Never Say Never ! - Tips for Safety Management

Safety oriented think pattern dictates that it should never completely refuse the  possibility of occurring some remotely expected seemingly highly unlikely but extremely harmful incidents.

These are the so called "low probability yet high consequence incidents".

Proper risk assessment procedures must be used to recognize such events. Even if it is decided not to implement any safety measures against such events at the current time, i.e. considering their remote possibility, it is still important to evaluate and document such possibilities together with associated assumptions made during the assessments. Sometimes, new data can emerge during later phases (by studies, new statistics, or by new cases) that might suddenly increase the likelihood of such events. Any previous study can then come in handy to readily reassesses such events and then proceed to design safety barriers against them. Also such documentation with relevant assessments and assumptions can be really useful for future safety design engineers to reevaluate when the plant (or the industrial environment) undergoes certain changes during its lifetime. Experience shows that some previously neglected scenarios can suddenly become highly likely when certain changes in the plant environment or operating conditions  happen over the time.

Components of Safety Management

An effective safety management system (SMS) should  be able to perform successfully with respect to the following key aspects,

- Recognize harmful events and understand their likelihood
- Prevent harmful events from happening
- Mitigate consequences of harmful events (if unable to prevent altogether)
- Plan and execute responses to harmful events when they unfold
- Restoration after harmful events

See the difference in "a management" and " a management system"

"A management" can fail even if  " a management system" is successful, when the management is unable to execute the "management system" they are supposed to follow.

Hence it is not only important that a correct management system is adopted but also to execute the adopted management system correctly.

Hot work Habitats

Hot work Habitats , or most often called as Welding Habitats are constructed enclosures within a potentially hazardous environment where ignitable gas can present.

Habitats are used for carrying out hot work such as welding, grinding, sand blasting, cutting or any other work which can generate heat sources which in turn act as ignition sources.

 Habitats can be used to perform essential maintenance or modification work within a live process plant environment without risking ignition of potential gas clouds around. Habitats allow such work to be performed without expensive shutdowns of entire plants. 

These habitats are constantly kept under over-pressure (positive pressure) conditions in order to avoid combustible gas ingress into the habitat environment.

Schematic of a hot work habitat

A welding habitat constructed around a pipeline (to be welded)

Continual Improvement Process (CIP)

A continual improvement Process (CIP) is an important concept used in Environmental Management Systems as well as in Safety /Risk Management Systems. 

The term “Continual” is slightly different from the term “continuous”. The latter is referred to something happening continuously, while the former is used to identify a process happening with “quantum steps” but move forward with the time.

It is extensively important that a CIP  related to the overall safety/risk management system is running during the life time of a plant. A plant is changing all the time due to modifications, changing process/operating conditions, and aging equipment, etc. So the Safety management system should be able to adapt to these changes and simultaneously improve it with the latest technology, guidelines, and case study experience. An ALARP (as low as reasonably practicable) process can be used to assess suitable CIP steps during risk management.

Containment failure of hazardous liquid chemicals

A couple of months ago, West Virginia (US) was in a state of emergency due to the leak of 4-methylcyclohexane methanol into river Elk, just about a mile upstream from a water treatment plant intake. It has been understood that domestic water supplies were contaminated by an unknown amount of the chemical.

4-methylcyclohexane methanol is used (as the major compound) in Froth-floatation processes for cleaning coal (to remove impurities from freshly mined coal).

We take this time to remind you of a few key safety aspects related to the containment of dangerous, toxic, or generally hazardous liquid chemicals in bulk quantities.

