Preliminary Hazard Analysis: A Step-by-Step Guide

1) Clarify the objective, scope, and success criteria before you invite anyone

Purpose: Prevent scope creep and make sure the PHA actually answers a business-relevant safety question (not “boil the ocean”).

Prepare: A one-page “PHA Charter” that states: system/process in scope, boundaries (what’s in/out), lifecycle phases considered (construction, start-up, normal ops, maintenance, shutdown, emergency), and a definition of “done” (e.g., top 20 hazards prioritized with owners in two hours).

In the room: Say what this PHA is (early, high-level) and what it is not (it won’t replace later HAZOP/FMEA). Agree success criteria and the risk matrix you’ll use.

Outputs: Signed-off charter, risk criteria (severity/likelihood scales), agenda, and a parking lot for out-of-scope topics. This aligns with good risk-management practice: early hazard identification sets up deeper analyses later (e.g., HAZOP, FMEA).

2) Assemble a multidisciplinary team and schedule a focused, time-boxed workshop

Purpose: Avoid blind spots by mixing design, operations, maintenance, controls/instrumentation, HSE, and someone who actually does the job.

Prepare: Confirm roles: Facilitator (keeps pace and structure), Scribe (live-captures in the PHA table), SMEs (process, mechanical, E&I, software/automation, operators, contractors), Decision owner (to approve actions).

In the room: Use introductions to surface tacit knowledge (“What keeps you up at night about this system?”). Keep the group to 6–10 people for speed. OSHA emphasizes that PHA is a team activity at the heart of Process Safety Management.

Outputs: Attendance list, defined roles, session schedule (with breaks), and ground rules (plain language, no blame, timeboxing).

3) Gather “process/safety information” and visuals so people can reason quickly

Purpose: Better inputs → better hazards. You can’t analyze what you can’t picture.

Prepare: Current PFDs/P&IDs or block diagrams, piping specs, control narratives, layouts, SDS for chemicals, equipment lists, design bases, interlock summaries, operating envelopes, sample procedures, and any incident/near-miss summaries.

In the room: Pin big prints to the wall or share on a large screen. Confirm everyone is looking at the current revisions. For PSM-covered processes, OSHA requires process safety information to support the PHA.

Outputs: A shared packet (hard copy or digital) that becomes the appendix to your PHA report.

4) Map boundaries and operating modes (including abnormal and emergency)

Purpose: Hazards often live at the edges—during start-up, shutdown, maintenance, or emergency operations.

Prepare: A simple “system context” drawing: what feeds the system, what it feeds, utilities, interfaces, human–machine touchpoints.

In the room: Walk the group through: commissioning, normal, turndown, cleaning/maintenance, temporary bypasses, startup/shutdown, loss of utility, emergency response. Include external events (power dips, floods, security breaches).

Outputs: A one-slide lifecycle map; a checklist of modes you will explicitly test in brainstorming.

5) Choose PHA techniques appropriate to the maturity and time available

Purpose: Keep it light and fast—but structured.

Prepare: For a preliminary pass, combine What-If brainstorming (e.g., “What if cooling water is lost?”) with a short Checklist of common hazard triggers (overpressure, loss of containment, mis-operation, valve position errors, instrument failure, maintenance error). These two simple methods are widely recognized in process safety practice and slot neatly before deeper studies like HAZOP or FMEA.

In the room: Explain the prompt style you’ll use (What-If guidewords + checklist) and your risk rating approach.

Outputs: A simple templated table ready for live capture (columns shown in Step 9).

6) Identify hazards by energy and by task—don’t forget human factors

Purpose: Surface hazards comprehensively and quickly.

Prepare: Two complementary lenses:

• Energy lens: Chemical, pressure, kinetic, potential, thermal, electrical, radiation—“where can harmful energy be released or uncontrolled?”

• Task lens: Receiving, charging, mixing, heating, transferring, sampling, start-up, isolation/lockout, confined space, lifting.

