Hazardous Chemicals Peer-Reviewed
Inherently Safer Design
An Overview of Key Key Elements By Dennis C. Hendershot nherently safer design (ISD ) is a philosophy
risk, chronic health for addressing safety issues in the design and risk, or risk to conoperation of facilities that use or process haz- sumers or product ardous chemicals. When considering ISD, the de- users. However, signer tries to manage process risk by eliminating this is not always or significantly reducing hazards. Often, the tra- true. For example, a ditional approach to managing chemical process nonflammable solsafety has accepted the existence and magnitude of vent may be inherhazards in a process, and incorporated engineer- ently safer in terms ing and administrative controls to reduce process of fire and explorisk. Where feasible, ISD provides more sion risk, but it may robust and reliable risk management, and be a serious environmental contaminant or it may IN BRIEF has the potential to make the chemical pose a chronic health hazard. Inherently safer design processing technology simpler and more While engineers recognize the potential benefits is a holistic approach to economical by eliminating the need for of ISD in managing other types of process risk, the safer chemical manufacexpensive safety systems and procedures. main intent of ISD is to reduce the frequency and ture. However, when one considers the mul- potential impact of chemical plant incidents—fires, This overview examines tiple risks associated with any technology, explosions and acute toxic exposures. Therefore, key ISD elements such as including chemical processing, it is unlikely application of ISD is one consideration in the seminimize, substitute, moderthat any process or plant design can elimi- lection of process and product technology, but ate and simplify. nate all hazards and risk. A combination of the decision about what technology option is best A process’s life cycle is ISD, engineering and administrative con- overall must consider all risks. also considered in context of ISD to further explain the trols will always be required to adequately History of ISD most effective use of ISD as manage all process risks. ISD addresses the immediate impact of The concept of ISD is not new, nor is it unique well as other risk mitigation single events (chemical accidents) on peo- to the process industries. Technologists have long methods and strategies. ple, the environment, property and busi- recognized the value of eliminating or reducing ness. In a chemical processing plant, this hazards, applying ISD without calling it by that generally means the immediate impacts name; they simply considered it to be good design. of fires, explosions and the release of toxic materiFor example, when Stone Age cave dwellers deals. In many cases, an ISD also will be beneficial for cided to move to a cave higher above a river after a other types of process risk, such as environmental flood, they were practicing ISD by eliminating the risk of having their home flood. They could have stayed in the old cave and managed the risk in Dennis C. Hendershot is a chemical engineer with 40 years’ experience. From 1970 to 2005 he worked at Rohm and Haas Co. in research and development, plant other ways, for example, by building a dike around design, plant startup and process safety positions. Beginning in 1983, he developed the cave mouth (engineering control), or by assignprocess safety management systems, standards, and process hazard and risk analying a family member to monitor the river level and sis tools; provided process safety support for new and existing facilities worldwide; worldwide; warn everybody to move to higher ground when a developed incident investigation methodologies; and investigated incidents. In 2005, flood was imminent (administrative control). he retired from Rohm and Haas as a senior technical fellow and worked as a prinThe term inherently safer design came into use cipal process safety specialist for Chilworth Technology Technology Inc. through 2008. He is a staff consultant for the Center for Chemical Process Safety (CCPS). He is an AIChE in the process industries in the 1970s. FollowFellow and a CCPS Fellow. In 2000, he received the Merit Award from the Mary ing a 1974 hydrocarbon vapor cloud explosion at Kay O’Connor Process Safety Center at Texas A&M University for contributions to Flixborough, England, Trevor Kletz, a senior safety chemical process safety. In 2006, he received AIChE’s Norton H. Walton/Russell L. advisor for ICI, questioned the need for such large Miller Award in Safety and Loss Prevention. quantities of flammable or toxic materials in a
I
•
•
•
ProfessionalSafety 48 ProfessionalSafety
FEBRUARY 2011
www.asse.org
Inherently safer design is a philosophy for addressing safety issues in the design and operation of facilities that use or process hazardous chemicals.
