General Reference

LOPA Data Model

The following diagram shows how the families used in LOPA are related to one another.

Note: In the diagram, boxes represent entity families and arrows represent relationship families that are configured in the baseline database. You can determine the direction of the each relationship definition from the direction of the arrow head: the box from which the arrow originates is the predecessor, and the box to which the arrow head points is the successor.

The Has LOPA relationship between Hazards Analysis Consequence and LOPA is used only if you create or link a LOPA with a Consequence in Hazards Analysis.

Apart from the families shown in the data model, the following families are also used in LOPA to populate certain fields in datasheets:

LOPA Security Groups

The following table lists the baseline Security Groups available for users within this module, as well as the baseline Roles to which those Security Groups are assigned.

Important: Assigning a Security User to a Role grants that user the privileges associated with all of the Security Groups that are assigned to that Role. To avoid granting a Security User unintended privileges, before assigning a Security User to a Role, be sure to review all of the privileges associated with the Security Groups assigned to that Role. Also, be aware that additional Roles, as well as Security Groups assigned to existing Roles, can be added via Security Manager.

Security Group	Roles
MI HA Administrator	MI Safety Admin
MI HA Facilitator	MI Safety Admin MI Safety Power MI Safety User
MI HA Member	MI Safety Admin MI Safety Power MI Safety User
MI HA Owner	MI Safety Admin MI Safety Power
MI Hazards Viewer	MI APM Viewer MI Safety Admin MI Safety Power MI Safety User
MI SIS Administrator	MI Safety Admin
MI SIS Engineer	MI Safety Admin MI Safety Power MI Safety User
MI SIS User	MI Safety Admin MI Safety Power MI Safety User
MI SIS Viewer	MI APM Viewer MI Safety Admin MI Safety Power MI Safety User MI SIS Engineer

The baseline family-level privileges that exist for these Security Groups are summarized in the following table.

Family	MI HA Administrator	MI HA Facilitator	MI HA Member	MI HA Owner	MI Hazards Viewer	MI SIS Administrator	MI SIS Engineer	MI SIS User	MI SIS Viewer
Entity Families
Active IPL	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
Asset Safety Preferences	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
Consequence Adjustment Probability	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
Consequence Modifier	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Consequence Modifier Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Hazards Analysis Safeguard	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Hazards Analysis Safeguard Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Human IPL	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
Initiating Event	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
IPL Checklist	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
IPL Checklist Revision	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
LOPA	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
LOPA Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Passive IPL	View, Update, Insert, Delete	View	View	View	View	View, Update, Insert, Delete	View	View	View
Safety Integrity Level	None	None	None	None	None	View, Update, Insert, Delete	View	View	View
Relationship Families
Consequence Revision Has Safeguard Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has Consequence Modifier	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has Consequence Modifier Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has Functional Location	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has Independent Protection Layer	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has IPL Checklist Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has LOPA	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has LOPA Revision	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Has Risk	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View
Is Independent Protection Layer	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View	View, Update, Insert, Delete	View, Update, Insert, Delete	View	View

LOPA URLs

There is one URL route associated with LOPA: asset-safety/lopa. The following table describes the various paths that build on the route, and the elements that you can specify for each.

Element	Description	Accepted Value(s)	Notes
asset-safety/lopa/admin: Displays the LOPA Admin page.
asset-safety/lopa/overview: Displays the LOPA Overview page.
asset-safety/lopa/<EntityKey>: Displays the LOPA Summary workspace of the LOPA with the specified Entity Key.
<EntityKey>	Specifies the Entity Key of the LOPA that you want to access.	Any numeric Entity Key that corresponds to an existing LOPA.	This value is required to access an existing LOPA and its related records (i.e., Safeguards and Conditional Modifiers) from a URL.
asset-safety/lopa/overview/<AssetKey>: Displays the LOPA Overview page. The information on the page is filtered by the asset specified by the Asset Key.
<AssetKey>	Specifies the Asset Key of the asset based on which you want to filter information on the LOPA Overview page.	Any numeric Asset Key that corresponds to an existing asset.	None
asset-safety/lopa/revision/lopa/<EntityKey>: Displays the Revision History workspace of the LOPA with the specified Entity Key.
<EntityKey>	Specifies the Entity Key of the LOPA whose Revision History you want to access.	Any numeric Entity Key that corresponds to an existing LOPA.	This value is required to access the Revision History of an existing LOPA and its related records (i.e., Safeguards and Conditional Modifiers) from a URL.

