Risk Based

Process Safety
Management

3 Days Training Course

Module 1 – Day 1
RBPSM Introduction
 AGENDA

 Welcome
 Introductions
 Administration
 Completion of Registration form
 Completion of Attendance Register (Daily)
 Completing and folding Name Tents
 Orientation
 Emergency evacuation
 Ablution facilities
 Kitchen
 Start of day / End of day
 Breaks
 Important Rules
 TRAINING PROGRAM

• Day 1:
o Module 1: PSM Introduction and Overview
• Day 2:
o Module 2: 4 Pillars of PSM and Pillar 1 & 2 Elements
• Day 3:
o Module 3: Pillar 3 and Module 4: Pillar 4 Elements
• Day 4 and 5:
o Module 5: Auditing RBPSM
• Day 6:
o Module 6: SIL and LOPA
• Day 7: Consolidation and Tests
• Day 8: Site visit
 COURSE OBJECTIVES

 Understand;
 the occurrence and prevention of major incidents;
 global requirement for Risk Based Process Safety
Management (RBPSM).
 Discuss the RB-PSM framework.
 Review the 4 pillars of RBPSM and elements:
 Commit to process safety.
 Understanding Hazards & Risks.
 Manage Risk
 Learning from Experience.
 SAFETY

Small Group Discussion:

Questions:

 What does safety means?

Safety?
 SAFETY

Safety: The protection of people,

Equipment and environment from harm or in
brief:

the absence of loss

 Loss Categories

Losses can be categorized in:

HARM TO PEOPLE
HARM TO PROPERTY
HARM TO PROCESS
HARM TO ENVIRONMENT
HARM TO EQUIPMENT
 Group Discussion

Small Group Discussion:

Questions:

 Define some examples of different harms?

 Harm

HARM TO PEOPLE

most often receives the highest level of

attention. There are tangible losses associated
with injuries such as:

• visible trauma
• compensation costs
• broken and disfigured bodies
• rehabilitation costs
• absenteeism
 Harm

HARM TO PROPERTY
• equipment
damage
• material damage
• building damage
• Parts damage
 Harm

HARM TO PROCESS

• production interruption
• increased defect rates
• poor quality
 Harm

HARM TO ENVIRONMENT
• Air Pollution

• Soil Pollution
• Water
Pollution
 Harm

HARM TO EQUIPMENTS

• Pipe Rupture
• Corrosion
 PROCESS SAFETY

Small Group Discussion:

Questions:

 What does process safety means?

Process Safety?
 PROCESS SAFETY
Process Safety HISTORY
PS was introduced in 1990 by the U.S. Occupational Safety and
Health Administration (OSHA) in response to a number of
catastrophic incidents that occurred worldwide, and its final,
complete version was published in 1992 in 14 Elements,
Process industries have since used this management system to
limit and control chemical risks.
OSHA estimated that 6 to 10 years after the implementation of
PS, the risk of accidents had decreased 80% and nearly 264
deaths and 1,534 injuries or illnesses had been prevented each
year.
Although PS implementation costs are estimated to be high,
most companies implemented it have achieved equal or higher
benefits.
 PROCESS SAFETY
WHAT IS PROCESS SAFETY?

A systematic approach to Manage major incident from

available process hazards.

What is Process Hazard?

The presence of stored or in-process material or energy

which has the potential to cause harm to people, property
or the environment.

WHY PROCESS SAFETY?

To prevent major or catastrophic events (incidents).

 PROCESS SAFETY
MANAGEMENT

Small Group Discussion:

Questions:

 What does process safety management means?

Process Safety management ?

 PROCESS SAFETY
MANAGEMENT
Process: Any onsite activity that involves a highly hazardous
chemical, including any use, storage, manufacturing, handling,
and/or movement of a highly hazardous chemical.

Safety: The initial driving force for most PSM systems and
programs in order to meet H&S regulatory requirements and to
prevent or control injuries and illnesses which might be caused
by process upsets and hazardous material releases.

