Landingpage available in the following languages:
or select your TÜV Rheinland region / country website:

Process Hazard & Risk Analysis


C & C Technical Support Services Ltd., United Kingdom ( is an accepted course provider of the TÜV Rheinland Functional Safety Program for Safety Instrumented Systems Trainings.

This 5 day training for FS Engineer PH&RA (TÜV Rheinland) is run in accordance with the TÜV Rheinland Functional Safety Program and comprises four days of classroom tuition and practical guidance, for understanding and mastering the application of process hazard analysis and associated risk assessment under the requirements of IEC 61508 / IEC 61511. There is a four hour proficiency assessment on the fifth day. Practical exercises will be performed throughout the training which will be based on real life examples.

Successful participants, who must also have a minimum of 3 years functional safety experience, will achieve the prestigious FS Engineer (TÜV Rheinland) PH&RA certificate. All FS Engineers of the TÜV Rheinland Functional Safety Training Program are also listed on the TÜV Rheinland Certipedia Database:

Target Group

Process Engineers, Safety Engineers, Instrument Engineers and Operations personnel who are involved in maintaining the integrity of their processes, and are more involved the early lifecycle phases of functional safety management.

Course Objectives

The topics cover the concepts of identifying hazards using tools such as What-If, Failure Mode and Effect Analysis (FMEA) and HAZard and OPerability (HAZOP). This will be further developed into the analysis of risk and methods of risk reduction to consider the effectiveness of preventative and mitigating layers of protection. The use of preventative safeguarding efficiencies will be introduced for use with the PHA Matrix, along with the advantages/disadvantages of using the PHA Matrix with different Hazard Analysis methods.

The different questioning techniques used by a Hazard study leader to assure a systematic study methodology are investigated, as is the HAZOP flowsheet design, by considering the use of the HAZOP for specific needs such as LOPA. A LOPA exercise will actually be carried out from the output of the course HAZOP exercise. Consideration of constructing effective nodes will be examined and better definition will be given to claims of double jeopardy. Closer examination will be given to the hazards associated with environmental changes which can slip through the net of the ALARP approach.

The course evaluates the use of the Bowtie method to represent the risk as a single diagram based on input from other risk assessment techniques.

In order to compare similar designs which are ‘proven in use’, the course looks at the considerations required when building effective checklists, along with the advantages of combining this method with brainstorming approaches. Constant comparison of the different Hazard Analysis methods is made through highly practical exercises to allow the delegate to appreciate the benefits of the different methods used.

Some process related activities can only be carried out procedurally. When this is the case, Hazard identification methods for procedural activities must be considered. The course will look at the techniques available, and give consideration to which technique should be used with the associated good practice of implementing those techniques.

The course will introduce participants to the use of Safety Integrity Levels (SIL) and SIL determination using internationally agreed methods for assessing and quantifying process risk and risk reduction requirements. Delegates will be equipped with the knowledge and methods for undertaking various types of qualitative, semi quantified and quantitative risk assessments.

Practical exercises will be carried out for Semi Quantitative methods such as risk graph and LOPA. The shortfalls of the quicker methods will be investigated to allow the analyst to appreciate the limitations of screening tools. The most popular semi quantified method, Layer of Protection Analysis (LOPA), will be explored in depth.

Delegates will gain an appreciation for the need for Fault Tree Analysis (FTA) given the potential for common cause failure when the consequences of a single top event require the analysis of a highly complex redundant system. Simplified FTA exercises will also be carried out to introduce the engineer to the method in both qualitative and quantitative terms.

The effective use of Event Tree Analysis will be looked at in two different forms (Mitigation ETA and Traditional ETA). HAZOP studies can often generate pages of hazard analysis for a complicated, high hazard process system that can fail in a number of ways generating many different consequences. The course will focus on how ETA can be used to qualitatively support the analyst in mapping out the various consequences given various events with safeguard success or failure. Analysts can then select those events which generate consequences of interest for which FTA may be required.

Delegates will also be taken through the requirements for safety management and the framework of a Safety Management System (SMS) for achieving effective process risk management. Best practice for SMS will be investigated with the use of Bow-ties linking the Hazard and its safeguards to the SMS. An insight into how process safety KPIs can be used to better align engineering and management in the prevention of major accident hazards will be covered. The order in which we consider protecting against hazards will be strongly emphasised throughout the course and a section on Inherent Design will be covered. Various videos will support the course material and the three main aspects of how managers should understand Process Risk will be constantly emphasised. Degraded organisational structure examples will be investigated to demonstrate how this can impair, and then normalise the good judgement of engineers, in such a way that this can potentially increase the probability of a hazardous events occurring. The course will examine real life examples of how organisational structure contributed towards Texas City and Macondo disasters.

