OilAuthority.com

HAZOP: Definition, Study Methodology, and Process Safety Applications

HSE

What Is a HAZOP?

A HAZOP (Hazard and Operability Study) is a structured, team-based process safety technique that uses a systematic set of guide words to identify how deviations from design intent in a process or operation can lead to hazardous events or operability problems — and is the most widely used hazard identification method in the oil and gas industry for pressure vessels, pipelines, separation trains, compression systems, and well control equipment at facilities from wellpads in the Montney to offshore platforms on the Norwegian Continental Shelf.

Key Takeaways

  • HAZOP applies guide words — No/None, More, Less, As Well As, Part Of, Reverse, Other Than — to process parameters (flow, temperature, pressure, level, composition) to systematically generate credible deviations, their causes, consequences, and safeguards at each node of a process system.
  • The output of a HAZOP is a table of deviation-cause-consequence-safeguard combinations with action items assigned to engineers to close identified gaps; the HAZOP report is a living document that must be reviewed when process design changes occur under management of change (MOC) procedures.
  • HAZOP is required or referenced by OSHA Process Safety Management (29 CFR 1910.119) in the US, the Canadian Association of Petroleum Producers (CAPP) process safety management guidance, NOPSEMA Safety Case regulations in Australia, the UK HSE's safety case framework, and Sodir's Acknowledgement of Compliance (AoC) process in Norway.
  • A HAZOP is not a standalone risk tool — it feeds findings into quantitative risk assessment (QRA), bow tie diagrams, and layer of protection analysis (LOPA) to determine whether safeguards are sufficient or whether additional barriers are required to reduce risk to ALARP.
  • HAZOP studies are conducted by a multi-disciplinary team: a trained facilitator, process engineer, instrumentation and control engineer, operations representative, and HSE adviser — each contributing domain knowledge to evaluate whether identified safeguards are genuinely effective under credible worst-case conditions.

How a HAZOP Works

A HAZOP is conducted against a set of Piping and Instrumentation Diagrams (P&IDs) that accurately represent the as-designed or as-built process. The facilitator divides the P&ID into study nodes — sections of pipe or equipment between which the process design intent can be defined. For each node, the team defines the design intention (normal operating conditions: flow, temperature, pressure, composition) and then applies the standard guide words in sequence.

For each guide word applied to each parameter, the team answers three questions: what credible causes could produce this deviation? what are the consequences if it occurs? and what safeguards already exist to prevent the cause or mitigate the consequence? Where safeguards are absent, inadequate, or dependent on a single layer of protection, the team raises an action item assigning a responsible engineer to evaluate further or implement a design change. Typical findings include missing high-high pressure alarms, inadequate check valve placement, relief valve sizing for worst-case blocked-outlet scenarios, and insufficient manual isolation capability for emergency depressurisation.

HAZOP Requirements Across International Jurisdictions

In Canada, CAPP's Process Safety Management guidance (aligned with API RP 750 and API RP 14C for offshore) requires hazard identification studies for all facilities containing flammable or toxic process streams above threshold quantities. In Alberta, AER Directive 071 (Emergency Planning) and AER Directive 056 (Energy Development Applications) reference hazard assessment processes for sour gas facilities; in practice, HAZOP is the tool used to satisfy these requirements at gas plants operated by Pembina Pipeline, TC Energy, and CNRL in the WCSB. The AER does not prescribe HAZOP by name but expects documented hazard assessment at a level of rigour proportionate to the facility's risk profile.

In the United States, OSHA's Process Safety Management standard (29 CFR 1910.119) requires a Process Hazard Analysis (PHA) for facilities handling highly hazardous chemicals above threshold quantities, including H2S, flammable hydrocarbons, and ammonia. HAZOP is one of the listed acceptable PHA methods (alongside What-If, FMEA, and Fault Tree Analysis). API RP 14J (Design and Hazards Analysis for Offshore Production Facilities) and API RP 76 (Contractor Safety Management for Oil and Gas Drilling and Production Operations) reference HAZOP for offshore and onshore facilities. In Norway, Sodir's AoC process requires a QRA supported by systematic hazard identification for all major offshore facilities on the Norwegian Continental Shelf; HAZOP is the standard hazard identification input to those QRAs on Johan Sverdrup, Troll, and Snøhvit. In Australia, NOPSEMA's Safety Case regulations require operators to demonstrate that all major accident events have been identified and that risk has been reduced to ALARP; HAZOP is the accepted industry tool for demonstrating systematic hazard identification in Safety Case submissions. In the Middle East, Saudi Aramco's Engineering Standards (SAES) and ADNOC's HSE management framework require HAZOP for new facilities and for modifications to existing facilities; Saudi Aramco SAES-B-068 specifically addresses process hazard analysis requirements at Abqaiq, Shaybah, and offshore platforms in the Arabian Gulf.

