This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Barrier Management in the process industries

21 November 2016

The process industries operate with inventories of materials which are often large as well as flammable or toxic; furthermore operation at high temperature and pressure is common. ABB consultant John Martin highlights the importance of identifying how hazards may lead to harm and ensuring barriers are in place to prevent realisation of the hazard and mitigate the consequences.

1.  Identification of hazards

Hazard identification should be initiated at the earliest stage of design and should continue throughout the life of the asset. Failure to identify hazards which pose a threat to the safety of people or the integrity of the environment means that the hazard cannot be managed. Many organisations will also want to understand how hazards may pose a threat to their ability to continue productive operation of the asset.

For many years HAZOP studies have been used within the process industries to identify hazards. Initially intended as a tool to identify and act on hazards during the detailed design phase, hazard study methodology has been expanded into a system which can be used to identify hazards from earliest concept, through design, commissioning, ongoing operation and for modifications. Other structured approaches such as HAZID and PHR (Process Hazard Review) can also be powerful in identifying hazards when used in the correct phase of the asset life.

 Key outputs from any of the structured Risk Review techniques should be:-

*  Identification of hazardous event scenarios;

*  A statement of the potential consequence should the scenario be realised;

*  A summary of the current barriers preventing realisation of the event and mitigating the consequence;

*  The review team’s estimate of the risk given the potential consequence and the existing barriers;

*  A clear statement of any actions for improvement which the review team wish to generate, in order to reduce risks so that they are tolerable and ALARP (As Low As Reasonably Practicable). 

It would be expected that any process with associated significant hazards has an up to date Risk Review based on an appropriate methodology.

Figure 1 - Swiss cheese model diagram
Figure 1 - Swiss cheese model diagram

2.  Barriers preventing and mitigating hazards

The Risk Review should identify the requirement for barriers to protect against or mitigate a hazard and may also consider the effectiveness of those barriers. It is important that any barrier is effective - a tank may have a high level trip but if this does not stop flow on the line filling the tank then the trip will be ineffective. Actions of trips should be accurately and comprehensively recorded on Cause & Effect diagrams. Where a barrier is not a trip, its effectiveness should still be demonstrated and recorded. For some barriers there may be a need to carry out calculations to demonstrate effectiveness - for instance the Piping and Instrumentation (P&ID) may show a relief valve protecting a vessel against excess pressure but only a full calculation will demonstrate that the valve has been sized to offer protection against a particular hazardous scenario. Assuming that the relief valve is adequately sized, when it is not, may be a serious error which could result in catastrophic rupture of equipment.

It is also important to look at the number and nature of barriers protecting against a particular hazard - the ‘Swiss Cheese’ model uses the picture of ‘holes’ in the barriers - the hazard is realised when the ‘holes’ align to allow path from hazard to consequence. The number and diversity of the barriers may give an indication of how likely that path is to be found. There may be many barriers in place but if they all rely on a single individual taking action, then there is an absence of diversity and qualitatively it can be seen that all protection is vulnerable to a single point of failure.

Bow Tie diagrams can also be very powerful to illustrate the number and nature of barriers and also demonstrate which barriers are preventive (prevent realisation of the hazardous event) and which barriers mitigate against realisation of the ultimate consequence once the hazardous event has occurred. This is very useful as the emphasis should, wherever possible, be on preventing the hazardous event occurring - for instance it is clearly preferable to prevent a loss of containment of flammable gas than to rely on measures aimed at preventing ignition once the loss of containment has occurred, such as control of ignition sources or use of water sprays.

If the Bow-Tie diagram shows that there are few barriers preventing a very serious incident or that there is little diversity in those barriers then this may indicate that the protection against realisation of that hazard requires more consideration.

3.  Required barrier integrity

Risk reviews should identify current barriers and may suggest the need for additional barriers. In addition it is necessary to demonstrate that the combination of barriers reduces the risk to a level which is tolerable and ALARP. There are a number of well documented methods for this assessment such as Risk Graph, Layer of Protection Analysis (LOPA) and Quantitative Risk Assessment (QRA). It is important to select a method with the appropriate level of depth and rigour for the problem being considered - the international standard IEC61511 provides examples different methods. For Instrumented Protective Systems the IEC standard also provides a generally recognised framework for assigning and managing integrity levels (for instance SIL 1 will correspond with a Probability of Failure on Demand (PFDavg) of between 0.1 and 0.01).

Once the required barrier integrity has been established then the barrier must be designed to meet this value. In a retrospective study calculations must available or carried out on existing equipment to demonstrate that the required level of integrity is achieved and if this is not the case then appropriate modifications must be installed.

Figure 2 - Bow Tie Diagram
Figure 2 - Bow Tie Diagram

4.  Maintenance of barriers

Barriers must be maintained so that they continue to provide the required level of integrity and must be tested in order to demonstrate that they are effective and meet specific requirements - for instance the closure time for a critical automated isolation valve. Hence a maintenance and testing regime must be fully documented - for a Safety Instrumented system (SIS) system this may form part of a critical maintenance schedule whilst for barriers relying on human intervention then training, procedures and auditing records may be appropriate. It is important that all such records are kept up to date.

5.  Avoid ‘Silo Thinking’

There is always a temptation, particularly in retrospective studies, to short cut the full barrier management process, as it may appear to be complex and time consuming. An example of this would be constructing a testing and maintenance schedule for protective systems without ever going through a systematic exercise to identify and understand the hazards against which these barriers protect. The result may be instrumented protective systems which are not maintained to a standard which will deliver the necessary integrity or a lack effective protection against important hazards.

It is especially likely that this will happen if one person or one discipline oversees the barrier management process without seeking input from other knowledgeable people drawn from a range of disciplines. Starting the barrier management process with a structured hazard identification exercise will be helpful in avoiding such ‘Silo Thinking’ since the study should involve a team drawn from across disciplines and backgrounds and the opinions, experience and knowledge of all participants should be valued inputs into the study. In addition a hazard identification study focusses on the hazards that are present rather than assuming that the current barriers represent sufficient protection and mitigation against the realisation of hazards. Once the hazard identification study is complete then there is a framework for following the barrier management journey through all the necessary steps.


High quality management of barriers is a key safeguard against realisation of hazards and their associated consequences when dealing with high hazard inventories within the process industries. An integrated approach starting with effective hazard identification is required, implementing barriers with performance standards that require up to date records of maintenance and testing. It is important to draw on the knowledge, experience and expertise of all relevant personnel across all relevant disciplines in order to avoid the very real dangers of ‘Silo Thinking’. This process should ideally begin in the design phase for new processes but it is entirely possible to implement an effective barrier management system on an operating facility given a systematic and joined up approach.

Contact Details and Archive...

Print this page | E-mail this page