(Part 2 of 2: Revalidation PHAs)
Jay G. Stittleburg
Project Manager, Novetus Engineering LLC
As a Process Hazard Analysis (PHA) facilitator, you might ask yourself, “What can I do to make this PHA add value to all the participants?” Well, this is a great question and the answer boils down to how well you prepare before you ever set foot in the room. The method you use to prepare for a PHA will dictate how much value is added to the client. My goal in facilitating a PHA is to provide a service that not only helps to ensure that the appropriate safeguards are in place for several scenarios, but to provide a learning experience for everyone in the room, regardless of the years of experience. The best compliment that I can get as a PHA facilitator is to have a participant come up to me after we finish and say, “I have sat through PHAs for 20 years and this is the first time I learned something during a PHA.” It can be done and here is how you get there.
The first factor to verify is the type of PHA that is going to be conducted, initial, redo or revalidation. This discussion is going to focus on a revalidation PHA, initial and redo PHAs were discussed in part 1. For clarification, a revalidation PHA is a PHA that is being performed on a system, or unit, that has had a previous PHA performed and instead of doing the PHA from scratch, a revalidation PHA will revisit those parts of the unit, or system, that have had an MOC completed that can potentially affect the process, operation or safeguards associated with specific consequences. Once you have confirmed that the PHA is a revalidation, then there are several pieces of information and documents that you need to collect to prepare for the PHA, to include drawings (to include Piping and Instrumentation Diagrams (P&IDs) or Process Flow Diagrams (PFDs)), Management of Change (MOCs), risk matrix, any additional client based risk ranking information, what software, Layers of Protection Analysis (LOPA) or no LOPA, and the previous PHA conducted, including the noded drawings.
So, let’s dive into this list, first up is drawings. What drawings do you need? You need the most recent revision of the P&IDs for the unit or system on which you will be conducting the PHA and the noded P&IDs from the previous PHA. It can also be helpful to ask for the PFDs for the unit or system as well. They may, or may not, be available, but if they are, go ahead and get them. The most recent revision of the P&IDs is required to verify that any MOC’s that have been executed and completed since the last PHA have been incorporated into the drawings and to follow the same nodes as the previous PHA.
Next is any Management of Change (MOC) that has occurred since the last PHA. This is an important step for revalidation PHAs to ensure that changes brought about by the MOC process have been incorporated into the Process Safety Information (PSI). These changes will be the focus of the PHA sessions in evaluating the impact of the changes on the consequences and safeguards.
The next item is the client risk matrix. You will need the client risk matrix in order to prepare the software and program the matrix into the chosen software for analysis. You also need to ask the client if they have any additional risk ranking documentation that needs to be maintained during the course of the PHA. Some clients have additional requirements, and some do not. It is always beneficial to ask the client for the native file of the previous PHA, as it will reduce the overall preparation time. It will also be important to ask the client what overall risk rankings may require a recommendation in the PHA for consequences that get risk ranked. For example, if the overall risk rankings are from 1 to 5, with 1 being the worst case, then the client may have a requirement to have a recommendation if the overall risk ranking is 1 or 2 and recommendations are still allowed for overall risk rankings 3 to 5, but not required.
Along with the above discussion regarding the risk matrix and when a recommendation may be required, it is also important to understand if the client conducts LOPA along with a PHA. Some clients do this, and others do not, so it is important to verify. If a client does not conduct LOPA with a PHA, then there is no further information required regarding the risk matrix and recommendations requirements, but if the client does do LOPA in conjunction with a PHA, then there is additional information that will be required for you to collect. That further information will include what is the clients LOPA Ratio (LR), Targeted Mitigated Event Likelihood (TMEL), Initiating Cause Likelihood (ICL), Conditional Modifiers (CM), Enabling Event Probability (EEP), Probability of Failure on Demand (PFD) and Independent Protection Layers (IPL). Some clients may not necessarily utilize all of the above items, i.e. CM and/or EEP, but they should have a corporate guidance on LOPA values that you need to program into the software to ensure that the LOPA calculations are correct during the analysis. Additionally, the client will also provide the criteria during the PHA that will trigger a LOPA for a specific consequence. Ensure that you understand the triggers for LOPA to ensure a smooth transition during the course of the PHA.
