Next Article in Journal
Green Mind Theory: How Brain-Body-Behaviour Links into Natural and Social Environments for Healthy Habits
Next Article in Special Issue
Investigation, Pollution Mapping and Simulative Leakage Health Risk Assessment for Heavy Metals and Metalloids in Groundwater from a Typical Brownfield, Middle China
Previous Article in Journal
Assessing Lead, Nickel, and Zinc Pollution in Topsoil from a Historic Shooting Range Rehabilitated into a Public Urban Park
Previous Article in Special Issue
Wage Differentials between Heat-Exposure Risk and No Heat-Exposure Risk Groups
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Risk Analysis of a Fuel Storage Terminal Using HAZOP and FTA

1
Departamento de Proyectos de Ingeniería, Universitat Politècnica de València, Camino de Vera s/n, 46022 Valencia, Spain
2
Departamento de Ingeniería de Construcción y Fabricación, ETSII, UNED, C/Ciudad Universitaria s/n, 28040 Madrid, Spain
3
Universitat de València, Avda. de la Universidad s/n, 46100 Valencia, Spain
*
Author to whom correspondence should be addressed.
Int. J. Environ. Res. Public Health 2017, 14(7), 705; https://doi.org/10.3390/ijerph14070705
Submission received: 10 May 2017 / Revised: 21 June 2017 / Accepted: 23 June 2017 / Published: 30 June 2017
(This article belongs to the Special Issue Human Health, Risk Analysis and Environmental Hazards)

Abstract

:
The size and complexity of industrial chemical plants, together with the nature of the products handled, means that an analysis and control of the risks involved is required. This paper presents a methodology for risk analysis in chemical and allied industries that is based on a combination of HAZard and OPerability analysis (HAZOP) and a quantitative analysis of the most relevant risks through the development of fault trees, fault tree analysis (FTA). Results from FTA allow prioritizing the preventive and corrective measures to minimize the probability of failure. An analysis of a case study is performed; it consists in the terminal for unloading chemical and petroleum products, and the fuel storage facilities of two companies, in the port of Valencia (Spain). HAZOP analysis shows that loading and unloading areas are the most sensitive areas of the plant and where the most significant danger is a fuel spill. FTA analysis indicates that the most likely event is a fuel spill in tank truck loading area. A sensitivity analysis from the FTA results show the importance of the human factor in all sequences of the possible accidents, so it should be mandatory to improve the training of the staff of the plants.

1. Introduction

Technological and social development has led to an increase in the size and complexity of chemical plants. At the same time, the existence of such plants and the transport of their products involve certain risks that need to be controlled and minimised [1,2].
Risk is understood as the possibility that someone or something is adversely affected by a hazard [3], while danger is defined as any unsafe situation or potential source of an undesirable and damaging event [4]. Other definitions of risk are the measure of the severity of a hazard [5], or the measure of the probability and severity of adverse effects [6].
In recent decades, interest in the safety of chemical industrial plants has greatly increased [2,7]. This has led to the development of a scientific discipline known as process safety that focuses on the prevention of fires, explosions, and accidental chemical releases in chemical processing facilities [8]. This discipline has as objective to improve prevention in the facilities, learning from accidents and from continuous analysis of the production process.
Directive 2012/18/EU (or Seveso III) [9] defines as a serious accident an event (such as a major leak, fire, or explosion) resulting from an uncontrolled process during the operation of any plant and producing a serious danger, whether immediate or delayed, to human health or the environment, inside or outside the plant, and involving one or more hazardous substances. Examples of serious accidents in industrial processes include: Flixborough in Britain (1974), Seveso in Italy (1976), Bhopal in India (1984), Enschede in the Netherlands (2000), Toulouse in France (2001) and Buncefield in Britain (2005) [10,11,12,13,14,15]. In Spain, examples include an accident at the Repsol refinery in Puertollano (2003) in which an explosion in a gas storage area killed nine workers and injured many others, as well as causing property damage.
The complexity and severity of accidents at these plants requires the implementation of risk management systems. The ISO 31000: 2010 [16] standard defines risk management as “coordinated activities to manage and control an organisation with regard to risk” and comprises the following steps: communication and consultation, establishing the context, risk assessment (identification, analysis, and evaluation), risk treatment, monitoring, and review.
The purpose of this article is to show the procedure for risk analysis in chemical and allied industries that is based on a combination of HAZard and OPerability analysis (HAZOP) and a quantitative analysis of the most relevant risks through the development of fault trees, fault tree analysis (FTA). HAZOP can identify possible fault root causes and their consequences and FTA develops fault propagation pathways and provides a quantitative probability importance ranking of fault causes. These results can guide the decision making of management staff to mitigate or avoid potential process hazards. This working method is applied to a case study consisting of the terminal for unloading chemical and petroleum products, and the fuel storage facilities of two companies, in the port of Valencia (Spain).
This paper is organized as follows. Section 1 introduces the theme. Section 2 introduces the main data of the chemical industry in Spain and the framework for risk assessment process of major accidents. Section 3 introduces the methodology. Section 4 details a case study with the HAZOP and FTA analysis. Section 5 presents the conclusions. Appendix A, Appendix B, Appendix C and Appendix D present complementary documentation of case study.

2. The Chemical Industry in Spain and Serious Accidents

2.1. The Chemical Industry in Spain

Turnover of the chemical industry in Spain totalled €56.39 billion in 2014, representing 12.4% of industrial Gross Domestic Product (GDP) [17] and making the industry the fourth largest after the food, transport and metal industries. This is also the second largest sector of the Spanish economy in terms of exports with 58.1% of sales going abroad.
The largest concentration of chemical companies is found in Catalonia with 43% of total turnover, followed by Andalusia (12.7%) and Madrid (13.5%). The Valencian Community is in fourth place with €4.88 billion or 8.4% of total turnover. The chemical sector employed 191,100 people in 2008, a figure that has fallen to around 174,600 in recent years because of the economic crisis [17].
The Spanish Chemical Industry Federation (FEIQUE) in its 2015 annual report on industrial accidents in the chemical sector [18] noted that the frequency index was 3.44 (the index frequency represents the number of accidents for every million hours worked). Compared with data published by the Ministry of Employment in 2015, this index is lower than the industrial sector index (5.03) and the construction sector index (6.59). The severity index for the sector was 0.12 (the severity index represents the number of days lost per 1000 working hours), which reflects the great importance that is given to safety in the Spanish chemical industry.

2.2. The Regulatory Framework

The disastrous accident at Seveso (Italy) in 1976 led to European Union legislation intended to prevent accidents in certain industries using hazardous substances and thus limit the impact on employees, the general population, and on the environment. The resulting standard was Directive 82/501/EEC [19] better known as Seveso I. This regulatory framework established that a manufacturer company which used in their process hazardous substances listed in the Appendix A or stored hazardous substances listed in the Appendix B, or both, must develop (among other documents) interior and exterior protection and emergency plans that include risk assessment.
During the implementation of Seveso I, there were more than 130 serious accidents in Europe and new risks appeared due to technological advances. Consequently, the European Commission introduced Directive 96/82/EC (called Directive Seveso II) [20] in 1996. This directive classified plants into “not affected”, “low risk” and “high risk” according to the quantities of dangerous substances present. Seveso II was revised in Directive 2012/18/EU or Seveso III [9] with the aim of increasing levels of protection for people, property, and the environment.
In Spain, in 2016, according to data from the Directorate General for Civil Defence [21], there were 422 high risk plants subject to the Seveso directive and 470 low risk plants. The geographical distribution is similar to that for turnover: Catalonia was first with 101 high risk plants (23.9%), Andalusia with 70 (16.6%), the Valencian Community with 39 (9.2%) and the Basque Country with 28 (6.6%).
According to a study by Planas et al. [2], there have been 89 accidents in Spain since the beginning of the twentieth century. Some 44% of these accidents occurred during transport, the most serious accident occurring at Los Alfaques campsite in July 1978 where 217 people died. The second major source of accidents were processing areas (19%); and the third source were storage areas. Explosions occurred in 49% of accidents, leaks in 37% and fires in 24%.
The chemical industry has implemented improvements in process safety and environmental protection with four strategies: inherent safer design; risk assessment processes; use of instrumented safety systems; and the implementation of safety management systems. In the risk assessment process, the HAZOP method is the technique most used to identify risks [2]. HAZOP studies evolved from the Imperial Chemical Industries (ICI) as a “Critical Examination” technique formulated in the mid-1960s. One decade later, HAZOP was published formally as a disciplined procedure to identify deviations to the process industries by Kletz in 1978 [22], and some publications [23], corporate guidelines, standards (IEC 61882 [24]) and national guidance notes (Nota Técnica Prevención (NTP) 238 [25]) were developed after.

