ASCENDERA
Bridging Capital and Execution

Copy_of_Qasim_HAZOP_report_Excel.xlsx
BOWTIE RISK ASSESSMENT

HAZOP-to-Bowtie Conversion -- Desk Review
Document Reference
COPY_OF_QASIM_HAZOP_REPORT_EXCELXLSX_BT-REPORT_R0
Revision
R0 -- Initial Issue
Date
2026-04-27
Facility
Copy_of_Qasim_HAZOP_report_Excel.xlsx
Technology
CCGT
Source
HAZOP Study (1123 rows, 355 scenarios at S≥3)
Evidence Confidence
40/100 (desk review)
Bowties
19
Gap findings
83
Prepared by
Ascendera Group (for ACWA Power)
Contact
clientaccess@ascenderagroup.sa
Website
www.ascenderagroup.sa
Scope Coverage: 10 of 32 mandatory systems (31%) · LIMITED
FOR REVIEW -- REQUIRES PROCESS SAFETY TEAM VALIDATION

Table of Contents

1. Executive Summary and Asset Risk Profile

Scope: This assessment converts the submitted HAZOP study (1123 rows, 58 nodes) into bowtie format. The submitted study covers 10 of 32 mandatory systems for a complete CCGT asset-level scope (31% mandatory coverage; classification LIMITED). The remaining 22 mandatory systems (of 32 in total) are outside the submitted scope and are not represented in this bowtie package; see §2.3 for the full scope coverage table. Conclusions in this report relate only to the packages studied; a complete asset-level risk picture requires extension of the HAZOP to the excluded scope before operational decisions, lender engagement, or regulatory submission.

Scope Coverage: 10 of 32 mandatory systems -- LIMITED

1.1 Risk Landscape Overview

This Bowtie Risk Assessment evaluated 19 Major Accident Hazard scenarios across Copy_of_Qasim_HAZOP_report_Excel.xlsx (CCGT), developing 19 bowtie diagrams encompassing 47 threat pathways and 50 consequence pathways. A total of 134 prevention barriers and 99 mitigation barriers were identified and assessed against CCPS / EI barrier validity criteria (Effective, Independent, Auditable). The assessment is based on desk review of the source HAZOP (1123 rows, 355 scenarios at S>=3) and carries an evidence confidence cap of 40/100. All outputs require validation by the Process Safety Team.

1.2 Barrier Adequacy Summary

System-level adequacy ratings combining prevention coverage and mitigation specificity. Priority is set by the worse of the two ratings combined with the system's maximum consequence severity.

SystemMax SPrev.Mit. Prevention AdequacyMitigation Adequacy OverallPriority
LP SteamS=485AdequateAdequateAdequateLow
HRSG LPS=585AdequateAdequateAdequateLow
HRSG Duct BurnerS=557AdequateAdequateAdequateLow
Fuel GasS=5167AdequateAdequateAdequateLow
STG SteamS=4125Adequate with ConcernsAdequateAdequate with ConcernsLow
STG Lube OilS=455Adequate with ConcernsAdequate with ConcernsAdequate with ConcernsLow
HRSG HPS=4125Adequate with ConcernsAdequateAdequate with ConcernsLow
HRSG BypassS=435Adequate with ConcernsAdequateAdequate with ConcernsLow
HRH SteamS=485AdequateAdequate with ConcernsAdequate with ConcernsLow
HP SteamS=495Adequate with ConcernsAdequateAdequate with ConcernsLow
CRH SteamS=443AdequateAdequate with ConcernsAdequate with ConcernsLow
Auxiliary SteamS=465Adequate with ConcernsAdequateAdequate with ConcernsLow
ACCS=465Adequate with ConcernsAdequateAdequate with ConcernsLow
STG SealsS=585AdequateAdequate with ConcernsAdequate with ConcernsLow
HRSG IPS=565Adequate with ConcernsAdequateAdequate with ConcernsLow
Generator H2S=555Adequate with ConcernsAdequateAdequate with ConcernsLow
FeedwaterS=594AdequateAdequate with ConcernsAdequate with ConcernsLow
Ammonia/SCRS=446Requires ImprovementAdequateRequires ImprovementHigh
Fuel OilS=507InadequateAdequateInadequateCritical

1.3 Key Findings

  1. 15 of 47 threat pathways (32%) currently have zero prevention barriers. If any of these threats materialises, there is no engineered defence between the initiating event and loss of containment.
  2. 81% of mitigation barriers are generic shared trunk controls (detection, ESD, access restriction, emergency response) rather than consequence-specific protection. The plant's post-release defence posture is weighted toward reactive response rather than targeted consequence reduction.
  3. 10 barriers each appear across 3 or more systems, creating a systemic dependency where degradation of one shared barrier weakens protection across multiple MAH scenarios. The most widely shared barrier is insulation and lagging for personnel protection, present in 12 of 19 systems (63%).
  4. The HAZOP safeguard set is dominated by instrumented hardware: 73% Hardware-Active. Only 39 of 233 barriers (17%) are human, procedural or organizational. This reflects HAZOP-methodology bias rather than necessarily inadequate plant protection.
  5. 33% of barriers are assessed as Partially Effective from desk review -- the barrier exists but its reliability or completeness cannot be fully confirmed without site evidence. Lowest-effectiveness system: HRSG Bypass at 50% Effective.

1.4 Priority Recommendations

#RecommendationType ScopeOwnerTarget
1Conduct supplementary HAZOP workshop focused on non-hardware barriers (emergency procedures, PTW, competency, SOPs).VerificationAll 19 systemsProcess Safety Lead90 days
2Validate suggested mitigation barriers against actual plant design and installed protection systems.VerificationAll systems with library-seeded mitigationProcess Safety Lead60 days
3Confirm prevention coverage for unprotected threat pathways -- verify whether barriers exist but were not documented in the HAZOP.Engineering15 threat pathwaysI&C Engineering60 days
4Verify SIL ratings on safety-instrumented functions against IEC 61511 design basis and operational performance records.VerificationAll SIL-credited barriersI&C Engineering120 days
5Run a multi-discipline barrier-diversity review (Operations, Maintenance, HSE, I&C) to identify non-hardware barriers that exist at the plant.WorkshopCross-cutting (all systems)HSSE Manager90 days
6No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.ImprovementACCProcess Safety Lead60 days
7Extend HAZOP scope to cover the missing mandatory systems: Fuel Gas Receiving Station, Gas Turbine Lubrication System, GT Enclosure Ventilation and Fire Suppression, HRSG Drums (HP/IP/LP) and Downcomer System, Superheater and Reheater, EconImprovementCross-cutting (all systems)Process Safety Lead60 days
8No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.ImprovementAuxiliary SteamProcess Safety Lead60 days

1.5 ALARP Position Statement

Based on this desk-review assessment, risks from 2 of 19 MAH scenarios cannot be confirmed as ALARP until the priority recommendations are addressed. The principal concerns are Ammonia/SCR, Fuel Oil where barrier coverage falls below industry good practice for CCGT facilities. The 25 Critical and 38 Major findings identified in Section 9 represent the minimum actions required before an ALARP demonstration can be completed. A formal ALARP assessment requires site-validated PFD data and operational performance evidence, which are outside the scope of this desk review.

2. Introduction, Scope and Methodology

2.1 Purpose and Objectives

This report converts the HAZOP study for Copy_of_Qasim_HAZOP_report_Excel.xlsx into structured bowtie risk assessment diagrams per CCPS / EI "Bow Ties in Risk Management" (2018). Objectives: (a) classify HAZOP safeguards as prevention or mitigation barriers, (b) identify gaps where barriers are missing or weakened, (c) derive the SCE/SCA register with FARSI performance standards, and (d) produce a Synergi-compatible barrier register for downstream import.

2.2 Scope and Battery Limits

HAZOP source: 1123 rows analysed, 355 scenarios with severity S>=3 (SPEC-XL §5 step 1 filter). Out of scope: electrical protection systems (covered in a separate E-HAZOP study), and equipment with no S>=3 scenarios.

2.3 Scope Completeness Check

The submitted HAZOP is benchmarked against the Ascendera Reference Scope v1.0 for CCGT (40 reference systems, 32 mandatory). Scope Coverage: 10 of 32 mandatory systems -- LIMITED

Submitted HAZOP covers 10 of 32 mandatory systems for CCGT scope (31% mandatory coverage). Classification: LIMITED. Missing mandatory: Fuel Gas Receiving Station, Gas Turbine Lubrication System, GT Enclosure Ventilation and Fire Suppression, HRSG Drums (HP/IP/LP) and Downcomer System, Superheater and Reheater, Economiser, Steam Turbine Lube, Seal, and Control Oil, Condensate Polishing, Demineralisation Water Treatment, Boiler Water Chemical Dosing, Generator Step-Up Transformer, Unit Auxiliary and Station Service Transformers, HV / EHV Switchyard (AIS or GIS), Medium Voltage Switchgear, Emergency Diesel Generator, Distributed Control System and SCADA, Safety Instrumented System / Emergency Shutdown, Fire and Gas Detection, Special Hazard Fire Suppression, Plant Service Air, Nitrogen Generation and Distribution, HVAC for MCC, Chemical Buildings, Control Room. Conclusions in this report relate only to the packages studied; a complete asset-level risk picture requires extension of the HAZOP to the excluded scope.

Reference SystemClassificationStatus Matched HAZOP NodeRationale
Fuel Gas Heating, Filtration and Let-downMandatorycovered48. FGS NODE 10 Common condensate tank for fuel gas conditioning area (NET capacity: 5 M3)Node '48. FGS NODE 10 Common condensate tank for fuel gas conditioning area (NET capacity: 5 M3)' matched 'Fuel Gas Heating, Filtration and Let-down' (fuzzy ratio 100).
Gas Turbine and EnclosureMandatorycovered28. STG NODE 3 Steam System for HP Steam TurbineNode '28. STG NODE 3 Steam System for HP Steam Turbine' matched 'Gas Turbine and Enclosure' (fuzzy ratio 78).
Gas Turbine Fuel Manifold, Nozzles, PurgeMandatorycovered13. Fuel Oil SystemNode '13. Fuel Oil System' matched 'Gas Turbine Fuel Manifold, Nozzles, Purge' (fuzzy ratio 85).
Steam TurbineMandatorycovered28. STG NODE 3 Steam System for HP Steam TurbineNode '28. STG NODE 3 Steam System for HP Steam Turbine' matched 'Steam Turbine' (fuzzy ratio 100).
Condenser (Surface or Air-Cooled)Mandatorycovered30. STG NODE 5 Turbine Sealing System with Gland CondenserNode '30. STG NODE 5 Turbine Sealing System with Gland Condenser' matched 'Condenser (Surface or Air-Cooled)' (fuzzy ratio 100).
Feedwater System (HP / IP / LP)Mandatorycovered1. HP steam SystemNode '1. HP steam System' matched 'Feedwater System (HP / IP / LP)' (fuzzy ratio 75).
Air-Cooled CondenserConditionalcovered56. ACC NODE 1 Steam & Condensate Collection SystemNode '56. ACC NODE 1 Steam & Condensate Collection System' matched 'Air-Cooled Condenser' (fuzzy ratio 100).
Auxiliary (Closed-Loop) Cooling Water SystemMandatorycovered10. Raw Water SystemNode '10. Raw Water System' matched 'Auxiliary (Closed-Loop) Cooling Water System' (fuzzy ratio 86).
Generator, Exciter, Cooling, Seal OilMandatorycovered38. STG NODE 13 Generator Shaft Seal SystemNode '38. STG NODE 13 Generator Shaft Seal System' matched 'Generator, Exciter, Cooling, Seal Oil' (fuzzy ratio 100).
Plant Fire Water SystemMandatorycovered10. Raw Water SystemNode '10. Raw Water System' matched 'Plant Fire Water System' (fuzzy ratio 86).
Instrument Air Compression, Drying, DistributionMandatorycovered32. STG NODE 7 Instrument Air System for STGNode '32. STG NODE 7 Instrument Air System for STG' matched 'Instrument Air Compression, Drying, Distribution' (fuzzy ratio 100).
Fuel Gas Receiving StationMandatorymissing—No submitted HAZOP node matched 'Fuel Gas Receiving Station' (best fuzzy ratio 62 below threshold 75).
Gas Turbine Lubrication SystemMandatorymissing—No submitted HAZOP node matched 'Gas Turbine Lubrication System' (best fuzzy ratio 65 below threshold 75).
GT Enclosure Ventilation and Fire SuppressionMandatorymissing—No submitted HAZOP node matched 'GT Enclosure Ventilation and Fire Suppression' (best fuzzy ratio 48 below threshold 75).
HRSG Drums (HP/IP/LP) and Downcomer SystemMandatorymissing—No submitted HAZOP node matched 'HRSG Drums (HP/IP/LP) and Downcomer System' (best fuzzy ratio 60 below threshold 75).
Superheater and ReheaterMandatorymissing—No submitted HAZOP node matched 'Superheater and Reheater' (best fuzzy ratio 51 below threshold 75).
EconomiserMandatorymissing—No submitted HAZOP node matched 'Economiser' (best fuzzy ratio 42 below threshold 75).
Steam Turbine Lube, Seal, and Control OilMandatorymissing—No submitted HAZOP node matched 'Steam Turbine Lube, Seal, and Control Oil' (best fuzzy ratio 65 below threshold 75).
Condensate PolishingMandatorymissing—No submitted HAZOP node matched 'Condensate Polishing' (best fuzzy ratio 74 below threshold 75).
Demineralisation Water TreatmentMandatorymissing—No submitted HAZOP node matched 'Demineralisation Water Treatment' (best fuzzy ratio 62 below threshold 75).
Boiler Water Chemical DosingMandatorymissing—No submitted HAZOP node matched 'Boiler Water Chemical Dosing' (best fuzzy ratio 53 below threshold 75).
Generator Step-Up TransformerMandatorymissing—No submitted HAZOP node matched 'Generator Step-Up Transformer' (best fuzzy ratio 60 below threshold 75).
Unit Auxiliary and Station Service TransformersMandatorymissing—No submitted HAZOP node matched 'Unit Auxiliary and Station Service Transformers' (best fuzzy ratio 62 below threshold 75).
HV / EHV Switchyard (AIS or GIS)Mandatorymissing—No submitted HAZOP node matched 'HV / EHV Switchyard (AIS or GIS)' (best fuzzy ratio 0 below threshold 75).
Medium Voltage SwitchgearMandatorymissing—No submitted HAZOP node matched 'Medium Voltage Switchgear' (best fuzzy ratio 0 below threshold 75).
Emergency Diesel GeneratorMandatorymissing—No submitted HAZOP node matched 'Emergency Diesel Generator' (best fuzzy ratio 72 below threshold 75).
Distributed Control System and SCADAMandatorymissing—No submitted HAZOP node matched 'Distributed Control System and SCADA' (best fuzzy ratio 60 below threshold 75).
Safety Instrumented System / Emergency ShutdownMandatorymissing—No submitted HAZOP node matched 'Safety Instrumented System / Emergency Shutdown' (best fuzzy ratio 57 below threshold 75).
Fire and Gas DetectionMandatorymissing—No submitted HAZOP node matched 'Fire and Gas Detection' (best fuzzy ratio 48 below threshold 75).
Special Hazard Fire SuppressionMandatorymissing—No submitted HAZOP node matched 'Special Hazard Fire Suppression' (best fuzzy ratio 0 below threshold 75).
Plant Service AirMandatorymissing—No submitted HAZOP node matched 'Plant Service Air' (best fuzzy ratio 59 below threshold 75).
Nitrogen Generation and DistributionMandatorymissing—No submitted HAZOP node matched 'Nitrogen Generation and Distribution' (best fuzzy ratio 62 below threshold 75).
HVAC for MCC, Chemical Buildings, Control RoomMandatorymissing—No submitted HAZOP node matched 'HVAC for MCC, Chemical Buildings, Control Room' (best fuzzy ratio 42 below threshold 75).
Fuel Oil Receiving, Storage, TransferConditionalmissing—No submitted HAZOP node matched 'Fuel Oil Receiving, Storage, Transfer' (best fuzzy ratio 70 below threshold 75).
Selective Catalytic Reduction (SCR)Conditionalmissing—No submitted HAZOP node matched 'Selective Catalytic Reduction (SCR)' (best fuzzy ratio 0 below threshold 75).
Once-Through Cooling Water Intake and OutfallConditionalmissing—No submitted HAZOP node matched 'Once-Through Cooling Water Intake and Outfall' (best fuzzy ratio 63 below threshold 75).
Wet Mechanical- or Natural-Draft Cooling TowerConditionalmissing—No submitted HAZOP node matched 'Wet Mechanical- or Natural-Draft Cooling Tower' (best fuzzy ratio 70 below threshold 75).
Black Start CapabilityConditionalmissing—No submitted HAZOP node matched 'Black Start Capability' (best fuzzy ratio 0 below threshold 75).
Burner Management SystemConditionalmissing—No submitted HAZOP node matched 'Burner Management System' (best fuzzy ratio 44 below threshold 75).
Auxiliary (Startup) BoilerConditionalmissing—No submitted HAZOP node matched 'Auxiliary (Startup) Boiler' (best fuzzy ratio 72 below threshold 75).

2.4 Methodology

StandardApplication
IEC 61882:2016HAZOP study methodology (source data)
CCPS / EI Bow Ties in Risk Management (2018)Bowtie methodology, barrier criteria
IEC / ISO 31010:2019Risk assessment techniques framework
IEC 61511:2016SIS requirements for SIL-rated barriers
IOGP Report 544Barrier standardisation and classification
API RP 754Process safety performance indicators
Energy Institute SCE Performance Standards (2019)FARSI model for performance standards

2.5 Confidence Doctrine

Evidence confidence is capped at 65/100 for any desk-review run. Site verification is a separate, paid activity that is not covered by this report. Every page footer carries the FOR REVIEW -- REQUIRES PROCESS SAFETY TEAM VALIDATION notice.

3. Facility Description

Facility name: Copy_of_Qasim_HAZOP_report_Excel.xlsx
Technology: CCGT
HAZOP source file: /data/output/003bb41d-890d-4104-928a-1daf2c3c2d9f/input.xlsx
HAZOP rows ingested: 1123

3.1 Asset Boundaries

Asset boundaries follow the systems defined in the source HAZOP. See Section 5 for system-by-system breakdown including hazardous inventory, operating envelope, threat pathways, and barrier coverage. Section 4 lists the Major Accident Hazards this assessment addresses.

4. Major Accident Hazard Register

The following MAH register summarises every Major Accident Hazard scenario identified at this facility. Each MAH maps to one bowtie diagram in Section 5.

