LOPA

LOPA (Layer of Protection Analysis)

LOPA is a simpliefied semi-quantitative risk analysis tool used to determine how many independent protection layers (IPLs) are needed to how much risk redutction should be applied to each layer. This is achieved by combining the effect of the independent protection layers and comaring the results to risk tolerance criteria. :

 
LOPA Onion layers

LOPA is applied to a scenario:

To establish the integrity (PFD ) target for each SIF listed as a safeguard, when it has not been specified elsewhere (e.g. a model bow tie or specified in a DEP), or;

When a risk assessment team considers there may not be sufficient safeguards (barriers);

If required per local regulatory or business requirements or by the business to support ALARP demonstration;

If the risks are well understood, the design follows industry standards, and best practice based on engineering judgement, e.g. simple fire case relief valve, and none of the above apply, the LOPA should not be done. Should the team consider a LOPA is still advisable, any additional SIF (over and above those that would normally be provided in the industry standard design) will be subject to approval by the TA1 Technical Safety.
The SIL target corresponds to target failure for each SIF called Probability of Failure on Demand (PFD). The table below shows the PFD and the Risk Reduction Factor (RRF) for each SIL number.
 
output-onlinepngtools (7)
The LOPA evaluates a hazardous scenario to determine the consequence and the initiating events that lead to the scenario. All the independent protection layers are evaluated for a particular scenario to determine the residual risk. For each scenario the LOPA will verify that sufficient risk reduction is provided by the existing barriers, such that the tolerability criteria is achieved. As such a Residual Risk Frequency will be calculated and compared with the tolerability criteria, TC. • If the residual risk frequency, F > TC; then the target has not been met and additional risk • reduction is required. • If F <= TC; then the target has been met.

General LOPA Methodology:

The following steps are undertaken:

1. Identify the consequence of the scenario assuming the SIF has failed. This provides the Target Event Frequency for the scenario. Each scenario may consider the following:

• Consequence categories: People, Assets, Community, Environment.

• Consequence types: People, Assets, Community, Environment.

2. Identify all the initiating causes and the likelihood of them occurring per year.

3. Identify all of the Independent Protection Layers (IPL) and their corresponding risk reduction

4. Consider any conditional modifiers (Such as probability of ignition, probability of rupture, etc)

5. Multiply the initiating event frequency by the various factors to obtain an intermediate event frequency.

6. Determine the risk reduction factor to achieve the Target Event Frequency and the hence the SIL for the SIF.

Target Event Frequency is shown below

 
output-onlinepngtools (8)
This section lists the rules that must be applied during the LOPA.

1. Summing of initiating events and/or mitigated event frequencies

Where the IEs for the same top event are protected by the same SIF and the frequency of one or more Ies is in the same order of magnitude, the mitigated event frequencies* (MEFs) will be summed. Where the frequency of one IE (cause) dominates all others, it is acceptable not to sum the MEFs.

*The Mitigated Event Frequency (MEF) is the product of the IEF, enabling factors and PFDs (Left Hand Side IPL’s):

• MEF = IEF x Pe x PFD1 x PFD2 x PFDn

• IEF = Initiating Event Frequency

• Pe = Enabling Factor

• PFDn = Probability of Failure on Demand for Valid Barriers (n being the total number of valid barriers for each IE)

2.Iniviating Events

Client Standards will be used to determine initiating event frequencies (IEFs), utilising the “MTBF avg (yr)” column.

Client Standards will be also used to establish human error IEFs, with the exception below:

 
output-onlinepngtools (9)
3.Barrier PFDs

Client Standards will be used to determine barrier PFDs.

• An IPL must be maintained & tested to meet the stated PFD – consult comments in the right-hand column.

• Better (i.e. numerically lower) PFDs than shown in PRENSAP will not be used.

For similar or like barriers protecting the same scenario (e.g. 2 relief devices); the PFD for the second device is 0.1 to account for potential common cause failure (CCF).

4.PSVS

Here is a list of PDFs for PSVs:

• PFD = 0.001 for Clean Service;

• PFD = 0.01 for Dirty Service

• Use of a PFD =0.001 for clean service is subject to the following conditions:

• No credit can be taken for Conditional Modifiers for the scenario in which the PSV Barrier is used.

• Credit for Enabling Factors is allowed.

• The supplementary guidance (assessing consequences of overpressure) cannot be used.

• The PSV must be subject to a risk-based inspection (RBI) process. Otherwise, use PFD 0.01 for clean service.

5.Use of the Basic Process Control System (BPCS) as a Barrier

LOPA
I/O card = “input / output card”. This is the device that converts a field signal into data for use by the DCS

in the case of field sensors, or coverts DCS data into a field signal for final elements. There are often

several (typically 16 or 32) field devices on a single I/O card, hence loss of power or failure of this would be a common cause if both BPCS IPLs were to be connected to the same card.

6.Human Barriers

For a human barrier to be valid the following must be satisfied:

• The operator recognizes and interpret the situation; information is available and sufficient to enable this.

• The operator intervention must take effect before the top event occurs (i.e. the time taken for the operator to recognise the situation and take the appropriate response, and for that response to bring the process to a safe state, must be less than the process safety time).

• The operator cannot be part of more than 2 barriers.

An operator intervention credit will not generally be taken for an operator who was involved in the IE. However, an operator intervention credit could be taken for an operator involved in the IE if:

• The operator intervention barrier is a Recovery Measure and the Top Event is clearly observable by the operator. Example: the operator initiates the Emergency Response after seeing a tank overflow or getting a gas detection alarm.

The operator intervention is a Control Measure and sufficient time has elapsed after the IE (approximately 4 hours or half a shift). Example: Operator incorrectly lines.

7.Enabling Factors

The basis for enabling factors will be established from historical data and documented.

8.Conditional Modifiers

Client Standards will be used to determine ignition and explosion probabilities.

Section A7.3 item 3 will be modified as follows: “Table A.7 can be used for hydrogen by multiplying the probabilities by 2”.

8.1. Occupancy

No credit will be given for occupancy (the amount of time and individual is predicted to be exposed to a risk).

8.2. Control of Personnel

Credit for control of personnel will only be given when there is assurance of effective physical control of access. It cannot be given if:

• The operator is in the area and part of the IE

• Personnel are sent into the area prior (ER / investigate alarms) to the consequence

If used, the control of personnel PFD cannot be less than 0.1.

9.Detection & Emergency Responses

Detection + Emergency Response (ER) will only be allowed as a barrier if the validity of an ER is evaluated for effectiveness.

If Human Observation is the sensing element for ER, the following must apply:

• The release must be detectable by the senses,

• An effective means of communication to initiate the ER must be in place

• ER is NOT considered valid for:

o VCE, BLEVE or explosive decompression scenarios.

o Equipment rupture

o Vapour cloud fire if the vapour cloud overlaps with a permanent ignition source (e.g. an unrestricted road or a furnace)

• Release of fluid above auto-ignition temperature

Here is a typical LOPA Worksheet:

output-onlinepngtools (10)

INTERESTED?
PLEASE CONTACT US