading into a non-inerted barge or ship - (if receiving tanks are inerted, the
following precautions are not required)
1. Have appropriate initial flow rates been established for loading products per N/A
ISGOTT Chapter 7? Initial linear velocity of flow in each tank branch pipe must
not exceed 1m/sec, until the bottom structure is covered and all splashing has
ceased
2. Is flow indication available so operators can check initial flow rates? N/A
3. Do the procedures consider initial flow rates into multiple compartments N/A
simultaneously vs. flow rate at dock valve?
4. Where a filter is installed in the shore pipeline, do the procedures require that the N/A
loading rate be adjusted to ensure at least 30 seconds relaxation time between the
filter and the time it enters any cargo tank?
5. Do the procedures require waiting 30 minutes after loading before dipping, N/A
ullaging or gauging? (unless a sounding pipe is used)
6. Do the procedures prohibit the use of synthetic tapes or ropes in non-inerted N/A
barge or ship tanks?
7. Do the procedures include bonding all metal tapes/gaging devices before N/A
introduction into the barge or ship tank?
FIXED ROOF TANKS
FILLING & GAUGING PROCEDURES FOR STATIC ACCUMULATORS
For liquids handled at temperatures > (flash point - 15°F):
1. Do tank filling procedures specify a maximum fill rate until the tank liquid level N SOP to address
covers the fill piping?
2. Is inlet piping designed to prevent splash filling? Y
40
3. Are gage wells installed in the tank? If no gage well is installed, do the Y
procedures require waiting 30 minutes after filling before gauging or sampling
the tank?
4. Do the procedures prohibit the use of synthetic tapes or ropes in tank gauging? Y
5. Do the procedures include bonding all metal tapes/gaging devices before N/A
introduction into the tank?
HYDROCARBON TANK & VESSEL CLEANING
Do the procedures discuss the potential for static hazards during cleaning operations? Y
Do the procedures require continuous HC gas monitoring? Y
Do the procedures require bonding the wash or steaming hoses to the wall or N
manway?
Do the procedures require that all hoses are checked to ensure that insulated metal Y
fittings are eliminated or bonded and grounded?
Do the procedures require that all ungrounded conductors be removed from the tank Y
or vessel during cleaning?
VACUUM TRUCKS
Do the procedures caution against vacuuming hydrocarbons from plastic containers? N/A
Do the procedures include a discussion of the potential for static ignition due to N/A
vacuum and discharge operations?
Do the procedures recommend gravity discharge whenever possible? N/A
Are the truck hoses in good condition, with no broken sections or broken grounding N/A
wires?
Are all exposed metal hose fittings bonded to the truck through a bonding wire? N/A
Are hoses conductive (<1 megohm resistance)? N/A
Is the testing and inspection program for hoses adequate? Are hoses routinely N/A
inspected (externally) for scrapes, kinks, or other damage?
41
Research and
Technology
Process Hazards
Analysis Checklist: Materials
Checklist Type: General Review Date:
FILENAME: MATERIAL.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
DESIGN:
Have carbon and alloy steel materials in sour water service been reviewed for N/A Detail design to address all
hardness and their susceptibility to wet H2S cracking? [Note: NACE Standard materials, piping and valves
MR-01-75 provides guidelines on material selection for sour services, including items
maximum hardness limits to prevent sour water cracking.]
Have materials for piping and equipment in hydrogen service been selected or N/A
reviewed for adequate resistance to hydrogen attack in accordance with American
Petroleum Institute (API) Publication 941 (i.e., reviewed using API Publication
941 "Nelson Curves")? [Note: Low molybdenum content carbon-moly alloy
materials are susceptible to hydrogen attack.]
Have all carbon steel vessels, other major equipment, and piping, in amine or
caustic service operating above ambient temperature, been stress-relieved? [Note:
Typical operating temperatures where stress-relieving is required are: 100 °F for
amine equipment, 120 °F for caustic equipment, and 140 °F for steel piping in
amine or caustic service.] Have these equipment and piping services been
inspected for amine or caustic stress-corrosion cracking?
Is the heat tracing for carbon steel piping in amine or caustic service designed to
prevent overheating and stress-corrosion cracking?
42
Have equipment and piping in locations subject to cold weather (i.e., 20 °F or less)
been reviewed per API RP-920 for resistance to cold temperature brittle fracture?
Have storage tanks been similarly reviewed per API RP-650? Have critical
equipment items (e.g., thick-walled vessels and piping) been assigned a Minimum
Pressurization Temperature (MPT) or Minimum Design Metal Temperature
(MDMT), and have these limits been incorporated into the operating and
maintenance procedures?
Has the possibility of auto-refrigeration been evaluated for LPG and other low
boiling point liquid services [concern is for cold temperature brittle fracture], and
the material selection of piping and relief devices specified accordingly?
Are carbon steel air coolers and air cooler outlet piping in hydrotreater reactor
effluent service designed for fluid velocities of 20 feet/second or less to prevent
erosion/corrosion from ammonium sulfides?
Has increased metal temperature in heat exchangers and downstream piping, due to
heat exchanger fouling, been considered in material selection of the exchanger and
piping? Has increased temperature of downstream piping and equipment, due to
bypassing heat exchangers, been considered in material selection? Has increased
temperature of downstream piping and equipment, due to loss of cooling in heat
exchangers (e.g., loss of cooling water, loss of air cooler fans, etc.), been
considered in material selection?
