Process system and safety laboratory
Chemical Process Risk Analysis
Using Layer of Protection Analysis
and a Study on the Establishment
about Proper Protection Layers
Yunju Jung, Seungjune Choi, and En Sup Yoon
School of Chemical Engineering, Seoul National University

Process system and safety laboratory
What is IPL?
 IPL : Independent Protection Layer
 Features of IPL
 Criteria : Specificity, Independence, Dependability,
Auditability
 3D : Detect, Decide, Deflect
 3E : Fast Enough, Strong Enough, Big Enough
 Big I : Independent
 All IPLs are safeguards, but not all safeguards are
IPLs.

Process system and safety laboratory
Classification of IPLs
 Passive IPLs : dike, underground drainage system,
open vent(no valve), Fire proofing, blast wall/bunker,
inherently safe design, flame/detonation arrestors
 Active IPLs : relief valve, rupture disc, basic process
control system, interlocks
 sensor(instrument, mechanical, or human)
 decision making process(logic solver, relay, mechanical
device, human)
 action(instrument, mechanical, or human)

Process system and safety laboratory
Protection Layers of the Process
Community Emergency Response
Plant Emergency Response
Dikes
Relief Devices
Safety Instrumented Function
Alarms and Human Intervention
Basic Process Control Systems
Process Design

Process system and safety laboratory
The safety Life Cycle
New or Existing Process
Perform PHA &
Risk Assessment
Apply Non-SIS Protection
Layers to Reduce Risk
Define Target SIL
SIS
Required
Develop Safety
Requirement Specs
SIS Installation
& Commissioning
Perform Detail SIS Design
Conceptual SIS Design
Specs Met?
Establish Operations &
Maintenance Process
Pre-Startup
Safety Review
Operations, Testing, &
Maintenance
Modify or
Decommission
SIS
Decommissioning
Facility Design SIS Design Operation & Maintenance
PHA Installation
Yes
No
Yes
No

Process system and safety laboratory
What is LOPA?
 LOPA : Layer of Protection Analysis
 LOPA is a semi-quantitative methodology that can be
used to identify safeguards that meet the
independent protection layer (IPL) criteria.
 LOPA provides specific criteria and restrictions for
the evaluation of IPLs.
 LOPA is limited to a single cause-consequence pair
as a scenario.

Process system and safety laboratory
Use of LOPA
 LOPA is used all around the process life cycle.
 Research, process development, process design, operations
& maintenance modification, decommissioning
 provide guidelines in process design
 Decide the safety critical
 Identify operator actions & responses
 LOPA is typically applied after a qualitative hazard
analysis has been completed.
 It is cost effective that LOPA is used during or after
the HAZOP review or revalidation.

Process system and safety laboratory
Providing rational, semi-quantitative, risk-based
answers
Reducing emotionalism
Providing clarity and consistency
Documenting the basis of the decision
LOPA
How safe is safe enough?
How many protection layers are needed?
How much risk reduction should each layer provide?
Task of LOPA

Process system and safety laboratory
The steps to the LOPA process
Step 1 : Identify the consequence to screen the scenario
Step 2 : Select an accident scenario
Step 3 : Identify the initiating event & determine the initiating event frequency
Step 4 : Identify the IPLs & estimate PFD of each IPL
Step 5 : Estimate the risk
Step 6 : Evaluate the risk

Process system and safety laboratory
LOPA is simple numerical qualitative methodology!
Benefits of LOPA
 LOPA takes less time than quantitative risk analysis.
 LOPA provides better risk decision basis.
 LOPA is more defensible for more rigorous
documentation and specific value than qualitative
method.
 LOPA identifies operations and practices.

Process system and safety laboratory
Case Study
 Hexane Storage Tank Overflow – spill not
contained by the dike
 Initiating event
 The inventory control system fails.
 A truck arrives at the tank with insufficient space in the
tank.
 Probability : due to an error in ordering, or unit shutdown
after the truck was ordered, once a year

Process system and safety laboratory
 IPLs in place
 Human action to check level prior to filling
(PFD for human response = 1X10-1)
 This procedure is an IPL because it meets the criteria of:
Effectiveness – if it is performed correctly,
The level is read correctly
the operator does not initiate loading
an overflow will not occure
Independence, Auditability
 Dike (PFD = 1X10-2)
Case Study (Continued)
Total PFD for the IPLs in place = 1X10-1 X1X10-2 = 1X10-3

Process system and safety laboratory
Case Study (Continued)
 Safeguards that are not IPLs for LOPA
 The BPCS level control loop
 Human action other than response to a BPCS
alarm is not an IPL

Process system and safety laboratory
Case Study (Continued)
 IPLs proposed
 BPCS and operators are involved with either the initiating
event or existing IPLs.
 Thus, additional equipment must be added to reduce the
risk.
 SIF(Safety Instrumented Function)
(PFD of SIF candidate = 1X10-2)
Total PFD for the IPLs in place = 1X10-1 X1X10-2 X 1X10-2 = 1X10-5

Process system and safety laboratory
Discussion
 LOPA is a methodology for hazard evaluation and risk
assessment, and lies between simple qualitative and more
elaborate quantitative analysis techniques.
 In decision-making process, LOPA helps to decide the propriety
of protection layers that exist or are suggested to prevent
accidents, so ideally matches the risk-decision criteria of the
company.
 LOPA is a recognized technique that can establish a proper
safety integrity level (SIL) of the process.
 Using LOPA, we need to set up proper protection layers that
evaluate, analyze, and decease the risk in chemical process.