Loading...

Please Wait...

PT Notes

Using the Hierarchy of Hazard Controls to Guide the Selection of PHA Recommendations

PT Notes is a series of topical technical notes on process safety provided periodically by Primatech for your benefit. Please feel free to provide feedback.

Process hazard analysis (PHA) studies are conducted with the intent of determining if sufficient protection measures, that is, safeguards, are in place to reduce process risks to a tolerable level. PHA practitioners must ensure there are sufficient protective measures to reduce the risk of a catastrophic accident to a tolerable level, typically using company decision-making guidance. Of course, any recommended risk reduction measures should be practical and not introduce new hazards.

The need for recommendations to reduce the risk of hazard scenarios in PHA studies is determined based on scenario risk and/or consequences, the presence of existing safeguards, the type of hazard (fire, explosion, toxic release, etc.), and the number of scenarios of the same type.

However, once the need for risk reduction has been determined, PHA practitioners usually select specific control measures as recommendations for risk reduction. Practitioners may base their selections on previous actions taken for similar situations; their experience or engineering knowledge; government regulations and Industry codes, standards and practices; company guidelines, practices and standards; practices from other companies; design guidelines; incident experience, and/or common sense. However, regardless of such influences on their decision making, practitioners should be guided by the hierarchy of hazard controls.

The hierarchy of hazard controls is a system used to eliminate or minimize exposure to hazards and consists of a ranking of types of control measures.

Hierarchy of Hazard Controls 

The reliability of the different types of control measures generally decreases down the hierarchy. Thus, the hierarchy is a prioritization of control preferences by type. Controls at the top of the hierarchy are favored over those lower in the hierarchy.

Inherent safety is at the top of the hierarchy. It focuses on eliminating or reducing the process hazards in a way that is permanent and inseparable from the process. First-order measures are favored over second-order measures. First-order measures eliminate a hazard, e.g. by substituting a toxic chemical with a non-toxic chemical. Second-order measures reduce the severity of a hazard or the likelihood of a release without the use of add-on safety devices, e.g. by redesigning a high-pressure, high-temperature process to operate at ambient temperatures and pressures.

Both types of inherent safety measures are favored over segregation and separation. Segregation employs a physical barrier between hazards and areas to be protected. Separation involves locating hazards sufficiently far from areas to be protected.

Engineered safeguards may be passive or active. Passive safeguards involve equipment that does not require physical actuation in order to perform the intended function, e.g. a dike wall around a storage tank. Active safeguards involve equipment that does requires physical actuation in order to function, e.g. a deluge system. Generally, passive safeguards are more reliable than active safeguards because there are no activation mechanisms to fail.

Administrative controls are measures intended to affect the way people work, e.g. procedures, employee training, and use of signs and warning labels. They depend on people, who are prone to human errors and less reliable than equipment. Consequently, administrative controls are less reliable than engineered safeguards.

Personal protective equipment is called upon to protect people after a hazard has been realized and it depends on people for its correct use. Consequently, it is located below administrative controls in the hierarchy.

Emergency response is needed when a process safety incident occurs, generally after other safeguards have failed, and it depends on the actions of human responders. Hence, its position at the bottom of the hierarchy.

Although controls at the top of the hierarchy should be favored over those at they bottom, there still needs to be a balance between different types of controls. Controls may act to prevent or mitigate the consequences of hazard scenarios and there should not be an over-reliance on either type. Also, some types of controls should always be used regardless of the number or types of other controls present, e.g. PPE and emergency response.

Process risks should be matched with risk reduction measures in the hierarchy of controls. High-consequence scenarios should require safeguards higher in the hierarchy. Risk reduction measures lower in the hierarchy provide inadequate for protection against high-consequence events, such as administrative controls. Generally, administrative controls should not be relied upon to protect high risk scenarios even though they may be favored because they are commonly preventive and can be implemented more easily and quickly than measures higher in the hierarchy and usually cost less.

Generally, major hazards should be managed using the defense-in-depth philosophy wherein multiple controls are employed so that if one fails others can protect against realization of the hazard. Redundant and fail-safe controls should be employed, as appropriate. However, the diminishing returns from multiple risk reduction measures should be recognized.

The hierarchy of controls provides a sound foundation for selecting risk reduction measures in PHA studies when coupled with a sound risk management strategy that incorporates the concepts of redundancy and diversity and recognizes the benefits of different types of controls.

If you would like further information, please click here.

To comment on this PT Note, click here.

You may be interested in:

PHA Team Leader Course

PHAWorks Software

PHA certification

PHA consulting

Back to PT Notes