Fig 1 - available via license: Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported
Content may be subject to copyright.
![Layers of Protection (©AIChE-CCPS) Adapted from Reference [4].](publication/268527070/figure/fig1/AS:295484192247818@1447460329782/Layers-of-Protection-CAIChE-CCPS-Adapted-from-Reference-4.png)
Source publication
![Fig. 1. Layers of Protection (©AIChE-CCPS) Adapted from Reference [4].](publication/268527070/figure/fig1/AS:295484192247818@1447460329782/Layers-of-Protection-CAIChE-CCPS-Adapted-from-Reference-4_Q320.jpg)
![Fig. 2. An example risk matrix from [10].](publication/268527070/figure/fig2/AS:295484192247819@1447460329879/An-example-risk-matrix-from-10_Q320.jpg)
![Fig. 3. Plant destroyed by a rupture of a batch reactor, 1969 [11].](publication/268527070/figure/fig3/AS:295484192247820@1447460329957/Plant-destroyed-by-a-rupture-of-a-batch-reactor-1969-11_Q320.jpg)
![Fig. 4. Reactor destroyed by an over pressurization event [11].](publication/268527070/figure/fig4/AS:295484192247821@1447460329991/Reactor-destroyed-by-an-over-pressurization-event-11_Q320.jpg)
A process hazard analysis (PHA), such as a Hazard and Operability Study (HAZOP), is a useful tool in identifying potential hazard scenarios; however, a PHA can only give a qualitative indication of whether sufficient safeguards exist to mitigate the hazards. Layer of Protection Analysis (LOPA) is a risk management technique commonly used in the che...
Contexts in source publication
Context 1
... of Layer of Protection Analysis (LOPA) began in the chemical process industry in the late 1990s. Arthur Dowell[1, 2] and William Bridges[3], among others, began implementing the technique in their companies and consultancies as a method that captures the main concepts of independent protective safety systems, without requiring a high degree of quantitative analysis. As the method became more widely used in the United States and Europe, guidelines began to be issued by the AIChE Center of Chemical Process Safety (CCPS)[4]. Other international agencies and codes such as the International Electrotechnical Commission (IEC) [5, 6] and International Society of Automation (ISA) [7] began to reference LOPA as a method for determining the required safety integrity level (SIL) for Safety Instrumented Systems (SIS). This paper highlights the practice of LOPA. It is directed to the novice who may wish to apply a layer of protection analysis to a facility and would like a general overview of the methodology . LOPA is a risk assessment methodology which uses simplified, conservative rules to define risk as a function of both frequency and potential consequence severity. LOPA is defined as a simplified risk assessment of a one cause one consequence pair [8]. Companies have developed their own protocols for application of LOPA principles within their risk management systems. A variety of approaches are employed which could use order-of-magnitude, half order-of-magnitude, and decimal math. For simplicity, this paper will use the order-of-magnitude math originally shown in [4]. Conceptually, LOPA is used to understand how a process deviation can lead to a hazardous consequence if not interrupted by the successful operation of a safeguard called an independent protection layer (IPL). An IPL is a safeguard that can prevent a scenario from propagating to a consequence of concern without being adversely affected by either the initiating event or by the action (or inaction) of any other protection layer in the same scenario. Fig. 1, copyrighted by the CCPS-AIChE, serves as an outline of the concept of layers of protection. Safety protection of a facility or chemical plant is broken down into layers. Seven layers are shown in Fig. 1 and are generally applied beginning at the center of the ...
Context 2
... of Layer of Protection Analysis (LOPA) began in the chemical process industry in the late 1990s. Arthur Dowell[1, 2] and William Bridges[3], among others, began implementing the technique in their companies and consultancies as a method that captures the main concepts of independent protective safety systems, without requiring a high degree of quantitative analysis. As the method became more widely used in the United States and Europe, guidelines began to be issued by the AIChE Center of Chemical Process Safety (CCPS)[4]. Other international agencies and codes such as the International Electrotechnical Commission (IEC) [5, 6] and International Society of Automation (ISA) [7] began to reference LOPA as a method for determining the required safety integrity level (SIL) for Safety Instrumented Systems (SIS). This paper highlights the practice of LOPA. It is directed to the novice who may wish to apply a layer of protection analysis to a facility and would like a general overview of the methodology . LOPA is a risk assessment methodology which uses simplified, conservative rules to define risk as a function of both frequency and potential consequence severity. LOPA is defined as a simplified risk assessment of a one cause one consequence pair [8]. Companies have developed their own protocols for application of LOPA principles within their risk management systems. A variety of approaches are employed which could use order-of-magnitude, half order-of-magnitude, and decimal math. For simplicity, this paper will use the order-of-magnitude math originally shown in [4]. Conceptually, LOPA is used to understand how a process deviation can lead to a hazardous consequence if not interrupted by the successful operation of a safeguard called an independent protection layer (IPL). An IPL is a safeguard that can prevent a scenario from propagating to a consequence of concern without being adversely affected by either the initiating event or by the action (or inaction) of any other protection layer in the same scenario. Fig. 1, copyrighted by the CCPS-AIChE, serves as an outline of the concept of layers of protection. Safety protection of a facility or chemical plant is broken down into layers. Seven layers are shown in Fig. 1 and are generally applied beginning at the center of the ...
