IEC 61882:2016

IEC 61882 ®
Edition 2.0 2016-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Hazard and operability studies (HAZOP studies) – Application guide

Études de danger et d'exploitabilité (études HAZOP) – Guide d'application

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 15 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 15
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.

Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
La recherche avancée permet de trouver des publications IEC 65 000 entrées terminologiques électrotechniques, en anglais
en utilisant différents critères (numéro de référence, texte, et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées. antérieures extraites des publications des CE 37, 77, 86 et

CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished

Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 61882 ®
Edition 2.0 2016-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Hazard and operability studies (HAZOP studies) – Application guide

Études de danger et d'exploitabilité (études HAZOP) – Guide d'application

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 03.100.50; 03.120.01; 13.020.30 ISBN 978-2-8322-3208-8

– 2 – IEC 61882:2016 © IEC 2016
CONTENTS
FOREWORD. 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviations . 7
3.1 Terms and definitions . 7
3.2 Abbreviations . 9
4 Key features of HAZOP . 10
4.1 General . 10
4.2 Principles of examination. 11
4.3 Design representation . 12
4.3.1 General . 12
4.3.2 Design requirements and design intent . 13
5 Applications of HAZOP . 13
5.1 General . 13
5.2 Relation to other analysis tools . 14
5.3 HAZOP study limitations . 14
5.4 Risk identification studies during different system life cycle stages . 15
5.4.1 Concept stage . 15
5.4.2 Development stage . 15
5.4.3 Realization stage . 15
5.4.4 Utilization stage . 15
5.4.5 Enhancement stage . 16
5.4.6 Retirement stage. 16
6 The HAZOP study procedure . 16
6.1 General . 16
6.2 Definitions . 17
6.2.1 Initiate the study . 17
6.2.2 Define scope and objectives . 17
6.2.3 Define roles and responsibilities . 18
6.3 Preparation . 19
6.3.1 Plan the study . 19
6.3.2 Collect data and documentation . 20
6.3.3 Establish guide words and deviations . 20
6.4 Examination . 21
6.4.1 Structure the examination . 21
6.4.2 Perform the examination . 22
6.5 Documentation and follow up . 24
6.5.1 General . 24
6.5.2 Establish method of recording . 25
6.5.3 Output of the study. 25
6.5.4 Record information . 25
6.5.5 Sign off the documentation . 26
6.5.6 Follow-up and responsibilities . 26
Annex A (informative) Methods of recording . 27

A.1 Recording options . 27
A.2 HAZOP worksheet . 27
A.3 Marked-up representation . 28
A.4 HAZOP study report . 28
Annex B (informative) Examples of HAZOP studies . 29
B.1 General . 29
B.2 Introductory example . 29
B.3 Procedures . 34
B.4 Automatic train protection system . 37
B.4.1 General . 37
B.4.2 Application . 37
B.5 Example involving emergency planning . 40
B.6 Piezo valve control system . 44
B.7 HAZOP of a train stabling yard horn procedure . 48
Bibliography . 59

Figure 1 – The HAZOP study procedure . 17
Figure 2 – Flow chart of the HAZOP examination procedure – Property first sequence . 23
Figure 3 – Flow chart of the HAZOP examination procedure – Guide word first
sequence . 24
Figure B.1 – Simple flow sheet . 30
Figure B.2 – Train-carried ATP equipment . 37
Figure B.3 – Piezo valve control system . 44

Table 1 – Example of basic guide words and their generic meanings . 11
Table 2 – Example of guide words relating to clock time and order or sequence . 12
Table 3 – Examples of deviations and their associated guide words . 21
Table B.1 – Properties of the system under examination . 30
Table B.2 – Example HAZOP worksheet for introductory example . 31
Table B.3 – Example HAZOP worksheet for procedures example . 35
Table B.4 – Example HAZOP worksheet for automatic train protection system . 38
Table B.5 – Example HAZOP worksheet for emergency planning . 41
Table B.6 – System design intent . 45
Table B.7 – Example HAZOP worksheet for piezo valve control system. 46
Table B.8 – Operational breakdown matrix for train stabling yard horn procedure . 50
Table B.9 – Example HAZOP worksheet for train stabling yard horn procedure . 53

– 4 – IEC 61882:2016 © IEC 2016
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
HAZARD AND OPERABILITY STUDIES (HAZOP STUDIES) –
APPLICATION GUIDE
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61882 has been prepared by IEC technical committee 56:
Dependability.
This second edition cancels and replaces the first edition published in 2001. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) clarification of terminology as well as alignment with terms and definitions within
ISO 31000:2009 and ISO Guide 73:2009;
b) addition of an improved case study of a procedural HAZOP.