Fast Facts

ICI (Imperial Chemical Industries) developed the HAZOP technique in the 1960s at its Billingham plant in the UK as a systematic alternative to informal design reviews; it was first published as a formal methodology in 1977. The technique spread globally following the Flixborough disaster (1974) and Piper Alpha (1988), which demonstrated that unexamined process deviations could combine with inadequate safeguards to produce catastrophic outcomes — exactly the failure mode HAZOP is designed to prevent.

HAZOP vs. Other Hazard Identification Methods

HAZOP is the most thorough but most time-intensive hazard identification method — a full HAZOP of a complex gas processing plant can require 10 to 20 days of team meeting time plus preparatory and report-writing effort. For simpler systems or early design phases, What-If analysis provides a faster, less structured alternative. FMEA (Failure Mode and Effects Analysis) is preferred for instrumented systems and safety instrumented systems (SIS), where the failure modes of individual components are more important than process deviation pathways. LOPA (Layer of Protection Analysis) is not a hazard identification tool but a consequence-and-safeguard adequacy tool used to evaluate HAZOP findings: for each hazardous scenario, LOPA counts the independent protection layers and determines whether the residual risk frequency meets the tolerable risk criterion (typically 10⁻⁴ to 10⁻⁵ per year for a fatality-level consequence at a staffed facility).

Tip: The quality of a HAZOP depends entirely on the accuracy of the P&IDs reviewed. Before scheduling a HAZOP workshop, verify that the P&IDs represent the as-built condition — not the original design — and that all recent modifications are incorporated. A HAZOP conducted against out-of-date P&IDs will miss hazards introduced by modifications and may provide false assurance. This is particularly critical at older facilities where successive modifications have been implemented under multiple MOC processes without a consolidated P&ID redraw.

HAZOP is also known as:

  • Hazard and Operability Study — the full formal name used in IEC 61882 (the international standard for HAZOP application) and in regulatory submissions
  • PHA — Process Hazard Analysis, the broader category used in OSHA PSM terminology that encompasses HAZOP, What-If, FMEA, and Fault Tree Analysis
  • HAZID — Hazard Identification Study, a less rigorous qualitative precursor to HAZOP used at concept design stage before P&IDs are available; covers major accident scenarios without the systematic guide-word approach

Related terms: bow tie analysis, well control, H2S, blowout preventer, personal protective equipment

Frequently Asked Questions

What is a HAZOP in oil and gas?

A HAZOP is a structured hazard identification study that uses guide words to systematically examine every process deviation at a facility — too much flow, too little pressure, wrong composition — and determine whether existing safeguards are adequate to prevent injury, equipment damage, or environmental release. It is the primary process safety tool used during detailed design, facility modifications, and periodic revalidation of operating plants in upstream, midstream, and downstream oil and gas operations.

What is the difference between a HAZOP and a HAZID?

A HAZID (Hazard Identification Study) is a broader, less rigorous qualitative review conducted at concept or early design stage to identify major accident hazard categories. A HAZOP is a systematic, node-by-node, guide-word-driven examination conducted against detailed P&IDs. HAZID identifies that a flash fire hazard exists; HAZOP identifies the specific process deviations that could cause a hydrocarbon release at each piece of equipment, the safeguards that prevent ignition, and the actions needed to make those safeguards adequate.

When must a HAZOP be redone?

HAZOP revalidation is required when: significant process modifications are made (triggering a MOC review); operating conditions change beyond the original HAZOP envelope; the facility changes ownership; the original HAZOP is more than 5 years old (per industry best practice and some regulatory frameworks); or an incident occurs that indicates a deviation not previously identified. OSHA PSM requires PHA revalidation at least every 5 years for covered facilities in the US.

Why HAZOP Matters in Oil and Gas

HAZOP is the engineering discipline's primary tool for asking "what could go wrong?" before an incident answers the question instead. In an industry where a single process deviation — a valve left open, a check valve installed backwards, a high-pressure gas line inadequately isolated — can initiate a loss of containment that ignites into a flash fire or explodes into a vapour cloud, systematic hazard identification is not optional. The Piper Alpha disaster (1988), which killed 167 workers and which triggered the modern offshore safety case regime in the UK and Norway, was caused by multiple deviations from design intent — precisely the category of failure HAZOP is designed to surface. Every AER-regulated gas plant in Alberta, every NOPSEMA-regulated offshore platform in Australia, and every Sodir-monitored facility on the Norwegian Continental Shelf relies on HAZOP studies to demonstrate that its major accident hazards have been identified and its barriers are adequate before operations begin.

Browse the Oil and Gas Glossary