E Book
E Book
E Book
Application
The standard mainly applies to manufacturing industries particularly
those pertaining to chemicals, transportation equipment, and
fabricated metal products. Other affected sectors include natural
gas liquids; farm product warehousing; electric, gas, and sanitary
services; and wholesale trade.
It also applies to pyrotechnics and explosives manufacturers
covered under other OSHA rules and it has special provisions for
contractors working in covered facilities.
In each industry, PSM applies to those companies that deal with any
of more than 130 specific toxic and reactive chemicals in listed
quantities; it also includes flammable liquids and gases in quantities
of 10,000 pounds (4,535.9 Kg) or more.
Process means any activity involving a regulated substance,
including any use, storage, manufacturing, handling, or on-site
movement of such substances, or combination of these activities. A
"covered process" is a process that contains a regulated substance
in excess of a threshold quantity (40 CFR 68.3).
The key provision of PSM is process hazard analysis (PHA) a
careful review of what could go wrong and what safeguards must be
implemented to prevent releases of hazardous chemicals.
The second word in the term PSM is Safety. Initially most of the
concerned companies were focused on the need to meet the safety
regulations and to reduce safety incidents related to process upsets
and hazardous materials releases. However the role of PSM has now
increased to encompass a much wider canvas. PSM is now
becoming a more and more crucial part of Operational Integrity and
Excellence programs in many companies.
When used in process facilities safety can have three connotations:
Technical safety, Process safety and Occupational Safety.
Technical safety implies safe engineering and design of the facility
and equipment. It is obvious that it is considered in the initial
stages of a design.
Process Safety as we have seen is focused on process-related
events that have high consequences. So what is a PSM event? The
Center for Chemical Process Safety (CCPS 2007b) defines it as:
It must involve a chemical or have chemical process
It must be above a minimum reporting threshold
It must occur at a process location
The release must be acute, i.e. it must occur over a short
period of time.
The third word is Management.Here a manager implies any person
who has some degree of control over the process, including
operators, engineers and maintenance workers. Use of the word
management also means that PSM is not just about equipment and
instrumentation, but also covers issues such asEmployee
Participation, Operating Procedures and Management of Change.
Important Features
Some of the more important features of a process safety
management system include the following.
Participation
PSM is not a management program designed exclusively by the top
management. Here management implies management of the facility
under consideration by the concerned employees. So all managers,
employees and contract workers are responsible for the successful
implementation of PSM. The top management will design the PSM
along with representatives from the concerned workers and
operatives. They will be involved in its implementation and
improvement because they are the people who know the most
about how a process really operates, and they are the ones who
have to implement recommendations and changes. PSM is
fundamentally a line responsibility.
On-Going
5
Hence, even though the stated PSM goal may be zero accidents, in
practice, management has to determine a level for acceptable
safety and for realistic goals.
4. Operating Procedures
Requirements: Develop and implement written operating
procedures that provide clear instructions for safely conducting
operations and maintenance. Operating procedures shall be readily
accessible to employees. The operating procedures shall be
reviewed as often as necessary to assure that they reflect current
operating practice. The employer shall certify annually that these
operating procedures are current and accurate.
Develop and implement safe work practices to provide for the
control of hazards during operations such as lockout/tagout;
confined space entry; opening process equipment or piping; and
control over entrance into a facility by maintenance, contractor,
laboratory, or other support personnel. These safe work practices
shall apply to employees and contractor employees.
It is essential that there are written operating procedures for the
following phases and that they are strictly followed.
10
Initial startup
Normal operations
Temporary operations
Emergency Shutdown
Conditions when emergency shutdown is required
Assignment of shutdown responsibility
Emergency Operations
Normal shutdown
Startup following a turnaround, or after an emergency
shutdown.
Steps required to correct / avoid deviation
Operating limits and consequences of deviation
Health and Safety Considerations
Built-in Safety Systems
Hazard Control for non-routine tasks (i.e. Line breaking,
Confined Space Entry, Control over entrance into a facility by
support personnel)
5. Training
Requirements
Initial training:Each operator must be trained in an overview of
the process and in the operating procedures. The training shall
include emphasis on the specific safety and health hazards,
emergency operations including shutdown, and safe work practices
applicable to the employee's job tasks.
Refresher training shall be provided at least every three years,
and more often if necessary, to each employee involved in
operating a process to assure that the employee understands and
adheres to the current operating procedures of the process. The
11
6. Contractors
Requirements
Obtain and evaluate information regarding the contract
employer's safety performance and programs
Contract employers of the known potential fire, explosion, or
toxic release hazards related to the contractor's work and the
process to contract employers the applicable provisions of the
emergency action plan
Develop and implement safe work practices to control the
entrance, presence and exit of contract personnel
Evaluate the performance of contract employers in fulfilling
their obligations
12
13
15
Training
This is the most important aspect of PSM. The original equipment
and process gets a tremendous amount of attention by the original
Engineering and Construction companies. Then, once in the hands
of the owner and run for some time, the owners operators see
places where they think they can improve the original design. But,
the owners operators may not completely understand why the
facility was originally designed the way it was.To change the design
much care and focus needs to be employed to ensure that no booby
traps are incorporated by well-meaning individuals. So, whenever
MOC is needed it should be done with utmost care and inquiry.
16
17
18
19
20
PSM Leadership
This lesson explores:
How leadership, organizational culture, ethics and HROs relate
to PSM. The success of a PSM depends almost entirely on the
quality of the team. For any team to be successful leadership
is most critical.
How organizational constructs in structure, work processes
and systems can have direct effect on safety and profitable
performance.
How poor leadership can adversely affect process safety.
Aggressive management too is not ideal and can impinge
upon the safety outcomes.
***
The concept of leadership vis--vis PSM, ethics and culture is
examined. Required behaviors will become clear.
The most important aspect of PSM leadership is the absolute
necessity of right leadership. Without leadership any PSM program,
however well structured, is bound to fail in time.
***
The topics covered include:
Leadership interpretation and importance of ethics. Workplace
ethics needs to be the backbone in any organization. Being
ethical can add value to processes and help solve problems.
HRO High Reliability Organization and how an organization
can operate and safely manage processes with risk potential.
The relationship between leadership and ethics
1
Leadership
What exactly is leadership? Over the years the qualities and skills of
leaders have remained almost the same. However in todays
knowledge economy there is a subtle shift of power to the workers.
The leader has to have people skills to manage the workforce.
Warren Bennis, a contemporary leadership guru, emphasized the
difference between management and leadership. According to him
management is conducting, coordinating, being in charge of, having
responsibility for. Managers master routines and create efficiency.
In contrast,leading is influencing: guiding in direction, course,
action or opinion. Leaders acquire vision and judgment and become
effective. He says:
Managers are people who do things right, and
Leaders are people who do the right thing.
A manager has a set of goals (responsibilities), and set of tools
(authority) and they use the tools to accomplish the goals. A
manager reacts to a situation to correct it but a leader looks beyond
the immediate recovery, thinking if fundamental changes are
required.
Bennis says there are 4 strategies for a leader:
Organizational Ethics
Organizational ethics is not just the code of conduct of people
working in an organization but also the way they behave and
respond to situations. Culture, trust, processes, outcomes,
organizational character all contribute to ethics of an organization.
Sometimes if there is a question of an action that may be legal but
not necessarily ethical, it is up to the leadership to decide which
aspect it values.
What an organization valuesor cherishes are the core principles that
guide an organizations work. These values may not always be
formally stated but are intrinsically understood and followed by the
employees.
A Values statement that outlines the guiding principles of an
organization should be amongst the important policy documents.
Anorganizations values are an important part of its culture. Such
statements help define the principles and ethics by which
anorganization operates and can act as a paradigm for expected
behaviors during challenging situations. They help define what is
rightand wrong as well as the behaviors and perspectives that the
organization values.
A written code of ethics may be signed by all the employees. This
document should feature the ethics and standards of the
organization. It should also describe values that govern its
processes and operations. Non-compliance with the values may
invite some penalty. However just a formal document is not a
Embraces complexity
Shouldnt procedures be simplified? Why make everything complex?
Simply because business is complex, it is unpredictable and
inexplicable. There are no simplistic methods or systems. In fact
HROs do not unthinkingly simplify procedures and operations. They
accept that their work is indeed complex. Technology advances
have added to the complexity factor. As technology becomes allpervasive, it can help simplify processes. But the same technology
can have a greater potential to cause unexpected uncommon
catastrophes.
