Shutterstock
Podcast: Inherently Safer Design

Podcast: Master Inherently Safer Design Principles

Feb. 13, 2024
Eliminate, substitute or minimize hazards to save lives and the environment.

Welcome to Process Safety with Trish and Traci, the podcast that aims to share insights from past incidents to help avoid future events. Please subscribe to this free podcast on your favorite platform. And for Google Podcast subscribers, do note that they will retire that app March 2024. To continue learning with Trish and me in this series, please switch to another app. I'm Traci Purdum, editor-in-chief of Chemical Processing. And as always, I'm joined by Trish Kerin, the director of the IChemE Safety Centre. Welcome. Trish, what have you been working on?

Transcript

Trish: Hey, Traci. Well, I've been working on a lot of different things lately. I've been doing a bit of travel so far this year already. I made a great trip over to Türkiye, where I was fortunate enough to see some of the sites of Istanbul while I was there, so that was lovely. But lots going on, lots of new topics that I'm researching in terms of leadership and how to improve leadership. So hoping to have quite a few new articles and conference presentations out this year.

Traci:  Wonderful. Always nice to learn from you, and I love seeing the platypus in action. And actually, I'm working on a few things for next month. I'll be moderating your webinar with Chemical Processing on March 6, Identifying Weak Signals and the Platypus Philosophy There. And then I'm planning for your visit to Cleveland here later in the month of March, and I want to make sure to take you to the Rock & Roll Hall of Fame Museum. So I am looking forward to March as well.

Trish: That sounds really good. I am looking forward to visiting Cleveland. I've never been to Cleveland, so it'll be my first time there.

Traci: Oh, good. Well, hopefully, we will have some decent weather for you.

Trish:  I'm hoping.

What is inherently safer design?

Traci:  In today's episode, we're going to address inherently safer design. I try to reinforce my own version of inherently safer design at home when loading the dishwasher. And I know that sounds weird, but my husband likes to put the silverware facing up in the bin, and I insist on putting it down so that the sharp tines of the forks or the tips of the knives don't spear my hand when I reach in. Obviously, there's more to it than that. So what is inherently safer design?

Trish: Great example there. And I put all the knives facing downwards too so that I don't spear myself because I'll be likely to do that anyway. So what is inherently safer design? So it's a concept that before we even decide what we want to build, we think about how we can make it safer by its design. And so, there's several different principles of inherently safer design. It starts with, first of all, can you eliminate the hazard? If you can't eliminate it, can you substitute it? If you can't substitute it, can you use minimization or intensification? Can you use moderation or attenuation?

And lastly, how can you simplify the process? And so they're the key steps that we go through. And as I said, it's about at the very start, before we even get to the point of deciding what it is we want to build or what technology we might want to use in building something. Can we actually do it safer to start with? And that's the key because if we can design it safer from the very start, then there's less control measures or barriers that we need to put in place and actively manage down the track because the safety is built in inherently. 

Inherently Safer Design Examples

Traci:  Do you have any recent examples of inherently safer design principles that you've seen in practice?

Trish: So, in terms of having seen inherently safer design in practice, I was fortunate enough several years ago to work at a facility that was built in the 1970s, so quite some time ago now. Last century. But that facility was built just after an incident had occurred in the town of Flixborough in the United Kingdom. Now the Flixborough incident happened in 1974, so we're about to have its 50th anniversary mid-this year. And there were several learnings that came out of the Flixborough incident in particular, but some of the key aspects were built into the plant that I was working at from an inherently safer design perspective.

So, what I mean by that was the storage of the hazardous substance that we were dealing with was physically located a significant distance away from where the office block was and even indeed where the control room was. So, we used separation distances to achieve risk reduction. There was also some very subtle design things in there such that, for example, these were liquefied gas storage bullets that the product was stored in. And they also all drained specifically away from underneath the bullets and into a small pit. And so, the reason for that was that if there was a spill of liquid from those tanks, liquid couldn't accumulate under the tanks. It would naturally roll away.

So, you couldn't have a pool fire under the tanks, which could then lead to a BLEVE or a boiling liquid expanding vapor explosion. So, some subtle things around the design of the slope of the ground has significant impact on the inherently safer design principles. Some other things they had was, for example, from the time... from the moment you charge the product from the charge pump, which was near the tanks to get into the reactors, there was several hundred meters of pipeline between those two locations because as I said, the tanks were located away from the process plant so that we had separation distances and we couldn't have an impact in one part of the plant affecting another.

The pipeline that connected those two pieces of plant was welded the entire length. There was no flanges in that pipeline except at the pump and the valve at the reactor. And the reason there was no flanges was because every flange point is a potential leak point on a pipeline. If you don't have flanges, you can't have a flange leak. So, it comes back to thinking about some of these... the ways that Trevor Kletz, who was really one of the founding fathers of process safety, describes inherently for design as, "What you don't have can't leak." If you don't have a flange, you can't have a flange leak. If you don't have... If you only have a small quantity of product, only a small quantity can leak.

