An Introduction to Chemical Process Safety
- 1-1 Engineering Ethics
- 1-2 Myths about Process Safety
- 1-3 Safety Culture
- 1-4 Individual Risk, Societal Risk, and Risk Populations
- 1-5 Voluntary and Involuntary Risk
- 1-6 Safety Metrics
- 1-7 Accident and Loss Statistics
- 1-8 Risk Perception
- 1-9 Risk Tolerance/Acceptance and Risk Matrix
- 1-10 Codes, Standards, and Regulations
- 1-11 Safeguards
- 1-12 The CCPS 20 Elements of Risk-Based Process Safety
- 1-13 Inherently Safer Design
- 1-14 The Worst Chemical Plant Tragedy: Bhopal, India, 1984<sup><a id="ch01fn13_r" href="ch01.xhtml#ch01fn13">13</a></sup>
- 1-15 Overview of Chemical Process Safety
- Suggested Reading
- Problems
Save 35% off the list price* of the related book or multi-format eBook (EPUB + MOBI + PDF) with discount code ARTICLE.
* See informit.com/terms
This chapter is from the book
This chapter is from the book
This chapter is from the book
Safety is a common denominator across all aspects of life; hence knowledge should always be shared. It is not a matter for industry—it is a matter for humanity.
—Doug Bourne
We believe that the traits required to achieve excellence in safety are the same as those required to achieve outstanding results in all other aspects of our business.
—Ralph Herbert, Vice President of Engineering, ExxonMobil
The learning objectives for this chapter are:
Understand the common definitions used for process safety.
Explore myths about process safety.
Identify components of a safety culture.
Discuss individual risk, societal risk, and risk populations.
Distinguish between voluntary risk and involuntary risk.
Describe safety metrics.
Summarize accident and loss statistics.
Create a risk tolerance/acceptance and risk matrix.
Discuss codes, standards, and regulations related to process safety.
Explore safeguards related to chemical process safety.
Explain risk-based process safety (RBPS).
Describe inherently safer design.
Describe the Bhopal, India, tragedy.
The Aluminum Company of America—otherwise known as Alcoa—was founded in 1888 by Charles Martin, who discovered an affordable way to produce aluminum via electrolysis. The company is headquartered in Pittsburgh, Pennsylvania. In 1889, Alcoa developed the first aluminum tea kettle; in 1910, it introduced aluminum foil. Today, Alcoa is the largest supplier of aluminum in the world.
In 1987, however, Alcoa was faltering. Its revenues and profits had fallen, several product lines had failed, and the company had large inventories of unsold product. Many investors considered Alcoa to be a “Rust Belt” company, associating it with the failing steel companies located in Pittsburgh and elsewhere in the United States. In addition, both the employees and unions were unhappy with the company.
As is the case with most companies facing this kind of situation, Alcoa’s board of directors decided to hire a new chief executive officer (CEO). They tapped Paul O’Neill, formerly of International Paper, to lead the company.
In October 1987, O’Neill held his first press conference in a swanky hotel in Manhattan, attended by members of the media, investors, and investment managers. All attendees expected O’Neill to announce a new financial management strategy for the company. Instead, O’Neill came to the podium and said, “I want to talk to you about worker safety. I intend to make Alcoa the safest company in America. I intend to go to zero injuries.” At this time, Alcoa already had an industry leading safety program.
One investment manager ran out of the press conference declaring, “The board put a crazy hippie in charge and he’s going to kill the company! I called my clients and told them to sell their stock!”
But six months later, a tragedy occurred. A young employee in an Arizona plant jumped over a yellow safety wall to repair a piece of equipment and was crushed when the equipment was unexpectedly activated. O’Neill immediately called an emergency meeting of the plant’s executives. He stated bluntly: “We killed this man. It’s my failure of leadership. I caused his death. And it’s the failure of all of you in the chain of command.”
O’Neill sent a note to all workers telling them to call him at home if managers didn’t follow up on safety suggestions. He received lots of calls about safety, but he also heard a lot of suggestions for other improvements—many of which would substantially reduce costs.
What were the results of O’Neill’s safety leadership? In 1986, Alcoa recorded $264 million in net income on sales of $4.6 billion. When O’Neill retired at the end of 2000, Alcoa boasted record profits of $1.5 billion on sales of $22.9 billion. Alcoa’s lost work days rate per 100 employees dropped from 1.86 to 0.2 by the end of O’Neill’s tenure. In March 2016, that rate was a mere 0.055.
When asked later about the secret to his success, O’Neill stated, “I knew I had to transform Alcoa. But you can’t order people to change. So I decided I was going to start by focusing on one thing. If I could start disrupting the habits around one thing, it would spread throughout the entire company.” O’Neill’s important realization was that safety performance and economic performance were, in his words, “glued together”—with outstanding safety performance resulting in outstanding economic performance. When O’Neill started at Alcoa, he wasn’t sure if this approach would work perfectly, but it did.
