Introduction to FMEA in Chemical Plant Operations

Failure Mode and Effects Analysis (FMEA) is a systematic, proactive method for evaluating a process to identify where and how it might fail and to assess the relative impact of different failures. In chemical plants, where the consequences of failure can range from production downtime to catastrophic environmental release or personnel injury, maintaining a living FMEA program is not optional. It is a regulatory expectation under process safety management (PSM) standards such as OSHA 1910.119 and the EPA’s Risk Management Program (RMP), as well as a cornerstone of good engineering practice.

A FMEA review and update is the process of revisiting an existing FMEA to ensure it reflects current process conditions, incorporates lessons learned from incidents and near-misses, and addresses changes in equipment, materials, procedures, or personnel. Without periodic reviews, the FMEA becomes a static document that no longer represents actual risk, leading to blind spots that can result in serious events. This article provides a step-by-step guide to conducting a thorough FMEA review and update specifically tailored for chemical plants, with practical advice on team composition, data gathering, risk scoring, and follow-up actions.

Why Regular FMEA Reviews Are Critical in Chemical Plants

Chemical processes are dynamic. Raw material grades change, pumps degrade, control logic gets updated, and personnel turnover introduces new operating practices. Each of these changes can alter failure modes, their likelihood, or their detectability. A review that occurs only when a safety incident forces it is dangerously reactive. Proactive, scheduled reviews ensure that:

  • Controls remain effective: Safeguards that were originally adequate may have degraded or been bypassed.
  • New failure modes are captured: Modifications to piping, instrumentation, or chemistry can introduce new hazards.
  • Risk priority numbers (RPNs) are accurate: If severity, occurrence, or detection ratings are out of date, decision-making for resource allocation becomes flawed.
  • Regulatory compliance is maintained: Many agencies expect documented periodic reviews of hazard analyses.

The OSHA Process Safety Management standard explicitly requires that process hazard analyses (which include FMEAs) be updated and revalidated at least every five years. However, best practice in high-hazard chemical plants is to review FMEAs more frequently—annually or whenever a management of change (MOC) triggers a process modification.

Preparing for the FMEA Review Session

Preparation is the most overlooked yet most impactful phase of any FMEA review. Rushing into a meeting without current documentation and a focused agenda guarantees poor outcomes. Below are the critical preparation steps.

Assemble the Right Multidisciplinary Team

The review team must include individuals who have direct, hands-on knowledge of the process as it runs today. A typical team for a chemical plant FMEA review includes:

  • Process engineer (provides knowledge of design basis, P&IDs, and material balances)
  • Safety engineer or PSM coordinator (ensures alignment with regulatory requirements and corporate risk criteria)
  • Operations supervisor or lead operator (brings real-world operational experience—how the process actually behaves, not just how it is designed)
  • Maintenance technician or engineer (understands equipment degradation, failure history, and inspection effectiveness)
  • Instrument and controls specialist (evaluates alarm systems, safety instrumented functions, and interlocks)
  • Chemist or materials scientist (if reactive chemistry or material compatibility is a concern)

For complex or high-hazard units, consider including an external facilitator with deep FMEA expertise who can remain objective and keep the team on track. The team should not exceed eight people; larger groups become unmanageable for a detailed line-by-line review.

Gather and Review All Relevant Documentation

Before the meeting, circulate a documentation package for pre-reading. Essential documents include:

  • Previous FMEA report (the most recent version, with all revision history)
  • Updated process flow diagrams (PFDs) and piping and instrumentation diagrams (P&IDs) (verified red-lined versions showing all changes since the last review)
  • Incident and near-miss reports from the review period (especially those involving the equipment or process under analysis)
  • Change records (MOC logs) that document modifications to equipment, software, chemicals, or procedures
  • Maintenance records (reliability data, failure frequencies, inspection results for relief devices, tanks, and piping)
  • Current operating procedures and safe operating limits
  • Action items from the previous FMEA review (tracking status of corrective and preventive actions)

Compile a document review checklist to ensure nothing is overlooked. Assign someone (typically the PSM coordinator) to verify that all documents are the latest revisions and have been approved through the plant’s document control system.

