DuPont Methodology For Risk Assessment and Process Hazard Analysis
DuPont Methodology For Risk Assessment and Process Hazard Analysis
DuPont Methodology For Risk Assessment and Process Hazard Analysis
SECTION - 2 BASIS
2.1 Philosophy
Process hazards analysis (PHAs) are used to identify, evaluate and develop methods to control
significant hazards associated with Higher Hazard Processes (HHP) and Lower Hazard Operations
(LHO). These hazards generally represent the potential for fires, explosions and / or release of
toxic materials. PHAs use an organized, methodical study approach, seek to achieve a
multidisciplined consensus on hazard control and document results for future use in follow-up,
emergency planning and training of personnel involved in operating and maintaining the process.
Process Hazard Analysis systematically identifies the potential safety hazards and is a well-defined
program to remove or lower these hazards.
2.2 Purpose
The purpose of this procedure is to ensure the timeliness, consistency, and adequacy of process
hazard analyses (PHAs) across the site. PHAs are examinations of each new or existing facility to
assure that hazards of "catastrophic and major" safety or environmental consequences are identified
and adequately controlled to an acceptable risk level.
2.3 Summary
This procedure is intended to address the requirements and guidelines related to:
When to Conduct a Process Hazard Analysis
PHA Planning and Team Preparations
Hazards Identification and Field Tour
What is a Consequence Analysis
Hazards Identification Techniques
How to develop PHA report
How recommendations generated in a PHA shall be managed
How training of personnel and emergency response planning is done based on PHA findings.
1
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 3 DEFINITIONS AND ABBREVIATIONS
3.1 Definitions
3.1.1.i Administrative Controls
Procedures for directing and/or checking human performance on a plant or process task (e.g., vessel
entry, hot work permits, lock-out / tag-out procedures)
3.1.1.ii Baseline PHA
The initial review of a process which is intended to serve as the foundation for future reviews and/or
revalidations
3.1.1.iii Charter
The process hazards analysis teams' directive from Sub HSE (P) chairman that defines the team's scope
of responsibilities, tasks, and objectives.
3.1.1.iv Checklist Review
A hazards evaluation method based upon comparing a process or system against the collective
experience of those who have operated the process or system in the past, relevant codes, standards,
procedures, and / or regulations.
3.1.1.v Consequence
The direct, undesirable result of an accident sequence, usually involving a fire, explosion, or release of
toxic material
3.1.1.vi Consequence Analysis
The development of potential scenarios describing hazardous events that may occur due to loss of
engineering or administrative, controls and the evaluation of resulting impact on site personnel, off-
site communities, and the environment. Consequences are analyzed independently of the event's
probability or frequency of occurrence.
3.1.1.vii Continuous Release
Releases lasting more than one minute are usually treated as continuous, for purposes of dispersion
calculation.
3.1.1.viii Credible Events
Occurrences or scenarios deemed to be reasonably capable of happening.
3.1.1.ix Cyclical PHA
Periodic revisiting / validation of the PHA(s) for a process or operation, conducted at specified intervals
(05 years for HHP and 10 years for LHO) during the life cycle of the facility.
3.1.1.x Engineering Controls
Systems or interlocks involving the operation of physical components (e.g., sensors, transmitters,
valves, or other control elements, dykes for containment) without human intervention (that is,
"automatically").
3.1.1.xi ERPG (Emergency Response Planning Guidelines)
A system of guidelines, developed by a committee of the American Industrial Hygiene Association,
which are intended to provide estimates of concentration ranges where one might reasonably
anticipate observing adverse effects as described in the definitions for ERPG-I, ERPG-2, and ERPG3,
as a consequence of exposure to a specific toxic substance.
2
DuPont Methodology For Risk Assessment And Process Hazard Analysis
3.1.1.xii ERPG I
The maximum airborne concentration below which it is believed that nearly all individuals could be
exposed for up to 0I hour without experiencing other than mild transient adverse health effects or
perceiving a clearly defined objectionable odor.
3.1.1.xiii ERPG 2
The maximum airborne concentration below which it is believed that nearly all individuals could be
exposed for up to 01 hour without experiencing or developing irreversible or other serious health
effects or symptoms that could impair their abilities to take protective action.
3.1.1.xiv ERPG 3
The maximum airborne concentration below which it is believed that nearly all individuals could be
exposed for up to I hour without experiencing or developing life-threatening health effects.
3.1.1.xv Facility Siting
The activity of designing, locating and evaluating buildings relative to hazardous processes, for the
purpose of protecting personnel and / or critical equipment from the effect of fires, explosions, and
/ or toxic releases.
Siting means identifying how hazardous events in a process block can affect plant personnel in and
around the hazard epicenter. It is similar to a consequence analysis (CA) in that it identifies effects
away from the immediate area of the hazard. It differs from the CA in that siting focuses on the
impact on the site while the CA focuses on the impact both off the site and on the site.
3.1.1.xvi Failure Mode and Effects Analysis (FMEA)
A qualitative hazard evaluation method in which all of the known failure modes of components or
features in a system or process are analyzed in turn for undesired outcomes
3.1.1.xvii Fault Tree Analysis
A methodology for developing a logical model (i.e., the fault tree) of the various combinations of
basic events (e.g., system or component failures) that can result in a particular outcome (e.g., a
major accident), known as the top event. Through the use of Boolean algebra, the model can be
quantitatively evaluated to determine the estimated frequency of the top event.
3.1.1.xviii Field Tour
A step in a process hazards analysis involving a walk-through inspection of the area under review
by the PHA team, for the purposes of familiarizing the team with the process and layout and initiating
the identification of hazards.
3.1.1.xix Flash point
The minimum temperature at which a liquid gives off vapor in sufficient concentration to form an
ignitable mixture with air near the surface of the liquid within the vessel as specified by appropriate
test procedures and apparatus described in NFPA 30.
3.1.1.xx Frequency
The number of occurrences of an event per unit of time
3.1.1.xxi Hazard
An inherent property or characteristic of a material, system, or process that has the potential for causing
serious injury to people and/or property or environmental damage
3.1.1.xxii Hazard and Operability Analysis (HAZOP)
3
DuPont Methodology For Risk Assessment And Process Hazard Analysis
A systematic, qualitative technique to identify process hazards and potential operating problems using a
series of guide words to study deviations of relevant process parameters.
3.1.1.xxiii Hazard Control
The development of recommendations for process or procedures modifications that reduce the
risk associated with hazardous events. These modifications address reducing either the event
consequences or the probability of occurrence. Hazard control is applied only to those potential
hazardous events where the assessed risk is above acceptable levels.
3.1.1.xxiv Hazard Evaluation
The application of process hazards analysis methodologies (also commonly referred to as hazard
evaluation methodologies) to determine the significance of hazardous situations associated with a
process or activity. It uses qualitative or quantitative techniques to pinpoint weaknesses in design,
operation, and lines of defense, provided by engineering and administrative controls, which can lead
to hazardous events. It may also provide an assessment of risk resulting from the magnitude of the
consequence and the probability of the event occurring.
3.1.1.xxv Hazard Evaluation Methodology
A systematic analytical technique used for the analysis of a process, for the purpose of identifying
hazards inherent in the process and potential hazardous events resulting from accident or
misoperation (e.g., HAZOP, "What if'/checklist).
3.1.1.xxvi Hazard Identification
A systematic approach to characterizing handled material and process conditions that may result in
hazardous events, like explosions, fires, and releases of toxic materials.
3.1.1.xxvii Hazardous Event
Undesired, dangerous release of materials or energy (e.g., toxic/corrosive discharges, fires, and
explosions) with potential for causing serious injury to people and / or significant property or
environmental damage. It may result from a single unplanned event or sequence of events.
3.1.1.xxviii Hazardous Substance
Any substance that, when released or ignited, or when its energy is released, can result in death or
irreversible human health effects, significant property damage, or significant environmental harm
because of the substance's acute toxicity, flammability, explosivity, corrosivity, thermal instability,
latent heat, or compression.
3.1.1.xxix Hazard of Materials
The physical and chemical properties of process substances pertaining to their toxicity, flammability,
explosivity, corrosivity, reactivity, etc., that when released create hazards to people, facilities, and
the environment.
3.1.1.xxx Higher Hazard Process (HHP)
Any activity manufacturing, handling, storing, or using hazardous substances that, when released or
ignited, can result in death or irreversible human health effects, significant property or
environmental damage, or off-site impacts due to acute toxicity, explosivity, corrosivity, thermal
instability, latent heat, or compression. Local regulations may add additional considerations for
processes in this category. Examples of hazardous substances include the following when their use
poses a reasonable potential for causing any of the effects listed above: quantities of pressurized fuel
gases, flammables, combustibles above their flash points, explosives, combustible dusts, high and
moderate acute toxicity materials, strong acids and caustics, and steam above 300 psig. Also
4
DuPont Methodology For Risk Assessment And Process Hazard Analysis
operations involving chemicals where runaway conditions would result in container (vessel, tank
etc) failure are included.
