Investment in knowledge pays the best interest. Benjamin Franklin

He is safe from danger who is on guard even when safe - Publilius Syrus

Management Credo Get it right; then keep it going Get it right and make it better & better & better When it aint broke, dont fix itSafety Culture should start at the top; upper management should demonstrate the behaviors they want others to emulate.Creation / maintenance of Safety Culture needs strong leadership by senior management.Leaders lead by example and not by force. Do as I say, not as I do approach will not work.

Management is doing things right; Leadership is doing the right things. Peter F. Drucker Managing winds up allocating resources against tasks. Leadership focuses on . . . helping people succeed.

Managers should be given specific safety objectives.The objectives should cover both personal (occupational) safety & process safety. Managers should be assessed on their performance in achieving these objectives. Managers should be made accountable not only for what is achieved but also for how it is attempted.

Murphys law: Whatever can go wrong, will go wrong.OHS System Find out what can go wrong (before it does) Establish controls to prevent it / reduce the probability of occurrence.This is achieved through Hazard Identification and Mitigation. Hazards must be identified; Risks are to be assessed.Incorporate Safety features at the design stage itself; adding safety features when the item is in production (as retrograde) is not recommended.

4 Es of Safety ENTHUSIASMENFORCEMENTEDUCATIONENGINEERING

Ingredients of CompetitivenessProductivity QualityImageServiceCostResponse Time

Education: What, When, Where, Why& How of Safety.I keep six honest serving men. They taught me all I know. Their names are Why and What and When And How and Where and Who. - Rudyard Kipling Safety Saves Safety is everybodys business

Safe plants are efficient plants; Safety promotes Productivity.Employees in safe plants can devote more time to improving the quantity & quality of their output; they spend less time worrying about their safety & welfare.Senior management should receive a daily report on safety from the safety manager; he should be the only manager to report daily to the senior management.

Case study: A supervisor & his team were initially rewarded for exceeding production goals. Later, management found that the team exceeded production goals by short-cutting some standard operating procedures (SOP). Although there were no process incidents during the manufacturing process, management withdrew the reward because the team did not adhere to companys Safety Policy.

The reward was later given to another team that met production goals & also adhered to companys Safety Policy. Management must treat worker A who achieves record production rates by bypassing safety interlocks as seriously as worker B who causes an incident by bypassing the same interlocks. In both cases, the behaviour violates the same safety rule, even though the two outcomes are opposite.Similarly, managers who encourage, tolerate or knowingly ignore unacceptable behaviour are as guilty of violating safety rules as the perpetrator of the behaviour; they deserve equal treatment.

People are influenced by incentives. If there is a reward for performing a task a certain way, people tend to do it that way more often. If there is a punishment for the behaviour, people generally do less of it. By rewarding personnel for desired behaviours and punishing personnel for undesirable behaviours, organization can influence their behaviour. Rewards and punishments should be focused on behaviours, not outcomes.

A worker was asked to paint white lines down the middle of road. The first day, he did 25 km. The 2nd day, he did 10 km. The 3rd day, he did just a few hundred metre. His Foreman became furious. Why are you doing less & less each day?, he asked. Because each day, I get further away from the paint tins, the worker replied. -courtesy: Readers Digest*

The Factories Act,1948 & Rules Company Safety Policy shall contain a clause of evaluating the health & safety performance of all individuals at different levels while considering their career advancement. Rewarding the outcomes (i.e., getting the job done) can lead to personnel achieving the goal (task) using undesirable methods shortcuts. Every time an employee completes a task in undesired ways without consequences, he builds confidence in his ability to get away with it again.

Achieving the goal using undesirable methods should be strongly and consistently discouraged. Incidents can be avoided by understanding the reasons why human errors occur and by setting up effective systems for managing them. Case study A worker was draining water, through a 2-inch-diameter drain line, from a Distillation Column rundown tank containing Benzene. He left the water running for a few minutes to attend to other jobs. Either there was less water than usual or he was away longer than expected.

He returned to find Benzene running out of the drain line. Before he could close it, the benzene was ignited by the furnace which heated the Distillation Column. He was badly burned & died from his injuries. The furnace was too near the drain point (about10m away) and slope of the ground allowed benzene to spread toward the furnace. Nevertheless, the fire would not have occurred if the drain valve had not been left unattended.

Spring-loaded ball valves should be used for drain valves. They have to be held open, and they close automatically if released. The size of drain valves should be kept as small as practicable. With liquefied flammable gases and other flashing liquids, 3/4 inch size should be the maximum allowed for drain valves.

