DESIGN SOLUTIONS FOR PROCESS EQUIPMENT FAILURES
CENTER FOR CHEMICAL PROCESS SAJ?ETY of the AMERICAN INSTITWE OF
CHEMICAL ENGINEERS 345 East 47th Street New York, New York
10017
dcd-wg
C2.jpg
GUIDELINES FOR
DESIGN SOLUTIONS FOR PROCESS EQUIPMENT FAILURES
This is a publication of the CENTER FOR CHEMICAL PROCESS SAFETY of
the AMERICAN INSTITUTE OF CHEMICAL ENGINEERS A complete list of
CCPS publications can be found at the end of this book
GUIDELINES FOR
DESIGN SOLUTIONS FOR PROCESS EQUIPMENT FAILURES
CENTER FOR CHEMICAL PROCESS SAJ?ETY of the AMERICAN INSTITWE OF
CHEMICAL ENGINEERS 345 East 47th Street New York, New York
10017
Copyright © 1998 American Institute of Chemical Engineers 345 East
47th Street New York, New York 10017
All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or by any
means, elec- tronic, mechanical, photocopying, recording, or
otherwise without the prior permission of the copyright
owner.
Library of Congress Cataloging-in Publication Data Guidelines for
design solutions for process equipment failures.
p. cm. Includes bibliography and index. ISBN 0-8169-0684-X 1.
Chemical plants—Safety measures. 2. Petroleum refineries—
safety measures. 3. Hazardous materials—safety measures. I.
American Institute of Chemical Engineers. Center for Chemical
Process Safety. II. Title: Design solutions for process equipment
failures. TP155.5.G784 1997 97-20538 660'.2804—dc21 CIP
This book is available at a special discount when ordered in bulk
quantities. For information, contact the Center for Chemical
Process Safety at the address shown above.
It is sincerely hoped that die information presented in this volume
will lead to an even more impressive safety record for die endre
industry; however, the American Institute of Chemical Engineers,
its consultants, CCPS Subcommittee members, their employers'
officers and directors and Arthur D. Little Corporation disclaim
making or giving any warranties or representations, express or
implied, including with respect to fitness, intended purpose, use
or merchantability and/or correctness or accuracy of the content of
die information presented in this document. As between (1) American
Institute of Chemical Engineers, its consultants, CCPS Subcommittee
members, their employers, their employers' officers and directors,
and Arthur D. Little Corporation and (2) the user of this document,
the user accepts any legal liability or responsibility whatsoever
for die consequences of its use or misuse.
CONTENTS
Foreword xiii Preface xv Acknowledgments xvii
I Introduction I 1.1 Objectives 1 1.2 Scope 2 1.3 Background 2 1.4
Applicability and Audience 3 1.5 Organization of This Book 3 1.6
References 4
Suggested Additional Reading 4
1 Technique for Selecting the Design Bases for Process Safety
Systems 5 2.1 Risk-Based Design Decisions 5 2.2 the Concept of Risk
7 2.3 Selection of Design Bases for Safety Systems 9
2.3.1 Step 1: Identify Failure Scenarios 9 2.3.2 Step 2: Estimate
the Consequences 9 2.3.3 Step 3: Determine Tolerability of
Consequences 11 2.3.4 Step 4: Estimate Likelihood and Risk 11 2.3.5
Step 5: Determine Tolerability of Risk 12 2.3.6 Step 6: Consider
Enhanced and/or Alternative Designs 12
vi CONTENTS
2.3.7 Step 7: Evaluate Enhancements and/or Alternatives 2.3.8 Step
8: Determine Tolerability of Risk and Cost 2.3.9 Step 9: Document
Results
2.4 Guidelines for Risk Tolerability 2.5 Potential Process Safety
Systems Design Solutions
2.5.1 Four Categories of Design Solutions 2.5.2 Characteristics of
Design Solution Categories
2.6.1 Locking Open a Valve (a Simple Design Case) 2.6.2 Selecting
the Relief System Basis for a Reactor
2.6 Applying the Risk-Based Design Bases Selection Technique
(a Complex Design Case) 2.7 References
Suggested Additional Reading
3.2.1 Storage Tank Autopolymerization Incident 3.2.2 Storage Tank
Stratification Incident 3.2.3 Batch Pharmaceutical Reactor
Accident
3.3 Failure Scenarios and Design Solutions 3.4 Discussion
3.4.1 Use of Potential Design Solutions Table 3.4.2 Special
Considerations
3.5 References Suggested Additional Reading
Table 3. Failure Scenarios for Vessels
4 REACTORS 4.1 Introduction 4.2 Past Incidents
4.2.1 Seveso Runaway Reaction 4.2.2 3,4-Dichloroaniline Autoclave
