I met Nancy Leveson, a professor of aeronautics and astronautics and of engineering systems at M.I.T., and a member of the Baker Panel in mid-June at the Honeywell Users Group Americas Symposium 2007 in Phoenix. As one of the featured speakers at that meeting, she made a number of points about safety that certainly are too often under-appreciated in the chemical industry.
Consider the confusion between occupational-safety and process-safety performance. Chemical companies carefully monitor occupational safety and many fall into the trap of treating their track record in occupational safety as an indicator of how theyre doing as far as process safety, she warns. Improving occupational safety doesnt mean that process safety is getting better theres no correlation, Leveson stresses.
Thats not the only example of the faulty thinking possibly undermining safety at chemical companies, she continues. Operating companies also tend to equate increased reliability of equipment with improved safety. More reliable equipment doesnt necessarily head off safety problems, she points out, noting that some incidents stem from inappropriate interactions between properly functioning components. Indeed, Leveson detailed an accident in which all components worked just the way they should have; more reliable units wouldnt have helped stave it off.
The chemical industry needs to approach safety in a different way, she emphasized, as a control problem not a failure problem. Leveson recommended what she calls Systems Theoretic Accident Modeling and Process (STAMP), which she says provides a more-powerful, more-encompassing methodology. It can help find the leading indicators of risk, she added.
Details on the methodology and its application appear in a paper that she co-authored with Nicolas Dulac, also of M.I.T. titled An approach to design for safety in complex systems.
Basically, STAMP involves five key steps:
- Identify the system hazards as is done conventionally;
- Pinpoint system-level safety-related requirements and constraints;
- Define the basic system control structure;
- Find inadequate control actions that could lead to a hazardous systems state; and
- Determine how the constraints could be violated and attempt to eliminate, prevent and control them in the system design.
As that paper makes clear, STAMP delves deeply into number of issues that arent always well covered conventionally such as control algorithms that dont enforce constraints; inconsistent, incomplete or incorrect process models; deficient coordination among controllers; and inadequate execution of control actions.
While STAMP may be new to many in the chemical industry, safety instrumented systems certainly arent. Indeed such systems have long played a crucial role. So, we all should welcome the publication of a valuable new reference, Guidelines for safe and reliable instrumented protective systems, by AIChEs Center for Chemical Process Safety. The book covers the entire lifecycle of such systems and provides a wealth of information, including on planning, designing, installing and validating these systems, maintaining their integrity and achieving continuous improvement. It contains real-world examples to show how to actually apply the guidance.
Angela Summers of SIS-TECH Solutions in Houston served as its principal author. I know that she put a tremendous amount of effort into the book; luckily, it didnt keep her from developing a related article for our April issue Achieve continuous safety improvement. Check out those articles and the book.
