Every manufacturing plant runs on managed risk. The fire that does not start, the bearing that does not seize, the chemical that does not breach containment — these absences are the dividend of structured risk assessment done well. This guide explains the four frameworks that matter — HAZOP, FMEA, Bow-Tie, and the 5×5 Risk Matrix — when to use each, how they fit together, and how a connected CMMS turns one-time studies into continuous risk monitoring. Plants ready to operationalise their next risk review can book a 30-minute scoping call to align frameworks with their asset register.
RISK FRAMEWORKS · 2026
Manufacturing Plant Risk Assessment: Frameworks for Every Industry
HAZOP for process deviations · FMEA for equipment reliability · Bow-Tie for barrier visualisation · Risk Matrix for prioritisation — selected, sequenced, and connected to your CMMS for continuous monitoring.
4
Core frameworks every plant uses
5×5
Standard risk matrix size
25
Risk levels in a 5×5 grid
80%
Of incidents are preventable through structured assessment
Why Risk Assessment Defines Plant Performance
Major industrial incidents — Flixborough 1974, Bhopal 1984, Texas City 2005, Deepwater Horizon 2010 — share a common pattern: the hazard was foreseeable, the framework existed, but the assessment either was not done, was done poorly, or was not connected to the daily work that would have caught the deviation. Modern manufacturing risk assessment exists because every regulator, from UK HSE through US OSHA to EU Seveso authorities, now requires a structured, defensible methodology. Plants that treat assessment as a tick-box exercise eventually pay the bill. Plants that treat it as a living system pay much less.
The 4 Frameworks — When to Use Each
PROCESS DEVIATION
HAZOP
Hazard and Operability Study
Best forContinuous and batch process plants — chemical, oil & gas, pharma
MethodGuide-word analysis on P&ID nodes (No, More, Less, Reverse, As Well As)
StrengthCatches deviations from design intent that other methods miss
When30%, 60%, 90% design milestones · revalidation every 3–5 years
EQUIPMENT FAILURE
FMEA
Failure Mode and Effects Analysis
Best forDiscrete manufacturing, equipment reliability, critical components
MethodSeverity × Occurrence × Detection = RPN (Risk Priority Number)
StrengthQuantitative ranking of failure modes; bottom-up component focus
WhenDesign phase (DFMEA) · process design (PFMEA) · annual review
BARRIER VIEW
Bow-Tie
Bow-Tie Analysis
Best forMajor hazard scenarios; communicating risk to non-technical stakeholders
MethodTop Event in centre · Threats + preventive barriers left · Consequences + mitigating barriers right
StrengthSingle-page visual that maps every barrier to a named owner
WhenAfter HAZOP/FMEA — to communicate top scenarios upward
PRIORITISATION
5×5 Matrix
Decision Matrix Risk Assessment
Best forAll plants — universal tool for ranking findings from any framework
MethodLikelihood (1–5) × Severity (1–5) = Risk Score (1–25)
StrengthSpeed and consistency; auditable scoring across teams and sites
WhenEmbedded in HAZOP, FMEA, JSA, and incident review workflows
The 5×5 Risk Matrix — Visualised
The 5×5 matrix is the universal language of risk prioritisation. Every framework above feeds into it. Score Likelihood (1–5) on one axis, Severity (1–5) on the other, multiply for the risk number, and read the colour band to decide the action.
SEVERITY →
1
Insig.
2
Minor
3
Mod.
4
Major
5
Severe
5
Almost Certain
5
10
15
20
25
4
Likely
4
8
12
16
20
3
Possible
3
6
9
12
15
2
Unlikely
2
4
6
8
10
1
Rare
1
2
3
4
5
← LIKELIHOOD
1–4LOWAcceptable · monitor
5–9MEDIUMPlan additional controls
10–16HIGHAction required urgently
17–25CRITICALStop work · redesign
A risk assessment that lives in a binder is not assessment — it is paperwork.