Systems can fail in ways that have never before happened. It is
necessary to be alert to the possibility of failures due to unseen,
unpredicted reasons. It is also good to explore and identify reasons
that may lead to failures in future.
Simple interpretations of complex situation can be dangerous.
Simplifications with a thorough knowledge of all the factors involved
are appreciated. This knowledge is the result of taking into account
diverse dynamics and exploring a variety of explanations, listening
8
Learning organization
Continuous learning is a core competency of HROs. They are
organizations that bounce back from any errors or near misses,
tougher and better. Learning from mistakes and thereby improving
their functioning is their intrinsic strength.
The climate of the organization created by the leadership is such
that people feel confident to reveal mistakes. The mistakes become
lessons, which can point to potential dangers and vulnerabilities
that may have been unobserved. Thus the learning organizations
focus on learning and not fault finding and blame game.
HROs learn from their own mistakes and also from others mistakes.
If they find some practices that help achieve better performance,
they do not hesitate to adapt and adopt!
In HROs dealing with hazardous processes it is not possible to learn
by trial and error method! So learning by other methods,
observing, imagining worst scenarios and devising methods to deal
with them, training for such eventualities under controlled
conditions are some alternatives.
Such HROs are continuously learning and moving towards a culture
of safety!
Forward focused
HROs have another quality forward focus!
The leaders of such organizations take their organizations to the
next level up and more. Their people are encouraged to think of the
future and bring it alive in the present. Not in just abstract thinking
but by keeping track of innovations in the field, new technologies,
new legislations, new environments and use all these to the
advantage of the organization.
Forward focused organizations are stimulated to think creatively
and have systems and processes poised to leap into the future,
ahead of others. They have the foresight and audacity to act today
for a better tomorrow. They keep pace with changing conditions and
are sometimes ahead of them. This adaptability to change qualifies
them as HROs
***
10
in the organization do the right thing for the right reasons. For this
to happen leadership is required. Only ethical leaders can promote
an ethical organization.
***
One of the most appropriate and useful safety models was the
DuPont Bradley Curve. The target is zero accidents.
This curve basically maps how the culture of the organization
impacts the safety of people, processes and productivity. The safety
culture depends on the maturity of the people towards safety. The
DuPont Bradley curve describes four stages of culture maturity:
Reactive, Dependent, Independent and Interdependent.
In the Reactive stage,people do not take responsibility for safety.
Safety is attributed to luck and not management. Accidents are
bound to happen is the attitude. Safety Manager looks after safety,
and compliance with rules and regulations. Top management is not
actively involved and safety is relegated to a lesser issu.
Unfortunately such lax attitude affects the productivity and the
profitability too, which is not at its best.
The management commitment begins at the Dependent stage.
Safety now becomes a responsibility of the supervisors. However
the emphasis is on discipline, and following rules and procedures.
There is no active involvement though necessary safety training is
provided. Safety compliance is due to fear of reprisal and because it
is an employment condition. However at this stage because of
safety awareness, productivity and profitability improve to an extent.
Accident rates decrease and management believes that safety could
be managed if only people would follow the rules.
12
safety with their own actions. The accident rates go down further
and profitability and productivity climbs higher.
Now the organizations and people are ripe for the Interdependent
stage. Here safety is no longer an individual issue but each person
feels responsible to their own as well as others safety. They
encourage others to conform to safety initiatives. They have an
active safety network and feel proud about their safety endeavors.
This is when the accident rate approaches zero and the productivity
and profits are at their best!
An organization can follow the DuPont-Bradley curve to achieve the
highest rates of safety. Understanding the psyche behind the
increasing safety culture stages, they can incorporate the safety
culture and sustained improvement in safety and productivity!
***
Kiel Centre
The Kiel centre has a safety model established on five maturity
levels vis--vis safety. The maturity level is based on ten elements
that incorporate the most common components of both theoretical
and measurement models. These components may differ from one
organization to another as the factors that signpost safety may be
different.
The ten elements are
1) Visible management commitment
2) Safety communication
3) Production versus safety
4) Learning organisation
13
5) Supervision
6) Health and safety resources
7) Participation in safety
8) Risk-taking behavior
9) Contractor management
10)
Competency
14
Apart from the above two there are a few other models that work
equally well for different industries.
Fords Health and Safety Program within its Corporate
Sustainability. Ford Blue Print for Sustainability Five key
material issues comprising Fords sustainabilityprogram
Lockheed Martin Energy Environment Safety and Health
Sustainability Report 2007 progressreport on meeting longterm sustainability program goals, including management
approaches tosafety and health
United Technologies Commitment Improvement Report
Highlight of the five key commitmentareas, including
discussion of safety performance indicators
Pfizer Environment Safety and Health Component of Its
Corporate Responsibility Report Overview of key
performance indicators as measure of performance goals
Dow Chemicals Health and Safety Program within its
Corporate Sustainability and Drive to Zero: Dow Chemicals
Injury Reduction Journey
BP Sustainability Review 2008 Includes reporting of safety
indicators from 2004-2008
***
15
In a culture of safety:
When managers see an unsafe condition they immediately act to
neutralize the condition. They take responsibility for the safety of
the employees involved, the environment, the equipmentin that
order. They do not indulge in blame game, but take actions to
minimize the problem with immediate effect. The analysis of the
cause of the condition, were there any lapses in the safety
measures, precautions, equipment, procedures is the next step.
Then measures are taken to avoid such a condition in future.
Learning from mistakes, mishaps, is the norm.
In such a culture managers balance safety and production. In fact
according to the safety models studied, it is evident that the higher
the safety culture, the higher the productivity. When employees
have safety ingrained in them, accidents do not happen. This feeling
of safety helps to increase production. Also time and man-hours are
not wasted. So productivity and safety go hand in hand.
Here individuals have zero tolerance for any risk however minor.
Risks are abhorrent to them. They take care to eliminate every risk
conceivable. Their workplace decisions are made based on zero risk
potential.
In safety culture, open and honest communication is essential.
There are clear guidelines on behavior to promote a positive and
safe workplace. Here leaders have a decisive role in promoting
safety and zero tolerance for risks. Their behavior ensures open
communication.
For workplace maintenance in a safe organization ensures legal
requirements. In addition to this a pro-active maintenance system
is in place. This includes controlling risks and accidents during
maintenance. Written checklists are followed. Maintenance itself is a
16
Other considerations
Right skill mix and staffing for the work?
Right work processes for the business?
Right work systems to support employees?
Right values and policies?
Right reward and promotion systems?
Appropriate board oversight?
Right organizational structure?
These considerations also affect safety. The leadership has to decide
the right skill mix and staffing for a work process. They have to
ensure right work processes and systems.
Values are what decide the culture of an organization. Values and
ethics of an organization impact the policies formulated by the
leadership. To maintain high standards of safety, the values of the
organization can be seen through its policies.
Just rewards and promotions also contribute to the culture of an
organization. The recognition depends on the company values and
policies, what are the key drivers of success.
17
18
They ask:
Whats So?
19
So What?
Now What?
The leaders want to know, they want to learn. That is why they ask
what is so? They are willing to challenge the status quo. They have
a propensity toward action, risk, curiosity, and courage. They want
their people to think now what? The status quo is questioned, now
what would be the next step? How to improve the present
condition? What actions can be taken?
According to Bennis, Leadership is a function of knowing yourself,
having a vision that is well communicated, building trust among
colleagues, and taking effective action to realize your own
leadership potential.
The leaders are eager and willing to make any relevant changes in
the policies to get better results. That is the quality that helps them
carry out changes if required. That is the key to consistently
execute well.
Difference in results is based on right values, a good plan, the
ability to course-correct, and to consistently execute well.
***
20
21
The Texas City BP plant had the worst safety culture. Over the
years, the working environment throbbed with resistance to
change, lack of trust and motivation. There was no sense of
purpose. Management and supervisors did not ensure that
safety rules were followed. Individuals did not feel confident
enough to suggest improvements.
There were no definite safety priorities set by the
management.
The organization was huge and complex. There were no clear
roles and accountabilities. Internal communication was poor,
especially during handing over duties.
Individuals had no clear concept of hazard awareness and
process safety. Consequently they took high-level risks.
Temporary trailers were placed too close to the hazards.
Given poor communication and performance management
process, there was neither adequate early warning system of
problems, nor any independent means of understanding the
deteriorating standards in the plant. For example, the alarms
did not work!
Incremental equipment costs were the reasons not to upgrade
to a safer system or replace unsafe equipment altogether.
Cost-cutting, failure to invest and production pressures from
BP Group executive managers impaired process safety
performance.
Earlier eight incidents of flammable vapors issuing from the
blow-down vent did not warrant corrective measures. These
were totally ignored.
The incident was very complex. Many interconnecting factors
amplified the intensity of the disaster. Operators started up the
raffinate tower and began filling with gasoline components. Timely
22
23
24
25
A clear communication line between the layers will improve coordination and motivation since employees know what is expected
of them and when.
26
28
29
30
Such employees will follow all the safety precautions and ensure
that all safety measures are in place.
The process safety performance metrics are evolving. BP now
monitors at the corporate level several leading and lagging process
safety metrics. BP also is working with external experts to review
process safety performance indicators across the company and the
industry.
Apart from the fact that the organization is paying more attention to
safety and the concerned regulations, even the regulating bodies
are stricter and are giving more attention to fulfilling all the
requirements.
As of 2011 it was difficult to predict the effect of all the measures
taken.
***
Ethics
People
Core values are the character of a company. These are fundamental
to what DuPont is, what DuPont does, and is viewed as essential to
firms sustainable growth.
Safety and Health
BPfollows the highest standards to ensure the safety and health of
employees, customers and the people of the communities in which
they operate.
Environmental Stewardship
They are environmentally conscious and protect the
environment.Environmental issues are an integral part of all
business activities. They continuously strive to align their actions
with public expectations.
Highest Ethical Behavior
They conduct their business affairs to the highest ethical standards
and in compliance with all applicable laws. They work diligently to
be a respected corporate citizen worldwide.
Respect for People
They foster an environment in which every employee is treated with
respect and dignity, and is recognized for his or her contributions to
the business.
***
DuPont 1978
Learning from its own tragedies
32
DuPont
Establishes goal of zero.
DuPont believes that a key aspect of human and worker rights is
the right to work in an environment that is safe and healthy. A
strong safety and health focus is the essential foundation for
successfully implementing a culture that seeks to integrate
sustainable development into the processes of the company. Safety
values are also critical in the successful transferring of new
technologies to developing countries. Support and respect the
protection of international human rights within the sphere of
influence- safe and healthy working conditions.
33
DuPont in 2010
Engineering organization of 1000
DuPont has its core competency: a strong research and
development basis.
For more than 200 years, DuPont has brought world-class science
and engineering to the global marketplace through innovative
products, materials and services. Their market-driven innovation
introduces thousands of new products and patent applications every
year, serving markets as diverse as agriculture, nutrition,
electronics and communications, safety and protection, home and
construction, transportation and apparel.
Today, DuPont is proud to build on this heritage by partnering with
others to tackle the unprecedented challenges in food, energy and
34
WSCO
35
Ethics policy
Ethics Policy
Operations focused
Executive experience
Executive experience
Investigates incidents
Investigates incidents
Interdependent
Calculative
As can be seen from the table, there are major differences in the
approaches of both the companies. The basic distinction is the way
safety is considered.
In SSCO safety is the core value. It is not the work description or
systems in practice. But it is the value that governs all the actions
in the organization. So safety is the basis of all activities old and
new in SSCO. It is the essential tenet and requires no explanation
or change. It automatically happens.
In WSCO safety is the first priority, but it is not ingrained in the
culture. It is considered first for any new activity.
At SSCO the core functions are Safety & Health, Environmental
Stewardship, Highest Ethical Behavior and Respect for People.
These functions are strong and through these the company has
grown and become a benchmark for safety. The commitment to
core functions was always there and has never changed. They are
more important now than ever before.
36
At WSCO the core functions are being built. It is a difficult task, but
they will get to a stage where strong core functions will support all
their endeavors.
Being safety oriented and people focused, SSCO has employees
preferring to stay with them for a long time. Most of the employees
are with the company throughout their active career. In case of
WSCO the number of such employees is considerably less.
Both have written ethics policies.
SSCO is operation focused. The operations must go on as continuity.
All efforts are towards that. At WSCO the focus is forming on
operations.
Both have executives with experience. Both are committed to
investing incidents, including near misses.
The employees at SSCO are at the most efficient stage in the
DuPont-Bradley curve the interdependent. Here every employee is
alert to his/her own safety and the safety of others. They are
always alert to hazards and risks to people, processes, property and
environment. The WSCO employees are at calculative stage. They
assess risks and respond to them.
***
Effects on business
Information moves quickly
Short-term focus on profits
Reduced OJT training and development
MOC of everything an issue
37
International opportunities
Loss of tacit information
Losing reverence for technical accomplishment
If a company has a good safety culture, the business has, most
likely, some of these characteristics:
Strong EHS performance
Smaller fines and fine levels
Better relationships with regulators and communities
Higher product quality
Reduced waste levels and waste treatment costs
More reliable and predictive operations and product outcomes
Strong cost performance
Time available to train people effectively
Able to attract the best performers
Reduced employee turnover
More satisfied customers due to higher reliability of supply
and quality
Improved profitability
38
39
When I ask for the budget to be cut, Im told its going to impact
safety on the Space Shuttle I think thats a bunch of crap.
***
40
What is a hazard?
What is a hazard? is an important question. Human beings can
instinctively perceive minor daily hazards. We will not dip our
fingers in boiling water! However when we talk of workplace
hazards, we need to define the word more precisely. That leads to
spotting the hazards and taking measures to mitigate them.
There are various definitions of hazards. The dictionary defines
hazard as an unavoidable danger, even though oftenforeseeable.
Also it can mean something that can cause danger, peril or difficulty.
Another source says hazard is exposure or vulnerability to injury or
loss of life or limb. It is something likely to cause injury or an
accident waiting to happen.In relation to occupational safety and
health the most commonly used definition is A Hazard is a potential
source of harm or adverse health effect on a person or persons.
Hazard means a situation that has potential to cause harm. The
situation could involve a task, an operation or handling chemicals or
equipment.
Hazard can be evident like a fast approaching vehicle. However in a
workplace hazards can be more devious for example, exposure to
potentially dangerous substances, working without proper PPE
around a process that involves dangerous chemicals.
Workplace hazards can be mechanical hazards, noise, bad
ventilation, faulty equipment, lack of proper training to use a
machine, misuse, system failures, chemical spills, etc. Most of the
hazards in a workplace can be and need to be identified. Those that
can cause serous harm or damage to people or organizations are
known as significant hazards.These are the ones that need serious
attention.
1
***
Why do we look?
We look and observe to prevent accidents or at least mitigate the
risk in case the situation is unavoidable.
We need to look out for hazards for our own safety and safety of
other people, property, and equipment. Most of us have intuitive
hazard sensitivity. For example while driving a car, we scan the
road, the traffic, hazard symbols, traffic signals, speed limits, and
other such elements without paying specific attention to any single
one. Only when one of these elements has a potential for hazard do
we pay extra attention. A good driver can see developing hazards
and takes measures to mitigate them.
In fact even if you are just travelling in a vehicle, you can spot
hazards. It doesn't matter if you are sitting on a bus or as
passenger in a car; you can observe the constantly changing road
situation.There may be many potential hazards infront of your
vehicle; some may develop into serious situations, some won't.It
could be a cyclist, a bend in road, jaywalkers, wet-slippery road
patches. We may not even be conscious of observing something and
reacting to avoid a developing hazard.
Similarly we look both ways before crossing a street. By doing this
we can perceive hazards and avoid them. We can for example see a
speeding vehicle and wait to cross thereby avoiding the potential
hazard. That means we do not let a developing hazard turn into an
actual hazard. It is very important to look and observe. What you
do not see and do not respond to may prove dangerous.
When the situation is something that we can control, for example
developing a chemical operation, we look carefully to make the
Radioactive sources
Radioactive sources are a boon for mankind, but can quickly turn
into a bane if accidents happen. Sources can be damaged,
compromised or lost.
Many types of radiation can be found in the workplace and in the
environment. Some are naturally occurring, for example, radon,
radium, uranium, and the sun (ultraviolet rays). Man-made
radiation include X-rays, CAT scans and magnetic resonance
imaging (MRI).
The human body cannot detect radiation. That's why exposure to
radiation can occur unknowingly and pose a health risk. Radiation
burns, cancer, harmful genetic mutations are some of the
aftereffects. Even the waste is damaging to humans, animals and
the environment.