3. Methodology

Risk assessment is the process of identifying, analysing, and evaluating the hazard posed by an industrial plant and the main aim is the prevention and mitigation of accidents in potentially hazardous facilities [26,27].
The phase of hazard identification is the process in which hazards are identified and recorded. The analysis phase involves developing an understanding of the hazard and providing information for evaluation. The evaluation phase involves comparing the estimated hazard levels with predefined criteria to define the importance of the level of hazard and decide whether it is necessary to address the hazard—as well as the most appropriate strategies and methods of hazard treatment [8].
Choosing the appropriate risk assessment techniques is a difficult decision that will depend on factors such as the complexity of the problem, the methods for analysis of the amount of information available, the need for quantitative data, and available resources [28]. Often, authors combine some techniques with the purpose of blending, i.e., to take advantage of the strengths of each method whilst compensating for their weaknesses.
In this paper, the methodology used is based on the combination of HAZOP analysis and a quantitative analysis of the most relevant hazards by FTA. HAZOP is a qualitative technique that carries out a structured analysis of the process and allows identifying the deviations that may take place with regard to the intended functioning, as well as their causes and consequences. HAZOP does not try to provide quantitative results but, in many situations, it is necessary to rank the identified hazards, mainly to prioritize the actions to mitigate them because this decision depends of the risk level. For this purpose, HAZOP is combined with other techniques; in these cases, quantitative techniques such as FTA. It can identify the potential causes and the ways of failure and can assess quantitatively the probability of development of the accident. The blending of the two techniques was defined as positive because minimize the uncertainty [29,30,31].
There are many examples of blending HAZOP and FTA in the literature: Demichela et al. [32] developed the Recursive Operability Analysis (ROA), linking HAZOP results and FTA development; Cozzani et al. [33] developed a specific methodological approach to analyse the risk from hazardous materials in marshalling yards; Casamirra et al. [34] integrated HAZOP, FTA and Failure Mode and Effect Analysis (FMEA) to assess the safety of a hydrogen refuelling station; and Kim et al. [35] combined HAZOP and FTA to carry out safety assessment of hydrogen fuelling stations at Korea.
The methodology (Figure 1) begins with a detailed study of the industrial process and substances used. Subsequently, an historical analysis of accidents is made—which is the study and analysis of accidents in similar plants to identify risk and causes. This stage is performed by referring to specialised scientific publications and literature review. With this available information, a HAZOP analysis is conducted. After the HAZOP sessions, the possible fault causes and consequences of the given deviations from the design are identified. These data allow, according to the criteria of the HAZOP team, identifying the initiating events, modelling the fault propagation process, and finally building the fault tree analysis. Subsequently a quantitative analysis is performed and results obtained rank risks and allow prioritizing the corrective and/or preventive measures.

3.1. HAZOP Method

The HAZOP technique [36] is a structured and systematic examination of a product, process, or procedure—or an existing or planned system. This is a qualitative technique based on the use of guide words (Table 1) that question how design intent or operating conditions may fail to be achieved at each step of the design process or technique. The guide words must always be appropriately selected to the process which is analysed and additional guide words can be used.
This technique is applied by a multidisciplinary team during a series of meetings where work areas and operations are defined—and each of the variables that influence the process are applied to the guide to verify the operating conditions and detect design errors or potentially abnormal operating conditions (Figure 2).

3.2. Fault Tree Analysis

FTA is a technique to identify and analyse factors that may contribute to an unwanted specified event (called the “top or main event”). Causal effects are identified deductively and organised in a logical manner and shown using a tree diagram that describes the causal factors and their logical relationships (Table 2) with respect to the top event.
A fault tree can be used qualitatively to identify potential causes and the ways in which failure (the top event) occurs or quantitatively, or both, to calculate the probability of the top event from the probabilities of causal events.
The stages for the application of this technique are:
(1)
Define the top event.
(2)
Construction of the fault tree: From the top event, the possible immediate causes of the failure modes are established and it is possible to identify how these failures can occur at basic levels or in basic events.
(3)
Qualitative evaluation: The aim to find the minimum set of faults, establishing a mathematical formulation from the relationships established in the fault tree. To achieve this, the “OR” gates are replaced by the “+” sign (not addition but a union of conjunctions) and the gates “AND” by the “x” sign (equivalent to the intersection of conjunctions). Boolean algebra is used.
(4)
Quantitative evaluation: From the frequency of failure of basic events, the probable frequency of an accident is calculated (if it occurs) as well as the most critical fault routes (i.e., the most probable among combinations of susceptible events that may cause the top event). Quantitative evaluation enables a complete risk analysis before implementing and prioritising actions to improve the safety and reliability of the system under study. A complementary sensitivity analysis can be performed to check the effect of the basic events in the global risk assessment. These data allow prioritizing the preventive measures and the efforts of the risk control process.

4. Application to a Case Study: The Chemical Terminal at the Port of Valencia

The application of the methodology is performed for the jetty and pipe work of the chemical terminal, as well as the connected storage facilities, at the Port of Valencia. These storage facilities are owned by two companies: Terminales Portuarias SL (TEPSA) and Petróleos de Valencia SA (PTROVAL) [38,39]. Both companies work in the reception, storage, loading, and distribution of liquid products—divided into two groups: chemicals and oil.

4.1. Identification of Products Handled

TEPSA stores and distributes gasoline, diesel, methanol, and other chemicals in smaller amounts. PTROVAL (owned by Galp Energía) stores and distributes gasoline, diesel, and kerosene. The four substances (petrol, diesel, methanol, and kerosene) are hazardous substances according to Schedule I of Royal Decree 1254/1999 [40] and the large volumes handled mean that the plant is considered high risk under the Seveso classification. Such high-risk plants are required to conduct a risk analysis.

4.2. Historical Analysis of Accidents

Chang et al. [41] performed a study of storage tank accidents in industrial facilities between 1960 and 2003. They collected and reviewed 242 tank accidents, 207 belonging to crude oil, oil products (fuel oil, diesel, kerosene, lubricants), gasoline/naphtha and petrochemicals products. The main causes of tanks accidents were in order of importance: lightning (33.1%), maintenance (13.2%), operational error (12.0%), equipment failure (7.9%), sabotage (7.4%), crack/rupture (7.0%), leaks and line rupture (6.2%) and static electricity (3.3%).
Person and Lönnermark [10] listed 479 fires involving hydrocarbon storage tanks between 1951 and 2003. Based on this work, Hailwood et al. [11] identified 21 tank explosions followed by a fire.
In a specific study of risk assessment for Liquefied Natural Gas (LNG) terminals, Aneziris et al. [42] identified the initiating events of accidents of LNG terminals. They divided the LNG terminals in five areas: LNG tanks, unloading section (from ship to tank), send-out section, condenser and outlet pipeline.
In tanks section, the main initiating events are boil-off removal malfunction (during unloading or during storage), a high temperature in LNG (when coming from ship), an excess of external heat in storage tank area, an overfilling of the tank, a rollover during unloading or during storage, an inadvertent starting of additional compressors, a continuation of uploading beyond lower safety level and an increase of send out rate from tank. In unloading section, the main initiating events are an excess external heat in jetty area, a water hammer in loading arm (due to inadvertent valve closure), an inadequate cooling of lading arm and high winds during uploading.
In Appendix A, a list of well documented past accidents has been extracted from reports and works available in the literature. The list includes accidents in petroleum and LNG product storage facilities [12,13,43,44].
The origins of these accidents were leaks or spills (9), explosions (7) and fire (6). Leakage (in the form of liquid) is the most common source of major accidents—leading to fires and explosions that may cause other leaks, thus lengthening the accidental chain. The possible consequences of leakage depend on the flammability and toxicity of the leaked liquids and the environmental conditions in which the leak occurs.
Seventeen of the cases originated in storage tanks, two in tanker ships, one in pipes, one in a steam boiler of a LNG plant and in one case there was no specific origin.
Factors that may cause an accident are grouped into general and specific. Among the general causes are those that are: external to the plant, human behaviour, mechanical failure, failure caused by impact, violent reactions; instrumentation failure, and failure of services. These general causes include a number of specific causes provided by details of specific accidents. Note that a single accident can occur for more than one general cause, and a general cause may be the result of more than one specific cause. The recorded data on the general causes of accidents shows that the cause was human behaviour in ten cases, instrumentation failure on four occasions, electrostatic spark on two occasions, mechanical failure in two occasions, unknown causes on two occasions, and two accidents were caused respectively by mechanical impact failure and external causes respectively.
Ignition sources provided the energy needed for the combustion of a flammable mixture. These sources can be thermal, electrical, mechanical and chemical. Data shows that in seven accidents the cause was electrical, in three the cause was welding during maintenance works, mechanical in three cases, thermal in two cases, and unknown in seven cases.