1. Assess the inherent risks of hazardous chemical storage tanks.
2. Assess the risks posed by the stored maximum quantities.
3. Get to know the maximum allowable storage quantities and other regulations stipulated by the relevant authorities.
4. Ensure that all employees, especially those who are working closely with the process system and the tanks, are aware of the danger posed by the spill of the chemical by containment failure.
5. Make sure that the storage tanks delivered by the suppliers are made according to the necessary engineering standards.
6. Take all necessary safety precautions (including engineering control, and safety functions) to avoid overfilling of tanks.
7. Perform regular visual inspection of tanks for small leaks, corrosion, cracks, bends, other anomalies on the surface, or other structural damages, blocked vents, etc.
8. If visual inspections are leading to suspicious conditions, take the tank out of the process stream immediately and empty the content. Call for a qualified inspection agency to carry out a full and detailed inspection of the tank.
9. Perform detailed tank inspections at predetermined regular intervals.
10. Strongly follow up actions on any recognized weaknesses or problems during such inspections.
11. CONSTRUCT A SECONDARY CONTAINMENT. During the latest West Virginia incident, it is being told that the capacity of the secondary containment has been exceeded by the leak and then the chemical has flowed out of the secondary containment too. THE SIZE OF THE SECONDARY CONTAINMENT MUST BE DECIDED BY A RISK ASESSEMENT JUDGING THE MAXIMUM EXPECTED LEAK RATE.
12. Prepare an emergency response plan for the worst case scenario, i.e. usually the rupture of the whole tank (or a combination of several tanks, if it is likely). Update the emergency response plan on a regular basis.

Depressurization and Blowdown

In the event of a process plant fire, or an impending fire /explosion /collision or any such threat, it is absolutely necessary that any gaseous or liquid hydrocarbons contained in pipelines or vessels to be transported out of the endangered area. This is intended for following reasons,

- To avoid vessel and pipeline rupture caused by heat weakening of the containment materials
- Rupturing vessels and pipelines generate projectile fragments which endanger people and also cause further damage to equipment and structure
- Combustibles containing in rupturing vessels and pipelines further fuels the initiated fire.
- Rupturing vessels may release toxic /harmful materials which endanger humans and the environment

If the involved hydrocarbon (or any such combustible /hazardous /or pressurized material) is gaseous, this removal process is called “depressurization”, and if the involved hydrocarbon (or any such combustible or hazardous material) is a liquid, then the removal process is called “Blowdown”. However it is noted that some people tend to use these two terms interchangeably (especially in Scandinavia).

Note that many process vessels have pressure safety valves (PSVs) which shall activate in the event of a high pressure development in the system. PSVs shall release pressurized material into a safer area if the predetermined pressure limits are exceeded.

But, in the event of a fire, PSVs can render useless due to the reason that a vessel can rupture at a pressure far below its PSV set point (and even under normal working pressure of the vessel) due to the reason that material strength of the vessel is severely reduce due to the heat exposure. That is why depressurization and blowdown (D&B) is very important irrespective of other pressure safety arrangements.

The depressurization and blowdown philosophy is a very important part of any Emergency Preparedness Plan related to a process facility that contains large quantities of combustibles or pressurized /hazardous materials. This plan should elaborate which areas /vessels to be depressurized in which sequence. Usually, a typical process plant’s depressurization and blowdown capacity is limited at a certain rate. Hence, the D&B process should be sequenced for different fire scenarios with mostly endangered areas are prioritized.

There are many considerations to be made when developing a Depressurization and Blowdown Philosophy. We will discuss some of these aspects during forthcoming posts.

A fire ball 

Noise Measurements and Human Noise Perception.

Today we introduce a very important aspect related to noise level measurements. That is “decibel –A weighting filter”

Sound or Noise level in an occupational environment is a very important safety related measurement dictating the relative safety and the time duration that a person can safely work within a certain noisy environment. Therefore sound pressure level (in dB), often referred as the noise level,  have to be measured whenever workers are suspected to be exposed to unsafe noise conditions in their working environment, or when we need to determine the maximum duration that workers are allowed to work within a certain environment.

Audible noise occurs at various frequencies throughout the 20 Hz – 20 kHz  frequency range (i.e. approximate audible frequency range for human hearing). But, (similar to many manmade microphones, and speaker sets), the human ear is not equally sensible to all frequencies within this audible frequency range. It has been discovered that human ear is highly sensitive to the sounds within the frequency range of 1 kHz to 4 kHz, while human ear is less sensitive to sounds of frequencies below this range and also above this range. That means, humans can tolerate more loud noises outside this sensitive frequency range.

Due to the above mentioned reason, if we measure the total noise level in an environment using a measuring instrument without any “human like” adjustment, that measurement will not represent the actual noise condition perceived by a human.

So, acoustic engineers have developed various types of “noise weighting curves” (or “noise filters”)  to adjust the noise measurements in accordance with human perception of noise under different conditions.

