2. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 2 Acknowledgements This lecture was developed by Graham Creedy for the Process Safety Management Division of the Chemical Institute of Canada, with funding from:
the CIC Chemical Education Trust Fund
Health Canada��and the assistance of
the Canadian Chemical Producers Association. ��May 2004 Acknowledge the support of the CIC Chemical Education Trust Fund and Health Canada in funding the development of the lecture and of the Canadian Chemical Producers Association in support of the PSM initiative.
Explain briefly:
Your role as presenter on behalf of the PSM division of the CIC;
How CIC has three constituent societies chemistry, chemical engineering and chemical technology and that PSM support is handled by CSChE but also touches on the other disciplines;
That the principles of what they are about to hear are also relevant for other branches of engineering and even for fields that seem at be first very different, such as health care its just that examples from those fields would be used instead of the chemical ones they are going to see here.
Size up the audience. It may be useful to ask for a show of hands on:
How many of the them have worked in a chemical plant?
How many have ever visited a chemical plant?
How many have some kind of industrial experience?
This will help relate the presentation to the audience, so you can pitch the topic without going over their heads, and to spot opportunities for engaging some of them in discussion during the presentation.
Acknowledge the support of the CIC Chemical Education Trust Fund and Health Canada in funding the development of the lecture and of the Canadian Chemical Producers Association in support of the PSM initiative.
Explain briefly:
Your role as presenter on behalf of the PSM division of the CIC;
How CIC has three constituent societies chemistry, chemical engineering and chemical technology and that PSM support is handled by CSChE but also touches on the other disciplines;
That the principles of what they are about to hear are also relevant for other branches of engineering and even for fields that seem at be first very different, such as health care its just that examples from those fields would be used instead of the chemical ones they are going to see here.
Size up the audience. It may be useful to ask for a show of hands on:
How many of the them have worked in a chemical plant?
How many have ever visited a chemical plant?
How many have some kind of industrial experience?
This will help relate the presentation to the audience, so you can pitch the topic without going over their heads, and to spot opportunities for engaging some of them in discussion during the presentation.
3. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 3 Overview How the philosophy of safety has evolved in the chemical industry
What process safety management is and how it differs from traditional workplace safety
Some of the key elements in process safety management and how they are applied
Tools you can use, and when and how to use them
How to get more information when you need it
Developments likely to influence the way the thinking evolves in the future The basic objective of safety in a chemical plant sounds simple: bring about the desired chemical changes without anyone getting hurt. But how do companies do this, and how does a new engineer know what is appropriate?
The motivation which drives plant safety has changed several times throughout the industrys history, and this has influenced the way leading organizations think about safety and the framework they use to establish what has to be done and how it gets done. The recent transformation, from a focus on traditional safety and health to process safety and the management systems approach, has led to the emergence of process safety as a professional discipline in its own right, and more developments are almost certainly in the wind.
This session will examine these concepts and how they are used in the safe design, construction and operation of process plants. The major part of the session will then focus on the key elements of process safety management and how they are applied in actual practice. The presentation is based on the PSM guide (display), but gives more background than is possible in the printed publication.
Theres a lot of information here, but whats important for you is not the detail but to understand the basic principles, and how these can be applied in some of the challenging situations commonly encountered by new engineers, both for your own protection and in deciding what actions are appropriate for the protection of others.
The basic objective of safety in a chemical plant sounds simple: bring about the desired chemical changes without anyone getting hurt. But how do companies do this, and how does a new engineer know what is appropriate?
The motivation which drives plant safety has changed several times throughout the industrys history, and this has influenced the way leading organizations think about safety and the framework they use to establish what has to be done and how it gets done. The recent transformation, from a focus on traditional safety and health to process safety and the management systems approach, has led to the emergence of process safety as a professional discipline in its own right, and more developments are almost certainly in the wind.
This session will examine these concepts and how they are used in the safe design, construction and operation of process plants. The major part of the session will then focus on the key elements of process safety management and how they are applied in actual practice. The presentation is based on the PSM guide (display), but gives more background than is possible in the printed publication.
Theres a lot of information here, but whats important for you is not the detail but to understand the basic principles, and how these can be applied in some of the challenging situations commonly encountered by new engineers, both for your own protection and in deciding what actions are appropriate for the protection of others.
4. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 4 Youre about to see several examples of what can go wrong, but this is not to suggest that the chemical industry is a dangerous place to work. On the contrary, because of what can go wrong, most companies take safety very seriously, and youre likely to be far safer working there than most other industry sectors and certainly safer than, say, mining, commercial fishing or even farming, where ironically its still common to find children helping out.
This slide shows the comparison of safety performance, using injury and illness statistics from the US Bureau of Labor for 2002 (Canadian figures are more difficult to access, but are believed to be similar).
The website for the BLSs Injury, Illness and Fatality home page is given for anyone who wants to research this further.
The chemical industry is shown in red. Note that its lower than all others shown here except for Finance, Insurance and Real Estate!
However, as with airline safety, what attracts attention is not the good performance but the exceptions, which provide us with useful lessons on how to avoid such situations in future.
Youre about to see several examples of what can go wrong, but this is not to suggest that the chemical industry is a dangerous place to work. On the contrary, because of what can go wrong, most companies take safety very seriously, and youre likely to be far safer working there than most other industry sectors and certainly safer than, say, mining, commercial fishing or even farming, where ironically its still common to find children helping out.
This slide shows the comparison of safety performance, using injury and illness statistics from the US Bureau of Labor for 2002 (Canadian figures are more difficult to access, but are believed to be similar).
The website for the BLSs Injury, Illness and Fatality home page is given for anyone who wants to research this further.
The chemical industry is shown in red. Note that its lower than all others shown here except for Finance, Insurance and Real Estate!
However, as with airline safety, what attracts attention is not the good performance but the exceptions, which provide us with useful lessons on how to avoid such situations in future.
5. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 5 History of safety philosophy in the chemical industry We can consider in four phases:
Late 19th early 20th century
Origins of much of basic safety thinking in the explosives industry
Second world war through 50s and 60s
Concepts of loss prevention and investment in people
70s and 80s (Process Safety Management)
Recognition of seriousness of consequences and mechanisms of causation lead to focus on the process rather than the individual worker
90s and beyond
Realization of significance of sociocultural factors If we look at how the thinking on safety has evolved in the chemical industry and in other fields, as well we can distinguish four phases, as shown here.
These phases are not separate or competing approaches, but rather different facets of the same basic question. They are not used independently, but each builds on the knowledge of the previous phases, revealing new insights and leading to more effective ways to solve the problem.
Well consider each phase in turn, but will spend most of the time on the third phase process safety management which is the real core of this lecture.
The fourth phase gives an idea of developments now taking place, and likely to influence strongly how safety is addressed in future. If we look at how the thinking on safety has evolved in the chemical industry and in other fields, as well we can distinguish four phases, as shown here.
These phases are not separate or competing approaches, but rather different facets of the same basic question. They are not used independently, but each builds on the knowledge of the previous phases, revealing new insights and leading to more effective ways to solve the problem.
Well consider each phase in turn, but will spend most of the time on the third phase process safety management which is the real core of this lecture.
The fourth phase gives an idea of developments now taking place, and likely to influence strongly how safety is addressed in future.
6. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 6 Late 19th early 20th century Objective: protection of capital assets�
Origins of much of basic safety thinking in the explosives industry To start with, the desire to control major accident hazards was driven not so much by the desire to protect human life as to protect the assets in which so much capital had been invested.
In the 19th century it was easy to find more workers, but hard to stay in business and prosper if you were experiencing major destruction of your factories and equipment.
Its not surprising, therefore, that in industrial safety the leading industries were often those with high capital investment which was vulnerable to loss if not operated properly. The explosives industry was one where a single accident could easily destroy the business. The unstable material explosives was always present, so measures such as operating procedures no smoking or naked lights and equipment design such as spark-proof tools were introduced to reduce the chance of accidental ignition. To start with, the desire to control major accident hazards was driven not so much by the desire to protect human life as to protect the assets in which so much capital had been invested.
In the 19th century it was easy to find more workers, but hard to stay in business and prosper if you were experiencing major destruction of your factories and equipment.
Its not surprising, therefore, that in industrial safety the leading industries were often those with high capital investment which was vulnerable to loss if not operated properly. The explosives industry was one where a single accident could easily destroy the business. The unstable material explosives was always present, so measures such as operating procedures no smoking or naked lights and equipment design such as spark-proof tools were introduced to reduce the chance of accidental ignition.
7. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 7 Ammonium nitrate explosion, BASF Oppau 1921 This shows an incident from the early days the ammonium nitrate explosion at the BASF works in Oppau, Germany in 1921.
A pile of 4,500 tonnes of ammonium nitrate and sulfate had set into a solid cake, and explosives were used in an attempt to break up the cake. This seems odd, but the same operation had been performed several thousand times before without incident. On this occasion, however, the pile exploded, killing over 500 people and destroying the plant and much of the town.
Although the main emphasis at this time was on protecting assets rather than people, it is only fair to point out that the works manager was so affected by this incident that he committed suicide a few days later.
This is a vivid example of an important point: the fact that something has been done many times before without incident does not in itself demonstrate that an activity is safe. This shows an incident from the early days the ammonium nitrate explosion at the BASF works in Oppau, Germany in 1921.
A pile of 4,500 tonnes of ammonium nitrate and sulfate had set into a solid cake, and explosives were used in an attempt to break up the cake. This seems odd, but the same operation had been performed several thousand times before without incident. On this occasion, however, the pile exploded, killing over 500 people and destroying the plant and much of the town.
Although the main emphasis at this time was on protecting assets rather than people, it is only fair to point out that the works manager was so affected by this incident that he committed suicide a few days later.
This is a vivid example of an important point: the fact that something has been done many times before without incident does not in itself demonstrate that an activity is safe.
8. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 8 Second world war through 50s and 60s Objectives: greater efficiency, better society�
Concepts of loss prevention and investment in people�
Rule-based The second phase in the evolution of safety thinking in the chemical industry occurred during the 1950s and 60s, and was largely a result of the lessons learned during the second world war.
In a prolonged conflict such as the first and second world wars, once the combatants have used the weapons and supplies initially at their disposal the contest becomes largely an economic one. Whoever can produce more weapons and supplies, and develop then produce new ones, is more likely to win.
This was a time when whole societies were mobilized for war, with men sent to the front to fight and women drafted into the factories to help production. It was also a time when countries turned to their leading thinkers in universities, industry and government, to find how research, development and production could be made more efficient. This is where many of the ideas of management science were formalized.
It also became clear that it made no sense to spend time and money building factories and training skilled workers, then have them out of service due to accidents so formal safety programs were introduced to protect both the assets and also the workers.
When the war was eventually over, the tremendous increase in knowledge and production capability was switched over to peaceful use, leading to the economic boom of the 50s and 60s a tremendous contrast with the depression years of the 30s with their long lines of people desperate for work. Now there were jobs galore, and companies found it necessary to compete with one another if they wanted skilled workers.
This led to corporate welfare states, where companies were genuinely proud of how much they were able to do for their employees and one of the areas where the leaders competed was in their programs for employee safety and health.
Aspects of safety thinking developed during this phase include the concepts of loss prevention through understanding how losses occur and how to act to prevent them, and the idea of viewing skilled workers as an investment rather than simply a cost.
The ideas eventually became codified into a series of rules, adopted first by individual,organizations but then more formally as laws and regulations by governments.
It is this stage which forms the basis for most workplace health and safety regulation to this day. The second phase in the evolution of safety thinking in the chemical industry occurred during the 1950s and 60s, and was largely a result of the lessons learned during the second world war.
In a prolonged conflict such as the first and second world wars, once the combatants have used the weapons and supplies initially at their disposal the contest becomes largely an economic one. Whoever can produce more weapons and supplies, and develop then produce new ones, is more likely to win.
This was a time when whole societies were mobilized for war, with men sent to the front to fight and women drafted into the factories to help production. It was also a time when countries turned to their leading thinkers in universities, industry and government, to find how research, development and production could be made more efficient. This is where many of the ideas of management science were formalized.
It also became clear that it made no sense to spend time and money building factories and training skilled workers, then have them out of service due to accidents so formal safety programs were introduced to protect both the assets and also the workers.
When the war was eventually over, the tremendous increase in knowledge and production capability was switched over to peaceful use, leading to the economic boom of the 50s and 60s a tremendous contrast with the depression years of the 30s with their long lines of people desperate for work. Now there were jobs galore, and companies found it necessary to compete with one another if they wanted skilled workers.
This led to corporate welfare states, where companies were genuinely proud of how much they were able to do for their employees and one of the areas where the leaders competed was in their programs for employee safety and health.
Aspects of safety thinking developed during this phase include the concepts of loss prevention through understanding how losses occur and how to act to prevent them, and the idea of viewing skilled workers as an investment rather than simply a cost.