Drain valves that are used only occasionally to empty equipment for maintenance should be blanked when not in use. Regular surveys should be made to see that the blanks are in position. On one plant, a survey after a turnaround showed that 50 blanks were loose, each hanging on one bolt. -------------

When senior officials dont know what is going on, is this due to the failures of their subordinates to tell them? After an accident, senior officials sometimes say, If I had known that was happening, I would have stopped it. This is no excuse. Senior officials should not wait to be told but should visit the plant, keep their eyes and ears open, listen to lunchtime gossip it helps if they lunch in the canteen rather than in a management dining room.When everything has run smoothly for a long time, and accidents are few, we know we have got everything under control. Not so, for two reasons.

First, a low lost-time accident rate is no indicationthat the process safety is under control, as most accidents are simple mechanical ones, such as falls with very low lost-time accident rates. This introduced a feeling of complacency, a feeling that safety was well managed. Second, major incidents are fortunately rare events. Under the assumption that success demonstrates competence, people drift into complacence, inattention and habitual routines. When someone tells that their plant must be safe as it has operated for five years without a serious incident, if an accident in the 6th year is acceptable?

When an employee has been in more accidents, it is not correct to label him as accident-prone. May be, the conditions under which he works are far worse than those throughout the rest of the plant. Also, the training given to employees should be analyzed, for the accident-prone employee may have been slighted in his training. The easy approach for a manager to take toward an accident-prone employee is to discharge him. Perhaps a more satisfactory solution would be to transfer him to a less hazardous activity, such as clerical work.

Systematic analyses of human behaviour before incidents occur (pro-active analyses) & systematic analyses of incidents themselves (reactive analyses) provide insight on how to design systems for successful human performance. Behind every unsafe condition, there is a management system that allowed the hazard to exist. Behavior is not something that just happens. There are reasons that people engage in a particular unsafe act or behavior. There is a possibility that a random occurrence of an accident can itself create an accident-proneness.

Assume, an employee suffers a bad fall from the top of a ladder. Subsequently, every time he mounts a ladder, he may become extremely nervous, causing repeated accidents until someone has the presence of mind to transfer him to a workplace where the use of ladders is not required.

In many cases, the reasons for the behavior can be traced back to some aspect of the management system, i.e., the way people are measured and rewarded. Stated differently, something in the organizations culture has made people feel that its okay to engage in unsafe behavior. Managers must treat the causes of accidents not simply as a product of behavior but as "a combination of a management system and a culture or environment that leads to human error."

Subject area DocumentationSystemsDocuments on company systems. Some key systems are those concerned with 1. identification of hazards, 2. assessment of hazards, 3. operation of plant (normal, emergency), 4. access control to plant, 5. control of plant maintenance (permit-to-work), 6. control of plant modification, 7. inspection of plant equipment, 8. incident reporting, 9. emergency planning.Standards & Codes, Legal requirementsNational standards & codes and in-house standards & codes applicable to the design, statutory approvals.OrganizationOrganization chart of personnel, Job descriptions & duties of personnel including process operators, maintenance team and supervisory staff.Process designProcess description, Plant design including economics, output, storage, siting, pollution, loss prevention,Design data for process reactions, reaction kinetics,MSDS of chemicals,Specifications of raw materials, by-products, products &effluents,Data relating to selection of material of construction,Data from pilot plant,Process Flow Sheet & Flow Diagrams , giving items of equipment, quantities of materials, inventories, flow rates, operating parameters

After paying high price of an accident, we often miss the following opportunities to learn from it: 1.We find only a single cause, often the final triggering event. 2.We find immediate causes but not the ways of addressing weaknesses in management. 3.We list human error as a cause without saying what sort of error. Different actions are needed to prevent *human error due to ignorance, *human error due to slips or momentary lapses of attention,

*human error due to a deliberate decision not to follow instructions or accepted practice (sometimes called violations or non-compliance) *human error that occurs because a task is beyond the physical or mental ability of the worker. Listing human error as one of the causes of an accident is about as helpful as listing gravity as the cause of a fall. "We can not change the human conditions but we can change the conditions in which humans work." 4. We list causes we can do little about. 5. We change procedures rather than designs.

6. We do not help others to learn as much as they could from our experiences. 7. We forget the lessons learned and allow the accident to happen again. Organizations have no memory. Only people have memories and after a few years they move on through job changes or retirement, taking their memories with them. Procedures introduced after an accident are allowed to lapse; some years later, the accident happens again, even on the plant where it happened before. This is the most serious of the missed opportunities.

Following a fire at ICI in the 1960s, Kletz found an old accident report describing a similar incident 30 years earlier. The report contained similar recommendations to those made in the 1960s. This was a prime example of lessons from the past being forgotten and an accident recurring. Hence, we need to maintain databases that can present relevant information. We need better training, by describing accidents as case studies. We need discussion rather that lecturing, so that more is remembered.

We need to use Safety Bulletins to remind people of old accidents, as well as recent ones. Finally, we ask if legislation can produce improvements.

Plant equipment should be so shaped / positioned that it cannot be stood upon

* ACCIDENTS ARE RARELY THE

FAULT OF A SINGLE PERSON.

