Guest blog by David Hatch from Process Safety Integrity

As BowtieXP users become more proficient in model development (often guided by the CCPS/EI concept book which includes significant contributions from CGE) they wish to exploit enhanced functionality to provide more accurate risk assessments to inform their decision making.

Adding value to qualitative risk assessment (matrices)

BowTieXP provides customizable risk matrices which estimate the Inherent & Residual risks based on the combinations of Severity & Likelihood. Threat frequency, Barrier effectiveness & Consequence severity all influence the outcome, however, these are often subjective and changes to these are not reflected in the risk matrices without manual input.

Figure 1: Aggregate of threat frequencies & barrier effectiveness

Quantitative risk assessment (LOPA)

The LOPA plugin in BowTieXP provides full Layers of Protection Analysis functionality consistent with CCPS guidance. This allows the user to quantify Threat frequencies & Barrier failure probabilities and compare the calculated Consequence (and Top Event) frequency with risk targets which are either determined by the Consequence category or are manually entered by the user. Different risk targets can be set for each Consequence and Consequence type. Familiar components such as Enabling Events/Conditions and Conditional Modifiers are included with the option to output to a spreadsheet to provide a familiar report. Specific Threats (Initiating Events) can be excluded from the calculation and Barriers can also be discounted e.g. if they are considered as Safeguards not IPL (Independent Protection Layers). Like any tool, the LOPA plugin does not determine if the barriers (IPL) are effective, independent & auditable, therefore competent scrutiny must be applied during development.

Figure 2: The LOPA plugin in BowTieXP provides full Layers of Protection Analysis functionality consistent with CCPS guidance.

Generic (Industry Sources) & Specific (Prior Use) Data/ Generic data as an indication of Threat occurrence and barrier failure rates

Regulators and Competent Authorities expect duty holders to provide Threat occurrence and Barrier failure rate data from operational experience, however, this is not always available, and it is inevitable that users will seek equivalent or approximate data from recognized publications. The UK HSE provide some guidance where “… in the absence of site-specific data, the values given here may serve as a starting point…

The CCPS LOPA book itself and the TNO ‘Purple Book’ are commonly referenced sources as well as the OREDA handbook, Exida SERH & FARADIP to name a few. The use of generic data should be justified for appropriateness, adjusted if necessary, to suit location/application-specific conditions and regarded as provisional until experience supports or rejects the assumed figures.

Functional Safety standards such as IEC 61511 and ANSI/ISA-84.00.01 require consideration of ‘Prior Use’ which involves gathering documented information concerning the device performance in a similar operating environment. Such evidence requires data gathering and analysis over a period of time to demonstrate statistical significance.

LOPA Scrapbook as a starting point until ‘Prior Use’ data becomes available

To help users develop consistent & correct LOPA models, CGE and partners have developed a set of LOPA components with Threat frequencies and Barrier failure probabilities from the CCPS LOPA book. A list of Threat Types (each with their own frequency) and Barrier Categories (each with their own probability) are available to be dragged from the Scrapbook (only available in BowTieXP Advanced) onto the diagram and incorporated into the LOPA calculation. This is acknowledged only to be a starting point until ‘Prior Use’ data becomes available and assistance is available to develop user-specific databases.

Sense & Sensitivity

The LOPA plugin allows the User to conduct two separate calculations using Current (Predicted) and Future (Actual) frequencies and probabilities.  This allows different scenarios e.g. including/excluding certain barriers or increasing/decreasing probabilities to be evaluated on the same model. HSE Research Report RR716 concludes that “…it would be good practice to include as part of the LOPA study a sensitivity analysis to demonstrate the robustness of any conclusions” and this feature enables such evaluation to be performed.

Showing the results in numerical rather than the scientific format can be achieved using BowTieXL and helps the user and subsequent readers to better understand the anticipated likelihood in recognizable terms.

Barrier Performance (AuditXP & Incident XP)

Every demand on a barrier is an opportunity to learn, adapt assumptions and improve models. Planned demands e.g. during testing, can be captured & analyzed using AuditXP and unplanned demands e.g. during a process safety event, can be captured & analyzed using IncidentXP. These tools can interface to 3rd party systems via BowTieServer to develop and grow a Threat frequency and Barrier failure probability database, based on actual, and not theoretical figures, to ensure that risk assessments are kept as evergreen as practical.

Join our LOPA webinar

Are you interested to learn more about visual and quantified risk assessment with BowTieXP?

Join our LOPA webinar! Learn more or sign up here.