Seif El Islam Bouasla
| Youcef Zennir* | EL-Arkam Mechhoud | Manuel Rodriguez
© 2025 The authors. This article is published by IIETA and is licensed under the CC BY 4.0 license (http://creativecommons.org/licenses/by/4.0/).
OPEN ACCESS
This study presents a novel risk assessment approach for crude oil heaters, integrating structured combined methods to enhance safety and reliability. We begin by employing Hazard and Operability Study (HAZOP) to systematically identify potential accident scenarios. To deepen our understanding of system functionality and potential malfunctions, we utilize D-higraphs for functional modelling. Building on the scenarios identified, we apply Fault Tree Analysis (FTA) to estimate root causes and frequencies of failures. Following this, Event Tree Analysis (ETA) allows us to explore the consequences of success or failure of safety barriers. The integration of FTA and ETA culminates in the bowtie method, which effectively illustrates the relationships between hazards, their causes, and the safety measures in place. This structured methodology not only offers a comprehensive risk assessment framework but also enhances the identification and evaluation of safety barriers, making it a unique contribution to existing risk assessment practices.
risk assessment, HAZOP, D-higraph, fault tree, event tree, bowtie, heater
At present, major industrial accidents pose a significant threat to the petrochemical industry, emphasizing the urgent need for effective risk assessment methodologies. With increasing complexity in industrial systems, the potential for catastrophic events has grown, underscoring the necessity of identifying and evaluating risks to safeguard personnel, property, and the environment [1-4]. Traditional risk analysis methods often fall short in addressing the multifaceted nature of modern processes, leading to the emergence of new hazards that can compromise safety [5].
The petrochemical industry, in particular, faces unique challenges due to the nature of the materials handled, high-pressure processes, and the interconnectedness of operations. Incidents such as explosions, fires, and chemical spills can result not only in significant financial losses but also in severe environmental damage and threats to human health. The need for comprehensive risk assessment is therefore critical, as it helps organizations identify potential accident scenarios, estimate their likelihood, and evaluate their consequences.
Historically, various hazard analysis methods have been employed to improve risk prediction capabilities [6]. For instance, HAZOP has been widely used to identify operational deviations and potential hazards. However, the traditional application of HAZOP often requires complementary techniques to address the limitations of its standalone use. FTA has been utilized to trace the root causes of identified risks, while ETA aids in understanding the possible outcomes of failure events, particularly in assessing the effectiveness of safety barriers. Recent studies have demonstrated the effectiveness of integrating multiple risk analysis methods to enhance predictive accuracy. For example, HAZOP and FTA were employed in risk assessments of fuel storage terminals, revealing the benefits of a combined approach in managing risks [7].
Similarly, integrating Failure Mode, Effects, and Criticality Analysis (FMECA) with HAZOP has proven effective in safety evaluations of LNG plants [8]. Other research has automated the integration of FTA, ETA, and HAZOP for hazard analysis, streamlining the process and improving outcomes [9]. Furthermore, the combination of HAZOP and ETA has been explored for operational failure investigation and safety optimization [10], while various methods, including FTA and bowtie modeling, have been applied to different industrial contexts, such as sand-casting operations [11].
Given this backdrop, the main purpose of this study is to conduct a comprehensive risk assessment of a crude oil heater located in a crude distillation unit at the Skikda refinery in Algeria. Our structured approach integrates HAZOP, D-higraph, FTA, ETA, and the bowtie method. By identifying hazards through HAZOP, we can employ D-higraph to model both functional and dysfunctional relationships between processes and their components. FTA will be utilized to consolidate the various causes leading to the consequences identified during HAZOP, while ETA will facilitate the exploration of potential outcomes stemming from the success or failure of safety barriers. The resultant bowtie model will clearly illustrate the interconnections between hazards, their causes, and the corresponding safety measures, ultimately enhancing risk management strategies within the petrochemical sector.
The methodology followed to achieve the objectives of this study is outlined in the following steps, emphasizing the integration of various risk assessment methods to enhance the overall evaluation process:
2.1 Functional description of the studied plant
We begin by providing a comprehensive overview of the crude distillation unit at the Skikda refinery, including its operational processes, equipment, and interconnections. This foundational knowledge is crucial for understanding the specific risks associated with the plant.
2.2 Risk identification
Utilizing the HAZOP method, we systematically identify potential hazards by analyzing deviations from normal operations. Each component and process are examined to uncover possible accident scenarios, ensuring that all relevant risks are documented.
2.3 Functional and dysfunctional modeling
Next, we employ D-higraphs to create functional and dysfunctional models of the system. This step involves mapping out the relationships between various functions and the devices that perform them. By illustrating how components interact, we can better understand where failures might occur, thus providing a clearer context for the identified risks.
2.4 Risk estimation and evaluation
We conduct a FTA to estimate the likelihood of the identified risks and evaluate their potential consequences. FTA helps us trace the root causes of each hazard, enabling a detailed understanding of how different factors contribute to the overall risk profile.
2.5 Event identification and evaluation
Following the FTA, we utilize ETA to examine the various outcomes that may arise from both the success and failure of safety barriers in response to the identified top events from the FTA. This allows us to assess the effectiveness of existing safety measures and identify any gaps in the system.
2.6 Safety barrier identification and evaluation
Finally, we integrate the insights gained from the FTA and ETA into a bowtie model. This model visually represents the relationships between hazards, their causes, and the safety barriers in place. By identifying and evaluating the various safety barriers, we can develop strategies to mitigate risks associated with the identified scenarios. By systematically integrating these methodologies, we create a robust framework for risk assessment that not only identifies hazards but also evaluates their potential impact and the effectiveness of existing safety measures. This comprehensive approach ensures that all relevant aspects of risk management are addressed, enhancing the overall safety and reliability of the crude distillation unit at the Skikda refinery. Methodology steps of the proposed approach are represented in Figure 1.
