Process Safety

Management
CH-523

Prof. Dr. Zahoor Ul Hussai

zahoor@neduet.edu.pk
 Course Grades
Total Marks 100 (60 Final+40 sessional)
Assessment of Sessional Marks
Class performance 05
Homework 05
assignments
Tests 20
Presentations 10
 Books
• “System Safety Engineering and Risk Assessment” Second Edition
Nicholas J.Bahr CRC Press Taylor & Francis Group
• “Introduction to Process Technology” Third Edition Charles
E.Thomas DELMAR CENGAGE LEARNING.
• “Industrial and Process Furnaces Principles, Design and
Operation” Peter Mullinger, ELSEVIER.
•“Chemical Process Safety Fundamentals with applications”
Second Edition Daniel A. Crow, Michigan Technological University
Joseph F. Louvar, Wayne State University
 Course Outline
□ Risk perception, acceptable risk, risk rating and ranking, risk
matrix Chemical process accidents.
□ Impact of standards and regulations, OSHA, process safety
management standard PSM and Risk Management Professional
(RMP) background based case studies.
□ Introduction to the 14 Elements, OSHA PSM Requirement –
Process Hazard Analysis (PHA)
□ Difference between PSM and OSHA Regulations
□ Routes of entry, Causes and Effects, Toxicological Studies.
□ Models of doses, Response curves, Threshold limit values
□ Liquid discharge, Vapour discharge, Flashing liquids
□ Pool evaporation Design basis, Dispersion models, Weather effects
Release mitigations
□ Deviations from normal operation, Hazard and Operability
Studies(HAZOP), Permit to work systems (PTWs)
□ Fire triangle, Flammability characteristics of liquids and
vapours, Ignition, Fire effects, Explosion mechanism.
□ Fixed and portable fire extinguishers, Fire- Water System
Design
□ On-site risk, Fatal Accident Rate (FAR),Off-site risk
□ Individual and societal risks, Quantitative risk assessment
methods, Event tree analysis, Fault tree analysis
□ Bow tie analysis
□ Investigation methodologies
□ Determining Root Causes, Structured Approach Developing
Effective Recommendations
□ Learning from accidents, Investigation process and
reporting.
Introduction
Accident
An accident can be described as an unplanned event or action
that results in undesired consequences, e.g. injury, ill health,
damage to the environment, damage to or loss of property, plant
and materials.
Incident
An incident is the sequence of events or actions that produces
that accident. All accidents are incidents. However the definition of
an incident is wider in that it also includes dangerous occurrences
and near misses.
Introduction
Near Miss
Is an unplanned event that did not result in injury, illness, or
damage but had the potential to do so. Only a fortunate break in
the chain of events prevented an injury, fatality or damage.

Hazard
The meaning of the word hazard can be confusing. Often
dictionaries do not give specific definitions or combine it with
the term "risk". For example, one dictionary defines hazard as "a
danger or risk" which helps explain why many people use the
terms interchangeably.
A hazard is any source of potential damage, harm or adverse
health effects on something or someone under certain
conditions at work.
Introduction
Risk
Risk is the chance or probability that a person will be
harmed or experience an adverse health effect if exposed to
a hazard. It may also apply to situations with property or
equipment loss.
Risk (consequence/time) = Frequency (events/time) × magnitude (consequence/event)

Dangerous Occurrence
This is a ‘near miss’ which could have led to serious injury
or loss of life.
Introduction
Adverse health effects include:
▪ Bodily injury
▪ Disease
▪ Decrease in life span,
▪ Change in mental condition resulting from
stress, traumatic Experiences, exposure to solvents, and
so on.
▪ Effects on the ability to accommodate additional stress.
 WHAT IS SAFETY ANALYSIS?
❑ Safety analysis is a generic term for study of the system, identification of
dangerous aspects of the system, and correction of them.

❑ System safety is the formal name for a comprehensive and systematic

examination of an engineering design or mature operation and control of any
particular hazards that could injure people or damage equipment.
 WHAT IS SAFETY ANALYSIS?