In many cases, this will result in simpler and less costly plants. If extensive safety systems are required to control major hazards, they introduce complexity, along with cost, both in the initial investment for the safety equipment as well as for ongoing operating cost for maintenance and operation. Because ISD’s goal is to eliminate or reduce a process’s hazards, one must understand the term hazard. In this context, the definition from CCPS’s (2008) Guidelines for Hazard Evaluation Procedures is used. According to this source, a hazard is “an inherent physical or chemical characteristic that has the potential for causing harm to people, the environment or property.” Hazards are intrinsic to a material or its conditions of use. For example: •Chlorine is toxic by inhalation. •Gasoline is ammable. •High-pressure steam contains a large amount A of potential energy, from its elevated temperature E K O / and from the high pressure. M O These hazards cannot be changed, except by C . O T changing the material or the conditions of use. O H P K C O T S I @
Chemical Process Safety Strategies
Chemical process safety strategies can be grouped in four categories: inherent, passive, active and procedural (Figure 1, p. 50). The first three can be characterized as engineering controls, while the last (procedural) can be characterized as an administrative control. In general, inherent and passive strategies are the most robust and reliable, but elements of all strategies are required for a comprehensive process safety management program when considering all hazards of a process and plant.
manufacturing plant, and the need for processing at elevated temperature and pressure (Kletz, 1978). Kletz (1978) suggested that industry redirect its risk management efforts toward elimination of hazards where feasible. Instead of devoting extensive resources to safety systems and procedures to manage the resulting risks, industry could try to identify process modifications that reduce or eliminate hazards. This could be accomplished, for example, by Inherent reducing the quantity of hazardous material, using The inherent approach to safety is, where fealess hazardous material or developing technology sible, to eliminate or greatly reduce the hazard by that operates in less severe conditions. changing the process to use materials and condiKletz (1978) and others in the chemical industry tions that are not hazardous or much less hazardestablished a set of principles for ISD and provided ous. These changes must be integral to the process many examples of its implementation. In 1996, or product, and not easily defeated or changed Center for Chemical Process Safety (CCPS) pub- without fundamentally changing the process or lished Inherently Safer Chemical Processes: A Life plant design. Cycle Approach, which compiled information on One example is substituting water for a flamindustry thinking on ISD. In 2009, CCPS published mable, and perhaps also toxic, solvent as a carrier a second edition of the book incorporating the lat- for a paint or coating (e.g., using water-based latex est developments on ISD based on more than a de- paints instead of oil-based paints). Elimination of cade of additional industrial experience. the flammable and/or toxic solvent is an inherent characteristic of the product and its manufacturISD Basics ing process. The hazard of fire or exposure to toxic What does does ISD mean? mean? Inherent means existing as solvent vapors is eliminated in the manufacturing an essential constituent or characteristic, something process and throughout the manufacturing supply intrinsic. Therefore, something is inherent if it exists chain all the way to the product user. “as an essential constituent or characteristic.” When something is inherently safer, safety is built into Passive Passive safety devices are engineering controls the process or product, not added on. Hazards are that minimize hazards using process or equipment eliminated, not controlled, and the means by which design features which reduce either the frequency the hazards are eliminated are so fundamental to the process design that they cannot be changed or or consequence of an incident without the active functioning of any device. defeated without changing the process. www.asse.org
FEBRUARY 2011
ProfessionalSafety ProfessionalSafety 49
For example, a batch process uses a chemical reaction that has a maximum possible pressure of 5 bar in case of a runaway reaction. If this reaction occurs in a reactor designed to contain a pressure up to 10 bar, the maximum runaway reaction pressure will be contained within the reactor vessel. The reactor contains the pressure because of its design and construction—the thickness and strength of the metal from which it is fabricated, the strength of the gaskets and bolts that hold it together, and its other physical components. This containment is robust and reliable; the reactor need not sense high pressure and take any action, and no moving parts are required to contain the pressure. However, the hazard (5 bar pressure) still exists, so some risk remains. For example, the reactor may be damaged, corroded, improperly constructed or contain a faulty gasket. Or, it could fail to contain the pressure from a runaway reaction even though it is designed to do so. The passive strategy would be considered less robust than an inherent strategy, which would would change the the process process to eliminate eliminate or reduce the pressure from a runaway reaction. Active
Active safety systems are engineering engineering controls such as process control systems, safety instrumented systems and sprinkler systems. These systems are designed to sense a hazardous condition and take an appropriate action. Active systems may be designed to prevent an incident or to minimize its consequences. For example, a tank might have a high-level interlock that shuts off a pump feeding the tank and closes all feed valves; such a system is designed to prevent a tank overflow. A fire sprinkler system is an active system designed to minimize the consequences of a fire; the system does not prevent the fire and may not even be activated unless a fire is detected.
Chemical process safety strategies can be grouped in four categories. The first three can be characterized as engineering controls, while the last (procedural) can be characterized as an administrative control.
Procedural
Procedural safety systems are administrative controls; they include standard operating procedures, safety rules and procedures, operator training, emergency response procedures and
Figure 1
Chemical Process Safety Strategies
Note. Adapted from
Inherently Safer Chemical Processes: A Life Cycle Approach, 2nd ed., by Center for Chemical Process Safety, 2009, Hoboken, NJ: John Wiley & Sons.
ProfessionalSafety 50 ProfessionalSafety
FEBRUARY 2011
www.asse.org
management systems. For example, an operator may be trained to observe the temperature in a reactor and apply emergency cooling if it exceeds a specified critical value. In general, for a high-hazard system, procedural risk management systems do not, by themselves, provide adequate risk management. Human reliability is not high enough, and people often cannot diagnose a problem, determine the appropriate action and take that action a ction quickly enough. However, procedural safety systems will always be a part of a comprehensive risk management program. At a minimum, they will be required to ensure ongoing maintenance and management of the safety systems based on engineering controls. Designing Inherently Safer Processes
CCPS (2009) has categorized strategies for designing inherently safer processes into four groups: 1) Substitute. Use less hazardous materials, chemistry and processes. For example: •An alternate synthesis chemistry for acrylic acid manufacture by propylene oxidation eliminates the use of carbon monoxide, nickel carbonyl, anhydrous hydrogen chloride and acetylene used in an earlier process. •Water-based latex paints eliminate re, toxictoxicity and environmental hazards associated with solvent-based paints. 2) Minimize. Use small quantities of hazardous materials or reduce the size of equipment operating under hazardous condition (e.g., high temperature, pressure). For example: •Nitroglycerine can be made in a continuous pipe reactor with a few kilograms of inventory instead of a large batch reactor with several thousand kilograms of inventory. •Loop reactors have been used to reduce the size of chemical reactors in many applications, including polymerization, ethoxylation and chlorination. •A reactive distillation process for manufacture of methyl acetate reduces the number of major vessels and columns from 10 to three as compared to an older process where the reaction and distillation operations are performed in separate equipment. 3) Moderate. Reduce hazards by dilution, refrigeration or process alternatives that operate at less hazardous conditions. For example: •Combustible solid was handled as a pellet ininstead of a fine powder, reducing the dust explosion hazard. •Off-site risks were reduced by replacing anhy drous ammonia with aqueous ammonia for a neutralization application. •Storage of monomethylamine under refrigerated conditions significantly reduced the hazard to the surrounding community by reducing the amount of material transported into the atmosphere in case of a leak from the storage tank. 4) Simplify. Eliminate unnecessary complexity and design user friendly plants. For example: •Old piping was removed from a plant because of process modifications, making it impossible to accidently transfer material into a reactor through