URLs

Example URL	Destination
asset-safety/lopa/2996482	The LOPA Summary workspace of the LOPA with the Entity Key 2996482.
asset-safety/lopa/overview/64251832823	The LOPA Overview page appears. In the Under Review and Approved section, the list of LOPAs associated with the asset whose Asset Key is 64251832823 and with all assets within the hierarchy level of the specified asset appears.
asset-safety/lopa/revision/lopa/2996482	The Revision History workspace of the LOPA with the Entity Key 2996482.

LOPA System Code Tables

The following table lists the System Code Tables that are used by the Layers of Protection Analysis module.

Table ID	Table Description	Function
INIT_EVENT	Initiating events for LOPA	Populates the Initiating Event ID field in Initiating Event records.
MI_CONSQ_ADJ_PROB	Consequence Adjustment Probabilities	Populates the Modifier ID field in the Consequence Adjustment Probabilities records.
MI_IPL_TYPES_SAFEGUARD	Types of IPL	Populates the Type field in the Safeguard record.
MI_ACTIVE_IPL	Types of Active IPL	Populates the Active IPL ID field in Active IPL records.
MI_PASSIVE_IPL	Types of Passive IPL	Populates the Passive IPL ID field in Passive IPL records.
MI_HUMAN_IPL	Types of Human IPL	Populates the Human IPL ID field in Human IPL records.
MI_HAZOP_SAFEGUARD_TYPE	Types of Safeguards	Populates the Safeguard Type field in the Safeguard record.

About Calculations in LOPA

Calculating Unmitigated Consequence Frequency

Unmitigated Consequence Frequency = Frequency of Initiating Event x Probability of occurrence of Enabling Event x Probability of occurrence of Conditional Modifier

Where,

Frequency of Initiating Event is the value in the Frequency of Initiating Event field in LOPA.
Probability of occurrence of Enabling Event is the value in the Enabling Event/Conditional Probability field in LOPA.
Probability of occurrence of Conditional Modifier is the product of value in Probability field of all the Conditional Modifiers associated with the LOPA.

If Enabling Event/Condition Probability field is blank, a default value of 1 will be used in the calculation.

Calculating Total IPL PFD

Total IPL PFD = Product of value in PFD field of all the Safeguards associated with the LOPA

Calculating Mitigated Consequence Frequency

Mitigated Consequence Frequency = Unmitigated Consequence Frequency x Total IPL PFD

Where,

Unmitigated Consequence Frequency is the value in the Unmitigated Consequence Frequency field in LOPA
Total IPL PFD is the product of value in the PFD fields of all the Safeguards associated with the LOPA

If there are no IPLs associated with the LOPA, then Mitigated Consequence Frequency is equal to the Unmitigated Consequence Frequency.

Calculating Required PIF PFD

Required PIF PFD = Required Mitigated Consequence Frequency / Mitigated Consequence Frequency

Where,

Required Mitigated Consequence Frequency is the value in Required Mitigated Consequence Frequency in LOPA.
Mitigated Consequence Frequency is the value in the Mitigated Consequence Frequency field in LOPA.

Calculating Required PIF Risk Reduction Factor

Required PIF Risk Reduction Factor = 1/ Required PIF PFD

Where,

Required PIF PFD is the value in Required PIF PFD field in LOPA.

Calculated SIL Value

This value is derived based on the industry standard for SIL values.

Example of Calculations in LOPA

The following table contains the data used in the example and only lists fields that are required and contain a value.

Field	Value
Suppose that you create a LOPA with the following values:
LOPA ID	Lopa_Example
Unacceptable Consequence	Explosion
Initiating Event Type	Gasket/packing blowout
Frequency of Initiating Event	0.01
Required Mitigated Consequence Frequency	1E-05 (i.e., 0.00001)
Fields that are automatically populated in LOPA
Unmitigated Consequence Frequency	0.01
Mitigated Consequence Frequency	0.01
Required PIF Risk Reduction Factor	1000
Required PIF PFD	0.001
Calculated SIL	2
Create a Conditional Modifier with the following values:
Conditional Modifier ID	Modifier1
Type	Probability of Ignition
Probability	0.5
Fields that are updated in LOPA after adding a Conditional Modifier
Unmitigated Consequence Frequency	0.005
Mitigated Consequence Frequency	0.005
Required PIF PFD	0.002
Required PIF Risk Reduction Factor	500
Calculated SIL	2
Create a Safeguard and specify as IPL with the following values:
Safeguard ID	Safeguard1
IPL Type	Human IPL
IPL Sub Type	Human Action with >10 min response time
PFD	0.1
Fields that are updated in LOPA after adding a Safeguard that is an IPL
Total IPL PFD	0.1
Unmitigated Consequence Frequency	0.005
Mitigated Consequence Frequency	0.0005
Required PIF PFD	0.02
Required PIF Risk Reduction Factor	50
Calculated SIL	1

