Looking at risk and basis of safe operation of process plants to prevent explosion, fire, and toxic release.

November 19, 2020

6 Min Read
Risk_Matrix_STONEHOUSE.jpg
Image courtesy of Stonehouse Process Safety

Paul Cartwright, D.Phil., chairman, Stonehouse Process Safety

Workers representative to manager: “You need to install grounding and bonding to every pipe section of this (all-steel) process plant. Static electricity is dangerous. There will be an explosion”.

Manager to workers representative: “I’ll look into it”.

What does the manager do next?

As process safety consultants, understanding risk and establishing why an industrial process can be considered safe (or unsafe) to operate is at the heart of pretty much everything we do. In this article, we look at risk and basis of safe operation of process plants. The thoughts and ideas here are geared towards preventing explosion, fire, and toxic release, but the concepts have wide reaching use with everything from vehicle speed limits to chemical plant location, from aircraft design to protection against Coronavirus. The decision makers should always be considering risk, acceptable risk, and mitigation measures that bring the risk level to tolerable, where needed. It is through this understanding that precious resources can be spent wisely and cost effectively.

Risk

When we consider explosion risk we think of its components: likelihood and consequence. Risk can be thought of as a product of likelihood and (multiplied by) consequence. So, if we have a likelihood range of 1 to 5, say, and a consequence range of 1 to 5, then we begin to make sense of risk.

Example: A powder handling plant designed without thought to dust explosion transmission from one process equipment to another (and so on) could have severe consequences for the safety of people, plant, and the business. A small fire/explosion event in one part of plant could result in the destruction of the whole plant and put people in danger--a potential existential risk to the business. Let’s give this a ‘5’ consequence rating. If on the same plant there has been no attention to explosion prevention (electrostatic ignition, cutting, welding, heat sources, etc.) then we may decide on a likelihood rating of perhaps 4 or 5, depending on the nature of materials being handled. On this basis we find we have a risk rating of at least 20 (i.e. 5 X 4).

The product of likelihood and consequence can be displayed on the chart above.

So, what to do with your risk number? The coloring in the table suggest how we begin to interpret the numbers we find. First, to note that the red, extreme risk sector is not symmetrical. Any risk assessment outcome that has a “severe” consequence is generally unacceptable, however unlikely. Consider here a plane crash where many people can be killed, or a nuclear powerplant failure, again putting many people at risk of serious harm. The red category is not acceptable to society and would not be allowed. For these scenarios, likelihood of incident is designed out as much as possible and safety systems may even be triplicated, should something go wrong. This can be contrasted with an event such as a regular fault, the consequences of which might be a few minutes of plant down time--higher likelihood but perhaps low consequence (green part of the chart).

Once a risk is identified then we must decide what to do about it. We are wanting to move from red towards blue by making changes to plant or operations. Buying and swapping a piece of process plant to solve a problem that is of low risk and low consequence could be doable, but its priority may be low if resources can be better spent on higher risk things in the short term. Installing an explosion relief panel on an otherwise unprotected process vessel can buy a lot a safety for little cost moving horizontally from right to left on the chart.

Basis of Safety

In process safety management, we believe in the concept of “basis of safety” that challenges you to decide how and why a particular operation is safe. For example, a process vessel could perhaps be considered to be safe if it is operated under an inert gas atmosphere by ensuring that the inert gas is at a level required to prevent a fire or explosion. Under such a condition even if there is high likelihood of an energetic ignition source inside the vessel, still there can be no fire or explosion. Looking back to the risk table, by adding inert gas protection we may have both decreased likelihood and reduced consequence. We have done this by establishing “inert gas blanketing” as the basis for safe operation. Note that the use of inert gas has not addressed the likelihood of ignition source occurring inside the vessel, but we have identified a clear basis of safety and we understand what we rely on to operate the plant safely.

There is a whole field of quantitative risk analysis (QRA) where an assessor will use hard data in an attempt to establish the “likelihood” – but although that can work well for major installations it is felt to be impractical for smaller process operations, and in any case, the likelihood data for many aspects of small unit operations is just not available. The risk assessment method that we describe above can perhaps be best called semi-quantitative, but it does rely on the assessor establishing realistic worst-case scenarios and being able to estimate likelihood of various failures (i.e. different ignition sources). Whereas this simple method works quite well if done properly it is clearly dependent on the skills of the assessor to come up with the right numbers.

Back to the original story.

Workers representative to manager: “You need to install grounding and bonding to every pipe section of this (all-steel) process plant. Static electricity is dangerous. There will be an explosion.”

Manager to workers representative: “I’ll look into it.”

What does the manager do next? He will consult his “go to” process safety specialist and ask if there really is an electrostatic risk and if it is necessary to have jumpers across every pipe flange on this all-metal plant. In many cases, the answer will be that such jumpers are not required (beware, there are exceptions). This is because the bolts that secure metal flange couplings together will provide good electrical connection between plant components, provided that they can make good metal-to-metal contact (no paint or rust). Grounding will be required, though. In most cases, the installation costs and ongoing maintenance costs of such jumpers is high; money can usually be better spent improving safety elsewhere. From a risk perspective, the likelihood of metal bolts failing to provide electrical connection between plant components is already very low.

And now the difficult bit: Manager must convey to the worker’s representative that their observations and comments on safety are always highly valued, but on this occasion, expert advice has been sought and no further action is needed.

In our work as process safety consultants we are constantly reviewing how our clients can reduce the likelihood of explosion at their facilities. We are also looking at what would be the effects (consequences) of explosion and how they can be safely managed. And we are establishing basis of safety for many operations.

Paul Cartwright, D.Phil., is chairman, Stonehouse Process Safety (Lawrenceville, NJ). For more information, call 609-455-0001 or visit stonehousesafety.com.

Sign up for the Powder & Bulk Solids Weekly newsletter.

You May Also Like