Add human factors prompts: Alarms, workload, handover, procedures, labeling, ergonomics, slips/lapses. For machinery, ISO 12100’s categories help structure hazard ID and risk reduction thinking.

In the room: Rapid round-robin What-Ifs using your operating modes: “What if pump A trips during start-up?”, “What if a manual valve is left closed after maintenance?” Capture each as a discrete line item.

Outputs: A raw list of credible hazard scenarios ready for evaluation.

7) Describe credible causes and initiating events for each hazard

Purpose: A hazard without a plausible cause wastes attention; a cause without a hazard lacks consequence.

Prepare: Prime the team with typical initiators: equipment failure (seal, gasket, rupture), control failure (sensor, logic, valve), utility failure (air, cooling), human error (commissioning steps skipped), external events (vehicle impact, weather).

In the room: For each hazard, force one level deeper: “What makes that happen here?” If the cause is vague (“operator error”), replace with a specific slip/lapse/violation (e.g., “isolation step omitted due to unreadable tag”).

Outputs: Each hazard line now has a clear initiating event or cause chain, which will later inform safeguards and actions.

8) State the worst credible consequence in plain language

Purpose: Set severity correctly so risk prioritization is meaningful.

Prepare: A severity scale the team understands (e.g., Catastrophic: multiple fatalities; Major: single fatality/permanent disability; Serious: lost-time injury; Minor: first-aid; Negligible: no injury). Include environmental, asset, quality, and business impacts if relevant.

In the room: Ask, “If no safeguards worked, what’s the worst credible result of this cause?” Keep it short and specific (e.g., “Vapor cloud explosion affecting control room”).

Outputs: A filled “Consequence” and “Severity” for each line.

9) Identify existing safeguards and estimate the likelihood given those safeguards

Purpose: You can’t judge risk without knowing protections already in place.

Prepare: Examples of safeguards: inherently safer design (low inventory), engineered controls (PRV, interlocks, double-block-and-bleed), detection (gas/leak), administrative controls (permit to work, procedures), training/competency, and physical protection (blast walls, dikes).

In the room: List only independent and effective safeguards. Then estimate Likelihood qualitatively (e.g., Frequent / Occasional / Remote / Rare) considering those safeguards. Be honest about nuisance trips, bypass culture, or alarm floods that erode effectiveness.

Outputs: “Existing safeguards” + “Likelihood” columns complete. (PHA, as a team review of “what could go wrong and what safeguards must be implemented,” is the core of OSHA’s PSM approach.)

10) Evaluate risk using your matrix and prioritize the top hazards

Purpose: Focus limited resources where they reduce the most risk.

Prepare: A 5×5 or 4×4 risk matrix agreed in Step 1. Example:

In the room: Convert Severity + Likelihood to a Risk Rating (L/M/H/VH). Sort by H/VH to find the “vital few.” Capture why you rated it that way (assumptions matter later).

Outputs: A prioritized hazard list that the sponsor can act on this week.

11) Recommend risk-reduction actions using the hierarchy of controls

Purpose: Turn findings into durable risk reduction, not paperwork.

Prepare: Use the hierarchy of controls: Eliminate → Substitute → Engineer (isolate/guard/interlock/relief) → Administrative (procedures, training, permits) → PPE. For machinery and design contexts, ISO 12100 explicitly structures risk reduction around this hierarchy.

In the room: For each H/VH item, ask first, “Can we remove the hazard?” If not, “Can we substitute or reduce energy/inventory?” Then engineer it out (e.g., lower setpoint, add high-high trip independent of BPCS, increase relief capacity, interlock valve line-up). Only then, rely on admin/PPE.

Outputs: Specific actions per hazard with the highest feasible control on the hierarchy.

12) Assign clear owners, due dates, and verification methods

Purpose: Actions without owners don’t get done; actions without verification don’t stay done.

Prepare: An Action Register with columns: Hazard ID, Action, Owner, Due date, Verification method (test, inspection, SIL study, procedure update/training record), Status, Evidence link.

In the room: Agree on realistic dates and a management sponsor who will track to closure. Tie actions into your existing change control / MOC system.

Outputs: A living action log owned by the project manager or unit superintendent.

13) Document the PHA in a concise report that people will actually read

Purpose: Preserve institutional memory and support audits and future studies.

Prepare: One-page executive summary (top findings, key decisions), the filled PHA table, appendices (drawings, data, attendance, risk matrix, assumptions).

In the room (or immediately after): The facilitator and scribe polish language and check consistency. Keep jargon minimal; write consequences and actions in plain English.

Outputs: A signed report. For covered facilities, OSHA expects documented PHAs and related updates to be retained and revalidated on a five-year cycle.

14) Link high-risk items to deeper studies (HAZOP, FMEA, SIL/LOPA) and follow up

Purpose: Preliminary doesn’t mean superficial; it means prioritizing the next, deeper step.

Prepare: For process deviations with complex cause–and–effect chains, schedule a HAZOP on the relevant nodes. For component failure detail, plan FMEA on high-criticality items. (HAZOP and FMEA are codified in IEC 61882 and IEC 60812, respectively.)

In the room: Tag each top hazard with its next method (e.g., “Node 3 HAZOP,” “Pump P-101 FMEA,” “Independent Protection Layer study”).

Outputs: A short “Risk Study Roadmap” with owners and dates so momentum isn’t lost after the PHA.

Your working PHA table

Tip: Pre-populate IDs and system/nodes to speed capture.

Practical facilitation habits that make PHA sessions fly

• The “two-timer test”: Ask if controls work during both startup and shutdown, not just steady state.

• “Brownout” check: Consider partial failures (low instrument air, partial blockage), which often slip through.

• Cognitive interview: After the workshop, walk the area with a senior operator and reenact the riskiest tasks—people recall details better in context.

• Independent safeguard reality check: If an interlock is frequently bypassed for maintenance, treat its effectiveness as low until proof tests and management behaviors change.

Common pitfalls and how to avoid them

• Scope drift: Freeze the scope early; keep a parking lot for good ideas that don’t fit today.

• Vague actions: “Improve procedure” is not an action. “Add step 7 to procedure OP-103 to verify valve LV-12 position via sight glass before start—train all panel operators by 15-Oct” is.

• Paper safeguards: If nobody owns the test/inspection frequency, it doesn’t exist.

• No link to MOC: Every action that changes design/operation should enter your MOC system; otherwise, it dies in email.

Why this approach satisfies regulators and sets up the rest of the safety lifecycle

This workflow reflects widely accepted process-safety practice: perform an early, team-based hazard review using credible methods, supported by up-to-date process information, document the results, and drive them to closure—then deepen the analysis where needed with HAZOP or FMEA. That’s entirely consistent with OSHA’s PSM emphasis on PHA and supporting process safety information, and with international standards for HAZOP/FMEA and the risk-reduction hierarchy used in machinery design.

Quick one-page checklist you can print for your next PHA

1. Charter, scope, risk matrix agreed ✅

2. Right team in room (ops, maintenance, design, controls, HSE) ✅

3. Latest drawings, SDS, narratives, and incident learnings available ✅

4. Modes covered: start-up, normal, turndown, shutdown, maintenance, emergency ✅

5. What-If + Checklist prompts ready ✅

6. Hazards identified by energy and by task; human factors considered ✅

7. Credible causes captured, not generic blame ✅

8. Worst credible consequence + severity set ✅

9. Existing independent safeguards listed and challenged ✅

10. Likelihood estimated; risk rated; top items prioritized ✅

11. Actions at the highest feasible level of the hierarchy of controls ✅

12. Owners, due dates, verification methods set; loaded into MOC ✅

13. Concise report issued; evidence retained ✅

14. Roadmap to HAZOP/FMEA/LOPA defined ✅