Figure 1. Methodology steps
A HAZOP study is a highly disciplined procedure that identifies how a process may deviate from its design intent [12]. It is a structured analysis of a system, process, or operation for which detailed design information is available, carried out by a multidisciplinary team. This is done by using a set of guidewords in combination with the system parameters to seek meaningful deviations from the design intention. A meaningful deviation is one that is physically possible—for example, no flow, high pressure. It’s a method used for hazard identification [13]. HAZOP is one of the process hazard analysis techniques [14]. It is a systematic examination of a process or operation [15], the primary purpose of HAZOP study is to identify and evaluate hazards [16]. In addition, recommendations to reduce the probability and consequences of an incident should be offered [17]. D-higraph is a functional modeling technique [12, 18-20]; the key idea of a D-higraph is to capture the functional as well as the structural aspects of process plants [18, 20]. In other words, the aim of a D-higraph model is to gather activity and ontological features of the system modeled in an integrated model [18]. A tool to perform a semi-automatic guided HAZOP study on a process plant is presented. The diagnostic system uses an expert system to predict the behaviour modelled using D-higraphs [19]. D-higraphs is not only the representation of knowledge about process systems. There are a series of causation rules implemented that provides relating two events which allows us to track the evolution and propagation of failures across the system [21]. FTA starts with the event of interest, the top event, such as a hazardous event or equipment failure, and is developed from the top-down; Events that lead to a predefined undesired event (top event) [22]. The fault tree is both a qualitative and a quantitative technique. Qualitatively it is used to identify the individual paths that led to the top event, while quantitatively it is used to estimate the frequency or probability of that event [23]. The FTA is typically applied in the reliability analysis [24-26]. FTA is a graphical design technique [27]. It is concerned with the identification and analysis of conditions and factors that cause the occurrence of a defined top event [23, 28]. FTA is a systematic safety analysis tool that proceeds deductively from the occurrence of an undesired event [29]. It represents basic causes of an unwanted event and estimates the likelihood (probability) as well as the contribution of different causes leading to the top event [30-33]. Event Tree is a logical and graphical description of various combinations of failure events [34, 35]. It is used to develop the consequences of an event [36]. It starts with a particular initial event [37] such as a power failure or pipe rupture and is developed from the bottom-up. The event tree is both a qualitative and a quantitative technique. Qualitatively it is used to identify the individual outcomes of the initial event, while quantitatively it is used to estimate the frequency or probability of each outcome [23, 38-40] to create an event tree, a single event is chosen as the initiating event. Further possible events or system failures are then identified [41]. Bow Tie is a tree approach that has a probabilistic approach to risk management [42, 43]; it is a tool that combines a fault tree and an event tree [42, 44-47]. The central node of the Bow Tie, called the Central Event, generally refers to loss of containment or loss of physical integrity. The left part of the Bow Tie is similar to a Fault Tree seeking to identify the causes of this loss of confinement. The right-hand side of the Bow Tie focuses on determining the consequences of this Central Event just like an event tree. This tool makes it possible to provide an enforced demonstration of good risk control by clearly presenting the action of safety barriers on the course of an accident [42]. Bowtie analyses are usually conducted based on some activity or operation where there is known to be the potential for harm [48]. It provides a concise and accessible graphical summary of complex risk scenarios, and demonstrates relationship between causes and consequences of hazardous events [49].
4.1 Functional description of the studied plant: Crude heater
The studied system (crude heater F-1A) is represented in Figures 2 and 3. Preheated crude is heated and partially vaporized in the Heater F-1A. The heat necessary for its distillation is absorbed in the radiation section. Vaporized fluid comes out from the fired heater, enters the transfer line, and then the flash area of column C1. The heater has eight passes with an individual flow control and low flow cut off. A pass balancer has been added for the heater to achieve uniform coil outlet temperature. The input to pass balancer is the total crude flow to the heater; heater pass flow and heater pass outlet temperature. The flow of crude through each pass is measured and controlled through FIC-2. Low inlet flow alarm is indicated by FAL-2. Inlet side Temperature of each pass is indicated through 2 indicators in each one. The pass balancer then sets the individuals pass flow to achieve uniform outlet temperature.
The outlet has a temperature control, which controls the fuel firing. Crude outlet temperature is indicated and controlled by TI-48, TIC-13. Temperature is controlled through temperature pressure cascade control in burner fuel Gas line. PIC-5 has been installed in the fuel gas line for controlling the crude outlet temperature. The eight coils of each fired heater are equipped with two-two thermocouples TI-24~39 for indicating the surface temperature of the tubes entering the section of radiation and fluid coming from the fired heater. IT has 32 burners capable to be supplied by natural gas or fuel gas of refinery. Each burner has its pilot burner supplied by gas. Gas pressure for pilot burners is controlled and indicated by PCV-1 and PI-37. Total fuel gas entering to the heater is indicated by FI-14. Over-heating coil of low-pressure steam has been installed in the high section of convection zone to improve the heat recovery. LP steam is superheated; it is used as stripping steam at the bottom of column C-1. At outlet of steam line, PSV-1552A has been installed. At the outlet of steam line, heater Steam Desuperheater X-51 has been located. It desuperheats the outgoing steam by injecting MP-BFW to reduce the temperature of steam. The temperature indicators TI-21/22/1501/1502/1503/1504 indicate the temperature of fumes. The pressure indicators PI-1569/1570A/B/C and PI-1752/1567/3 measure the pressure in the heater at various points. The acid gases from Acid Water Stripper overhead Accumulator Drum V-17 are also burnt in the heater by four special burners. Oxygen Analyzer AI-2 has been provided on the stacks of the fired heater to measure the excess air quantity in the heater during burning process.
Figure 2. Diagram of crude heater with BPCS as shown in DCS [50]
Figure 3. Diagram of crude heater with interlocks as shown in DCS [50]
The heater is equipped with a safety instrumented system constituted by interlocks and alarms. They are summarized in Table 1.
Fired heater has been provided with the following utilities:
·Low pressure steam for purge of combustion rooms and for fire smothering
·Medium pressure steam, air and water of services in the spalling and de-coking operations with air and steam of heater coils. The flow rates of steam and air of services are indicated respectively by 10-FI-23~30.