System safety engineering is a compilation of engineering analyses and

management practices that control dangerous situations, specifically

Identify the hazards in a system

❑ • Determine the underlying causes of those hazards

❑ • Develop engineering or management controls to either eliminate the hazards or

mitigate their consequences

❑ • Verify that the controls are adequate and in place

❑ • Monitor the system after it has been changed and modify further as needed
 BRIEF HISTORY OF SAFETY
In the United Kingdom in the early 1960s, Imperial Chemical Industries started
developing the concept of the HAZOP ( Hazard & Operability Analysis) study
(a chemical industry safety analysis). In 1974, it was presented at an American
Institute of Chemical Engineers conference on loss prevention.
Also in the early 1960s, Pillsbury Company, United States, collaborated with the U.S.
Army to produce food for astronauts on NASA missions and created the Hazard
Analysis and Critical Control Point (HACCP) methodology. It is a systematic
approach to food and pharmaceutical safety that identifies physical, chemical, and
biological hazards during the entire supply chain—especially during production—that
can cause the product to be unsafe for humans.

In 1993, it became a regulation for all Europe community countries and, in 2005, was
incorporated into the ISO 22000, Food safety management system-requirements
for any organization in the food chain.
 BRIEF HISTORY OF SAFETY

A key development in system safety is the ALARP principle that states that the
residual risk of a system shall be as low as reasonably practicable (ALARP
principle) and was codified through the UK Health and Safety at Work Act of 1974.
The concept asserts that safety-critical systems and operations should be safe as
far as reasonably practicable without risks to health and safety .
HAZOP STUDIES
 HAZARD
□A hazard is a condition that can cause injury or death,
damage to or loss of equipment or property, or
environmental harm.
□ Some typical hazards in various systems are electrical
discharge or shock, fire or explosion, rapid pressure
release, and extreme high or low temperature.
 Hazard Identification
□ Hazard identification is a crucial part of the system safety process. It
is impossible to safeguard a system or control risks adequately
without first identifying the hazards.
□ The hazard identification process is a kind of safety brainstorming.
The purpose is to identify as many hazards as are possible and
credible. Through this process, the engineer develops a preliminary
hazard list (PHL) and later will assess the impact on the system.
□ To develop a PHL, you will want to use various methods to gather
the most exhaustive list possible. This may include the following:
 Hazard Identification
▪ Survey the site.
▪ Interview site personnel.
▪ Convene a technical expert panel.
▪ Analyze and compare similar systems.
▪ Review past accidents.
▪ Identify codes, standards, and regulations.
▪ Review relevant technical data (electrical and mechanical
drawings, analyses, operator manuals and procedures, engineering
reports, etc.).
▪ Analyze energy sources (voltage/current sources,
high-/low-temperature sources, etc.).
 Hazard Identification
□ Many methods are available for performing hazard identification and
risk assessment.
□ The selection of the best method requires experience.
□ Most companies use these methods or adaptations to suit their
particular operation.
□ The hazard identification methods include the following:
 Hazard Identification
1.Process hazards checklists: This is a list of items and possible
problems in the process that must be checked.
2.Hazards surveys: This can be as simple as an inventory of hazardous
materials, or it can be as detailed as the Dow indexes. The Dow
indexes are a formal rating system, much like an income tax form, that
provide penalties for hazards and credits for safety equipment and
procedures.
3.Hazards and operability (HAZOP) studies: This approach allows the
mind to go free in a controlled environment. Various events are
suggested for a specific piece of equipment with the participants
determining whether and how the event could occur and whether the
event creates any form of risk.
4.Safety review: An effective but less formal type of HAZOP study.
The results are highly dependent on the experience and the group
reviewing the process
 PRACTICAL TIPS AND BEST
OPnethe
□ that Rosystem
Af thCdescription
eTmoCI st cEmatches
ommon mistakes at this
what really juncture is not
exists.
to Most
□ verifyengineering projects go through various design changes after
the design has been completed and reviewed.
□ Frequently these changes are not well documented, so it becomes
dangerous to base data gathering only on what is published in
the plant library.
□ It is very important for the engineer to make frequent site visits
to verify what the system really looks like.
□ This becomes especially important for old systems that have gone
through numerous modifications over the years.
□ Dow's Index is a quantitative risk analysis method that has been used for
