Layers Of Protection Analysis

Layers of Protection Analysis (LOPA) is a risk management technique commonly used in the chemical process industry that can provide a more detailed, semi-quantitative assessment of the risks and layers of protection associated with hazard scenarios. Process safety engineers have promoted the use of HAZOP to identify hazards and assess safeguards, followed by LOPA to identify if additional protection layers are necessary and, if they are to be provided using safety instrumented functions, how reliable the SIFs need to be.

Layers Of Protection Analysis

What is LOPA?

LOPA or Layer of Protection Analysis is a study developed on the basis of a risk identification analysis (like HAZOP). The main purpose of that study is to identify the countermeasures available against the potential consequences of a particular risk. Starting from the quantification of the likelihood of a particular hazard, the study analyse the system, and identify, using a quantitative approach, the mitigation measures against the hazard under study. The countermeasures or ‘protective layers’, must be independent to be effective.

Independent layers of protection

Within LOPA, an independent protection layer is to be considered a device, system, or action that can prevent (completely or partially) a scenario from developing, interrupting the chain of undesired events. Essential, for an IPL, is its independence. A device, depending on others shouldn’t be included inside the study as a layer. LOPA only identifies independent safety systems or items or procedures as effective. To be considered as an IPL, a device, system, or action able to trigger the interruption of the scenario. The effectiveness of an IPL is quantified in terms of its PFD which is defined as the probability that the IPL will fail to perform a specified function on demand. The IPL PFD is a dimensionless number between 0 and 1. The smaller the value of the IPL PFD, the larger the reduction in the frequency of the consequence for a given initiating event frequency.

Accident during pigging operation
Find out how captive key systems provide 2 independent layers of protection
LOPA layers of protection

LOPA assessment

Managing process safety means understanding the many factors that contribute to risk and establishing appropriate measures for risk mitigation. LOPA addresses the key questions such as ‘how safe is safe enough’, ‘how many independent protection layers are needed’ and ‘how much risk reduction should each layer provide’. LOPA can be visualised as a series of slices of Swiss cheese, where each slice is a layer of protection, with a varying number and size of holes representing flaws. A high-consequence scenario occurs only if at least one of the holes in each slice ‘line-up’, allowing propagation of multiple failures. For components of a process-control system, such as safety instrumented systems and other components such as relief valves, it is important to know or estimate the probability of failure on demand.

Loss of Prevention System

LPS, or Loss of Prevention System, is another tool that can be deployed to increase safety. LPS is a comprehensive management system designed to prevent or reduce losses using behaviour-based tools and proven management techniques. LPS helps protect your employees through proactive injury, illness and risk prevention. It requires personal commitment from each and every employee, as well as visible, outward leadership by all levels of management.

Loss of prevention system
Process operator in the field

Why are companies adopting LOPA?

Process facilities in the United States are required by OSHA to run a Process Hazard Analysis (PHA) every five years. The most common tool used to conduct the process hazard analysis is a qualitative method of analysis called HAZOP. Process safety professionals have reported a trend for PHA’s to go one step further than a HAZOP, in a quantitative study of risk termed and many scenarios are pushed to a Layer of Protection Analysis, or LOPA. A LOPA study quantitively analyses the risk of an event occurring. Commonly, companies reference quantitative values for risk set out in the Initiating Events and Independent Protection Layer in Layer of Protection Analysis manual created by the Center for Chemical Process Safety. Most organizations have adopted this book as the standard for defining and quantifying risks in initiating events and will use this book for defining layers of protection.

Simplify manual valve operations

LOPA’s often leave teams with difficult task of trying to solve complex problems, without creating complex and expensive solutions.  One very common example of this is trying to simplify a manual process without the complexity of full automating the process.

Applications where teams need to control the sequence of an operating valves in a manual process include that are identified in a LOPA are:

Over-pressurisation of heat exchangers can lead to accidents
Valve interlock

Using valve interlocks (captive key systems) to control manual valve operations

The most effective and simplistic solution for these complex scenarios lies on page 227 of the Initiating Events and Independent Protection Layers book, under the heading Captive Key.  Captive key systems, or valve interlocks, employ the use of locks that prevent the movement of valves and unique keys that will only be released in the desired valve sequence, preventing humans from operating valves in the incorrect sequence.

Get advice from our team of specialists

Achieve risk reduction by implementing valve interlocking systems

The CCPS Guidelines subcommittee recommends that a Probability of Failure on Demand factor of .01 be awarded for Captive Key (valve interlocks) being used to control sequences.  This means that systems that implement captive keys can be awarded two credits or decrease the probability of an accident by a factor of 100. Captive key systems are commonly thought of as a simple solution because they are retrofitted to the current system and require no adjustments for valves or equipment.

Smith valve interlocks
Valve interlock start key release is based on key detection and compressor inputs

Download our whitepaper

Find out more about achieving risk reduction by implementing valve interlocking (captive key) systems!

  • Hidden