Table 1. Interlocks related to the heater F1/A [50]
|
Interlock |
Actuated by |
Action upon |
|
10-I-1551 |
PALL-4 A/B/C (Fuel gas supply pressure is very low) 2oo3 voting logic |
- Close 10-UV-1552, 10-UV-1561(Fuel gas supply to 10-F-1 A) - Open 10-UV-1563 - Close 10-XX-1 (Acid Gas) - Open dampers (10-F-1A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752(RCO rundown) |
|
PAHH-4 A/B/C (Fuel gas supply pressure is very high) 2oo3 voting logic |
||
|
10-I-1552 |
10-FT-2A-1 to 2H-1 (Typ. For each pass to be actuated by any one of them) |
- Close 10-UV-1552, 10-UV-1561(Fuel gas supply to 10-F-1 A) - Open 10-UV-1563 - Close 10-XX-1 (Acid Gas) - Open dampers (10-F-1A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752(RCO rundown) |
|
10-I-1553 |
10-HS-1551 A/B (To be located at least 15m away from the heater at safe location) |
- Close 10-UV-1552, 10-UV-1561 (Fuel gas supply to 10-F-1A) - Close 10-UV-1551, 10-UV-1560(Pilot gas supply to 10-F-1A) - Open 10-UV-1563, 10-UV-1562 - Close 10-XX-1(Acid Gas) - Open dampers(10-F-1A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752 (RCO rundown) |
|
10-I-1554 |
PAHH-1570 A/B/C (Heater combustion chamber) 2oo3 voting logic |
- Close 10-UV-1552, 10-UV-1561 (Fuel gas supply to 10-F-1A) - Open 10-UV-1563 - Close 10-XX-1(Acid Gas) - Open dampers(10-F-1A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752(RCO rundown) |
|
10-I-1555 |
TAHH-22 A/B/C (Heater combustion chamber) 2oo3 voting logic |
- Close 10-UV-1552, 10-UV-1561 (Fuel gas supply to 10-F-1A) - Open 10-UV-1563 - Close 10-XX-1(Acid Gas) - Open dampers(10-F-1A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752(RCO rundown) |
|
10-I-1556 |
PAH-1567 (High Pressure in the heater flue gas side) |
- Open dampers(10-F-1A) |
|
10-I-1557 |
PALL-1571 A/B/C (Very Low Pressure in Heater Combustion Chamber)2oo3 voting logic |
- Close 10-UV-1552, 10-UV-1561 (Fuel gas supply to 10-F-1 A) - Close 10-UV-1551 10-UV- 1560(Pilot gas supply to 10-F-1 A) - Open 10-UV-1563, 10-UV-1562 - Close 10-XX-1 (Acid Gas) - Open dampers (10-F-1A) |
|
PAHH-1571 A/B/C (Very High Pressure in Heater Combustion Chamber)2oo3 voting logic |
||
|
10-I-1558 |
ZSL-1551 Activated ZSH-1551 Not Activated |
- Close 10-UV-1552, 10-UV-1561 (L’alimentation du gaz combustible) - Open 10-UV-1563 - Close10-XX-1 (Acid gas) |
|
ZSL-1560 Activated ZSH-1560 Not Activated |
- Close 10-UV-1552, 10-UV-1561, (Fuel gas supply to 10-F-1 A) - Open 10-UV-1563 - Close 10-XX-1 (Acid Gas) |
|
|
10-I-1559 |
TAHH-48 (Very High Temperature of Heated Crude) |
- Open 10-UV-1563 - Close 10-UV-1552, 10-UV-1561(Fuel Gas Supply to 10-F-1A) - Close 10-XX-1(Acid Gas) - Open dampers (10-F-1 A) - Open 10-UV-1751(RCO circulation) - Close 10-UV-1752(RCO rundown) |
4.2 Identify risks using HAZOP
HAZOP study leads to identify different accident scenarios resulting from parameters deviations in heater F1-A. It shows causes of each parameter deviation, their consequences, implemented safety barriers and finally, the criticality based on data in Table 2 to compare the acceptance of the resulting events.
Thanks to its global analysis which facilitates the choice of a consequence to be evaluated by using the Fault tree. HAZOP study is represented in Table 3.
Table 2. Risk matrix [51]
|
|
Likelihood |
||||
|
Severity |
0 |
1 |
2 |
3 |
4 |
|
0 |
L |
L |
L |
L |
L |
|
1 |
L |
L |
L |
M |
M |
|
2 |
L |
L |
M |
M |
M |
|
3 |
L |
M |
M |
H |
H |
|
4 |
M |
M |
H |
H |
H |
|
5 |
M |
H |
H |
H |
H |
Table 3. HAZOP analysis related to heater F1-A
|
Déviation |
Causes |
Consequences |
Safeguards |
Criticality |
|||
|
Parameter |
GW |
L |
S |
C |
|||
|
Flow of FG |
No |
Loss of FG pressure in system |
Both heaters shutdown, and about 45min to relight and restart Heater, and about 4 hrs to restore normal operation |
PALL-4 to: - closes double block valves on pilot gas and FG supply - closes UV-1551/1560 and UV-1552/1561 - opens UV-1562/1563 to atmosphere - closes 10- XX1 AWS - opens dampers 10-F-1A/B - opens RCO circulation 10-UV-1751 - closes RCO rundown 10-UV-1752) |
0 |
3 |
L |
|
Flow of Pilot Gas to heater |
More |
PCV-1 stuck open or bypass open |
High pressure of FG to pilot burner, with potential to lift the flame off the burner tip, with potential for flame-out |
- OTP to manage bypass - PAH on PI-37 sounds alarm |
2 |
0 |
L |
|
Less |
PCV-1 fails closed on pilot gas to heater due to spring failure or diaphragm failure |
Inability to maintain main burners pilot in the event of swings in heater demand that may cause FG burners to go out, and significantly delays relighting of main burners. The alternate heater will remain online |
- PAL on PI-37 sounds alarm - PALL on PI-1571 sounds alarm and triggers interlock I-1557
|
2 |
2 |
M |
|
|
UV-1551/1560 fails closed due to loss of IA |
Low pressure in pilot gas system to pilots, and will go out |
- PAL on PI-37 sounds alarm - PALL on PI-1571 sounds alarm and triggers interlock I-1557 |
1 |
2 |
L |
||
|
Pilot burner plugged with solids from piping corrosion |
Low pressure at burner tip, poor firing pattern |
- OTP to observe heater burners and adjust air registers to minimize flame impingement on tubes - filter in the combined FG header fitted with a PDAH alarm |
1 |
2 |
L |
||
|
Flow of FG to Heater |
More |
PV-5 stuck open or bypass open |
High pressure of FG to main burner, with potential to lift the flame off the burner tip, with potential for flame-out |
- OTP to manage bypass - PAH on PIC-5 sounds alarm - TAH on TIC-13 sounds alarm - TAHH on TI-48 sounds alarm - TAH on TI-22 sounds alarm for heating in convection section - TAHH on TI-22 sounds alarm, and activates interlock I-1555 |
2 |
2 |
M |
|
Pressure in fire box will increase due to increased burning |
- PAH on PI-1567 in convection section sounds alarm - PAHH on PI-1570A/B/C - 2oo3 triggers interlock I-1554 |
2 |
3 |
M |
|||
|
Steam temperature will increase due to more heat input |
- TIC-1557 opens TV-1557 to add more MP BFW to control steam outlet temperature - PSV-1552A/B set at 5.5kg/cm2g |
2 |
1 |
L |
|||
|
Less |
PV-5 fails closed due to loss of IA |
Low pressure in FG system to burners, causing flame-out |
- PAL on PIC-5 sounds alarm - PALL on PI-4 sounds alarm and triggers interlock I-1551 |
