Home Home Sitemap Sitemap
Our Services - Process Engineering Solutions - Layers of Protection Analysis (LOPA)
 

BACKGROUND

Traditional process hazard analysis identifies the need for additional safeguards but is based on subjective engineering judgement. This invariably leads to differences of opinion, which in some cases results in the implementation of risk reduction measures that are ineffectual. A more objective and rational methodology is required for identifying and recommending safeguards on a justifiable basis, hence the development of Layers of Protection Analysis (LOPA).

THE LOPA METHOD

LOPA is a simplified risk assessment methodology. The risk of hazard scenarios can be evaluated and compared against criteria for risk tolerance to establish whether existing safeguards are adequate and/or if additional safeguards are required.

LOPA is a semi-quantitative method of risk analysis. The consequence evaluation is qualitative and the evaluation of the event likelihood is quantitative, based upon "order of magnitude" estimates of the initiating event frequency and the availability of the protection layers. The basic concept of LOPA is summarized in the following steps:

1. Identify impact events, determine the types of impact, and classify event severity (Target Mitigated Event Likelihood - TMEL).
2. List the causes for each impact event.
3. Estimate the frequency of each initiating cause (CF).
4. List the Protection Layers (PLs) for each cause-consequence pair and assign Probabilities of Failure on Demand (PFD).
5. Determine the PFD for the system using the equation

PFD(System) = TMEL / [CF(Sum) * PFD(n)]

6. Calculate the mitigated event frequency for each cause-consequence pair.
7. Sum the frequencies for each cause-consequence pair that will place a demand on the Safety Instrumented System (SIS).
8. Compare the total mitigated event likelihood to the acceptability criteria for the associated event severity classification.
9. Determine Safety Integrity Level (SIL) based upon required risk reduction or identify other risk reduction measures, if required to meet the risk acceptability criteria.

LOPA uses a multi-disciplined team (operations, process engineering, instrument or electrical, reliability, etc.). This ensures that more informed judgments on risk reduction measures can be made based on pooling together individual process expertise or experience.

LOPA fits well with the real world as it takes into account the Basic Process Control System (BPCS), operator response, mechanical design, etc. It allows some credit to be taken for all protection layers and sets an acceptable risk target for hazards by severity level.

LOPA ADVANTAGES

- Credit for safeguards in place to reduce hazardous event.
- Repeatable.
- Can be used as part of PHA.

LOPA DISADVANTAGES

- Process needs defining.
- Implementation.

LOPA IN DETAIL

A variety of protection layers (safeguards) are normally designed to provide additional defence against major or catastrophic incidents. These safeguards should be able to prevent a scenario escalating into an undesirable event and will comprise of devices, systems or actions. Examples of such safeguards include:

1. Emergency response plans for site and surrounds.
2. Relief devices (i.e. physical protection).
3. Suppression systems for flammable or toxic releases.
4. Safety Instrumented Systems (SIS).
5. Inherent safety design features.

It is desirable for the protection layers to be independent from one another so that any one will perform its function regardless of the action or failure of any other protection layer or the initiating event. Protection layers meeting this criterion are termed Independent Protection Layers (IPL).

Using the equation for PFDsystem outlined in (6) above the following interpretations can be made:

1. If the result greater than or equal to 1, the protection is adequate without any additional protection layers being required.
2. If the result is less than 1 but greater than 10-1, then the protection layers should be reviewed for adequacy, but a SIS or additional protection layer is not necessarily required.
3. If the result is less than or equal to 10-1, then the result indicates the requirement of additional protection layers, which could be an SIS.

The tables below detail typical values for initiating causes (frequencies) and independent protection layers (PFDs).

TABLE 1: TYPICAL CAUSE FREQUENCIES

Initiating Cause / Cause Frequency (Events/Year)
Pumps and related equipment / 1E-01
Operator Error / 1E-01 events multiplied by number of times tasks are done per year
Control Loop Failure / 1E-02
Relief valve failure / 1E-02

TABLE 2: TYPICAL IPL AND MITIGATION PFDs

Independent Protection Layer / PFD (Events/Year)
Response to alarms (operator) / 1E-01
Training of Operator / 1E-02
Control Loop / 1E-02
Relief valve / 1E-02

Additional initiating causes and protection layers can be developed using the experience of the operators and the multi-disciplined team.

HOW SAFE IS SAFE ENOUGH?

The LOPA methodology will only be effective with risk tolerance criteria in place as the typical human response would be to keep adding safeguards even after a point where additional safeguards are unnecessary. The risk criteria help focus resources on the critical safeguards required to achieve tolerable risk. Thus, risk tolerance criteria need to be established for LOPA to answer the 'how safe is safe enough' question.

LOPA will also assist in determining what level of risk reduction is required and the number of protection layers that should be implemented. However, it does not assist in the selection of which specific independent protection layers should be used.

HOW DOES LOPA FIT IN WITH HAZARD ANALYSIS AND QRA?

LOPA is seen as an additional screening step between the findings of a Hazard analysis and the commencement of a QRA. The hazard analysis should be tailored to facilitate the subsequent LOPA study by a variety of means including clarifying initiating events, expressing consequences in a LOPA format, identifying and logging safeguards etc.

Once the LOPA study has been completed a QRA can be carried out on the targeted processes and the scenario risk results should be lower than the more conservative LOPA method.

TRIDENT CONSULTANTS

Trident offers a variety of LOPA services from staff training through to actually carrying out LOPA studies and customizing the LOPA method for your company. If you require further information on how Trident Consultants can assist you with this methodology please contact us.



















Copyright 2008 Trident Consultants.
All Rights Reserved.
br