1.1     Introduction

The objective of an HAZOP (Hazard and Operability) review/study is to conduct a qualitative assessment of hazards associated with the operation of a system or facility. An HAZOP review preliminary focuses on the operation of a facility, This may include daily operating routines, commissioning and shut down as well as maintenance. It should be kept in mind that accidents often occur during maintenance. Hazard identification (HAZID) preliminary focuses on the identification of hazards. This narrative describes a method in which an HAZOP review can be performed in a consistent and comprehensive manner .

1.2     Scope

The scope of an HAZOP review/study is to assess and evaluate deviations from the intended use or the normal operating conditions, It is recommended that an HAZOP review is included in the Project Execution Plan (and performed during the course of project execution).

This narrative covers:

  • The make-up and competency requirements of the HAZOP team
  • The roles and responsibilities of the HAZOP team members
  • The documentation requirements
  • The HAZOP study methodology
  • The mechanisms and responsibilities for the close-out of HAZOP recommendations


  • HAZID - Hazard Identification review
  • HAZOP -  Hazard and Operability study
  • ESD - Emergency shutdown
  • PFD - Process Flow Diagram
  • P&ID - Piping and Instrument Diagram
  • UFD - Utility Flow Diagram


Chairman or facilitator  - The HAZOP chairman (also referred to as HAZOP facilitator) should be an independent party with no direct involvement with the project execution. The client must be satisfied that he has the appropriate level of experience in conducting HAZOP studies of similar facilities. The HAZOP chairman is to prepare the HAZOP report.

Custodian - The custodian of the HAZOP should be a senior/lead engineer who can directly influence the safety of the project (often a senior process engineer, senior safety engineer, project engineer or project manager). It is his responsibility to ensure that the HAZOP is performed to the applicable standards and good engineering review practices. The custodian is to ensure that the administrative tasks, necessary to perform the HAZOP, are being performed e.g., organizing the team, distributing the documentation, bookings and confirming the venue, etc.

Secretary or scribe - The Secretary should have an appropriate level of experience or training for acting as a HAZOP secretary and should to be to the satisfaction of the custodian. The Secretary is to attend and minute the HAZOP sessions.

Follow up coordinator - The Follow-up coordinator, if appointed, can act on behalf of the custodian to facilitate, monitor, and expedite the close-out of recommendations raised during the HAZOP review.

Discipline engineer -  The discipline engineer provides the specialist knowledge and expertise relevant to his discipline, that are essential for a comprehensive conduct of the HAZOP review. It is recommended that a specialist engineer of the relevant discipline is being appointed for closing out the relevant HAZOP action(s).

Safety engineer  - The safety engineer provides input on safety related issues. Because of his specialist background he also may perform the role of custodian, secretary or follow-up coordinator.

Close out of the HAZOP action items requires approval from an appropriate authority (e.g. department head/manager or project manager)

An HAZOP team, should comprise between eight to fifteen active attendees, including the chairman, secretary and custodian. With more attendees the meeting may tend to proceed too slowly, with any less, the required expertise may not be at hand. The required expertise (specialist engineers) is to be determined by the HAZOP custodian and chairman prior to the HAZOP session. It must be communicated  and agreed with, by the key team members. For ensuring that all expertises are available when needed, the HAZOP team may include full and part time members.

Full-time members should include:

  • The HAZOP chairman
  • HAZOP custodian
  • A process engineer 
  • An instrument engineer
  • Safety engineer
  • An operation representative
  • Discipline engineers as appropriate

Part time members should consist of specialists from the Piping, Electrical, Mechanical department and other departments. When (modular) vendor packages are a substantial part of the process or process control system, a vendor representative may also be called in, if considered necessary.


(Refer to "Services\Hazard Operability Study/HAZOP process flow diagram")

4.1     HAZOP Schedule & Information Requirements

The scheduling of a HAZOP will depend on the nature of a project and is to be arranged by the project manager/engineer or technical lead safety engineer. For Front End Engineering and Design (FEED) projects, one HAZOP review may be sufficient. For a detail design project, at least two HAZOP's are normally to be held. 

As a general rule, the first HAZOP, is conducted when the process design documents, such as, Process Flow Diagrams (PFD), Piping and Instrument Diagram (P&ID), process datasheets and control logic's are ready for final Issue, after all client comments have been addressed and agreed with. It may be appropriate to add an "Issued For HAZOP" (IFH) review for P&ID’s and selected drawings and documents that are HAZOP related, prior to final issue, in the client's approval cycle.