That is the reason all radioactive sources need to be handled with
extreme care.
***
10
Check the hazards faced by operators, visitors, and others. Are the
materials used right, standard and safe? Is the equipment old and
needs replacement rather than maintenance? One potential risk
area is the lack of insulation of hot piping at levels where personnel
can get burnt.
Look for commissioning, operation, breakdown, repair and
relocation. What kind of hazards can happen? Look for likelihood of
entanglement, crushing, cutting, stabbing and puncturing, shearing,
friction, striking, high-pressure fluid, electrical or explosion. Ensure
proper safety precautions.
People
With respect to people look for staffing levels, experience, number
away, level of training, supervisory quality, organizational goals,
incentives, communications, shift turnover.
Hazards that people create include lack of attention, wrong
decisions, incorrect techniques, inappropriate equipment, hurrying
through the task, attempting task without proper training.
Check if the staffing level is right. Are there right numbers of the
right people, in the right place at the right time? Too many people
may be costly. There maybe decision and duty arguments. Too few
may create overtime and tensions. How many people are away?
Do the operators have the right experience and expertise for the
assigned task? Do they have proper training, and updates when
required?
Are the supervisors correctly equipped in training and authority to
carry out their expected roles? The traditional supervisor
represents a crucial, final link between planning a job and its
execution. In fact supervision is extremely important in influencing
11
the performance of the concerned teams. Look for and ensure right
supervision. Poor supervision may result in accidents.
What are the organizational goals? Are the people aware of them?
Do they have enough incentives to motivate them to work well? It
must be absolutely clear that Safety, Health and Environment are
top priority!
Spoken and written communication can be critical in maintaining
safety. This can include general communications in the form of
safety information, communications between team members or
between different teams during operations or maintenance work,
and emergency communications.
Communications are very important in a wide range of safety
critical tasks and activities such as lifting operations, emergency
response, entry to confined spaces, as well as coordination of
activities between different parties and organizations.
During shift turnover, between shift and day workers, or between
different functions of an organisation within a shift e.g. operations
and maintenance, communication is crucial. For continuity and safe
working relevant information has to be properly communicated.
***
Toxicity
Proximity
Operating Issues
Bypassed interlocks
Improper permits
Lack of discipline
Change & Subtle Change
Procedures not followed
Poor visual signals
Communications
Human Element (people)
Too many new
Too many untrained
Too many away
Alertness
Family problems
Weather
Leadership
Electrical Power
***
13
14
15
16
Flixborough, UK 1974
The chemical plant, owned by Nypro UK (a joint venture between
Dutch State Mines and the British National Coal Board) and in
operation since 1967, produced caprolactam, a precursor chemical
used in the manufacture of nylon.
The Flixborough Disaster was an explosion at the chemical plant
close to the village of Flixborough England on 1stJune 1974.
Residents of the village of Flixborough were not happy to have such
a large industrial development so close to their homes and had
expressed concern when the plant was first proposed.
Background:
The process involved oxidation of cyclohexane with air in a series of
six reactors to produce a mixture of cyclohexanol and
cyclohexanone.
The inquiry into the incident found out that a crack had appeared in
reactor number 5.The reactors were filled with liquid cyclohexane
under pressure at 155 C, through which compressed air was
bubbled to cause the reaction.
The plant was shut down and the reactor, one of a series of six, was
removed and a bypass installed to link reactor numbers 4 and 6.
The temporary bypass would allow continued operation of the plant
while repairs were made. This 50cm diameter bypass pipe was
designed by Nypro engineers who were not experienced in highpressure pipework.
Description of the Incident
The official inquiry into the accident determined that the bypass
pipe had failed because of unforeseen lateral stresses in the pipe
during a pressure surge. The bypass had been designed by
personnel who were not experienced in high-pressure pipework, no
plans or calculations had been produced, the pipe was not pressuretested, was mounted on temporary scaffolding poles that allowed
the pipe to twist under pressure and had not been reviewed by
appropriate chartered engineers.
Bellows were used to join the pipe to the 60cm reactor flanges and
crucially, because the gravity-assisted reactor series was built on a
slope, the pipe included a dog-leg bend to accommodate the
change in height.
The by-pass pipe was a smaller diameter (20") than the reactor
flanges (24") and in order to align the flanges, short sections of
steel bellows were added at each end of the by-pass - under
pressure such bellows tend to squirm or twist.
These shortcomings led to a widespread public outcry over
industrial plant safety, and significant tightening of the UK
government's regulations covering hazardous industrial processes.
(See COMAH Regulations).
During the late afternoon on 1 June 1974 a 20 inch bypass system
ruptured, which may have been caused by a fire on a nearby 8 inch
pipe. This resulted in the escape of a large quantity of cyclohexane.
The cyclohexane formed a flammable mixture and subsequently
found a source of ignition. At about 16:53 hours there was a
massive vapor cloud explosion, which caused extensive damage and
started numerous fires on the site.
This was the early indication that the US would need similar
regulations and OSHA was born shortly afterwards.
Any piping in such service needs to undergo a piping and flexibility
analysis to determine if the expansion with temperature has been
properly accounted for in the design. Additionally, the change in
pipe diameter must be accounted for in the pipe to account for
stress both during operation as well as during heat up and cool
down. Finally, the bellows incorporated in the system shows an
absolute lack of good engineering judgment. A bellows is intended
to accommodate a change in length, but without the possibility of
significant pressure of containment.
Consequences
28 people were killed in the explosion. The number of fatalities
could have been much more over 500+ had it happened on a
weekday.
Despite protests from the local community the plant was re-built
but, as a result of a subsequent collapse in the price of nylon, it
closed down a few years later. The site was demolished in 1981,
although the administration block still remains. The site today is
home to the Flixborough Industrial Estate, occupied by various
businesses and Glanford Power Station.
Whats Covered by PSM?
Process Safety Information
Mechanical Integrity
Employee Involvement
Hot Work
Management of Change
Operating Procedures
Incident Investigation
Training
Contractors
Compliance Audits
Trade Secrets
Focus on Technology
Objective
Perspective of PSM implications in Process TechnologyThe objective of this lesson is to evaluate the implications of PSM in process
technology. Chemical industry uses technology in processes to manufacture
chemicals that other industries need. However technology is always in a
state of flux, evolving and improving. So a business needs to assess and
implement the right technology for optimum performance. Periodic review of
technological advances whileevaluating your current products and processes
is a necessity.
Process documentation and other process safety information (PSI) are
crucial for PSM. Such documentation is a must for OSHA and other
government authorities as well as insurance agencies. It also has to be upto-date giving the current state of material balances and energy balances.
Appropriate reactor design and the most fitting reactive chemistry are to be
considered. Quality control and ensuring the purity of incoming materials
and product streams will go a long way in ensuring product quality and
safety of the entire process.
Once again while changing or modifying either the product or the process,
review of all available technology and choosing the perfect one for your
requirements will help.
Proper risk management focuses on normal operations/conditions as well as
abnormal operations/conditions, equipment design, human factors, standard
operating and contingency procedures, maintenance operations, and facility
design and siting.
Solids handling?
New catalysts or other new items internal?
If you have operating history, use it!
Keep your rating simple: Effect on PSM is Low, Medium, or High
***
always.
If there are higher number of separationsin a process, it usually means that
there is more energy being fed into the process. Energy usually comes in the
form of steam, Dowtherm or cryogenic materials.Each of these can be
inherently dangerous within themselves.
So more process steps can mean increased potential for leaks and additional
corrosion, also increased thermal stresses with thermal cycling.
***
PSM is harder to execute when there are many recycle streams between
units. Higher number of recycle-streams means increased complexity in
startup, shutdown and normal operations. This happens because the units
become interdependent. If even one unit has an upset, it can directly affect
other units in the process.
At such times, for such processes, operations communication becomes
critical and alarm management needs more attention. Also during shift,
handing over-taking over actions, communication needs to be absolutely
clear.
***
more reactors imply more difficulty in keeping energy under control. This is
because even Control systems are critical and complex.
Selection of reactor type can affect the PHA, due to the amount of materials
present at any given time (CSTR, Plug Flow, Fluidized Bed)
***
Solids Handling
Process safety requirements are more complex when solids handling is
present in a facility.
are looked upon as harmless, yet can be explosive or poisonous under some
conditions.Solids in the process can cause wear, poor performance and
blockages in the equipment, which may lead to expensive shutdowns.
