Process Safety: Design for Failure Needed

“It’s not enough to say ‘Here’s your hardware, have fun.’”

Share Print Related RSS

To view Paul Gruhn's presentation click here.

In his keynote presentation to Rockwell Automation’s Process Solutions User Group meeting this week in Chicago, Paul Gruhn, process safety expert, took his audience on a sobering ride through the modern history of chemical and refinery disasters: Flixborough, U.K., 1974; Seveso, Italy, 1976; Bhopal, India, 1984; Texas City, U.S., 1995. On and on the litany of disasters went—and the knowledge that each of them could have been prevented.

Gruhn, currently of Rockwell Automation’s recently acquired ICS Triplex unit, noted that 44% of failures occurred when the systems did exactly what they had been designed and programmed to do—and failed anyway. Less than 15% of accidents can be blamed on operator or maintenance error, Gruhn said. “Bad things keep happening,” Gruhn explained, “and there’s a record of a lack of commitment to what it takes to really solve the problem.” He listed the statement of the plant manager of Union Carbide, Bhopal, and the statement of the Coast Guard commander in Alaska after the Exxon Valdez disaster as he showed a picture of an ostrich with its head buried in the ground. “Systems aren’t perfect, stuff goes wrong. We need to design for failure,” Gruhn said.

“It’s not enough to say ‘Here’s your hardware, have fun.’” ICS Triplex’s Paul Gruhn on the growing need for safety system engineering, integration and technical services.
So what are the trends Gruhn sees for the future of safety system design? “Smaller, distributed systems,” he said. “There are a lot of applications where a large, monolithic system that is scaleable to thousands of points just isn’t required.”

“We are beginning to see the development and implementation of safety fieldbuses from Fieldbus Foundation, Profibus Trade Organization, and the HART Foundation,” he said, “and we are seeing integration of the basic process control system with the safety system—not by using the same products, but at the vendor level. People are demanding that the DCS vendor integrate the safety system from one single vendor.”

“We are also seeing a demand for personnel with certifications,” Gruhn added. “There are several certifying bodies right now, from TUV to a consulting company, and ISA is developing a certification program for safety expertise,” Gruhn revealed.

“We are starting to see a movement back to using safety systems for what they were originally for—critical process control,” Gruhn said. That is, processes like nuclear fuel rod control, nuclear waste disposal—those applications where there are large economic or safety concerns where downtime is not feasible, and where significant capital losses and image or reputation damage could occur in case of accident.

Finally, he said, there is a developing market for engineering, integration and technical services. “It isn’t enough anymore to say, ‘Here’s your hardware, have fun,’” Gruhn said.

Gruhn quoted Nancy Leveson of MIT and the Baker Commission on the fact that proper regard for safety in design actually pays for itself with up to 50% less downtime and other productivity gains. He also quoted noted failure expert Trevor Kletz on how to design safe systems: “What you don’t have can’t leak.”

“There’s one way to ignore all the standards and still have a safe plant,” Gruhn concluded. “All you have to do is do what the French did 200 years ago, and the DuPont family brought to the original gunpowder business. They passed a law that required the manufacturer to live on the premises.” Gruhn paused, then continued, “with his family.”

Share Print Reprints Permissions

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments