Jay G. Stittleburg
Project Manager, Novetus Engineering LLC
As a Process Hazard Analysis (PHA) facilitator, you might ask yourself, “What can I do to make this PHA add value to all the participants?” Well, this is a great question and the answer boils down to how well you prepare before you ever set foot in the room. The method you use to prepare for a PHA will dictate how much value is added to the client. My goal in facilitating a PHA is to provide a service that not only helps to ensure that the appropriate safeguards are in place for several scenarios, but to provide a learning experience for everyone in the room, regardless of the years of experience. The best compliment that I can get as a PHA facilitator is to have a participant come up to me after we finish and say, “I have sat through PHAs for 20 years and this is the first time I learned something during a PHA.” It can be done and here is how you get there.
The first factor to verify is the type of PHA that is going to be conducted, initial, redo or revalidation. This discussion is going to focus on an initial or a redo PHA, revalidation PHAs will be discussed in a separate paper. For clarification, an initial PHA is a PHA that is being performed on a system, or unit, that has never had a previous PHA performed and is one that is usually in the final stages of design and may or may not be under construction. A redo PHA is a PHA that is being performed on a system, or unit, that has had a PHA performed on it previously and is being executed like an initial PHA versus a revalidation of the previous PHA. Once you have confirmed that the PHA is an initial or a redo, then there are several pieces of information and documents that you need to collect to prepare for the PHA, to include drawings (to include Piping and Instrumentation Diagrams (P&IDs) or Process Flow Diagrams (PFDs), Management of Change (MOCs), risk matrix, any additional client based risk ranking information, what software, Layers of Protection Analysis (LOPA) or no LOPA, and any additional client specific requirements.
So, let’s dive into this list, first up is drawings. What drawings do you need? You need the most recent revision of the P&IDs for the unit or system on which you will be conducting the PHA. It can also be helpful to ask for the PFDs for the unit or system as well. They may, or may not, be available, but if they are, go ahead and get them. The idea behind the most recent revision is that for an initial PHA, these are either the Issued For Construction (IFC) or Issued For PHA drawings, or for a redo PHA, these are the most recent revision of the drawings that include any MOCs that have been completed since the last PHA was conducted.
Next is any Management of Change (MOC) that has occurred since the last PHA. This is usually for redo PHAs and not typically initial PHAs. An initial PHA will not typically have an MOC associated with the process, since this is usually the most recent construction or PHA drawings and often the design is frozen following the initial PHA which is when the MOC process will then be in effect for any further changes. This is a typical practice as any recommendations made during the initial PHA can be implemented into the design without requiring an MOC. For redo PHAs, a typical assumption that is made is that the most recent revision of the drawings that you are going to use for the PHA have any MOCs conducted and completed since the last PHA incorporated into the drawings. This is something to verify with the client to ensure that this assumption is correct.
The next item is the client risk matrix. You will need the client risk matrix in order to prepare the software and program the matrix for analysis. You also need to ask the client if they have any additional risk ranking documentation that needs to be maintained during the course of the PHA. Some clients have additional requirements, and some do not. It will also be important to ask the client what overall risk rankings may require a recommendation in the PHA for consequences that get risk ranked. For example, if the overall risk rankings are from 1 to 5, with 1 being the worst case, then the client may have a requirement to have a recommendation if the overall risk ranking is 1 or 2 and recommendations are still allowed for overall risk rankings 3 to 5, but not required.
Along with the above discussion regarding the risk matrix and when a recommendation may be required, it is also important to understand if the client conducts LOPA along with a PHA. Some clients do this, and others do not, so it is important to verify. If a client does not conduct LOPA with a PHA, then there is no further information required regarding the risk matrix and recommendations requirements, but if the client does do LOPA in conjunction with a PHA, then there is additional information that will be required for you to collect. That further information will include what is the clients LOPA Ratio (LR), Targeted Mitigated Event Likelihood (TMEL), Initiating Cause Likelihood (ICL), Conditional Modifiers (CM), Enabling Event Probability (EEP), Probability of Failure on Demand (PFD) and Independent Protection Layers (IPL). Some clients may not necessarily utilize all of the above items, i.e. CM and/or EEP, but they should have a corporate guidance on LOPA values that you need to program into the software to ensure that the LOPA calculations are correct during the analysis. Additionally, the client will also provide the criteria during the PHA that will trigger a LOPA for a specific consequence. Ensure that you understand the triggers for LOPA to ensure a smooth transition during the course of the PHA.
The last item that needs to be confirmed is the software that you will utilize during the PHA. First ask the client if they have a preference of software for documenting a PHA. The typical choices for software are PHAWorks©, PHAPro© and Leader©. Truthfully, some clients have a preference, and some do not, however it is good to know that most clients that conduct LOPA with their PHAs will have a software requirement, often times PHAPro©. They will also send you their PHAPro© template which already has the risk matrix and LOPA criteria already programmed into the software and saving you that preparation work. That being said, if the client does not have a preference, then use the software that works best for you.
Now that we have worked through the above information and have collected all of the necessary information, it is time to start preparing for the PHA. The first thing to do is draw the nodes. One thing that can be helpful, specifically for a redo PHA, is to request from the client the previous PHA that was conducted. You can use the previous PHA and look at the nodes that were drawn and see if they make sense to you and if you can re-use them. If that is the case, then you can simply transfer the nodes to the most recent P&IDs and your nodes are completed. If this is an initial PHA or a redo PHA that you cannot get the previous PHA or the nodes from the previous PHA do not make sense to you, then you will have to start from scratch. This is not a bad thing but will take a little more time to create the nodes. To be clear, there is no specific guidance on how to develop the nodes for a PHA under the PSM regulations, so you do have some flexibility in the development of the nodes. I like to start with the PFDs, if available, to develop the order of the nodes that follows the process flow as closely as possible. If the PFDs are not available, then I draw all of the nodes first and number them last to get them into the best order to follow the process flow. I do this keeping in mind that the process flow does not necessarily follow one P&ID to the next and so on. Often times the nodes will jump around in the P&IDs and you will have to decipher the number order of the nodes to best follow the process flow. Like I stated earlier, there is no written direction that says thou shalt draw and number the nodes a certain way, but it simply makes sense to number the nodes in the process flow order regardless of how they jump across P&IDs. I also typically draw nodes that include one piece of critical equipment, i.e. vessel, tower, pumps, etc., and go from control valve to control valve. I also do not consider a heat exchanger, for example, a single piece of critical equipment for a node. By this, I may have a tower and a heat exchanger in a single node because from a process point of view, the process flow typically just passes through an exchanger like it does through a pipe and this is different than process flow into and out of a vessel or tower. I also look to have a valve at the starting point for the node, and the ending point, so that the node does not begin or end at an arbitrary point in space. Sometimes there is good reason to start or stop a node at an arbitrary point, but it is not all that often. I also pay attention to the continuation arrows on the P&IDs and red-line any mistakes in the continuation arrows during the noding phase. NOTE: It is very rare that you will not find any mistakes on the P&IDs. Once I get all of the PSM covered pieces of equipment noded, I review the nodes on each P&ID, along with the continuation arrows, and confirm that the only lines that are not highlighted into a node is either considered a utility or non-PSM that does not require being covered under a node. Occasionally you will have to correspond with the client to a get answers to questions regarding process flow if the P&IDs are marked incorrectly and you cannot find where a line continues to. This process simply takes practice and the more PHAs you facilitate, and the more nodes you develop, the easier it will become. Finally, once I have all of the nodes drawn, then I go back and number them to follow process flow as much as possible. It is also helpful to develop a pattern in your node numbering in regard to process flow. An example of this is when you have flow into a vessel, but the outward flow is vapor at the top and liquid at the bottom, then I am consistent in either going vapor first and liquid second, or vice versa, on every piece of equipment that has separate vapor and liquid outlets. The consistency will help the participants in the PHA once you start the analysis as they will see the pattern and make it easier for them to follow along. Once I get the nodes drawn and numbered and have no further questions to be answered from the client, I scan and send the client the P&IDs with the nodes and let them look over and see if they have any comments or questions. I like to give these to the client one or two weeks prior to the PHA to leave time for any comments and potential adjustments that will need to be made.
Now that the nodes are drawn and numbered and you have sent them to the client for review, it is time to set up the software. No matter which software has been selected, my process for preparing is the same. I first enter all of the drawings into the drawing library, to include P&ID number, title, revision number and revision date. The next step is to enter the nodes into the software. Depending on the software being used, I enter the node number, I give it a title, typically the name and number of the critical piece of equipment in the node, and the color of the node (i.e. blue, red, green, etc.). In most cases you will also have to select the deviations that will be utilized for that node. What deviations are used in a node will depend on the types of equipment that are in the node. For example, all nodes will have Flow, Temperature and Pressure, but only nodes with a vessel that has a level that is controlled will have Level and only a node with an exchanger will have Tube Leak or Rupture. Again, this comes with experience as to how quickly you can identify the deviations to be used for each node. I also put the deviations in the same order in each node for consistency and I ALWAYS start with the Flow deviation. NOTE: I always start with Flow because once you cover flow, you have typically covered 85-90% of the consequences from all deviations. Once I get all of the nodes entered into the software, I then connect the appropriate drawings from the drawing library entered earlier to each applicable node.
The next item for preparation in the software is to enter the risk matrix. All the software’s have different ways to enter the matrix, so refer to the instructions for the software you are using to enter the risk matrix and ensure that the matrix is oriented the correct way and each axis is correct.
