Wednesday, 14 April 2021

Double Jeopardy & Process Hazard Analysis

Hey guys, hope you are doing well. Today we are discussing "Double Jeopardy" which creates regular dilemma and stirs up arguments during PHA sessions. If you have participated as a team member or facilitated or scribed in a PHA session, you would be aware of the term "Double Jeopardy". When someone declares, “That’s double jeopardy,” during a PHA, they are definitely not fighting a legal case in court where double jeopardy prevents a person from being tried in court twice for the same offense. Instead, they are arguing that because two things have to go wrong to cause a scenario, the likelihood is so low that it is not credible and there is no need to consider the scenario.

 "Double jeopardy" is defined as the simultaneous occurrence of two independent initiating events or other revealed failures. Double Jeopardy is not a discussion on multiple layers of protection as every scenario should have multiple layers of protection against the final unmitigated consequence. It is also not a deviation combined with failure of a safeguard that remains hidden.

Can two things go wrong at a time? Of course, they can. But, do two things go wrong at a time? Yes, and majority of previous process incidents are the result of multiple failures as they involve a latent failure or are caused by a common mode of failure. We cannot cover all multiple failure scenarios in a PHA but some must be considered and analyzed further to ensure adequate controls are in place. 

It can be argued that safeguards against single failures will also protect against multiple failures as they help to protect against the individual contributors of the multiple failures, and hence it is sufficient to address single failures and that multiple failures need not be addressed. Certainly, actions taken to prevent single failures that contribute to multiple failures will help to prevent the multiple failures. However, if multiple failure scenarios are dependent including failures which can disable multiple equipment simultaneously, such as the loss of control system power like DCS or PLC system. These common failure modes effects can be difficult to identify but can make simultaneous occurrence of failure scenarios credible. For example:

  • In a reactor, if the agitator and cooling water fail simultaneously, it will not be considered as double jeopardy, since loss of power can be a common failure mode.
  • In a vessel with dual relief valves but possibility of plugging of nozzle, simultaneous failure of relief valve is possible and should be considered in PHA.
Multiple failure scenarios might also have more severe consequences as compared to one of the contributing scenarios. Multiple failure scenarios may need additional safeguards beyond those taken to protect against the single failures. Also, protective actions against single failure events may not have been taken as they may have been deemed unnecessary for the lesser consequences involved. For example, the scenario with the failure of both relief valves is more serious than a scenario with the failure of either one alone. For failure of one relief valve, we would have argued that we have an additional relief valve. But in case of failure of both with common cause of plugging, we will be without safeguards. Similarly for the reactor example mentioned above, agitator failure might lead to accumulation of reactants and cooling water failure will not allow removal of excess heat generated leading to a possible runaway reaction. 

Also, if a failure is a latent failure which means that it remains undetected long enough such that the second failure could also occur leading to a hazardous scenario. In such a case of latent failure multiple failure scenarios cannot be excluded from PHA as double jeopardy. Similarly, it has to be considered in PHA if a failure has been detected, but the repair time is long such that a second failure could occur during that time.

It is important to understand which multiple failure causes qualify as double jeopardy, and which causes are not considered as double jeopardy and therefore should be considered in the PHA. Many PHA participants are too quick to dismiss a cause because it appears to fall into the double jeopardy assumption. If these causes are wrongly dismissed, important hazardous scenarios may be missed and significant risk gap remains unidentified. 

Hope this is clear. Feel free to send your questions, comments and topics for future blogs on himanshuchichra@gmail.com
on
Labels: , , , , , , , ,
Location: New Delhi, Delhi 110052, India

6 comments:

  1. Petronext International20 May 2021 at 12:11

    This is a fantastic post. I found this blog to be quite interesting and informative. Continue to share more insightful posts. Also check out Fire and Safety Companies in Sharjah.

    ReplyDelete
  2. Foam Tech24 July 2021 at 12:44


    Thank you for sharing the valuable content

    Foamtech Antifire Company is a leading Fire Fighting Foam Manufacturers Company. And ISO 9001:2015, 14001:2015 & ISO 45001:2018 certified, the company deals in a wide range of products, meeting national and international standards. And also avail Dry Chemcial Powder at best price, With the base of high class Engineering technology and superior quality of work with base of our customer needs.

    ReplyDelete
  3. Unknown14 August 2021 at 12:44

    Great Blog Thank you so much for sharing this.

    Industrial Fire Evacuation Plan

    ReplyDelete
  4. India Shine16 October 2021 at 17:12

    I read a lot of information but I got the useful information I needed from here.

    Read More, What Benefits LIC Jeevan Lakshya?

    ReplyDelete
  5. Indsafe24 February 2022 at 23:47

    Information is pretty good and impressed me a lot. This article is quite in-depth and gives a good overview of the topic. If you are looking for Process Safety Gap Assessment than contact us.

    ReplyDelete
  6. Anonymous2 December 2023 at 12:55

    Your blog consistently delivers valuable insights. I look forward to your posts every week!

    High Pressure Magnetic Drive Pump

    ReplyDelete

Subscribe to: Post Comments (Atom)