5
DuPont Methodology For Risk Assessment And Process Hazard Analysis
A condition which has the potential to result in a release of, or exposure to, a hazardous substance,
or in the release of energy (mechanical or chemical), which in turn can cause serious injury to
personnel, significant property damage or significant environmental harm.
6
DuPont Methodology For Risk Assessment And Process Hazard Analysis
or significant environmental impact or adversely affect response to such failures as opposed to other
equipment failures which are unlikely to result in more than minor injuries (e.g., medical treatment
or first aid case. This includes:
Any plant equipment (vessels, pipelines, valves etc.) which contains hazardous material in
sufficient amounts
Systems, instrument and controls, interlocks etc. that prevent loss of containment of hazardous
material
Equipment to respond to or mitigate the effects of a loss of containment e.g., firefighting
equipment, hydrants, hoses, safety showers, fire suppression systems, emergency response
communication equipment etc.
3.1.1.xlviii What If / Checklist
A hazard evaluation methodology in which the review team utilizes their experience and creativity to
generate, answer and evaluate a list of "what if' questions to identify potential process hazards
3.1.1.xlix "What if” / Checklist Analysis
A hazards evaluation methodology in which the review team combines the "what if' and checklist
methods to produce a more robust review.
3.1.1.l Worst Case
The release scenario that results in the greatest off-site impact with respect to both distance and
population if the selected consequence evaluation criterion can occur
3.1.1.li Worst case events
The most severe hazardous events or incidents, considering incident outcomes and consequences
that are considered to be possible. Such events typically include total loss-of-containment scenarios
or runaway reactions resulting in major fires, explosions, or toxic releases.
Abbreviations
E&IH Environment and Industrial Hygiene PFDs Process Flow Diagrams
EPA Environmental Protection Agency PHR Process Hazard Review
ERPG Emergency Response Planning Guide PLC Programmable Logic
FMEA Failure Mode and Effect Analysis PM Controllers
FTA Fault Tree Analysis PPE Preventive Maintenance
HAZOP Hazard and Operability PrM Personal Protective Equipment
HHP Higher Hazard Process PSI Production Manager
HSE Health, Safety and Environment PSM Process Safety Information
I&E Instrument and Electrical SMP Process Safety Management
JSA Job Safety Analysis SOP Safety Management Practices
LHO Lower Hazard Operation MOC Standard Operating Procedure
MPT Management Professional Technical Sub HSE (P) Management of Change
AR Appropriation Request PHA Sub HSE (process)
DDC P&IDs Process Hazards Analysis
Document and Data Controller Process and Instrumentation
Diagrams
American Industrial Hygiene
AIHA
Association
7
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 4 PHA REQUIREMENTS
A PHA is a systematic and comprehensive study of the hazardous events that could occur in the
process, using a multi-disciplined team and a combination of methodologies (What If / Checklist,
HAZOP, Failure Mode and Effect Analysis etc.). It also evaluates the ways to either eliminate the
hazard or reduce the risk to an acceptable level.
To ensure that this activity is conducted properly following guidelines have been developed. These
guidelines also comply with the requirement of the OSHA standard 1910.119.
This section establishes the requirements for identifying, evaluating, controlling, and documenting
hazardous events and the consequences of these events. Site standards and organizational
responsibilities to conduct PHAs are defined for Higher Hazard Processes and Lower Hazard
Operations.
8
DuPont Methodology For Risk Assessment And Process Hazard Analysis
8. PHAs are conducted by trained team leaders with a cross functional team membership, including
those with expertise from outside the unit, as appropriate. Outside resources (Safety Specialists,
etc.) shall also be considered where required
9. Consequence Analysis is based on scientific and empirical information that reflects a thorough
understanding of the hazards of the operation and the measures to control the hazards. See
details in Section - 7 Hazard Identification and Field Tour
10. Documentation of consequence analysis includes reasons for worst case scenario selection,
methods used and assumptions made
11. Scientific and empirical information is available in OSHA and EPA guidelines (PHA Resource
Manual Section 1 and 5). This data is required prior to start the PHA and will be used to support
PSM 9 Level-2 Procedure on Procedures & Performance Standards as well as risk assessment
decisions relating to Inspection and PM Recommendations
12. Process Hazard Review (PHR) shall be conducted using a multi-disciplined team and one of
following 04 methodologies :
What If / Checklist
Hazard and Operability Study (HAZOP)
Fault Tree Analysis (FTA)
Failure Mode and Effect Analysis (FMEA)
13. The team evaluates the possible harmful effects of each event versus the current protection and
decides on whether additional protection is needed or not
14. For each hazardous event identified, the PHA team shall document a risk level (1 – IV) as well
as consequence (C1 – C4) and frequency rating (F1 – F4) as defined in the “Qualitative Risk
Assessment Protocol”. For details see Section 10.1 Hazard / Risk Evaluation Requirements
15. The PHA team is required to address human factors if the process is a Higher Hazard Process.
For details see Section 9.3 Human Factor Checklist
16. Facility Siting must be considered in PHA for Higher Hazard Processes and for processes
covered by the OSHA regulation. For details see Section 9.4 Facility Siting
17. In a PHR, consideration should be given to how to make the process inherently safer by
eliminating or minimizing hazards (required in HHP). For details see Section 9.5 Inherently Safer
Processes
18. Recommendations are made where appropriate based on risk score for each and every
identified risk. See details in Section - 10 Risk Scoring and Recommendations Developing and
Managing Recommendations
19. Cases where the cost of compliance is substantial and / or the risk of non-compliance is great
are reviewed at the appropriate level of Sub HSE or Manufacturing HSE
20. Additionally, major projects or the introduction of new processes or chemicals can add
significant risk to the site. For these cases, it is appropriate to escalate the Risk Management
decision to Corporate HSE Committee
9
DuPont Methodology For Risk Assessment And Process Hazard Analysis
21. PHA report completion and circulation responsibilities lie with the sponsor of the risk
assessment activity, that is, Operations Unit Managers for existing facilities or Process
Engineering Section Head in case of new or modified facilities
22. PHA sign off and declaration is to be carried out by the complete team after completing the
activity and should be the part of report
23. Health Risk Assessment (HRA) & Environmental Impact Assessment (EIA) activities are to be
conducted along with PHA activities during the course of excersie
24. A system shall be in place to approve and monitor the progress on the PHA recommendations.
See details in Section - 12 Recommendations – Tracking, Closure, Changing Dates, Rejections
and Waivers
25. Follow up on recommendations is required to keep track of recommendations and their
addressing in specified time
26. A PHA Follow up Coordinator (Safety Advisor) is assigned who is also a member of
Manufacturing HSE
27. PHA follow up lists are issued monthly or through automated systems, e.g., e-mail database by
site Safety Advisor. Completed PHA recommendations are kept in a permanent file or on digital
database which is retained for the life of the facility
28. PHA recommendations / findings are periodically analyzed to determine if the same corrective
actions are frequently identified and, if so, practices, standards, procedures, or management
systems are changed to prevent recurring problems
29. Engineering Standards to be utilized for conducting PHA may be based on Exxon Basic Practices,
Engineering Standards / RAGAGEP (Recognized and Generally Accepted Good Engineering
Practices). In the design and engineering of new or modified facilities, these standards will be
complied with unless otherwise approved by Manufacturing HSE Chairman. Deviation from
these standards should be fully informed, understood, and authorized
30. Training of employees on the PHA methods would be conducted periodically and record of the
training to be kept
31. The site Safety Advisor is responsible for follow up risk analysis reviews related to Emergency
Preparedness
10
DuPont Methodology For Risk Assessment And Process Hazard Analysis
4.2 PHA Process Overview
Team Preparation
• PSI package development required for PHA
• Operating procedures, conditions and process parameter limits
• Incident reports and previous PHAs
• PHA Team Organizational Meeting – working norms set
Team Responsibilities
• Keep management informed about progress
• Give priority to the PHA assignment
Hazards Identification
• Field Tour
• Evaluate potential hazardous
Consequence Analysis
• Explosions, toxic release
Closing Recommendations
11
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 5 WHEN TO CONDUCT A PHA
5.1 General
The processes have been divided into two main categories; which are Higher Hazard Process and
Lower Hazard Operations.
It is mandatory to conduct PHA of all the new projects and major modifications. These PHAs will
be conducted at, at-least two stages of the project.
A Higher Hazard Process is any activity Manufacturing, Handling, Storing, or using Hazardous
substances (classified by OSHA / EPA) that, when released or ignited, can result in death or
irreversible human health effects, significant property or environmental damage, or off-site impacts
due to acute toxicity, flammability, explosivity, corrosivity, thermal instability, latent heat, or
compression. Also operations involving chemicals where runaway conditions would result in
container (vessel, tank etc.) failure are included in HHP.
Higher Hazard Process PHA is mandatory as per OSHA / EPA guideline. PHA must be conducted
on existing facilities as outlined in the OSHA and EPA regulations.
A Lower Hazard Operation is an activity that exclusively manufactures, handles, stores or uses any
substance with low potential for death or irreversible human health effects, significant property or
environmental damage, or off-site impacts due to toxicity, asphyxiation, or mechanical hazards,
including stored energy. A Lower Hazard operation does not have much impact on Site or Offsite.
