Risk Assessment System for Verifying the Safeguards Based on the Hazop Analysis

—In recent years, serious accidents in chemical plants frequently occurred in Japan. In order to prevent accidents and to mitigate process risks, to re-evaluate risks which consider the reliability of existed safeguards in chemical plants is needed. The chemical plant is obligated to provide and maintain a safe environment for people that live in such circumstances. Plant safety is provided through inherently safe design and various safeguards, such as instrumented systems, procedures, and training. HAZOP (Hazard and Operability Study) is used as one of effective measures to identify hazards in chemical plants. In this paper, a method is proposed to calculate the probability of occurrence of hazards in chemical plants already considering of existing safeguards. The developed system bases on the HAZOP analysis and reliability of safety equipment arrangement. The system can verify that the safeguards are adequate or not, and it will produce recommendations for further risk reduction. This system will become valid for risk management and present useful information to support for plant operation.


INTRODUCTION
In the past few years, serious accidents in chemical plants frequently occurred in Japan.After the severe accident of Fukushima Daiichi nuclear power plants due to the Great East Japan Earthquake and Tsunami, the safety management of large-scale and complexity industrial facilities has taken on increasing importance.Since then, most Japanese people feel anxiety about not only nuclear engineering but also chemical engineering.In other words, our society required building up a believable safety and reliability of chemical plants.As wellknown many kinds of hazardous materials are under controlled in facilities.If a severe accident occurs, there is a possibility of a serious damage to employees and also residents in the community.Therefore "risk assessment" is more important to identify the cause of the accident.Before an accident occurs, we should calculate the risk based on the frequency and scale of the damage of industrial facilities [1].This paper will show the risk assessment system by considering the reliability of existing safeguards, such as instrumented systems, procedures, and training.In particular a method is introduced the system to calculate the likelihood of the hazard in a chemical plant.The result of the calculation can use to assess the risk and show a valid location to stop the fault propagation.

II. PURPOSE AND APPROACH
In order to identify hazards in chemical plants, HAZOP (Hazard and Operability Study) is used as one of the effective measures [2].When the risk assessment performed, there is a problem, whether the current measures are sufficient enough to evaluate the hazard.Therefore, various methods are proposed to solve this problem.For example, the system used in the risk assessment to create a statistical model based on the accident database [3].In chemical plants, the safeguards are installed to prevent the accidents and the damage from spreading.The control system and the safety instrumented system perform safely in order to operate the existing chemical plant as safeguards.In this paper, a method is proposed to calculate the probability of occurrence of hazards in chemical plants by considering of existing safeguards.It"s based on the HAZOP analysis and reliability of safety equipment arrangement.In this study, function of synthesis scenario trees is introduced HAZOP analysis system. Figure 1 shows overview the proposed system.After hazards are identified by HAZOP analysis system, the fault propagation scenarios are created automatically.In this step, the information of abnormal states with the safety measures in IPL (Independent Protection Layer) is added to fault propagation scenarios [4] [5].www.ijacsa.thesai.orgThe risk evaluation system that we developed creates a scenario tree using fault propagation scenarios.Two or more cause events are shown to one hazard in the created scenario tree.We can calculate the probability of the hazard using the information from HAZOP analysis system and layout of safety equipment in the fault propagation scenario.The probability of the hazard is cut down by the suitable safety measures for the fault propagation scenario.The system can calculate the likelihood of the fault propagation scenario and evaluate of the risks that consider the reliability of existing safeguards in chemical plants.Based on this information, it is possible to verify and design safeguards in plants to prevent accidents/disasters.The results can be used to assess the risk of a chemical plant according to this method.When adding a safety measures/equipment after risk assessment, preparation method can determine a valid location to stop the fault propagation.

III. PROPOSED SYSTEM
HAZOP analysis is a technique to identify hazard by using "deviation" from the design intent.HAZOP used in the preliminary safety assessment of new plant or modification of existing ones.HazopNavi was developed to clarify the operation, behavior of the chemical plant [6].The other computer system was developed to support the implementation of risk evaluation method [7].The system that we proposed based on HAZOP analysis automatically [1].

