Page 272 - CHEF Guide
P. 272

Layers of Protection Analysis


               17  Layer of Protection Analysis (LOPA)

                   One method used to determine the tolerable risk is the Layer Of Protection Analysis (LOPA), the Risk Tolerance Step
               shown in Section V. A LOPA is a simplified method of risk analysis that provides the middle ground between a qualitative
               process  hazard  analysis  and  a  traditional,  expensive  quantitative  risk  analysis.  The  approach  analyzes  one  incident
               scenario (cause-consequence pair) at a time, using simplifying rules to evaluate initiating event frequency, independent
               layers of protection failure probabilities, and consequence severity to provide an order-of-magnitude estimate of risk that
               may be compared to a company’s tolerable risk criteria. The primary purpose of LOPA is to determine if there are sufficient
               layers  of  protection  against  an  incident  scenario.  LOPA  can  be  useful  in  the  process  development,  process  design,
               operational, maintenance, modification and decommissioning life cycle phases.

                   LOPA builds on qualitative hazard evaluations (such as HAZOP or scenarios gathered from any source, such as
               historical performance or incident investigation) for identification of scenarios. By analyzing selected scenarios in detail,
               effective application of LOPA can determine whether the risk posed by each analyzed scenario has been reduced to be
               within a tolerable risk range. However, if the analyst or team can make a reasonable risk decision using only qualitative
               methods, then LOPA may not be warranted (see Section 9.5). Qualitative hazard evaluation methods (such as HAZOP)
               are  intended  to  identify  a  comprehensive  set  of  incident  scenarios  and  qualitatively  analyze  those  scenarios  for  the
               adequacy of safeguards using engineering judgement. This approach is satisfactory for most scenarios. By contrast, LOPA
               might be used to analyze 10 to 30% of the incident scenarios, and Chemical Process Quantitative Risk Analysis (CPQRA)
               might be employed to study only 1% of the scenarios in detail. An exception to this is for a facility in a locality or country
               that requires a QRA.

                   LOPA assumes all events and protective layers are independent such that frequencies and probabilities are multiplied
               to obtain an overall frequency which is compared to a Tolerable Frequency to determine if sufficient protective layers are
               present. Order of magnitude categories for the Initiating Event frequency, Consequence Severity (tolerable frequency), and
               Probability of Failure on Demand for protective layers are typically used.



               17.1    Section Objectives

                    The following objectives are covered in this section:
                   •   Steps in performing a Layers of Protection Analysis
                   •   LOPA Simplifying Assumptions
                   •   Criteria for Enabling Condition/Conditional Modifiers and Independent Protective Layers
                   •   Determine Scenario Frequency
                   •   Documentation of analysis results


               17.2    Steps in Performing Layers of Protection Analysis

                   Figure 17-1 shows the steps for performing a LOPA. The steps are shown as a circle. The process continues as each
               scenario of concern is analyzed, and because the LOPA may need to be updated as part of the management of change
               program, or as the initial scenario identification method is revalidated.







               Page 232
   267   268   269   270   271   272   273   274   275   276   277