A second HAZOP will normally be held prior to commissioning, and after completion of all as-built information. Additional HAZOP's can be performed for any significant design or operational change.

The timing of a HAZOP should be such, that adequate detail design information, and data are available to make the HAZOP review meaningful, and that the HAZOP findings/recommendations can be closed-out without adversely affecting the project schedule and progress. 

The HAZOP review requires the information, listed below, being made available as a minimum. Deviations from this list must be agreed with, by the HAZOP custodian prior to the commencing of the HAZOP review.

  • Basis of Design
  • System Design Philosophies
  • Safety Philosophies
  • Plot Plans
  • Process Flow Diagrams (PFD)
  • Utility Flow Diagrams (UFD)
  • Piping and Instrument Diagrams (P&IDs;
  • Line lists
  • Emergency Shut Down (ESD) logic diagram (Also called Shut Down Key - SDK) 
  • Cause and Effect (C&E) charts
  • Safety charts
  • Equipment data sheets
  • Start-up, shutdown, operating philosophy
  • Isolation, drainage, depressurization philosophy

Prior to commencing the HAZOP sessions, the HAZOP chairman and lead process engineer should divide the P&ID(s) into "Nodes" based on their function, mode of operation and/or their complexity.

Selection of these Nodes will permit the process streams to be segregated into discrete sections. This segregation is typically based upon the following parameters:

  • Physical equipment items
  • Piping specification/class breaks
  • System performance/duty rating
  • Phase changes 
  • Pressure profiles

These nodes must be marked on the P&ID(s) using highlighters, and delineated by a indicator number. The HAZOP boundaries must be clearly marked up on the P&ID's and PFD's. For easy reference, the preparation of a simplified process flow diagram or block diagram reflecting the HAZOP scope is recommended. Other conventions may be used, if agreed with by the HAZOP chairman and custodian. For speed and ease of understanding, each marked up P&ID and PFD sheet shall be given a simple sequence number. These sheets must be scanned and attached to the final report. 

The HAZOP chairman will review the schedule for feasibility and amend the schedule in line with the custodian and project manager requirements, if so needed.

All of the above should be defined and clarified in a formal Terms of Reference (TOR) document. The TOR should be handed out to the attendees before the event, for informing all parties to what is planned and expected.The TOR should include the HAZOP narrative, the HAZOP guidewords and deviations, and copies of the relevant HAZOP engineering documents e.g., marked up  P&ID's, PFS's, C&E charts etc. The TOR may also include all housekeeping requirements to ensure a smooth start-up and running of the HAZOP review meeting.

To enhance consistency for reviewing,  nodes and guide words must be pre-selected.The format of the worksheet, must be established, and reviewed in advance  by the HAZOP custodian and HAZOP chairman, and, if so desired, with the key participants. The nodes and guidewords must be reflected on the HAZOP worksheets. Additional guidewords may be added during the course of the HAZOP when so needed, and agreed with by the key team members. 

4.2     HAZOP review methodology

The HAZOP review meeting should commence with the custodian providing an overview of the system(s) and identify the boundaries of the HAZOP within the facility to be reviewed. The overview is to be confined to a statement of the purpose and an outline of the intended operation of the systems.

For each node, the responsible process engineer shall provide a brief introduction of the design intent, function, and operating conditions, plus a description of the important equipment items associated with the relevant node.

The HAZOP must follow a standard approach of utilizing guide words and deviations (e.g., Flow; more flow, less flow, reverse flow etc.) for describing the deviation from normal operating conditions. The HAZOP review process is reflected schematically in the HAZOP process diagram (refer to "Services/Hazard Operability Study/HAZOP process flow diagram").

Example HAZOP guidewords are presented in Table 3.1. See also Table 4.2, Guide for hazard identification (Refer to HAZID workshop)

The deviation, prompted by the HAZOP Chairman can be considered by the team to identify:

  • Possible causes of the deviation
  • Potential consequences of the deviation
  • Elements of the design which prevent the deviation to occur, or to mitigate the consequences of the deviation (safeguards)
  • Actions needed for safeguarding against consequences of the deviation where no safeguards (item above) exist or are considered inadequate
  • Parties responsible to complete the actions.

"Possible" causes include single events, simultaneously occurring events arising from common causation, and events arising from latent (or potential), or unrevealed system, equipment failures.

Causes arising from simultaneous unrelated failures can be termed "Double jeopardy" and assumed to occur at such low frequencies that they are not considered possible unless detailed frequency analysis or experience from the HAZOP team members dictates otherwise.