4.3. HAZOP Analysis

The Valencian plant is divided into three systems (Figure 3) that correspond to the three activities of the companies: unloading, storage, and loading for distribution.
These three systems are divided into six sub-systems and these again are divided into specific points or nodes that correspond to the sequence of operational steps in the plant (Table 3). Table 4 shows guide words and parameters used in the HAZOP analysis and Table 5 shows the result of the HAZOP analysis for node 2.1.1 (opening tank valves) and some variables of node 2.1.2 (filling tank).
As a result of this analysis, it can be seen that, in the areas for loading and unloading liquid products (Systems 1 and 3), the greatest danger is the possibility of an uncontrolled spill. The occurrence of this event is closely linked to the effectiveness of the staff responsible for handling the tasks. Relative to System 2, the risk of a fuel loss in the pipelines and leakage or fuel loss in the storage tanks is noteworthy. The latter event could be caused by overfilling or a partial rupture of the tank. Special attention must be given to such events because they can cause fires and explosions that may have more serious consequences for the plant and its staff.

4.4. Fault Tree Analysis (FTA)

By using HAZOP analysis, four events were extracted for analysis using the fault tree technique. These events or top events were:
Top event (1): Fuel spill in ship-terminal unloading area.
Top event (2): Fuel leak in pipelines.
Top event (3): Fuel spill in storage tank.
Top event (4): Fuel spill in tank truck loading area.
The faults and relationships for each top event have been identified and a logical combination of incidents has been deduced that can trigger unwanted events. In this way, each tree contains information about how the combination of certain faults leads to overall failure (Figure 4). Appendix B presents the fault trees of the other top events.
Once the fault trees have been made, the mathematical expressions are defined ant the probability values are calculated according to the Boolean algebra related to FTA (Table 6 and Table 7).
From these equations and data on the frequency of failures of basic events, a quantitative assessment of the trees enables a calculation of the probability of the occurrence of the top event (year−1). The procedure for calculating the top event (1) is shown in Table 7. In the four analysed top events, some 19 basic events are defined and fault frequencies were determined using data from the Spanish National Institute on Health and Safety at Work [45] and research on fuel storage [12,41,46,47]. In the Appendix C similar tables are developed for the others top events.
In Table 8, the results of failure frequency for each of the top events and their ways of failure are presented. A column called “Importance” has been added in order to show the importance of the failure frequency of the events (and also of their ways of failure) developed through the fault tree technique. The results indicate that the top event (4) “Fuel spill in tank truck loading area” has a failure rate of 1.7 events/year, i.e., 85% of the events developed through the fault tree technique. There are two ways a top event (4) can be generated: the first is via a “connection leak” with an importance of 80.28% and the second is via “leak caused by broken hose” which accounts for 5.02% of importance. If the basic events are analysed, the main causes for a connection leak are a bad hose connection and a response failure following the detection of an emergency (incorrect staff response, failure of the acoustic alarm, or seizure of the manual closure valve).
The next most significant source of risk for the overall failure sequence is “connection leakage” in the top event (1) “Fuel spill in ship-terminal unloading area” (with a failure frequency of 0.17 events/year). This event occurs following a loss of product (caused by a bad connection of the loading arm or damaged parts) together with human error. The probability of occurrence is low since it is one of the most complex operations and involves very strict protocols.
A sensitivity analysis has been performed (see Appendix D) in order to check the effect of the basic events in the global risk assessment. In the top event (1) (Table 9 and Figure 5), the basics events with more influence in the sequence of the accident are in order of importance: operator distracted, operator failure, badly connecting loading arm and collision against jetty during manoeuvres. In the top event (2) are corrosion, operator distracted and with the same importance vehicles collision and fatigue defect. In the top event (3) are operator failure and with equal importance the failure of the sensor level and the failure of response of the shut-off valve. In the top event (4) are hose incorrectly connected, after with equal importance, the acoustic signal failure and the sticking of the manual shut-off valve, and in the fourth level the operator failures. These results show the importance in all the sequences of accident of the failure or distraction of the operators, so it should be mandatory a plan for training the staff of the plants. Planning of the maintenance actions of the facility must take into account both the general results from the risk assessment and the results from the sensitivity analysis.

5. Conclusions

In this paper, a methodology that combines HAZOP analysis and FTA is used. HAZOP analysis identifies the risks and their possible causes and consequences. FTA, based on the HAZOP analysis, represents the fault propagation pathways and produces a qualitative and quantitative assessment of the sequences of events that can lead to accidents or serious failures. Results from FTA allow prioritizing the preventive and corrective measures in order to minimize the probability of failure.
An analysis of case study about a fuel storage terminal is performed. HAZOP analysis shows that loading and unloading areas are the most sensitive areas of the plant and where the most significant danger is a fuel spill—tasks that can produce such an event are closely supervised by staff. Tasks related to transferring fuel from ships to tanks and storage tanks are the most automated and so the influence of personnel is reduced—although the consequences are more serious if an accident occurs. FTA analysis indicates that the most likely event is “Fuel spill in tank truck loading area” and the sequence of events that would most likely cause such an event is a “connection leakage” caused by improper hose connection and a failure of emergency systems. A sensitivity analysis of the FTA results shows the importance of the human behaviour in all sequences of the possible accidents. A slight increase or decrease of the frequency of failure of human operations generate an important increase or decrease, respectively, of the frequency of failure of the top event, so corporation’s prevention plans must increase the training of the staff, develop of automatic control measures and develop or improve control procedures to check the human operations.
In future research, we will apply a similar analysis to other type of plant, as LNG plants or storage of chemical products at a process plant, in order to improve the use of the combined method and to compare results from the risk assessments. In this way, we will build a database of HAZOP cases and FTA analysis and could improve the maintenance plans of the various types of plants.

Acknowledgments

This paper was funded by the Universitat Politècnica de València and UNED, both of Spain.

Author Contributions

Mª Piedad Baixauli Pérez and José Luis Fuentes-Bargues conceived, designed and performed the experiments. Cristina González-Gaya analysed the state of the art about Major Hazards. José Luis Fuentes-Bargues wrote the paper and Mª Carmen González-Cruz and Cristina González-Gaya revised the document.

Conflicts of Interest

The authors declare no conflict of interest.