A. Add function to the HAZOP system
Deviation is expressed "guide word" and "process parameter".Guide word is a keyword used in the analysis.Process parameters are "flow, pressure, temperature," etc..In the analysis, deviation is applied the pipe that is a part of the process and propagated next equipment.Fault propagation is a process that deviation is propagated.Fault propagation is used to identify hazards and to assess safety measures in HAZOP [1]. Figure 2 shows the model expressing HAZOP analysis.This proposed system analysis is based on the HAZOP information and safeguards arrangement.Plant model is created using equipment models.Propagation path represented by SDG models is connected to the next equipment.The HAZOP analysis system is performed after constituting one propagation path from an entire plant.When hazards in plant are identified, at the same time, it can be recognized the location that safety measures work.The instruments and equipment are arranged in the process for control to operate.If the deviation is propagated, the change and the propagation of the deviation are defined by each of the internal functions of the equipment.Then the fault propagation consist of the deviation that perform safeguards, the data are stored in the system database.
The following shows these procedures.

1) "Deviation" is defined 2) "Deviation" is converted into electrical signal 3) Control equipment performs, "Deviation" propagate safety measures 4) A parameter indicating by the instrument is controlled. 5) The information on HAZOP analysis is stored in the risk information data base.
Using the result of HAZOP system, the fault propagation scenario is created.The information of propagation is stored to the database in the system.The analysis result shows the cause of propagating and identifies the hazards by the database.From this database, the system can remove the necessary information to create a scenario tree.The risk evaluation system creates the scenario tree of fault propagation automatically.This scenario tree system is developed to calculate automatically the accident frequency quantitatively.The model of the fault propagation scenario is created from many results in HAZOP system.It is indicated in Figure 3. Ei0 is the consequent event and EiN is the cause event in the fault propagation scenario.In this scenario tree system, it is possible to create a scenario tree indicating the cause of multiple hazards using fault propagation scenarios.Figure 4 shows the scenario tree created from the propagation scenario.First the branch conditions are determined.When the system is generating the scenario tree, www.ijacsa.thesai.org the scenario with the same consequence event is detected from the database.To search information about hazards in the database is repeated.The risk evaluation system is retrieved in the same way about branch condition.A search with some conditions perform on all equipment in the fault propagation scenario.By using the fault propagation scenarios, multiple causes are found for one consequence event.To visualize the position of the equipment that causes the fault propagation in a chemical plant is very important.Since the effect of fault propagation involved in the equipment becomes clear, plant workers can determine where to add new safeguards by this technique.The safety equipment that located in a higher place from a branch point in the scenario tree can reduce the probability of hazard to two or more scenarios.

B. Calculating the probability of consequence event 1) One cause event in the scenario
There is one consequence event and one cause event in the fault propagation scenario.In this case, the probability of consequence event is as equal to the probability of cause event.This is the unavailability of the equipment causing failure.
The unavailability of the cause equipment is given by A .The probability of consequence event is expressed by (1) when the safety measure is not installed in the scenario.λ= Failure rate of the cause equipment, μ＝Repair rate of the cause equipment, MTTR = mean time to repair P = the probability of occurrence of the consequence event P A 

P λ μ 
(1) There are more than one cause event in the scenario tree.The probability of occurrence of consequence event is equal to the sum of the probability of occurrence of each cause event as expressed in (2).

2) One cause event and one safety measure in the scenario
The probability of occurrence of hazards depends on the allocation of the safety measures in fault propagation scenario.By calculating the likelihood of the fault propagation scenario, the proposed system conduct evaluation of the risks which consider the reliability of existing safeguards in chemical plants.In order to calculate probability safety measures, the PFD (Probability of Failure on Demand) is installed to calculate.The PFD means the probability that the equipment does not work properly when it is required [5].The PFD used in this system reference to "Guidelines for Process Equipment Reliability Data with Data Tables" [8].The Probability of consequence events caused by equipment failure can be calculated by equation (3).λ= Failure rate of the cause equipment, μ= Repair rate of the cause equipment, P= the probability of occurrence of the consequence event (3)

3) One cause event and more than one safety measures in the scenario
In the scenario tree, there is one consequence event and one cause event.Safety measures placed more than one in the fault propagation scenario.And they work effectively.The probability of occurrence of consequence event is given by equation ( 4).