All comments made during the review of each node and guide word must be recorded by the HAZOP secretary in the HAZOP work sheet (e.g., Excel spread sheet. Refer to Attachment 3.1) These worksheets are to be projected onto a screen, visible to all HAZOP team members and  attendees. All guide words and deviations actually examined (even, if found to be not a concern) must be reported. Deviations, which are improbable or have insignificant potential, may be discarded and identified as “Not a concern”. The relevant P&ID's and PFD can be projected on a screen as well, or being sticked on a flip board or to the wall of the conference room, as long they are clearly visible to the attendees. 

Inconsistencies/omissions in the drawings or in the links between system information requiring rectification must be noted under the heading of "Drawings and Line Continuity".

Specific attention must be given to start-up and shutdown operations as these tend to create more deviations/hazardous events than during normal, steady state plant operation.

4.3     Follow-Up & Close Out

Upon completion of the HAZOP, the chairman will present the findings of the study to a group of project representatives selected by the custodian. The presentation should highlight the recommendations, which, in the chairman's opinion, have the potential to impact on safety, operability, cost, and/or schedule.

It is important that the project management allocate adequate resources not only to perform the HAZOP, but also to ensure that the HAZOP actions raised during the HAZOP review and recorded in the HAZOP report, are satisfactorily closed out. The HAZOP custodian is responsible for ensuring that the resources are available to address and complete actions relevant to the HAZOP  recommendations within the HAZOP time schedule.

Individual HAZOP actions are to be recorded on a HAZOP action sheet. A typical HAZOP Action Sheet is shown as Attachment 3.2. For monitoring the status of the action items, the action sheets can be consolidated is an action control sheet. A typical HAZOP Action Control Sheet is shown as Attachment 2.2. The engineers responsible for the HAZOP closeout actions are to be added to the HAZOP Actions Control Sheet by the HAZOP custodian.

An HAZOP report containing all recommendations and the HAZOP Action Control Sheet is to be prepared by the HAZOP chairman, and is to be issued to all attendees and those who are responsible for the close out of the HAZOP actions. A template for a HAZOP report is shown as Attachment 3.3

Completion and monitoring of the status of the HAZOP Action Sheets as well as updating the HAZOP Control Sheet should be the responsibility of the HAZOP custodian.

Compliance with the HAZOP recommendations is to the discretion of an authorized senior or executive functionary (e.g. the Sr. Project Manager/Director or Safety Manager). The HAZOP follow-up indicating whether the recommendations are to be implemented in the design or rejected must be a fully documented process (with reference to specific updated P&IDs or other documentation) and records. For recording the actions taken and/or (alternative) decisions made by the an authorized party (e.g., the Project Engineering Management Board) a HAZOP Follow up Record Sheet can be prepared in this regard.

The HAZOP follow-up coordinator, when/if appointed, may acts on behalf of the custodian, to facilitate the expeditious close out of actions raised in the HAZOP report. Verification/acceptance of responses and final close out of the HAZOP report should be the responsibility of the appropriate authority.

A copy of the full HAZOP report should be kept with the project records. Other copies either abbreviated or in full, may be distributed as deemed necessary by the HAZOP custodian or the Project Manager.

4.4     Management of Change

Following the completion of the HAZOP, and before the reissue of the P&IDs, the Management of Change process is implemented and managed in accordance with the Project Design Change Control Procedure. The Project can thus track all design modifications between the completion of the HAZOP and project completion.

Changes that are necessary, must be reviewed by the department engineers and project engineering management. Major changes that have a potential impact on the safety and operation of the facilities should be subjected to an additional HAZOP review. Minor changes can be distributed to the relevant departments for review and incorporation into the design.


(Refer to Tables 4.1 and 4.2 HAZID Workshop)

5.1    What if considerations                                                                                                                                                  

  • Process condition upsets due to temperature, pressure level or flow deviations
  • Instruments failure
  • Equipment failure
  • Utility failure
  • Operator improvisation or inattentiveness
  • Off specified or unforeseen process conditions during start up or (maintenance) shut down 

5.2     Essential data

The following essential data can be considered when conducting a “General Qualitative Risk Assessment ” study, in particular for assessing potential hazardous situations that may occur in existing facilities e.g.,:

  • Storage of volatile or toxic materials
  • Off loading or unloading volatile or toxic materials
  • Performing modifications or alterations to existing facilities
  • Maintenance of equipment
  • Potential hazards caused by acts of god, extreme weather conditions e.g., floods storms, heavy rainfall, lightning, etc.
  • Potential hazards caused by unforeseen accidents