The last item that needs to be confirmed is the software that you will utilize during the PHA. First ask the client if they have a preference of software for documenting a PHA and ask for the native file of the previous PHA. The typical choices for software are PHAWorks©, PHAPro© and Leader©. Truthfully, some clients have a preference, and some do not, however it is good to know that most clients that conduct LOPA with their PHAs will have a software requirement, often times PHAPro©. They will also send you their PHAPro© template which already has the risk matrix and LOPA criteria already programmed into the software and saving you that preparation work. That being said, if the client does not have a preference, then use the software that works best for you.
Now that we have worked through the above information and have collected all of the necessary information, it is time to start preparing for the PHA. The first step to preform is to draw the nodes on the latest revision of the P&IDs. You should use the previous PHA and look at the nodes that were drawn and re-use them. Although there is no specific guidance on how to develop the nodes for a PHA under the PSM regulations, the easiest way to conduct a revalidation PHA is to utilize the same nodes as the previous PHA, but verify that the nodes make sense the way they were drawn. Once I get all of the nodes redrawn, I review the nodes on each P&ID to confirm all PSM equipment is covered, along with the continuation arrows, and confirm that the only lines that are not highlighted into a node is either considered a utility or non-PSM that does not require being covered under a node. Occasionally you will have to correspond with the client to a get answers to questions regarding process flow if the P&IDs are marked incorrectly and you cannot find where a line continues to. NOTE: For a revalidation PHA, I number the nodes as I redraw them to ensure that they correspond exactly as the previous PHA. Once I get the nodes redrawn and numbered and have no further questions to be answered from the client, I scan and send the client the P&IDs with the nodes and let them look over and see if they have any comments or questions. I like to give these to the client one or two weeks prior to the PHA to leave time for any comments and potential adjustments that will need to be made.
Now that the nodes are redrawn and numbered and you have sent them to the client for review, it is time to set up the software. There will be two approaches for this step based on whether you received the native file from the previous PHA or not and verifying that the client wants to continue using the same software as the previous PHA. I will start this discussion assuming that you did not receive the native file from the previous PHA and will use either the same software or a different software as the previous PHA. In this case, the setting up of the software is similar to that of an initial or redo PHA.
The first item for preparation in the software is to enter the risk matrix. All the software’s have different ways to enter the matrix, so refer to the instructions for the software you are using to enter the risk matrix and ensure that the matrix is oriented the correct way and each axis is correct. I do this step first for revalidation PHAs because you will need the risk matrix set up first before entering the nodes as I will discuss next.
The next step is to enter all of the drawings into the drawing library, to include P&ID number, title, revision number and revision date. The next step is to enter the nodes into the software. Depending on the software being used, I enter the node number, I use the same titles and colors for each node that were used in the previous PHA from the PHA report. I also enter the same deviations and causes as the previous PHA for each node. At this point, I now review each node and identify which nodes have had changes made since the previous PHA that would affect the consequences and/or safeguards. For those deviations and causes that have no changes, I copy the consequences, safeguards and risk rankings as applicable. For those items that have had a change that affects consequences and/or safeguards, I leave those blank and they will be evaluated during the PHA sessions with the PHA team. This last part will take significantly more time than this part of the preparation for an initial or redo PHA. The objective of this part of the preparation is to be thorough in this evaluation so that the time spent with the PHA team in session time is significantly reduced when compared to an initial or redo PHA. Once I get all of the nodes entered into the software, I then connect the appropriate drawings from the drawing library entered earlier to each applicable node.
If you did receive the native file for the previous PHA, then this process is shortened, but the same process is followed. I verify the risk matrix and update the revision numbers and dates on the drawings in the software. Once that is completed, I go through each node and use the same process of evaluating which deviations and/or causes will be affected by the changes made on the unit/system since the last PHA and for those I identify what will require updating, and I delete the consequences and/or safeguards for those items. The final result of this process will be the same as the results of the above process, just much less typing and information to fill in.