Appendix A. Historical Analysis of Accidents

Table A1. Analysis of Accidents.
Table A1. Analysis of Accidents.
DateLocationProducts InvolvedOrigin of AccidentDescription
2010Burosse-Mendousse (France) [44]OilExplosionExplosion of a tank of 1400 m3 containing crude oil. The roof was ejected several meters away and the tank’s base slightly lifted. The most probable ignition source is an electrostatic discharge.
2009Bayamón (Puerto Rico) [43]Gasoline, Diesel, KeroseneSpillIn the plant of the Caribbean Petroleum Corporation (a storage, distribution, and fuel blending service) the failure of the sensor system for filling a gas tank caused a fuel spill that triggered a series of explosions and fires. The disaster affected 18 tanks, destroyed 50% of the plant, and caused considerable damage to the environment and the local area.
2007Sløvâg (Norway) [44]GasolineFireAccident took in the facilities of company Vest Tank AS, on the Sløvâg industrial area. The first explosion took place in a tank where the base–shell weld ruptured and the upper part of the tank was launched up in the air and landed in the north-eastern corner of Tank Farm II. Subsequent explosions and fires destroyed the other tank farm. There were no casualties in the accident. This accident occurred during purification of coker gasoline (reduction of the content of mercaptans). The investigation found that addition of hydrochloric acid during the process reduced the solubility of mercaptans in the solution, leading to the build-up of a flammable mixture. Air filter with activated carbon placed on the roof absorbed mercaptans, leading to a self-ignition and the explosion.
2006Spoleto (Italy) [43]OilExplosionAn explosion occurred at Umbria Oil plant near Spoleto, Italy, when five workers were welding a structure on the roofs of several tanks. Firstly, one tank containing raw pomace oil exploded, rising up of about 10 m. This first explosion led to a pool fire that spread in the tanks’ park. One hour later, two other tanks exploded, with rupture of the bottom welding, ejecting missiles of 10 tons 80 m away near warehouses storing by-products and packaging materials. Four workers lost their life in this accident.
2006Partridge-Raleigh (USA) [44]PetroleumExplosionThe explosion at Partridge-Raleigh Oilfield was caused by sparks of the welding of pipes that joined tanks. Three workers died and other suffered serious injuries.
2005Hertfordshire (England) [13,43]GasolineSpillIn the storage terminal known as “Buncefield depot” 300 tons of gasoline overflowed in a storage tank because of a high-level device failure and the failure of safety device that close the filling valves and raise the alarm. Fire broke out when the gasoline vapour cloud ignited. The ignition source may have been a backup generator, or a spark produced by a vehicle. In total, 20 storage tanks (containing 13.5 million litres each) burned for several days.
2004Skikda (Algeria) [42]LNGExplosionThe steam boiler of the LNG production plant exploded, triggering a second, more massive vapour-cloud explosion and fire. The explosions and fire destroyed a portion of the LNG plant and caused 27 deaths, 74 injuries, and material damage outside the plant’s boundaries.
2003Puertollano (Spain) [10]NaphtaExplosionAn explosion in a naphtha tank in the refinery resulted in an intense fire that spread to six other tanks containing 8600 m3 of gasoline.
2003Oklahoma (USA) [44]DieselExplosionIn a Conoco-Phillips plant a diesel tank exploded with 900 m3 of fuel, triggering a fire that involved three other liquid fuel storage tanks. The cause of the incident was the generation of a volatile mix inside the tank after it was emptied. The likely source of ignition was an electrical discharge from a nearby line.
2001Kansas (USA) [10,12]Crude petroleumFireA worker who was checking the level of oil in a storage tank at night lit a match. The flame ignited vapours and caused a huge explosion.
2000Hampshire (United Kingdom) [10]Crude petroleumLeakA crack in the bottom of a storage tank of crude oil (caused by corrosion) caused a catastrophic spill of crude oil.
1997Ashdod (Israel) [12]GasoilLeakIn the tank farm of Ashdod Oil Refinery the explosion of a 15,000 m2 gasoil tank caused loss of one worker. The investigation concluded that a non-complete gasoil stripping with hydrogen at the exit of gasoil hydro treating unit caused penetration of hydrogen inside the tank. The source of ignition was most likely electrostatic spark initiated by synthetic rope used to get samples out the tank.
1995Rouseville (USA) [44]Wastewater TankExplosionDuring a welding operation near the wastewater tank that contained a layer of flammable liquid, sparks ignited flammable vapours at openings in the tank. The deflagration caused the tank to fail at the bottom seam and shoot into the air. Five workers died and fire ignited other tanks and caused loud explosions.
1993Port of Tarragona (Spain) [12]Naphta, fuel oil and crude oilFireA Danish petroleum tanker with 22,000 tons of naphtha on board collided with the REPSOL wharf in Tarragona during docking. The collision broke three pipes on the wharf containing naphtha, fuel oil, and crude oil—fire quickly broke out and produced a thick smoke. The combustion wastes contaminated nearby beaches. REPSOL estimated that damage to the wharf totalled the equivalent of €18 million.
1988Santander (Spain) [12]DieselFireA fire started during cleaning operations in an empty oil tank at a CAMPSA (now CLH) plant.
1987Lyon (France) [10,12]Gasoline and keroseneFireA fire started in an enlarged Shell terminal holding up to 43,000 m3 of Class B oil products (gasoline and kerosene among others) and Class D products (asphalt). Nearly 7000 m3 of products were burned, two people dead, and 16 were seriously injured. The causes are unknown, although it is known that changes were being made to the wiring system.
1986Thessaloniki (Greece) [41]Fuel-oilLeakA fire caused by a fuel oil leak in an ESSO Pappas terminal set 10 of the 12 storage tanks ablaze. The fire lasted eight days, extended over 75% of the total area of the terminal, and destroyed the stationary fire-fighting system, as well as the systems controlling pumps and loading. The fire started during maintenance work after a leak in a tank went undetected.
1985Port of Naples (Italy) [41,43]GasolineSpillAt an AGIP plant a cloud of gasoline vapour exploded and damaged nearby houses. Windows broke up to 600 meters away. Tanks of gasoline, kerosene, and diesel were set on fire. The incident resulted in four deaths and 170 injuries. Twenty-four of the 32 storage tanks were affected. The probable cause was an accident when unloading a ship or a storage tank overflow.
1983New Jersey (USA) [41]GasolineSpillAn overfilled floating roof tank spilled 1300 barrels of gasoline. The resulting explosion destroyed two storage tanks and a neighbouring terminal. A cloud of vapour was blown to a nearby incinerator and set it on fire as well.
1979Duisburg (Germany) [10,12,41]GasoilFireIn the river port area, a fire started in the storage area with 24 diesel and fuel oil storage tanks of between 1500 and 4700 m3 capacity. The accident occurred during the renovation of thermal insulation of the storage tanks.
1978Stockton (USA) [10,12]Gasoline and additivesLeakA fire broke out in a plant with eight large tanks of petroleum products. Two of the gasoline storage tanks caught fire as well as various tanks containing additives. All stocks of foam within 90 km were used. The origin was a leak from a gasoline tank that produced a cloud of vapour which travelled about 220 m and came into contact with a water heater in a nearby yard.
LNG: Liquefied Natural Gas.

Appendix B. Top Event Fault Trees

Figure A1. Top event fault tree (2).
Figure A1. Top event fault tree (2).
Ijerph 14 00705 g006
Figure A2. Top event fault tree (3).
Figure A2. Top event fault tree (3).
Ijerph 14 00705 g007
Figure A3. Top event fault tree (4).
Figure A3. Top event fault tree (4).
Ijerph 14 00705 g008

Appendix C. Qualitative and Quantitative Top Events

Table A2. Qualitative evaluation of top event (2).
Table A2. Qualitative evaluation of top event (2).
Top Event (2) Fuel Leak in Pipelines
Equations SystemBoolean Equation
A = B + CA = 1 + 2 + 3 + (5 × 4) + (6 × 4) + (7 × 4)
B = 1 + 2 + 3
C = D × 4
D = 5 + 6 + 7
Table A3. Top event failure frequencies (2).
Table A3. Top event failure frequencies (2).
Top Event (2) Fuel Leak in Pipelines
Basic EventDescriptionFailure Frequency (year−1)
1Corrosion4.4 × 10−3
2Vehicles collision8.8 × 10−4
3Fatigue defect8.8 × 10−4
4Operator distracted1.8 × 10−3
5Pressure probe failure4.1 × 10−2
6Signal transmission failure8.8 × 10−1
7Valve shut-off response failure2.2 × 10−1
DFailure control leakage1.14 × 100
CUndetected leak2.0 × 10−3
BBreakage caused by cracking6.1 × 10−3
A = B + CTop event (2)8.1 × 10−3
Table A4. Qualitative evaluation of top event (3).
Table A4. Qualitative evaluation of top event (3).
Top Event (3) Leak in Storage Tank
Equations SystemBoolean Equation
A = B + CA = (2 × 1) + (3 × 1) + (4 × 1) + 5 + 6 + 7 + 8 + 9
B = D × 1
C = E + F
D = 2 + 3 + 4
E = 5 + 6
F = 7 + 8 + 9
Table A5. Top event failure frequencies (3).
Table A5. Top event failure frequencies (3).
Top Event (3) Leak in Storage Tank
Basic EventDescriptionFailure Frequency (year−1)
1Operator failure8.8 × 10−2
2Sensor level failure4.1 × 10−1
3Valve shut-off response failure2.2 × 10−1
4Acoustic signal failure8.8 × 10−2
5Reinforcement breaking2.2 × 10−3
6Tank breaking2.2 × 10−3
7Corrosion4.4 × 10−3
8Insufficient revisions1.8 × 10−3
9Operator failure1.8 × 10−3
FCrack formation leak8.0 × 10−3
ECatastrophic tank rupture4.4 × 10−3
DLevel control failure7.2 × 10−1
CLoss of leak tightness1.2 × 10−2
BOverfilling6.3 × 10−2
A = B + CTop event (3)7.5 × 10−2
Table A6. Qualitative evaluation of top event (4).
Table A6. Qualitative evaluation of top event (4).
Top Event (4) Fuel Spill in Tank Truck Loading Area
Equations SystemBoolean Equation
A = B + CA = (3 × 1) + (4 × 1) + (5 × 1) + (2 × 6) + (2 × 7) + (2 × 8)
B = D × 1
C = 2 × E
D = 3 + 4 + 5
E = 6 + 7 + 8
Table A7. Top event failure frequencies (4).
Table A7. Top event failure frequencies (4).
Top Event (4) Fuel Spill in Tank Truck Loading Area
Basic EventDescriptionFailure Frequency (year−1)
1Operator failure8.8 × 10−1
2Hose incorrectly connected8.8 × 10−1
3Collision against hose8.8 × 10−4
4Hose defects due to misuse8.8 × 10−2
5Manufacturing effects8.8 × 10−3
6Incorrect alarm response8.8 × 10−1
7Acoustic signal failure8.8 × 10−1
8Manual shut-off valve sticking1.0 × 10−1
EEmergency action failure1.86 × 100
DBroken Hose9.7 × 10−2
CConnection leak1.63 × 100
BLeak caused by broken hose8.5 × 10−3
A = B + CTop event (4)1.7 × 100

