FM Loss Prevention in Chemical Plants

Factory Mutual 7-43 Property Loss Prevention Data Sheets 17-2

May 1999 Supersedes February 1974

Page 1 of 50

LOSS PREVENTION IN CHEMICAL PLANTS

Table of Contents Page

10 SCOPE 3 20 RECOMMENDATIONS 3

21 Process Safety Management (PSM) System 3 211 General 3 212 Accountability and Responsibility 4 213 Process Safety Knowledge and Documentation 4 214 Process Safety Review (Process Hazard Analysis) 4 215 Management of Change 5 216 Process and Equipment (Mechanical) Integrity 5 217 Incident Investigation 5 218 Training and Performance 6 219 Human Factors 6 2110 Standards Codes and Laws 7

22 Highly Protected Risk (HPR) 7 23 Principles of Inherent Safety 8

30 DISCUSSION 8 31 Process Risk Management Strategies 8

311 Tier 1 laquo Inherent Safety 9 312 Tier 2 laquoPassive 9 313 Tier 3laquo Active 10 314 Tier 4 - Procedural 11 315 Summary 11

32 Process Safety Management 11 321 Accountability and Responsibility 11 322 Process Safety Knowledge and Documentation 12 323 Process Safety Review (Process Hazard Analysis) ~ 14 324 Process Risk Management 16 325 Management of Change 19 326 Process and Equipment (Mechanical) Integrity 22 327 Incident Investigation 24 328 Training and Performance 27 329 Human Factors 29 3210 Standards Codes and Laws 33 3211 Audits and Corrective Actions 33 3212 Emergency Response Planning 36

33 Concepts of Highly Protected Risk 37 331 Requirements to Achieve HPR Status 37

34 Concepts of Inherent Safety 43 341 Intensification 43 342 Substitution 43 343 Attenuation 44 344 Limitation of Effects 44 345 SimplificationError Tolerance 45

copy1999 Factory Mutual Engineering Corp All rights reserved No part 01 this document may be reproduced stored in a retrieval system or transmitted in whole or in part in any form or by any means electronic mechanical photocopying recording or otherwise without written permission of Factory Mutual Engineering Corp

7-43 17-2 Loss Prevention in Chemical Plants Page 2 Factory Mutual Property Loss Prevention Data Sheets

40 BIBLIOGRAPHy 45 41 Process Safety and Risk Management 45 42 Highly Protected Risk Guidelines for Chemical Industry 45 43 Concepts of Inherent Safety 46 44 Preventive Maintenance 46 45 Chemical Hazard Information 46

APPENDIX A INTERNATIONAL ORGANIZATIONS AND REGULATORY CODES OVERSEEING CHEMICAL PLANT PROCESS SAFETY 47

A1 Mandatory Regulations Covering PSM and Related Chemical Industry Safety Oversight 47 A11 Europe 47 A12 United States 47

A2 Voluntary Chemical Industry Programs and Resources 49 A21 Australia 50 A22 Canada 50 A23 India 50 A24 Far East 50 A25 South America 50 A26 United Kingdom 50 A27 United States 50

List of Tables Table 1 Comparison of OSHA and EPA Thresholds of the More Common Hazardous Chemicals 48

copy1999 Factory Mutual Engineering Corp Ali rights reserved

7-43 Loss Prevention in Chemical Plants 17-2 Factory Mutual Property Loss Prevention Data Sheets Page 3

10 SCOPE

This data sheet describes general principles and concepts of chemical risk loss prevention and the minishymum requirements for a chemical operation to qualify as a Highly Protected Risk (HPR) Other Factory Mutual (FM) data sheets listed in Section 40 provide specific guidance on protection concepts and design requireshyments within this HPR framework

An HPR chemical facility is one that meets the highest standards of property loss prevention including manshyagement commitment process control fixed active and passive protection where needed and employee training and awareness

Process safety management (PSM) as a way of conducting business has been developed over many years to guide the chemical process industry toward safer facilities before being adopted by various regulatory agencies It can and should be considered the foundation of all loss prevention activities in this industry as well as related industries with hazardous chemical processes Process safety management is a necesshysary component of an HPR facility to minimize or prevent episodic releases or events that can cause propshyerty damage and business interruption

A number of US national and state regulations as well as those of the European Union and other intemashytional regulators have adopted PSM in one form or another (Highlights of some of these regulations are in the Appendix) This data sheet is not meant to address issues associated with regulatory compliance but also does not introduce any conflicts with these regulations

As a fundamental subset of PSM and HPR concepts principles of inherent safety as they apply to the chemishycal industry are also discussed By practicing the concept of inherent safety a hazardous plant or proshycess can be significantly reduced in overall risk

The concepts of Highly Protected Risk process safety management and inherent safety are aU interreshylated and apply to chemical facilities as well as non-chemical facilities with chemical processes The level of detail to which PSM principles are implemented is in proportion to the level of hazard of the operation PSM principles are not a cookbook to be followed but a philosophy to be applied according to need

20 RECOMMENDATIONS

21 Process Safety Management (PSM) System

2 1 1 General

2111 Chemical plants and hazardous chemical operations in other plants should have a process safety management system in place to assure that the following (or equivalent) elementsmiddot of process safety are inteshygrated into plant operations

a Accountability and Responsibility

b Process Safety Knowledge and Documentation

c Process Safety Review (Process Hazard Analysis)

d Process Risk Management

e Management of Change

1 Process and Equipment (Mechanical) Integrity

g Incident Investigation

h Training and Performance

I Human Factors

j Standards Codes and Laws

k Audits and Corrective Actions

L Emergency Response Planning

copy1999 Factory Mutual Engineering Corp All rights reserved


bull These 12 elements are based on the Center for Chemical Process Safety (CCPS) Plant Guidelines for Techshynical Management of Chemical Process Safety Other guidelines are equivalent and can be substituted A list of CCPS and other references on PSM is provided in Section 40 Bibliography

2 12 Accountability and Responsibility

Key components of this element are a policy statement management commitment procedural requirements and a peJiormance measurement

2121 Management should develop a written policy statement that clearly defines process safety and loss prevention as a priority which is shared by management as well as plant operations personnel The stateshyment could include a Process Safety Management organization chart which clearly shows positions lines of authority and process safety functional titles The policy statement should receive broad distribution to all sectors of the organization backed by genuine management interest in loss prevention The statement and organizational chart should be reviewed regularly and updated as needed to reflect things such as manageshyment changes within the facility

2122 The facilitys PSM program should have procedures to resolve safety and loss prevention conshycerns which arise from new design HAZOP reviews Management of Change (MOC) issues etc and should include input from operations employees where appropriate These procedures should designate a pershyson or position that is responsible for achieving resolution

2123 A program should be in place to track how well safety and loss prevention concerns are resolved Of particular interest are those concerns that were not easily resolved This could be as simple as a monthly report of the status of unresolved issues sent to a designated responsible person as indicated by the orgashynizational chart or plant procedures

2 13 Process Safety Knowledge and Documentation

2131 The organization should assign a responsibility for maintaining key material and process hazard information design basis information design standards electrical area classifications key design decishysions alternate process considerations and basic operation and maintenance procedures for all chemical processes Documents would also include accident investigations causes and corrections as well as records of process equipment and maintenance changes

21 32 All processes should have detailed written procedures that document normal operating proceshydures as well as start-up shutdown and abnormal situations These procedures should be kept up-tO-date and written in such manner as to be understood by all operating personnel Should the facility be multilinshygual procedures should be maintained in separate form for each language Any changes to the docushymented procedures should follow the Management of Change procedures of the PSM program Operator involvement in writing the procedures will ensure comprehensiVe detail in the procedures

2133 A periodic review or audit should be peJiormed for all written procedures to ensure they remain current

214 Process Safety Review (Process Hazard Analysis)

2141 The following are considered a minimum to meet the Process Safety Review requirements in an effective program based on PSM principles

a Collaboration between process and loss prevention specialists at the concept stages of a project

b Agreement on a protection philosophy with special consideration given to inherently safe design in site selection construction and protection features

c Conduct a detailed process safety review using a recognized methodology (HAZOP Checklist FEMA etc) at an early stage in the project The review should be updated whenever process changes are made and a complete re-evaluation made on a regular basis (about 5 yr intervals)



2 15 Management of Change

2151 Management should establish and implement written procedures to manage change in technology facilities and personnel These procedures should be flexible enough to accommodate both major and minor changes and should be understood and used These procedures should

a Provide a method for identification of changes that should be subject to MOC procedures

b Provide for documentation of the process and mechanical design basis for the proposed change

c Provide an analysis of the loss prevention considerations involved in the proposed change including a formal process hazards review if appropriate The effects of the proposed change on separate but intershyrelated upstream or downstream facilities should also be reviewed

d Identify the need for modifications of the operating procedures updating PampIDs updating personnel training etc

e Provide for communication of the proposed change and the consequences of that change to approprishyate personnel such as maintenance engineers operators safety and emergency response staff

f Establish administrative procedures needed (documentation checklists that cover hazards records of personnel skills responsibilities and training)

g Provide for tracking of and limiting the duration of any temporary change

h Identify the required authorizations

2152 A qualified member of the plant loss prevention safety or engineering staff should be assigned to communicate changes to the FM specialist where appropriate This individual should assure that all plant pershysonnel follow accepted methods for management of change and that the FM specialist is notified at the earshyliest stages of significant changes to allow for proper consideration of the loss prevention aspects

2 16 Process and Equipment (Mechanical) Integrity

2161 To implement this element of PSM programs should be in place to address the following

a Reliability Engineering - Tracking and evaluating of individual equipment and processes to prevent unexpected incidents throughout its lifetime

b Materials of Construction and Fabrication - Assuring equipment is built according to appropriate stanshydards with materials appropriate to the service conditions with appropriate supporting documentation

c Installation Procedures - Planning quality control inspection and pre-startup integrity testing to insure installation in accordance with specifications and direction of the manufacturer Poor installation can invalishydate a good design

d Preventive Maintenance - Documenting procedures to insure maintenance is completed on schedshyule unscheduled work is properly authorized and completed without introducing additional hazards and records are maintained and evaluated to identify future needs This would include a comprehensive vesshysel and piping inspection program as well as instrumentation inspection testing and calibration

e Demolition Procedures - Documenting methods to isolate remove and dispose of obsolete or unneeded equipment without creating unnecessary hazards

2 17 Incident Investigation

2171 The corporation should have a system based on PSM principles that requires incidents to be recorded and investigated The investigation methods should consist of the basic elements outlined above and records should be kept detailing each incident the level and results of the investigation and the status of any findshyings or recommendations developed

2172 Management should make use of all incident investigations and near-misses to evaluate recurshyrences Action should be taken to eliminate the source of error either through system redesign or addishytional training Important lessons learned in these investigations should receive wide distribution to interested and affected parties



218 Training and Performance

2181 Operators should be fully trained in the normal operation 01 the facility as well as the appropriate action for each alarm condition Since every process excursion cannot be detailed the operators should be trained in diagnostic and trouble-shooting skills to facilitate an orderly correction For the most critical applishycations for example nitrations some polymerization and other highly reactive systems use of a process simulator for training purposes is strongly suggested If a simulator is to be used the control panel and instrushymentation should be designed to match the actual equipment that will be used in the operation

2182 When either temporary or permanent changes are made to a process the process documentation and drawings should be updated prior to implementation of the changes All employees whose responsibilishyties involve the affected area should be retrained in the new process parameters and safe working condishytions This will allow integration of the new procedures into the day-to-day functioning of the facility

2183 Special care must be taken when critical actions are infrequently completed in the normal course of operations Actions such as responding to infrequent critical alarms may result in catastrophic events if the response is incorrect In these cases frequent retraining is needed

2184 Training should be mandatory for contract employees working in the area so they may perform in a safe and effective manner Training for contract employees may need to be as stringent as for operators

2185 A comprehensive retraining program should be in place for all operating personnel The time intershyval for retraining will vary depending on the criticality of the process and number of changes made Manageshyment should have a formal method to determine retraining frequencies

2186 A formal method for evaluating the effectiveness of the training program should be developed This may be a written test hands-on demonstration simulation or an extended period of on-the-job training A feedback mechanism should be established to inform the operator of areas requiring further study and improvement Records should be kept of these evaluations to facilitate improving the method of training employees

219 Human Factors

2191 Organization

21911 The plants program should have written guidelines requiring that all new processes incorporate funshydamental concepts of human lactor engineering from the design phase of the project If human factor speshycialists are not available in-house consideration should be given to retaining outside specialists to assist in this area

21912 Human factor elements should be incorporated into existing processes if economically viable whenever changes or improvements are being planned

21913 HAZOP reviews should specifically explore human factor issues to determine if appropriate design has been included

21914 Each of the above activities should include input from operating personnel to ensure that day-toshyday operating knowledge is incorporated into the proposed improvements

21915 Management should create an environment where process safety is paramount above producshytion demands Operators should be empowered to invoke a controlled shutdown of a process if operating conshyditions indicate an imminent loss-of-control situation A written statement to this effect signed by senior plant management should be posted in the control rooms

21916 If staff reductions are anticipated managements commitment to safety and loss prevention should remain paramount Special attention is needed during these times to ensure that operating personnel remain motivated to perform their functions in a consistent and safe manner

2192 Alarms

21921 All alarms should be ranked according to severity and displayed visually and audibly in this order to avoid alarm overload during an actual emergency

copy1999 Factory Mutual Engineer


21922 Critical alarms should be grouped separately from information only alarms Audible and visual alarms should be distinctly different for these type alarms so that priority can be given to critical alarms

21923 Critical process information should be easily accessible on the control panel so that an excesshysive number of screen changes will not be required to understand the information in an emergency situashytion

21924 Critical process information and alarms should be logged by computer or manually as approprishyate and maintained for a reasonable period of time to aid in incident investigation or future process improvements

21925 The operator should have a proactive role in the monitoring and control of process variables rather than simply waiting for alarm conditions to sound This will encourage the operator to be familiar with the proshycess data and facilitate an appropriate response in an emergency situation

2193 Environmental

21931 Optimal performance occurs when environment factors are within specific boundaries Proper clothshying should be available for employees whose work is outside a climate-controlled environment

21932 For areas having excessive noise proper hearing protection should be provided and a method of communications established as vocal communication will not be feasible

21933 Proper lighting should be provided in all operations areas and most importantly in control rooms to ensure control and process equipment is visible

2194 Maintenance Operations

21941 All maintenance operations that may adversely impact the safe operation of a process or producshytion facility should require written authorization Included in this authorization is notification to all areas of the facility that the work will impact In most cases operations will need to be stopped or bypassed to allow safe work in the area All such process modifications should be thoroughly studied to determine the ramifishycations of the process change

2 1 10 Standards Codes and Laws

21101 The organization should define the minimum codes standards and laws that will be applied for maintaining an acceptable level of safety

21102 Responsibility should be assigned to ensure all codes standards and regulations (internal or extershynal) are maintained current and are available to those needing to use them

21103 A variance procedure should be developed that can be applied when an alternative to an existing code is to be used

22 Highly Protected Risk (HPR)

A Highly Protected Risk (HPR) level of loss prevention based on FM data sheets and industry guidelines should be the goal at chemical risks (See also 33)

221 An HPR chemical risk is one that meets all of the following minimum guidelines

a A fully integrated system based on PSM principles at a level appropriate to the hazards

b Management commitment and oversight including early involvement of FM specialists at an early stage of all projects

c Adequate process control and safety instrumentation

d Operator training and empowerment adequate for the process complexity

e Piping and vessel overpressure protection for the hazards that exist

f Maintenance inspection and testing programs covering all critical equipment and instrumentation



g An adequate and reliable water supply and delivery system

h Ignition source control

I Adequate spacing of buildings process units and tanks

j Emergency response and post-loss contingency plans

k Testing and understanding of process chemistry

Where needed based on hazard an HPR chemical risk also incorporates the following features

Adequate and reliable fixed suppression systems

m Drainage and containment systems

n Fire protection of structural steel

o Damage limiting and noncombustible construction

p Combustible gas detection

q Inerting and purging systems

r Barriers barricades andor distance separation

s Protection against natural hazards

23 Principles of Inherent Safety

231 Principles of Inherent Safety should be applied where possible when designing or improving chemishycal plant processes Inherent safety (see also 34) includes the following general principles

a Intensification using smaller amounts of a hazardous substances

b Substitution - replacing a hazardous chemical with a non-hazardous or less hazardous one

c Attenuation - using less hazardous process conditions or a less hazardous form of a material

d Limitation of effects - designing a facility to minimize the impact of a release of hazardous material or energy for example by sufficient spacing or more resistant construction

e Simplificationerror tolerance - designing a facility so that operating errors are less likely or the proshycess is more forgiving if errors are made