The ideas eventually became codified into a series of rules, adopted first by individual,organizations but then more formally as laws and regulations by governments.
It is this stage which forms the basis for most workplace health and safety regulation to this day.
9. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 9 Feyzin, France 1966 Nevertheless, significant incidents continued to occur during this time.
This shows one at Feyzin, France in 1966, where a propane leak caused by an operator error was ignited by a car passing on a motorway next to the site. The storage sphere was enveloped in flames, but the fire department, thinking it was protected from overpressure by the jet of flame coming from the relief valve, concentrated on cooling the other spheres nearby. Eventually the first sphere failed, killing the firefighters and toppling the next sphere, and in the end five spheres were destroyed and 18 people killed.
Some of these incidents were on fixed sites, while others happened while goods were being transported from place to place. Nevertheless, significant incidents continued to occur during this time.
This shows one at Feyzin, France in 1966, where a propane leak caused by an operator error was ignited by a car passing on a motorway next to the site. The storage sphere was enveloped in flames, but the fire department, thinking it was protected from overpressure by the jet of flame coming from the relief valve, concentrated on cooling the other spheres nearby. Eventually the first sphere failed, killing the firefighters and toppling the next sphere, and in the end five spheres were destroyed and 18 people killed.
Some of these incidents were on fixed sites, while others happened while goods were being transported from place to place.
10. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 10 Crescent City, IL railroad incident and BLEVE 1970 This shows a similar incident during transportation, with its characteristic fire ball known as a BLEVE (rhymes with heavy), or Boiling Liquid Expanding Vapor Explosion. There were several such incidents in the 1960s and 70s, until modifications to railroad tank car design overcame much of the problem.
This shows a similar incident during transportation, with its characteristic fire ball known as a BLEVE (rhymes with heavy), or Boiling Liquid Expanding Vapor Explosion. There were several such incidents in the 1960s and 70s, until modifications to railroad tank car design overcame much of the problem.
11. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 11 Nature of fires Flash fire�
Pool fire�
Boiling Liquid - Expanding Vapour Explosion (BLEVE)�
Unconfined Vapour Cloud Explosion (UVCE) When flammable fluids usually liquids or gases, but not always, as well see later catch fire, they can burn in different ways, depending on the situation. Accidental releases can be consider in four categories, of which three are described here. Well get to the fourth later.
The first, the Flash fire, is the common whoomph we get when lighting the barbecue if it doesnt light straightaway. Its caused by a igniting a small amount of flammable vapour and air, which burns almost immediately then goes out (or burns under control if more fuel is being supplied.
Pool fires result when flammable liquid is present but the liquid surface is confined so that only the upper surface is burning, for example when a kerosene spill catches fire or cooking oil ignites through overheating in a saucepan. Note that it is the characteristics of the fire and not the method of ignition that affect the classification.
A BLEVE occurs when (a) there is a large release of a flammable fluid which is under pressure, either because it is a gas or because it is normally liquid but is at a temperature well above its atmospheric boiling point, and (b) an ignition source is present at or very soon after the time of release.
(Explain mechanism of BLEVE using whiteboard)
BLEVEs produce a tremendous amount of heat radiation, but very little actual blast. This was shown by a 1979 incident in Spain, where a propylene truck rolled over and BLEVEd in a campsite. It was in summer, and at lunchtime. The campsite was filled with people in swimsuits and thus having minimum protection, and over 200 of them were killed. However, a motorcycle on its centre stand was not even knocked over during the incident.
Nowadays we see far fewer BLEVEs on railroad tank cars, for example, changes such as special couplers to keep the cars together if derailed, shields to protect the ends of the tank from puncture even if derailed, plus insulation to give more time before a tank softens to the point of failure if in a fire. When flammable fluids usually liquids or gases, but not always, as well see later catch fire, they can burn in different ways, depending on the situation. Accidental releases can be consider in four categories, of which three are described here. Well get to the fourth later.
The first, the Flash fire, is the common whoomph we get when lighting the barbecue if it doesnt light straightaway. Its caused by a igniting a small amount of flammable vapour and air, which burns almost immediately then goes out (or burns under control if more fuel is being supplied.
Pool fires result when flammable liquid is present but the liquid surface is confined so that only the upper surface is burning, for example when a kerosene spill catches fire or cooking oil ignites through overheating in a saucepan. Note that it is the characteristics of the fire and not the method of ignition that affect the classification.
A BLEVE occurs when (a) there is a large release of a flammable fluid which is under pressure, either because it is a gas or because it is normally liquid but is at a temperature well above its atmospheric boiling point, and (b) an ignition source is present at or very soon after the time of release.
(Explain mechanism of BLEVE using whiteboard)
BLEVEs produce a tremendous amount of heat radiation, but very little actual blast. This was shown by a 1979 incident in Spain, where a propylene truck rolled over and BLEVEd in a campsite. It was in summer, and at lunchtime. The campsite was filled with people in swimsuits and thus having minimum protection, and over 200 of them were killed. However, a motorcycle on its centre stand was not even knocked over during the incident.
Nowadays we see far fewer BLEVEs on railroad tank cars, for example, changes such as special couplers to keep the cars together if derailed, shields to protect the ends of the tank from puncture even if derailed, plus insulation to give more time before a tank softens to the point of failure if in a fire.
12. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 12 Nevertheless, they still can occasionally happen, as shown here, where some stationary tank cars were somehow caught by a train passing on the next track.
This is why its a good idea not to get too close to a derailed freight train especially if its on fire and why every community should be prepared for how to handle emergencies, just in case something like this happens.Nevertheless, they still can occasionally happen, as shown here, where some stationary tank cars were somehow caught by a train passing on the next track.
This is why its a good idea not to get too close to a derailed freight train especially if its on fire and why every community should be prepared for how to handle emergencies, just in case something like this happens.
13. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 13 Some of the key concepts that emerged during this phase are still widely used in traditional workplace health and safety to this day: differentiating between an unsafe act and an unsafe condition, the focus on loss prevention and the idea of viewing people as an investment human resources rather than simply the cost of labour, and the diagram shown here, the safety pyramid (or triangle).
The idea of the pyramid is that really serious incidents such as fatalities occur so rarely in most organizations these days that its not practical to use them as a measure for monitoring and improving an organizations safety effectiveness there simply arent enough such incidents to know whether things are getting better or worse. However, it is practical to track the larger number of less serious incidents and use that as a performance measure.
Traditional workplace health and safety therefore places great emphasis on the number of lost time, medical aid and first aid cases, the near-misses and the unsafe acts or conditions that permit accidents to happen.
The pyramid is certainly a useful concept. Nevertheless, it does have a serious problem that is often unrecognized, even by workplace health and safety professionals.
The problem is that the conditions that can lead to really serious incidents those which could kill or seriously injure a large number of people may not be identified by focusing on the bottom end of the pyramid, which could thus become a distraction rather than a help.
It was the analysis of several serious incidents that led to the third phase in the development of safety philosophy in the chemical industry process safety management.Some of the key concepts that emerged during this phase are still widely used in traditional workplace health and safety to this day: differentiating between an unsafe act and an unsafe condition, the focus on loss prevention and the idea of viewing people as an investment human resources rather than simply the cost of labour, and the diagram shown here, the safety pyramid (or triangle).
The idea of the pyramid is that really serious incidents such as fatalities occur so rarely in most organizations these days that its not practical to use them as a measure for monitoring and improving an organizations safety effectiveness there simply arent enough such incidents to know whether things are getting better or worse. However, it is practical to track the larger number of less serious incidents and use that as a performance measure.
Traditional workplace health and safety therefore places great emphasis on the number of lost time, medical aid and first aid cases, the near-misses and the unsafe acts or conditions that permit accidents to happen.
The pyramid is certainly a useful concept. Nevertheless, it does have a serious problem that is often unrecognized, even by workplace health and safety professionals.
The problem is that the conditions that can lead to really serious incidents those which could kill or seriously injure a large number of people may not be identified by focusing on the bottom end of the pyramid, which could thus become a distraction rather than a help.
It was the analysis of several serious incidents that led to the third phase in the development of safety philosophy in the chemical industry process safety management.
14. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 14 Flixborough, UK before the 1974 incident The first of these incidents was at Flixborough, UK, in 1974. This is a picture of the plant before the incident.
The plant was producing caprolactam, an intermediate used to make Nylon 6. The raw material was cyclohexane, a flammable hydrocarbon with properties similar to gasoline, and the first step in the process was the conversion of cyclohexane to cyclohexanone by liquid phase oxidation via air injection in the presence of a catalyst. The first of these incidents was at Flixborough, UK, in 1974. This is a picture of the plant before the incident.
The plant was producing caprolactam, an intermediate used to make Nylon 6. The raw material was cyclohexane, a flammable hydrocarbon with properties similar to gasoline, and the first step in the process was the conversion of cyclohexane to cyclohexanone by liquid phase oxidation via air injection in the presence of a catalyst.
15. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 15 Flixborough, UK:��simplified �reactor�arrangement��HMSO, from Lees The oxidation was done by circulating the liquid through six reactors connected in series and operating at about 155oC and about 9 atm. pressure. The amount of liquid in the reactors was about 120 tonnes, and the pipes connecting the reactors were 28 inch dia.
The fifth reactor developed a leak, and was removed for repair. A 20 inch temporary bypass line the largest available on site was installed to enable flow directly from reactor #4 to #6 and the process was put back into operation using the remaining five reactors. Two months later the unit was shut down for a minor unrelated leak, but this time as it was being restarted the 20 inch pipe apparently failed, The improvised design of the bypass had not taken into account the need for proper stress analysis, and the pipe was unable to stand the stresses involved.
The pipe failure suddenly released about 30 tonnes of the cyclohexane mixture a flammable liquid under pressure and heated to well above its atmospheric boiling point. This produced a large cloud of flammable vapour, which if it had immediately ignited would have caused a BLEVE. However, there was no ignition source nearby. Sometimes this can be lucky, when the vapour gets so diluted with air that it is below the lower explosive limit before it reaches an ignition source, and simply disperses.
What happened here was the worst possible scenario, where the cloud consists of a mixture of fuel and air at the time of ignition. Unlike a BLEVE, the rate of combustion inside the cloud is no longer limited by the lack of air, and the flame front can travel rapidly from the edge into the interior of the cloud. As it does so its rate of travel increases, and when it reaches supersonic speed the whole cloud can detonate. This phenomenon is known as an Unconfined Vapour Cloud Explosion, or UVCE.
Again, unlike a BLEVE, an Unconfined Vapour Cloud Explosion produces a large blast effect. At Flixborough this was estimated as equivalent to about 16 tonnes of TNT exploding about 45 metres above the ground. The oxidation was done by circulating the liquid through six reactors connected in series and operating at about 155oC and about 9 atm. pressure. The amount of liquid in the reactors was about 120 tonnes, and the pipes connecting the reactors were 28 inch dia.
The fifth reactor developed a leak, and was removed for repair. A 20 inch temporary bypass line the largest available on site was installed to enable flow directly from reactor #4 to #6 and the process was put back into operation using the remaining five reactors. Two months later the unit was shut down for a minor unrelated leak, but this time as it was being restarted the 20 inch pipe apparently failed, The improvised design of the bypass had not taken into account the need for proper stress analysis, and the pipe was unable to stand the stresses involved.
The pipe failure suddenly released about 30 tonnes of the cyclohexane mixture a flammable liquid under pressure and heated to well above its atmospheric boiling point. This produced a large cloud of flammable vapour, which if it had immediately ignited would have caused a BLEVE. However, there was no ignition source nearby. Sometimes this can be lucky, when the vapour gets so diluted with air that it is below the lower explosive limit before it reaches an ignition source, and simply disperses.
What happened here was the worst possible scenario, where the cloud consists of a mixture of fuel and air at the time of ignition. Unlike a BLEVE, the rate of combustion inside the cloud is no longer limited by the lack of air, and the flame front can travel rapidly from the edge into the interior of the cloud. As it does so its rate of travel increases, and when it reaches supersonic speed the whole cloud can detonate. This phenomenon is known as an Unconfined Vapour Cloud Explosion, or UVCE.
Again, unlike a BLEVE, an Unconfined Vapour Cloud Explosion produces a large blast effect. At Flixborough this was estimated as equivalent to about 16 tonnes of TNT exploding about 45 metres above the ground.
16. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 16 Flixborough, UK 1974 This is the result. Here is a close up after the explosion, which killed 29 people and destroyed not only the process involved but also many others at the site.
18 of those killed were in the control room, which was not blast-resistant. Nowadays control rooms are designed to withstand the effects of blast so they provide a shelter for the operators.
Some tanks at Flixborough were crushed almost flat by the overpressure of the explosion. This is the result. Here is a close up after the explosion, which killed 29 people and destroyed not only the process involved but also many others at the site.
18 of those killed were in the control room, which was not blast-resistant. Nowadays control rooms are designed to withstand the effects of blast so they provide a shelter for the operators.