2 |
2 |
M |
|
|
UV-1552/1561 fails closed due to loss of IA |
Low pressure in FG system to burners, causing flame-out |
- PAL on PIC-5 sounds alarm - PALL on PI-4 sounds alarm and triggers interlock I-1551 |
1 |
2 |
L |
||
|
Flow of crude oil |
More |
FV-2 stuck open or bypass open |
High flow of crude oil will decrease its temperature at heater exit without serious consequences |
|
|
|
|
|
Less |
One of FV-2 fails closed due to loss of IA |
High temperature of crude oil at heater exit will increase pressure in the column |
- FAL on FIC-2 - FALL on FI-2-1 triggers interlock I-1552 - TAH on TIC-13 -TAHH on TI-48 triggers interlock I-1559 |
2 |
2 |
M |
|
|
High temperature of skin points will cause damage to tubes with potential of crude oil leak, with potential of fire |
- FAL on FIC-2 - FALL on FI-2-1 triggers interlock I-1552 - TI-24 to 39 - FY-2-ZBL |
2 |
3 |
M |
|||
|
MP-72 fails causing low backflow |
High temperature of crude oil at heater exit will increase pressure in the column |
- FAL on FIC-2 - FALL on FI-2-1 triggers interlock I-1552 - TAH on TIC-13 -TAHH on TI-48 triggers interlock I-1559 |
2 |
2 |
M |
||
|
High temperature of skin points will cause damage to tubes with potential of crude oil leak, with potential of fire |
- FAL on FIC-2 - FALL on FI-2-1 triggers interlock I-1552 - TI-24 to 39 - FY-2-ZBL |
2 |
3 |
M |
|||
|
Flow of MP BFW |
More |
TV-1567 fails open or bypass open |
Potential for saturated LP steam or even BFW entering Stripper, causing high pressure in Stripper |
TAL on TIC-1567 on MP BFW |
2 |
1 |
L |
|
Less |
TV-1567 stuck closed |
Very high steam temperature to downstream users, with no serious consequences |
|
|
|
|
|
|
Pressure |
More |
One or two stack dampers stuck closed |
Pressure in fire box will increase, with potential for unburned gas and poor flame pattern |
- PAH on PI-1567 sounds alarm - PAHH on PI-1570A/B/C - 2oo3 triggers interlock I-1554 - AAL on AI-2 sounds alarm on low O2 - Dampers are fitted with a minimum stop to avoid jamming closed |
2 |
2 |
M |
|
Less |
One stack damper fails open due to solenoid failure or operator error |
More air into Heater, and Heater outlet temperature will decrease, pressure in fire box will fall, with no serious consequences |
|
|
|
|
|
|
Temperature |
More |
TT-13 or PT-5 fails, causing increased FG firing to Heater |
PV-5 opens wide, increasing FG to burners, and raising COT to > 356 deg C, causing burner flame impingement, high pressure in the fire box, potential for burner flame lift-off, and high stack temperatures |
Diagnostic alarm sounds and valve switches to manual and locks in last position |
2 |
1 |
L |
|
Increased crude oil temperature into Column, causing increased fractionation and require increased pump-around flow to remove heat from Column, with potential to cause thermal cracking in heater, and cause corrosion of carbon steel at column bottoms |
- Diagnostic alarm sounds and valve switches to manual and locks in last position - TAH on TIC-13 sounds alarm - TAHH on TI-48 sounds alarm |
2 |
1 |
L |
|||
|
Less |
One individual heat exchanger in the heat transfer circuit is taken offline for maintenance |
reduce the preheat available by between 7 and 31 deg C, depending on which exchanger is taken out of service |
Heater capacity has been increased by 20% to allow for 10% increase in Throughput Heat exchangers are all fitted with bypasses to allow being taken offline for maintenance work |
2 |
0 |
L |
|
|
TT-13 or PT-5 fails, causing decreased FG firing to Heater |
Less vaporization in Column, resulting in high level in Column bottoms, with light ends being lost to fuel oil, with production impact |
TAL on TI-13 sounds alarm |
2 |
1 |
L |
||
4.3 Functional and dysfunctional modeling
D-higraph presents not only the functionality of the system with its goals and sub goals, but also the relation existing between these functions/goals and the devices that perform/achieve them. The hierarchy of functions/goals is presented in terms of blobs inclusion and the dependences between them in terms of edges connecting the blobs. The D-higraph models the process elements of the system and includes the control system elements such as control loops with their components [52-54]. D-higraph model related to the heater F1-A is represented in Figure 4.
All critical deviations of HAZOP study, their interactions and the relation between them and the existing devices are represented according to the methodology followed by D-higraph in Figure 4; causal trees obtained are shown in Figures 5, 6 and 7. These trees can be directly translated to the variables of the process; they show a logical combination between the deviation and its causes following a descending tree starting with the deviation and finishing with the last causal device. The critical deviations and their causes are:
P: Inc (P1: Inc, P2: Inc); P1: Inc (V2: Inc, I7: Inc, I9: Inc); I9: Inc (I6: Inc, I8: Inc); I6: Inc (I5: Inc, I4: Inc)
T: Inc (P1: Inc, P2: Inc); P1: Inc (V2: Inc, I7: Inc, I9: Inc); I9: Inc (I6: Inc, I8: Inc); I6: Inc (I5: Inc, I4: Inc)
Tp: Inc (F1: Dec, T1; Inc); F1: Dec (V1: Dec, I3: Dec, I2: Dec, I1: Dec).
Figure 4. D-higraph related to the heater F1-A
Figure 5. Causal tree of deviation P: Inc
Figure 6. Causal tree of deviation T: Inc
Figure 7. Causal tree of deviation Tp: Inc
4.4 Estimate and evaluate risks by fault tree
The use of Fault Tree allows us to determine quantitative values concerning the reliability and the failure frequency. The computation of these values depends on the complexity of the studied system. In this paper we used the GRIF software (Graphic Interactivefor Reliability Forecasting) [53], which can calculate different measures including: the unconditional failure intensity w (t) and the unavailability Q (t). To calculate these two measures, it is necessary to use reliability and failure data which are shown in Table 4. The chosen scenario is loss of containment in one pass inside the heater F1-A which is represented in Figure 8.
NB: PFD and SIL of the interlocks I-1552, I-1553 and I-1559 are calculated in a previous stud7 [54]. To calculate the frequency using GRIF we can put the PDF or directly the SIL of the interlock.
