CHAZOP is an acronym for Control HAZOP/ Computer HAZOP and is the case where the Hazard and Operability Risk assessment technique is used to determine the risk level of a plant’s Control System or Safety System. Most modern plants use some variation of computer based control systems to run themselves. They are known by various names such as Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), Supervisory Control and Data Acquistion Systems (SCADA), Safety Instrumented Systems (SIS). In a typical process plant these systems may be stand alone operating the entire plant by themselves or in combinations, for example a DCS may be the Basic Process Control System plus there might be a SIS for safe shutdown of the plant in case of a problem. Or the DCS may be the control system for the main plant and the auxiliary plants such as boilers, chillers, compressors may be stand alone skid mounted units that have individual PLCs controlling them. A proper risk assessment study such as a HAZOP should also include these systems. But many times they are excluded, due to a false assumption that they rarely fail. However they must also be included in the HAZOP and this kind of HAZOP is referred to as a CHAZOP.
Architecture of Control Systems
As explained earlier plants will have different kinds of systems in various combinations and in various architectures. A careful understanding of these is the first step before one commences the CHAZOP. A typical architecture of an integrated DCS and SIS is shown below. Note that the word integrated does not mean it is the same system, but designed in such a way that the operator sees it as a single system. The safety instrumented system part is different from the ordinary distributed control system part at the controller level. Also the field instruments and devices for both systems are different but the control room operator sees a unified view for convenience.
The CHAZOP Process
A Hazard and Operability Study is concerned about all the deviations that are possible in a node. For more information on HAZOP, including CHAZOP please see this. In the CHAZOP all the possible deviations from normal operation as regards the Control System are evaluated. This could be issues such as screen going blank and operator unable to view process parameters, or an error message that freezes the screen. Then for every such deviation, a mitigation is decided and acted upon plus preventive measures that reduce the possibility of such deviations in the first place, so that mitigations are not needed at all.
Competency and Certification
Obviously an engineer who is just well aware of the process cannot do the CHAZOP unless she/he is also aware and competent enough in the Control System (DCS/SIS/PLC/SCADA) part. So an understanding of the architecture and functionality is essential. Also one must have participated in CHAZOP and HAZOP studies as a team member previously. For those who wish to learn about this please take a look at the Abhisam HAZOP Training course, it includes CHAZOP as well as all the necessary guide words and CHAZOP Worksheets that are essential to carry it out. Also if you pass the associated exam, you can get a Certificate of Competency and also an Electronic Badge, that will demonstrate your competency to the world.
Note that a bad CHAZOP is worse than no CHAZOP at all because it will give upper management a false sense of security, whereas in reality not all risks would have been considered.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Our HAZOP course is the only course on the market that covers everything related to Hazard and Operability Study including topics such as CHAZOP. You can download a fully functional free demo now from here to check it out!
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Cybersecurity and CHAZOP
Since Industrial Cybersecurity is a big issue these days, it has only increased the importance of doing a good CHAZOP. Because all deviations are considered, whether they are random, due to human error or due to malicious software. Thus only a proper CHAZOP can guard against cybersecurity risks to the plant.
CHAZOP Alternatives- FMEDA anyone?
Some safety and reliability professionals believe that a FMEDA (Failure Modes Effects Diagnostic Analysis) of the Control System is a better way to capture all the deviations instead of a CHAZOP. This may be true if you are a manufacturer or vendor of control systems or safety systems and want to get your product certified. However from the end user point of view, a CHAZOP is good enough because it considers all possible deviations that are experienced at the operator level and also the mitigations need not necessarily be part of the same control system. For example, using the principle of diversity, there could be a pneumatic control system with an air supply tank that could shut down the plant in case the main control or safety system completely failed. This could be a CHAZOP level mitigation but it certainly would not be part of the FMEDA study.
Where to learn more about this
Abhisam’s HAZOP E-learning course also includes a section on CHAZOP with all necessary worksheets including guide words, deviations and suggested mitigations. So this would be an excellent starting point to build up your competency.