Some tanks at Flixborough were crushed almost flat by the overpressure of the explosion.
17. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 17 Flixborough, UK 1974 This is another view, showing the extent of the damage.
This incident led to the regulation of major process hazards in the UK.This is another view, showing the extent of the damage.
This incident led to the regulation of major process hazards in the UK.
18. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 18 Key events II �
1984 Mexico City �over 650 dead�
1984 Bhopal�over 2000 immediate dead, plus many more from the effects�OECD, ILO conventions, plus a wide range of regulatory and voluntary action worldwide�(Seveso II, SARA Title III)�
1986 Basle�major environmental contamination (international)�UN Transboundary convention 1984 saw two very serious incidents within a month of one another.
In Mexico City, a major fire and a series of explosions at an LPG (liquefied petroleum gas) terminal killed over 650 people. This incident, however, was overshadowed by an even worse event about two weeks later.
Bhopal, India was the scene of the worlds worst-ever chemical accident. A leak of methyl isocyanate gas, used as an intermediate in the manufacture of carbamate pesticides, led to the deaths of about 3,800 people and adverse health effects in greater than 170,000 survivors.
The Bhopal accident provoked immediate reaction around the world and led to a wide range of action to prevent such events, including regulation and also voluntary initiatives.
1984 saw two very serious incidents within a month of one another.
In Mexico City, a major fire and a series of explosions at an LPG (liquefied petroleum gas) terminal killed over 650 people. This incident, however, was overshadowed by an even worse event about two weeks later.
Bhopal, India was the scene of the worlds worst-ever chemical accident. A leak of methyl isocyanate gas, used as an intermediate in the manufacture of carbamate pesticides, led to the deaths of about 3,800 people and adverse health effects in greater than 170,000 survivors.
The Bhopal accident provoked immediate reaction around the world and led to a wide range of action to prevent such events, including regulation and also voluntary initiatives.
19. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 19 Pasadena, TX Vapour cloud explosion 1989 This incident at Phillips Petroleums polyethylene plant at Pasadena, Texas led to regulation of process safety management in the US.
This was again a plant handling large quantities of flammable compressed gas in this case ethylene.
A large quantity of gas was released during a maintenance operation when a plug of material jammed in a settling leg on a reactor, but then suddenly let go when the repair crew went to get help. An automatic valve that was supposedly shut had the air hoses cross-connected in error, so that the valve was in fact open, allowing the gas to escape.
The massive damage is characteristic of a UVCE. 23 people were killed in the Pasadena explosion, and 130 others injured including many contractors who were on the site.This incident at Phillips Petroleums polyethylene plant at Pasadena, Texas led to regulation of process safety management in the US.
This was again a plant handling large quantities of flammable compressed gas in this case ethylene.
A large quantity of gas was released during a maintenance operation when a plug of material jammed in a settling leg on a reactor, but then suddenly let go when the repair crew went to get help. An automatic valve that was supposedly shut had the air hoses cross-connected in error, so that the valve was in fact open, allowing the gas to escape.
The massive damage is characteristic of a UVCE. 23 people were killed in the Pasadena explosion, and 130 others injured including many contractors who were on the site.
20. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 20 Pasadena, TX Vapour cloud explosion 1989 Here is a picture after the incident.
Its interesting that the company, Phillips Petroleum, was not a reckless company in fact, it had received an award for its safety record (details)Here is a picture after the incident.
Its interesting that the company, Phillips Petroleum, was not a reckless company in fact, it had received an award for its safety record (details)
21. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 21 Third Phase (70s and 80s): �Process Safety Management Objective similar to previous phase, but
Recognition of seriousness of consequences and mechanisms of causation lead to focus on the process rather than the individual worker
1976 Seveso major environmental contamination
1984 Mexico City over 650 dead
1984 Bhopal over 2000 immediate dead, plus many more from the effects
1986 Basle major environmental contamination (international)
1989 Piper Alpha 167 dead
1989 Pasadena 23 dead
The controls developed during the second phase, where rules are established to prescribe design or operation under certain defined conditions, led to dramatic improvements in safety and health. Even now, where a company, industry or country has an ongoing safety record that is obviously worse than others in similar circumstances, it is a symptom that the rules are not being followed, either because they are not communicated or understood or because they are not enforced.
But more than this is needed, as even those with good safety records may be unknowingly vulnerable to a serious incident that is sudden and where, once it starts, recovery is unlikely or impossible.
During the 1970s and 80s several such incidents occurred events which were so serious that they were investigated in depth, and where those investigations revealed that the causes lay so far back in the process that they are very difficult to detect and head off by the usual rule-based approach. The controls developed during the second phase, where rules are established to prescribe design or operation under certain defined conditions, led to dramatic improvements in safety and health. Even now, where a company, industry or country has an ongoing safety record that is obviously worse than others in similar circumstances, it is a symptom that the rules are not being followed, either because they are not communicated or understood or because they are not enforced.
But more than this is needed, as even those with good safety records may be unknowingly vulnerable to a serious incident that is sudden and where, once it starts, recovery is unlikely or impossible.
During the 1970s and 80s several such incidents occurred events which were so serious that they were investigated in depth, and where those investigations revealed that the causes lay so far back in the process that they are very difficult to detect and head off by the usual rule-based approach.
22. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 22 Development of �Process Safety Management Re-examination of how major hazards are controlled
Focus on the process and mechanisms of causation
Management system approach
Applicable to a wide range of situations not just major hazards So these very serious incidents led to a re-examination of how major hazards were controlled, because it obviously wasnt good enough.
It soon became evident that many of the conditions which led to these events resulted from decisions made long beforehand, and that the usual focus of workplace safety on the interface between the worker and the equipment was not enough for high hazard operations.
This led to a change in the philosophy of how to control major hazards, and thus the third phase, known as process safety management, with its management system approach which will be explained in a moment.
Although aimed at control of major hazards, the technique applies to a wide range of situations, as well see.So these very serious incidents led to a re-examination of how major hazards were controlled, because it obviously wasnt good enough.
It soon became evident that many of the conditions which led to these events resulted from decisions made long beforehand, and that the usual focus of workplace safety on the interface between the worker and the equipment was not enough for high hazard operations.
This led to a change in the philosophy of how to control major hazards, and thus the third phase, known as process safety management, with its management system approach which will be explained in a moment.
Although aimed at control of major hazards, the technique applies to a wide range of situations, as well see.
23. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 23 Process safety management Definitions�
Process safety is the operation of facilities that handle, use, process or store hazardous materials in a manner free from episodic or catastrophic incidents�
Process safety management is the application of management systems to the identification, understanding and control of process hazards to prevent process-related injuries and incidents
�CCPS: Guidelines for Technical Management of Chemical Process Safety First, the definitions. There are some variations, but the definitions here show what were referring to.
First, the definitions. There are some variations, but the definitions here show what were referring to.
24. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 24 What is meant by Process? "Process" means any activity involving a highly hazardous chemical including any use, storage, manufacturing, handling, or the on-site movement of such chemicals, or combination of these activities�
US OSHA 1910.119 Process Safety Management Rule, definitions Note that the US Occupational Safety and Health Administration, or OSHA, has a broad definition of process in the coverage of its Process Safety Management Rule, the regulation governing this in the United States. The rule applies not only to manufacturing plants, but also to warehouses, etc. Note that the US Occupational Safety and Health Administration, or OSHA, has a broad definition of process in the coverage of its Process Safety Management Rule, the regulation governing this in the United States. The rule applies not only to manufacturing plants, but also to warehouses, etc.
25. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 25 Difference between PSM and traditional health & safety Traditional workplace health and safety
Focuses on the individual actions while considering interaction with equipment
Occupational health exposures
Significant legal and regulatory mandate
Objective: to eliminate injuries and illnesses to personnel, and protection of assets, production (and the environment)
Process safety management
Focuses on process: materials, equipment and systems
Individuals and procedures are considered part of the system
Objective: to eliminate process-related incidents This slide shows the main differences between this third phase, process safety management, and the previous phase on which most workplace health and safety regulation, and industrial safety programs, are based.This slide shows the main differences between this third phase, process safety management, and the previous phase on which most workplace health and safety regulation, and industrial safety programs, are based.
26. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 26 Functions of a management system At this point its necessary to understand what is meant by management system.
We can look at the system as having four parts, starting with Planning in the top left. After the planning step, organizing the work and the implementing the plans are the same as in the second phase plan, make the rules, then do what the rules say.
The important feature of a management system is the controlling step the feedback loop where the results of implementation are examined and compared with the original intent to find how well the intent is being met.
The system is not once-around, but iterative in other words, where there is a gap between the intent, or plan, and the results, the reasons for the gap are examined and either the plan or the execution of the plan organizing and implementing or both are changed until acceptable consistency is achieved.At this point its necessary to understand what is meant by management system.
We can look at the system as having four parts, starting with Planning in the top left. After the planning step, organizing the work and the implementing the plans are the same as in the second phase plan, make the rules, then do what the rules say.
The important feature of a management system is the controlling step the feedback loop where the results of implementation are examined and compared with the original intent to find how well the intent is being met.
The system is not once-around, but iterative in other words, where there is a gap between the intent, or plan, and the results, the reasons for the gap are examined and either the plan or the execution of the plan organizing and implementing or both are changed until acceptable consistency is achieved.
27. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 27 Features and characteristics of a management system for process safety This slide shows some of the typical features included in the four steps of planning, organizing, implementing and controlling.
Note particularly the checks and corrective action in the controlling step.This slide shows some of the typical features included in the four steps of planning, organizing, implementing and controlling.
Note particularly the checks and corrective action in the controlling step.
28. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 28 Examples of PSM management systems concerns at different organizational levels The relative importance of these activities varies, depending on the level in the organization.
Planning is more a function for executives, whose role is to set the strategic direction for the organization. The planning aspect is still there as we move down to the managerial level, where organizing becomes more important, and is even less at the task level where most of the implementation takes place.
Note that, to be effective, all levels must be involved in the controlling activity.The relative importance of these activities varies, depending on the level in the organization.
Planning is more a function for executives, whose role is to set the strategic direction for the organization. The planning aspect is still there as we move down to the managerial level, where organizing becomes more important, and is even less at the task level where most of the implementation takes place.
Note that, to be effective, all levels must be involved in the controlling activity.
29. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 29 Scope (PSM elements) Accountability
Process Knowledge and Documentation
Capital Project Review and Design Procedures
Process Risk Management
Management of Change
Process and Equipment Integrity
Human Factors
Training and Performance
Incident Investigation
Company Standards, Codes and Regulations
Audits and Corrective Actions
Enhancement of Process Safety Knowledge There are several versions of process safety management, with minor variations due to the mandate of the organization concerned or sometimes the particular incident that led to a PSM system being introduced.
The US Occupational Safety and Health Administration (OSHA) has regulated one version in the United States, and some large companies such as DuPont have their own.
The version shown here is that of the US Center for Chemical Process Safety (CCPS), a part of the American Institute of Chemical Engineers. It was developed by leading industry thinkers after the Bhopal accident, and is readily available and well supported with a large library of textbooks, specialized courses, conferences and other resources. Its also familiar to most chemical companies with operations in the United States. For these reasons it was selected by the CSChE as the basis for process safety management in Canada.
The CCPS scope features twelve elements. In this lecture, well examine the first six, then jump to 9 on incident investigation before coming back to element 7 on human factors. This is because human factors, which dont appear in some other versions of PSM, are somewhat different from the other elements so much so that they are the focus of the fourth phase of the philosophy which well cover at the end of this lecture.There are several versions of process safety management, with minor variations due to the mandate of the organization concerned or sometimes the particular incident that led to a PSM system being introduced.
The US Occupational Safety and Health Administration (OSHA) has regulated one version in the United States, and some large companies such as DuPont have their own.
The version shown here is that of the US Center for Chemical Process Safety (CCPS), a part of the American Institute of Chemical Engineers. It was developed by leading industry thinkers after the Bhopal accident, and is readily available and well supported with a large library of textbooks, specialized courses, conferences and other resources. Its also familiar to most chemical companies with operations in the United States. For these reasons it was selected by the CSChE as the basis for process safety management in Canada.
The CCPS scope features twelve elements. In this lecture, well examine the first six, then jump to 9 on incident investigation before coming back to element 7 on human factors. This is because human factors, which dont appear in some other versions of PSM, are somewhat different from the other elements so much so that they are the focus of the fourth phase of the philosophy which well cover at the end of this lecture.
30. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 30 Process safety is a way of gaining control over operations, and as such, it has many areas of overlap with traditional heath and safety and with environmental control, as shown schematically in this diagram.
However, there is also a large area of process safety that is not covered by either traditional health and safety or environmental control, and this is where companies may be vulnerable if they rely only on their other programs to avoid major incidents.Process safety is a way of gaining control over operations, and as such, it has many areas of overlap with traditional heath and safety and with environmental control, as shown schematically in this diagram.
