Inherently safer design (ISD) is a philosophy for designing and operating a safe process plant [1,2]. ISD aims to eliminate or significantly reduce hazards, rather than managing them with hardware and procedures. When feasible, ISD provides more robust and reliable risk management and, by eliminating costs associated with safety equipment and procedures, may make processes simpler and more economical.
Myths About ISD Abound
Let's dispel five common myths:
1. ISD will eliminate all hazards. It's unlikely that any process or material ever will be completely non-hazardous. There are plenty of examples of where a change to improve safety resulted in a new hazard or increased the risk of a different existing hazard.
2. Because ISD has been described as "the best approach to process safety," you always must implement a viable ISD. The objective is safety, not necessarily inherent safety. Also, while safety is the highest priority in process design, it's not the only objective — after all the safest option is not to build the plant. Sometimes consideration of other hazards will preclude choosing ISD, or the benefits to society will make the use of active, passive and procedural process safety management strategies an appropriate choice.
3. ISD only is applicable at early stages of process research and development and plant design. The approach suits any stage in a plant lifecycle. Indeed, there are many instances of significant improvements through its use at existing plants.
4. Plant operating personnel can't contribute to implementing ISD. Such people, because of their familiarity with the workings of the plant, often are in the best position to identify issues. Operations personnel have suggested many ISD improvements.
5. There's always a "best technology" that's inherently safer for the manufacture of a particular product. The most appropriate choice highly depends upon local factors such as plant location and environment, proximity of population, etc.
ISD has received considerable attention from the public, government and non-governmental organizations (NGO) in recent years. Legislation to require consideration of ISD as an approach for reducing security concerns at chemical plants has been introduced in every session of the U.S. Congress since at least 2001, most recently as the Chemical & Water Security Act of 2009 (H.R. 2868), which was passed by the House of Representatives on November 6, 2009. The Senate will consider that bill this year (see "Anti-Terrorism Mandates Face Major Revision
"). Also, New Jersey and Contra Costa County, Calif., require certain regulated hazardous-material-handling facilities to consider applicability of inherently safer technology (IST). Public interest, existing and potential regulations, and company and professional desires to design and operate safe facilities provide incentives for considering ISD/IST. But how do you actually do this for a real plant, either a new design or an existing facility? The Center for Chemical Process Safety (New York City) recently released the second edition of its landmark book on ISD , first published in 1996. The new edition boasts a greatly extended discussion of how to actually implement ISD, including several examples and case histories. It also offers significantly upgraded checklists and other aids. Levels of Inherent Safety
Over the years, considerable disagreement has arisen about whether or not a particular design feature of a process plant was "inherent" or not. Often the disagreement develops because people are looking at ISD from different perspectives. For example, from a high level viewpoint, an oil refinery can't achieve inherent safety because it must handle large amounts of highly hazardous materials. You can't avoid this in a refinery — the products are valuable because they contain a lot of energy. But that doesn't mean ISD doesn't apply. Used during detailed equipment configuration and design, it can eliminate or significantly reduce many risks within a process that still contains major hazards. You can classify levels of ISD as follows:
Get the Most from Including ISD in a PHA
Get the Most from Including ISD in a PHA These three tips can improve your results:
1. Make sure the entire PHA team understands ISD.
• Send them copies of this article and Refs 1 and 2.
• Take some time before starting the PHA to discuss ISD as a team.
• Show some practical examples of where your plant has incorporated ISD.
2. Have the PHA facilitator encourage the team to focus on the ISD hierarchy when making recommendations:
• First-order ISD (substitute, eliminate the hazard);
• Second-order ISD (minimize, moderate, simplify); and
• Finally, inherently more robust layers of protection.
3. Clearly document ISD considerations in the PHA.
• Local regulation may require ISD evaluation.
• Inherent safety features may be so integrated into a plant design that people will forget why they are there. For example, a vent pipe is routed to go more than 32 feet above a tank to make backflow by vacuum impossible. Will somebody who has to replace the pipe in 15 years know why it follows such a circuitous route?
• First-order inherent safety — eliminating hazards from the process altogether;• Second-order inherent safety — reducing the magnitude of a hazard, or making it extremely unlikely, perhaps nearly impossible, for an accident to occur; and• Layers of protection — making passive, active and procedural risk-management safeguards inherently more reliable and robust.An ISD "strict constructionist" might consider only first-order ISD to be truly inherent — you have entirely eliminated a particular hazard. However, this often is impossible to achieve. In contrast, many opportunities exist to design a more robustly safe plant by applying second-order strategies and even by using ISD thought processes during design of safety hardware and procedures that manage risk of major inherent hazards. Unfortunately, several myths have kept sites from seriously considering ISD (see sidebar). Implementing ISD
In an ideal world, plant designers and operators would think about ISD throughout the process design and operational lifecycle; specific ISD review tools wouldn't be needed. But, in the real world, most facilities already exist and ISD wasn't considered during their design, or companies and engineers aren't familiar with ISD and don't look for opportunities in process design. Specific ISD review tools can help overcome these problems. Chemical engineers have used three approaches for implementing ISD in new and existing plants: 1. An inherent safety analysis of a process using an ISD checklist;2. An independent process hazard analysis (PHA) for a plant focusing on ISD; and 3. A complete PHA of the plant with ISD considerations fully incorporated into the PHA discussions.ISD checklist analysis.
