Layers of protection analysis

Last updated June 29, 2024

Layers of protection analysis (LOPA) is a technique for evaluating the hazards, risks and layers of protection associated with a system, such as a chemical process plant. In terms of complexity and rigour LOPA lies between qualitative techniques such as hazard and operability studies (HAZOP) and quantitative techniques such as fault trees and event trees.^[1] LOPA is used to identify scenarios that present the greatest risk and assists in considering how that risk could be reduced.

Introduction

LOPA is a risk assessment technique that uses rules to evaluate the frequency of an initiating event, the independent protection layers (IPL), and the consequences of the event. LOPA aims to identify the countermeasures available against the potential consequences of a risk. An IPL is a device, system or action that prevents a scenario from escalating. The effectiveness of an IPL is quantified by its probability of failure on demand (PFD), in the range 0 to 1.^[2] An IPL must be independent of the other protective layers and its functionality must be capable of validation.^[3]

LOPA was developed in the 1990s in the chemical process industry but has found wider application.^[4] In functional safety, LOPA is often used to allocate a safety integrity level to instrumented protective functions. When this occurs in the context of the analysis of process plants, LOPA generally leverages the results of a preceding HAZOP.^[1] LOPA is complementary to HAZOP and can generate a second in-depth analysis of a scenario, which can be used to challenge the HAZOP findings in terms of failure events and safeguards.^[3]

Layers of protection in process plants

Safety protection systems for process plant typically comprises eight layers:^[2]


Layer of protection	Protection measure	Examples	Safeguards
Layer 1	Process design	Design to standards, inherently safer design
Layer 2	Basic controls	Process controls, process alarms (yellow), operator supervision
Layer 3	Critical alarms	Process alarms (red), operator intervention	Preventive safeguards
Layer 4	Automatic actions	Shutdown, emergency shutdown (ESD)
Layer 5	Physical protection	Relief valves, rupture discs, fire and gas system
Layer 6	Physical protection	Firewalls, dikes, berms, bunds (local containment)	Mitigative safeguards
Layer 7	Plant emergency response	Emergency response teams, muster, evacuation
Layer 8	Community emergency response	Warning, evacuation, emergency services

LOPA is used to determine how a process deviation can lead to a hazardous event if not interrupted by an IPL.^[2]

The LOPA procedure

LOPA is a risk assessment undertaken on a 'one cause–one consequence' pair. The steps of a LOPA risk assessment are:^[4]

Identify the consequences, using a risk matrix
Define the risk tolerance criteria (RTC), based on the tolerable/intolerable regions on the risk matrix
Define the relevant accident scenario, e.g. mechanical or human failure
Determine the initiating event frequency, again using the risk matrix
Identify the conditions and estimate the probability of failure on demand (PFD)
Estimate the frequency of unmitigated consequences
Identify the IPLs and estimate the PFD for each one
Determine the frequency of mitigated consequences
Evaluate the need for additional IPLs.

Risk matrix for frequencies and consequences^[2]
			Consequences
Effect on reputation			Negligible	Marginal	Critical	Catastrophic
Cost (indicative)			$0.1m	$1.0m	$10m	≥$50m
Frequency	Improbable	1/100/yr	Low	Medium	Medium	Serious
	Remote	1/50/yr	Low	Medium	Medium	Serious
	Occasional	1/10/yr	Low	Medium	Serious	High
	Probable	1/2/yr	Medium	Serious	High	High
	Frequent	1/½/yr	Medium	Serious	High	High

Other uses

Although the LOPA methodology started in the process industry, the technique can be used in other fields, including:^[4]

General design
Management of change
Facilities siting risk
Mechanical integrity programs
Incident investigations
Screening tool for Quantified Risk Assessment (QRA)

Related Research Articles

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety engineering assures that a life-critical system behaves as needed, even when components fail.

Fault tree analysis (FTA) is a type of failure analysis in which an undesired state of a system is examined. This analysis method is mainly used in safety engineering and reliability engineering to understand how systems can fail, to identify the best ways to reduce risk and to determine event rates of a safety accident or a particular system level (functional) failure. FTA is used in the aerospace, nuclear power, chemical and process, pharmaceutical, petrochemical and other high-hazard industries; but is also used in fields as diverse as risk factor identification relating to social service system failure. FTA is also used in software engineering for debugging purposes and is closely related to cause-elimination technique used to detect bugs.

