CG1508-CoverStryFig3-1
CG1508-CoverStryFig3-1
CG1508-CoverStryFig3-1
CG1508-CoverStryFig3-1
CG1508-CoverStryFig3-1

Progress in Process Safety

Aug. 19, 2015
A holistic perspective of process safety requires more comprehensive hazard and risk assessment methods such as process hazards analysis, mechanical integrity, safety integrity systems and emerging technologies.
Author

William Mostia, PE, is a fellow at SIS-TECH Solutions and  is a frequent Control contributor.

Process safety has made substantial progress in the past 40 years in improving the safety of our chemical plants, refineries and other applications. However, as our plants have grown larger and more complex, bottom-line thinking has caused us to operate closer to our safety limits to get the last drop out with as few personnel as possible (and sometimes fewer). All this, plus changing demographics and industry experience levels, has put a strain on achieving a safe operating environment for our plants.

Let us look at process safety in the past and present with some speculation about the future.

A brief history

Modern process safety efforts can probably be traced back to Imperial Chemical Industries (ICI) in the U.K. in the early 1960s with the nascent development of the hazards and operability (HAZOP) analysis methodology, a term first coined by chemical safety engineer and author Trevor Kletz in 1983. Concern for process safety came to the public forefront with the disaster in Flixborough, U.K., on June 1, 1974, which killed 28 people. The Seveso disaster in Italy on July 10, 1976 released dioxin and exposed more than 100,000 people, which led to the European Seveso Directive 82/501/EC on the control of major-accident hazards involving dangerous substances. The directive has evolved into Seveso III and is the European equivalent to OSHA 1910.119—"Process Safety Management (PSM) of Highly Hazardous Chemicals" regulation, which came along in 1992, driven by the same accidents as Seveso. But not before some more significant accidents occurred (Table 1).

Meanwhile, the development of the PLC in the late 1960s by Dick Morley and friends ushered in the age of the digital automation of process controls that was followed in the mid 1970s by the development of the DCS. The fear of the misapplication of the PLC and the potential unknown failure modes of the PLC in safety system service was one of the main driving forces for the formation by ISA of the S84 committee in 1984, which became a driving force for the safety instrumented system (SIS) standards.  The S84 standard came out in 1996 and became an ANSI standard. In the mid-1980s, the IEC also began similar work which would eventually become IEC as61508—"Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, Parts 1-7" in 1998-2000, and was updated in 2010. ANSI/ISA 84.01-1996 was updated and harmonized with IEC 61511 in 2004. ISA has also provided or is working on eight technical reports on tprocess safety topics covering SIL calculations, mechanical integrity, S84 implementation guideline, burner management, safety fieldbuses, fire and gas, wireless and cybersecurity.

See also: Process safety on the plant floor

The American Institute of Chemical Engineers formed the Center for Chemical Process Safety in 1985. In 1993, CCPS published the seminal book, Guidelines for the Safe Automation of Chemical Processes. CCPS publishes a wide range of more than 100 guidelines on process safety. Two recent ones of interest are "Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis" (2015) and "Guidelines for Enabling Conditions and Conditional Modifiers in Layers of Protection Analysis" (2013).

Have we improved?

While these accidents provided a wake-up call to the industry, were they enough? When one compares the number of serious accidents before and after 1992 (Table 2), there are still plenty of them, although the total casualties are down.

We've still had large-scale process safety incidents post-1992, which are not in any way cheap. And, to quote the Marsh report ("The 100 Largest Losses 1974-2013. Large Property Damage Losses in the Hydrocarbon Industry," 23rd ed.), "None of the losses listed in this document should be considered ‘black swan' events." So what's going on?

Many more facilities

The economies of the world have expanded in the last 20 years, leading to larger, more complex petrochemical plants, and no doubt the total number of facilities has increased, too. World oil production from 1980 to 2015 has increased by about 48%, while the world GDP from 1980 to 2010 rose 600%. So we've been "keeping it in the pipe" for the most part, despite a large, if not unprecedented, expansion of the industry. We must be doing something right, or we would have a lot more incidents, even if we're having some. So why can't we stop the accidents we're still having?

See also: Process Safety Standards and Rules

One may subscribe to the Normal Accident Theory of Charles Perrow, emeritus sociology professor at Yale University, who believes that multiple and unexpected failures are built into society's complex, interactive and tightly coupled systems, which also contain humans. Perrow says that some accidents are inevitable, even unavoidable and can't necessarily be designed around using linear design methodologies. Essentially, he believed that we can't get rid of some types of accidents by our traditional methods. Perceived issues with modern, complex, technological systems have led to the new field of resilience engineering to address these kinds of issues.

Yet many, if not most, of the accidents in Tables 1 and 2 could have been averted by following OSHA's PSM regulations, both to the letter and spirit, and following one simple principle of "What stays in the process can't hurt you."

Why is it difficult to learn from other people's mistakes? After all, we have lot of those to choose from. As novelist and editor Edgar Watson Howe said, "A good scare is worth more to a man than good advice."

What can we do?

First, we need to continue to do what we're doing. We must also look for ways to continue to incrementally improve; expand our horizons to a more holistic perspective of process safety; look for new, more comprehensive or supportive hazard and risk assessment methodologies; and use emerging technologies to our advantage. Some of the approaches that may help us improve are process hazards analysis, mechanical integrity, SIS and emerging technologies.