The text of this standard is based on the following documents:
FDIS Report on voting
56/1653/FDIS 56/1666/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – IEC 61882:2016 © IEC 2016
INTRODUCTION
This standard describes the principles for and approach to guide word-driven risk
identification. Historically this approach to risk identification has been called a hazard and
operability study or HAZOP study for short. This is a structured and systematic technique for
examining a defined system, with the objectives of:
• identifying risks associated with the operation and maintenance of the system. The
hazards or other risk sources involved can include both those essentially relevant only to
the immediate area of the system and those with a much wider sphere of influence, for
example some environmental hazards;
• identifying potential operability problems with the system and in particular identifying
causes of operational disturbances and production deviations likely to lead to non-
conforming products.
An important benefit of HAZOP studies is that the resulting knowledge, obtained by identifying
risks and operability problems in a structured and systematic manner, is of great assistance in
determining appropriate remedial measures.
A characteristic feature of a HAZOP study is the examination session during which a multi-
disciplinary team under the guidance of a study leader systematically examines all relevant
parts of a design or system. It identifies deviations from the system design intent utilizing a
set of guide words. The technique aims to stimulate the imagination of participants in a
systematic way to identify risks and operability problems. A HAZOP study should be seen as
an enhancement to sound design using experience-based approaches such as codes of
practice rather than a substitute for such approaches.
Historically, HAZOP and similar studies were described as hazard identification as their
primary purpose is to test in a systematic way whether hazards are present and, if so,
understand both how they could result in adverse consequences and how such consequences
could be avoided through process redesign. ISO 31000:2009 defines risk as the effect of
uncertainty on objectives, with a note that an effect is a deviation from the expected.
Therefore HAZOP studies, which consider deviations from the expected, their causes and
their effect on objectives in the context of process design, are now correctly characterized as
powerful risk identification tools.
There are many different tools and techniques available for the identification of risks, ranging
from checklists, failure modes and effects analysis (FMEA) to HAZOP. Some techniques, such
as checklists and what-if/analysis, can be used early in the system life cycle when little
information is available, or in later phases if a less detailed analysis is needed. HAZOP
studies require more detail regarding the systems under consideration, but produce more
comprehensive information on risks and weaknesses in the system design.
The term HAZOP is sometimes associated, in a generic sense, with some other hazard
identification techniques (e.g. checklist HAZOP, HAZOP 1 or 2, knowledge-based HAZOP).
The use of the term with such techniques is considered to be inappropriate and is specifically
excluded from this document.
Before commencing a HAZOP study, it should be confirmed that it is the most appropriate
technique (either individually or in combination with other techniques) for the task in hand. In
making this judgment, consideration should be given to the purpose of the study, the possible
severity of any consequences, the appropriate level of detail, the availability of relevant data
and resources and the needs of decision-makers.
This standard has been developed to provide guidance across many industries and types of
system. There are more specific standards and guides within some industries, notably the
process industries where the technique originated, which establish preferred methods of
application for these industries. For details see the bibliography at the end of this standard.

HAZARD AND OPERABILITY STUDIES (HAZOP STUDIES) –
APPLICATION GUIDE
1 Scope
This International Standard provides a guide for HAZOP studies of systems using guide
words. It gives guidance on application of the technique and on the HAZOP study procedure,
including definition, preparation, examination sessions and resulting documentation and
follow-up.
Documentation examples, as well as a broad set of examples encompassing various
applications, illustrating HAZOP studies are also provided.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60050-192, International electrotechnical vocabulary – Part 192: Dependability (available
at http://www.electropedia.org)
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050-192 and the
following apply.
NOTE Within this clause, the terms defined are in italic type.
3.1.1
characteristic
qualitative or quantitative property
EXAMPLE Pressure, temperature, voltage.
3.1.2
consequence
outcome of an event affecting objectives
Note 1 to entry: An event can lead to a range of consequences.
Note 2 to entry: A consequence can be certain or uncertain and can have positive or negative effects on
objectives.
Note 3 to entry: Consequences can be expressed qualitatively or quantitatively.
Note 4 to entry: Initial consequences can escalate through knock-on effects.
[SOURCE: ISO Guide 73:2009, 3.6.1.3]

