PHAs: Common Misses with Significant Risks

By properly addressing these oversights, organizations can enhance their process hazard analyses (PHAs), mitigate catastrophic hazards, and improve process safety.

The origins of process hazard analysis (PHA) can be traced back to 1949 when it was first introduced as a military procedure under MIL-P-1629, “Procedures for Performing a Failure Mode, Effects and Criticality Analysis” (1). Over a decade later in 1963, the development of hazard and operability (HAZOP) studies followed, as described by Trevor Kletz. A three-person team from Imperial Chemical Industries (ICI) met regularly over several months to analyze the design of a new phenol plant, initially referring to the method as “operability studies” (2, 3). Over time, this approach evolved into a formal hazard analysis methodology, with Kletz introducing the term “HAZOP” in 1983 through IChemE course notes (3).

The adoption of HAZOP studies grew exponentially following the promulgation of the Occupational Safety and Health Administration’s (OSHA’s) Process Safety Management (PSM) standard in 1992. Today, they are widely used across various industries governed by OSHA’s PSM standard and the U.S. Environmental Protection Agency’s (EPA’s) Risk Management Program (RMP) rule (4, 5).

A PHA is an overarching systematic approach used to identify, evaluate, and control hazards associated with industrial processes, employing various methodologies such as What-If, Checklist, Failure Modes and Effects Analysis (FMEA), and HAZOP. A HAZOP is a specific, structured PHA technique that utilizes guide words to systematically examine process deviations and their potential consequences. While PHA serves as a general framework for process safety assessment, HAZOP provides a detailed, qualitative analysis focused on identifying hazards and operability issues within process design and operation. Thus, HAZOP is considered a subset of PHA methodologies, distinguished by its rigorous and team-based approach.

After more than 75 years of PHA development and application, have we truly mastered the art of hazard analysis? While significant progress has undoubtedly been made, common PHA oversights with potentially significant risks still persist.

This article explores ten common PHA misses and suggests practical strategies to address these oversights. By identifying and rectifying these gaps, this article seeks to improve the effectiveness of PHAs and contribute to the ongoing enhancement of process safety practices.

Miss #1: Stopping at overpressurization

In many PHAs, consequence development often ends at stating “potential overpressurization.” However, this level of detail is insufficient to fully define the scenario or to grasp the true severity of the hazard.

Consider a vessel that is subjected to 1.3 times its maximum allowable working pressure (MAWP) vs. a vessel subjected to 3.5 times its MAWP.

At 1.3 times the MAWP, the vessel is likely to experience stresses that exceed its design limits but may remain structurally intact, depending on factors such as material properties, design safety factors, and the duration of the overpressure event. While localized deformation, such as bulging or yielding, may occur, catastrophic failure is not guaranteed.

At 3.5 times the MAWP, the outcome is far more severe. At this level, the vessel is almost certain to experience catastrophic failure due to stresses far exceeding its design capacity. This could result in a rupture or explosion, rapidly releasing stored energy and its contents.

The key distinction lies in the magnitude of stress relative to the vessel’s design limits. While a vessel subjected to 1.3 times the MAWP may survive with some damage, exposure to 3.5 times the MAWP almost guarantees catastrophic failure, with potentially life-threatening and costly consequences.

It is also essential to account for the frequency of such events. Although a single instance of moderate overpressurization may not cause catastrophic failure, repeated occurrences can progressively weaken the vessel’s integrity. This phenomenon, known as fatigue damage, occurs as the material experiences cyclic stresses that exceed its design limits, leading to microstructural changes such as crack initiation and propagation.

Ignoring the potential for repeated moderate overpressurization in a PHA can lead to underestimating the risk and failing to implement adequate safeguards. For instance, a vessel that has experienced multiple moderate overpressure events may require enhanced inspection protocols, stricter operational limits, or even preemptive replacement to ensure continued safety (Figure 1).