There are several noise filters denoted as, decibel-A filter, decibel-B filter, and decibel- C filter (a rarely used decibel – D also existed). The graph in the image indicates the characteristics of above mentioned filters.

Out of these, decibel –A filter is the most common one and it gives a satisfactory representation of human sound perception at “not too loud” noise conditions. Many modern safety engineering standards also use this decibel – A weighted noise filter for their reference values. Hence many noise measuring instruments have incorporated this db-A filter into their instruments. What it really does is that the instrument automatically subtracts a certain dB level from the actually measured decibel level at each frequency (based on the A weighting curve  -see the graph). For example, at 100 Hz, the instrument shall reduce 20 dB from the measured noise level. Eventually the instrument will collect such adjusted dB levels for all measured frequencies and give you the total noise level as a single value with the unit denoted as db-A. (Remember, this is not a simple arithmetic addition process. You cannot just add 2 decibel levels together to take a summation. This is due to the fact that dB range is a logarithmic range, not a normal linear measurement unit. We will discuss this phenomenon further in future posts).

The image shows the characteristics of db-A, db-B, and db-C weighting filters.

HART protocol for process safety instruments

HART protocol is a vendor-neutral communication protocol used by many modern process plant equipment including Combustible Gas detectors, Flame detectors, Temperature, Pressure, Level and Flow Transmitters, etc. 

HART stands for Highway Addressable Remote Transducer. 
This communication foundation enables safety instruments to communicate their diagnostic information and other information such as remote calibration, clock setting, selection of calibration gas, operational history (such as installed date, current detection gas type, alarm history, fault data, temperature extremes faced, etc).

HART is a master slave arrangement where slave devices (field instruments such as detectors, process transmitters, actuators, controllers, etc) respond to the commands send by master devices such as a PLC controller or a PC.

A major aspect of HART is that HART devices can transmit digital signals on the same two wires used for typical analog communication (typically 4 -20 mA signal). This allows easy retrofitting of existing systems with HART enabled devices.

Alternative field digital communication protocols such as  Modbus, and Fieldbus, etc. exists.

One major advantage related to safety critical devices using HART is that HART communication allows continuous monitoring of diagnostic state of a field device. If a device become faulty, it can be immediately recognized by the monitoring system.

Continuous Fault Monitoring can enhance the Safety Integrity Level (SIL) of safety critical systems such as Emergency Shut Down SYSTEMS, Fire and Gas Systems, etc.

Picture shows a HART enabled Flame Detector

Valve Car Seals on Safety Critical Valves

Car seals in different colors

Car seals are simple locking devices (such as a steel cable strand or a plastic tie) used to “lock” (or seal) safety critical valves in a predetermined “safe position” (either “open”, “close” or an identified middle position).
Once a car seal is used, the valve position can only be changed by cutting and opening the car seal. (then this will indicate a possible tampering, or an authorized change).

Color coding of the car seal devices are sometimes used to easily identify the valve position (e.g. red for closed, green for open).

Car seal requirements on identified safety critical valves should be shown on respective P&IDs. (for examples: valves on a fire water mains line). Following notations are generally used with respective valves.

CSO – car seal is required at open position

CSC – car seal is required at closed position

Car seal put on a Valve's hand wheel

Bathtub curve of Engineering System Failures

Understanding the risk of failure of an engineering system is very important to avoid catastrophic accidents from happening due to the failure of safety critical items of an engineering system.

The following bathtub curve gives a general idea on expected failure potential through the life cycle of a system. The expected risk level will also behave accordingly, if necessary risk management practices are not followed ( including increased testing, observations, risk assessments, etc.).

As indicated in the “Bathtub curve”, the early phase of high failure risk can be due to many reasons such as  improper designs, untested technologies, use of unsuitable materials, lack of operator experience, etc. ).

Bath tub curve

Then the system enters a long period of reduced and steady risk level region where the system is quite safe as long as it is kept undisturbed (by not making significant changes).

Eventually the system will enter a rapidly increasing failure rate region. This is due to the aging of components and subsystems which are failed by wear, fatigue, corrosion, end of design life, or inability to properly maintain due to the old technologies or out of production parts. Manufacturers often end their warranty period before their product reaches this region.

While doing risk assessments, it is important to understand this general bathtub curve behavior of the engineering systems.