30 DISCUSSION

In the following sections concepts and strategies for risk reduction in the chemical industry are discussed These include approaches to loss prevention using

a CCPS four-tiered Process Risk Management Strategy

b CCPS systematized Process Safety Management approach

c Factory Mutual concepts of a Highly Protected Risk

d Concepts of Inherent Safety

31 Process Risk Management Strategies

The CCPS four-tier safety strategy for reducing risk in a chemical facility includes inherent safety passive safety active safety and procedural safety

These strategies are listed in preferred selection order as a loss prevention technique By this method when designing a plant one would approach the safety aspects by applying these strategies starting with an inhershyent safety concept followed by passive protection where still needed followed by active systems and then by procedural or administrative systems as needed As you move down the layers to minimize or prevent a loss the frequency or consequences of loss can increase

1999 Factory Mutual Engineering Corp All rights reserved


3 1 1 Tier 1 - Inherent Safety

The first tier and most preferred approach to chemical plant loss prevention is Inherent Safety (IS) Inhershyent safety is defined as eliminating the hazard through intensification substitution attenuation limitation of effects or simplificationerror tolerance Refer to Section 34 for a full discussion on inherent safety conshycepts including definitions of these terms The intent of applying inherent safety is to eliminate the need for add-on layers of passive active or procedural protection which have to function as designed to limit the effects of a loss

Examples of implementing inherent safety would be

bull substitution of water for process cooling in place of a combustible thermal oil

bull substitution of a non-flammable solvent for a flammable solvent for example using supercritical carbon dioxshyide in place of hexane for extraction

bull through chemical research replacing a high pressure process using extremely reactive materails in a flamshymable solvent with an atmospheric pressure process using non-flammable solvents in a reaction that is incapable of generating any pressure in the event of a runaway reaction

bull storing flammable gases such as ethylene in low pressure refrigerated tanks rather than pressurized tanks

In these examples the revised cooling and extraction systems represent no fire hazard They require no fixed fire protection with its installation maintenance and testing costs With the new reaction system there is no potential for overpressure because of the chemistry of the process and the physical characteristics of the materials have no need for costly and failure-prone add on controls emergency relief devices or reacshytor strengthening Finally with the refrigerated storage the amount of vapor produced in the event of an unexshypected release of the liquid will be minor compared to a similar event with pressurized storage

Note that there may be tradeoffs when applying IS techniques or any of the four strategies The water coolshying system is more susceptible to freezing and may need more cold weather protection than a thermal oil sysshytem to prevent a costly freeze damage loss The CO2 extraction system requires extremely high pressures and process equipment will be susceptible to overpressurization requiring add on passive or active protecshytion or procedural controls The reaction system might require use of a corrosive material that could cause long term building damage requiring costly steel protection or maintenance The economics and overall risk reduction for all approaches all of which carry risks need full evaluation

The potential for risk reduction through use of inherent safety is most likely very early in the design proshycess To affect the chemistry of the process may require years of experimental work Other more tolerant changes and safety improvements may be made during plant design

While opportunities to apply inherent safety concepts should always be explored there will always be situashytions where other risk management strategies may need to be employed

3 12 Tier 2 - Passive

The next tier and the next in safety selection preference is the passive approach A passive approach is one that requires no mechanical device or system to actively function to limit or prevent the loss A passive approach can also be one that stores or uses hazardous materials in a form or state that is as benign as possible

For example after a process review it is determined that water cooling cannot be used and the process requires a reaction that is capable of generating 50 psig in the event of a runaway reaction

If a combustible thermal oil must be used for cooling a passive approach would attempt to use an oil with the most benign properties and under the lowest temperature and pressure as possible Further this approach would limit the amount of potential oil released by eliminating bulk storage of material within the unit and sizshying the coolant feed system to the minimum flow requirement Finally in the event of spill the process area would be designed for rapid drainage and building steel fireproofing rather than placing reliance on (active) fixed fire suppression systems that may fail

In the case of the reactor system instead of relying on an active system such as a safety relief valve to proshytect the reactor in the event of a runaway a passive approach would be to design the reactor to contain the maximum expected overpressure



Some additional examples of a passive approach are diking and containment systems fire barriers blast resistant construction using stainless steel in place of plastic in corrosive environments proper spacing of buildings vessels and process units plant design to prevailing meteorological or geological hazard enclosshying plastic electric cables in metal conduit processing potentially combustible dusts as a slurry etc

The single most favorable aspect of a passive approach is its performance reliability Because it is not an active system it is not prone to failure unless process conditions or materials are changed without commenshysurate improvements to the passive system

3 13 Tier 3 Active

The next tier and the next in safety preference is the active approach An active strategy is one that requires a mechanical device or protective system to actively respond and function to limit or prevent the loss An active system must be

bull reliably designed to work when intended

bull installed according to strict installation rules

bull maintained and tested over its entire life

Because of this an active system is more prone to failure than a passive system and may cost more over the life of the plant Active systems are also known as engineered controls

In a previous example if the thermal oil system is used under more hazardous operating conditions or the drainage and fire proofing systems are lacking insufficient or too costly to retrofit then an active fixed water suppression system becomes the protection device of choice This system must be properly designed and maintained and tested over its entire life to be considered reliable and effective Once activated more damshyage will occur than with a passive system because the fuel (thermal oil) is not removed by drainage the buildshying steel is not protected against radiant heat (and may structurally fail) and the water system itself may cause damage to sensitive instrumentation Finally if the suppression system should fail always a possibilshyity reliance for protection becomes dependant on the fourth tier procedural or administrative controls If relishyance on procedures (ie manual response) is needed a significant increase in damage will usually occur due to delayed response

In the reactor example an active (engineered) approach would be to design the reactor to 15 psig and acknowledge the potential for a 50 psig overpressure by depending on process and management controls to prevent the runaway reaction and by providing properly designed emergency relief venting if it does runshyaway The active system is complex and becomes even more complex as vent gas collection systems are installed etc

This active approach is the traditional approach to reactor protection and most other loss prevention activishyties in a chemical plant One primary reason is timing Often protection is added after the plant is conshystructed Inherent safety and passive approaches become less economical if not completely impractical after a plant has entered the equipment design phase

An active approach does not provide the same level of risk reduction that the inherently safe or passively safe systems do In the case of the reactor with an active approach the loss would be significant if the emershygency relief system failed (reactor failure building blast damage ensuing fires and production loss) In the case of the passive system the pressure would be contained with minor risk effects (perhaps time and cost to investigate recertify the vessel and retrain employees etc) In the inherently safe system the event could not occur

Some additional examples of an active strategy are large deluge systems with high capacity water sysshytems automatic sprinklers over grouped electrical cables explosion suppression systems in dust collecshytors flow thermal and pressure controls and interlocks emergency shutdown systems etc

While not as effective and reliable as the inherently safe or passive approach nevertheless active sysshytems are often required and necessary for adequate protection of a chemical plant



3 14 Tier 4 - Procedural

The next tier and last in safety preference is the procedural or administrative control approach A proceshydural response to safety is one using operating procedures administrative checks emergency response and other management approaches to prevent or minimize the severity of an incident

An example would be to provide written procedures for operators to take corrective action for the runaway reactor rather than provision of active automatic controls or relief systems In this scenario emergency action such as leaving the control room inspecting the reactor and manually adding quench water might be the only loss prevention response In the event of a thermal oil release and fire the plant may have only the emershygency response of the fire department to rely upon for damage control

315 Summary

The application of a tiered approach to risk management does not necessarily imply a singular strategy A complex HPR facility will feature aspects of all four safety tiers - inherent passive active and procedural

within the plant Given a sufficiently hazardous process all four tiers might be applied to the single proshycess to provide assurance to risk managers that if one level fails additional levels are available to limit the loss

Application of this tiered approach is fully consistent with HPR loss prevention concepts

32 Process Safety Management

The CCPS defines process safety management as the application of management systems to the identishyfication understanding and control of process hazards to prevent process related incidents

The CCPS defines process safety management systems as comprehensive sets of policies procedures and practices designed to ensure that barriers to episodic incidents are in place in use and effective

The CCPS guidelines focus on twelve elements of chemical process safety

- Accountability and Responsibility Process Safety Knowledge Project Review and Design (Process Hazard Analysis)

- Process Risk Management - Management of Change - Process and Equipment (Mechanical) Integrity - Incident Investigation - Training and Performance - Human Factors - Standards Codes and Laws - Audits and Corrective Actions - Emergency Response Planning

In addition to CCPS other organizations have developed PSM guidelines which may have different eleshyments and terminology but nonetheless are equivalent to the CCPS guidelines and may be fully substishytuted in application Some are listed in the Appendix There are also government regulations both US and international which mandate application of PSM guidelines under specific conditions Some information on these regulations is also in the Appendix

All 12 CCPS points are needed for a reliable system based on PSM prinCiples but they need to be customshyized for the corporation (Le making baking soda does not need the same program used for making polyshyvinyl chloride)

32 1 Accountabifity and Responsibility

Accountability and responsibility are at the heart of any facilitys program These concepts must be ingrained into the philosophy of an organization to be successful Key components of accountability are a policy stateshyment management commitment procedural requirements and performance measurement



The degree to which management demonstrates interest in implementing programs based on PSM prinshyciples at its facilities is of paramount concern to safe operation of the facility Without solid management backshying even the best written program will never achieve successful implementation Management interest should be demonstrated with a written policy statement that is shared with and understood by each member of the facility Managements interest in loss prevention should be obvious in the day-to-day activities of a facility Simply having a paper document on file will be of no benefit Routine safety meetings communication of safety issues to employees and publishing lessons learned from incident investigations are just a few ways in which this interest will be demonstrated

The policy statement should be site-specific and should assign ownership of safe operations to manageshyment as well as to every employee involved in the operation Expectations of every member of the organishyzation will be detailed and written in language understandable at every level of the organization The policy statement should be reviewed on a periodic basis and changes made as needed For example when changes occur within an organization such as change in management structure the policy statement should be updated to reflect these changes

The policy statement should clearly outline the objective of the PSM program These principles should be roushytinely communicated to all employees so as to reinforce a safety-conscious work force Generally a review of the policy statement will be included in the orientation of new employees Periodic review with all employshyees within the organization is also useful

Each employee should feel responsible for the safe operation of a facility There should be no fear of reprishymand should a safety concern be reported Only when the channels of communication remain open and free can a program based on PSM principles become and remain effective

As safety issues arise in new facility design HAZOP reviews changes to the process etc there will be issues that are not easily resolved or will involve interpretation of codes or standards A method should be in place to handle such issues so that resolution at the lowest level of management is achieved

Once implemented the success of program based on PSM principles should be evaluated on a periodic basis to ensure the procedures achieve results This can be in the form of random audits routine reports to management or direct communication with those involved Findings from this feedback mechanism should be incorporated into the policy statement to facilitate constant improvement of the PSM program Issues that are difficult to resolve often lead to input on ways that the PSM program could be improved

3211 Example Liquefied Petroleum Gas (LPG) Mexico City MexiCO

On November 19 1984 an 8 in (200 mm) pipe line at a government-owned LPG terminal rupturedO The supshyply was not shut off and the vapor cloud was subsequently ignited 10 minutes later by a ground level burn pit Additional LPG tanks and spheres BLEVEd (Boiling Liquid Expanding Vapor Explosion) due to exposhysure to excessive heat Management and organizational factors reportedly were the major factors in this incishydent Reportedly management at this facility had not taken action on recommendations from previous studies The deluge systems that were designed to cool the LPG vessels were deemed grossly inadequate Vesshysel design was inadequate and the vessels lacked proper inSUlation There was also no gas detection sysshytem available at the facility The loss estimate is in excess of $25 million property damage (current values) 12

3212 References

1 Gertman DI and Blackman HS Human Reliability and Safety Analysis Data Handbook John Wiley amp Sons New York (1994)

2 Mahoney D Ed Large Property Damage Losses in the Hydrocatbon-Chemical Industries A Thirtyshyyear Review MampM Protection Consultants Chicago (1995)

322 Process Safety Knowedge and Documentation

Process safety knowledge and documentation which includes process safety information is the basis for understanding the hazards of the process This is achieved by acquiring process information and using this knowledge while conducting process hazard analyses



The CCPS defines process safety information as the data describing the process and its chemistry Proshycess safety knowledge in general terms includes both process safety information and the ability to undershystand and interpret the information It also includes the tracking and storing of key initial design bases records of critical design decisions design standards site and equipment drawings accident investigation information etc This data can be used as a baseline for future changes

Data on process hazards and material chemistry can be obtained from numerous sources including testshying manufacturer issued Material Safety Data Sheets (MSDS) (or equivalents) and literature sources

Some examples of needed process safety information and the sources where the information is found folshylow as an example of a new process under design

A chemical company is proposing a process using flammable solvents reactants and catalysts to produce a chemical intermediate for the pharmaceutical industry The process will include a potentially exothermic reaction mixing distillation and drying to produce a powdered product Prior to conducting a process hazshyard analysis or determining levels of protection information is needed on the various materials and the way they may interact normally or abnormally

The company may find information from the following sources

a Material Safety Data Sheets These if available will give information on flammability (ie flash points) explosibility (ie explosive limits) toxicity corrosiveness and potential reactivity with other materials

b Factory Mutual data sheets and National Fire Protection Association (NFPA) standards Lists of hazshyardous materials are presented with fire and explosion information

c Public domain literature such as the Kirk Othmer Encyclopedia of Chemical Technology Sax Dangershyous Properties of Industrial Materials CRC Handbook of Chemistry and Physics and numerous other simishylar sources

d Proprietary industry or trade group research and testing reports

e Expert opinion such as engineers from the corporation Factory Mutual or outside consultants

f Intentional and systematic testing of the materials

In the example the final product of the new process is a powder with a possible dust explosion hazard The material is unique and no known data on its properties can be found by conventional literature search To determine hazardous properties such as minimum ignition energy lower explosive limits maximum rate of pressure rise and possible overpressures produced should it explode tests are conducted in an ASTM E1226 20-liter sphere

Information on the mixture within a reactor or other vessels is needed to determine potential for exothermic runaway or other chemical instability Laboratory-scale reactivity screening should be done in advance of scaling up to pilot or full scale processing This data can be obtained using a number of devices including the Accelerating Rate Calorimeter (ARC) the DIERS Vent Sizing Package (VSP) and others

Site information is also developed during this stage This may include meteorological data (for later vapor disshypersion modeling) geographic data for exposure to natural hazards accident exposures from nearby indusshytrial sites and utility data such as reliability and adequacy of water fuel and power supplies

After basic chemistry physical and thermodynamic properties of materials are developed and site characshyteristics are found conclusions on different release and impact scenarios are qualitatively determined For example if a solvent is flammable it will be qualitatively concluded that a spill can result in fire If boiled and held under pressure an indoor or outdoor flammable vapor explosion potential may exist The catalyst to be used might be known to overheat and produce equipment damaging pressure if not refrigerated These generic conclusions are all derived in the process safety information phase However the sequence of events by which the scenario and its consequences will be realized will not surface until a process hazard analysis is conducted on the system in which the materials are used Finally the action steps such as fixed mitigation taken to reduce the quantified hazard or consequences will not surface until the process risk manshyagement stage



Under this activity in addition to developing and maintaining basic process and material hazard informashytion it is necessary to include accumulation of all the design details altemative process considerations key design decisions and basic operation and maintenance plans

Here the corporation should develop rationale and responsibility for collecting and maintaining this data as well as data on operating experience accident investigations causes and corrections as well as changes developed and reviewed under the Management of Change processes (described later)

This collection of data will preserve initial design records (ensure replacements comply with design intent) reasons for key design decisions (aid to future projects and modifications) and provide a basis for undershystanding how the process should be operated It also serves as a baseline for evaluating future changes

The collection of this information provides the process safety knowledge needed in subsequent PSM steps (as well as a record of the original review process) so that the process can be started up and run throughshyout its intended life without an unanticipated incident or unprotected hazard The information is documented and made part of the overall process safety management package which will eventually also include data from the process hazard analysis and process risk management steps This is then used for employee trainshying future process changes etc

Enhancement of process safety knowledge is a subset of this element and is sometimes added as a sepashyrate element of PSM As the life of the plant progresses new technology in process operation inherent safety or loss prevention techniques may be developed While not known or cost effective during initial plant design they may become so later in the life of the plant It is important for an organization to stay fully abreast of new technology and apply it as appropriate Use of a Management of Change procedure will assure that latshyest technology and information will be available


This element of PSM is often identified as Process Hazards Analysis (PHA) and should include the project review for new facilities or modifications to existing facilities that have a significant process or capital impact Where no major changes occur the review should be revisited on a regular basis A suggested frequency would be about every 5 years with longer intervals for less hazardous processes The element also includes the necessary design and pre-startup review of such projects to ensure that recommendations were in fact implemented

