Environment & Safety Gas Processing/LNG Maintenance & Reliability Petrochemicals Process Control Process Optimization Project Management Refining
Home2025February 2025Straight talk on fire risk assessments

February 2025

Environment and Safety

Straight talk on fire risk assessments

For refineries, chemical plants, oil and gas pipelines and oil/gas exploration, fire and explosion hazards are omnipresent. Process hazard analysis (PHA) and fire risk assessments (FRAs) play a vital role in managing fire risk at an acceptable level. While there are various causes for fires and explosions, robust FRAs based on pragmatism and optimum allocation of resources could help minimize fire/explosion mishaps. 

For refineries, chemical plants, oil and gas pipelines and oil/gas exploration, fire and explosion hazards are omnipresent. Process hazard analysis (PHA) and fire risk assessments (FRAs) play a vital role in managing fire risk at an acceptable level. Yet, fires and explosions do occur, some with major consequences. The loss of lives, assets, environmental damage and potential image erosion are among the major concerns to companies. While there are various causes for fires and explosions, robust FRAs based on pragmatism and optimum allocation of resources could help minimize fire/explosion mishaps. 

The big picture. Simply put, an FRA is a process to identify the fire/explosion risks of a project or a plant site and provide safeguards to reduce the risk to an acceptable level. The term “acceptable level” is governed by a company’s risk tolerance, insurance, fire regulations and industry standards.   

Examples of safeguards include equipment isolation, equipment separation, fire/gas/smoke detection and response, passive and active fire protection, perimeter monitoring, emergency response, training, and a safe and prompt evacuation plan. From a strategic and tactical perspective, the following frameworks are helpful when performing FRAs effectively and efficiently:  

  • Systems approach  
  • Hierarchy of risk containment 
  • Cradle-to-grave.  

According to the systems approach, FRAs are considered a system comprised of several sub systems such as the plant’s equipment, neighboring community, industry standards and guidelines (e.g., NFPA, API), applicable regulations including local regulations [the authority having jurisdiction (AHJ)], documentation, training, cybersecurity, incident response and financial constraints (FIG. 1). Next, the fire/explosion risk must be assessed for each of the sub system’s potential interactions. 

FIG. 1. FRAs’ systems view and sub systems. 

The hierarchy of risk containment (HRC) applies to providing appropriate safeguards for fire/explosion protection and is based on the premise that, if practicable, it is preferable to eliminate the risk (fire/explosion) altogether instead of manually managing risk prevention. If risk cannot be eliminated, engineering and administrative controls should be provided to manage it. Engineering controls include equipment isolation systems, fire/gas/smoke detectors and response, and passive and active fire protection. Administrative controls include operating procedures, personal protective equipment (PPE) and fire drills. 

In the context of an FRA, cradle-to-grave means that all safeguards must be maintained and upgraded for the entire life of the project. Finally, the safeguards should be disposed of properly. For example, an FRA should ensure that firewater or fire-retardant chemicals or foam are disposed of in compliance with applicable regulations, after its lifecycle has expired.  

An FRA’s salient features. For new projects, FRAs are performed following a PHA such as a hazard and operability study (HAZOP), bowtie or other equivalent methods. For the existing plants, FRAs are performed at predetermined intervals or as a part of a management of change (MOC). The following are major steps in performing an FRA (FIG. 2):

FIG. 2. Salient features on a FRA.  

  • Risk matrix: Consider the fire risk tolerance of your organization. You can characterize risk in terms of several measures such as worker injuries, fatalities, impact to neighbors, environmental damage, public image and revenue loss. A risk matrix is among the frequently used methods for assigning risk, using a risk graph or fault tree analysis (FTA) (FIG. 3). 

FIG. 3. A risk matrix. 

A risk matrix is a tool to quantify risk based on the likelihood (or frequency) of leak/fire/explosion events and their potential consequences. Risk is the combined effect of the frequency of occurrence of a fire event and its consequence.  

The data on the anticipated frequency of loss of containment/fire events [e.g., Center for Chemical Process Safety (CCPS), pipeline safety data from the U.S. Department of Transportation, offshore/onshore reliability data)], combined with experience at a specific plant site and expert judgement are used to assign frequency. 

The consequence of an event depends on the magnitude of the loss of containment (leak), equipment layout, workers at or near the leak source, and the neighboring community.  

As shown in FIG. 3, the risk level assigned to a potential scenario or event is the intersection of frequency of an event and its consequence. Risk assignments depend, in part, on the team’s prudent and careful judgement. There is no such thing as a “precise risk,” or an “exact risk.”  

The degree of granularity used for a risk matrix depends on a company’s risk aversion criteria. However, for fire/explosion events with high levels of risk, a risk matrix with a greater degree of granularity is preferred. 

Since a risk matrix includes financial considerations (e.g., revenue loss), inflation will affect the value of property loss. It is prudent to review and possibly upgrade the risk matrix periodically, especially when there are significant changes in inflation rates. 

  • Loss-of-containment (leak) scenarios: The next step is to identify the loss-of-containment (leak) scenarios and their consequences. For a plant or project, the steps may be divided into several sections (subsystems), such as tank farm, process area, pipe racks, control room, storage, motor control center (MCC) and power supply, battery backup (UPS), plant perimeter and neighbors.  

For each of the subsystems, consider all the components that make up the system. For example, the process area would include pumps, compressors, pipelines, storage tanks and connecting pipes. Obviously, this is an extensive step and will need process flow diagrams (PFDs), process instrument diagrams (P&IDs), plot plans, area maps and fire regulations, including the local fire code and NFPA standards. 

Next, leak or loss-of-containment scenarios for each component must be considered. Here, the systems approach can be used effectively—each component is a system with its relevant subsystems. As shown in FIG. 4a, subsystems for a centrifugal pump include suction (including supply equipment), discharge and spillback connections, equipment, pump body (volute), pump internals and auxiliary systems (mechanical seals/flush, lubrication, pressure/temperature instruments, pump foundations and nearby equipment). FIG. 4b shows examples of subsystems for an internal floating roof tank.  

FIG. 4a. Pump sub systems as potential leak sources. 

FIG. 4b. Tank sub systems as casual factors of leaks/fires. 

Consider the likely loss-of-containment scenarios for each of the subsystems. This is a “what if” exercise where causes such as vibration, heat stress, improper operations, control or safety system (SIS) malfunction and mechanical stress are considered potential causes for generating loss-of-containment scenarios. For centrifugal pumps, examples of leak scenarios include: 

  • Flange leaks 
  • Seal leaks 
  • Connected tubing (loose connections) 
  • Heat exposure to fire at nearby equipment (due to improper equipment separation) 
  • Pump rupture. 
  • Quantify leak scenarios: Estimate the leak rate for the potential loss-of-containment scenarios by considering the size of the opening (hole size) that would help characterize the leak. For example, a leak from a mechanical seal may be thought of as a leak from a hole (one-fourth) under the same conditions of temperature and pressure. The orifice flow equation and Gauss dispersion can be used to estimate the leak rate and affected area. 

For high-risk scenarios, software such as process hazard analysis software tools (PHAST), flame acceleration simulators (FLACS), proprietary programs or equivalents are used to obtain a reliable estimate of the leak rate, its dispersion and affected area [fire affected zone (FAZ)]. The leak—depending on the operating temperature, normal boiling point of the fluid and ambient conditions—could be vapor, a vapor/liquid mix or only liquid. Vapor flow poses a jet fire hazard, while a vapor/liquid mix poses jet fire and pool fire risks. Liquid leaks can cause a pool fire.  

For an FRA, scenarios with extremely low probability of occurrence are not considered. For example, pump casing (volute) rupture will be considered a relatively low probability event. However, the decision to consider an extremely low probability scenario in an FRA depends on a company’s risk tolerance and applicable regulations.  

 

  • Safeguards or layers of protection: Although, when an FRA is initiated, it is reasonable to assume all appropriate measures for prevention of fire/explosion events have been incorporated in the equipment design/layout, it is still prudent to make a quick check. Examples of safeguards include fire/smoke detection, isolation of leaking equipment, structural support of equipment exposed to fire (passive fire protection), and extinguishing fires as quickly and safely as possible (active fire protection/containment). Consider the following: 
  • Safeguards must be protected from their potential malfunction resulting from exposure to fire. For example, automatic isolation valves and their ancillaries such as power cables and air tubing can be rendered useless under direct exposure to a fire/explosion.  
  • For large pipes, the economics of isolation valves must be considered, especially if operators are dealing with small leaks and chemicals with relatively moderate to low flammability (Class II, III NFPA30). If operators can respond to leaks reasonably quickly, manual isolation valves, rather than automatic isolation valves, can be considered adequate. This applies to all safeguards—the lifecycle cost of safeguards relative to the required level of fire risk protection are taken into consideration.  
  • Gas, fire or smoke (GFS) detectors are important early warning tools. It is not uncommon to hear of incidents where inadequate GFS detection has caused damage and injuries.  
  • At the top level, a GFS detection system should detect hazards quickly (within 30 sec.), reliably notify operators and initiate the fire containment action. Since there are several issues involved in the selection, placement and installation of these systems, it is helpful to develop a strategy document, such as a GFS detection philosophy (FIG. 5). 