Lower Hazard Operation PHA is recommended but not mandatory.
17
DuPont Methodology For Risk Assessment And Process Hazard Analysis
PHA would be conducted on existing facilities that is consistent with the risk involved in the process.
The PHA would be considered as a base line PHA and after that it would be a cyclic review PHA.
The frequency of PHA of these processes must be conducted at a maximum interval of 05 years as
per OSHA and EPA regulations for processes containing listed Higher Hazard substances in
quantities above the listed threshold levels.
Following are some factors which shall be considered for defining LHOs frequency:
PHAs of Lower Hazard Operation are done at an interval of 10 years or as per requirement
PHA for LHO should be conducted at a frequency that is consistent with the risk involved
The PHA frequency can be adjusted in-line with the industry wide practice
Consideration should be given to reducing the review frequency to less than five years for
processes that experience many process safety incidents, have extreme hazards or are subject
to frequent significant change
New process facilities require PHAs during various design and installation stages. Periodic PHAs for
existing facilities are necessary to protect against the serious hazards, which may infiltrate a process
as the equipment ages and the process or its operation changes over the years.
18
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Pre-Authorization (Scope of Work)
Design Review (Detailed PHA)
Base Line PHA
Existing Facilities
Cyclic PHA
Modification or Significant Changes (as judged by Sub HSE (P, M, IE, E&IH etc.)
Mothballing of Process Facilities
Dismantling of Process Facilities
Preferably the first PHA should be conducted while experimental work is in process. These reviews
are used to evaluate risks of the process being developed, and guide the development toward an
inherently safer process.
PHAs should also be conducted during the basic data stage of a project, when the proposed process
and equipment are still in the conceptual stage. At this time, it is appropriate to challenge why a
particular hazardous operation or material is being used and why other less hazardous alternatives
are not being considered.
At this stage of a project, design is 10 to 40 percent complete; conceptually, the design is starting
to gel. Since the project has not been authorized yet, it is an appropriate time to conduct a
comprehensive PHA to identify hazards. This analysis can crystallize the design team's understanding
of the hazards still present. The objective of this review is to ensure that appropriate hazard control
features are included in the design and in the project estimate.
Typically, this review will use methods that are less rigorous than those in the subsequent design
review. It must address, however, those hazards which could have a significant effect on the project
cost, such as size and location of storage facilities for hazardous materials and the safety systems
needed for safe operation.
19
DuPont Methodology For Risk Assessment And Process Hazard Analysis
The objective of this review is to ensure that appropriate hazard control features are included in
the design and in the project estimate.
Once a project is authorized, the conceptual features provided in the DBM become a firm design.
At the design stage of the project, a PHA is conducted to further define the hazards relative to the
particular process. This review usually focuses on the design being developed and on the design
decisions to be made. Accordingly, the design PHAs typically focus on the P&IDs and on detailed
equipment design drawings. The recommendations from this PHA define any additional safety
features needed to ensure safe operation of the process.
The baseline PHA (Pre-start up OR first PHA of an existing facility) is the design review of the
process and is intended to serve as the foundation for future cyclic PHAs. The baseline PHA must
be very thorough, intensive, systematic and complete. It must be based on an up-to-date Process
Safety Information package. It should also include review of operating procedures / instructions.
In processes where the potential for a catastrophic incident exists, the risk assessment, or
consequence analysis, requires an exact definition of the potential catastrophic incident. The study
may also require downwind dispersion analysis (for toxic gas releases) and a community impact
analysis. The result of the study is the quantification of the impact of this catastrophic incident.
The base line PHA stage is more appropriately a “checkpoint” stage where all of the health, safety
and hazard analysis efforts are checked for accuracy, thoroughness, completeness and whether
there has been follow up of recommendations made in the previous hazard review(s).
For new facilities with significant changes during the startup that could affect process safety, a
revalidation of the baseline PHA should be done within a year of startup, or sooner.
A Cyclic PHA is a revalidation PHA and is based on review of the baseline PHA and subsequent
PHAs. The cyclic PHA must include a review of the recommendations to make sure that the
previous considerations and conclusions still apply and are accurate.
It also reviews any modifications / changes in the equipment, process conditions or procedures. If
a significant change has occurred, then a new baseline PHA must be conducted. Revalidation
protocol for cyclic PHA is given in the PHA Resource Material Section 16.
The cyclic review also determines whether additional considerations are appropriate for any
changes made in the materials, processing conditions, or new information developed for the system.
20
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Incidents and process changes since the last review.
Engineering and administrative controls still in place.
Consequence analysis changes.
Facility siting.
Human factors.
New technology.
Inherently safer process.
All Cyclic PHAs must be evaluated to determine if a PHA revalidation can be done. A revalidation
can significantly reduce the PHA team’s effort, while still producing a quality PHA.
The previous PHA no longer meets the needs or requirements of the program
There are significant opportunities to improve the PHA
For new facilities with significant changes during start-up that could affect process safety, a
revalidation of the baseline PHA shall be done within one year of start-up.
Note: A new base line PHA, using appropriate methodology, shall be conducted. If the
previous PHA is judged to be valid, then revalidation is appropriate.
A cyclic PHA starts with a review of the baseline and subsequent PHAs. This review must include
examination of all the elements in these PHAs.
Multi-disciplined PHA teams meeting the same criteria listed in the procedure must conduct PHA
revalidations. PHA revalidations shall be documented as outlined in PHA procedure, but where the
prior report is adequate, the new section shall be a statement that the prior report was found
adequate. For minor upgrades, the revalidation report shall state that the prior report was adequate,
except for the stated new information.
The revalidation activities shall be based on evaluation of previous study in following aspects:
A review of the listed hazards and hazardous events – Are all hazards included? Are all hazards
still appropriately defined and characterized?
Application of an approved PHA methodology – Was the prior methodology applied correctly?
Were the conclusions correct?
Identification of any incidents since the previous review that will have potential for catastrophic
consequences.
21
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Engineering and administrative controls to prevent or mitigate catastrophic consequences – Are
all controls still in place? Are there any revisions since the previous PHA?
Consequence Analysis (CA) – Is the analysis still valid? Are the consequences properly
identified? Are the mitigating factors still in place?
Facility Siting – Are there any changes in process that would affect siting? Any change in
population that would affect siting? Are the previous conclusions correct?
Human Factors – Are there any changes in controls or personnel that would affect prior
conclusions?
Inherently Safer Processes (ISP) – Are there any new considerations / recommendations to
make the process inherently safer?
A review of all process changes made since the previous PHA – What are the safety implications
of each change and how can individual changes interact to create new hazards?
A review of all the process test reports issued since the last PHA – Were new process safety
implications discovered?
At times some modifications would be complex and would require utilization of multi-discipline
teams to conduct a PHA. This PHA should be done before approving the modification. The lead to
conduct such a PHA would be with the Process Engineering Manager, Safety Advisor and Sub HSE
(P) Chairman.
All modifications should be reviewed from Hazards point of view. To ensure this aspect, HSE
checklist should be filled and attached with all the process specification. The Sub HSE (P) would
ensure that all the safety related issues are addressed before approving any process specification.
Mechanical, I&E, Environment and Industrial Hygiene related modifications to be reviewed in the
respective Sub HSEs to ensure safety aspects have been properly addressed.
22
DuPont Methodology For Risk Assessment And Process Hazard Analysis
For existing chemical operations, the processes should be broken into logical blocks that can be
analyzed in a reasonable period of time by an ad hoc team of at least 5 people, assigned to do this
in addition to their usual job.
To define the nature of hazards of different processes, all sections / posts of Ammonia, Urea and
Utilities Unit have been reviewed and checked for classification as per OSHA / EPA guidelines and
the definition used by DuPont for Higher Hazard Process (HHP) and Lower Hazard Operation
(LHO).
The frequency for different categories of PHA has been set in such a way to ensure the compliance
of OSHA / DuPont standard for Higher Hazard Process, as for the other two categories the
frequency has been set looking at the Site’s capability and previous track record. The PHA
frequencies are given below:
23
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Utilities :
- Acid / Caustic unloading facility - -
- Steam Generation - -
- Lime Soften Unit / Off-Site - -
- Water Treatment - -
- Power Generation - -
- Cooling Water System - -
- DCS, ESD, BMS & Electrical Distribution - -
24
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 6 PHA PLANNING AND TEAM PREPARATIONS
A PHA is lengthy activity and must be done in segments. Also team preparations, training and
development of PSI (Process Safety Information) package are vital tools for this critical activity.
The Production Unit Manager or PHA team leader must prepare and issue a charter to the PHA
team that defines the PHA team’s responsibilities, tasks and the objectives. The charter shall be
endorsed by Site HSE advisor and approved by Production Manager.
1. Sub HSE (P) chairman selects the PHA team leader with the help of area Unit Manager and site
Safety Advisor. The operations Unit Manager of that specific unit and Safety Advisor are
responsible for ensuring that the Team Leader is qualified to lead a PHA.
