What is a LOPA?

Written By Nicolas Moreno

LOPA stands for Layer of Protection Analysis which is a collaborative decision-making process using quantified probabilities and explicit tolerable frequencies for specific consequences as the decision criteria for risk acceptance.

LOPA is generally used for higher severity consequence events which have been previously identified through other process hazard analysis (PHA) tools such as a Hazard and Operability (HAZOP) study. The advantage of a LOPA is that it is a semi-quantitative method which helps drive higher quality decisions for severe consequence events when compared to a HAZOP that relies solely upon qualitative information. It uses order of magnitude values to approximate the risk of a scenario.

The process of conducting a LOPA can be broken down into 8 steps as seen below:

Step 1: Determine the IEF

IEF – Initiating Event Frequency. The frequency of the initial cause that can lead to the consequences, as identified in the HAZOP (per year).

Initiating events are generally categorized into three types:

  • External events

  • Equipment failures

  • Human errors.

Step 2: Determine the TEF

Consequence – The worst credible case scenario that could result from the Initiating Event.

The Tolerable Event Frequency (TEF) is a critical term to understand when conducting a LOPA because this explicit value establishes the maximum threshold used as the ultimate decision-making criterion. Companies will usually have pre-established TEF values for specific consequences as part of their risk matrix or company standard to provide consistent risk-based decision criteria within the organization.

Operations within the Energy industry are widely accepted as not being completely risk-free. Therefore, the TEF specifies the risk threshold that a company is willing to accept to achieve a safe and comfortable working environment for their employees while doing so in an efficient and sustainable manner.

If a company does not have an established TEF, the industry standard is based on the Major Industrial Accidents Council of Canada (MIACC) guidelines for acceptable levels of risk. It is recommended for industrial workplaces to apply a 1 in 10,000 chance of fatality per year or less. If this even frequency is met or exceeded for a facility, this means working there is just as safe as driving to work which is a risk that most people are willing to accept.

Step 3: Identify any Enabling Events or Conditional Modifiers & Associated Probabilities

Enabling Event – An event that is not a failure, error, or a protection layer, but instead a situation which must occur simultaneously with a given initiating event to allow the specific cause for a scenario to propagate to a hazardous consequence. It consists of a condition or operating phase that does not directly cause the scenario but must be present or active for the scenario to proceed to a loss event.

Conditional Modifier – Conditional modifiers are normally defined as independent factors of probability of occupancy or probability of injury. They are generally only used when evaluating a consequence that leads to a potential injury or fatality. As most conditional modifiers are circumstantial, they are generally applied at the discretion of the study team. The following are examples of potential conditional modifiers (but are not limited to):

  • Probability of a hazardous atmosphere

  • Probability of ignition

  • Probability of explosion

  • Probability of personnel presence

  • Probability of injury or fatality

  • Probability of equipment damage or other financial impact.

Step 4: Calculate the UEF

UEF – Unmitigated Event Frequency. The frequency of the consequences occurring without any Independent Protection Layers (IPLs) in place.

UEF = Initiating Event Frequency  x  each Enabling Event and Conditional Modifier probability

Step 5: Determine each IPL and its PFD

IPL - Independent Layer of Protection. A safeguard that is independent of the cause and other safeguards that are applied to a scenario and is effective in mitigating the consequences. Must also be auditable to demonstrate effectiveness and reliability.

PFD – Probability of Failure on Demand. The reliability of a safeguard, described by the chance that it will not work when needed. Note that this is only applicable to Low Demand Mode of Operation for an IPL. Low demand is defined as a demand expected to be placed on the IPL to be less than once per year.

Step 6: Calculate the MEF

MEF – Mitigated Event Frequency. The frequency of the consequence occurring with independent layers of protection in place.

MEF = UEF x each IPL’s PFD

Step 7: Calculate the RRF

RRF – Risk Reduction Factor. This is the ratio of the MEF to the TEF.

RRF =  MEF  ÷  TEF

RRF ≤ 1.0 - Risk is acceptable

RRF > 1.0 - Risk is not acceptable

If the RRF is equal to, or less than 1, the risk is deemed acceptable. If the RRF value is greater than 1, the risk is not acceptable and additional layer(s) of protection are required. This can also be referred to as the LOPA Gap (the risk acceptance gap factor between the TEF and MEF).

Step 8: Make Recommendations to Achieve RRF ≤ 1.0

Typically recommendations describe changes in design or to operations required in order to further reduce the risk.

Nicolas Moreno
Previous

What does ALARP mean?
Next

Double Jeopardy in a PHA