“Knowledge Based”

Process Hazards Analysis

Bio: Mike Scott

 B.S. Mechanical Engineering - University of Maryland

 Masters of Engineering - University of South Carolina
 Licensed Professional Engineer - AK, GA, SC, and IL
 Certified Functional Safety Expert (CFSE)
 IEC 61511 committee member
 ISA Fellow
• Co-chair of ISA S84 committee on Electrical/Electronic/Programmable
Electronic Systems (E/E/PES) for Use in Process Safety Applications
• Co-Chairman ISA S84 BMS sub-committee member on performance-based
Burner Management Systems
• Past chairman ISA S84 FGS sub-committee member on performance-based
Fire & Gas Systems CEO
Cell +1 (907) 301-3111
 Granted 7-US Patents on Safety Lifecycle mike.scott@aeshield.com

 Embedded Process Safety / Functional Safety role for 18 sites

Confidential property of aeShield

Problem Statement
 Inconsistent Risk Ranking between like process
units
 Over estimation of Risk resulting in potentially
unwarranted spend to manage / close Risk Gaps
 Under estimation of Risk resulting in potentially
higher than acceptable Risk Gaps remaining
invisible to the end user
 PHA / LOPA revalidation studies resulting in
significant changes to Safety Critical Equipment
(SCE) / Independent Protection Layers (IPLs)
“churn”

Significant Long-Term Costs and Increased Business Risk

Current Execution Model
Process Hazard Analysis Stand-alone PHA, LOPA

Assess
or PHA/LOPA tools
Layer of Protection Analysis
QRA / Fire & Explosion
Stand-alone tool
Risk Assessment
SIF Design & SIL Calculations Stand-alone SIL calc

Safety Requirements Spec’s MS Word/pdf

Design

SIF Cause & Effects Excel

Functional Test Plans MS Word/pdf

Proof Test Scheduling CMMS*

Demand Root Cause Analysis Historians,

Bypass Analysis & Tracking Excel
O&M

Failure Rate Tracking *Computerized Maintenance

CMMS* Management System, e.g. SAP,
Late Test Tracking Maximo

SIS mods, MOC Multiple tools

Tools Produce Static Documents with Little If Any Data Sharing

Solution – Knowledge Based Approach
 Relate Studies to Knowledge Based Design Guides /
templates
 Reduce study team time / improved study quality
 Deliver consistent risk ranking for like process units
regardless of facilitator(s) / study team(s) personnel
based on Consequence Modeling (e.g., QRA)
 Utilize an expert system to ensure that prior
knowledge is captured and maintained in a
database
 Elimination of “churn” in 5-year revalidations

Consistent Risk Analysis = Optimized Lifecycle Costs

Digital Transformation of Process Safety
Design Guide
Process Hazard Analysis
Assess
QRA / Fire & Explosion
Risk Assessment
Layer of Protection Analysis Process Safety /
Functional Safety
SIF Design & SIL Calculations
Design

Safety Requirements Spec.

SIF Cause & Effects
Functional Test Plans

Test Scheduling
O&M
Demand Root Cause Analysis
“Tag-based”
O&M

Bypass Analysis & Tracking

Database
Failure Rate Tracking
Late Test Tracking
SIS mods, MOC

Digital Transformation of Process / Functional Safety

Traditional Execution Model
SIL calc tool SIL Calc SIF1
SIL calc tool SIL Calc SIF2
SIL calc tool SIL Calc SIF3
SIL calc tool SIL Calc SIF4
SIL calc tool RM* IPL1
SIL calc tool RM* IPL2
SIL calc tool RM* IPL3
SIL calc tool RM* IPL4
MS Word SRS SIF1
MS Word SRS SIF2
MS Word SRS SIF3
MS Word SRS SIF4
MS Word PLRS* IPL1
MS Word PLRS* IPL2
MS Word PLRS* IPL3
MS Word PLRS* IPL4

