LOPA Risk Assessment “By the Numbers”

Quantitative risk assessment (LOPA)

The LOPA plugin in BowTieXP provides full Layers of Protection Analysis functionality consistent with CCPS guidance. This allows the user to quantify Threat frequencies & Barrier failure probabilities and compare the calculated Consequence (and Top Event) frequency with risk targets which are either determined by the Consequence category or are manually entered by the user. Different risk targets can be set for each Consequence and Consequence type. Familiar components such as Enabling Events/Conditions and Conditional Modifiers are included with the option to output to a spreadsheet to provide a familiar report. Specific Threats (Initiating Events) can be excluded from the calculation and Barriers can also be discounted e.g. if they are considered as Safeguards not IPL (Independent Protection Layers). Like any tool, the LOPA plugin does not determine if the barriers (IPL) are effective, independent & auditable, therefore competent scrutiny must be applied during development.

Generic (Industry Sources) & Specific (Prior Use) Data/ Generic data as an indication of Threat occurrence and barrier failure rates

Regulators and Competent Authorities expect duty holders to provide Threat occurrence and Barrier failure rate data from operational experience, however, this is not always available, and it is inevitable that users will seek equivalent or approximate data from recognized publications. The UK HSE provide some guidance where “… in the absence of site-specific data, the values given here may serve as a starting point…”

The CCPS LOPA book itself and the TNO ‘Purple Book’ are commonly referenced sources as well as the OREDA handbook, Exida SERH & FARADIP to name a few. The use of generic data should be justified for appropriateness, adjusted if necessary, to suit location/application-specific conditions, and regarded as provisional until experience supports or rejects the assumed figures.

Functional Safety standards such as IEC 61511 and ANSI/ISA-84.00.01 require consideration of ‘Prior Use’ which involves gathering documented information concerning the device performance in a similar operating environment. Such evidence requires data gathering and analysis over a period of time to demonstrate statistical significance.

LOPA Scrapbook as a starting point until ‘Prior Use’ data becomes available

To help users develop consistent & correct LOPA models, CGE and partners have developed a set of LOPA components with Threat frequencies and Barrier failure probabilities from the CCPS LOPA book. A list of Threat Types (each with their own frequency) and Barrier Categories (each with their own probability) are available to be dragged from the Scrapbook (only available in BowTieXP Advanced) onto the diagram and incorporated into the LOPA calculation. This is acknowledged only to be a starting point until ‘Prior Use’ data becomes available and assistance is available to develop user-specific databases.

Sense & Sensitivity

The LOPA plugin allows the User to conduct two separate calculations using Current (Predicted) and Future (Actual) frequencies and probabilities.  This allows different scenarios e.g. including/excluding certain barriers or increasing/decreasing probabilities to be evaluated on the same model. HSE Research Report RR716 concludes that “…it would be good practice to include as part of the LOPA study a sensitivity analysis to demonstrate the robustness of any conclusions” and this feature enables such evaluation to be performed.

Showing the results in numerical rather than the scientific format can be achieved using BowTieXL and helps the user and subsequent readers to better understand the anticipated likelihood in recognizable terms.

Barrier Performance (AuditXP & IncidentXP)

Every demand on a barrier is an opportunity to learn, adapt assumptions and improve models. Planned demands e.g. during testing, can be captured & analyzed using AuditXP, and unplanned demands e.g. during a process safety event, can be captured & analyzed using IncidentXP. These tools can interface to 3^rd party systems via BowTieServer to develop and grow a Threat frequency and Barrier failure probability database, based on actual, and not theoretical figures, to ensure that risk assessments are kept as evergreen as practical.

© David Hatch – Process Safety Integrity . 2020 – The copyright of the content of this guest blog belongs to David Hatch who has authorized CGE Risk Management Solutions B.V. to provide this content on its website.