Process Safety

HAZOP Methodology

Conduct systematic Hazard and Operability (HAZOP) studies using guide word techniques. Identify process deviations, assess consequences, and implement safeguards per IEC 61882.

Launch Calculator Guide words

Team composition

5-7 members

Multidisciplinary: process, operations, maintenance, safety, control systems.

Study duration

4-8 hours/day

Maintain focus; schedule breaks; typical plant requires 3-10 days total.

IEC 61882

International standard

Defines HAZOP methodology, documentation, and follow-up requirements.

Contents

Use this guide when you need to:

  • Conduct systematic hazard identification.
  • Analyze process deviations and safeguards.
  • Document HAZOP findings per IEC 61882.

1. Overview & Purpose

HAZOP (Hazard and Operability Study) is a structured, systematic examination technique for identifying potential hazards and operability problems in process facilities. Originally developed by ICI in the 1960s, HAZOP is now a global standard for process safety analysis.

Primary objective

Hazard identification

Identify credible deviations from design intent that could lead to hazards.

Secondary objective

Operability issues

Identify conditions that prevent efficient operation but may not be hazardous.

Design phase

Detailed engineering

Conducted when P&IDs are 60-90% complete; early enough to influence design.

Revalidation

Every 5 years

OSHA PSM requires revalidation or update for process changes.

When HAZOP is Required

Regulation/Standard Requirement Applicability
OSHA 29 CFR 1910.119 Process Hazard Analysis (PHA) Facilities with threshold quantities of hazardous chemicals
EPA RMP (40 CFR 68) Hazard assessment and prevention Facilities that could affect public with chemical release
IEC 61882 HAZOP methodology standard International standard for HAZOP studies
API RP 750 Management of process hazards Refining and petrochemical facilities
CCPS Guidelines HAZOP best practices Chemical process industry guidance

HAZOP vs. Other PHA Methods

Method Application Advantages Limitations
HAZOP Continuous processes, complex systems Systematic, thorough, captures subtle deviations Time-consuming, requires P&IDs
What-If/Checklist Simpler processes, existing facilities Faster, less resource-intensive Less systematic, relies on team experience
FMEA (Failure Mode & Effects) Equipment-centric analysis Good for single components, reliability focus Doesn't capture process interactions well
LOPA (Layer of Protection) Consequence scenarios from HAZOP Quantifies risk, determines SIL requirements Requires prior HAZOP to identify scenarios
HAZOP timing: Conduct HAZOP when P&IDs are sufficiently developed (60-90% complete) but before equipment procurement and detailed design are finalized. This allows findings to influence design economically. Pre-startup HAZOP revalidation is also common to verify design changes were implemented correctly.

HAZOP Principles

  • Design intent: Every process parameter has an intended operating condition; deviations from intent are examined
  • Guide words: Structured keywords (MORE, LESS, NO, REVERSE, etc.) prompt deviation thinking
  • Systematic examination: Every line, equipment item, and parameter is reviewed methodically
  • Multidisciplinary team: Process, operations, maintenance, safety, and instrumentation expertise required
  • Brainstorming with structure: Creative thinking guided by systematic framework
HAZOP study team session illustration showing 6-8 professionals around conference table with role labels (Facilitator/Study Leader standing at screen, Process Engineer, Operations, Instrumentation, Safety/HSE, Scribe with laptop), P&ID drawing on wall screen, printed documents and laptops on table, and whiteboard showing Node 3: Inlet Separator
Multidisciplinary HAZOP team session with facilitator leading guide word analysis through P&ID nodes.

2. Guide Word Technique

Guide words are simple keywords applied to process parameters to stimulate thinking about possible deviations from normal operation.

Standard HAZOP Guide Words

Guide Word Meaning Example Deviations
NO / NOT / NONE Complete negation of design intent No flow, no pressure, no level, no reaction
MORE / HIGH Quantitative increase Higher flow, pressure, temperature, level, concentration
LESS / LOW Quantitative decrease Lower flow, pressure, temperature, level, concentration
AS WELL AS Additional activity or component Contamination, extra phase (vapor/liquid), impurities
PART OF Partial or selective operation Wrong composition, missing component, incomplete reaction
REVERSE / OPPOSITE Opposite of intent Backflow, reverse reaction, wrong direction
OTHER THAN / INSTEAD OF Different from design intent Wrong material, startup/shutdown modes, maintenance activities
EARLY / LATE Timing deviation Premature action, delayed response, sequence error