*

*

1. Equipment that is to be repaired should carry a numbered tag 2. Permanent Labels should follow a logical sequence

*

*

Case Study - Lack of concentration & Faulty Design An operator was asked to maintain the temperature of a reactor at 60 deg C. The Control Panel resembled the diagram below. The set points are fixed by percentage of the temperature, ranging from 0 deg C to 200 deg C. The operator simply set the instrument to 60 which actually corresponded to reactor temperature of 120 deg C. This caused a runaway reaction, resulting in over-pressurized reactor, liquid release and injured workers.

Error-1: There is a confusing design of the control panel as regards the temperature and the percentage.Error- 2 : The operator simply did not pay attention to what he was doing; the lack of concentration could have resulted in much more serious consequences.Error- 3 : Apparently there was no temperature/ pressure safety device installed on the unit. ----------------------------

Case Study Furnace Explosion

A hydro carbon was getting heated in a furnace as shown in the picture above.Low flow Trip & Alarm device and Pressure relief valve were fitted on the hydro carbon pipeline upstream of the furnace.In the course of hydro carbon heating, a choke developed on the pipeline after the furnace.So, the Relief Valve popped off and took most of the hydro Carbon flow.As a result, hydro carbon flow through furnace tubes fell to such a low level that the tubes got overheated and burst.

Remedial measures :-As the Relief Valve was fitted after the low flow alarm & trip and the flow was regular up to the Relief Valve, the low flow alarm arrangement did not trip.The Pressure Relief Valve should be fitted after the Furnace, so that even when the Relief Valve pops off, it will not affect the hydro carbon tubes inside the Furnace. ----------------------

Operating the wrong valve - Trip & Alarm testing A plant was fitted with low pressure Alarm & an independentlow pressure Trip.

*

There was no label on the Alarm; only a small label was affixed near the Trip.An Instrument Engineer conducted routine test of Alarm.Testing procedure was to isolate the Alarm from the plant, open the vent to blow off the pressure and note the pressure reading at which Alarm operated.Instrument Engineer, by mistake, isolated and vented the Trip.When he vented the Trip, pressure in the Trip fell and the plant was automatically shut down.It took 36 hours to bring the plant back to normal.

To reduce the chance of a further mistake :It is of no use to instruct Instrument Engineer to be more careful in future,Keep Trip and Alarm separately,Affix the label clearly near the Trip and Alarm,Possibly paint the Trip and Alarm in different colours. ____________

Emptying a vessel :*

Residue of the Still was discharged to residue tank after each batch, by opening the remotely operated Discharge Valve from Control Room.An indicator on the panel showed whether the Discharge Valve was open or closed.One day, operator was charging the Still through remotely operated Feed Valve; he noticed the level was falling instead of rising. He realized he forgot to close Discharge Valve after emptying previous batch. A quantity of feed went into residue tank where it reacted violently with other residues.Recommendation : Interlock the Feed & Discharge Valves, so that only one of them could be open at a time. ____________________

If a pump trips (or is shut down & not isolated), it can be driven backward by the pressure in delivery line and damaged. Check Valves are usually fitted to prevent reverse flow.

In one plant, light oil was pumped at intervals from a tank at atmospheric pressure to one at a gauge pressure of 15 psi (1 bar). For many years the practice was not to close any isolation valves but to rely on the check valve (NRV) in the pump delivery. One day a piece of wire got stuck in the check valve, oil flowed backward, and the atmospheric tank overflowed. This is a good example of an accident waiting to happen. Sooner or later the check valve was bound to fail, and a spillage was then inevitable.

In this case the design was not at fault. The operators did not understand the design philosophy. This could have been foreseen in a Hazard and Operability (HAZOP) study and special attention could have been paid to this aspect in operator training. ------------------------

Case study When an alarm system gives a warning, operators assume the alarm is out of order. They thus ignore it or send for the instrument mechanic. By the time the mechanic confirms that the alarm is correct, it is too late. For example: (a) During the morning shift, an operator noticed that a tank level was falling faster than usual. He reported that the level gauge was out of order and asked an instrument mechanic to check it.

It was afternoon before the mechanic could do so. He reported that it was correct. The operator then looked around and found a leaking drain valve. Ten tons of material had been lost. -------------------

COST OF ACCIDENTS Medical Treatment.