Excel C&E SIF1

Excel C&E SIF2
Excel C&E SIF3
Excel C&E SIF4
Excel C&E IPL1
Excel C&E IPL2
Excel C&E IPL3
Excel C&E IPL4
MS Word Test Plan SIF1
MS Word Test Plan SIF2
IEC 61511 “Functional Safety – Safety instrumented systems for the MS Word
SIF Test Plan SIF3
process industry sectors” mandates SIF management MS Word Test Plan SIF4
ISA 84.91.03 Draft “Functional Safety: Process Safety Controls, Alarms & MS Word Test Plan IPL1
IPL MS Word Test Plan IPL2
Interlocks as Protection Layers” mandates IPL management MS Word Test Plan IPL3
* RM = Reliability Model MS Word Test Plan IPL4
* PLRS = Protection Layer Requirement Spec

Labor Intensive an Inconsistent from Project to Project

Knowledge Based Approach

Bulk Bulk 15 SIL Calcs/RMs

Insert Update
All Tags Expert SIL Calcs 15 SRS/PLRS
& System and
Voting Docs for 15 C&E
from All SIFs
I/O List & IPLs 15 Test Plans

Consistent Risk Analysis = Optimized Lifecycle Costs

 Knowledge Based Approach
Relevant Historical Incidents (MoM FCH 2 JU Workshop on Safety of Electrolysis - 2020)
• 1969 - Explosion in a potassium hydroxide Electrolyzer – Fatality due to burns from toxic solution
o Reduced electrolyte flow rates caused by sludge blockage/severe corrosion/erosion damage of the cell electrodes and
separators (hydrogen embrittlement may have also been a contributing factor).
o Physical breakdown of the cell separators allowed hydrogen and oxygen to mix and hydrogen to enter the oxygen separator
drum.
o The gas mixture was ignited causing a violent explosion which ruptured the separator drum.
o A plant operator in the electrolysis room at the time of the explosion was fatally burned by the caustic solution sprayed from
the ruptured drum.
• 2019 - Hydrogen explosion at a Korean renewable hydrogen production facility, due to defective
functioning of the Electrolyzer’s membrane, at lower power, which caused oxygen diffusing into the
hydrogen stream.
o The hydrogen buffer tanks that exploded were part of an experimental facility experimenting generation of renewable
hydrogen from a water Electrolyzer coupled to solar panels.
o The three hydrogen tanks (40 m3 capacity each at pressures of 1,2 MPa one of them and 0,7 MPa the two others) were
receiving the hydrogen produced by the Electrolyzer. The 200 kW alkaline Electrolyzer had a capacity of 40 Nm3/hr and
delivered hydrogen at 1.2 MPa.
o The most plausible initiating cause was the defective functioning of the Electrolyzer’s membrane, at lower power, which
caused oxygen diffusing into the hydrogen stream.

Consistent Risk Analysis = Optimized Lifecycle Costs

 Knowledge Based Approach
 HAZOP/LOPA Causes – Based on Specific Design
 Typical HAZOP/LOPA Consequences can be standardised
• Exposure to KOH due to loss of containment leading to personnel injury
• Loss of containment of Hydrogen with fatality given ignition
• Loss of containment of Oxygen with fatality given ignition in oxygen
enriched environment
• Internal deflagration in event of oxygen/hydrogen migration across the
membrane with subsequent ignition

Consistent Risk Analysis = Optimized Lifecycle Costs

 Knowledge Based Approach
 Site specific modelling using CFD and Phast
Modelling can be used as a basis
 Site specific occupancy of personnel for LOPA
 Some Risk Reduction Requirements (SIL) will be
dependent on the End User procedures e.g.,
• Use of occupancy modifier
• Tolerability Criterion

Consistent Risk Analysis = Optimized Lifecycle Costs

 Mike Scott
aeShield LLC
CEO
Co-Chair of ISA S84 Committee
Cell +1 (907) 301-3111
mike.scott@aeshield.com
12