Process Parameters

Guide words are applied to specific process parameters:

  • Flow: Rate, direction, composition (MORE flow, NO flow, REVERSE flow)
  • Pressure: Absolute pressure, differential pressure (HIGH pressure, LOW pressure)
  • Temperature: Process temperature, heating/cooling duty (HIGH temperature, LESS heat)
  • Level: Liquid level in vessels, drums, tanks (HIGH level, NO level)
  • Composition: Chemical concentration, purity, contamination (AS WELL AS impurity, PART OF component missing)
  • Phase: Vapor, liquid, solid state (AS WELL AS vapor in liquid line, OTHER THAN two-phase)
  • Time: Reaction time, residence time, batch duration (EARLY termination, LATE start)
  • Sequence: Step order in batch operations (REVERSE sequence, EARLY step)

Deviation Generation Examples

Node: Feed pump discharge line (liquid hydrocarbon) Design Intent: 500 gpm flow at 200 psig to distillation column Deviation Analysis: 1. NO FLOW Causes: Pump failure, suction strainer plugged, upstream valve closed Consequences: Column feed interruption, off-spec product, pressure upset Safeguards: Low flow alarm, pump auto-start on low pressure Actions: Add redundant pump, verify alarm setpoints 2. MORE FLOW Causes: Control valve fails open, pump overspeed Consequences: Column flooding, carryover to overhead, product contamination Safeguards: High flow alarm, column level control, relief valve Actions: Consider flow transmitter high alarm, SIS on critical high flow 3. LESS FLOW Causes: Partial strainer plugging, pump wear, downstream restriction Consequences: Reduced production, heater fouling, off-spec product Safeguards: Low flow alarm, differential pressure indicator across strainer Actions: Install strainer DP gauge, establish cleaning frequency 4. REVERSE FLOW Causes: Pump stopped without check valve, downstream overpressure Consequences: Backflow from column, potential pump damage Safeguards: Check valve on pump discharge Actions: Verify check valve orientation, test periodically 5. HIGH PRESSURE Causes: Downstream blockage, control valve stuck closed, thermal expansion Consequences: Piping/equipment overpressure, rupture risk Safeguards: PSV (pressure safety valve) sized for blocked outlet Actions: Confirm PSV capacity, verify set pressure 6. HIGH TEMPERATURE Causes: Heat exchanger tube failure, hot oil carryover from upstream Consequences: Vapor formation, pump cavitation, product degradation Safeguards: High temperature alarm, automatic shutdown Actions: Add temperature transmitter with alarm/interlock 7. AS WELL AS (contamination) Causes: Water ingress from heat exchanger leak, tank contamination Consequences: Corrosion, catalyst poisoning, off-spec product Safeguards: Water detection in feed tank, feed filters Actions: Install water detector, regular feed analysis

Advanced Guide Word Applications

Scenario Type Guide Word Combination Example
Batch operations EARLY, LATE, PART OF EARLY termination of reaction (insufficient conversion)
Instrumentation NO, REVERSE, OTHER THAN NO signal from transmitter (instrument failure)
Utilities NO, LESS NO cooling water (loss of utility)
Maintenance mode OTHER THAN, PART OF OTHER THAN normal operation (valve left closed after maintenance)
Control system REVERSE, MORE, LESS REVERSE control action (controller in manual, wrong direction)
Meaningful deviations only: Not all guide word + parameter combinations are meaningful. For example, "REVERSE temperature" is nonsensical. The team should focus on credible deviations that could realistically occur and have consequences. Skip non-applicable combinations quickly to maintain productivity.
HAZOP guide word applicability matrix showing guide words (NO, MORE, LESS, AS WELL AS, PART OF, REVERSE, OTHER THAN) as rows and process parameters (Flow, Pressure, Temperature, Level, Composition, Time) as columns, with green checkmarks indicating meaningful deviation combinations
Guide word applicability matrix showing which guide word + parameter combinations produce meaningful deviations for analysis.

3. HAZOP Procedure

A systematic, step-by-step approach ensures thorough coverage and consistent documentation.