A checklist is a common PHA technique and can serve to identify ISD options. The checklist is best used in a team setting, with a variety of people familiar with all aspects of the plant and process considering the questions on the checklist. Treat it as as a "creative checklist" — in other words, use it to prompt creative thinking by the team, not just "yes" or "no" responses. Reference 3 includes an extensive checklist of practical inherent safety considerations. It's organized around four major ISD strategies as well as plant geography: • Substitute;• Minimize;• Moderate; • Simplify; and • Location, siting and transportation. The book gives more than 40 specific questions, many with additional considerations and sub-questions, providing hundreds of ISD ideas to consider for your process. Table 1 shows some examples. It's important to make sure use of checklists doesn't limit team creativity. No general checklist can identify every potential ISD option for a specific process — the review team itself will have more knowledge about the plant and should use the checklist as a tool to facilitate creative thinking about how to eliminate or reduce hazards. Independent ISD PHA.
This type of a review — also a team activity — focuses on specific hazards associated with the process and applies ISD strategies (substitute, minimize, moderate, simplify) to identify ways of eliminating or minimizing them. It uses one of the standard PHA tools (e.g., What If, Hazop) to pinpoint hazards but team discussion centers on ISD considerations. If, for example, the team finds a runaway exothermic reaction caused by water contamination in a batch reactor to be a hazard, it would look for opportunities to eliminate or reduce this risk. Some considerations might include: • Substitute — using a non-reactive coolant in reactor coils instead of water;• Minimize — removing all direct water connections to the inside of the reactor (for example, those to add water for reactor cleaning during shutdowns);• Moderate — evaluating chemistry or solvent alternatives that might reduce sensitivity of the reaction mixture to water contamination; and• Simplify — eliminating complex piping in the raw-material supply headers that increases potential for accidentally connecting water to the reactor.CCPS has published another useful tool for consideration of ISD . This book provides a series of tables of potential failure mechanisms for a wide range of process equipment and identifies potential design solutions, including inherent, passive, active and procedural approaches to managing risk.
Plant PHA incorporating ISD
Table 1: Sample ISD checklist questions
|Substitute||Can you completely eliminate hazardous raw materials, process intermediates or byproducts by using an alternative process or chemistry?|
| ||Can you get rid of in-process solvents?|
| ||Can you use less-volatile solvents or raw materials?|
|Minimize||Can you decrease hazardous material inventory by supplier management or strategic alliance?|
| ||Can you cut hazardous in-process inventory by direct coupling of process sections without intermediate storage?|
| ||Has the length of process piping containing hazardous materials been minimized?|
| ||Has hazardous material piping been designed for minimum pipe diameter?|
|Moderate||Can you operate the process at less-severe conditions (for example, lower temperature or pressure) with an improved catalyst?|
| ||Can you use hazardous raw materials at a lower concentration (for example, aqueous ammonia instead of anhydrous ammonia)?|
| ||Can you handle combustible solid materials as a granule or pellet instead of as a powder or dust?|
|Simplify||Can you design equipment so that it's difficult or impossible to operate incorrectly?|
| ||Can you remove piping that's no longer in use but remains in place?|
| ||Can you eliminate hoses, bellows and other flexible connections by using expansion loops and improved piping design?|
|Can the plant be located to minimize the need to transport hazardous materials (for example, adjacent to a plant that makes a required hazardous raw material)?|
| ||Can inventories of hazardous material on site be located to reduce potential impact on people?|
| ||Can you transport hazardous materials in a less hazardous form?|
My personal preference is to minimize (an ISD strategy!) the proliferation of process reviews that seem to be required by the many demands being made on plant designers and operators. Plants are asked to do PHA, reliability and maintenance evaluations, ISO certification reviews, and now it's suggested (or required in some jurisdictions) ISD studies. Many of these use similar techniques. Combining them as much as possible increases efficiency and yields a better review. All reviews aim to accomplish the same thing — excellence in manufacturing, which includes best possible safety, environmental performance, product quality, productivity, plant reliability and profitability. These multiple demands often result in design or operational changes that improve performance in several areas simultaneously — e.g., a change boosting reliability and profitability also may enhance safety. But this isn't necessarily always true. For example, collecting contaminated process vent gas from various pieces of equipment for treatment by a thermal oxidizer before discharge to the atmosphere may bolster environmental performance but introduce a safety hazard — a potential explosion in the vent gas collection system if organic material concentration is within flammable limits and an ignition source is present. So, it makes sense to consider as many of the competing performance demands as possible with a team having a broad understanding of the benefits and costs in all important performance areas. Incorporating ISD considerations into the plant PHA follows a procedure similar to that used in an ISD-specific PHA. However, the team doesn't restrict its recommendations to ISD but considers ISD solutions as one of many options available for managing hazards and risks. (See the sidebar for some tips.) When the team identifies a danger, it first seeks an ISD solution, trying to eliminate or reduce the hazard. It also considers other alternatives, including active, passive and procedural risk-management strategies. If the facility is located in a jurisdiction that requires consideration of ISD, it's important to clearly document evaluation of ISD. Understand Your Process!