Risk assessment determines possible mishaps, their likelihood and consequences, and the tolerances for such events. The results of this process may be expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a broader risk management strategy to help reduce any potential risk-related consequences.

<span class="mw-page-title-main">Failure mode and effects analysis</span> Analysis of potential system failures

Failure mode and effects analysis is the process of reviewing as many components, assemblies, and subsystems as possible to identify potential failure modes in a system and their causes and effects. For each component, the failure modes and their resulting effects on the rest of the system are recorded in a specific FMEA worksheet. There are numerous variations of such worksheets. An FMEA can be a qualitative analysis, but may be put on a quantitative basis when mathematical failure rate models are combined with a statistical failure mode ratio database. It was one of the first highly structured, systematic techniques for failure analysis. It was developed by reliability engineers in the late 1950s to study problems that might arise from malfunctions of military systems. An FMEA is often the first step of a system reliability study.

Process Safety Managementof Highly Hazardous Chemicals is a regulation promulgated by the U.S. Occupational Safety and Health Administration (OSHA). It defines and regulates a process safety management (PSM) program for plants using, storing, manufacturing, handling or carrying out on-site movement of hazardous materials above defined amount thresholds. Companies affected by the regulation usually build a compliant process safety management system and integrate it in their safety management system. Non-U.S. companies frequently choose on a voluntary basis to use the OSHA scheme in their business.

Probabilistic risk assessment (PRA) is a systematic and comprehensive methodology to evaluate risks associated with a complex engineered technological entity or the effects of stressors on the environment.

In functional safety, safety integrity level (SIL) is defined as the relative level of risk-reduction provided by a safety instrumented function (SIF), i.e. the measurement of the performance required of the SIF.

A hazard analysis is one of many methods that may be used to assess risk. At its core, the process entails describing a system object that intends to conduct some activity. During the performance of that activity, an adverse event may be encountered that could cause or contribute to an occurrence. Finally, that occurrence will result in some outcome that may be measured in terms of the degree of loss or harm. This outcome may be measured on a continuous scale, such as an amount of monetary loss, or the outcomes may be categorized into various levels of severity.

In functional safety a safety instrumented system (SIS) is an engineered set of hardware and software controls which provides a protection layer that shuts down a chemical, nuclear, electrical, or mechanical system, or part of it, if a hazardous condition is detected.

A hazard and operability study (HAZOP) is a structured and systematic examination of a complex system, usually a process facility, in order to identify hazards to personnel, equipment or the environment, as well as operability problems that could affect operations efficiency. It is the foremost hazard identification tool in the domain of process safety. The intention of performing a HAZOP is to review the design to pick up design and engineering issues that may otherwise not have been found. The technique is based on breaking the overall complex design of the process into a number of simpler sections called nodes which are then individually reviewed. It is carried out by a suitably experienced multi-disciplinary team during a series of meetings. The HAZOP technique is qualitative and aims to stimulate the imagination of participants to identify potential hazards and operability problems. Structure and direction are given to the review process by applying standardized guideword prompts to the review of each node. A relevant IEC standard calls for team members to display 'intuition and good judgement' and for the meetings to be held in "an atmosphere of critical thinking in a frank and open atmosphere [sic]."

A job safety analysis (JSA) is a procedure that helps integrate accepted safety and health principles and practices into a particular task or job operation. The goal of a JSA is to identify potential hazards of a specific role and recommend procedures to control or prevent these hazards.

Process safety is an interdisciplinary engineering domain focusing on the study, prevention, and management of large-scale fires, explosions and chemical accidents in process plants or other facilities dealing with hazardous materials, such as refineries and oil and gas production installations. Thus, process safety is generally concerned with the prevention of, control of, mitigation of and recovery from unintentional hazardous materials releases that can have a serious effect to people, plant and/or the environment.