Appendix D. Sensitivity Analysis of Results

Table A8. Sensitivity Analysis for the Top event (2).
Table A8. Sensitivity Analysis for the Top event (2).
Top Event (2) Fuel Leak in Pipelines
Equations SystemA = B + C = (1 + 2 + 3 + (5 × 4) + (6 × 4) + (7 × 4)
Event 1BCAEvent 2BCA
0.00640.00810.00200.01010.00110.00630.00200.0083
0.00590.00760.00200.00960.00100.00630.00200.0083
0.00540.00710.00200.00910.00100.00620.00200.0082
0.00490.00660.00200.00860.00090.00620.00200.0082
0.00440.00610.00200.00810.00090.00610.00200.0081
0.00390.00560.00200.00760.00080.00610.00200.0081
0.00340.00510.00200.00710.00080.00600.00200.0080
0.00290.00460.00200.00660.00070.00600.00200.0080
0.00240.00410.00200.00610.00070.00590.00200.0079
Event 3BCAEvent 4BCA
0.00110.00630.00200.00830.00200.00610.00220.0083
0.00100.00630.00200.00830.00190.00610.00220.0083
0.00100.00620.00200.00820.00190.00610.00210.0082
0.00090.00620.00200.00820.00180.00610.00210.0082
0.00090.00610.00200.00810.00180.00610.00200.0081
0.00080.00610.00200.00810.00170.00610.00190.0081
0.00080.00600.00200.00800.00170.00610.00190.0080
0.00070.00600.00200.00800.00160.00610.00180.0079
0.00070.00590.00200.00790.00160.00610.00180.0079
Event 5BCAEvent 6BCA
0.04320.00610.00200.00810.89660.00610.00200.0081
0.04270.00610.00200.00810.89160.00610.00200.0081
0.04220.00610.00200.00810.88660.00610.00200.0081
0.04170.00610.00200.00810.88160.00610.00200.0081
0.04120.00610.00200.00810.87660.00610.00200.0081
0.04070.00610.00200.00810.87160.00610.00200.0081
0.04020.00610.00200.00810.86660.00610.00200.0081
0.03970.00610.00200.00810.86160.00610.00200.0081
0.03920.00610.00200.00810.85660.00610.00200.0081
Event 7BCA
0.22120.00610.00200.0081
0.22070.00610.00200.0081
0.22020.00610.00200.0081
0.21970.00610.00200.0081
0.21920.00610.00200.0081
0.21870.00610.00200.0081
0.21820.00610.00200.0081
0.21770.00610.00200.0081
0.21720.00610.00200.0081
Figure A4. Sensitivity Analysis for the Top event (2). Events 1 to 7.
Figure A4. Sensitivity Analysis for the Top event (2). Events 1 to 7.
Ijerph 14 00705 g009
Figure A5. Sensitivity Analysis for the Top event (2). Events 1 to 4.
Figure A5. Sensitivity Analysis for the Top event (2). Events 1 to 4.
Ijerph 14 00705 g010
Table A9. Sensitivity Analysis for the Top event (3).
Table A9. Sensitivity Analysis for the Top event (3).
Top Event (3) Leak in Storage Tank
Equations SystemA = B + C = (2 × 1) + (3 × 1) + (4 × 1) + 5 + 6 + 7 + 8 + 9
Event 1BCAEvent 2BCA
0.10770.07740.01230.08960.43200.06480.01230.0770
0.10270.07380.01230.08600.42700.06430.01230.0766
0.09770.07020.01230.08250.42200.06390.01230.0761
0.09270.06660.01230.07890.41700.06340.01230.0757
0.08770.06300.01230.07530.41200.06300.01230.0753
0.08270.05940.01230.07170.40700.06260.01230.0748
0.07770.05580.01230.06810.40200.06210.01230.0744
0.07270.05220.01230.06450.39700.06170.01230.0740
0.06770.04860.01230.06090.39200.06130.01230.0735
Event 3BCAEvent 4BCA
0.23920.06480.01230.07700.08970.06320.01230.0754
0.23420.06430.01230.07660.08920.06310.01230.0754
0.22920.06390.01230.07610.08870.06310.01230.0754
0.22420.06340.01230.07570.08820.06310.01230.0753
0.21920.06300.01230.07530.08770.06300.01230.0753
0.21420.06260.01230.07480.08720.06300.01230.0752
0.20920.06210.01230.07440.08670.06290.01230.0752
0.20420.06170.01230.07400.08620.06290.01230.0751
0.19920.06130.01230.07350.08570.06280.01230.0751
Event 5BCAEvent 6BCA
0.002390.06300.012460.075470.00240.06300.012460.07547
0.002340.06300.012410.075420.00230.06300.012410.07542
0.002290.06300.012360.075370.00230.06300.012360.07537
0.002240.06300.012310.075320.00220.06300.012310.07532
0.002190.06300.012260.075270.00220.06300.012260.07527
0.002140.06300.012210.075220.00210.06300.012210.07522
0.002090.06300.012160.075170.00210.06300.012160.07517
0.002040.06300.012110.075120.00200.06300.012110.07512
0.001990.06300.012060.075070.00200.06300.012060.07507
Event 7BCAEvent 8BCA
0.004570.06300.012460.075470.001950.06300.012460.07547
0.004520.06300.012410.075420.001900.06300.012410.07542
0.004470.06300.012360.075370.001850.06300.012360.07537
0.004420.06300.012310.075320.001800.06300.012310.07532
0.004370.06300.012260.075270.001750.06300.012260.07527
0.004320.06300.012210.075220.001700.06300.012210.07522
0.004270.06300.012160.075170.001650.06300.012160.07517
0.004220.06300.012110.075120.001600.06300.012110.07512
0.004170.06300.012060.075070.001550.06300.012060.07507
Event 9BCA
0.001950.06300.012460.07547
0.001900.06300.012410.07542
0.001850.06300.012360.07537
0.001800.06300.012310.07532
0.001750.06300.012260.07527
0.001700.06300.012210.07522
0.001650.06300.012160.07517
0.001600.06300.012110.07512
0.001550.06300.012060.07507
Figure A6. Sensitivity Analysis for the Top event (3).
Figure A6. Sensitivity Analysis for the Top event (3).
Ijerph 14 00705 g011
Table A10. Sensitivity Analysis for the Top event (4).
Table A10. Sensitivity Analysis for the Top event (4).
Top Event (4) Fuel Spill in Tank Truck Loading Area
Equations SystemA = B + C = (3 × 1) + (4 × 1) + (5 × 1) + (2 × 6) + (2 × 7) + (2 × 8)
Event 1BCAEvent 2BCA
0.89660.08721.62461.71180.89660.08531.66161.7469
0.89160.08681.62461.71130.89160.08531.65241.7377
0.88660.08631.62461.71080.88660.08531.64311.7284
0.88160.08581.62461.71040.88160.08531.63381.7191
0.87660.08531.62461.70990.87660.08531.62461.7099
0.87160.08481.62461.70940.87160.08531.61531.7006
0.86660.08431.62461.70890.86660.08531.60601.6913
0.86160.08381.62461.70840.86160.08531.59681.6821
0.85660.08331.62461.70790.85660.08531.58751.6728
Event 3BCAEvent 4BCA
0.000900.085311.62461.709890.08970.08701.62461.7116
0.000890.085311.62461.709880.08920.08661.62461.7112
0.000890.085301.62461.709880.08870.08621.62461.7107
0.000930.085341.62461.709910.09270.08971.62461.7143
0.000880.085301.62461.709870.08770.08531.62461.7099
0.000870.085291.62461.709870.08720.08491.62461.7094
0.000870.085291.62461.709860.08670.08441.62461.7090
0.000860.085281.62461.709860.08620.08401.62461.7086
0.000860.085281.62461.709850.08570.08351.62461.7081
Event 5BCAEvent 6BCA
0.00900.08551.62461.71000.89660.08531.64211.7274
0.00890.08541.62461.71000.89160.08531.63771.7230
0.00890.08541.62461.71000.88660.08531.63331.7186
0.00930.08571.62461.71030.88160.08531.62901.7143
0.00880.08531.62461.70990.87660.08531.62461.7099
0.00830.08491.62461.70940.87160.08531.62021.7055
0.00780.08441.62461.70900.86660.08531.61581.7011
0.00730.08401.62461.70860.86160.08531.61141.6967
0.00680.08351.62461.70810.85660.08531.60701.6923
Event 7BCAEvent 8BCA
0.89660.08531.64211.72740.12010.08531.64211.7274
0.89160.08531.63771.72300.11510.08531.63771.7230
0.88660.08531.63331.71860.11010.08531.63331.7186
0.88160.08531.62901.71430.10510.08531.62901.7143
0.87660.08531.62461.70990.10010.08531.62461.7099
0.87160.08531.62021.70550.09510.08531.62021.7055
0.86660.08531.61581.70110.09010.08531.61581.7011
0.86160.08531.61141.69670.08510.08531.61141.6967
0.85660.08531.60701.69230.08010.08531.60701.6923
Figure A7. Sensitivity Analysis for the Top event (4).
Figure A7. Sensitivity Analysis for the Top event (4).
Ijerph 14 00705 g012