– 8 – IEC 61882:2016 © IEC 2016
3.1.3
control
measure that is modifying risk (3.1.12)
Note 1 to entry: Controls include any process, policy, device, practice, or other actions which modify risk.
Note 2 to entry: Controls may not always exert the intended or assumed modifying effect.
[SOURCE: ISO Guide 73:2009, 3.8.1.1]
3.1.4
design intent
designer’s desired, or specified range of behaviour for properties which ensure that the item
fulfills its requirements
3.1.5
property
constituent of a part which serves to identify the part’s essential features
Note 1 to entry: The choice of properties can depend upon the particular application, but properties can include
features such as the material involved, the activity being carried out, the equipment employed, etc. Material should
be considered in a general sense and includes data, software, etc.
3.1.6
guide word
word or phrase which expresses and defines a specific type of deviation from a property’s
design intent
3.1.7
harm
physical injury or damage to the health of people or damage to assets or the environment
3.1.8
hazard
source of potential harm (3.1.7)
Note 1 to entry: Hazard can be a risk source (3.1.14).
[SOURCE: ISO Guide 73:2009, 3.5.1.4]
3.1.9
level of risk
magnitude of a risk (3.1.12) or combination of risks, expressed in terms of the combination of
consequences (3.1.2) and their likelihood
[SOURCE: ISO Guide 73:2009, 3.6.1.8]
3.1.10
manager
person with responsibility for a project, activity or organization.
3.1.11
part
section of the system which is the subject of immediate study
Note 1 to entry: A part can be physical (e.g. hardware) or logical (e.g. step in an operational sequence).
3.1.12
risk
effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected – positive and/or negative.
Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental
goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
Note 3 to entry: Risk is often characterized by reference to potential events and consequences (3.1.2) or a
combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood of occurrence.
Note 5 to entry: Uncertainty is the state, even partial, or deficiency of information related to, understanding or
knowledge of an event, its consequence, or likelihood.
[SOURCE: ISO Guide 73:2009, 1.1]
3.1.13
risk identification
process of finding, recognizing and describing risks (3.1.12)
Note 1 to entry: Risk identification involves the identification of risk sources (3.1.14), events, their causes and
their potential consequences (3.1.2).
Note 2 to entry: Risk identification can involve historical data, theoretical analysis, informed and expert opinions,
and stakeholder's needs.
[SOURCE: ISO Guide 73:2009, 3.5.1]
3.1.14
risk source
element which alone or in combination has the intrinsic potential to give rise to risk (3.1.12)
Note 1 to entry: A risk source can be tangible or intangible.
[SOURCE: ISO Guide 73:2009, 3.5.1.2]
3.1.15
risk treatment
process to modify risk (3.1.12)
Note 1 to entry: Risk treatment can involve:
– avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
– taking or increasing risk in order to pursue an opportunity;
– removing the risk source (3.1.14);
– changing the likelihood;
– changing the consequences (3.1.2);
– sharing the risk with another party or parties (including contracts and risk financing); and
– retaining the risk by informed decision.
Note 2 to entry: Risk treatments that deal with negative consequences are sometimes referred to as “risk
mitigation”, “risk elimination”, “risk prevention” and “risk reduction”.
Note 3 to entry: Clarification of risk treatment and risk control (3.1.3) – a risk control is already in place whereas a
risk treatment is an activity to improve risk controls. Hence, an implemented treatment becomes a control.
[SOURCE: ISO Guide 73:2009, 3.8.1, modified — Note 3 to entry replaces the existing note 3]
3.2 Abbreviations
ATP automatic train protection
EER escape, evacuation and rescue
ETA event tree analysis
– 10 – IEC 61882:2016 © IEC 2016
FMEA failure mode and effects analysis
FTA fault tree analysis
GPA general purpose alarm
HAZOP hazard and operability
LH left hand
LOPA layer of protection analysis
OIM offshore installation manager
P&IDs process and instrumentation diagrams
PAPA prepare to abandon platform alarm
PA public address
PES programmable electronic system
PPE personal protective equipment
QP qualified person
RH right hand
4 Key features of HAZOP
4.1 General
A HAZOP study is a detailed process carried out by a dedicated team to identify risks and
operability problems. HAZOP studies deal with the identification of potential deviations from
the design intent, examination of their possible causes and assessment of their
consequences.
Key features of a HAZOP study include the following.
• The study is a creative process that proceeds by systematically using a series of