Define the Scope and Objectives

Not every FMEA review needs to cover the entire process at the same level of detail. A well-scoped review focuses on the most critical subsystems, those with the highest risk potential, or those that have experienced the most change. Write a brief scope statement that answers:

  • Which process unit or system is being reviewed?
  • What is the boundary of the analysis? (Include specific equipment tags, line numbers, or software functions.)
  • Will the review reassess all previous failure modes, or only those with RPN above a certain threshold?
  • What is the expected output? (e.g., updated FMEA spreadsheet, list of new action items, reprioritized risk list)

Set clear ground rules for the meeting: no phones, no side conversations, and a commitment to evidence-based discussions rather than opinions. A timekeeper should ensure each failure mode is evaluated within a pre-agreed time budget.

Conducting the FMEA Review: Step-by-Step

The actual review meeting is where the team systematically works through each failure mode. This section provides a detailed workflow that mirrors the structure of the FMEA table (or spreadsheet) common in chemical plant use.

Step 1: Re‑establish the Baseline

Start by orienting the team to the current state of the process. A quick walk-through of the updated P&ID, highlighting any changes since the last review, helps everyone visualize the system. Then, review the previous FMEA’s severity, occurrence, and detection (S, O, D) rating scales. These scales must be well understood and consistently applied. If the company uses a 1–10 scale (where 10 is worst), remind the team of the definitions associated with each number, especially for severity (e.g., 10 = multiple fatalities; 9 = single fatality; 8 = permanent disability; etc.). It is common for teams to drift in rating consistency over time; a quick calibration exercise using a sample failure mode can prevent skewed results.

Step 2: Review Each Existing Failure Mode

Go down the FMEA row by row. For each failure mode, ask and document answers to these questions:

  • Is the failure mode still physically possible? Has the process design or equipment changed in a way that eliminates this failure mode?
  • Are the listed causes still valid? For example, a chemical reaction that was once a potential cause may now be avoided due to a raw material change.
  • Are the current controls still in place and effective? If a safety system was bypassed or removed, that control may no longer count as a safeguard.
  • Have new incident reports or near-misses added evidence that the occurrence rating should be revised? If the plant has experienced two similar pump seal failures since the last review, the occurrence rating likely needs to increase.
  • Have detection methods improved? The installation of online analyzers or better monitoring systems can lower the detection rating (meaning failure is easier to detect).

For each row, if any answer indicates a change, the team must update the corresponding ratings. Record the new ratings and the reason for the change in a “comments” column. This audit trail is invaluable for future reviews and for demonstrating regulatory compliance.

Step 3: Identify and Add New Failure Modes

Process modifications, new equipment, changes in raw material impurities, or even revised operating procedures can introduce new failure modes that were not present in the previous version. The team should systematically examine each change from the MOC log and ask, “What new things could go wrong?”

Common sources of new failure modes in chemical plants include:

  • Equipment replacements (e.g., switching from carbon steel to stainless steel may eliminate corrosion failure but introduce galvanic corrosion at welds)
  • Control system upgrades (e.g., new DCS programming errors or cybersecurity vulnerabilities)
  • Changes in human factors (e.g., reduced operator staffing or new shift schedules that increase fatigue)
  • External influences (e.g., new adjacent operations that could interact with the unit, such as a new tank farm or utility system)

Use a brainstorming technique such as the “what‑if” method in combination with the FMEA structure. For each process step, ask the question: “If this fails, what are the effects on safety, environment, production, and equipment integrity?” While brainstorming new failure modes, avoid immediate criticism; instead, capture all ideas and triage them later.

Step 4: Re‑evaluate Risk Priority Numbers (RPNs)

After updating severity (S), occurrence (O), and detection (D) ratings for both existing and new failure modes, calculate the revised RPN (S × O × D). Sort the list by RPN descending. Identify the top 10 to 20 failure modes that have the highest RPNs. These are the candidates for immediate corrective actions.

However, RPN alone should not be the sole criterion for prioritization. A failure mode with a severity of 10 (catastrophic) but a low RPN due to very low occurrence or very easy detection may still warrant action because the consequences are so severe. Many plants adopt a “severity threshold” rule: any failure mode with a severity rating of 8 or higher must have at least one independent protection layer (IPL) and must be reviewed for additional safeguards regardless of RPN.

For chemical plants, the CCPS (Center for Chemical Process Safety) guidelines recommend using RPN in conjunction with a risk matrix to ensure that high-consequence events are not overlooked.