MAH IDSystemHazardTop EventMax SeverityBowtie Ref
MAH-CCGT-AC-001ACCAir cooled condenserLoss of containment from air-cooled condenserS=4 (D)BT-CCGT-AC-001
MAH-CCGT-AX-001Auxiliary SteamAuxiliary steam system for deaerator and tracingLoss of containment of auxiliary steamS=4 (D)BT-CCGT-AX-001
MAH-CCGT-BY-001HRSG BypassHP/IP/LP bypass valves dumping steam to condenser during tripLoss of containment from HRSG bypass and casingS=4 (D)BT-CCGT-BY-001
MAH-CCGT-DB-001HRSG Duct BurnerNatural gas fired duct burner in HRSGUncontrolled release from HRSG duct burnerS=5 (E)BT-CCGT-DB-001
MAH-CCGT-FG-001Fuel GasPressurised natural gas in fuel gas supply pipeworkLoss of containment of natural gas from fuel gas systemS=5 (E)BT-CCGT-FG-001
MAH-CCGT-FO-001Fuel OilBackup fuel oil (HFO / LFO) supply systemLoss of containment of fuel oilS=5 (E)BT-CCGT-FO-001
MAH-CCGT-FW-001FeedwaterHigh pressure boiler feedwaterLoss of containment from feedwater systemS=5 (E)BT-CCGT-FW-001
MAH-CCGT-GH-001Generator H2Hydrogen cooling gas in generator casingUncontrolled release of hydrogen from generatorS=5 (E)BT-CCGT-GH-001
MAH-CCGT-HI-001HRSG IPIP water/steam in HRSG IP sectionLoss of containment from HRSG IP sectionS=5 (E)BT-CCGT-HI-001
MAH-CCGT-HL-001HRSG LPLP water/steam in HRSG LP sectionLoss of containment from HRSG LP sectionS=5 (E)BT-CCGT-HL-001
MAH-CCGT-HP-001HP SteamHigh pressure superheated steam in HP steam headerLoss of containment of HP steamS=4 (D)BT-CCGT-HP-001
MAH-CCGT-HR-001HRSG HPHP water/steam in HRSG HP section (economiser, evaporator, superheater)Loss of containment from HRSG HP sectionS=4 (D)BT-CCGT-HR-001
MAH-CCGT-LP-001LP SteamLP steam header distributionLoss of containment of LP steamS=4 (D)BT-CCGT-LP-001
MAH-CCGT-NH-001Ammonia/SCRAqueous ammonia (19-25%) for SCR injectionUncontrolled release of ammoniaS=4 (A)BT-CCGT-NH-001
MAH-CCGT-SS-001STG SteamHP/IP/LP steam within steam turbine casingLoss of containment from steam turbineS=4 (D)BT-CCGT-SS-001
MAH-CR-001CRH SteamCondensate in CRH SteamLoss of containment of cold reheat steamS=4 (D)BT-CR-001
MAH-HH-001HRH SteamSteam in HRH SteamLoss of containment of hot reheat steamS=4 (D)BT-HH-001
MAH-SL-001STG SealsHydrogen in STG SealsLoss of containment from turbine shaft sealsS=5 (E)BT-SL-001
MAH-LO-001STG Lube OilLube oil in STG Lube OilLoss of containment of lube oil from ST systemS=4 (D)BT-LO-001

5. System-Level Bowtie Assessments

One sub-section per system. Each contains the system description, the hazard, the bowtie SVG, the barrier register, and the gap findings specific to that system.

5.1 ACC

Catalogue ref: BT-CCGT-AC-001
Hazard: Air cooled condenser
Top Event: Loss of containment from air-cooled condenser
Max severity: S=4 | Prev barriers: 6 | Mit barriers: 5 | Gaps: 2

ACC has 6 prevention and 5 mitigation barriers. Of these, 6 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 2 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 3 barrier types (Hardware - Active, Organizational, Procedural). Barrier effectiveness from desk review: 64% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

Air cooled condenser HAZARD: Air cooled condenser Tube leak from corrosion or mechanical damage Tube leak from corrosion or mechanical damage THR-AC-001 Vacuum system failure causing air ingress Vacuum system failure causing air ingress THR-AC-002 Steam release / scald near walkway Steam release / scald near walkway S=3 CON-AC-001 Steam release causing equipment damage Steam release causing equipment damage S=4 CON-AC-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from air-cooled condenser TOP EVENT Loss of containment from air-cooled... ACC is designed for worst case scenario including opening of LP/IP bypass. ACC is designed for worst case... HW-A FAL-10LCA04-CF101A/B: Flow alarm low (1oo2) Flow alarm low (1oo2) HW-A MOV-10MAJ45-AA075: Motor operated isolation valve Motor operated isolation... HW-A MOV-10LBG45-AA080: Motor operated isolation valve Motor operated isolation... HW-A PAL-10LBG45-CP001: Pressure alarm low (alert the operator) Pressure alarm low (alert the... HW-A TAH-10MAJ42-CT122: Temperature alarm high (alert the operator) Temperature alarm high (alert the... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-ANS-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-ANS-002
Vacuum system failure in the ACC allows air ingress into the steam space, degrading condenser performance and potentially causing oxygen corrosion of tube internals. This mechanism is typically prevented by vacuum pump redundancy, air ejector systems, and vacuum leak detection. The HAZOP documented safeguards for tube leak and pressure control but did not address the vacuum-loss initiation mechanism as a separate cause. Verify: (a) vacuum pump standby/auto-start arrangement, (b) vacuum alarm setpoints and operator response procedure, (c) air ingress detection (e.g., dissolved oxygen monitoring).

5.2 Auxiliary Steam

Catalogue ref: BT-CCGT-AX-001
Hazard: Auxiliary steam system for deaerator and tracing
Top Event: Loss of containment of auxiliary steam
Max severity: S=4 | Prev barriers: 6 | Mit barriers: 5 | Gaps: 2

Auxiliary Steam has 6 prevention and 5 mitigation barriers. Of these, 6 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 2 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 3 barrier types (Hardware - Active, Organizational, Procedural). Barrier effectiveness from desk review: 64% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

Auxiliary steam system for deaerator and tracing HAZARD: Auxiliary steam system for deaerator and tracing Aux steam line leak at flanged connection Aux steam line leak at flanged connection THR-AX-001 Pressure excursion from PRV failure Pressure excursion from PRV failure THR-AX-002 Aux steam leak / scald Aux steam leak / scald S=3 CON-AX-001 Steam release causing equipment damage Steam release causing equipment damage S=4 CON-AX-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment of auxiliary steam TOP EVENT Loss of containment of auxiliary steam Online sampling of water / steam Online sampling of water / steam PROC VALVE-10LBG10-AA406: Valve position feedback Valve position feedback HW-A VALVE-10LBC10-AA406: Valve position feedback Valve position feedback HW-A MOV-10LBC06-AA402: Motor operated isolation valve Motor operated isolation... HW-A TAH-10MAW82-CT055: Temperature alarm high (056 /057 /058 are available to alert Temperature alarm high (056 /057... HW-A TAL-10MAW82-CT055: Temperature alarm low (056 /057 /058 are available to alert Temperature alarm low (056 /057... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-A-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-A-002
PRV failure to reseat after a legitimate overpressure event causes continuous steam release until the system is depressurised and the PRV can be isolated for maintenance. This is a known failure mode where the valve lifts correctly but the seat is damaged by the high-velocity steam flow and cannot re-seal. Prevention includes: regular PRV bench testing (typically 12-month cycle per API 576), selection of resilient-seat designs for clean steam service, and installed-spare PRV arrangements allowing online changeover. The HAZOP did not list PRV testing or maintenance as a safeguard. Verify: (a) PRV test interval and compliance history, (b) PRV type and seat material, (c) spare PRV arrangement for online changeout.

5.3 HRSG Bypass

Catalogue ref: BT-CCGT-BY-001
Hazard: HP/IP/LP bypass valves dumping steam to condenser during trip
Top Event: Loss of containment from HRSG bypass and casing
Max severity: S=4 | Prev barriers: 3 | Mit barriers: 5 | Gaps: 2

HRSG Bypass has 3 prevention and 5 mitigation barriers. Of these, 3 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 2 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 3 barrier types (Hardware - Active, Organizational, Procedural). Barrier effectiveness from desk review: 50% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

HP/IP/LP bypass valves dumping steam to condenser during trip HAZARD: HP/IP/LP bypass valves dumping steam to condenser during Bypass valve failure to open on turbine trip Bypass valve failure to open on turbine trip THR-BY-001 Steam release from bypass valve body/bonnet leak Steam release from bypass valve body/bonnet leak THR-BY-002 Steam jet injury to personnel Steam jet injury to personnel S=4 CON-BY-001 Pipe rupture and equipment damage Pipe rupture and equipment damage S=4 CON-BY-002 Thermal burns / scald Thermal burns / scald S=4 CON-BY-003 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from HRSG bypass and casing TOP EVENT Loss of containment from HRSG bypass and... UPS power backup is available for 24 hours for control system. UPS power backup is available... HW-A PDAL XYMBR10-CP151/152 PDAL XYMBR10-CP151/152 HW-A Operator-controlled flue gas supervision Operator-controlled flue gas supervision HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HNB-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-HNB-002
Threat pathway 'Steam release from bypass valve body/bonnet leak' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.

5.4 HRSG Duct Burner

Catalogue ref: BT-CCGT-DB-001
Hazard: Natural gas fired duct burner in HRSG
Top Event: Uncontrolled release from HRSG duct burner
Max severity: S=5 | Prev barriers: 5 | Mit barriers: 7 | Gaps: 2

HRSG Duct Burner has 5 prevention and 7 mitigation barriers. Of these, 5 were traced to HAZOP safeguards while 7 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 2 barrier types (Hardware - Active, Hardware - Passive). Barrier effectiveness from desk review: 58% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 3 consequence-specific barriers parented to individual consequences (event-tree branching).

Natural gas fired duct burner in HRSG HAZARD: Natural gas fired duct burner in HRSG Uncontrolled gas release from duct burner supply Uncontrolled gas release from duct burner supply THR-DB-001 Flame failure with delayed re-ignition attempt Flame failure with delayed re-ignition attempt THR-DB-002 Jet fire Jet fire S=5 CON-DB-001 Vapour cloud explosion Vapour cloud explosion S=5 CON-DB-002 Flash fire Flash fire S=4 CON-DB-003 Firewater deluge / water spray system Firewater deluge / water spra... HW-A Fireproofing on structural steel (UL 1709) Fireproofing on structural steel (UL... HW-P Blast rated control room (API 752) Blast rated control room (API 752) HW-P Uncontrolled release from HRSG duct burner TOP EVENT Uncontrolled release from HRSG duct burner PRV-11HHG01-AA003: Pressure relief valve Pressure relief valve HW-P NRV NRV HW-A FCV-11HHG01-AA101: Flow control valve (control loop regulate downstream flow) Flow control valve (control l... HW-A Instrument interlock: instrument interlock and START standby cooling air fan. Instrument interlock: instrument... HW-A Instrument interlock: instrument interlock and START standby cooling air fan. Instrument interlock: instrument... HW-A Fire and gas detection system Fire and gas detection system HW-A F&G interlock to ESDV F&G interlock to ESDV HW-A Site emergency response plan Site emergency response plan HW-A Hazardous area classification (IEC 60079) Hazardous area classifica... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HND-001
No mitigative barriers identified in HAZOP. All 7 suggested barriers marked for validation.
CRITICAL GAP-HND-002
Single barrier on domain_knowledge pathway (THR-DB-002). Single point of failure on S=5 catastrophic consequence.

5.5 Fuel Gas

Catalogue ref: BT-CCGT-FG-001
Hazard: Pressurised natural gas in fuel gas supply pipework
Top Event: Loss of containment of natural gas from fuel gas system
Max severity: S=5 | Prev barriers: 16 | Mit barriers: 7 | Gaps: 3

Fuel Gas has 16 prevention and 7 mitigation barriers. Of these, 17 were traced to HAZOP safeguards while 6 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 3 barrier types (Hardware - Active, Hardware - Passive, Procedural). Barrier effectiveness from desk review: 70% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

Pressurised natural gas in fuel gas supply pipework HAZARD: Pressurised natural gas in fuel gas supply pipework Overpressure due to regulator failure or blocked outlet Overpressure due to regulator failure or blocked outlet THR-FG-001 External corrosion / mechanical damage to pipework External corrosion / mechanical damage to pipework THR-FG-002 Flange or connection leak (vibration / thermal cycling) Flange or connection leak (vibration / thermal cycling) THR-FG-003 Valve passing during maintenance or isolation Valve passing during maintenance or isolation THR-FG-004 Vapour cloud explosion in congested area Vapour cloud explosion in congested area S=5 CON-FG-001 Equipment damage requiring forced outage Equipment damage requiring forced outage S=4 CON-FG-002 Blast rated control room (API 752) Blast rated control room (API 752) HW-P Loss of containment of natural gas from fuel gas system TOP EVENT Loss of containment of natural gas fro... Stack monitoring Stack monitoring PROC PAL-00QFB01-CP101A/B: Pressure alarm low (1oo2) Pressure alarm low (1oo2) HW-A LSL-00EKC10-CL202: Level switch low (alert the operator) Level switch low (alert the operator) HW-A BT00EKC10-BT001: alert the operator alert the operator HW-A PAL-00EKC50-CP101: Pressure alarm low (00EKC60-CP101 / 00EKC70-CP101 alert the Pressure alarm low (00EKC60-C... HW-A LSH-11EKC30-CL202: Level switch high (A/B (1oo) Level switch high (A/B (1oo) HW-A Condensate transfer pump trip/run monitoring Condensate transfer pump trip/run... HW-A TAH-11EKC30-CT001: Temperature alarm high (A/B (1oo) Temperature alarm high (A/B (1oo) HW-A TAL-11EKC30-CT001: Temperature alarm low (A/B (1oo) Temperature alarm low (A/B (1oo) HW-A TAL-11EKC10-CT002: Temperature alarm low (A/B (1oo) Temperature alarm low (A/B (1oo) HW-A VALVE-00EKC10-AA402: Valve position confirmation ON/OFF Valve position confirmati... HW-A VALVE-11EKT20-AA109: Valve position confirmation pneumatic ON/OFF Valve position confirmati... HW-A VALVE-11EKT20-AA113: Pneumatic control valve positioner Pneumatic control valve positioner HW-A VALVE-11EKT20-AA106: Valve position confirmation pneumatic ON/OFF Valve position confirmati... HW-A VALVE-11EKT20-AA101: Valve position confirmation pneumatic ON/OFF Valve position confirmati... HW-A VALVE-11EKT10-AA111: Pneumatic control valve positioner Pneumatic control valve positioner HW-A AAH-00EKC10-AI002: Gas detection alarm (20% LEL) Gas detection alarm (20% LEL) HW-A Fire and gas detection system Fire and gas detection system HW-A F&G interlock to ESDV F&G interlock to ESDV HW-A Firewater deluge / water spray system Firewater deluge / water spra... HW-A Site emergency response plan Site emergency response plan HW-A Fireproofing on structural steel (UL 1709) Fireproofing on structural steel (UL... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-FNF-001
Single barrier on from_hazop pathway (THR-FG-002). Single point of failure on S=5 catastrophic consequence.
MINOR GAP-FNF-002
Field positioner safeguard PB-FG-036 used as a barrier but SIL rating is not confirmed.
MINOR GAP-FNF-003
Field positioner safeguard PB-FG-031 used as a barrier but SIL rating is not confirmed.

5.6 Fuel Oil

Catalogue ref: BT-CCGT-FO-001
Hazard: Backup fuel oil (HFO / LFO) supply system
Top Event: Loss of containment of fuel oil
Max severity: S=5 | Prev barriers: 0 | Mit barriers: 7 | Gaps: 3

Fuel Oil has 0 prevention and 7 mitigation barriers. Of these, 2 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 3 of 3 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 2 barrier types (Hardware - Active, Hardware - Passive). Barrier effectiveness from desk review: 57% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 3 consequence-specific barriers parented to individual consequences (event-tree branching).

Backup fuel oil (HFO / LFO) supply system HAZARD: Backup fuel oil (HFO / LFO) supply system Flange leak from fuel oil pipework Flange leak from fuel oil pipework THR-FO-001 Tank overflow or overfill during delivery Tank overflow or overfill during delivery THR-FO-002 Pump seal failure Pump seal failure THR-FO-003 Jet fire Jet fire S=5 CON-FO-001 Vapour cloud explosion Vapour cloud explosion S=5 CON-FO-002 Flash fire Flash fire S=4 CON-FO-003 Flame / fire detection (from F&G) Flame / fire detection (from F&G) HW-A Fire detection in oil area Fire detection in oil area HW-A Loss of containment of fuel oil TOP EVENT Loss of containment of fuel oil Gas detection system (from F&G) Gas detection system (from F&G) HW-A Spill response kit Spill response kit HW-A Site emergency response plan Site emergency response plan HW-A Bund containment around tank (API 650) Bund containment around tan... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-FOS-001
Flange and connection leaks on lube oil pipework are caused by vibration-induced bolt relaxation, gasket degradation, and thermal cycling. Standard prevention includes: joint integrity management programme (ASME PCC-1), controlled bolt torquing procedures, vibration monitoring on turbine/generator bearings, and periodic inspection of flange connections during planned outages. The HAZOP did not document joint integrity or inspection safeguards for lube oil flanges. Verify: (a) joint integrity programme scope covers lube oil system, (b) bolt torque records for critical flanges, (c) vibration trending data, (d) flange inspection scope in planned maintenance.
CRITICAL GAP-FOS-002
Tank overflow during fuel oil delivery is prevented by independent high-level alarms (LAH), high-high level trips (LAHH) with automatic shutoff of the transfer pump or inlet valve, and secondary containment (bund) sized to contain the full tank volume plus rainfall. The HAZOP did not document level protection or overflow prevention for the fuel oil storage tank as safeguards. Verify: (a) independent LAH and LAHH instruments on the tank, (b) automatic transfer pump trip on LAHH, (c) bund sizing and drainage arrangement, (d) delivery procedure with operator attendance requirements.
CRITICAL GAP-FOS-003
Pump seal failure on fuel oil transfer or forwarding pumps releases flammable liquid at the pump skid. Standard prevention includes: dual mechanical seals (API Plan 52/54), seal flush systems, bearing temperature and vibration monitoring with alarm and trip, and seal leak detection (drip collection, level alarm on seal drain pot). The HAZOP did not list seal-specific safeguards for fuel oil pumps. Verify: (a) seal arrangement type (single/dual/tandem), (b) seal support system (flush, quench, buffer), (c) seal leak detection method, (d) bearing monitoring with trip setpoints.

5.7 Feedwater

Catalogue ref: BT-CCGT-FW-001
Hazard: High pressure boiler feedwater
Top Event: Loss of containment from feedwater system
Max severity: S=5 | Prev barriers: 9 | Mit barriers: 4 | Gaps: 1

Feedwater has 9 prevention and 4 mitigation barriers. Of these, 9 were traced to HAZOP safeguards while 4 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 77% Effective; the remainder are Partially Effective and need site validation.

