Inherently safer design (ISD) is a philosophy for designing and operating a safe process plant [1,2]. ISD aims to eliminate or significantly reduce hazards, rather than managing them with hardware and procedures. When feasible, ISD provides more robust and reliable risk management and, by eliminating costs associated with safety equipment and procedures, may make processes simpler and more economical.
ISD has received considerable attention from the public, government and non-governmental organizations (NGO) in recent years. Legislation to require consideration of ISD as an approach for reducing security concerns at chemical plants has been introduced in every session of the U.S. Congress since at least 2001, most recently as the Chemical & Water Security Act of 2009 (H.R. 2868), which was passed by the House of Representatives on November 6, 2009. The Senate will consider that bill this year (see "Anti-Terrorism Mandates Face Major Revision"). Also, New Jersey and Contra Costa County, Calif., require certain regulated hazardous-material-handling facilities to consider applicability of inherently safer technology (IST). Public interest, existing and potential regulations, and company and professional desires to design and operate safe facilities provide incentives for considering ISD/IST. But how do you actually do this for a real plant, either a new design or an existing facility?
The Center for Chemical Process Safety (New York City) recently released the second edition of its landmark book on ISD , first published in 1996. The new edition boasts a greatly extended discussion of how to actually implement ISD, including several examples and case histories. It also offers significantly upgraded checklists and other aids.
Levels of Inherent Safety
Over the years, considerable disagreement has arisen about whether or not a particular design feature of a process plant was "inherent" or not. Often the disagreement develops because people are looking at ISD from different perspectives. For example, from a high level viewpoint, an oil refinery can't achieve inherent safety because it must handle large amounts of highly hazardous materials. You can't avoid this in a refinery — the products are valuable because they contain a lot of energy. But that doesn't mean ISD doesn't apply. Used during detailed equipment configuration and design, it can eliminate or significantly reduce many risks within a process that still contains major hazards.
You can classify levels of ISD as follows:
• First-order inherent safety — eliminating hazards from the process altogether;
• Second-order inherent safety — reducing the magnitude of a hazard, or making it extremely unlikely, perhaps nearly impossible, for an accident to occur; and
• Layers of protection — making passive, active and procedural risk-management safeguards inherently more reliable and robust.
An ISD "strict constructionist" might consider only first-order ISD to be truly inherent — you have entirely eliminated a particular hazard. However, this often is impossible to achieve. In contrast, many opportunities exist to design a more robustly safe plant by applying second-order strategies and even by using ISD thought processes during design of safety hardware and procedures that manage risk of major inherent hazards. Unfortunately, several myths have kept sites from seriously considering ISD (see sidebar).
In an ideal world, plant designers and operators would think about ISD throughout the process design and operational lifecycle; specific ISD review tools wouldn't be needed. But, in the real world, most facilities already exist and ISD wasn't considered during their design, or companies and engineers aren't familiar with ISD and don't look for opportunities in process design. Specific ISD review tools can help overcome these problems. Chemical engineers have used three approaches for implementing ISD in new and existing plants:
1. An inherent safety analysis of a process using an ISD checklist;
2. An independent process hazard analysis (PHA) for a plant focusing on ISD; and
3. A complete PHA of the plant with ISD considerations fully incorporated into the PHA discussions.
ISD checklist analysis. A checklist is a common PHA technique and can serve to identify ISD options. The checklist is best used in a team setting, with a variety of people familiar with all aspects of the plant and process considering the questions on the checklist. Treat it as as a "creative checklist" — in other words, use it to prompt creative thinking by the team, not just "yes" or "no" responses.
Reference 3 includes an extensive checklist of practical inherent safety considerations. It's organized around four major ISD strategies as well as plant geography:
• Simplify; and
• Location, siting and transportation.
The book gives more than 40 specific questions, many with additional considerations and sub-questions, providing hundreds of ISD ideas to consider for your process. Table 1 shows some examples. It's important to make sure use of checklists doesn't limit team creativity. No general checklist can identify every potential ISD option for a specific process — the review team itself will have more knowledge about the plant and should use the checklist as a tool to facilitate creative thinking about how to eliminate or reduce hazards.
Independent ISD PHA. This type of a review — also a team activity — focuses on specific hazards associated with the process and applies ISD strategies (substitute, minimize, moderate, simplify) to identify ways of eliminating or minimizing them. It uses one of the standard PHA tools (e.g., What If, Hazop) to pinpoint hazards but team discussion centers on ISD considerations. If, for example, the team finds a runaway exothermic reaction caused by water contamination in a batch reactor to be a hazard, it would look for opportunities to eliminate or reduce this risk. Some considerations might include:
• Substitute — using a non-reactive coolant in reactor coils instead of water;
• Minimize — removing all direct water connections to the inside of the reactor (for example, those to add water for reactor cleaning during shutdowns);
• Moderate — evaluating chemistry or solvent alternatives that might reduce sensitivity of the reaction mixture to water contamination; and
• Simplify — eliminating complex piping in the raw-material supply headers that increases potential for accidentally connecting water to the reactor.
CCPS has published another useful tool for consideration of ISD . This book provides a series of tables of potential failure mechanisms for a wide range of process equipment and identifies potential design solutions, including inherent, passive, active and procedural approaches to managing risk.