2. PHA team leader then helps Sub HSE (P) chairman / area Unit Manager in selecting team
members, and their PHA training
3. Area Unit Manager and Sub HSE (P) chairman shall adjust assignment priorities to provide
adequate resources and time for the study
4. The selection of the team members must be based on the skills needed for planned studies
The team leader should be a good listener, a good organizer, good at handling an ad hoc committee
made up of people from different background and assignments and shall have good leadership skills.
The team leader should be technically trained on PHA technique. The leader does not have to be
familiar with the process to be studied, but should be skilled in applying the hazard review method
to be used.
DuPont Methodology For Risk Assessment And Process Hazard Analysis
6.2.2 PHA Team Leader Minimum Requirements
The team members must represent a cross section of the disciplines involved in designing and
running the process. It is extremely important to put the most experienced and knowledgeable
resource for this activity as inexperienced team tends to conduct a poor quality PHA.
The team should contain people from 1st line supervisors and the operating levels, operator and
boardman. The team should consist of six permanent members. Typically, the team should have
people from Production (Engineer, Supervisor, Boardman, and Operators etc.), Process, Projects,
Safety, Maintenance, Inspection, Machinery, I&E, Projects etc.
Knowledgeable of the basic technology involved in the operation of the process and
equipment as well as the equipment design
Hands-on operating experience in the process or system. This experience involves knowing
how the process actually operates, as opposed to how it was intended to operate
Hands-on maintenance experience in the process or system. This experience involves
knowing how the facilities are actually maintained, as opposed to how they are intended to
be maintained
One team member / team leader who is knowledgeable in the specific PHA method being
used
Other appropriate knowledge or expertise needed to accomplish the aims of the study.
Experts in specific disciplines, not available in the team can be called in as part time resources
for the team
External safety / technical resources shall be considered when site existing resources
capabilities are limited, e.g., addition of new materials during new unit / plant installation
Minimum Experience Required : 03 Years
26
DuPont Methodology For Risk Assessment And Process Hazard Analysis
A typical PHA team would have the following membership:
PHA team leader (qualified in PHA technique)
Operations Engineer
Process Engineer
Project Engineer
Boardman and Area Operator(s)
Maintenance Engineer
Safety Engineer
Inspection Engineer
I&E Engineer
Machinery Engineer
At least 02 weeks before the start of each PHA, the PHA team shall be selected and the Charter
letter issued.
The team leader must review the charter with the team and discuss the expectations for
understanding. A Production Unit Manager or Production Manager / Sub HSE(P) chairman should
be present to resolve any questions concerning the scope of the study.
The first team meeting is usually called the organizational meeting, where the task to be done is
outlined and agreement is reached on how to proceed. At the organizational meeting, the PHA
team should develop:
27
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Members should reach agreement on the meeting schedule, clearly defining the meeting days and
times so that everyone will be present at the meetings.
Process Safety Information Package should be distributed at the meeting for the team members to
study to increase their understanding of the process. The information should be reviewed by each
team member before the first review meeting so that they are able to actively participate in the
identification of hazards.
The PSI package must be correct and up-to-date before the PHA is begun. The process safety
information (PSI) package defines the hazards of the materials, process design basis and the
equipment design basis. Other information that should be collected for review and used during the
PHA includes (but is not limited to) the following:
Note: P&IDs of the process block under review must be field verified to ensure their
“As Built” status.
The process is explained by one of the team members, or a process expert, to provide background
for those not familiar with the process. The team can also ask questions to clarify any details on
how the process operates.
28
DuPont Methodology For Risk Assessment And Process Hazard Analysis
6.5 PHA Team Responsibilities
All regular team members must give priority to the PHA assignment, participate in meetings and
tour the facilities periodically to enhance their understanding of equipment, piping, controls,
procedures, tasks, consequences of upsets and failure events and so on.
To ensure that the PHA is thorough and consistent with the charter, the PHA team should focus
on recommendations relating to Safety, Loss of Containment, Fire Hazard, Environmental Aspects
and Inherently Safer Operation. It is important to keep focus on the above-mentioned areas and
not to generate unnecessary recommendations.
Scribe must capture the true essence of the points being highlighted and keep detailed notes of
the meeting, listing the items covered.
The PHA team leader and team members must be selected and trained.
Adequate training of the PHA study team must be done to ensure a high quality analysis of the
process hazards. Training is most effective when provided shortly before the beginning of the
study.
Team training requirements typically include a team resource, or leader, with in-depth knowledge
of the PHA methodology to be used and experience in applying the method. Team members
should receive overview training in the PHA procedure and application of the methodology
selected for the review. This training can be provided in a ½ day training session by a resource
with knowledge and experience in the method.
Site safety training plan should ensure that adequate resources are put through a formal Process
Hazard Analysis & Consequence Analysis courses. A list of these individuals is to be maintained by
the Safety Section.
29
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 7 HAZARD IDENTIFICATION AND FIELD TOUR
Process hazards must be identified and listed in the initial stages of the PHA. These hazards are
inherent and unique to the specific chemicals and process conditions under review. They are
generally hazards having the potential for explosion, fire, large toxic release or irreversible human
health effects. The list of hazards is used during the PHA to help focus the discussion and shall be
included in the final PHA report and in communication of the hazards to the affected personnel.
The PHA team must conduct a field tour of the facility being studied. The team member with hands-
on experience should serve as the guide. The tour gives the team a clear picture of the process and
the layout. The team can begin to develop the list of hazards during the tour and can discuss the
process with the operating people in the field. On the tour, the team should compare the facilities
with the piping and instrument drawings to be satisfied that the drawings are up-todate.
Note: Field tour for Developmental / Basic Data, Pre-Authorization or Design Stage
PHA is not possible. However, team shall review the site, surrounding
community, geography, topology etc. at such stages.
30
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 8 CONSEQUENCE ANALYSIS
Consequence analysis consists of evaluating the undesirable impact of potential hazardous events,
such as fires, explosions, and toxic releases resulting from the loss of engineering and / or
administrative controls for the process.
The PHA team is required to conduct consequence analysis if the process is Higher Hazard Process
(HHP).
Note: Details on the consequence analysis techniques are available in the PHA Manual.
The purpose of the consequence analysis is to help the PHA team understand the type, severity,
and number of potential injuries, property damage, and significant environmental effects both on-
and off-site.
The PHA team must identify and understand the consequences of a wide range of possible
hazardous events associated with the process. The following information should be considered in
the consequence analysis:
Type of event possible, such as fire, explosion, or toxic release due to mechanical failure, flanges,
man ways and other fittings
An estimate of the potential release quantities, including worst case scenario
Consequences of the event, such as estimates of distances to different levels of concern (ERPG-
1, 2 or 3) based on toxic concentrations, thermal effects, overpressure, or significant
environmental effects
31
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Safety and health effects to personnel on-site and in the community; the type and severity of
potential injuries should also be estimated
These hypothetical incidents are analyzed for consequences independent of their probability of
occurrence.
Consequence analysis starts with a review of the facilities and activities within the area to be studied
in the PHA.
The first scenario to be identified is usually the worst-case, which is defined in the EPA regulation
as the release of a regulated substance from the largest vessel or a high-flow process line failure
Administrative controls and passive mitigation that limit the total quantity involved, or the
release rate, can be taken into account. For toxic gases, the worst-case release scenario assumes
that the quantity is released from the vessel in 10 minutes, per the EPA regulation.
For liquids, the scenario assumes an instantaneous spill; the release rate to the air is the
volatilization rate from a pool 1 cm deep, unless passive mitigation systems contain the substance
in a smaller area.
For flammables, the worst-case scenario assumes an instantaneous release and a vapor cloud
explosion. In addition to the worst-case scenario, alternative scenarios are to be considered.
The EPA regulation requires at least one alternative scenario for each toxic substance and at
least one alternative scenario to represent all flammable substance held in covered processes at
the source.
A qualitative review of these hazardous impacts is acceptable if the effects are confined to the
site, and is all that is required by OSHA. If the impact could extend offsite, a more quantitative
analysis may be useful, and is required if the substance involved is listed in the EPA regulation
(see PHA Resource Manual Sections 4 and 5)
The area affected by the accidental release is determined by estimating the distance from the
source of the release to an endpoint where the adverse effects can be tolerated.
The endpoint concentration for a toxic substance is its Emergency Response Planning
Guideline level-2 (ERPG 2), which was developed by the American Industrial Hygiene
Association (AIHA).
Endpoints equivalent to ERPG-2s are tabulated for covered substances in the EPA regulation.
For flammables, vapor cloud explosion distances are based on an overpressure of 1 psig; for
alternative flammable releases, radiant heat distances are an exposure of 5 kilowatts per square
meter for 40 seconds. Atmospheric conditions for the worst case are specified at 2 meter per
second wind speed and a very stable atmosphere.
For EPA hazard assessment, populations potentially affected are defined as those within a circle
that has as its center as the point of release and its radius the distance to the toxic or flammable
endpoint.
List the residential population in the circle within two significant figures.