Process hazards analysis (PHA)

One of the most common citations associated with incidents is the failure of the PHA to identify the hazardous event or its consequence. Today there's little excuse for not doing a PHA on a PSM-covered process and even for not-covered processes under the General Duty Clause 5 of the OSH Act of 1970. A successful PHA requires having the right people, who are motivated with the right knowledge and experience in a conducive atmosphere. A systematic and consistent approach to ensuring these items for each PHA can improve them. A new look should be taken at the current PHA methodologies to see how to improve the comprehensiveness of the analysis. Techniques should also be developed to analyze systematic errors, conditions or states that increase the likelihood, susceptibility and/or fragility of the system for hazards to develop.

Changing demographics have reduced the average experience of personnel in the process industries, and increased production pressure means more has to be accomplished by fewer people. This has led to less experienced personnel being assigned to PHAs because experienced people may not be available. Many times, the PHA is still viewed as a regulatory requirement, rather than a safety improvement process. Process safety engineering knowledge is another area that's typically lacking in PHAs.

See also: Solving the Process Safety Puzzle

Another problem is the "It can't happen here" syndrome. It can. Just because it hasn't yet doesn't mean it won't.

Another area that can improve your PHA is using front-end engineering to feed the HAZOP to help ensure consistency and improve the information and experience available to the HAZOP team. The concept of starting from a blank sheet of paper for the HAZOP/layers of protection analysis (LOPA) has yielded wildly varying and in some cases bad results. Petrochemical plants have common hazards.

There's no need to reinvent the wheel, and the differences that exist can be covered in the HAZOP meeting. The power of the computer to do process hazard calculations, simulate potential failures and their effects on the process, and simulate loss of containment events can improve the information available for the HAZOP. Unleash the power of front-end engineering to improve and enhance your HAZOPs.

Improve mechanical integrity (MI)

Many of the causes listed in a HAZOP/LOPA involve equipment failures. A number of the failures involved in incidents are mechanical, such as corrosion and use of vessels and piping past discard, leading to a failure to keep it in the pipes. It follows that, if we can reduce these failures by improving system reliability and our MI programs, then our plants will be safer. There needs to be a strong influence of process safety in our plant MI programs to balance the influence of MI programs geared to strictly reducing maintenance costs and increasing uptime.

If one looks at a number of incidents, such as Cataño Oil refinery, BP Texas City ISOM, Buncefield, BP Grangmouth and Tosco Avon, instrument MI comes into play. In many of these cases, there were instruments, alarms and trips that might have averted disaster if these instruments had worked properly. There's no excuse for your instrumentation not to be working properly when safety is involved, and it almost always is.

On the forefront with SIS

We've done a great job with SIS, though we've gotten a bit sidetracked at times by having so much emphasis on safety integrity level (SIL) calculations. We don't typically see incidents happening because an SIS wasn't working. Missing a SIS is another matter. There is a growing issue of ubiquitous third-party instrument approval certificates/reports with, in some cases, quite astonishing failure rate numbers. There's little proof that any of the failure numbers currently used in the industry, except through the use of conservatism, reflect reality when installed in a wide range of installations.

Two things are on the immediate horizon for process safety. The first is that in early 2016, the second edition of the Guidelines for the Safe Automation of Chemical Processes will be published. The second is that the second edition of IEC 61511, Parts 1-3, will also come out early next year. This version should be a bit clearer, while the normative part will be a bit shorter, about 14 pages. This document beefs up a number of requirements.

Emerging technologies

New technologies are appearing that will affect process safety. Our computing power and memory have expanded exponentially. Our access to data is unparallel in history, and we're collecting process and maintenance data at a prodigious rate. So why not use it for improving process safety?

Data analytics is the collection of large amounts of data, maybe storing it on the cloud, and analyzing it in context for unknown patterns, unsuspected relationships and developing conditions. Incidents and near misses can be analyzed in context and from different perspectives. This might, for example, allow the PHA/LOPA to be used as a hazard/risk model, where patterns of propagating conditions or states can be used to provide feedback to back check or verify the HAZOP/LOPA. This could potentially develop new cause-consequence pairings and find propagating states that can lead to unknown hazards, or unknown propagating states that can lead to known hazards. Predictive SIS will also be developed that will anticipate developing hazards and take automatic action much earlier in the hazard-development cycle.

Augmented reality will be used to improve the operator HMI, and potentially help improve SIS design. Virtual reality, a more immersive technology, could be used for simulating process hazards, and even automatically generate an animated simulation similar to that seen in U.S. Chemical Safety Board (CSB) accident animations. This same virtual world could be used to simulate layer-of-protection actions in real time or in fast- or slow-motion sequences, including the effect of failures in multiple-output systems.

These augmented and virtual reality technologies could also be used to store past or simulated incidents, conditions or state propagation that could be used for case-based or "similar to" reasoning when troubleshooting process problems or for analyzing developing conditions and hazards. The virtual world could be interactive, allowing operators to take simulated actions to see what effect there might be in reducing or eliminating the hazard propagation.

Through the use of artificial intelligence (AI), we'll see specific-built advisors or personal assistants for operations, maintenance, engineering and safety that will have access to wide range of data, stored locally and in the cloud, with automated data analysis tools and reasoning engines capable of self-learning. AI can also be used for anticipatory control and safety systems.

We've made a lot of process safety progress over the past four decades, but we're still having large-scale, costly  events in the petrochemical industry that may be a whisker's breath away from disasters with multiple fatalities and serious injuries. The continued demand and growth in the petrochemical arena worldwide, plus competitive and stockholder pressures to keep costs down and profits up, will keep the pressure on for us to sustain our current progress.

The future is ours to make if we're up to the challenge.