Plant PHA incorporating ISDMy personal preference is to minimize (an ISD strategy!) the proliferation of process reviews that seem to be required by the many demands being made on plant designers and operators. Plants are asked to do PHA, reliability and maintenance evaluations, ISO certification reviews, and now it's suggested (or required in some jurisdictions) ISD studies. Many of these use similar techniques. Combining them as much as possible increases efficiency and yields a better review. All reviews aim to accomplish the same thing — excellence in manufacturing, which includes best possible safety, environmental performance, product quality, productivity, plant reliability and profitability. These multiple demands often result in design or operational changes that improve performance in several areas simultaneously — e.g., a change boosting reliability and profitability also may enhance safety. But this isn't necessarily always true. For example, collecting contaminated process vent gas from various pieces of equipment for treatment by a thermal oxidizer before discharge to the atmosphere may bolster environmental performance but introduce a safety hazard — a potential explosion in the vent gas collection system if organic material concentration is within flammable limits and an ignition source is present. So, it makes sense to consider as many of the competing performance demands as possible with a team having a broad understanding of the benefits and costs in all important performance areas.
Incorporating ISD considerations into the plant PHA follows a procedure similar to that used in an ISD-specific PHA. However, the team doesn't restrict its recommendations to ISD but considers ISD solutions as one of many options available for managing hazards and risks. (See the sidebar for some tips.) When the team identifies a danger, it first seeks an ISD solution, trying to eliminate or reduce the hazard. It also considers other alternatives, including active, passive and procedural risk-management strategies. If the facility is located in a jurisdiction that requires consideration of ISD, it's important to clearly document evaluation of ISD.
Understand Your Process!
Identifying and implementing ISD demands a thorough grasp of the manufacturing process. Obviously you must appreciate all the hazards of your current route and potential alternatives to eliminate or minimize them. But to identify inherently safer alternatives, you must have a fundamental understanding of how your process works and what physical and chemical factors are most important in controlling its behavior. Then you're in a position to properly determine process and equipment alternatives that optimize these important factors, minimizing the required size of equipment while improving control of the process and reducing or eliminating hazards. I can't overemphasize the importance of understanding what's important in controlling the process — in general a plant that's under control is safe and will produce the desired product quality and quantity, maximizing profitability.
As an example, consider a nitration process. Nitration chemistry can be very hazardous. The reaction usually is highly exothermic; loss of control can result in a runaway reaction and explosion. Products can be unstable and it's possible to get unstable byproducts if reactions are improperly controlled. For one particular product, a company developed a semi-batch process in which an organic substrate was mixed with an organic solvent and then a mixture of nitric acid and sulfuric acid catalyst was fed at a rate to maintain a specified batch temperature. Initial design called for a several-thousand-gallon reactor; reactant feed would take many hours. Because of the large reactor size, any runaway reaction posed major consequences. To consider ISD options, it was essential to fully understand what physical and chemical factors dominated this process. The actual chemical reaction was of little importance — the nitric acid and organic substrate reacted extremely rapidly once they contacted each other. Three things were really important in optimizing this process from both an inherent safety and economic viewpoint:
1. Large scale mixing. The nitric and sulfuric acids were fed through a dip pipe into the batch reactor and had to be mixed throughout the several thousand gallons of vessel volume to contact the organic substrate. Poor mixing would result in large concentration and temperature gradients, prompting more side reactions, reduced purity product and lower yield.
2. Micromixing. Nitric acid and organic substrate reacted quickly once they came into contact. However, the nitric acid was in an aqueous phase and the organic substrate in an organic solvent phase. What really controlled the rate of reaction was mass transfer from the aqueous to the organic phase. One factor that controls mass transfer is surface area between the phases — so designing a mixing system to maximize surface area (by providing many very small droplets of the aqueous phase) will maximize reaction rate.
3. Heat removal. Because the reaction is extremely exothermic, rapid removal of the heat of reaction is required to maximize reaction rate and minimize reactor size.
By knowing which process parameters are important, it's possible to design a reactor that optimizes them. A continuous stirred tank reactor with a few-hundred-gallon volume, an extremely high intensity mixing system and a large heat transfer area (from the reactor jacket and internal coils) was designed. The system was safer because the reactor was much smaller, product quality was better and raw material yield was higher. It probably would have been possible to reduce the size further with a plug-flow pipe reactor containing mixing elements. Similar technology, using an eductor as a reactor, has been used to make explosives.
The Crucial Element
The key to implementing ISD in any plant, new or existing, is a basic and thorough understanding of the process. What are the hazards? What physical and chemical parameters control the process? Such knowledge should underpin your efforts to eliminate or reduce hazards. Tools and checklists are available to help you ask the right questions, so you can use your process knowledge to identify inherently safer process options. But, without that process understanding, these tools won't do the job on their own. Ultimately, implementation of ISD depends on process understanding — this is exactly what you need to design and operate the most efficient and profitable plant.
Dennis C. Hendershot is a process safety consultant based in Bethlehem, Pa., after having retired as Senior Technical Fellow at Rohm and Haas and principal process safety specialist at Chilworth Technology. E-mail him at firstname.lastname@example.org.
1. Hendershot, D. C., "A New Spin on Safety," p. 16, Chemical Processing, May 2004, www.ChemicalProcessing.com/articles/2004/33.html.
2. Hendershot, D. C., "Rethink Your Approach to Process Safety," p. 36, Chemical Processing, September 2007, www.ChemicalProcessing.com/articles/2007/158.html.
3. "Inherently Safer Chemical Processes: A Life Cycle Approach," 2nd ed., Center for Chemical Process Safety, John Wiley & Sons, Hoboken, N.J. (2009).
4. "Guidelines for Design Solutions for Process Equipment Failures," Center for Chemical Process Safety, American Institute of Chemical Engineers. New York City (1998) (now marketed by John Wiley & Sons, Inc., Hoboken, N.J.).