32
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Also, list the presence of schools, hospitals, other institutions, public areas, and recreational
areas. Large commercial and industrial developments that can be identified on street maps within
the circle must be noted, but the number of people occupying them need not be enumerated.
Quantitative estimates of consequences must be made when injuries, major property damage
or significant environmental effects are possible at off-site locations.
The area affected by the accidental release is determined by estimating the intensity of heat from
the source of fire to an endpoint where the adverse effects can be tolerated, expressed as thermal
exposure level of concern. An appropriate initial criterion for estimating possible fire exposure
injury is 3000 Btu/(hr)(ft2). At this radiation level, escape within 20 seconds can prevent burn
injuries, and most combustible materials do not ignite, even after prolonged exposure. Typical
thermal exposure levels of concern include the following:
Large explosion may result in damage to building / structures. Impact of an explosion is estimated
by overpressure at an endpoint where adverse effects can be tolerated. Typical overpressures of
interest are the following:
0.3 psi – onset of structural damage; 10% of window glass breaks
0.5 psi – minor to light building damage
1.0 psi – people can be knocked down; the potential for building damage and flying glass with
potential for severe lacerations
2.0 psi - threshold of eardrum rupture
5.0 psi – threshold of lung damage
Actual impact on building is also a function of the impulse of an explosion, the orientation of building
surfaces to pressure wave, and the specific type of building construction.
Note: Analysis of toxic releases / fires & explosion should be carried out by individual
with appropriate training on toxic release mapping / explosion impact assessment.
After the initial evaluation of hazardous event scenarios, a subset of events should be selected for
detailed quantitative evaluation. Quantitative Consequence Analysis must be done for all events
that may have off-site impact events or may result in significant on-site impact. An example of
such a situation might be a vapor cloud explosion that could lead to building damage, injuries,
fatalities, and major business impact.
33
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Complete quantitative evaluation of release scenarios can be a complex task that involves such
considerations as aerosol formation, gas momentum effects, instantaneous releases, phase
changes, thermodynamic interactions with the atmosphere, and transient flow. For initial
consequence estimates, it is appropriate to make conservative assumptions by over-predicting the
consequences.
For example, toxic gas and flammable vapors generally have the largest consequences when:
Released at or near ground level
Conditions that produce high vapor and aerosol generation rates exist
Release temperatures and pressures (maximum or minimum, depending on the chemical) of the
stored material can enhance the rate of vapor cloud generation
Release conditions that increase the gas density are conservative, because the denser the gas, the
slower it disperses in air. For releases of pressurized liquefied gases that flash at ambient
temperatures, it is conservative to assume that all of the liquid remaining after the flash forms a
stable aerosol and does not deposit out as rain or form a pool.
After developing an initial set of conservatively estimated release scenarios, appropriate modeling
tools can be used to estimate the toxic and flammable consequences in accordance with the
consequence evaluation criteria described previously. For consequence estimation, the PHA
Resources Manual should be used to help ensure consistency.
Note: Quantitative CA should be done by personnel that have been trained and
qualified to do the analysis.
34
DuPont Methodology For Risk Assessment And Process Hazard Analysis
b. Identify a more thorough set of hazardous events; consider the appropriateness of including
additional scenarios based on a more precise estimation of event parameters
c. Qualitatively assess the consequences for the events. Use the results to determine the
potential impact, including estimated release quantities, area affected, and safety and health
effects, on
Exposed personnel, on-site and off-site
On-site and off-site facilities
Shelter-in-place facilities
Process-critical equipment
d. If the potential consequences are not clear, even after the event scenarios have been
finetuned, then determine if a limited or more extensive quantitative analysis is required.
4. Conduct a quantitative CA. The following is an overview of the procedure for conducting a
quantitative CA:
Select scenarios (e.g., from PHA hazards identification or other studies) addressing a
complete range of possible release events (i.e., small, medium, large, and catastrophic
failures)
Evaluate each scenario in accordance with the DuPont Consequence Analysis Technical
Guidance Manuals2, 3 and / or DuET Process Safety and Fire Protection guidance
Determine for each scenario the potential on-site and off-site impact of events (e.g.,
releases, fires, or explosions) on personnel, occupied facilities, and critical equipment
identified as a line of defense
5. Summarize the findings for use in
Hazards evaluation when determining the risk of the scenario and any appropriate risk
mitigation
Facility siting or other PHA activities, as appropriate
Site emergency response planning
35
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 9 PROCESS HAZARD REVIEW / EVALUATION
The PHA team must apply appropriate hazard review methods to the process under review to
identify each hazardous event, the significant existing lines of defense and to evaluate the
effectiveness of these lines of defense.
The four methods recommended for the Hazard Reviews are described below. The priority of
methods shall be What If / Checklist; next method to be used are HAZOP and Failure Mode &
Effect Analysis and finally the Fault Tree Analysis. A typical cyclic Process Hazard Review step may
take 3 to 5 days. Following are four PHR techniques to be used for hazard evaluation:
This is the foundation method and should be used in the first review of almost any process. The
method allows the team to brainstorm situations (what if’s) that might lead to hazardous events.
After brainstorming, a checklist is used to trigger thoughts about situations that may have been
overlooked. The OSHA and EPA regulations allow the use of either What If (brainstorming) or the
Checklist as separate methods as well as in combination. The combination of the two is
recommended for best results. What If / Checklist is given in the PHA and its resource Manual.
This method addresses deviations in the operating parameters in the system and whether these
deviations will produce a hazardous effect. All possible deviations are studied in a rigorous fashion
and if required using guide words to suggest possible deviations for each parameter. The team
decides whether deviations will result in hazardous consequences. Details are available in PHA and
its resource Manual.
There are advantages to using different methods of process hazards identification on the same
process or project. Each method addresses hazards differently. When the What If / Checklist
method is used with HAZOP, the two complement each other and strengthen the accuracy of the
overall PHA.
36
DuPont Methodology For Risk Assessment And Process Hazard Analysis
This method focuses on the failure of each of the components in the system (transmitters,
controller, valve, etc.). The team assesses the effects of the component failures and prioritizes the
hazards, using a semi quantitative ranking. This method will be used for hazard analysis of the control
systems. Details are available in PHA and its resource Manual.
Method to be Used
Consequence
Case What If/ Fault Tree
Analysis
HAZOP FMEA
Checklist Analysis
Existing Facilities:
- HHP -
- LHO - -
Major Project:
- Developmental/
- - - -
Basic Data
- Pre-authorization
- - - -
(Scope of work)
- Design Stage - -
(Only for HHP)
- Base Line/Prestartup -
-
Stage
Modifications:
- Major - - - -
- Minor - - * - -
- Existing - -
- New Project - - -
* : Health, Safety and Environment Design Checklist used with the Sub HSE is adequate enough.
37
DuPont Methodology For Risk Assessment And Process Hazard Analysis
9.3 Human Factor Checklist
Human factors include all aspects of how humans interact with their work environment, in both
routine and non-routine situations. Human factors primarily concern the interaction between
human and the equipment, systems and information in their work environment. The PHA deals with
various aspects of these interactions given below:
Human size and strength relative to the equipment design and layout
The PHA team is required to address human factors if the process is an HHP or is covered by the
OSHA or EPA regulation. However, human factors are also an important consideration for Lower
Hazard Operations. The focus of the PHA is to identify areas where human error is likely and
recommend changes to minimize those errors. Situations where human errors are likely may
involve one or more of the following:
A human factor checklist is available in the PHA and its resource Manual.
Human factors come into play in a number of areas covered by the various elements of a
comprehensive PSM system. The PHA team should be aware of these areas when attempting to
identify human factors issues. The PHA is not the time, however, for a complete human factors
analysis of all the PSM elements. The following are some of the more significant areas:
• Ergonomics: In this context, the term “ergonomics” does not refer to the likelihood of
strain or cumulative-trauma injury. Instead, a key consideration is the accessibility of
emergency controls and equipment. Physical issues (i.e., traditional ergonomics) can come
38
DuPont Methodology For Risk Assessment And Process Hazard Analysis
into play if emergency controls call for great strength, dexterity, or size to access and
operate successfully.
• Emergency Access: Questions that the PHA team should consider include the following:
Can emergency shutdown manual valves or emergency stop push buttons be accessed
quickly in an emergency? Does a hazardous situation hinder or prevent access to key
controls?
• The HMI: Another important human factors issue is the clarity of the design of panel boards
and video display terminals. Are emergency controls clearly marked? Is emergency activation
straightforward or complex? Can emergency or important controls be confused with others
in close proximity? Is color coding used in a way that color-blindness of personnel could
become an issue? Both familiarity (i.e., boredom) and extreme anxiety (i.e., panic) vastly
increase the chance of errors being made. Design of controls should take these factors into
consideration.
• Distractions: The team should evaluate what the work environment is like under routine
conditions and what it might be like in an emergency. Are trivial or nuisance alarms in close
proximity to critical ones, so they are likely to be ignored? Can information overload take
place in an emergency? The number of specified tasks, the work schedule, and likely response
time should be considered.