---

▲Figure 1. It is important to include as much detail as possible when noting the potential consequences of overpressurization scenarios.

Fix #1: Add detail to overpressurization. To ensure a comprehensive understanding of the hazard, detailed verbiage should be included in the hazard scenario. This level of detail allows future PHA teams and auditors to follow the progression of events leading to the ultimate consequence and to evaluate the adequacy of safeguards.

For example, concerning repeated moderate overpressurization exposure, it is essential to move beyond simply stating “potential overpressurization” and provide a more detailed description of the scenario such as the following:

• “Potential for Vessel Y to experience 1.3 times the MAWP. Vessel Y is designed for 2 bar. This scenario could result in pressures >2.6 bar. While a single exposure to this higher pressure is not likely to result in catastrophic loss of containment, fatigue damage due to cyclic stresses could occur should there be repeated exposure to higher pressure. Potential leakage from Vessel Y if repeat exposure to 1.3 times the MAWP occurs. Vessel Y contains flammables. A Severity of 3 (medium) is deemed appropriate due to this repeat overpressurization hazard. Potential release of flammables and small fire due to small leakage. Potential minor injury.”

By adding specificity to overpressurization scenarios, PHA teams can better evaluate risks and ensure that appropriate safeguards are in place to prevent catastrophic outcomes.

Miss #2: Overlooking relief discharge location

Relief devices are designed to prevent overpressurization, but their discharge locations must also be assessed to ensure they do not introduce new hazards. Failure to do so could result in unintended consequences, such as personnel exposure, ignition of flammable materials, increased backpressure in interconnection relief headers, or other process hazards.

Fix #2: Dedicate a separate scenario for relief discharge location. To ensure thorough evaluation, the discharge location of a relief device should be addressed in a hazard scenario separate from the overpressure scenario. This approach provides clarity for future PHA teams and auditors, ensuring that the discharge location has been explicitly assessed for safety.

As an example, the following verbiage could be used to document an atmospheric discharge location for a relief device:

• “Potential for Relief Device XYZ to activate due to overpressurization. Relief Device XYZ vents outside at the roof of Building A on the structure’s north side. Potential exists for the release of hot flammables at this location. However, this location has been evaluated and determined to be safe as there are no known ignition sources in the vicinity of the discharge location, and the discharge point is located more than 10 feet above the roof, allowing for adequate dispersion and eliminating the potential for personnel exposure to the hot material. In summary, the discharge location of Relief Device XYZ poses no risk of ignition or personnel exposure.”

By including a separate scenario to evaluate the relief device’s discharge location, PHA teams can confirm that the discharge location is safe, assess the potential for personnel exposure to released materials, and determine whether ignition risks exist. This additional level of detail ensures that the relief device not only prevents overpressurization but also does not introduce new hazards due to its discharge location.

Miss #3: Failure to document fire scenarios

Scenarios involving the potential for fire and explosion represent significant process safety hazards. However, these significant safety risks are often overlooked or lack detailed documentation within PHAs. This oversight hinders PHA teams’ ability to fully understand risks and assess the effectiveness of safeguards.

Fix #3: Sufficiently document fire scenarios. To properly address fire and explosion scenarios, PHAs should include detailed descriptions that clearly define potential hazards and their severity. Recognizing that not all fire/explosion scenarios carry equal risk is crucial for accurate documentation.

For example, the following verbiage could be used to document a fire/explosion scenario:

• “Potential overpressurization of V-123 during external fire scenario. Potential for vessel rupture and loss of containment of process material with potential to escalate fire. Note that if release occurs, it is near Building XYZ’s Control Room, which is a normally occupied area housing multiple personnel. Potential for multiple and significant injuries. As such, a high severity rating is appropriate.”

This level of detail enables the PHA team to clearly understand the magnitude of the hazard; evaluate whether existing safeguards (e.g., flammable gas detectors, fire-eyes, deluge systems, etc.) are sufficient to mitigate the risk; and identify additional recommendations if the safeguards are deemed inadequate.