If you're storing extremely large volumes and you don't really need that large volume, then if you have a leak, you could have a big spill as opposed to a much smaller spill. So, it's around if you can't eliminate that hazard. So by eliminating flanges, for example, we eliminate the possibility of a flange leak. If we can't eliminate it, can we substitute it? Can we use a lesser dangerous chemical, so less toxicity, less flammability, et cetera, something that's not as significant a hazard? Can we minimize it? Can we have less of it is really a key as well. How can we minimize it? Now sometimes we can minimize the quantities we need, but it might mean that we have to do process intensification.

So, we might have to operate at higher pressures or higher temperatures, for example, in a reaction if we're doing that. So we need to think about how we actually manage those things because I may be introducing different hazards if I have to operate at a higher temperature or a higher pressure. And this is where the real challenge in inherently say for design principles come. We're left making a trade-off. What do we do? How do we approach the option we pick? And it ends up being an engineering judgment that needs to be made that says, "The risk reduction I'm getting by substituting is actually a greater risk reduction than the risk increase I'm getting by having to intensify my process."

And we make these trade-off deals. So there's no such thing as something that's inherently safe. As someone said to me the other day, "The safest plant is the one you don't build because there's nothing there to worry about." But that's not helpful to us, is it? We need to build the plant. We need the product. We need the things associated with it. We need to be making sure that when we make design decisions, we're actually being very specific about the trade-off that we are making in terms of which risks we can tolerate and which risks we can't tolerate.

Inherently Safer Design Playbook

Traci:  Now, making these design considerations, figuring out how to make things inherently safer, is there a playbook, I guess, is what I'm getting at? How do you know what you should be looking at? Or is that just with tenure with your experience?

Trish:  There's a range of different ways that you can approach this. And in fact, a couple of years ago, in the Safety Centre, we released a guidance document focused specifically at applying process safety at the concept select phase of a project. So this is where you're deciding at the very start what you're going to do. And we've actually laid out what inherently safer design principles look like. And the considerations, the things to think about, we've given you a guidance to say, "Think about this and this and this and this and this, and when you think about that, remember this." So, we're trying to help broaden people's knowledge through others' experiences.

So, we worked with some companies from all over the world to say, "How do you apply it so that we can create this best practice guidance for people?" So we do... there is a guidance document out there, and we can give you the link for that. It's a free download. But in addition to that, that's where we also get into things like doing quantitative risk assessment because we can actually do a quantitative risk assessment as a very good comparator. If I do project A, my risk is going to be this. If I do project B, my risk is going to be something different. And I can then look at that, and that will help me make the decision of what is the lesser of the risks to take.

And so as we go through that process, it's a lot of it does come down to the quality of the risk assessment, the quality of the information that goes into the risk assessment, and really getting into understanding that we need to focus on not only what we know about our process that we're building, but we do need to be aware of incidents that have happened elsewhere. So having an effective way to search previous incidents in the many databases that exist. Has this incident happened somewhere else before? Chances are it has because I still haven't really come across anything that's brand new in this world. We still keep seeing the old ones just re-pop up again. So how do we get that information in so we don't have to make that same mistake? 

Traci: You’re talking about the initial concept, the initial design of a plant, but can you apply inherently safer design to plants that are already existing? Or is that something completely different?

Trish:  The answer to that's yes and no. So yes, in terms of there are going to be opportunities for projects and management of change that may put something in that is helpful. But typically, I mean the giveaway's in the name, it's inherent in the design.

So, it can be very hard to backfill inherent into something. It's around when you're modifying, you can say, "Okay, is there something we can do differently here?" So, I've seen some refineries, for example, have moved away from hydrofluoric alkylation units over to sulfuric acid alkylation units. That is an inherently safer design decision in a plant that's already built, but that's a significant investment. That's a very significant change to make. And sulfuric acid still has its own issues as well. They're just different to hydrofluoric.

So, as I said, it's a trade-off as to which way you want to go with the risk that you are tolerating in your facility. Some of the inherent principles, things like separation distances so that you can't have a domino impact. Obviously you can't retrofit that into a facility because the facility's already there, and the equipment's already in locations. But there may be ways to substitute certain chemicals or substances that you have in your facility right now to potentially safer ones to use. So there are some things that you can do in existing plants, and it's around looking at what's your risk profile and what options do you have that can practically be implemented.

Challenges with Implementing Inherently Safer Design

Traci:  Let's dial back and talk. You're talking about the trade-offs and the challenges. Are there other challenges and considerations associated with implementing inherently safer design?

Trish:  One of the common challenges I do see is we often start a project with the best intentions and we have fantastic design. So, we typically contend to see some great examples of inherently safer design principles embedded into the designs at the very start. But then, as we get through the different stage gates, what happens? So, we go through different stages of review, and people start to say, "Oh no, we don't need that. We can take that out. No, we don't need that. We can do this cheaper." And so, we get to the point of going through what's commonly called value engineering stage, where the design can change quite substantially from its initial intent.