Is the maximum fluid velocity of rich and lean MEA or DEA, and concentrated
sulfuric acid, limited in carbon steel service? [Concern is for excessive
corrosion/erosion due to high fluid velocities; MEA/DEA is typically limited to 6
feet/second, and concentrated sulfuric acid is typically limited to 3 feet/second.]
Has all carbon steel or monel piping and equipment in HF acid service been stress-
relieved after welding?
Have high-pressure hydrotreater reactors and other heavy-wall vessels and piping
constructed of 2-1/4 chrome material and operating between 700 °F and 1050 °F
been reviewed for potential temper embrittlement failure? If such failure is
possible, do the operating and maintenance procedures explain the design
limitation of the material [e.g., do not fully pressure the system when the metal
temperature is below the alloy's maximum possible ductile-to-brittle transition
temperature range, such as 300 °F]?
Has the material selection for auxiliary lube oil and seal oil systems considered the
effects of ambient moisture intrusion, during normal and shutdown operation?
[Concern is for corrosion due to water, with possible damage to mechanical seals,
etc. due to corrosion products.]
PROCESS UPSETS:
For heaters, furnaces or boilers, designed to burn fuel containing sulfur Detail design to address all
compounds, has the possibility of acid condensation during low temperature flue materials, piping and valves
gas operation been evaluated? [Concern is for corrosion of heater ducts, stacks, items
fans, and waste heat recovery heat exchangers due to condensed combustion
products.]
Has chloride stress-corrosion cracking of austenitic stainless steel piping and
equipment been evaluated? [Concern is for exposure to high chloride content
water, e.g., brackish fire water, water-soaked insulation containing chlorides,
coastal hurricane tides, etc.]
Has ammonia stress-corrosion cracking of copper-based alloys been evaluated?
43
HUMAN FACTORS:
Are special materials of construction identified on process flow diagrams (PFD),
piping and instrument diagrams (P&IDs), operating procedures, or other PSI
documentation? Is this information kept current via the MOC process?
PROCEDURES:
Do procedures specify hydrotesting austenitic stainless steel equipment and piping Detail design to address all
systems with water containing less than 50 ppm chloride? [Concern is for chloride materials, piping and valves
stress corrosion cracking.] items
Do procedures require that austenitic stainless steel equipment and piping in sour
or H2S services (i.e., exposed to sulfides) be blanketed with dry inert gas when
shut down, or flushed with soda ash, KOH, or ammonia neutralizing solution,
before opening for inspection and maintenance? [Concern is for ambient moisture
contacting sulfide scale on the surface of austenitic stainless steel, with the
potential for polythionic acid stress corrosion cracking of the stainless materials.]
Do procedures specify thorough water flushing of carbon steel equipment and
piping in amine or caustic service before steaming out to prevent amine or caustic
stress-corrosion cracking?
Do inspection procedures for 1 chrome and 1-1/4 chrome equipment and piping
operating above 800 °F include monitoring for creep embrittlement cracking (i.e.,
hydrogen service, high-pressure steam, etc.)?
Do warehouse procedures require testing of alloy materials for proper alloy content
when received at the facility site (i.e., positive materials identification [PMI]
program)? Are received materials accompanied by proper documentation (i.e., mill
certificates, chemical test reports, ANSI or ASME specification, etc.)?
Are materials segregated and clearly identified when stored, to reduce the
possibility of incorrect material installation?
Are materials stored such that they are protected from ambient conditions as
necessary [i.e., austenitic stainless steel materials protected from chloride salts at
seacoast locations, etc.]?
Are there procedures to order, receive, document, and issue materials for ASME
Code vessel or piping repairs or modifications? Do procedures specify ASME
Code welder qualifications and testing?
Do construction procedures specify that all equipment, piping, instruments, and
structural steel are painted (or otherwise protected) to prevent external corrosion?
Are the painted surfaces inspected and maintained [especially under insulation
when process temperatures are below 180 - 200 °F]?
Are a representative number of new and refurbished valves inspected for the proper
valve packing material upon receipt from the vendor or contract shop?
44
Process Hazards
Research and
Analysis Checklist: Maintenance Technology
45
Is the work permit system understood by all affected employees, maintenance Y
(including contractors), operations, and engineering? Does the work permit clearly
explain the approvals and communication required prior to commencing a
maintenance activity? Does the work permit system require physical inspection of
the job site by maintenance and operations personnel prior to commencing work
[concern is for working on the wrong line or equipment, opening equipment that is
still under pressure or contains toxic material, verification of the correct personnel
protective equipment (PPE) required for the job task, etc.]?
Do procedures require physical isolation of power source(s) prior to release of Y
equipment for maintenance work (i.e., lockout/tagout)?
Do the repairs to the piping or equipment (materials and methods) comply with the
applicable industry codes and company guidelines?
Do field hydrotest procedures include guidance regarding special requirements Y
[e.g., minimum pressurizing temperature for heavy-wall vessels and piping, low-
chloride test water for 18-8 stainless steel, adequate vents for large-diameter or
thin-wall equipment to prevent collapse from external pressure, etc.]?
For maintenance activities where pressure relief devices are isolated or removed, is
backup relief protection provided?
Do procedures require physical inspection of completed maintenance work by Y
operations personnel before "sign-off" of the work or job order?
Do procedures require new gaskets (and bolts if needed) to be installed when a Y
flange closure is opened or broken? Do the procedures provide guidance on the
proper gasket material for the process service?
