PT Notes
Initiating Events, Level of Causality and PHA
PT Notes is a series of topical technical notes on process safety provided periodically by Primatech for your benefit. Please feel free to provide feedback.
Process hazard analysis (PHA) is used to identify hazard scenarios. Each scenario begins with an initiating event which is the minimum combination of failures necessary to start the propagation of a scenario. It may be a single initiating cause, multiple near-simultaneous causes, or initiating cause(s) in the presence of enablers. There is a hierarchy of causes wherein there are immediate, basic, underlying, and root causes of scenarios. PHA teams must decide at what level causes will be identified in a study.
An immediate cause is the event that precipitates a scenario, such as "pump fails off". It does not provide detail on why the failure occurred. A basic cause is the underlying reason for the immediate cause. It directly and proximately results in the immediate cause, for example, mechanical failure of the pump. There may be multiple basic causes for each immediate cause. For example, a pump can fail off for various reasons other than mechanical failure. It may be switched off by operator or the power supply may fail. In turn, each basic cause may have various underlying and root causes.
Underlying causes are contributing causes for basic causes. For example, pump mechanical failure could be caused by lack of preventive maintenance (PM), incorrect maintenance, stress, or other reasons. Underlying causes may be enablers. Root causes are fundamental reasons for failure, for example, no one is held accountable for performing PM, responsibility is not clearly assigned, no one checks maintenance work, or other reasons. Often, they are not identified in PHA unless there are known and important root causes. Frequently, root causes are failures in management systems such as inadequate planning, lack of recognition, responsibility not assigned, lack of supervision, inadequate resources, and no accountability.
The causes of initiating events must be captured in sufficient detail in PHA worksheets to enable the identification of hazard scenarios and required risk reduction measures and they must be clear and readily apparent to PHA team members, PHA reviewers, and PHA revalidation teams. Sufficient detail must be provided to enable the identification of distinct consequences and safeguards, the evaluation of scenario risk, and decisions on corrective actions.
Consequences and safeguards may vary according to the basic causes of the same immediate cause. For example, if a pump fails off owing to power failure, the consequence may be loss of feed and process shutdown with the safeguard of a backup power supply. However, if a pump fails off mechanically, the consequence may be loss of containment and a release with the safeguard of a dike (bund).
Scenario likelihood estimates depend on the reasons for the scenario cause. Also, for example, it is easier to estimate the likelihood of a pump failing off for a particular reason rather than from all possible basic causes.
Recommendations for corrective action are most likely to address the level of causality used for the scenario causes. The deeper causes are explored, the more directly recommendations can address their prevention. For example, for the immediate cause, "pump fails off", the PHA team must either make recommendations that deal only with the pump failure, or assume basic and underlying causes in order to make recommendations to prevent the pump failure. In the first case, pump failure is being accepted as tolerable when prevention would usually be preferable. In the second case, the assumptions may be incorrect and the recommendations insufficient or inappropriate. Prevention can only be addressed with confidence when deeper causes than immediate ones are addressed.
Initiating events can be classified as equipment failures, human failures and external events according to the basic cause of a scenario. However, at deeper levels in the hierarchy, human failures and human factors often contribute for all types of initiating events. Generally, four key pieces of information should be captured for each type of cause. For equipment failures, the equipment name, identifier, failure mode, and reason(s) for failure should be recorded. For human failures, the type of failure, identifier(s), person(s) involved, and reason(s) for the failure should be recorded. For external events, the effect, event / factor, reason(s), and appropriate identifiers should be recorded. Knowledge of the reason(s) for failure is needed when making recommendations to deal with the failure.
Each reason for failure may have multiple contributors and failure mechanisms which could be represented in the hierarchy of causality. For example, a pump may fail off in a variety of mechanical ways, each for various reasons. However, such detail usually is considered beyond the scope of PHA. Additional factors may influence equipment failures, such as the service environment, operating regime, and maintenance regime but, typically, they are not recorded unless they are particularly important.
Generally, PHA should capture at least basic causes. Underlying and root causes may be addressed if they are important and known, although this is not common practice currently.
These issues are discussed in greater detail in the article:
Initiating events, levels of causality, and process hazard analysis, Process Safety Progress, Vol. 33, Issue 3, pages 217-220, September 2014.
For information on Primatech's PHA facilitation consulting services, click here.
For information on certification of personnel in PHA click here.
For information on a related software tool click here.
Click on the links below for information on related training courses:
PHA for Team Leaders
Advanced PHA for Team Leaders
Leadership and Facilitation Skills for Managing PHA Teams