Inherently safer design is a philosophy of process safety management that focuses on eliminating hazards, or significantly reducing their magnitude, rather than using add-on safety devices, systems and procedures to manage the risks [1, 2]. Inherently safer design is a potentially more reliable, robust and economic approach to chemical process risk management. After all, what you don't have can't leak.
Many materials and processes, such as those listed in Table 1, pose intrinsic hazards. Such hazards only can be avoided by changing the material or its conditions of use. Table 2 details some strategies for achieving this.
Since the terrorist attacks of Sept. 11, 2001, the press have discovered the idea of inherently safer design, particularly as a tool for reducing security concerns -- a plant without hazardous materials poses no threat of hazardous material release. One response to this increased media attention has been a call for regulations to promote inherently safer design alternatives for facilities handling hazardous chemicals.
Such proposals are not new. The initial draft of the risk-management plan regulations for compliance with the Clean Air Act of 1990 included a requirement, subsequently dropped, to identify potential inherently safer alternative designs. In 1998, Contra Costa County, Calif., passed an Industrial Safety Ordinance that mandates facilities "consider the use of Inherently Safer Systems in the development and analysis of mitigation items resulting from a process hazard analysis." (Moore  discusses experience with the implementation of this ordinance.) At the federal level, legislation has been proposed since 2001, but has not passed. However, based on committee discussions in October 2003, some language calling for consideration of inherent safety options is likely to be included in any chemical security legislation that passes Congress . So, it is important for industry, government and the public to understand inherent safety, including potential conflicts among the inherent safety characteristics of design alternatives.
All materials and processes have multiple hazards. For example, Table 3 lists a few of the hazards for an everyday example (a rotary power lawn mower) and a chemical process (solution polymerization of a vinyl monomer in an organic solvent). A process can be described as inherently safer with respect to one or more of these multiple hazards if it eliminates or significantly reduces that hazard. However, a process that is inherently safer with respect to one hazard may or may not be inherently safer with respect to other hazards. It is highly unlikely that any alternative process will be inherently safer with respect to all hazards. It is almost never possible to simultaneously maximize all desirable characteristics of any design.
So, optimization efforts must focus on identifying the design that gives the best overall combination of desirable characteristics; it may not maximize any single desirable characteristic. Optimization also requires some decision about the relative importance of different process characteristics. In many cases, the relative importance of various factors is clear, and there will be widespread agreement about which alternative represents the inherently safer design. However, this is not always true.
The processes for optimization and decision-making for process safety are the same as for any other engineering decision. The science and theory of these processes are well developed, and the Center for Chemical Process Safety has published a book on the application of these methods to process safety decisions . Approaches range from simple voting and weighted scoring methods, through mathematical programming and cost-benefit methods, to sophisticated decision-making tools such as decision analysis and multi-attribute utility analysis.
All of these approaches require the decision-maker to understand the alternative designs, identify the parameters upon which to base a choice, relate each alternative to those selected parameters, and determine the relative importance of each of those parameters.
The last requirement is not a technical question, but a value judgment. Other factors, such as capital investment, operating costs and impact on the community's economy, must be considered.
There is no right answer to a question such as "what is the relative importance of increased risk of cancer from chronic exposure to Material X compared to the increased risk of fire and explosion from Material Y?" Each design group, plant, company or society as a whole must address these difficult questions to determine the relative importance for the specific case.
Even if they agree on all of the "facts," interested parties, because they have different values and priorities, often will still disagree on what to do. Yet, they must discuss the alternatives to reach a consensus.