HAZOP (Hazard and Operability Study) – Structured Deviation Analysis for Process Risk

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • Risk Assessment & Process Safety • GxP • MES, QMS, WMS

HAZOP (Hazard and Operability Study) is a team-based, systematic method for identifying how a process can deviate from its intended design and what consequences those deviations may create for safety, product quality, compliance, operability, and supply continuity. Originating in the process industries, HAZOP is widely applied in pharmaceuticals, medical devices, food and beverage, and specialty chemicals to evaluate unit operations (reactors, blenders, granulators, fillers), utilities (HVAC, purified water, compressed air), warehousing and distribution flows, and computerized control schemes. The core mechanics are disciplined: select a node (a logical segment of the process), define its design intent, apply guide words (e.g., No/Less/More/Reverse/As well as/Late/Early), explore parameters (flow, temperature, composition, speed, label template, lot status), enumerate causes and consequences, list existing safeguards, and assign actions with owners and due dates. The output is an auditable register of credible deviations and proportionate controls that can be traced into procedures, interlocks, alarm rationalization, training, and maintenance.

“Good HAZOPs don’t predict the future—they eliminate the need for luck. They make failure modes explicit, then engineer out the surprises.”

1) Purpose and Scope

HAZOP’s purpose is twofold: (1) protect people, environment, and assets by revealing credible accident pathways; and (2) protect patients/consumers and compliance by revealing quality and data-integrity failure modes that originate in design, operation, or computerization. In regulated manufacturing, scope extends beyond vessels and piping to include electronic controls, labeling, warehousing, and batch record execution. Typical nodes include weigh/dispense stations using gravimetric weighing; blending or granulation with defined residence times and speeds; labeling cells bound to GS1/GTIN; warehouse pick/issue governed by FIFO/FEFO; utilities that underpin Environmental Monitoring (EM) outcomes; and computerized execution like eBMR and labeling subsystems. Because operability failures often present first as quality events, HAZOP records should connect to Deviation / NC taxonomies and feed the pre-conditions for CAPA and Change Control.

2) Method: Nodes, Parameters, and Guide Words

A HAZOP proceeds node-by-node. For each, the team documents the design intent (e.g., “dispense API within ±0.1% tolerance to container X under Bin / Location rules and Barcode Validation”). Guide words systematically distort intent: “No flow,” “More temperature,” “Reverse rotation,” “As well as contaminant,” “Late label,” “Wrong lot,” “Label template mismatch,” “No audit trail,” “Less training,” “More humidity.” Parameters are physical (flow, temp, pressure, speed), compositional (identity, potency, moisture), temporal (early/late hold times relative to HTS), logical (status Released vs Hold), and informational (master version, ALCOA+, audit trail). Causes include hardware failures, human-factor mismatches (HFE), software defects, poor Document Control, supplier variability, and training gaps. Consequences can be safety incidents, product mix-ups, out-of-spec quality, mislabeling (GTIN/UDI/expiry), lost genealogy, or delayed Finished Goods Release. Existing safeguards range from interlocks and alarms to procedures, Dual Verification, and engineered error-proofing. Actions then close gaps: add sensors, tighten tolerances, improve labels, revise training, or redesign steps in the eMMR.

3) Team, Inputs, and Outputs

Effective HAZOPs are cross-functional: process engineering, QA/QC, production, maintenance, validation (GAMP 5), warehouse/logistics, labeling/packaging, IT/OT cyber, and HSE. Inputs include P&IDs or process maps, FDS/HDS/SDS for computerized systems, master recipes (eMMR), historical deviations/complaints, CPV or SPC trends (control limits), and supplier risk. Outputs include a deviation register with severity/likelihood/detectability ratings (often FMEA-aligned), an action list (engineering controls, alarms/interlocks, procedural updates, training), and change requests into Change Control. Where Part 11/Annex 11 is in scope for electronic safeguards, HAZOP outputs feed validation protocols and test cases in CSV.

4) Regulatory Anchors and When HAZOP Is Expected

While HAZOP is not a single codified requirement in one regulation, predicate GMPs require scientifically sound risk management and control of process hazards. Drug and biologics manufacturers align with 21 CFR 210/211 and ICH Q9 thinking; food and supplements anchor to hazard analysis and preventive controls in 21 CFR 117/111 (with HAZOP often used as a complementary technique within the Food Safety Plan (FSP)); medical devices consider process hazards that affect product quality and DHR under 21 CFR 820 and ISO 13485. When electronics are a safeguard or risk vector, Part 11 and Annex 11 expectations for audit trail, identity, and validation apply. Distribution risks bridge to GDP where temperature excursions, tamper evidence, and chain-of-custody are concerns.