Safety, in general, is defined as “a strategy for accident prevention.” Process safety is safety applied to processes, including chemical processes. Table 1-1 provides a more complete definition of process safety, along with several important definitions provided by the American Institute for Chemical Engineers (AICHE) Center for Chemical Process Safety (CCPS). Another common term used in the safety realm is loss prevention, which is defined as the prevention of incidents that cause losses due to death, injury, damage to the environment, or even loss of production or inventory.
Table 1-1 AICHE Center for Chemical Process Safety Definitions Related to Process Safety
Term |
Definition |
Example |
|---|---|---|
Accident |
An unplanned event or sequence of events that results in an undesirable consequence. The scope of the accident description is arbitrary. |
A leak in a pressurized vessel containing 500 kg of ammonia. |
Conditional modifier |
A fractional probability that a particular event occurs. |
The probability of a flammable release being ignited is 0.10. |
Consequence |
A measure of the expected effects of a specific incident outcome case. |
A 10 kg/s ammonia leak results in a toxic cloud downwind. |
Enabling condition |
A fractional probability that a particular circumstance exists. It accounts for the time-at-risk. |
The probability of the ambient temperature being low enough to cause a water line to freeze is 0.10. |
Hazard |
An inherent chemical or physical characteristic that has the potential for causing damage to people, the environment, or property. |
A pressurized tank containing 500 kg of ammonia. |
Hazard evaluation/analysis |
Determination of the mechanisms causing a potential incident and evaluation of the incident outcomes or consequences. |
A Hazard and Operability (HAZOP) study was completed on the distillation column. |
Hazard identification |
Identification of material, process, and plant characteristics that can produce undesirable consequences through the occurrence of an incident. |
The chemicals in the process are toxic and flammable hazards. |
Impact |
A measure of the ultimate loss and harm of an incident. |
A 10 kg/s ammonia leak produces a downwind toxic vapor cloud resulting in local evacuations, an emergency response, plant downtime, and loss of community support. |
Incident |
The basic description of an event or series of events,resulting in one or more undesirable consequences, such as harm to people, damage to the environment, or asset/business losses. In general, it is caused by loss of containment or control of material or energy. For chemicals plants, this includes fires/explosions and releases of toxic or harmful substances. Not all events propagate to an incident. |
A plant incident involves a leak of 10 kg/s of ammonia producing a toxic vapor cloud. |
Incident outcome |
The description of the physical manifestation of the incident. This could include toxic release, fire, explosion, and so on. |
A leak in an ammonia pipeline results in a toxic release. |
Incident outcome case |
An incident with more than one outcome. |
A chemical release results in both a toxic release and an environmental impact. |
Individual risk |
The risk to a person in the vicinity of a hazard. This includes the nature of the injury to the individual, the likelihood of the injury occurring, and the time period over which the injury might occur. |
The likelihood of operator burns due to a butane leak is estimated at once in 5 years. |
Likelihood |
A measure of the expected probability or frequency of occurrence of an event. For chemical plants, the frequency is most commonly used. |
The frequency of an operator error for the process is estimated at once per month. |
Process safety |
A disciplined framework for managing the integrity of operating systems and processes handling hazardous substances by applying good design principles, engineering, and operating practices. It deals with the prevention and control of incidents that have the potential to release hazardous materials or energy. Such incidents can cause toxic effects, fires, or explosions, and could ultimately result in serious injuries, property damage, lost production, and environmental impact. |
After the incident, the company made a considerable effort to improve corporate process safety. |
Risk |
A measure of human injury, environmental damage, or economic loss in terms of both the incident likelihood and the magnitude of the loss or injury. |
The major risk in the process was a chemical spill into the adjacent river with environmental damage. |
Risk analysis |
Quantitatively combining risk estimates from a variety of scenarios using engineering evaluation and mathematical techniques to arrive at an overall risk estimate. |
A detailed fault tree and event tree analysis of the process resulted in an overall risk estimate. |
Risk assessment |
Applying the results of a risk analysis to make decisions. |
The plant added additional fire protection after completion of the risk analysis. |
Risk tolerance |
The maximum willingness of a company, and society as a whole, to live with a risk to secure the resulting benefits. |
The plant decided after completion of the risk analysis that the risk is below their acceptable risk criteria. |
Safeguard |
Design features, equipment, procedures, and other resources in place to decrease the probability of an initiating cause or mitigate the severity of a loss impact. |
An additional interlock was added to prevent overflow of the storage vessel. |
Safety culture |
The common set of values, behaviors, and norms at all levels in a facility or in the wider organization that affect process safety. |
After the incident, the company decided to improve the corporate safety culture. |
Scenario |
A detailed description of an unplanned event or incident sequence that results in a loss event and its associated impacts. The scope of a scenario is arbitrary. |
A forklift impacts an ammonia pipeline, resulting in an ammonia leak that forms a vapor cloud downwind. |
Societal risk |
A measure of risk to a group of people. It is most often expressed in terms of the frequency distribution of multiple casualty events. |
The societal risk to the plant’s adjacent community is deemed unacceptable. |
Source: Adapted from AICHE/CCPS online glossary. https://www.aiche.org/ccps/resources/glossary. Accessed July 2018; and AICHE/CCPS, Guidelines for Chemical Process Quantitative Risk Analysis, 2nd ed. (New York, NY: American Institute for Chemical Engineers, 2000).