• Training, skill, and performance: The PHA team should consider the effectiveness of
personnel training to deal with unusual and emergency situations. How effective is the
program, and what actions are taken to remediate sub-par performance? If critical
emergency procedures exist, are there drills to gauge how well they work in practice? Have
work schedules or forced overtime situations produced excessive fatigue in the work force
that might impair performance in critical situations?
• Turnover: The rate and management of personnel turnover is a key factor in determining
human reliability. The PHA team should consider the rate of turnover in key operating and
supervisory levels and the quality and timeliness of training new people.
39
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Many processes contain one or more hazardous materials or conditions that could, in the event of
an incident, result in a fire, explosion, or toxic gas release. This may affect a building, its occupants,
or its housed function. Buildings should have attributes that can withstand the effects of such events
(e.g. the strength to withstand the overpressure from an explosion or the fire retardance to
withstand a fire) to protect the occupants or the function that the buildings house.
Facility siting must be considered in process hazards analyses for Higher Hazard Processes and for
processes covered by the OSHA regulation.
Of particular interest are those facilities that can aggravate or magnify a realized hazard. An example
would be damage of a motor control center for fire water pumps caused by an explosion. Another
example would be fatal injuries to people eating lunch in a local area lunchroom when a process
fire trapped them in the room.
Through the application of PHA, it is possible to identify significant process hazards and to evaluate
the various event sequences that could lead to a fire, explosion, or toxic release. Qualitative &
Quantitative Consequence Analysis estimate the magnitude of these events and where warranted,
a frequency analysis provides techniques for estimating their likelihood. These techniques provide
the means for evaluating potential risk posed by the process activities to the building occupants and
to the function of the facility.
9.4.1.i Frequency
Areas / Units classified as HHP shall evaluate all building, including temporary structures (e.g. trailers,
cabins etc.) that fall under the scope of this standard at a frequency not to exceed once every five
years
9.4.1.ii Evaluation of buildings
All facility siting evaluations shall be conducted in accordance with the general methodology outlined
in Appendix A.
40
DuPont Methodology For Risk Assessment And Process Hazard Analysis
9.4.2.i Scope
All new buildings constructed in HHP units / areas including temporary structures (e.g. trailers,
cabins) shall be evaluated against possible catastrophic events and designed so as to protect the
occupants.
In a PHR, consideration should be given to how to make the process inherently safer by eliminating
or minimizing hazards (required for HHPs). The What If / Checklist method is the best format for
this type of consideration, since the FMEA and HAZOP methods assume the process is safe if
operated as designed.
Examples of changes (recommendations) that could make a process inherently safer are listed
below:
1. Intensification – Minimize the quantities of hazardous material (e.g., make and immediately
consume a toxic intermediate to limit the quantity in the process).
2. Substitution – Replace hazardous materials with less hazardous materials
3. Attenuation – Use less hazardous processing conditions (e.g., lower temperature and / or
pressure)
4. Limitation – Design the equipment to limit the impact of a hazardous event (e.g., design vessel
to contain the highest pressure that could be reached in a decomposition or runaway reaction)
5. Simplification – Design facilities so that operating errors are less likely and facilities are forgiving
of errors that are made.
PHRs during the development stage of a new operation provide the most opportunities to make
changes that will lead to inherently safer processes. Once a facility is constructed and in operation,
the range of feasible options becomes more constrained. Nevertheless, a careful examination of the
entire process (looking at feedstock, processing and reaction systems, inprocess inventories,
41
DuPont Methodology For Risk Assessment And Process Hazard Analysis
location of equipment and piping, etc.) may result in identification of some inherently safer options.
Some of these concepts can be referred to the research and development organization for potential
incorporation in future versions of the process. For additional information, see the discussion on
Inherently Safer Processes in PHA and its Resource Manual.
42
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 10 RISK SCORING AND RECOMMENDATIONS
For each hazardous event identified, the PHA team shall document a risk level (1 – IV) as well as
consequence (C1 – C4) and frequency rating (F1 – F4). Detail of consequence-evaluation / frequency
rating guidelines is provided in Appendix B.
All recommendations should be checked against the Qualitative Risk Assessment Protocol
(Appendix-B). This would ensure that the PHA team drops all the low risk recommendations and
only high-risk recommendations get documented in the final report.
Recommendations shall be made for hazards having risk score I and II, some of the risk score III
items may be considered for developing recommendations, while for risk score IV items, the
administrative controls shall be suggested.
When the team considers risk and concludes that a recommendation is appropriate, the
recommendation should be specific and accomplishable. In general, the team should not make
recommendations to “study”, “consider” or “investigate” a situation. The team should do any
investigation needed, except in cases where a long range investigation by an expert is needed.
Recommendations should not give a specific design solution, because it can inhibit development of
more innovative or cost effective designs. The details of the design should be left to the person
assigned to complete the implementation of the recommendation. When possible, alternate routes
for achieving the same desired improved safety should be listed.
In documenting recommendations in the PHA report, each recommendation should be listed in the
review worksheets of the appropriate review method. The recommendations should use clear and
concise wording.
Multipart recommendations should be broken down for stewardship so that each part can be
assigned to an individual. The goal is to have a single person, not a group of people, responsible for
each recommendation.
Recommendations from the PHA should be prioritized as high and low. The priority given to a
recommendation can be used on the team’s judgment or the risk matrix.
43
DuPont Methodology For Risk Assessment And Process Hazard Analysis
10.2.1 Focus Items
The principle focus of a PHA is to eliminate or control hazardous process events to an acceptable
risk level through recommendations generated by the PHA team.
A safety or environmental consequence with a risk score of I or II must have
recommendations and shall be included in the final PHA report
Interim solutions must be developed for safety or environmental hazards with a risk level of
1
Risk levels of II should be reviewed on a case-by-case basis to determine if a
recommendation or an opportunity for improvement (Suggestion) is warranted (See PHA
Resource Manual Section 15)
When the potential consequences of a particular safety or environmental event, is
"catastrophic or major", the PHA Team may need to conduct a formal quantitative risk
analysis in addition to the qualitative risk analysis
A small fault tree, specific for the hazardous event in question may be helpful to the team
to confirm the probability of occurrence
10.3.1 Procedural
All the safe guards, which can be achieved by providing an approved procedure, standing order or
instruction, fall under this category.
Any recommendations, which can be complied with by doing routine maintenance, or a minor job,
which does not require engineering, fall under this category.
All the jobs, which cannot be handled on a running plant and can only be worked on during a
Shutdown or Turnaround, are covered in this category.
44
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Recommendations requiring engineering evaluations would fall under this category and would have
to go through the control of change protocol.
Procedural 02 months
Cases, where the cost of compliance is substantial and / or the risk of non-compliance so great, are
reviewed at the appropriate level of Sub HSE or Manufacturing HSE.
Following are guidelines for recommendations approval, escalating level of approval to higher safety
forums etc.
1. Recommendations from a PHA must be reviewed by the Sub-HSE (P). Sub-HSE (P) must
document its response to recommendations, accepting the recommendation as stated, accepting
it as modified, or rejecting the recommendation
2. Management must assign follow up responsibility and dates for completion of each accepted
recommendation. Interim actions should be considered until the permanent solution is
completed
3. If a recommendation is modified, the reason for the modification should be documented and
the alternate solution should address the hazard as effectively as the original recommendation
4. If management does not adopt or accept a recommendation, the reason and logic supporting
the decision must be documented and appended to the PHA report. Some of the reasons for
rejecting a recommendation are as follows:
The analysis upon which the recommendation is based contains factual material error
The recommendation is not necessary to protect the health and safety of employees,
contractors, or the public
45
DuPont Methodology For Risk Assessment And Process Hazard Analysis
An alternative measure would provide a sufficient level of protection
The recommendation is not feasible
Sub HSE (P) may suggest some key recommendations / findings to be reviewed in Manufacturing
HSE committee due to higher risks, immediate actions required or cost impacts are higher
Major projects or the introduction of new processes or chemicals can add significant risk to the
site. For these cases, it is appropriate to escalate the Risk Management decision to Corporate HSE
Committee.
Following are items, which do not require any recommendations, but still will be given in the PHA
report under the Heading “Discussions of Items Not Resulting in Recommendations”
Any safety or environmental C-4 event that has a risk score of II may not result in
recommendations
Safety or environmental consequences resulting in a risk level of III or IV could be considered
"Suggestions (Opportunities for Improvement)"
A draft of the PHA discussion section of the recommendations shall be issued to the Production
Section Head / Unit Manager and Safety Advisor before the formal review
46
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 11 PHA REPORT AND COMMUNICATION
The PHA report is a formal document that records the PHA team findings for management. The
report is also used by future PHA teams to understand what hazards have already been considered
and the conclusions reached. Following are guidelines for PHA report development:
The report should be concise, but with sufficient detail to provide readers with a clear
understanding of the hazards inherent to the process, the potential hazardous events, the lines
of defense controlling the hazards and the consequences of loss of these lines of defense.
Site recommended format for a base-line PHA is to be followed. However, this format is not
mandatory as long as all required sections (given in 11.1 PHA Report and Communication) are
included in the final PHA report.
