Transcript HAZOP - University of Colorado Boulder

HAZOP
System Safety: HAZOP and Software HAZOP,
by Felix Redmill, Morris Chudleigh, James
Catmur, John Wiley & Sons, 1999
What is HAZOP?
• Technique for identifying and analyzing the
hazards and operational concerns of a system.
• Central activity – a methodical investigation of
a system description (design representation).
What this presentation does not
cover:
• The book puts a LOT of emphasis on
–
–
–
–
–
–
Selecting the study initiator
Selecting the study leader
Planning the study
Roles during the study
Questions vs. follow-up
Completion criteria
(P.S. It also tells how to conduct the study
itself :-)
Reasonable Limits for this class
• This is a human-intensive activity
• As such, the details on the previous page are
of extreme importance – authors are
experienced and therefore recognize this
• You won’t be able to conduct a HAZOP
study on the basis of these slides
• Goal: Understand what it is – set the bar
higher
Study process itself in a nutshell
Introductions
Presentation of design notation
NO
Examine design methodically one unit at
a time
YES
Is it possible to deviate
Examine both
from design intent
consequences
here?
and causes of the
possible
NO
deviation
Document results
Define follow-up work
Time up?
YES
Agree on documentation
Sign off
Examine design
methodically each unit in turn
• Suppose the design representation is a
collection of state transition tables:
• Units are states, transitions, event/action
pairs
• For EACH, list the recommended attributes
(see table from the Hazop book)
• For each attribute, use the guide words to
trigger the questions about ways to deviate
The suggested guide words
– No: negation of design intention; no part of design
intention is achieved but nothing else happens
– More: Quantitative increase
– Less: Quantitative decrease
– As well as: Qualitative increase where all design
intention is achieved plus additional activity
– Part of: Qualitative decrease where only part of the
design intention is achieved
– Reverse: logical opposite of the intention
– Other than: complete substituion, where no part of the
original intention is achieved but something quite
different happens
When timing matters
• Add the following guide words:
– Early: something happens earlier in time than
intended
– Late: something happens later in time than
intended
– Before: something happens earlier in a
sequence than intended
– After: something happens later in a sequence
than intended
Guide words chosen
• Match the system being examined to
appropriate table or modify the closest
• Match the design representation
• Note: not all guide words apply to all attributes
– For attribute “speed” of an electric motor, omit
guide word “as well as” and “part of”
– For attribute “data flow” on a dfd, “less” is not
used because meaning covered by “part of”
• Generally, study leader selects from the guide
words, provides interpretations based on
chosen design representation and context,
distributes to team in advance of the study
Applications
• Originally developed for chemical plants
• Book has detailed examples for
– Software using data flow diagrams
– Software using state transition diagrams
• Includes timing attributes of response time and
repetition time
–
–
–
–
Software using various OO models
Digital electronics
Communication systems
Electromechanical systems
• Same guide words, different interpretations
See book excerpts
• More detailed outline of the HAZOP
process – Figure 9.2
– For all entities
• For all attributes
–For each guide word
»Is deviation credible?
• Example matrices
Fig 9.2
HAZOP
meeting
process