LOPA or Layer of Protection Analysis is a study developed on the basis of a risk identification analysis (like HAZOP). The main purpose of that study is to identify the countermeasures available against the potential consequences of a particular risk. Starting from the quantification of the likelihood of a particular hazard, the study analyse the system, and identify, using a quantitative approach, the mitigation measures against the hazard under study. The countermeasures or ‘protective layers’, must be independent to be effective.

Within LOPA, an independent protection layer is to be considered a device, system, or action that can prevent (completely or partially) a scenario from developing, interrupting the chain of undesired events. Essential, for an IPL, is its independence. A device, depending on others shouldn’t be included inside the study as a layer. LOPA only identifies independent safety systems or items or procedures as effective. To be considered as an IPL, a device, system, or action able to trigger the interruption of the scenario. The effectiveness of an IPL is quantified in terms of its PFD which is defined as the probability that the IPL will fail to perform a specified function on demand. The IPL PFD is a dimensionless number between 0 and 1. The smaller the value of the IPL PFD, the larger the reduction in the frequency of the consequence for a given initiating event frequency.

Managing process safety means understanding the many factors that contribute to risk and establishing appropriate measures for risk mitigation. LOPA addresses the key questions such as ‘how safe is safe enough’, ‘how many independent protection layers are needed’ and ‘how much risk reduction should each layer provide’. LOPA can be visualised as a series of slices of Swiss cheese, where each slice is a layer of protection, with a varying number and size of holes representing flaws. A high-consequence scenario occurs only if at least one of the holes in each slice ‘line-up’, allowing propagation of multiple failures. For components of a process-control system, such as safety instrumented systems and other components such as relief valves, it is important to know or estimate the probability of failure on demand.

LPS, or Loss of Prevention System, is another tool that can be deployed to increase safety. LPS is a comprehensive management system designed to prevent or reduce losses using behaviour-based tools and proven management techniques. LPS helps protect your employees through proactive injury, illness and risk prevention. It requires personal commitment from each and every employee, as well as visible, outward leadership by all levels of management.

Process facilities in the United States are required by OSHA to run a Process Hazard Analysis (PHA) every five years. The most common tool used to conduct the process hazard analysis is a qualitative method of analysis called HAZOP. Process safety professionals have reported a trend for PHA’s to go one step further than a HAZOP, in a quantitative study of risk termed and many scenarios are pushed to a Layer of Protection Analysis, or LOPA. A LOPA study quantitively analyses the risk of an event occurring. Commonly, companies reference quantitative values for risk set out in the Initiating Events and Independent Protection Layer in Layer of Protection Analysis manual created by the Center for Chemical Process Safety. Most organizations have adopted this book as the standard for defining and quantifying risks in initiating events and will use this book for defining layers of protection.

LOPA’s often leave teams with difficult task of trying to solve complex problems, without creating complex and expensive solutions.  One very common example of this is trying to simplify a manual process without the complexity of full automating the process.

Applications where teams need to control the sequence of an operating valves in a manual process include that are identified in a LOPA are:

• Switching a PSV from the main PSV to a backup
• Bringing heat exchangers online
• Pigging
• Changeovers on ethylene dehydration systems
• Furnace de-coke processes

The most effective and simplistic solution for these complex scenarios lies on page 227 of the Initiating Events and Independent Protection Layers book, under the heading Captive Key.  Captive key systems, or valve interlocks, employ the use of locks that prevent the movement of valves and unique keys that will only be released in the desired valve sequence, preventing humans from operating valves in the incorrect sequence.

The CCPS Guidelines subcommittee recommends that a Probability of Failure on Demand factor of .01 be awarded for Captive Key (valve interlocks) being used to control sequences.  This means that systems that implement captive keys can be awarded two credits or decrease the probability of an accident by a factor of 100. Captive key systems are commonly thought of as a simple solution because they are retrofitted to the current system and require no adjustments for valves or equipment.

Find out more about achieving risk reduction by implementing valve interlocking (captive key) systems!