The CCPS discusses staffing hazard reviews siting plot plan etc in the context of phases of capital projects As a supplement to the CCPS material an HPR chemical plant should consider the following sections related to property and business interruption loss prevention

Principles of loss prevention and risk management should guide plant siting decisions These principles are usually defined in the corporate guiding principles or business objectives Most sites can be made acceptshyable if sufficient funding is allocated to overcome deficiencies presented by the site selection

Sites chosen should be selected to avoid or minimize exposures by perils of

a Fire

b Natural Hazards (flood wind lightning snow freezing earthquake volcano etc)

c Explosion

d Transportation (aircraft motor vehicle rail ship)

e Pipeline or tank farm exposures

Sites should feature

a Access for safe disposal of waste

b Access to fire fighting assistance (public or other)

c Access to an adequate source of water to meet present and future demands

d Access to reliable security and emergency services



e Access to the site during adverse conditions (riot traffic etc)

In addition to location of the plant site equal considerations should be applied as well to the location of

a Process units

b Pipe racks

c Storage facilities

d Unloading facilities for rail cars trucks and water craft

e Flare stacks

f Utility plants

g Waste water treatment facilities

h Electrical power lines

i Process Control Rooms

Once site selection is complete the project should have sufficient funding to implement FMcorporate loss preshyvention guidelines In addition to basic project design and construction costs finances should

a allow time for a thorough review of loss prevention aspects of the design and construction using accepted hazard analysis methods Designs should use inherent safety and risk mitigation concepts

b permit installation of proper loss prevention features affecting construction protection drainage elecshytrical equipment freeze protection etc

3231 Examples

32311 The ABC chemical company proposes building a new polymerization plant at the site of an existshying chemical plant in the Gulf Coast area It could be located in any of three different areas near the existshying plant The raw material (ethylene) is supplied to the main ABC plant but the facilities will need to be enlarged to accommodate more ethylene New facilities will need to be developed for storage of propane butylene and other future monomer feedstocks

The ABC company has a license to use a new process to make the finished copolymers but sizes and layshyout of major equipment have yet to be finalized At this point a team was created including specialists from FM ABC and several design and construction engineering companies Early meetings developed a time line for the construction plan reviews site visits and pre-startup reviews These meetings developed a plan to conduct a thorough hazard analysis

Full HAZOP and What-if analyses were performed FM specialists participated in the hazard analysis meetshyings and provided an important perspective on damageability available protection and mitigation methshyods and analysis of business interruption potentials

A full site survey was conducted at all three sites with a team made up of various speCialists including the FM engineer Through this process a site was chosen to minimize flood exposures and the potential for fire and explosion exposures presented by nearby plants pipe racks and railways Plans were modified to include relocation of pipe racks along with rerouting of rail sidings

Through early team meetings objectives from corporate guiding principles were interpreted to define objecshytives for limiting the maximum foreseeable loss and normal loss expectancies Through collaboration specishyfications were developed for the plant construction particularly control room construction fire protection water supply piping sizes and locations pipe rack locations drainage patterns sprinkler valve house locashytions and feedstock and product delivery contingencies These methods resulted in mitigation of Vapor Cloud Explosion (VCE) potentials (see DS 7-42 for additional information on VCE hazards)

Note The level of FM participation can vary from project to project depending on the needs of all the parties involved contractor insured insurance company etc



32312 XY Chemical Company planned and constructed a polymer manufacturing plant along the Texas Gulf Coast Design work was conducted at the home offices in the northeastern US using highly experishyenced personnel

Project designs did not consider incident history and advice for this area relative to freeze protection As a result the plant was built with numerous outdoor sprinkler systems as well as elements of the process and instrumentation system with insufficient freeze protection

As a result the plant suffered a $2 million loss related to broken pipe instrument lines and loss of producshytion in the 1983 and 1989 freezes This pointed to a normal frequency of freezing weather in this area worshythy of protection A cost estimate of $75000 for correction of the deficiencies was developed in consultation with the local FM specialist Economic conditions dictated that these improvements be extended over a period of 3 years resulting in a need to prioritize the modifications

If the concepts and guidelines of this data sheet had been used in siting of this plant the freeze potential and its frequency would have been identified A loss potential of $2 million with an average 10-year recurshyrence interval would have been mitigated The cost at the time this plant was designed could have been much lower

324 Process Risk Management

Process risk management involves the identification evaluation control or risk transfer of potential hazshyards that may be associated with existing operations new projects acquisitions and customer supplier activities

Process risk management is the system whereby conscious risk improvement decisions are made based on results and information obtained during the process knowledge and process hazard analysis stages If hazshyard information data is available at very early stages of a plant design inherent safety features can be designed in Later in the design passive active and procedural improvements and protection are usually added The need and level of fixed suppression systems such as sprinklers and deluge systems building steel fireproofing damage limiting construction barriers process controls etc are decided in the process risk management phase of PSM Fire safety professionals in partnership with the chemical plant determine the level of protection needed to meet HPR status and loss exposure goals Ultimately the exposure is improved through fixed protection and management systems is transferred through insurance or is completely avoided by eliminating the hazardous activity

Data and information from process knowledge gathering and hazard analysis activities must be evaluated as to economics and potential for risk reduction Not all risk in a facility can be eliminated or reduced through engineering Process risk management assures that a balance of inherent or engineered safety and risk transfer (ie insurance) is maintained and that all mandatory regulations corporate standards and indusshytry and insurance guidelines are met Process risk management requires screening ranking and engishyneered assessment tools A high level assessment such as Quantitative Risk Analysis (QRA) may be needed to make final decisions The four tier safety strategy is still followed Regardless of methods docushymentation of the basis for risk decisions is important

3241 Case Study

ABC Chemical company is planning a facility to produce polyvinyl chloride (PVC) plastic using a licensed proshycess Production of this material will include use of vinyl chloride monomer (VCM) a liquefied gas flamshymable solvents and reactive peroxide-based catalysts in a moderately high pressure high temperature continuous autoclave (single reaction vessel) system The process will be located in a single process unit supshyported by raw materials delivery and storage in-process storage combustible heat transfer media heat steam power and fuel utility systems and final product handling storage and transfer to market The final product will be sold as a solid extruded pellet some of which will be custom made with plasticizers The benshyzoyl peroxide (BP) catalyst is to be manufactured on site The process will be constructed at a new site not previously developed



In the process safety knowledge step the following technical information may be obtained based on a literashyture search or testing and documented

- flammability and explosivity characteristics of gases and liquids - flammability and explosivity characteristics of heat transfer media - reactivity data on catalysts - combustibility and explosivity data on solid powder product - reactivity of the PVC reaction at given process conditions - reactivity and hazard of catalyst manufacture

The following site information might be obtained based on a site study and documented

- meteorological data (prevailing windsspeedsatmospheric stability) - freeze and snowfallrainfall data - flood data - earthquake data - windstorm data - data on adequacy and reliability of utility services - information on nearby hazardous exposures

General conclusions might be derived based on the above chemical and site information and qualitative analyshysis At this stage these conclusions are based on generiC knowledge obtained from experts or from the litshyerature and are used for establishing more definitive scenarios during a process hazard analysis Detailed consequence studies such as vapor cloud dispersion explosion overpressure or pool fire radiant heat effects are conducted as part of the hazard analysis

The following general conclusions are not meant to be all inclusive but only to demonstrate types of inforshymation and scenarios that could be developed during this step

a Flammable liquid spill fire potentials exist from delivery storage process vessel and piping systems for raw and intermediate materials and for the heat transfer media system

b Vapor cloud explosion potentials exist from storage process vessels and piping systems using VCM

c Reactor vessel pumps and piping failure potentials exist due to high pressure corrosivity and reacshytivity exposures

d BP manufacture requires potentially unstable hazardous materials

e Dust explosion potentials exist from plasticized product

f The plant is in a semi-tropical climate but is subject to periodic severe freezes

g The plant is in a potential hurricane zone

h Power supplies are subject to possible off-premises interruptions

i Public water supplies and emergency response are not available

j A plant with potential wide range explosion hazard borders the site

In the process hazard analysiS step the above data and design drawings (as complete as possible) are subshyjected to a systematic and critical examination to determine failure modes whereby incidents could occur HAZOP What If Checklist Failure Modes and Effects Analysis (FMEA) and more quantitative analysis methshyods might be used Vapor dispersion explosion and radiant heat modeling if needed will be done during this stage These examinations might reveal the following potential concerns and consequences

a The manufacture of peroxides on plant presents many failure modes and several potentials for a pershyoxide self initiation with high damage potential compared with the relatively small amounts of material needed

b Flammable spill fire and vapor release potentials cannot be completely eliminated through process conshytrol or design short of not producing the product Steel structure is subject to severe radiant heat conshyfirmed by fire modeling



c VCM represents a vapor cloud explosion potential and the process unit arrangement and congestion will produce high overpressures throughout the plant as confirmed by modeling

d Prevailing winds and distance indicate potential for vapor cloud from neighboring facility to enter proshycess unit confirmed by modeling

e A single large reaction autoclave is harder to control presents extreme liquid spill or vapor release potentials thus increasing protection system demands and if damaged would shut down all operations

f Plasticized plastic dust presents a dust explosion hazard confirmed by laboratory testing

g A rare but possible sudden freeze could severely damage plant utilities

h A sudden power outage could cause loss of control of the reaction

i Many different release and failure modes of vessels pumps piping and utility systems exist but these can be mitigated through process control and design improvements

j Use of a large volume combustible heat transfer material presents significant fire potential on a higher frequency than other flammable materials due to its high corrosivity confirmed by loss history

In the process risk management step all of the data collected and derived from the two prior steps is used to make risk management decisions In the example these may include (but not be limited to) the followshying decisions listed in order of a tiered preferential safety approach

Inherent safety

a Replace combustible thermal oil system with water system

b Reduce production bottleneck by changing from one large reactor to several smaller reactors

c Reduce in-unit flammable inventories by eliminating product day tanks large reboilers large reactor oversized piping etc

d Purchase additional land to protect against off premises exposures

e Refrigerate VCM bulk storage tanks to reduce vaporization

f Collect plastic dust in wet slurry to reduce dust hazard

Passive mitigation

a Use a concrete frame for process unit or fireproof steel

b Space unit apart from support facilities and site boundaries

c Use open process unit for maximum explosion venting

d Limit and space equipment within unit to minimize congestion

e Layout unit with flammable materials accessible on outer edge

f Install drainage systems

g Design process controls and interlocks to maximize reliability of process

h Design process vesselspiping to maximum expected pressure

I Blast proof control room and emergency services building

j Provide emergency containment systems

Active mitigation

a Provide on site fire water system

b Provide deluge sprinkler protection

c Provide combustible gas detection

d Inert and purge flammable storage process and piping systems



e Provide reactor emergency quench system

f Provide reactor emergency venting

g Computerize process control

h Provide on-site emergency power supplies

i Design to hurricane codes

j Protect plant against freeze up

Operational administrative controls

a Develop and train on site emergency fire response brigade

b Train and empower operators to take manual process control

c Provide ignition source control systems

d Provide backup manual reactor emergency quench system

e Provide natural hazard alert procedures

Risk Avoidance

a Eliminate on-site manufacture of peroxide catalyst

Risk transfer

a Accept inherent risk by retention of high insurance deductibles

In the risk management process there may be a need to revisit and re-analyze hazards several times prior to deciding on the level and type of mitigation or use of other risk tools such as elimination of hazard or risk transfer In fact risk management becomes a constant cycle of analYSis transfer and acceptance throughshyout the life of the facility As the facility ages and changes are made the risk will change Keeping abreast of this aging and change process will assure that the facility will achieve the risk management goals origishynally accepted

3242 HPR Requirements

The decision to meet or not meet HPR protection guidelines is determined during the process risk manageshyment stage While achieving HPR status should always be the risk management goal there may be condishytions especially in existing older plants where this may not be economically or technically achievable

There are minimum requirements for a facility to qualify as an HPR risk These are briefly identified in Secshytion 221 and further discussed in Section 33 Concepts of Highly Protected Risk

325 Management of Change

Management of Change (MOC) means evaluating every change to technology facilities or personnel at the earliest possible stage for its potential impact on property loss prevention The earliest possible stage is the moment an idea or proposed change comes to light These changes can be emergency permanent temshyporary recognized or unrecognized The purpose of a management of change process is to prevent the unrecshyognized change

Changes are made routinely throughout the life of a facility These may vary from major highly visible projects to daily routine maintenance activities Changes can occur to technology chemicals products equipment and procedures Any change from original design intent represents a deviation If the impact of this deviashytion is not fully understood the change even if minor can cause a significant incident Appropriate proshycess hazards management systems should be put into place to help ensure that hazards associated with a change or deviation are identified and controlled

Changes fall into three main categories technology facilities and personnel or organization

Although some changes may be minor with little likelihood of compromising loss prevention and process safety all changes have some potential for disruption


7-43 17-2 Loss Prevention in Chemical Plants Page 20 Factory Mutual Property loss Prevention Data Sheets

3251 Change in Technology

Change in technology arises whenever the process or mechanical design is altered Examples are changes in feedstocks catalysts product specifications byproducts or waste products design inventory levels instrushymentation and control systems or materials of construction

Typical instances in which change in technology would likely occur include the following

a New projects that involve tie-ins or equipment modifications on existing units

b Projects to increase facility throughput or accommodate different feedstocks or products

c Significant changes in operating conditions including pressures temperatures flow rates or process conditions different from those in the original process or mechanical design

d Equipment changes including the addition of new equipment or modifications of existing equipment These can include changes in alarms instrumentation and control schemes

e Modifications of the process or equipment that cause changes in the facilitys relief requirements These can include increased process throughput operation at higher temperatures increased size of equipshyment or the addition of equipment that might contribute to greater relief requirements

f Bypass connections around equipment that is normally in service

g Changes in operating procedures including procedures for startup normal shutdown and emershygency shutdown

h Changes made in the process or mechanical design or in operating procedures that result from a PHA performed as described in Section 323

i Introduction of new or different process additives (for example corrosion control agents antifoulants antifoam agents)

j Corrective actions developed as a result of an accident investigation

3252 Changes In Facilities

Change in facilities are those in which physical changes are made that would not necessarily appear on plant drawings or piping and instrument diagrams (PampID) Examples are temporary connections replaced components that are not in kind site modifications transient storage temporary structures etc

Specifically these can include the following

a Temporary equipment (tanks offices drum storage etc)

b Replacement equipment or machinery that differs from the original equipment

c Temporary piping connections hoses or wiring

d Temporary software configurations jumpers shortened algorithms bypassed controls

e Pipe clamps braces stands wiring ropes

t Temporary utility connections (steam power water etc)

g An alternative supply of process materials catalysts or reactants such as through temporary drums or tanks located within the facility

h Temporary electrical equipment or connections

These changes have the ability to affect design construction operation maintenance and decommissioning

3253 Changes in Personnel

Changes in personnel are those in which key responsibilities are shifted from a position of stability to instashybility Examples are retirement promotion other career changes and personal issues (sickness death leaveshyof-absence etc) These changes are ones in which continuity of responsibility may lapse



Training and assignment of alternates is a key feature needed to mitigate lapses caused by these changes Supervision must be skilled for early recognition of these changes with an ability to plan in advance to mitishygate these changes Goals of the company business and operating unit must support prevention efforts associated with these changes

3254 Examples

32541 The Clean Air Act Amendments of 1990 require a 50 reduction of sulfur dioxide levels (S02) in the US by the year 2000 This act affects approximately 2000 electric utilities The method of choice to conshytrol S02 emissions probably will be the installation of wet scrubbers as they provide the highest level of conshytrol Along with the additional costs and plans for scrubber installations the person(s) planning these changes need to look at the effect these installations will have on loss prevention For instance scrubbers are subject to fires and explosions and they can affect furnace draft Induced draft fans may have to be upgraded which in some cases could increase the risk of implosions and boiler vibrations To prevent corshyrosion of scrubbers ducts and stacks it may be necessary to use plastic or plastic-lined equipment which could present a fire hazard

A typical agreement between a company and the property insurance company calls for a loss prevention proshyfessional within the company to be advised of all management of change activities in the plant This indishyvidual is then responsible to involve the specialist from FM and allow an opportunity for the change to be evaluated in its earliest stages

32542 ABC is a manufacturer of commodity polymer using batch-scale polymerization of the monomer Because of favorable opportunities in the market ABC has plans to double the capacity of its seven-reactor plant in a two-phase expansion over the next 10 years The first phase will include construction of utilities and the footprint for a second seven-reactor manufacturing building Initially a building containing three reacshytors will be built

There is a close relationship between ABC and the FM specialist assigned to this plant When the idea is being developed by senior management within ABC meetings are held with the FM specialist to discuss the affect this may have on loss prevention ABC is guided by a principle that promotes continuous improveshyment in all areas of operation including loss prevention and they call upon the expertise of FM to provide guidshyance to meet this goal

In consultation with the FM specialist several opportunities are identified These include ways to mitigate VCE potentials provide more cost efficient and effective water spray systems and arrange the Instrumentashytion and Control features for increased reliability In order to expand the process water features for the new plant expansion several pumping and distribution changes were needed Opportunities were identified to add outlets and normally closed connections between the fire protection system and the process water supshyply system This increased both the normal supply to the fire protection water system and increased the supshyply that would be available in a catastrophic event

In consultations an opportunity was identified to relate current maintenance issues for the older electronic heat detection systems on the water spray systems to a design specification needed for all the new water spray systems Review of maintenance records and costs pointed to an opportunity to replace older elecshytronic heat detectors with air-pilot detection systems In doing this the plant maintenance was provided with a single common type of system which has lower maintenance costs a single set of replacement parts and requires simpler maintenance skills

Often during plant expansions for simplicity existing features for protection and control are duplicated exactly Many design groups operate with the assumption that existing protection and control features are adequate and satisfactory and they do not take the opportunity to consider improvements as above

32543 Mr Howard has been the person in charge of fire protection in this plant for many years He is the direct interface between top management engineering and safety personnel for matters relating to loss prevention He is in charge of administering all loss prevention related inspection programs within the plant He supervises all impairments to fire protection and reports them throughout the company and to FM Mr Howard is very important in the review process for new construction Because he is very familiar with curshyrent design requirements he is able to work closely with plant and corporate engineers to develop plans for new construction and modifications



Mr Howard spent many years in the plant as an operator Because of this involvement he oversees many important operator duties as they relate to fire response and use of emergency process equipment (flares alarms shut-downs etc) He is also the liaison to community groups including the mutual aid groups

Mr Howard has announced he will retire in 2 years when he reaches the age of 60 Loss of this level of expeshyrience could create serious gaps related to steady provision of the service provided by Mr Howard

All of his job duties should be described in writing

A plan for his replacement with alternates should be developed sufficiently in advance of his departure so that proper training can be provided

If timing is not sufficient to establish that his duties have been sufficiently taken over by others manageshyment should arrange for Mr Howard to return to work as a consultant He should periodically return after his retirement to make sure all areas of past responsibility are being covered

In the planning for replacement of Mr Howard the local assigned FM specialists should be notified Speshycific sessions can be arranged so that the programs recommended by FM can be introduced or reviewed with the person who has taken over for Mr Howard

32544 Mr Jones was the Safety Engineer at this major plastiC film plant reporting to the plant manager before he resigned He was responsible to implement all safety and loss prevention programs in the plant He was the direct liaison to the plant maintenance department providing review and supervision of all mainteshynance and testing of the plant fire protection systems including the fire pump suction tank sprinkler sysshytems alarm systems and gaseous extinguishing systems Because of his expertise he was the interface between local contractors who provide maintenance and testing Mr Jones kept aU the letters files receipts plans and correspondence in his office relating to protection systems and plant insurance matters

Unfortunately he quit at a time when the plant was completing a 50 production expansion and is beginshyning to plan for a new warehouse expansion Ongoing issues relate to false alarms alarm system repairs and a history of broken underground water mains in a certain area of the plant Mr Jones had been a proposhynent of looping of the plant fire water mains to provide better service to the areas of future expansion

In a case like this it is important that key plant personnel from all levels meet to review the impact of this deparshyture on loss prevention Some careful accounting should begin at once to make sure elements of Mr Jones responsibilities are identified The FM contact should be advised of the personnel change This will allow for meetings to take place to assure that proper training is provided to a replacement employee In many cases FM can provide the following

- Training on fire protection systems maintenance and testing can be offered to a new employee

- A review of maintenance and testing programs can be made to assure that correct programs are not lost or lapsed

- Contract maintenance programs can be evaluated to determine adequacy of these programs

3255 References

Management of Process Hazards API Recommended Practice 750 First Edition January 1990 American Petroleum Institute

Managing Change FM publication P9201


Equipment that processes hazardous materials and accessory or utility equipment that is important to conshytinued operation of the plant should be designed constructed installed operated protected and mainshytained in a way which minimizes the risk while providing process reliability This element of the PSM program addresses the management system required to achieve this objective and is called Process and Equipshyment Integrity by the CCPS and Mechanical Integrity by others

A Process and Equipment Integrity program should address some or all of the following pressure vessels and piping tanks rotating machinery electrical equipment boilers and furnaces etc together with their instrumentation controls accessories and supporting structures



The components of Process and Equipment Integrity which are discussed further below are reliability engishyneering materials of construction and fabrication installation procedures preventive maintenance and demolition procedures

As with all elements of PSM a strong audit and verification component is necessary to ensure that all the required procedures are being followed and qualified personnel are used to perform the various steps

3261 Reliability Engineering

Reliability engineering is the evaluation of a process system or individual component to determine its safe operating lifetime Since at some point all equipment requires inspection testing maintenance or replaceshyment the evaluation should include equipment accessibility and suitability for the process and the need for standbyspare equipment and bypasses

Identifying the critical equipment and determining its reliability can affect installation decisions and mainteshynance planning An important component of reliability engineering is to establish factual data on equipment operation and history A file for each piece of process equipment should be maintained It should contain inforshymation that covers its specifications materials of construction instrumentation diagrams electrical equipshyment and emergency relief The file should also contain the operating and inspection history of the eqUipment as well as any data on repair alteration and re-rating as applicable This information can then be used to plan future maintenance set sparing requirements and schedule replacement If maintenance freshyquency is high it could justify using better equipment for replacement

The information should be readily available for review by knowledgeable personnel who can identify trends that could indicate future reliability concerns

3262 Materials of Construction and Fabrication

Choice of suitable materials for construction or repair can be critical in safe operation of a facility This eleshyment of Process and Equipment Integrity should assure that appropriate vessel and piping standards are adopted (national standards like ASME and API for example) standard updates are recognized and adopted and that specific responsibility for such efforts is assigned (See also 3210)

Once such standards are adopted a system is present to assure compliance This could include mill to instalshylation tracking of material for critical components or a much simpler system for other components

Protection of the equipment is imperative to help prevent catastrophic failures involving hazardous materishyals or equipment critical to the plants operation It is provided by installing safety devices that protect against abnormal operating conditions such as overpressure overheating vibration over speed electrical faults misalignment etc

During fabrication maintenance or repair the system should identify needed qualification or certification of craftsman A quality assurance system should be in place and be able to track and assure compliance includshying use of proper material installationfabrication according to specification and documentation of necesshysary tests and inspections Where outside vendors are involved the management system may need to extend to their operations

Prior to startup of a new process or restart after modifications the Process and Equipment Integrity sysshytem should identify the need for field inspection and identify the areas of concern such as piping location safety and emergency equipment features accessibility of process and safety equipment operation funcshytional testing and calibration of instrumentation controls protective devices etc A good pre-startup review should be based on a checklist

3263 Installation Procedures

Planning and quality control are needed to ensure the proper installation of process equipment as specishyfied in the design or the instructions of the manufacturer They should include the critical steps and imporshytant verification points during the installation In many cases especially in piping systems installations are not covered by codes or standards and therefore poor execution may lead to failures Prior to startup conshyduct an overall equipment integrity check to validate the installation


Loss Prevention in Chemical Plants Page 24 Factory Mutual Property Loss Prevention Data Sheets

3264 Preventive Maintenance

This element addresses ongoing preventive maintenance needed to monitor and service the equipment so that defects are detected before serious failures occur Preventive maintenance consists of a system to develop and track the following activities identifying the critical equipment determining the required tests and inspections together with the associated acceptability Criteria establishing the frequency of each test and inspection establishing maintenance procedures training of the maintenance personnel documenting and analyzing the results

At a minimum preventive maintenance should follow manufacturers recommendations For some equipshyment FMRC standards specify procedures and frequency beyond the manufacturers minimums FMRC requirements should then become the minimum acceptable level These requirements do not eliminate the possibility of Risk Based Inspections (RBI) If RBI are implemented detailed records on the basis for the chosen inspection frequency are needed including the test results process data and decision trees used to develop the decision

The documented maintenance procedures should address the targeted equipment with detailed instrucshytions on performing the particular activity It should address the steps needed to prevent adverse condishytions both during the procedures and when the equipment is put back in service It should provide a means to ensure the completion of the work as ordered Scheduled and unscheduled maintenance should be initishyated by written work orders andor work permits prepared by authorized personnel with clear responsibilishyties Periodic reviews of these procedures is needed to monitor their effectiveness and insure they are up to date

Process monitoring and alerting the operators to abnormal conditions is necessary for reliable operation Therefore the preventive maintenance program should include alarms instrumentation and safety devices

3265 Demolition Procedures

Demolition procedures entail an appropriate method for the safe removal of a piece of equipment or process which is no longer needed The procedures should include isolation from active equipment marking to idenshytify its out of service condition any necessary decontamination and ultimate disposal of the equipment

327 Incident Investigation

This element assures that all incidents - classified as major accident accident or near-miss by CCPS are promptly and comprehensively investigated The depth of investigation is commensurate with the level of complexity and size of incident This will assure that lessons learned can be quickly applied within the facilshyity or corporation Lessons might manifest themselves as physical process control or personnel changes or new or better training programs Documentation and periodic review aids in determining common cause or root cause factors when multiple losses have occurred

The purpose of incident investigation is to prevent a recurrence This requires a management system that

a Investigates incidents to determine the root cause

b Develops recommendations to prevent a recurrence

c Ensures follow-up to complete recommendations as part of MOC

Incidents can be grouped many ways but the three general types listed below (as defined by CCPS) will serve for most purposes

Major Accident an incident where the impact is above an acceptable level usually involving major propshyerty damage multiple injuries or fatalities

Accident an incident having an undesirable impact on company resources usually involving minor propshyerty damage or a single injury

Near-miss An incident with the potential to be an accident or major accident


743 Loss Prevention in Chemical Plants 17-2 Factory Mutual Property Loss Prevention Data Sheets Page 25

3271 Basic Elements

There is a long history of incident investigation in the chemical process industry but only since about 1985 has it been recognized that incident investigation needs to be formalized as part of the overall process safety management system Basically this requires management to be involved for support and direction so incishydent investigation results can be used to support the other elements of PSM Suggested elements needed for incident investigation are as follows

Management Commitment Top management support is required for an effective program This is necesshysary for the resources required and the ability to hold managers accountable for achieving results Docushymentation should clearly define the details of the process safety management system employed and the expected performance

Classification System Several classification systems have been developed to group incidents including the CCPS version noted above None have been adopted for universal use They may be modified to meet the needs of the organization It should be understood that all classification systems have vague areas genershyated by differences in opinion along technical lines The biggest area of disagreement is the near-miss classhysification where views on probability and possibility of consequences vary greatly

Team Organization Team make-up and organization will vary greatly depending on the size and nature of the company Normally accepted assignments include team leader safety department representative operashytions representative maintenance department representative and a supervisor and worker from the unit involved in the incident

There may be a need for others depending on the nature of the incident This can include those inside the company with speciality knowledge or even outside consultants

It is difficult for the team to be impartial unless it is autonomous Reporting through the normal chain of comshymand should be avoided where possible

Team Selectionffraining Team members should be selected based on their interest job function and expeshyrience All members should be trained in the basics of process safety management not just incident invesshytigation

Team Function The incident investigation team function needs to be integrated with the overall emergency response plan Well established lines of communication and assigned functions will let the team perform its assigned work

Incident Investigation

a Determine Cause Determining the cause (root causes and contributing causes) is one of the main funcshytions of the incident investigation team Some special effort will likely be needed to determine underlyshying system related causes

b Develop Recommendations Recommendations needed to prevent a recurrence should be identified While it might not be possible to actually prevent a recurrence in all cases it is likely preventive meashysures can be developed that will reduce the probability andor consequences

c Implement Prevention Measures Management should have a system that assures follow-up action is taken to implement recommendations

3272 Incident Investigation Concepts

Incident investigation covers a broad area Some investigations are extremely structured and detailed One example would be the investigation to determine why a passenger plane crashed Some are brief for comshymon accidents that are easily understood and have low impact such as a small non-hazardous chemical spill at a dispensing station However for an adequate process safety management program all need to be reported and investigated with adequate follow-up to assure corrective action is taken

Procedures should document how this is done with all major incidents elevated to upper management Minor incidents and near misses might be handled only at the local level but could be elevated if the lesson learned could be applied to many plants All should be reported since company trends can be spotted that might elude the local level



If minor incidents and near-misses are too numerous and the procedures do not give good guidance conshycerning the difference between reporting and investigation the system can break down Extensive investigashytion of all reported incidents is generally beyond the ability of most companies

Incident investigation is usually a problem-solving process Generally this involves data collection data analyshysis and presentation of findings Tools and effort deployed depend on the type of incident and conseshyquences A systems oriented approach integrated with a process safety management program is usually required for a major accident However it is important to investigate a near-miss incident that had the potenshytial for a catastrophic failure and they can be just as difficult to analyze One example would be a major flamshymable vapor release that dissipated without ignition

3273 LrlVestigative Techniques

In simple terms scope and resources required for incident investigations can be classed in three broad areas

1 Area supervisor conducts an informal investigation in the traditional manner

2 Team-based investigation requiring specialized knowledge to determine a credible scenario

3 Team-based investigation and a systems-oriented approach integrated with a process safety manageshyment program aimed at determination of root causes

Usually the traditional informal investigation done by the area supervisor does not employ advanced techshyniques nor are they needed

Some advanced techniques could be used by the team-based investigation that requires specialized knowlshyedge Frequently some system is needed to keep the team focused and to assure all necessary areas are considered

The third type of investigation inherently requires advanced techniques It should be noted that while there are many advanced techniques the science is still evolving Basically there is no one technique usable for all cases

There are some common features essential to a structured analytical approach regardless of the techshyniques used Some of these issues are

a Force the team to dig beneath the obvious to determine the underlying causes

b Determine as many of these causes as possible

c Provide excellent documentation that aids training and information sharing and provide support for recommendations

A process safety incident investigation is similar to a process hazard analysis The main difference is the invesshytigating team knows the incident happened As a result many of the PHA techniques can be applied with good results

Once the evidence has been collected application of a system theory is necessary to analyze it Many anashylytical tools inherent in PHA can be applied directly to incident investigation and have been incorporated into many of the techniques Many of the PHA tools are well developed and have been proven to provide relishyable results Frequently they are available as PC-based software

Some of the publicly available systematic techniques are

Deductive

FTA Fault Tree Analysis AAM Accident Anatomy Method MORT Management Oversight and Risk Tree MCSOII Multiple-Cause Systems-Oriented Incident Investigation



Inductive

HAZOP Hazard and Operability Analysis AAM Accident Anatomy Method CELD Cause and Effect Logic Diagram

Other techniques have been developed for use where the major effort required by the above techniques was not considered necessary or justified

The field of incident investigation is still developing and the approach applied by the investigator does not have to be limited by the above However the investigator should be aware new approaches need to be built on proven and accepted concepts

3274 === Phthalic anhydride made by air oxidation of a-xylene is very exothermic Typically heat of reaction is colshylected by a molten salVwater heat exchanger to make steam In this case three pumps supplied water to the heat exchanger with one normally operating and two on standby

When the operating pump failed the operator first tried to restart it several times When this did not work the operator tried to start one of the standby pumps but one was out of service and the second one was tagged out The second pump had actually been repaired on the previous shift but the Do Not Operate tag had not been removed

During the period when the operator was trying to clear the tag and reduce o-xylene feed the reactor overshyheated igniting the phthalic anhydride Eventually 20 fire departments responded but the loss was still in excess of $1 million (mostly due to damage to catalyst tubes)

On the surface the cause appears to be a mechanical failure compounded by operator action However some of the human factors that could be considered the underlying cause are

1 Design A process design that allows operation where one failure can cause a incident could be considshyered unsafe Alternates include an assured back-up water supply andor interlocks to prevent operation with only one pump available

2 ManagemenVOperations There are several possibilities in this area Management that encourages conshytinued operations when the process is upset (reason operator delayed initiating shutdown) is operating on the edge Management that accepts an unsafe design and then does not take operational steps (require two pumps be available at all times) is ignoring safety

3 Maintenance There are several possibilities in this area also While the backup pump repair had been comshypleted the tag was not removed because the workers shift ended Maintenance workers on the next shift had already been assigned their work and removing the tag went to the end of the work list Repairs to the other pump had been delayed due to cost (needed new impeller) Obviously some of the human factors listed here could also reflect management style (overtime and expensive repairs were discouraged)

The above is an extreme example but does illustrate some of the underlying causes in a multiple-cause incident


Training is the systematic transfer of knowledge skills and abilities to workers that results in improved pershyformance in the work place

Proper training of all personnel is critical to the safe operation of a chemical processing facility Due to the magshynitude of different hazards normally found in such facilities numerous types of process eqUipment and elaboshyrate computer control schemes currently in use a thorough understanding of all aspects of the operation is necessary for safe operation As newer technology is implemented the need for training will continue to escalate

Before a successful training program can be developed a needs analysis should be conducted An analyshysis of the job for which training is to be accomplished is required to determine which tasks are actually required



for a specific job and which skills knowledge and abilities are essential to success in the task The first eleshyment is to analyze the needs of the organization that is the goals of management resource allocation and time frame for training purposes The second element is to evaluate the specific area in which training is to be given This could be in the form of job evaluation observation or an interview with those currently pershyforming the job Information gathered during this phase will be used to determine critical elements of the job where training is needed Last an evaluation of the individuals to receive the training is performed This is useful in establishing a baseline in the development of the training as well as providing feedback on the effectiveness of the trainer

Training in chemical processing facilities should focus on plant-wide aspects as well as process-specific crishyteria Plant-wide training should include general plant safety rules alarm designations smoking regulashytions hot work procedures etc Process-specific training should begin with an overview of the specific process or operation and the associated unit operations involved in that particular area The hazards (flammability explosivity toxicity) associated with each material used in the process should also be covered Due to the widespread use of computer control of chemical processes it is vital that all operators understand how the process is monitored controlled and safeguarded by the computer system

Next training in the process chemistry associated with the operation along with typical operating paramshyeters should be covered In addition abnormal process parameters should be detailed The training proshygram should utilize the Standard Operating Procedure and typical operator logs for the specific operation This will ease the transition when the operator returns to the work area to perform the learned material Not only should the operator possess a cursory understanding of the process chemistry but should also have the depth of knowledge necessary to trouble-shoot and diagnose abnormal process conditions This composhynent of training is necessary due to the fact that every conceivable process excursion cannot be taught to each and every operator

Once the formal training has been given a method to evaluate the effectiveness of the program is needed Not only is it necessary to evaluate the level of learning that has occurred during the actual training sesshysion but also to measure the level to which the knowledge is applied to the actual work situation Formal evaluation of an employees training may consist of one or all of the following methods depending on the types of skills or knowledge presented written tests practical hands-on performance evaluation or simulation The types of skills and knowledge conveyed in the training program will dictate which of the three or combinashytion of the three will be needed

Regardless of the proficiency of operators re-training should be conducted on a regular frequency Some activities (fork truck operations lockoutftagout etc) fall under regulatory requirements that have estabshylished re-training frequencies Management should establish a program to identify the need and frequency for re-training all employees Re-training should also be considered when changes are made to the process

3281 Example Three Mile Island

On March 28 1979 a combination of mechanical failures and human error resulted in a release of nuclear radiation to the environment at a nuclear power facility The incident was initiated by a loss of cooling water to the nuclear reactor that automatically initiated a trip of the feed water pumps and the turbine generator As a result of the shutdown a buildup of steam pressure within the cooling system of the reactor occurred which automatically opened an electromagnetic relief valve The operators did not recognize that the valve was stuck in the open position as the control panel indicated the valve to be closed Simultaneously the reacshytor shut down and the control rods lowered into the reactor core to absorb neutron flow as designed At this point multiple audible and visual alarms were activated in the control room

As the water coolant pressure dropped the relief valve failed to reseat as designed which allowed coolant to escape into the containment building unknown to the operators Due to loss of cooling water through the relief valve the water level around the core started decreasing By design an emergency core cooling sysshytem was automatically actuated and it was assumed to be functioning properly although the cooling sysshytem did not operate as designed The control room instrumentation however did show a rise in water level in the core Unknown to the operator was the fact that two valves in the emergency feed water system had been closed two days subsequent for maintenance There were alarm lights registering the valves as shut on the control panel However one was obscured by a caution tag and the other was blocked by an operashytor This resulted in no cooling water to the core for an extended period



The control panel incorrectly indicated that too much water was entering the core therefore the operator overshyrode the automatic control system and reverted to manual control Ultimately the shut coolant water lines were discovered and reopened which again flooded the control panel with a Christmas-tree effect of red and green indicator lights Assuming the coolant system was now operating the feed pumps were activated which ultimately forced water through the stuck-open relief valve into a tank designed for containment of radioacshytive water and steam The rupture disc on the tank burst which allowed contaminated water onto the floor of the auxiliary building As a result of loss of cooling water the reactor core was partially uncovered resultshying in excessively high temperatures This contributed to increased radiation levels within the facility Estishymates of this loss range from $10 to $186 billion with roughly 60 of this being costs of replacing the lost power resulting from the event 1

This loss shows the importance of proper training of all employees and recognition of human factor eleshyments of operators and maintenance operations in production facilities The operators were not well versed in the process intricacies specifically the relationship between pressure and temperature in the reactor The operators did not recognize the fact that a small amount of water was being lost It was also recognized that the operators were not trained in process diagnosis2

While this incident occurred in a nuclear power generating facility similar events are equally as likely to occur in chemical processing facilities This event also demonstrates the fact that incidents of this magnitude typishycally involve several consecutive failures as opposed to a single discrete incident

3282 References

1 Cantelon Philip L and Williams Robert C Crisis Contained The Department of Energy at Three Mile Island Southern Illinois University Press 1982

2 Kletz Trevor A An Engineers View of Human Error The Institute of Chemical Engineers Rugby Warshywickshire England 1985

329 Human Factors

Human factor refers to the complex interaction between people and the processes and equipment they operate Optimization of these interactions is the principal objective when using a human factor approach to minimize andor mitigate risk in an industrial setting Factors such as employee selection work design ergonomics humancomputer interaction work conditions and training methods are all important in improvshying the level of reliability of the humanmachine interface

It is not the intent of this data sheet to prepare the user to design systemsprocesses from a human factor pershyspective The principle objective is to familiarize the user with the concepts of the field which should aid in evaluating the effectiveness of a facilitys existing programs Design and implementation of human factor systems should be performed by those specially trained for such functions including system designers human performance specialists and psychologists

Various references estimate that human factor errors are responsible for between 80 to 90 of all loss incidents 1The best references to human factor empirical data relates to nuclear plants where human error is reported to contribute 50 to 70 of the risk2 One reference cites that 10 of all human error accidents result from personal influences such as carelessness emotional health or physical health The remaining 90 have been attributed to external factors such as inadequate procedures ineffective training poor design of human-machine interfaces work environment and reduced staffing levels3 These statistics show that more emphasis needs to be placed on human factor engineering than has been in the past

Many types of errors occur in a production facility However these can be broken down into two broad catshyegories The first type low-stress error is an action planned but not carried out as intended Such is the case when an operator presses the wrong push button on a control panel although pressing the proper push button was intended These type errors generally do not result from a lack of time to make a jUdgment or a highly stressful situation Often these errors can be designed out of the system by simply separating the push buttons

The second class of error high-stress error usually occurs due to a faulty decision or diagnosis of a probshylem or lack of planning In many cases these type errors can be eliminated by proper training and freshyquent rehearsal of critical emergency procedures In reviewing most severe losses it is usually obvious that

copy1999 Factory Mutual Engineerir


multiple errors occurred prior to the significant event Rarely does a single human error result in catashystrophic failure4

The impacts that human behavior physiological and psychological effects have on individuals in the work place are multiple and diverse - much too complex to be detailed in this text These elements of human factor can be divided into three broad categories human behavior humanmachine interface and environmental

3291 Human Behavior

Human behavior is shaped by the way in which a human being senses (touch smell or hearing) a stimushylus processes the information and ultimately responds The subsequent response may be either approprishyate or inappropriate depending on the conditions in the environment and thought process at that particular instant A humans sensing and information processing capabilities are limited and therefore must be undershystood and considered in the design of the workers environment For example an operators short-term memory is extremely limited If operators perform a critical task infrequently there is a high probability that erroneous action will be taken when actually required to respond in an emergency situation However once training and practice with real life situations have been accomplished the operator has a better chance of reacting in a more reliable manner

Operators become accustomed to the way processes normally operate Therefore when changes are made care should be taken to ensure all operators are thoroughly aware of these changes through operator logs internal directives etc If not in an emergency situation operators will tend to react to how the system was previously arranged rather than how the system is presently configured All of the above reinforces the need for continual operator training to allow the operator to remain familiar with the proper actions to take in emershygency situations

Operator performance sharply declines during extended work periods (eg double shifts seven day shifts etc) and after repetitive tasks The work environment also influences human behavior to a great extent High levels of stress such as during periods of job layoffs economic uncertainty and reorganization negatively impact worker performance Additionally as operators approach task overload accuracy and efficiency are compromised All of these factors influence an operators information processing ability in an emergency situation

In addition to training programs for employees and limiting overtime hours for dangerous or critical service duty a commitment to human behavior issues could be indicated by the presence of a Fitness for Duty Policy and the availability of access to outside stress hotlines

32911 Qflanization

The dynamics within an organization have changed over the years changing from companies that once mainshytained long-term relationships with employees to companies required to reduce their numbers due to gloshybal competition and other factors Due to the need to reduce operating costs many organizations have resorted to such business initiatives as downsizing restructuring mergers etc These initiatives have the obvious impact of reducing the number of employees available to operate a production facility This in turn can lead to reduction or elimination of safety-related functions that will also impact the effectiveness of a plants safety programs

The impact that is not so obvious is the loss or reduction in morale of chemical plant employees which may also jeopardize the safety of an operation While quantifying the effect that downsizing has on safety in a chemical facility is difficult its impact should not be ignored5

3292 HumanMachine Interface

3292 1 Computer Control

Chemical processes are now commonly controlled with complex distributive control systems as opposed to the earlier analog control systems Much more of the process control is placed in the domain of the comshyputer versus active monitoring and controlling by the operator


7-43 Loss Prevention in Chemical Plants 172 Factory Mutual Property loss Prevention Data Sheets Page 31

Studies have shown that optimum performance is achieved when moderate levels of mental activity are present This phenomenon was originally reported by Yerkes and Dodson6 However more current literashyture by Poulton7 and WelfordB support these findings When mental activity is either too high or too low reduced performance usually results With the increased usage of computer control and lesser involvement by the operator care should be taken to ensure that process safety is not compromised due to the lower menshytal activity required of the process operator It has also been shown that humans are unable to remain alert during extended periods of inactivity such as in a control room setting when a process is running smoothly

While many tasks can be adequately automated there remain tasks where human understanding is required to prevent jeopardizing reliable system performance This has been shown in many recent losses Operashytors must work in conjunction with and not isolated from the computer interface for effective control of the process Studies have shown that failures of computer controlled systems can be attributed to operator error that disables protective features (20) and software failures (20) both of which have the ability to disshyable the entire system9 Operator error can include actions of operators as well as actions during mainteshynance operations which compromise the integrity of the control system

Errors associated with software are especially critical as the software is often the only element of the conshytrol system that is not redundant Therefore software can become the critical link in a computer controlled proshycess Errors in software are not obvious until an unusual sequence of events occurs If a software error can produce devastating results a thorough HAZOP is critical for the software as well as the process parameters

32922 Alarms

Another significant occurrence associated with increased computer control is the increasing number and comshyplexity of process control interlocks and alarms Alarms should be categorized according to their impact on process control and designated accordingly so that the operator is able to understand and prioritize the alarms sounding in the control room environment As noted earlier extremely high mental activity during a delshyuge of alarms may be detrimental to achieving optimum process control

32923 Control Panel Layout

The design of control and display panels plays a critical role in operator intervention in an abnormal or emershygency situation If the display and controls are well laid out and understood by an operator the chance of appropriate action is increased Much study has been given to ergonomic design in the control room to facilishytate safer operations All displays should be legible labeled appropriately and arranged for optimal viewshying by the operator

The display should be designed such that abnormal or emergency situations are readily apparent Monishytors are now typically arranged with multiple screens requiring operators to scroll through many screens to view individual parameters Care is needed to design systems that allow prompt discovery of abnormal or emergency situations Only pertinent data necessary to observe the process should be present on the monishytor to prevent extraneous information that could divert the operator or require additional time to find and react to pertinent information

3293 Environmental

The environment in which workers operate plays a significant role in their ability to perform as intended Improper lighting can lead to erroneous operation of equipment andor controls Abnormal operating condishytions requiring operator intervention may be hindered by inadequate illumination Excessive noise can intershyfere with communications between personnel leading to either a misunderstood communication or even failure to hear the communication Additionally excessive noise may impact the operators cognitive ability to make appropriate decisions in abnormal or emergency situations Operators exposed to extreme temperashyture can also be detrimental to optimal performance Research shows that exposure to extreme temperashytures such as below 60degF (16degC) or above 85degF (30degC) reduce a workers physical as well as mental performance as exposure duration increases When operators are exposed to vibrations many work place implications can occur For instance visual acuity is often impaired as a result of exposure to vibration and operations requiring steadiness or precision are jeopardizedo



3294 l1uman Factor in Maintenance Operations

The discussion thus far has referred specifically to operator-machine interfaces However maintenance of a process system poses similar concerns Communication between operators and maintenance operations is critical so that all parties are aware of the scope of work to be performed To facilitate optimum commushynication all maintenance activities should require written authorization prior to start of work

32941 ExaEfe Phiffips Petrofeum Inc

On October 23 1989 a release of approximately 85200 lb (36646 kg) of hot isobutane from a vertical loop reactor occurred at a large polyethylene plant in Pasadena Texas High density polyethylene is manufacshytured using ethylene gas dissolved in isobutane at high temperatures and pressures in the loop reactors As a result of the reaction in the system polyethylene settles out in the settling leg of the loop reactor and is evenshytually removed from the system In this particular system plugging of the leg occurs frequently requiring that a single block valve on the bottom of the reactor be closed and the leg removed for cleaning Cleanshying of the settling legs is routinely conducted by contractor employees

Work was started on cleaning three of the six legs on a single reactor but was ceased for a crew lunch break After returning from lunch work on cleaning of the fourth leg resumed and a contractor employee was disshypatched to the control room to request assistance from an operator Shortly thereafter initial release was reported from the unattached settling leg This resulted in release of 99 of the reactors contents within sevshyeral seconds After reaching an ignition source the unconfined vapor cloud ignited which created a severe overpressure that caused extensive damage to the facility Reports of the damage indicate nearly $750 milshylion in property damage and $700 million in business interruption

An investigation after the explosion revealed air lines that activate the valve used to isolate the settling leg were installed in reverse position In this configuration the valve would open even though shown to be in the closed position

This incident highlights several oversights directly attributable to human factor errors The design of the block valve was determined to be inferior as it allowed installation of the air lines in a fashion that would allow the valve to open when assumed closed In addition there was no safe work permit system in place to allow for coordination with maintenance contractor employees and operators at the facility

3295 References

1 Attwood DA Schmaltz LE and Wixom ED The Exxon Chemical Human Factors Program 29th Annual Loss Prevention Symposium AIChE (1995)

2 Gertman DI and Blackman HS Human Reliability and Safety Analysis Data Handbook John Wiley amp Sons Inc (1994)

3 Bridges wG Kirkman JQ and Lorenzo DK Including Human Errors in Process Hazard Analyshysis Chemical Engineering Progress May 1994 (74-75)

4 Latino CJ Solving Human-Caused Failure Problems Chemical Engineer Progress May 1987 (42shy43)

5 Friedlander R H and Perron MJ Downsizings Effect on Safety in the CPIIHPI 29th Annual Loss Preshyvention Symposium AIChE (1995)

6 Yerkes RM and Dodson JD The Relation of Strength of Stimulus to Rapidity of Habit Formation Jourshynal of Comparative Neurology and Psychology 18 459-482 (1908)

7 Poulton EC Environment and Human Efficiency Springfield III Charles C Thomas Publisher (1970)

8 Welford AT Skilled Petformance Perceptual and Motor Skills Glenview III Scott Foresman and Company (1976)

9 Paula HM and Battle RE Reliability Performance of Fault-Tolerant Digital Control Systems 24th Annual Loss Prevention Symposium AIChE (1990)

10 McCormick EJ Human Factors in Engineering and Design McGraw-Hili Book Company New York (1976)



3296 Other Resources

Bailey RW Human Performance Engineering A Guide for System Designers Prentice-Hall Inc New Jershysey (1982)

Burgess JH Designing for Humans The Human Factor in Engineering Petrocell Books Princeton New Jersey (1986)

Kletz T A Chung P Broomfield E and Shen-Orr Chaim Computer Control and Human Error Institute of Chemical Engineers Rugby Warwickshire England (1985)

Lorenzo OK A Managers Guide to Reducing Human Error Improving Human Performance in the Chemishycallndustry Chemical Manufacturers Association Inc Washington DC (1990)