However, there is also a large area of process safety that is not covered by either traditional health and safety or environmental control, and this is where companies may be vulnerable if they rely only on their other programs to avoid major incidents.
31. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 31 1. Accountability Management commitment at all levels
Status of process safety compared to other organizational objectives (e.g. output, quality, cost)
Objectives must be supported by appropriate resources
Plan for continuity in operations, systems, organization
Be ready for exceptions
Where freedom is allowed, make sure alternatives are acceptable
Be accessible for guidance
Communicate and lead This gives an idea of what is involved in the first element, accountability.
How does the management of the organization view safety compared with output, quality and cost? Is management commitment demonstrated by the attention and time spent on safety, or is it lip service until something goes wrong?
When the plans are made, is there allowance for the fact that there may well be exceptions when the plan cannot be followed? Have limits been established for what other courses of action are acceptable? Is management available for discussion and guidance in such situations? This gives an idea of what is involved in the first element, accountability.
How does the management of the organization view safety compared with output, quality and cost? Is management commitment demonstrated by the attention and time spent on safety, or is it lip service until something goes wrong?
When the plans are made, is there allowance for the fact that there may well be exceptions when the plan cannot be followed? Have limits been established for what other courses of action are acceptable? Is management available for discussion and guidance in such situations?
32. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 32 2. Process Knowledge & Documentation Inherent hazards and properties of materials involved
Information needed to build and operate the process safely
Information on protective systems
Operating procedures for normal and upset conditions
Risk management decisions
Company memory (Kletz 10-year rule) This element covers the documentation of the basic knowledge to build and operate the plant safely, including what to expect and how to prevent or recover from any unintended side reactions or other unintended but potential conditions.
The Canadian Chemical Producers Association tracks all process-related incidents experienced each year by its members, and this element is often a leading cause, mainly due to operating procedures.
Its important to document how the process is to be run and, when problems arise, how much is due to a fault in the design and how much due to the execution of the instructions as designed.
Input from other disciplines may be needed here to identify hazards, especially those resulting from unintended operation.
One of the worlds leading experts in PSM, Trevor Kletz, has stated that organizations have a memory span of about ten years. He has often found that after ten years the people who knew why to do or not do things in a certain way, based on experience from incidents or near-misses, had retired or moved upwards or onwards, and those who replaced them inadvertently returned to the very ways that had led to past problems in the same organization!This element covers the documentation of the basic knowledge to build and operate the plant safely, including what to expect and how to prevent or recover from any unintended side reactions or other unintended but potential conditions.
The Canadian Chemical Producers Association tracks all process-related incidents experienced each year by its members, and this element is often a leading cause, mainly due to operating procedures.
Its important to document how the process is to be run and, when problems arise, how much is due to a fault in the design and how much due to the execution of the instructions as designed.
Input from other disciplines may be needed here to identify hazards, especially those resulting from unintended operation.
One of the worlds leading experts in PSM, Trevor Kletz, has stated that organizations have a memory span of about ten years. He has often found that after ten years the people who knew why to do or not do things in a certain way, based on experience from incidents or near-misses, had retired or moved upwards or onwards, and those who replaced them inadvertently returned to the very ways that had led to past problems in the same organization!
33. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 33 3. Capital Project Review and Design Procedures Greatest opportunity for impact on risk management� This is the element with the greatest opportunity for impact on risk management, and those making the critical decisions should do so with understanding of the implications. This can be a challenge where many key decisions are made in another country or even another organization (such as an engineering design contractor).
The process and location selected, quantities of materials present on site and in the process, conditions of temperature and pressure, where the equipment is located on the site relative to sensitive activities on and off site are some examples.
Its also much easier to influence factors outside the organization, such as buffer zones, land use and community emergency preparedness, when a new plant or expansion is being planned. This is the element with the greatest opportunity for impact on risk management, and those making the critical decisions should do so with understanding of the implications. This can be a challenge where many key decisions are made in another country or even another organization (such as an engineering design contractor).
The process and location selected, quantities of materials present on site and in the process, conditions of temperature and pressure, where the equipment is located on the site relative to sensitive activities on and off site are some examples.
Its also much easier to influence factors outside the organization, such as buffer zones, land use and community emergency preparedness, when a new plant or expansion is being planned.
34. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 34 Inherent Safety - Hierarchy� What you dont have cant leak! (Kletz)
Hierarchy: This ability to avoid many of the problems by careful decisions at the early stages of a project led to the concept of Inherent Safety, epitomized by Trevor Kletz with the expression What you dont have cant leak!
Inherent safety is a formal approach to eliminating or reducing hazards, and as shown here it affects the top, strategic level in a risk management hierarchy.
This ability to avoid many of the problems by careful decisions at the early stages of a project led to the concept of Inherent Safety, epitomized by Trevor Kletz with the expression What you dont have cant leak!
Inherent safety is a formal approach to eliminating or reducing hazards, and as shown here it affects the top, strategic level in a risk management hierarchy.
35. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 35 Inherent safety Minimize
Use smaller quantities of hazardous substances
Substitute
Replace a materials with a less hazardous substance
Moderate
Use less hazardous conditions, a less hazardous form of a substance, or facilities which minimize the impact of the release of hazardous material or energy
Simplify
Design processes and facilities which eliminate unnecessary complexity and are forgiving of operating errors
This shows the scope of opportunities for hazard reduction through inherent safety.
Depending on the site, local site personnel may have limited ability to influence these factors, as key decisions may already have been made. This shows the scope of opportunities for hazard reduction through inherent safety.
Depending on the site, local site personnel may have limited ability to influence these factors, as key decisions may already have been made.
36. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 36 4. Process Risk Management Know what the hazards are�
Understand the risks�
Decide what is acceptable, and meet it�
Control it there (or, better still, improve)�
Be ready if it happens�
If you can't do any of the above, get out of the business! This is one of the most important elements, and well spend more time on it.
This slide shows some of the key principles.This is one of the most important elements, and well spend more time on it.
This slide shows some of the key principles.
37. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 37 Hazard and risk Process hazard
A physical situation with potential to cause harm to people, property or the environment�
Risk (acute)
probability x consequences of an undesired event occurring
When talking about risk its important to understand the terminology.
For chemical hazards, risk is commonly considered as chronic or acute. Chronic risk is concerned with effects from exposure to conditions that are typically present over a long period of time, such as the amount of a chemical permitted in the atmosphere or effluent at a chemical plant. This type of risk is usually quantified in terms of dose and response, and is extensively addressed by workplace health and safety legislation such as WHMIS.
Process safety management, on the other hand, is concerned much more with acute risk. This is the risk from conditions which are not normally present or intended, but nevertheless may happen accidentally and usually quite suddenly.
When referring to acute risk, its important to differentiate between hazard something which has the inherent potential to cause harm because of its properties and risk, which is a combination of how harmful something can be and how likely it is to occur.
For example, a large tank full of propane, like that found at some gas stations, is a hazard because of the potential consequences if it is not operated properly. It is not necessarily a high risk, otherwise propane would all be stored out in the countryside rather than in populated areas where more people want to buy it. The risk is generally quite low, due to the many controls that specify how such storage tanks are to be designed, built, operated and maintained.
So acute risk is a product of probability, or likelihood, and the consequences of an undesired event occuring.When talking about risk its important to understand the terminology.
For chemical hazards, risk is commonly considered as chronic or acute. Chronic risk is concerned with effects from exposure to conditions that are typically present over a long period of time, such as the amount of a chemical permitted in the atmosphere or effluent at a chemical plant. This type of risk is usually quantified in terms of dose and response, and is extensively addressed by workplace health and safety legislation such as WHMIS.
Process safety management, on the other hand, is concerned much more with acute risk. This is the risk from conditions which are not normally present or intended, but nevertheless may happen accidentally and usually quite suddenly.
When referring to acute risk, its important to differentiate between hazard something which has the inherent potential to cause harm because of its properties and risk, which is a combination of how harmful something can be and how likely it is to occur.
For example, a large tank full of propane, like that found at some gas stations, is a hazard because of the potential consequences if it is not operated properly. It is not necessarily a high risk, otherwise propane would all be stored out in the countryside rather than in populated areas where more people want to buy it. The risk is generally quite low, due to the many controls that specify how such storage tanks are to be designed, built, operated and maintained.
So acute risk is a product of probability, or likelihood, and the consequences of an undesired event occuring.
38. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 38 Pre-screening using a list The first screen is usually a list of materials, either by
Name (chlorine, gasoline) or
Property (flash point, LC50 )�plus
Threshold quantity on site at any one time
Usually specified by regulation (Canadian Environmental Protection Act, Section 200) The first step in a typical risk assessment for major hazards is a pre-screening step. The screen consists of a list of materials with known hazardous properties flammable, toxic, reactive, etc. with a threshold quantity given for each substance.
The threshold quantity is a snapshot at a point in time typical examples are the total amount of the material on site at any one time, or the amount in the largest vessel. It does not refer to a cumulative amount such as the amount of material produced or emitted in one year, which would be more relevant for chronic risk, emission control, etc. This is because a major accident is generally short-lived, and the severity depends on the amount of hazardous material released or involved.
The list of materials and threshold quantities is usually specified by regulation. Sites meeting the criteria are required to register with the authorities. The list may be divided into categories, where a site is subjected to increasing control requirements as the hazard category increases.
Examples of such regulations are the Seveso Directive in the European Union, the Environmental Protection Agencys Risk Management Plan and OSHAs Process Safety Management rule in the United States. Canada actually had no such regulation until 2003, when the regulations under section 200 of the Canadian Environmental Protection Act came into effect.
Its important to note that just because a site does not meet the material and threshold criteria, it does not mean that its hazard is not significant or that no action should be take to control it. The list simply helps to identify where the hazard is high enough for the government to insist on action.The first step in a typical risk assessment for major hazards is a pre-screening step. The screen consists of a list of materials with known hazardous properties flammable, toxic, reactive, etc. with a threshold quantity given for each substance.
The threshold quantity is a snapshot at a point in time typical examples are the total amount of the material on site at any one time, or the amount in the largest vessel. It does not refer to a cumulative amount such as the amount of material produced or emitted in one year, which would be more relevant for chronic risk, emission control, etc. This is because a major accident is generally short-lived, and the severity depends on the amount of hazardous material released or involved.
The list of materials and threshold quantities is usually specified by regulation. Sites meeting the criteria are required to register with the authorities. The list may be divided into categories, where a site is subjected to increasing control requirements as the hazard category increases.
Examples of such regulations are the Seveso Directive in the European Union, the Environmental Protection Agencys Risk Management Plan and OSHAs Process Safety Management rule in the United States. Canada actually had no such regulation until 2003, when the regulations under section 200 of the Canadian Environmental Protection Act came into effect.
Its important to note that just because a site does not meet the material and threshold criteria, it does not mean that its hazard is not significant or that no action should be take to control it. The list simply helps to identify where the hazard is high enough for the government to insist on action.
39. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 39 CEPA is the legislation dealing with the environment at the federal level, and acts as a safety net to catch anything that may not have been addressed by regulation at the provincial level.
Part 8 of CEPA is concerned with environmental emergencies, and Section 200 of the Act provides the authority for control of sites with the potential for environmental emergencies (explain using defs)
Under the Section 200 regulation, after November 18, 2003 sites have 90 days to refer to the list and threshold quantities, and must notify Environment Canada if they qualify. If the largest container of a listed material also exceeds the threshold quantity, the site must also develop an emergency plan within six months of the date the regulation came into effect, then implement that plan, including testing it, within a further six months.
Under Section 200, the emergency plan must address prevention, preparedness, response and recovery. There are also provisions for communication of the plan to the community where the site is located. CEPA is the legislation dealing with the environment at the federal level, and acts as a safety net to catch anything that may not have been addressed by regulation at the provincial level.
Part 8 of CEPA is concerned with environmental emergencies, and Section 200 of the Act provides the authority for control of sites with the potential for environmental emergencies (explain using defs)
Under the Section 200 regulation, after November 18, 2003 sites have 90 days to refer to the list and threshold quantities, and must notify Environment Canada if they qualify. If the largest container of a listed material also exceeds the threshold quantity, the site must also develop an emergency plan within six months of the date the regulation came into effect, then implement that plan, including testing it, within a further six months.
Under Section 200, the emergency plan must address prevention, preparedness, response and recovery. There are also provisions for communication of the plan to the community where the site is located.
40. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 40 Center for Chemical Process Safety (CCPS) guide
Easy to use
Describes hazard evaluation procedures
Explains when and how to use them Sizing up the hazards After any pre-screening required by regulation, risk assessment involves examining for hazards using one or more of a combination of techniques.
There are many ways to examine risk, and which technique to use depends on a variety of factors such as whether the plant is at the stage of initial design, the later stages of construction or already exists and perhaps has been operating for many years. Some techniques call for specific information on the design of equipment, piping and instrumentation, and these details are not known for a plant that is yet to be built.