Management: Anyone who has control over the process or

processes. PSM is not just about equipment, piping,
instrumentation, etc., but also about people involvement,
training and stakeholder engagement.
 PROCESS SAFETY
MANAGEMENT
PSM uses a risk based approach taking into account:

 Process safety activities

 Availability of resources
 Existing process safety culture

to design, correct and improve existing process

activities.
RBPSM was developed by the AIChE’s Centre for
Chemical Process Safety (CCPS).
 PROCESS SAFETY
MANAGEMENT

Process Safety Management is a management system

focusing on the:
 Prevention of;
 Preparedness for;
 Mitigation of; (If it occurs, what controls are in place?)
 Response to; and (Instrumentation, cooling, etc.)
 Restoration from (how restore to prevent recurrences)
 RISK BASED PSM

Life is a balance between risks and Benefits

 PROCESS Hazard/risk
Risk?
The combination of three attributes ̶
 Hazard (Source/Energy) ….. What can go wrong?
 Consequence (Effect/Impact) …. How bad could it be?
 Likelihood (Frequency) … How often might it happen?

Consider a hydrocarbon distillation column:

 Overfilling - a vapour cloud may form and then explode
(Hazard)
 Explosion may damage neighbouring buildings and cause
multiple injuries (Consequence)
 Overfilling during start-up may occur several times per year in
the industry but resultant vapour cloud explosions and fires do
not occur every year in the industry. (Likelihood)
 RBPSM BENEFITS

RBPSM benefits:
 Increased process & equipment reliability.
 User-friendly, accurate SOPs.
 Improved team effectiveness through training.
 Employee ownership.
 Enhance troubleshooting capabilities.
 Extended intervals between major turnarounds
(especially in continuous operations).
 Decreased turnaround time for major turnarounds and
minor repairs.
 Increase in productivity.
 Reduction in production costs, maintenance costs,
capital budget and insurance costs.
 RISK BASED PSM

Small Group Discussion:

Questions:

 Is a different approach needed for Process versus Personal

Safety?
 Why do you think people ignore risk?
 How would you ensure a continuing high level of risk awareness
in your plant or facility?
 RISK BASED PSM

How do Incidents Happen?

THE SWISS CHEESE MODEL
HAZARD

DESIGN
EQUIPMENT
SYSTEMS
PEOPLE
BARRIERS
OR CONTROLS

LOSS EVENT
 INCIDENT SEQUENCE

DEVIATION LOSS EVENT IMPACT

Loss of Containment Fire Fatality / Injuries

Low/High temperature Explosion Property Damage

High Pressure Containment ruptures – Fatalities/Injuries

uncontrolled release of Property Damage
substance/material Environmental Damage

No/Low Flow Unscheduled shutdown Business Interruption

Overfill Spoiled Batch Market share loss

Transfer to wrong tank Equipment damage Reputation damage

Excess Impurities Release of energy Loss of license to

operate
 PROCESS SAFETY /
OCCUPATIONAL SAFETY

Small Group Discussion:

Questions:

 What are the core difference between process safety and

occupational safety?
 PROCESS SAFETY /
OCCUPATIONAL SAFETY
Process Safety Management versus Occupational Safety
PSM aims to reduce or eliminate Fires, Explosions and release
of energy and toxic materials/gases. PSM focuses on:
 Technology
 Facilities
 People
The principle aim of Occupational Health and Safety is to
reduce or eliminate harm to people.
There is some overlap between PSM and Occupational H&S,
but PSM takes a more technical approach than Occupational
H&S.
 PROCESS SAFETY
Feasibility Study
Iran is the second largest producer and exporter of petrochemicals
in the Middle East, with more than 54 petrochemical complexes.
Currently, none of these petrochemical plants has implemented
PSM, although nearly all of them use the OHSAS 18001. Recently
some used HSE-MS based on International Association of Oil &
Gas Producers (OGP) guidelines for managing all health, safety
and environment issues in an integrated management system.
Over the last 10 years, more than 198 fatal accidents have occurred
in these petrochemical facilities, indicating that current
management systems are not effective at preventing major
accidents.
Refer: Feasibility Study by Shiraz University, Accepted March 22, 2013
 OHSAS 18001/HSE-MS
PSM requirements OHSAS 18001 HSE-MS
Process Safety Information ─ ─
Process Hazard Analysis √ √
Operating Procedure √ √
Training √ √
Contractors ─ √
Pre-startup Safety Review ─ ─
Mechanical Integrity ─ ─
Hot Work Permit ─ ─
Management of Change ─ √
Incident Investigation √ √
Emergency and Response Planning √ √
Compliance Audit √ √
Employee Participation √ √
Trade Secret ─ ─
No. of common requirements 7 9
 HSE-MS/PSM (OSHA)
PSM requirements HSE-MS PSM - OSHA
Process Safety Information ─ √
Process Hazard Analysis √ √
Operating Procedure √ √
Training √ √
Contractors √ √
Pre-startup Safety Review ─ √
Mechanical Integrity ─ √
Hot Work Permit ─ √
Management of Change √ √
Incident Investigation √ √
Emergency and Response Planning √ √
Compliance Audit √ √
Employee Participation √ √
Trade Secret ─ √
No. of common requirements 9 14
 OSHSAS
18001&HSE-MS/PSM
(OSHA)
 PSM(OSHA)/RBPSM(CCPS)
PSM Requirements OSHA CCPS
Process safety Culture - √
Process Safety Competency - √
Stakeholder Engagement √ √
Workforce Involvement √ √
Compliance with Standard - √
Process Knowledge Management √ √
Hazard Identification & Risk Assessment √ √
Operating Procedures √ √
Management of change √ √
Emergency Management √ √
Operational Readiness √ √
Safe work Practices √ √
Training and Performance Assurance √ √
Contractor Management √ √
Conduct of Operation - √
Asset Integrity & reliability √ √
Auditing √ √
Management review & continues improvement - √
Measurement and metrics - √
Incident Investigation √ √
No. of common requirements 14 20
CATASTROPHIC EVENTS
 CATASTROPHIC EVENTS

December 3, 1984 – Union Carbide, Bhopal, India

(Toxic MIC release):

 3800 immediate
fatalities.
 20,000 ++
Total fatalities.
 200,000 +
Other off-site
injuries and
illnesses.
 CATASTROPHIC EVENTS

Incident Analysis
On December 3 1984, a reactive chemical incident occurred from
the Union Carbide pesticide plant in Bhopal, India causing a more
than 40 tons of Methyl Isocyanate gas leak immediately killing at
least 3,800 people and causing significant morbidity and
premature death for many thousands more.
Contributing factors!
 Loss / Lack of process safety competence.
 Lack of process safety culture.
 No modification / management of change process.
 Safety critical systems not maintained.
 Lack of emergency planning.
 CATASTROPHIC EVENTS

April 1986, Nuclear plant – Chernobyl, Ukraine:

 2 Workers died the
night of the incident
and 28 more a few
weeks after as a result
of acute radiation
poisoning.
 Sharp increase in
thyroid cancer.
• Resettlement of people
from contaminated
areas continued for 20+
years.
 CATASTROPHIC EVENTS

Incident Analysis
The Chernobyl accident in 1986 was the result of a flawed
reactor design coupled with serious mistakes made by
operators - inadequately trained personnel, and also a lack
of any safety culture.

Other factors:
 No management of change.
 No proper Safe Operating Procedures / Work Practices.
 No emergency shutdown plan.
 No failed to safe.
 CATASTROPHIC EVENTS

2005 Explosion – BP Refinery Texas City:

 15 Workers died.
 170 people injured.
• Extensive damage to
plant and nearby
town.
• Total direct cost to
BP estimated at $3
billion+.
TEXAS CITY INCIDENT

VIDEO
TEXAS CITY INCIDENT
 TEXAS CITY INCIDENT

Small Group Discussion:

Questions:

 What were the underlying causes?