5.3    Key Criteria and Parameters.

Key criteria for assessing potential hazards for each node are:

a. Processed material data e.g.,

  • Physical and chemical properties (composition) of the material being processed or handled
  • Flash point
  • Vapor pressure
  • Ignition point
  • Volatility
  • Toxicity

b. Operating conditions for each node:

  • Area classification
  • Ambient temperature: Lowest. Highest
  • Seasonal weather conditions
  • Prevailing wind direction (especially for offshore facilities)
  • Operating pressure
  • Operating Temperature
  • Simultaneous occurrences

5.4     Definitions

  • Hazard - An hazard is considered to be any situation with the potential to do harm
  • Risk - The exposure to the chance of an adverse effect, e.g. human injury, adverse environmental effects, loss of production, loss of capital, adverse effect on reputation, negative effect on project execution etc.
  • Deviation - Any event or condition that deviates from the intended use, of a system, process or procedure
  • Consequences - The consequences in the event of the occurrence of a hazard i.e. effects on personnel, equipment, buildings, production, environments
  • Safeguards - Mitigative measures designed into the system, process or procedures in the event of an occurrence of a hazard
  • Process - Any handling of a material such, as the transportation, storage, loading or unloading can be defined as a   process
  • Node - A Part of a process or facility being selected for review as a consolidated unit.(Note; a process or facility can be consolidated to a single node) 
  • Guide word - An expression/word established to achieve consistency during the Risk Assessment/HAZOP study/review 


6.1     Severity

The expected severity of the consequence of an accident can qualitatively based on a risk ranking definition. The judgment and experience of the HAZOP review team is to be used to determine the consequences. The worse credible case that can be expected can be used as a reference .

Note: Rankings shown below can be applied as guide. Ranking should be based on company/client policy, quantitative analyses of statistics, operating data and specialist expertise and experience. Factors as “Negligible” and “Definitive” are not shown but can be included when so desired.

6.2    Ranking scheme

(See also Tables 2.2A and 2.2B Workshop Qualitative Risk Assessment)

1 – High

  • Worker fatality or serious injury
  • Public exposed to life threatening events/occurrences
  • Extensive damage to environment and environmental release with consequential clean up
  • Major equipment damage, extensive repair or replacement is required
  • Downtime > 5 days

2 - Medium

  • Worker fatality or serious injury
  • Public exposure to life threatening events/occurrences
  • Extensive damage to the environment and environmental release with consequential clean up
  • Equipment damage, extensive repair is required
  • Downtime 1 – 5 days

3 - Low

  • Minor injury/ medical treatment. Personnel can report to work within 24 hours.
  • Public exposure none or negligible
  • Moderate onsite environmental release, environmental cleanup is not required
  • Moderate equipment damage
  • Downtime 6 – 24 hours

4.- Very Low First aid or no or minor injury,

  • No personal impact
  • No public impact
  • No environmental release minor onsite environmental release (e.g. local oil spills)
  • Minor equipment damage, only minor repairs
  • Downtime < 6 hours or no downtime in production

6.3     Probability

The probability of an accident occurring can be qualitatively assessed and ranked based on the Ranking Definition shown below:

1 – High: Possible occurrence 1 - 5 years

2 – Medium: Possible occurrence 6 - 30 years

3 – Low:Possible occurrence 6 - 30 years

4 - Very low: Could occur, however not likely > 100 years

6.4     Risk Importance Ranking

The combination of severity and probability is used to determine the importance of a potential risk of the hazard scenario. The risk importance is determined by a risk matrix that assigns a risk importance to each combination of severity probability.

6.4     Recommendations

The team utilizes its knowledge and expertise to make a determination of the level of risk remaining and whether the existing safeguards are considered adequate for the system or process.

If/when considered adequate, no further action is required, however if the safeguards are deemed inadequate for any reason, further action will be required either in the form of additional studies, or additional safeguards or design modifications.


During HAZOP, the Secretary will take charge of recording the HAZOP information in the software. An Excel Spreadsheet (refer to Attachment 3.1) Can be used for recording the HAZOP nodes. However specialist software listed below can be applied as well when so desired.  

 Using a software tool for recording the HAZOP information may have some advantages such as,;

  • Serve as a framework within which the preparation for the review can be structured.
  • May ease the task of recording the meeting minutes, and help to maintain the team's focus and interest.
  • Give speedy access to material useful to the study team, such as previously identified problems, failure rate data, and other such historical information, but only when the HAZOP software has been or can be linked to plant operating data.