Layers of Protection Analysis (LOPA): Importance, Methodology, and Application in Hazardous Scenario
Updated: Oct 2, 2023
In this article:
Layers of Protection Analysis (LOPA) is a semi-quantitative risk analysis method which assesses the adequacy of Independent Protection Layers (IPL) to protect against a hazardous event. LOPA involves defining the ultimate consequences of a hazardous event and their Target Risk, the Initiating Events (IEs) which lead to the event, the IPLs which prevent its consequences and the Conditional Modifiers (CMs) impacting their frequency. This is done in multi-disciplinary sessions.
In short, the LOPA methodology allows building a simplified risk analysis model to calculate the frequency of the undesired consequence of a hazardous event and understand the variables which contribute to it.
The goal of LOPA is to calculate the risk associated to an event in a cost and resource effective manner, to determine whether a predefined tolerable risk is achieved. If a "risk gap" is identified, a new Independent Protection Layer is introduced or the existing ones improved.
In this article, we will explore what LOPA is, how it works, and why it is an essential tool for risk management.
The Layers of Protection Analysis Methodology
LOPA involves:
1. Select a Hazardous Scenario and Define its Consequences
First, the hazardous scenario which is being analysed and its consequences (disregarding all layers of protection) must be clearly defined. Once these are understood, the Target Risk can be selected based on the country's or organisation's tolerability criteria.
It is extremely important that a Process Hazard Analysis (PHA), such as a Hazard and Operability study (HAZOP) is performed before the LOPA. The PHA should clearly define the hazardous events to be reviewed in LOPA, along with any undesired consequence.
2. Identify Initiating Events and their Frequencies
IEs which could lead to the hazardous event must be identified; ideally, this is done prior to LOPA, during a PHA. The Initiating Event Frequency (IEF) is estimated for each IE. This can be done using:
Operating experience from the site or organization;
Industry databases and best practices;
Engineering judgment of the team.
3. Establish Independent Protection Layers
IPLs are then identified for each IE. An IPL is a device, system, or action which can prevent a hazardous scenario from developing to its undesired consequence, and which is also independent of the IE and the other layers of protection associated with the scenario.
It is important to clarify that IPLs in a LOPA study are different from safeguards in PHA. Although all IPLs are safeguards, not all safeguards are IPLs as they may not achieve the following requirements (as defined in IEC 61511):
Effectiveness: An IPL is designed, installed, operated, and maintained so that it reduces the identified risk by at least a factor of 10.
Specificity: An IPL is designed to prevent or mitigate the consequences of one potentially hazardous event. Multiple causes may lead to the same hazardous event, and therefore multiple event scenarios may initiate action by an IPL.
Independence: An IPL is independent of other protection layers if it can be demonstrated that there is no potential for common cause or common mode failure with any other claimed IPL or the initiating event.
Dependability: An IPL can be counted on to do what it was designed to do by addressing both random failures and systematic failures during its design.
Auditability: A protection layer is designed to facilitate regular validation of the protective functions. Figure 3 shows a safeguarding strategy for a process; it is clear that although all of the layers shown are necessary, not all of them should be considered as providing a quantifiable reduction of risk.
One of the key aspects of LOPA is ensuring sufficient independence between protection layers and IEs in order to achieve the IPL requirements. Figure 2 presents a simple diagram to aid in this regard.
4. Identify CMs
The next step is defining Conditional Modifiers (CMs). These are factors which have an impact on the risk associated to the scenario, but which are not engineered devices. Typical CMs are the potential presence of personnel in a restricted area when a hazardous event occurs (occupancy), or the probability of ignition upon release of a flammable material.
5. Calculate the Total Mitigated Event Frequency
Once all the pieces are in place it is possible to calculate the Total Mitigated Event Frequency (TMEF) of the hazardous scenario. This is done by calculating the frequency for each IE by multiplying the IEF by the Probability of Failure on Demand (PFD) of each IPL and probability of each CM and adding the results for all IEs.
6. Evaluate Risk Acceptability
The calculated TMEF is compared to the Target Risk to determine if risk is acceptable or if there is a gap and how much risk reduction is required.
7. Implement Risk Reduction Measures
Finally, if a risk gap has been identified, actions are raised to further reduce risk. This could require further risk assessment using fully quantitative techniques (such as QRA).
The Importance of LOPA
LOPA is an essential tool for risk management in the process industries, as it helps understanding the risk associated to a hazardous scenario and whether risk reduction for each layer of protection is adequate. It provides a structured approach to risk assessment and management, ensuring all relevant hazards are adequately evaluated, and a balanced safeguarding strategy achieved.
A well recorded Layer of Protection Analysis is extremely useful to help organizations prioritize their resources by focusing on the most critical layers of protection. Since LOPA shows which protection layers are regarded as providing significant risk reduction, it can be used to develop a register of Safety Critical Elements (SCEs) which may require a specialised maintenance and testing strategy.
LOPA and Functional Safety
LOPA can serve as the bridge connecting Process Safety to Functional Safety. Although hazardous scenarios, their causes, consequences and safeguards are defined during Process Hazard Analysis, it is in LOPA where further detail can be added and the risk associated to the hazards can be understood. Because of this, LOPA is an ideal tool to identify which Safety Functions are critical for risk reduction and should have a higher Integrity Level. It is also a very powerful tool for defining the role of Safety Instrumented Systems (SIS) in the safeguarding strategy of a process.
This is why LOPA is one of the main methods used for Safety Integrity Level (SIL) determination, as it allows understanding many of the factors which impact the SIL of Safety Instrumented Functions (SIFs) and, being semi-quantitative, allows estimating the demand rate on the SIF, as well as a precise PFD requirement, rather than just providing a SIL band for the SIF.
LOPA Applicability
The LOPA methodology is suitable for process safety scenarios occurring due to clear failure modes, such as random equipment failure or human error, and where risk reduction is achieved through conventional means (SIFs, relief devices, etc.). LOPA is not suited for scenarios related to occupational safety or external events (e.g., mechanical impacts or dropped objects).
It is also necessary to say that care must be exercised when using a mitigative layer of protection in LOPA, as it is difficult to estimate the effectiveness of such barriers.
Due to its flexibility LOPA can be applied to any process in which hazardous materials or conditions are present. It is ideal for industries such as oil & gas, chemical production, pharmaceuticals, biocontainment, etc. However, it can also be used in other applications such as renewable energies and transportation.
Conclusion
LOPA is a powerful risk management tool that helps identify and better understanding each layer of protection necessary to prevent hazardous events. It provides a structured approach to risk management and helps organizations during the decision making process to prioritize their resources effectively. By using LOPA organizations can improve their understanding of the risks associated to their operation and therefore, improve their safety management systems, while complying with the best current industry practices.
Are you eager to unlock the full benefits of optimal protection analysis?
ORS's has the ideal expertise to provide you with world-class services tailored for your organization's needs. Do not hesitate to contact us today to explore the full range of services offered by ORS Consulting.