High pressure boiler feedwater HAZARD: High pressure boiler feedwater BFP discharge pipe rupture (high energy) BFP discharge pipe rupture (high energy) THR-FW-001 Feedwater chemistry excursion causing tube damage Feedwater chemistry excursion causing tube damage THR-FW-002 Pipe rupture and equipment damage Pipe rupture and equipment damage S=3 CON-FW-001 Major equipment failure with escalation potential Major equipment failure with escalation potential S=5 CON-FW-002 Loss of containment from feedwater system TOP EVENT Loss of containment from feedwater system Online sampling of water / steam Online sampling of water / steam PROC TCV-11LAE05-AA101: Temperature control valve (Confirmed OPEN/CLOSE/Discrepancy Temperature control valve (Confirmed... HW-A VALVE-11LAE05-AA004: Valve position feedback Valve position feedback HW-A MOV-11LAB02-AA004: Motor operated isolation valve Motor operated isolation... HW-A MOV-11LAB02-AA002: Motor operated isolation valve Motor operated isolation... HW-A VALVE-11LAB02-AA101: Valve position feedback Valve position feedback HW-A Online SWAS feedwater quality analysis Online SWAS feedwater quality... HW-A PDAH-11LAB02-CP181: Differential pressure alarm high (11LAB03-CP181 alert the Differential pressure alarm high... HW-A FAL-11LAB01-CF101A/B: Flow alarm low (1oo2) Flow alarm low (1oo2) HW-A Emergency isolation valve Emergency isolation valve HW-A Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Leak detection and area drainage Leak detection and area drainage HW-P Access restriction to BFP area Access restriction to BFP area ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-F-001
No mitigative barriers identified in HAZOP. All 4 suggested barriers marked for validation.

5.8 Generator H2

Catalogue ref: BT-CCGT-GH-001
Hazard: Hydrogen cooling gas in generator casing
Top Event: Uncontrolled release of hydrogen from generator
Max severity: S=5 | Prev barriers: 5 | Mit barriers: 5 | Gaps: 2

Generator H2 has 5 prevention and 5 mitigation barriers. Of these, 5 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 3 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 2 barrier types (Hardware - Active, Hardware - Passive). Barrier effectiveness from desk review: 80% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 2 consequence-specific barriers parented to individual consequences (event-tree branching).

Hydrogen cooling gas in generator casing HAZARD: Hydrogen cooling gas in generator casing Seal failure allowing H2 escape to atmosphere Seal failure allowing H2 escape to atmosphere THR-GH-001 H2 purity loss (air ingress into casing) H2 purity loss (air ingress into casing) THR-GH-002 Overpressure from H2 supply regulator failure Overpressure from H2 supply regulator failure THR-GH-003 Hydrogen explosion in generator building Hydrogen explosion in generator building S=5 CON-GH-001 Explosion relief panels Explosion relief panels HW-A Blast-rated generator building (API 752) Blast-rated generator building (... HW-P Uncontrolled release of hydrogen from generator TOP EVENT Uncontrolled release of hydrogen from... PSL10MKG21-CP101: alert the operator alert the operator HW-A PSH10MKG21-CP102: alert the operator alert the operator HW-A PAL-00PGB07-CP101A/B: Pressure alarm low (1oo2) Pressure alarm low (1oo2) HW-A PSV-10MKG42-AA191: release excess pressure above [TBC] BARG to safe location release excess pressure... HW-P PSV-10MKG10-AA191: 10MKG01-AA191 release excess pressure above 210 BARG to 10MKG01-AA191 release excess... HW-P H2-specific catalytic detector H2-specific catalytic detector HW-A Ventilation system with gas interlock Ventilation system with gas interlock HW-A Hazardous area classification (IEC 60079) Hazardous area classifica... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-SNH-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL GAP-SNH-002
Vacuum system failure in the ACC allows air ingress into the steam space, degrading condenser performance and potentially causing oxygen corrosion of tube internals. This mechanism is typically prevented by vacuum pump redundancy, air ejector systems, and vacuum leak detection. The HAZOP documented safeguards for tube leak and pressure control but did not address the vacuum-loss initiation mechanism as a separate cause. Verify: (a) vacuum pump standby/auto-start arrangement, (b) vacuum alarm setpoints and operator response procedure, (c) air ingress detection (e.g., dissolved oxygen monitoring).

5.9 HRSG IP

Catalogue ref: BT-CCGT-HI-001
Hazard: IP water/steam in HRSG IP section
Top Event: Loss of containment from HRSG IP section
Max severity: S=5 | Prev barriers: 6 | Mit barriers: 5 | Gaps: 3

HRSG IP has 6 prevention and 5 mitigation barriers. Of these, 6 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 2 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 55% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

IP water/steam in HRSG IP section HAZARD: IP water/steam in HRSG IP section IP section tube leak from FAC or corrosion IP section tube leak from FAC or corrosion THR-HI-001 Thermal stress during startup/shutdown transitions Thermal stress during startup/shutdown transitions THR-HI-002 Tube rupture and IP steam release Tube rupture and IP steam release S=4 CON-HI-001 Major equipment failure with escalation potential Major equipment failure with escalation potential S=5 CON-HI-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from HRSG IP section TOP EVENT Loss of containment from HRSG IP section NRV-11LBA20-AA201: Non-return valve Non-return valve HW-P Online sampling of water / steam Online sampling of water / steam PROC Annual preventive maintenance schedule Annual preventive maintenanc... PROC VALVE-11HAC30-AA101: Pneumatic control valve positioner Pneumatic control valve positioner HW-A LAH-11HAD20-CL121: Level alarm high (A/B/C (2oo) Level alarm high (A/B/C (2oo) HW-A MOV-11LBB10-AA102: Motor operated isolation valve Motor operated isolation... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HNI-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL GAP-HNI-002
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.
MINOR GAP-HNI-003
Field positioner safeguard PB-HI-014 used as a barrier but SIL rating is not confirmed.

5.10 HRSG LP

Catalogue ref: BT-CCGT-HL-001
Hazard: LP water/steam in HRSG LP section
Top Event: Loss of containment from HRSG LP section
Max severity: S=5 | Prev barriers: 8 | Mit barriers: 5 | Gaps: 3

HRSG LP has 8 prevention and 5 mitigation barriers. Of these, 8 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 54% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

LP water/steam in HRSG LP section HAZARD: LP water/steam in HRSG LP section LP tube leak from FAC or corrosion LP tube leak from FAC or corrosion THR-HL-001 Overpressure from stuck LP drum safety valve Overpressure from stuck LP drum safety valve THR-HL-002 LP steam release (scald hazard) LP steam release (scald hazard) S=3 CON-HL-001 Major equipment failure with escalation potential Major equipment failure with escalation potential S=5 CON-HL-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from HRSG LP section TOP EVENT Loss of containment from HRSG LP section NRV-11LBA10-AA201: Non-return valve Non-return valve HW-P Online sampling of water / steam Online sampling of water / steam PROC Annual preventive maintenance schedule Annual preventive maintenanc... PROC VALVE-11LAB61-AA102: Pneumatic control valve positioner Pneumatic control valve positioner HW-A VALVE-11LAB63-AA101: Pneumatic control valve positioner Pneumatic control valve positioner HW-A PAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo) Pressure alarm high (A/B/C (2oo) HW-A PSV-11LBA30-AA191: PSV set (PSV-11HAD30-AA191 and 11HAD30-AA192 PSV set (PSV-11HAD30-AA191 and... HW-P PAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo) Pressure alarm high (A/B/C (2oo) HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HNL-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MINOR GAP-HNL-002
Field positioner safeguard PB-HL-016 used as a barrier but SIL rating is not confirmed.
MINOR GAP-HNL-003
Field positioner safeguard PB-HL-014 used as a barrier but SIL rating is not confirmed.

5.11 HP Steam

Catalogue ref: BT-CCGT-HP-001
Hazard: High pressure superheated steam in HP steam header
Top Event: Loss of containment of HP steam
Max severity: S=4 | Prev barriers: 9 | Mit barriers: 5 | Gaps: 3

HP Steam has 9 prevention and 5 mitigation barriers. Of these, 9 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 4 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 64% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

High pressure superheated steam in HP steam header HAZARD: High pressure superheated steam in HP steam header Overpressure due to blocked outlet or regulator failure Overpressure due to blocked outlet or regulator failure THR-HP-001 Condensate accumulation and water hammer Condensate accumulation and water hammer THR-HP-002 Reverse flow during HRSG maintenance Reverse flow during HRSG maintenance THR-HP-003 Thermal overstress during startup/shutdown Thermal overstress during startup/shutdown THR-HP-004 Steam jet injury to personnel Steam jet injury to personnel S=4 CON-HP-001 Pipe rupture and equipment damage Pipe rupture and equipment damage S=4 CON-HP-002 Steam release causing equipment damage Steam release causing equipment damage S=4 CON-HP-003 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment of HP steam TOP EVENT Loss of containment of HP steam Online sampling of water / steam Online sampling of water / steam PROC High alarm with instrument interlock (auto-trip) High alarm with instrument... HW-A FOR10LBA01-AA409: Valve position feedback Valve position feedback HW-A VALVE-11LBA02-AA101: Valve position feedback Valve position feedback HW-A FOR11LBA02-AA001: Valve position feedback Valve position feedback HW-A PAH-10LBA03-CP121A/B: Pressure alarm high (1oo2) Pressure alarm high (1oo2) HW-A NRV is provided in discharge HP steam line of each HRSG to prevent reverse flow. NRV is provided in discharge... HW-P NRV is provided in discharge HP steam line of each HRSG to prevent reverse flow. NRV is provided in discharge... HW-P MOV: Motor operated isolation valve MOV: Motor operated isolation... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HS-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-HS-002
Single barrier on from_hazop pathway (THR-HP-002). S=4 single-point-of-failure.
MAJOR GAP-HS-003
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.

5.12 HRSG HP

Catalogue ref: BT-CCGT-HR-001
Hazard: HP water/steam in HRSG HP section (economiser, evaporator, superheater)
Top Event: Loss of containment from HRSG HP section
Max severity: S=4 | Prev barriers: 12 | Mit barriers: 5 | Gaps: 6

HRSG HP has 12 prevention and 5 mitigation barriers. Of these, 12 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 2 of 4 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 59% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

HP water/steam in HRSG HP section (economiser, evaporator, superheater) HAZARD: HP water/steam in HRSG HP section (economiser, evaporato Tube failure (creep / FAC / corrosion) Tube failure (creep / FAC / corrosion) THR-HR-001 Feedwater chemistry excursion (caustic/acid attack) Feedwater chemistry excursion (caustic/acid attack) THR-HR-002 Thermal stress during startup/shutdown transitions Thermal stress during startup/shutdown transitions THR-HR-003 Overpressure from blocked safety valve or stuck bypass Overpressure from blocked safety valve or stuck bypass THR-HR-004 HRSG casing damage / tube failure HRSG casing damage / tube failure S=4 CON-HR-001 HP steam release internal to HRSG casing HP steam release internal to HRSG casing S=4 CON-HR-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from HRSG HP section TOP EVENT Loss of containment from HRSG HP section NRV-11LBA10-AA201: Non-return valve Non-return valve HW-P Online sampling of water / steam Online sampling of water / steam PROC Annual preventive maintenance schedule Annual preventive maintenanc... PROC LAH-11HAD10-CL121: Level alarm high (A/B/C (2oo) Level alarm high (A/B/C (2oo) HW-A PAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo) Pressure alarm high (C (2oo) HW-A MOV-11LBA10-AA102: Motor operated isolation valve Motor operated isolation... HW-A VALVE-11LAB63-AA101: Pneumatic control valve positioner Pneumatic control valve positioner HW-A PAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo) Pressure alarm high (C (2oo) HW-A VALVE-11LAE10-AA102: Pneumatic control valve positioner Pneumatic control valve positioner HW-A PDAH-11LAE40-CF181: Differential pressure alarm high (alert the operator) Differential pressure alarm high... HW-A VALVE-11LAE10-AA104: Pneumatic control valve positioner Pneumatic control valve positioner HW-A PDAH-11LAE10-CP181: Differential pressure alarm high (alert the operator) Differential pressure alarm high... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HNH-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-HNH-002
Threat pathway 'Feedwater chemistry excursion (caustic/acid attack)' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.
MAJOR GAP-HNH-003
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.
MINOR GAP-HNH-004
Field positioner safeguard PB-HR-016 used as a barrier but SIL rating is not confirmed.
MINOR GAP-HNH-005
Field positioner safeguard PB-HR-009 used as a barrier but SIL rating is not confirmed.
MINOR GAP-HNH-006
Field positioner safeguard PB-HR-007 used as a barrier but SIL rating is not confirmed.

5.13 LP Steam

Catalogue ref: BT-CCGT-LP-001
Hazard: LP steam header distribution
Top Event: Loss of containment of LP steam
Max severity: S=4 | Prev barriers: 8 | Mit barriers: 5 | Gaps: 1

LP Steam has 8 prevention and 5 mitigation barriers. Of these, 8 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 4 barrier types (Hardware - Active, Hardware - Passive, Organizational, Procedural). Barrier effectiveness from desk review: 69% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

LP steam header distribution HAZARD: LP steam header distribution LP steam line leak at flanged connection LP steam line leak at flanged connection THR-LP-001 LP PRV failure to reseat after overpressure event LP PRV failure to reseat after overpressure event THR-LP-002 LP steam leak / scald LP steam leak / scald S=3 CON-LP-001 Steam release causing equipment damage Steam release causing equipment damage S=4 CON-LP-002 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment of LP steam TOP EVENT Loss of containment of LP steam NRV is provided in discharge LP steam line of each HRSG to prevent reverse flow. NRV is provided in discharge... HW-P Online sampling of water / steam Online sampling of water / steam PROC LABLE11LBA30-CT121: Temperature elements are avai A/B (1oo2)to generate high Temperature elements are avai A/B... HW-A FOR10LBD02-AA405: Valve position feedback Valve position feedback HW-A MOV-11LBD01-AA402: Motor operated isolation valve Motor operated isolation... HW-A MOV-11LBD01-AA001: Motor operated isolation valve Motor operated isolation... HW-A PCV-11LBD02-AA101: Pressure control valve (Confirmed OPEN/CLOSE/Discrepancy Pressure control valve (Confirmed... HW-A PAH-10LBD02-CP101A/B: Pressure alarm high (1oo2) Pressure alarm high (1oo2) HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-LSS-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.

5.14 Ammonia/SCR

Catalogue ref: BT-CCGT-NH-001
Hazard: Aqueous ammonia (19-25%) for SCR injection
Top Event: Uncontrolled release of ammonia
Max severity: S=4 | Prev barriers: 4 | Mit barriers: 6 | Gaps: 3

Ammonia/SCR has 4 prevention and 6 mitigation barriers. Of these, 4 were traced to HAZOP safeguards while 6 were identified from domain knowledge or engineering standards and require site verification. 2 of 3 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 3 barrier types (Hardware - Active, Human - Active, Organizational). Barrier effectiveness from desk review: 50% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

Aqueous ammonia (19-25%) for SCR injection HAZARD: Aqueous ammonia (19-25%) for SCR injection Transfer hose failure during unloading Transfer hose failure during unloading THR-NH-001 Pipework leak in ammonia distribution system Pipework leak in ammonia distribution system THR-NH-002 Tank overfill or overpressure Tank overfill or overpressure THR-NH-003 Toxic ammonia vapour cloud Toxic ammonia vapour cloud S=4 CON-NH-001 Water curtain / spray system Water curtain / spray system HW-A Uncontrolled release of ammonia TOP EVENT Uncontrolled release of ammonia Operator continuous attendance (manual control) Operator continuous attendance... HUM VALVE-10GHD41-AA102: Valve position feedback Valve position feedback HW-A VALVE-10GHD41-AA104: Valve position feedback Valve position feedback HW-A VALVE-10GHD41-AA103: Valve position feedback Valve position feedback HW-A Toxic gas detection (NH3) Toxic gas detection (NH3) HW-A SCBA availability at unloading bay SCBA availability at unloadi... HW-A Emergency shower and eyewash Emergency shower and eyewash HW-A Site emergency response plan Site emergency response plan HW-A Exclusion zone during transfers Exclusion zone during transfers ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HNA-001
No mitigative barriers identified in HAZOP. All 6 suggested barriers marked for validation.
MAJOR GAP-HNA-002
Pipework leak in the ammonia distribution system releases toxic vapour. Aqueous ammonia (19-25%) has a significant vapour pressure and can produce a toxic cloud at ambient temperature. Standard prevention includes: corrosion-resistant material selection (typically SS316L or HDPE), flanged connection minimisation (welded construction preferred), periodic wall thickness measurement, and hazardous area classification around ammonia piping routes. The HAZOP documented transfer hose safeguards but did not address fixed pipework integrity. Verify: (a) piping material specification, (b) joint types (welded vs flanged), (c) inspection scope includes ammonia distribution piping, (d) leak detection coverage of ammonia pipe routes.
MAJOR GAP-HNA-003
Tank overflow during fuel oil delivery is prevented by independent high-level alarms (LAH), high-high level trips (LAHH) with automatic shutoff of the transfer pump or inlet valve, and secondary containment (bund) sized to contain the full tank volume plus rainfall. The HAZOP did not document level protection or overflow prevention for the fuel oil storage tank as safeguards. Verify: (a) independent LAH and LAHH instruments on the tank, (b) automatic transfer pump trip on LAHH, (c) bund sizing and drainage arrangement, (d) delivery procedure with operator attendance requirements.

5.15 STG Steam

Catalogue ref: BT-CCGT-SS-001
Hazard: HP/IP/LP steam within steam turbine casing
Top Event: Loss of containment from steam turbine
Max severity: S=4 | Prev barriers: 12 | Mit barriers: 5 | Gaps: 2

STG Steam has 12 prevention and 5 mitigation barriers. Of these, 12 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 3 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 4 barrier types (Hardware - Active, Human - Active, Organizational, Procedural). Barrier effectiveness from desk review: 76% Effective; the remainder are Partially Effective and need site validation. Mitigation includes 1 consequence-specific barrier parented to individual consequences (event-tree branching).

HP/IP/LP steam within steam turbine casing HAZARD: HP/IP/LP steam within steam turbine casing HP/IP/LP steam leak at turbine casing joint HP/IP/LP steam leak at turbine casing joint THR-SS-001 Gland steam system failure causing external leak Gland steam system failure causing external leak THR-SS-002 Valve stem leak on extraction or admission valves Valve stem leak on extraction or admission valves THR-SS-003 Steam jet injury Steam jet injury S=4 CON-SS-001 Turbine damage Turbine damage S=4 CON-SS-002 Steam release causing equipment damage Steam release causing equipment damage S=4 CON-SS-003 Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Loss of containment from steam turbine TOP EVENT Loss of containment from steam turbine Operator continuous attendance (manual control) Operator continuous attendance... HUM PCV: Pressure control valve (LCE81-AA001 is available in upstream to regulate PCV: Pressure control valve (LCE81-AA0... HW-A PCV-10LCE81-AA001: Pressure control valve (Field positioner / Discrepancy Pressure control valve (Field... HW-A PDAH-10LCE81-CP122: Differential pressure alarm high (alert the operator) Differential pressure alarm high... HW-A TAH-10MAC81-CT053A/B: Temperature alarm high (C (2oo) Temperature alarm high (C (2oo) HW-A FCV: Flow control valve (Field positioner / Discrepancy position feedback FCV: Flow control valve (Field... HW-A MV10MAL95-AA401: Valve position feedback Valve position feedback HW-A MV10MAL87-AA401: Valve position feedback Valve position feedback HW-A MV10MAL82-AA401: Valve position feedback Valve position feedback HW-A MV10MAL83-AA401: Valve position feedback Valve position feedback HW-A MV10MAL81-AA401: Valve position feedback Valve position feedback HW-A MV10MAL86-AA401: Valve position feedback Valve position feedback HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-SNB-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-SNB-002
Valve stem leak on extraction or admission valves within the steam turbine casing allows HP/IP/LP steam to escape at the valve bonnet or packing gland. These valves operate at high temperature and pressure with frequent cycling, making packing wear a primary failure mechanism. Standard prevention includes: leak-off connections with monitoring (routed to condenser or drain), packing condition monitoring during operation (visual/thermographic), planned replacement of valve packing during major outages, and live-loading of gland packing. The HAZOP did not document valve-stem-specific safeguards. Verify: (a) leak-off connection arrangement, (b) packing type and replacement schedule, (c) thermographic survey scope includes extraction/admission valve bonnets.