This CCPS book, Guidelines for Hazard Evaluation Procedures, Second Edition with Worked Examples, gives a summary of the common techniques available and when to use them, with their advantages and disadvantages.
After any pre-screening required by regulation, risk assessment involves examining for hazards using one or more of a combination of techniques.
There are many ways to examine risk, and which technique to use depends on a variety of factors such as whether the plant is at the stage of initial design, the later stages of construction or already exists and perhaps has been operating for many years. Some techniques call for specific information on the design of equipment, piping and instrumentation, and these details are not known for a plant that is yet to be built.
This CCPS book, Guidelines for Hazard Evaluation Procedures, Second Edition with Worked Examples, gives a summary of the common techniques available and when to use them, with their advantages and disadvantages.
41. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 41 What if/checklist Commonly used, but effectiveness depends on expertise of team and ability to spot hazards�
A team is much better than one person�
A good checklist can be found in the CCPS Hazard Evaluation guide, Appendix B�
If a hazard is not identified, subsequent control methods may be in vain! One of the most commonly used techniques is to ask as series of questions of the form: What if happened? Another, often used together with What if, is to refer to a checklist of questions.
The What if and checklist methods are useful, but depend very much on the expertise of those asking the questions or generating the checklist. For this, a team consisting of people with different backgrounds and experience is much more effective than one person alone. Even so, there can be a real possibility that those doing the study dont know what they dont know.
In the CCPS book referred to on the previous slide, Appendix B provides a detailed checklist, running for about 40 pages. This can be very useful where a rapid check is needed but the skills for the more technical methods are not readily available. Note: relying only on a checklist is not recommended, but if one is going to be used, this list is at least quite comprehensive.
Always remember: If a hazard is not identified, all the subsequent control methods may not be enough to head it off!
One of the most commonly used techniques is to ask as series of questions of the form: What if happened? Another, often used together with What if, is to refer to a checklist of questions.
The What if and checklist methods are useful, but depend very much on the expertise of those asking the questions or generating the checklist. For this, a team consisting of people with different backgrounds and experience is much more effective than one person alone. Even so, there can be a real possibility that those doing the study dont know what they dont know.
In the CCPS book referred to on the previous slide, Appendix B provides a detailed checklist, running for about 40 pages. This can be very useful where a rapid check is needed but the skills for the more technical methods are not readily available. Note: relying only on a checklist is not recommended, but if one is going to be used, this list is at least quite comprehensive.
Always remember: If a hazard is not identified, all the subsequent control methods may not be enough to head it off!
42. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 42 Index methods are good for rapid ranking Dow Fire and Explosion Index (FEI) for flammables�
Dow Chemical Exposure Index (CEI) for toxics�
Needs a few hours (small system) to a week (large, complex plant) �
Doesnt need an engineering degree The Dow company came up with two guides for its own use, but they became so popular that the company made them available to anyone via the CCPS.
The FEI and CEI are designed for rapid ranking of a number of sites or plants, so that priorities can be established for subsequent detailed study.
The FEI is used for flammables, and the CEI for toxics. Some materials such as ethylene oxide might need both methods.
You dont need to be an engineer to use these index methods, and they are quick once you understand how they work. So far theyre only available from CCPS in print form, but the possibility of electronic versions is being investigated.The Dow company came up with two guides for its own use, but they became so popular that the company made them available to anyone via the CCPS.
The FEI and CEI are designed for rapid ranking of a number of sites or plants, so that priorities can be established for subsequent detailed study.
The FEI is used for flammables, and the CEI for toxics. Some materials such as ethylene oxide might need both methods.
You dont need to be an engineer to use these index methods, and they are quick once you understand how they work. So far theyre only available from CCPS in print form, but the possibility of electronic versions is being investigated.
43. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 43 Hazard & Operability Analysis (HAZOP) Rigorous, systematic questioning approach examines how deviations from design intent could lead to hazards and operating problems�
Needs a lot of detailed information such as accurate, up-to-date Piping & Instrumentation Diagrams (P & IDs) and operating procedures�
Needs expert team and study leader�
Very powerful technique if properly used HAZOP is perhaps the most useful single method for identifying and understanding how to control process hazards so much so that many fall into the trap of thinking that if theyve done a HAZOP, they dont need to do anything else.
(Explain HAZOP here)
HAZOP is a systematic approach to examining how operation of the process could vary from the designers intent, and the type of problems this could cause. However, it does require up-to-date information on the specific piping and instrumentation, and this is not always available if the system for tracking changes to the process has not been rigorously maintained.
It is no use attempting to do a HAZOP using drawings and information that do not correspond to the actual plant as it currently exists. Someone has to go over every line and control system and update the information first, and this is not a simple task.
Even with current information, HAZOP needs trained people for the study, and is best done by a team of people with various backgrounds than one person alone. Engineering design, operations and maintenance are some of the obvious skills needed.
There are also different versions of HAZOP. Some rely simply on guidewords alone, and are not recommended. It is much better to consider the design intent, then apply guidewords as part of the examination. HAZOP is perhaps the most useful single method for identifying and understanding how to control process hazards so much so that many fall into the trap of thinking that if theyve done a HAZOP, they dont need to do anything else.
(Explain HAZOP here)
HAZOP is a systematic approach to examining how operation of the process could vary from the designers intent, and the type of problems this could cause. However, it does require up-to-date information on the specific piping and instrumentation, and this is not always available if the system for tracking changes to the process has not been rigorously maintained.
It is no use attempting to do a HAZOP using drawings and information that do not correspond to the actual plant as it currently exists. Someone has to go over every line and control system and update the information first, and this is not a simple task.
Even with current information, HAZOP needs trained people for the study, and is best done by a team of people with various backgrounds than one person alone. Engineering design, operations and maintenance are some of the obvious skills needed.
There are also different versions of HAZOP. Some rely simply on guidewords alone, and are not recommended. It is much better to consider the design intent, then apply guidewords as part of the examination.
44. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 44 Fault Tree Analysis Focuses on one particular undesired event�
Seeks to determine combinations of causes (equipment failures and human errors) that can lead to that event �
Generally used where other techniques have shown a need for detailed analysis Fault tree analysis and its sister, event tree analysis, are techniques for intensive study of the conditions that can lead to or follow from, respectively, a serious event for example a catastrophic failure of a large vessel containing liquefied toxic gas under high pressure. Fault tree analysis is useful for identifying the combinations of faults needed for the failure to occur.
If the event is viewed logically as the trunk of a tree, the fault tree can be considered as the conditions or branches which lead to the event, and the event tree as the network of roots branching out from that event. However, risk analysts study an event by cutting the tree down and displaying both the fault tree and the event tree as downward-branching diagrams where the main event being studied is referred to as the top event.
The slide shows a simple fault tree for a fire involving a flammable fluid. Two conditions are necessary for the fault to occur leakage of the fluid and an ignition source. Here both conditions must be positive for the fire to occur, as shown by the And gate. Two separate potential causes of ignition have also been identified, but the Or gate shows that only one of these need be present for the logical test ignition source is near fluid to be met.
Once the logic tree has been constructed, the probability of each contributing event is estimated and thus the probability of those combinations of event necessary for the main or top event can be calculated. Where this is unacceptably high, the technique also shows where action can be most effective in reducing the risk.
Fault tree analysis is used where other techniques have shown a need for detailed analysis. It is not used to study an entire plant as it is very labour-intensive and therefore costly, and needs a lot of input information. It can also be used only when full details of the part of the process being studied are known, including mechanical design, instrumentation, equipment layout, etc.Fault tree analysis and its sister, event tree analysis, are techniques for intensive study of the conditions that can lead to or follow from, respectively, a serious event for example a catastrophic failure of a large vessel containing liquefied toxic gas under high pressure. Fault tree analysis is useful for identifying the combinations of faults needed for the failure to occur.
If the event is viewed logically as the trunk of a tree, the fault tree can be considered as the conditions or branches which lead to the event, and the event tree as the network of roots branching out from that event. However, risk analysts study an event by cutting the tree down and displaying both the fault tree and the event tree as downward-branching diagrams where the main event being studied is referred to as the top event.
The slide shows a simple fault tree for a fire involving a flammable fluid. Two conditions are necessary for the fault to occur leakage of the fluid and an ignition source. Here both conditions must be positive for the fire to occur, as shown by the And gate. Two separate potential causes of ignition have also been identified, but the Or gate shows that only one of these need be present for the logical test ignition source is near fluid to be met.
Once the logic tree has been constructed, the probability of each contributing event is estimated and thus the probability of those combinations of event necessary for the main or top event can be calculated. Where this is unacceptably high, the technique also shows where action can be most effective in reducing the risk.
Fault tree analysis is used where other techniques have shown a need for detailed analysis. It is not used to study an entire plant as it is very labour-intensive and therefore costly, and needs a lot of input information. It can also be used only when full details of the part of the process being studied are known, including mechanical design, instrumentation, equipment layout, etc.
45. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 45 Caveats The main use of quantitative analysis is to understand risk and how best to reduce it not to prove something is safe!�
Be careful about the assumptions made in the analysis Note that the main purpose of this type of analysis, sometimes known as Quantitative Risk Analysis or QRA, is to understand the causative factors and their relative importance, so that risk control measures can be most effective. What matters is not that the risk can be quantified to four significant figures, but how it can be reduced by 90 percent!
Note that the main purpose of this type of analysis, sometimes known as Quantitative Risk Analysis or QRA, is to understand the causative factors and their relative importance, so that risk control measures can be most effective. What matters is not that the risk can be quantified to four significant figures, but how it can be reduced by 90 percent!
46. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 46 Effects of dust explosion Some operations for example, large chemical plants or storage depots are obviously hazardous and it is clear that analysis is needed. However, significant hazards can also be present in other operations that at first glance seem to be harmless.
This slide shows the effects of a dust explosion. Combustible dusts can release as much energy as flammable liquids or gases, and if they are mixed with air the explosion can cause heavy damage.
Some operations for example, large chemical plants or storage depots are obviously hazardous and it is clear that analysis is needed. However, significant hazards can also be present in other operations that at first glance seem to be harmless.
This slide shows the effects of a dust explosion. Combustible dusts can release as much energy as flammable liquids or gases, and if they are mixed with air the explosion can cause heavy damage.
47. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 47 West Pharmaceutical, Kinston NC 2003 - Dust explosion Here is a case where the West Pharmaceutical Services plant in Kinston, North Carolina the building was destroyed by a dust explosion and fire, causing six deaths, dozens of injuries, and hundreds of job losses.
The facility produced rubber stoppers and other products for medical use. Chemical Safety Board investigators found that the fuel for the explosion was a fine plastic powder used in producing rubber goods. Combustible polyethylene dust accumulated above a suspended ceiling over a manufacturing area at the plant and was ignited by an unknown event.
Here is a case where the West Pharmaceutical Services plant in Kinston, North Carolina the building was destroyed by a dust explosion and fire, causing six deaths, dozens of injuries, and hundreds of job losses.
The facility produced rubber stoppers and other products for medical use. Chemical Safety Board investigators found that the fuel for the explosion was a fine plastic powder used in producing rubber goods. Combustible polyethylene dust accumulated above a suspended ceiling over a manufacturing area at the plant and was ignited by an unknown event.
48. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 48 Typical steps in a dust explosion Dust explosions typically happen in two steps. First, a small disturbance such as an ignition in a small area stirs up a large cloud of dust which is of course mixed with air. If this large cloud then comes into contact with an ignition source, a large explosion results.
Dust explosions are often associated with poor housekeeping. If a large amount of dust is allowed to accumulate on equipment, beams, roof supports, etc. even a door blowing shut can be enough to create a dust cloud.Dust explosions typically happen in two steps. First, a small disturbance such as an ignition in a small area stirs up a large cloud of dust which is of course mixed with air. If this large cloud then comes into contact with an ignition source, a large explosion results.
Dust explosions are often associated with poor housekeeping. If a large amount of dust is allowed to accumulate on equipment, beams, roof supports, etc. even a door blowing shut can be enough to create a dust cloud.
49. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 49 Westwego grain elevator 1977 explosion Because of the risk of dust explosions, grain and flour mills are usually kept scrupulously clean. Nevertheless, accidents do sometimes happen, with serious consequences. This shows a grain elevator destroyed by a dust explosion.Because of the risk of dust explosions, grain and flour mills are usually kept scrupulously clean. Nevertheless, accidents do sometimes happen, with serious consequences. This shows a grain elevator destroyed by a dust explosion.
50. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 50 Scottsbluff, NE 1996 - sugar refinery explosion Sugar is more dangerous than we often think, and in bulk can lead to large fires if it ignites. And, as it is a powder, it can also lead to dust explosions as shown here.
This explosion killed one worker and blew up seven silos, throwing sugar around the site for one mile. Damage was estimated at ten million dollars US.Sugar is more dangerous than we often think, and in bulk can lead to large fires if it ignites. And, as it is a powder, it can also lead to dust explosions as shown here.