Realistic practical exercises and case studies will be used to compliment the instruction.


Display all Hide all


Section 1 will cover the concepts and principles of process related risk management, and the frameworks of Major Accident Prevention Policies and Safety Management Systems.

The concepts of process safety and functional safety and the requirements for process safety management and legislation will be covered. This section will provide an introduction to IEC 61511 for the Process Industries sector and the Safety Lifecycle and start to cover the PH&RA methods and inherently safe designs.


  • Occupational Safety versus Process Safety
  • Risk management principles.
  • Hazards and associated risks.
  • Outline of EU SEVESO 2 Directive.
  • Process Safety and Management Systems
  • Safety Legislation and Compliance
  • The ALARP concept
  • IEC 61511 for the Process Industries
  • Management of Functional Safety
  • Prescriptive and Risk Based Standards
  • Inherent Safety
  • Process Lifecycle & Introduction to PH&RA Methods
  • Safety Instrumented Functions (SIF)
  • Process Risk and Risk Judgement


This section will cover the most common hazard identification methods including What-If and Hazard and Operability (HAZOP) Studies in line with IEC 61882. The concepts of Cyber Process Hazard Analysis will be introduced as well as the Bowtie method for linking hazards to process safety management (PSM). This section will also cover Failure Modes and Effect Analysis (FMEA) for identifying the effects of single equipment and system failures on systems or process plant.


  • Hazard Identification Methods
  • HAZOP Guide IEC 61882
    • Definition of scope and objectives of a HAZOP study
    • HAZOP Methodology
    • Preparatory work and documentation requirements
    • Choosing the team and understanding roles within the team
    • Understanding the role of the Team Leader
    • Choosing Nodes
    • The examination by guidewords, parameters and deviations
    • The HAZOP study procedure
    • Raising actions and action management
    • Documentation and reporting of a HAZOP study plus formulating the study report
    • Estimating HAZOP study duration
    • Life cycle phases of HAZOP Study
  • HAZOP exercise
  • What-If Analysis
  • Checklist Analysis
  • What-If / Checklist Analysis
  • Bowtie method
  • HAZOP or What-If of non-routine operating modes
  • Failure Modes and Effect Analysis


Section 3 will introduce the concept of how SIS can provide Primary and Secondary Functions for protection against different types of hazards. It will cover a number of alternative and popular methods for risk assessment techniques and will discuss the relationships between different methods and where they can be employed to best effect.

The requirements for the Safety Requirements Specifications (SRS) and its development will be discussed in detail.


  • Primary and Secondary Functions
  • Qualitative method of risk analysis
    • o The risk graph
    • o Risk graph calibration
  • Layer of Protection Analysis – semi quantified analysis
    • Analysis of hazards by causes and event frequencies
    • Independent protection layers (IPL)
    • Layers of protection
    • Mitigation layers
    • Conditional modifiers
    • Setting tolerable risks for safety, asset and environmental consequences
    • The LOPA analysis
  • Event Tree Analysis (ETA) – semi quantified analysis
    • ETA Barriers and protection layers
    • Qualitative ETA
    • Event tree construction
    • Quantified ETA
  • Fault Tree Analysis (FTA) – fully quantified analysis
    • Functions of ‘AND’ and ‘OR’ gates
    • Fault Tree rules
    • FTA construction
  • Course summary.


On day 5

A four (4) hour two part proficiency assessment comprising:

  • Part 1 = 70 multiple choice questions (1 mark each question);
  • Part 2 = Two written question as follows:
    • Part 2.1 SIL determination question (12 marks)
    • Part 2.2 HAZOP question (18 marks)

The pass score criterion is 75%.


In accordance with the TÜV Rheinland Functional Safety Training Program:

  • A minimum of 3 years of experience in the field of process hazard analysis and risk assessment.
  • University degree or equivalent engineering diploma, or experience and responsibilities as certified by employer or an engineering institution.


Course Duration is five (5) days.

The course will provide four days of classroom tuition and practical guidance for understanding and mastering the application, principles process hazard and risk assessment in accordance with IEC 61511

Practical exercises will be performed throughout the course which will be based on real life examples.

There is a four hour two part proficiency assessment on the fifth day.

All training will be undertaken by a FS Expert (TÜV Rheinland) for the application area of Safety Instrumented Systems (SIS) who has been approved by TÜV Rheinland to provide their training program.

Training manuals containing all the presented material and exercise examples will be provided for each student.


Please contact course provider.