hazard identification at plant level. This method was introduced by the Dow
Chemical Company for fire and explosion hazard analysis. The potential
occurrence of fire and explosion can be estimated by using the Dow Index
 Hazard analysis
□ A hazard analysis is a technique for studying the cause/consequence
relation of the hazard potential in a system.
□ The purpose is to take the PHL one level deeper and assess how each
hazard affects the system. Is it catastrophic? Or is it critical?
□ The hazard analysis will also assist you in further assessing
which hazards are important and which are not and therefore do
not need further study.
 Risk evaluation
□ After hazards have been identified and analyzed, you need to control
their occurrence or mitigate their effects.
□ Is the hazard likely to occur? If it does, how much damage will
result from the incident?
□ You need to understand the relationship between hazard cause and
effect. With this information, the associated risks are then ranked,
and engineering management is better able to determine which risks
are worth controlling and which risks require less attention.
 Hazard Control
□ After evaluating the risks and ranking their importance, you must
control their effects.
□ Controls fall into two broad categories: engineering controls
and management controls.
□ Engineering controls are changes in the hardware that
either eliminate the hazards or mitigate their risks.
□ Some example engineering controls include adding a relief valve to a
2000 psi oxygen system, building a berm around an oil storage tank,
using only hermetically sealed switches in an explosive environment.
 Hazard Control
□ Management controls are changes made to the organization itself.
□ Developing and implementing a plant safety plan is a good method of
applying management controls to hazards.
□ Some examples are using production-line employees as safety
representatives for their areas, requiring middle-management
reviews and approvals of any plant or system modifications to
consider safety implications, or assigning signature authority to
safety engineers for all engineering change orders and drawings.
□ Processes and procedures also are included in the management control
area.
 HAZARD ANALYSIS METHODOLOGY
□ The first step is to define the analysis criteria and parameters. Then
it is important to define and understand the physical and functional
characteristics of the system under study.
□ It is important to look not only at the major subsystems but also at
their functions and interrelationships. Understanding the subsystem
and system interfaces is critical to identifying hazards.
□ Many engineers fail at this stage because they feel they adequately
understand how the system works and do not need to spend time
accurately defining it. What is important is not just how the system
works but also its operating conditions and environment.
□ Remember to look at the system and its elements in context to their
surroundings. This means that it is critical to define the people,
processes, and technologies that make up the system
 HAZARD ANALYSIS METHODOLOGY
□ Next, hazards and their root causes must be identified. You should go
through the system step by step and postulate what the associated
hazards with this system under all operating conditions are (including
abnormal conditions).
□ It is important to study the system through all phases of the life
cycle—remember that there may be very different hazards at
particular stages in the life cycle.
□ Once the hazards, including the causal factors, have been identified,
it becomes important to evaluate the hazards and their effects.
Most hazard analysis methodologies apply some type of severity
classification. This classification is used as a marker to compare the
consequences of one hazard to another. Usually some engineering
analysis is done so that you can understand what the effects of the
hazard would be if an accident did occur.
 HAZARD ANALYSIS METHODOLOGY
□ To control hazards, you must understand the probability or likelihood
of the hazard event actually occurring.
□ Most hazard analysis techniques use a qualitative probability
ranking. Other safety analyses such as fault tree analysis or
probabilistic risk assessment use quantitative analysis.
□ Either way, the event probability must be determined before
management can decide whether the risk should be eliminated,
controlled, or accepted. If the hazard analysis does not address both
hazard severity and likelihood of occurrence, then the analysis is not
very useful.
□ Hazard analysis methodologies employ a qualitative ranking
system, merging the severity of the accident with the probability of
the event occurring to give a hazard risk. This is then rank ordered.
 HAZARD ANALYSIS METHODOLOGY
□ This risk ranking is then used to decide whether the hazard risk should
be accepted or not. This disposition or resolving of hazards requires
the acceptance of the risk or implementation of a corrective action
system to eliminate or control the hazard.
□ The last step is to conduct follow-up activities. It is important to