3210 Standards Codes and Laws

The purpose of this element in a program based on PSM principles is to address and communicate a companys minimum acceptable safe practices from the corporate level and assure that all locations within the company share the same approach to process safety This can be accomplished by creating internal standards to address the critical issues or by documenting and communicating which national regulations industry standards or consensus standards will be applied This will insure a consistency in decision makshying by design engineers and plant personnel

Once a set of standards is adopted there is a need to develop a variance procedure where local condishytions make precise application unreasonable The variance procedure should require demonstration that the alternative approach is at least equivalent in safety to the required method There should be a formal approval procedure for the variance at a management level commensurate with the scope of the deviation from accepted practice The variance procedure should be well documented and maintained as part of the plant design records

It will also be necessary to assign responsibility for maintaining the standards current and in keeping with the latest technology This would include obtaining and filing the latest revisions of existing national regulashytions industry or consensus standards as well as any new regulations applicable to the companys operashytions Where the changes are substantive a company-wide bulletin should alert users to the change and direct any steps that are needed either in updating current practices or applying to future designs Internal stanshydards need to have a formal review cycle to maintain currency

Finally there is a need for an audit procedure to ensure consistent application of the correct standards across the organization This audit should ensure that new projects are in agreement with the latest standards and that any variances have followed the required approval steps It will also be necessary to audit the varishyous operating sites relative to their compliance with company policy and current documents This audit can be part of the overall PSM program audit function described in the following section

3211 Audits and Corrective Actions

Audits are needed to assure the PSM system is consistent effective and appropriate for the exposure These are usually done by a third party but many chemical companies have staff auditing teams An audit employs a well-defined review process to ensure consistency Corrective action items are reported and the comshypany reviews and resolves the items While just one part of overall process safety management it is the critishycal one that attempts to assure management control of the other parts

32111 PSM Audit Preparation

Scope All parties need to understand the scope of the audit Scope can be shaped by many factors includshying regulatory requirements corporate policies resources available and nature of exposure Usually there is a balance between available resources and exposure taking into account regulatory requirements

This balance is impacted by type of facility ownership location program content and degree of site covershyage needed As an example a small low hazard joint venture in a remote location does not command the same resources as a nearby high hazard wholly owned plant making products critical to the company In


743 17-2 Loss Prevention in Chemical Plants Page 34 Factory Mutual Property Loss Prevention Data Sheets

some cases it is more efficient to audit process units by type where preparation is difficult and the proshycess units are accessible At remote locations where travel costs are high a complete audit is usually more economical

Frequency Audit frequency is controlled in part by some of the scope factors (regulatory requirements corshyporate policies exposure and resources) Other important factors to consider include results of prior audits incident history program maturity and process maturity Some of these factors affecting audit frequency decisions are noted below

a Degree of Risk vs Maturity of Process Operations that are inherently hazardous should have a higher audit frequency than operations that are inherently safe Extremely exothermic reactions involving unstable materials is an example of the former Endothermic reactions involving stable materials is an example of the latter

A mature process involving an extremely exothermic reaction may not need a higher audit frequency Bulk Grignard reactions are considered hazardous However some have been done for over 40 years withshyout major incident Along the way major incidents and technology indicated there were some essential facshytors for safe operation A new Grignard process may still need more frequent audits particularly if the vessel is not properly designed (low design pressure reactor with small rupture disk)

b Prior Audits Results of prior audits may indicate an audit frequency change is justified A finding of gaps in the PSM procedures indicates more frequent audits are needed In turn the frequency can be reduced for low hazard processes where the PSM procedures are excellent

c Incident History More frequent audits would be prudent for a process with a high incident history or even a history of near misses

d GovernrTent Regulation and Company Policies Sometimes the audit frequency is set by government regulations or company policy

Audit Staffing A single person can conduct an audit where the process is mature well understood and well documented However a mature process that is being changed needs special attention

A team effort is normally needed for a comprehensive audit at a more complex process As a group team members should have experience in process safety management and auditing techniques At least one should be familiar with the process being audited

Audit Report Content While report content can vary from plant to plant reports should be consistent within a company The required content should be formalized ahead of time for consistent results This should include treatment of audit findings

Audit Report Distribution The value of an audit is limited if distribution does not include appropriate individushyals Naturally distribution should include those responsible for any needed corrections but could include manshyagement responsible for similar production units for common cause problems It should be noted that some legal departments hamper audit report distribution

Audit Follow-up Items requiring corrective action need to be addressed using some form of audit followshyup The procedure should be formalized with assigned responsibilities and expected completion dates Verishyfication of completed steps should also be formalized Usually it is best if the verification process is performed by the audit team either at the next audit or a by a special review

32112 Pj)M Audit Techniques

Pre-Audit Planning Proper preparation and planning are critical to the audit quality Initial steps include selectshying units to be audited selecting the team and scheduling the visit Initially selection of units to be audited should be based on process hazards or value to the company However geography (location of units) and maturity of the PSM program can also be factors

Interim steps include defining the scope of the audit and collecting supporting documents Audit scope should be a formalized part of the PSM program Collecting adequate supporting documentation can be the most difshyficult part for an older unit that has been modified over the years Even well run companies have found critishycal drawings such as PampID wiring and piping drawings are not current or there is only one set of hand corrected paper plans

copy1999 Fac10ry Mutual Engineering Corp_ All rights reserved


The final steps involve a review of background information and preparing the audit agenda The team needs to understand the process including the basic design and modification plus the organizational system used for operation The latter includes corporate policies facility organization and regulatory requirements

Audit Activities The audit team needs to develop an understanding of the plants internal PSM system used to operate the facility before actually auditing the unit An excellent corporate process safety management system still depends on local management and operating staff for proper enforcement Basically the audishytor needs to determine if the local system employed meets the intent of the overall program This is done by auditing the plants process safety management system

Excellent documentation is a good start but alone does not assure the unit is operated as intended and is safe Some potential weaknesses include inadequate staff to administer the local program production goals that impair the PSM goals and a relaxed management style concerning the PSM program Considerable judgment is needed to determine if these weaknesses are actually deficiencies Actual deficiencies need to be addressed as part of the audit report

Where satisfactory program controls exist the auditor can focus on how well they function on a consistent basis This can be done by interviewing staff observing the operation and checking records A deviation from the desired operation is a negative but it is how well the process safety management system responds to the deviation that is important It should be noted that no process safety management system will eliminate all deviations so trends (deviations going up or down) are actually more important

During the audit the team should review progress and discuss areas of concern that may need additional attention Plant staff should be involved in these reviews Since they can frequently supply the missing inforshymation or explain how and why local procedures differ from expected performance Negative findings should be fully explored since it is poor technique to base an audit finding or recommendation on a single item

Actually the quantity of information collected should be adequate to support the objectives of the audit and the conclusions of the team To be adequate the information collected should be relevant to the unit being audited be completely unbiased and should be objective Enough information should be collected so the same conclusion can be determined by different people

At the conclusion of the visit the audit team should finalize tentative findings and discuss them with manshyagement Areas of disagreement should be resolved If team findings are consistent with the PSM goals while taking into account local variances the areas of disagreement will be minimized

Post-Audit Activities The audit team usually prepares a formal report which is distributed in accordance with the program They may also be involved in the action plan prepared by the unit audited to assure it meets the intent of the audit findings

Audit Tools The process safety management system will usually have suggested tools to aid the audit proshycess Some of the tools include guidelines checklists questionnaires outlines and suggested procedures While they are not required to be used the suggested tools usually have proven to be effective in aiding data collection

Data Collection As an example a Process Safety Information guideline which can be customized to meet the needs of the corporation and tailored to match the requirements of individual production units might sugshygest the following information be documented

1 Chemical hazard

a Toxicity

b Permissible exposure limits

c Physical reactivity and corrosion data

d Thermal and chemical stability

e Hazardous effects of mixing

2 Process technology

a Process description and flow diagram



b Process chemistry

c Inventory permitted

d Safe upper and lower limits for temperature pressure flows and compositions

e Consequences of deviations

3 Process equipment

a Construction materials

b PampID

c Electrical classification drawing

d Relief system design and design basis

e Ventilation system design

f Drainage system design

g Design codes and standards

h Material and energy balance

i Safety systems (interlocks detection control and suppression systems)

4 Safety inspections

a Code inspection reports for pressure equipment

b Policy mandated inspection reports for safety equipment (rupture disk safety relief valves etc)

c Policy mandated inspectiontest reports for safety systems (short stop system water quench system interlocks back-up power etc)

32 12 Emergency Response Planning

Emergency response planning is intended to cover a wide range of activities for mitigating and controlling incidents such as fires explosions vapor releases and chemical spills

A well developed emergency response plan is fully documented and well thought out The level of detail of the various components of the plan should be commensurate with the site hazards A management sysshytem should be in place to assure the emergency response system is effective and kept current with changes at the facility The following plan elements should be available up to date and documented

1 Facility policy regarding emergency response planning

2 Facility description

a Organization and staffing

b Risk assessment of site hazards

c Plot plans

3 List of site hazardous material safety information

4 Emergency response plans

a Description of possible incident scenarios

b Plan to respond to each scenario

c On-site emergency equipment and supplies

d Description of external resources and support organizations

copy1999 Factory Mutual Engmeering Corp All rights reserved


5 Emergency response teams

a Staffing and organization

b Capabilities of members

c Retraining plans

6 Description of emergency systems and equipment

7 Post incident contingency plan

8 Regulations applicable to the facility

33 Concepts of Highly Protected Risk

The high hazard chemical industry like other industries can be protected to a loss prevention level which is defined by insurance companies and risk management as preferred risk Preferred risk is also known as Highly Protected Risk (HPR) For any plant whether high hazard chemical or otherwise this level of proshytection has been established over decades of loss experience and fire and explosion research

In many occupancies the difference between HPR and non-HPR status is usually based on whether or not the facility has sprinkler protection with adequate water supplies This is somewhat simplistic in that other facshytors such as management interest in loss prevention also play an important role

In the chemical industry the presence or lack of sprinklers alone cannot solely define HPR status

331 Requirements to Achieve HPR Status

In the chemical industry all of the following elements are considered required as needed based on exposhysure for HPR status Sprinklers or other automatic suppression systems alone cannot always be the dividshying line between a good plant and a poor plant Because chemical incidents can occur so fast and in some cases approach worst case type events with the initial event sequence sprinklers alone may not be capable of providing the desired level of mitigation In some cases sprinkler systems in these occupancies can only cool steel components without any effect on suppression or control

Prevention activities as defined in an integrated program based on PSM principles are critical to identificashytion of potential incidents and to minimize the occurrence through careful design and process control In fact there are unsprinklered chemical facilities with excellent fireproofing drainage on-site response and fully integrated PSM systems that may be equivalent to a fully sprinkle red facility without a PSM system in place The latter facility may have more frequent losses one of which may get away due to poor attenshytion to maintenance testing and inspections of suppression systems

In most cases however the need for sprinklers is a minimum requirement along with other protection The proshytection scheme includes all components working as a system If one is missing the system may not be effecshytive in limiting potential loss to the desired level and the plant may not be suitable for HPR status

The following elements are considered when determining HPR status of a chemical facility Several Facshytory Mutual data sheets specific to the element are listed when appropriate Many other data sheets and refshyerence sources on each element may exist but are not listed

3311 Integrated PSM System

Process safety management is described elsewhere in this document This HPR element can be comshypared to the need for property conservation programs in other occupancies PSM should be fully inteshygrated into the chemical facility for all processes and activities not just for those processes systems or chemicals mandated by government regulations There are many processes and materials for example powshyders (dusts) fuels and propellants that are usually excluded from PSM regulations (Sometimes these could be included under the umbrella of the General Duty Clause found in most regulations) These can and should benefit from a program based on PSM principles as well as regulated processes or chemicals In other words an integrated PSM system means that all processes within the boundaries of the plant are covered

PSM is critical toward identification of hazardous materials and processes mitigation of those hazards and management of change throughout the life of the plant



A plant without a fully integrated program based on PSM principles appropriate for the level of hazard (or equivalent program by any other terminology) cannot be considered for HPR status

This subject is also broadly covered in FM Data Sheet 9-717-5 Property Conservation and numerous pubshylications by the CCPS API CMA and other groups (See Bibliography)

3312 Management Commitment and Oversight

Management commitment and oversight of loss prevention and process safety activities are crucial toward achieving and maintaining the desired level of protection throughout the life of a chemical facility Examples abound how one management group which is production oriented without commensurate attention (both monetary and staffing) to loss prevention passes on a loss prone legacy to the next generation Manageshyment commitment must start at corporate level be part of the management culture at all lower levels and be continued throughout the life of the plant

3313 Instrumentation and Process Control

Control of processes through proper instrumentation and interlocks minimizes operator error and assures incipient events are detected in time to take corrective action There is no correct level of instrumentation or interlocks Each facility or process within a facility needs individual assessment prior to determining needs Needs are usually predicated on results of hazard analyses backed by common sense and loss history Benign processes which are easy to control and have little potential exposures may require only a single layer of process control or perhaps only manual control Highly complicated or hazardous processes may require multiple levels of interlocks and controls designed to fully fail safe Most chemical processes require one or more levels of redundancy

Data Sheet 7-45 Instrumentation and Control addresses process safety controls not operational process control systems Other occupancy-specific data sheets such as 7-35 Air Separation Processes cover needs for that occupancy

3314 QQerator Training and Empowerment

Operators must be trained not only in the hazard of the materials but in the way these materials interact within the process system What if scenarios are helpful in training operators in potential variances from norshymal operation Because the operator is responsible on a daily basis for assuring both plant and process proshyduction and safety this position is critical toward overall loss prevention Where possible the operator should be involved in hazard analyses Operators must be empowered to make and act upon decisions without manshyagement oversight The ability to shut down production when safety of the plant is at risk must be resident with the operators

Operator involvement and human factors are covered in more detail elsewhere within this document

3315 yessel Piping and Reaction Overpressure Protection

Equipment within a chemical facility is designed to contain energy Vessels piping pumps and other equipshyment may contain gases liquids under pressure or solids that can produce pressure if reacted or ignited within the system Equipment must be protected usually by code to normal expected pressures and for unexshypected but potential overpressures caused by reactivity or other events such as confined dust or vapor exploshysions

Most significant chemical incidents can be attributed to failure of a pressurized system

Many FM data sheets cover overpressure protection from vessel design to safety relief valves to emershygency reactor venting A few are listed

7-4617-11 Chemical Reactors and Reactions 7-4912-65 Emergency Venting of Vessels 7-59 Inerting and Purging 7-73 Dust Colectors and Colection Systems 7-76 Prevention and Mitigation of Combustible Dust Explosions and Fires 12 Series on boilers and pressure vessels



3316 Maintenance Inspection and Testing programs

Once systems are installed they need maintenance inspection and testing on identified frequencies This applies to production equipment which is in day-to-day operation as well as emergency systems such as sprinklers and alarms An HPR plant will have these programs in place commensurate with appropriate stanshydards codes and manufacturers recommended practices

Refer to FM Data Sheet 9-017-0 Maintenance and various protection system pressure vessel mechanishycal equipment and electrical equipment data sheets such as OS 2-8N Installation ofSprinkler Systems 5-201 14-22 Electrical Testing 12-0 Applicable Pressure Equipment Codes and Standards and 12-43 Pressure Relief Devices

3317 Adequate and Reliable Water Supply and Delivery System

Water supplies are usually required for a chemical facility regardless of whether sprinklers are needed or proshyvided A strong water supply feeding an underground main system with properly spaced and arranged hydrants or monitor nozzles is a minimum requirement for HPR status Larger chemical facilities may need systems capable of providing tens of thousands of gallons per minute to cool steel and protect exposures around a flammable liquid pool fire The system must be laid out as reliably as possible often multiple sources at opposite ends of the facility are provided for maximum availability and reliability Water supply and distribution system needs and design considerations that may be used when evaluating chemical plants are covered in various FM data sheets including

3-0 Hydraulics of Fire Protection Systems 3-2 Water Tanks for Fire Protection 3-7N13-4N Centrifugal Fire Pumps 3-10 InstallationMaintenance of Private Service Mains and their Appurtenances

3318 Ignition Source Control

Ignition source control is a broad area covering such potential sources as smoking electrical hot work lightshyning non-sparking equipment spontaneous or chemical decomposition heating hot surfaces such as heat transfer fluid or steam piping chemical reaction heat and other process heat sources and open flames such as flares or gas-fired equipment Some potential sources such as hot work are easily identified and can be controlled by awareness training and permit systems Others such as reaction heat may occur only under adverse conditions and may not be identifiable without a hazard analysis

The intent in chemical facilities is to eliminate ignition sources so that a spill or vapor release can be mitishygated before ignition occurs

Ignition source control is covered in several FM data sheets including

5-1 Electrical Equipment in Hazardous Locations 5-8 Static Electricity 5-1014-10 Protective Grounding for Electrical Power Systems and Equipment 5-1114-19 Lightning and Surge Protection for Electrical Systems 7-0 Causes and Effects of Fires and Explosions 7-99 Heat Transfer by Organic and SynthetiC Fluids

3319 Adequate Spacing of Buildings Process Units and Tanks

The degree of confinement or openness of a chemical facility will determine the potential for a small incident to progress into a worst case event Closely spaced facilities can be exposed to larger incidents due to knock on events such as thermal radiation missiles and fragments and overpressure In general process units should be separated by 100 feet (30 m) from other process units by unobstructed roadways Tank farms or other unusually hazardous processes such as catalyst manufacture may require additional spacing Adminshyistrative utility and emergency response facilities also require careful siting remote from process hazards



The following FM documents provide guidance on chemical plant spacing

7-28 Explosive Materials 7-42 Guidelines for Evaluating the Effects of Vapor Cloud Explosions using a TNT Equivalency Method 7-4417-5 Spacing of Facilities in Outdoor Chemical Plants 7-88 Storage Tanks for Flammable Liquids

3311 deg~EmergencyResponse and Post-loss Contingency Plans

An HPR plant will have a plan in place to respond to any potential incident scenario Scenarios will be develshyoped based on hazard analyses Incident response includes both response of operators to control the event and emergency fire fighting but is not limited to these activities It also includes a timely investigation to determine cause and written contingency plans for acquiring spares restoring production obtaining raw mateshyrials etc following the incident

33111 Testing and Understanding of Process Chemistry

This HPR element ties in well with process safety knowledge described in Section 322 Knowledge of the hazards of materials and their reactivity when combined with other materials either intentionally or unintenshytionally is critical to safe operation of the facility

Several FM data sheets provide guidance on process safety information including

7-19N Fire Hazard Properties of Flammable Liquids Gases and Volatile Solids 7-46 Chemical Reactors and Reactions 7-4912-65 Emergency Venting of Vessels

and occupancy specific data sheets such as

7-22 Hydrazine and its Derivatives 7-51 Acetylene 7-5217-13 Oxygen 7 -53 Liquefied Natural Gas 7 -54 Natural Gas and Gas Piping 7-5512-28 Liquefied Petroleum Gas 7-58 Chlorine Dioxide 7-80 Organic Peroxides 7-89 Ammonium Nitrate and Mixed Fertilizers Containing Ammonium Nitrate 7-91 Hydrogen 7 -92 Ethylene Oxide

33112 Adequate and Reliable Fixed Suppression Systems

Because of large quantities of high heat release hydrocarbons and other flammable liquids and gases chemishycal facilities almost always require some level of fixed automatic suppression Due to cost and reliability water-based deluge or water spray systems are often used Protection may include exposed structural steel production vessels pumps tanks pipe racks loading stations and oil lubricated rotating equipment Foam systems are used when faster suppression is needed often due to poor drainage or lack of steel protecshytion High speed systems are used for high-energy materials such as propellants Explosion suppression may be used in high frequency areas with combustible dusts or vapors High volume water spray systems may be used for vapor cloud dispersal or as thermal shields between process units

An HPR chemical facility requires fixed suppression where needed as a minimum requirement for preshyferred risk

FM resources on suppression system selection and design include

2-8N Installation of Sprinkler Systems 4-0 Special Protection Systems 4-1 N Water Spray Fixed Systems 4-7N Low Expansion Foam Systems 7-17 Explosion Suppression Systems



For resources on protection needs for process units structures or equipment common to chemical plants also see 1-6 Cooling Towers 5-414-8 Transformers 5-3114-5 Cables and Bus Bars 5-32 Electronic Data Processing Systems 7-2 Waste Solvent Recovery 7-14 Fire and Explosion Protection for Flammable Liquid Flammable Gas and Liquefied Flammable Gas Processing Equipment and Supporting Structures 7-29 Flammable Liquids in Drums and Smaller Containers 7-32 Flammable Liquid Operations 7-48 Disposal of Waste Materials 7-54 Natural Gas and Gas Piping 7-5512-28 Liquefied Petroleum Gas 7-78 Industrial Exhaust Systems 7-88 Storage Tanks for Flammable Liquids 7-95 Compressors 7-99 Heat Transfer by Organic and Synthetic Fluids

Other data sheets that are specific to certain chemical occupancies also have guidelines on fixed suppresshysion needs including

7-30N Solvent Extraction Plants 7-34 Electrolytic Chlorine Processes 7-35 Air Separation Processes 7-89 Ammonium Nitrate and Mixed Fertilizers Containing Ammonium Nitrate

33113 Drairl~ge and Containment Systems

Fires involving lighter-than-water hydrocarbons cannot be suppressed by water systems alone While the water can be effective at keeping building and equipment steel cool and allowing emergency response to gain access other systems are needed for full suppression Drainage systems and containment such as curbs and dikes are important to channel liquids away from important equipment or confine liquids at a safe locashytion In fact drainage systems can aid in suppression by elimination of oxygen within the drainage piping and collection system

Care must be taken to assure hazardous material drainage systems are not connected to benign systems such as those from a control room Incidents have occurred when flammable or corrosive vapors have entered non-hazard rated areas and exploded or contaminated sensitive electronic equipment

Attention to environmental regulations is needed to assure a drainage or containment system is acceptable

The following FM data sheets cover these systems and their design in detail

7-83 Drainage Systems for Flammable Liquids 7-88 Storage Tanks for Flammable Liquids

33114 EqUipment and StrLJ~LJral Steel Fire Protection

Exposed building steel under load cannot withstand a hydrocarbon fire exposure for any significant length of time Because steel is often the structural element of choice due to cost or flexibility special protection is needed to prevent early collapse of an important process structure Steel vessels such as reactors exchangshyers and distillation columns or tanks on steel legs are also highly susceptible to heat failure which could release contents adding fuel to a fire The goal is to keep the steel cool while the burning liquids or gases are removed by drainage or the fluid release is stopped Steel can be protected by water spray or by fireshyproofing with noncombustible heat resistant materials Preferably reinforced concrete would be the strucshytural choice where there are large amounts of flammable liquids or gases that may be released



Refer to the following FM data sheets for information on steel protection

1-21 Fire Resistance of Building Assemblies 7 -14 Fire and Explosion Protection for Flammable Liquid Flammable Gas and Liquefied Flammable Gas Proshycessing Equipment and Supporting Structures

33115 Damage Limiting and Noncombustible Construction

To minimize the effects of fire and explosion pressure damage an HPR facility will have appropriate damshyage limiting (DLC) or fire resistive construction Examples of DLC include high strength blast resistant conshytrol rooms and low strength venting walls for an occupancy containing flammable vapors or dusts Noncombustible construction is also an HPR requirement for important support and utility buildings

Control rooms and other critical operations or emergency response centers need careful evaluation as to hardshyening against blast overpressures Cost and importance to safe shutdown and continued long term producshytion are key variables

The following FM data sheets provide information and application requirements

1-44 Damage Limiting Construction 1-57 Rigid Plastic Building Materials

33116 Combustible Gas Detection

Combustible gas detection is desirable for fast notification of a release of gas or hot vapor This may prompt an automatic or manual emergency response such as vapor cloud water spray dispersal systems or fire department response Refer to Data Sheet 5-49 Gas and Vapor Detectors and Analysis Systems for more information on this subject

33117 Inerting and Purging Systems

Elimination of oxygen within flammable vapor spaces is often required to prevent explosion or fire incishydents Nitrogen inerting or purging prior to filling a system with hydrocarbons is commonly used In many cases a pressurized inert gas is used to push materials safely through a system Detection to assure oxyshygen levels are maintained at proper concentrations are part of an inerting system Inerting can apply to storshyage vessels production vessels piping and drainagecollection systems

The following FM data sheets cover this subject

7-30N Solvent Extraction Plants 7-59 Inerting and Purging of Equipment 7-88 Storage Tanks for Flammable Liquids

33118 Barriers and Barricades

In some cases a barricade may be needed to protect important buildings or production areas against misshysile or fragment impact from a nearby high frequency explosion source Barriers and barricades are comshymonly used in plants handling explosives and propellants They have been successfully applied in chemical facilities such as high pressure polyethylene plants Barriers are not usually acceptable for overpressure proshytection Pressure waves generated by a vapor cloud or vessel explosion will pass around or over barriers and reform on the back side

Fire resistive barriers such as noncombustible fire walls are often used as separation between important proshyduction areas or between high hazard and low hazard areas

The following FM Data Sheets provide more detail on these systems

1-19 Fire Walls Subdivisions and Draft Curtains 1-20 Protection Against Fire Exposure (From Buildings and Yard Storage) 1-22 Criteria for MFL Fire Walls and Space Separation 1-23 Protection of Openings in Fire Subdivisions 7-16 Barricades



33119 Protection Against Natural Perils

Chemical facilities may be exposed like all occupancies to a variety of natural events some potentially catashystrophic such as earthquakes hurricanes and floods Less obvious but potentially equally damaging exposhysures such as a hard freeze in a temperate climate have also caused large loss incidents The following FM data sheets provide more detail on these exposures and methods of analysis and protection

1-2 Earthquake 1-7 Wind Forces on Buidings and Other Structures 1-54 Roof Loads for New Construction 9-2 Surface Water 9-13 Evaluation of Flood Exposure 9-1817-18 Prevention of Freezeups

34 Concepts of Inherent Safety

Opportunities exist to reduce the risk at a chemical facility at many stages of its life but the primary opporshytunity exists during new project development or during major changes At these stages inherent safety opporshytunities can be explored economically

An inherently safer plant relies on the reduction or elimination of hazardous materials or processes through changes in the chemistry and physics of the process rather than layers of add on safety control and fixed protection systems The traditional approach to loss prevention has been to accept the hazard and then to proshytect against it This latter approach requires expensive active and passive protection systems which are subshyject to failure within the life of the plant An inherently safer plant has eliminated or reduced the hazard to where these systems may not even be needed saving initial installation cost lifetime maintenance and testshying costs and potential loss costs should systems fail

According to Kletz there are five approaches to the development of inherently safer plants intensification substitution attenuation limitation of effects and simplificationerror tolerance

34 1 Intensification

Intensification means using smaller amounts of a hazardous material

For example a polyolefins plant required large quantities of LPG feedstock In the past it had a large day tank within the process unit This tank was fed from bulk storage spheres located many hundreds of feet away The day tank was found to severely expose the production unit and in fact was installed only as a producshytion convenience if supplies were temporarily cut off from the larger tanks (due to a pump failure for example) The day tank was eliminated and spare pumps installed for reliability The plant was able to operate as effishyciently without the hazardous large volume inventory within the production unit

In another case a hazardous reaction involving potentially detonable materials was at one time conducted in a moderately sized batch reactor The possibility of runaway with a subsequent detonation of a large quanshytityof high energy material existed due to many different failure modes because of the reactivity of the mateshyrials involved The process was changed so that the two reactants were continuously reacted in a small pipe reactor with flows less than 5 gpm The same amount of product was produced at a reduced risk due to subshystantially lower amounts of high energy material available at any given time

342 Substitution

Substitution means replacing a hazardous material with a non-hazardous or less-hazardous material

The classic example of substitution is use of water as a coolant instead of combustible thermal oil The advanshytage is obvious Water is both nonflammable and non-corrosive Fire protection will not be needed for the coolant alone which could have been the case for the thermal oil

Another example is using an ammonia refrigeration system in an outdoor process unit instead of propyshylene The propylene system represents fire and vapor cloud explosion hazards where the ammonia hazard is substantially less from a fire and explosion standpoint A trade off in toxicity which may affect manual fire fighting response would occur with this choice



A third example is use of supercritical carbon dioxide instead of highly flammable solvents in processes that require extraction of oils such as agricultural products The hazard of fire and explosion from the solvent are eliminated although combustible oils may still be present A possible hazard trade off is made in the high pressures required for supercritical extraction

Substitution can apply to non-chemical systems as well Use of noncombustible construction in buildings use of electric cable inside metal conduit instead of exposed plastic insulated cable and use of stainless steel instead of plastic for duct systems handling some corrosives are all examples of this element of inherent safety

343 Attenuation

Attenuation means using less hazardous process conditions or a less hazardous form of material

Attenuation is commonly achieved by using lower temperatures and pressures It may be achieved through process chemistry (Le a new reaction with less potentially energetic effects)

The 1974 Flixborough U K incident was caused by a release of boiling cyclohexane a raw material used to make caprolactam an intermediate for nylon Hundreds of thousands of pounds of boiling cyclohexane were present in the system under high pressure Upon accidental release the material flashed to vapor and an outdoor vapor cloud explosion occurred with essentially total damage to the plant

Another plant discovered a way to produce caprolactam using cyclohexane in a process below its boiling point Should the cyclohexane be released a severe fire hazard will exist However the fact that the material is below its boiling point at all times has completely eliminated any possibility of a vapor cloud explosion

Another common example is refrigerated storage of hazardous materials such as ethylene oxide Ethylene oxide stored at ambient conditions can form large vapor clouds if released If stored as a refrigerated liqshyuid essentially no vapor cloud can form

In another plant a combustible silicon metal dust presented an unacceptable risk The dust was tested and found to have a very high energy potential and conventional damage limiting systems would not be effecshytive in reducing overpressures should the material ignite The solution was to immediately dilute the dust in an inert material a process called phlegmatization This was done within the duct system prior to any large or important collection system The resultant mixture was rendered noncombustible and the explosion hazshyard was eliminated

Another inherently safe solution for undesirable combustible dusts is to collect them in a liquid slurry

344 Limitation of Effects

Limitation of effects means designing a facility that minimizes the impact of a release of hazardous mateshyrial or energy

The most common approach to this element of inherent safety is in proper siting and location of facilities This can reduce the impact of a release or event by distance and by limitation of add-on events such as BLEVEs or missile punctures Other factors considered could include proper drainage patterns prevailing winds and meteorological conditions

At one plant a typical process unit is constructed of a one-story concrete supported structure known as a pump house The pump house has open walls and a solid concrete roof Pumps are located within the conshycrete structure at grade level and piping is located at ceiling level Major processing equipment such as purishyfication columns and rundown tanks with high volume flammable materials are located around the perimeter of the concrete structure or on the solid roof The structure is long and narrow with heavily sloped drainshyage toward the outside of the unit All important equipment is fireproofed

These features were intentional to assure that all significant quantities of flammable materials were fully accessible for manual fire fighting Upon a release the materials flow outward from the unit and can be more easily controlled Damage even in a worst case event will be limited to peripheral eqUipment

Another approach to limitation of effects is by limiting the magnitude of a process deviation For example the rate of addition of a material to a reactor can be limited by sizing the feed pump so that it cannot possishybly exceed the safe addition rate This can also be achieved by use of small piping or orifice plates in pipes



Use of smaller but deeper dikes around LPG and other liquefied gases such as LNG and ethylene will subshystantially reduce the amount of exposed liquid surface area subject to vaporization

Another classic example of limitation of effects is by provision of barriers or complete containment of a hazshyardous material or process This has been used effectively by the nuclear power and the propellant and solid rocket motor manufacturing industries Blast barriers have been used effectively around high pressure ethshyylene processes Containment is now commonly used for liquid chlorine tanks

345 SimplificationError Tolerance

Simplificationerror tolerance means designing a facility so that operating errors are less likely or the proshycess is more forgiving if errors are made

This can apply to many operating conditions within a plant For example use of gravity systems is prefershyable to pumping systems because of the lack of moving parts and less potential for leaks (such as at pumps seals) If pumps must be used pumps without seals or double-sealed are preferable Piping should be welded if possible flexible couplings minimized or eliminated and glass level devices eliminated Sample pOints should be avoided but should have double valving and collection pots if necessary

Many simplifications can be done to process units especially in batch reactions to minimize the potential for error in charging of reactants Small charge vessels can be added for initial mixing instead of dumpshying all materials into one large reactor where hot spots can form due to poor mixing or cooling

At one petrochemical plant the plant was simplified by reducing by 60 the number of vessels and equipshyment needed to run a similar but older plant The complexity of running the plant and thus potential for loss was substantially reduced

40 BIBLIOGRAPHY

41 Process Safety and Risk Management

Center for Chemical Process Safety Guidelines Series AIChE G-10 Guidelines for Technical Management of Chemical Process Safety 1992 G-18 Guidelines for Hazard Evaluation Procedures 1992 G-19 Guidelines for Investigating Chemical Process Incidents 1992 G-20 Guidelines for Auditing Process Safety Management Systems 1993 G-25 Guidelines for Implementing Process Safety Management Systems 1994 G-27 Guidelines for Process Safety Documentation 1995 Chemical Process Safety Management - Control of Acute Hazards Chemical Manufacturers Association (CMA) May 1985