Citations
... The Layers of Protection Analysis (LOPA) [9] is a semiquantitative risk evaluation method that builds on a hierarchy of controls (as shown in Figure 6). Several safety systems or controls are arranged in a format from more effective and protective to less effective or reliant on human behavior. ...
Artificial intelligence is set to transform the mining and construction industries by providing greater insights that will eventually create a safer, more productive, and reliable environment. However, integrating autonomous technology and equipment in the field is still a complex task that necessitates a detailed safety study, analysis, identification, and mitigation of hazards. Before any autonomous operation can be realized, a safety plan needs to be executed by the technology. provider and the site operator and/or subcontractors. This plan must be regularly assessed during the development and implementation phases of the technology on site. The purpose of this paper is to provide an introduction to a safety framework and workflow developed and followed by SafeAI for the application of its autonomous technology in construction and mining.
... 9 The LOPA is a traditional technique to estimate the risks by defining a cause-consequence scenario and the likelihood of the undesired consequence from occurring. 10 This article uses the LOPA to compare and illustrate technological advancements and associated risks between AI and IA. This involves identifying multiple layers of protection against potential hazards, corresponding to the development of AI in each layer of protection. ...
The growth of artificial intelligence (AI) has allowed industries to automate and improve their efficiency in operations. Especially in process industries, AI helps to develop intelligent models and tools to proactively monitor and predict equipment or system failures, minimize downtime, and optimize maintenance schedules. With the advancements in AI and its ability to perform tasks, there is a growing belief that AI may eventually replace humans. However, the absence of human involvement in operations in the process industry raises safety concerns. Therefore, AI should collaborate with humans rather than replace them in processing facility operations. This technology is referred to as intelligence augmentation (IA). This article (i) presents a detailed comparison between AI and IA's potential in process systems, (ii) identifies the feasibility of using AI and IA in process safety, and (iii) identifies the risk associated with the implementation of AI or IA in process industries.
... A valid barrier is supposed to be auditable throughout the life cycle about the functional performance (Øie et al., 2014). Over recent decades, many techniques have been proposed to implement barrier performance evaluation, such as Bow-tie analysis (de Ruijter and Guldenmund, 2016), the Layer of Protection Analysis (LOPA) (Willey, 2014), Reliability Block Diagram (RBD) (Metatla and Rouainia, 2022), and Monte Carlo simulation (Zhao et al., 2019). As with the industrial application, many standards, guidance and management tools associated with safety barrier have also been developed, which are summarized in Table 1. ...
... The techniques involved in Table 2 are almost developed on the basis of graph theory (de Dianous and Fievez, 2006;Øie et al., 2014;Zhao et al., 2019), systems theory (Willey, 2014;Ma et al., 2022a;Sultana and Haugen, 2023), and probability theory (Misuri et al., 2021;Misuri et al., 2022). Risk control techniques based on systems theory are applicable for elucidating the interaction mechanisms between human-related risks and risk control measures, but they predominantly rely on qualitative methods. ...
Please cite this article as: Deng, W., Qiao, W., Ma, X., Han, B., A novel methodology to evaluate criticality and sensitivity of safety barrier based on multi-agent interaction network, Expert Systems with Applications (2023),
... The IEC 61508 standard describes several methods of allocating required SIL [7][8][9][10][11]. Some are of qualitative types (the risk graph [8], the criticality grid [9], etc.) and others are quantitative (LOPA: Layer Of Protection Analysis [12,13]). ...
... In LOPA, these safeguards are termed independent protection layers (IPL), which are expected to perform or fail independently of the conditions of the initial event or other IPLs. The LOPA method has been referenced in documents from the Centre of Chemical Process Safety (CCPS), International Electrotechnical Commission (IEC), International Society of Automation (ISA) and Institute of Electrical and Electronics Engineers (IEEE), with suggested failure rates for various types of components and subsystems (Willey, 2014). ...