guide words to identify potential deviations from the design intent and employing these to
stimulate team members to envisage how the deviation might occur and what might be the
consequences.
• The study is carried out under the guidance of a trained and experienced study leader,
who has to ensure comprehensive coverage of the system under study, using logical,
analytical thinking. The study leader is preferably assisted by a recorder who records
pertinent data associated with identified risks and/or operational disturbances for risk
analysis, evaluation and treatment.
• The study relies on specialists from various disciplines with appropriate skills and
experience who display intuition and good judgement.
• The study should be carried out in an atmosphere of critical thinking in a frank and open
atmosphere.
• A HAZOP study produces minutes or software to record the deviations, their causes,
consequences and recommended actions together with marked up drawings, documents
or other representations of the system that indicate the associated minute number and
where possible the recommended action.
• The development of risk treatment actions for identified risks or operability problems is not
a primary objective of the HAZOP examination, but recommendations should be made
where appropriate and recorded for consideration by those responsible for the design of
the system.
• The initial HAZOP study might be done in a progressive fashion so that design changes
can be incorporated but the completed HAZOP study has to correlate to the final design
intent.
• Existing HAZOP studies should be reviewed at regular intervals to evaluate whether there
have been any changes to the design intent or hazards and also during other stages in the
life cycle such as the enhancement stage.
4.2 Principles of examination
The basis of a HAZOP study is a “guide word examination” which is a deliberate search for
deviations from the design intent. To facilitate the examination, a system is divided into parts
in such a way that the design intent or function for each part can be adequately defined. The
size of the part chosen is likely to depend on the complexity of the system and the potential
magnitude and significance of the consequence. In complex systems or those where the level
of risk might be expected to be high, the parts are likely to be small in comparison to the
system. In simple systems or those where the level of risk might be expected to be low, the
use of larger parts will expedite the study.
The design intent for a given part of a system is expressed in terms of properties, which
convey the essential characteristics of the part and which represent natural divisions of the
part. The selection of properties to be examined is to some extent a subjective decision in
that there might be several combinations which will achieve the required purpose and the
choice can also depend upon the particular application. Parts can be discrete steps or stages
in a procedure, clauses in a contract, individual signals and equipment items in a control
system, equipment or components in a process or electronic system, etc.
In some cases it might be helpful to express the function of a part in terms of:
– the input material taken from a source;
– an activity which is performed on that material;
– an output which is taken to a destination.
Thus the design intent will contain the following elements: inputs and outputs, functions,
activities, sources and destinations, which can be viewed as properties of the part.
Properties can often be usefully defined further in terms of characteristics that can be either
quantitative or qualitative. For example, in a chemical system, the inputs could be defined
further in terms of characteristics such as temperature, pressure and composition. For a
transport activity, characteristics such as the rate of movement, the load or the number of
passengers might be relevant. For computer-based systems, communication, interfaces, and
data processing are likely to be the characteristic of each part.
For each part in turn, the HAZOP study team examines each property for deviation from the
design intent which can lead to undesirable (or desirable) consequences. The identification of
deviations from the design intent is achieved by a questioning process using predetermined
guide words. The role of the guide word is to stimulate imaginative thinking, to focus the study
and elicit ideas and discussion, thereby maximizing the chances of study completeness. An
example of basic guide words and their meanings is given in Table 1.
Table 1 – Example of basic guide words and their generic meanings
Guide word Meaning
NO OR NOT Complete negation of the design intent
MORE Quantitative increase
LESS Quantitative decrease
AS WELL AS Qualitative modification/increase
PART OF Qualitative modification/decrease
REVERSE Logical opposite of the design intent
OTHER THAN Complete substitution