Miss #4: Failure to consider all loss of primary containment (LOPC) events

Both small and large leaks should be considered for their potential impact. While durable design can help minimize the likelihood and extent of leakage, the risks associated with leaks must still be discussed and documented in PHAs.

It is critical to define both the likelihood and severity of leaks to appropriately assess risk. Some process sections may be more prone to leaks than others, and leak consequences can vary significantly. Often overlooked loss of primary containment (LOPC) events include:

• small-to-large process leaks due to corrosion
• flange or packing leaks
• drain valves leaking through
• pinhole leaks (e.g., between rupture disk and relief valve combinations).

PHA teams often fail to document all potential leakage scenarios and the associated hazards, leaving gaps in the analysis and risk mitigation process.

Fix #4: Include all LOPC events with sufficient detail. To adequately address LOPC events, document all potential leakage scenarios with sufficient detail, including anticipated leak amounts and hazard extents.

For example, the following verbiage could be used to document a pinhole leak scenario:

• “If a pinhole leak develops in the rupture disk, process gases could slowly leak through the disk, leading to pressure buildup on the downstream side. This buildup could prevent the rupture disk from bursting at the appropriate pressure during a potential overpressure situation. Potential consequences include overpressurization of Vessel X, loss of containment, and personnel injury should overpressurization and subsequent loss of containment occur.”

Explicitly discuss and document sampling operations in PHAs, as they can also result in leakage and exposure scenarios. Evaluate if specialized sampling devices, personal protective equipment (PPE), or other safeguards are adequate to mitigate risks during sampling.

By including sufficient detail with respect to LOPC events, PHA teams can understand the magnitude of release and exposure potential, evaluate whether existing safeguards — such as gas detectors, PPE, etc. — are sufficient to mitigate the risk, and identify additional recommendations if the safeguards are deemed inadequate.

Miss #5: Insufficient documentation of previous incidents

Any previous incident with the potential for catastrophic consequences must be addressed within the PHA. This includes documenting incidents resulting in severe consequences and high-potential events (near misses that could have caused harm under different circumstances).

Unfortunately, while PHA teams routinely discuss previous incidents during their analyses, they often fail to document these discussions within the PHA record. This omission can hinder the ability of future teams to learn from past events and ensure that safeguards are in place to prevent a reoccurrence.

Fix #5: Document previous incidents within PHAs. To definitively demonstrate adherence to this requirement, it is advisable to explicitly document previous incidents within the PHA. This can be achieved by using the keywords “Previous Incident” to clearly identify the discussion, including the date of the incident and a brief description of what occurred as well as incident tracking number, and providing information about the nature of any injuries that resulted. If no injuries occurred, include verbiage indicating this, but also document what could have reasonably happened under different circumstances. For example:

• “Previous Incident #1234: On [date], a release of [substance] occurred due to [cause]. No injuries were reported; however, under different circumstances, the release could have resulted in [potential consequence]. Severity has been assessed based on the potential outcome of the incident.”

It is also important to recognize that if an incident occurred, it may indicate one of two possibilities:

• the hazard was not identified during the original PHA
• the incident occurred despite the presence of safeguards, indicating that one or more safeguards assumed in the PHA either failed or were not truly safeguards at all.

For these reasons, documenting previous incidents is critical to understanding the root causes, identifying gaps in safeguards, and preventing recurrence.

Miss #6: Absence of management of change (MOC) documentation

The absence of management of change (MOC) documentation during a PHA can significantly compromise the safety and integrity of industrial operations. MOC documentation ensures that any modifications to processes, equipment, or procedures are properly evaluated for potential safety risks. Without these records, changes made during the operation of a plant or facility may go unchecked, leading to unaddressed hazards, faulty risk assessments, inaccurate process safety information, and incomplete hazard analyses.