... The frequency of a consequence, f i for scenario i with initial event frequency. f i0 [per year] and n number of IPLs are described in Eq. 4 (Willey, 2014). Tolerable risk for f i ranges are often set around 10 -4 to 10 -6 occurrences per year: ...
... The frequency of ETA initial event from one failure mode can be described by the following equation (Willey, 2014): ...
The International Renewable Energy Agency predicts that with current national policies, targets and energy plans, global renewable energy shares are expected to reach 36% and 3400 GWh of stationary energy storage by 2050. However, IRENA Energy Transformation Scenario forecasts that these targets should be at 61% and 9000 GWh to achieve net zero carbon emissions by 2050 and limit the global temperature rise within the twenty-first century to under 2 °C. Despite widely known hazards and safety design of grid-scale battery energy storage systems, there is a lack of established risk management schemes and models as compared to the chemical, aviation, nuclear and the petroleum industry. Incidents of battery storage facility fires and explosions are reported every year since 2018, resulting in human injuries, and millions of US dollars in loss of asset and operation. Traditional risk assessment practices such as ETA, FTA, FMEA, HAZOP and STPA are becoming inadequate for accident prevention and mitigation of complex energy power systems. This work describes an improved risk assessment approach for analyzing safety designs in the battery energy storage system incorporated in large-scale solar to improve accident prevention and mitigation, via incorporating probabilistic event tree and systems theoretic analysis. The causal factors and mitigation measures are presented. The risk assessment framework presented is expected to benefit the Energy Commission and Sustainable Energy Development Authority, and Department of Standards in determining safety engineering guidelines and protocols for future large-scale renewable energy projects. Stakeholders and Utility companies will benefit from improved safety and reliability by avoiding high-cost asset damages and downtimes due to accident events.
... Currently, the most commonly used techniques for risk assessment are: Hazard and Operability Study (HAZOP), Failure Modes and Effects Analysis (FMEA), What If Analysis, Failure Modes, Effects and Criticality Analysis (FMECA), Process Hazard Analysis (PHA), Event Tree Analysis (ETA), Fault Tree Analysis (FTA), BOWTIE, BAYESIAN NET-WORK, Hazard Identification (HAZID), and Layer Of Protection Analysis (LOPA) [7][8][9][10][11][12]. The HAZOP Study has been applied globally to address the risk analysis of plants where major chemical accidents may occur. ...
This study was conducted to review the safety and appropriateness of PSV (Pressure Safety Valve) installation in the supply tank, which is a pressure vessel included in supply systems dedicated to supplying the acid/alkaline substances used in the Korean semiconductor manufacturing process. Three aspects of design, risk assessment, and regulations were reviewed to determine if there is a source of pressure higher than the maximum allowable working pressure (MAWP) of the supply tank that could cause fires, explosions, and overpressure. In the case of the design review, all 17 overpressure scenarios described in API Standard 521, i.e., pressure-relieving and depressuring systems, were reviewed, and there was no overpressure scenario above the maximum allowable working pressure (MAWP). Then, the risk assessment, i.e., the Hazard and Operability Study (HAZOP) technique, was used, and as a result of reviewing all possible risk situations, we can state that there were no overpressure scenarios that can exceed the design pressure of the supply tank; thus, we decided that the installation of a PSV on top of the supply tank is unnecessary. Finally, accident prevention measures against overpressure, such as the KS B 6750-3 system design and the Korean Industrial Standard, were reviewed from a legal point of view. It was confirmed that the hazardous chemical supply system for the semiconductor industry designed in this study has several protective functions to prevent fires, explosions, and overpressure. As a result of reviewing the above three aspects, it can be said that there is no need to install a pressure safety valve in a pressure vessel storing hazardous chemicals.
... The failure was mainly due to lack of human competency, poor risk assessment and human error in corrosion management. Although extensive process safety literatures are available [35][36][37][38][39][40][41][42][43] but root cause analysis of real time plant accident in combination of metallurgical factors and piping procurement linked with failure analysis is still limited. This accident investigation concluded SSC failure and several lessons have been learned to improve an organizational system that linked with process safety. ...
The light hydrocarbon containment leakage in a petroleum industry overhead piping have caused severe fire explosion.
This paper reports Sulfide Stress Cracking (SSC) in an overhead piping of splitter unit which separates out lighter components from heavier hydrocarbon. The failed overhead piping has been analyzed to determine the root cause of fire incident. The piping metallurgy was SS316L and chemistry of failed fitting components & its weld have been complied with NACE specification. Initially fittings were evaluated for intergranular corrosion to determine as-received material condition and confirmed defect free material. However, metallographic evaluation clearly evidenced transgranular brittle mode of cracking while hardness was higher than NACE specification (22HRC). Furthermore, virgin pipe joint was compared with damaged pipe joint for microstructural assessment. Moreover, actual service conditions were evaluated to obtain pH and H2S concentration in overhead condensed
boot water. Microstructural factors have been discussed in detail as well. The results revealed that cold deformed austenitic structure attributed to SSC and undesired manufacturing steps were employed. Further, the root cause of an accident investigation also revealed failed components were not according to NACE specified metallurgy for sour service conditions.
