Evaluating the Quality of Your PHA Documentation
Process Hazard Analysis (PHA) and Hazard and Operability Studies (HAZOP) are at the foundations of any Process Safety Management (PSM) program. These systematic approaches form the technical basis for understanding risk in your facility, they inform safety investments and operational risk decisions that make your facility safer. However, at RskLess, we often see a recurring problem: a completed PHA report that fails to document the risks and mitigations effectively.
Investigations by the Chemical Safety Board (CSB) consistently show that inadequate documentation and incomplete hazard identification are major contributing factors to industrial incidents. It isn't enough to simply do a PHA; you must ensure the documentation meets a standard that provides a clear, defensible, and actionable roadmap for safety.
Methodology
The PHA documentation must explicitly state which hazard evaluation methodology was employed. CCPS recognizes multiple approved approaches:
HAZOP (Hazard and Operability Study): The most rigorous approach, employing standardized guidewords (NO, MORE, LESS, REVERSE, AS WELL AS, PART OF, OTHER THAN) applied systematically to process parameters (flow, temperature, pressure, composition, etc.).
What-If Analysis: A less structured but valuable approach using team brainstorming with "what if" scenarios.
Checklist Analysis: Systematic evaluation against known hazard categories, particularly useful for simpler processes or facility-wide issues.
FMEA (Failure Modes and Effects Analysis): Component-by-component analysis of failure modes.
Bow-Tie Analysis: Visual representation of hazards, threats, consequences, and barriers that graphically shows relationship between causes and controls.
For HAZOP studies specifically, the documentation must include:
Explicit Guidewords Used: A complete list of the exact guidewords applied (e.g., "NO FLOW, LESS FLOW, MORE FLOW, REVERSE FLOW, etc.").
Parameter Definition: Clear identification of the process parameters analyzed at each node or section (pressure, temperature, level, composition, flow rate, phase, etc.).
Deviation Description: Explicit statement of what each deviation means in the context of that specific parameter (e.g., "NO FLOW means zero or near-zero flow rate relative to design intent").
Many inadequate PHAs fail at this foundational step by not explicitly documenting which guidewords were actually applied, making independent verification of analysis thoroughness impossible.
Assumptions
The PHA documentation must identify all key assumptions employed during the analysis. Deficient assumptions represent a significant gap identified in numerous CSB investigations. Assumptions fall into two categories:
Technical Assumptions: Specifications about equipment, materials, process conditions, or design features that the PHA team took as given (e.g., "Tank is rated for 500 psig maximum," "Relief valve is set to protect at 400 psig," "Raw material purity is minimum 98%")
Procedural Assumptions: Assumptions about how operations will be performed, what procedures will be followed, or how safeguards will be maintained (e.g., "Operators will inspect level gauges daily," "The pressure relief valve will be tested annually")
Critical documentation practice: Each assumption must be validated during Mechanical Completion and Commissioning phases. A particular vulnerability exists with procedural assumptions—if actual operational procedures differ materially from assumptions, the entire hazard scenario evaluation becomes invalid. Mature organizations explicitly track the status of all procedural assumptions through Management of Change (MOC) and maintain an audit log confirming ongoing compliance.
Establishing a Strong Foundation
A high-quality PHA begins with a clearly defined scope. This means explicitly documenting boundary conditions—exactly where the analysis starts and ends—and the process status, whether it's a new design or a periodic revalidation. Without these details, stakeholders may make false assumptions about what has actually been analyzed.
Furthermore, your documentation must be explicit about the methodology used. For HAZOP studies, this includes a complete list of guidewords (like NO, MORE, or LESS) and parameter definitions. Many inadequate PHAs fail because they don't document which guidewords were applied, making it impossible for a third party to verify the thoroughness of the analysis.
The Right Team in the Room
The quality of a PHA is only as good as the team that conducts it. The documentation should record more than just names; it should detail the experience and qualifications of each participant. This demonstrates to regulators that the study was conducted by qualified personnel and helps identify knowledge gaps.
A critical finding from investigations is that the absence of operations personnel with direct unit experience leads to a failure in identifying credible operational vulnerabilities. At RskLess, we emphasize a diverse team structure—including facilitators, engineers, and maintenance representatives—to ensure no scenario is overlooked.
Scenario Development and Credibility
The heart of the PHA is the systematic development of credible process deviation scenarios. For every potential deviation, the documentation must capture the initiating event, the consequence, and any secondary escalations.
Initiating Event/Cause: The specific action, failure, or circumstance that triggers the deviation. Examples include: "Pump seal failure causing loss of flow," "Level transmitter calibration drift resulting in false high level reading," "Operator closes block valve during normal operation," "Improper feedstock composition received." Causes must be credible, given the operating environment, and should consider both technical failures and human actions.
Loss Event/Consequence: The undesired consequence that could result if this scenario propagates. Examples: "Loss of cooling resulting in runaway reaction," "Overpressure in reactor," "Toxic release to atmosphere," "Thermal runaway in batch reactor." The consequence should be the direct, proximal result of the deviation.
Escalation to Secondary Consequences: Many scenarios that would normally be minor can escalate to catastrophic outcomes through domino effects. Documentation should trace this progression (e.g., "Runaway reaction increases pressure → PSV opens → Hot reaction product is vented to atmosphere → Ignition source present → Explosion and facility damage").
One common pitfall is the failure to screen scenarios for credibility. Mature organizations document why certain scenarios are deemed credible or non-credible with technical justification, preventing future confusion and supporting defensibility if an "unlikely" event occurs. Furthermore, a robust PHA doesn't just look at steady-state operations; it must include startup, shutdown, emergency operations, and maintenance modes.
Safeguards and the Reality of Degradation
When identifying safeguards, specificity is king. Documentation should include P&ID tag numbers and explicit statements of the safeguard's function. We also recommend categorizing safeguards as preventive (stopping the event) or mitigative (reducing the consequence).
For each safeguard identified as controlling the identified risk, document:
Safeguard Description: Clear, specific description of the safeguard (e.g., "Relief valve with setpoint of 150 psig" NOT just "Pressure relief"). Include model numbers, tag numbers, or other unique identifiers.
Location Documentation: Reference to P&ID tag number and drawing document number showing the safeguard location within the process
Safeguard Function: Explicit statement of what consequence or deviation is being controlled by this safeguard
Risk Reduction Mechanism: Explain how the safeguard operates to prevent or mitigate the scenario (e.g., "Relieves excess pressure before equipment rupture pressure is reached")
Effective Trigger Conditions: Under what conditions will the safeguard function as intended? (e.g., "Relief valve effective if inlet pressure reaches setpoint" or "Procedure effective only if operator monitors and reads level gauge correctly")
Safeguard Categorization (for mature organizations):
Many advanced PHA programs categorize safeguards by type and function to better understand risk reduction strategy:
Preventive vs. Mitigative
Preventive safeguards prevent the initiating event from occurring or prevent escalation to loss event (e.g., regular maintenance prevents seal failure.
Mitigative safeguards reduce consequence severity once the loss event occurs (e.g., firewall reduces thermal exposure.
Safeguard Type:
Procedural: Operator actions, inspection routines, maintenance activities
Instrumentation: Level gauges, pressure transmitters, temperature indicators, alarms, interlocks
Equipment Design: Relief valves, check valves, rupture disks, vent systems, dikes, and ventilation.
Administrative: Training, qualification requirements, lockout/tagout procedures, design standards
Crucially, "audit-ready" documentation also considers degradation factors. How does corrosion, maintenance delay, or human fatigue affect the reliability of your barriers? If you aren't documenting how these factors are managed, your risk assessment may be based on a best-case scenario that doesn't exist in reality.
Closing the Loop: Recommendations and Tracking
A PHA is only valuable if its recommendations are implemented. Each recommendation needs a unique identifier, a clear link to a specific scenario, and a specific, actionable description.
For each PHA recommendation, document:
Recommendation Number: Unique tracking identifier for the entire facility lifecycle
Scenario Reference: Clear linkage to the specific PHA scenario this recommendation addresses (reference to PHA worksheet row or scenario number)
Risk Being Addressed: Concise statement of what consequence/scenario is being addressed
Recommended Action: Specific, actionable description of the change (e.g., "Install level alarm with audible announcement in control room" NOT "improve level detection")
Technical Basis: Brief explanation of why this action provides risk reduction (e.g., "Provides early warning to prevent overfill and overflow event")
Categories and Classification (mature organizations):
Type: Procedural change, equipment installation, training enhancement, etc.
Preventive vs. Mitigative: Does this prevent the cause or mitigate the consequence?
Hierarchy of Controls: Does this eliminate the hazard, substitute with lower risk, or provide engineering/administrative controls?
Documentation must track these items through their entire lifecycle. Investigations have found that many action items are closed prematurely or without resolution. Robust tracking ensures that if a recommendation is rejected or modified, there is a documented rationale that aligns with regulatory criteria.
Putting it in Action
Thorough, specific PHA documentation serves as the institutional memory of your facility. It is the difference between a reactive culture and a proactive safety program that protects your people and your assets.
Did you know that the PSM experts at RskLess have more than 100 years of combined experience helping clients identify hidden hazards and evaluate PHA quality?
Don't be reckless! Contact RskLess today for a comprehensive evaluation of your PHA/HAZOP documentation to ensure your operations are "Safer than yesterday".
References
Center for Chemical Process Safety (CCPS). (2008). Guidelines for Hazard Evaluation Procedures (3rd ed.). American Institute of Chemical Engineers, New York.
U.S. Chemical Safety Board (CSB). (2020). Reactive Hazards Incident and Recommended Improvements to Process Hazard Analysis Management Systems. CSB Report 2020-05-I-LA.
AIChE. (2025). Developing Credible Scenarios for a PHA. Conference Presentation Series, New York.
Center for Chemical Process Safety (CCPS). (2018). Safety Barrier Degradation and Dynamic Barrier Management. Advanced Process Safety Engineering Publications.
