HAZOP: Hazard and Operability Analysis
- Anunay Krishnamurthy
- 2 days ago
- 3 min read
HAZOP (Hazard and Operability Study) was originally developed for the chemical process industry, where facilities routinely handle hazardous materials. In such environments, even small malfunctions in manufacturing processes can lead to serious safety incidents. The methodology was first developed in 1961 as a structured way to systematically identify hazards and operability issues in complex industrial processes.
Over time, the approach matured and was formally standardized through IEC 61882, which defines the internationally recognized methodology for conducting HAZOP studies. Due to its effectiveness, HAZOP has since been adopted across multiple industries beyond chemical processing, including:
Medical device development
Automotive systems
Photovoltaic and energy facilities
What is a HAZOP?
HAZOP is a structured and systematic method used to identify hazards arising from a system under analysis. These hazards may impact people, the environment, or equipment.
HAZOP is typically performed early in the development lifecycle, when system concepts and architectures are being defined.
In automotive engineering, HAZOP is often used alongside other hazard analysis methods such as:
ISO 26262 Hazard Analysis and Risk Assessment (HARA)
SOTIF HARA defined in ISO 21448
Systems-Theoretic Process Analysis (STPA), which is often applied to systems involving AI/ML or complex autonomy
These complementary approaches help ensure that both system failures and functional performance limitations are considered during safety analysis.
How to perform a HAZOP
First, identify the process, product components, software elements, or system functions that will be analyzed.
Next, combine these elements with HAZOP guidewords to generate possible deviations from intended behavior. Table 1 is a list of guidewords according to ISO 61882.
Finally, evaluate these deviations to identify potential malfunctions and the hazards they may create.
Guideword Name | Description |
NO / NOT | Definition: Complete absence of the intended function, signal, or parameter. Examples: No signal transmission, task not executed, actuator not commanded, no data update, activation does not take place, deactivation does not take place |
STOPS | Definition: A function begins correctly but ceases during operation. It is very similar to no/not Examples: Periodic task stops executing, communication stream halts, sensor output freezes, actuator output drops mid-operation. |
UNINTENDED | Definition: A function or action occurs without being commanded or required by system conditions. Examples: Uncommanded braking, unintended torque request, unintended reset, unexpected mode transition. |
LOCKED | Definition: A function, state, or signal becomes fixed and cannot change despite varying inputs or demands. Examples: Sensor value frozen at constant reading, actuator stuck at fixed position, state machine unable to transition, control output saturated and unchanging. |
MORE | Definition: A parameter exceeds its intended magnitude, frequency, duration, or intensity. Examples: Excessive torque command, higher-than-expected speed reading, increased CPU load, elevated voltage, longer actuation duration. |
LESS | Definition: A parameter is below its intended magnitude, frequency, duration, or intensity. Examples: Reduced braking force, low sensor amplitude, insufficient current, low update frequency, degraded processing throughput. |
EARLY | Definition: A function, event, or signal occurs before the intended time. Examples: Early injection timing, premature airbag trigger, control action before sensor stabilization, early mode transition. |
LATE | Definition: A function, event, or signal occurs after the intended time. Examples: Delayed braking response, late steering correction, missed control loop deadline, delayed watchdog reset. |
REVERSE | Definition: The direction, polarity, sequence, or logical meaning is opposite to design intent. Examples: Torque sign inversion, reversed wheel speed polarity, swapped signal wiring, reversed execution order, control feedback sign error. |
UNEVEN | Definition: A parameter or function varies inconsistently when uniformity or symmetry is expected. Examples: Uneven brake force distribution, asymmetric torque split, channel-to-channel sensor variation, inconsistent sampling intervals. |
INTERMITTENT | Definition: A function or signal repeatedly starts and stops unpredictably. Examples: Intermittent communication dropouts, sporadic sensor signal loss, unstable power supply, task execution jitter causing repeated enable/disable cycles. |
Table 1: list of guidewords according to ISO 61882
What are the applications
HAZOP is extensively used in the Chemical, medical, Automotive, and Robotics industries. There are different types of HAZOPs depending on the type of hazards that need to be identified.
Product HAZOP: Focuses on identifying hazards arising from the design and functionality of a product or its components.
Process HAZOP: Analyzes deviations in operational or manufacturing processes that could lead to hazardous situations.
Human Factors HAZOP: Examines how human interaction with a system could introduce errors or unsafe conditions.
Software HAZOP: Evaluates deviations in software logic, data flow, or control behavior that could lead to system hazards.
Benefits of HAZOP
Simple and straightforward methodology that is easy for teams to understand and apply.
Provides a systematic approach to identifying hazards by examining deviations from intended system behavior.
Can identify hazards arising from both human errors and technical failures within a system.
Shortcomings of HAZOP
Does not directly assess risk levels associated with identified hazards, so it is typically combined with methods such as ISO 26262 HARA, Systems-Theoretic Process Analysis (STPA), or FMEA.
Does not evaluate the effectiveness of safety mitigations, which is usually analyzed later using techniques such as Fault Tree Analysis (FTA) or FMEA.
Can become repetitive and time-consuming when systems contain many similar functions or components.
Comments