Management of Process Hazards American Petroleum Institute (API) Recommended Practice 750 1990

Process Safety Management of Highly Hazardous Chemicals 29 Code of Federal Regulations No 1910119 Occupational Safety and Health Administration August 26 1992

Risk Management Programs (RMP) for Chemical Accidental Release Prevention 40CFR Part 68 (Fedshyeral Register Vol 61 No120 pgs 31667-31730) Environmental Protection Agency June 201996

EC Directive 82501EEC and its 1987 revision (87216EEC) (Europe)

42 Highly Protected Risk Guidelines for Chemical Industry

FM Data Sheets

1-44 Damage Limiting Construction 5-1 Electrical Equipment in Hazardous Locations 7 -0 Causes and Effects of Fires and Explosions 7-14 Fire and Explosion Protection for Flammable Liquid Flammable Gas and Liquefied Flammable Gas Proshycessing Equipment and Supporting Structures 7-42 Evaluating the Effects of Vapor Cloud Explosions 7 -4417 -3 Spacing of Facilities in Outdoor Chemical Plants



7-45 Instrumentation and Control 7-4617-11 Chemical Reactors and Reactions 7-47 Physical Operations in Chemical Plants 7-4912-65 Emergency Venting of Vessels 7-59 Inerting and Purging of Equipment 7 -83 Drainage Systems for Flammable Liquids 7-88 Storage Tanks for Flammable Liquids 7-95 Compressors 7 -9912-19 Heat Transfer by Organic and Synthetic Fluids 12-0 Applicable Pressure Equipment Codes and Standards


Guidelines for Vapor Release Mitigation Chapter 2 CCPS Guideline G-4 1988

Englund SAlnherently Safer Plants Practical Applications Process Safety Progress Vol 14 No 1 pp 63-70 Jan 1995

Englund S A Opportunities in the Design and Operation of Inherently Safer Chemical Plants Advances in Chemical Engineering 15 pp 73-135 1990

Englund S A Design and Operate Plants for Inherent Safety Chemical Engineering Progress March pp 85-91 1991

Kletz T A Inherently Safer Plants An Update Proceedings of the 24th Annual Loss Prevention Symposhysium San Diego CA August 1990 American Institute of Chemical Engineers

Kletz T A Friendly Plants Chemical Engineering Progress pp 18-26 July 1989

Hendershot DC Some Thoughts on the Difference Between Inherent Safety and Safety Process Safety Progress Vol 14 No 4 pp 227-228 Oct 1995

Hendershot DC Conflicts and Decisions in the Search for Inherently Safer Process Options Process Safety Progress Vol 14 No 1 pp 52-56 Jan 1995


Pressure Vessel Inspection Code American Petroleum Institute (API) Publication 510 1997

Piping Inspection Code American Petroleum Institute (API) Publication 570 1997

45 Chemical Hazard Information

Encyclopedia of Chemical Technology 24 vols 4th ed Kirk-Othmer John Wiley amp Sons Inc 1991

Hawleys Condensed Chemical Dictionary 12th ed Ed by Richard J Lewis Sr Van Nos Reinhold 1993

Dangerous Properties of Industrial Materials 3 vols 7th ed N Irving Sax amp Richard J Lewis Sr Van Nos Reinhold 1988

Perrys Chemical Engineers Handbook 6th ed Ed by Don W Green McGraw-Hili 1984

Physical Properties of Hydrocarbons 2 vols R W Gallant Gulf Publishing Co 1968 1974

CRC Handbook of Chemistry and Physics 73rd ed Edited by D R Ude CRC Press 1993



APPENDIX A INTERNATIONAL ORGANIZATIONS AND REGULATORY CODES OVERSEEING CHEMICAL PLANT PROCESS SAFETY

A1 Mandatory Regulations Covering PSM and Related Chemical Industry Safety Oversight

To date mandatory regulatory oversight of process safety has occurred only in the European Economic Counshycil Countries (EEC) or European Union (EU) and within North American only in the United States There are currently no mandatory PSM regulations in Canada Mexico or the AustralAsia countries although studshyies are underway to promulgate laws similar to Europe and the US in many of these areas

PSM regulation started in Europe following a series of serious chemical plant incidents Flixborough (1974) Beek (1975) and Seveso (1976) being the most noteworthy In 1982 the EU developed EC Directive 82501 EEC which required adoption of PSM In 1992 following a series of accidents in chemical plants in the US including Phillip Petroleum (1989) the OSHA 1910119 PSM Rule was enacted Also in response to environshymental releases the EPA in 1993 issued a proposal to require chemical plants to develop risk manageshyment plans The EPA Rule was enacted in June 1996 with an effective date of August 19 1996

A 1 1 Europe

A111 EC Directive 82501EEC and its 1987 revision (87216EEC) are known as the Seveso Directive A third revision (88610EEC) was developed following a major accident in Basel Switzerland in 1986 The purpose of the directive is to place into law an administrative structure to identify assess control and mitishygate the major accidents hazards and risks of chemical and related industries The directives contain the following key provisions

unifying standards across the European Community - identification of competent oversight authorities - provision of a framework of controls involving

- identification - assessment - control - mitigation

- information exchange between member states and the European Community - Community-wide reporting with data base of major accidents

The directive requires a company to

- comply when certain threshold chemicals or process systems are present - report major accidents - demonstrate that plant risks have been identified safety measures adopted and that information trainshying and equipment has been provided to personnel following an established and documented process safety management program

Exemptions include nuclear military explosives and ordinance mining and waste disposal sites

A byproduct of the regulations is research into major industrial hazards including developing technologies for accident prevention and environmental restoration improving the understanding of chemical and physishycal hazard phenomena and improving the understanding of managing risk

A 12 United States

The US Clean Air Act (CAA) Amendments of 1990 signed into law on November 15 1990 included proshyvisions for chemical accident prevention Both the Occupational Safety and Health Administration (OSHA) and the Environmental Protection Agency (EPA) were instructed to promulgate process safety regulations In addition a number of individual states have adopted related regulations including California Delaware Texas Nevada and New Jersey



A121 Occupational Safety and Health Administration

In response to this act OSHA promulgated Process Safety Management of Highly Hazardous Chemicals (29 CFR 1910119) that went into effect on August 26 1992 This law covers chemical accidents which can occur on a plant site and expose plant workers and the public to (principally) fires and explosions The law lists 141 specific chemicals plus all flammable hydrocarbons and provides threshold values above which a company using storing or producing the chemicals must comply with the provisions of the law The law is a performance-based standard rather than specification-based so there are no specific measurements that the company is mandated to meet The OSHA PSM law lists 14 specific provisions including a requireshyment to conduct extensive process safety analyses for compliance When the law was passed it was estishymated that approx 87000 US facilities would meet threshold requirements and need to comply with the law

Elements of process safety within the OSHA PSM Rule are similar to the CCPS elements One significant difshyference between the two documents is in scope CCPS is a general guideline that does not define what proshycesses need to fall under PSM oversight It is intended to be applied by the users according to their needs

OSHA specifies which areas of a facility must be managed by listing 141 specific chemicals and all flamshymable hydrocarbons It also lists process situations and occupancy defaults The law applies if these defaults are triggered PSM does not have to be applied if these defaults are not triggered

Some of the OSHA-listed chemicals and their thresholds as compared to EPA thresholds are provided in Table 1

Table 1 Comparison of OSHA and EPA Thresholds of the More Common Hazardous Chemicals

Substance EPA threshold Ib (kg) OSHA threshold Ib (kg) _-_

Anhydrous Ammonia 1000 (450) 5000 (2250)

Chlorine 1000 (450) 1500 (680)

Chlorine dioxide 500 (225) 1000 (450)

I Anhydrous hydrochloric acid 1000 (450) 5000 (2250)

i Sulfuric acid 5000 (2250) Not listed

I Titanium tetrachloride 500 (225) Not listed

I Flammable hydrocarbons 10000 (4500) 10000 (4500)

Explosives all (per DOT) Not covered

I

A122 Environmental Protection Agency

In response to the Clean Air Act Amendments of 1990 the US EPA announced in the October 20 1993 Fedshyeral Register (Vol 58 No 201 54190) a proposed rule entitled Risk Management Programs (RMP) for Chemishyca Accidental Release Prevention (40 CFR Part 68) The rule was finally enacted in 1996 with an effective date of August 191996 The rule is intended to protect public health and the environment It closely paralshylels the OSHA law covering Process Safety Management of Highly Hazardous Chemicals which is primashyrily intended to protect in-plant workers

The EPA RMP and the OSHA PSM laws are different yet complementary to each other OSHAs focus is on workplace consequences while EPA is on offsite consequences However EPA acknowledges that most locations that comply with the OSHA law will also comply to some extent with the EPA rule

The EPA estimated that the new rule will effect 140000 US facilities that have one or more of the 100 listed toxic substances 62 flammable liquids or gases or high explosives on their site above identified threshold values The thresholds for toxic substances are based on a ranking method that considers each substances toxicity and potential to become airborne and disperse The thresholds for listed flammable liquids and gases are based on the quantity that potentially might be involved in a vapor cloud explosion The threshold for explosives is based on the quantity that could produce lethal blast waves from an explosion at a distance of 100 meters (330 ft) The presence of a threshold quantity is to be determined based on the maximum quanshytity in a single process

More facilities fali under the EPA rule than under the OSHA rule due to generally lower threshold values of listed chemicals in the EPA rule (A sample threshold list is shown in Table 1)



In addition to complying with the OSHA PSM provisions the EPA rule adds two major components as part of the facilitys risk management program hazards assessment and response programs

Facilities that meet EPA thresholds have to conduct hazard assessments for each covered substance The hazard assessment has to look at a range of accidental release scenarios including worst case The worst case release scenario is defined by EPA as the release of the largest quantity of a regulated substance from a vessel or process line failure including administrative controls and passive mitigation that limit the total quantity involved or the release rate For most gases the worst case release scenario assumes that the quanshytity is released in 10 minutes For liquids the scenario assumes an instantaneous spill the release rate to the air is the volatilization rate from a pool 1 cm (38 in) deep unless passive mitigation systems (eg dikes) contain the substance in a smaller area For flammables the worst case assumes an instantaneous release and a vapor cloud explosion

The EPA lists meteorological conditions (wind speeds and atmospheric stability) which define worst case It should be noted here that the OSHA law does not assume worst case and for this reason much more severe exposures could be proven after conducting an EPA hazard assessment The EPA rule does not yet define a likelihood (probability) beyond which an event can be considered extreme worst case It does however address alternative release scenarios These non-worst case accidental releases for the hazard assessshyment portion of the risk management plan were presumed more likely to occur and more realistic than the worst case EPA believes facilities should have flexibility to select non-worst case scenarios that are the most useful for communication with the public and first responders and for emergency response preparedness and planning For alternative scenarios facilities may consider the effects of both passive and active mitishygation systems

The EPA rule also goes well beyond OSHA in its provision for emergency response Facilities will need to develop more extensive plans that detail how the facility would respond to a release to limit offsite conseshyquences EPA requires facilities to conduct drills and exercises to test their program Facilities have to coorshydinate plans with the local emergency planning committee (LEPC) which is not required by OSHA

The EPA rule also allows for full public availability of the facilitys hazard analysis and response proceshydures although there is still considerable discussion as to how this will be done

Examples of facilities covered by the new EPA law that might not have been under OSHA are smaller plants using ammonia refrigeration systems and waste treatment plants (using chlorine)

With the EPA rule now law a company has three years (from the effective date of August 19 1996) to bring it into full compliance

A2 Voluntary Chemical Industry Programs and Resources

There are many chemical industry resources and programs for process safety The most noteworthy intershynational program is called Responsible Care This was started in Canada as a way to partner chemical plants with the neighboring communities Hazard information is shared and emergency plans are developed and tested for hazard material release response Responsible Care programs are generally not regulatory That is they are not mandated by law but instead are voluntary However they are usually a compulsory part of belonging to a local or national chemical industry association That is by voluntarily joining the organizashytion the company agrees to participate in Responsible Care In Canada the Canadian Chemical Producshyers Association (CCPA) oversees Responsible Care In the US it is overseen by the Chemical Manufacturers Association (CMA) and the Synthetic Organic Chemical Manufacturers Association (SOCMA)

Following is a list of global chemical industry organizations that promote chemical process safety and pubshylish guidelines



A2 1 Australia

A211 Hazardous Industry Planning Advisory Paper No3 Environmental Impact Assessment Guidelines Ministries of Local Government and Planning Dept of Planning Sydney 1989

A212 Plastics and Chemicals Industries Association (PACIA)

A213 National Community Advisory Panel (NCAP)

A22 Canada

A223 Canadian Chemical Producers Association (CCPA)

A23 India

A231 Indian Chemical Manufacturers Association (ICMA)

A24 Far East

A241 Association of International Chemical Manufacturers (AICM)

A242 Singapore Chemical Industries Council (SCIC)

A243 Chemical Industries Council of Malaysia ( CICM)

A244 Petrochemical Industry Association of Taiwan (PlAT)

A245 Korean Petrochemical Industry Association (KPIA)

A246 Japan Chemical Industry Association (JCIA)

A25 South America

A251 Responsible Care is present in Argentina Brazil Chile Colombia and Venezuela

A 2 6 United Kingdom

A261 Health and Safety Commission (HSC) Advisory Committee on Major Hazards 1980

A262 Institution of Chemical Engineers (IChemE)

A27 United States

A271 Chemical Manufacturers Association (CMA)

A272 American Institute of Chemical Engineers (AIChE)

A273 Center for Chemical Process Safety (CCPS)

A274 American Petroleum Institute (API)

A275 Synthetic Organic Chemical Manufacturers Association (SOCMA)

FM Engr Comm Sept 1998

copy1999 Factory Mutual Engineeri


40 BIBLIOGRAPHy 45 41 Process Safety and Risk Management 45 42 Highly Protected Risk Guidelines for Chemical Industry 45 43 Concepts of Inherent Safety 46 44 Preventive Maintenance 46 45 Chemical Hazard Information 46

APPENDIX A INTERNATIONAL ORGANIZATIONS AND REGULATORY CODES OVERSEEING CHEMICAL PLANT PROCESS SAFETY 47

A1 Mandatory Regulations Covering PSM and Related Chemical Industry Safety Oversight 47 A11 Europe 47 A12 United States 47

A2 Voluntary Chemical Industry Programs and Resources 49 A21 Australia 50 A22 Canada 50 A23 India 50 A24 Far East 50 A25 South America 50 A26 United Kingdom 50 A27 United States 50

List of Tables Table 1 Comparison of OSHA and EPA Thresholds of the More Common Hazardous Chemicals 48



10 SCOPE







20 RECOMMENDATIONS


2 1 1 General










I Human Factors





















































219 Human Factors

2191 Organization







2192 Alarms








2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States









10 SCOPE







20 RECOMMENDATIONS


2 1 1 General










I Human Factors





















































219 Human Factors

2191 Organization







2192 Alarms








2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States
























































219 Human Factors

2191 Organization







2192 Alarms








2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States







































219 Human Factors

2191 Organization







2192 Alarms








2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States
















219 Human Factors

2191 Organization







2192 Alarms








2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States













2193 Environmental










































30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States






























30 DISCUSSION































3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





























3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States











3 13 Tier 3 Active

















315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States












315 Summary
























3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States

















3212 References


































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States




































a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States



















a Fire


c Explosion












a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States











a Process units

b Pipe racks



e Flare stacks

f Utility plants







3231 Examples

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States

















3241 Case Study


































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States







































Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States


















Inherent safety







Passive mitigation











Active mitigation



















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















Risk Avoidance


Risk transfer











































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States







































3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States










3254 Examples























3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















3255 References











































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States












































3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States




























3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States









3271 Basic Elements



































Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States


























Deductive




Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States









Inductive































3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States






















3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States












3282 References



329 Human Factors










3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States











3291 Human Behavior





32911 Qflanization











32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States












32922 Alarms





3293 Environmental











3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States
















3295 References

























































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States




































1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States



















1 Chemical hazard

a Toxicity









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States









b Process chemistry




3 Process equipment


b PampID



















c Plot plans












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States












c Retraining plans















































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States






































































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States






































































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States








































342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States




















342 Substitution








343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States











343 Attenuation























40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States
















40 BIBLIOGRAPHY








FM Data Sheets






























A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States



































A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States













A 1 1 Europe









A 12 United States












Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States

















Chlorine 1000 (450) 1500 (680)







I




















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States





















A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States









A2 1 Australia




A22 Canada


A23 India


A24 Far East







A25 South America





A27 United States








Date post:	10-Apr-2015
Category:	Documents
Upload:	rvisual
View:	715 times
Download:	6 times