Hazard Analysis Services

Hazard and Operability (HAZOP) Studies

The guideword Hazard and Operability (HAZOP) technique is a means of systematically evaluating a process to identify potential hazards and operability problems resulting from credible deviations from design intent. As applicable, recommendations are developed during the study to reduce or eliminate the likelihood or severity of the hazards. HAZOP is recognized as an acceptable process hazard analysis method by OSHA Process Safety Management (29 CFR §1910.119[e]), and EPA Risk Management Program (40 CFR Part 68) regulations, and is preferable for all but simple processes as it is a highly structured technique.

The objectives of a HAZOP Study are:

  • To identify deviations from the design intent of the system
  • To determine the safety concerns associated with the identified deviations
  • To suggest considerations to mitigate the safety concerns identified
  • To present the results and considerations

The guideword HAZOP technique is based on the premise that hazards and operability problems originate from deviations from design intent when a process is running under normal operating conditions. For example, adding the guideword “NO” to the parameter “FLOW” to get the deviation “NO FLOW” would prompt the leader to ask the Team, “What causes could result in no flow in this node or line segment?” The potential hazard scenarios that include possible “Causes” and potential “Consequences” are documented in the report worksheets. The possible “Safeguards” in place to reduce the risk associated with the specific cause/consequence scenario are then discussed and documented. For scenarios involving significant potential risk, “Recommendations” are documented if the Team believes they may further reduce risk or improve operability.

The HAZOP Study proceeds sequentially, studying each piece of equipment contained in the process. The systems are partitioned into “nodes,” which are composed of one or more pieces of equipment where there is a distinct intention for process parameters (for example, a specific intended temperature, pressure, or flow rate).

Risk Management Professionals’ Engineering Team is highly experienced in facilitating HAZOP Studies for processes ranging from multi-unit design projects to small systems. Our engineers have broad process knowledge which provides efficient and cost-effective application of these risk analysis techniques for our clients.

Hazard  Identification (HAZID) Studies

The Hazard Identification (HAZID) Study technique is a high level, systematic method for identifying potential health, safety, and environmental (HSE) hazards of a project, typically used in the early stages of design.  Unlike a Hazard and Operability (HAZOP) Study that focuses on process hazards, the HAZID addresses all aspects of the project, from local issues associated with construction, commissioning, operation, and maintenance to external factors such as community impacts.  The potential hazards identified may include injury to plant personnel, property damage and loss of production, significant environmental impairment and off-site impacts.  The objectives of a HAZID are to:

  • Identify the major HSE hazards associated with a project
  • Identify specific processes and project phases that might pose significant risks to personnel
  • Consider the HSE implications of alternative process designs
  • Identify potential major changes to philosophy and design at early project development stages

The HAZID Study is globally recognized as a crucial part of a project’s risk assessment and is typically a key milestone to complete in the Conceptual and Front-End Engineering Design (FEED)/Front-end Loading (FEL).  It is conducted by a multi-disciplinary team using a structured, brainstorming approach, guided by checklists and guidewords.  For each identified hazard, the team discusses potential causes, the consequences of those causes, the safeguards and mitigation measures present within the design to address those hazards, and any necessary recommendations to reduce the risk of the scenario.

Risk Management Professionals’ Engineering Team is highly experienced in facilitating HAZID Studies for processes ranging from multi-unit design projects to small systems. Our engineers have broad process knowledge, which provides efficient and cost-effective application of these risk analysis techniques for our clients.

Layer of Protection Analysis (LOPA) and Safety Integrity Level (SIL) Assignment

Risk Management Professionals conducts Safety Integrity Level (SIL) Reviews using a Layer of Protection Analysis (LOPA) to assign SIL values to the Safety Instrumented Systems. This approach meets the requirements of the IEC (International Electrotechnical Commission) standards, IEC 61508 and IEC 61511. The SIL Review is a method to establish a “fit-for-purpose” design of (instrumented) safety measures, which are able to mitigate process hazards with respect to safety, environmental consequences, and economic loss.

The primary purpose of LOPA is to determine if there are sufficient layers of protection against an accident scenario (can the risk be tolerated?). A scenario may require one or more Independent Protection Layers (IPLs) depending on the process complexity and potential worst-case severity of a consequence. Note that for a given scenario, only one layer must work successfully for the consequence to be prevented. However, since no layer is completely reliable, sufficient protection layers must be provided to render the risk of the accident tolerable.

Additionally, LOPA is useful because it provides a consistent basis for judging whether there are sufficient IPLs to control the risk of an accident for a given scenario. When the estimated risk of a scenario is not acceptable, additional IPLs are added. Alternatives encompassing inherently safer design are evaluated as well.


The specific LOPA methodology uses order of magnitude categories for initiating event frequency, consequence severity, and the likelihood of failure of IPLs to approximate the risk of a scenario. The key steps used to conduct the LOPA are listed below:

  1. Select Hazard Scenario from HAZOP based on its severity level.
  2. Select Target Frequency (TF).
  3. Identify Initiating Cause(s) from the HAZOP and quantify Initiating Cause Likelihood (ICL).
  4. Determine Intermittent Hazard(s) credit if applicable.
  5. Identify Independent Protection Layers (IPLs) from HAZOP safeguards.
  6. Quantify the Probability of Failure on Demand (PFD) for each IPL.
  7. Identify and quantify Conditional Modifiers/Vulnerability Factors if applicable.
  8. Calculate the LOPA Ratio for each Safety, Environmental, and Commercial consequence category as applicable.
  9. Using the LOPA Ratio, determine Integrity Level (IL) requirements for the existing Safety Instrumented System (SIS), if required, or identify requirements for additional IPL or SIS and evaluate SIS integrity level.

SIL Verification

Safety Integrated Systems & Safety Life-cycle Management

Risk Management Professionals provides assistance to facilities throughout the safety life-cycle associated with managing Safety Instrumented Systems (SIS) in accordance with the following standards:

  • IEC 61508 – Functional Safety of Electrical/Electronic/Programmable Electronic, Safety-related Systems
  • IEC 61511 – Functional Safety – Safety Instrumented Systems for the Process Industry Sector
  • ANSI/ISA 84.00.01-2004 (IEC61511-Mod) – Application of Safety Instrumented Systems (SIS) for Process Industries

In addition to the Hazard and Operability (HAZOP) Studies and Layer of Protection Analyses (LOPA) that provide direct input into the Risk Assessment phase of the safety life-cycle and definition of Safety Integrity Level (SIL) targets, Risk Management Professionals also offers SIL Verification services. Risk Management Professionals recognizes that higher SIL ratings require that the function be that much more reliable and available at all times (see table below). The SIL Verification calculations demonstrate that the design of the Safety Instrumented Function (SIF) meets the specified integrity requirement.

The SIL Verification calculations are performed using fault tree analysis or Markov modeling in order to calculate the following:

  • Mean Time to Fail Spuriously (MTTFS) – False Trip Rate
  • Probability of Failure on Demand (PFD)
  • Risk Reduction Factor (1/PFD)
  • Safe Failure Fraction (SFF)

The SIL Verification can be an iterative process, and if the required SIL cannot be achieved with the initial design, some design options are:

  • Increase proof testing frequency
  • Add redundancy (i.e., initiating device, control, system, final element)
  • Install “smarter” device (i.e., HART smart transmitter or transmitter vs. switch or relay, smart control valve with diagnostics and feedback, and position indication vs. basic control valve)
  • Add protection layers (independent), including the following: BPCS (control system), alarms and operator response, physical devices (PSV’s, dikes, flares, deluges, etc.) and other human mitigation (emergency response)

Other Risk Assessment Methodologies

Risk Graph

A risk-graph approach is typically utilized for determination of Safety Integrity Levels (SIL). Risk graphs combine the effective consequence with the effective frequency of the hazardous event to determine a SIL that will reduce the risk to an acceptable level. The effectiveness of a consequence is determined by analyzing the consequence vs. the frequency of presence vs. the probability of avoiding the hazardous event. The effectiveness of the frequency is simply the probability of unwanted occurrence.


Bow-Tie combines two (2) methodologies,  Fault-Tree Analysis and Event Tree Analysis, and uses an incident investigation and root cause analysis technique, Causal Factors Charting, to evaluate hazards. It is a qualitative approach typically used for the initial analysis of an existing process or middle stages of a design process.

Safety Case

The Safety Case is a structured argument made to regulative bodies to demonstrate that a process has gone through rigorous analysis and employee-input to manage safety. The owner and process are left to self-regulate by the regulator who must be convinced that the facility is using acceptable practices, which can be dismissed by the regulator for safer methods if the facility’s plan is deemed insufficient.

The Safety Case was first implemented into the regulatory world in the United Kingdom (UK) in 1992 through recommendations in The Public Inquiry into the Piper Alpha Disaster (also known as the “Cullen Report”, released in 1990). The safety case has since been implemented in many offshore oil and gas operations, as well as some onshore facilities, in countries such as the UK, Norway, and Australia. Currently, the use of the Safety Case is being investigated by regulatory bodies in the United States. If a “Safety Case Regime” is adopted for US facilities, it would augment existing Process Safety Management (PSM) prevention programs with additional quantitative analysis to assess risk to personnel, the community, and the environment, along with a determination that the risk associated with the facility design is as low as reasonably possible (ALAR).

Risk Management Professionals staff has worked abroad, which has included supporting the development of Safety Case programs.

Benefit-Cost Analysis & Value Engineering

Benefit Cost Analysis

A Benefit-Cost Analysis (BCA) is a quantitative technique that measures the cost-effectiveness of various design alternatives (e.g., safety systems, facility siting, installation of standby pumps, etc.). The performance of the analysis allows decision-makers to systematically evaluate design alternatives taking into account the benefits, as well as the potential costs. In order to perform the analysis, the following numerical factors are identified:


  • Direct Project Savings
  • Increased Efficiency (shortened project maintenance, start-up/shut-down, etc.)


  • Hazard Severity (potential worst-case scenario risks – monetary, reputation, personnel, business)
  • Hazard Frequency (annual probability of reaching consequence with associates economic impact)

Using these values, the annualized hazard probability is determined to calculate the Benefit-Cost Ratio for each project alternative. When comparing the project alternatives side-by-side, the project with the highest Benefit-Cost Ratio is typically the best alternative.

Value Engineering

The Value Engineering technique is a proven, effective management tool for achieving improved design, construction and cost-effectiveness in various project design elements. In order to facilitate a Value Engineering session, a multi-disciplined team is assembled to identify the function of a design element, establish a value for that function, generate design alternatives through the use of creative thinking, and provide the needed functions reliably and at the lowest cost. 

Value Engineering assessments at the early stages of the design cycle provides more improvement opportunities regarding engineering, operations, cost, safety, schedule, reliability, and environmental issues. Additionally, the assessments can yield measurable savings in cost (capital, operating and construction) and schedule (engineering and construction).