Identifying and implementing ISD demands a thorough grasp of the manufacturing process. Obviously you must appreciate all the hazards of your current route and potential alternatives to eliminate or minimize them. But to identify inherently safer alternatives, you must have a fundamental understanding of how your process works and what physical and chemical factors are most important in controlling its behavior. Then you're in a position to properly determine process and equipment alternatives that optimize these important factors, minimizing the required size of equipment while improving control of the process and reducing or eliminating hazards. I can't overemphasize the importance of understanding what's important in controlling the process
— in general a plant that's under control is safe and will produce the desired product quality and quantity, maximizing profitability. As an example, consider a nitration process. Nitration chemistry can be very hazardous. The reaction usually is highly exothermic; loss of control can result in a runaway reaction and explosion. Products can be unstable and it's possible to get unstable byproducts if reactions are improperly controlled. For one particular product, a company developed a semi-batch process in which an organic substrate was mixed with an organic solvent and then a mixture of nitric acid and sulfuric acid catalyst was fed at a rate to maintain a specified batch temperature. Initial design called for a several-thousand-gallon reactor; reactant feed would take many hours. Because of the large reactor size, any runaway reaction posed major consequences. To consider ISD options, it was essential to fully understand what physical and chemical factors dominated this process. The actual chemical reaction was of little importance — the nitric acid and organic substrate reacted extremely rapidly once they contacted each other. Three things were really important in optimizing this process from both an inherent safety and economic viewpoint: 1. Large scale mixing.
The nitric and sulfuric acids were fed through a dip pipe into the batch reactor and had to be mixed throughout the several thousand gallons of vessel volume to contact the organic substrate. Poor mixing would result in large concentration and temperature gradients, prompting more side reactions, reduced purity product and lower yield. 2. Micromixing.
Nitric acid and organic substrate reacted quickly once they came into contact. However, the nitric acid was in an aqueous phase and the organic substrate in an organic solvent phase. What really controlled the rate of reaction was mass transfer from the aqueous to the organic phase. One factor that controls mass transfer is surface area between the phases — so designing a mixing system to maximize surface area (by providing many very small droplets of the aqueous phase) will maximize reaction rate. 3. Heat removal.
Because the reaction is extremely exothermic, rapid removal of the heat of reaction is required to maximize reaction rate and minimize reactor size. By knowing which process parameters are important, it's possible to design a reactor that optimizes them. A continuous stirred tank reactor with a few-hundred-gallon volume, an extremely high intensity mixing system and a large heat transfer area (from the reactor jacket and internal coils) was designed. The system was safer because the reactor was much smaller, product quality was better and raw material yield was higher. It probably would have been possible to reduce the size further with a plug-flow pipe reactor containing mixing elements. Similar technology, using an eductor as a reactor, has been used to make explosives. The Crucial Element
The key to implementing ISD in any plant, new or existing, is a basic and thorough understanding of the process. What are the hazards? What physical and chemical parameters control the process? Such knowledge should underpin your efforts to eliminate or reduce hazards. Tools and checklists are available to help you ask the right questions, so you can use your process knowledge to identify inherently safer process options. But, without that process understanding, these tools won't do the job on their own. Ultimately, implementation of ISD depends on process understanding — this is exactly what you need to design and operate the most efficient and profitable plant.
Dennis C. Hendershot is a process safety consultant based in Bethlehem, Pa., after having retired as Senior Technical Fellow at Rohm and Haas and principal process safety specialist at Chilworth Technology. E-mail him at [email protected].
1. Hendershot, D. C., "A New Spin on Safety," p. 16, Chemical Processing, May 2004, www.ChemicalProcessing.com/articles/2004/33.html.
2. Hendershot, D. C., "Rethink Your Approach to Process Safety," p. 36, Chemical Processing, September 2007, www.ChemicalProcessing.com/articles/2007/158.html.
3. "Inherently Safer Chemical Processes: A Life Cycle Approach," 2nd ed., Center for Chemical Process Safety, John Wiley & Sons, Hoboken, N.J. (2009).
4. "Guidelines for Design Solutions for Process Equipment Failures," Center for Chemical Process Safety, American Institute of Chemical Engineers. New York City (1998) (now marketed by John Wiley & Sons, Inc., Hoboken, N.J.).