5.16 CRH Steam

Catalogue ref: BT-CR-001
Hazard: Condensate in CRH Steam
Top Event: Loss of containment of cold reheat steam
Max severity: S=4 | Prev barriers: 4 | Mit barriers: 3 | Gaps: 1

CRH Steam has 4 prevention and 3 mitigation barriers. Of these, 4 were traced to HAZOP safeguards while 3 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 3 barrier types (Hardware - Active, Hardware - Passive, Organizational). Barrier effectiveness from desk review: 71% Effective; the remainder are Partially Effective and need site validation.

Condensate in CRH Steam HAZARD: Condensate in CRH Steam Equipment failure Equipment failure THR-CR-001 1. Increase in turbine exhaust temperature beyond acceptable limit. 1. Increase in turbine exhaust temperature beyond acceptable... S=4 CON-CR-001 1. Fail to drain from respective upstream location leading to accumulation of condensate and subsequent carryover to HRH damage. 1. Fail to drain from respective upstream location leading to... S=4 CON-CR-002 1. Over pressurization beyond acceptable limit of respective HRSG CRH section (HRSG tripped). 1. Over pressurization beyond acceptable limit of respective... S=4 CON-CR-003 Loss of containment of cold reheat steam TOP EVENT Loss of containment of cold reheat steam VALVE-10LBC01-AA402: Valve position feedback Valve position feedback HW-A MOV-12LBC01-AA410: Motor operated isolation valve Motor operated isolation... HW-A MOV-11LBC01-AA001: Motor operated isolation valve Motor operated isolation... HW-A FAL-10LCA04-CF101A/B: Flow alarm low (1oo2) Flow alarm low (1oo2) HW-A Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Drain routing to safe location Drain routing to safe location HW-P Access restriction Access restriction ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-CSS-001
No mitigative barriers identified in HAZOP. All 3 suggested barriers marked for validation.

5.17 HRH Steam

Catalogue ref: BT-HH-001
Hazard: Steam in HRH Steam
Top Event: Loss of containment of hot reheat steam
Max severity: S=4 | Prev barriers: 8 | Mit barriers: 5 | Gaps: 1

HRH Steam has 8 prevention and 5 mitigation barriers. Of these, 8 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 3 barrier types (Hardware - Active, Organizational, Procedural). Barrier effectiveness from desk review: 69% Effective; the remainder are Partially Effective and need site validation.

Steam in HRH Steam HAZARD: Steam in HRH Steam Initiating event Initiating event THR-HH-001 Equipment failure Equipment failure THR-HH-002 1. Lower power generation from steam turbine. 1. Lower power generation from steam turbine. S=3 CON-HH-001 1. Potential pressurization of upstream header of respective MOV resulting in damage. 1. Potential pressurization of upstream header of... S=4 CON-HH-002 1. Potential for reverse flow of HRH steam from common header to HRSG under maintenance and subsequent human injury. 1. Potential for reverse flow of HRH steam from common... S=4 CON-HH-003 1. Potential overheating of piping and turbine. 1. Potential overheating of piping and turbine. S=4 CON-HH-004 1. Substandard steam quality leading to turbine internal damage, inefficient functioning of turbine, enhance corrosion in turbine/piping. 1. Substandard steam quality leading to turbine internal... S=3 CON-HH-005 Loss of containment of hot reheat steam TOP EVENT Loss of containment of hot reheat steam Positive isolation (energy isolation for maintenance) Positive isolation (energy... ORG Online sampling of water / steam Online sampling of water / steam PROC LABLE11LBB10-CT123: Temperature elements are avai A/B/C to generate high Temperature elements are avai A/B/C... HW-A PAH-10LBB01-CP121A/B: Pressure alarm high (1oo2)and PAL-10LBB01-CP122 is Pressure alarm high (1oo2)and... HW-A FAL-11LBB10-CF121A/B: Flow alarm low (1oo2) Flow alarm low (1oo2) HW-A FOR10LBB01-AA412: Valve position feedback Valve position feedback HW-A VALVE-11LBB01-AA101: Valve position feedback Valve position feedback HW-A MOV: Motor operated isolation valve MOV: Motor operated isolation... HW-A Steam leak detection and alarm Steam leak detection and alarm HW-A Emergency isolation (remote operated) Emergency isolation (remote... HW-A Insulation and lagging for personnel protection Insulation and lagging for person... HW-A Emergency operating procedures Emergency operating procedures PROC Access restriction and exclusion zones Access restriction and exclus... ORG THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-HRS-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.

5.18 STG Seals

Catalogue ref: BT-SL-001
Hazard: Hydrogen in STG Seals
Top Event: Loss of containment from turbine shaft seals
Max severity: S=5 | Prev barriers: 8 | Mit barriers: 5 | Gaps: 1

STG Seals has 8 prevention and 5 mitigation barriers. Of these, 8 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. Defence-in-depth includes 2 barrier types (Hardware - Active, Hardware - Passive). Barrier effectiveness from desk review: 85% Effective; the remainder are Partially Effective and need site validation.

Hydrogen in STG Seals HAZARD: Hydrogen in STG Seals Initiating event Initiating event THR-SL-001 Equipment failure Equipment failure THR-SL-002 1. Fail to hold seal for HP/IP/LP turbine leading to entry of non-condensable gasses on steam side further leading to vacuum and performance reduction. 1. Fail to hold seal for HP/IP/LP turbine leading to entry of... S=3 CON-SL-001 1. Potential steam leakage from the turbine side leading to contamination of Lube oil leading to deterioration of bearings performance over a period of time. 1. Potential steam leakage from the turbine side leadin... S=5 CON-SL-002 1. Potential for high temperature steam supply to LP turbine seal and subsequent seal damage and contamination of lube oil system. 1. Potential for high temperature steam supply to LP turbin... S=4 CON-SL-003 1. Potential for condensate entry to Shell side leading to deterioration of vacuum and subsequent process upset 1. Potential for condensate entry to Shell side leading... S=5 CON-SL-004 1. Loss of seal oil circulation to generator T&C end and subsequent bearing damage. 1. Loss of seal oil circulation to generator T&C end a... S=3 CON-SL-005 1. Potential high pressure in seal oil circuit. However not significant. 1. Potential high pressure in seal oil circuit. However no... S=3 CON-SL-006 1. Potential loss of seal oil to generator leading to hydrogen seal breakage. 1. Potential loss of seal oil to generator leading to hydrogen... S=3 CON-SL-007 1. Potential level build up in SODE and subsequent seal oil entering inside the generator. 1. Potential level build up in SODE and subsequent seal oil... S=4 CON-SL-008 Loss of containment from turbine shaft seals TOP EVENT Loss of containment from turbine shaft... LAH-10MKW01-CL101: Level alarm high (alert the operator) Level alarm high (alert the operator) HW-A ECTOR10MKW21-BZ001: SODE will overflow to liquid det and alert the operator SODE will overflow to liquid det... HW-A PSL10MKG21-CP101: alert the operator alert the operator HW-A Pump discharge line is designed for pump shut-off head. Pump discharge line is... HW-A FAL-10MKW06-CF001: Flow alarm low (alert the operator) Flow alarm low (alert the operator) HW-A PDAH-10MKW10-CP001: Differential pressure alarm high (A/B (1oo) Differential pressure alarm high... HW-A Auto start of standby Gland condenser blower on tripping of duty blower. Auto start of standby Gland condenser... HW-A PCV: Pressure control valve (Field positioner / Discrepancy position feedback PCV: Pressure control valve (Field... HW-A H2-specific catalytic detector H2-specific catalytic detector HW-A Ventilation system with gas interlock Ventilation system with gas interlock HW-A Explosion relief panels Explosion relief panels HW-A Blast-rated generator building (API 752) Blast-rated generator building (... HW-P Hazardous area classification (IEC 60079) Hazardous area classifica... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-SNT-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.

5.19 STG Lube Oil

Catalogue ref: BT-LO-001
Hazard: Lube oil in STG Lube Oil
Top Event: Loss of containment of lube oil from ST system
Max severity: S=4 | Prev barriers: 5 | Mit barriers: 5 | Gaps: 2

STG Lube Oil has 5 prevention and 5 mitigation barriers. Of these, 5 were traced to HAZOP safeguards while 5 were identified from domain knowledge or engineering standards and require site verification. 1 of 2 specific threat pathways carry no prevention barrier -- these are unprotected initiating-event scenarios that need either safeguard documentation in the HAZOP or an engineering review. Defence-in-depth includes 3 barrier types (Hardware - Active, Hardware - Passive, Procedural). Barrier effectiveness from desk review: 80% Effective; the remainder are Partially Effective and need site validation.

Lube oil in STG Lube Oil HAZARD: Lube oil in STG Lube Oil Equipment failure Equipment failure THR-LO-001 Initiating event Initiating event THR-LO-002 1. Loss of lube oil supply leading to turbine bearing damage 1. Loss of lube oil supply leading to turbine bearing damage S=4 CON-LO-001 Loss of containment of lube oil from ST system TOP EVENT Loss of containment of lube oil from S... Turn around PM schedule is available Turn around PM schedule is available PROC TAH-10MAV95-CT122: Temperature alarm high (A/B (1oo) Temperature alarm high (A/B (1oo) HW-A PAH-10MAV95-CP125: Pressure alarm high (A/B/C (2oo) Pressure alarm high (A/B/C (2oo) HW-A PDAH-10MAV93-CP181: Differential pressure alarm high (alert the operator) Differential pressure alarm high... HW-A PAL-10MAV95-CP125: Pressure alarm low (A/B/C (2oo) Pressure alarm low (A/B/C (2oo) HW-A Oil mist detection Oil mist detection HW-A CO2 / clean agent fire suppression CO2 / clean agent fire suppression HW-A Flame detection near hot surfaces Flame detection near hot... HW-A Drip trays and bund containment Drip trays and bund containment HW-P Fireproofing on structural steel (UL 1709) Fireproofing on structural steel (UL... HW-P THREATS PREVENTION BARRIERS TOP EVENT MITIGATION BARRIERS CONSEQUENCES KEY Threat Top Event Consequence (S4-5) Consequence (S3) Prevention Mitigation Gap (suggested) Effective Partial Impaired Not Assessed
CRITICAL GAP-SNL-001
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR GAP-SNL-002
Threat pathway 'Initiating event' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.

6. Asset Barrier Register

Every barrier identified across the assessment, with side, category, condition, PFD/SIL where known, and provenance tier. Three quality columns help reviewers scope their verification: Independence flags barriers that depend on another (e.g. operator response to an alarm); Shared Count shows how many systems carry the same barrier title (a high count signals systemic dependency); EIA Status is the desk-review Effective / Independent / Auditable validity bucket (Valid / Conditional / Verify / Concern). Cross-references the WORLD_CLASS.xlsx Bowtie Elements sheet.