And often, we then end up with a design that was once good but is now not as good as it was. And then we go and build it. And potentially, we even build it slightly differently as well. And so by the time we get to the operating plant, we've lost a lot of that intent along the way. And so that's one of the challenges I see. The other challenge that I often see is where we have done really good design we haven't adequately documented the basis of safety for that design. And the reason that's important to really have that so accurately documented is when someone comes along in five, 10 years time and wants to do a management of change on something, they want to change something in the process, if they don't understand why it was designed the way it was in the first place, they might not understand the risk that they're introducing by changing it.

And so, your management of change will then potentially introduce significant risk into your organization because people don't actually realize why something is a particular way. And sometimes they might be very small things like at the plant I talked about that I worked at, we had basically a receiver at the unloading area for the gas to go into its tanks, and that receiver was painted black. Now you think, "Well, why was it important that the receiver was painted black? Couldn't we paint it another color?" Because everything else was white.

So why was this receiver black? It was black, so that any icing that occurred if we managed to somehow drop the temperature of that vessel would be really, really obvious because seeing icing on a black vessel is really obvious. Seeing icing on a white vessel is far less obvious. So we could have decided to have painted that a different color, but if we did, we would've lost a key visual indication that something was wrong in the plant. So understanding that was it documented in the basis of safety? This vessel must be black for these reasons. So it's really important that we accurately document this stuff going into the future.

Traci:  Yeah, I was just going to ask the question about documenting all of this and having the playbook so that when the management of change happens several years down the road, they can look back. And is it a common practice to have that documentation? Is it a necessity to have that documentation?

Trish:  I would say, from a safety management perspective, it's a necessity. From a in-practice perspective, it doesn't always happen, or it doesn't always happen as thoroughly as it could. And one of the challenges we do have is that we still have a lot of really old plants around the world, and sometimes they weren't documented at the time. And so, going back and trying to retrospectively document why things look like they are can be very challenging.

And it's quite a significant project, but it's actually quite a valuable task to undertake so that everybody understands why the plant's designed like it is. I think we're getting better at documenting them now because there's more of an understanding of making sure we document the basis of safety, the basis of design, the basis of operation. But historically, we've got a lot of plants that don't have this documented. And that's where we possibly want to think about going back and trying to retrospectively figure it out so that we do understand what's important and what we can change without too much concern.

Inherently Safer Design Principles and Sustainability

Traci:  What about inherently safer design principles in sustainability? Any thoughts on that?

Trish:  Yeah, I think they're really closely linked, and they're linked in a way because if you think about the concepts of green chemistry and green chemistry is all around how can we make the synthesis of chemicals cleaner and more sustainable and more environmentally friendly? And so when we think about green chemistry, the first element you think of in green chemistry is elimination or substitution, which is exactly what we think about in inherently safer design as well. So how can we eliminate or substitute a chemical from our process for a less harmful chemical in our process?

So, they're actually really, really closely linked. And I think if we can start to understand how closely linked green chemistry concepts are to inherently say for design principles and provided, we are also then very clear that, again, it's all a trade-off we have to make. We need to be very careful that we're not trading off sustainability principles at the expense of process safety principles. They're both very important. One of them is going to have environmental impact.

One of them potentially is going to kill a lot of people. Now, both of those things we need to prevent. I would probably argue I would want to see the saving of the lives at a slightly higher priority than the protection of the environment. But having said that, if we can't do these tasks adequately and protect the environment suitably, then perhaps we shouldn't be doing them, which is the same point I would make on safety. If you can't operate your plant safely, where you're not likely to kill people, you shouldn't be operating that plant.

Traci:  Trish, is there anything you'd like to add on this topic?

Trish:  I think this is a topic that often goes around and round, and people forget about it for a while, and then it becomes flavor of the month again. We need to constantly think about inherently safer design in what we do. And as I said, it does have sustainability benefits, so let's try and get that right too.

But we need to keep reminding our designers and reminding our decision-makers and the people that are going to set the budgets for what we can do and what we can't do as to why it's important, and really understanding and communicating effectively what the risk reduction is and how that's going to help us in the future to produce safer facilities for everybody and the environment.

Traci:  Well, Trish, once again, thank you for helping us prioritize safety. Unfortunate events happen all over the world, and we will be here to discuss and learn from them. Subscribe to this free podcast so you can stay on top of best practices. You can also visit us at chemicalprocessing.com for more tools and resources aimed at helping you run efficient and safe facilities. On behalf of Trish, I'm Traci, and this is Process Safety with Trish and Traci.

Trish: Stay safe.

 

About the Author

Traci Purdum | Editor-in-Chief

Traci Purdum, an award-winning business journalist with extensive experience covering manufacturing and management issues, is a graduate of the Kent State University School of Journalism and Mass Communication, Kent, Ohio, and an alumnus of the Wharton Seminar for Business Journalists, Wharton School of Business, University of Pennsylvania, Philadelphia.