The failure to account for these changes in a PHA can lead to missed opportunities to identify new risks, which could be catastrophic if a critical safety system is overlooked or improperly altered without a clear risk assessment.

Fix #6: Add MOC documentation to PHAs. To address this issue, MOCs should be explicitly documented within the PHA. This can easily be accomplished by using the tag “MOC” to clearly identify the discussion and by including the MOC number in the PHA record.

By explicitly documenting MOCs in the PHA record, the PHA team can:

• more easily identify where changes — whether additions, removals, or modifications — can increase risk
• cross-reference MOCs with PHA hazard scenarios to ensure alignment
• provide future PHA teams and auditors with a clear record of past discussions
• ensure that any potential hazards resulting from changes are properly evaluated and that appropriate safeguards are in place to protect personnel, equipment, and the surrounding environment.

Miss #7: Poor hazard identification

One of the most critical components of any PHA is the accurate identification of potential hazards. However, many PHAs fail to thoroughly examine all aspects of a process, often due to a narrow focus or assumptions that certain risks are unlikely. Inadequate hazard identification typically results from a variety of issues.

Many PHAs tend to focus on more common hazards while neglecting low-probability, high-consequence events, such as catastrophic equipment failures or natural disasters (e.g., earthquakes or flooding). While these events may be infrequent, their potential consequences can be devastating if they occur.

PHA teams often dismiss high-severity scenarios by assuming multiple independent failures must happen simultaneously — a concept known as “double jeopardy.” However, historical catastrophic incidents rarely result from a single initiating event, but rather from multiple failures occurring within the same time frame.

Another common oversight is neglecting the role of human error in process safety. This includes operator mistakes, procedural non-compliance, or insufficient training, all of which can significantly contribute to accidents. A PHA should consider not only mechanical or chemical hazards but also how human actions or inactions might impact the process.

External factors such as supply chain disruptions, power outages, and regulatory changes can also pose significant threats to process safety. A PHA should address these potential external risks to ensure that hazardous conditions within the facility are adequately mitigated.

Fix #7: Improve hazard scenario identification. To tackle these issues, PHA teams can focus on the consequence rather than becoming overly fixated on the initiating cause when discussing high-severity scenarios. By assuming that the “bad thing” happens and identifying what can be done to detect and minimize its impact, teams are less likely to overlook scenarios and more likely to identify safeguards to address them.

For example, consider a scenario involving excessive compressor vibration leading to a loss of containment where no specific initiating cause can be identified. Properly considering this scenario should lead to discussions about safeguards such as vibration sensors and gas detectors. These safeguards could ultimately prevent the negative outcome and save lives. Conversely, dismissing the scenario as “unlikely” or invoking double jeopardy may prevent it from being discussed at all, potentially resulting in catastrophic consequences if it manifests.

To avoid such issues, it is essential to take a comprehensive approach to hazard identification that involves:

1. Performing a thorough examination of all potential hazards, including rare but severe scenarios.
2. Documenting any item that arises during discussions, as it is likely worth considering.
3. Regularly revisiting and updating the PHA as processes evolve and new hazards emerge.

Miss #8: Insufficient team involvement

A PHA should be a collective effort involving various stakeholders to ensure comprehensive hazard identification and mitigation. However, one common error is neglecting to assemble a well-rounded team with diverse expertise and experience (Figure 2).

---

▲Figure 2. A process hazard analysis (PHA) team should consist of different individuals, such as engineers, operators, management, and others to ensure that all hazards are properly assessed.

A typical PHA team should include engineers, operators, maintenance personnel, safety professionals, and management representatives. Failing to include individuals from these diverse groups can result in several issues.

Operators, for example, have firsthand knowledge of how the process works and may identify hazards that others, such as engineers, might overlook. Without them, there will be a lack of practical insights. Their input is crucial for identifying operational risks that may not be apparent from design documents alone.

A team lacking the necessary experience or knowledge may fail to thoroughly assess hazards or misinterpret data, leading to an underestimation of the severity or likelihood of certain risks. This can result in incomplete or ineffective risk mitigation strategies.