Now that these items are prepared in the software, there is one additional exercise I use to streamline the PHA. I pre-populate the causes in each node. I go through each deviation, starting with flow, and add the causes. You may add more causes during the course of executing the PHA, but you will cover 90+% by pre-populating the causes in each node and it will save an enormous amount of time. As an example, I start with the deviation Flow and more specifically, Low/No Flow. I start at the beginning of the node and follow the process flow and create a cause that will reduce or stop flow in the node. I also use specific terminology. If I have a manual valve, then I will document the cause as 10” block valve inadvertently closed. If I have a control valve, then I will document the cause as PCV-100 malfunctions closed. To clarify, I use the term “inadvertently” for manual valves and “malfunctions” for control valves. I use the term “malfunctions” for control valves because most all control valves have a fail-safe position, either fail closed (FC) or fail open (FO), and to remove the conversation about how a fail closed valve can fail open, I use the term “malfunctions” universally for control valves. If you actually want to be more accurate, if a control valve is a FC valve, then the cause for Low/No Flow would be “fails closed” and the cause for High Flow would be “malfunctions open”. Either method is acceptable, just be consistent throughout the analysis. NOTE: Depending on the size of the PHA, this exercise of pre-populating the causes can save you many hours, to even a day or two, in the execution phase.
Once we have all of the process nodes completed, there are a few additional nodes that need to be added, Utilities/Services node, Facility Siting node and Human Factors node. Utilities/Services node will be for a global discussion of the utilities that have some impact on the unit that is being evaluated. These include, but not limited to, Electrical Power, Instrument Air, Steam Systems, Cooling Water Systems, DCS and PLC Systems, or any other system deemed to be a utility for the system being evaluated. These systems are typically looked at in a global fashion and not valve by valve. By that, I mean that we want to look at the consequence of a global loss of these systems. If electrical power goes away, what happens to the unit. This will depend on several factors, does the facility generate its own power or use commercial power? If commercial power, are there one or more independent sources into the facility? Does the facility utilize a UPS system or have back-up generators, and any other factors that affect the facility/system from a global perspective?
The remaining two nodes, Facility Siting and Human Factors are typically checklists and most software programs have these checklists available in their libraries already. If the software you are using does not have this functionality, then you can ask the client if they have a specific checklist they use, or you can obtain the standard checklists online.
So now let’s recap what we have done. We have collected all of the appropriate data from the client, we drew the nodes and sent to client for review and prepared the software, including pre-populating causes. Now we just have a few more things to do to prepare for the execution of the PHA. Clarify with the client who is going to make copies of the drawings for the participants. This is important as you don’t want to show up to do the PHA and no one made copies of the drawings for the participants, it will be a big time waster if not done ahead of time. This is also important if you have to travel to the location where the PHA is being held. I do not like to have to carry 20 copies of drawings on an airplane for a PHA, so I always arrange ahead of time who is going to make the copies, or if a copy machine is available at the site where the PHA is being held, I can ensure that I arrive early enough to make copies for all of the participants. I also bring a hard copy of the Risk Matrix with me to hand out to the participants, so each member has one to refer to. This is something that I usually just bring with me as it is usually just 10-20 copies.
The last item I can offer to help the PHA go smoothly is perhaps one of the most important, the setting of the ground rules with the participants at the beginning of the execution phase. I have four ground rules that I lay out for the participants at the beginning, right after the introductions:
1) Hazards, Controls and Consequences of their failure. (This is really not a ground rule but is the reason that we are gathering together to conduct a PHA. I also stress to the team here that a PHA is a single fault analysis.)
2) We view everything from the process point of view. What I mean here is that I pretend that I am a particle in the pipe and if the valve is shut, I stop, if the valve is open, I can move. It is not about what an operator would or wouldn’t do, it’s a simple matter of whether the valve is open or closed and can I move or not.
3) Failure of a safeguard is never the cause of the deviation it protects against. The example I use here is that a Relief Valve is the safeguard for an overpressure scenario on a vessel and we will not fail the Relief Valve in an overpressure scenario because we would get into a vicious cycle of wanting to put safeguards on safeguards and that is not the point of a PHA.
4) We are NOT here to solve the problem; we are here to identify any potential problems and if we identify one, we will make a recommendation to correct the problem that can be evaluated after the PHA is completed. (I will typically allow some discussion to occur on a potential problem, if time allows and the conversation is beneficial, but if people get too far off track, then I end the conversation and stress that they can revisit and resolve the issue after the PHA is completed.
I then ask if anyone has any questions or comments and once that is completed, we go to node 1 and get started.
These preparation activities have proven to be instrumental in making a PHA go smoothly, efficiently and very effective for the participants and the client. The activities do take time, but they are well worth it! Good luck on your future PHAs.