monitor the system to ensure the effectiveness of the hazard controls
and to check for new or unexpected hazards.
□ Things change so it is important to periodically reassess the system
and determine if hazards are still adequately identified and control
mechanisms still work.
□ This is especially important if the system is modified, expanded, or
reconfigured or operating conditions change. If there are any
material changes to the system, then the hazard analysis should be
updated to reflect the changes and their impacts to the system.
 Process Hazards Checklists
□ A process hazards checklist is simply a list of possible problems and
areas to be checked. The list reminds the reviewer or operator of
the potential problem areas.
□ A checklist can be used during the design of a process to identify
design hazards, or it can be used before process operation.
□ A classic example is an automobile checklist that one might review
before driving away on a vacation. This checklist might contain
the following items:
❖Check oil in engine. ❖Check fluid level in radiator.
❖Check air pressure in tires. ❖Check exhaust system for leaks.
❖Check air filter.
❖Check fluid level in windshield washer tank.
❖Check headlights and taillights.
❖Check fluid levels in brake system.
❖Check gasoline level in tank.
 Process Hazards Checklists
□ Checklists should be applied only during the preliminary stages of
hazard identification and should not be used as a replacement for
a more complete hazard identification procedure.
□ Checklists are most effective in identifying hazards arising from
process design, plant layout, storage of chemicals, electrical systems,
and so forth.
□ A typical process design safety checklist is shown in Figure. Note
that three check off columns are provided.
 Hazards Surveys
□ A hazards survey can be as simple as an inventory of hazardous
materials in a facility or as complicated as a rigorous procedure such
as the Dow Fire and Explosion Index ( F &EI) and the Dow-Chemical
Exposure Index (CEI), which are two popular forms of hazards
survey.
□ These are formal systematized approaches using a rating form, similar
to an income tax form. The final rating number provides a relative
ranking of the hazard.
□ The F&EI also contains a mechanism for estimating the dollar loss in
the event of an accident.
• The Dow F&EI is designed for rating the relative hazards with the
storage, handling, and processing of explosive and flammable
materials.
 Hazards Surveys
□ The procedure begins with a material factor that is a function only
of the type of chemical or chemicals used. This factor is adjusted
for general and special process hazards.
□ These adjustments or penalties are based on conditions such
as storage above the flash or boiling point, endo- or
exothermic reactions, and fired heaters.
□ Credits for various safety systems and procedures are used for
estimating the consequences of the hazard, after the fire and
explosion index has been determined.
□ The form, shown in Figure, consists of three columns of numbers.
The first column is the penalty column. Penalties for various unsafe
situations are placed in this column.
□ The second column contains the penalty actually used. This allows
for a reduction or increase in the penalty based on circumstances
not completely covered by the form
 Hazards Surveys
□ The final column is used for computation.
□ The first step in the procedure is to conceptually divide the process
into separate process units. A process unit is a single pump, a reactor,
or a storage tank. A large process results in hundreds of individual
units. It is not practical to apply the fire and explosion index to all
these units. The usual approach is to select only the units that
experience shows to have the highest likelihood of a hazard.
 Hazards Surveys
□ The next step is to determine the material factor (MF) for use in
the form shown in Figure.
□ Table lists MFs for a number of important compounds. This list also
includes data on heat of combustion and flash and boiling point
temperatures.
□ The additional data are also used in the computation of the Dow F&EI.
A procedure is provided in the complete index for computing the
material factor for other compounds not listed in Table.
□ In general, the higher the value of the MF, the more
flammable and/or explosive the material.
□ If mixtures of materials are used, the MF is determined from
the properties of the mixture.
□ The highest value of the MF under the complete range of operating
conditions is suggested. The resulting MF value for the process is
written in the space provided at the top of the form in Figure
 Hazards Surveys
□ The next step is to determine the general process hazards. Penalties
are applied for the following factors:
1. exothermic reactions that might self-heat,
2.endothermic reactions that could react because of an external heat
source such as a fire,
3.material handling and transfer, including pumping and connection of
transfer lines,
4. enclosed process units preventing dispersion of escaped vapors,
5. limited access for emergency equipment, and
