What is the meaning of "probability of failure on demand" and other LOPA terminology?
Probability of failure on demand (PFD) quantifies the chance that a specific safeguard won't perform its intended function when required. For instance, consider a shutdown valve that should close when a hazardous event (say, high level in a tank) arises. Failure of the valve to shut could result in a major consequence (such as a tank overflow). If that valve fails to close once every one hundred times, then its PFD is 0.01. Devices with smaller PFD values help reduce risk more than those with higher PFD values. Today, many electronic instruments are certified to have specific expected PFD values.
In a broad sense, failures come in two types: dangerous (as described above), and safe (ones that don't result in a hazardous situation). However, safe failures -- sometimes also known as spurious trips -- can have consequences such as plant interruptions.
Another common LOPA term is "independent protection layer" (IPL). This is a safeguard that works independently of others. Some examples are relief valves, basic process control systems, interlocks, and alarms (if they are maintained and give an operator adequate time to respond to prevent a hazardous event from occurring).
To be effective, an IPL should be:
• specific for preventing a given hazardous event;
• independent, that is, not influenced by the performance of other safeguards;
• dependable, that is, effective in reducing risk in accordance with its PFD value (which requires the IPL to be properly specified and installed); and
• auditable, that is, inspected and maintained at specific intervals.
LOPA also uses the term "acceptable risk." This indicates the number of occurrences a company can tolerate per year. For instance, 1.0e-04 per year means one event every 10,000 years. The acceptable risk level depends on a number of factors including the size of the event (those with offsite impact or that could cause injuries or fatalities will need to be very infrequent, for instance, 1e-05), litigation, and company reputation. In several countries, regulations dictate the acceptable risk level.
What is the LOPA process?
LOPA is performed on relatively "high risk" hazardous events identified by a HAZOP. For each such event, LOPA evaluates the extent of protection provided by the existing safeguards and compares that with a company's desired level of protection. If a deficiency exists, additional safeguards are recommended.
The process of risk assessment and risk management is not a one-time activity. It's a process that continues throughout the life of a project or a plant.
How many IPLs do I need?
The number depends on the specific hazardous event, its acceptable versus current risk level, and risk reduction (probability of failure) provided by each safeguard.
How do I determine the level of protection required?
This depends on the severity of a consequence and corporate risk-tolerance policy. Of course, a company can accept an event that could result in multiple injuries or a major environmental or public-image impact far less frequently than one that has relatively minor safety or other consequences.
In several countries, regulations drive the level of protection required.
Can LOPA go wrong?
Yes. The acronym GIGO (garbage in, garbage out) applies here. Assigning inappropriate PFD values renders a LOPA useless. Wrong PFD numbers or improper consideration of safeguards can lead to inadequate or excessive (and not economically justifiable) protection. LOPA, if not correctly applied, could become a mere number-crunching exercise (playing with PFD values). Having a seasoned facilitator, an experienced LOPA team, and updated relevant documents helps ensure a proper LOPA. Keep in mind that PFD numbers are average values. For a number of safeguards, average PFD values are available in the literature (e.g., in books from the Center for Chemical Process Safety, http://www.aiche.org/ccps); these values tend to be conservative.
Finally, selecting the right instruments, as well as proper application, installation and maintenance are the key elements to enhance safety in conjunction with LOPA.
G.C. SHAH, PE, CFSE, CSP, CIH, is a safety, environmental and industrial hygiene professional at Mustang Engineering, Houston. E-mail him at firstname.lastname@example.org.