Table 4. Reliability and failure data used in GRIF software [54]
|
Item |
l (h-1) Failure Rate |
m (h-1) Repair Rate |
T1 (h) Periodic Test |
b |
PFD |
SIL |
|
PT |
2.8×10-6 |
0.1 |
8760 |
0.1 |
|
|
|
TT |
2.47×10-6 |
0.1 |
8760 |
|
|
|
|
FT |
4.5 × 10-5 |
0.1 |
8760 |
|
|
|
|
PI/TI/FI |
2.8 × 10-6 |
0.1 |
8760 |
0.1 |
|
|
|
PIC/TIC/FIC |
7 × 10-7 |
0.1 |
8760 |
|
|
|
|
PV/FV |
1.14×10-5 |
0.1 |
8760 |
|
|
|
|
Pumps |
6.2 × 10-5 |
0.1 |
8760 |
|
|
|
|
Alarms |
|
|
|
0.1 |
10-3 |
|
|
Human error |
|
|
|
|
10-1 |
|
|
UV |
1.1×10-5 |
0.1 |
8760 |
0.1 |
|
|
|
HS |
1.1× 10-7 |
0.1 |
8760 |
0.1 |
|
|
|
I-1552 |
|
|
|
|
5.6128×10-4 |
3 |
|
I-1553 |
|
|
|
|
7.221×10-4 |
3 |
|
I-1559 |
|
|
|
|
6.171×10-4 |
3 |
Figure 8. Fault tree related to loss of containment in one pass of the heater F1-A
4.5 Identify and evaluate events by event tree
Event Tree is used to identify initiator event consequences after discussing the success and failure of each safety barrier. In our case study, the initiator event is the loss of containment in one pass inside the heater F1-A (Figure 9). To evaluate consequences, GRIF software is used [53].
4.6 Identify different safety barriers
The combination between Fault Tree and Event Tree allows the bowtie diagram to emerge. A bowtie combines a Cause Consequence Diagram and merges it with barriers into a single diagram [41]. To represent the Bow Tie of loss of containment in one pass and identify different barriers, Bow Tie XP is used [55]. It is represented in Figure 10.
System-Theoretic Process Analysis (STPA) has evolved as a strong tool for identifying possible dangers in complex socio-technical systems. However, the manual generation of Unsafe Control Actions (UCAs) in STPA can be time-consuming, uneven, and prone to overlook [6, 56-58].
Figure 9. Event tree related to loss of containment in one pass of the heater F1-A
Figure 10. Bow tie related to loss of containment in one pass of the heater F1-A
According to HAZOP study, it emerges from this analysis that the main deviations that lead to potential (major) accidents may occur in the heater F1-A are:
·High and low pressure of FG
·High temperature in fire box
·High pressure in fire box
·Low flow of crude in one pass
In case of the implemented safety barriers failure, these deviations can lead to catastrophic consequences. They are caused by:
·PCV-1, fails closed, stuck open or bypass open
·PV-5, fails closed, stuck open or bypass open
·FV-2 fails closed
·MP-72 fails
·One or two stack dampers stuck closed
·UV-1551/1552/1560/1561 fails closed
·TIC-13 fails
·PIC-5 fails
·FIC-2 fails
·Coke inside the coils
The use of D-higraph allowed us to capture a functional and dysfunctional model of HAZOP study; this model presented the relation between different elements and the interaction of deviations.
Deviation 1: high pressure in the fire box
This deviation corresponds with the variable “pressure in heater fire box (P)” and HAZOP guide word “more of”. According to D-higraph represented in Figure 3, the causal tree obtained is shown in Figure 4, this tree is a translation of process variables. The pressure in heater fire box (P) is higher than expected could be caused by high pressure of fuel gas (P1: Inc) or high pressure of acid gas (P2: Inc) that feed the burners. The high pressure of fuel gas could be motivated by multiple causes; it could be by opening the valve more than it should be (V2: Inc) and it is caused by high control signal to the valve (I7: Inc), caused by high measured pressure (I9: Inc). The high measured pressure could be caused by high pressure seen in the heater fire box (I8: Inc) or by high temperature control signal to the pressure controller (cascade) (I6: Inc). The increase of temperature control signal is due to high measured temperature (I5: Inc); it could be caused by high temperature seen in the heater fire box (I5: Inc).
Deviation 2: high temperature in the fire box
This deviation corresponds with “temperature in heater fire box (T)” and HAZOP guide word “more of”. According to D-higraph represented in Figure 3, the causal tree obtained is shown in Figure 5. The temperature (T) and pressure (P) in the heater fire box are related to each other, the causes of each deviation are the same and they could be caused by high pressure of fuel gas (P1: Inc) or high pressure of acid gas (P2: Inc).
Deviation 3: high temperature of skin point
This deviation corresponds with “skin point temperature (Tp)” and HAZOP guide word “more of”. According to D-higraph represented in Figure 3, the causal tree obtained is shown in Figure 6. The temperature of skin point is higher than expected could be caused by high temperature of preheated crude (T1: Inc) or by low flow of preheated crude (F1: Dec). This low flow could be caused by opening of the valve less than it should be (V1: Dec) and it is caused by low control signal to the valve (I3: Dec), caused by low measured flow in one pass (I2: Dec), caused by low flow seen in one pass of the heater (I1: Dec). FTA allowed us to determine the causes of the loss of containment in one pass inside the heater F1-A identified by HAZOP method, to evaluate the probability of occurrence and determine the most important components to deal with this consequence.
The implemented barriers to deal with the loss of containment in one pass inside the heater F1-A are:
·Interlocks: I-1552, I-1553 and I-1559
·BPCSs: BPCS-2, BPCS-5 and BPCS-13
·Alarms: FAL-2, PAH-5 and TAH-13
·Human intervention
The loss of containment in one pass inside the heater F1-A leads us to a confined fire in fire box, failure of safety barriers (alarm, operator, smothering valve and PII) can raise the level of risk to conduct to an explosion due to the important increase of pressure inside the fire box in case the safety measures are failed. The bow tie method is used to identify the central dreaded event (loss of containment in one pass inside the heater F1-A), and for this central event we developed the causes using a Fault Tree, then we developed the consequences by an Event Tree, through the identification we highlighted the safety barriers to deal with the potential accidents. To reduce the occurrence frequency of the central dreaded event (loss of containment is one pass inside the heater), preventive safety barriers are used. These preventive safety barriers are shown below:
·Interlocks: I-1552, I-1553 and I-1559
·BPCSs: BPCS-2, BPCS-5 and BPCS-13
·Alarms: FAL-2, PAH-5 and TAH-13
·Human intervention
To reduce the consequences of the central event (loss of containment is one pass inside the heater), protective safety barriers are used. These protective safety barriers are shown below:
·To avoid the confined fire in the fire box:
·Alarm
·Operator intervention
·Smothering vapor injection
·PII
To avoid the explosion due to high pressure in the fire box:
·PAH on PI-1567 (sound alarm)
·PAHH on PI-1570 A/B/C to activate the interlock I-1554
·AAL on AI-2 (sound alarm on low oxygen)
·Explosion hatches
The risk assessment of the crude oil heater F1-A utilized a combination of HAZOP, D-higraph, FTA, and the bowtie method to thoroughly analyze potential deviations and their consequences. This integrated approach facilitated a comprehensive understanding of the system's vulnerabilities and highlighted the interactions between various operational parameters. From the HAZOP analysis, we identified critical deviations that could lead to significant accidents, such as high and low pressures in fuel gas, high temperatures in the firebox, and low flow rates of crude. These deviations not only signal potential operational failures but also underscore the importance of continuous monitoring and effective control measures.