6. poor drainage of flammable materials away from the process unit.
 Hazards Surveys
□ Penalties for special process hazards are determined next:
1. toxic materials, which could impede fire fighting,
2. less than atmospheric pressure operation with a risk of outside air entering,
3. operation in or near the flammable limits,
4. dust explosion risks,
5. higher than atmospheric pressure,
6.low-temperature operation with potential embrittlement of carbon steel
vessels,
7. quantity of flammable material,
8. corrosion and erosion of process unit structures,
9. leakage around joints and packings,
10. use of fired heaters, providing a ready ignition source,
11.hot oil heat exchange systems where the hot oil is above its ignition
temperature, and
12. large rotating equipment, including pumps and compressors.
Example
Your plant is considering the installation of a new railcar tank
unloading facility. The facility will unload nominal 25,000-gal tank
cars containing either pure butadiene or cyclohexane. The unloading
system will be equipped with an emergency shutdown system with
remotely operated block valves. The unloading operation will be
done by computer control. The railcars are inerted with nitrogen
to a pressure of 40 psig, and the railcar relief system has a set
pressure of 75 psig. The unloading operating instructions are written
and have been reviewed by the corporate technical staff.
A reactive chemicals review has already been completed on the
proposed facility. Combustible gas detectors will be located at the
unloading station. A diking system will surround three sides of the
facility, with any spills directed to a covered area. Determine the Dow
F&EI for this operation, and determine the minimum spacing from
adjacent units.
□ The Dow Index contains most of the data required to complete the
evaluation. The data for the chemical species used in this facility are:
LOSS PREVENTION
❑ The phrase loss prevention in the chemical industry is an
insurance term where the loss represents the financial loss
associated with an accident.
❑ This loss not only represents the cost of repairing or
replacing the damaged facility and taking care of all
damage claims, but also includes the loss of earnings from
lost production during the repair period and any
associated lost sales opportunities.
❑ The process designer must be aware of these
hazards and ensure that the risks involved with these
hazards are reduced to acceptable levels through the
application of engineering principles and proven
engineering practice.
❑ In its simplest terms, loss prevention in process design can
□ Identification and assessment of the major hazards.
□ Control of the hazards by the most appropriate means; for
example, containment, substitution, improved
maintenance, etc.
□ Control of the process, i.e., prevention of hazardous
conditions in process operating variables by utilizing
automatic control and relief systems, interlocks, alarms,
etc.
□ Limitation of the loss when an incident occurs.
□ Identification can be as simple as asking “what-if’
questions at design reviews. It can also involve the use of a
checklist outlining the normal process hazards associated
with a specific piece of equipment.
❑ The hazard-assessment techniques include, hazard and
operability study (HAZOP), fault-tree analysis (FTA),
failure mode-and-effect analysis (FMEA), safety indexes,
and safety audits.
HAZOP STUDY
❑ The hazard and operability study, commonly referred to
as. the HAZOP study, is a systematic technique for
identifying all plant or equipment hazards and operability
problems.
❑ In this technique, each segment (pipeline, piece of
equipment, instrument, etc.) is carefully examined and all
possible deviations from normal operating conditions
are identified.
❑ This is accomplished by fully defining the intent of each
segment and then applying guide words to each
segment as follows:
□ No or not-no part of the intent is achieved and nothing
else occurs (e.g., no flow)
□ More-quantitative increase (e.g., higher temperature)
□ Less-quantitative decrease (e.g., lower pressure)
□ As well as-qualitative increase (e.g., an impurity)
□ Part of-qualitative decrease (e.g., only one of two
components in mixture)
□ Reverse- opposite (e.g., backflow)
□ Other than- no part of the intent is achieved and
something completely different occurs (e.g., flow of wrong
material).
□ These guide words are applied to flow, temperature,
pressure, liquid level, composition, and any other variable
affecting the process.
PROBLEM
The hydrolysis of acetic anhydride is being studied in a laboratory-scale continuously
stirred tank reactor (CSTR). In this reaction acetic anhydride [(CH,CO)20] reacts with
water to produce acetic acid (CH,COOH).
The concentration of acetic anhydride at any time in the CSTR is determined by
titration with sodium hydroxide. Because the titration procedure requires time (relative
to the hydrolysis reaction time), it is necessary to quench the hydrolysis reaction as
soon as the sample is taken. The quenching is achieved by adding an excess of aniline
to the sample. The quench reaction is

