Layer of Protection Analysis – Quantifying human performance in initiating events and independent protection layers

Layer of Protection Analysis (LOPA) is widely used within the process industries as a simplified method to address risks and determine the sufficiency of protection layers. LOPA brings a consistent approach with added objectivity and a greater degree of understanding of the scenarios and risks as compared to purely qualitative studies such as Process Hazard Analyses. LOPA can be used to address a wide range of risk issues and serves as a highly effective aid to decision making.Incorporation of human performance within LOPA is recognized as an important, though often challenging, aspect of the analysis. The human role in potential initiating events or within human independent protection layers is important throughout the process industries, and becomes even more critical for batch processing facilities and in non-routine operations. The human role is key to process safety and the control of risks, necessitating the inclusion and quantification of human actions in independent protection layers for most companies. Human activities as potential initiating events and human performance within independent protection layers are reviewed and methods for quantification outlined. An extension into Human Reliability Analysis (HRA) is provided, including methods to develop Human Error Probabilities specific to the process safety culture and operations at a given plant site.     

On the need for system-theoretic hazard analysis in the process industries

Most process hazard analysis (PHA) studies today are conducted using traditional methods such as the hazard and operability study (HAZOP). Traditional methods are based on a chain-of-events model of accident causality. Current models of accident causality are based on systems theory and provide a more complete representation of the causal factors involved in accidents. Consequently, it is logical to expect that PHA methods should reflect these models, that is, system-theoretic hazard analysis (STHA) should be used. Indeed, system-theoretic process analysis (STPA) has been developed as such a method. STPA has been used in a variety of industries but, at this time, it has not gained acceptance by the process industries. This article explores the reasons for this situation. Expectations for PHA in the process industries are examined and issues for the application of STPA in the process industries are discussed. It is concluded that a variety of matters must be addressed before STPA can be considered as a viable PHA method for the process industries and the case for the use of STHA in the process industries is not yet proven.     

Metrics and analytics for process hazard analysis

Process hazard analysis (PHA) studies (e.g. HAZOP) identify hazard scenarios and each scenario is examined individually to decide whether risk reduction measures are needed. However, much more can be done to benefit from the contents of studies.PHA studies contain so much data that a manual review is precluded from yielding insights into their results. Fortunately, valuable information can be extracted using metrics and analytics that consider all the contents of a PHA study. The management of safety, operability, reliability, utilization, and loss prevention can all be improved.Metrics evaluate the contents of PHA studies to provide insights into the safety of processes and the quality of studies. Measures of process safety and study quality can be compared with norms to identify possible departures that may need to be addressed.Rather than focusing decision making on the risks of individual hazard scenarios, as is common practice, analytics enable a deeper analysis of the entire set of scenarios for a process. This enables better decisions to be made on where and how risk reduction resources should be allocated. Analytics can also be used to prioritize maintenance, training, and other activities.Various analytics and metrics for PHA studies are described together with examples that illustrate their use.     

基于人因可靠性的间歇装置SIL分析与改进

IEC 61508和IEC 61511等标准针对连续工艺装置提出了安全仪表系统安全完整性等级评估方法。但对于间歇装置的SIL评估,受人因因素影响水平并未明确,且没有提出相应计算模型。以某六氟磷酸锂间歇生产装置典型SIS为例,采用HAZOP结合LOPA方法对其进行风险分析,在明确间歇生产装置存在人员中毒、窒息及燃烧爆炸风险的基础上,确定并验证其安全仪表系统的SIL,再依据间歇生产装置人工依赖性高,即部分安全仪表系统未接入自动联锁且需人工手动触发的特点,建立人因可靠性模型,来分析人因可靠性对安全仪表系统SIL的影响,并进行改进研究。研究结果表明:人因因素对安全仪表系统SIL有显著影响;可通过改变SIS元件冗余结构、测试策略并结合改进人因管理措施来提高SIL。     

Competency requirements for process hazard analysis (PHA) teams

Process hazard analysis (PHA) is a cornerstone of process safety management programs. The quality of the PHA performed directly affects the level of risk tolerated for a process. The lower the quality of a PHA, the more likely higher risk will be tolerated. There are few requirements for PHA team members in the U.S. Occupational Safety and Health Administration's process safety management regulations. More detailed requirements for participation in a PHA are desirable.A competency management program should be used to ensure PHA practitioners and teams are appropriately qualified. Criteria for selecting PHA team leaders, or facilitators, and other team members are key to such a program and are described in this paper. The criteria cover both technical and personal attributes. Application of the criteria is described and team performance metrics, which can be used to correlate performance with the assessment of competency to validate the criteria and methods used, are discussed.Owing to the importance of the role played by team leaders, certification of their competency is desirable. Criteria for certification are described and their application is discussed.     

Scenario identification and evaluation for layers of protection analysis

The identification and screening of scenarios has been identified as a source of variation in Layers of Protection Analysis (LOPA). Often the experience of the analyst is a significant factor in determining what scenarios are evaluated and the worst credible consequences. This paper presents a simplified chemical process risk analysis that is effective in providing a semi-quantitative measure of consequence that may include human harm and is independent of the analyst. This process may be used in evaluation of Management of Change, inherently safer design decisions for capital projects and LOPA re-validation. Conditional and relational logic may be captured with the use of simple spreadsheets to further improve overall efficiency. For example, this method minimizes the overall time required for scenario development and re-validation relative to Hazard and Operability studies (HAZOP).The technique simplifies established models used by engineers engaged in the operation or design of a chemical manufacturing facility without special software or training. The results of this technique are realistic and may be directly compared with corporate or regulatory guidelines for risk of fatality or injury. At each step in the risk analysis process, more detailed or sophisticated methods may be used to refine the technique. Furthermore, results from any step may indicate that the hazard from a specific scenario case is not sufficient to continue with subsequent analysis steps.     

Requirements for improved process hazard analysis (PHA) methods

In order to develop better process hazard analysis (PHA) approaches, weaknesses in current approaches first must be identified and understood. Criteria can then be developed that new and improved approaches must meet. Current PHA methods share common weaknesses such as their inability specifically to address multiple failures, their identification of worst-consequence rather than worst-risk scenarios, and their focus on individual parts of a process. There has been no comprehensive analysis of these systemic weaknesses in the literature. Weaknesses are identified and described in this paper to assist in the development of improved approaches. Knowledge of the weaknesses also allows PHA teams to compensate for them to the extent possible when performing studies.Key criteria to guide the development of improved methods are proposed and discussed. These criteria include a structure that facilitates meaningful brainstorming of scenarios, ease of understanding and application of the method by participants, ability to identify scenarios efficiently, completeness of scenario identification, exclusion of extraneous scenarios, ease of updating and revalidating studies, and ease of meeting regulatory requirements. Some proposals are made for moving forward with the development of improved methods including the semi-automation of studies and improvements in the training of team members.     

A hybrid model for human factor analysis in process accidents: FBN-HFACS

Human factors are the largest contributing factors to unsafe operation of the chemical process systems. Conventional methods of human factor assessment are often static, unable to deal with data and model uncertainty, and to consider independencies among failure modes. To overcome the above limitations, this paper presents a hybrid dynamic human factor model considering Human Factor Analysis and Classification System (HFACS), intuitionistic fuzzy set theory, and Bayesian network. The model is tested on accident scenarios which have occurred in a hot tapping operation of a natural gas pipeline. The results demonstrate that poor occupational safety training, failure to implement risk management principles, and ignoring reporting unsafe conditions were the factors that contributed most failures causing accident. The potential risk-based safety measures for preventing similar accidents are discussed. The application of the model confirms its robustness in estimating impact rate (degree) of human factor induced failures, consideration of the conditional dependency, and a dynamic and flexible modelling structure.     

基于熵权-HDT的航空器维修人误概率确定

人误是造成民用航空维修差错的主要因素。为确定不同情境下人误发生概率,结合某维修基地具体情况,采用熵权法确定主要的影响因子,并基于全决策树法分析主要影响因子对航空器维修人误概率的影响程度。计算结果显示,该维修基地人因可靠性的主要影响因子包括航空器维修人员的安全态度、技能、沟通、工作环境、压力以及工段长领导能力。根据各主要影响因子的不同品质描述等级组合,确定该情境下航空器维修人员的人误概率。鉴于该维修基地人因可靠性影响最明显的因子是"沟通",提出信息及时交流、明确沟通重要性等解决措施。     

A fuzzy logic and probabilistic hybrid approach to quantify the uncertainty in layer of protection analysis

Layer of protection analysis (LOPA) is a widely used semi-quantitative risk assessment method. It provides a simplified and less precise method to assess the effectiveness of protection layers and the residual risk of an incident scenario. The outcome failure frequency and consequence of that residual risk are intended to be conservative by prudently selecting input data, given that design specification and component manufacturer's data are often overly optimistic. There are many influencing factors, including design deficiencies, lack of layer independence, availability, human factors, wear by testing and maintenance shortcomings, which are not quantified and are dependent on type of process and location. This makes the risk in LOPA usually overestimated. Therefore, to make decisions for a cost-effective system, different sources and types of uncertainty in the LOPA model need to be identified and quantified. In this study, a fuzzy logic and probabilistic hybrid approach was developed to determine the mean and to quantify the uncertainty of frequency of an initiating event and the probabilities of failure on demand (PFD) of independent protection layers (IPLs). It is based on the available data and expert judgment. The method was applied to a distillation system with a capacity to distill 40 tons of flammable n-hexane. The outcome risk of the new method has been proven to be more precise compared to results from the conventional LOPA approach.     

Villains,victims, and heroes: Accounting for the roles human activity plays in LOPA scenarios

When a team is analyzing a LOPA scenario, the team needs to consider all three roles played by human interaction in the scenario: that of cause, as a result of human error; that of receptor, both in terms of safety impacts (inside the fence line) and community impacts (outside the fence line); and that of independent layer of protection (IPL), considering both administrative controls and human responses. Frequently, the nature of these three roles are inter-related, and setting guidance that is internally consistent is important to using LOPA to assess risk rather than as a means to game the analyses to simply achieve a wished-for result.A number of criteria have been proposed to quantify human involvement, typically as cause, as receptor, or as IPL. Establishing a framework to look at all three in a unified way is more likely to result in analyses that are consistent from scenario to scenario.This paper describes such a framework and presents it in a way that allows organizations to review their own criteria for quantifying human involvement in LOPA. It also examines some of the published LOPA criteria for human involvement and looks at them in terms of consistency of approach between evaluation of cause, receptor, and IPL. Finally the paper makes suggestions to use in calibrating LOPA methodologies to achieve consistent and believable results in terms of human interaction within and between scenarios that have worked for other organizations.     

基于风险矢量图的多场景保护层分析方法研究*

为解决多场景保护层分析（LOPA）存在的问题,建立风险矢量导图,将事故场景、独立保护层、修正因子、事故后果发生频率等因素进行系统分析,分别采用最大值法求和法计算后果发生频率,探讨多重初始事件导致事故发生频率的最优计算方法;阐述点火源、暴露因子以及致死概率等修正因子的使用方法并提出改进建议,避免常规LOPA下致死概率过高的问题。以柴油加氢装置原料油缓冲罐液位过高风险点为例,进行多场景LOPA,应用综合计算法得出多重初始事件导致的液位高后果失效频率为3.2E-02。结果表明:风险矢量导图和正确使用修正因子可有效提高LOPA的质量;不同初始事件导致的场景失效频率值相差较大或存在共用保护层的情况适用最大值法,其他情况则可采用求和法;如果多场景同时适用最大值法和求和法,则采用综合计算法;求和法过于保守,最大值法过于乐观,综合计算法更为准确。     

石化装置火灾爆炸贝叶斯网络与防护层集成分析

复杂的石油化工装置在运转过程中存在诸多不确定因素,易发生火灾、爆炸等重大事故,给安全生产带来极大威胁。考虑到传统的系统安全分析方法在风险评估中存在一定局限性,引入贝叶斯网络与防护层集成分析模型。应用GeNIe软件将系统故障树转成贝叶斯网络,根据贝叶斯双向推理进行故障预测和诊断,快速识别系统薄弱环节并确定为风险贝叶斯故障节点,结合防护层分析提出相应的独立防护层,确定剩余风险水平。实例应用表明,所构建的贝叶斯网络与防护层集成分析模型对复杂系统进行风险评估是可行的,较传统的事件树、故障树分析方法更加科学、合理。     

Integrating cybersecurity in hazard and risk analyses

As operational and information technologies converge to allow for remote and real-time access to plant operating data and control functions, the process industry could become increasingly susceptible to cyber-attacks. Traditional hazard and risk analysis methods appear inadequate to identify, prevent, and mitigate such attacks. This paper discusses the significance of incorporating cybersecurity vulnerability analysis not just as part of process hazard analysis (PHA), but also in terms of protecting the process control network and implementing adequate safeguards in general against cyber threats. A layer of protection analysis (LOPA) is adapted to evaluate potential weaknesses and ensure safeguards for critical applications would be resistant to cyber-attacks. Integrating cybersecurity into hazard and risk analyses as well as other elements of process safety management (PSM) is demonstrated with examples, making the plant more resilient against both traditional and cyber threats.     

过程工业计算机辅助安全防护层分析技术进展

介绍当前过程工业安全防护层分析(LOPA)的基本内容,研讨LOPA方法与深层次的危险和可操作性分析方法(HAZOP)之间的关系以及计算机辅助HAZOP的研究进展。针对人工LOPA方法的缺点,开发了SDG-HAZOP软件平台,为计算机辅助LOPA平台研发创造了先决条件。应用计算机辅助LOPA方法,使防护层的设置具有更好的针对性、合理性和有效性,发挥对事故的预防和预警作用,并具有良好的发展前景。     

Improved management practice and process hazard analysis techniques for minimizing likelihood of process safety incidents in Taiwan

In Taiwan, process safety accidents often occur despite the prior implementation of process hazard analysis (PHA). One of the main reasons for this is the poor quality of the PHA process; with the main hazards not being properly identified, or properly controlled. Accordingly, based on the findings of 86 process safety management (PSM) audits, dozens of post-accident site resumption review meetings, and hundreds of PSM review sessions, this study examines the main deficiencies of management practice and PHA implementation in Taiwan, and presents several recommendations for improved PHA assessment techniques and procedures. The study additionally examines the feasibility for using PSM-related information, such as process safety information and process incident information, as a tool for further enhancing the PHA quality. Overall, the study suggests that, in addition to following the basic rules of PHA and requirements of OSHA (1992),management in Taiwan should also provide training in the enhanced assessment techniques proposed herein and take active steps to incorporate PSM information into the PHA framework in order to improve the general quality of PHA and reduce the likelihood of process safety accidents accordingly.     

Joint analysis of process and operator performance in chemical process operational safety

Independent studies of case histories by the Health and Safety Commission in the UK and by a Honeywell led industrial consortium world-wide showed that human errors represent the major cause of failure in process plant operation. In contrast to this discovery the majority of previous studies on computer aided systems for fault detection and diagnosis has focused on the process side. This paper presents a methodology, which can involve human factors into the development of systems for automatic identification and diagnosis of abnormal operations and develops methods and techniques that can be used to simultaneously capture, characterise and assess the performance of operators as well as of the process. A joint process–operator simulation platform is developed which is used as a test-bed for carrying out the study. The process part is a simulator, which simulates in high fidelity the dynamic behaviour of the process that is subject to the influence of various disturbances and operators’ interventions. The operator module is developed as a real-time expert system, which emulates operator’s behaviour in interpretation of received signals, and planning and execution of decisions. The interaction between the two modules is managed through an interaction module, which handles the real-time exchange of data using Dynamic Data Exchange. The interaction module also contains the toolkits for analysing the dynamic behaviour of the joint process–operator system. The method and system are illustrated using a simulated case study.     

Safety in shipping: the human element

INTRODUCTION: There are numerous diverse papers that have addressed issues within maritime safety; to date there has been no comprehensive review of this literature to aggregate the causal factors within accidents in shipping and surmise current knowledge. METHODS: This paper reviewed the literature on safety in three key areas: common themes of accidents, the influence of human error, and interventions to make shipping safer. The review included 20 studies of seafaring across the following areas: fatigue, stress, health, situation awareness, teamwork, decision-making, communication, automation, and safety culture. RESULTS: The review identifies the relative contributions of individual and organizational factors in shipping accidents, and also presents the methodological issues with previous research. CONCLUSIONS: The paper concludes that monitoring and modifying the human factors issues presented in this paper could contribute to maritime safety performance. IMPACT ON INDUSTRY: This review illustrates which human factors issues are prevalent in incidents therefore this gives shipping practitioners a focus for interventions.     

Human factors analysis of China's confined space operation accidents from 2008 to 2018

In recent years, several accidents in confined spaces have threatened the safety of staff and property in industries. A statistical analysis of 120 fatal accidents involving confined space operations in China from 2008 to 2018 was conducted in this study. The causes and characteristics of confined space operations accidents (CSOAs) were summarized. Focusing on the impact of human factors on CSOAs, the HFACS-MCS (HFACS-Modified Confined Space Accident) model, which consists of 5 levels and 21 factors, was established based on HFACS (Human Factors Analysis and Classification System). The chi-square (χ2) test and the OR analysis were implemented to analyze the statistically significant correlations between adjacent levels in the model. Finally, three human influence paths in CSOAs were derived. The results show that inadequate safety culture, organizational process vulnerability, inadequate supervision, supervisory violations, decision errors, and operational violations are the principal causes of the accidents. Besides, hurried and ad hoc rescue often caused more casualties. The targeted pre-accident prevention and post-accident emergency rescue countermeasures are proposed to prevent the recurrence of CSOAs and secondary accidents.     

On the operator action analysis to reduce operational risk in research reactors

Human errors during operation and the resulting increase in operational risk are major concerns for nuclear reactors, just as they are for all industries. Additionally, human reliability analysis together with probabilistic risk analysis is a key element in reducing operational risk. The purpose of this paper is to analyze human reliability using appropriate methods for the probabilistic representation and calculation of human error to be used alongside probabilistic risk analysis in order to reduce the operational risk of the reactor operation. We present a technique for human error rate prediction and standardized plant analysis risk. Human reliability methods have been utilized to quantify different categories of human errors, which have been applied extensively to nuclear power plants. The Tehran research reactor is selected here as a case study, and after consultation with reactor operators and engineers human errors have been identified and adequate performance shaping factors assigned in order to calculate accurate probabilities of human failure.