IDSystemBarrierSide CategoryConditionPFDSIL ProvenanceProvenance DetailIndependenceSharedEIA
PB-AC-019ACCACC is designed for worst case scenario including opening of LP/IP bypass.PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3634 S=4.Independent1Valid
PB-AC-018ACCFAL-10LCA04-CF101A/B: Flow alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3623 FAL-10LCA04-CF101A/B S=4. Also protects Condensate (FAL-10LCA04-CF101A/B).Independent2Valid
PB-AC-017ACCMOV-10MAJ45-AA075: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3612 MOV-10MAJ45-AA075 S=4.Independent1Valid
PB-AC-016ACCMOV-10LBG45-AA080: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3606 MOV-10LBG45-AA080 S=4. Also protects Auxiliary Steam (MOV-10LBG45-AA080).Independent1Valid
PB-AC-015ACCPAL-10LBG45-CP001: Pressure alarm low (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3595 PAL-10LBG45-CP001 S=4. Also protects Auxiliary Steam (PAL-10LBG45-CP001).Dependent (alarm-driven)1Conditional
PB-AC-014ACCTAH-10MAJ42-CT122: Temperature alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3578 TAH-10MAJ42-CT122 S=4.Dependent (alarm-driven)1Conditional
MB-AC-001ACCSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-AC-003ACCEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-AC-004ACCEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-AC-002ACCAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-AC-005ACCInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-AX-004Auxiliary SteamOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 332 S=4.Independent8Valid
PB-AX-003Auxiliary SteamVALVE-10LBG10-AA406: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 302 VALVE-10LBG10-AA406 S=4.Independent1Valid
PB-AX-002Auxiliary SteamVALVE-10LBC10-AA406: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 298 VALVE-10LBC10-AA406 S=4.Independent1Valid
PB-AX-001Auxiliary SteamMOV-10LBC06-AA402: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 289 MOV-10LBC06-AA402 S=4.Independent1Valid
PB-SL-006-X-AXAuxiliary SteamTAH-10MAW82-CT055: Temperature alarm high (056 /057 /058 are available to alertPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2186 TAH-10MAW82-CT055 S=5. Also protects STG Seals (PB-SL-006).Independent1Valid
PB-SL-005-X-AXAuxiliary SteamTAL-10MAW82-CT055: Temperature alarm low (056 /057 /058 are available to alertPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2178 TAL-10MAW82-CT055 S=5. Also protects STG Seals (PB-SL-005).Independent1Valid
MB-AX-001Auxiliary SteamSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-AX-003Auxiliary SteamEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-AX-004Auxiliary SteamEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-AX-002Auxiliary SteamAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-AX-005Auxiliary SteamInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-BY-003HRSG BypassUPS power backup is available for 24 hours for control system.PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1671 S=4.Independent1Valid
PB-BY-002HRSG BypassPDAL XYMBR10-CP151/152PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1628 S=4.Independent1Valid
PB-BY-001HRSG BypassOperator-controlled flue gas supervisionPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1624 S=4.Independent1Valid
MB-BY-001HRSG BypassSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-BY-003HRSG BypassEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-BY-004HRSG BypassEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-BY-002HRSG BypassAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-BY-005HRSG BypassInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-DB-003HRSG Duct BurnerPRV-11HHG01-AA003: Pressure relief valvePreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 1722 PRV-11HHG01-AA003 S=5.Independent1Valid
PB-DB-005HRSG Duct BurnerNRVPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1733 S=5.Independent1Valid
PB-DB-004HRSG Duct BurnerFCV-11HHG01-AA101: Flow control valve (control loop regulate downstream flow)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1725 FCV-11HHG01-AA101 S=5.Independent1Valid
PB-DB-001HRSG Duct BurnerInstrument interlock: instrument interlock and START standby cooling air fan.PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1718 S=5.Independent1Valid
PB-DB-002HRSG Duct BurnerInstrument interlock: instrument interlock and START standby cooling air fan.PreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1718 S=5.Independent1Concern
MB-DB-001HRSG Duct BurnerFire and gas detection systemMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 72 for detection system design; F&G philosophy per ISA TR84.00.07. Not in HAZOP; requires site validation. Ref: NFPA 72, ISA TR84.00.07.Independent2Verify
MB-DB-002HRSG Duct BurnerF&G interlock to ESDVMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 for safety instrumented function; F&G logic per ISA TR84.00.07. Not in HAZOP; requires site validation. Ref: IEC 61511, ISA TR84.00.07.Independent2Verify
MB-DB-007HRSG Duct BurnerSite emergency response planMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer CCPS RBPS Element 15 (Emergency Management); site ERP per local regulatory requirements. Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.15, local ERP regulation.Independent4Verify
MB-DB-006HRSG Duct BurnerHazardous area classification (IEC 60079)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify
MB-DB-003HRSG Duct BurnerFirewater deluge / water spray systemMitigation (branch)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 15 for water spray fixed systems; coverage per NFPA 850 S6.4 for CCGT. Not in HAZOP; requires site validation. Ref: NFPA 15, NFPA 850 S6.4.Independent2Verify
MB-DB-005HRSG Duct BurnerFireproofing on structural steel (UL 1709)Mitigation (branch)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify
MB-DB-004HRSG Duct BurnerBlast rated control room (API 752)Mitigation (branch)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
PB-FG-023Fuel GasStack monitoringPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 2935 S=5.Independent1Valid
PB-FG-042Fuel GasPAL-00QFB01-CP101A/B: Pressure alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3467 PAL-00QFB01-CP101A/B S=5.Independent1Valid
PB-FG-040Fuel GasLSL-00EKC10-CL202: Level switch low (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3430 LSL-00EKC10-CL202 S=5.Dependent (alarm-driven)1Conditional
PB-FG-039Fuel GasBT00EKC10-BT001: alert the operatorPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3411 BT00EKC10-BT001 S=5.Dependent (alarm-driven)1Conditional
PB-FG-028Fuel GasPAL-00EKC50-CP101: Pressure alarm low (00EKC60-CP101 / 00EKC70-CP101 alert thePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3071 PAL-00EKC50-CP101 S=5.Independent1Valid
PB-FG-024Fuel GasLSH-11EKC30-CL202: Level switch high (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3048 LSH-11EKC30-CL202 S=5.Independent1Valid
PB-FG-029Fuel GasCondensate transfer pump trip/run monitoringPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 3132 S=5.Independent1Concern
PB-FG-037Fuel GasTAH-11EKC30-CT001: Temperature alarm high (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3338 TAH-11EKC30-CT001 S=5.Independent1Valid
PB-FG-033Fuel GasTAL-11EKC30-CT001: Temperature alarm low (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3312 TAL-11EKC30-CT001 S=5.Independent1Valid
PB-FG-032Fuel GasTAL-11EKC10-CT002: Temperature alarm low (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3304 TAL-11EKC10-CT002 S=5.Independent1Valid
PB-FG-041Fuel GasVALVE-00EKC10-AA402: Valve position confirmation ON/OFFPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3436 VALVE-00EKC10-AA402 S=5.Independent1Valid
PB-FG-038Fuel GasVALVE-11EKT20-AA109: Valve position confirmation pneumatic ON/OFFPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3348 VALVE-11EKT20-AA109 S=5.Independent1Valid
PB-FG-036Fuel GasVALVE-11EKT20-AA113: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 3326 VALVE-11EKT20-AA113 S=5.Independent1Concern
PB-FG-035Fuel GasVALVE-11EKT20-AA106: Valve position confirmation pneumatic ON/OFFPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3318 VALVE-11EKT20-AA106 S=5.Independent1Valid
PB-FG-034Fuel GasVALVE-11EKT20-AA101: Valve position confirmation pneumatic ON/OFFPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3314 VALVE-11EKT20-AA101 S=5.Independent1Valid
PB-FG-031Fuel GasVALVE-11EKT10-AA111: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 3287 VALVE-11EKT10-AA111 S=5.Independent1Concern
MB-FG-001Fuel GasAAH-00EKC10-AI002: Gas detection alarm (20% LEL)Mitigation (trunk)Hardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2938 AAH-00EKC10-AI002 S=5.Independent1Valid
MB-FG-002Fuel GasFire and gas detection systemMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 72 for detection system design; F&G philosophy per ISA TR84.00.07. Not in HAZOP; requires site validation. Ref: NFPA 72, ISA TR84.00.07.Independent2Verify
MB-FG-003Fuel GasF&G interlock to ESDVMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 for safety instrumented function; F&G logic per ISA TR84.00.07. Not in HAZOP; requires site validation. Ref: IEC 61511, ISA TR84.00.07.Independent2Verify
MB-FG-004Fuel GasFirewater deluge / water spray systemMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 15 for water spray fixed systems; coverage per NFPA 850 S6.4 for CCGT. Not in HAZOP; requires site validation. Ref: NFPA 15, NFPA 850 S6.4.Independent2Verify
MB-FG-008Fuel GasSite emergency response planMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer CCPS RBPS Element 15 (Emergency Management); site ERP per local regulatory requirements. Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.15, local ERP regulation.Independent4Verify
MB-FG-006Fuel GasFireproofing on structural steel (UL 1709)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify
MB-FG-005Fuel GasBlast rated control room (API 752)Mitigation (branch)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
MB-FO-001Fuel OilGas detection system (from F&G)Mitigation (trunk)Hardware - ActiveEFFECTIVEFrom HAZOPVerified rows 998 MOVS-00EGC03-AA001 S=5.Independent1Valid
MB-FO-006Fuel OilSpill response kitMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer site environmental management plan; spill kit specification per containment assessment. Not in HAZOP; requires site validation. Ref: ISO 14001, local environmental regulation.Independent1Verify
MB-FO-007Fuel OilSite emergency response planMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer CCPS RBPS Element 15 (Emergency Management); site ERP per local regulatory requirements. Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.15, local ERP regulation.Independent4Verify
MB-FO-004Fuel OilBund containment around tank (API 650)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent1Verify
MB-FO-002Fuel OilFlame / fire detection (from F&G)Mitigation (branch)Hardware - ActiveEFFECTIVEFrom HAZOPVerified rows 998 MOVS-00EGC03-AA001 S=5.Independent1Valid
MB-FO-003Fuel OilFire detection in oil areaMitigation (branch)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 72 for fire detection system design. Not in HAZOP; requires site validation. Ref: NFPA 72.Independent1Verify
MB-FO-005Fuel OilFire suppression (CO2 / water spray)Mitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent1Verify
PB-FW-008FeedwaterOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 541 S=5.Independent8Valid
PB-FW-007FeedwaterTCV-11LAE05-AA101: Temperature control valve (Confirmed OPEN/CLOSE/DiscrepancyPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 532 TCV-11LAE05-AA101 S=5.Independent1Valid
PB-FW-006FeedwaterVALVE-11LAE05-AA004: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 508 VALVE-11LAE05-AA004 S=5.Independent1Valid
PB-FW-005FeedwaterMOV-11LAB02-AA004: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 500 MOV-11LAB02-AA004 S=5.Independent1Valid
PB-FW-004FeedwaterMOV-11LAB02-AA002: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 489 MOV-11LAB02-AA002 S=5.Independent1Valid
PB-FW-003FeedwaterVALVE-11LAB02-AA101: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 484 VALVE-11LAB02-AA101 S=5.Independent1Valid
PB-FW-009FeedwaterOnline SWAS feedwater quality analysisPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 543 S=5.Independent1Valid
PB-FW-002FeedwaterPDAH-11LAB02-CP181: Differential pressure alarm high (11LAB03-CP181 alert thePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 454 PDAH-11LAB02-CP181 S=5.Independent1Valid
PB-FW-001FeedwaterFAL-11LAB01-CF101A/B: Flow alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 433 FAL-11LAB01-CF101A/B S=5.Independent1Valid
MB-FW-003FeedwaterEmergency isolation valveMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent1Verify
MB-FW-004FeedwaterInsulation and lagging for personnel protectionMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
MB-FW-001FeedwaterLeak detection and area drainageMitigation (trunk)Hardware - PassivePARTIALLY_EFFECTIVEDomain knowledgePer site process safety management system; detection method per fluid and environment. Not in HAZOP; requires site validation. Ref: IEC 61511, site SMS.Independent1Verify
MB-FW-002FeedwaterAccess restriction to BFP areaMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent1Verify
PB-GH-003Generator H2PSL10MKG21-CP101: alert the operatorPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2387 PSL10MKG21-CP101 S=5. Also protects STG Seals (PB-SL-012).Dependent (alarm-driven)2Conditional
PB-GH-002Generator H2PSH10MKG21-CP102: alert the operatorPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2373 PSH10MKG21-CP102 S=5.Dependent (alarm-driven)1Conditional
PB-GH-001Generator H2PAL-00PGB07-CP101A/B: Pressure alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2362 PAL-00PGB07-CP101A/B S=5.Independent1Valid
PB-GH-005Generator H2PSV-10MKG42-AA191: release excess pressure above [TBC] BARG to safe locationPreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 2448 PSV-10MKG42-AA191 S=5.Independent1Valid
PB-GH-004Generator H2PSV-10MKG10-AA191: 10MKG01-AA191 release excess pressure above 210 BARG toPreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 2446 PSV-10MKG10-AA191 S=5.Independent1Valid
MB-GH-001Generator H2H2-specific catalytic detectorMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 60079-29-1 for hydrogen detection; catalytic/electrochemical sensor selection per EN 50073. Not in HAZOP; requires site validation. Ref: IEC 60079-29-1, EN 50073.Independent2Verify
MB-GH-002Generator H2Ventilation system with gas interlockMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 60079-10-1 for ventilation in hazardous areas; air change rate per ATEX assessment. Not in HAZOP; requires site validation. Ref: IEC 60079-10-1, ATEX directive.Independent2Verify
MB-GH-005Generator H2Hazardous area classification (IEC 60079)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify
MB-GH-003Generator H2Explosion relief panelsMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
MB-GH-004Generator H2Blast-rated generator building (API 752)Mitigation (branch)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
PB-HI-012HRSG IPNRV-11LBA20-AA201: Non-return valvePreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 1390 NRV-11LBA20-AA201 S=5. Also protects HP Steam (NRV-11LBA20-AA201).Independent1Valid
PB-HI-015HRSG IPOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1408 S=5.Independent8Valid
PB-HI-013HRSG IPAnnual preventive maintenance schedulePreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1396 S=5.Independent3Valid
PB-HI-014HRSG IPVALVE-11HAC30-AA101: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1399 VALVE-11HAC30-AA101 S=5.Independent1Concern
PB-HI-011HRSG IPLAH-11HAD20-CL121: Level alarm high (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1381 LAH-11HAD20-CL121 S=5. Also protects HRSG HP (LAH-11HAD20-CL121).Independent1Valid
PB-HI-010HRSG IPMOV-11LBB10-AA102: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1371 MOV-11LBB10-AA102 S=5.Independent1Valid
MB-HI-001HRSG IPSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-HI-003HRSG IPEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-HI-004HRSG IPEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-HI-002HRSG IPAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-HI-005HRSG IPInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-HL-013HRSG LPNRV-11LBA10-AA201: Non-return valvePreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 1548 NRV-11LBA10-AA201 S=5. Also protects HP Steam (NRV-11LBA10-AA201).Independent2Valid
PB-HL-017HRSG LPOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1573 S=5.Independent8Valid
PB-HL-015HRSG LPAnnual preventive maintenance schedulePreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1558 S=5.Independent3Valid
PB-HL-016HRSG LPVALVE-11LAB61-AA102: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1564 VALVE-11LAB61-AA102 S=5. Also protects Feedwater (VALVE-11LAB61-AA102).Independent1Concern
PB-HL-014HRSG LPVALVE-11LAB63-AA101: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1554 VALVE-11LAB63-AA101 S=5. Also protects Feedwater (VALVE-11LAB63-AA101).Independent2Concern
PB-HL-011HRSG LPPAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1543 PAH-11HAD30-CP121 S=5. Also protects HRSG HP (PAH-11HAD30-CP121).Independent1Valid
PB-HL-009HRSG LPPSV-11LBA30-AA191: PSV set (PSV-11HAD30-AA191 and 11HAD30-AA192PreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 1526 PSV-11LBA30-AA191 S=5. Also protects HP Steam (PSV-11LBA30-AA191).Independent1Valid
PB-HL-012HRSG LPPAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1543 PAH-11HAD30-CP121 S=5. Also protects HRSG HP (PAH-11HAD30-CP121).Independent1Valid
MB-HL-001HRSG LPSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-HL-003HRSG LPEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-HL-004HRSG LPEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-HL-002HRSG LPAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-HL-005HRSG LPInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-HP-010HP SteamOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 72 S=4.Independent8Valid
PB-HP-009HP SteamHigh alarm with instrument interlock (auto-trip)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 69 S=4.Independent1Valid
PB-HP-006HP SteamFOR10LBA01-AA409: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 56 FOR10LBA01-AA409 S=4.Independent1Valid
PB-HP-005HP SteamVALVE-11LBA02-AA101: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 43 VALVE-11LBA02-AA101 S=4.Independent1Valid
PB-HP-004HP SteamFOR11LBA02-AA001: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 35 FOR11LBA02-AA001 S=4.Independent1Valid
PB-HP-003HP SteamPAH-10LBA03-CP121A/B: Pressure alarm high (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 23 PAH-10LBA03-CP121A/B S=4.Independent1Valid
PB-HP-007HP SteamNRV is provided in discharge HP steam line of each HRSG to prevent reverse flow.PreventionHardware - PassivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 61 S=4.Independent1Concern
PB-HP-008HP SteamNRV is provided in discharge HP steam line of each HRSG to prevent reverse flow.PreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 61 S=4.Independent1Valid
PB-HP-002HP SteamMOV: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 7 S=4.Independent2Valid
MB-HP-001HP SteamSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-HP-003HP SteamEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-HP-004HP SteamEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-HP-002HP SteamAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-HP-005HP SteamInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-HR-015HRSG HPNRV-11LBA10-AA201: Non-return valvePreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 1235 NRV-11LBA10-AA201 S=4. Also protects HP Steam (NRV-11LBA10-AA201).Independent2Valid
PB-HR-018HRSG HPOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1262 S=4.Independent8Valid
PB-HR-017HRSG HPAnnual preventive maintenance schedulePreventionProceduralEFFECTIVEFrom HAZOPVerified rows 1247 S=4.Independent3Valid
PB-HR-014HRSG HPLAH-11HAD10-CL121: Level alarm high (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1226 LAH-11HAD10-CL121 S=4.Independent1Valid
PB-HR-012HRSG HPPAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1223 PAH-11HAD10-CP121A/B S=4.Independent1Valid
PB-HR-011HRSG HPMOV-11LBA10-AA102: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1210 MOV-11LBA10-AA102 S=4. Also protects HP Steam (MOV-11LBA10-AA102).Independent1Valid
PB-HR-016HRSG HPVALVE-11LAB63-AA101: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1239 VALVE-11LAB63-AA101 S=4. Also protects Feedwater (VALVE-11LAB63-AA101).Independent2Concern
PB-HR-013HRSG HPPAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1223 PAH-11HAD10-CP121A/B S=4.Independent1Valid
PB-HR-009HRSG HPVALVE-11LAE10-AA102: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1199 VALVE-11LAE10-AA102 S=4. Also protects Feedwater (VALVE-11LAE10-AA102).Independent1Concern
PB-HR-008HRSG HPPDAH-11LAE40-CF181: Differential pressure alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1189 PDAH-11LAE40-CF181 S=4. Also protects Feedwater (PDAH-11LAE40-CF181).Dependent (alarm-driven)1Conditional
PB-HR-007HRSG HPVALVE-11LAE10-AA104: Pneumatic control valve positionerPreventionHardware - ActivePARTIALLY_EFFECTIVEFrom HAZOPVerified rows 1181 VALVE-11LAE10-AA104 S=4. Also protects Feedwater (VALVE-11LAE10-AA104).Independent1Concern
PB-HR-005HRSG HPPDAH-11LAE10-CP181: Differential pressure alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1169 PDAH-11LAE10-CP181 S=4. Also protects Feedwater (PDAH-11LAE10-CP181).Dependent (alarm-driven)1Conditional
MB-HR-001HRSG HPSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-HR-003HRSG HPEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-HR-004HRSG HPEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-HR-002HRSG HPAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-HR-005HRSG HPInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-LP-006LP SteamNRV is provided in discharge LP steam line of each HRSG to prevent reverse flow.PreventionHardware - PassiveEFFECTIVEFrom HAZOPVerified rows 231 S=4.Independent1Valid
PB-LP-008LP SteamOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 246 S=4.Independent8Valid
PB-LP-007LP SteamLABLE11LBA30-CT121: Temperature elements are avai A/B (1oo2)to generate highPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 243 LABLE11LBA30-CT121 S=4. Also protects HP Steam (LABLE11LBA30-CT121).Independent1Valid
PB-LP-005LP SteamFOR10LBD02-AA405: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 227 FOR10LBD02-AA405 S=4.Independent1Valid
PB-LP-004LP SteamMOV-11LBD01-AA402: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 223 MOV-11LBD01-AA402 S=4.Independent1Valid
PB-LP-001LP SteamMOV-11LBD01-AA001: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 190 MOV-11LBD01-AA001 S=4.Independent1Valid
PB-LP-003LP SteamPCV-11LBD02-AA101: Pressure control valve (Confirmed OPEN/CLOSE/DiscrepancyPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 215 PCV-11LBD02-AA101 S=4.Independent1Valid
PB-LP-002LP SteamPAH-10LBD02-CP101A/B: Pressure alarm high (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 206 PAH-10LBD02-CP101A/B S=4.Independent1Valid
MB-LP-001LP SteamSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-LP-003LP SteamEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-LP-004LP SteamEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-LP-002LP SteamAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-LP-005LP SteamInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-NH-001Ammonia/SCROperator continuous attendance (manual control)PreventionHuman - ActiveEFFECTIVEFrom HAZOPVerified rows 1745 S=4.Independent2Valid
PB-NH-004Ammonia/SCRVALVE-10GHD41-AA102: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1841 VALVE-10GHD41-AA102 S=4.Independent1Valid
PB-NH-003Ammonia/SCRVALVE-10GHD41-AA104: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1833 VALVE-10GHD41-AA104 S=4.Independent1Valid
PB-NH-002Ammonia/SCRVALVE-10GHD41-AA103: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 1830 VALVE-10GHD41-AA103 S=4.Independent1Valid
MB-NH-001Ammonia/SCRToxic gas detection (NH3)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 60079-29-1 for flammable gas detection; placement per ISA TR84.00.07. Not in HAZOP; requires site validation. Ref: IEC 60079-29-1, ISA TR84.00.07.Independent1Verify
MB-NH-003Ammonia/SCRSCBA availability at unloading bayMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer OSHA 29 CFR 1910.134 respiratory protection; SCBA stations per emergency escape analysis. Not in HAZOP; requires site validation. Ref: OSHA 1910.134, local OHS regulation.Independent1Verify
MB-NH-004Ammonia/SCREmergency shower and eyewashMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent1Verify
MB-NH-006Ammonia/SCRSite emergency response planMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer CCPS RBPS Element 15 (Emergency Management); site ERP per local regulatory requirements. Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.15, local ERP regulation.Independent4Verify
MB-NH-005Ammonia/SCRExclusion zone during transfersMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone radius per consequence modelling or prescriptive rule. Not in HAZOP; requires site validation. Ref: Site SMS, local OHS regulation.Independent1Verify
MB-NH-002Ammonia/SCRWater curtain / spray systemMitigation (branch)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Vapor Cloud Mitigation; water curtain design for NH3 knockdown. Not in HAZOP; requires site validation. Ref: CCPS vapor cloud mitigation guidelines.Independent1Verify
PB-SS-004STG SteamOperator continuous attendance (manual control)PreventionHuman - ActiveEFFECTIVEFrom HAZOPVerified rows 1917 S=4.Independent2Valid
PB-SS-023STG SteamPCV: Pressure control valve (LCE81-AA001 is available in upstream to regulatePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2110 S=4.Independent1Valid
PB-SS-022STG SteamPCV-10LCE81-AA001: Pressure control valve (Field positioner / DiscrepancyPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2100 PCV-10LCE81-AA001 S=4. Also protects LP Steam (PCV-10LCE81-AA001).Independent1Valid
PB-SS-021STG SteamPDAH-10LCE81-CP122: Differential pressure alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2094 PDAH-10LCE81-CP122 S=4. Also protects LP Steam (PDAH-10LCE81-CP122).Dependent (alarm-driven)1Conditional
PB-SS-020STG SteamTAH-10MAC81-CT053A/B: Temperature alarm high (C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2089 TAH-10MAC81-CT053A/B S=4. Also protects ACC (TAH-10MAC81-CT053A/B).Independent1Valid
PB-SS-019STG SteamFCV: Flow control valve (Field positioner / Discrepancy position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2073 S=4.Independent1Valid
PB-SS-028STG SteamMV10MAL95-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2220 MV10MAL95-AA401 S=4.Independent1Valid
PB-SS-027STG SteamMV10MAL87-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2215 MV10MAL87-AA401 S=4.Independent1Valid
PB-SS-026STG SteamMV10MAL82-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2210 MV10MAL82-AA401 S=4.Independent1Valid
PB-SS-025STG SteamMV10MAL83-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2205 MV10MAL83-AA401 S=4.Independent1Valid
PB-SS-024STG SteamMV10MAL81-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2200 MV10MAL81-AA401 S=4.Independent1Valid
PB-SS-018STG SteamMV10MAL86-AA401: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2049 MV10MAL86-AA401 S=4.Independent1Valid
MB-SS-001STG SteamSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-SS-003STG SteamEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-SS-004STG SteamEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-SS-002STG SteamAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
MB-SS-005STG SteamInsulation and lagging for personnel protectionMitigation (branch)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
PB-CR-003CRH SteamVALVE-10LBC01-AA402: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 91 VALVE-10LBC01-AA402 S=4.Independent1Valid
PB-CR-002CRH SteamMOV-12LBC01-AA410: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 87 MOV-12LBC01-AA410 S=4.Independent1Valid
PB-CR-001CRH SteamMOV-11LBC01-AA001: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 80 MOV-11LBC01-AA001 S=4.Independent1Valid
PB-AC-018-X-CDCRH SteamFAL-10LCA04-CF101A/B: Flow alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 3623 FAL-10LCA04-CF101A/B S=4. Also protects ACC (PB-AC-018).Independent2Valid
MB-CR-003CRH SteamInsulation and lagging for personnel protectionMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
MB-CR-001CRH SteamDrain routing to safe locationMitigation (trunk)Hardware - PassivePARTIALLY_EFFECTIVEDomain knowledgePer API 521 for pressure-relieving and depressuring systems; drain disposal to a safe location per the design basis. Not in HAZOP; requires site validation. Ref: API 521.Independent1Verify
MB-CR-002CRH SteamAccess restrictionMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent1Verify
PB-HH-006HRH SteamPositive isolation (energy isolation for maintenance)PreventionOrganizationalEFFECTIVEFrom HAZOPVerified rows 162 S=4.Independent1Valid
PB-HH-008HRH SteamOnline sampling of water / steamPreventionProceduralEFFECTIVEFrom HAZOPVerified rows 182 S=4.Independent8Valid
PB-HH-007HRH SteamLABLE11LBB10-CT123: Temperature elements are avai A/B/C to generate highPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 179 LABLE11LBB10-CT123 S=4.Independent1Valid
PB-HH-003HRH SteamPAH-10LBB01-CP121A/B: Pressure alarm high (1oo2)and PAL-10LBB01-CP122 isPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 134 PAH-10LBB01-CP121A/B S=4.Independent1Valid
PB-HH-001HRH SteamFAL-11LBB10-CF121A/B: Flow alarm low (1oo2)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 113 FAL-11LBB10-CF121A/B S=4.Independent1Valid
PB-HH-005HRH SteamFOR10LBB01-AA412: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 157 FOR10LBB01-AA412 S=4.Independent1Valid
PB-HH-004HRH SteamVALVE-11LBB01-AA101: Valve position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 144 VALVE-11LBB01-AA101 S=4.Independent1Valid
PB-HH-002HRH SteamMOV: Motor operated isolation valvePreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 118 S=4.Independent2Valid
MB-HH-001HRH SteamSteam leak detection and alarmMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 61511 SIF design for steam leak scenarios; detector placement per OEM recommendation. Not in HAZOP; requires site validation. Ref: IEC 61511, OEM O&M manual.Independent10Verify
MB-HH-003HRH SteamEmergency isolation (remote operated)Mitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer API 6D valve specification and IEC 61511 SIS design for remote-operated ESD. Not in HAZOP; requires site validation. Ref: API 6D, IEC 61511.Independent10Verify
MB-HH-005HRH SteamInsulation and lagging for personnel protectionMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent12Verify
MB-HH-004HRH SteamEmergency operating proceduresMitigation (trunk)ProceduralPARTIALLY_EFFECTIVEDomain knowledgePer CCPS Guidelines for Risk Based Process Safety, Element 10 (Operating Procedures). Not in HAZOP; requires site validation. Ref: CCPS RBPS Ch.10, ISO 45001 S8.1.Independent10Verify
MB-HH-002HRH SteamAccess restriction and exclusion zonesMitigation (trunk)OrganizationalPARTIALLY_EFFECTIVEDomain knowledgePer site safety management system; exclusion zone policy for MAH areas. Not in HAZOP; requires site validation. Ref: ISO 45001 S8.1, site SMS.Independent10Verify
PB-SL-014STG SealsLAH-10MKW01-CL101: Level alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2521 LAH-10MKW01-CL101 S=5.Dependent (alarm-driven)1Conditional
PB-SL-013STG SealsECTOR10MKW21-BZ001: SODE will overflow to liquid det and alert the operatorPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2518 ECTOR10MKW21-BZ001 S=5.Dependent (alarm-driven)1Conditional
PB-SL-012STG SealsPSL10MKG21-CP101: alert the operatorPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2513 PSL10MKG21-CP101 S=5. Also protects Generator H2 (PSL10MKG21-CP101).Dependent (alarm-driven)2Conditional
PB-SL-011STG SealsPump discharge line is designed for pump shut-off head.PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2503 S=5.Independent1Valid
PB-SL-010STG SealsFAL-10MKW06-CF001: Flow alarm low (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2488 FAL-10MKW06-CF001 S=5.Dependent (alarm-driven)1Conditional
PB-SL-009STG SealsPDAH-10MKW10-CP001: Differential pressure alarm high (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2485 PDAH-10MKW10-CP001 S=5.Independent1Valid
PB-SL-004STG SealsAuto start of standby Gland condenser blower on tripping of duty blower.PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2149 S=5.Independent1Valid
PB-SL-002STG SealsPCV: Pressure control valve (Field positioner / Discrepancy position feedbackPreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2126 S=5.Independent1Valid
MB-SL-001STG SealsH2-specific catalytic detectorMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 60079-29-1 for hydrogen detection; catalytic/electrochemical sensor selection per EN 50073. Not in HAZOP; requires site validation. Ref: IEC 60079-29-1, EN 50073.Independent2Verify
MB-SL-002STG SealsVentilation system with gas interlockMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer IEC 60079-10-1 for ventilation in hazardous areas; air change rate per ATEX assessment. Not in HAZOP; requires site validation. Ref: IEC 60079-10-1, ATEX directive.Independent2Verify
MB-SL-003STG SealsExplosion relief panelsMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
MB-SL-004STG SealsBlast-rated generator building (API 752)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent2Verify
MB-SL-005STG SealsHazardous area classification (IEC 60079)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify
PB-LO-005STG Lube OilTurn around PM schedule is availablePreventionProceduralEFFECTIVEFrom HAZOPVerified rows 2359 S=4.Independent1Valid
PB-LO-004STG Lube OilTAH-10MAV95-CT122: Temperature alarm high (A/B (1oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2340 TAH-10MAV95-CT122 S=4.Independent1Valid
PB-LO-003STG Lube OilPAH-10MAV95-CP125: Pressure alarm high (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2328 PAH-10MAV95-CP125 S=4.Independent1Valid
PB-LO-002STG Lube OilPDAH-10MAV93-CP181: Differential pressure alarm high (alert the operator)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2308 PDAH-10MAV93-CP181 S=4.Dependent (alarm-driven)1Conditional
PB-LO-001STG Lube OilPAL-10MAV95-CP125: Pressure alarm low (A/B/C (2oo)PreventionHardware - ActiveEFFECTIVEFrom HAZOPVerified rows 2302 PAL-10MAV95-CP125 S=4.Independent1Valid
MB-LO-001STG Lube OilOil mist detectionMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer OEM recommendation for turbine enclosure; oil mist concentration alarm per machine protection. Not in HAZOP; requires site validation. Ref: OEM O&M manual, API 670.Independent1Verify
MB-LO-002STG Lube OilCO2 / clean agent fire suppressionMitigation (trunk)Hardware - ActiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent1Verify
MB-LO-004STG Lube OilFlame detection near hot surfacesMitigation (trunk)Hardware - ActivePARTIALLY_EFFECTIVEDomain knowledgePer NFPA 72 for flame detector selection; UV/IR technology per EN 54-10. Not in HAZOP; requires site validation. Ref: NFPA 72, EN 54-10.Independent1Verify
MB-LO-003STG Lube OilDrip trays and bund containmentMitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent1Verify
MB-LO-005STG Lube OilFireproofing on structural steel (UL 1709)Mitigation (trunk)Hardware - PassiveEFFECTIVEEngineering standardDesign basis per industry standard referenced in title. Not a HAZOP safeguard.Independent3Verify