Do procedures require tightness-testing of all flange bolts prior to startup [concern Y
is for flanges that were opened during shutdown or flange bolts that may have
loosened due to thermal expansion and contraction]? Do the procedures provide
guidance to prevent over- or under-tightening flange bolts?
Do procedures specify the proper settings for pipe spring hanger supports? Do the N/A
procedures require checking the pipe spring hanger settings prior to each startup
and during normal operation?
Are maintenance personnel trained in the use of piping specifications? Is a process Y
in place to verify the latest piping specification is used?
For piping modifications and repairs, do procedures require verification that the Y
repair material to be installed meets the requirements of the piping specification?
Is the piping system's minimum pressurizing temperature (MPT) documented and N/A
communicated to?
Do procedures require that 18-8 stainless steel equipment and piping in sour or N/A
H2S services (i.e., exposed to sulfides) be blanketed with dry inert gas when shut
down, or flushed with soda ash, KOH, or ammonia neutralizing solution, before
opening for inspection and maintenance? [Concern is for ambient moisture
contacting sulfide scale on the surface of 18-8 stainless steel, with the potential for
polythionic acid stress corrosion cracking of the stainless.]
Do procedures for loading and unloading catalyst (i.e., reactors, driers, columns, Y
etc.) include information regarding the hazards of the catalyst and identify the PPE
required when handling either fresh or spent catalyst?
Have all maintenance personnel (including contractors) been trained in the purpose Y
and use of the facility management of change (MOC) procedure? Do all
maintenance personnel understand the MOC definition of "replacement-in-kind"?
46
Do procedures require appropriate approval and supervision of crane use [concern N/A
is for lifts over equipment that contain toxic or hazardous materials, over power
lines, over critical equipment, etc.]? Are lifts reviewed by a rigging specialist
before they are performed?
Do procedures require appropriate inspections and approvals prior to performing Y
hot taps?
Do procedures specify appropriate methods for temporary leak repair (e.g., type of Y
clamp, material, etc.)? Do the procedures include administrative controls that
require a permanent repair be made at the earliest opportunity (i.e., next
shutdown)?
Do procedures prevent changing alarm set points without proper review and Y
authorization? Are alarm changes (set point or priority) communicated to all
affected employees?
Do procedures prevent changing process control system or safety shutdown system Y
control or logic (software) without proper review and authorization? Are process
control system or safety shutdown system changes communicated to all affected
employees?
Do procedures require routine testing of critical alarms and safety shutdown Y
systems, including primary elements or sensors, shutdown system control and
logic, and final elements such as emergency isolation valves or equipment
shutdown interlocks [determine the need for on-line testing of safety shutdown
systems]?
Do procedures require verification that instruments that are deliberately disabled Y
during operation (e.g., shutdown interlocks bypassed to allow testing) are placed
back in service?
Do procedures prohibit the use of pipe wrench extensions ("persuaders") on small N
or special valves in hazardous service [e.g., small piping valves, screwed bonnet
valves, orbit valves, twin-seal valves, etc.]?
QUALITY ASSURANCE:
Do warehouse procedures include verification that materials received are in Y
accordance with the purchase specification?
Are special materials of construction identified on process flow diagrams (PFD), Y
piping and instrument diagrams (P&IDs), operating procedures, or other PSI
documentation? Is this information kept current via the MOC process?
Do procedures require testing of alloy materials for proper alloy content when N/A
received at the facility site (i.e., positive materials identification [PMI] program)?
Are received materials accompanied by proper documentation (i.e., mill
certificates, chemical test reports, ANSI or ASME specification, etc.)?
Are materials segregated and clearly identified when stored, to reduce the Y
possibility of incorrect material installation?
Are alloy materials stored such that they are protected from ambient conditions as N/A
necessary [i.e., 18-8 stainless steel materials protected from chloride salts at
seacoast locations, etc.]?
Are there procedures to order, receive, document, and issue materials for ASME N
Code vessel or piping repairs or modifications? Do procedures specify ASME
Code welder qualifications and testing?
Are a representative number of new and refurbished valves inspected for the proper Y
valve packing material upon receipt from the vendor or contract shop?
Is a program in place for routine monitoring of critical rotating equipment for N/A
excessive vibration?
47
Is a program in place for routine monitoring of lube or seal oil quality at critical N/A
rotating equipment [e.g., monitor for metal fragments, oil degradation,
contaminants, etc.]?
Is a program in place for routine testing of critical turbine overspeed trip devices? N/A
Is a program in place for routine testing and inspection of pressure relief devices? Y
Is documentation maintained regarding the test plan and results for each relief
device [i.e., last test date, results from last test, next test date, etc.]?
Is a program in place for routine testing of flexible piping components (e.g., hoses, N
expansion joints, and tubing)?
Is sufficient PPE available at all times [review the needs for normal operating, Y
shutdown operation, and emergency response situations]?
Is a cleaning and testing program in place to ensure PPE is fit for use? Are Y
locations where clean and used PPE properly segregated and labeled?
Is a program in place to periodically inspect and test cranes and equipment (i.e., Y
lifting slings) used for lifts?
Is a program in place to ensure routine testing and maintenance of critical steam N/A
traps?
HUMAN FACTORS:
Is all equipment labeled and clearly identified (e.g., tag number, unit number, Y
module number, etc.)?
For equipment that must be maintained while the process unit is "on-line," is safe Y
access and egress provided for maintenance personnel (e.g., access platforms, heat
shielding for elevated air coolers, furnace draft fans and soot blowers, furnace
stack sampling systems and analyzers, etc.)?