Once we have all of the process nodes completed, there are a few additional nodes that need to be added, Utilities/Services node, Facility Siting node and Human Factors node. Utilities/Services node will be for a global discussion of the utilities that have some impact on the unit that is being evaluated. These include, but not limited to, Electrical Power, Instrument Air, Steam Systems, Cooling Water Systems, DCS and PLC Systems, or any other system that is deemed a utility to the system being evaluated. These systems are typically looked at in a global fashion and not valve by valve. By that, I mean that we want to look at the consequence of a global loss of these systems. If electrical power goes away, what happens to the unit. This will depend on several factors, does the facility generate its own power or use commercial power? If commercial power, are there one or more independent sources into the facility? Does the facility utilize a UPS system or have back-up generators, or any other factor that may affect the facility/system from a global perspective? I use the same approach as the process nodes in that I copy what was documented in the last PHA. I will also verify item by item with the PHA team during the sessions that all the consequences and/or safeguards are still valid and applicable.
The remaining two nodes, Facility Siting and Human Factors are typically checklists and most software programs have these checklists available in their libraries already. If the software you are using does not have this functionality, then you can ask the client if they have a specific checklist they use, or you can obtain the standard checklists online. I will go through these checklists the same as for an initial or redo PHA and do not copy the answers from the previous PHA.
The last step in a PHA, no matter if it is an initial, redo or revalidation PHA is to review all of the incident reports that have occurred since the last PHA and identify any potential trends in incidents that can potentially be mitigated by a change in the process. This review is to be documented in the PHA report and any further action that may be required based on the review of incidents should also be documented.
So now let’s recap what we have done. We have collected all of the appropriate data from the client, we drew the nodes and sent to client for review and prepared the software, including identifying which deviations and causes will need to be revisited. Now we just have a few more things to do to prepare for the execution of the PHA. Clarify with the client who is going to make copies of the drawings for the participants. This is important as you don’t want to show up to do the PHA and no one made copies of the drawings for the participants, it will be a big time waster if not done ahead of time. This is also important if you have to travel to the location where the PHA is being held. I do not like to have to carry 20 copies of drawings on an airplane for a PHA, so I always arrange ahead of time who is going to make the copies, or if a copy machine is available at the site where the PHA is being held, I can ensure that I arrive early enough to make copies for all of the participants. I also bring a hard copy of the Risk Matrix with me to hand out to the participants, so each member has one to refer to. This is something that I usually just bring with me as it is usually just 10-20 copies.
The last item I can offer to help the PHA go smoothly is perhaps one of the most important, the setting of the ground rules with the participants at the beginning of the execution phase. I have four ground rules that I lay out for the participants at the beginning, right after the introductions:
1) Hazards, Controls and Consequences of their failure. (This is really not a ground rule but is the reason that we are gathering together to conduct a PHA. I also stress to the team here that a PHA is a single fault analysis.)
2) We view everything from the process point of view. What I mean here is that I pretend that I am a particle in the pipe and if the valve is shut, I stop, if the valve is open, I can move. It is not about what an operator would or wouldn’t do, it’s a simple matter of whether the valve is open or closed and can I move or not.
3) Failure of a safeguard is never the cause of the deviation it protects against. The example I use here is that a Relief Valve is the safeguard for an overpressure scenario on a vessel and we will not fail the Relief Valve in an overpressure scenario because we would get into a vicious cycle of wanting to put safeguards on safeguards and that is not the point of a PHA.
4) We are NOT here to solve the problem; we are here to identify any potential problems and if we identify one, we will make a recommendation to correct the problem that can be evaluated after the PHA is completed. (I will typically allow some discussion to occur on a potential problem, if time allows and the conversation is beneficial, but if people get too far off track, then I end the conversation and stress that they can revisit and resolve the issue after the PHA is completed).
I then ask if anyone has any questions or comments and once that is completed, we go to node 1 and get started.
These preparation activities have proven to be instrumental in making a PHA go smoothly, efficiently and very effective for the participants and the client. The activities do take time, but they are well worth it! Good luck on your future PHAs.