This explosion killed one worker and blew up seven silos, throwing sugar around the site for one mile. Damage was estimated at ten million dollars US.
51. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 51 This was a caramel plant not something thats obviously a high-hazard chemical facility.
An explosion in steam kettle killed one operator, knocked nearby 40,000 lb. anhydrous ammonia tank off its base and broke off several shutoff valves.
Firefighters were unable to stop the leaks, and had to evacuate area. The ammonia formed a cloud over the area for several hours, but dissipated without further incident.
Note that its located in a residential area. Many facilities handling or processing food and beverages have refrigeration units containing anhydrous ammonia, but dont have the technical expertise youd find in a chemical plant or oil refinery. They may also have sensitive facilities nearby, such as schools or seniors homes.
This is why all communities should be prepared for emergencies, and part of that preparedness includes knowing what is in the community, both as a potential hazard and as something needing special protective measures in case an emergency occurs.
This was a caramel plant not something thats obviously a high-hazard chemical facility.
An explosion in steam kettle killed one operator, knocked nearby 40,000 lb. anhydrous ammonia tank off its base and broke off several shutoff valves.
Firefighters were unable to stop the leaks, and had to evacuate area. The ammonia formed a cloud over the area for several hours, but dissipated without further incident.
Note that its located in a residential area. Many facilities handling or processing food and beverages have refrigeration units containing anhydrous ammonia, but dont have the technical expertise youd find in a chemical plant or oil refinery. They may also have sensitive facilities nearby, such as schools or seniors homes.
This is why all communities should be prepared for emergencies, and part of that preparedness includes knowing what is in the community, both as a potential hazard and as something needing special protective measures in case an emergency occurs.
52. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 52 Bradford, UK 1992 Allied Colloids fire This shows a different problem. When this warehouse caught fire, the fire department did what fire departments usually do they put a lot of water on it until the fire was out. Unfortunately the warehouse contained materials that were environmentally hazardous, and the runoff water seriously contaminated the surrounding river system.
In 1986, a similar incident in Basle, Switzerland, contaminated the Rhine river and affected five countries downstream. This led to the UN Transboundary Convention under which countries are to assess the risk from operations close to border areas and advise neighbouring states if they might be affected.
In such situations, it may be better to let the fire burn but this is best handled by discussion with the fire department well in advance of any actual incident, so they know what to do and also what not to do.This shows a different problem. When this warehouse caught fire, the fire department did what fire departments usually do they put a lot of water on it until the fire was out. Unfortunately the warehouse contained materials that were environmentally hazardous, and the runoff water seriously contaminated the surrounding river system.
In 1986, a similar incident in Basle, Switzerland, contaminated the Rhine river and affected five countries downstream. This led to the UN Transboundary Convention under which countries are to assess the risk from operations close to border areas and advise neighbouring states if they might be affected.
In such situations, it may be better to let the fire burn but this is best handled by discussion with the fire department well in advance of any actual incident, so they know what to do and also what not to do.
53. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 53 Warrington, UK 1993 - Sabotage attack at British Gas And incidents dont always happen by accident. In North America were much more aware of the potential for intentional acts after September 11, 2001, but terrorists were active even before then. This shows the result of an attack on a natural gas storage depot in the UK, by the IRA.And incidents dont always happen by accident. In North America were much more aware of the potential for intentional acts after September 11, 2001, but terrorists were active even before then. This shows the result of an attack on a natural gas storage depot in the UK, by the IRA.
54. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 54 5. Management of Change Change of process technology
Change of facility
Organizational changes
Variance procedures
Permanent changes
Temporary changes
Note that none of the above cover latent errors Management of change is one of the first elements to be addressed when a company is starting to set up its PSM system.
The objective is to prevent any new errors from being introduced as changes are made. This slide gives an idea of the scope of management of change.
Note that management of change is also needed for temporary and experimental work, and for small projects as well as large ones.
Organizational change is a vulnerable area even in well-run organizations, as discussion is typically much more sensitive than for other types of change.
Note that the results of errors made during changes are not always immediately noticeable, and are thus considered in two forms active and latent errors. Management of change is one of the first elements to be addressed when a company is starting to set up its PSM system.
The objective is to prevent any new errors from being introduced as changes are made. This slide gives an idea of the scope of management of change.
Note that management of change is also needed for temporary and experimental work, and for small projects as well as large ones.
Organizational change is a vulnerable area even in well-run organizations, as discussion is typically much more sensitive than for other types of change.
Note that the results of errors made during changes are not always immediately noticeable, and are thus considered in two forms active and latent errors.
55. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 55 Active and latent failures Active
Immediately adverse effect
Similar to unsafe act
Latent
Effect may not be noticeable for some time, if at all
Similar to resident pathogen. Unforeseen trigger conditions could activate the pathogens and defences could be undermined or unexpectedly outflanked An active error or failure is one where the effect follows directly from the error for example, if a pipefitter unbolts a flange on a pipeline under pressure.
With latent errors, the conditions are set up for failure at some time in the future, but only when certain conditions occur. An active error or failure is one where the effect follows directly from the error for example, if a pipefitter unbolts a flange on a pipeline under pressure.
With latent errors, the conditions are set up for failure at some time in the future, but only when certain conditions occur.
56. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 56 Avonmouth, UK 1996 toxic fire due to delivery error This incident shows how latent error can set up the conditions for an incident to happen.
A tank truck arrived with a delivery of epichlorhydrin, which is a reactive substance used in making epoxy resins, among other things. The shipment originated on the continent, and involved changes of the tractor unit between origin and destination. At one point the new tractor somehow connected to the wrong trailer, and the delivery consisted not of the intended epichlorhydrin but of sodium chlorite solution.
In a classic example of latent error, the company had no system for checking incoming materials before unloading, but relied on the supplier for this. Consequently there was no protection against a shipment of the wrong material, even when it was to be unloaded into a tank of highly reactive material.
A vigorous reaction and fire ensued, subjecting the neighbourhood to clouds of smoke containing phosgene (a highly toxic gas used as a chemical weapon in the First World War). Fortunately no-one was killed.
It is surprising that, even after the event, the company claimed that the fault lay with the shipping company and conceded only that testing of raw materials before unloading them was a possibility in future.This incident shows how latent error can set up the conditions for an incident to happen.
A tank truck arrived with a delivery of epichlorhydrin, which is a reactive substance used in making epoxy resins, among other things. The shipment originated on the continent, and involved changes of the tractor unit between origin and destination. At one point the new tractor somehow connected to the wrong trailer, and the delivery consisted not of the intended epichlorhydrin but of sodium chlorite solution.
In a classic example of latent error, the company had no system for checking incoming materials before unloading, but relied on the supplier for this. Consequently there was no protection against a shipment of the wrong material, even when it was to be unloaded into a tank of highly reactive material.
A vigorous reaction and fire ensued, subjecting the neighbourhood to clouds of smoke containing phosgene (a highly toxic gas used as a chemical weapon in the First World War). Fortunately no-one was killed.
It is surprising that, even after the event, the company claimed that the fault lay with the shipping company and conceded only that testing of raw materials before unloading them was a possibility in future.
57. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 57 Avonmouth, UK 1996 toxic fire due to delivery error Heres another picture from the same incident.Heres another picture from the same incident.
58. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 58 6. Process and Equipment Integrity Design to handle all anticipated conditions, not just ideal or typical ones
Make sure what you get is what you designed (construction, installation)
Test to make sure the design is indeed valid
Make sure it stays that way
Preventative maintenance
Ongoing maintenance
Review
Be especially careful of automatic safeguards Element 6, Process and Equipment Integrity, means making sure that the process and equipment are well-designed, and that the actual process and equipment when built and operated are consistent with the design intent.
Designers sometimes assume that their plants will be operated by supermen (or superwomen) who understand fully what goes on inside the equipment and give 100 percent of their attention to their work. This can be dangerous. The operators involved in the initial start-up may understand it well, as they usually get more intensive training and learn from the experience of the start-up. Later on, however, the process may be operated by people without the same background, and there will be occasions vacations, winter snowstorms, etc. when the regular workforce is not available and others are filling in.
This is why the process and equipment should be designed so that it is practical to operate under the range of conditions that are likely to be encountered. Controls should be clear and readily accessible, and designed to minimize the opportunity for error.
Maintenance is important, to ensure that everything continues to work as intended. Where failure would be unacceptable or costly, preventative maintenance is used to head off problems before they occur.
The process is designed to fail-safe for example, control systems are designed so that in case of utility or other failure, they default to fully open or shut, whichever is safer. Nevertheless, any system relying on automatic controls for safety must be maintained properly, otherwise the very automation may well be a latent error waiting to happen! Element 6, Process and Equipment Integrity, means making sure that the process and equipment are well-designed, and that the actual process and equipment when built and operated are consistent with the design intent.
Designers sometimes assume that their plants will be operated by supermen (or superwomen) who understand fully what goes on inside the equipment and give 100 percent of their attention to their work. This can be dangerous. The operators involved in the initial start-up may understand it well, as they usually get more intensive training and learn from the experience of the start-up. Later on, however, the process may be operated by people without the same background, and there will be occasions vacations, winter snowstorms, etc. when the regular workforce is not available and others are filling in.
This is why the process and equipment should be designed so that it is practical to operate under the range of conditions that are likely to be encountered. Controls should be clear and readily accessible, and designed to minimize the opportunity for error.
Maintenance is important, to ensure that everything continues to work as intended. Where failure would be unacceptable or costly, preventative maintenance is used to head off problems before they occur.
The process is designed to fail-safe for example, control systems are designed so that in case of utility or other failure, they default to fully open or shut, whichever is safer. Nevertheless, any system relying on automatic controls for safety must be maintained properly, otherwise the very automation may well be a latent error waiting to happen!
59. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 59 Causative effect for a runaway reaction Apart from thinking about how failures can occur, its also useful to consider how easily the operator can detect and recover from an unintended act.
For example, this slide shows a typical batch reaction using a stirred tank with heating and cooling. Equipment such as this is used for exothermic reactions with high activation energy they give out heat once the reaction gets going, but it needs to be heated up to a certain temperature before it will start.
If too much of a reactant, or catalyst, is added before the mixture is up to temperature, nothing happens until the right temperature is reached. If the heat then evolved exceeds the amount the cooling system can remove, the temperature will continue to rise and the reaction will run faster until the process goes out of control.
Apart from thinking about how failures can occur, its also useful to consider how easily the operator can detect and recover from an unintended act.
For example, this slide shows a typical batch reaction using a stirred tank with heating and cooling. Equipment such as this is used for exothermic reactions with high activation energy they give out heat once the reaction gets going, but it needs to be heated up to a certain temperature before it will start.
If too much of a reactant, or catalyst, is added before the mixture is up to temperature, nothing happens until the right temperature is reached. If the heat then evolved exceeds the amount the cooling system can remove, the temperature will continue to rise and the reaction will run faster until the process goes out of control.
60. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 60 Thermal runaway Heres an example of what can result.
Such processes are typically fitted with various interlocks and other safeguards such as log sheets which the operator must fill out at each step, but despite this a step will eventually be forgotten or performed in the wrong order.
Its important then that the operating instructions make it easy for operators to realize that they have made a mistake, and that they can then understand whether it is something they can easily recover from, or whether they should advise a supervisor before attempting to proceed further. Heres an example of what can result.
Such processes are typically fitted with various interlocks and other safeguards such as log sheets which the operator must fill out at each step, but despite this a step will eventually be forgotten or performed in the wrong order.
Its important then that the operating instructions make it easy for operators to realize that they have made a mistake, and that they can then understand whether it is something they can easily recover from, or whether they should advise a supervisor before attempting to proceed further.
61. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 61 9. Incident Investigation keep the focus on what happened rather than on blame
consider other possible consequences if the scenario had developed slightly differently
consider broader implications and lessons, rather than narrowing the focus to a specific incident
look for the root causes
keep a sense of perspective
follow through to ensure lessons are communicated and applied Incident investigation can be a delicate situation, calling for tact and a level head, as emotions can run high after an incident, especially if someone has been hurt.
Where someone has made an obvious error there can be a tendency to blame that individual for causing the incident, but the conditions which allowed it to happen may well have resulted from decisions made by others, perhaps some time before the actual event.
A general rule: there is always more than one cause, and its worth taking the time to identify the combination of factors involved, and considering not just what happened in the particular case but also what could have happened if the incident had developed slightly differently.
Root Cause Analysis is a technique used to examine incidents for underlying causal factors.
Incident investigation can be a delicate situation, calling for tact and a level head, as emotions can run high after an incident, especially if someone has been hurt.
Where someone has made an obvious error there can be a tendency to blame that individual for causing the incident, but the conditions which allowed it to happen may well have resulted from decisions made by others, perhaps some time before the actual event.
A general rule: there is always more than one cause, and its worth taking the time to identify the combination of factors involved, and considering not just what happened in the particular case but also what could have happened if the incident had developed slightly differently.
Root Cause Analysis is a technique used to examine incidents for underlying causal factors.
62. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 62 This diagram, sometimes known as the cheese model, was developed by the British psychology professor James Reason to show the way in which several barriers or systems are in place to prevent a triggering event from developing into a major incident.
None of these defences is perfect each has a variety of holes. In most cases, at least one of the barriers will work but if all the holes happen to line up, the defensive system fails.
This diagram, sometimes known as the cheese model, was developed by the British psychology professor James Reason to show the way in which several barriers or systems are in place to prevent a triggering event from developing into a major incident.
None of these defences is perfect each has a variety of holes. In most cases, at least one of the barriers will work but if all the holes happen to line up, the defensive system fails.
63. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 63 Piper Alpha before 1988 incident This shows the North Sea oil rig Piper Alpha, which was destroyed in a 1988 fire that killed 167 people. The way in which the incident developed is a good illustration of Reasons model.
The disaster began with a routine maintenance procedure. A certain backup propane condensate pump in the processing area needed to have its pressure safety valve checked every18 months, and the time had come. The valve was removed, leaving a hole in the pump where it had been.
Maintenance work in the operations such as this is controlled, first by a work order specifying the equipment to be worked on and the nature of the work to be done in this case a specific repair on a specific valve. The work order must be authorized by a designated supervisor before any maintenance work can start.
Control of the actual equipment is then typically by a permit system. A safe work permit is made out by operating personnel and signed by a designated person, certifying that the equipment has been made safe for maintenance (e.g. by closing necessary valves, depressuring the equipment to be worked on and removing any hazardous material, etc.). Maintenance personnel will sign, accepting the equipment, and at the end of the job the process is reversed with the equipment being formally transferred back from maintenance to operations personnel.
In this case the valve was removed during the day shift by maintenance personnel who expected to have it repaired and available for service by the end of the shift. Because the workers could not get all the equipment they needed by 6:00 PM, they asked for and received permission to leave the rest of the work until the next day. In the handover to the new shift, this information was somehow not realized by the incoming shift, possibly due to confusion because of a large number of other jobs also in progress at the time.
This shows the North Sea oil rig Piper Alpha, which was destroyed in a 1988 fire that killed 167 people. The way in which the incident developed is a good illustration of Reasons model.
The disaster began with a routine maintenance procedure. A certain backup propane condensate pump in the processing area needed to have its pressure safety valve checked every18 months, and the time had come. The valve was removed, leaving a hole in the pump where it had been.
Maintenance work in the operations such as this is controlled, first by a work order specifying the equipment to be worked on and the nature of the work to be done in this case a specific repair on a specific valve. The work order must be authorized by a designated supervisor before any maintenance work can start.
Control of the actual equipment is then typically by a permit system. A safe work permit is made out by operating personnel and signed by a designated person, certifying that the equipment has been made safe for maintenance (e.g. by closing necessary valves, depressuring the equipment to be worked on and removing any hazardous material, etc.). Maintenance personnel will sign, accepting the equipment, and at the end of the job the process is reversed with the equipment being formally transferred back from maintenance to operations personnel.
In this case the valve was removed during the day shift by maintenance personnel who expected to have it repaired and available for service by the end of the shift. Because the workers could not get all the equipment they needed by 6:00 PM, they asked for and received permission to leave the rest of the work until the next day. In the handover to the new shift, this information was somehow not realized by the incoming shift, possibly due to confusion because of a large number of other jobs also in progress at the time.
64. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 64 Piper Alpha partway through 1988 incident Later in the evening during the next work shift, the primary condensate pump failed. The people in the control room, who were in charge of operating the platform, decided to start the backup pump, not knowing that it was under maintenance. Gas products escaped from the hole left by the valve with such force that workers described it as being like the scream of a banshee. The leak was picked up by gas detection equipment and an alarm sounded showing a gas leak, but a few moments later it ignited and exploded.
Rigs such as this are protect by deluge systems that spray large quantities of sea water over everything in case of a fire or major gas leak. However, it was the rigs practice to lock out the deluge system whenever divers were working nearby, to avoid the hazard of sucking a diver up against the inlet grating to the deluge pumps and drowning him as his air supply ran out.
Divers had been working on the rig for several weeks continually in the period leading up to the incident. The deluge system had therefore been left locked out all the time, to avoid re-doing it every day!
The force of the explosion blew down the firewall separating different parts of the processing facility, and soon large quantities of stored oil were burning out of control. Later in the evening during the next work shift, the primary condensate pump failed. The people in the control room, who were in charge of operating the platform, decided to start the backup pump, not knowing that it was under maintenance. Gas products escaped from the hole left by the valve with such force that workers described it as being like the scream of a banshee. The leak was picked up by gas detection equipment and an alarm sounded showing a gas leak, but a few moments later it ignited and exploded.
Rigs such as this are protect by deluge systems that spray large quantities of sea water over everything in case of a fire or major gas leak. However, it was the rigs practice to lock out the deluge system whenever divers were working nearby, to avoid the hazard of sucking a diver up against the inlet grating to the deluge pumps and drowning him as his air supply ran out.
Divers had been working on the rig for several weeks continually in the period leading up to the incident. The deluge system had therefore been left locked out all the time, to avoid re-doing it every day!
The force of the explosion blew down the firewall separating different parts of the processing facility, and soon large quantities of stored oil were burning out of control.
65. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 65 Piper Alpha was a collector rig for two other rigs in the area, though they were too far away to be able to see one another.
The operators on the other rigs heard that there was a fire on Piper Alpha, but did not know whether the fire was a minor one or something more serious. There is an excellent film which re-enacts the drama as members of these crews argued violently about whether to stop pumping an expensive decision they had no clear basis for or to continue, possibly adding to a disastrous situation that could well endanger the lives of their fellow workers. In the end they continued to pump.
About twenty minutes after the initial explosion, the fire had spread and become hot enough to weaken and then burst the gas risers from the other platforms. These were steel pipes of a diameter from twenty-four to thirty-six inches, containing flammable gas products under high pressure. When these risers burst, the resulting jet of fuel dramatically increased the size of the fire from a billowing fireball to a towering inferno. At the fire's peak, the flames reached three hundred to four hundred feet in the air and could be felt from over a mile away and seen from eighty-five....
Three hours later the majority of the platform, including the accommodations, had melted off and sunk below the water. The ships in the area continued picking up survivors until morning, but the platform and most of its crew had been destroyed.
Piper Alpha was a collector rig for two other rigs in the area, though they were too far away to be able to see one another.
The operators on the other rigs heard that there was a fire on Piper Alpha, but did not know whether the fire was a minor one or something more serious. There is an excellent film which re-enacts the drama as members of these crews argued violently about whether to stop pumping an expensive decision they had no clear basis for or to continue, possibly adding to a disastrous situation that could well endanger the lives of their fellow workers. In the end they continued to pump.
About twenty minutes after the initial explosion, the fire had spread and become hot enough to weaken and then burst the gas risers from the other platforms. These were steel pipes of a diameter from twenty-four to thirty-six inches, containing flammable gas products under high pressure. When these risers burst, the resulting jet of fuel dramatically increased the size of the fire from a billowing fireball to a towering inferno. At the fire's peak, the flames reached three hundred to four hundred feet in the air and could be felt from over a mile away and seen from eighty-five....
Three hours later the majority of the platform, including the accommodations, had melted off and sunk below the water. The ships in the area continued picking up survivors until morning, but the platform and most of its crew had been destroyed.
66. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 66 Fourth Phase: 90s and beyond Realization of significance of sociocultural factors in human thought processes and hence in behaviours�
At the individual level�
At the organizational level It was again the analysis of several major incidents and how they happened, despite the supposed presence of systems to prevent them, that led to the the fourth phase in the thinking of how to control safety in an industrial society.
This fourth phase is the recognition that all the aspects previously described industrial processes, equipment, systems, policies, procedures, etc. are performed by humans and, as such, are subject to the typical variation in performance which is characteristic of human behaviour.
Humans do not behave as black boxes or computers, but follow certain thought processes and behaviours, both at the individual and at the organizational level.
It was again the analysis of several major incidents and how they happened, despite the supposed presence of systems to prevent them, that led to the the fourth phase in the thinking of how to control safety in an industrial society.
This fourth phase is the recognition that all the aspects previously described industrial processes, equipment, systems, policies, procedures, etc. are performed by humans and, as such, are subject to the typical variation in performance which is characteristic of human behaviour.
Humans do not behave as black boxes or computers, but follow certain thought processes and behaviours, both at the individual and at the organizational level.
67. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 67 Human factors in accident prevention People, and most organizations, dont intend to get hurt (have accidents)
To understand why they do leads us eventually into understanding human behaviour, both at the individual and organizational level, and involves:
Physical interface
Ergonomics
Psychological interface
Perception, decision-making, control actions
Human thought processes
Basis for reaching decisions
Ideal versus actual behaviour
Social psychology
Relationships with others
Organizational behaviour With a few exceptions, people, and organizations, dont usually intend to get hurt, or to have accidents. So why do they?
This is a question of human error, in the sense that individuals and organizations start out with an intent (to do something without causing harm) but then act in such ways that, in retrospect, it often appears that causing harm was just a matter of time.
Investigation into the behaviour that leads to accidents has revealed how human thought processes have a great influence on the likelihood of error.
Some aspects have been studied extensively. Ergonomics, for example, looks at the physical interface between the operator and the equipment or process. This covers such topics as fatigue, ease of perception of relevant information and operation of various controls.
The ways in which people think and how they reach decisions about what to do moves into fields such as psychology and sociology, and in general, the further we move from the operator-equipment interface, the less is understood.
With a few exceptions, people, and organizations, dont usually intend to get hurt, or to have accidents. So why do they?
This is a question of human error, in the sense that individuals and organizations start out with an intent (to do something without causing harm) but then act in such ways that, in retrospect, it often appears that causing harm was just a matter of time.
Investigation into the behaviour that leads to accidents has revealed how human thought processes have a great influence on the likelihood of error.
Some aspects have been studied extensively. Ergonomics, for example, looks at the physical interface between the operator and the equipment or process. This covers such topics as fatigue, ease of perception of relevant information and operation of various controls.
The ways in which people think and how they reach decisions about what to do moves into fields such as psychology and sociology, and in general, the further we move from the operator-equipment interface, the less is understood.
68. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 68 Human behaviour modes Instead of looking at the ways in which people can fail, look at how they function normally:�
Skill-based
Rapid responses to internal states with only occasional attention to external info to check that events are going according to plan
Often starts out as rule-based
Rule-based
IF, THEN
Rules need not make sense they only need to work, and one has to know the conditions under which a particular rule applies
Knowledge-based
Used when no rules apply but some appropriate action must be found
Slowest, but most flexible
Even at the individual operator level, different modes of thought have been identified.
When a new process is being designed, the criteria for design and operation are developed by technical experts with the background and experience to assess the implications of various factors as they work out how to proceed. This knowledge level can cope with a wide variety of challenges, but takes a lot of time.
As the situation becomes clearer, the experts codify the basis for decisions into a series of rules if A happens, do X, if B, then Y, etc. Those who operate the process do not then need to be technical experts they simply have to be able to recognize which rule applies or takes precedence in a given situation. Then, as they operate the process for weeks, months and years, they perform most actions automatically for example as most of us do, most of the time, when driving a car.
From a safety viewpoint, this has important implications which are often overlooked. When operating at the skill level, people are performing tasks without much conscious thought, and telling people to be more careful is not effective at this level for other than brief periods. This means that the potential for error must be managed through the design of the rules, or of the process itself, if we are serious about avoiding accidents.
Its also why its important for university faculty and staff to insist on rules for laboratory safety, and to ensure that they are followed. Faculty and staff can operate at the knowledge and also the skill levels, but students do not have the same background and experience they can easily get hurt by following a superficial example but not fully realizing the hazards!
Finally, as we move to the higher levels of an organization, issues such as the motivation of those making decisions, and the safety culture of the organization, become important.
Even at the individual operator level, different modes of thought have been identified.
When a new process is being designed, the criteria for design and operation are developed by technical experts with the background and experience to assess the implications of various factors as they work out how to proceed. This knowledge level can cope with a wide variety of challenges, but takes a lot of time.
As the situation becomes clearer, the experts codify the basis for decisions into a series of rules if A happens, do X, if B, then Y, etc. Those who operate the process do not then need to be technical experts they simply have to be able to recognize which rule applies or takes precedence in a given situation. Then, as they operate the process for weeks, months and years, they perform most actions automatically for example as most of us do, most of the time, when driving a car.
From a safety viewpoint, this has important implications which are often overlooked. When operating at the skill level, people are performing tasks without much conscious thought, and telling people to be more careful is not effective at this level for other than brief periods. This means that the potential for error must be managed through the design of the rules, or of the process itself, if we are serious about avoiding accidents.
