Training - LOPA


LOPA Introduction


Layer of Protection Analysis ("LOPA") is a simplified form of risk assessment according
to IEC 61511, Part 3, Annex F.

LOPA is not a fully quantitative risk assessment approach like failure mode and effect
analysis (FMEA), but is rather simlified methods for assessing the value of protection layers
on well-defined accident szenarios.

It builds on the information developed during a qualitative hazard evaluation, such as a
process hazard analysis (PHA). The primary purpose of LOPA is to determine if there are
sufficient layers of protection against the consequences of an accident scenario
(can the risk be tolerated?).

For this, it calculates the initiating event frequency and the likelihood of failure of independent
protection layers (IPLs) to approximate the risk of a scenario.

Then, LOPA compares the mitigated consequence frequency with a risk tolerance criteria
established by the organisation to decide if existing IPLs or safeguards are adequate.


The following merging standards and practices start picking up momentum:

  • CCPS Layers of Protection Analysis (2001) /LIT. 1/
  • IEC 61508 and IEC 61511 (Functional Safety) /LIT. 2, 3/
  • CCPS Safe Process Automation (1993) /LIT. 5/



LOPA does require data. The data quantify (to a rough order of magnitude) how often equipment fails, how often people err, the consequences of errors and failures, and how likely the safeguards will prevent the scenario. These data will be used to develop values for consequence severity, initiating event frequency, and PFDs (probability of failure on demand) for IPLs.

