A disproportionate percentage of process safety incidents have occurred during transient operations, which include those conducted infrequently such as startups or shutdowns as well as abnormal or emergency events. A typical refining or petrochemical facility will spend less than 10% of its time in transient operations — yet 50+% of process safety incidents occur during these operations (Figure 1) [1–3]. Deficiencies in procedures and employee training often are cited as root causes of these incidents. The increased reliability and extended turnaround intervals of plants result in less familiarity with tasks outside of normal operations. So, while it's critically important to follow procedures during transient operations, a high percentage of procedural violations are found to occur during them.
Here we present a Hazard and Operability (HAZOP) methodology designed to verify that hazards of transient operations are identified and adequately controlled. This approach already has proven its value at ExxonMobil sites.
Types of Transient Operations
The HAZOP process must consider two categories of operations that have potential for an acute loss of containment, resulting in a higher consequence incident:
1. Non-routine operations or planned operations that infrequently occur. Such events include: startup of a major unit, including startup from total shutdown; shutdown or startup of major equipment within a process; operating with a non-standard equipment configuration on a unit, such as a major pump or compressor out of service, inventory shortages or excesses, boiler unavailable, and non-routine testing of a critical device with potential to shut down a unit; and unique or unusual feedstock or grade changes (throughput or quality).
2. Abnormal or unplanned operations. Examples include: operations outside of equipment's design specifications; those past the point where routine corrective actions will work, e.g., reactor runaway; unplanned abnormal equipment configuration; unscheduled unit shutdown; emergency operator actions, including responses to "SHE [safety, health, environmental] critical" alarms; and a loss-of-containment event.
Transient operations may include catalyst change-out or regeneration, decoking, fired heater lighting or other non-routine or abnormal chores.
A common element in transient operations is the requirement for increased human interaction with the process. Often the operator and procedural controls are the key layer of protection for preventing an incident. Reduced operator experience — because of retirements, longer turnaround intervals, and more reliable units — frequently results in more reliance on procedures as a source of information and a critical layer of protection against process hazards.
In the United States, OSHA 1910.119, "Process Safety Management of Highly Hazardous Chemicals," requires that an initial process hazard analysis (PHA) completed on a covered process be updated and revalidated at least once every five years . Given a sound management of change (MOC) system to identify, evaluate and ensure the adequacy of controls managing risks associated with the newly introduced hazards, historically a significant reduction in HAZOP findings occurs after two to three cycles of a traditional "redo" HAZOP/PHA. Figure 2 illustrates an example of these diminishing returns.