- Email: [email protected]
A systematic Hazop procedure for batch processes, and its application to pipeless plants
Journal of Loss Prevention in the Process Industries 13 (2000) 41–48 www.elsevier.com/locate/jlp
A systematic Hazop procedure for batch processes, and its application to pipeless plants F. Mushtaq *, P.W.H. Chung Department of Chemical Engineering, Loughborough University, Loughborough, LE11 3TU, UK
Abstract Increasing technological complexity together with social and legal pressures have made it necessary to develop more effective approaches to safety. This need is particularly strong in the design and operation of chemical plants. One approach, Hazard and Operability Study (Hazop), is a method of systematically identifying every conceivable process deviation, its abnormal causes and adverse hazardous consequences in a chemical plant. The technique was developed by ICI in the 1960s, and has been standardised for use in continuous manufacturing plants. Improvised attempts have been made to modify the continuous Hazop approach for use with batch processes, such as using different guide words and deviations, without the method of application being formalised. There are different issues that need to be surmounted for the methodology to be applied to batch processing plants. The standard approach, of examining a system line by line, is ideal for continuous processes but does not lend itself to the thorough examination of batch processes. A typical batch plant can be examined by dividing the process into three operational phases: charge, reaction, and discharge. A modified Hazop methodology should then be applied to the description of each phase. Although a need for this type of approach has been recognised, there is no published information to be found on an agreed format on how this should be done. This paper presents a formalised approach to applying the Hazop methodology to batch processes. A way forward in multiproduct manufacturing is the emerging technology of ‘pipeless plants’. The basic idea is to move the process vessel between fixed stations for mixing, separation and other activities. This offers great flexibility for change, and allows a company to respond quickly to market demands and technological advances. Little research has been done on the safety of pipeless plants, which are essentially batch plants with mobile vessels. Therefore the batch Hazop methodology presented in this paper has been further developed in order to improve the safe design of pipeless plants. 1999 Elsevier Science Ltd. All rights reserved. Keywords: Batch Hazop; Pipeless plants; Process safety
1. Introduction A hazard has the potential to cause harm, and can take the form of injury to people or damage to property, plant, products or the environment; production losses; business harm and increased liabilities (Wells, 1996). In the process industries such hazards fall into particular categories: chemical, thermodynamic, electrical and electromagnetic, and mechanical. A batch process could potentially give rise to hazards in all these categories. 2. Hazard identification For a long time it has been recognised that there is a need to check designs or operating procedures for errors. * Corresponding author.
However, this has historically been done on an individual basis. Different experts have checked particular parts of the design, according to their experience. For example, a control engineer would check the control systems. Although this approach does improve the design, it will not detect a hazard caused by the interaction between a number of different elements. There are a number of hazard identification and hazard analysis methods available, which can either be qualitative or quantitative in nature. Qualitative methods: Checklists, What-If Reviews, HAZOP Reviews, Preliminary Hazard Analysis, Failure Modes Analysis (FMA). Quantitative methods: Event Trees, Fault Trees, Failure Modes and Effects Analysis (FMEA). The most beneficial method would make use of the com-
0950-4230/00/$ - see front matter 1999 Elsevier Science Ltd. All rights reserved. PII: S 0 9 5 0 - 4 2 3 0 ( 9 9 ) 0 0 0 5 4 - 6
42
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
bined skills of a group of experts to study these interactions together within meetings, such as Hazop, with the backup of other complementary methods such as Fault Tree Analysis carried out outside the meetings.
(Shimada, Yang, Song, Suzuki & Sayama, 1995; Srinivasan & Venkatasubramanian, 1996). The issues involved with batch processes are significantly different to those for continuous processes. Two important points have to be considered in the Hazop of batch processes:
3. Hazop
앫 The role of operating procedures and operator actions 앫 The discrete-event character of batch processes.
Hazop (Hazard and Operability Study) is a methodology developed by ICI in the 1960s for identifying hazards in continuous chemical plant design (Kletz, 1999). A Hazop team consists of a leader, and members from the production, technical and engineering departments. The examination procedure is the fundamental part of a Hazop. A full description of the process is made available at the Hazop meetings, such as a Piping and Instrumentation Diagram (P&ID) [or an Engineering Line Diagram (ELD)]. Every part of it is examined systematically (normally line by line), using guide words as prompts to determine how deviations from the design intent could occur, and whether or not these deviations could lead to hazardous situations. The guide words are used to ensure that the integrity of each part of the design is questioned, and that every conceivable way that the design could deviate from the design intent is explored. Each deviation is considered to determine the causes and consequences. In the case where the deviation indicates a cause that is conceivable and the consequence is potentially hazardous, some kind of remedial action is required, and this has to be noted in the minutes of the Hazop. Hazop is a time-consuming and labour-intensive activity. Research into automated Hazop (Larkin, Rushton, Chung, Lees, McCoy & Wakeman, 1997; Leone, 1996; Venkatasubramanian & Vaidhyanathan, 1994; Wakeman, Chung, Rushton, Lees, Larkin & McCoy, 1997) holds promise of greatly reducing the time and effort required in a Hazop, making the study more thorough and detailed, and minimising or eliminating human errors. The principle for operability study is the same as for Hazop, using guide words to identify process deviations from the design intent. It has proved useful in identifying the most critical parts of the plant (Piccinini & Levy, 1984). Its effectiveness can be substantiated by subsequent fault tree analysis. Although fault tree analysis appears to be vastly superior, in terms of quantifying the likelihood of risk, to operability analysis, its reliability is dependent on the availability of good data. Therefore it is not so much the final result as the methodology adopted at the design stage that makes operability analysis important. There has been little work published on the development of a systematic methodology of Hazop analysis for batch processes. The papers that have been produced have concentrated on automated batch Hazop studies
Houton, Sowerby and Crittenden (1996) have suggested a special approach to the analysis of the design of batch processes using hierarchical methods (Houton et al., 1996). This particular methodology was developed to address the problem of waste in batch processes, and therefore concentrates on waste minimisation. The design of a batch process can be very complex. Hierarchical methods can be used to break the design down into smaller sections (levels) for ease of analysis, from an overview of the whole process to the analysis of individual operations. Questions are used at each stage to determine if there is a problem. The approach of breaking the analysis down in smaller sections is sound, however, the success of the analysis is now determined on whether the right questions are asked, and therefore potential safety problems can be missed. The hierarchical design method will give an indication of the issues involved but will not identify problems as thoroughly as other studies such as Hazop.
