STAMP (Systems Theoretic Accident Model and Processes) is a relatively new accident causality model based on systems theory. It draws its main tenets from systems thinking that (1) accidents can happen even when there has been no failure, (2) that interactions between components of the system create emergent properties that can lead to failure, and (3) it treats accidents as a control problem rather than a failure problem. STPA (Systems Theoretic Process Analysis) or colloquially “Stuff That Prevents Accidents” is a powerful hazard analysis technique based on STAMP. The STPA technique is based on a control structure rather than a traditional hardware-based structure as typically shown on a P&ID (Piping & Instrumentation Diagram). STPA is not so concerned with identifying component failures, but rather how those components interact and what controls or constraints are placed on the interactions that can lead to hazards.
The STPA technique is a good fit for identifying the ways hazards can arise during transient operating states such as maintenance, start-up, or response to abnormal situation. It identifies unsafe or missing controls related to the transient mode needed to prevent an accident. It works off of a control structure of the transient mode versus procedures or P&IDs. A typical control structure can include components, humans, software, requirements, expectations (written and unwritten). Traditional PHA (Process Hazards Analysis) methods such as HAZOP or What-if will not provide the same perspective.
This paper will provide two examples of transient mode control structures, one for maintenance and one for response to abnormal situation, and show how to perform the STPA hazard analysis on those control structures to ensure the proper controls and constraints are identified to prevent an unwanted event.
This paper was originally presented at the 2022 AIChE Spring Meeting & 18th Global Congress on Process Safety.
CHAZOP: Controls Hazard Operability Study