OxMaint links every HAZOP recommendation, FMEA action, and matrix-flagged risk directly to a work order with an owner, a due date, and an audit trail. The control either gets executed or the system escalates.
The 5-Step Risk Assessment Workflow
Every framework above plugs into the same five steps. Skip a step and the methodology fails — most commonly at Step 5, where assessment without action becomes a compliance theatre.
01
Identify Hazards
Walk the plant. Review P&IDs, MSDS, incident logs, near-miss reports. Use HAZID or What-If for early-stage plants; use HAZOP guide-words for designed-out processes. Output: a complete hazard register with source, location, and exposure conditions.
02
Score Likelihood × Severity
For each hazard, rate Likelihood (1 Rare to 5 Almost Certain) and Severity (1 Insignificant to 5 Severe). Anchor scores to historical data — "has this happened before?" is the calibration question. Multiply for the inherent risk score.
03
Evaluate Existing Controls
For each scored hazard, document the controls already in place — engineering, administrative, and PPE. Re-score to produce the residual risk. The gap between inherent and residual is the value the safety system is currently delivering.
04
Define Mitigation Actions
Where residual risk exceeds tolerance, apply the Hierarchy of Controls — eliminate, substitute, engineer, administer, PPE — in that order. Each action gets an owner, deadline, and target risk score. Actions are not suggestions; they are work orders waiting to happen.
05
Execute, Monitor, Review
Push every action into the CMMS. Track completion and verify residual risk reduction. Re-assess on schedule (annually for most assets, every 3–5 years for HAZOP studies, immediately on Management of Change). Risk assessment is a living loop, not a project.
Hazard Categories Manufacturing Plants Must Cover
A complete plant risk register addresses six hazard families. Missing one — most often human factors or environmental — produces an assessment that looks complete and is not.
H1
Mechanical
Rotating equipment, pinch points, struck-by, lifting operations, conveyor entanglement, pressure vessel rupture.
H2
Chemical
Toxic exposure, flammable atmospheres, corrosive contact, reactive incompatibility, dust explosions, asphyxiants.
H3
Electrical
Arc flash, shock, lockout-tagout failure, ground faults, short-circuit current, MCC switching incidents.
H4
Thermal & Pressure
Steam release, hot surface contact, cryogenic injury, vessel over-pressure, vacuum collapse, thermal shock.
H5
Human Factor
Skill-based errors, fatigue, communication breakdown, procedure violation, complacency on routine tasks, training gaps.
H6
Environmental
Effluent release, air emission breach, noise exposure, temperature extremes, natural-hazard triggered events.
Frameworks Side-by-Side
| Framework | Focus | Approach | Output | Best Phase |
|---|---|---|---|---|
| HAZID | Early hazard scan | Brainstorm + checklist | Hazard register | Concept / pre-design |
| HAZOP | Process deviations | Guide-word analysis on P&IDs | Deviation / cause / consequence list | Detailed design + revalidation |
| FMEA | Equipment failures | Severity × Occurrence × Detection | RPN-ranked failure modes | Design + ongoing reliability |
| FTA | Top-down causes | Boolean fault tree from one event | Probability of top event | Quantitative risk analysis |
| Bow-Tie | Barriers + consequences | Causes ↔ Top Event ↔ Consequences | Visual barrier map | Communication + audit |
| LOPA | SIL determination | Layers of independent protection | Required IPL count + SIL | Safety instrumented systems |
| 5×5 Matrix | Risk ranking | Likelihood × Severity | Numeric risk score 1–25 | Embedded in all of the above |
| QRA | Quantitative risk | Frequency × consequence modelling | Individual / societal risk numbers | Major hazard installations |
Where Plants Get It Wrong — Five Failure Patterns
F1
Wrong Framework for the Problem
Running FMEA on a continuous distillation column misses process-deviation hazards that only HAZOP catches. Picking the framework first and the problem second guarantees blind spots.
F2
Outdated P&IDs and Documentation
HAZOP on incorrect drawings produces wrong conclusions with full documentary confidence. Drawing accuracy is a precondition for any process risk assessment, not an afterthought.
F3
Uncalibrated Risk Matrix
Two assessors scoring the same hazard differently makes the matrix worse than no matrix at all. Likelihood and severity scales must include time-horizon, frequency, and concrete consequence anchors.
F4
Recommendations Without Owners
An action without a named owner and due date is a wish. Plants that document recommendations in PDFs and not in a tracked work-order system close 30–40% fewer actions on time.
F5
No Management of Change Trigger
Plants modify equipment, change suppliers, alter procedures — and never re-run the assessment. The single largest cause of post-MOC incidents is risk reassessment that did not happen.
Risk assessment is only as strong as the weakest control it relies on. CMMS-tracked actions are stronger than spreadsheet-tracked actions every time.
OxMaint converts every framework finding — HAZOP recommendation, FMEA RPN, Bow-Tie barrier — into an owned, scheduled, auditable work order. Continuous monitoring replaces the one-off review.
From One-Off Study to Continuous Monitoring — The CMMS Bridge
The shift that separates leading plants from average ones is treating risk assessment as a continuous capability rather than a periodic project. CMMS provides the bridge between the framework and daily operation in six measurable ways.
Action tracking
Every recommendation becomes a work order with owner, deadline, and verification step.
PM-to-control linkage
Preventive tasks tied to risk register entries — failure to PM = control failure on the matrix.
Incident-to-reassessment
Every near-miss or incident automatically triggers a partial re-assessment on the affected node.
MOC workflow
Equipment, procedure, or supplier change requires a documented re-evaluation before approval.
Sensor-driven escalation
Vibration, thermal, or current anomalies feed risk-register criticality without manual update.
Audit-ready evidence
Single source of truth for inspectors — assessment, action, completion, residual risk.
Frequently Asked Questions
Which framework should I start with for a new manufacturing plant?
Start with HAZID at concept, HAZOP at detailed design (30%/60%/90% milestones), FMEA on equipment packages, and the 5×5 Matrix as your prioritisation tool throughout. Bow-Tie comes later for top scenarios. Book a demo for a sequence tailored to your project phase.
Is HAZOP only for chemical and oil & gas plants?
No. HAZOP applies anywhere process flow, parameters, and deviations matter — food and beverage, pharma, water treatment, semiconductor utilities, even discrete manufacturing with high-temperature or high-pressure steps. The guide-word approach is industry-agnostic.
How often should we re-run plant risk assessments?
HAZOP revalidation: every 3–5 years. FMEA review: annually. Risk matrix entries: quarterly review. Plus immediate reassessment on Management of Change, post-incident, post-near-miss, and post-major-modification. Start a free trial to schedule recurring reviews.
What is the difference between FMEA and HAZOP?
HAZOP catches process deviations from design intent at a flow or system level. FMEA catches component-level failure modes and ranks them by RPN. They are complementary — HAZOP for the process, FMEA for the equipment running inside it.
Should we use a 3×3, 4×4, or 5×5 risk matrix?
5×5 is the practical industry standard. 3×3 collapses too many risks into "medium" to be useful for prioritisation. 7×7 adds precision that the underlying judgement cannot defend. 5×5 balances differentiation with consistency across teams and sites.
How does CMMS support risk assessment?
CMMS converts assessment outputs into trackable work — every HAZOP recommendation, FMEA action, and matrix-flagged risk becomes an owned work order with audit trail. Book a demo to see continuous risk monitoring in OxMaint.
FROM FRAMEWORK TO ACTION
A Risk Register Is a Promise. A CMMS Is the System That Keeps It.
HAZOP, FMEA, Bow-Tie, and the 5×5 Matrix produce findings. OxMaint produces results — converting every assessment recommendation into a tracked, owned, scheduled, auditable work order linked to the original risk entry. Continuous monitoring replaces periodic theatre.