5) Practical Tips and Common HAZOP Failure Modes

Common pitfalls include scope sprawl (reviewing everything shallowly), checklist HAZOPs without process understanding, treating alarms as safeguards without verifying availability and response, ignoring human factors, and failing to wire outcomes into master documents and control systems. Practical remedies: define crisp node boundaries and objectives; bring realistic data (batch records, deviations, alarms, EM excursions); require HFE participation for label/console/ergonomics; distinguish prevention (interlocks) from detection (alarms) and from mitigation (procedures); insist on testable action statements and trace them through Document Control to the eBMR, WMS rules, labels, and training matrices; and re-run focused HAZOPs after major changes, equipment upgrades, or recurring CAPAs.

6) Interfaces with FMEA, HAZID, and Process Verification

HAZOP complements but does not replace FMEA. HAZOP is guide-word driven around process parameters; FMEA is failure-mode driven around components and functions. Many organizations seed FMEAs with HAZOP outputs, using RPNs or risk matrices to prioritize actions and then verifying performance in CPV. For new equipment, HAZOP findings should inform Factory Acceptance Testing (FAT) and site commissioning/qualification (IQ/OQ/PQ), ensuring that interlocks, alarms, and label/scan controls are verified under realistic conditions.

7) Data Integrity and Computerized Controls in HAZOP

Modern HAZOPs must treat data and software as process parameters. Guide words like “No audit trail,” “Wrong master,” “Early expiration,” “More labels than issued,” “No scan-back,” “Late CoA,” or “No timestamp sync” target risks that manifest as data-integrity weaknesses rather than tank explosions. Controls include Barcode Validation, Dual Verification, enforced Document Control linkages, time synchronization, signature meaning display, and validated integrations to WMS/LIMS/labeling. All such safeguards become requirements in CSV plans and are traceable into test scripts per GAMP 5.

8) Metrics and Management Review

Metricize HAZOP effectiveness with: action closure cycle time (median/90th), proportion of prevention vs detection safeguards implemented, recurrence of HAZOP-linked deviations, alarm rate and “nuisance alarm” percentage, blocks from interlocks vs downstream rejections, and inspection retrieval time to show the HAZOP-to-control-to-evidence chain (eBMR/WMS audit trails, CoA, label scans). Trend these in management review and in APR/PQR-style summaries to ensure risks are actually shrinking rather than shifting.

9) How This Fits with V5

V5 by SG Systems Global operationalizes HAZOP outcomes by converting actions into executable controls. In V5 MES, HAZOP-derived safeguards become interlocks, parameter limits, and step preconditions in the eMMR and executed via the eBMR. Wrong-lot, wrong-label, and out-of-status risks are prevented by Barcode Validation, Dual Verification, and equipment state checks (calibration/cleaning/qualification). In V5 WMS, HAZOP actions translate into pick/issue constraints bound to FIFO/FEFO, Bin / Location segregation, status (HTS, Hold/Release), and label template pinning. In V5 QMS, HAZOP registers live as controlled records; actions route through Approval Workflows, become formal Change Controls and CAPAs, and remain traceable to validation evidence per GAMP 5. Analytics surface hotspots (nodes with frequent blocks or alarms), track closure effectiveness, and feed CPV and APR/PQR reporting.

10) FAQ

Q1. How is HAZOP different from FMEA?
HAZOP is guide-word driven around process parameters and deviations from design intent; FMEA enumerates failure modes of components/functions. Use HAZOP to discover deviations, then feed key items into FMEA for prioritization and lifecycle tracking.

Q2. When should we perform HAZOP?
During design of new lines or significant modifications, before validation (to inform FAT, IQ/OQ/PQ), after recurring deviations/CAPAs, and periodically for high-risk nodes or where EM or CPV trends indicate drift.

Q3. Are procedural safeguards acceptable?
Yes, but engineered interlocks and automated checks are stronger. Where risk is significant, convert procedures into executable controls in eBMR/WMS/labeling and verify under CSV.

Q4. How do we show regulators that HAZOP actions were implemented?
Provide the HAZOP register with action IDs linked to change controls, validation test evidence, updated masters, training records, and live enforcement evidence (audit trails, deny logs, label scan-backs) in the eBMR/WMS.

Q5. What about warehouse and distribution HAZOPs?
Include nodes for Goods Receipt, quarantine segregation, Directed Picking, GDP conditions, FIFO/FEFO logic, and tamper evidence. Safeguards include scan gates, status enforcement, temperature alarms, and shipping QA checks.

Related Reading
• Risk & Validation: FMEA | GAMP 5 | CSV | CPV
• Execution & Controls: eMMR | eBMR | Barcode Validation | Dual Verification
• Materials & Movement: Bin / Location Management | Directed Picking | FIFO | FEFO | GDP
• Quality System: Deviation / NC | CAPA | Change Control | Document Control | Data Integrity (ALCOA+)