Incident 4.2.3 Continuous Sulfonation Reaction Explosion
4.3 Failure Scenarios and Design Solutions
13 13 13 14 20 20 24 27 27
30 34 35
37 37 37 37 38 39 40 40 40 41 43 35 45
61 61 61 62 62 63 63
CONTENTS vi i
4.4 Discussion 4.4.1 Use of Potential Design Solutions Table 4.4.2
General Discussion 4.4.3 Special Considerations
Suggested Additional Reading 4.5 References
Table 4. Failure Scenarios for Reactors
5 Mass Transfer Equipment 5 .1 Introduction 5.2 Past
Incidents
5.2.1 Distillation Column Critical Concentration 5.2.2 Ethylene
Purifier Vessel Rupture 5.2.3 Ignition of Pyrophoric Materials In
Gasoline Fractionator
5.3 Failure Scenarios and Design Solutions 5.4 Discussion
5.4.1 Use of Potential Design Solutions Table 5.4.2 Special
Considerations
Suggested Additional Reading 5.5 References
Table 5. Failure Scenarios for Mass Transfer Equipment
6 HEAT TRANSFER EQUIPMENT 6.1 Introduction 6.2 Past Incidents
6.2.1 Ethylene Oxide Redistillation Column Explosion 6.2.2 Brittle
Fracture of a Heat Exchanger 6.2.3 Cold Box Explosion
6.3 Failure Scenarios and Design Solutions 6.4 Discussion
6.4.1 Use of Potential Design Solutions Table 6.4.2 Special
Considerations
Suggested Additional Reading 6.5 References
Table 6. Failure Scenarios for Heat Transfer Equipment
64 64 64 66 67 68 69
79 79 79 80 80 81 82 82 82 82 83 83 84
89 89 89 89 90 91 92 92 92 92 93 94 95
viii CONTENTS
7 DRYERS 7.1 Introduction 7.2 Past Incidents
7.2.1 Drying of Compound Fertilizers 7.2.2 Fires In Cellulose
Acetate Dryer 7.2.3 Pharmaceutical Powder Dryer Fire and
Explosion
7.3 Failure Scenarios and Design Solutions 7.4 Discussion
7.4.1 Use of Potential Design Solutions Table 7.4.2 Special
Considerations
7.5 References Suggested Additional Reading
Table 7. Failure Scenarios for Dryers
8 FLUID TRANSFER EQUIPMENT 8.1 Introduction 8.2 Past
Incidents
8.2.1 Reciprocating Pump Leak 8.2.2 Pump Leak Fire 8.2.3 Compressor
Fire and Explosion 8.2.4 Start-up of Parallel Centrifugal
Pumps
8.3 Failure Scenarios and Design Solutions 8.4 Discussion
8.4.1 Use of Potential Design Solutions Table 8.4.2 Special
Considerations
Suggested Additional Reading 8.5 References
Table 8. Failure Scenarios for Fluid Transfer Equipment
9 Solid-Fluid Separators 9.1 Introduction 9.2 Past Incidents
9.2.1 Batch Centrifuge Explosion
101 101 101 102 102 102 103 103 103 103 104 104
106
I I7 117 117 117 118 118 119 119 119 119 120 121 121 122
127 127 127 128
9.3 Failure Scenarios and Design Solutions 9.4 Discussion
9.4.1 Use of Potential Design Solutions Table 9.4.2 Special
Considerations
Suggested Additional Reading 9.5 References
Table 9. Failure Scenarios for Solid-Fluid Separators
10 Solids Handling and Processing Equipment 10.1 Introduction 10.2
Past Incidents
10.2.1 Silicon Grinder Fire and Explosion 10.2.2 Blowing Agent
Blender Operation Explosion Incident 10.2.3 Screw Conveyor
Explosion 10.2.4 Bucket Elevator Explosion
10.3 Failure Scenarios and Design Solutions 10.4 Discussion
10.4.1 Use of Potential Design Solutions Table 10.4.2 General
Discussion 10.4.3 Special Considerations
Suggested Additional Reading 10.5 References
Table 10. Failure Scenarios for Solids Handling and Processing
Equipment
11 FIRED EQUIPMENT 11.1 Introduction 11.2 Past Incidents
11.2.1 Light-off Error 11.2.2 Ethylene Cracking Furnace Overfiring
11.2.3 Furnace Tube Failure
11.3 Failure Scenarios and Design Solutions 11.4 Discussion
128 129 129 130 130 130 131 131 132
137 137 138 138 138 139 139 139 140 140 140 140 142 143
144
X CONTENTS
11.4.1 Use of Potential Design Solutions Table 11.4.2 Special
Considerations
Suggested Additional Reading 1 1.5 References
Table 11. Failure Scenarios for Fired Equipment
I 2 Piping and Piping Components 12.1 Introduction 12.2 Past
Incidents
12.2.1 Flixborough Expansion Joint Failure 12.2.2 Chemical Storage
Terminal Fire 12.2.3 Line Pluggage 12.2.4 External Corrosion
12.3 Failure Scenarios and Design Solutions 12.4 Discussion
12.4.1 Use of Potential Design Solutions Table 12.4.2 Special
Considerations
Suggested Additional Reading 12.5 References
Table 12. Failure Scenario for Piping and Piping Components
APPENDIX A Example Problem: Batch Chemical Reactor A. 1 System