Man Hours Lost.Damage to Machinery. Confusion Damage to ToolsCustomer DissatisfactionLost TimeWarranty ClaimsProduction DelaysQuality ProblemsLate ChargesRush DeliveriesRejectsTurf BattlesRepair cost.Duplication of EffortAbsenteeismGrievancesReworkMiscommunicationBlaming & Fault FindingAudit CostsSurveillance CostsUnnecessary Reports RetrainingDIRECT COST(MORE VISIBLE)IN-DIRECT COST(LESS VISIBLE) Direct costs are like a tip of an iceberg In-direct costs are 4 to 5 times more than the direct cost

Accident investigation is like peeling an onion. Beneath one layer of causes and recommendations there are other, less superficial layers. Outer layers deal with the immediate technical causes. Inner layers deal with ways of avoiding the hazards and with the underlying causes, such as weaknesses in the Management System. The root causes in the majority of incidents were management system-related deficiencies, particularly in the area of process safety.

Lack of accountabilityLack of supervisionLack of TrainingMissing m/c guardSafety Rules not enforcedPoor work proceduresPurchasing sub-standard equipmentNo follow-up / feedbackPoor safety managementPoor safety leadershipDidnt follow proceduresPoor house-keepingHorseplayIgnored safety rulesDefective toolsDont know howNo MSDSDid not report hazardEquipment failureRoot Causes

Very often, only the outer layers are considered. Often, accident reports identify only a single cause, though many people, from front-end designers, down to the last link in the chain, the mechanic who broke the wrong joint or the operator who closed the wrong valve, had an opportunity to prevent the accident. The single cause identified is usually the last link in the chain of events that led to the accident. Just as we are blind to all but one of many octaves in the electromagnetic spectrum, so we are often blind to the many causes of an accident and the many missed opportunities preventing it.

Thus, we fail to use all the information for which we have paid the high price of an accident.

It does not mean that the immediate causes of an accident are any less important than the underlying causes. All must be considered if we wish to prevent further accidents.

Even when we find more than one cause, we often find only the immediate causes. By correcting the immediate causes, we can prevent only the last accident happening again. We should look beyond them for ways of avoiding the hazards, such as inherently safer design - could less hazardous raw materials have been used? - and for weaknesses in the management system: could more safety features have been included in the design?

Were the operators adequately trained & instructed? If a mechanic opened up the wrong piece of equipment, could there have been a better system for identifying it? Were previous incidents overlooked because the results were, by good fortune, only trivial? The emphasis should shift from blaming the operator to removing opportunities for error or identifying weaknesses in the design and management systems. By attending to the underlying causes, many similar accidents could be prevented .

Develop and maintain written safety information identifying workplace chemical and process hazards, equipment used in the processes, and technology used in the processes.Perform a Workplace Hazard Assessment, including, identification of potential sources of accidental releases, identification of any previous release within the facility that had a potential for catastrophic consequences in the workplace, estimation of workplace effects of a range of releases, and estimation of the health and safety effects of such a range on employees.

Consult with employees or their representatives in Safety Committee, on the conduct of Hazard Assessments & the development of Accident Prevention Plans. Provide them access to these records.Establish a System to respond to the Workplace Hazard Assessment findings, which shall address prevention, mitigation and emergency responses.Review periodically the Workplace Hazard Assessment and Response System.

Develop and implement written Operating Procedures (SOPs) for all the processes, which include operating limitations and safety & health considerations.Provide employee training in Operating Procedures, by emphasizing hazards and safe practices.Ensure Contract employees & Trainees are provided with appropriate information and training.Train and educate employees including Contract employees & Trainees in Emergency Response Procedures in a comprehensive and effective manner.

Establish a Quality Assurance program to ensure that initial process-related equipment, maintenance materials, and spare parts are fabricated & installed consistent with design specifications / standards.Establish Maintenance systems for critical process-related equipment, including written procedures, employee training, appropriate inspections and testing of such equipment to ensure ongoing mechanical integrity.Conduct Pre-startup Safety Review of all newly installed or modified equipment.

Investigate every workplace accident / near-miss incident, with any findings to be reviewed by operating personnel and modifications made, if appropriate.

*

4/7/12**

*

*

Near Miss Management System (NMMS) For every 600 near misses, there will be 30 property damage incidents, 10 injuries & one major injury. NMMS assists in identifying problems before they become an accident. To encourage the reporting of near misses, management needs to establish a no-blame workplace culture. Employees should be educated on the reason why near miss reporting is a necessity. This provides an opportunity for employee participation, a basic component of a successful OHS Management System.

Best Practices in NMMS: Near miss reporting needs to be non-punitive. If desired by the person reporting the near miss, it may be kept anonymous. Investigation should be conducted immediately to identify the root cause & the weaknesses (break-down) in OHS Management system. Investigation results are used to improve safety systems, hazard control, risk reduction. Data gathered through reporting & investigation procedures can be fed back into the OHS Management System to control future incidents (pro-active).

Plan Establish objectives and make plans (Analyze your organizations situation, establish your overall objectives, set your interim targets and develop plans to achieve them).Do Implement your plans (do what you planned to).Check Measure your results (measure/monitor how far your actual achievements meet your planned objectives).Act Correct & improve your plans to put them into practice (correct and learn from your mistakes to improve your plans so as to achieve better results next time).A Management System is incomplete without having the robustness to allow for continuous improvement of the organizations policies, procedures and processes.

Schematic diagram of a Loss Prevention Management System

Leadership Commitment forms the core of the Management System. Management Systems have been known to fail for lack of leadership support and the absence of providing visibility to the system by leadership. Leaders must take full ownership and set the expectations by demonstrating commitment through providing the right level of support and resources adequate for its full implementation. Leaders must lead by example. Analysis data results show that leadership behavior affects safety culture and safety performance.

Every leader, from executives to front-line supervisors have unique roles to play in running the Management System. The idea is to orchestrate the interactions of people with people & people with machines and the environment, ensuring alignment with incident-free strategic visions and objectives set by the corporate executives. Vision must be communicated to the workforce using all avenues by leaders, including written statements and personal communications.

Vision and Objectives Executives and top leaders are responsible for setting precise HES visions that offer clarity. The HES vision should support the companys philosophy. It should make every employee accountable for its execution at every level. Public perception and confidence need to be considered in the HES vision statement considering the potential for the companys interaction with the public during the life of the operation.

Below are sample objectives that may serve as starters: Prevent injury and illness and pursue improvements in safety and health to achieve industry leadership. Achieve zero non-conformance by complying with all relevant statutory requirements. Attain industry leadership in environmental stewardship; operate with minimal environmental footprint.

Personal safety needs to be given commensurate attention. Understanding the human element is the most complex, difficult to predict and critical part of any operation. Hence engineering solutions can not be solely relied upon. We rely on the human element for design, preventive maintenance, following standard operating procedures while incorporating safe work practices, reacting and responding to emergencies, and so on the list can be endless.

Hot Work Decision Tree

Business Planning (HES) The loss prevention action plans generated from the management system, like any other functional departmental plans (Operations, Projects, Information Technology, Human Resources, etc.), will have to be rolled (integrated) into the main business plan of the enterprise.

Holding all employees accountable to Safety, Health, and Environment as an integral part of their daily operations: Not holding every employee accountable to their individual roles could result in a phenomenon called deferral of responsibility. According to Psychology, it is referred as a behavior by which during emergencies people are likely to assume that, because others see what they see, somebody else will take action. The outcome to such an assumption is that no individual feels compelled to own and act on the situation;

Hence making sure that employees are clear about their roles and are held accountable is important for the success of implementing a Management System that will perform and stand the test of time.

SIMPLIFICATION AND ERROR TOLERANCE Plants should be designed to eliminate unnecessary complexity, thus reducing the opportunities for error and mal operation. A simpler plant is generally safer and more cost effective. It is cheaper to spend a relatively small amount of money to build a higher pressure reactor, rather than a large amount of money for an elaborate system to collect and treat the discharge from the emergency relief system of a reactor designed for a lower pressure.

VacuumDesigning vessels for full vacuum eliminates the risk of vessel collapse due to vacuum. Many storage and transport vessels have been imploded by pumping material out with the vents closed.Heat ExchangersDesign both shell and tube side of heat exchangers to contain the maximum attainable pressure, eliminating the need for pressure relief to protect the exchanger shell in case of tube rupture.

Piping - Piping systems should be designed to minimize the use of components that are prone to leak or fail. Sight glasses and flexible connectors such as hoses and bellows should be eliminated wherever possible. All welded pipe is preferable to flanged piping; threaded piping should be avoided for flammable and toxic materials. Where flanges are necessary, spiral wound gaskets and flexible graphite type gaskets are preferred.

Proper design and construction of piping systems is essential to preventing leaks: the Flixborough explosion (Caprolactum plant in U.K.) in 1974 was caused by an improperly designed section of temporary piping. Proper support of piping can minimize stress on flanges, joints and process equipment, therefore reducing leaks. For example, one plant began a program to monitor flange leaks and found that most of the leaks were coming from a few flanges. Improvements to piping layout and support in these areas eliminated most of those leaks.

Such a program to identify flanges and other equipment with chronic leakage problems can be useful in identifying areas for improvements in piping design and support.

Inherently Safer Plant An inherently safer plant relies on chemistry and physics the quantity, properties and conditions of use of the process materials to prevent injuries, environmental damage and property damage rather than on control systems, interlocks, alarms and procedures to stop incipient incidents. In the long term, inherently safer plants are often the most cost-effective.

Smaller equipment operating at less severe temperature and pressure conditions will be cheaper and have lower operating costs. A process that does not require complex safety interlocks and elaborate procedures will be simpler, easier to operate, and more reliable. The need for an ongoing commitment of resources to maintain the safety systems will be eliminated. Although a process or plant can be modified to increase inherent safety at any time in its life cycle, the potential for major improvements is greatest at the earliest stages of process development.

