LAYER OF PROTECTION ANALYSIS (LOPA)
What is LOPA?
Process hazard analysis or HAZOP teams often are required to use engineering judgment to decide if additional safeguards are needed to protect against accident scenarios they identify. By nature of the study this is subjective which can lead to disagreements and perhaps inappropriate measures to reduce risk. With particular regard to high risk scenarios, a more rational and objective approach is needed, at least when considering risk remediation measures for identified high risk scenarios. Layers of Protection Analysis (LOPA) was developed for this purpose, where it is used to identify if there is a shortfall in meeting a predetermined dangerous failure target frequency. LOPA provides companies with a systematic approach to producing and documenting a credible documented basis of safety which can demonstrate a safety management lifecycle approach. In particular with regard to specifying the required integrity level of safety instrumented systems.
LOPA provides an objective, rational and reproducible method of evaluating a hazardous event and comparing it with risk tolerance criteria to decide if existing safeguards are adequate, and if additional safeguards are needed. LOPA can be viewed as an extension of PHA/HAZOP which may be employed to drive risk based decision making, be it in terms of capital investment or indeed to drive risk based inspection programmes. This structured methodology enables a demonstration of risk reduction to levels regarded ‘as low as reasonably practicable’ (ALARP) and forms a component assessment within an overarching process safety management system; it also is used to demonstrate compliance with IEC standards 61508/61511.
Lawlor Technology facilitates LOPA studies for clients, assisting decide which safeguards or protection layers can be considered by the LOPA and also in determining their failure probabilities.
LOPA is often applied after a PHA/HAZOP has been performed. Typically, high risk scenarios are first identified for consideration. Then Individual hazard scenarios, defined by cause-consequence pairs, are analyzed in detail. LOPA considers safeguards which are Independent Protection Layers (IPLs), defined as those whose failure is independent of any other failures involved in the initiating risk/scenario.
A key part of LOPA is the determination of the Safety Integrity Level (SIL) provided by the IPLs involved in the scenario. The SIL is usually defined as a Probability of Failure on Demand (PFD). These SIL’s are used in LOPA to assess scenario risk and compare it with risk tolerance criteria to decide if existing safeguards are adequate, and if additional safeguards are needed.