7. SCE/SCA Register

Safety Critical Elements (SCE, hardware) and Safety Critical Activities (SCA, human / procedural). Performance standards follow the Energy Institute FARSI model (Functionality, Availability, Reliability, Survivability, plus Test Interval). Cross-references WORLD_CLASS.xlsx SCE Register.

SCE IDTypeSystemBarrier SideMAHCat.Performance Standard Test IntervalOwner
SCE-001SCEACCACC is designed for worst case scenario including opening of LP/IP bypass.PreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-002SCEACCFAL-10LCA04-CF101A/B: Flow alarm low (1oo2)PreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-003SCEACCMOV-10MAJ45-AA075: Motor operated isolation valvePreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-004SCEACCMOV-10LBG45-AA080: Motor operated isolation valvePreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-005SCEACCPAL-10LBG45-CP001: Pressure alarm low (alert the operator)PreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-006SCEACCTAH-10MAJ42-CT122: Temperature alarm high (alert the operator)PreventionMAH-CCGT-AC-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-007SCEHRSG BypassUPS power backup is available for 24 hours for control system.PreventionMAH-CCGT-BY-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-008SCEHRSG BypassPDAL XYMBR10-CP151/152PreventionMAH-CCGT-BY-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-009SCEHRSG BypassOperator-controlled flue gas supervisionPreventionMAH-CCGT-BY-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-010SCEHRSG BypassInsulation and lagging for personnel protectionMitigationMAH-CCGT-BY-001AReduce consequence severity12 monthsI&C Eng
SCE-011SCEHRSG Duct BurnerPRV-11HHG01-AA003: Pressure relief valvePreventionMAH-CCGT-DB-001EAuto-actuate per design intent12 monthsMI Eng
SCE-012SCEHRSG Duct BurnerNRVPreventionMAH-CCGT-DB-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-013SCEHRSG Duct BurnerFCV-11HHG01-AA101: Flow control valve (control loop regulate downstream flow)PreventionMAH-CCGT-DB-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-014SCEHRSG Duct BurnerInstrument interlock: instrument interlock and START standby cooling air fan.PreventionMAH-CCGT-DB-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-015SCEHRSG Duct BurnerInstrument interlock: instrument interlock and START standby cooling air fan.PreventionMAH-CCGT-DB-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-016SCEHRSG Duct BurnerFirewater deluge / water spray systemMitigationMAH-CCGT-DB-001EReduce consequence severity12 monthsHSSE
SCE-017SCEHRSG Duct BurnerFireproofing on structural steel (UL 1709)MitigationMAH-CCGT-DB-001EReduce consequence severity12 monthsProject Eng
SCE-018SCEHRSG Duct BurnerBlast rated control room (API 752)MitigationMAH-CCGT-DB-001EReduce consequence severity12 monthsProject Eng
SCA-001SCAFuel GasStack monitoringPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsOperations
SCE-019SCEFuel GasPAL-00QFB01-CP101A/B: Pressure alarm low (1oo2)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-020SCEFuel GasLSL-00EKC10-CL202: Level switch low (alert the operator)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-021SCEFuel GasBT00EKC10-BT001: alert the operatorPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-022SCEFuel GasPAL-00EKC50-CP101: Pressure alarm low (00EKC60-CP101 / 00EKC70-CP101 alert thePreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-023SCEFuel GasLSH-11EKC30-CL202: Level switch high (A/B (1oo)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-024SCEFuel GasCondensate transfer pump trip/run monitoringPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-025SCEFuel GasTAH-11EKC30-CT001: Temperature alarm high (A/B (1oo)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-026SCEFuel GasTAL-11EKC30-CT001: Temperature alarm low (A/B (1oo)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-027SCEFuel GasTAL-11EKC10-CT002: Temperature alarm low (A/B (1oo)PreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-028SCEFuel GasVALVE-00EKC10-AA402: Valve position confirmation ON/OFFPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-029SCEFuel GasVALVE-11EKT20-AA109: Valve position confirmation pneumatic ON/OFFPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-030SCEFuel GasVALVE-11EKT20-AA113: Pneumatic control valve positionerPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-031SCEFuel GasVALVE-11EKT20-AA106: Valve position confirmation pneumatic ON/OFFPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-032SCEFuel GasVALVE-11EKT20-AA101: Valve position confirmation pneumatic ON/OFFPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-033SCEFuel GasVALVE-11EKT10-AA111: Pneumatic control valve positionerPreventionMAH-CCGT-FG-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-034SCEFuel GasBlast rated control room (API 752)MitigationMAH-CCGT-FG-001EReduce consequence severity12 monthsProject Eng
SCE-035SCEFuel OilFlame / fire detection (from F&G)MitigationMAH-CCGT-FO-001EReduce consequence severity12 monthsHSSE
SCE-036SCEFuel OilFire detection in oil areaMitigationMAH-CCGT-FO-001EReduce consequence severity12 monthsHSSE
SCE-037SCEFuel OilFire suppression (CO2 / water spray)MitigationMAH-CCGT-FO-001EReduce consequence severity12 monthsI&C Eng
SCE-038SCEGenerator H2PSL10MKG21-CP101: alert the operatorPreventionMAH-CCGT-GH-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-039SCEGenerator H2PSH10MKG21-CP102: alert the operatorPreventionMAH-CCGT-GH-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-040SCEGenerator H2PAL-00PGB07-CP101A/B: Pressure alarm low (1oo2)PreventionMAH-CCGT-GH-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-041SCEGenerator H2PSV-10MKG42-AA191: release excess pressure above [TBC] BARG to safe locationPreventionMAH-CCGT-GH-001EAuto-actuate per design intent12 monthsMI Eng
SCE-042SCEGenerator H2PSV-10MKG10-AA191: 10MKG01-AA191 release excess pressure above 210 BARG toPreventionMAH-CCGT-GH-001EAuto-actuate per design intent12 monthsMI Eng
SCE-043SCEGenerator H2Explosion relief panelsMitigationMAH-CCGT-GH-001EReduce consequence severity12 monthsI&C Eng
SCE-044SCEGenerator H2Blast-rated generator building (API 752)MitigationMAH-CCGT-GH-001EReduce consequence severity12 monthsProject Eng
SCE-045SCEHRSG IPNRV-11LBA20-AA201: Non-return valvePreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsMI Eng
SCA-002SCAHRSG IPOnline sampling of water / steamPreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsOperations
SCA-003SCAHRSG IPAnnual preventive maintenance schedulePreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsOperations
SCE-046SCEHRSG IPVALVE-11HAC30-AA101: Pneumatic control valve positionerPreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-047SCEHRSG IPLAH-11HAD20-CL121: Level alarm high (A/B/C (2oo)PreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-048SCEHRSG IPMOV-11LBB10-AA102: Motor operated isolation valvePreventionMAH-CCGT-HI-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-049SCEHRSG IPInsulation and lagging for personnel protectionMitigationMAH-CCGT-HI-001DReduce consequence severity12 monthsI&C Eng
SCE-050SCEHRSG LPNRV-11LBA10-AA201: Non-return valvePreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsMI Eng
SCA-004SCAHRSG LPOnline sampling of water / steamPreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsOperations
SCA-005SCAHRSG LPAnnual preventive maintenance schedulePreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsOperations
SCE-051SCEHRSG LPVALVE-11LAB61-AA102: Pneumatic control valve positionerPreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-052SCEHRSG LPVALVE-11LAB63-AA101: Pneumatic control valve positionerPreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-053SCEHRSG LPPAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo)PreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsI&C Eng
SCE-054SCEHRSG LPPSV-11LBA30-AA191: PSV set (PSV-11HAD30-AA191 and 11HAD30-AA192PreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsMI Eng
SCE-055SCEHRSG LPPAH-11HAD30-CP121: Pressure alarm high (A/B/C (2oo)PreventionMAH-CCGT-HL-001EAuto-actuate per design intent12 monthsI&C Eng
SCA-006SCAHP SteamOnline sampling of water / steamPreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsOperations
SCE-056SCEHP SteamHigh alarm with instrument interlock (auto-trip)PreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-057SCEHP SteamFOR10LBA01-AA409: Valve position feedbackPreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-058SCEHP SteamVALVE-11LBA02-AA101: Valve position feedbackPreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-059SCEHP SteamFOR11LBA02-AA001: Valve position feedbackPreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-060SCEHP SteamPAH-10LBA03-CP121A/B: Pressure alarm high (1oo2)PreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-061SCEHP SteamNRV is provided in discharge HP steam line of each HRSG to prevent reverse flow.PreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsMI Eng
SCE-062SCEHP SteamNRV is provided in discharge HP steam line of each HRSG to prevent reverse flow.PreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsMI Eng
SCE-063SCEHP SteamMOV: Motor operated isolation valvePreventionMAH-CCGT-HP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-064SCEHP SteamInsulation and lagging for personnel protectionMitigationMAH-CCGT-HP-001AReduce consequence severity12 monthsI&C Eng
SCE-065SCEHRSG HPNRV-11LBA10-AA201: Non-return valvePreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsMI Eng
SCA-007SCAHRSG HPOnline sampling of water / steamPreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsOperations
SCA-008SCAHRSG HPAnnual preventive maintenance schedulePreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsOperations
SCE-066SCEHRSG HPLAH-11HAD10-CL121: Level alarm high (A/B/C (2oo)PreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-067SCEHRSG HPPAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo)PreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-068SCEHRSG HPMOV-11LBA10-AA102: Motor operated isolation valvePreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-069SCEHRSG HPVALVE-11LAB63-AA101: Pneumatic control valve positionerPreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-070SCEHRSG HPPAH-11HAD10-CP121A/B: Pressure alarm high (C (2oo)PreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-071SCEHRSG HPVALVE-11LAE10-AA102: Pneumatic control valve positionerPreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-072SCEHRSG HPPDAH-11LAE40-CF181: Differential pressure alarm high (alert the operator)PreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-073SCEHRSG HPVALVE-11LAE10-AA104: Pneumatic control valve positionerPreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-074SCEHRSG HPPDAH-11LAE10-CP181: Differential pressure alarm high (alert the operator)PreventionMAH-CCGT-HR-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-075SCEHRSG HPInsulation and lagging for personnel protectionMitigationMAH-CCGT-HR-001DReduce consequence severity12 monthsI&C Eng
SCE-076SCELP SteamNRV is provided in discharge LP steam line of each HRSG to prevent reverse flow.PreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsMI Eng
SCA-009SCALP SteamOnline sampling of water / steamPreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsOperations
SCE-077SCELP SteamLABLE11LBA30-CT121: Temperature elements are avai A/B (1oo2)to generate highPreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-078SCELP SteamFOR10LBD02-AA405: Valve position feedbackPreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-079SCELP SteamMOV-11LBD01-AA402: Motor operated isolation valvePreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-080SCELP SteamMOV-11LBD01-AA001: Motor operated isolation valvePreventionMAH-CCGT-LP-001DAuto-actuate per design intent12 monthsI&C Eng
SCA-010SCAAmmonia/SCROperator continuous attendance (manual control)PreventionMAH-CCGT-NH-001AAuto-actuate per design intent12 monthsOperations
SCE-081SCEAmmonia/SCRVALVE-10GHD41-AA102: Valve position feedbackPreventionMAH-CCGT-NH-001AAuto-actuate per design intent12 monthsI&C Eng
SCE-082SCEAmmonia/SCRVALVE-10GHD41-AA104: Valve position feedbackPreventionMAH-CCGT-NH-001AAuto-actuate per design intent12 monthsI&C Eng
SCE-083SCEAmmonia/SCRVALVE-10GHD41-AA103: Valve position feedbackPreventionMAH-CCGT-NH-001AAuto-actuate per design intent12 monthsI&C Eng
SCE-084SCEAmmonia/SCRWater curtain / spray systemMitigationMAH-CCGT-NH-001AReduce consequence severity12 monthsHSSE
SCA-011SCASTG SteamOperator continuous attendance (manual control)PreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsOperations
SCE-085SCESTG SteamPCV: Pressure control valve (LCE81-AA001 is available in upstream to regulatePreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-086SCESTG SteamPCV-10LCE81-AA001: Pressure control valve (Field positioner / DiscrepancyPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-087SCESTG SteamPDAH-10LCE81-CP122: Differential pressure alarm high (alert the operator)PreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-088SCESTG SteamTAH-10MAC81-CT053A/B: Temperature alarm high (C (2oo)PreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-089SCESTG SteamFCV: Flow control valve (Field positioner / Discrepancy position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-090SCESTG SteamMV10MAL95-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-091SCESTG SteamMV10MAL87-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-092SCESTG SteamMV10MAL82-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-093SCESTG SteamMV10MAL83-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-094SCESTG SteamMV10MAL81-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-095SCESTG SteamMV10MAL86-AA401: Valve position feedbackPreventionMAH-CCGT-SS-001DAuto-actuate per design intent12 monthsI&C Eng
SCE-096SCESTG SteamInsulation and lagging for personnel protectionMitigationMAH-CCGT-SS-001AReduce consequence severity12 monthsI&C Eng
SCE-097SCECRH SteamVALVE-10LBC01-AA402: Valve position feedbackPreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-098SCECRH SteamMOV-12LBC01-AA410: Motor operated isolation valvePreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-099SCECRH SteamMOV-11LBC01-AA001: Motor operated isolation valvePreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-100SCECRH SteamFAL-10LCA04-CF101A/B: Flow alarm low (1oo2)PreventionDAuto-actuate per design intent12 monthsI&C Eng
SCA-012SCAHRH SteamPositive isolation (energy isolation for maintenance)PreventionDAuto-actuate per design intent12 monthsHSSE
SCA-013SCAHRH SteamOnline sampling of water / steamPreventionDAuto-actuate per design intent12 monthsOperations
SCE-101SCEHRH SteamLABLE11LBB10-CT123: Temperature elements are avai A/B/C to generate highPreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-102SCEHRH SteamPAH-10LBB01-CP121A/B: Pressure alarm high (1oo2)and PAL-10LBB01-CP122 isPreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-103SCEHRH SteamFAL-11LBB10-CF121A/B: Flow alarm low (1oo2)PreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-104SCEHRH SteamFOR10LBB01-AA412: Valve position feedbackPreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-105SCEHRH SteamVALVE-11LBB01-AA101: Valve position feedbackPreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-106SCEHRH SteamMOV: Motor operated isolation valvePreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-107SCESTG SealsLAH-10MKW01-CL101: Level alarm high (alert the operator)PreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-108SCESTG SealsECTOR10MKW21-BZ001: SODE will overflow to liquid det and alert the operatorPreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-109SCESTG SealsPSL10MKG21-CP101: alert the operatorPreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-110SCESTG SealsPump discharge line is designed for pump shut-off head.PreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-111SCESTG SealsFAL-10MKW06-CF001: Flow alarm low (alert the operator)PreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-112SCESTG SealsPDAH-10MKW10-CP001: Differential pressure alarm high (A/B (1oo)PreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-113SCESTG SealsAuto start of standby Gland condenser blower on tripping of duty blower.PreventionEAuto-actuate per design intent12 monthsI&C Eng
SCE-114SCESTG SealsPCV: Pressure control valve (Field positioner / Discrepancy position feedbackPreventionEAuto-actuate per design intent12 monthsI&C Eng
SCA-014SCASTG Lube OilTurn around PM schedule is availablePreventionDAuto-actuate per design intent12 monthsOperations
SCE-115SCESTG Lube OilTAH-10MAV95-CT122: Temperature alarm high (A/B (1oo)PreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-116SCESTG Lube OilPAH-10MAV95-CP125: Pressure alarm high (A/B/C (2oo)PreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-117SCESTG Lube OilPDAH-10MAV93-CP181: Differential pressure alarm high (alert the operator)PreventionDAuto-actuate per design intent12 monthsI&C Eng
SCE-118SCESTG Lube OilPAL-10MAV95-CP125: Pressure alarm low (A/B/C (2oo)PreventionDAuto-actuate per design intent12 monthsI&C Eng

8. Risk Assessment and ALARP Demonstration

This section follows the four-step qualitative ALARP demonstration structure from HSE UK SPC / Permissioning / 37 -- codes-and-standards compliance, good-practice comparison, risk-reduction measures register, and an explicit ALARP conclusion statement.

8.1 Codes and Standards Compliance

StandardRequirementAddressed by Status
IEC 61511 (Safety Instrumented Systems)SIL-rated SIS for identified safety functionsPressure / temperature alarms, ESD trips, interlocksPartially -- SIL ratings to be confirmed at site
API 521 / EN ISO 4126 (Pressure Relief)PSV / PRV on every pressurised systemPSVs identified on HRSG, Generator H2, Duct BurnerPartially -- PSV sizing not verified
IEC 60079 / BS EN 60079 (Hazardous Areas)Hazardous area classification for flammable / H2Gas detection on Fuel Gas; H2 detection on GeneratorPartially -- area classification not reviewed
NFPA 850 / API 2001 (Fire Protection)Fire detection and suppression for flammable hazardsFire detection on Fuel Oil; deluge on Fuel Gas / Duct BurnerPartially -- coverage and adequacy not confirmed
API 752 (Blast Resistant Structures)Blast-rated control room for VCE scenariosBlast-rated CR identified for Fuel Gas, Duct BurnerAdequate from desk review -- design basis to confirm

8.2 Good Practice Comparison

ElementGood PracticeCurrent Gap
Prevention barriers per threat2-4 independent barriers per threat (CCPS / EI)2.9 avg; 32% with zeroSignificant
Barrier type diversity>=2 categories per critical pathway (Tech + Operational)5 categories overall; 73% Hardware-ActiveSignificant
Mitigation specificity>=50% consequence-specific mitigation (CCPS / EI event-tree)19% branch / 81% trunkModerate
Human / procedural layers20-40% of barriers are H / P / O17%Minor

8.3 Risk Reduction Measures

Generated from the CRITICAL and MAJOR gap findings. All measures are standard industry practice (workshop, verification, walkdown) so feasibility is High and cost is Low to Medium.

Gap IDSystemMeasure FeasibilityCostRisk reduction Reasonably practicable?
GAP-ANS-001ACCNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
F-SCOPE-001Cross-cutting (all systems)Extend HAZOP scope to cover the missing mandatory systems: Fuel Gas Receiving Station, Gas Turbine Lubrication System, GT Enclosure Ventilation and Fire Suppression, HRSG Drums (HP/IP/LP) and Downcomer System, Superheater and Reheater, EconHighLow-MediumSignificantYes -- recommended
GAP-A-001Auxiliary SteamNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HNB-001HRSG BypassNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-CSS-001CRH SteamNo mitigative barriers identified in HAZOP. All 3 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HND-001HRSG Duct BurnerNo mitigative barriers identified in HAZOP. All 7 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HND-002HRSG Duct BurnerSingle barrier on domain_knowledge pathway (THR-DB-002). Single point of failure on S=5 catastrophic consequence.HighLow-MediumSignificantYes -- recommended
GAP-FNF-001Fuel GasSingle barrier on from_hazop pathway (THR-FG-002). Single point of failure on S=5 catastrophic consequence.HighLow-MediumSignificantYes -- recommended
GAP-FOS-001Fuel OilFlange and connection leaks on lube oil pipework are caused by vibration-induced bolt relaxation, gasket degradation, and thermal cycling. Standard prevention includes: joint integrity management programme (ASME PCC-1), controlled bolt torqHighLow-MediumSignificantYes -- recommended
GAP-FOS-002Fuel OilTank overflow during fuel oil delivery is prevented by independent high-level alarms (LAH), high-high level trips (LAHH) with automatic shutoff of the transfer pump or inlet valve, and secondary containment (bund) sized to contain the full HighLow-MediumSignificantYes -- recommended
GAP-FOS-003Fuel OilPump seal failure on fuel oil transfer or forwarding pumps releases flammable liquid at the pump skid. Standard prevention includes: dual mechanical seals (API Plan 52/54), seal flush systems, bearing temperature and vibration monitoring wiHighLow-MediumSignificantYes -- recommended
GAP-F-001FeedwaterNo mitigative barriers identified in HAZOP. All 4 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-SNH-001Generator H2No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-SNH-002Generator H2Vacuum system failure in the ACC allows air ingress into the steam space, degrading condenser performance and potentially causing oxygen corrosion of tube internals. This mechanism is typically prevented by vacuum pump redundancy, air ejectHighLow-MediumSignificantYes -- recommended
GAP-HRS-001HRH SteamNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HNI-001HRSG IPNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HNI-002HRSG IPThermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubHighLow-MediumSignificantYes -- recommended
GAP-HNL-001HRSG LPNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HS-001HP SteamNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HNH-001HRSG HPNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-SNL-001STG Lube OilNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-LSS-001LP SteamNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-HNA-001Ammonia/SCRNo mitigative barriers identified in HAZOP. All 6 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-SNT-001STG SealsNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended
GAP-SNB-001STG SteamNo mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.HighLow-MediumSignificantYes -- recommended

8.4 ALARP Conclusion

Based on this desk-review assessment, the residual risk from 2 of 19 MAH scenarios cannot be confirmed as ALARP until the 25 Critical findings are addressed. The principal barriers to an ALARP demonstration are: (a) unconfirmed SIL ratings on safety-instrumented functions; (b) suggested mitigation barriers requiring site verification; and (c) unprotected threat pathways where HAZOP safeguards could not be matched to specific initiating events. A formal ALARP assessment requires site-validated PFD / SIL data, operational performance records, and a reasonably-practicable cost / benefit analysis, which are outside the scope of this desk review.

9. Findings, Gap Analysis and Improvement Plan

9.1 Cross-Cutting Systemic Findings

These findings frame the assessment as a whole. They surface HAZOP methodology gaps and defence-in-depth diversity gaps that affect every system rather than any single MAH scenario.

MAJOR F-SYS-001 -- Cross-cutting (all systems)
HAZOP methodology gap: the source HAZOP safeguard set is dominated by instrumented hardware barriers (alarms, trips, interlocks, valve position feedback). Of 39 human / procedural / organizational barriers in this assessment only 16 were extracted from HAZOP rows; the rest were added from domain knowledge and engineering standards. Emergency operating procedures, permit-to-work systems, pre-startup safety reviews, shift handover protocols, and management-of-change processes are not documented as HAZOP safeguards. Recommendation: run a supplementary workshop focused on non-hardware barriers so they are captured as HAZOP safeguards rather than tool inferences. Owner: Process Safety Lead. Target: 90 days.
MAJOR F-SYS-002 -- Cross-cutting (all systems)
Defence-in-depth diversity gap: barrier type distribution across the assessment is Hardware-Active 73%, Hardware-Passive 10%, Procedural 10%, Organizational 6%, Human-Active 1%. Barrier ownership is concentrated: I&C Eng owns 65% of all barriers; Operations owns 11%. Per CCPS / EI each critical threat pathway should have barriers from at least two of three categories (Technical / Operational / Organizational). Conduct a barrier-diversity review with multi-discipline participation (Operations, Maintenance, HSE, I&C). Owner: HSSE Manager. Target: 90 days.
CRITICAL F-SCOPE-001 -- Cross-cutting (all systems)
Submitted HAZOP covers 10 of 32 mandatory systems for CCGT scope (31%). Classification: LIMITED.
MAJOR F-SCOPE-002 -- Cross-cutting (all systems)
Variant not declared on CLI; scope benchmark defaulted to natural gas CCGT. A hydrogen-ready, cogeneration, coal, biomass, waste-to-energy, or reciprocating plant has materially different mandatory scope and cannot be assessed accurately against the default.

9.2 System-Specific Findings by Priority

System-specific findings are listed below in priority order. Standard closure timelines are CRITICAL within 60 days, MAJOR within 90 days, MINOR within 180 days.

PriorityCountStandard Closure
CRITICAL2460 days
MAJOR3590 days
MINOR20180 days
Total system-specific79

Systems carrying CRITICAL findings: ACC, Ammonia/SCR, Auxiliary Steam, CRH Steam, Feedwater, Fuel Gas, Fuel Oil, Generator H2, HP Steam, HRH Steam, HRSG Bypass, HRSG Duct Burner, HRSG HP, HRSG IP, HRSG LP, LP Steam, STG Lube Oil, STG Seals, STG Steam.

CRITICAL F-001 -- ACC
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-002 -- Auxiliary Steam
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-003 -- HRSG Bypass
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-004 -- CRH Steam
No mitigative barriers identified in HAZOP. All 3 suggested barriers marked for validation.
CRITICAL F-005 -- HRSG Duct Burner
No mitigative barriers identified in HAZOP. All 7 suggested barriers marked for validation.
CRITICAL F-006 -- HRSG Duct Burner
Single barrier on domain_knowledge pathway (THR-DB-002). Single point of failure on S=5 catastrophic consequence.
CRITICAL F-007 -- Fuel Gas
Single barrier on from_hazop pathway (THR-FG-002). Single point of failure on S=5 catastrophic consequence.
CRITICAL F-008 -- Fuel Oil
Flange and connection leaks on lube oil pipework are caused by vibration-induced bolt relaxation, gasket degradation, and thermal cycling. Standard prevention includes: joint integrity management programme (ASME PCC-1), controlled bolt torquing procedures, vibration monitoring on turbine/generator bearings, and periodic inspection of flange connections during planned outages. The HAZOP did not document joint integrity or inspection safeguards for lube oil flanges. Verify: (a) joint integrity programme scope covers lube oil system, (b) bolt torque records for critical flanges, (c) vibration trending data, (d) flange inspection scope in planned maintenance.
CRITICAL F-009 -- Fuel Oil
Tank overflow during fuel oil delivery is prevented by independent high-level alarms (LAH), high-high level trips (LAHH) with automatic shutoff of the transfer pump or inlet valve, and secondary containment (bund) sized to contain the full tank volume plus rainfall. The HAZOP did not document level protection or overflow prevention for the fuel oil storage tank as safeguards. Verify: (a) independent LAH and LAHH instruments on the tank, (b) automatic transfer pump trip on LAHH, (c) bund sizing and drainage arrangement, (d) delivery procedure with operator attendance requirements.
CRITICAL F-010 -- Fuel Oil
Pump seal failure on fuel oil transfer or forwarding pumps releases flammable liquid at the pump skid. Standard prevention includes: dual mechanical seals (API Plan 52/54), seal flush systems, bearing temperature and vibration monitoring with alarm and trip, and seal leak detection (drip collection, level alarm on seal drain pot). The HAZOP did not list seal-specific safeguards for fuel oil pumps. Verify: (a) seal arrangement type (single/dual/tandem), (b) seal support system (flush, quench, buffer), (c) seal leak detection method, (d) bearing monitoring with trip setpoints.
CRITICAL F-011 -- Feedwater
No mitigative barriers identified in HAZOP. All 4 suggested barriers marked for validation.
CRITICAL F-012 -- Generator H2
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-013 -- Generator H2
Vacuum system failure in the ACC allows air ingress into the steam space, degrading condenser performance and potentially causing oxygen corrosion of tube internals. This mechanism is typically prevented by vacuum pump redundancy, air ejector systems, and vacuum leak detection. The HAZOP documented safeguards for tube leak and pressure control but did not address the vacuum-loss initiation mechanism as a separate cause. Verify: (a) vacuum pump standby/auto-start arrangement, (b) vacuum alarm setpoints and operator response procedure, (c) air ingress detection (e.g., dissolved oxygen monitoring).
CRITICAL F-014 -- HRH Steam
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-015 -- HRSG IP
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-016 -- HRSG IP
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.
CRITICAL F-017 -- HRSG LP
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-018 -- HP Steam
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-019 -- HRSG HP
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-020 -- STG Lube Oil
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-021 -- LP Steam
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-022 -- Ammonia/SCR
No mitigative barriers identified in HAZOP. All 6 suggested barriers marked for validation.
CRITICAL F-023 -- STG Seals
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
CRITICAL F-024 -- STG Steam
No mitigative barriers identified in HAZOP. All 5 suggested barriers marked for validation.
MAJOR F-025 -- ACC
Vacuum system failure in the ACC allows air ingress into the steam space, degrading condenser performance and potentially causing oxygen corrosion of tube internals. This mechanism is typically prevented by vacuum pump redundancy, air ejector systems, and vacuum leak detection. The HAZOP documented safeguards for tube leak and pressure control but did not address the vacuum-loss initiation mechanism as a separate cause. Verify: (a) vacuum pump standby/auto-start arrangement, (b) vacuum alarm setpoints and operator response procedure, (c) air ingress detection (e.g., dissolved oxygen monitoring).
MAJOR F-026 -- ACC
Common-cause failure vulnerability on ACC: 82% of barriers (9/11) are owned by I&C Eng. A systematic failure in that discipline's domain (DCS failure, instrument air loss, staffing gap) would simultaneously degrade the majority of barriers.
Assess common-cause failure modes for I&C Eng-owned barriers on ACC. Consider diversifying barrier ownership by adding operational or procedural layers.
MAJOR F-027 -- ACC
Defence-in-depth inadequacy on ACC: all 6 prevention barriers on 'Tube leak from corrosion or mechanical damage' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Tube leak from corrosion or mechanical damage' pathway on ACC.
MAJOR F-028 -- ACC
Shared barrier dependency: 'Steam leak detection and alarm' appears in 10 of 19 systems (53%). Degradation of this single barrier simultaneously weakens protection across ACC, Auxiliary Steam, HP Steam, HRH Steam, HRSG Bypass.... This creates a systemic single-point-of-failure dependency.
Confirm 'Steam leak detection and alarm' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 10 systems.
MAJOR F-029 -- ACC
Shared barrier dependency: 'Emergency isolation (remote operated)' appears in 10 of 19 systems (53%). Degradation of this single barrier simultaneously weakens protection across ACC, Auxiliary Steam, HP Steam, HRH Steam, HRSG Bypass.... This creates a systemic single-point-of-failure dependency.
Confirm 'Emergency isolation (remote operated)' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 10 systems.
MAJOR F-030 -- ACC
Shared barrier dependency: 'Emergency operating procedures' appears in 10 of 19 systems (53%). Degradation of this single barrier simultaneously weakens protection across ACC, Auxiliary Steam, HP Steam, HRH Steam, HRSG Bypass.... This creates a systemic single-point-of-failure dependency.
Confirm 'Emergency operating procedures' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 10 systems.
MAJOR F-031 -- ACC
Shared barrier dependency: 'Access restriction and exclusion zones' appears in 10 of 19 systems (53%). Degradation of this single barrier simultaneously weakens protection across ACC, Auxiliary Steam, HP Steam, HRH Steam, HRSG Bypass.... This creates a systemic single-point-of-failure dependency.
Confirm 'Access restriction and exclusion zones' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 10 systems.
MAJOR F-032 -- ACC
Shared barrier dependency: 'Insulation and lagging for personnel protection' appears in 12 of 19 systems (63%). Degradation of this single barrier simultaneously weakens protection across ACC, Auxiliary Steam, CRH Steam, Feedwater, HP Steam.... This creates a systemic single-point-of-failure dependency.
Confirm 'Insulation and lagging for personnel protection' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 12 systems.
MAJOR F-033 -- ACC
Shared barrier dependency: 'Online sampling of water / steam' appears in 8 of 19 systems (42%). Degradation of this single barrier simultaneously weakens protection across Auxiliary Steam, Feedwater, HP Steam, HRH Steam, HRSG HP.... This creates a systemic single-point-of-failure dependency.
Confirm 'Online sampling of water / steam' is installed, tested, and maintained. Verify inclusion in the maintenance programme with appropriate test intervals. Consider redundancy or diversity given its criticality across 8 systems.
MAJOR F-034 -- Auxiliary Steam
PRV failure to reseat after a legitimate overpressure event causes continuous steam release until the system is depressurised and the PRV can be isolated for maintenance. This is a known failure mode where the valve lifts correctly but the seat is damaged by the high-velocity steam flow and cannot re-seal. Prevention includes: regular PRV bench testing (typically 12-month cycle per API 576), selection of resilient-seat designs for clean steam service, and installed-spare PRV arrangements allowing online changeover. The HAZOP did not list PRV testing or maintenance as a safeguard. Verify: (a) PRV test interval and compliance history, (b) PRV type and seat material, (c) spare PRV arrangement for online changeout.
MAJOR F-035 -- HRSG Bypass
Threat pathway 'Steam release from bypass valve body/bonnet leak' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.
MAJOR F-036 -- HRSG Bypass
Defence-in-depth inadequacy on HRSG Bypass: all 3 prevention barriers on 'Bypass valve failure to open on turbine trip' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Bypass valve failure to open on turbine trip' pathway on HRSG Bypass.
MAJOR F-037 -- CRH Steam
Defence-in-depth inadequacy on CRH Steam: all 4 prevention barriers on 'Equipment failure' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Equipment failure' pathway on CRH Steam.
MAJOR F-038 -- Fuel Gas
Defence-in-depth inadequacy on Fuel Gas: all 3 prevention barriers on 'Flange or connection leak (vibration / thermal cycling)' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Flange or connection leak (vibration / thermal cycling)' pathway on Fuel Gas.
MAJOR F-039 -- Fuel Gas
Defence-in-depth inadequacy on Fuel Gas: all 6 prevention barriers on 'Valve passing during maintenance or isolation' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Valve passing during maintenance or isolation' pathway on Fuel Gas.
MAJOR F-040 -- Feedwater
Common-cause failure vulnerability on Feedwater: 77% of barriers (10/13) are owned by I&C Eng. A systematic failure in that discipline's domain (DCS failure, instrument air loss, staffing gap) would simultaneously degrade the majority of barriers.
Assess common-cause failure modes for I&C Eng-owned barriers on Feedwater. Consider diversifying barrier ownership by adding operational or procedural layers.
MAJOR F-041 -- Feedwater
Defence-in-depth inadequacy on Feedwater: all 3 prevention barriers on 'Feedwater chemistry excursion causing tube damage' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Feedwater chemistry excursion causing tube damage' pathway on Feedwater.
MAJOR F-042 -- Generator H2
Defence-in-depth inadequacy on Generator H2: all 3 prevention barriers on 'Seal failure allowing H2 escape to atmosphere' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Seal failure allowing H2 escape to atmosphere' pathway on Generator H2.
MAJOR F-043 -- Generator H2
Defence-in-depth inadequacy on Generator H2: all 2 prevention barriers on 'Overpressure from H2 supply regulator failure' are 'Hardware - Passive'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Overpressure from H2 supply regulator failure' pathway on Generator H2.
MAJOR F-044 -- HRH Steam
Defence-in-depth inadequacy on HRH Steam: all 3 prevention barriers on 'Equipment failure' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Equipment failure' pathway on HRH Steam.
MAJOR F-045 -- HP Steam
Single barrier on from_hazop pathway (THR-HP-002). S=4 single-point-of-failure.
MAJOR F-046 -- HP Steam
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.
MAJOR F-047 -- HRSG HP
Threat pathway 'Feedwater chemistry excursion (caustic/acid attack)' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.
MAJOR F-048 -- HRSG HP
Thermal stress during startup/shutdown transitions is a primary damage mechanism for HRSG tubes, headers, and drums. Rapid temperature changes cause differential expansion between thick-walled components (drums, headers) and thin-walled tubes, leading to fatigue cracking at welds and penetrations. Standard prevention includes: controlled ramp rates per OEM limits (typically 2-5 deg C/min for drums), metal temperature monitoring at critical locations, hold periods for thermal soaking, cascaded bypass warming sequences, and automated GT load-hold interlocks tied to HRSG metal temperatures. The HAZOP documented hardware alarms but did not capture the startup SOP and ramp-rate controls as safeguards. Verify: (a) OEM ramp rate limits in the DCS, (b) startup SOP including hold-point criteria, (c) metal temperature monitoring locations and alarm setpoints, (d) cyclic life expenditure (CLE) tracking system.
MAJOR F-049 -- HRSG HP
Defence-in-depth inadequacy on HRSG HP: all 6 prevention barriers on 'Overpressure from blocked safety valve or stuck bypass' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Overpressure from blocked safety valve or stuck bypass' pathway on HRSG HP.
MAJOR F-050 -- STG Lube Oil
Threat pathway 'Initiating event' has zero prevention barriers. No HAZOP safeguard could be matched to this initiating event. Verify whether prevention barriers exist at the plant but were not documented in the HAZOP study.
MAJOR F-051 -- LP Steam
Defence-in-depth inadequacy on LP Steam: all 2 prevention barriers on 'LP PRV failure to reseat after overpressure event' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'LP PRV failure to reseat after overpressure event' pathway on LP Steam.
MAJOR F-052 -- Ammonia/SCR
Pipework leak in the ammonia distribution system releases toxic vapour. Aqueous ammonia (19-25%) has a significant vapour pressure and can produce a toxic cloud at ambient temperature. Standard prevention includes: corrosion-resistant material selection (typically SS316L or HDPE), flanged connection minimisation (welded construction preferred), periodic wall thickness measurement, and hazardous area classification around ammonia piping routes. The HAZOP documented transfer hose safeguards but did not address fixed pipework integrity. Verify: (a) piping material specification, (b) joint types (welded vs flanged), (c) inspection scope includes ammonia distribution piping, (d) leak detection coverage of ammonia pipe routes.
MAJOR F-053 -- Ammonia/SCR
Tank overflow during fuel oil delivery is prevented by independent high-level alarms (LAH), high-high level trips (LAHH) with automatic shutoff of the transfer pump or inlet valve, and secondary containment (bund) sized to contain the full tank volume plus rainfall. The HAZOP did not document level protection or overflow prevention for the fuel oil storage tank as safeguards. Verify: (a) independent LAH and LAHH instruments on the tank, (b) automatic transfer pump trip on LAHH, (c) bund sizing and drainage arrangement, (d) delivery procedure with operator attendance requirements.
MAJOR F-054 -- STG Seals
Common-cause failure vulnerability on STG Seals: 85% of barriers (11/13) are owned by I&C Eng. A systematic failure in that discipline's domain (DCS failure, instrument air loss, staffing gap) would simultaneously degrade the majority of barriers.
Assess common-cause failure modes for I&C Eng-owned barriers on STG Seals. Consider diversifying barrier ownership by adding operational or procedural layers.
MAJOR F-055 -- STG Seals
Defence-in-depth inadequacy on STG Seals: all 6 prevention barriers on 'Initiating event' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Initiating event' pathway on STG Seals.
MAJOR F-056 -- STG Seals
Defence-in-depth inadequacy on STG Seals: all 2 prevention barriers on 'Equipment failure' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Equipment failure' pathway on STG Seals.
MAJOR F-057 -- STG Steam
Valve stem leak on extraction or admission valves within the steam turbine casing allows HP/IP/LP steam to escape at the valve bonnet or packing gland. These valves operate at high temperature and pressure with frequent cycling, making packing wear a primary failure mechanism. Standard prevention includes: leak-off connections with monitoring (routed to condenser or drain), packing condition monitoring during operation (visual/thermographic), planned replacement of valve packing during major outages, and live-loading of gland packing. The HAZOP did not document valve-stem-specific safeguards. Verify: (a) leak-off connection arrangement, (b) packing type and replacement schedule, (c) thermographic survey scope includes extraction/admission valve bonnets.
MAJOR F-058 -- STG Steam
Common-cause failure vulnerability on STG Steam: 82% of barriers (14/17) are owned by I&C Eng. A systematic failure in that discipline's domain (DCS failure, instrument air loss, staffing gap) would simultaneously degrade the majority of barriers.
Assess common-cause failure modes for I&C Eng-owned barriers on STG Steam. Consider diversifying barrier ownership by adding operational or procedural layers.
MAJOR F-059 -- STG Steam
Defence-in-depth inadequacy on STG Steam: all 6 prevention barriers on 'Gland steam system failure causing external leak' are 'Hardware - Active'. Per CCPS / EI, defence-in-depth requires barriers from at least 2 of 3 categories (Technical / Operational / Organizational) to protect against common-mode failure.
Identify at least one barrier of a different type (procedural, human, or organizational) for the 'Gland steam system failure causing external leak' pathway on STG Steam.
MINOR F-060 -- Auxiliary Steam
Barrier independence concern on Auxiliary Steam: 2 barriers on threat THR-AX-001 share instrument prefix 'VALVE-10', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-10' on Auxiliary Steam. Confirm separate sensors, logic solvers, and final elements.
MINOR F-061 -- Fuel Gas
Field positioner safeguard PB-FG-036 used as a barrier but SIL rating is not confirmed.
MINOR F-062 -- Fuel Gas
Field positioner safeguard PB-FG-031 used as a barrier but SIL rating is not confirmed.
MINOR F-063 -- Fuel Gas
Barrier independence concern on Fuel Gas: 2 barriers on threat THR-FG-003 share instrument prefix 'TAL-11EK', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'TAL-11EK' on Fuel Gas. Confirm separate sensors, logic solvers, and final elements.
MINOR F-064 -- Fuel Gas
Barrier independence concern on Fuel Gas: 5 barriers on threat THR-FG-004 share instrument prefix 'VALVE-11', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-11' on Fuel Gas. Confirm separate sensors, logic solvers, and final elements.
MINOR F-065 -- Feedwater
Barrier independence concern on Feedwater: 2 barriers on threat THR-FW-001 share instrument prefix 'VALVE-11', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-11' on Feedwater. Confirm separate sensors, logic solvers, and final elements.
MINOR F-066 -- Feedwater
Barrier independence concern on Feedwater: 2 barriers on threat THR-FW-001 share instrument prefix 'MOV-11LA', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'MOV-11LA' on Feedwater. Confirm separate sensors, logic solvers, and final elements.
MINOR F-067 -- Generator H2
Barrier independence concern on Generator H2: 2 barriers on threat THR-GH-003 share instrument prefix 'PSV-10MK', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'PSV-10MK' on Generator H2. Confirm separate sensors, logic solvers, and final elements.
MINOR F-068 -- HRSG IP
Field positioner safeguard PB-HI-014 used as a barrier but SIL rating is not confirmed.
MINOR F-069 -- HRSG LP
Field positioner safeguard PB-HL-016 used as a barrier but SIL rating is not confirmed.
MINOR F-070 -- HRSG LP
Field positioner safeguard PB-HL-014 used as a barrier but SIL rating is not confirmed.
MINOR F-071 -- HRSG LP
Barrier independence concern on HRSG LP: 2 barriers on threat THR-HL-001 share instrument prefix 'VALVE-11', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-11' on HRSG LP. Confirm separate sensors, logic solvers, and final elements.
MINOR F-072 -- HRSG HP
Field positioner safeguard PB-HR-016 used as a barrier but SIL rating is not confirmed.
MINOR F-073 -- HRSG HP
Field positioner safeguard PB-HR-009 used as a barrier but SIL rating is not confirmed.
MINOR F-074 -- HRSG HP
Field positioner safeguard PB-HR-007 used as a barrier but SIL rating is not confirmed.
MINOR F-075 -- HRSG HP
Barrier independence concern on HRSG HP: 3 barriers on threat THR-HR-004 share instrument prefix 'VALVE-11', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-11' on HRSG HP. Confirm separate sensors, logic solvers, and final elements.
MINOR F-076 -- HRSG HP
Barrier independence concern on HRSG HP: 2 barriers on threat THR-HR-004 share instrument prefix 'PDAH-11L', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'PDAH-11L' on HRSG HP. Confirm separate sensors, logic solvers, and final elements.
MINOR F-077 -- LP Steam
Barrier independence concern on LP Steam: 2 barriers on threat THR-LP-001 share instrument prefix 'MOV-11LB', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'MOV-11LB' on LP Steam. Confirm separate sensors, logic solvers, and final elements.
MINOR F-078 -- Ammonia/SCR
Barrier independence concern on Ammonia/SCR: 3 barriers on threat THR-NH-001 share instrument prefix 'VALVE-10', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'VALVE-10' on Ammonia/SCR. Confirm separate sensors, logic solvers, and final elements.
MINOR F-079 -- STG Steam
Barrier independence concern on STG Steam: 5 barriers on threat THR-SS-002 share instrument prefix 'MV10MAL8', suggesting they may share a common sensor, transmitter, or logic solver. Per CCPS / EI, barriers on the same pathway must be independent.
Verify instrument independence for barriers with prefix 'MV10MAL8' on STG Steam. Confirm separate sensors, logic solvers, and final elements.

9.3 Common Themes

Cross-finding analysis -- the recurring patterns that emerge when the per-bowtie findings are read together.

Generic mitigation across systems
A small set of mitigation titles appears across many systems (emergency response, access restriction, emergency isolation, insulation and lagging). These were populated from the barrier library, not extracted from the HAZOP. They are appropriate as minimum expectations but mask the absence of system-specific mitigation and create a shared dependency.
Implication: Site verification must confirm these barriers exist as installed systems, not just library expectations.
I&C barrier concentration
0% of all barriers are owned by I&C Engineering, reflecting the HAZOP's focus on instrumented safeguards. This creates common-cause vulnerability -- a DCS failure, loss of instrument air, or loss of UPS would simultaneously degrade the majority of barriers across multiple systems.
Implication: Common-cause failure analysis needed for shared I&C infrastructure (DCS, instrument air, UPS).
Prevention-heavy, mitigation-light
The barrier set is 58% prevention vs 42% mitigation by count, but 81% of mitigation is generic trunk-mounted. Only 19% of mitigation is consequence-specific (fire suppression, blast protection, containment). Defence is strong on preventing loss of containment but weak on managing consequences if prevention fails.
Implication: Process Safety Team should assess consequence-specific mitigation for S>=4 scenarios.
Barrier effectiveness uncertainty
78 of 233 barriers (33%) are Partially Effective from desk review -- they exist in the HAZOP but reliability or completeness cannot be confirmed. Lowest-effectiveness system: HRSG Bypass at 50%. Partially Effective barriers cannot be credited at full PFD value in a LOPA -- the failure probability should be increased by 2-10x.
Implication: Site verification Phase 2 must resolve barrier condition to Effective or identify required improvements.

10. Assessment Confidence and Verification Requirements

10.1 Five-Factor Confidence Framework

Confidence in this assessment is decomposed into five weighted factors. Each factor is rated Low (30 points), Medium (55 points) or High (80 points). The weighted overall rolls up to the evidence confidence number reported on the cover.

Weighted overall confidence: 46/100 · Structural confidence: 85% · Evidence confidence cap: 40/100 (non-negotiable for desk reviews per SPEC-XL §19).

Dual confidence cap: confidence is capped at min(desk-review cap 65/100, scope-coverage cap 40/100) = 40/100. Scope cap reflects 31% coverage of mandatory reference systems for CCGT.

Hazard identification completeness Medium (weight 25%)

19 MAH scenarios identified from 1123 HAZOP rows; 0 systems excluded as non-MAH. Coverage is comprehensive for process systems but does not include electrical protection, GT exhaust / purge, or utility chemical storage.

Barrier identification basis Medium (weight 25%)

137 barriers (59%) traced to HAZOP safeguards. 67 (29%) from domain knowledge, 29 (12%) from engineering standards. HAZOP-traced barriers carry highest confidence; library-seeded barriers require site verification.

Barrier effectiveness data Low (weight 20%)

No PFD / SIL data verified against site records. 33% of barriers assessed as Partially Effective. Condition assessment requires maintenance records, test reports and site observation.

Consequence assessment basis Medium (weight 15%)

Consequence severity drawn from the HAZOP risk matrix. No QRA, dispersion modelling or fire / explosion consequence analysis performed. Consequence descriptions are credible for CCGT but not independently validated.

Degradation factor completeness Low (weight 15%)

Escalation factors and degradation controls not systematically assessed. Common-cause failure analysis not performed. Barrier independence not verified. These require operational data and site walkdown.

10.2 Provenance Breakdown

TierCountDefinition
From HAZOP137Row-level verified with instrument tags
From HAZOP (limited)0Traceable but sparse HAZOP support
Aggregated from HAZOP0Synthesised from multiple HAZOP rows
Derived from HAZOP0Logically inferred from HAZOP data
Engineering standard29Based on industry code or standard
Domain knowledge67Expert knowledge (HAZOP gap)
Suggested0Gap-fill requiring site validation

10.3 Post-Report Verification Plan

Phase 1 (60 days): Process Safety Team validates bowtie groupings, top events and barrier classifications. Phase 2 (90 days): Mechanical Integrity Engineer validates PFD / SIL on all hardware barriers. Phase 3 (120 days): Site walkdown confirms presence and condition of suggested barriers (gap-fill). Phase 4 (180 days): Improvement plan (Section 9) implemented and closed.

11. Conclusions and Forward Look

11.1 Overall Risk Posture

Copy_of_Qasim_HAZOP_report_Excel.xlsx's barrier framework provides a foundation of instrumented hardware protection across 19 MAH scenarios. 17 systems are assessed as Adequate or Adequate with Concerns; 1 Require Improvement; 1 Inadequate. The barrier set is strong in prevention (alarm and trip-based protection from HAZOP) but weak in post-release mitigation, non-hardware defence layers, and barrier-independence assurance.

11.2 Hierarchy of Concerns

Recommended actions sorted by timeframe. Immediate items unblock the ALARP demonstration; systemic items improve future HAZOP and barrier management processes.

Immediate (60 days)

Short-term (90 days)

Medium-term (180 days)

Systemic

11.3 Confidence and Limitations

This assessment carries an evidence confidence of 65/100 reflecting its desk-review basis. The three principal limitations are: (a) barrier condition has not been verified by site observation or maintenance records; (b) PFD / SIL data is from design basis, not operational performance; (c) human / procedural barriers were predominantly added from domain knowledge rather than extracted from the HAZOP. These limitations are inherent to desk-review methodology and are addressed in the four-phase verification plan (Section 10.3).

11.4 Forward Look

Integrate the SCE / SCA register (Section 7) into the asset's barrier management system (DNV Synergi Life or equivalent) using the WORLD_CLASS.xlsx output. Establish recurring barrier-health reporting against the FARSI performance standards. Re-run this assessment whenever the underlying HAZOP is revised, the process design changes, or following any process safety event at the facility.

Prepared by Ascendera Group (for ACWA Power). FOR REVIEW -- REQUIRES PROCESS SAFETY TEAM VALIDATION.