Why Is Safety So Hard?

Safety expert Dave Harrold, co-founder and president of AFAB Group, and a past recipient of ISA’s E.G. Bailey Award for his efforts to promote process safety, sums it all up.

“Accidents occur for one of two reasons. First is improperly trained personnel. These accidents can be eliminated by conducting robust and regularly scheduled training. The second cause is equipment failure, such as a pump, a valve or a faulty instrument reading. These types of causes are nearly impossible to prevent. But a proper HAZOP/CHAZOP (Control System HAZOP) study should identify these risks and result in the installation of mitigating safety functions that will minimize accident consequences.”

For more on this subject, go to www.controlglobal.com/ProcessSafety.html.

Standards Not Keeping up with Technology

Dr. Nancy G. Leveson, professor of engineering systems and the director of the Complex Systems Research Lab (CSRL) at MIT, shares her take on safety standards.

“Safety culture and management impact on safety has largely been ignored. Emphasis has instead been placed on physical systems and human operators. But we are now building process systems and working within global social and management systems that are much more complex. This complexity overwhelms our ability to understand the implications of decisions and to assure ourselves that all risk-related scenarios have been understood and mitigated.

The results of this complexity is demonstrated in the different nature of accidents today. We are starting to see an increasing number of accidents not caused by failures of individual components, but by dysfunctional and unsafe interactions among components. Each component worked as it was designed to do, but the overall design of the system led to an accident.

Standard safety engineering techniques of increasing component integrity and of adding redundancy will not increase system safety. What is needed are better ways of evaluating risk and identifying optimal decisions about tradeoffs and how specific risks will be controlled. Building inherently safe systems or preventing hazards is going to be much more effective and much less expensive than simply trying to mitigate damage.”

Anatomy of an Accident

Pete Atkinson, an engineer in manufacturing information systems at Boehringer Ingelheim Vetmedica, St. Joseph, Mo., describes a near-miss, the subsequent post mortem and resulting improvements.

“The most serious incident that I know of was a catastrophic failure of a transfer hose that burst during a clean-in-place (CIP) function. Operators in the area at the time of the failure narrowly escaped without any serious injuries, but only due to the fact that they were some distance away from the immediate area of the hose failure.

“Two operators were sprayed with hot caustic wash solution, but did not sustain any injuries because they were wearing protective equipment, including lab coats, safety glasses and hair nets. Their quick reaction to evacuate the area also helped them evade harm.

“The area sustained substantial flooding of CIP solution and water because the CIP system pump continued to pump out the entire contents of the wash-solution vessel. The tank volume was 1,000 liters, so you can get a picture in your head of the extent of the flooding that occurred with a hazardous chemical.

“Investigation revealed that operators had noticed that the hose had been kinked, but they judged it OK for use. An inspection was conducted on all transfer hoses in the building right after the incident. Of the 250 hoses inspected, about half were found to be near a point of failure and were removed from service. Many of our operators knew that a number of hoses had physical damage, but didn’t do anything about it.

“There were a number of corrective actions taken to ensure that a similar incident did not occur again. One was to invoke a control system alarm and automatic shutdown of the CIP skid pump upon a sudden loss of line pressure.

“We also started regular and documented inspections of all transfer hoses, including visual and pressure testing. Area procedures were written to instruct operators to visually inspect and reject any hose that showed any signs of abnormal wear or physical damage prior.

“Since this incident occurred and the above mentioned corrective actions were invoked, there have not been any similar incidents.”

The Trouble with Safety Standards

1. Standards have not kept pace with new control system technologies.
2. Alarm management standards are inadequate.
3. Graphics standards don’t match operator needs.
4. Standards focus too much on components and not enough on systems.

Implementation ISsues

1. Production mandates trump safety-standard enforcement.
2. Lack of training on safety standards.
3. Minor incidents not measured and analyzed.
4. Safety reassessment neglected after process and control system changes.

Automation Not the Best Path to Safety

Automation, instrumentation and operator interface systems all play key roles in making a plant safe. But Joe Kaulfersch, a market analyst with Pepperl+Fuchs, says that designing inherently safer process plants is better than attempting to automate and control dangerous conditions.