A process hazard analysis (PHA) (or process hazard evaluation) is an exercise for the identification of hazards of a process facility and the qualitative or semi-quantitative assessment of the associated risk. A PHA provides information intended to assist managers and employees in making decisions for improving safety and reducing the consequences of unwanted or unplanned releases of hazardous materials. A PHA is directed toward analyzing potential causes and consequences of fires, explosions, releases of toxic or flammable chemicals and major spills of hazardous chemicals, and it focuses on equipment, instrumentation, utilities, human actions, and external factors that might impact the process. It is one of the elements of OSHA's program for Process Safety Management.

The Technique for human error-rate prediction (THERP) is a technique that is used in the field of Human Reliability Assessment (HRA) to evaluate the probability of human error occurring throughout the completion of a task. From such an analysis, some corrective measures could be taken to reduce the likelihood of errors occurring within a system. The overall goal of THERP is to apply and document probabilistic methodological analyses to increase safety during a given process. THERP is used in fields such as error identification, error quantification and error reduction.

<span class="mw-page-title-main">Hazard</span> Situation or object that can cause damage

A hazard is a potential source of harm. Substances, events, or circumstances can constitute hazards when their nature would potentially allow them to cause damage to health, life, property, or any other interest of value. The probability of that harm being realized in a specific incident, combined with the magnitude of potential harm, make up its risk. This term is often used synonymously in colloquial speech.

In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value, often focusing on negative, undesirable consequences. Many different definitions have been proposed. The international standard definition of risk for common understanding in different applications is "effect of uncertainty on objectives".

ISO/IEC 31010 is a standard concerning risk management codified by The International Organization for Standardization and The International Electrotechnical Commission (IEC). The full name of the standard is ISO.IEC 31010:2019 – Risk management – Risk assessment techniques.

Event tree analysis (ETA) is a forward, top-down, logical modeling technique for both success and failure that explores responses through a single initiating event and lays a path for assessing probabilities of the outcomes and overall system analysis. This analysis technique is used to analyze the effects of functioning or failed systems given that an event has occurred.

A cyber PHA or cyber HAZOP is a safety-oriented methodology to conduct a cybersecurity risk assessment for an industrial control system (ICS) or safety instrumented system (SIS). It is a systematic, consequence-driven approach that is based upon industry standards such as ISA 62443-3-2, ISA TR84.00.09, ISO/IEC 27005:2018, ISO 31000:2009 and NIST Special Publication (SP) 800-39.

References

1 2 CCPS (2001). Layer of Protection Analysis: Simplified Process Risk Assessment. New York, N.Y.: American Institute of Chemical Engineers. ISBN 978-0-816-90811-0.
1 2 3 4 Willey, Ronald J. (2014). "Layer of Protection Analysis". Procedia Engineering . 84: 12–22. doi: 10.1016/j.proeng.2014.10.405 .
1 2 Mokhatab, Saeid; Poe, William A.; Mak, John Y. (2019). Handbook of Natural Gas Transmission and Processing, Principles and Practices (4th ed.). Cambridge, Mass. and Oxford: Gulf Professional Publishing. pp. 517–518. ISBN 978-0-12-815817-3.
1 2 3 Kingsley, John (2017-07-11). "LOPA or Layer of Protection Analysis". LinkedIn . Archived from the original on 2023-12-15. Retrieved 4 September 2023.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 CCPS (2001). Layer of Protection Analysis: Simplified Process Risk Assessment. New York, N.Y.: American Institute of Chemical Engineers. ISBN 978-0-816-90811-0.

[:1-2] 1 2 3 4 Willey, Ronald J. (2014). "Layer of Protection Analysis". Procedia Engineering . 84: 12–22. doi: 10.1016/j.proeng.2014.10.405 .

[:2-3] 1 2 Mokhatab, Saeid; Poe, William A.; Mak, John Y. (2019). Handbook of Natural Gas Transmission and Processing, Principles and Practices (4th ed.). Cambridge, Mass. and Oxford: Gulf Professional Publishing. pp. 517–518. ISBN 978-0-12-815817-3.

[:3-4] 1 2 3 Kingsley, John (2017-07-11). "LOPA or Layer of Protection Analysis". LinkedIn . Archived from the original on 2023-12-15. Retrieved 4 September 2023.

[1]

[2]

[3]

[4]