A PHA should serve as a platform for open communication about safety concerns. A lack of team involvement or a hierarchical team structure may discourage participants from voicing concerns, leading to missed hazards and undermining the effectiveness of the analysis.

Management’s participation demonstrates commitment to allocating time, resources, and personnel for thorough analyses. Their insights into organizational goals, constraints, and priorities ensure PHA outcomes align with safety and operational objectives.

Fix #8: Allocate resources for sufficient team involvement. To address this issue, it is essential to ensure that the PHA team includes individuals with diverse expertise, encourages open communication, and leverages the collective knowledge of the group.

Include representatives from engineering, operations, maintenance, safety, and management to ensure a comprehensive evaluation of hazards. Each team member brings unique insights that contribute to a more thorough analysis. The early involvement of operators ensures that the PHA reflects actual operating conditions and identifies risks that may not be evident from design documentation alone.

Do not hesitate to postpone PHA sessions until all necessary participants are available. It is far better to delay the process and prioritize participation over time constraints to ensure the right people are in the room than to proceed with insufficient involvement. Rushing the PHA or excluding key stakeholders can lead to incomplete analyses, which may have catastrophic consequences.

To account for possible postponement, it is imperative that you have enough time to complete the PHA. It is vital to have the right people involved but, it is also essential to meet all regulatory deadlines. Planning ahead ensures that if PHA sessions need to be postponed due to insufficient participation, the scheduled end-date or compliance date will still be met.

By fostering a collaborative environment and ensuring sufficient team involvement, organizations can improve the quality of their PHAs, enhance hazard identification, and ultimately strengthen process safety.

Miss #9: Inadequate documentation and recordkeeping

Thorough documentation is a critical component of a successful PHA. Proper documentation ensures that the analysis is performed correctly, serves as a reference for future audits and inspections, and supports regulatory compliance.

OSHA’s PSM standard requires that PHA results be communicated to employees who work in the process and may be affected. Unfortunately, PHA results are often inadequately communicated or, in some cases, not communicated at all, leaving employees unaware of potential hazards and mitigation measures.

A frequent issue is the failure to document hazard scenarios clearly or in sufficient detail. (Some more specific examples of such ambiguity can be found in Misses #1 through #7 presented earlier.) Ambiguous or incomplete records can make it difficult for future teams to understand the rationale behind certain decisions or to track the progress of mitigation efforts.

As processes evolve due to technological advancements, changes in production methods, or the introduction of new equipment, PHAs must be reviewed and updated to reflect these changes. Organizations that fail to revise PHAs after significant process modifications risk overlooking new hazards or mitigation needs.

PHAs often result in the identification of corrective actions and risk mitigation strategies. Failure to document these actions or track their completion can leave safety issues unresolved and result in non-compliance with regulatory requirements.

Fix #9: Improve overall PHA documentation and recordkeeping. To address these issues, organizations should implement robust documentation and communication practices to ensure that PHA results are effectively recorded, shared, and maintained.

Develop a structured approach to communicate PHA findings to employees who work in or are affected by the process. Recognize that individuals absorb information differently, so consider using a combination of methods such as written summaries, presentations, and training sessions to ensure understanding. Additionally, disseminate results through various channels — such as email, bulletin board postings, or monthly safety meetings — to ensure communication reaches all affected parties.

Implement a system that tracks PHA action items to completion. This system should allow for easy access and updates to ensure that all relevant information is readily available for audits, inspections, and future PHAs. Assign clear ownership and deadlines for each action item and verify that they are implemented effectively.

Set up a schedule to regularly review and update PHAs, ensuring they remain relevant and effective. As per OSHA’s PSM standard and EPA’s RMP rule, PHAs must be revalidated at least once every five years. However, organizations should also review PHAs with respect to significant process changes to address any new hazards or mitigation needs.

