Safeguard Your Safety Review

Assumption gaps can undermine a process hazard analysis.

By G.C. Shah, Mustang Engineers

Share Print Related RSS

If listeners misunderstand what a speaker means, problems can arise. Such an assumption gap is particularly dangerous during a process hazard analysis (PHA). It could result in inadequate identification of hazards and major hazards left hidden.

Typically, PHA activities are collaborative efforts between a facilitator and a team. The facilitator asks a series of questions and the team then works collectively to identify hazards. Because its results form the basis for subsequent safety analyses, the PHA is recognized as the foundation upon which the safety of the entire project rests. So, here, we'll look at several assumption gaps to consider while performing a PHA. This list isn't by any means comprehensive.

Metallurgy. During the design stage, material selection gets considerable attention to ensure hardware can handle the corrosion and erosion anticipated during normal and abnormal operations. However, there may be some assumption gaps.

Consider a question by the PHA facilitator: "Is the metallurgy of the equipment adequate for all anticipated operations — normal as well as abnormal?"

The PHA team typically would respond "Yes. Metallurgy has been considered thoroughly in design."

The team may assume that quality assurance and quality control (QA/QC) in place at the fabricator and construction contractor will ensure equipment is free from metallurgical defects. However, this may not be true in all situations. Indeed, in view of recent cases of poor quality control at various international fabrication shops, always re-examine the assumption of QA/QC.

A PHA facilitator should confirm that systems (e.g., material inspection and welding procedures) are in place to verify equipment meets all safety requirements.

Multi-plant sites. Plant acquisitions and joint ventures can result in sites housing operating units belonging to different organizations. Often, the organizations share some utilities or services. The accounting and business agreements generally are worked out in meticulous detail. However, the lower-level procedural issues, including safety and risk containment, aren't given sufficient thought in some cases. For instance, many units may share a common flare and a flare header and may have good accounting (flow totalizers) — but may lack effective coordination on flare design, modification or operation among various units.

Some questions to ponder include:

  1. Do the flare and its ancillaries (header, knockout drum and pumps) have adequate capacity to handle anticipated flows resulting from the project modifications?
  2. Do release scenarios for the flare system consider all units at the site?
  3. Are management systems in place to ensure that all companies thoroughly review modifications that impact the flare system?
  4. Are management systems or engineering controls in place to prevent unilateral modifications of shared systems prior to a multi-party safety review?
  5. Are there proper installation and maintenance procedures for relief valves and rupture discs?
  6. Have all companies at the site continually reviewed flare operation, emergency response systems and other utility systems?

Vents. Some vents may discharge directly to the atmosphere. On the process and instrumentation diagrams, they usually are shown as "vented to a safe location." The term "safe location" may not get scrutinized during a PHA. An assumed "safe location" may not be sufficiently safe. Some natural-gas vents and turbine exhausts are routed to the atmosphere. While such vents may be small and generally pose minimal fire hazard, it's appropriate to ensure that:

  1. The vent is sufficiently far from any ignition source, sparks, or storage of flammable materials. Industry standards such as NFPA-54 may help in determining criteria for "safe" locations.
  2. During the worst-case conditions of flow to the vent and atmospheric conditions (stable with no or mild wind), the ground-level concentration of flammable material poses an acceptable hazard. Similarly, hot turbine exhausts, under the worst-case scenario, don't create an ignition or a thermal hazard.
  3. Venting doesn't occur in confined spaces or close to buildings. If it's absolutely necessary to vent in a confined area, verify that effective safeguards (e.g., gas detectors and alarm and mitigation systems) are in place to manage the hazard to an acceptable level.

Isolation valves. Are these valves actually leak-proof? For furnace operations, fuel supply is almost always double-block-and-bleed. Not all valves (e.g., plug valves) are leak-proof. So, always check the valve leak rating.

Safety management systems. Companies differ widely in the structure and implementation of their safety management systems. It's worth verifying that management systems suffice to prevent unsafe incidents as a result of the project. Include a brief review of the company's safety management system as part of a PHA. This review should confirm that the safety management system is robust enough to ensure safe operation while the project is being implemented and after project systems are put in operation.

Risk management matrix. PHA studies often rely on this semi-quantitative method that assigns risk based on likelihood and consequence of a hazard. The criteria for determining likelihood and consequence vary widely among companies and among industries. For instance, offshore oil/gas exploration uses different criteria than refining in determining consequence (severity) of an incident. The PHA facilitator should review the existing risk matrix to verify that a consistent system of ranking risk is followed.

CLOSING ASSUMPTION GAPS
Consider the following steps to minimize misunderstanding:

  • Clearly define and communicate to management the scope of your PHA.
  • Prior to starting the PHA, familiarize yourself with the organization's safety management systems. Ensure they can accommodate project modifications safely.
  • Understand the terminology of the organization and technology as far as equipment and procedures of the project are concerned.
  • Make certain the PHA team comprehends your terminology.
  • Pose questions to the PHA team in a clear manner. Confirm that the team understands the intention of questions. Include examples, where appropriate, with your questions. For instance, in terms of double-block-and-bleed, you might clarify what you mean by the term "blocking." Let the PHA team elaborate on their answers.
  • Before beginning a PHA, review past unsafe incidents at the project site.
  • Consider a system's approach and lifecycle safety to ensure safety is maintained throughout the life of the project.
  • When preparing the PHA report, avoid arcane technical jargon. If you must use jargon, clearly explain the meaning of the terms. A layperson should be able to understand the report and implement its recommendations in their entirety.
  • As a general rule, to minimize assumption gaps select PHA facilitators with plant or operational experience as well as good communication and diplomatic skills.

G.C. SHAH, PE, is a safety, environmental and industrial hygiene professional at Mustang Engineers, Houston. E-mail him at ghanshyam.shah@mustangeng.com.

Share Print Reprints Permissions

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments