By Paul Baybutt on Saturday, 02 March 2019
Category: PROCESS SAFETY

A STRATEGY FOR DEVELOPING RISK REDUCTION MEASURES IN PHA

Process hazard analysis (PHA) studies identify hazard scenarios in order to determine whether or not existing safeguards need to be enhanced or new safeguards installed. Consequently, recommendations to reduce hazard scenario risks by mitigating the severity of their consequences or reducing their likelihood must be developed.

Usually, the need for risk reduction measures is based on the risks and/or consequence severities of scenarios. PHA Teams need to determine whether or not recommendations are sufficient to reduce the risk to a tolerable or acceptable level.

A useful strategy for deciding on appropriate risk reduction measures is to employ the hierarchy of hazard controls:

       Hierarchy of Hazard Controls

Inherent safety
Segregation and separation
Passive engineered safeguards
Active engineered safeguards
Procedural safeguards
Personal protective equipment
Emergency response

The reliability of the risk control measures generally decreases down the hierarchy. At the top of the hierarchy is inherent safety, which focuses on eliminating or reducing the process hazards in a way that is permanent and inseparable from the process. First-order inherent safety measures that eliminate a hazard, for example, by substituting a toxic chemical with a non-toxic chemical, are favored over second-order inherent safety measures that reduce the severity of a hazard or the likelihood of a release, without the use of add-on safety devices, for example, by redesigning a high-pressure, high-temperature process to operate at ambient temperatures and pressures.

Both types of inherent safety measures are favored over segregation and separation. Segregation employs a physical barrier between hazards and areas to be protected. Separation involves locating hazards sufficiently far from areas to be protected.

Next come engineered safeguards. They may be passive or active. Passive safeguards involve equipment that does not require physical actuation in order to perform the intended function, e.g. a dike wall around a storage tank. Active safeguards involve equipment that does requires physical actuation in order to function. They do so in response to a change in a process parameter or a signal from an operator or the control system, e.g. a deluge system. Generally, passive safeguards are more reliable than active safeguards because there are no activation mechanisms to fail.

Procedural safeguards are procedures and administrative checks, for example, hot work and emergency response procedures. They depend on people, who are prone to human errors and less reliable than equipment. Consequently, procedural safeguards are less reliable than engineered safeguards.

Personal protective equipment is called upon to protect people after a hazard has been realized. Also, it depends on people for its correct use. Consequently, it is located below procedural safeguards in the hierarchy.

Lastly, emergency response is located at the bottom of the hierarchy. It occurs in response to process safety incidents, generally after other safeguards have failed, and it depends on the actions of human responders. Hence, its position in the hierarchy.

Given these considerations, risk reduction measures at the top of the hierarchy are favored over those lower in the hierarchy. Also, process risks should be matched with risk reduction measures in the hierarchy. Thus, high-consequence scenarios should require safeguards higher in the hierarchy. Risk reduction measures lower in the hierarchy, such as procedural safeguards, provide inadequate for protection against high-consequence events. Generally, procedural safeguards should not be relied upon to protect high risk scenarios, even though they may be favored because they can be implemented more easily and quickly than measures higher in the hierarchy and usually cost less. Of course, any risk reduction measures should be practical and not introduce new hazards.