N = the number of safety equipment placed in the scenario tree
When the safety equipment does not exist, i.e., n=0， PFD0=1 (4)

4) More than one cause event and safety measures in the scenario
The safety equipment is placed appropriately in the fault propagation scenario.At this time, it will be expressed in the same tree that the same equipment causes failure in the scenario.There are more than one cause event and safety measures.Then the formula that calculates the probability of consequence event is generalized by (5) (5)

C. Changes in the probability of occurrence
Therefore the system can calculate the probability of the effect of reducing the hazard by arranging the safety equipment.When the safety equipment is installed to control "deviation" in fault propagation scenario, the probability of occurrence of hazard of that scenario is reduced.The probability of occurrence of hazard varies depending on the placement of the safety equipment for the branch of the scenario tree.When safety equipment is located on the side of the cause event branch, it works for only one scenario to reduce the probability of occurrence hazard.When safety equipment is located on the side of the consequence event, it works for more than one scenario to reduce the probability of occurrence hazard.When safety measures are placed to work effectively to the fault propagation, they can reduce the risk of hazard.Figure 5 shows the flow of reducing the risk.

D. Evaluate the risks
Having identified the hazards by this system, then we have to decide how likely it is that the hazard will occur.Risk is a part of everyday life and we are not expected to eliminate all risks.The system can calculate the probability of occurrence of hazards in chemical plant.We can use this result to evaluate the risks.Generally, we need to do everything 'reasonably practicable'.
This means balancing the level of risk against the safeguards needed to control the real risk in terms of money, time or trouble.However, we do not need to take action if it would be grossly disproportionate to the level of risk.When we need to install safeguards, this system shows guideline for achieving the best result.

A. Analysis range
This method is supposed to the ethylene production plant.Analysis range is shown in Figure 6.Prerequisite at this time is as follows.
1) Chemical plant analyzed by this system is a continuous operation plant.
2) The safety measures and the control system are analyzed in this investigation.(For example, safety valve and transmitter, instrument, control cable, and control valve) 3) All sensors are in order.Safety equipment is defined not to prevent hazard identification.Safety valve function linked parameter "pressure-more".
After the HAZOP analysis, including safety measures, the information about a safety measure is stored as a result.Repeat HAZOP analysis in the analysis range, the fault propagation scenario that has a top consequence event in the reaction vessel of "runaway reaction" is created.The scenarios created are shown in Figure7.www.ijacsa.thesai.orgFig. 6.Analysis range in the ethylene production plant By using the fault propagation scenario, the scenario tree, including the safeguards equipment is created.This system can calculate the probability of the consequence event.Figure 8 shows the scenario tree.The probability of consequence event in the scenario tree is calculated according to equation (5).The probability of consequence events is obtained by summing the probability each scenario including the safety measures.Two deviations propagate in the scenario tree in Figure8.The deviations are "temperature high" and "pressure more".There are seven cause events in the analysis range in Figure 8.

B. Calculate the probability of occurrence of runaway reaction
The probability of occurrence of runaway reaction in the reactor R-301 is calculated as follows.

/year
Therefore the probability of occurrence of the top event of this scenario tree is 0.00072 per year.The developed system indicate the probability of occurrence of runaway reaction in the reactor R-301.The system shows the result that this event will occur once in about 1400year.This result can be used for risk evaluation in chemical plant.To avoid a severe accident, we should make a safety measure in consideration of the impact of this event.Chemical plant workers can calculate the likelihood of the hazard by using this system.Then the system shows the guideline for achieving the best result when the safety measure will be installed.

V. CONCLUSION
In this study, we have proposed "Risk assessment system for verifying the safeguards based on the HAZOP analysis." The system is developed to identify hazards and to calculate the probability of occurrence of consequence event.Safeguards are installed in the existing chemical plants in operation.The effect of safeguards is evaluated explicitly by using our system.This paper can clearly explain elucidated the linkage between the fault propagation and safety measures.The developed system can add information about the arrangement of the safety equipment in a fault propagation scenario without interfering hazard identified by them.The method included here can create a scenario tree based on the fault propagation scenario automatically.The scenario tree shows the placement of the equipment of the plant with safety measures.As a result of the analysis of the system included in this paper will become possible to consider the best placement of safety equipment.The result of the calculation of this system is the occurrence probability of the hazard based on the information on safety measures placement.This proposed method can re-evaluate the risk of chemical plants currently in operation.If an accident occurs, emergency shutdown is required rapidly.Furthermore, accident prevention is necessary not only for chemical plant and but also other industrial facilities.But still there exists the possibility that un-expected accident could occur in chemical plants.Therefore, risk management is required to recognize and to examine all the angles of the situation in the plant.The proposed system will become valid for risk assessment and present useful information to support for plant operation.In the future, this system will be expanded to other experiments and introduce with other technologies.

Fig. 5 .
Fig. 5.The flow of reducing the risk

Fig. 8 .
Fig. 8. Scenario tree of the ethylene production plant