 Describe the role played by process safety in the incident?
 CATASTROPHIC EVENTS
Incident Analysis
The incident was an explosion caused by heavier–than-air
hydrocarbon vapors combusting after coming into contact with an
ignition source, probably a running vehicle engine.
Other factors:
 The failure to take effective emergency action.
 The failure to follow many established policies and procedures.
 Supervisors assigned to the unit were not present to ensure
conformance with established procedures,
 No Warning been provided by those who were aware of events.
It is not clear why those aware of the process upset failed to
sound a warning.
 Inadequate installing inherently safer options when they were
available.
 TEXAS CITY INCIDENT

CAUSES PSM ROLE

No Management of Change Failure of PSM lead to event
Start-up risk not identified Blind to PSM (Focus only on Safety)
Poor design Incident frequency rates more important
Mechanical Integrity Cost cuts – poor maintenance
Control failures Not effective use of Lead/Lag indicators
No Pre-start up review
Poor communication between shifts
Inadequate site layout (blast zones, etc.)
Ignoring management reports
No post mortem of previous start-ups
Poor/inadequate procedures
Deviation from procedures
Fatigue
Cut in maintenance budgets
 CATASTROPHIC EVENTS

2010 BP Deepwater Horizon – Fire & Oil Spill:

 11 Killed.
 17 injured.
• About 5 million barrels
of crude oil spilled.
• Total cost to BP
estimated around
$40 billion.
 BP Shareholder value
halved.
 PROCESS SAFETY
Incident Analysis
“This disaster was preventable had existing progressive guidelines
and practices been followed.
Analysis of the available evidence indicates that when given the
opportunity to save time and money – and make money – tradeoffs
were made for the certain thing – production –
The Contributing Factors:
 Inadequate process safety culture.
 Failure to consider risk.
 Equipment/facility design not to industry standard / Lack of
protective devices.
 Inadequate Management of Change.
 Inadequate Operating Procedures and/or Procedures / Guidelines
not followed.
 Inadequate incident investigation and learning from incidents
 RISK TAKING

Before you fly the captain announces:

We have an engine which is cutting out from time to time ….. But its
OK since we can land with three engines.
The engine maintenance is overdue …. But it is OK since we have a
letter from the mechanic saying it is OK to fly.
To reassure you we are taking with us an very experienced pilot …
but he has just flown from Sydney and is a little tired
But the chance of all these things going wrong at once is tiny!
RISK TAKING
 FAILURE MODES

SOME TYPICAL FAILURE MODES

(DEVIATIONS)
 FAILURE MODES
Common Incident Deviations
 Loss of Containment
 Opening a pressurised pipe (human error)
 Pipe failure / Corrosion
 Overfilling
 Mechanical failure of vessels/tanks (seams/welds)
 Overpressure / Temperature to high
 Rupture of furnace/heat exchanger tubes
 Mechanical impact (damage)
 Instrumentation malfunctioning
 Poor maintenance on valves, etc.
 Inadequate blanking of pipe line ends, etc.
 Uncontrolled chemical reaction
 FAILURE MODES
Common Incident Deviations
 Piping Failures
 Material failure / Corrosion / Erosion
 Joint Pipe failure / Corrosion (under lagging)
 Plugging
 Bending / Stress
 Vibration
 Stress corrosion cracking
 Incorrect closing of valves / figure 8s, etc.
 Freezing and expansion
 Local eddy currents (buried pipes)
 Metallurgical defects.
 Human error
 INCIDENT DEVIATIONS
Common Incident Deviations
 Overfilling
 BP Texas City column overfill
 Buncefield tank overfill
 INCIDENT DEVIATIONS
Common Incident Deviations
 Pressure too high/low
Fire is a common Vacuum can cause
cause of overpressure Collapse
 INCIDENT DEVIATIONS
Common Incident Deviations
Devices to control pressure

Relief Valve Rupture Disc

 INCIDENT DEVIATIONS
Common Incident Deviations
 Uncontrolled chemical reaction

BHOPAL AND OTHERS Gases evolved might be:

