A HAZOP (Hazard and Operability) study is the most important safety review a process plant will ever undergo. Done well, it finds failure modes that no individual engineer would catch. Done poorly, it’s a box-checking exercise that provides a false sense of security.
I’ve participated in HAZOPs as a process engineer, as a team member, and as a scribe. Here’s what makes the difference between a HAZOP that actually improves plant safety and one that just fills a binder.
What a HAZOP Actually Analyzes
The core of HAZOP is a systematic examination of every pipe, vessel, and equipment item in the plant, asking: “What if this parameter deviates from design intent?” The standard guide words:
– NO / NOT (no flow, no level, no pressure)
– MORE (more flow, more temperature, more pressure, more level)
– LESS (less flow, less temperature, less pressure, less level)
– REVERSE (reverse flow, reverse rotation)
– AS WELL AS (contamination, phase change, additional component)
– PART OF (component missing, concentration too low)
– OTHER THAN (wrong material, unexpected reaction, startup/shutdown)
Each guide word is applied to each node (section of the process) systematically. For each deviation, the team asks: what are the causes? What are the consequences? What safeguards exist? Is the risk acceptable? If not, what additional safeguards are needed?
When to HAZOP (and When Not To)
Design HAZOP. Conducted when the P&IDs are at “issued for design” stage — detailed enough to analyze, still early enough to incorporate changes without major cost. This is the most important HAZOP because it catches problems before anything is built. A change to a P&ID costs hours of engineering time. The same change after construction can cost hundreds of thousands in rework.
Pre-startup HAZOP. A review before commissioning to confirm that all HAZOP recommendations have been closed and no new issues have been introduced during detailed design and construction. This is a verification step, not a re-do of the design HAZOP.
Revalidation HAZOP. Every 5 years (or per local regulation), the HAZOP is revalidated. Has the plant changed? Have incidents occurred? Have standards been updated? The revalidation is usually faster than the original because you’re reviewing changes, not starting from scratch.
A HAZOP is not the right tool for every safety review. For batch processes, a HAZOP works but can be cumbersome — the batch steps and sequences add complexity that the standard guide-word approach doesn’t handle naturally. For simple equipment (a packaged boiler, a standard compressor skid), a checklist or What-If review may be more efficient. For highly complex systems with many interacting control loops, a Layer of Protection Analysis (LOPA) should follow the HAZOP to quantify the reliability of safeguards.
The Team Composition That Makes HAZOP Work
A HAZOP team needs:
HAZOP leader (facilitator). An experienced facilitator who is independent of the project — not the design engineer, not the project manager. The leader’s job is to keep the team moving through the nodes, ensure every deviation is considered, and prevent any one person from dominating the discussion. A good leader asks the right questions and knows when to park a discussion for offline resolution.
Scribe. Records every finding, every recommendation, every action. The scribe is not a secretary — they need enough technical understanding to capture the discussion accurately. A bad scribe produces vague findings (“consider additional safeguards”) that are unactionable. A good scribe produces specific findings (“install a pressure safety valve on V-101 set at 10 barg with discharge to flare header FH-01, because the existing relief path through PCV-101 is not credited as an independent safeguard”).
Process engineer. The person who knows the design intent, the material and energy balances, the control philosophy. This is usually the lead process engineer on the project.
Operations representative. Someone who understands how the plant will actually be operated — startup, shutdown, normal operation, abnormal operation, emergency response. For a new plant, this might be an experienced operator from a similar facility.
Instrument/controls engineer. The control system is a critical part of process safety. The instrument engineer needs to explain how the control loops work, what happens on loss of power or instrument air, and how the safety instrumented system (SIS) is separated from the basic process control system (BPCS).
Mechanical or equipment engineer (optional but recommended for plants with complex rotating equipment or high-pressure systems).
The Common Mistakes That Undermine HAZOP Value
Rushing through nodes. A HAZOP rushing to finish on schedule finds fewer issues. A typical pace is 3–5 P&IDs per day depending on complexity. Faster than that, and the team is skipping deviations. Slower, and you’re into diminishing returns or analysis paralysis. The facilitator needs to manage the pace without sacrificing thoroughness.
Fatigue. HAZOP is mentally exhausting. After 6 hours of systematic deviation analysis, attention drifts. Sessions longer than 6–7 hours produce lower-quality output. If the HAZOP runs multiple days, the schedule should allow for this.
Accepting inadequate safeguards. “Operator will respond to alarm” is not a safeguard unless the team can demonstrate that the operator has time to diagnose the situation, decide on the correct action, and execute it before the hazardous consequence occurs. The human factors analysis (available time vs. required time) should be explicit. If the available response time is less than 10–15 minutes, relying on operator response is questionable. If it’s less than 5 minutes, it’s essentially not a safeguard.
Failing to track actions to closure. A HAZOP generates recommendations. Those recommendations must be assigned to individuals, with due dates, and tracked to completion. The most brilliantly executed HAZOP is worthless if the recommendations sit in a report that nobody reads. Each recommendation should be traceable in the action tracking system, and the project manager should report HAZOP action closure status at every project review meeting.
HAZOP is not a paperwork exercise. It’s a structured method for applying collective engineering judgment to identify things that could go wrong — things that individual engineers, working in their separate disciplines, might miss. The value of a HAZOP is directly proportional to the quality of the team, the thoroughness of the analysis, and the discipline with which recommendations are implemented. Shortchange any of those three, and you’re paying for a safety study without getting the safety benefit. That’s worse than not doing a HAZOP at all — because it gives you something to point to when something goes wrong, even though the HAZOP didn’t actually make the plant safer.