What is a LOPA?

LOPA stands for Layer

of Protection Analysis
LOPA is a process to
evaluate risk with explicit
risk tolerance for a
specific consequence
Its about creating value
without taking
unnecessary risk
The level of risk
acceptance is expressed
in terms of tolerable
frequency

Tolerable frequency is a
decision criteria
The higher the
consequence

the lower the
tolerable
frequency



Single fatality risk tolerance*

0.01% per year

Compared to

Multiple fatality risk tolerance*

0.001% per year


*Generalized risk tolerance in an industrial environment

Lets try to make these
numbers resonate with
some relativity
Driving fatality

0.01% per year

(i.e. same as the
acceptable risk
for industrial
work
environment)

[NIOSH 1997]
Alaska crab fishing
fatality

0.356% per year

(i.e. 35x the
acceptable risk for
industrial work
environment)


[NIOSH 1997]
Do you know the
tolerable frequency of
for your company?

If so, who decide how
much risk your company
can take on? Are the
decisions consistent across
the company?
Lets break down the
LOPA into seven steps:
Step 1: Identify a single
consequence to analyze





In our example, the re-
boiler condensate pot
can overpressure
leading to vessel rupture
and resulting in a single
fatality



LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PG
253
2
2
3
3
3/4
3/4
6
6
6
6
Size
SET @ 700kPag
6
Step 2: Define the
tolerable frequency for
the consequence


Multiple
Fatality
0.001%/year
Single
Fatality
0.01%/year
Hospitalized
Injury
0.1%/ year
Step 3: Assess the
probability of the
initiating events





The level control valve
can fail in the closed
position leading to
overpressure





LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PG
253
2
2
3
3
3/4
3/4
6
6
6
6
Size
SET @ 700kPag
6
Lets say this control loop has a
0.1 probability (10% chance) of
failure per year
Step 4: Identify
independent protection
layers and assign a risk
reduction factor




Important!

Each protection layer must
be independent from the
initiating event and
independent from other
safeguards
LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PG
253
2
2
3
3
3/4
3/4
6
6
6
6
Size
SET @ 700kPag
6
Lets say the pressure safety
valve will reduce the
likelihood of rupture by 100

or you can say
Risk Reduction of 100

you can also say
the Probability of Failure on
Demand of 0.01
Step 5: Calculate the new
expected frequency of the
consequence




Expected frequency = initiating
events frequency x probability
of failure of the safeguard

New expected frequency = 0.001
(0.1 valve failure per year x 0.01
probability of safety valve
failure)




LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PG
253
2
2
3
3
3/4
3/4
6
6
6
6
Size
SET @ 700kPag
6
Given a person will be around the
vessel when ruptured

Our expected frequency of a
fatality in this scenario is 0.001 per
year

Or

0.1% chance of a fatality per year





LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PG
253
2
2
3
3
3/4
3/4
6
6
6
6
Size
SET @ 700kPag
6
1/1000 chance
a fatality per
year
Step 6: Decide if risk is
acceptable based on the
tolerable frequency





Expected
frequency
of a single
fatality =
0.001/year





Tolerable
frequency
of a single
fatality =
0.0001/year





Thats 10 times more
likely than the maximum
frequency your company can
accept for a single fatality





Step 7: Determine
additional safeguards to
reduce the risk





Lets add a high pressure
shutdown to the inlet as
a safeguard



LT
253
HLL=2550 mm
NLL=1650 mm
LLL=250 mm
LC
LY
LV
Steam
Condensate
To atmosphere at safe
location
PSV
D-101
D-101 Re-boiler Condensate Pot
253 253
253
111
Drawing Ref.
Drawing Ref.
PT
253
2
2
3
3
6
6
6
6
Size
SET @ 700kPag
6
XV
253
HH
This safeguard consist of a
pressure sensor, logic
solver (independent from
the level control) and a
valve as a final element
This safeguard is a safety
instrumented function
(SIF)
PT
253
XV
253
Since we need to reduce the
risk by a factor of 10

The probability of failure on
demand of the safety
instrumented function must
be less than 0.1
Or you can say the
safety instrumented
function must meet the
requirements of safety
integrity level 1

This safety instrumented
function is at SIL 1
PT
253
XV
253
Expected frequency with the new
safeguard

= 0.1 probability of valve failure
per year
x 0.01 probability of safety valve
failure
x 0.1 probability of the safety
instrumented function failure

=0.0001/year




New
expected
frequency
of a single
fatality =
0.0001/year





Tolerable
frequency
of a
single
fatality =
0.0001/year





Now the risk is
acceptable



Adding a safety
instrumented function is
one option to meet the
tolerable frequency.

Is it a good decision? Is
there a better option?




Any Questions?



Risk. Inspired.
For more lessons go to
www.icarus-orm.com