• Hot
• Flammable
• Toxic / Corrosive
• Able to pressurize an enclosure
to the point of rupturing
Solids / Liquids might be:
• Hot
• Thermally sensitive
• Shock-sensitive
• Corrosive
INCIDENT DEVIATIONS
Common Incident Deviations
 Reactive Chemicals
Accidental contact of
Incompatible chemicals
can result in:
• Generation of heat (acids & bases)
• Violent reaction (Acrolein & acids
or other catalyst)
• Formation of toxic vapors or gases
(Cyanide salt & acid)
• Formation of a flammable gas
(alkali metal & water)
• Fire or Explosion (Perchloric acid
and Acetic Anhydride)
INCIDENT DEVIATIONS

The Barton Tank Fire Incident

Accident Description
On July 17, 2007, explosions and
fire erupted at the Barton Solvents
facility in Valley Center, Kansas,
north of Wichita. The incident led
to the evacuation of thousands of
residents and resulted in projectile
damage offsite, as well as extensive
damage to the facility.
Small Group Discussion:
Questions:

 What was the impact/consequence of the Barton tank fire

incident?
 What was the loss event?
 What was the deviation that led to the incident?
 What were the underlying factors / root cause that led to the
deviation?
 RISK BASED PSM

BARRIERS OF CONTROL
 BARRIERS OF CONTROL
Barriers of Control – Bow Tie Analysis
Fault Tree Event Tree
DEVIATION

IMPACT
LOSS
EVENT

Preventive Barriers Mitigative Barriers

or Controls or Controls
 BARRIERS OF CONTROL

Incidents – Barriers or Controls

Controls are put in place to address risks that are considered to be
significant.
 Generic controls include e.g. permits to work, operating procedures,
electrical area classifications (Hazardous Locations), etc.
 Specific controls address risks specific to a part of the plant or process
e.g. high level trip to prevent a tank overflow, or high temperature cut-off
of a reactive chemical into a reactor, gas monitoring, or an hourly
checklist, etc.

Note: The concept “ specific controls” refers to the scenario and not to
generic.
 BARRIERS OF CONTROL

Incidents – Preventive Barriers (Examples)

Passive Barriers / Controls:
 Material barriers: Containers, bunds, fences, etc.
 Behavioural barriers: Notices e.g. “Keep away”. “Do not interfere with”.
etc.
Active Barriers / Controls:
 Active barriers follow a sequence:
“Detect – Diagnose – Act” (certain instrumentation).
 Active barriers can be a combination of –
 Hardware
 Software
 Human action / behaviour.
 BARRIERS OF CONTROL

Incidents – Mitigative Controls (Examples)

Inherent:
 Reduce amount of hazardous materials (reduce inventory of fuel/energy).

Passive:
 Secondary containment – bunding, curbing, fencing, flash barriers.

Active:
 Sprinklers, Fire suppression, gas detectors, Nitrogen blanketing

Physical Protection:
 PPE, Blast proof buildings, flame arrestors

Administrative:
 Emergency Response
 BARRIERS OF CONTROL

Incidents – Passive Barriers (Examples)

PROBABILITY OF
FAILURE ON
DEMAND (PFD)
Bunding 10-2 – 10-3

Fireproofing (Protective Structures) 10-2 – 10-3

Blast wall or bunker 10-2 – 10-3

Flame or detonation arrestor 10-1 – 10-3

 BARRIERS OF CONTROL

Incidents – Active Barriers (Examples)

PROBABILITY OF
FAILURE ON
DEMAND (PFD)
Pressure Relief Valve 10-1 – 10-5

Water spray, deluges, foam systems 1 – 10-1

Basic Process Control System 10-1 – 10-2

Safety Instrumented Function (SIF) – SIL 1: 10-1 – 10-2

reliability depends on Safety Integrity Level SIL 2: 10-2 – 10-3
(SIL) according to IEC 61511 SIL 3: 10-3 – 10-4
 BARRIERS OF CONTROL

Incidents – Human Response Barriers (Examples)

PROBABILITY OF
FAILURE ON
DEMAND (PFD)
Human action with 10 min. response time,
simple, well documented action with clear and 1 – 10-1
reliable indication that the action is required
Human response to control system warning
or alarm with 40 min. response time, simple,
10-1
well documented action with clear and
reliable indication that the action is required
Human action with 40 min. response time,
simple, well documented action with clear and 10-1 – 10-2
reliable indication that the action is required
 BARRIERS OF CONTROL