For maintenance activities where bulky PPE is required, has emergency access and Y
egress been evaluated?
48
Process Hazards
Research and
Analysis Checklist: Relief Systems Technology
49
Is the relief system adequately designed to minimize the effects of internal N/A
corrosion or erosion [consider venting or relief of sulfur compounds, chloride or
fluoride compounds, caustic, amine, etc., with the potential for corrosion, stress-
corrosion cracking, and other materials problems]?
If the relief system handles heavy oils (residuum, vacuum bottoms, etc.), are N/A
branches and headers designed to prevent plugging [e.g., heat tracing, heated "gut"
line, flush oil, heating coils at the KO drum, etc.]?
Have flexible piping components (e.g., expansion joints and bellows) been reduced N/A
or eliminated where possible? If flexible piping components are installed, are they
designed for maximum relief pressure and temperature? Are flexible connections
located to minimize damage and possible rupture due to mechanical impact or fire?
Are flexible connections designed to minimize collection of liquids and corrosion
products in the bellows or piping run?
Is relief header sizing based on the maximum relieving capacity of each relief N/A
valve? [Selecting the next largest orifice size may significantly increase the relief
valve capacity over the minimum required by the process, possibly impacting the
relief system design capacity.]
Has the possibility of auto-refrigeration been evaluated for LPG and other low N/A
boiling point liquid services [concern is for cold temperature brittle fracture], and
the material selection of piping and relief devices specified accordingly?
PROCESS UPSETS:
Have cold weather conditions been evaluated [consider water freezing in relief N/A
header low points or in dead-end lines, materials that increase in density, etc.]?
Are flare combustion controls, including pilot burner flame front generators, N/A
provided with a reliable, uninterruptable source of electric power? [In a general
power failure, the flare may be required to remain in operation to safely dispose of
flammable materials.]
Has rapid closing of relief valves been evaluated [determine whether or not Y
hydraulic hammer may occur if a relief valve closes suddenly, for example, if a
high-pressure liquid relief valve on the discharge of a pump slams shut after
opening]?
Has rapid closing of automatic valves or check valves been evaluated [determine N/A
whether or not hydraulic hammer may occur if a valve closes suddenly; for
example, check valve on the discharge of cooling water supply pump when pump
shuts off]?
Has the need for redundant relief valves been evaluated [e.g., dirty or fouling Y
services requiring frequent testing and inspection of relief valves, critical services
where failure of relief valves to reseat may result in significant production loss,
etc.]?
FACILITY SITING:
Have credible worst-case releases of hazardous materials from extinguished flares, Y
atmospheric process or tank vents, or from relief valves that exhaust to the
atmosphere been evaluated [concern is for ground-level concentrations of toxic or
flammable materials]?
50
Has the maximum heat release from the flare during credible worst-case relief N/A
scenarios been evaluated with respect to ground-level personnel, nearby tankage
and equipment, and traffic on adjacent roads? [Depending upon the location and
height of the flare stack, concern is for significant flare tip heat releases that may
endanger operating or maintenance personnel in the area, or that may cause
overheating of flammable materials stored nearby. When maximum relief cases
are redefined during the lifetime of the facility, the potential risk to nearby
personnel and equipment should be evaluated based on the maximum heat that
may be released from the flare stack.]
Is there adequate emergency access to the flare stack and adjacent equipment in the N/A
event of fire [consider burning liquids from flare tip, igniting grass around base of
stack]?
HUMAN FACTORS:
Are relief system and flare alarms and instrument readings displayed at a N/A
continuously staffed location?
Is lighting at the relief drum and flare stack control stations adequate? N/A
Are all flare and relief system operating valves and controls accessible during N/A
normal or emergency operation?
Are relief system controls and instruments identified with permanent signs or tags? N/A
Are flare seal drain valves located to allow monitoring the filling and draining of N/A
the flare seal and ensure the safety of personnel [consider potential exposure to
sour gas, sour water, LPG, benzene, etc.]?
PROCEDURES:
Is a program in place for routine testing and inspection of pressure relief devices? Y
Is documentation maintained regarding the test plan and results for each relief
device [i.e., last test date, results from last test, next test date, etc.]?
Is a program in place for the routine replacement of rupture disks at the end of their N/A
useful lives, as recommended by the rupture disk manufacturer? Is documentation
maintained regarding the replacement plan?
Are procedures in place to document critical process safety information for each Y
relief valve and rupture disk: sizing criteria (vapor, liquid, and mixed phase);
maximum relieving material flow rate; fluid properties (molecular weight, density,
viscosity, temperature, etc.); set pressure; equipment protected; design relief case
(blocked discharge, fire, utility failure, etc.); flange size and rating (inlet and
outlet); orifice size; and relief valve or rupture disk manufacturer and model
number?
Do procedures require that changes to relief valve set pressures are reviewed Y
through the Management of Change process?
Do procedures prevent unintentional closure of block valves upstream or Y
downstream of relief valves [e.g., chain-locked or car-sealed open valves, operator
checklists, three-way/non-closing valves, etc.]?
Do procedures require all relief valve bypasses to be closed during startup? N/A
Do maintenance procedures specify proper rupture disk installation, including bolt N/A
tightening and disk orientation with respect to flow?
Do procedures prevent the accidental filling of relief headers with liquid if they are N/A
not designed to support the weight of a liquid-filled line?
51
Do operating crews communicate unusual equipment status (bypassed or out of Y
service) in writing (e.g., relief bypass valves that are open during normal
operation)? Are operating crews provided with written temporary operating
procedures when equipment is bypassed or out of service?
