Safeguard Your Safety Review

Assumption gaps can undermine a process hazard analysis.

By G.C. Shah, Mustang Engineers

1 of 2 < 1 | 2 View on one page

If listeners misunderstand what a speaker means, problems can arise. Such an assumption gap is particularly dangerous during a process hazard analysis (PHA). It could result in inadequate identification of hazards and major hazards left hidden.

Typically, PHA activities are collaborative efforts between a facilitator and a team. The facilitator asks a series of questions and the team then works collectively to identify hazards. Because its results form the basis for subsequent safety analyses, the PHA is recognized as the foundation upon which the safety of the entire project rests. So, here, we'll look at several assumption gaps to consider while performing a PHA. This list isn't by any means comprehensive.

Metallurgy. During the design stage, material selection gets considerable attention to ensure hardware can handle the corrosion and erosion anticipated during normal and abnormal operations. However, there may be some assumption gaps.

Consider a question by the PHA facilitator: "Is the metallurgy of the equipment adequate for all anticipated operations — normal as well as abnormal?"

The PHA team typically would respond "Yes. Metallurgy has been considered thoroughly in design."

The team may assume that quality assurance and quality control (QA/QC) in place at the fabricator and construction contractor will ensure equipment is free from metallurgical defects. However, this may not be true in all situations. Indeed, in view of recent cases of poor quality control at various international fabrication shops, always re-examine the assumption of QA/QC.

A PHA facilitator should confirm that systems (e.g., material inspection and welding procedures) are in place to verify equipment meets all safety requirements.

Multi-plant sites. Plant acquisitions and joint ventures can result in sites housing operating units belonging to different organizations. Often, the organizations share some utilities or services. The accounting and business agreements generally are worked out in meticulous detail. However, the lower-level procedural issues, including safety and risk containment, aren't given sufficient thought in some cases. For instance, many units may share a common flare and a flare header and may have good accounting (flow totalizers) — but may lack effective coordination on flare design, modification or operation among various units.

Some questions to ponder include:

  1. Do the flare and its ancillaries (header, knockout drum and pumps) have adequate capacity to handle anticipated flows resulting from the project modifications?
  2. Do release scenarios for the flare system consider all units at the site?
  3. Are management systems in place to ensure that all companies thoroughly review modifications that impact the flare system?
  4. Are management systems or engineering controls in place to prevent unilateral modifications of shared systems prior to a multi-party safety review?
  5. Are there proper installation and maintenance procedures for relief valves and rupture discs?
  6. Have all companies at the site continually reviewed flare operation, emergency response systems and other utility systems?

Vents. Some vents may discharge directly to the atmosphere. On the process and instrumentation diagrams, they usually are shown as "vented to a safe location." The term "safe location" may not get scrutinized during a PHA. An assumed "safe location" may not be sufficiently safe. Some natural-gas vents and turbine exhausts are routed to the atmosphere. While such vents may be small and generally pose minimal fire hazard, it's appropriate to ensure that:

  1. The vent is sufficiently far from any ignition source, sparks, or storage of flammable materials. Industry standards such as NFPA-54 may help in determining criteria for "safe" locations.
  2. During the worst-case conditions of flow to the vent and atmospheric conditions (stable with no or mild wind), the ground-level concentration of flammable material poses an acceptable hazard. Similarly, hot turbine exhausts, under the worst-case scenario, don't create an ignition or a thermal hazard.
  3. Venting doesn't occur in confined spaces or close to buildings. If it's absolutely necessary to vent in a confined area, verify that effective safeguards (e.g., gas detectors and alarm and mitigation systems) are in place to manage the hazard to an acceptable level.

Isolation valves. Are these valves actually leak-proof? For furnace operations, fuel supply is almost always double-block-and-bleed. Not all valves (e.g., plug valves) are leak-proof. So, always check the valve leak rating.

1 of 2 < 1 | 2 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments