HIPAP 8: HAZOP Guidelines | January 2011
11 | Department of Planning
The importance of E/E/PE systems has tended to increase in recent years, particularly
with computer control and software logic interlocks. If the computer and instrumentation
system is sufficiently complex for the facility, it may be useful to consider this system in
a separate HAZOP (sometimes referred to as a CHAZOP; the 'C' prefix used to
indicate computer based — both control and protective) or as a discrete component of
a more general HAZOP.
Modern plants will almost invariably include E/E/PE systems. These typically have a
different spectrum of failure modes than those encountered in a conventional HAZOP.
The flexibility of E/E/PE systems that offer the capability to control several complex
operations can also provide possibilities for making more errors than with conventional
control systems. The likelihood of common mode failures increases with such systems;
for example, the failure of a single input/output (I/O) card may result in the loss of
several control and information channels. A CHAZOP will highlight such issues and
lead to corrective solutions such as employing two independent systems or hardwiring
key control circuits.
A discrete study of the control systems and safety related systems can be particularly
valuable where the instrumentation has been designed and installed as a package unit
by a contractor, as well as allowing the rest of the team to gain an understanding of the
system. Treating this part as a discrete component of the HAZOP also allows the
operator/computer interaction to be examined. However, plant management should not
forget that the overall plant HAZOP will not be complete until the E/E/PE systems have
been reviewed by CHAZOP or equivalent technique.
These aspects can be reviewed by other disciplined techniques along the lines of
HAZOP. Clearly, for such techniques to be suitable for a particular system, they need
to be adapted and refined appropriately.
2.6.2 FMEA
Failure Modes and Effects Analysis (FMEA) uses a similar 'what if?' approach to a
HAZOP but has as its objective the identification of the effects of all the failure modes
of each piece of equipment or its instrumentation. As a result, FMEA identifies single
failure modes that can play a significant part in an accident. It is not effective, however,
at identifying combinations of equipment failures that lead to accidents. Human
operators are not usually considered specifically in FMEA, even though the effects of
operational errors are usually included in the equipment failure mode.
FMEA is similar in methodology to a HAZOP but with a different approach. Whereas
the HAZOP evaluates the impact of a deviation in the operating conditions to a level
outside the design range such as MORE FLOW or LOW TEMPERATURE FMEA uses
a systematic approach to evaluate the impact of a single equipment failure or human
error, in turn, on the system or plant.
In FMEA, the reason or cause for the equipment failure is not specifically considered.
This is different to a HAZOP in which the cause/s for the deviation have to be assumed
or agreed by judgement and experience, since it is the cause that the HAZOP initially
addresses. The FMEA methodology assumes that if a failure can occur, it must be
investigated and the consequences evaluated to verify if the failure can be tolerated on
safety grounds or if the remaining serviceable equipment is capable of controlling the
process safely.
As for HAZOP, to be effective, the FMEA needs a strong, well led team with wide
cumulative experience. The initial briefing by the leader and the contributions expected
from each member are similar to that in a HAZOP.
The results of the analysis are recorded as in a HAZOP. A typical record sheet is
included at Appendix 3. The recording should be in the same format for the whole plant
in order to facilitate reviews of the analysis and maintenance of records.
In carrying out the FMEA, the process flow diagrams and the P&IDs are first studied to
obtain a clear understanding of the plant operation. Where a part of a process is being
analysed, it may be necessary, in addition, to include the failure modes of equipment