– 12 – IEC 61882:2016 © IEC 2016
A further example of additional guide words relating to clock time and order or sequence is
given in Table 2.
Table 2 – Example of guide words relating to clock time and order or sequence
Guide word Meaning
EARLY Relative to the clock time
LATE Relative to the clock time
BEFORE Relating to order or sequence
AFTER Relating to order or sequence

Additional guide words can be used to facilitate identification of deviation, provided they are
identified before the examination commences.
Having selected a part for examination, the design intent of that part is specified in terms of
discrete properties. Each relevant guide word is then applied to each property, thus a
thorough search for deviations is carried out in a systematic manner. Having applied a
guide word, possible causes and consequences of a given deviation are examined and
mechanisms for control of the predicted consequences can also be investigated. The results
of the examination are recorded in an agreed format (see 6.5.2).
Guide word/property associations can be regarded as a matrix. Within each cell of the matrix
thus formed will be a specific guide word/property combination. To achieve a comprehensive
risk identification, it is necessary that the properties cover all aspects of the design intent and
guide words cover all possible deviations. Not all combinations will give credible deviations,
so the matrix can have several empty spaces when all guide word/property combinations are
considered.
In general the study leader will predefine the applicable guide word/property combinations to
make the risk identification process more efficient and make best use of the participant
expertise and time.
There are two possible sequences in which the cells of the matrix can be used for the
examination of the chosen part: column by column (i.e. property first), or row by row (i.e.
guide word first). The details of examination are outlined in 6.4 and both forms of examination
are illustrated in Figures 2 and 3. In principle the results of the examination should be the
same.
As well as applying guide words to defined properties of a part there can be other attributes
such as access, isolation, control, and the work environment (noise, lighting, etc.) that are
important to the desired operation of the system and to which a subset of the guide words can
be applied.
4.3 Design representation
4.3.1 General
An accurate and complete design representation of the system under study is a prerequisite
to the examination task. A design representation is a descriptive model of the system
adequately describing the system under study, its parts and identifying their properties. The
representation could be of the physical design or of the logical design and it should be made
clear what is represented.
The design representation should convey the system function of each part and element in a
qualitative or quantitative manner. It should also describe the interactions of the system with
other systems, with its operator/user and possibly with the environment. For example, P&IDs
are likely to provide the level of detail required for the design representation. The

conformance of properties or characteristics to their design intent determines the correctness
of operations and in some cases the safety of the system.
The representation of the system consists of two basic components:
– the system requirements; and
– a physical and/or logical description of the design.
The value of a HAZOP study depends on the completeness, adequacy and accuracy of the
design representation including the design intent. Any modifications from the original design
should be shown in the design representation. Before starting the examination, the team
should review this information package, and if necessary have it revised so that it accurately
represents the system.
4.3.2 Design requirements and design intent
The design requirements consist of qualitative and quantitative requirements that the system
has to satisfy, and provide the basis for development of system design and design intent. All
reasonably foreseen ways in which the system could be used or misused should be identified.
Both the design requirements and resulting design intent have to meet customer requirements
and those of any relevant legislation, norms or standards.
On the basis of system requirements, a designer develops the system design; for instance, a
system configuration is arrived at, and specific functions are assigned to subsystems and
components. Components are specified and selected. The designer should not only consider
what the system should do, but also ensure that it will not fail under any foreseeable set of
conditions, or that it will not fail or degrade during the specified lifetime. Undesirable
behaviours or features should also be identified so they can be designed out, or their effects
minimized by appropriate design or maintenance.
The design intent forms a baseline for the examination and should be accurate and correct, as
far as possible. The verification of design intent (see IEC 61160) is outside of the scope of the
HAZOP study, but the study leader should ascertain that it is accurate and correct to allow the
study to proceed. In general most documented design intents are limited to basic system
functions and parameters under normal operating conditions.
Reasonably foreseeable abnormal operating conditions and undesirable activities that might
occur (e.g., severe vibrations, extreme weather events, abnormal stoppages or third party
interventions) should be identified and considered during the examination. Also deterioration
mechanisms such as decay, corrosion and non-compliance of procedures and other
mechanisms which cause deterioration in system properties should be identified and
considered in a study using appropriate guide words. If necessary, a more detailed study
looking specifically at failure modes and effects may be required (see IEC 60812).
Expected life, reliability, maintainability and supportability should also be identified and
considered together with risk sources which could be encountered during maintenance and
logistic support activities, provided they are included in the scope of the HAZOP study.
5 Applications of HAZOP
5.1 General
Originally a HAZOP study was a technique developed for systems involving the treatment of a
fluid medium or other material flow in the process industries where it is now a major element
of process safety management. However its area of application has steadily widened in recent
years and for example includes usage for:
– software applications including programmable electronic systems;

– 14 – IEC 61882:2016 © IEC 2016
– systems involving the movement of people by transport modes such as road, rail, and air;
– examining different operating sequences and procedures;
– assessing administrative procedures in different industries;
– assessing specific systems, for example medical devices;
– software and code development;
– assessing proposed organizational change and defining the mechanisms to achieve those
changes;
– testing and improving draft contracts and other legal documents;
– testing and improving documents including instructions and procedures for critical
activities.
A HAZOP study is particularly useful for identifying weaknesses in systems (existing or
proposed) involving the flow of ma
...