Pre-Study Preparation

Required Documentation: 1. Process Flow Diagrams (PFDs) - Material and energy balances - Major equipment and process conditions 2. Piping & Instrumentation Diagrams (P&IDs) - All lines, equipment, instruments, valves - At least 60% complete, preferably 80-90% 3. Process Description - Operating procedures (normal, startup, shutdown, emergency) - Design basis and intended operation 4. Equipment Data Sheets - Vessels, heat exchangers, pumps, compressors - Design pressures, temperatures, materials 5. Safety Information - Material Safety Data Sheets (MSDS/SDS) - Relief valve sizing calculations - Existing PHAs or risk assessments 6. Plot Plans and Equipment Layout - Spacing, access, potential domino effects

Team Roles and Responsibilities

Role Responsibility Required Background
Facilitator/Leader Lead study, apply guide words, keep on schedule HAZOP training, facilitation skills, process safety knowledge
Scribe/Recorder Document findings, capture actions Good organizational skills, HAZOP software proficiency
Process Engineer Explain design intent, evaluate process consequences Detailed process knowledge, mass/energy balance expertise
Operations Representative Describe operating practices, identify operability issues Field operating experience, knowledge of similar units
Maintenance Engineer Assess equipment failure modes, maintainability Mechanical/reliability engineering, failure analysis
Instrument/Control Engineer Evaluate instrumentation, control system responses Control system design, instrument failure modes
Safety Specialist Assess safety consequences, safeguard adequacy Process safety, hazard evaluation, regulations

HAZOP Study Steps

Step 1: Define Study Scope and Objectives - Identify process sections to be examined - Establish boundaries (battery limits) - Define deliverables and schedule Step 2: Divide Process into Nodes - Node = manageable piece of process (e.g., single line, equipment item) - Typical nodes: pump discharge, vessel, heat exchanger, control loop - Mark nodes on P&IDs for tracking Step 3: For Each Node, Define Design Intent - What is the intended function? - What are normal operating parameters (P, T, flow, composition)? Step 4: Apply Guide Words to Parameters - Systematically combine guide words with parameters (NO flow, MORE pressure, etc.) - Skip non-meaningful combinations Step 5: Identify Causes of Each Deviation - Equipment failure (pump trip, valve stuck) - Instrument failure (transmitter error, controller malfunction) - Human error (wrong valve opened, setpoint error) - External events (utility loss, upstream/downstream upset) Step 6: Evaluate Consequences - What happens if deviation occurs? - Safety impact (injury, fatality, environmental release) - Operability impact (production loss, off-spec product) - Equipment damage Step 7: Identify Existing Safeguards - Alarms (operator notification) - Automatic shutdowns (interlocks, SIS) - Passive protection (relief valves, rupture discs, check valves) - Administrative controls (procedures, training, inspections) Step 8: Assess Risk and Determine Actions - Is risk acceptable with existing safeguards? - If no, what additional safeguards are needed? - Assign action items with owner and due date Step 9: Document and Move to Next Deviation - Record all findings in HAZOP worksheet - Continue until all deviations for node are examined Step 10: Proceed to Next Node - Repeat steps 3-9 for each process node

Example HAZOP Worksheet Entry

Node Guide Word Deviation Causes Consequences Safeguards Risk Actions
P-101 discharge NO No flow from feed pump Pump trip on low suction P, power failure, mechanical failure Column feed interruption, possible tube overheating in reboiler Low flow alarm FAL-101, auto-start backup pump, reboiler low-low level shutdown M Verify backup pump auto-start logic (Owner: Controls, Due: 2024-06-15)
V-201 HIGH High pressure in separator PSV-201 fails to open, downstream blockage, thermal expansion Vessel rupture, potential fire/explosion, fatalities PSV-201 (500 psig set), PAH-201 alarm at 450 psig, vessel MAWP 600 psig H Verify PSV sizing for blocked outlet case; consider adding second PSV (Owner: Process, Due: 2024-06-30)

Node Selection Strategy

  • Equipment-based: Each major equipment item is a node (vessels, pumps, compressors)
  • Line-based: Process lines between equipment (P-101 discharge to V-201 inlet)
  • Function-based: Logical process function (feed preparation, reaction section, separation)
  • Hybrid approach: Combination of above based on complexity
HAZOP session duration: Limit sessions to 4-6 hours per day with breaks every 90 minutes. Team fatigue degrades quality. A typical gas plant HAZOP might require 40-80 hours of team time over 2-3 weeks (studying 5-10 nodes per day depending on complexity).
HAZOP study procedure flowchart showing 10 steps: Define Scope & Objectives → Assemble Team & Schedule → Prepare P&IDs & Data → Divide into Nodes → Select Node → Apply Guide Words → Meaningful Deviation? decision diamond (No loops back, Yes continues) → Identify Causes, Consequences, Safeguards → Risk Acceptable? decision diamond (No → Recommend Action → continues, Yes continues) → More Nodes? decision diamond (Yes loops to Select Node, No continues) → Document & Report → Follow-up Actions
HAZOP study procedure flowchart showing systematic 10-step process with decision points for deviation analysis.

4. Risk Ranking & Consequence Assessment

Risk ranking helps prioritize HAZOP findings and focus resources on high-consequence scenarios.

Risk Matrix Approach

Risk = Severity × Likelihood Severity categories (Consequence): 1 = Negligible (minor injury, small spill, brief production loss) 2 = Minor (medical treatment injury, localized spill, < 24 hr downtime) 3 = Moderate (lost-time injury, on-site environmental impact, equipment damage) 4 = Major (permanent disability, off-site impact, major equipment damage) 5 = Catastrophic (fatality, major environmental damage, facility destruction) Likelihood categories (Frequency): A = Very unlikely (< 10⁻⁴ per year, once in 10,000+ years) B = Unlikely (10⁻⁴ to 10⁻³ per year, once in 1,000-10,000 years) C = Possible (10⁻³ to 10⁻² per year, once in 100-1,000 years) D = Likely (10⁻² to 10⁻¹ per year, once in 10-100 years) E = Very likely (> 10⁻¹ per year, once in < 10 years or multiple times) Risk level = Severity × Likelihood (matrix lookup)

Risk Matrix (5×5)

Severity →
Likelihood ↓		 1
Negligible		 2
Minor		 3
Moderate		 4
Major		 5
Catastrophic
E (Very likely) M H H VH VH
D (Likely) L M H H VH
C (Possible) L M H H VH
B (Unlikely) L L M H H
A (Very unlikely) L L L M H

Risk level definitions:

  • VH (Very High): Unacceptable; requires immediate action to reduce risk
  • H (High): Requires action to reduce risk; management attention needed
  • M (Medium): Review and consider risk reduction; monitor
  • L (Low): Acceptable with existing safeguards; no action required

Consequence Categories for Midstream Facilities

Category Safety Environmental Financial
1 - Negligible First aid injury < 1 bbl spill, on-site only < $10k loss
2 - Minor Medical treatment, no lost time 1-10 bbl spill, contained on-site $10k-$100k loss
3 - Moderate Lost-time injury, single person 10-100 bbl spill, potential off-site $100k-$1M loss
4 - Major Permanent disability or multiple injuries 100-1000 bbl spill, confirmed off-site impact $1M-$10M loss
5 - Catastrophic Single fatality or multiple serious injuries > 1000 bbl spill, major environmental damage > $10M loss or facility destruction

Safeguard Effectiveness

When evaluating risk, credit is given only to effective safeguards:

Safeguard Type Examples Typical Risk Reduction
Passive devices Relief valves, rupture discs, check valves, dikes 10-100× (PFD 0.01-0.1)
Active devices (non-SIS) Basic alarms, DCS shutdowns, mechanical trips 5-10× (PFD 0.1-0.2)
Safety Instrumented Systems (SIS) SIL-rated interlocks and shutdowns 10-10,000× depending on SIL (SIL 1: 10-100×, SIL 2: 100-1000×, SIL 3: 1000-10,000×)
Administrative controls Procedures, training, inspections, permits 1-5× (limited credit in HAZOP)
Safeguard independence: For safeguards to be credited in risk reduction, they must be independent (failure of one doesn't cause failure of another). Common cause failures (e.g., loss of instrument air affecting both control valve and shutdown valve) should be considered. Administrative controls alone are not sufficient for high-consequence scenarios.
5×5 risk assessment matrix with Likelihood (A-E from Rare to Almost Certain) on X-axis and Severity (1-5 from Negligible to Catastrophic) on Y-axis, color-coded cells showing risk levels: green for Low (L) risk, yellow for Medium (M), orange for High (H), and red for Very High (VH), with legend explaining required actions for each level
Industry-standard 5×5 risk matrix for HAZOP consequence assessment and action prioritization.

Action Item Prioritization

Action Priority Based on Risk Level: Very High Risk (VH): - Immediate action required - May require process shutdown until mitigated - Executive management notification - Due date: < 30 days High Risk (H): - Action required before startup (new facility) or next turnaround (existing) - Management review and approval of mitigation plan - Due date: < 90 days Medium Risk (M): - Action within next planning cycle (1-2 years) - Consider cost-benefit of additional safeguards - Due date: < 1 year Low Risk (L): - Document and accept risk - No mandatory action, but continuous improvement considered - Due date: N/A (monitor)

5. Documentation & Follow-Up

Comprehensive documentation and action tracking are essential for HAZOP effectiveness and regulatory compliance.

Required Documentation (IEC 61882)

Document Content Retention
HAZOP Report Executive summary, methodology, team composition, findings summary Life of facility
HAZOP Worksheets Detailed node-by-node analysis with all deviations, causes, consequences, safeguards, actions Life of facility
Action Item Register All actions with owner, due date, priority, status tracking Until all actions closed + 5 years
P&IDs (marked-up) P&IDs with nodes identified and action items annotated Until superseded by updated drawings
Attendance Records Team member sign-in sheets for each session Life of facility
Meeting Minutes Key decisions, assumptions, deferred items Life of facility

HAZOP Report Structure

Typical HAZOP Report Contents: 1. Executive Summary - Study objectives and scope - Key findings and recommendations - High-risk scenarios identified - Summary statistics (nodes examined, deviations, action items) 2. Introduction - Facility description - HAZOP team composition and qualifications - Study methodology (IEC 61882 compliance) - Schedule and duration 3. Study Scope and Boundaries - Process units included/excluded - P&ID references - Operating modes considered (normal, startup, shutdown, upset) 4. Findings Summary - Categorization by risk level - Common themes (e.g., loss of utilities, instrumentation failures) - Comparison to previous HAZOP (revalidation studies) 5. Detailed Worksheets (Appendix) - Node-by-node analysis - All deviations examined (meaningful and dismissed) 6. Action Item Register - Prioritized list with owners and due dates - Status tracking (open/closed) 7. Supporting Documentation (Appendix) - P&IDs, PFDs, equipment data sheets - Attendance records, team credentials - References (codes, standards, prior PHAs)

Action Item Tracking

Effective action tracking ensures HAZOP findings translate into risk reduction:

Field Description Example
Action ID Unique identifier HAZOP-2024-001
Node Process location V-201 (HP separator)
Deviation Brief description High pressure
Action Description Specific task to be completed Add second PSV (PSV-201B) sized for blocked outlet scenario
Owner Person responsible J. Smith (Process Engineering)
Priority Based on risk level High (due to VH risk)
Due Date Target completion 2024-06-30
Status Open, In Progress, Closed, Deferred In Progress
Closure Notes Evidence of completion PSV-201B installed per P&ID rev. 3; relief calc MC-2024-05 filed

OSHA PSM Compliance (29 CFR 1910.119)

Process Hazard Analysis Requirements: 1. Initial PHA: Required for covered processes (threshold quantities of hazardous chemicals) 2. PHA Methodology: Must use recognized method (HAZOP acceptable) 3. PHA Team: Include personnel with process knowledge, engineering expertise, and operating experience 4. Addressing Findings: Resolve findings and document actions taken; communicate results to affected employees 5. Update/Revalidation: Update PHA at least every 5 years 6. Retention: Retain current PHA and previous PHA 7. Management of Change (MOC): Update PHA when process changes made Key HAZOP documentation for OSHA inspection: - PHA report demonstrating methodology and team qualifications - Action item register showing findings addressed - Evidence of revalidation every 5 years - MOC documentation triggering PHA updates

Follow-Up Meeting

Schedule follow-up reviews to track action completion:

  • 30-day review: High-priority actions; verify progress on VH/H risk items
  • 90-day review: Medium-priority actions; close completed items
  • Annual review: Long-term actions; update PHA for any process changes
  • Pre-startup review: Verify all actions complete before commissioning (new facilities)

Common HAZOP Action Types

Action Category Examples Typical Implementation
Add instrumentation Flow transmitter, temperature alarm, level switch Design change; install before startup
Add safety system SIS interlock, emergency shutdown, SIL-rated logic solver Design change; requires SIL verification
Add passive protection Relief valve, rupture disc, check valve, flame arrestor Design change; install before startup
Revise procedure Update operating procedure, add checklist, training module Administrative; complete before affected operation
Perform study/analysis Relief sizing calc, dispersion modeling, LOPA, SIL verification Engineering deliverable; due before design finalized
Design change Pipe size increase, material upgrade, equipment relocation Major change; requires MOC if existing facility
HAZOP is not complete until actions are resolved: A HAZOP that generates extensive findings but lacks action follow-through provides no safety benefit. Management commitment to resolving actions is as important as the study itself. Track action completion rates as a key performance indicator; industry best practice targets > 95% closure within 1 year.

Ready to use the calculator?

→ Launch Calculator