By improving documentation and recordkeeping practices, organizations can enhance the effectiveness of their PHAs, ensure compliance with regulatory requirements, and foster a stronger culture of safety.

Miss #10: Lack of follow-up or improper decline of PHA action items

One of the most detrimental mistakes during a PHA is failing to follow through with the implementation of recommended safety measures. Identifying hazards is only part of the process — effective risk management requires that identified issues, including suggested action items, are addressed in a timely and systematic manner.

Corrective actions or recommendations may sometimes be incomplete, improperly executed, or ineffective. This can occur when recommendations are too vague, lack specificity, or fail to address the root causes of identified risks. Even after corrective actions are implemented, it is essential to verify their effectiveness. Without follow-up audits or assessments, organizations may fail to identify shortcomings in the implementation of safety measures, leaving residual risks unaddressed.

OSHA’s PSM Compliance Directive, Process Safety Management of Highly Hazardous Chemicals – CPL 02-01-065, recommends that an employer justifiably decline to adopt a PHA recommendation (i.e., action item) in writing if they decide to do so, based upon adequate evidence, that one or more of the following conditions are true:

• the analysis upon which the recommendation is based contains material factual errors
• the recommendation is not necessary to protect the health and safety of the employer’s own employees or the employees of contractors
• an alternative measure would provide a sufficient level of protection
• the recommendation is infeasible.

Unfortunately, PHA recommendations are often declined without citing any of the above rationales, leaving hazards unaddressed and creating potential compliance and safety risks.

Fix #10: Follow-up or justifiably decline PHA action items. To address these issues, organizations should establish a structured approach to ensure that PHA action items are either implemented effectively or declined with appropriate justification.

Develop a detailed plan for each corrective action, including timelines, assigned responsibilities, and specific deliverables. This ensures accountability and helps track progress toward completion. If a PHA recommendation is declined, the decision should be documented in writing with a clear and valid rationale. Ensure that the justification aligns with OSHA’s PSM Compliance Directive CPL 02-01-065, such as citing factual errors, unnecessary for safety or health, alternative measures that provide equivalent protection, or infeasibility.

Management should ensure that adequate resources — both financial and personnel — are allocated to address identified risks and implement PHA recommendations. This demonstrates a commitment to safety and reduces the likelihood of delays or incomplete actions.

It is also important to periodically audit or reassess implemented corrective actions to verify their effectiveness. This step ensures that safety measures are functioning as intended and that any gaps or residual risks are identified and addressed.

By following up on PHA action items or justifiably declining them with proper documentation, organizations can enhance their risk management practices, ensure compliance with regulatory requirements, and foster a culture of safety.

Closing thoughts

PHAs are a cornerstone of effective process safety management, but their success hinges on thoroughness, attention to detail, and a commitment to continuous improvement. The ten common PHA misses discussed in this article highlight critical areas where gaps in hazard identification, documentation, team involvement, and follow-up can undermine the effectiveness of the analysis and increase the potential for catastrophic incidents.

By addressing these misses through practical strategies, organizations can significantly enhance the quality of their PHAs. These improvements not only strengthen compliance with regulatory requirements but also contribute to a safer working environment for employees and the surrounding community.

While the findings in this article are particularly relevant to industries governed by U.S. regulations such as OSHA’s PSM standard and EPA’s RMP rule, the principles of effective PHA practices transcend borders and regulatory frameworks. Regardless of their specific regulatory environment, organizations worldwide can benefit from adopting these strategies to proactively identify and mitigate risks. The universal importance of robust PHAs lies in their ability to safeguard people, assets, and the environment across industries and regions.

Ultimately, every PHA’s goal should be to proactively identify and mitigate risks, ensuring that lessons learned from past incidents and potential hazards are used to prevent future tragedies. By embracing a culture of safety and continuous improvement, organizations — whether operating in the U.S. or international markets — can better protect their people, assets, and the environment, fostering a safer and more sustainable global industry.