References

  1. Tixier, J.; Dusserre, G.; Salvi, O.; Gaston, D. Review of 62 analysis methodologies of industrial plants. J. Loss Prev. Process Ind. 2002, 15, 291–303. [Google Scholar] [CrossRef]
  2. Planas, E.; Arnaldos, J.; Darbra, R.M.; Muñoz, M.; Pastor, E.; Vílchez, J.A. Historical evolution of process safety and major-accident hazards prevention in Spain. Contribution of the pioneer Joaquim Casal. J. Loss Prev. Process Ind. 2014, 28, 109–117. [Google Scholar] [CrossRef]
  3. Woodruff, J.M. Consequence and likelihood in risk estimation: A matter of balance in UK health and safety risk assessment practice. Saf. Sci. 2005, 43, 345–353. [Google Scholar] [CrossRef]
  4. Reniers, G.L.L.; Dullaert, W.; Ale, B.J.M.; Soudan, K. Developing an external domino prevention framework: Hazwin. J. Loss Prev. Process Ind. 2005, 18, 127–138. [Google Scholar] [CrossRef]
  5. Høj, N.P.; Kröger, W. Risk analyses of transportation on road and railway from a European perspective. Saf. Sci. 2002, 40, 337–357. [Google Scholar] [CrossRef]
  6. Haimes, Y.Y. Risk Modelling, Assessment and Management, 3rd ed.; John Wiley & Sons Inc.: San Francisco, CA, USA, 2009. [Google Scholar]
  7. Marhavilas, P.K.; Koulouriotis, D.; Gemeni, V. Risk analysis and assessment methodologies in the work sites: On a review, classification and comparative study of the scientific literature of the period 2000–2009. J. Loss Prev. Process Ind. 2011, 24, 477–523. [Google Scholar] [CrossRef]
  8. Center for Chemical Process Safety (CCPS). Guidelines for Engineering Design for Process Safety, 2nd ed.; American Institute of Chemical Engineers: New York, NY, USA, 1993. [Google Scholar]
  9. European Union. Directive 2012/18/EU of the European Parliament and the Council of 4th of July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing directive 96/82/EC. Off. J. Eur. Union 2012, 1–37. [Google Scholar]
  10. Persson, H.; Lönnermark, A. Tank Fires: Review of Fire Incidents 1951–2003; SP Swedish National Testing and Research Institute: Borås, Sweden, 2014. [Google Scholar]
  11. Hailwood, M.; Gawlowski, M.; Schalau, B.; Schönbucher, A. Conclusions drawn from the Buncefield and Naples incidents regarding the utilization of consequence models. Chem. Eng. Technol. 2009, 32, 207–231. [Google Scholar] [CrossRef]
  12. Casal, J.; Montiel, H.; Planas, E.; Vílchez, J.A. Análisis del Riesgo en Instalaciones Industriales; Edicions UPC: Barcelona, Spain, 1999. (In Spanish) [Google Scholar]
  13. Batista Abreu, J.; Godoy, L.A. Investigación de causas de explosiones en plantas petrolíferas: El accidente de Buncefield. Rev. Int. Desastres Nat. Accid. Infraest. Civ. 2009, 9, 187–202. (In Spanish) [Google Scholar]
  14. Willey, R.J.; Hendershot, D.C.; Berger, S. The accident in Bhopal: Observations 20 years later. Process. Saf. Prog. 2007, 26, 180–184. [Google Scholar] [CrossRef]
  15. Homberger, E.; Reggiani, G.; Sambeth, J.; Wipf, H.K. Seveso Accident, its nature, extent and consequences. Ann. Occup. Hyg. 1979, 22, 327–370. [Google Scholar] [PubMed]
  16. International Standard Organization (ISO). Risk Management. In Principles and Guidelines on Implementation; ISO 31000:2010; ISO: Geneva, Switzerland, 2010. [Google Scholar]
  17. Federación Empresarial de la Industria Química Española (FEIQUE). Estadísticas\Radiografía Económica del Sector Químico 2016. Available online: www.feique.org/pdfs/Radiografia_Economica_del_sector_2016.pdf (accessed on 17 January 2017). (In Spanish).
  18. Federación Empresarial de la Industria Química Española (FEIQUE). Estadísticas de Seguridad\Informe de Siniestrabilidad 2013. Available online: www.feique.org/pdfs/informeseguridad2015.pdf (accessed on 17 January 2017). (In Spanish).
  19. European Union. Directive 82/501/CEE of the Council of 24 June 1982 on the major accident hazards of certain industrial activities. Off. J. Eur. Union 1982, 1, 1–18. [Google Scholar]
  20. European Union. Directive 96/82/EC of 9 December 1996 on the control of major-accident hazards involving dangerous substances. Off. J. Eur. Union 1996, 1, 13–33. [Google Scholar]
  21. Dirección General de Protección Civil (DGPC). ¿Qué Hacemos?/Riesgos: Prevención y Planificación/Tecnológicos/Químicos/Distribución. Available online: www.proteccioncivil.es/riesgos/quimicos/distribucion (accessed on 17 January 2017). (In Spanish).
  22. Kletz, T.A. What you don’t have can’t leak. Chem. Ind. 1978, 6, 287–292. [Google Scholar]
  23. Kletz, T.A. HAZOP and HAZAN. In Identifying and Assessing Process Industry Hazards, 4th ed.; IChemE: Rugby, UK, 1999. [Google Scholar]
  24. International Electrotechnical Commission (IEC). Hazard and Operability Studies (HAZOP Studies)—Application Guide; IEC 61882:2001; IEC: Geneva, Switzerland, 2016. [Google Scholar]
  25. National Institute of Health and Safety at Work (NIHSW). Papers Prevention. Nº 238: HAZOP at Processing Facilities. Available online: www.insht.es/InshtWeb/Contenidos/Documentacion/FichasTecnicas/NTP/Ficheros/201a300/ntp_238.pdf (accessed on 13 July 2015). (In Spanish).
  26. Dunjó, J.; Fthenakis, V.; Vílchez, J.A.; Arnaldos, J. Hazard and operability (HAZOP) analysis. A literature review. J. Hazard. Mater. 2009, 173, 19–32. [Google Scholar] [CrossRef] [PubMed]
  27. Demichela, M.; Camuncoli, G. Risk based decision making. Discussion on two methodological milestones. J. Loss Prev. Process Ind. 2014, 28, 101–108. [Google Scholar] [CrossRef]
  28. Mitkowski, P.T.; Bal, S.K. Integration of Fire and Explosion Index in 3D Process Plant Design Software. Chem. Eng. Technol. 2015, 38, 1212–1222. [Google Scholar] [CrossRef]
  29. Bendixen, L.; O’Neill, J.K. Chemical plant risk assessment using HAZOP and fault tree methods. Plant Oper. Prog. 1984, 3, 179–184. [Google Scholar] [CrossRef]
  30. Ozog, H. Hazard identification, analysis and control: A systematic way to assess potential hazards helps promote safer design and operation of new and existing plants. Chem. Eng. 1985, 92, 161–170. [Google Scholar]
  31. Ozog, H.; Bendixen, L. Hazard identification and quantification: The most effective way to identify, quantify, and control risks is to combine a hazard and operability study with fault tree analysis. Chem. Eng. Prog. 1987, 83, 55–64. [Google Scholar]
  32. Demichela, M.; Marmo, L.; Piccinini, N. Recursive operability analysis of a complex plant with multiple protection devices. Reliab. Eng. Syst. Saf. 2002, 77, 301–308. [Google Scholar] [CrossRef]
  33. Cozzani, V.; Bonvicini, S.; Spadoni, G.; Zanelli, S. Hazmat transport: A methodological framework for the risk analysis of marshalling yards. J. Hazard. Mater. 2007, 147, 412–423. [Google Scholar] [CrossRef] [PubMed]
  34. Casamirra, M.; Castiglia, F.; Giardina, M.; Lombardo, C. Safety studies of a hydrogen refuelling station: Determination of the occurrence frequency of the accidental scenarios. Int. J. Hydrogen Energy 2009, 34, 5846–5854. [Google Scholar] [CrossRef]
  35. Kim, E.; Lee, K.; Kim, J.; Lee, Y.; Park, J.; Moon, I. Development of Korean hydrogen fuelling station codes through risk analysis. Int. J. Hydrogen Energy 2011, 36, 13122–13131. [Google Scholar] [CrossRef]