LOPA State Management

The following states are configured for the LOPA family:

Planning: Indicates that the analysis is in the Planning state. You can modify or delete a LOPA and its related records (i.e., Conditional Modifiers and Safeguards) only if the LOPA is in Planning state. Additionally, if you have linked the LOPA to a Consequence in the Hazards Analysis, then to add or modify a Safeguard, the Hazards Analysis with which the Consequence is associated must also be in the Planning State.
Active: Indicates that the LOPA is active.
Review: Indicates that the LOPA has been sent for review.
Pending Approval: Indicates that the LOPA has been reviewed and is awaiting approval.
Complete: Indicates that the analysis is approved. After the state of the LOPA is changed to Complete:
- A LOPA Revision is created, which stores a snapshot of the LOPA when the state was changed to Complete.
- The number of revisions for the LOPA is incremented by one, and appears in the upper-right corner of the LOPA Summary workspace.
- If the LOPA is linked to a LOPA Assessment in an Instrumented Function, then the values in the associated LOPA Assessment are updated based on the values in the LOPA.

Illustration of LOPA State Configuration

State Configuration Roles

The following table lists the baseline states, the operation that can be performed on each state, and the State Configuration Roles assigned to each state:

State	Operation	User Role
Planning	Begin	MI Safety Admin, MI Safety Power, MI Safety User
Active	Propose	MI Safety Admin, MI Safety Power, MI Safety User
Review	Submit	MI Safety Admin, MI Safety Power, MI Safety User
Pending Approval	Accept	MI Safety Admin, MI Safety Power
Pending Approval	Reject	MI Safety Admin, MI Safety Power
Complete	Modify/Reassess	MI Safety Admin, MI Safety Power

LOPA Site Filtering

Site filtering in LOPA is achieved by specifying a site on the Definition section of a LOPA and that site assignment is applied to all the related records. Users must have privileges for the relevant site to access records for the specified site. Users can be assigned to one or many sites. They will be able to see only the records that are assigned to their site(s) or those that are global records.

Site filtering is enabled for the following families:

LOPA: When you create a LOPA, you can assign it to any site. After you save the changes, you cannot modify the site for the LOPA.
Consequence Modifier: A Conditional Modifier will inherit the site from the associated LOPA.
Hazards Analysis Safeguard: A Safeguard will inherit the site from the associated LOPA.

Example

Consider an organization that has three sites, Site X, Site Y, and Site Z and contains the following records:

LOPA 1: Assigned to Site X
LOPA 2: Assigned to Site Y
LOPA 3: Assigned to Site Z

Scenario 1: User assigned to only Site X

When this user accesses the LOPA Overview page, the user will be able to see the records that are assigned to Site X:

LOPA 1: Assigned to Site X

The user will also be able to see the Consequence Modifiers and Safeguards associated with LOPA 1.

Scenario 2: User assigned to both Site X and Site Y

When this user accesses the LOPA Overview page, the user will be able to see the records that are assigned to Site X and Site Y:

LOPA 1: Assigned to Site X
LOPA 2: Assigned to Site Y

The user will also be able to see the Consequence Modifiers and Safeguards associated with LOPA 1 and LOPA 2.

Scenario 3: Super User

When this user accesses the LOPA Overview page, the user will be able to see the records that are assigned to any of the sites:

LOPA 1: Assigned to Site X
LOPA 2: Assigned to Site Y
LOPA 3: Assigned to Site Z

The user will also be able to see the Consequence Modifiers and Safeguards associated with LOPA 1, LOPA 2, and LOPA 3.

Scenario 4: Hazop or What If Analysis Assigned to Site X

When the user searches for LOPA to link with the Consequence for a Hazop or What If analysis assigned to Site X, the user will be able to see the LOPA records that are assigned to Site X:

LOPA 1: Assigned to Site X

Scenario 5: Instrumented Function Assigned to Site X

When the user searches for LOPA to link with an SIL Assessment of an Instrumented Function assigned to Site X, the user will be able to see the LOPA records that are assigned to Site X:

LOPA 1: Assigned to Site X