Skip to content

Interface Hazards Analysis

November 12, 2013


A hazards analysis (a qualitative fault tree) was carried out at a large electrical power plant. The facility used both sulfuric acid and ammonia in its emissions control systems. The two chemicals were stored in tanks as shown in the plan view sketch above. The tanks were of roughly the same size and had identical blank flange connections for the delivery trucks. As can be seen from the sketch, the loading lines crossed.

The hazards of this system are so obvious as not to merit discussion. But the real take-away was not the hazard itself but the fact that the analysis team did not include representatives from the chemical supply companies. The team was made up entirely of employees of the power plant.

Another large facility used small quantities of pure oxygen. The oxygen, in liquid form, was delivered every four weeks or so by truck and stored in a small tank. The facility had suffered a very bad explosion so a series of intensive hazards analyses were conducted as part of the rebuild process. The dangers associated with the use of pure oxygen and were thoroughly discussed. And then someone suggested that a representative from the oxygen supply company be invited to join the team for an hour or so. That was agreed upon. A representative showed up and a useful discussion took place. But the real lesson was the attitude of the chemical company employee: it turned out that his company was equally concerned about the hazards of the process — particularly “reverse flow” to from the process to the truck. They very much welcomed the opportunity to share their concerns and to be involved in a systems discussion.

Offshore Hubs

Although the above examples are very simple interface issues can be much more complex. For example, it is common for offshore oil platforms to use a hub system for groups of platforms. Each platform sends its oil and gas along undersea pipelines to a central hub platform. At the hub the various streams are mixed, some processing is carried out (for example the addition of glycol to prevent hydrate formation) and the combined streams are then pumped along a single pipeline to the beach.

Risers-1To further complicate matters the platforms and pipelines may be owned and operated by different companies. Each company may have conducted its own hazards analysis but may not have properly communicated with the others. Yet it is the hazards at the interface that can create problems.

One large offshore oil production facility, for example, pumped oil from its offshore platforms to a processing plant on the beach. An operator at the onshore plant was carrying out a routine pigging operation. He inadvertently misaligned the valves around a pig trap and caused a high pressure surge back along one of the lines coming from offshore. This mishap had no significant effect on the onshore operation but the pressure surged to other platforms and shut them down. In the end, many millions of dollars of production were lost and the company was lucky not to have had a safety or environmental incident. The follow-up investigation showed that a hazards analysis had been carried out on each of the platforms and on the onshore facility, but not on the connections between them.

Interface issues that could occur in such systems include the following.

  • During an emergency Company A plans on closing a particular valve but Company B expects it to remain open.
  • Company C changes a material of construction. The proper Management of Change process is followed, but the other companies are not told about the change and how it may affect them.
  • Company D uses different SIL (safety integrity level) targets from the other companies.
  • An operator on Unit A can shut down equipment on Unit E; is that acceptable?


SIMOPsThe offshore oil and gas industry manages interfaces in one area very well, and that is Simultaneous Operations (SIMOPs). The photograph to the left shows the large number of vessels that were involved in handling the Macondo spill. A high level of coordination was needed to ensure that they did not interfere with one another and create an incident.

Interface Hazards Analysis

In order to address interface issues it is suggested that an Interface Hazards Analysis (IHA) be carried out between all the parties involved with a facility’s operation. Two ways of doing this are discussed below.


The first approach is to recognize that a process is made up of a set of connected “black boxes”. On a refinery, for example, the boxes will usually be the major operating sections such as the cat cracker, the tank farm and the boiler house. Each of these boxes is part of a larger system. It is likely that each individual black box will have been analyzed using the HAZOP (Hazard and Operability) method, in which a series of deviation guidewords such as “High Pressure” or “Wrong Composition” are discussed. The IHA uses the same approach – each box is like a node in a HAZOP.

The sketch below shows a system of four operating units, each of which can be connected to each of the others in some manner (there happens to be no link between Block 2 and Block 4). All the arrows are two-way meaning that connectivity problems can flow in either direction.

For a system containing N blocks, the total number of connections is 2 * (N – 1)! (The number ‘2’ represents the fact that each connection is two-way. ) Therefore, in this simple example, the total number of potential interfaces is (2 * 3!), which is 10 (if the missing connection between ‘2’ and ‘4’ is considered.)

The IHA team consists of representatives from the four Units. Each representative brings with them the internal HAZOP with all the interface connections highlighted. The team then conducts a ‘What-If’ discussion. However the team members are not permitted to discuss hazards within the boxes — only the interface issues.

Some of the questions that the team can raise are:

  • What if the flow in the line from ‘3’ to ‘1’  is suddenly stopped?
  • What does ‘3’ do if ‘4’ has a fire?
  • What if ‘1’ has a total power failure?
  • What if the prestartup review systems are not integrated?

Elements of SEMS

Another way of structuring an IHA is to identify those elements of Process Safety Management that need to be discussed by the organizations involved. For example, about three months after the Deepwater Horizon explosion the Mariner platform in the Gulf of Mexico platform caught on fire. Although no one was injured the damage was severe. At the time of the incident the platform was not in production. However, a team of painters was on board. Had the operator and the painting contractor conducted an IHA they could have used the elements of SEMS (Safety and Environmental Management System) listed below to structure their discussion.

  1. Safety and Environmental Information
  2. Hazards Analysis
  3. Operating Procedures
  4. Training
  5. Pre-Startup Review
  6. Assurance of Quality and Mechanical Integrity of Equipment
  7. Safe Work Practices
  8. Management of Change
  9. Investigation of Incidents
  10. Emergency Response and Control
  11. Audit of Safety and Environmental Management Program Elements
  12. Records and Documentation Safety Meetings

The IHA would discuss Safety and Environmental Information because the painters were bringing on board potentially toxic and flammable chemicals that may be new to the platform management. At the very minimum the painter should provide the MSDS for these chemicals. However, the IHA would not need to consider Operating Procedures or Investigation of Incidents – these are outside the painting company’s scope of work.

The Tanks


This discussion started with the acid/ammonia tanks. In the end, not only did the facility management decide to put special connections on the loading line of each truck so that the wrong hose could not be attached — they decided to move one of the tanks to the other side of the facility so that the two types of truck were in different locations.


From → Risk Management

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: