What is Layer of Protection Analysis (LOPA)?

What is LOPA?

The Layer of Protection Analysis (LOPA) is a semiquantitative tool for analyzing and assessing risk. LOPA can be effectively used at each cycle point of a process or facility. This methodology can be used to identify safeguards that meet the independent protection layer (IPL)

Layer of protection analysis (LOPA) is a special form of event tree analysis, which is optimized for the purpose of determining the frequency of an unwanted event, which can be prevented by one or more protective layers.

The main purpose of LOPA is to ensure that there is an appropriate layer of protection against the accident scenario. Scenarios may require one or more layers of protection depending on the complexity of the process and the severity of a consequence. For the given scenario, only one layer of protection must work to prevent consequence.

LOPA is divided into several steps:

LOPA gives risk analysts a method for evaluating the risk of returning from selected accident scenarios, scenarios usually identified during evaluation of potential qualitative hazards. LOPA is limited to evaluating one cause of consequence as a scenario.

  1. Identify consequence to choose a scenario
  2. Choosing an accident scenario
  3. Identify initiating events from scenarios and set frequency initiating events (event per year)
  4. Identify IPLs and estimate the probability of failure on demand (PFD) from each IPL
  5. Assess risk scenarios mathematically by combining consequence, iniating events, and IPL data
  6. Evaluate the risks to reach a decision regarding the scenario.

What are the main process of LOPA?

  • Record all reference documentation, including hazards analysis documentation, pressure relief valve design and inspection reports, protection layer design documents, etc.

  • Document the deviation of the process and the hazard scenario that the equipment is considering. It is important to focus the team in a specific risk scenario, such as a high pressure that causes the rupture of the pipeline.

  • Identify all of the initiating causes for the process deviation and determine the frequency of each initiating cause. The team should list all initiating causes of the hazard scenario, such as loss of flow control, loss of pressure control, excess reaction, etc.

  • Determine the consequence of the hazard scenario. This evaluation should include an examination of safety, environmental, and economic losses.

  • Once the team understands the frequency and consequences of the potentially hazardous event, a risk matrix is used to determine if the risk is acceptable or if IPL is required for further risk reduction.

  • List the IPLs that can completely mitigate all the listed start causes. IPLs must comply with the requirements of independence, specificity, reliability and auditability.

  • Provide specific implementable recommendations. The recommendations of the LOPA team should be considered as options for implementation.

When is LOPA Used?

LOPA can be used at any time in the life cycle of a project or process, but it is more cost effective when it is implemented during the loading of the front-end when the process flow diagrams are complete and the P & ID are in development.

For existing processes, LOPA must be used during or after the revision or revalidation of HAZOP. The LOPA is generally applied after a qualitative hazard analysis has been completed, which provides the LOPA team with a list of hazard scenarios with a description of the associated consequences and possible safeguards for consideration.

A LOPA program is most successful when a procedure is developed that sets the criteria for when LOPA is used and who is qualified to use it.