A second variation involves pre-developed data-gathering tables. The process should lead the team through systems, subsystems,
potential hazards, events that could lead to a hazardous situation or accident, the consequences and severity of the situation
or accident, and recommendations to prevent the situation or accident. Data used could be based on similar processes or equipment
as well as estimations of hazards (such as toxicity and flammability). PRAs are a first approximation of risk and can be used
as a high-level, "quick and dirty" decision-making process. As more is learned about a process or product, other risk analysis
techniques can be used.
Figure 2. Example of a HazOps Worksheet
|
Hazard and Operability Studies (HazOpS)
HazOpS (also written as "HAZOPS") was developed in the 1960s by the chemical industry. It is a systematic, inductive evaluation
of a process to identify how deviations from the intended design and functionality can occur, the impact of these deviations,
and how they can be corrected. HazOpS uses a defined set of guide words (for example, no, more, less, part of, reverse) applied
to a set of parameters (for example, flow, pressure, temperature, sampling, maintenance). A pair is evaluated against a node
— an identified point in a process that could potentially fail in some way — resulting in a table of situations that might
result in failure, along with the consequences and specific causes (Figure 2). These results are evaluated and corrective
actions are identified and implemented. The strength of HazOpS is its structure and formality, since each of the guidewords
and parameters must be considered. HazOpS reviews take time — one estimate is 200 person-hours per $2 million of capital investment
evaluated.18
Figure 3. Example of an FTA Diagram
|
Fault Tree Analysis (FTA)
FTA is a graphical way of showing the undesired top event (a failure, incident, or accident) and then determining the underlying
fault events that could contribute to it. Developed for the aerospace industry, FTA is a deductive method that uses symbols
such as "gates" and "events" that are combined in such a way to show how a failure can be caused by chains of causally related
events. FTA diagrams (Figure 3) are created for each possible failure or accident in a system. FTA can produce complex documents
that are not easily comparable to process flow diagrams or piping and instrumentation drawings. To some, creating FTAs is
more of an art than a science, since analysts can create different yet equivalent drawings.19
Failure Mode and Effects Analysis (FMEA)
FMEA and its slightly more complex derivation, Failure Mode, Effects, and Criticality Analysis (FMECA), are two of the more
common risk assessment methods used in the medical device industry. These quantitative methods, applied to a component or
part of a system, identify all possible failure modes and their effect on surrounding components and the system. A table or
spreadsheet is created listing the failure modes, causes, symptoms, effects on other components and the overall system, a
quantitative estimate on the frequency of occurrence, a quantitative estimate on the severity of the failure, a quantitative
estimate on the chance of detection, and possible ways to reduce or eliminate the failure.
Multiplying the estimates of the frequency, severity, and chance of detection provides a numerical risk factor that can be
used to evaluate whether or not the risk is acceptable or needs to be controlled in some way. FMECA can also use statistical
and historical failure data to quantitatively determine the probability of a failure. Kieffer, Bureau, and Borgmann describe
applications of FMEA in the manufacture of liquids, tablets, and packaging processes.20
Figure 4. Example of an ETA Diagram
|
Event Tree Analysis (ETA)
ETA is another qualitative (and potentially quantitative), structured, graphical, inductive tool used to examine the impact
of an incident and its interactions with various systems. Using the initial failure and the safety or control systems that
are in place, the ETA team asks what would happen if each safety system was successful or failed at each point in a sequential
or chronological timeline. Different outcomes are identified and described (Figure 4). ETA is useful for both new and modified
systems and for assessing the adequacy of existing systems and controls. ETA also can assess operator responses to an incident.
This tool is extremely useful in evaluating GMP systems and process controls.
|