Its also why its important for university faculty and staff to insist on rules for laboratory safety, and to ensure that they are followed. Faculty and staff can operate at the knowledge and also the skill levels, but students do not have the same background and experience they can easily get hurt by following a superficial example but not fully realizing the hazards!
Finally, as we move to the higher levels of an organization, issues such as the motivation of those making decisions, and the safety culture of the organization, become important.
69. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 69 The Process Safety Management Guide Summarizes CCPS approach in handy, short booklet�
Available as free download from CSChEs PSM division website, in English and French (or as booklet, for nominal fee)�
Website:�www.cheminst.ca/division/psm Lets look now at some of the tools available and how to access them.
The Process Safety Management guide, on which most of this lecture is based, is available free of charge as a download in English and French from the CSChE PSM Division website www.cheminst.ca/division/psm.
It is also available as a printed booklet for a nominal fee ($20) Lets look now at some of the tools available and how to access them.
The Process Safety Management guide, on which most of this lecture is based, is available free of charge as a download in English and French from the CSChE PSM Division website www.cheminst.ca/division/psm.
It is also available as a printed booklet for a nominal fee ($20)
70. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 70 Site Self-Assessment Tool Hazardous Installations Self-Assessment Tool (HISAT)
Available for free download in English and French from CSChEs PSM division website
Provides a benchmark for status of process safety management in a company, site or unit
101 questions
11 on preparedness
90 on prevention (PSM)
Questions test level of (a) awareness and (b) use of PSM techniques
Three levels: essential, enhanced, comprehensive
Over-the-phone guidance provided by the PSM division The HISAT Site Self-Assessment Tool is recommended for anyone wondering how a site compares with what it should be doing to control major accident hazards. It was developed by a team of Canadian experts based on the PSM guide, and includes over 100 questions designed to test both the awareness and also the actual use of PSM.
The questions are arranged in three levels, providing benchmarks for performance and also showing what to work on first. The PSM division arranges for over-the-phone guidance if you need help in understanding the questions.
CSChE recommends that copies of the tool be issued to a multidisciplinary team such as production, maintenance, engineering, safety, etc. and that the team members review the findings together as they establish the sites current status. The tool is available free of charge as a download in English and French from the CSChE PSM Division website, so it can be used by union members, employees, contractors, or even those outside the company if desired.
The HISAT Site Self-Assessment Tool is recommended for anyone wondering how a site compares with what it should be doing to control major accident hazards. It was developed by a team of Canadian experts based on the PSM guide, and includes over 100 questions designed to test both the awareness and also the actual use of PSM.
The questions are arranged in three levels, providing benchmarks for performance and also showing what to work on first. The PSM division arranges for over-the-phone guidance if you need help in understanding the questions.
CSChE recommends that copies of the tool be issued to a multidisciplinary team such as production, maintenance, engineering, safety, etc. and that the team members review the findings together as they establish the sites current status. The tool is available free of charge as a download in English and French from the CSChE PSM Division website, so it can be used by union members, employees, contractors, or even those outside the company if desired.
71. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 71 Assessing a companys safety effectiveness What is the safety policy and culture (written, unwritten)?�
How are the following handled?
Establishing what has to be done
Benchmarking
Communicating
Assigning accountabilities
Ensuring that it gets done
Monitoring and corrective action
Evidence (documentation) and audit process
Resourcing not only for ideal but for anticipated conditions
Balancing with other priorities�
How are exceptions handled? Heres a useful approach you can use in assessing a companys safety effectiveness, whether you work at the company or not.Heres a useful approach you can use in assessing a companys safety effectiveness, whether you work at the company or not.
72. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 72 CSChEs PSM Division website This is the home page of the CSChE PSM Division's website www.cheminst.ca/division/psm.
The PSM Help link takes you to pages where you can get the PSM guide, site self-assessment tool and other useful information.This is the home page of the CSChE PSM Division's website www.cheminst.ca/division/psm.
The PSM Help link takes you to pages where you can get the PSM guide, site self-assessment tool and other useful information.
73. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 73 AIChEs Center for Chemical Process Safety The US Center for Chemical Process Safety, or CCPS, is a part of the American Institute of Chemical Engineers. CCPS was a pioneer in process safety management, and a wealth of useful reference information is available via their website www.aiche.org/ccps.
Most of the CCPS publications are in textbook form, and cost around US100 to $200. However, they can save a great deal of time when developing safety systems, and may be available through a library service. The US Center for Chemical Process Safety, or CCPS, is a part of the American Institute of Chemical Engineers. CCPS was a pioneer in process safety management, and a wealth of useful reference information is available via their website www.aiche.org/ccps.
Most of the CCPS publications are in textbook form, and cost around US100 to $200. However, they can save a great deal of time when developing safety systems, and may be available through a library service.
74. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 74 Lees Loss Prevention in the Process Industries is an excellent overall reference��(though expensive, it can be found in technical libraries) Lees Loss Prevention in the Process Industries is perhaps the most useful single reference work on process safety management. It is now in its second edition, in three volumes. At around US $625 it is expensive, but again may be available through a reference library. Lees Loss Prevention in the Process Industries is perhaps the most useful single reference work on process safety management. It is now in its second edition, in three volumes. At around US $625 it is expensive, but again may be available through a reference library.
75. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 75 Useful guides are available from such organizations as:
OECD
UNEP
ILO
IChemE
OSHA
etc. Useful publications and tools are also available from other organizations such as:
Organization for Economic Cooperation and Development
United Nations Environment Programme
International Labour Office
Institution of Chemical Engineers (UK)
Occupational Safety and Health Administration (US)
Environmental Protection Agency's Chemical Emergency Preparedness and Prevention Office (US)
Useful publications and tools are also available from other organizations such as:
Organization for Economic Cooperation and Development
United Nations Environment Programme
International Labour Office
Institution of Chemical Engineers (UK)
Occupational Safety and Health Administration (US)
Environmental Protection Agency's Chemical Emergency Preparedness and Prevention Office (US)
76. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 76 Conclusion You are soon going to be out in the workplace�
Many of the people you are going to be working with should be aware of what youve learned today, but arent�
You can make a difference it may well be that your intervention prevents one of these incidents!�
You may need tact as well as knowledge
77. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 77 The New Product Introduction Curve Can be applied to adoption of new ideas, e.g. PSM
Categories differ by ability and more importantly, motivation This diagram, a concept from Marketing 101, shows how a new product or idea is not taken up with immediate enthusiasm by the whole target market, but is adopted at different rates by different categories of users.
Innovators dont need outside persuasion to get going they are capable of moving by themselves and indeed will have developed many of the techniques described in this lecture.
Early adopters are not able to develop many of the techniques by themselves, but are alert and constantly looking for ideas they can use to get their job done easier and more effectively. They read newsletters, attend conferences, research the web and often participate on technical working groups and committees.
The early majority is a large group, typically with the right attitude but lacking the time or resources to learn by themselves. A combination of instruction and motivation is needed for this group, showing what tools and assistance are available and putting them in touch with innovators and early adopters who can explain and suggest to them what to do next.
The late majority is also a large group, but differs from the previous group in having a much lower motivation to adopt the new practices or techniques. There may be a variety of reasons, from a well-run organization with other priorities to a poorly-run one lacking an effective process for establishing and meeting objectives. This group typically follows the early majority, doing something new mainly because everyone else is doing it, and can be brought in once the techniques, etc. have gained wide acceptance are and becoming well-known. Motivation is far more important than instruction with this group.
Laggards are a smaller group, consisting of those who refuse to move unless the consequences of not doing so are close to threatening. Very strong peer pressure, the imminent cut-off by suppliers and customers or sanctions by insurers or regulatory agencies are likely to be necessary, and it is this group at whom regulations are primarily targeted. This diagram, a concept from Marketing 101, shows how a new product or idea is not taken up with immediate enthusiasm by the whole target market, but is adopted at different rates by different categories of users.
Innovators dont need outside persuasion to get going they are capable of moving by themselves and indeed will have developed many of the techniques described in this lecture.
Early adopters are not able to develop many of the techniques by themselves, but are alert and constantly looking for ideas they can use to get their job done easier and more effectively. They read newsletters, attend conferences, research the web and often participate on technical working groups and committees.
The early majority is a large group, typically with the right attitude but lacking the time or resources to learn by themselves. A combination of instruction and motivation is needed for this group, showing what tools and assistance are available and putting them in touch with innovators and early adopters who can explain and suggest to them what to do next.
The late majority is also a large group, but differs from the previous group in having a much lower motivation to adopt the new practices or techniques. There may be a variety of reasons, from a well-run organization with other priorities to a poorly-run one lacking an effective process for establishing and meeting objectives. This group typically follows the early majority, doing something new mainly because everyone else is doing it, and can be brought in once the techniques, etc. have gained wide acceptance are and becoming well-known. Motivation is far more important than instruction with this group.
Laggards are a smaller group, consisting of those who refuse to move unless the consequences of not doing so are close to threatening. Very strong peer pressure, the imminent cut-off by suppliers and customers or sanctions by insurers or regulatory agencies are likely to be necessary, and it is this group at whom regulations are primarily targeted.
78. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 78 Dealing with a Safety (or Engineering) Problem Finding out who youre dealing with
Where is the organization on the curve? (generally, and re the specific issue or problem)
Where are the people youre dealing with on the curve? (generally, and re the issue or problem)
Finding out what to do
Benchmark dont try to reinvent the wheel unless youre sure there isnt one already (or youve time and its fun to do so)
Find out what others are doing about it
Read the instructions
Identify/define the issue
If its likely to be regulated, check with government agencies, trade associations, web, internet
If not regulated but likely good industry practice, check suppliers, other users of same material or item, other users of similar items, other industry contacts but test the info!!! (cross-check, ask if it makes sense)
Check standard reference works,(Lees, CCPS, etc)
Doing it
Try to think of all situations that are likely to occur (process, eqpt, people)
KISS, keep it user-friendly, show basis for decisions if practical to do so
Follow up afterwards to see how its working This slide has a lot of information, but its intended for reference when you are trying to solve problems yourselves and are new to the topic or issue.
The first job is to find out where the organization and the people you are dealing with are on the issue, using the new product introduction curve on the previous slide as a guide. The reason for this is that how you approach the problem, and how you present proposed solutions, may need to be modified to suit the circumstances. You may need tact as much as engineering knowledge if you are to be successful, and this will help you understand the motivation of the people you are dealing with.
Then comes a suggested framework for researching solutions in a systematic way, so that you can not only find solutions faster you can also cite authoritative references for what you are proposing.
Finally there are tips for applying the knowledge so that the solution actually works as you intended, and is indeed effective in solving the original problem.
This slide has a lot of information, but its intended for reference when you are trying to solve problems yourselves and are new to the topic or issue.
The first job is to find out where the organization and the people you are dealing with are on the issue, using the new product introduction curve on the previous slide as a guide. The reason for this is that how you approach the problem, and how you present proposed solutions, may need to be modified to suit the circumstances. You may need tact as much as engineering knowledge if you are to be successful, and this will help you understand the motivation of the people you are dealing with.
Then comes a suggested framework for researching solutions in a systematic way, so that you can not only find solutions faster you can also cite authoritative references for what you are proposing.
Finally there are tips for applying the knowledge so that the solution actually works as you intended, and is indeed effective in solving the original problem.
79. 2004 CSChE-PSM Summer Institute Process Safety Management Educational Module 79 The Last Slide Think about how safety philosophy has developed, and the four phases:
Protect the assets
Rules, to protect people, assets and the environment
Management systems, to ensure the rules work
Understanding the human aspect individual and group So as you go into the world outside, think of the way in which safety philosophy has developed in these four phases.
To make it easy, think of the four phases as a vertical column as shown on the right of this slide: Human System Rules Assets! Each word is a represents one of the phases, and is built on the foundation of the phases which preceded it. And remember, its not that one is superior to the others they present different facets for a greater understanding of the problem.
Try to remember the ideas or concepts of what you learned today rather than the details, which you can always look up when you need them.
Watch for opportunities to apply this learning, because there may well be places where your knowledge could prevent a situation that is about to hurt or kill someone.
Dont be surprised if people are unaware of this, or if theyre not as receptive to your message as youd like. Stay positive, and good luck with your future careers!So as you go into the world outside, think of the way in which safety philosophy has developed in these four phases.
To make it easy, think of the four phases as a vertical column as shown on the right of this slide: Human System Rules Assets! Each word is a represents one of the phases, and is built on the foundation of the phases which preceded it. And remember, its not that one is superior to the others they present different facets for a greater understanding of the problem.
Try to remember the ideas or concepts of what you learned today rather than the details, which you can always look up when you need them.
Watch for opportunities to apply this learning, because there may well be places where your knowledge could prevent a situation that is about to hurt or kill someone.
Dont be surprised if people are unaware of this, or if theyre not as receptive to your message as youd like. Stay positive, and good luck with your future careers!