Process Risk Management Strategies Inherent, or IntrinsicEliminating the hazard by using materials and process conditions that are nonhazardous (e.g., substituting water for a flammable solvent). Passive Minimizing the hazard by process and equipment design features. It reduces either the frequency or the severity of the consequence (e.g., use of higher pressure rated equipment, use of heat insulation for flammable storage tank).

ActiveUsing controls, safety interlocks, and emergency shutdown systems to detect potentially hazardous process deviations and take corrective action. Water Spray (Quartzoid Bulb) turned on over the surface of flammable storage tank automatically in the event of heat radiation impingement is an example of active. These are commonly referred to as engineering controls.

ProceduralUsing operating procedures, administrative checks, emergency response and other management approaches to prevent incidents, or to minimize the effects of an incident. These are commonly referred to as administrative controls. Water spray turned on manually over the surface of flammable storage tank in the event of heat radiation impingement is an example of procedural. Risk control strategies in the first two categories, inherent and passive, are more reliable and robust because they depend on the physical and chemical properties of the system rather than the successful operation of instruments, devices and procedures.

Risk Mgt. Strategy Example Comment1. InherentAn atmospheric pressure reaction, involving non-volatile solvents; the solvents are incapable of generating pressure in the event of a runaway reactionThere is no potential for overpressure of the reactor because of the chemistry & physics of the reactants. There is no reaction hazard.2. PassiveA reaction, capable of generating 150 psig pressure in case of a runaway, is carried out in a reactor of design pressure 250 psig.Reactor can contain the runaway. However, reactor may fail at 150 psig due to corrosion, physical damage or other defect.3. ActiveA reaction capable of generating 150 psig in case of a runaway, is done in a 15 psig reactor; the reactor has an interlock to stop the feed at 20 psig; a 15 psig burst pressure rupture disk , discharging to an Effluent Treatment system is also fitted.Interlock could fail to stop the runaway reaction in time. Rupture disk could fail, in case of a runaway, due to plugging or improper installation.This may result in reactor failure.Effluent Treatment system could fail to prevent hazardous release.4. ProceduralReaction is done in 15 psig reactor (vide example 3) but without the interlock (20 psig ). Operator has to monitor reactor pressure & stop the feed at 20 psig.Operator could fail to monitor the reactor pressure or could fail to stop the feed at 20 psig in time. This will result in a runaway reaction.

The inherent and passive categories of risk management are classified as strategic approaches. Strategic approaches are best implemented at an early stage in the process or plant design. The active and procedural risk management categories (Safety Interlocks, Operating Procedures, Protective Equipment and Emergency Response Procedures) are classified as tactical approaches. The tactical approaches tend to be implemented much later in the plant design process, or even after the plant has started operating. This often involves much repetition, increasing the costs and potential for failure.

Inherent Process Safety ChecklistElimination/SubstitutionIs it possible to completely eliminate hazardous raw materials, process intermediates, or by-products by using an alternative process or chemistry?Is it possible to completely eliminate in-process solvents by changing chemistry or processing conditions?Is it possible to substitute less hazardous raw materials? Noncombustible rather than flammable solvents Less volatile raw materials

Less toxic raw materials Less reactive raw materials More stable raw materialsIs it possible to substitute less hazardous final product solvents? For equipment containing materials that become unstable at elevated temperature or freeze at low temperature, is it possible to use heating and cooling media that limit the maximum and minimum temperatures attainable?

Safer ConditionsCan the supply pressure of raw materials be limited to less than the working pressure of the vessels they are delivered to? Can reaction conditions (temperature, pressure) be made less severe by using a catalyst, or by using a better catalyst?Can the process be operated at less severe conditions? If this results in lower yield or conversion, can raw material recycle compensate for this loss?Is it possible to dilute hazardous raw materials to reduce the hazard potential?

Inventory ReductionHave all the in-process inventories of hazardous materials in storage tanks been minimized?Has all processing equipment handling hazardous materials been designed to minimize inventory?Is process equipment so located as to minimize length of hazardous material pipeline?Can piping sizes be reduced to minimize inventory?Can other types of unit operations or equipment reduce material inventories? For example: Flash dryers in place of tray dryers,

Continuous reactors in place of batch Continuous in-line mixers in place of mixing vesselsIs it possible to feed hazardous materials as a gas instead of liquid (e.g., Chlorine), to reduce pipeline inventories? Waste MinimizationIs it possible to recycle waste streams to reduce the need for waste treatment?Have all washing operations been optimized to minimize the amount of wash water? Can countercurrent washing improve efficiently?

Can valuable by-products be recovered from waste streams? Can the process be modified to increase the concentration of by-products making recovery more feasible?