Comparison of Methodologies
One of the primary strengths of this study lies in the integration of different risk assessment methods, which allowed for a multifaceted evaluation of the heater's safety. However, the analysis would benefit from a more explicit comparison of the assessment results yielded by each method. For instance, while HAZOP effectively identifies potential hazards and deviations, FTA enhances our understanding by linking those hazards to specific root causes, enabling a deeper dive into their interrelations. Similarly, the bowtie model provided a visual representation of the relationship between preventive and protective safety barriers surrounding the central event of loss of containment. This model's strength lies in its clarity and simplicity, allowing stakeholders to quickly grasp the implications of various risk factors. However, contrasting the bowtie method’s results with those obtained from traditional FTA or ETA could highlight its unique contributions and limitations. In addition, further exploration of the probabilities assigned to each identified cause through FTA could illuminate the relative significance of various factors contributing to loss of containment. By integrating quantitative data into the qualitative insights derived from HAZOP, a more robust risk profile could be established, facilitating better prioritization of safety measures.
Implications for Safety Management
The findings emphasize the necessity of implementing both preventive and protective safety barriers to mitigate risks associated with the identified deviations. The interlocks, BPCSs, and alarms serve as critical layers of defense, while human intervention remains vital in responding to alarm signals and system failures. The effectiveness of these measures must be continually evaluated and improved, as failure in any of these barriers could lead to catastrophic outcomes. Moreover, the identification of potential causes of loss of containment necessitates a proactive approach to maintenance and monitoring of critical components, such as valves and control systems. Regular testing and updates to these systems can help ensure that they function correctly under various operational conditions, minimizing the risk of accidents.
Potential Limitations of the Study
While the study offers a comprehensive approach to risk assessment using structured combined methods, several limitations should be acknowledged to set realistic expectations for its findings and to guide future research.
1. Limited Evaluation of Safety Barriers: While the study identified various safety barriers, it did not extensively evaluate their effectiveness in preventing or mitigating the consequences of the identified deviations. Understanding the reliability and operational history of these barriers is crucial for assessing their role in risk management.
2. Integration Complexity: The integration of multiple methods (HAZOP, FTA, ETA, and the bowtie model) can be complex and may lead to challenges in interpreting results. Each method has its strengths and limitations, and combining them requires careful consideration to avoid misinterpretation.
Future Research Directions
Future researches should focus on:
·Involving empirical studies or simulations to test the performance of safety barriers under various scenarios.
·Developing standardized protocols for integrating these methodologies to enhance clarity and consistency in risk assessments.
·Expanding this methodology to include more complex scenarios and varying operational conditions, enhancing the robustness of the risk assessment framework. Additionally, the incorporation of real-time data analytics and predictive modeling could refine risk predictions and improve response strategies in dynamic operational environments.
Based on risk assessment methodology using a combination of different hazard analysis methods (HAZOP-D-higraph-FTA-ETA-Bowtie), the following barriers are recommended:
Technical barriers:
·Put back the dumper manual control system in parallel with the automatic system;
·Check the equipment safety integrity level by following another SIL study;
·Study the need to install additional indicators, controllers with a suitable configuration to the system, and no way to neglect regular inspections of this type of important safety components;
·The installation of an automatic valve on the line of smothering steam;
·The construction of an anti-fire wall in front of the smothering steam valve or the removal of this valve far away the heater;
·Joint replacement and overhaul of valves periodically;
·Testing, maintenance and annual calibration.
Human and organizational barriers:
·Provide an effective preventive maintenance program for all equipment;
·Periodic inspection of all equipment including EIPS;
·For a better prevention of human errors, it is necessary to properly train the operators (operation, maintenance, safety, etc.), and improve their HSE knowledge, by raising awareness about the risks associated to heaters;
·Commissioning of maintenance programs on valves with a high probability of failure, and these programs should be augmented by planned inspections to detect failures in advance;
·Respect the basic conditions to comply with the manufacturer recommendations. that means to keep the equipment in a non-degraded state;
·Train the operators and raise the awareness among them;
·Cleaning and lubricating all valves every year and implement a maintenance program for accessories;
·Staff training, performance monitoring of fixed firefighting equipment and firefighters by doing simulation exercises.
This study highlights the effectiveness of using structured combined methods for conducting a comprehensive risk assessment of a crude oil heater. Through the application of HAZOP, we successfully identified various accident scenarios linked to deviations in critical parameters, including high and low pressures in the fire gas, elevated temperatures in the firebox, high pressures within the firebox, and low crude flow rates. To visualize the relationships and interactions among system elements and their deviations, we employed D-higraphs for functional and dysfunctional modeling. A key limitation of traditional HAZOP studies is their inability to effectively combine causes leading to the same scenario. To address this, we incorporated FTA, which enabled us to link and synthesize the different root causes associated with the identified top event: loss of containment in one pass of the crude heater. Following the identification of this critical event, we utilized ETA to explore the potential outcomes resulting from both the success and failure of existing safety barriers. The integration of FTA and ETA culminated in the development of a bowtie model, which provides a clear representation of the actions of safety barriers before and after the occurrence of the central event. This model not only enhances our understanding of risk management but also offers a practical tool for identifying and evaluating safety measures within the system.
Looking ahead, future research could expand on this framework by applying the methodology to other critical components within the petrochemical industry, thereby enhancing its generalizability. Additionally, the incorporation of advanced data analytics and machine learning techniques could further refine risk predictions and improve the effectiveness of safety barrier assessments. This ongoing evolution in risk assessment methodologies will be crucial for advancing safety and minimizing hazards in complex industrial environments.
[1] Guo, C., Khan, F., Imtiaz, S. (2018). Risk assessment of process system considering dependencies. Journal of Loss Prevention in the Process Industries, 55: 204-212. https://doi.org/10.1016/j.jlp.2018.06.014
[2] IEC 31000 standard, Risk management—Principles and guidelines, 1st edition (2009). https://www.iso.org/standard/43170.html.
[3] Bouasla, S., Mechhoud, E., Zennir, Y., Bendib, R., Rodriguez, M. (2023). Evaluation of Safety Instrumented System in a petroleum plant and its impact on the environment. Algerian Journal of environmental science and Technology, 9(1): 2908-2922. https://www.aljest.net/index.php/aljest/article/view/855.
[4] Bouasla, S.E.I., Zennir, Y., Mechhoud, E.A. (2020). Risk analysis using HAZOP-fault tree-event tree methodology case study: Naphta stabilizer-a reflux drum (LPG separation) in RA1K. Algerian Journal of Signals and Systems, 5(2): 98-105. https://doi.org/10.51485/ajss.v5i2.103
[5] Pawlicki, T., Samost, A., Brown, D.W., Manger, R.P., Kim, G.Y., Leveson, N.G. (2016). Application of systems and control theory-based hazard analysis to radiation oncology. Medical Physics, 43(3): 1514-1530. https://doi.org/10.1118/1.4942384
[6] Bensaci, C., Zennir, Y., Pomorski, D., Innal, F., Liu, Y., Tolba, C. (2020). STPA and Bowtie risk analysis study for centralized and hierarchical control architectures comparison. Alexandria Engineering Journal, 59(5): 3799-3816. https://doi.org/10.1016/j.aej.2020.06.036
[7] Fuentes-Bargues, J.L., González-Cruz, M.C., González-Gaya, C., Baixauli-Pérez, M.P. (2017). Risk analysis of a fuel storage terminal using HAZOP and FTA. International Journal of Environmental Research and Public Health, 14(7): 705. https://doi.org/10.3390/ijerph14070705
[8] Giardina, M., Morale, M. (2015). Safety study of an LNG regasification plant using an FMECA and HAZOP integrated methodology. Journal of Loss Prevention in the Process Industries, 35: 35-45. https://doi.org/10.1016/j.jlp.2015.03.013
[9] Kuo, D.H., Hsu, D.S., Chang, C.T. (1997). A prototype for integrating automatic fault tree/event tree/HAZOP analysis. Computers & Chemical Engineering, 21: S923-S928. https://doi.org/10.1016/S0098-1354(97)87620-X
[10] Ramzan, N., Compart, F., Witt, W. (2007). Application of extended HAZOP and event-tree analysis for investigating operational failures and safety optimization of distillation column unit. Process Safety Progress, 26(3): 248-257. https://doi.org/10.1002/prs.10202
[11] Xu, Q., Xu, K., Yao, X., Zhang, J., Wang, B. (2018). Sand casting safety assessment for foundry enterprises: Fault tree analysis, Heinrich accident triangle, HAZOP–LOPA, bow tie model. Royal Society Open Science, 5(10): 180915. http://doi.org/10.1098/rsos.180915
[12] De la Mata, J.L., Rodriguez, M. (2010). Abnormal situation diagnosis using D-higraphs. In Proce. of the 20th European Symposium on Computer Aided Process Engineering (ESCAPE 20), pp. 1477-1482. http://www.aslab.org.
[13] Crawley, F., Tyler, B. (2015). HAZOP: Guide to best practice. Elsevier. Page. 168, ISBN: 9780323394604, eBook ISBN: 9780128035801
[14] Dunjó, J., Fthenakis, V., Vílchez, J.A., Arnaldos, J. (2010). Hazard and operability (HAZOP) analysis: A literature review. Journal of hazardous materials, 173(1-3): 19-32. http://doi.org/10.1016/j.jhazmat.2009.08.076
[15] Macdonald, D., Mackay, S. (2004). Practical HAZOPs: Trips and alarms. https://doi.org/10.1016/B978-0-7506-6274-1.X5000-5
[16] Crawley, F., Preston, M., Tyler, B. (2000). HAZOP: Guide to Best Practice, Guidelines to Best Practice for the Process and Chemical Industries, European Process Safety Centre. Chemical Industries Association &Institution of Chemical Engineers, Rugby, England, IChem.
[17] Anirvinna, C., Ravi, N.V. (2011). An analysis of marketing and consumption trends in Indian oil industry. Indian Journal of Commerce and Management Studies, 2(1): 33-48. https://www.ijcms.in/index.php/ijcms/article/view/28.
[18] Rodriguez, M., Sanz, R. (2009). Development of integrated functional-structural models. Computer Aided Chemical Engineering, 27: 573-578. https://doi.org/10.1016/S1570-7946(09)70316-5
[19] Rodríguez, M., de la Mata, J.L. (2012). Automating HAZOP studies using D-higraphs. Computers & Chemical Engineering, 45: 102-113. https://doi.org/10.1016/j.compchemeng.2012.06.007
[20] de la Mata, J.L., Rodríguez, M. (2012). HAZOP studies using a functional modeling framework. Computer Aided Chemical Engineering, 30: 1038-1042. https://doi.org/10.1016/B978-0-444-59520-1.50066-X
[21] Mechhoud, E.A., Rouaïnia, M., Rodriguez, M. (2016). Functional modeling of a HDPE reactor using dhigraphs for process hazard analysis. In 2016 8th International Conference on Modelling, Identification and Control (ICMIC), pp. 736-741. https://doi.org/10.1109/ICMIC.2016.7804209
[22] Goodman, G.V. (1988). An assessment of coal mine escapeway reliability using fault tree analysis. Mining Science and Technology, 7(2): 205-215. https://doi.org/10.1016/S0167-9031(88)90610-X
[23] Lees, F. (2012). Lees' Loss Prevention in the Process Industries: Hazard Identification, Assessment and Control. Butterworth-Heinemann.
[24] Lin, S., Wang, Y., Jia, L. (2018). System reliability assessment based on failure propagation processes. Complexity, 2018(1): 9502953. https://doi.org/10.1155/2018/9502953
[25] Sihombing, F., Torbol, M. (2018). Parallel fault tree analysis for accurate reliability of complex systems. Structural Safety, 72: 41-53. https://doi.org/10.1016/j.strusafe.2017.12.003
[26] Giraud, L., Galy, B. (2018). Fault tree analysis and risk mitigation strategies for mine hoists. Safety Science, 110: 222-234. https://doi.org/10.1016/j.ssci.2018.08.010
[27] Waghmode, L.Y., Patil, R.B. (2013). An overview of Fault Tree Analysis (FTA) method for reliability analysis. Journal of Engineering Research and Studies, 4(1): 6-8.
[28] IEC 61025 standard, Fault Tree Analysis (FTA), 2nd edition (2006). https://standards.iteh.ai/catalog/standards/sist/46e5ff05-4815-499e-9b05-4bf395d1714d/iec-61025-2006.
[29] Gharahasanlou, A.N., Mokhtarei, A., Khodayarei, A., Ataei, M. (2014). Fault tree analysis of failure cause of crushing plant and mixing bed hall at Khoy cement factory in Iran. Case Studies in Engineering Failure Analysis, 2(1): 33-38. https://doi.org/10.1016/j.csefa.2013.12.006
[30] Vesely, W.,Goldberg, F., Roberts, N., Haasl, D. (1981). Fault Tree Handbook. https://www.nrc.gov/docs/ml1007/.