FIG. 5. Issues to consider for the detector system selection guidance document. 

Two broad categories of flammable gas detection include point detectors and line-of-sight detectors (LOSs). An LOS is generally based on infrared (IR), while point detectors are available for IR, catalytic and electrochemical reactions. Acoustic detectors are also available, but they cannot distinguish between flammable or nonflammable releases. As one may expect, each detector has its pros and cons. For example, IR, though widely used for hydrocarbons, cannot detect hydrogen. Catalytic beads or electrochemical techniques are suited for hydrogen detection. Similarly, an LOS can detect leaks from multiple sources (e.g., pumps aligned in a straight line), while point detectors can only detect a leak from a single source. However, LOSs are sensitive to the alignment of the signal transmitter and receiver. Thus, the combination of techniques for GFS detection should be considered to ensure reliability. 

Obviously, a detector system should withstand potential interferences resulting from plant activities such as welding, water hosing, pump/compressor vibration, cooling towers spray and natural events such as dust, rain/snow, mist, moisture or direct sunlight.  

Communicating the GFS signal to the control room (response center local fire brigade: NFPA 70, NFPA 72) should be robust, and the displays of signals should be easily understandable and free of clutter. In addition, battery back-up and cybersecurity are vital. The response to the GFS alarms could be automatic or can entail human intervention because of concerns of spurious alarms.  

Active fire protection (firewater, foam, fire suppression agents) involves an estimation of firewater requirement hydraulics for firewater mains and branched pipes, fire hydrants, sprinklers, firewater storage and related instrumentation, systems to add biocide to control bacterial growth in the stored firewater, breathing losses of water (e.g., evaporation), foam selection and additional requirements, firewater pumps and their reliability considerations. Hydraulic calculations are generally facilitated by fluid flow analysis software or equivalents, and firewater systems must comply with local fire codes. 

The reliability and protection of fire pumps must be considered. Oftentimes, pumps are not installed in proximity to each other, or, if that is not possible, provide a separation wall that will help localize damage to a single pump and ensure that a redundant pump is available. Maintenance and periodic testing (e.g., sprinklers, fire pumps) of the firewater distribution system is necessary. To minimize common cause failures and enhance the reliability of firewater pump systems, main pumps are electric driven and spare pumps are diesel driven.   

If pipe racks and structural supports are exposed to fire or radiant heat in a FAZ, they will lose their mechanical integrity, which could significantly exacerbate the fire incident. Partial protection regarding passive fire protection (PFP) is provided by covering the strategic regions of the structure with intumescent coating (NFPA 2112), cement or gypsum. For hydrocarbon fires, PFP ratings include H-60, H-120 and others. The numbers such as 60 or 120 show the number of minutes the PFP will be able to limit fire intensity from weakening the structure. For an optimum level of PFP protection, work in conjunction with the structural engineers is recommended.  

  • Ancillaries to active fire protection and emergency response: These are vital adjuncts to the major fire detection/prevention safeguards discussed earlier. OSHA regulations (1910.157) along with several NFPA standards apply. Similarly, fixed extinguishers with detectors and auto-activation are considered for control rooms and data centers. As a part of the administrative aspect of emergency response, proper PPEs (e.g., fire-retardant coveralls, SCBA, hardhats, boots, gloves and communication gear) merit close consideration. Emergency exit requirements per the Life Safety Code (NFPA 101 and NFPA 1) should be followed. 
  • Cradle-to-grave considerations: Firewater/foam testing and disposal drainage systems (sloping, size of the drainage system), potential flammable atmosphere in the drainage system, disposal of supplies and chemicals are a part of the cradle-to-grave framework. 
  • Inspection, testing and maintenance: Set up a system for periodic inspections and testing to ensure safeguards remain effective for the life of the project.  
  • Record keeping and cybersecurity considerations: Ensure that updated documents are promptly available when needed. Make sure that systems including GFS detectors and fire notification systems are not vulnerable to cyber-attacks and there are means for quick recovery in the event of an incident. Collaborative work between information technology (IT) and FRA teams is vital.  
  • System upgrade: As technologies and software for safeguards improve, ensure that you have a system in place to upgrade safeguards.  

Takeaways. The key takeaways of this article are that the FRA process is detail oriented, and requires careful, measured and pragmatic judgement in assigning and dealing with fire/explosion risk, now and in the future.  

Related Articles

From the Archive

Comments

Comments

{{ error }}
{{ comment.name }} • {{ comment.dateCreated | date:'short' }}
{{ comment.text }}