The PHA is not considered “COMPLETE”, until the report is approved by the PHA leader
The approval date (report issue date) is taken as the starting point of duration for next PHA.
This is also considered starting date for any targets given in months, e.g., if a PHA is started on
January1, 2018 and PHA report is issued on May 15, 2018, then the next cyclic PHA will be due
on May 16, 2023 for a HHP.
Below is a list of specific requirements that should be included in the final PHA Report document:
47
DuPont Methodology For Risk Assessment And Process Hazard Analysis
16. Reference Documents
17. Attachments
Release model diagrams
Release modeling worksheets
PHR (What-if / checklist, HAZOP, FMEA etc) record forms
HAZOP examination record sheets
List of gaps identified in Operating / Maintenance Procedure or P&IDs
List of alarms which need to be revised
Thinking and logic employed by the team to generate the recommendations should be well
documented in the supporting detail section of the report. This information is needed by the
individuals assigned to implement the recommendations as well as future hazards review teams, to
avoid duplication of effort.
A PHA file must be developed in addition to the final report. This is to file all documentation of the
team’s work, including calculations, a list of references used and so forth. The information on the
follow up implementation of the recommendations must be included in the file. This file is a
permanent record and must be retained for the life of the facility with the relevant area Unit
Manager.
The final report for a base line PHA should be issued after 2 ~ 3 months of the activity, so that the
team members get enough time to close out the report.
The time between the charter letter and the final PHA report must not exceed six months.
48
DuPont Methodology For Risk Assessment And Process Hazard Analysis
All PHAs to be presented to or reviewed by Sub HSE (P). It is recommended but not mandatory to
present base line PHAs to Manufacturing HSE.
In PHA presentation to Sub HSE (P) and Manufacturing HSE, management shall acknowledge,
recognize and reward good performance by PHA team.
It is most important for the Area Unit Manager / Section Head to communicate hazards identified
in a PHA to all the individuals working on a process unit which have a potential of injury, fire or
loss of containment.
This information should be passed to all the individuals within 03 months of the PHA report issue
date.
Further the training plans of the entire individual who are assigned to a Unit or process area (new
or cross training) should ensure that they are aware of the hazards identified in a PHA.
The preferred method for PHA communication is through meetings, D-level Safety Meetings, Class
Room Trainings etc.
PHA team leader is responsible for communicating consequence analysis to all the Emergency Squad
Members.
49
DuPont Methodology For Risk Assessment And Process Hazard Analysis
As a minimum, the PHA Leader should send a copy of the PHA Report "Consequence Analysis
Section" along with supporting documentation to the Emergency Response Leaders and Crisis
Management Cell (CM Cell) members.
SECTION - 12 RECOMMENDATIONS – TRACKING,
CLOSURE, RE-EVALUATION AND WAIVERS
Once the recommendations are generated, finalized and report issued, all the high risk score
recommendation shall be tracked and stewarded till their completion.
1. A formal tracking system should be in-place to monitor the status of all the PHA
recommendations, this would ensure that the recommendations are under special focus and are
timely closed out. Safety section is responsible for setting up this tracking system
2. Periodic reports listing each recommendation’s progress should be issued by Safety Section or
through automated database every month
3. Status of the recommendations should be regularly stewarded in Manufacturing HSE by site
Safety Advisor
4. The status report shall include:
No. of recommendations added
No. of recommendations completed
Open recommendations
Pending recommendations – Recommendations that have passed due dates
12.2 Closure
1. All recommendations should be closed out within the assigned target date.
2. The recommendations will be closed on written feedback of responsible person or area Section
Head / Unit Manager
3. Recommendations must not be removed from the tracking system without a closure document
and comments
4. Close out record of all the recommendations should be kept in the PHA master file of the Unit,
with the Safety section or on OPERA / database
5. The completion documentation must clearly state the action taken to complete the
recommendation and justification should be appended to the PHA report
50
DuPont Methodology For Risk Assessment And Process Hazard Analysis
6. If the recommendation was modified, the reason for the modification must be documented and
the alternate solution must be shown to address the hazard as effectively as the original
recommendation.
1. Recommendations which have passed their target dates shall be changed for 1st time after review
and approval by Respective Department Manager or Sub HSE (P) chairman for High Risk score
items (risk score 1 & II). For any subsequent extension in target date (e.g 2nd or 3rd time etc),
approval of Manufacturing HSE chairman shall be mandatory.
2. For low risk score (III & IV) items, target dates can be changed on written approval of concerned
operations Section Head / Unit Manager for the 1st time. For any subsequent extension in target
date (e.g 2nd or 3rd time etc), approval of Respective Department Manager or sub HSE (P)
chairman shall be mandatory.
3. Justification letters must be attached for recommendations older than 02 year. The justification
shall include:
PHA Report, Recommendation and Tracking Number
Recommendation as stated in report
Reason due date was not met
Progress made to date on recommendations
When and by whom the recommendation will be completed and the plant to meet new
deadline
Interim solutions that have been put in place along with consent of all responsible areas
At times some of the approved recommendation might be found not workable and need to be
dropped. This change should be documented, associated risk understood and a waiver taken from
Manufacturing HSE Chairman.
51
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION – 13 CHANGES FOR NEW FACILITIES /
MODIFICATIONS PHA
This section gives the changes in the general PHAs for conducting and issuing a Project PHAs.
Team leader in this case will be the Process Engineer, Instrument or Electrical engineer /
Supervisor or Safety Resource. This will be consented by Safety Advisor, Production / Project
Manager and concerned area production Unit Manager
All the team leader’s responsibilities given in Section 6.5.1 will be applicable to Process,
Instrument or Electrical engineer / supervisor
What If / Checklist method shall be preferably used
Scenarios are thoroughly documented, including consequence and safeguards
The Project Leader should work with the Safety Advisor when developing the Charter and
selecting PHA Team Members
Outstanding action items should be written such that they are specific and accomplishable
Rest of the requirements for conducting a PHA are same as elaborated in this procedure.
The queries raised during hazard identification and hazard evaluation (PHR) process, those
have already been mentioned in the proposal shall not be given in the final PHA report
New queries which have not been addressed in the design shall be evaluated
Action items addressed during the course of the PHA shall be documented along with risk
evaluation in the PHR sheet for record purpose and shall not appear in the recommendations
list
Team leader in this case will be the Process / Instrument or Electrical engineer / supervisor.
This will be consented by site Safety Advisor, Production Manager and concerned area
operations Unit Manager.
All the team leader’s responsibilities given in Section 6.5.1 will be shifted to Process, Instrument
or Electrical engineer / supervisor
Preferably What If / Checklist method should be used
52
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Scenarios are thoroughly documented, including consequences and safeguards
The originator of Change or Test Run document should work with Safety Advisor and Area
Unit Manager to determine the scope of PHA
Outstanding action items should be written such that they are specific and accomplishable
Rest of the requirements for conducting a PHA are same as elaborated in this procedure.
53
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 14 REFERENCES AND LEVEL-3 PROCEDURES
14.1 References
Following is the list of reference documents / reports helpful during any PHA.
Health, Safety and Environment Design checklist to be filled in along with design (Process, I&E,
Mechanical) specifications.
Cyclical PHA Schedule / Plan
PHA Recommendations / Tracking System
PHA Reports
PHA Report Contents / Format (PHA Resource Material Tab 16)
54
DuPont Methodology For Risk Assessment And Process Hazard Analysis
SECTION - 15 ATTACHMENTS
15.1 Appendix A Detailed description of facility siting methodology
A.1 Introduction
This appendix provides an overview of the facility-siting methodology. The methodology is
illustrated by a flowchart shown in Figure A-1. While portions of this methodology may be
conducted by an individual, the overall evaluation process typically incorporates a teambased
approach (e.g., the approach used for a PHA).
The objective of this methodology is to determine if a building provides adequate protection
for the housed occupants or functions. At the completion of each step of the evaluation,
one of the following conclusions should be made:
The building is suitable for service
The building does not provide adequate protection, and appropriate remedial action is
necessary
It is not yet clear if the building is suitable, and additional evaluation is necessary
If the building is suitable for service, the team’s analysis of the building is complete. If the
building does not provide adequate protection, the team should proceed to the
riskmanagement process to identify suitable means of mitigating the risk. If it is not yet clear
if the building is suitable, the team may choose any subsequent analytical technique to
evaluate the building more rigorously. After potential risk-reduction options are identified,
each option’s effectiveness is evaluated by using one of the analytical techniques provided
within the methodology.
After identifying and evaluating appropriate risk-reduction measures, the team should reach
the conclusion that the building, either as is or with remedial actions, poses a tolerable risk
to its occupants or to its function. This decision is based on a set of conditions defining the
process, the building, and its occupancy or function. Future changes in any of the defining
conditions can invalidate the original decision regarding the suitability of the building.
- Process inventories
Initial building screening
- Building occupancies and functions
55
DuPont Methodology For Risk Assessment And Process Hazard Analysis
- Corresponding screening criteria
The information provided in each successive step of the methodology (shown in the above
bulleted list) becomes more detailed and builds on the information of the preceding steps.
It may be more efficient to collect information in a step-wise fashion and focus on the
particular analysis steps being conducted at that time.
56
DuPont Methodology For Risk Assessment And Process Hazard Analysis
If the answer to either question is “no,” then the evaluation is complete, and the study should
be documented. However, if either question is answered “yes,” then further evaluation should
be done. Both of these questions are addressed from the perspective of
The process, looking outward at surrounding buildings
The building, looking outward at nearby processes
The presence of a hazardous material or condition is not sufficient to warrant concern if the
amount of the material or the size of the system is small. For example, a standard cylinder
of acetylene (e.g., the type used in a welding shop) would probably not be judged as a facility-
siting concern, even though acetylene is highly flammable and potentially unstable. Similarly,
the cylinder of compressed air on a self-contained breathing apparatus would likely be judged
as not posing an undue risk to a nearby building, even though the cylinder pressure was quite
high. The team should exercise sound engineering judgment when determining whether a
hazardous material is present in sufficient quantities to be of concern. If this determination
cannot be easily made, then a consequence screening approach may be helpful (see Section
A.4).
57
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Where appropriate, hazards from off-site sources (e.g., adjacent HHP units/areas) should be
considered. There may be situations when significant off-site hazards should be included in
facility siting.
When determining the occupant load of assembly areas, the net area is the actual occupied area,
not including hallways, closets, and columns. All other areas are determined by utilizing the gross
square footage (inside wall to inside wall) of the space in question. See the below examples:
The occupant load in any building or portion of the building shall not be more than the number of
persons determined by dividing the floor area assigned to that use by the occupant load factor for
that use.
* The occupant load for storage occupancy shall be determined on the basis of the maximum probable population of the
space under consideration.
58
DuPont Methodology For Risk Assessment And Process Hazard Analysis
person-hours or more per week. Buildings with occupancies above this threshold should be further
evaluated.
Although some portable trailers and similar temporary structures may not fulfill the 336
personhours-per-week criteria, they may be used infrequently by a large number of personnel for
Area Use m2 per person ft2 per person
Storage * *
meetings and planning sessions. Sites should consider the peak building occupancy and include it as
part of the facility-siting study. Also, the 336 person-hours-per-week criteria are occasionally
unfulfilled for day-only occupancy of any building (e.g., 8 people, each with 40 hours per week). In
these cases, the facility-siting assessment team should use their judgment to determine whether
these buildings should be included in the evaluation.
Given sufficient warning, many personnel should have the ability to evacuate the building in the event
of an emergency. However, such evacuations are not considered when calculating the building
occupancy level. Similarly, buildings where it is mandatory or typical for personnel to remain during
an emergency (e.g., a control room) or where personnel typically assemble during an emergency
(e.g., a temporary safe haven) are considered occupied regardless of the calculated occupancy level.
Sites should be aware of intermittent patterns of unusually high occupancy (e.g., training or safety
meetings) in a building. In these cases, the site should consider further evaluation for the building,
even if it fails to meet the occupancy screening criteria. Alternatively, the site should consider
relocating the meeting so that the high concentration of personnel is not within the area potentially
affected by an incident.
Sites should use care when defining what comprises a building. A group of contiguous, small buildings
may be more appropriately classified as a single building for the purposes of applying the occupancy
screening criteria. Furthermore, a facility population should not be subdivided into a number of
smaller buildings to circumvent the occupancy screening criteria.
59
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Emergency response centers
60
DuPont Methodology For Risk Assessment And Process Hazard Analysis
No further evaluation is necessary if the building is located beyond the minimum spacing for the
event of concern.
See the Facility-Siting Guidance Manual for specifics and applicable spacing criteria that are defined
for use with this standard.
61
DuPont Methodology For Risk Assessment And Process Hazard Analysis
A process typically presents a variety of potential incident scenarios for evaluation. The
riskassessment approach is predicated on a thorough effort to identify and evaluate the significance
of such scenarios. Thus, risk assessment should be based on a thorough PHA.
Risk can be addressed either qualitatively or quantitatively. Either approach may be used individually
or successively in the order presented.
In QRA, credible incident scenarios are identified as a possibly single event or a whole range of
possible events. For each event, consequence modeling and frequency estimation techniques are
applied. Scenarios perceived to have similar consequences may be grouped as long as the individual
frequencies are aggregated.
The risk for each scenario or group of scenarios is calculated as the product of the consequence
and the frequency. The total risk to a building occupant is calculated by the summation of these risk
values. The tolerability of the risk is then determined by comparison to corporate risk guidelines.
When assessing the tolerability of risk, it is appropriate to look at both the risk to the individual and
the risk to groups of people within buildings (i.e., aggregate risk, which is a measure of the risk to
the business).
62
DuPont Methodology For Risk Assessment And Process Hazard Analysis
For additional guidance on risk calculations and risk-based decision making, see Guidelines for
Chemical Process Quantitative Risk Analysis and Tools for Making Acute Risk Decisions with
Chemical Process Safety Applications (see Section 2). When completing a QRA, the assistance of a
PS&FP engineering consultant is typically used. The relative costs of conducting such an evaluation
and of implementing risk-reduction measures may indicate that the evaluation is necessary and
should be considered before committing to a QRA.
Although the term “risk-reduction alternative” has been used, the variables (i.e.,
consequence or frequency) can reduce the risk. For example, the team might proceed to
the risk-reduction step directly from a consequence screening procedure without estimating
the risk (i.e., without analyzing the frequency). Alternatively, the team may have reached the
risk-management step after having completed a QRA. In the first case, the team should focus
on those risk-reduction measures that affect the consequences of the incident. In the latter
case, the team has the option of reducing risk by lowering the incident consequences and/or
decreasing the frequency of the incident.
63
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Prevention efforts are aimed at interrupting the chain of events that lead to the incident of
concern (i.e., explosion, fire, or toxic release). Thus, preventive measures are primarily
focused on the process and are specifically intended to reduce the frequency of the event.
Preventive measures may include
Providing higher reliability controls and interlocks
Enhancing the effectiveness of other PSM elements (e.g., training and procedures)
Consequence reduction efforts are broader in scope and can include efforts aimed at
Reducing the magnitude of the event at its source, including
64
DuPont Methodology For Risk Assessment And Process Hazard Analysis
The basis for selection of risk-reduction alternatives should be documented.
Facility siting methodology chart
65
DuPont Methodology For Risk Assessment And Process Hazard
Analysis
Consequence category
Consequence Consequence C-4
Type of Event Consequence category
category category catastrophic
/ Impact major C-3
minor C-1 moderate C-2
66
DuPont Methodology For Risk Assessment And Process Hazard
Analysis
B.2 Broad Event frequency categories
Approximate Corresponding
Category Typical Description Quantitative frequency (Per
Year)
F-1 Extremely Not realistically expected to occur (1 in more
Unlikely (or remote) than 10,000 years) < 10 -4
One or two,
complex, active.
Two or more passive Two or more, at None or one,
Some reliability
Lines of defense system, independent. least one passive. complex, active
issues may have
No reliability issue. Reliable. Poor reliability.
common mod
weakness.
Testing
Well – Documented Regular Tests,
Interlocks, Not checked often.
test protocol. function check may Undefined,
mechanical History of trouble.
Complete function be incomplete. unchecked, or
integrity, and Some tests claimed,
check. Good results. Problems are unappreciated.
emergency not done
Rare failures. uncommon.
system)
One major incident.
No major incidents. Causes not
No major events, very
Perhaps minor completely Many incidents.
few minor events,
Incident history incidents. Causes understood. Near – misses.
Prompt, corrective Questions remain if
understood and Failure to learn.
action taken. corrective action is
learning is captured.
adequate.
Chronis minor upsets Routine upsets,
Process well Rare upsets. Most not all explained or many never
Operating understood. Rare causes understood. acted on. More explained. Excursion
experience upsets are acted on Effective corrective serious ones are common and causes
promptly. action flagged and eventually not well
resolved. understood.
Event frequency evaluation matrix (continued)
67
DuPont Methodology For Risk Assessment And Process Hazard
Analysis
Frequency
Frequency
category Frequency category Frequency category
Attribute category
F-1: extremely F-2: very unlikely F-4: likely
F-3: unlikely
unlikely
Human Factors
68
DuPont Methodology For Risk Assessment And Process Hazard Analysis
Risk
Description Action PHA recommendation
Score
Should be mitigate with engineering and / or
administrative controls to a risk raking of III
I Intolerable or less within a specified time period, Yes
appropriate to the urgency of the
situation.
Should be mitigated with engineering and /
or administrative controls to a risk ranking
II Undesirable of III or less within a specified time period, Yes
appropriate to the urgency of the situation.
Maybe. A PHA
recommendation, an
improvement opportunity or
Should verify that procedures and controls
Tolerable with the lack of need for additional
III are in place and establish emphasis that
controls action may be identified,
they are maintained.
based upon a case-by-case
evaluation of the adequacy of
existing controls.
No. An improvement
opportunity may be
consideration for
IV Tolerable as is No mitigation
presentation to
management (outside the
PHA), if appropr
69