The belief that all loss events are foreseeable, given sufficient analysis, is very alluring. Throughout the life of a manufacturing process opportunities exist to examine risk, apply more complex methods, and give hazard scenarios and their avoidance more thought. However, the reality is that most people have difficulty thinking outside the box and honestly looking at how the process can misbehave. It’s easy to accept that if nothing has happened before, nothing will happen in the future. The harsh truth is that a hazardous situation still can occur.
Omniscience isn’t possible — but you can see risk more clearly. So, let’s look at some of the challenges to achieving 20:20 vision.
VULNERABILITIES IN RISK EVALUATION
We use hazard assessment methods to identify loss-event pathways and determine what must be done to prevent their occurrence. An inherent weakness of these methods is their vulnerability to lack of competency, incomplete information, and deficiencies in hazard awareness and design. Where there’s limited operational knowledge, there’s an associated limited awareness of how sensitive a process is to deviation. Successful operation of complex processes — no catastrophic incidents— sustains the belief that everything is safe as is. Clifford Nass, a Stanford professor who pioneered research into how humans interact with technology, warned, “denial is the greatest enabler.”
Risk analysis is a tool to ensure that an appropriate standard of care is applied, not to prove whether safeguards are needed or not [1]. It’s unrealistic to think that hazard and risk analysis identifies everything that could go wrong. An incident analysis [2] by the U.K.’s Health and Safety Executive (HSE) determined that more than 20% of loss events stem from an “organization failing to fully consider potential hazards or causes of component failure.” The vast majority of incidents (81%) resulted from the organization failing to adequately plan and implement procedures for risk control, including the design of the process (25.6%), the provision of operating and maintenance procedures (15.6% and 22.6%, respectively), the management of change (5.7%), a permit-to-work system (4.9%), plant inspections (3.5%),and ensuring competency (1.7%).
The American writer H. L. Mencken wrote, “For every complex problem there is an answer that is clear, simple, and wrong.” Consider the limits of what you know, then add a good-sized measure of bad luck. It’s wise to have a sense of vulnerability even when you’ve done your best to design a safe plant [1, 3, 4]. It’s sensible to implement safeguards that prevent the loss event rather than simply relying on probabilistic analysis. Every process needs a holistic loss-event prevention plan that includes:
Inherent safety —
• Robust vessel and piping design so process deviation is tolerable.
Functional safety —
• A reliable control system that reduces the frequency of abnormal operation.
• An alarm system that notifies the operator when the process is experiencing abnormal operation.
• A shutdown system that sequences the process to a safe state when it reaches an unsafe condition.
• An emergency shutdown system that isolates the process from its supply when loss of containment occurs.
• Other safeguards as necessary to address loss of containment and event escalation.
Figure 1. Layers aren’t completely independent because they all attach to the base, whose integrity depends upon an adequate functional safety management system.
Figure 2. Holes dynamically appear in each slice, increasing the likelihood that holes in different slices will line up, allowing an incident to occur.
Figure 3. The math in a hazard analysis should demonstrate that risk is within the range the company will accept.
Figure 4. Too often, companies spend time looking for new methods rather than better data.
ANGELA SUMMERS, Ph.D., PE, is president of SIS-TECH Solutions, LP, Houston. E-mail her at [email protected].
This article is based on her presentation at the 10th Global Congress on Process Safety, New Orleans, La. (March 31–Apr. 2, 2014).
REFERENCES
1. Murphy, John F., “Beware of the Black Swan,” pp. 330–333, Process Safety Progress, Vol. 31, No. 4 (Dec. 2012).
2. “Loss of Containment Incident Analysis,” p. 5, Health and Safety Laboratory, Sheffield U.K. (2003).
3. Summers, Angela E., “Safe Automation Through Process Engineering,” Chem. Eng. Progress, pp. 41–47, Vol. 104, No. 12 (Dec. 2008).
4. Summers, Angela E., “Safety Management is a Virtue,” pp. 210–213, Process Safety Progress, Vol. 28, No. 3 (Sept. 2009).
5. Reason, James, “Managing the Risk of Organizational Accidents,” Ashgate Publishing, Farnham, U.K. (1997).
6. “Findings from Voluntary Reporting of Loss of Containment Incidents, 2004/2005,” Health and Safety Executive, Bootle, U.K. (2005).
7. Taleb, Nassim N., “The Black Swan: The Impact of the Highly Improbable,” 2 ed., Random House, New York City (2010).
8. Summers, Angela E. and Hearn, William H., “Quality Assurance in Safe Automation,” pp. 323–327, Process Safety Progress, Vol. 27, No. 4 (Dec. 2008).