Description A.2 General Information Requirements A.3 PSS Discussion
for Batch Reactors
A.3.1 Vessel Design and Primary Containment A.3.2 Control Systems
and Safe Automation A.3.3 Pressure and Vacuum Relief A.3.4 Fixed
Fire Protection and Passive Mitigation
A.4 Selection of Design Bases for Safety Systems A.5 Ignition of
Flammable Atmosphere in the Reactor Vapor Space
A.6 Cooling System Control Failure (failure Scenario B) A.7
External Fire (failure Scenario C)
Caused by Static Discharge Spark (failure Scenario A)
151 151 152 153 154
161 161 161 161 162 163 163 163 164 164 164 166 166 168
179 1 79 181 182 182 183 186 187 187
193 194 196
CONTENTS xi
A.8 Loss of Sealing Fluid to Reactor Agitator Mechanical Seal
(failure Scenario D) 197
A.9 Ignition of Flammable Atmosphere in Reactor Vapor Space Caused
by Hot Mechanical Seal (failure Scenario E) 199
A. 10 Documentation 200 References 20 1
Suggested Additional Reading 20 1
B Example Problem: Distillation System 203 B . l System Description
204 B.2 General Information Requirements 204 B.3 PSS Discussion for
Distillation Operations 205
B.3.1 Vessel Design and Primary Containment 205 B.3.2 Control
Systems and Safe Automation 205 B.3.3 Pressure and Vacuum Relief
207 B.3.4 Fixed Fire Protection, Passive Mitigation and System-wide
Concerns 208
B.4 Design Basis Selection Process 208 B.5 Uncontrolled Energy
Input (failure Scenario A) 215
220 B.7 Internal Deflagration (failure Scenario C) 225 B.8 Vacuum
Collapse of the Column (failure Scenario D) 226 B.9 Blocked-in
Liquids in Heat Transfer Equipment
(failure Scenario E) 230 B.10 Documentation 230 References
233
Suggested Additional Reading 234
Glossary Acronyms and Abbreviations Index
235 245 249
FOREWORD
Engineers like to think of their discipline as a rigorous
application of scientific and mathematical principles to the
problem of creating a useful object. To a certain extent, this is
an appropriate description of the tools of engineering- those
techniques that we use to translate a concept in the mind of the
designer into a physical object. But, where does that mental image
of the object to be built come from? At its heart, engineering is
intuitive, and an art form. The engineer/designer’s accumulated
experience, and that of others, is applied to a defined problem. By
intuitive and creative problem solving processes the engi- neer
develops and refines a conceptual design, and uses the mathematical
and scientific tools of engineering to translate a mental concept
into reality.
The selection of the design basis for a process safety system is a
problem like any other engineering problem. There is no equation or
formula, no scien- tific principle, which will define the “best”
design. Yes, there are scientific and mathematical tools which will
help convert a design concept into something which can actually be
constructed. But there is no general answer to the ques- tion ‘What
is the best design?” Each system must be considered on its own,
with a thorough evaluation of all of the details of its envirorment
and required functions, to determine what the optimal design will
be.
The number of potential solutions to any engineering problem is
large. For each specific problem, there will be some solutions
which meet the overall objectives better than others. How can we
best find the optimal solution? I believe that the critical first
step is to consider a large number of potential solu- tions,
thereby increasing the likelihood that the best solution will be
among those identified. Where do we get those potential solutions?
One important source is accumulated experience-our own, and that of
others who have faced similar problems in the past. This book
collects much of that accumu- lated experience from a large number
of experts in the chemical process indus- try for equipment in
common use. Use of the tables which make up the heart of this book
will allow the reader to take advantage of many years of practical
experience. By considering a large number of potential solutions to
the prob-
xiii
xiv FOREWORD
lem of specifying the design basis for safety systems, the design
engineer is more likely to be able to identify the solution which
best meets his needs.