Are the hazards associated with atmospheric relief valve, tank, or process vents Y
documented and communicated to personnel whose duties take them into the
vicinity of these vents [e.g., high noise levels from high-pressure boiler safety
valves, toxic or flammable vapors from tank or process vents, etc.]?
52
Process Hazards
Analysis Checklist: Emergency Response
Checklist Type: General Review Date:
FILENAME: ER.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/N Reference/Comments
A
Is there a written emergency response plan for this unit that addresses credible Y
emergency scenarios (e.g., toxic material releases, fire, explosions, sabotage, bomb
threat, etc.)? Are copies of the written plan readily available to all affected personnel?
Does the emergency response plan include an incident command structure (or other Y
authority and communication structure) that outlines personnel responsibilities during
emergency situations?
Does the emergency response plan specify evacuation routes and personnel assembly or Y
refuge areas?
Does the emergency response plan contain emergency notification requirements, Y
including a list of contact names and phone numbers, for both company and outside
responders? Is this list up-to-date?
Does the emergency response plan identify essential personnel who must remain on-site Y
during an emergency [confirm that a sufficient number of trained people who are
knowledgeable in the hazards of the process and emergency response are available at
all times, either on-site or via rapid call-out]?
Does the emergency response plan identify the resources (personnel and equipment) Y
available from outside sources (i.e., community fire departments, mutual-aid partners,
etc.)?
Does the emergency response plan include procedures to account for all personnel Y
following an incident, including employees, contractors, and visitors?
Do procedures specify proper response to warning sirens, whistles, or horns? Are these Y
warning devices routinely tested?
Does the emergency response plan specify which communication channels are Y
restricted for use by emergency responders during an incident?
Does the emergency response plan include provisions for off-site traffic control and Y
access for off-site responders?
Does the emergency response plan specify the reporting requirements for the various Y
incidents that may occur at the facility, including reporting to facility and company
management as well as to outside agencies?
Has an incident command center, stocked with necessary reference information (e.g., Y
emergency response plan, site and community maps, call-out lists, etc.) and
communication systems been established? For large facilities, is this information
available at multiple locations?
53
Are hypothetical emergency drills routinely conducted? Do outside sources (i.e., Y
community fire departments, mutual-aid partners, etc.) participate in the hypothetical
drills? Are procedures in place to critique the response to hypothetical drills and
resolve the recommendations from these reviews?
Is a program in place to verify all affected personnel receive initial and refresher Y
training in the emergency response plan? Is the refresher training provided on an
annual basis and whenever updates to the plan are made?
Has the adequacy of the outside agency response program been evaluated [consider Y
familiarity with the hazards of the process, knowledge on how to respond to emergency
situations, physical condition of outside agency members, etc.]? Has the adequacy of
the outside agency equipment been evaluated [consider availability and adequacy of
fire-fighting equipment, including foam, adequacy and integrity of personnel protective
equipment, and amount of equipment available]?
Do procedures specify the method and frequency for inspection, maintenance, service, Y
and testing of emergency response equipment (i.e., fire suppression and extinguishing
systems, personnel protective equipment, etc.)?
54
Process Hazards
Research and
Analysis Checklist: Utilities Technology
Checklist Type: General Review Date:
FILENAME: UTILITY.DOC PHA Leader:
Chklist/Rev. Date: January 1, 1996 Location:
Prepared by: Chevron Research and Technology Company Unit/Project:
MOC#:
Checklist Questions Y/N/NA Reference/Comments
DESIGN:
Is there a design standard for safe connection (both permanent and temporary) of N/A
utilities to process streams, including safeguards to prevent backflow into the
utility system, and proper isolation of the utility from the process when it is not in
use?
Are lower-pressure steam systems, which are supplied with steam by let-down N/A
stations from higher-pressure systems, provided with suitable over-pressure
protection [i.e., is the pressure safety valve (PSV) on the lower pressure line sized
for the let-down control valve in the full open position]?
Have steam traps been designed for all credible operating scenarios [e.g., startup, N/A
extreme cold weather, upset conditions, etc.]? Have existing steam traps that
frequently fail been evaluated for proper sizing or application?
If utility system PSVs relieve to the atmosphere, is it possible for heat exchanger N/A
tube leaks (or other process leaks into the utility system) to create a hazard at the
utility relief valve vent outlet (concern is for hydrocarbon or toxic material release
to atmosphere, may want to consider routing PSV discharge to closed relief system
or safe location)?
Are all steam-generating heat exchangers designed and/or operated with routine N/A
manual or continuous blowdown to prevent sludge from accumulating in the shell
[concern is for sludge buildup resulting in tube or tubesheet failure]?
Have high-pressure steam system PSV installations been designed to adequately N/A
resist the thrust moment imposed on the piping when the PSV opens? Is the PSV
vent pipe located to exhaust steam away from platforms and other occupied areas?
Is the PSV vent pipe drained to remove accumulated rainwater, which could be
heated by the exhaust and expose personnel when it falls? Has personnel exposure
to the noise of an atmospheric relief been evaluated?
Are all critical utility service indicators and alarms routed to a continuously staffed
location?
Are redundant main power lines or cables physically separated [i.e., separated to N/A
prevent a single incident, such as fire or mechanical impact, from causing the
failure of redundant lines or cables]?
Are utility instruments adequately heat traced and insulated or designed to prevent N/A
cold weather freezing and plugging?
55
Is the utility piping system adequately designed for thermal growth considering the N/A
maximum possible temperature [e.g., superheated steam with maximum possible
superheat, or steam made up from desuperheated high-pressure steam through a
let-down station and the desuperheater fails closed]?
For services where the utility piping specification changes to a lower design rating N/A
after a control valve, is the downstream piping specification suitable for upset
situations with the control valve wide open?
Are safety showers and eye wash stations and their water supplies protected from N/A
freezing in cold weather or from overheating the water due to sun radiation?
Are data sheets and other process safety information (PSI) for critical utility N/A
equipment and piping current, complete, and accurate? Are they readily available
to the operators? [Note: Include PSI for vendor-supplied equipment, such as
chemical injection pumps, PSVs, etc.]
PROCESS UPSETS:
Has loss of each pressure level of steam (e.g., low, medium, and high pressure) to N/A
the process or utility unit(s) been evaluated?
Has loss of boiler feedwater to the process or utility unit(s) been evaluated? N/A
Has loss of cooling water to the process unit(s) been evaluated [determine whether N/A
or not the process unit(s) are designed fail-safe]?
Has loss of the main fire water supply to the process or utility unit(s) been N/A
evaluated [determine whether or not there are alternative sources of water to fight
fires--cooling tower basins, nearby waterways or ponds, etc.]?
Has loss of normal plant power, including partial loss of power and total loss of N/A
power, to the process or utility unit(s) been evaluated? [Note: Include evaluation
of power to emergency communications, emergency lighting, control room HVAC,
flare pilot flame front generation panel, field solenoid trip valves, electronic
governors for machinery, security gates, emergency block valve MOVs, etc.]
Has loss of emergency power [from an emergency generator and/or uninteruptable N/A
power supply (UPS)] to the process or utility unit(s) been evaluated [determine
whether or not the process or utility unit(s) are designed to be fail-safe; e.g., has
the distributed control system (DCS) software been configured to open/close
control valves or to leave them in their last positions if total power is lost to the
DCS]?
Has loss of instrument air to the process or utility unit(s) been evaluated N/A
[determine whether or not the process or utility unit(s) are designed to be fail-
safe]?
Has loss of plant or utility air to the process or utility unit(s) been evaluated? N/A
Has loss of natural gas or fuel gas to the process or utility unit(s) been evaluated? N/A
Has a momentary dip in the pressure of the fuel gas supply to fired heaters or N/A
boilers been evaluated [determine if loss of burner(s) flame may occur, followed by
buildup of flammable mixture and possible explosion]?
Has high fuel gas pressure been evaluated [may be caused by fuel gas pressure N/A
regulator failure]?
Has contaminants (e.g., H2S, amine, caustic or solids) or the wrong concentration N/A
(e.g., low or high BTU-content components) in the fuel gas or fuel oil supply to the
fired heaters or boilers been evaluated?
Has liquid hydrocarbon carryover into the fuel gas supply to fired heaters or N/A
boilers been evaluated?
56
Has loss of nitrogen to the process or utility unit(s) been evaluated? N/A
Has a leak in a process unit to a utility stream that returns to the Utilities Area been N/A
evaluated [e.g., cooling water exchanger tube leak to returned water, steam heater
tube leak to condensate, etc.]?
Has excess or loss of chemicals in the utility stream been evaluated, including N/A
evaluation to downstream process units [consider excess or loss of: chlorine or
other biocide, water treating chemicals for boiler feedwater (BFW) and cooling
water, oxygen scavengers and filming amines for steam, etc.]?
FACILITY SITING:
If emergency isolation valves (either manual, automatic, or remotely operated) are N/A
provided to isolate utility supply headers, are these valves appropriate for the
service and valve location [review requirements for fire-rating of isolation valves;
fail-safe position of isolation valves; and fireproofing of valve actuator, power
cables, and instrument cables of the isolation valves]?
If emergency isolation valves are provided, has failure of the isolation valves been N/A
evaluated [consider valves closing and valves failing to close when demanded]?
Has an accidental release of hazardous materials that could result in a hazardous N/A
airborne cloud been evaluated [e.g., chlorine, ammonia, hydrogen sulfide, etc.]?
Are chemical injection facilities that could be hazardous to personnel or the N/A
environment identified (by signs, color coding, pavement striping, etc.)? Are
chemical spills prevented from entering the storm water or oily water drain
systems? Has the need for safety showers and eyewash stations to be situated
nearby been evaluated?
Has the need for alarming the activation of safety showers and eye wash stations N/A
been considered [i.e., are facilities remote from frequented areas, potentially
preventing awareness of an incident and delaying assistance to personnel who
activate emergency stations]?
For process units handling flammable materials, are critical utilities (such as power N/A
and instrument cables, cooling water, instrument air, etc.) adequately protected in
the event of fire? Are they routed away from likely sources of leaks and fires
(such as fired heaters and pump rows), adequately fireproofed, or located in a
nonhazardous area?
Are utility header valves and associated instrumentation accessible for N/A
maintenance?
Are the Utilities Area control building air conditioning and pressurization adequate N/A
to protect the electronic instrumentation? Are they adequate to prevent intrusion
of toxics, flammables, or corrosive contaminants (if applicable)?
Has control building utility supply failure (including HVAC failure), coincidental N/A
with a release of hazardous materials in the process unit or from a nearby process
unit, been evaluated?