Human Functions of Safety Management that

influence barrier reliability significantly

 Training and Education

Provides the competence to respond properly
 Procedures
Understanding and response
 Inspections and Maintenance
Necessary to ensure functioning of primary barriers over time
 Communications and Instructions
 BARRIERS OF CONTROL
Effectiveness of Controls?
Least Reliable

Procedural Administrative Controls

Active Engineering Controls

Process or equipment design features that reduce

Passive
risk without active functioning of any device

Inherent Hazard Elimination or Reduction

Most Reliable
Group Discussion:
Which are preventive and which
are mitigative?
 Isolation valve at plant boundary?
 Plant windsock?
 Electrical area (Hazard Location) classification?
 Low flow alarm on Reactor’s cooling water supply?
 High pressure shutdown system on Reactor?
 Using Glycol as a refrigerant instead of Ammonia?
 Uninterrupted Power Supply system (UPS)?
 Spill collection (sump) sloped away from tank containing
flammable liquid?
SAFER DESIGN

Inherently Safer Design

 INHERENTLY SAFER DESIGN

Inherently Safer Design

Improving plant design by:
Minimizing quantities of Hazardous substances / materials
Substituting hazardous substances / materials with less hazardous
Moderating hazardous conditions (temperature, pressure, composition)
to reduce the impact of a release of hazardous material or energy
Simplifying the design to eliminate unnecessary complexity and make
operating errors less likely
 INHERENTLY SAFER DESIGN

Inherently Safer Design - Minimise

 Use mall quantities of hazardous substances / materials or energy
 Storage
 Intermediate storage
 Piping
 Process equipment
 “Process intensification”
Benefits:
 Reduced consequence of incidents (explosion, fire, toxic material release)
 Improved effectiveness and feasibility of other protective systems – for
Example:
• Secondary containment
• Reactor dump or quench systems
 INHERENTLY SAFER DESIGN

Inherently Safer Design - Minimise

Example – On-demand Phosgene generation
 Continuous production process
 Phosgene consumers are batch processes
 No Phosgene storage
 Engineering challenge
 Rapid start-up and shutdown
 Quality control
 Instrumentation and dynamic process control
 Disposal of “tail gas” and inert matter
 INHERENTLY SAFER DESIGN

Inherently Safer Design - Substitute

 Substitute a less hazardous reaction
 Replace a hazardous material with a less hazardous alternative
Example
Water based coatings and paints in place of solvent based alternatives
 Replace fire hazard
 Less toxic
 More environmental friendly
 Reduce hazards for end user and also for the manufacturer
 INHERENTLY SAFER DESIGN

Inherently Safer Design - Moderate

 Dilution
 Refrigeration
 Less severe processing conditions
 Physical characteristics
 Containment
 Layout
Better described as “passive” rather than “inherent”
 INHERENTLY SAFER DESIGN

Inherently Safer Design - Moderate

Examples:
 Aqueous Ammonia instead of Anhydrous
 Aqueous HCl in place of Anhydrous HCl
 Sulphuric acid in place of Oleum
 Wet Benzoyl Peroxide in place of dry
 Dynamite instead of Nitro-glycerine (or Diesel and Ammonia Nitrate)
 Less severe processing conditions
 Place hazardous items away from people on plot plan
 INHERENTLY SAFER DESIGN

EXERCISE
Information:
Additional storage capacity for 25 000m3
Toluene – a very volatile, flammable
solvent is to be installed on a production
site. Either one large or three smaller cone roof steel tanks will be
used.
A plot plan has been made of the outer perimeter of the process
area.
There are four possibilities being considered – see the notes section
here below
 INHERENTLY SAFER DESIGN

PLOT PLAN
Public Road

4 4
Employee
Parking
Offices

Public Road
Building
Process
2 4
Workshop

3
1
 INHERENTLY SAFER DESIGN

Group Exercise:
 Select the optimum scheme and give reasons?
 What other safeguards would you employ?
End of Module 1
Thank you