What is a LOPA?
LOPA stands for Layer of Protection Analysis which is a collaborative decision-making process using quantified probabilities and explicit tolerable frequencies for specific consequences as the decision criteria for risk acceptance.
LOPA is generally used for higher severity consequence events which have been previously identified through other process hazard analysis (PHA) tools such as a Hazard and Operability (HAZOP) study. The advantage of a LOPA is that it is a semi-quantitative method which helps drive higher quality decisions for severe consequence events when compared to a HAZOP that relies solely upon qualitative information. It uses order of magnitude values to approximate the risk of a scenario.
The process of conducting a LOPA can be broken down into 8 steps as seen below:
Step 1: Determine the IEF
IEF – Initiating Event Frequency. The frequency of the initial cause that can lead to the consequences, as identified in the HAZOP (per year).
Initiating events are generally categorized into three types:
External events
Equipment failures
Human errors.
Step 2: Determine the TEF
Consequence – The worst credible case scenario that could result from the Initiating Event.
The Tolerable Event Frequency (TEF) is a critical term to understand when conducting a LOPA because this explicit value establishes the maximum threshold used as the ultimate decision-making criterion. Companies will usually have pre-established TEF values for specific consequences as part of their risk matrix or company standard to provide consistent risk-based decision criteria within the organization.
Operations within the Energy industry are widely accepted as not being completely risk-free. Therefore, the TEF specifies the risk threshold that a company is willing to accept to achieve a safe and comfortable working environment for their employees while doing so in an efficient and sustainable manner.
If a company does not have an established TEF, the industry standard is based on the Major Industrial Accidents Council of Canada (MIACC) guidelines for acceptable levels of risk. It is recommended for industrial workplaces to apply a 1 in 10,000 chance of fatality per year or less. If this even frequency is met or exceeded for a facility, this means working there is just as safe as driving to work which is a risk that most people are willing to accept.
Step 3: Identify any Enabling Events or Conditional Modifiers & Associated Probabilities
Enabling Event – An event that is not a failure, error, or a protection layer, but instead a situation which must occur simultaneously with a given initiating event to allow the specific cause for a scenario to propagate to a hazardous consequence. It consists of a condition or operating phase that does not directly cause the scenario but must be present or active for the scenario to proceed to a loss event.
Conditional Modifier – Conditional modifiers are normally defined as independent factors of probability of occupancy or probability of injury. They are generally only used when evaluating a consequence that leads to a potential injury or fatality. As most conditional modifiers are circumstantial, they are generally applied at the discretion of the study team. The following are examples of potential conditional modifiers (but are not limited to):
Probability of a hazardous atmosphere
Probability of ignition
Probability of explosion
Probability of personnel presence
Probability of injury or fatality
Probability of equipment damage or other financial impact.
Step 4: Calculate the UEF
UEF – Unmitigated Event Frequency. The frequency of the consequences occurring without any Independent Protection Layers (IPLs) in place.
UEF = Initiating Event Frequency x each Enabling Event and Conditional Modifier probability
Step 5: Determine each IPL and its PFD
IPL - Independent Layer of Protection. A safeguard that is independent of the cause and other safeguards that are applied to a scenario and is effective in mitigating the consequences. Must also be auditable to demonstrate effectiveness and reliability.
PFD – Probability of Failure on Demand. The reliability of a safeguard, described by the chance that it will not work when needed. Note that this is only applicable to Low Demand Mode of Operation for an IPL. Low demand is defined as a demand expected to be placed on the IPL to be less than once per year.
Step 6: Calculate the MEF
MEF – Mitigated Event Frequency. The frequency of the consequence occurring with independent layers of protection in place.
MEF = UEF x each IPL’s PFD
Step 7: Calculate the RRF
RRF – Risk Reduction Factor. This is the ratio of the MEF to the TEF.
RRF = MEF ÷ TEF
RRF ≤ 1.0 - Risk is acceptable
RRF > 1.0 - Risk is not acceptable
If the RRF is equal to, or less than 1, the risk is deemed acceptable. If the RRF value is greater than 1, the risk is not acceptable and additional layer(s) of protection are required. This can also be referred to as the LOPA Gap (the risk acceptance gap factor between the TEF and MEF).
Step 8: Make Recommendations to Achieve RRF ≤ 1.0
Typically recommendations describe changes in design or to operations required in order to further reduce the risk.