HUMAN FACTORS:
Can critical utility valves or equipment be closed or shut off from a safe location? N/A
Is the lighting adequate in the unit [consider local instrument panels, battery or N/A
plot limit valve manifold locations, equipment and valves requiring operation
during emergency conditions, etc.]? Is the emergency lighting (light fixtures on
the emergency power circuit) adequate in the unit?
Are utility lines and valves clearly labeled, including flow direction? N/A
57
Are the utility field instruments that are routinely monitored by operations N/A
personnel easily accessible to ensure information is read in accordance with
recommended frequency [consider instruments or areas that are difficult to reach,
such as climbing 40 feet of ladder or squeezing into close quarters]?
Are the engineering units of similar instruments consistent [e.g., do the steam and N/A
boiler feedwater meters all display flow in gpm or lbs/hr, and the fuel gas and
nitrogen meters in SCFH or SCFD]?
Are field instrument indicators routinely checked for accuracy? N/A
Are field instrument ranges appropriate for the service [e.g., avoid using a 0-500 N/A
psig pressure gage on a 50 psig steam system]?
Are the communications facilities between the Utilities Area and other process N/A
units adequate for clear and uninterrupted communications during both normal and
emergency situations [e.g., telephone land lines, radio, computer network, and E-
mail, and are systems redundant and/or secure]?
Is the control room lighting adequate [review direct and indirect lighting]? Is the N/A
control room emergency lighting (light fixtures on the emergency power circuit)
adequate?
PROCEDURES:
Do procedures prohibit connection of drinking or potable water supply lines to any N/A
process or other utility system, even temporary connections during shutdowns and
maintenance work? [Note: Drinking water should only connect to sinks, drinking
fountains, sanitary facilities, safety showers, and eye wash stations.]
Do procedures control connection of fire water to process systems or to other N/A
utility systems [e.g., to provide water for hydrotesting piping and equipment
systems]?
Do procedures prohibit connecting air tools to any other utility except to a N/A
compressed air system? [Note: Use of nitrogen for air tools in a confined space,
for example, may expose personnel to nitrogen asphyxiation.]
Do procedures prohibit use of hose connections on process systems [e.g., air hose N/A
connection on fuel gas system]?
Do procedures specify that all blinds and drop-out spools in utility connections to N/A
process equipment are turned to their "safe" position before introduction of
hazardous materials at startup of a process or utility unit [e.g., pre-startup
checklist, etc.]?
Do emergency procedures include loss of steam? N/A
Do emergency procedures include loss of normal electric power? N/A
Do emergency procedures include loss of cooling water? N/A
Do emergency procedures include loss of instrument air? N/A
Do emergency procedures include loss of natural gas or fuel gas? N/A
Do emergency procedures include loss of boiler feedwater? N/A
Do procedures specify response to potential process control system failures N/A
[consider loss of input or output signal(s), loss of display screens (loss of view),
loss of memory devices, loss of equipment or system interfaces (gateways), loss of
power, loss of backup power, loss of control program, etc.]?
58
Is there a procedure or program to place winterization measures in service before N/A
cold weather arrives [e.g., steam traps and tracing, electric tracing, insulation,
etc.]?
Are steam traps routinely inspected and repaired or replaced? [Note: Concern is N/A
for flooding equipment or tracers, leading to loss of heating, with potential for
freezing, rupture, and loss of containment.]
Do procedures prevent the use of utility hoses for temporary process piping? N/A
Is there a procedure for routine inspection of utility hoses? N/A
59
Process Hazard Analysis
WRAP-UP DISCUSSION CHECKLIST
A. Safety/fire protection (consider the participation of a specialist from the Safety Department for this discussion)
1. Is the fire water supply adequate? What is the reliability of the fire water supply pumps? Y
2. Review the availability of fixed fire equipment, such as hydrants, monitors and hose reels. Are the
number and location of fixed equipment adequate? Y
3. Are the areas with high risk of fire accessible from portable fire equipment, such as pumper trucks? Y
5. Are hazard communications, such as material safety data sheets (MSDS), available to employees? Y
6. Are the emergency shutdown (ESD) systems routinely tested? By whom and how often? Are there
any hazards associated with testing the ESD systems? Y
7. Is the electrical area classification of the process unit appropriate for the materials processed? Is new
equipment reviewed for compliance with the electrical area classification? Y
12. Are Noise surveys conducted? Are high noise areas identified? Is protection provided? Y
15. Are special safety areas clearly delineated (noise, chemicals, etc.)? Y
B. Emergency response (consider the participation of a Safety Engineer for this discussion)
In-plant Emergency Response Plan
1. Describe your emergency response training program for in-plant personnel.
3. Describe the PPE (protective clothing) that personnel would wear to respond to an accidental release.
Where is the PPE located and who maintains it?
7. Review injury reports of this unit over the last five years (may be reviewed in conjunction with
discussion regarding previous incidents)
C. Procedures
1. Are the operating procedures for this unit currently up-to-date? Do they cover startup, shutdown,
normal operation and emergency situations? Are they accessible to all employees who are expected to
use them? TO BE REVISED ASAP
2. Are there any procedures of particular concern that were not discussed during the detailed PHA
review? N
3. Are there any procedures that seem to be done incorrectly on a regular basis by less experienced
personnel? N
6. Do the procedures include explanation of expected system responses for operator actions? Y
7. Are there incidents that regularly occur on startup or shutdown that are not addressed in the
procedures?
2. The intention of the general discussion is to identify system interactions that may be hazardous, such as requiring
an operator to block in equipment to prevent backflow or remove heat to prevent overpressure.
3. Each utility outage should be documented separately. Where loss of a particular utility has significant
consequences, review and document the reliability of the utility supply system. Where applicable, review loss of:
• Instrument Air•Electricity
• Plant or Utility Air•Steam (150 PSI, 450 PSI, 850 PSI, etc.)
• Cooling Water•Nitrogen or Inerting Gas
• Fuel Gas
2. Is the control room pressurized? Is inlet air filtered and/or treated? Is loss of control room pressurization
monitored by an alarm system?
3. Is the control building capable of withstanding blast overpressure resulting from credible release and
subsequent explosion in the area? Y
4. Do feeders on critical control instruments and power supplies enter the building overhead or underground?
5. Are control room fire suppression systems compatible with both humans and instrumentation? Y
F. Previous Incidents (discussion should be documented to ensure compliance with OSHA Regulation 29 CFR 1910.119;
consider the participation of a specialist from the Safety Department for this discussion)
1. Confirm that the facility has an incident investigation procedure. Y
2. Review incident reports of this or similar units at the facility over the last five years.
3. Review incident reports of this or similar units at other facilities of which team members have knowledge.
4. Discuss the history of near-miss incidents in this or similar units that may not be documented but of which the
team has knowledge.
6. Are previous incidents with severe consequences likely to occur again, given the current practices and
procedures? N
G. Human Factors (discussion should be documented to ensure compliance with OSHA Regulation 29 CFR 1910.119)
1. Are there any operating or maintenance procedures that may present a specific hazard? N
4. Are there any areas where routine operator monitoring is so difficult (climbing 40 feet of ladder, squeezing into
close quarters) that an operator may ignore the reading?
5. Are there any instances where instruments (board or local) necessary for safe operation of the plant, or routine
adjustments, are poorly placed and difficult to see? N
6. Are there any “nuisance” alarms that the operators either routinely ignore or disable? N
7. Are field manifolds or local panels adequately labeled? Is the lighting in the area sufficient? Y
H. Testing and Inspection (consider the participation of a specialist from the Inspection Department for this discussion)
1. Describe the Critical Equipment Program
2. Describe procedures used for equipment isolation, lockout/tagout and confined space entry.
3. Describe how maintenance workers are trained on new systems introduced into this plant.
4. Is equipment designed for draining, neutralization, and purging?
6. If there are hazards associated with the unit (such as H2S, NH3, CL2, LPG or H2SO4), how are the hazards of the
unit communicated to the valve repair personnel?
J. External Events
1. Are there any process hazards created by hot weather during the summer (inadequate cooling)?
2. Are there any problems created by freeze-up during the winter?
5. Is seismic activity a concern in this area? For what seismic zone is the plant designed?
6. Are there any concerns about sabotage? Is this plant accessible from the fence line?
7. Any other external events that might have effects on the plant?
K. Previous hazards analysis studies (discussion should be documented to ensure compliance with OSHA Regulation 29
CFR 1910.119)
1. If the present PHA analysis is the initial analysis that is intended to comply with the OSHA Regulation,
document that this is the initial PHA analysis and that no previous PHA analysis has been performed. NO
PREVIOUS PHA
2. Have the hazards identified in previous PHA analyses been adequately addressed in this analysis? N/A
3. Have the recommendations from previous PHA analyses been resolved? N/A
SMP.PI.10-
0191
20. LCV 800 fails to close • SOP to address new Project Team DHY.PI.10-
pump system. 0102
• Pump logic to be
reviewed TNK.PI.10-
3003
• API RP 14 C - Recommended Practice for Analysis, design, Installation, and Testing of Basic Surface
Safety Systems for Offshore Production Platforms.
• API RP 14 E - Recommended Practice for Design and Installation of Offshore Production Platform
Piping Systems.
• API RP 14 J – Recommended Practice for Design and Hazards Analysis for Offshore Production
Facilities.
• API RP 500 - Recommended Practice for Classification of Locations for Electrical Installations at
Petroleum Facilities Classified as Class I, Division 1 and Division 2.
MAJOR 1
SAFETY - Fatality or permanently
disabling injury.
OPERABILITY - Major or total
1 1 2 4
destruction to process areas; plant
downtime in excess of 30 days.
ENVIRONMENTAL & COMMUNITY
IMPACT - One or more severe injuries;
significant release with serious long-term
off-site impact.
SERIOUS 2
SAFETY - Severe injury.
OPERABILITY - Major damage to
process areas with up to 30 days plant
1 2 3 5
downtime.
ENVIRONMENTAL & COMMUNITY
IMPACT - One or more injuries or possible
evacuation; significant release with serious
environmental impact.
MINOR 3
SAFETY - Single injury, not severe,
possible lost time.
OPERABILITY - Some equipment
2 3 4 5
damage with possible downtime.
ENVIRONMENTAL & COMMUNITY
IMPACT - Odor or noise complaint from
the public. Release that results in some
Agency notification or violation.
INCIDENTAL 4
SAFETY - Minor injury or no injury.
OPERABILITY - Minimal equipment
damage with negligible plant downtime.
4 5 5 5
ENVIRONMENTAL & COMMUNITY
IMPACT - No impact off site.
Environmental recordable event with no
agency notification.
LEGEND:
1 = Very High Risk; Additional Consideration Required 4 = Possible Risk; Additional Consideration at
2 = High Risk; Additional Consideration Required Discretion of Team
3 = Moderate Risk; Additional Consideration 5 = Negligible Risk; Additional consideration Not
Recommended Require