... In order to prevent accidents scientifically, comprehensive analysis of the mechanism of the accident process, evolving from initiation to the termination stage, is becoming an importance issue in order to avoid accidents. Currently, the widely used methods and models for safety analysis include mainly failure mode and effect analysis (FMEA) [21,56,57], hazard and operability analysis (HAZOP) [21,56], layer of protection analysis (LOPA) [58], fault tree analysis (FT) [5,24,27], event tree analysis (ET) [5,27,56], bowtie analysis (BT) [59][60][61], human reliability analysis (HRA) [26,[62][63][64][65][66], loss functions (LF) [53,67], structural reliability analysis (SRA) [68], etc. ...
... LOPA can also be used to identify the need for safety instrumented systems (SISs) or other protection layers to improve process safety. Willey R J. [58] provides a brief overview of the technique, intended for a novice interested in the basic principles involved. ...
This paper focuses on reviewing past progress in the advancement of definitions, methods, and models for safety analysis and assessment of process industrial systems and highlighting the main research topics. Based on the analysis of the knowledge with respect to process safety, the review covers the fact that the entire system does not have the ability to produce casualties, health deterioration, and other accidents, which ultimately cause human life threats and health damage. And, according to the comparison between safety and reliability, when a system is in an unreliable state, it must be in an unsafe state. Related works show that the main organizations and regulations are developed and grouped together, and these are also outlined in the literature. The progress and current research topics of the methods and models have been summarized and discussed in the analysis and assessment of safety for process industrial systems, which mainly illustrate that the dynamic operational safety assessment under the big data challenges will become the research direction, which will change the future study situation.
... The proposed methodology of security risk assessment employed for cultural heritage sites (SRACHS) exemplifies a specific use acquired from the Physical Security Adapted Layer of Protection Analysis (PSA-LOPA) methodology [16][17][18][19]. It permits of attaining the right amount of security defences (video surveillance, access control, intrusion detection system, etc.) that a specified location necessitates and the connected characteristics. ...
... To attain the security risk evaluations, it is required to evaluate how the current SPs are capable of reducing the likelihood of incidence of the scenario, creating the notion of 'credit'. The sense of credit is connected to the possibility of failure (Probability of Failure on Demand [PFD]), related to each specific SPi, according to the next equation [19]: ...
... Afterward that the diverse credits have been estimated, the PSA-LOPA evaluation [17] is attained with the estimation of the risk coefficient, associated to the k scenario, using the equation properly simplified for the considered context, without any loss of generality [19]: ...
... LOPA can be used to identify the need for safety instrumented systems (SIS) or other layers of protection to improve process safety (Johnson, 2010). The risk assessment techniques are evaluated based on this method, and the layers used in LOPA were as follows (Willey, 2014): ...
... In order to reduce the risk, in each transition between layers, the previous layer is multiplied with the PFD value. This gives us an idea about which layer in the system is lacking and needs to be improved (Willey, 2014). ...
Accident Risk Assessment Methodology for Industry (ARAMIS) has been developed and successfully applied to prevent accidents in the chemical and process industries within the scope of the Seveso-II directive. Chemical tankers aren't subject to obligations of this directive but coincide with it both in terms of chemical products and operational procedures. We aimed to contribute to the search for a proactive approach to risk analysis in chemical-tanker operations by applying ARAMIS for the first time. ARAMIS consists of “Methodology for the Identification of Major Accident Hazards” (MIMAH) and “Methodology for the Identification of Reference Accident Scenarios” (MIRAS). In the MIMAH; we assessed equipment types with Event Tree Analysis (ETA), identified critical events with Fault Tree Analysis (FTA), evaluated hazardous equipment with Vade-Mecum, identified hazards with Hazard and Operability Analysis (HAZOP), and Layers of Protection Analysis (LOPA), and we analyzed these hazards with Bow-Tie. In the MIRAS, we calculated the risk factor with the Probability of Failure on Demand calculation for each event using “Offshore REliability DAta” (OREDA), TESEO, BEVI-Guidelines, and assessed the risk with ALARP. The findings showed that ARAMIS can be used in chemical-tanker operations, and risk threshold values were low because of human errors, and basic control systems.