LOPA (Layer of Protection Analysis), a simplified tool of Risk Assessment analyses whether sufficient IPLs (Independent Protection Layers) are existing in a process to control the risk of an accident for a given scenario. If the estimated risk of the scenario is not acceptable, additional IPLs may have to be added. IPL 3IPL 1 IPL 2Consequenceoccurs

LOPA does not suggest which IPLs to add or which design to choose; it assists in judging between alternatives for risk mitigation.Key: Thickness of arrow represents frequency of the Consequence if later IPLs are not successfulFrequency

LOPA ONION - 1st Layer:-

LOPA Onion - 2nd Layer:-

LOPA Onion - 3rd Layer:-

LOPA Onion - 4th Layer:-

LOPA Onion - 5th Layer:-

LOPA Onion - 6th Layer:-

LOPA Onion 7th Layer:-

Poor Housekeeping

Body cleaning with compressed air is dangerous

Case Study- Fire due to Static Electricity*

*

An operator placed the fill nozzle in the fill-opening on top of the tote and suspended a steel weight on the nozzle to keep it in place as the pressure from the liquid flowing through the nozzle can cause it to dislodge.After opening the valve to begin the filling process, he went to do other work.Suddenly, he heard a popping noise and found the tote engulfed in flame and the fill nozzle laying on the floor discharging Ethyl Acetate.

*

Causes for fire:Due to splash- filling of Ethyl Acetate which is a highly flammable liquid, an ignitable vapour-air mixture formed at the tote filling opening.

A static discharge (spark) between the tote body and the metal component on the fill nozzle/hose assembly, which included the steel weight could have caused the ignition.

*

*

Correct method of Bonding & Earthing*

#In a chemical factory, workers started unloading 24 KL Petroleum product from a tanker lorry. One end of a rubber hose was connected to the out-let valve of the lorry and its other end was connected to a 30 KL horizontal storage tank valve. While transferring, there was leakage at the point of tanker outlet valve connected to the rubber hose. To control the leakage, workers decided moving the lorry to correct position. When the lorry was started, a sudden fire was noticed at the out let valve leakage area. Workers tried to put out the fire but they could not do so.

Fire spread out; the storage vessel got suddenly burst and thrown out from its foundation. Petroleum material becamea fireball, causing burn injury to 23 workers. Causes :1.Bonding the road tanker & storage tank, as also Earthing to avoid the risk of static electricity, was not done.2.While petroleum product was leaking through the rubber hose, driver started the lorry. Sparks released from lorry exhaust pipe, ignited the petroleum vapor, resulting in fire & tank explosion. ---------------

To avoid serious incidents, everyone has continually to keep in mind that they are dealing with potentially dangerous materials and processes. The number of people employed should be sufficient to cope with emergencies and not just with normal running. They should have adequate knowledge and experience. Every demand on the protective systems, such as every operation of a safety trip or interlock, should be reported and investigated. Lessons from experience elsewhere should be followed up and there should be regular reminders of past incidents.

Do you understand that flammable gas detectors will not detect flammable gas unless it is mixed with air (or oxygen) in the flammable range? Many operators do not understand this limitation of flammable gas detectors. Is this point covered in their training?

Furnace tube failures are usually the result of overheating the tubes, often months or years beforehand. The tubes are usually designed for a life of 100 000 hours (11 years). Suppose the design temperature is 500C: If the tubes are operated at 506C they will last 6 years. If they are operated at 550C they will last 3 months. If they are operated at 635C they will last 20 hours.

Failure will be by creep the tube will expand, slowly at first and then more rapidly, and will finally burst. Creep cannot be detected until its later stages but, nevertheless, once a tube has been overheated some of its creep life has been used up and however gently we treat the tube afterwards the lost life can never be recovered.

Fire Exits :An Exit is a doorway, corridor, passageway to an external / internal stairway or to a verandah.Lifts & revolving doors are not Exits.Iron rung ladder & spiral staircase are not Exits.Travel Distance to Exits in a work floor shall not exceed 30 m.Where hazardous materials are stored/used, the Travel Distance shall not exceed 22.5 m.An Exit Door of 100 cm. wide can be used to evacuate a maximum of 150 persons in a work floor.

A Staircase of 100 cm. wide can be used to evacuate a maximum of 100 persons.For every floor above & below ground floor, there shall be minimum 2 Exit Stairways; an internal Stairway shall be one of them.Size of Exit doorway shall be 200 cm. X 100 cm.

S.D.H.D.PumpSprinkler NozzleSmoke Detector (S.D.) failsHeat Detector (H.D.) failsPump failsSprinkler Nozzle BlockFire Detection System failsWater Sprinkler failsFire Protection System failsOR gateAND gateTop EventIntermediate EventBasic EventFAULT TREE ANALYSIS

Space for turning with a minimum radius of 20 m shall be provided for LPG Tank Lorry.Longitudinal axis of LPG Bullets shall not point towards vital process equipment & other facilities.Design Code for LPG Bullet: ASME Sec. VIII or IS-2825 or BS 5500.Design Pressure of LPG Bullet: V.P. of LPG @ 55 deg C.LPG Bullet shall have a single nozzle at the bottom for inlet as well as outlet.The nozzle shall be fully welded, stress relieved along with the Bullet.

The bottom nozzle shall extend 3 m (minimum) from the shadow of the Bullet.EFCV shall be provided on the bottom nozzle to ensure immediate stoppage of LPG flow in the event of downstream leakage, rupture, if any.There shall not be any fitting/tapping on the bottom nozzle up to the EFCV.Fixed water sprinkler system shall be provided for LPG Bullets, LPG unloading area, LPG pump/compressor.Manually operated Isolation Valve for the water sprinkler system shall be located at a safe distance of 15 m.

Fire water system shall be designed to meet the highest fire water flow requirement of a single largest risk area (water spray density:10 lpm /sq. m.) plus 72 cu. m. /hr for operating 2 hydrant points.Fire hydrant network shall be in closed loops to ensure multi directional flow in the system, so that isolation of any section on the network can be effected without affecting the flow in the rest.Fire water ring main shall be designed for a minimum residual pressure of 7 ksc (g) at the furthest point of application in the plant.Fire water storage shall be for 2 hours aggregate working capacity of Fire water pumps.

Fire water storage shall be preferably in above ground tanks for availing the facility of flooded suction to enable easy start of fire water pumps.Fire water storage tank shall be in 2 number, interconnected with suitable valve to facilitate cleaning/repair.Fire hydrant ring main should normally be laid above ground.Pipe line should be laid at a height of 0.3 m to 0.4 m above ground level.The hydrant main should be supported at regular intervals not exceeding 6 m.

The portion of fire hydrant line within 15 m of LPG Bullet shall be fire-proofed.Hose boxes with 2 no. hoses & a nozzle shall be provided by side of each hydrant point.

If it ain't broke, don't fix it "That's the trouble with the management: Fixing things that aren't broken and not fixing things that are broken."

Ammonia leak from tanker lorry during unloading

Anhydrous Ammonia Bullets

Wire braided Transfer Hose torn off during ammonia unloading

Section 111A Right of workers:- Every worker has the right to (i) obtain from Occupier, information relating to his health and safety at work, (ii) get trained within the factory or at a training institute; such institute should have Chief Inspectors approval for training workers on occupational health and safety, (iii) represent to Inspector regarding inadequate provision in the factory for his occupational health or safety.

*

Flame-proof electrical lamps conforming to IS: 2206*

FLP motors & electrical fittings are hermetically sealed to prevent spark if any , from coming in contact with external flammable surrounding. Use FLP motors &electrical fittings in places where highly flammable liquids / gases are handled or stored.*

Flame proof tube lights*

Where necessary, areas classified into zones shall be marked with a specified "EX" sign at their points of entry.*

Electricity is safe when its current flowing through the circuit is shielded from human contact by means of suitable enclosure (isolation) or insulation.Under certain faulty conditions where such protections may fail or do not exist, anybody may get into contact with electric current and get electric shock and / or electric burns.

RCCB-30 m A Trip (BS 4293 specification)

RCDs for protecting people have a rated tripping current (sensitivity) of not more than 30 milliamps (mA). Remember: an RCD is a valuable safety device, never bypass it; if the RCD trips, it is a sign there is a fault. Check the system before using it again; if the RCD trips frequently and no fault can be found in the system, consult the manufacturer of the RCD; the RCD has a test button to check that its mechanism is free and functioning. Use this regularly.

RCD or ELCB or RCCB Residual current devices (Earth Leakage Circuit Breakers or Residual Current Circuit Breakers) must be installed for socket outlet circuits.

When parts under voltage are touched, the RCD will instantly switch off the current long before any amount or duration of current flow can cause damage.

On a double insulated electric equipment / tool, an internal layer of protective insulation isolates the electrical components from the outer metal housing. Double Insulated tools provide shock protection without third-wire grounding.

To protect a worker from shock, portable tool must: have a 3-wire cord plugged into a grounded receptacle be double insulated, or be powered by a low-voltage isolation transformer

Hanging the portable m/c on the shoulder: UnsafeDo not carry portable tools by the cord.Do not use electric cord for hoisting or lowering the tools.Keep electrical cords away from the heat, oil and sharp edges.

ELCB protectsperson from the leakageCurrent.

MCB protects from the short circuit.

Safe Electric Circuit

Sketch of a vertical Pressure Vessel

PNEUMATIC TEST - INCIDENT

Incident happened during pneumatic test of tank- associated piping. A blind was not installed to isolate the piping ; only block valves were closed. Tank lifted off and landed on top of the unit!

Major accident LPG leak from lorry tanker while unloading

Fishbone Diagram of Accident causes

**********