This book emphasizes a risk-based approach to the evaluation of
safety system design. Potential safety systems suggested are
categorized as inherently safer/passive, active, and procedural, in
decreasing order of robustness and reliability. Inherently safer
approaches are often preferred, but there can be no general answer
to the question of which approach or specific solution is best for
a particular situation. Instead, the design engineer must take a
very broad and holistic approach to the complete design, accounting
for the many differ- ent, and often competing, objectives which the
design must accomplish. Safety, health effects, environmental
impact, loss prevention, economic and business factors, product
quality, technical feasibility, and many other factors must be
considered. This book challenges the engineer to adopt a risk-based
approach to evaluating many competing goals when deciding among a
number of potential design alternatives.
This book can be extremely useful in conducting process hazard
analysis studies. The failure mode tables in Chapters 3-12 can be
the basis for hazard identification checklists, and also offer a
variety of potential solutions for iden- tified concerns. However,
the book will be even more beneficial if used by the individual
engineer at the earliest stages of the design process, before any
formal hazard reviews.
The message of this book can be summarized very briefly:
Consider a large number of design options Identify opportunities
for inherent and passive safety features early Use a risk-based
approach to process safety systems specification
I hope that this book wdl find a home on the desk (not gathering
dust on the bookshelf!) of every chemical process designer,
particularly those involved in the earliest phases of conceptual
design where the basic chemistry and unit operations are defined.
It should be consulted frequently in the course of the designer’s
day to day work in specifying and designing process facilities. If
you are a process safety professional, make sure that all of the
process design engi- neers in your organization read and use this
book. It will make your job a lot easier!
Dennis C. Hendershot
PREFACE
The Center for Chemical Process Safety (CCPS) was established in
1985 by the American Institute of Chemical Engineers (AIChE) for
the express pur- pose of assisting the Chemical and Hydrocarbon
Process Industries in avoid- ing or mitigating catastrophic
chemical accidents. To achieve this goal, CCPS has focused its work
on four areas:
establishing and publishing the latest scientific and engineering
prac- tices (not standards) for prevention and mitigation of
incidents involv- ing toxic and/or reactive materials, encouraging
the use of such information by dissemination through pub-
lications, seminars, symposia and continuing education programs for
engineers, advancing the state-of-the-art in engineering practices
and technical management through research in prevention and
mitigation of cata- strophic events, and developing and encouraging
the use of undergraduate education curric- ula which will improve
the safety knowledge and consciousness of engi- neers.
This book, Guihlinesjw Denan Solutimrfbr Process Equijwnmt
Failures, is the result of a project begun in 1994 in which a group
of volunteer profession- als representing major chemical,
pharmaceutical and hydrocarbon processing companies, worked with
Arthur D. Little Inc., the contractor, to produce a book that
attempts to describe the ways that major processing equipment can
fail and be the cause of a catastrophic accident. The book then
identifies the available design solutions that might avoid or
mitigate the failure in a series of options ranging from inherently
safer/passive solutions to active and proce- dural solutions. The
book is concerned with engineering design that reduces risk due to
process hazards only. It does not focus on operations, maintenance,
transportation or personnel safety issues, although improved
process safety can benefit each area. Detailed engineering designs
are outside the scope of the
xvi PREFACE
work, but the authors have provided an extensive guide to the
literature to assist the designer who wishes to go beyond safety
design philosophy to the specifics of a particular safety system
design.
By capturing industry experience in how major processing equipment
can fail, the book provides a very usell tool for the selection of
process safety sys- tems which should be of service to process
design engineers as well as mem- bers of process hazards analysis
teams. The mherently safer solutions that are suggested may, in
some cases, come as a surprise to the process and design engineer
in that they may in fact be the most cost effective solution as
well, if a true life cycle analysis is made of the cost of
maintaining add-on safety systems or the resulting cost of operator
failure to carry out procedural controls is con- sidered. In other
cases the procedural solution may be the best choice because it
involves operators so that they may better understand and therefore
better control the process as opposed to the replacement of
operator intehgence with process interlocks. The book offers
engineers mherently safer/passive, active and procedural design
solutions but, ultimately engineers must make the case for the
solutions that best satisfy their company’s requirements for a
balance between risk reduction and cost.
This book has been organized into three major sections:
First, a technique is provided for making risk-based design
decisions. Second, a description of potential failure scenarios is
presented for ten major processing equipment categories along with
the potential design solutions that are available to the engineer.
Third, the book contains two worked examples that illustrate how
the risk-based decision technique can be applied to two process
plant sys- tems.
The major equipment categories that are covered are; Vessels,
Reactors, Mass Transfer Equipment, Heat Transfer Equipment, Dryers,
Fluid Transfer Equipment, Solid-Fluid Separators, Solids Handling
and Processing Equip- ment, Fired Equipment, and Piping and Piping
Components. The potential equipment failure scenarios and design
solutions for each equipment category are provided in tabular form
in each equipment chapter. To facilitate use of thls information,
particularly in hazard identification studies such as HAZOPs, these
tables have been provided in electronic format on a 3.5” disk- ette
as Microsoft Word0 files. It is hoped that this will encourage the
expan- sion of these tables based on the users experience.
ACKNOWLEDGMENTS
The Center for Chemical Process Safety (CCPS) and those involved in
its operation, wish to thank its many sponsors whose funding made
this project possible, the members of its Technical Steering
Committee who conceived of and supported this Guidelines project
and the members of its Engineering Practices Subcommittee for their
dedicated efforts, technical contributions, and enthusiasm. The
subcommittee played a major role in the writing of the book by
suggesting examples, by offering failure scenarios for the major
equipment covered in the book and by suggesting possible design
solutions. It is their collective industrial experience captured in
this book that makes the book especially valuable to the process
and design engineer. The members of the subcommittee wish to thank
their employers for providmg time and sup- port to participate in
this project.
The members of the Engineering Practices Subcommittee were:
Robert H. Walz (Chairman), Laurence G. Britton, Stephen E.
Cloutier, Glenn R. Davis, Kenneth W. Linder, Peter N. Lodal, Joseph
B. Mettalia, Jr., John A. Noronha, Carl A. Schiappa,
ABB Lurnmus Global Inc. Union Carbide Cop. UOP DuPont Industrial
Risk Insurers Eastman Chemical Co. CCPS Staf Eastman Kbdak Co. Dow
Chemical USA
Technical contributors and reviewers were:
Steven R. Bruce, Myron Casada, William F. Early, Rudolph C.
Frey,
EQE International JBF Associates Inc. Early Consultin., L. C. The
M. W: Kellogg Company
xvii
xviii ACKNOWLEDGMENTS
John A. Hoffmeister, T. Janicik, Robert W. Johnson, Joseph Keel, D.
Harper Meek, Mark A. Moderslu, Harvey Rosenhouse, Stanley J.
Schecter, Adrian L. Sepeda, Anthony A. Thompson, Lester H.
Wittenberg,
Lockheed Martin Energy Systems Mallinckrodt Inc. Battelle The
Bechtel Corporation ARC0 Chemical Company Stone Q Webster
Engineering Covpmatabn FMC Cmpmatwn Consultant Occihntal Chemical
Corporation Monsanto Company CCPS
The Engineering Practices Subcommittee is particularly indebted to
its chairman, Bob Walz, for his leadership, and to Peter Lodal of
Eastman Chemical Company and Joe Keel of The Bechtel Corporation
for their dedi- cated efforts in preparing the VCM/HCI
fractionation worked example in the book. Dennis C. Hendershot of
the Rohm and Haas Company wrote the fore- word to the book and is
appreciated for his ongoing interest in this project and his able
assistance and review of the work as it was being produced. Sanjeev
Mohindra, P. J. Bellomo and R. Peter Stickles directed the project
at Arthur D. Little, Inc. and were the authors of the risk-based
design technique described in Chapter 2. Stanley S. Grossel,
consultant and former chairman of the Engineering Practices
Subcommittee, was the author of Chapter 4 (Reac- tors), Chapter 7
(Dryers), Chapter 9 (Solid-Fluid Separators), Chapter 10 (Solids
Handling and Processing Equipment) and the Batch Reactor worked
example.
INTRODUCTION
The Center for Chemical Process Safety (CCPS) publication
Guidelines j ~ r Engineering Designfir Process Safety (CCPS 1993)
emphasized the importance of focusing on process safety at the
earliest stages of design. The 1993 Guide- lines presented process
safety design philosophies and approaches to avoid catastrophes
through:
Making good initial design choices Understanding and controlling
chemical processing hazards
The purpose of this book is to provide a companion book to the 1993
Guidelines. This book narrows the design focus further,
concentrating on known process safety problems and associated
design solutions for specific types of process equipment.
I. I OBJECTIVES
A broad objective of this book is to help in the design and
evaluation of spe- cific types of process equipment, from a process
safety standpoint. The overall goal is to help reduce process
safety related incidents and resulting downtime. More specific
objectives include:
Providing a risk-based and cost-based technique for selecting the
design
Listing known process safety failure scenarios associated with
different
Identifying known design solutions that prevent or mitigate risks
associ-
Illustrating application of the risk-based technique with worked
exam-
bases for process safety systems
categories/types of process equipment
ples
1
2 I . INTRODUCTION
This book compiles successful safety system design approaches, so
that design engineers can benefit from the prior experiences of the
industry at large, and thus avoid known design traps. Having all
this equipment-specific failure scenario information-and associated
design solution discussions-in one reference should facilitate
design and risk analysis in the process indus- tries.
1.2 SCOPE
The focus of this work is the avoidance of acute, catastrophic
incidents that can result in:
Fires Explosions Releases of toxic chemicals Major equipment
damage
The scope of this volume specifically excludes:
Transportation safety Routine environmental control Personnel
safety and industrial hygiene practices
Although detailed engineering design and process safety management
are not emphasized in this book, engineers who are involved in
those activities will benefit greatly from the concepts and
information discussed.
I .3 BACKGROUND
Since its inception in 1985, CCPS has advocated deliberate process
safety approaches in all aspects of facility design, operation, and
maintenance. Yet unlike other technical endeavors of the engineer,
the day-to-day practice of process safety has often lacked a
deliberate, systematic approach. How often have engineers installed
process safety systems simply because it “felt” like the right
thing to do or because it “seemed” to make the overall process
safer?
In the evolution of its process safety thinking, CCPS has sensed
the need to state and discuss what some might find obvious:
Analogous to the sizing and specification of process equipment,
process safety systems have specific design bases. Process safety
system design decisions deserve systematic technical approaches s
lmi la r to those associated with other process design
decisions.
I .4 APPLICABILITY AND AUDIENCE 3
The designs of process facilities should, from the outset,
accommodate known or potential failure scenarios associated with
the types of equip- ment employed.
Thus, the reason for producing this book is to capture the hard-won
expe- rience of industry experts in understanding how process
equipment can fail and how these failures could be avoided through
proper design. No attempt is made to provide detailed design
suggestions, but the reader is supplied with a guide to the
available literature that should enable him or her to investigate
potential designs in some depth.
I .4 APPLICABILITY AND AUDIENCE
The history of process safety related incidents suggests that
engineers have les- sons to learn about the most “standard” process
equipment and components, such as storage tanks, pumps, and piping
systems. Accordingly, these guide- lines apply to standard process
equipment and components and their known, related failure
scenarios-for both new and existing process facilities. Given the
broad range of standard process equipment covered, this book should
apply to a wide variety of system designs.
While it is expected that this book will have general appeal to
anyone involved in process design o r process safety evaluation,
the book is intended for a particular audience. This audience is
comprised of (1) process design engineers, (2) plant operations and
maintenance engineers, and (3) process hazard analysis (PHA)
leaders and teams. Readers can benefit from the wealth of knowledge
derived from others’ experiences, informed judgment, and proven
design solutions. PHA leaders and teams should find the book useful
as a reference for possible failure mechanisms to consider during
PHAs.
I .5 ORGANIZATION OF THIS BOOK
This book begins with this brief introductory chapter, followed by
Chapter 2, which presents a practical and systematic technique for
selecting the design bases for process safety systems. A series of
“equipment chapters” follows, pre- senting known failure scenarios
for the specific equipment in question along- side associated
design solutions. Finally, the book concludes with an appendix
comprised of two worked examples. In summary, this book has four
parts:
Chapter 1. Introduction
4 I. INTRODUCTION
Chapters 3-12. Equipment Chapters
Appendix. Worked Examples The equipment chapters comprise the bulk
of this book. The content of
these chapters is standardized and includes: (1) equipment
descriptions, (2) past incidents, (3) discussions of potential
design solutions, and (4) failure scenario tables. The heart of an
equipment chapter is the failure scenario table. This table
presents failure scenarios in a format similar to a PHA log
sheet.
Alongside each failure scenario, process safety system design
solutions are presented and divided into categories as described in
2.5.1:
Inherently Safer/Passive systems Active systems Procedural
systems
Since the first two categories of Inherently Safer and Passive can
overlap, they are presented in a single column as Inherently
Safir~assive. In addition to addressing the risk reduction of
associated failure scenarios, discussions of process safety system
design solutions touch on issues impacting system oper- ability and
maintainability. Chapter 2 provides a deeper discussion of the
design solution categories and their scope of coverage within this
book. Chapter 2 should be studied before using the information in
Chapters 3-12.
I .6 REFERENCES
CCPS 1993. Gudelinesfi Engineering De*n fi Process Safety. Center
for Chemical Process Safety, New York: American Institute of
Chemical Engineers.
Suggested Additional Reading Lees, F. P. 1996. LosspI.eventWn in
theProcessZndum'a. 2nd Edition. Oxford, UK: Butterworth-
Heinemann. Bollinger, R. E., Clark, D. G., Dowell, A. M., Euwank,
R. M., Hendershot, D. C., Lutz, W. K.,
Meszaros, S. I., Park, D. E., and Wiuom, E. D. 1996. Inherently
Sufi ChemiculprOcessess: A Life CycLeApuch, ed. D. A. Crowl. New
York: American Institute of Chemical Engineers.
Englund, S. M. 1991. Den@ and ~ e r u t e P f u n ~ ~ Z n h e r ~ t
S u ~ , Part 1, Chemical Engineering Progress, 85-91,March, 1991;
Part 2, Chemical Engineering Progress, 79-86, May, 1991.
Lin, D., Mittelman, A., Halpin, V. and Cannon, D. 1994. Inherently
S u . Chemirty: A Guide to Cuwent Z n d d Procme~ to Adclresr
H&h %k Chemicals. Office of Pollution Prevention andToxics,
September 21,1994.Washington, DC: US Environmental Protection
Agency.
Lutz, W. K. 1995. Puttikg Safety into Chemical Plant Den&.
Chemical Health and Safety, November/December, 1995.
TECHNIQUE FOR SELECTING THE DESIGN BASES FOR PROCESS SAFETY
SYSTEMS
2. I RISK-BASED DESIGN DECISIONS
Anyone involved with process or equipment design sooner or later
faces the problem of choosing among alternative designs with
differing process effi- ciency, safety, environmental control,
cost, and schedule implications. To accomplish this, the formation
of a multidisciplinary design team is required at the beginning of
a project in order to obtain total integration of process safety
with process design and environmental protection considerations
(Windhorst 1995). Sometimes the safety considerations clearly
dominate and the decisions are already made in the form of special
design approaches (e.g., design of nitromethane and ethylene oxide
facilities). In some instances codes and standards exist that
either mandate or suggest design approaches to known high
risks.
In a majority of situations, however, no one factor dominates,
except per- haps cost. When there are recognized safety
implications, optimizing on cost alone is not an acceptable
strategy. In the process of arriving at a design basis decision,
the risks of each option are typically dealt with judgmentally or
quali- tatively (CCPS 1995a). In some instances, one component of
risk is quanMied (i.e., either consequence or probability) to just@
the design selection. For large projects, full risk quantification
is sometimes used to assess the combined impacts of multiple
hazards.
To take a generic case, imagine a core process design at the stage
of an ini- tial process flow diagram, whereby designers have
specified the general con- figuration of all major system equipment
(i.e., for all primary unit operations). At th is point, the design
is defined in terms of heat and material balances, and basic
process controls.
5
6 2. SELECTING THE DESIGN BASES FOR PROCESS SAFETY SYSTEMS
With the core system established, an engineering team proceeds to
detail and enhance the process design. Questions of qualtty,
safety, health, and envi- ronmental impact arise. Designers begin
imagining things that can go wrong with the system, (i.e., failure
scenarios). Focusing here on process safety sys- tems, we suggest
that designers begin thinking like risk analysts, asking:
What can go wrong? What failure scenarios can we realistically
expect
What impact can those failure scenarios have? Can we live with
such
Do we need to worry about these potential failure scenarios
actually
What is the risk? Can we tolerate the potential consequences at the
esti-
Historically design engineers have typically answered these
questions according to their own best judgment. This is how process
safety systems came to be: designers made risk-based decisions when
considering the need for, and when selecting design bases for,
process safety systems.
If posed at the conceptual stage of a process design, these
questions offer great opportunity for the application of inherently
safer design solutions. While inherently safer solutions should
emerge as recurring themes through- out the design cycle (i.e.,
laboratory stage, pilot plant scale, production design,
operations), the earlier the application of inherently safer
solutions, the more cost-effective these solutions will be.
It is important to recognize that, irrespective of the specific
approaches and the level of effort, engineers and technical
managers are already directly or indirectly factoring risk into the
selection of design options. Unfortunately, the process used to
assess risk is often neither systematic nor comprehensive. This
chapter presents a decision process for design bases selection that
explic- itly incorporates the elements of risk into process safety
system design selec- tion. The purpose of this technique is not to
require designers to conduct rigorous risk assessments, but rather
to provide a logical approach and frame- work for considering risk
factors, even when the situation only warrants quali- tative
analysis. This decision process can be applied at any stage of the
design.
A systematic technique can provide a consistent risk management
frame- work for process safety system design basis decisions.
Inconsistencies in approach can develop not only between different
processes and facilities, but also in the case of large, complex
design projects, different design engineers may follow different
risk management philosophies.
Consistency with respect to risk tolerability decisions is
necessary to assure all stakeholders (e.g., owners, employees,
customers, and the general
with this process?
mated likelhood?
2.2 THE CONCEPT OF RISK 7
public) that risks are being properly managed. In some countries,
govern- ments are also explicit stakeholders in the effort to
reduce the risk of chemical industry accidents, providing such
regulations as OSHA 1992, EPA 1996, and HSE 1989. Consequently,
having a consistent, documented technique for the selection and
design of process safety systems is not only prudent manage- ment,
it is evolving into a regulatory requirement.
However, systematic does not necessarily imply .quantitative.
Quantitative risk assessment is similar to strong medication-you
don’t want to uverdose! In many simple design situations,
qualitative approaches will satisfy the require- ments of the
technique for selecting process safety system design bases. More
complex design cases may occasionally require rigorous quantitative
risk analysis approaches. But even in these complex cases,
quantitative approaches should only be employed to the degree
required to make a decision. This con- cept of the selective use of
quantitative risk analysis has been incorporated into the technique
presented later in the chapter.
For example, consider a company that has toxic impact criteria
limiting potential off-site vapor concentrations to a specific,
quantified level of con- cern. By performing vapor dispersion
calculations (i.e., by quantitatively char- acterizing the
consequences of potential releases), the company can determine
whether particular loss of containment scenarios associated with
specific fail- ures exceed the toxic impact criteria. If the
consequences of a scenario satisfy the off-site toxic impact
tolerability criteria, then the quantification of the risk stops
right there. No analysis of event likelihood is needed to reach a
decision.
2.2 THE CONCEPT OF RISK
As mentioned earlier, the design basis selection technique for
process safety systems set forth later in this chapter is a
risk-based technique. An overview of the concept of risk is
therefore useful before presentation of the technique.
In prior CCPS books, discussions of risk evolved from the
definition of hazard. These earlier works defined a hazard as a
chemical or physical condi- tion or characteristic that has the
potential for causing damage to people, the environment, or
property (CCPS 1989; CCPS 1993). A hazard represents a potential
source of harm.
Based on this concept of hazard, we can define an incident as an
unplanned event or series of events with the potential for
undesirable conse- quences (CCPS 1992a). An incident has the
potential to expose people, the environment, or property to the
harmful effects of a hazard.
Risk is defined as a measure of loss in terms of both “the incident
likeli- hood and the magnitude of the lossyy (CCPS 1989). This
concept of risk cou-
8 2. SELECTING THE DESIGN BASES FOR PROCESS SAFETY SYSTEMS
ples an undesirable outcome, i.e., a consequence such as safety
impact or financial loss, with the likelihood of that outcome. The
likelihood is expressed in terms of frequency or probability of
occurrence. The outcome is expressed in terms of impacts such as
loss of life, environmental damage, or business interruption.
In summary, inherent in the assessment of risk are the dimensions
of con- sequences (outcomes/impacts) and likelihood (
frequency/probability) . Vari- ous techniques, both qualitative and
quantitative, have evolved for assessment of risk. It is not the
intent of this book to cover these techniques. A thorough
discussion of this subject can be found in Guidelinesfir Chemical
Process@n- titative Risk Assessment (CCPS 1989) and Guidelinesfbr
Chemical Transpmta- tion Risk Analysis (CCPS 1995b). For the
purpose of this book, the description of four key risk assessment
steps in Exhibit 2.1 suffices.
EXHIBIT 2. I Four Key Integrated Activities in Risk Analysis
Activity
Description
Systematic identification of hazards and related failure scenarios
that can lead to incidents Frequently involves application of
standard techniques such as HAZOP, FMEA, and What-If
Process used to estimate the consequence of failure scenarios
Typically involves a range of activities from simple application of
qualitative damage criteria to complex computer models for char-
acterizing impacts of hazardous materials releases that result in
fires, explosions, and toxic vapor clouds Characterization of the
release conditions ( k . , sourcc term) is a critical step in
quantitative consequence analysis, having great influence on the
validity of the results
Process used to estimate the likelihood (probability or frequency)
of a particular incident or outcomc Where available, historical
data arc used to quantify the likelihood When historical data are
unavailable, incomplete, or inappropri- ate, analytical approaches
such as fault tree and event trees are employed to determine the
likelihood of incidcnt/outcomes based on more fundamental failure
data