A hazard, in general, is anything that can cause an accident. Table 1-1 provides a more precise definition for a hazard that is more suitable for process safety usage. Hazards can arise due to materials, energy, physical situations, equipment design, and even procedures. In addition, hazards may be continuously present or intermittent. For instance, electricity in a room represents a continuous hazard to the room occupants. An electrical cord run across the floor of a lecture hall is also a physical tripping hazard that may not be present all the time. Note that something needs to occur for the hazard to result in an accident.
An accident is, in general, an undesirable consequence that occurs with an activity. A process safety incident has a more specific definition, being limited to an accident that occurs in a process or, more specifically, in a chemical plant. It includes undesirable outcomes, such as harm to people, damage to the environment, or asset/business losses. In general, a chemical plant incident is caused by loss of containment of chemicals or control or material or energy. An example of an incident would be a leak of ammonia from the connecting pipeline to a pressurized ammonia tank.
Typical hazards that occur in chemical plants include chemicals that are toxic, flammable, or reactive; high and low pressures and temperatures; and hazards due to the process design, maintenance, operations, control, and many other factors. An example of a hazard would be a pressurized tank containing 1000 kg of ammonia.
Hazard analysis/evaluation includes the identification of the hazard as well as the determination of how that hazard could result in a consequence. An example of a hazard analysis would be the identification of ammonia in a pressurized tank as a hazard and the identification of a leak in the connecting pipe due to corrosion as a possible incident. Estimation of the downwind airborne concentrations of ammonia would provide information on the consequences of such an incident.
The more information and knowledge one has about a process, the more thorough and valuable the hazard analysis/evaluation will be. Key process information required for chemical plant hazard analysis/evaluation includes the following items:
Chemical-related properties, including hazardous properties, physical properties, and more
Process conditions, including temperature and pressure, flow rates, concentrations, and other factors
Equipment design parameters, including equipment capacity, operating limits for temperature and pressure, materials of construction, and pipe wall thicknesses, among others
Site and plant layout, including equipment spacing, control room location, and other considerations
Procedures and policies, including startup, operating, shutdown, maintenance procedures, and others
Location and nature of adjacent communities and sensitive locations, such as schools
Other information might also be important depending on the particular process. The quality of any hazard analysis/evaluation is directly related to the quality of the information available to the analysis team.
Risk is another important definition in the process safety arena. Risk is a function of both likelihood and consequence, where likelihood considers either probability or frequency. It is essential to include both likelihood and consequence in the assessment of risk. As an example, consider the risk assessment for seat belt usage in automobiles. Many people argue against seat belt usage by noting that the likelihood of an accident is small—many people drive their entire lifetime without ever having an accident. However, seat belts are worn entirely to reduce the consequences of an accident and have no effect on the likelihood.
Risk analysis involves a more detailed mathematical analysis to combine the consequences and likelihood from multiple hazards. By comparison, risk assessment involves the evaluation of the risk analysis so as to make decisions—for example, decisions about which chemicals to use, the design of the plant, materials of construction, operating conditions, and so on.
1-1 Engineering Ethics
The AICHE expects all of its members, including student members, to exhibit professional conduct, as defined in its Code of Ethics for Engineers from the National Society of Professional Engineers. Every AICHE applicant must attest to knowledge of the Code of Ethics and willingness to comply with it when signing his or her membership application. As shown in Table 1-2, the first item in the Code of Ethics states that the “safety, health, and welfare of the public” must be held “paramount in the performance of their professional duties.” Item 2 is also related to process safety—chemical engineers have a responsibility to report activities that will “adversely affect the present and future health or safety of their colleagues and the public.” Engineers have a responsibility to themselves, fellow workers, family, community, and the engineering profession.
Table 1-2 American Institute of Chemical Engineers’ Code of Professional Ethics
Members of the American Institute of Chemical Engineers shall uphold and advance the integrity, honor, and dignity of the engineering profession by: being honest and impartial and serving with fidelity their employers, their clients, and the public; striving to increase the competence and prestige of the engineering profession; and using their knowledge and skill for the enhancement of human welfare. To achieve these goals, members shall:
|
Approved by the AICHE Board in November 2015.