4. Pipeless plants There was no published work found on the Hazop of pipeless plants, so initially a standard Hazop methodology would have to be developed for batch processes, which could then be further developed for use in pipeless batch plants. The basic idea of a pipeless batch plant is to move the process vessel between fixed stations for mixing, separation and other activities. To understand this it can be likened to a chemical laboratory (Niwa, 1993), where a beaker or flask could be a ‘mobile vessel’, and the laboratory equipment such as the Bunsen burners are ‘processing stations’. In more technical terms it is an arrangement of many units, such as movable reactors and other functional stations, which work cooperatively by avoiding collision or conflict (Kuroda & Ishida, 1993). The elimination of pipework for the transfer of material offers great flexibility for change, and allows a company to respond quickly to market demands and technological advances. Other benefits include reduced product loss, ease of cleaning, and reduced inventories (Just-In-Time processing) (Zanetti, 1992). Companies, mainly in Japan, already consider pipeless plants to be beneficial to their business requirements (Japan Supplement, 1997; Kamiya & Fouhy, 1997; Shimatani & Okuda, 1992). However, the flexibility that the
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
pipeless plant offers, which allows changes to be made quickly and easily introduces new hazards. Changes always need to be considered carefully before being implemented, as a change in a small section of a system could affect the safety of the whole system. The batch Hazop procedure could be applied to pipeless plants without too much modification. The main areas that do need to be looked at are the charge and discharge steps. These require special attention as they involve the connecting and disconnecting of pipework. Safety reviews are ultimately looking for the possibilities where human error may occur. This is usually in the operational phase, but could also be the cause of defects in the design or construction of a plant. In an automated pipeless plant, there would not normally be any operators, only someone overseeing the smooth running of the plant from a control room. This greatly reduces the human operational errors that may occur, and therefore emphasises the need for a safe design.
5. Procedure for the Hazop of batch processes The concept of having a review team using a systematic method for examining a system has been very successful. The method of using guide words as prompts has been advantageous in finding potential problems. However, for a batch process the guide words and deviations/parameters that would need to be applied is different from a continuous plant and the general method for applying them is also different. Instead of reviewing a plant line by line, a typical batch plant can be examined by dividing it into three operational phases: charge, reaction, and discharge. The charge and discharge steps can be analysed in a similar way to a Hazop on a continuous process. The reaction step can be reviewed by separating it into its different operations such as mixing, heating etc. Each step changes the contents and conditions in the reactor. The reactor itself should also be examined, especially the possible deviations that could
43
occur on the its support systems, such as agitator, heating and cooling units etc. as well as pipelines. 5.1. Review team The review team would be selected from the people who have carried out the design, people who have knowledge and experience of the process, plant operation and maintenance, and people who are independent of the design but have knowledge and experience of the hazard review procedure. This is similar to continuous processes. Table 1 shows a typical team and describes the contribution of each team member. 5.2. Information requirements The information requirements of a batch Hazop would be different from those of a continuous Hazop. Knowledge of the plant P&ID is not sufficient to represent batch plant operation. A product recipe, a detailed description of how each elementary processing step is implemented, is also required. This describes the process rather than a specific plant. Additional requirements include information on the process chemistry, process materials safety data sheets, and information on the plant control. 5.3. Guide words This section describes guide words for use in the hazard review of batch processes. There is a basic set of guide words which is applicable to most continuous systems, and includes words such as no, more and less (Wells, 1996; Kletz, 1999). The Ministry of Defence has produced a Defence Standard for carrying out a Hazop on systems containing programmable electronics (Ministry of Defence, 1996a,b). The guide words used and their interpretations are different from the basic set used in continuous processes. Timing is essential in the safety of these systems, as it is with batch processes due
Table 1 Hazop review team Design Engineer Process Engineer Commissioning Manager Instrument Design Engineer Research Chemist Team Leader Secretary
Usually a mechanical engineer (wants to minimise costs and keep changes to a minimum, while at the same time finding out any potential problems at a relatively early stage). Usually a chemical engineer (draws up the flow sheet) Usually a chemical engineer (will have to start up and operate the plant, therefore will press for changes that will make his/her life easier). A knowledge of the control strategy and instrumentation is very useful in the reviews (in additional more instrumentation may be required, therefore it is useful to have the engineer in the meeting) Specialist in the chemistry of the process to be carried out (may also be required to carry out further research) Expert in Hazard Review technique (independent of the design, he needs to ensure that the correct procedure is followed). To record the minutes of the meeting (could be done by Team Leader as well), using a computerised recording system
44
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
Table 2 Guide words and their interpretation No More Less As well as Part of Reverse Other than Early Late Before After Quickly Slowly
This is the complete negation of the design intent. No part of the intention is achieved and nothing else happens. This is a quantitative increase. This is a quantitative decrease. All the design intent is achieved together with additions. Only some of the design intent is achieved. The logical opposite of the design intent is achieved. Complete substitution, where no part of the design intent is achieved but something different happens. Something happens earlier than expected relative to clock time. Something happens later than expected relative to clock time. Something happens before it is expected, relating to order or sequence. Something happens after it is expected, relating to order or sequence. Something happens quicker than expected. Something happens slower than expected.
Table 3 Hazop procedure for a batch process Stage
Procedure
1. Select Vessel and Discuss Product Changeover
1.1 Select a vessel/reactor to use. Determine whether or not the vessel has been in use previously to make a different product. If it has, knowledge of the previous product is required in terms of its process chemistry (raw materials used etc.) to ascertain whether there are any compatibility problems. 1.2 If there is a compatibility problem, its causes and consequences should be recorded in the minutes under the parameter of cleaning (from the Instruction Set), since cleaning is the last operation (instruction) of the previous batch. If an action is required it should be recorded and assigned to one of the review team.
2. Select Process Flow Sheet
2.1 Select a process flow sheet for review—should be an operation at a time going through the new process in order, starting from charging, then mixing, then heating etc.
3. Charging
3.1 This should be dealt with in the same way as in a continuous process. Problems should be picked up by selecting a line or node and applying the guide words to the Standard Set, e.g. no flow. Causes and consequences should be identified and recorded. 3.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team.
4. Review Operations
4.1 Apply the guide words to the operations from the Instruction Set, e.g. no mixing. Identify the causes of the deviation, and the consequences and safeguards. 4.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team. 4.3 Once action has been taken (or no action is required), continue with the Hazop by returning to Step 4.1. Do this until all the guide words have been applied to all the relevant operations from the Instruction Set. 4.4 Guide words should then be applied to parameters from the Standard Set such as temperature, pressure and level. Again, causes, consequences and actions should be recorded.
5. Discharging
5.1 The next step is to consider the discharge step in the same way as in a continuous process. Problems should be picked up by selecting a line or node and applying the guide words to the Standard Set, e.g. no flow. Causes and consequences should be identified and recorded. 5.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team.
6. Select Next Vessel/Reactor
6.1 This section of the review on the particular vessel/reactor is now complete. Return to Stage 1 and select the next vessel in the process sequence.
7. Follow-up Work
7.1 Once the Hazop is complete, there must be a follow-up meeting to ensure that the actions have been carried out.
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
to their discrete event nature. Therefore the words ‘early’ and ‘late’ are used for actions or events relative to time, and the words ‘before’ and ‘after’ are used for considering the order of actions or events (Kletz, Chung, Broomfield & Shen-Orr, 1995; Little, 1995). Shimada et al. (1995) gives an example of how to consider the charging of a catalyst in a batch process, and also places emphasis on the words ‘early’ and ‘late’. Knowlton (1976) explains how the applicability of guide words is dependent on the aspects to which they are applied, and states that they can be applied to activities such as ‘react’ to generate intelligible deviations. In addition Knowlton introduces extra guide words, ‘sooner’ and ‘later’ to be used when dealing with sequence or absolute time. Table 2 gives a list of guide words and their interpretation. Some of the words are similar to those used for continuous processes, although their interpretation may not be the same. 5.4. Deviations/parameters The set of deviation words to be used should be generated by the Chairperson and Secretary before the Hazop, with the option to add further relevant words to the list.
Fig. 1.
45
An example of a standard set of deviation words is given below: Standard Set: Flow, Temperature, Pressure, Level, Inspect, Maintenance, and Services In addition, for a Hazop study on a batch process it is necessary to apply the guide words to the instructions (process operations). An example of an instruction set of deviation words is given below:
Instruction Set: Mix, React, Cut, Heat, and Clean
6. Review procedure for batch processes When the preparation for the study has been completed, and the relevant information is available the Hazop team must meet and go through the procedure shown in Table 3 in order to ensure the success of the study. The procedure can be followed more effectively using a flow diagram (see Fig. 1).
Flow diagram showing the Hazop procedure for a batch process.
46
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
7. Application of batch Hazop procedure to pipeless plants A pipeless plant could potentially give rise to hazards in all the categories described for batch plants and more due to the movement of vessels. Any change to a system could potentially lead to a hazardous situation developing, and the whole point of a pipeless plant is that it can quickly respond to market changes (Zanetti, 1992). Therefore it needs to be initially designed in such a way that changes in production do not lead to hazards. The review procedure for a pipeless plant is very similar to the procedure above. A batch process commences with the charging of a reactor with raw materials and concludes with the discharging of the product (before cleaning). The intermediary steps to produce the final product occur in the reactor, and can be reviewed simultaneously from a safety perspective. With a pipeless plant, however, the charging process
is an operation, as is the discharging process. Each operation, from charging, mixing and heating, to discharging occurs at a distinct station. Every operation commences with the reactor connecting up to a station, and concludes with the reactor disconnecting. Therefore the way to review this is to analyse each station in three steps: connecting, the operation, and disconnecting. To carry this out the guide words should be first applied to the parameter ‘connect’. The operation should then be reviewed as in a batch Hazop, followed by applying the guide words to the parameter ‘disconnect’. The modified procedure for pipeless plants is shown in Table 4, and the corresponding flow diagram is shown in Fig. 2. 8. Conclusion There is a lack of a formalised procedure for the Hazop of batch processes. Some case studies have been
Table 4 Hazop procedure for a pipeless plant Stage
Procedure
1. Select Vessel and Discuss Product Changeover
1.1 Select a vessel/reactor to use. Determine whether or not the vessel has been in use previously to make a different product. If it has, knowledge of the previous product is required in terms of its process chemistry (raw materials used etc.) to ascertain whether there are any compatibility problems. 1.2 If there is a compatibility problem, its causes and consequences should be recorded in the minutes under the parameter of cleaning (from the Instruction Set), since cleaning is the last operation (instruction) of the previous batch. If an action is required it should be recorded and assigned to one of the review team.
2. Select Process Flow Sheet
2.1 Select a process flow sheet for review—should be a Station at time going through the new process in order, starting from charging, then mixing, then heating etc.
3. Connecting
3.1 The connecting operation should be considered by applying the guide words to the Connect parameter, e.g. no connect. Causes and consequences should be identified and recorded. 3.2 Decide if there is a problem that requires action. If yes, this should be recorded and assigned to one of the Hazop team.
4. Review Operation
4.1 Now apply the guide words to an operation from the Instruction Set, to be carried out at the station under review, e.g. no mixing. Identify the causes of the deviation, and the consequences and safeguards. 4.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team. 4.3 Once action has been taken (or no action is required), continue with the Hazop until all the guide words have been applied to the relevant operation from the Instruction Set. 4.4 Guide words should then be applied to parameters from the Standard Set such as temperature, pressure and level. Again, causes, consequences and actions should be recorded.
5. Disconnecting
5.1 Once all the lines have been reviewed the next step is to apply the guide words to the Disconnect parameter. Any potential problems associated with the vessel disconnecting from the staion should be picked up here. Causes and consequences should be identified and recorded. 5.2 Decide if there is a problem that requires action. If yes, take action to consider changes in terms of the disconnection between the vessel and the station. This should be recorded and assigned to one of the Hazop team.
6. Select Next Vessel/Reactor
6.1 This section of the review on the particular station is now complete. Return to Stage 2 and select the next station in the process sequence. Repeat Stages 2–5 until all the process steps for the vessel have been examined. The Hazop is then complete for this process and vessel.
7. Follow-up Work
7.1 There must be a follow-up meeting to ensure that the actions have been carried out to the satisfaction of the Hazop team.
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
47
Fig. 2. Flow diagram showing the Hazop procedure for a pipeless plant.
published which suggest how the procedure for continuous processes can be modified, or emphasise other approaches for reviewing the safety of batch processes. The issues concerned with batch process safety have been described in this paper, and a methodology developed which breaks a complex design down into smaller sections for analysis in a strict sequential manner. An extension of this methodology has also been developed for use in the safe design of processes in pipeless plants. As would be expected in any systematic safety study, the methodology is time-consuming. A computer-support tool to guide and document the study would prove useful and is being considered.
Acknowledgements This project is funded by EPSRC, Grant No. 97300297, and a Loughborough University Engineering Faculty Studentship.
References Houton, C., Sowerby, B., & Crittenden, B. (1996). Clean design of batch processes. In P. Sharrett, & M. Sparsholt, Case studies in environmental technology. Rugby, UK: Institution of Chemical Engineers. Japan Supplement to Chemical Engineer (1997). Equipment makers showcase technology. Internet location: http://www.che.com/ce9705/html/05jp4.htm Kamiya, T., & Fouhy, K. (1997). Pipeless plants-non-reactive processes are still the focus. Chemical Engineering, ACHEMA 97, Internet location: http://www.che.com/achema/html/ad1p1s3.htm Kletz, T. A. (1999). HAZOP and HAZAN. In Loss prevention. (4th ed). Rugby, UK: Institution of Chemical Engineers. Kletz, T. A., Chung, P. W. H., Broomfield, E. J., & Shen-Orr, C. (1995). Computer control and human error. Rugby, UK: Institution of Chemical Engineers. Knowlton, R.E. (1976). Hazard and operability studies and their initial applications in R&D. R&D Management, 7(1). Kuroda, C., & Ishida, M. (1993). A proposal for decentralized cooperative decision-making in chemical batch operation. Engineering Applications for Artificial Intelligence, 6 (5), 399–407. Larkin, F.D., Rushton, A.R., Chung, P.W.H., Lees, F.P., McCoy, S.A., & Wakeman S.J. (1997). Computer-aided hazard identification: methodology and system architecture. IChemE Symposium
48
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
Series No.141, Hazards XIII Process Safety—The Future (pp. 337–348). Leone, H. (1996). A knowledge-based system for HAZOP studies. Computers and Chemical Engineering, 20 (Suppl.), S369–S374. Little, A.D. (1995). A guideline for HAZOP studies on systems which include a PES. Presentation to HAIG. Ministry of Defence (1996a). Hazop studies on systems containing programmable electronics, part 1: requirements. Interim, Defence Standard, Glasgow. Ministry of Defence (1996b). Hazop studies on systems containing programmable electronics, part 2: general application guidance. Interim, Defence Standard, Glasgow. Niwa, T. (1993). Chemical Engineering, June, 102–108. Piccinini, N., & Levy, G. (1984). Ethylene oxide reactor: safety according to operability analysis. Canadian Journal of Chemical Engineering, 62, 547–558. Shimada, Y., Yang, Z., Song, J., Suzuki, K., & Sayama, H. (1995). Computer-aided operability study for batch plants. Loss Prevention and Safety Promotion in the Process Industries, II, 587–598.
Shimatani, T., & Okuda, O. (1992). ‘Pipeless’ batch chemical plants offer a new approach. Chemical Engineering, October, 181–182. Srinivasan, R., & Venkatasubramanian, V. (1996). Petri net-digraph models for automating HAZOP analysis of batch process plants. Computers and Chemical Engineering, 20 (Suppl.), S719–S725. Venkatasubramanian, V., & Vaidhyanathan, R. (1994). A knowledgebased framework for automating HAZOP analysis. AIChE Journal, 40 (3), 496–505. Wakeman, S.J., Chung, P.W.H., Rushton, A.R., Lees, F.P., Larkin, F.D., & McCoy, S.A. (1997). Computer-aided hazard identification: fault propagation and fault–consequence scenario filtering. IChemE Symposium Series No.141, Hazards XIII Process Safety—The Future (pp. 305–316). Wells, G. (1996). Hazard identification and risk assessment. Rugby, UK: Institution of Chemical Engineers. Zanetti, R. (1992) The ‘pipeless’ batch plant. Chemical Engineering, 99(6).
A systematic Hazop procedure for batch processes, and its application to pipeless plants F. Mushtaq *, P.W.H. Chung Department of Chemical Engineering, Loughborough University, Loughborough, LE11 3TU, UK
Abstract Increasing technological complexity together with social and legal pressures have made it necessary to develop more effective approaches to safety. This need is particularly strong in the design and operation of chemical plants. One approach, Hazard and Operability Study (Hazop), is a method of systematically identifying every conceivable process deviation, its abnormal causes and adverse hazardous consequences in a chemical plant. The technique was developed by ICI in the 1960s, and has been standardised for use in continuous manufacturing plants. Improvised attempts have been made to modify the continuous Hazop approach for use with batch processes, such as using different guide words and deviations, without the method of application being formalised. There are different issues that need to be surmounted for the methodology to be applied to batch processing plants. The standard approach, of examining a system line by line, is ideal for continuous processes but does not lend itself to the thorough examination of batch processes. A typical batch plant can be examined by dividing the process into three operational phases: charge, reaction, and discharge. A modified Hazop methodology should then be applied to the description of each phase. Although a need for this type of approach has been recognised, there is no published information to be found on an agreed format on how this should be done. This paper presents a formalised approach to applying the Hazop methodology to batch processes. A way forward in multiproduct manufacturing is the emerging technology of ‘pipeless plants’. The basic idea is to move the process vessel between fixed stations for mixing, separation and other activities. This offers great flexibility for change, and allows a company to respond quickly to market demands and technological advances. Little research has been done on the safety of pipeless plants, which are essentially batch plants with mobile vessels. Therefore the batch Hazop methodology presented in this paper has been further developed in order to improve the safe design of pipeless plants. 1999 Elsevier Science Ltd. All rights reserved. Keywords: Batch Hazop; Pipeless plants; Process safety
1. Introduction A hazard has the potential to cause harm, and can take the form of injury to people or damage to property, plant, products or the environment; production losses; business harm and increased liabilities (Wells, 1996). In the process industries such hazards fall into particular categories: chemical, thermodynamic, electrical and electromagnetic, and mechanical. A batch process could potentially give rise to hazards in all these categories. 2. Hazard identification For a long time it has been recognised that there is a need to check designs or operating procedures for errors. * Corresponding author.
However, this has historically been done on an individual basis. Different experts have checked particular parts of the design, according to their experience. For example, a control engineer would check the control systems. Although this approach does improve the design, it will not detect a hazard caused by the interaction between a number of different elements. There are a number of hazard identification and hazard analysis methods available, which can either be qualitative or quantitative in nature. Qualitative methods: Checklists, What-If Reviews, HAZOP Reviews, Preliminary Hazard Analysis, Failure Modes Analysis (FMA). Quantitative methods: Event Trees, Fault Trees, Failure Modes and Effects Analysis (FMEA). The most beneficial method would make use of the com-
0950-4230/00/$ - see front matter 1999 Elsevier Science Ltd. All rights reserved. PII: S 0 9 5 0 - 4 2 3 0 ( 9 9 ) 0 0 0 5 4 - 6
42
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
bined skills of a group of experts to study these interactions together within meetings, such as Hazop, with the backup of other complementary methods such as Fault Tree Analysis carried out outside the meetings.
(Shimada, Yang, Song, Suzuki & Sayama, 1995; Srinivasan & Venkatasubramanian, 1996). The issues involved with batch processes are significantly different to those for continuous processes. Two important points have to be considered in the Hazop of batch processes:
3. Hazop
앫 The role of operating procedures and operator actions 앫 The discrete-event character of batch processes.
Hazop (Hazard and Operability Study) is a methodology developed by ICI in the 1960s for identifying hazards in continuous chemical plant design (Kletz, 1999). A Hazop team consists of a leader, and members from the production, technical and engineering departments. The examination procedure is the fundamental part of a Hazop. A full description of the process is made available at the Hazop meetings, such as a Piping and Instrumentation Diagram (P&ID) [or an Engineering Line Diagram (ELD)]. Every part of it is examined systematically (normally line by line), using guide words as prompts to determine how deviations from the design intent could occur, and whether or not these deviations could lead to hazardous situations. The guide words are used to ensure that the integrity of each part of the design is questioned, and that every conceivable way that the design could deviate from the design intent is explored. Each deviation is considered to determine the causes and consequences. In the case where the deviation indicates a cause that is conceivable and the consequence is potentially hazardous, some kind of remedial action is required, and this has to be noted in the minutes of the Hazop. Hazop is a time-consuming and labour-intensive activity. Research into automated Hazop (Larkin, Rushton, Chung, Lees, McCoy & Wakeman, 1997; Leone, 1996; Venkatasubramanian & Vaidhyanathan, 1994; Wakeman, Chung, Rushton, Lees, Larkin & McCoy, 1997) holds promise of greatly reducing the time and effort required in a Hazop, making the study more thorough and detailed, and minimising or eliminating human errors. The principle for operability study is the same as for Hazop, using guide words to identify process deviations from the design intent. It has proved useful in identifying the most critical parts of the plant (Piccinini & Levy, 1984). Its effectiveness can be substantiated by subsequent fault tree analysis. Although fault tree analysis appears to be vastly superior, in terms of quantifying the likelihood of risk, to operability analysis, its reliability is dependent on the availability of good data. Therefore it is not so much the final result as the methodology adopted at the design stage that makes operability analysis important. There has been little work published on the development of a systematic methodology of Hazop analysis for batch processes. The papers that have been produced have concentrated on automated batch Hazop studies
Houton, Sowerby and Crittenden (1996) have suggested a special approach to the analysis of the design of batch processes using hierarchical methods (Houton et al., 1996). This particular methodology was developed to address the problem of waste in batch processes, and therefore concentrates on waste minimisation. The design of a batch process can be very complex. Hierarchical methods can be used to break the design down into smaller sections (levels) for ease of analysis, from an overview of the whole process to the analysis of individual operations. Questions are used at each stage to determine if there is a problem. The approach of breaking the analysis down in smaller sections is sound, however, the success of the analysis is now determined on whether the right questions are asked, and therefore potential safety problems can be missed. The hierarchical design method will give an indication of the issues involved but will not identify problems as thoroughly as other studies such as Hazop.
4. Pipeless plants There was no published work found on the Hazop of pipeless plants, so initially a standard Hazop methodology would have to be developed for batch processes, which could then be further developed for use in pipeless batch plants. The basic idea of a pipeless batch plant is to move the process vessel between fixed stations for mixing, separation and other activities. To understand this it can be likened to a chemical laboratory (Niwa, 1993), where a beaker or flask could be a ‘mobile vessel’, and the laboratory equipment such as the Bunsen burners are ‘processing stations’. In more technical terms it is an arrangement of many units, such as movable reactors and other functional stations, which work cooperatively by avoiding collision or conflict (Kuroda & Ishida, 1993). The elimination of pipework for the transfer of material offers great flexibility for change, and allows a company to respond quickly to market demands and technological advances. Other benefits include reduced product loss, ease of cleaning, and reduced inventories (Just-In-Time processing) (Zanetti, 1992). Companies, mainly in Japan, already consider pipeless plants to be beneficial to their business requirements (Japan Supplement, 1997; Kamiya & Fouhy, 1997; Shimatani & Okuda, 1992). However, the flexibility that the
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
pipeless plant offers, which allows changes to be made quickly and easily introduces new hazards. Changes always need to be considered carefully before being implemented, as a change in a small section of a system could affect the safety of the whole system. The batch Hazop procedure could be applied to pipeless plants without too much modification. The main areas that do need to be looked at are the charge and discharge steps. These require special attention as they involve the connecting and disconnecting of pipework. Safety reviews are ultimately looking for the possibilities where human error may occur. This is usually in the operational phase, but could also be the cause of defects in the design or construction of a plant. In an automated pipeless plant, there would not normally be any operators, only someone overseeing the smooth running of the plant from a control room. This greatly reduces the human operational errors that may occur, and therefore emphasises the need for a safe design.
5. Procedure for the Hazop of batch processes The concept of having a review team using a systematic method for examining a system has been very successful. The method of using guide words as prompts has been advantageous in finding potential problems. However, for a batch process the guide words and deviations/parameters that would need to be applied is different from a continuous plant and the general method for applying them is also different. Instead of reviewing a plant line by line, a typical batch plant can be examined by dividing it into three operational phases: charge, reaction, and discharge. The charge and discharge steps can be analysed in a similar way to a Hazop on a continuous process. The reaction step can be reviewed by separating it into its different operations such as mixing, heating etc. Each step changes the contents and conditions in the reactor. The reactor itself should also be examined, especially the possible deviations that could
43
occur on the its support systems, such as agitator, heating and cooling units etc. as well as pipelines. 5.1. Review team The review team would be selected from the people who have carried out the design, people who have knowledge and experience of the process, plant operation and maintenance, and people who are independent of the design but have knowledge and experience of the hazard review procedure. This is similar to continuous processes. Table 1 shows a typical team and describes the contribution of each team member. 5.2. Information requirements The information requirements of a batch Hazop would be different from those of a continuous Hazop. Knowledge of the plant P&ID is not sufficient to represent batch plant operation. A product recipe, a detailed description of how each elementary processing step is implemented, is also required. This describes the process rather than a specific plant. Additional requirements include information on the process chemistry, process materials safety data sheets, and information on the plant control. 5.3. Guide words This section describes guide words for use in the hazard review of batch processes. There is a basic set of guide words which is applicable to most continuous systems, and includes words such as no, more and less (Wells, 1996; Kletz, 1999). The Ministry of Defence has produced a Defence Standard for carrying out a Hazop on systems containing programmable electronics (Ministry of Defence, 1996a,b). The guide words used and their interpretations are different from the basic set used in continuous processes. Timing is essential in the safety of these systems, as it is with batch processes due
Table 1 Hazop review team Design Engineer Process Engineer Commissioning Manager Instrument Design Engineer Research Chemist Team Leader Secretary
Usually a mechanical engineer (wants to minimise costs and keep changes to a minimum, while at the same time finding out any potential problems at a relatively early stage). Usually a chemical engineer (draws up the flow sheet) Usually a chemical engineer (will have to start up and operate the plant, therefore will press for changes that will make his/her life easier). A knowledge of the control strategy and instrumentation is very useful in the reviews (in additional more instrumentation may be required, therefore it is useful to have the engineer in the meeting) Specialist in the chemistry of the process to be carried out (may also be required to carry out further research) Expert in Hazard Review technique (independent of the design, he needs to ensure that the correct procedure is followed). To record the minutes of the meeting (could be done by Team Leader as well), using a computerised recording system
44
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
Table 2 Guide words and their interpretation No More Less As well as Part of Reverse Other than Early Late Before After Quickly Slowly
This is the complete negation of the design intent. No part of the intention is achieved and nothing else happens. This is a quantitative increase. This is a quantitative decrease. All the design intent is achieved together with additions. Only some of the design intent is achieved. The logical opposite of the design intent is achieved. Complete substitution, where no part of the design intent is achieved but something different happens. Something happens earlier than expected relative to clock time. Something happens later than expected relative to clock time. Something happens before it is expected, relating to order or sequence. Something happens after it is expected, relating to order or sequence. Something happens quicker than expected. Something happens slower than expected.
Table 3 Hazop procedure for a batch process Stage
Procedure
1. Select Vessel and Discuss Product Changeover
1.1 Select a vessel/reactor to use. Determine whether or not the vessel has been in use previously to make a different product. If it has, knowledge of the previous product is required in terms of its process chemistry (raw materials used etc.) to ascertain whether there are any compatibility problems. 1.2 If there is a compatibility problem, its causes and consequences should be recorded in the minutes under the parameter of cleaning (from the Instruction Set), since cleaning is the last operation (instruction) of the previous batch. If an action is required it should be recorded and assigned to one of the review team.
2. Select Process Flow Sheet
2.1 Select a process flow sheet for review—should be an operation at a time going through the new process in order, starting from charging, then mixing, then heating etc.
3. Charging
3.1 This should be dealt with in the same way as in a continuous process. Problems should be picked up by selecting a line or node and applying the guide words to the Standard Set, e.g. no flow. Causes and consequences should be identified and recorded. 3.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team.
4. Review Operations
4.1 Apply the guide words to the operations from the Instruction Set, e.g. no mixing. Identify the causes of the deviation, and the consequences and safeguards. 4.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team. 4.3 Once action has been taken (or no action is required), continue with the Hazop by returning to Step 4.1. Do this until all the guide words have been applied to all the relevant operations from the Instruction Set. 4.4 Guide words should then be applied to parameters from the Standard Set such as temperature, pressure and level. Again, causes, consequences and actions should be recorded.
5. Discharging
5.1 The next step is to consider the discharge step in the same way as in a continuous process. Problems should be picked up by selecting a line or node and applying the guide words to the Standard Set, e.g. no flow. Causes and consequences should be identified and recorded. 5.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team.
6. Select Next Vessel/Reactor
6.1 This section of the review on the particular vessel/reactor is now complete. Return to Stage 1 and select the next vessel in the process sequence.
7. Follow-up Work
7.1 Once the Hazop is complete, there must be a follow-up meeting to ensure that the actions have been carried out.
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
to their discrete event nature. Therefore the words ‘early’ and ‘late’ are used for actions or events relative to time, and the words ‘before’ and ‘after’ are used for considering the order of actions or events (Kletz, Chung, Broomfield & Shen-Orr, 1995; Little, 1995). Shimada et al. (1995) gives an example of how to consider the charging of a catalyst in a batch process, and also places emphasis on the words ‘early’ and ‘late’. Knowlton (1976) explains how the applicability of guide words is dependent on the aspects to which they are applied, and states that they can be applied to activities such as ‘react’ to generate intelligible deviations. In addition Knowlton introduces extra guide words, ‘sooner’ and ‘later’ to be used when dealing with sequence or absolute time. Table 2 gives a list of guide words and their interpretation. Some of the words are similar to those used for continuous processes, although their interpretation may not be the same. 5.4. Deviations/parameters The set of deviation words to be used should be generated by the Chairperson and Secretary before the Hazop, with the option to add further relevant words to the list.
Fig. 1.
45
An example of a standard set of deviation words is given below: Standard Set: Flow, Temperature, Pressure, Level, Inspect, Maintenance, and Services In addition, for a Hazop study on a batch process it is necessary to apply the guide words to the instructions (process operations). An example of an instruction set of deviation words is given below:
Instruction Set: Mix, React, Cut, Heat, and Clean
6. Review procedure for batch processes When the preparation for the study has been completed, and the relevant information is available the Hazop team must meet and go through the procedure shown in Table 3 in order to ensure the success of the study. The procedure can be followed more effectively using a flow diagram (see Fig. 1).
Flow diagram showing the Hazop procedure for a batch process.
46
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
7. Application of batch Hazop procedure to pipeless plants A pipeless plant could potentially give rise to hazards in all the categories described for batch plants and more due to the movement of vessels. Any change to a system could potentially lead to a hazardous situation developing, and the whole point of a pipeless plant is that it can quickly respond to market changes (Zanetti, 1992). Therefore it needs to be initially designed in such a way that changes in production do not lead to hazards. The review procedure for a pipeless plant is very similar to the procedure above. A batch process commences with the charging of a reactor with raw materials and concludes with the discharging of the product (before cleaning). The intermediary steps to produce the final product occur in the reactor, and can be reviewed simultaneously from a safety perspective. With a pipeless plant, however, the charging process
is an operation, as is the discharging process. Each operation, from charging, mixing and heating, to discharging occurs at a distinct station. Every operation commences with the reactor connecting up to a station, and concludes with the reactor disconnecting. Therefore the way to review this is to analyse each station in three steps: connecting, the operation, and disconnecting. To carry this out the guide words should be first applied to the parameter ‘connect’. The operation should then be reviewed as in a batch Hazop, followed by applying the guide words to the parameter ‘disconnect’. The modified procedure for pipeless plants is shown in Table 4, and the corresponding flow diagram is shown in Fig. 2. 8. Conclusion There is a lack of a formalised procedure for the Hazop of batch processes. Some case studies have been
Table 4 Hazop procedure for a pipeless plant Stage
Procedure
1. Select Vessel and Discuss Product Changeover
1.1 Select a vessel/reactor to use. Determine whether or not the vessel has been in use previously to make a different product. If it has, knowledge of the previous product is required in terms of its process chemistry (raw materials used etc.) to ascertain whether there are any compatibility problems. 1.2 If there is a compatibility problem, its causes and consequences should be recorded in the minutes under the parameter of cleaning (from the Instruction Set), since cleaning is the last operation (instruction) of the previous batch. If an action is required it should be recorded and assigned to one of the review team.
2. Select Process Flow Sheet
2.1 Select a process flow sheet for review—should be a Station at time going through the new process in order, starting from charging, then mixing, then heating etc.
3. Connecting
3.1 The connecting operation should be considered by applying the guide words to the Connect parameter, e.g. no connect. Causes and consequences should be identified and recorded. 3.2 Decide if there is a problem that requires action. If yes, this should be recorded and assigned to one of the Hazop team.
4. Review Operation
4.1 Now apply the guide words to an operation from the Instruction Set, to be carried out at the station under review, e.g. no mixing. Identify the causes of the deviation, and the consequences and safeguards. 4.2 Decide if there is a problem that requires action. If yes, take action to consider changes to reduce the risk of the hazard (or problem), and assign the action to one of the Hazop team. 4.3 Once action has been taken (or no action is required), continue with the Hazop until all the guide words have been applied to the relevant operation from the Instruction Set. 4.4 Guide words should then be applied to parameters from the Standard Set such as temperature, pressure and level. Again, causes, consequences and actions should be recorded.
5. Disconnecting
5.1 Once all the lines have been reviewed the next step is to apply the guide words to the Disconnect parameter. Any potential problems associated with the vessel disconnecting from the staion should be picked up here. Causes and consequences should be identified and recorded. 5.2 Decide if there is a problem that requires action. If yes, take action to consider changes in terms of the disconnection between the vessel and the station. This should be recorded and assigned to one of the Hazop team.
6. Select Next Vessel/Reactor
6.1 This section of the review on the particular station is now complete. Return to Stage 2 and select the next station in the process sequence. Repeat Stages 2–5 until all the process steps for the vessel have been examined. The Hazop is then complete for this process and vessel.
7. Follow-up Work
7.1 There must be a follow-up meeting to ensure that the actions have been carried out to the satisfaction of the Hazop team.
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
47
Fig. 2. Flow diagram showing the Hazop procedure for a pipeless plant.
published which suggest how the procedure for continuous processes can be modified, or emphasise other approaches for reviewing the safety of batch processes. The issues concerned with batch process safety have been described in this paper, and a methodology developed which breaks a complex design down into smaller sections for analysis in a strict sequential manner. An extension of this methodology has also been developed for use in the safe design of processes in pipeless plants. As would be expected in any systematic safety study, the methodology is time-consuming. A computer-support tool to guide and document the study would prove useful and is being considered.
Acknowledgements This project is funded by EPSRC, Grant No. 97300297, and a Loughborough University Engineering Faculty Studentship.
References Houton, C., Sowerby, B., & Crittenden, B. (1996). Clean design of batch processes. In P. Sharrett, & M. Sparsholt, Case studies in environmental technology. Rugby, UK: Institution of Chemical Engineers. Japan Supplement to Chemical Engineer (1997). Equipment makers showcase technology. Internet location: http://www.che.com/ce9705/html/05jp4.htm Kamiya, T., & Fouhy, K. (1997). Pipeless plants-non-reactive processes are still the focus. Chemical Engineering, ACHEMA 97, Internet location: http://www.che.com/achema/html/ad1p1s3.htm Kletz, T. A. (1999). HAZOP and HAZAN. In Loss prevention. (4th ed). Rugby, UK: Institution of Chemical Engineers. Kletz, T. A., Chung, P. W. H., Broomfield, E. J., & Shen-Orr, C. (1995). Computer control and human error. Rugby, UK: Institution of Chemical Engineers. Knowlton, R.E. (1976). Hazard and operability studies and their initial applications in R&D. R&D Management, 7(1). Kuroda, C., & Ishida, M. (1993). A proposal for decentralized cooperative decision-making in chemical batch operation. Engineering Applications for Artificial Intelligence, 6 (5), 399–407. Larkin, F.D., Rushton, A.R., Chung, P.W.H., Lees, F.P., McCoy, S.A., & Wakeman S.J. (1997). Computer-aided hazard identification: methodology and system architecture. IChemE Symposium
48
F. Mushtaq, P.W.H. Chung / Journal of Loss Prevention in the Process Industries 13 (2000) 41–48
Series No.141, Hazards XIII Process Safety—The Future (pp. 337–348). Leone, H. (1996). A knowledge-based system for HAZOP studies. Computers and Chemical Engineering, 20 (Suppl.), S369–S374. Little, A.D. (1995). A guideline for HAZOP studies on systems which include a PES. Presentation to HAIG. Ministry of Defence (1996a). Hazop studies on systems containing programmable electronics, part 1: requirements. Interim, Defence Standard, Glasgow. Ministry of Defence (1996b). Hazop studies on systems containing programmable electronics, part 2: general application guidance. Interim, Defence Standard, Glasgow. Niwa, T. (1993). Chemical Engineering, June, 102–108. Piccinini, N., & Levy, G. (1984). Ethylene oxide reactor: safety according to operability analysis. Canadian Journal of Chemical Engineering, 62, 547–558. Shimada, Y., Yang, Z., Song, J., Suzuki, K., & Sayama, H. (1995). Computer-aided operability study for batch plants. Loss Prevention and Safety Promotion in the Process Industries, II, 587–598.
Shimatani, T., & Okuda, O. (1992). ‘Pipeless’ batch chemical plants offer a new approach. Chemical Engineering, October, 181–182. Srinivasan, R., & Venkatasubramanian, V. (1996). Petri net-digraph models for automating HAZOP analysis of batch process plants. Computers and Chemical Engineering, 20 (Suppl.), S719–S725. Venkatasubramanian, V., & Vaidhyanathan, R. (1994). A knowledgebased framework for automating HAZOP analysis. AIChE Journal, 40 (3), 496–505. Wakeman, S.J., Chung, P.W.H., Rushton, A.R., Lees, F.P., Larkin, F.D., & McCoy, S.A. (1997). Computer-aided hazard identification: fault propagation and fault–consequence scenario filtering. IChemE Symposium Series No.141, Hazards XIII Process Safety—The Future (pp. 305–316). Wells, G. (1996). Hazard identification and risk assessment. Rugby, UK: Institution of Chemical Engineers. Zanetti, R. (1992) The ‘pipeless’ batch plant. Chemical Engineering, 99(6).