[31] Fussell, J.B. (1975). A review of fault tree analysis with emphasis on limitations. IFAC Proceedings Volumes, 8(1): 552-557. https://doi.org/10.1016/S1474-6670(17)67596-7
[32] Zhang, Y., Hu, Z. (2021). A systematic approach for analyzing the causes of incidents in complex systems. Reliability Engineering & System Safety, 215: 107868. https://doi:10.1016/j.ress.2021.107868
[33] Kandel, A., Avni, E. (1988). Engineering Risk and Hazard Assessment (Vol. 1). Boca Raton, Florida, USA: CRC Press.
[34] Akyuz, E., Arslan, O., Turan, O. (2020). Application of fuzzy logic to fault tree and event tree analysis of the risk for cargo liquefaction on board ship. Applied Ocean Research, 101: 102238. https://doi.org/10.1016/j.apor.2020.102238
[35] Ferdous, R., Khan, F., Sadiq, R., Amyotte, P., Veitch, B. (2009). Handling data uncertainties in event tree analysis. Process Safety and Environmental Protection, 87(5): 283-292. https://doi.org/10.1016/j.psep.2009.07.003
[36] Ramzali, N., Lavasani, M.R.M., Ghodousi, J. (2015). Safety barriers analysis of offshore drilling system by employing Fuzzy Event Tree Analysis. Safety Science, 78: 49-59. https://doi.org/10.1016/j.ssci.2015.04.004
[37] Hong, E.S., Lee, I.M., Shin, H.S., Nam, S.W., Kong, J.S. (2009). Quantitative risk evaluation based on event tree analysis technique: Application to the design of shield TBM. Tunnelling and Underground Space Technology, 24(3): 269-277. https://doi.org/10.1016/j.tust.2008.09.004
[38] Mouton, A.,Van der Merwe, A. (2022). A framework for qualitative and quantitative risk assessment in safety-critical systems. Safety Science, 147: 105552. https://doi.org/10.1016/j.ssci.2021.105552
[39] Mannan, S., Lees, F.P. (2005). Less’ loss prevention in the process industries. https://doi.org/10.1016/B978-0-7506-7555-0.X5081-6
[40] Ferdous, R., Khan, F., Veitch, B., Amyotte, P.R. (2009). Methodology for computer aided fuzzy fault tree analysis. Process Safety and Environmental Protection, 87(4): 217-226. https://doi.org/10.1016/j.psep.2009.04.004
[41] de Ruijter, A., Guldenmund, F. (2016). The bowtie method: A review. Safety Science, 88: 211-218. https://doi.org/10.1016/j.ssci.2016.03.001
[42] Debray, B., Chaumette, S., Descouriere, S., Trommeter, V. (2006). Méthode d’analyse des risques générés par une installation industrielle Ω-7. Rapport d’étude, No. 46055-CL47569, INERIS-DRA.
[43] Culwick, M.D., Merry, A.F., Clarke, D.M., Taraporewalla, K.J., Gibbs, N.M. (2016). Bow-tie diagrams for risk management in anaesthesia. Anaesthesia and Intensive Care, 44(6): 712-718. https://doi.org/10.1177/0310057X1604400615
[44] Chartres, N., Bero, L. A., & Norris, S. L. (2019). A review of methods used for hazard identification and risk assessment of environmental hazards. Environment international, 123, 231-239. https://doi.org/10.1016/j.envint.2018.11.060
[45] Lees, F. (2012). Lees' Loss Prevention in the Process Industries: Hazard Identification, Assessment and Control. Butterworth-Heinemann.
[46] Tang, Y., Jing, J., Zhang, Z., Yang, Y. (2017). A quantitative risk analysis method for the high hazard mechanical system in petroleum and petrochemical industry. Energies, 11(1): 14. https://doi.org/10.3390/en11010014
[47] Aust, J., Pons, D. (2019). Bowtie methodology for risk analysis of visual borescope inspection during aircraft engine maintenance. Aerospace, 6(10): 110. https://doi.org/10.3390/aerospace6100110
[48] McLeod, R.W., Bowie, P. (2018). Bowtie analysis as a prospective risk assessment technique in primary healthcare. Policy and Practice in Health and Safety, 16(2): 177-193. https://doi.org/10.1080/14773996.2018.1466460
[49] Turner, C., Hamilton, W.I., Ramsden, M. (2017). Bowtie diagrams: A user-friendly risk communication tool. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 231(10): 1088-1097. https://doi.org/10.1177/0954409716675006
[50] Ait Ouffroukh, L., Chaib, R., Ion, V., Khochmane, L. (2018). Analysis of risk and the strengthening of the safety technical barriers: application of Skikda (Algeria) oil refining complex. World Journal of Engineering, 15(1): 99-109. https://doi.org/10.1108/WJE-02-2017-0031
[51] Susanto, N., Azzahra, F., Putra, A.H. (2022). Application of hazard and operability study methods (HAZOP) to asses and control hazard risk in spinning department using at textile industrial. IOP Conference Series: Earth and Environmental Science, 1098(1): 012006). https://doi.org/10.1088/1755-1315/1098/1/012006
[52] Mechhoud, E., Rodríguez, M., Zennir, Y. (2017). Automated depandability analysis of the HDPE Reactor using D-higraphs HAZOP assistant. Algerian Journal of Signals and Systems, 2(4): 255-265. https://doi.org/10.51485/ajss.v2i4.51
[53] GRIF-Workshop. (2020). Graphical interface for reliability forecasting software. http://grif-workshop.com.
[54] Tao, L., Chen, L., Ge, D., Yao, Y., Ruan, F., Wu, J., Yu, J. (2022). An integrated probabilistic risk assessment methodology for maritime transportation of spent nuclear fuel based on event tree and hydrodynamic model. Reliability Engineering & System Safety, 227: 108726. https://doi.org/10.1016/j.ress.2022.108726
[55] Majuno, S., Shaakal, R. (2016). Safety Integrity Level (SIL) Classification Study Report of Crude Distillation. Skikda Refinery.
[56] Zennir, Y., Bensaci, C., Pomorski, D. (2018). A comparative study of STPA hierarchical structures in risk analysis: the case of a complex multi-robot mobile system. In 2nd European Conference on Electrical Engineering and Computer Science (EECS), Bern, Switzerland, p. 6. https://doi.org/10.1109/eecs.2018.00080
[57] Rehail, Y., Zennir, Y. and Tchouar, N. (2024). Application of STPA for comprehensive risk analysis of naphtha explosion hazards: Case study: Column C-63 at Skikda-RA1K refinery. Algerian Journal of Signals and Systems. 9(3): 153-161. https://doi.org/10.51485/ajss.v9i3.225
[58] Yasser, R., Youcef, Z., Noureddine, T. (2025). An integrated approach to safety instrumented system lifecycle management: Risk evaluation and optimization in the petrochemical industry using genetic algorithms. Instrumentation Mesure Métrologie, 24(1): 23-34. https://doi.org/10.18280/i2m.240103