  36. International Standard Organization (ISO). Risk Management. In Risk Assessment Techniques; ISO 31010:2011; ISO: Geneva, Switzerland, 2011. [Google Scholar]
  37. Vesely, W.E.; Goldberg, F.F.; Roberts, N.H.; Haasl, D.F. Fault Tree Handbook; NUREG-0492; Nuclear Regulatory Commission: Rockville, MD, USA, 1981. [Google Scholar]
  38. Segovia Andújar, R. Proyecto de Ejecución de Nueva estación de descarga de productos inflamables en el muelle norte del puerto de Valencia. In Autoridad Portuaria de Valencia; Ministerio de Fomento: Madrid, Spain, 2006. (In Spanish) [Google Scholar]
  39. Terminales Portuarias SL (TEPSA). Declaración Ambiental y Responsabilidad Social Corporativa. Available online: www.tepsa.es (accessed on 14 July 2015). (In Spanish).
  40. Boletín Oficial del Estado. Royal Decree 1254/1999 of 16 July, on the Control of Major-Accident Hazards Involving Dangerous Substances; Boletín Oficial del Estado: Madrid, Spain, 1999; Volume 172, pp. 27167–27180. (In Spanish) [Google Scholar]
  41. Chang, J.I.; Lin, C.C. A study of storage tank accidents. J. Loss Prev. Process Ind. 2006, 19, 51–59. [Google Scholar] [CrossRef]
  42. Aneziris, O.N.; Papazoglou, I.A.; Konstantinidou, M.; Nivolianitou, Z. Integrated risk assessment for LNG terminals. J. Loss Prev. Process Ind. 2014, 28, 23–35. [Google Scholar] [CrossRef]
  43. Batista Abreu, J.; Godoy, L.A. Investigación de causas de explosiones en una planta de almacenamiento de combustible en Puerto Rico. Rev. Int. Desastres Nat. Accid. Infraest. Civ. 2011, 11, 109–122. (In Spanish) [Google Scholar]
  44. Taveau, J. Explosion of Fixed Roof Atmospheric Storage Tanks, Part 1: Background and Review of Case Histories. Process Saf. Prog. 2011, 30, 381–392. [Google Scholar] [CrossRef]
  45. National Institute of Health and Safety at Work (NIHSW). Papers Prevention. Nº 333: Probabilistic Risk Analysis: Fault Tree Analysis. Available online: www.insht.es/InshtWeb/Contenidos/Documentacion/FichasTecnicas/NTP/Ficheros/301a400/ntp_333.pdf (accessed on 14 July 2015). (In Spanish).
  46. Ronza, A.; Carol, S.; Espejo, V.; Vílchez, J.A.; Arnaldos, J. A quantitative risk analysis approach to port hydrocarbon logistics. J. Hazard. Mater. 2006, 128, 10–24. [Google Scholar] [CrossRef] [PubMed]
  47. International Association of Oil and Gas Producers (IAOGP). Storage Incident Frequencies. In Risk Assessment Data Directory; Report No. 434-3; OGP: London, UK, 2010; Available online: http://www.ogp.org.uk/pubs/434-03.pdf (accessed on 16 July 2015).
Figure 1. Methodology of study.
Figure 1. Methodology of study.
Ijerph 14 00705 g001
Figure 2. HAZard and OPerability analysis (HAZOP) process.
Figure 2. HAZard and OPerability analysis (HAZOP) process.
Ijerph 14 00705 g002
Figure 3. Three areas of activity.
Figure 3. Three areas of activity.
Ijerph 14 00705 g003
Figure 4. Top event fault tree (1).
Figure 4. Top event fault tree (1).
Ijerph 14 00705 g004
Figure 5. Sensitivity Analysis for the Top event (1).
Figure 5. Sensitivity Analysis for the Top event (1).
Ijerph 14 00705 g005
Table 1. HAZard and OPerability analysis (HAZOP) guide word method. Source: ISO 31010: 2011 [27].
Table 1. HAZard and OPerability analysis (HAZOP) guide word method. Source: ISO 31010: 2011 [27].
Guide WordMeaningExample of Deviation
NOAbsence of the variable to which it appliesNo flow in line
LESSQuantitative reductionLess flow
MOREQuantitative increaseHigher temperature
OTHERPartial or total replacementOther substances were added
INVERSEOpposite function to design intentionReturn flow
PART OFQualitative decline. Only part of what should happen occursPart of volume required by recipe was added
IN ADDITIONQualitative increase. More is produced than intendedIn addition of the amount of water of the process was added
Table 2. Symbols used in fault trees. Source: ISO 31.010:2011 [27] and Vesely et al. [37].
Table 2. Symbols used in fault trees. Source: ISO 31.010:2011 [27] and Vesely et al. [37].
SymbolMeaningDescription
Ijerph 14 00705 i001Logic gate ANDThe output event happens only if all input events happen
Ijerph 14 00705 i002Logic gate ORThe output event occurs if any of the input events happen
Ijerph 14 00705 i003Basic eventFailure of a component that has no identifiable primary cause. It is the highest level of detail in the tree
Ijerph 14 00705 i004Undeveloped eventFailure of a component with a primary cause undeveloped because of lack of information
Ijerph 14 00705 i005Intermediate eventA fault event that occurs because of one or more antecedents causes acting through logic gates
Table 3. Systems, subsystems, and nodes for HAZOP analysis.
Table 3. Systems, subsystems, and nodes for HAZOP analysis.
SystemSub-SystemNodes
1Unloading ship1.1Connection ship terminal1.1.1Docking ship at terminal
1.1.2Extension of marine loading arm
1.1.3Joining of marine arm and manifold
1.2Transfer to tanks1.2.1Opening of valves
1.2.2Product movement
1.2.3Closure of valves
1.2.4Cleaning of tubes
2Storage of product in tanks2.1Filling tanks2.1.1Opening tank valves
2.1.2Filling tank
2.1.3Closing tank valves
2.2Product storage2.2.1Product storage
3Loading product in tank truck3.1Arrival at loading station3.1.1Positioning of tank truck
3.1.2Flexible hose connection to tank truck
3.2Transfer from tanks3.2.1Opening tank truck valves
3.2.2Transfer and filling of tank
3.2.3Valve closure
Table 4. Guide Words and Parameters used in the HAZOP analysis.
Table 4. Guide Words and Parameters used in the HAZOP analysis.
ID SystemID Sub-SystemID NodesGuide WordParameter
11.11.1.1Wrong/MoreMooring/Speed
1.1.2Other/No/LessDirection/Movement/Safety
1.1.3Other/No/No/LessElement/Connection/Electrical Isolation /Safety
1.21.2.1No/Less/More/More/MoreFlow/Flow/Speed/Static Electricity/Corrosion
1.2.2More-Less/Less/Less/More/Yes/MorePressure/Maintenance/Flow/Static Electricity/Collision/Corrosion
1.2.3Yes/More/More-Less/More/MoreFlow/Speed/Pressure/Static Electricity/Corrosion
1.2.4No/LessCleaning/Pressure
22.12.1.1No/Less/More/More/MoreFlow/Flow/Speed/Static Electricity/Corrosion
2.1.2More/MoreLevel/Static electricity
2.1.3Yes/More/More-Less/More/MoreFlow/Speed/Pressure/Static Electricity/Corrosion
2.22.2.1Yes/More/More/LessFlammability/Corrosion/Pressure/Maintenance
33.13.1.1Wrong/Wrong/DifferentEntry into the loading bay/Manoeuvrability at the loading bay/Loading position
3.1.2Less/LessConnection/Safety
3.23.2.1No/Less/More/More/MoreFlow/Flow/Speed/Static Electricity/Corrosion
3.2.2More/No/Yes/More/LessLevel/Connection/Stop filled/Static Electricity/Safety
3.2.3Yes /More/More-Less/More/MoreFlow/Speed/Pressure/Static Electricity/Corrosion
ID: Identity.
Table 5. Example of HAZOP analysis for nodes 2.1.1 and 2.1.2.
Table 5. Example of HAZOP analysis for nodes 2.1.1 and 2.1.2.
Node 2.1.1: Tank Opening ValvesSystem 2: Product Storage in Tank
Sub-System 2.1: Filling Tank
Guide WordVariableDeviationPossible CausesPossible ConsequencesComments and Corrective Measures
MoreStatic electricityAccumulation of static electricity than expectedCirculation of liquid in the valve.
Bad earth grounding.
Possible risk of explosion if difference in electrical potential occur.The faster the speed of flow, the greater charge generated.