See this video of what can happen when common sugar is manufactured and
is mishandled:
http://www.csb.gov/videos/?SID=28
***
Or is it just a variation of the old one? If you choose to use new catalyst the
questions to ask are
Can the reactor coolant system handle raised temps?
Will the metallurgy work?
Will the relief system design still be functional?
Are operating margins eroded?
***
Operating History
In order to ensure your Process Hazards Assessment is set up for success,
collect records from the current operations. You have to
Note repeated excursions outside of safe operating limits from your
data historian
Interview operators and ask them what ops are particularly difficult
from their standpoint and why
Examine poor quality product and note conditions under which it
occurs
Examine any shift related abnormalities
Verify the status and the correctness of your operating procedures
***
Key Documentation
Key documentation in the process technologies falls into four distinct groups:
Process flow diagrams the fundamental material and energy
balances and flow rates in your plant
process
engineering,
mechanical
engineering,
manufacturing, and others (i.e. your customer for a third party sale).
Using the P&ID, the expert team goes from node to node in the
process looking at possible hazards (PHA meeting).
The same methodology is used until the whole process has been
reviewed.
There will be follow-up items (calculations, analyses, additional
information) that must be completed outside of the PHA meeting. The
PHA is complete when the action items are closed.
Everyone on the PHA team signs off on the completed PHA.
PHAs are important safety documents for a facility.
Verify the government regulations around frequency of review and other
requirements.
***
o Facilities
o Personnel
The technology elements have been discussed today.
Focus on Facilities
Objective
Perspective of PSM implications
Pressure vessel design
Control system
Safety instrumented systems
Relief systems
Maintenance
Pressure vessels are designed to operate safely at a specific
pressure and temperature, technically referred to as the "Design
Pressure" and "Design Temperature". A vessel that is inadequately
designed to handle a high pressure constitutes a very significant
safety hazard. Therefore pressure vessels are designed with great
care because rupture of pressure vessels means an explosion which
may cause loss of life and property.
A control system is a device, or set of devices to manage, command,
direct or regulate the behavior of other device(s) or system(s).
Industrial control systems are used in industrial production.
A Safety Instrumented System (SIS) consists of an engineered set
of hardware and software controls which are especially used on
critical process systems.SIS are specifically designed to protect
personnel, equipment and the environment by reducing the
likelihood (frequency) or the impact severity of an identified
emergency event.
Effective pressure relief and flare system design helps companies
meet risk-management goals, compliance requirements, and sound
business practices.
1
During the course of your career you may find yourself in lots of
different roles. For example, maybe you go on to be a design
engineer. You have a responsibility to ensure that the equipment
you design comply with regulatory laws. You may find yourself in a
Production Team Leader role in which case you have a responsibility
to operate the equipment within the regulatory requirements. For
example relief devices are added as a last resort safety device. This
doesnt mean that just because the relief device will pop you can
intentionally run the vessel at pressures higher than regulated nor
can you bypass the safety devices.
In plants it has actually happened that operators put a blank flange
in front of the rupture disk because they were tired of it popping all
the time. You may find yourself working as a reliability engineer in
the maintenance organization. In this case you are responsible for
ensuring that the equipment is maintained properly. You need to
understand what tests or inspections are required by local, state
and federal agencies and ensure these tests are completed on time
and any deficiencies detected are corrected immediately.
You might also find yourself working as a process engineer. This is
the group, in my opinion, who have to watch out for process safety.
Many times a process engineer doesnt understand or make the
connection to how what seems like a simple re-design or
modification to the process or equipment can impact a regulated
piece of equipment. Simple changes in the process like process or
temperature can result in operating a piece of equipment outside of
it design and regulated parameters.
Bottom line is that you must understand the operation and that
means more than just the process.
***
This is the inside of that vessel. You can see the damage to the
Teflon liner caused by what seems like a simple loose bolt. In this
particular case the vessel itself was not a coded vessel but rather
contained a highly hazardous chemical that would have been fatal
to anyone exposed to its leaking contents. So in this case the
equipment itself was not regulated but the process chemical within
it is PSM covered.
***
Design anticipations
Design should anticipate maintenance
Design should anticipate inspection
Design should anticipate startup/shutdown
Design should anticipate unsteady state operation
When you design equipment, knowing what goes on inside you can
anticipate the high corrosion areas and install inhibitors and
neutralizer addition points. Whoever you work for will have
guidelines to follow, but do not blindly follow them. Ask questions;
understand why you do what you do and think it through based on
the chemical engineering fundamentals. Similarly you should ensure
that your design anticipate inspection, both on-line as well as off
line. You know what you expect the design to do and on-line
inspection can help you get the assurance that, in fact, that is
exactly what is happening.
During start-ups of units, the preparation of the unit and startup
sequence will necessarily mean that the unit runs differently than at
steady state. Make sure you anticipate that from equipment as well
as people perspective. The last thing you want to do is design a
piece of equipment that you cant easily startup. So, again, you
anticipate. Will water be a problem, where will it move to/from,
7
how will it be eliminated from the system, how can you verify? Get
the point?
Unsteady state operation is pretty similar to startup. But, and
heres the big difference it will be from steady state operation
how does that get recognized by the operators and how can they
recover. If you anticipate that and built that recognition into the
design you will be rewarded by a unit that just may run.
***
where the liner had already failed. Had this vessel been placed in
service not only would a premature failure have occurred but being
a pressure vessel the potential for it to have been a catastrophic
failure was very high.So this is an example of where the inspection
before the vessel was actually placed in service was absolutely
critical.
***
This is the same vessel as in the last photo and you can see the
additional contamination to the bottom head. Again this was
detected before the vessel had ever been placed in service.
***
while on stream. In this case she needed to shut down the unit and
re-tray the tower as well as fix corrosion damage.
***
problem since the reaction rate slows down as the process moves
through the reactor. That is, of course, unless a contaminant causes
the reactor to become exothermic.
But, if its an exothermic reaction, which means as the temperature
goes up so does the reaction rate go up. So, what is in place to
ensure that the reaction is controlled, how do you remove heat,
how do you ensure that the reaction does not become autogenous?
All of these issues need to be addressed in the design phase and
not after the unit has had a process safety incident. So, understand
the reaction kinetics, is the reaction regime stable or at a plateau?
Where the unit will run? Critical knowledge if you are to do your job
well.
Moving on to a distillation column, this should be simple, but again
remember the contaminants, corrosives, and water. What to do
with them is the key. Even if they are not supposed to be there
at
some point in time they will be anticipate and design for it. Its
cheap when its on paper, when it is steel and concrete the costs
rise.
Heat exchangers are mentioned since early last year a refinery in
the Northwest had an explosion due to a failed heat exchanger that
took the lives of an entire crew. Proper inspection and maintenance
would probably have prevented that tragedy.
Settlers, flash drums are indicated since they have high probabilities
of having water at an interface and hence increased chances of
corrosion. Keep those possibilities in mind when designing,
operating, and maintaining them.
***
12
Operating procedures
Startup
Shutdown
Emergency Shutdown
Startup after and emergency shutdown
Routine operations
This will be an overview of procedures, more later in the PSM
course, but to get you thinking about their importance, detailed sets
of instructions for these areas are the basis for a smooth running
facility.
The most critical time in a units life from a process safety
standpoint is start up. 80% of the process safety incidents occur
during startup and 80% of the most serious events occur during
quickie startups after an unexpected shut down. Sothat is where
patience and knowing exactly where the unit stands is the first step
to a successful start up. Everyone is in a hurry to start the unit up,
but the smart managers will make their haste slowly. Never ever
forget those thoughts, when starting up a unit after an unexpected
shut down, make your haste very slowly and methodically.
***
13
This is a photo of the oil reservoir of the gearbox. If you look closely
you can see the oil looks very light in color and not as viscous as
you would expect oil to be. In this particular case water made it to
the reservoir because of poor operating practices.The operator
decided to flood the vent system with a high-pressure water hose to
clear a plugged vent line. Needless to say the damage caused by
not following proper procedures resulted in a very costly failure.
Rust was present on the gear teeth and shaft when inspected. It is
sure when this system was designed the engineer did not anticipate
an operator would use a high-pressure water hose to unplug a vent
line.
***
Control systems
Anticipate steady state operation
What about start ups
Fail safe positions
Documentation
Automatic actions
Safety Instrumented Systems
14
Control systems are what make the unit run day to day. Automatic
controls are best at maintaining steady state conditions. We will not
be going into how control systems are designed, but address their
function from a high level on what they do.
Some control loops are linked to other control loops in some fashion.
They can be on ratio control, reflux control, and so on. The key
issue is that control loops always are running in steady state
operation. That means that during startups the control loops must
be put on manual and adjusted by operators as conditions change
during the startup. Heres the rub the operators just might get
distracted during startup. All units have alarms in place to let the
operators know when conditions are outside of the expected, but
again, during startups everything is outside of expected conditions.
Clearly then startups are the time when attention to details and
knowing just what goes on and where is critical.
Fail-safe positions are just what they sound like. If all else fails the
unit will go into a shut down and failed safe position. Anyone can
easily shut down a unit by simply removing power to the control
system and all of the valves will safely go to their fail-safe position.
We design units to fail-safe. It cannot be emphasized enough that
documenting what the fail-safe position is and why is that position
is sacred. It must always be clearly documented and easily
retrieved if you do your job well.
As control systems and computers become more sophisticated the
control systems can be designed to have automatic actions. Say, if
a piece of equipment shuts down and a spare is available, that
spare can be set to automatically startup. Virtually every unit has
spare pumps set up in this manner. Similarly compressors can be
set up to do the same. This helps with reliability of the unit and
prevents major unit shutdowns.
15
16
17
***
Relief Systems
Flares
Purges
Oxygen free
Worst case scenario
Process in place to ensure open path
When all else fails then you must rely on the units relief systems.
Generally this consists of a flare or two. In large facilities this could
involve a number of flares.One unit had two flares for just five units.
The entire refinery consisted of 11 total flares. When a vessel, be it
a reactor, a settler, a distillation tower, or whatever, is under
excess pressure,rather than overpressure the vessel and risk a
catastrophic release, devices called relief valves open and release
the excessive pressure into a closed system that leads to a device
called a flare that always has a flame at the point of release to the
atmosphere to harmlessly burn off the offending material.
Since the flare will always be a source of ignition it is incumbent to
keep the upstream system fuel rich meaning keep the oxygen OUT.
So a positive slight purge will always be maintained on the system.
Generally the flare system will be designed for a worst case
scenario, meaning every unit lets loose at the same time. This is not
a rare occurrence.
So, with that as a background, things to remember about relief
systems are that they will plug, foul, choke up, and generally try to
not work. So the PSM approach of anticipating what could go wrong
comes up here and is critical. Know your system, what could foul it,
what could plug it, and what could block the relief path. Anticipate
and put systems in place to prevent their occurrence as well as a
18
Maintenance Culture
Reactive
Proactive
before executing
aspect
problems
Little to no predictive/
19
preventative technologies
technologies
accident or injury
an accident or injury
20
This is a clip of fan base weld that had cracked. This could have
been detected and corrected long before it reached this point. This
failure didnt occur overnight either. Sadly many people probably
walked by this day after day, never noticed it and never reported it.
***
21
22
23
The picture on the left shows the half pipe coils that encircle the
reactor that began to leak.
The picture on the right shows the crack pattern inside the reactor,
revealed by dye checking. The cracks are evenly spaced and seem
to initiate at the welds of the half pipe coil to the shell, running
vertically in both direction from the weld until they stop.
A piece of the leaking pipe was removed and sectioned for
metallographic examination. The instantly recognizable pattern of
chloride stress cracking was apparent in the metallographic mounts.
It appeared the process chemists had made a change, essentially
boiling and concentrating chlorides in the reactor. After many
batches, it was a recipe for chloride cracking which manifests itself
at the highest residual stress areas, i.e., opposite the half pipe coil
welds.
***
24
Summary
Regardless of you job function know what is PSM covered.
Know what is considered coded by the state you are in.
Even the most seemingly small change can cause a major
catastrophe.
Safety and reliability go hand in hand. Safety isnt the
responsibility of the safety department and reliability isnt
the responsibility of the maintenance department.
25
***
Homework
Write one page on how better maintenance and ops procedures
could have changed the outcome of the event.
26
Roadmap
Quiz learning from homework
What is PSM?
Elements/Examples of a PSM system
How Risk Matrices and PSM work together
Quiz
We have reviewed the Texas City Hazard in one of our previous
lessons. List out as many hazards as you can possibly remember.
Time: 15 minutes
What is PSM?
As we have seen PSM is a management system, employing the use
of elements, that, when used correctly, prevents the release of
1
PSM Models
With its cross functional character PSM system is very complex,
including research, engineering, construction, manufacturing,
maintenance, training and sourcing. The structure of PSM is based
on 14 key elements divided into three groups: Technology, Facilities
and Personnel. To simplify the understanding, PSM is plotted as
PSM Wheel.
Many companies have graphics to demonstrate PSM elements.
There are two models well known in the industry. The DuPont wheel
and the Suncor wheel.
Not only the organizational workers but also the contractors and
their workers have to share the awareness about hazards and
safety management.
Safety Instrumented System (SIS)has to be in place and
regularly checked. SIS consists of an engineered set of hardware
and software controls which are especially used on critical process
systems. For such systems any operational problem occurring will
mean it needs to be put into a "Safe State" to avoid adverse Safety,
Health and Environmental(SH&E) consequences.
A Safe State is a process condition, whether the process is
operating or shutdown, such that a hazardous SH&E event cannot
occur. The safe state must be achieved in a timely manner or within
the "process safety time".
A SIS is designed to respond to conditions in the plant which may
be hazardous in themselves or if no action is taken, could eventually
give rise to a hazard, and to respond to these conditions by taking
defined actions that either prevent the hazard or mitigate the
hazard consequences.
Both proactive maintenance tasks, preventive (PM) and predictive
maintenance (PDM)have to be carried out regularly.
Preventive maintenance is a scheduled task carried out at predetermined time based on the number of hours for which equipment
has operated together with statistics and historical data for
different types of equipment and their need for maintenance. It is
assumed that a machine will degrade within a time period that is
common for its type. Mean-time-to-failure (MTTF) statistics can
determine a preventive maintenance management schedule to
include inspections, repairs and rebuilds.
10
11
Risk Matrix
12
The figure illustrates basic Risk Matrix. The risk matrix records the
level of risk, which is determined by the relationship between the
likelihood of a hazard occurring, and the consequence of the hazard.
This is recorded as either a numerical or an alphabetical code. The
relationship between likelihood and consequence determines how
dangerous the hazard could be.
In the above matrix the left bottom is the sought after position. The
frequency of hazard as well as the consequences are approaching
zero. The dark red zone indicates high-risk area. In the middle is
gray area. This is subjective and each organization needs to assess
and evaluate the zone.
Here is a typical risk matrix that is self-evident. The red zone has
higher severity of hazards with more likelihood of incidents. This is
not acceptable. Immediate action is required; this level of risk
needs detailed research and planning by senior management.
13
The green zone has acceptable levels of risk and should not need
specific resource allocation. A part of this zone bordering the yellow
area can be managed by routine procedures and employees under
supervision.
The yellow zone indicates acceptable risk with mitigation. It requires
management attention in a reasonable timeframe to prevent or
reduce the likelihood and severity of an incident. Control action of a
short-term nature may need to be taken immediately so that work
could be carried out with further long term action to ensure that the
hazard was fully controlled. Consistent use of a risk matrix to
prioritize all risks at a location gives management clear guidance to
utilize available resources in the most effective manner to move the
facility to a lower risk profile of operation.
14
15
16
17
18
Summary
Risk management involves both top down and bottom up
management
Better firms look at risk from both directions
PSM is a key component of the risk reduction system
Risk management is inexact and usually misunderstood; risk
is always changing
As we have seen, risk needs to be managed from top to down
through risk matrices and from bottom up through realtime
feedback and PSM system.
Best Practice Organizations are completely aware of risk
management and look at risk from both directions.
19
Homework
Read Chapters 1 and 2 in RBPS text
Google search and read about James Reasons work on
managing infrequent, yet catastrophic events
In particular study Reasons Swiss Cheese model, and
think about how this model and PSM models fit together
20
Objective
Study, in some Detail one of the several Methods of Hazard
Assessment
Recognize you may be asked to use a different method
Hazard Analysis:
The world is made up of systems and risks. With any system or
process, there is a risk of hazards and accidents. System safety
implies effective risk management is the identification and
mitigation of hazards. For this hazards have to be identified and
2
then risk analysis done. That is why hazard analysis needs to be
done periodically to systematically evaluate facility and process
hazards. This is to ensure safe operations, teach new workers,
control hazardous materials, and much more.
There are a wide variety of hazard analyses methods. Sometimes a
basic gross analysis needs to be done for choosing the most
appropriate method. Here are some methods, which are OSHA
guidelines. We will be studying most of these methods during this
course.
WHAT - IF Checklist: The what - if checklist is a broadly-based
hazard assessment technique that combines the creative thinking of
a selected team of specialists with the methodical focus of a
prepared checklist. The result is a comprehensive process hazards
analysis that is extremely useful in training operating personnel on
the hazards of the particular operation.
Hazard and Operability Study (HAZOP): HAZOP is a formally
structured method of systematically investigating each element of a
system for all of the ways in which important parameters can
deviate from the intended design conditions to create hazards and
operability problems. The hazard and operability problems are
typically determined by a study of the piping and instrument
diagrams (or plant model) by a team of personnel who critically
analyze the effects of potential problems arising in each pipeline
and each vessel of the operation.
Failure Mode and Effect Analysis (FMEA): The failure mode and
effect analysis is a methodical study of component failures. This
review starts with a diagram of the process that includes all
components, which could fail and conceivably affect the safety of
the process.
3
Fault Tree Analysis:A fault tree analysis is a quantitative
assessment of all of the undesirable outcomes, such as a toxic gas
release or explosion, which could result from a specific initiating
event. It begins with a graphic representation (using logic symbols)
of all possible sequences of events that could result in an incident.
***
4
corrosion in an eight-inch diameter pipeline and thinning of the
pipeline.Consequently 20,000 pounds of C-3 hydrocarbons escaped.
A resulting vapor ignited causing a major explosion. Damage from
the explosion radiated one mile from the center of the explosion
and debris could be found as far as five miles. The explosion caused
a fire to burn for eight hours at the oil refinery before it was
brought under control. Chemicals that escaped during the explosion
resulted in cars and homes being covered by a black film. Seven
shell workers were killed during the explosion and 48 residents and
shell workers were injured. The explosion released 159 million toxic
chemicals into the air, which led to widespread damage and the
evacuating on 4,500 people.
Flight over the next day showed a LARGE black hole where the unit
had been. All the flare tips were burnt off while trying to control the
releases. The people there will never forget this event. The studies
afterwards yielded an area that has been generally overlooked in
the industry.
***
5
Incident Investigation
Emergency Planning and Response
Compliance Audits
Trade Secrets
These are the areas where safety assessment can be used PSI,
PHA, MOC, Incident Investigation, PSSR, Operating Procedures,
Training, Mechanical Integrity, Compliance Audits, Emergency
Planning and Response. We will be learning about these in details
later during the course.
NOTE: OSHA requires Employee Involvement! This becomes a part
of the organization and planning for and organization for the review
team.
***
Batch Reactor
6
Multiple components are loaded into the reactor and the reactor is
sealed. The temperature and pressure increase over time until the
reaction is complete. When finished, the product is removed from
the bottom and the top hatch is removed to wash out the reactor.
An incident occurred when an operator removed the top hatch and
was exposed to a hazardous chemical that was produced by a little
known side reaction that had occurred. A Study Team was
organized to do a HAZOP of this system and understand what
additional safety precautions needed to be taken.
***
Construction of a Probability and Consequences Review
Probability & Consequences for Operator Exposure to H2S
During Reactor Operation
H2S is very toxic, quickly reactive, and causes serious accidents. It
poses a very serious inhalation hazard. Prolonged exposure (for
several hours or days) to concentrations as low as 50-100 ppm can
lead to rhinal inflammation, cough, hoarseness, and shortness of
breath. Prolonged exposure to higher concentrations can produce
bronchitis, pneumonia and a potentially fatal pulmonary edema.
Consequence modeling refers to the computation of numerical
values (or their graphical representations) that describe the likely
hazards due to unforeseen loss of control over flammable, explosive
and toxic materials, with respect to their potential impact on people,
assets, or safety functions.
To illustrate the point have a look at the spreadsheet that details:
1. Potential problem areas.
7
When assessing a specific incident, a great deal of effort needs to
be given to generate the steps that could causean incident and the
elements of those steps that present the highest potential for such
an incident. These must all be addressed during the hazard analysis.
Color Pre
Color Post
Mitigation
Mitigation
Mitigation
Loading Reactor
Feed contains H2S
Proper Ventilation not in Place
H2S monitor fails: Personal / Area
Reaction Step
Flange Leak
Mixer Seal Fails
Pump Seal Fails
Other potential Loss of Containment
Points
Emptying Reactor
Proper Ventilation not in Place
H2S monitor fails: Personal / Area
8
2. Probability it may occur.
Some companies have standard probability lists to work from. In
some cases, you will be asked to develop your own list of
probabilities that a particular incident may occur.
Spreadsheet 2 gives a sample probability list.
Ways to Express Probability
Ways to Express Probability
3. Consequences if it does.
Similarly, your company may have a standardized consequences list.
They may include additional categories.If asked, you may be
requested to develop such a list.
Spreadsheet 3 is an example.
9
Consequences
Consequences Increases ----->
People /
No Health or
Lost Time
Partial
Total
Health Issues
Injury Risks
or Slight
Injury or
Disability
Disability /
Health
Health
or Major
Fatality(s)
Problem
Problem
Health
or Severe
Problem
Health
Problem
Environmental
Negligible Effect
Major Effect
Localized
Major
MassiveDa
Issues
/ Confined to
on Neighbors
Release
Release
mage
Site
Adjacent to
Makes
Makes
makes
Plant /
Local TV
National
Internation
Complaints
Coverage
TV
al TV
and
Coverage /
Coverage /
Newspaper
Newspaper
Newspaper
Product or
Some Product
Several
Several
Important
Loss of
Service Quality
or Service Fails
Customers
Customers
/ Major
Substantial
to meet
Complain
Complain
Customers
Market
Standards
Verbally
in Writing
Cancel
Share due
Orders
to Problems
Asset or
Slight Damage.
Noticeable
Large
Major
Severe
Financial Loss
Less than
Damage.
Damage.
Damage.
Damage.
$10,000
Exceeds
Exceeds
Exceeds
Exceeds
$10,000
$0.1 mln
$1.0 mln
$10 mln
Company
Slight to
Loss of
Loss of
Loss of
Loss of
Reputation
Moderate
Reputation in
Reputation
Reputation
Reputation
Impact
the
in the
Nationally
Internation
Community
State
ally
***
10
Spreadsheet 4shows the total risk matrix when probability and
consequences are plotted against each other. Again, corporate
HS&E may provide this list to you but you need to understand how
it is generated. The color ratings MUST be set (or agreed to) by
senior company management. These rankings represent the amount
ofrisk the COMPANY is willing to take. As a professional or
experienced location staff member, you are obligated to make sure
the result is the best it can be.
Company
Areas
Consequences in Various
No
First Aid
Lost Time
Partial
Total
Health
Case or
Injury or
Disability
Disability /
or
Slight
Health
or Major
Fatality(s) or
Injury
Health
Problem
Health
Severe
Risks
Problem
Problem
Health
Problem
11
Environmental Issues
Negligibl
Major
Localized
Major
MassiveDam
e Effect
Effect on
Release
Release
age makes
Neighbor
Makes
Makes
International
Confine
Local TV
National
TV Coverage
d to Site
Adjacent
Coverage
TV
/ Newspapers
to Plant /
and
Coverage
Complain
Newspape
ts
rs
Newspape
rs
Some
Several
Several
Important
Loss of
Product
Customer
Customer
/ Major
Substantial
or
Customer
Market Share
Service
Complain
Complain
s Cancel
due to
Fails to
Verbally
in Writing
Orders
Problems
Slight
Noticeabl
Large
Major
Severe
Damage
Damage.
Damage.
Damage.
. Less
Damage.
Exceeds
Exceeds
Exceeds $10
than
Exceeds
$0.1 mln
$1.0 mln
mln
$10,000
$10,000
Slight to
Loss of
Loss of
Loss of
Loss of
Moderat
Reputatio
Reputatio
Reputatio
Reputation
n in the
n in the
Internationall
Impact
Communi
State
Nationally
meet
Standar
ds
Company Reputation
ty
***
Summary
You should have a good appreciation for systematic review
methods
You should have a good understanding of how to develop a
Probability & Consequences system for identifying overall
Risk / Hazard for a simple situation
***
12
Homework
Study the What If areas to explore and suggest additional
Categories and / or additional Sub-topics for either your suggested
Category or one of the existing Categories. Target a minimum of 5
to 10 suggestions (there are about 20 more in the full version of
this example).