The quenching reaction also forms acetic acid, but in a different stoichiometric ratio
than the hydrolysis reaction. Thus it is possible to determine the acetic anhydride
concentration at the time the sample was taken.
The initial experimental design is shown in Figure . Water and acetic anhydride
are gravity-fed from reservoirs and through a set of rotameters. The water is
mixed with the acetic anhydride just before it enters the reactor. Water is also circulated
by a centrifugal pump from the temperature bath through coils in the reactor vessel.
This maintains the reactor temperature at a fixed value. A temperature controller in the
water bath maintains the temperature to within 1°F of the desired temperature
Acetic anhydride reactor system
Samples are withdrawn from the point shown and titrated manually in a hood.
a. Develop a safety checklist for use before operation of this experiment.
b. What safety equipment must be available?
c.Perform an informal safety review on the experiment. Suggest modifications
to improve the safety.
SOLUTION
Perform a HAZOP study on the laboratory process of Problem 1. Consider the
intention "reactant flow to reactor" for your analysis. What specific
recommendations can you make to improve the safety of this experiment?
CASE STUDY: SHELL & TUBE HEAT EXCHANGER

Using relevant guide words, perform the HAZOP study on Shell &
Tube heat exchanger
HAZOP on heat exchanger
Guide Word Deviation Causes Consequences Action
Temperature
Less flow of of Process
Less
cooling water fluid remains
constant
Failure of
More cooling
MORE cooling water
water
valve
More
Installation
Pressure on
More Of high pressure
Process fluid
alarm
line
Proper
Contamination
maintenance
Contamination of process
and
f
operator
luid line
Corrosion of Hardness of alert
Corrosion
HAZOP on heat exchanger Answer (1)
Guide Word Deviation Causes Consequences Action
Temperature
High
Less flow of of process
Less Pipe blockage Temperature
cooling water fluid remains
alarm
constant
Low
Failure of Temperature Temperature
More cooling
More cooling water of process alarm
flow
valve fluid decrease

Failure of
More Pressure Bursting of Install high
More Of process fluid
on tube side tube pressure alarm
valve
Leakage of Proper
Contamination Contamination
tube and maintenance
Contamination of process of process
cooling water and
fluid line fluid
goes in operator
Less cooling alert
Corrosion of Hardness of Proper
Corrosion and crack
tube cooling water maintenance
HAZOP on heat exchanger Answer (2)
Guide Word Deviation Causes Consequences Action
Process fluid Install Temperature
Failure of inlet
No Cooling temperature is indicator
NONE cooling water
water flow not lowered before and after the
valve to open
accordingly process fluid line install
Output of TAH
Failure of inlet
More cool water process fluid Install
MORE cooling water
flow temperature too Temperature indicator
valve to
low before and after process
close
Process fluid fluid line
Less cooling
LESS Pipe leakage temperature too Installationinstall TAH
of flow meter
water
low
Failure of Install check valve
Reverse process
REVERSE process fluid Product offset (whether it is crucial have
fluid flow
inlet valve to check?)
Outlet
CONTAMINATI Process fluid Contamination in Proper maintenance and
temperature too
ON contamination cooling water operator alert