Valves and flanges that are completely painted should be conductively bridged and earthed.
MoreCorrosionMore corrosion of materials than expectedExposure to corrosive environment.
Attack of impurities at points with imperfections or fatigue.
Lack of maintenance.
Uniform deterioration of surface of valve (general corrosion).
Reduction in the useful life (weakening).
The best way to avoid corrosion is to select the most resistant alloy for the valve– depending on the corrosive nature of the fluids.
When damage is minor and possible to repair the body of the valve—at least provisionally—with a metal weld or with epoxy resin (for low pressures and temperatures).
Node 2.1.2: Filling TankSystem 2: Product Storage in Tank
Sub-System 2.1: Filling Tank
Guide WordVariableDeviationPossible CausesPossible ConsequencesComments and Corrective Measures
MoreLevelMore level than expected (overfill)Faulty level sensor.
Incorrect valve setting.
Supervisor failure to recognise problems.
Product over flow.
Spill of liquid down external tank walls.
Formation of inflammable atmosphere as fuel hits floor.
If source of ignition exists there is serious risk of explosion and/or pool fire with chain reaction to affect nearby tanks.
Activate tank vents to reduce or stop emissions of vapour.
Staff training.
Renewal of level sensors.
Verification of state of all valves.
Automatic level alarms as operator activated redundant safety devices.
Use of indicators that measure volume to avoid confusion with specific weight.
Spill containment berm system should have a capacity greater than the tanks (including safety percentage).
MoreStatic electricityAccumulation of static electricity than expectedLiquid projected by jet.
Liquid enters tank being filled. Movement of liquid in tank causing turbulence and splashing.
Production of electrostatic sparks with sufficient energy to cause ignition.
Generation of extremely serious fires and/or explosions.
As a safety measure, it is recommended that the filling tube is always below the liquid surface level (meaning that it reaches the floor), or if not possible, the flow should be reduced.
Fluids should slide along the walls of tanks so that charges can dissipate through the earthed protective coverings.
Speed of fluid should not exceed 7 m/s.
Air humidity should be around 60%.
Table 6. Qualitative evaluation of top event (1).
Table 6. Qualitative evaluation of top event (1).
Top Event (1) Fuel Spill Ship-Terminal Unloading Area
Equations SystemBoolean Equation
A = B + CA = (3 × 1) + (4 × 1) + (8 × 1) + (9 × 1) + (5 × 2) + (6 × 2) + (7 × 2)
B = D × 1
C = E × 2
D = 3 + 4 + F
E = 5 + 6 + 7
F = 8 + 9
Table 7. Top event failure frequencies (1).
Table 7. Top event failure frequencies (1).
Top Event (1) Fuel Spill in Ship-Terminal Area
Basic EventDescriptionFailure Frequency (year−1)
1Operator failure8.8 × 10−2
2Operator distracted1.8 × 10−1
3Ship collision with another in transit6.0 × 10−4
4Manoeuvring collision against jetty3.3 × 10−1
5Corrosion4.4 × 10−3
6Badly connected loading arm8.8 × 10−1
7Damaged connection caused by inadequate use8.8 × 10−2
8Loading arm damaged by inadequate use8.8 × 10−2
9Manufacturing defect8.8 × 10−3
BLeakage caused by broken loading arm3.7 × 10−2
CConnection leak1.7 × 10−1
A = B + CTop event (1)2.1 × 10−1
Table 8. Results of quantitative analysis.
Table 8. Results of quantitative analysis.
DescriptionFrequency of Failure (year−1)Importance (%)
Top event (1): Fuel spill in ship-terminal unloading area0.2110.54
Leakage caused by broken loading arm0.0372.00
Connection leak0.178.53
Top event (2): Fuel leak in pipelines0.00810.41
Breakage caused by cracking0.00610.31
Undetected leak0.00200.10
Top event (3): Leak in storage tank0.0753.76
Overfilling0.0633.16
Loss of leak tightness0.0120.60
Top event (4): Fuel spill in tank truck loading area1.785.29
Leak caused by broken hose0.0855.02
Connection leak1.680.28
Table 9. Sensitivity Analysis for the Top event (1).
Table 9. Sensitivity Analysis for the Top event (1).
Top Event (1) Fuel Spill Ship-Terminal Unloading Area
Equations SystemA = B + C = (3 × 1) + (4 × 1) + (8 × 1) + (9 × 1) + (5 × 2) + (6 × 2) + (7 × 2)
Event 1BCAEvent 2BCA
0.10770.04600.16980.21580.19530.03750.18920.2266
0.10270.04390.16980.21370.19030.03750.18430.2218
0.09770.04170.16980.21150.18530.03750.17950.2170
0.09270.03960.16980.20940.18030.03750.17470.2121
0.08770.03750.16980.20730.17530.03750.16980.2073
0.08270.03530.16980.20510.17030.03750.16500.2024
0.07770.03320.16980.20300.16530.03750.16010.1976
0.07270.03100.16980.20090.16030.03750.15530.1927
0.06770.02890.16980.19870.15530.03750.15040.1879
Event 3BCAEvent 4BCA
0.00080.03750.16980.20730.35020.03920.16980.2090
0.00080.03750.16980.20730.34520.03880.16980.2086
0.00070.03750.16980.20730.34020.03830.16980.2081
0.00070.03750.16980.20730.33520.03790.16980.2077
0.00060.03750.16980.20730.33020.03750.16980.2073
0.00060.03740.16980.20730.32520.03700.16980.2068
0.00050.03740.16980.20730.32020.03660.16980.2064
0.00050.03740.16980.20730.31520.03610.16980.2060
0.00040.03740.16980.20730.31020.03570.16980.2055
Event 5BCAEvent 6BCA
0.00460.03750.16990.20730.89660.03750.17330.2108
0.00450.03750.16980.20730.89160.03750.17240.2099
0.00450.03750.16980.20730.88660.03750.17160.2090
0.00440.03750.16980.20730.88160.03750.17070.2081
0.00440.03750.16980.20730.87660.03750.16980.2073
0.00430.03750.16980.20730.87160.03750.16890.2064
0.00430.03750.16980.20730.86660.03750.16810.2055
0.00420.03750.16980.20720.86160.03750.16720.2046
0.00420.03750.16980.20720.85660.03750.16630.2038
Event 7BCAEvent 8BCA
0.08970.03750.17020.20760.08970.03760.16980.2074
0.08920.03750.17010.20750.08920.03760.16980.2074
0.08870.03750.17000.20740.08870.03750.16980.2074
0.08820.03750.16990.20740.08820.03750.16980.2073
0.08770.03750.16980.20730.08770.03750.16980.2073
0.08720.03750.16970.20720.08720.03740.16980.2072
0.08670.03750.16960.20710.08670.03740.16980.2072
0.08620.03750.16960.20700.08620.03730.16980.2071
0.08570.03750.16950.20690.08570.03730.16980.2071
Event 9BCA
0.00900.03750.16980.2073
0.00890.03750.16980.2073
0.00890.03750.16980.2073
0.00880.03750.16980.2073
0.00880.03750.16980.2073
0.00870.03740.16980.2073
0.00870.03740.16980.2073
0.00860.03740.16980.2073
0.00860.03740.16980.2073

Share and Cite

MDPI and ACS Style

Fuentes-Bargues, J.L.; González-Cruz, M.C.; González-Gaya, C.; Baixauli-Pérez, M.P. Risk Analysis of a Fuel Storage Terminal Using HAZOP and FTA. Int. J. Environ. Res. Public Health 2017, 14, 705. https://doi.org/10.3390/ijerph14070705

AMA Style

Fuentes-Bargues JL, González-Cruz MC, González-Gaya C, Baixauli-Pérez MP. Risk Analysis of a Fuel Storage Terminal Using HAZOP and FTA. International Journal of Environmental Research and Public Health. 2017; 14(7):705. https://doi.org/10.3390/ijerph14070705

Chicago/Turabian Style

Fuentes-Bargues, José Luis, Mª Carmen González-Cruz, Cristina González-Gaya, and Mª Piedad Baixauli-Pérez. 2017. "Risk Analysis of a Fuel Storage Terminal Using HAZOP and FTA" International Journal of Environmental Research and Public Health 14, no. 7: 705. https://doi.org/10.3390/ijerph14070705

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop