What is OSHA Process Safety Management (PSM)?

PSM is the OSHA standard 29 CFR 1910.119 that governs facilities handling threshold quantities of highly hazardous chemicals. It comprises 14 interlocking elements — from process safety information and process hazard analysis to mechanical integrity, management of change, and incident investigation — designed to prevent catastrophic releases of toxic, reactive, flammable, or explosive chemicals.

What is a HAZOP study?

A HAZOP (Hazard and Operability) study is a structured, team-based method for identifying hazards. The team divides the process into nodes and systematically applies guide words (No, More, Less, Reverse, As Well As, etc.) to process parameters (flow, pressure, temperature) to imagine deviations, then traces their causes, consequences, and safeguards, recording actions where protection is inadequate.

LOPA (Layers of Protection Analysis) is a semi-quantitative risk method that evaluates whether the independent protection layers guarding against a hazardous scenario reduce its likelihood to a tolerable level. Each independent layer — a relief valve, an interlock, an alarm with operator response — provides a credit, and LOPA checks whether the combined risk reduction meets the target.

What is inherently safer design?

Inherently safer design eliminates or reduces hazards at the source rather than controlling them with add-on safeguards. Its four strategies are minimize (use less hazardous material), substitute (use a safer chemical), moderate (use less severe conditions or dilute), and simplify (reduce complexity and error opportunities). A hazard that is designed out cannot fail.

What are the layers of protection in a plant?

Starting from the process and moving outward: inherently safer design, the basic process control system, critical alarms with operator intervention, safety instrumented systems (interlocks/SIS), physical relief devices (relief valves, rupture disks), containment (dikes, scrubbers), plant emergency response, and community emergency response. Each independent layer reduces the chance an event escalates to harm.

Engineering·12 min read·May 16, 2025

🦺 Process Safety: HAZOP, PSM & Layers of Protection

A practical process safety guide — OSHA PSM’s 14 elements, the HAZOP method with guide words and nodes, LOPA, relief systems, inherently safer design, and lessons from major incidents.

By EngineersUniverse Editorial Team

Engineering Editorial & Technical Review Team

Published May 16, 2025

Why Process Safety Is Different

Personal safety prevents slips, trips, and falls. Process safety prevents catastrophes — fires, explosions, and toxic releases that can kill many people and destroy a plant. The hazards come from the chemicals and conditions themselves, so process safety is engineered into the design and management of the facility, not just enforced through hard hats and handrails. History — Bhopal, Flixborough, Texas City, Buncefield — is a sobering record of what happens when it is neglected.

OSHA Process Safety Management (PSM)

In the United States, facilities handling threshold quantities of highly hazardous chemicals must comply with OSHA's PSM standard, 29 CFR 1910.119. It is built on 14 interlocking elements:

Employee participation
Process safety information (PSI)
Process hazard analysis (PHA)
Operating procedures
Training
Contractor safety
Pre-startup safety review (PSSR)
Mechanical integrity
Hot work permits
Management of change (MOC)
Incident investigation
Emergency planning and response
Compliance audits
Trade secrets

The elements reinforce one another. Management of change is among the most important — many incidents trace to an unreviewed modification, exactly as the Flixborough disaster did when a temporary bypass pipe failed.

HAZOP: Systematic Hazard Identification

The most widely used process hazard analysis technique is the HAZOP (Hazard and Operability) study. A multidisciplinary team examines the design methodically rather than relying on intuition:

Divide the process into nodes — manageable sections such as a line between two vessels.
For each node, take a process parameter (flow, pressure, temperature, level, composition).
Apply a guide word to imagine a deviation from design intent.
Identify causes, consequences, and existing safeguards.
Record recommendations where protection is inadequate.

Guide word	Meaning	Example deviation
No / None	Negation of intent	No flow (blocked line, pump off)
More	Quantitative increase	More pressure (overpressure)
Less	Quantitative decrease	Less temperature (freezing)
Reverse	Opposite of intent	Reverse flow (backflow)
As well as	Additional	Contamination in stream
Part of	Partial	Wrong composition

Layers of Protection (LOPA)

No single safeguard is perfect, so process safety relies on multiple independent protection layers (IPLs), often pictured as concentric rings around the process — the "Swiss cheese" model, where an incident only occurs if holes in every layer line up. From inside out:

inherently safer design,
basic process control system (BPCS),
critical alarms with operator response,
safety instrumented systems (SIS) / interlocks,
physical relief devices (relief valves, rupture disks),
physical containment (dikes, scrubbers, flares),
plant emergency response,
community emergency response.

LOPA (Layers of Protection Analysis) is a semi-quantitative method that assigns each independent layer a probability of failure on demand and checks whether the combined risk reduction brings a scenario's likelihood below a tolerable target. If it does not, additional layers — such as a higher-integrity SIS — are required.

Relief Systems

When prevention fails, pressure relief is the last line of defense against vessel rupture. Relief valves open at a set pressure and reseat when pressure falls; rupture disks burst at a set pressure and do not reclose. Relieved material is routed to a safe location — a flare, scrubber, or knockout drum. Sizing relief systems for the worst credible scenario (fire exposure, blocked outlet, runaway reaction) is a specialized and code-governed discipline (API 520/521, ASME).

Inherently Safer Design

The most reliable safeguard is a hazard that does not exist. Inherently safer design reduces risk at the source through four strategies:

Minimize: reduce inventories of hazardous material (intensification).
Substitute: replace a hazardous chemical with a safer one.
Moderate: use less severe conditions, dilution, or refrigeration.
Simplify: design out complexity and opportunities for error.

Bhopal is the defining lesson: storing tens of tons of methyl isocyanate created the inventory that killed thousands. Minimizing or eliminating that storage would have prevented the catastrophe regardless of how the add-on safeguards performed.

Learning From Incidents

Major investigations consistently surface the same root causes: unmanaged change, deficient mechanical integrity, normalization of deviance, and weak hazard analysis. Incident investigation (a PSM element) exists precisely so the industry learns collectively. The enduring principle is that process safety is a continuous management system, not a one-time study — sustained only through audits, MOC discipline, and a culture that treats near-misses as warnings to act on.

Topics covered

process safetyHAZOPPSMprocess safety managementOSHA 1910.119LOPAlayers of protectionguide wordsrelief valveinherently safer designhazard analysisPHAsafety instrumented systemprocess safety incidents

🛠️ Related Free Tools

Put this knowledge to work on your iPhone

Browse our full catalog of professional iOS apps — from electrical code tools to AI builders.

Browse All 95+ Apps