Updating the FMEA Document and Action Register

Once the review session is complete, the team’s findings must be formally captured in the FMEA document and in a separate action tracking system. This step is critical because an FMEA that is not updated accurately is worse than no FMEA at all—it creates a false sense of security.

Documenting Changes in the FMEA Spreadsheet

Use a structured template that includes:

  • Header information: process unit name, date of review, team members, scope, and version number.
  • For each failure mode: item/function, potential failure mode, potential effect(s), severity, cause(s), occurrence, current controls, detection, RPN, recommended actions, responsible person, and status.
  • A new column for “revision date” and “revision reason” so that future reviewers can see what changed and why.

Ensure that the updated FMEA is stored in the plant’s document management system with the appropriate revision control. Old versions should be archived, not deleted, to maintain a historical record of risk analyses.

Creating and Assigning Action Items

Each failure mode that requires risk reduction should have at least one recommended action. Actions must be specific, measurable, and assigned to an individual with a realistic due date. Avoid vague actions like “Improve maintenance.” Instead, write: “Install a high-level alarm on the reactor feed tank (LT‑101) with a setpoint at 85% level; connect to DCS and test monthly. Due: 31 March 2025. Assigned to: Senior Instrument Engineer.”

Common actions in chemical plant FMEA updates include:

  • Engineering changes: add alarms, interlocks, relief valves, or redundancy.
  • Procedural changes: revise operating or maintenance procedures to include new checks or cautionary steps.
  • Training: provide refresher training on the updated procedures or on recognizing early signs of failure.
  • Inspection and testing: increase inspection frequency for critical equipment based on updated occurrence data.

Enter these actions into a tracking system (such as an action register or a dedicated software module). Assign a closure criteria and a verification method. Do not close an action simply because the due date has passed; verify that the implemented change is effective and that the risk has actually been reduced.

Follow‑up and Continuous Improvement

The FMEA review is not the end of the process; it is a cycle that feeds into a broader risk management system. Without a robust follow‑up plan, the updated FMEA quickly becomes outdated again.

Monitoring the Effectiveness of Corrective Actions

After an action is implemented, the team should reassess the failure mode’s RPN to confirm that risk has been reduced to an acceptable level. This “validation” step is often missed. Schedule a brief meeting (perhaps 30 minutes) a few months after the FMEA update to review the status of high‑priority actions and verify that the new controls are functioning as intended.

Collect data on the metrics that matter:

  • Has the frequency of the failure mode decreased?
  • Are the detection systems actually alerting operators in time?
  • Have any near‑misses occurred that involved the new controls?

Integrating FMEA with Other Process Safety Elements

A chemical plant’s FMEA should not live in a silo. Connect it to other key elements of the process safety management system:

  • Management of Change (MOC): Any MOC that affects a failure mode listed in the FMEA must automatically trigger a review of that failure mode. Some plants embed FMEA review triggers directly into their MOC workflow.
  • Incident investigation: After any incident or serious near‑miss, the FMEA for the affected system should be reviewed to determine if the failure mode was previously identified and, if not, why it was missed.
  • Pre‑startup safety review (PSSR): Before introducing a new chemical or reinstalling modified equipment, the FMEA for that unit must be reviewed and approved.
  • Reliability engineering: Use the occurrence and detection data from FMEA to prioritize equipment condition monitoring and preventive maintenance tasks.

Scheduling the Next Review

Set the date for the next FMEA review at the conclusion of the current one. For high‑risk processes, consider an annual review. For lower‑risk utility systems, every three years may be sufficient. Regardless of the cycle, any significant event—a major fire, a toxic release, a fatality, or a significant process change—should trigger an immediate ad‑hoc review.

Document the review schedule in the plant’s annual PSM calendar and assign ownership to the PSM coordinator or process engineer. Ensure that the review is not deferred due to operational pressures; if the plant cannot afford a day for a safety review, it cannot afford a failure.

Common Pitfalls and How to Avoid Them

Even experienced teams fall into traps that reduce the value of FMEA reviews. Below are the most common pitfalls in chemical plants and practical countermeasures.

Pitfall 1: Treating the Review as a Compliance Check‑the‑Box Exercise

When a plant conducts a review simply to satisfy an auditor’s requirement, the team rushes through the lines, rubber‑stamps old ratings, and generates little value. The result is a false sense of safety. Countermeasure: Ensure that the facilitator challenges assumptions, asks tough questions, and insists on data‑backed ratings. Include operators who will speak up if the documented controls do not match reality.

Pitfall 2: Over‑reliance on RPN Alone

RPN is a useful index but has mathematical flaws: the product of three ordinal scales does not have ratio properties, and equal RPNs from different S‑O‑D combinations do not represent equal risk. Countermeasure: Use a risk matrix in parallel. Place each failure mode on a severity‑occurrence grid, and consider detection separately. Any failure mode in the “high” region of the matrix should have additional safeguards regardless of its RPN.

Pitfall 3: Ignoring Human Factors

Many chemical plant failures originate from human error—operator missteps, incorrect bypassing, poor communication, or fatigue. Yet some FMEA teams focus exclusively on hardware. Countermeasure: Explicitly include human actions as potential failure modes (e.g., “Operator fails to initiate emergency shutdown within 30 seconds”). Use the occurrence rating to capture historical frequencies of human errors from the plant’s incident database.

Pitfall 4: Failure to Update the FMEA After Implementing Corrections

The team completes the review, assigns actions, and then never revisits the spreadsheet to lower the occurrence rating after the action is implemented. The FMEA still shows a high RPN, which may mislead future risk assessments. Countermeasure: Build a rule into the action closure workflow: when an action is verified as complete, the FMEA’s occurrence or detection rating must be updated, and a new RPN calculated.

Leveraging Digital Tools for FMEA Management

Modern chemical plants are moving away from paper‑based FMEA spreadsheets toward digital platforms that enable real‑time collaboration, version control, and integration with other safety systems. If your plant is ready to digitize, look for the following capabilities:

  • Cloud‑based FMEA database accessible by all team members, with role‑based permissions.
  • Automated RPN calculations and risk matrix scoring with customizable thresholds.
  • Action tracking with dashboards and email reminders for due dates and overdue items.
  • Audit trail that records every change to ratings, failure modes, and actions, along with the user and timestamp.
  • Integration with the plant’s MOC and incident management software to automatically flag FMEA review requirements.

Several commercial products and open‑source solutions exist. The key is to choose a system that fits your plant’s complexity and that the team will actually use. A ISO 31010:2019 compliant tool can also help align with international risk management standards.

Case Study: A Practical Example from a Chemical Plant

Consider a batch reactor process where the previous FMEA had identified “runaway reaction due to cooling failure” as a high‑risk (RPN = 320, S=10, O=4, D=8). During the review, the team noted that:

  • A new redundant cooling pump had been installed (MOC from six months ago) but was not yet reflected in the FMEA.
  • The existing detection method (temperature alarm) had experienced two spurious trips, so operators had become desensitized and sometimes delayed response.
  • A near‑miss report indicated that the reaction temperature had exceeded the safe limit by 15°C for 10 minutes.

Based on the review, the team updated the FMEA:

  • Added the redundant cooling pump as a new control, lowering occurrence from 4 to 3.
  • Upgraded the detection rating from 8 to 5 by implementing an improved alarm with a distinct tone and a mandatory operator acknowledgement within 2 minutes.
  • Assigned an action to install a high‑temperature interlock that automatically adds a catalyst poison if temperature exceeds 95% of the limit.

The new RPN after implementing these actions is 10 × 2 × 3 = 60—a substantial reduction. The team also set a six‑month follow‑up to verify the interlock is tested and that operators are responding faster.

Conclusion: Embedding FMEA Review into the Plant’s Safety Culture

Conducting an effective FMEA review and update in a chemical plant is not a one‑time event but a continuous discipline that supports operational excellence. When done correctly, it reveals vulnerabilities that might otherwise go unnoticed, drives engineering and procedural improvements, and builds a shared understanding of risk among operations, engineering, and maintenance teams. The investment in a thorough review—typically one to two days of dedicated team time for a moderate‑sized unit—pays back many times over by preventing incidents that could cost millions in lost production, environmental remediation, or human life.

Start today by scheduling your next review, ensuring your team is diverse and empowered, and committing to document every change and follow every action to closure. Your plant’s safety and reliability depend on an FMEA that is not just written but lived.