Objective
Appreciate the Value of Check Lists
Understand where Check Lists fit into Procedures
Understand Fit for Purpose in terms of who generates and
who approves a Check List
Our objective today is to develop an appreciation of checklists and
how they can be used to reduce the possibility of hazardous events
occurring.
Checklists are the simplest yet most effective means of hazard
analysis. Checklists involve of using a detailed list of prepared
questions about the design and operation of the facility. The level of
detail is adaptable. The only limiting factor is the expertise of the
author(s) of the checklist! That is why the checklists must be
prepared byexperts who have conducted many hazards analyses
and who have extensive experience to do with the design, operation
and maintenance of process facilities. Even experience and
expertise backed checklists will not be all-inclusive. However
nothing should be overlooked.
Todays roadmap
Understand when a procedure might be required.
Know when to stand firm that a Check List be followed.
Understand how to develop a Check List; recognizing you will
likely require help.
Procedures area fixed, sequential set of instructions, to perform a
task or an activity, with definite start and stop points. Procedures
should be written with input from those who will implement them.
The person developing the procedure should be experienced and
must have expertise in the subject.
Checklist as we have seen is a list of routine activities to perform a
task that need to be carried out again and again. Checklists prove
very useful to do the task right every time, and to ensure
consistency and completeness in carrying out a task. Human error
can be avoided by using checklist.
Procedures may contain checklists. Checklists must have a
designated approval level, as must Procedures. If deviations are
Routine Operations:
Procedure for every unit operation
Procedure for operational changes
o Rates / Conversion / Product specifications
Explicate checklist for maintenance activities
o Hand offs between operations and maintenance
Discussion Topics:
Survey the plant for cap and plug compliance.
7
Summary
When is a checklist needed and when is a procedure with
checklists required?
Who is accountable for various levels of activities?
Who must set the tone in the organization so we get it right?
***
Homework
Would starting a car be best described by a checklist or a
procedure? (Recognizing we all pretty much have this activity
memorized)
Develop the required document.
Individual work. Extra credit for completeness.
safer alternatives. PHA can give them a clear idea about the
hazards in the process and they can incorporate safety into the
basic design so as to prevent or mitigate at least the known
hazards.
All ISDs have some potential to transfer of risk from one impacted
population to another. That is because ISD can be inherently safer
in the context of a particular hazard or maybe more. However it is
only a remote possibility that any technology will be inherently safer
with respect to all possible hazards. Any change in the technology
to reduce one hazard may impact other hazards, positively or
negatively.
Also though decision makers must be able to account for local
conditions and concerns in their decision, some technology choices
that are inherently safer locally may actually result in an increased
hazard when considered globally.
In addition to all these considerations, the technical and economic
feasibility also needs to be considered. If a correct technology is
located, then ISD is considered to be an economically better choice.
The means by which the hazards are eliminated or reduced are
incorporated in the basic design. Unless the process is changed
these cannot be changed. This safer design is simpler and will result
in cheaper plants as the cost and complexity of the hazard control
systems would be minimized. This cost includes both the initial
investment for safety equipment,and also the ongoing operating
cost for maintenance and operation of safety systemsthrough the
life of the plant.
10
11
and their consequences can have a negative effect upon the safe
and efficient operation of the plant. If considered necessary, action
is then taken to remedy the situation.
A review of the previous HAZOP action items is intended to catch
potential hazards that have been identified and ensure they are
corrected prior to startup of the unit. Many times a HAZOP will
have action items that can only be implemented while a unit is shut
down for a turnaround (TAR) and the PSSR review is intended to
double check that all have been put in place prior to the startup.
Many checklists are a normal part of a units life and reviewing them
prior to a startup is intended to, again, double check that they are
all current and accurate. Among them would be a list of validated
measurement devices (pressure, level, flow) high/low limits, fail
safe positions on control valves, critical corrective actions, critical
alarms, overspeed trips, and correct operating envelopes (limits).
During a normal run a part of the duty of the unit personnel is to
make sure all checklists are appropriate. If anomalies are found the
correction should be made as quickly as possible, however, as with
the HAZOP action items, sometimes a change must be made only
during the time when the unit is shut down.
Staffing plans for the units startup should be reviewed to ensure
adequate personnel are on the unit, operators, mechanical,
instrument/electrical, and supervision including the management of
the unit must be on site 24/7 until stable operations are sustained.
The plan should be in place and all affected personnel should be
clearly informed.
Finally, proper training of all affected personnel should be complete
and include training of the startup procedures with dry runs.
12
The PSM regulations do not prescribe how the end result should be
obtained, simply that the end result should be a safe operation.
13
Point 6: MSDS
Definition
Product Stewardship
Properties of material
Procedures to handle in a safe manner
15
16
17
Summary
Reactive Hazards
Inherently Safe Design
PHA & PHA Re-evaluations
Pre Start Up Safety Review
Operating Procedures
Material Safety Data Sheet system
Management of Change
18
Homework
Have students read selected overview material from the text for
each topic.
19
Chapter 10
Importance of SIS
Video of what happens with the bypass of an SIS
http://www.csb.gov/videoroom/detail.aspx?vid=8&F=0&CID=0&pg
=1&F_All=y
2
Slide 4
***
such as set points for pressure, temperature, level, etc. The title of
the standard is "Functional safety - Safety instrumented systems for
the process industry sector".Its objective is to define requirements
for SISs.
Scope: initial concept, design, implementation, operation, and
maintenance through to decommissioning. In itself, it is a life cycle
system and defines: SIS, SIL, SIF and SRS - (Safety Requirement
Specification).
An SRS documents the requirements detailed in the Safety
Standard IEC 61511. It outlines all the relevant safety requirements
for a product. It lays out the foundation to which a product should
be designed.
***
Slide 6
***
Slide 7
***
Slide 9
***
Slide 10
The SRS is the document against which all of the safety lifecycle
activities are verified and validated. As such, it is important that this
documentation be simple to use and sustain.
***
Slide 11
10
***
Slide 12
Design Issues
SIS comprises three elements: A Sensor, a Logic Solver and a Final
Control Element.
Sensorscollect required data to determine if an emergency situation
exists and if the equipment or process is in a safe state. Sensor
types range from simple pneumatic or electrical switches to Smart
transmitters with on-board diagnostics.
Logic Solvers decide the action to be taken based on the
information gathered. Highly reliable logic solvers can provide failsafe and fault-tolerant operation.
Final Control Elementimplements the action determined by the logic
system. This final control element is typically a pneumatically
actuated On-Off valve operated by solenoid valves.
It is absolutely essential that all these three components work as
designed to apply the control action required in case of an
emergency. However by understanding how they can fail, it is
possible to calculate a Probability of Failure on Demand PFD.
11
***
Slide 13
SIL Verification
Once the safety system is designed but before any safety functions
are implemented, the performance requirements of each safety
function must be verified against the documented requirements in
the Safety Requirement Specification.
12
***
Slide 14
SIL Verification
If the required SIL cannot be achieved with the initial design, some
options are:
More frequent proof testing
Add redundancy (i.e., initiating device, control system, final
element)
Install smarter device (i.e., HART smart transmitter or
transmitter vs. switch or relay, smart control valve with
diagnostics and feedback and position indication vs. basic
control valve)
13
***
Slide 15
14
*Courtesy of:
http://www.processengr.com/ppt_presentations/safety_instrumented_systems.pdf
***
Slide 16
***
Slide 17
15
That is why:
Tests must be performed at the frequency stated in the SRS
to continue the reliability of the SIF.
It should include the following information:
o Test procedure
o Test all bypasses, all individual initiators, and final
elements
o Results of all steps of the procedure
o Verification that process has been restored to normal
operation
Date of test and all personnel performing the test
Control logic version # (if available)
Results of entire test and any abnormalities found
*Courtesy of:
http://www.processengr.com/ppt_presentations/safety_instrumented_systems.pdf
16
Chapter 11
Objective
To familiarize you with another common hazard analysis technique
that you are likely to experience in Industry
Different system or problems require a different type of analysis.
Critical control and shutdown systems lend themselves well to this
Bottoms Up analysis since the reliability of the components is well
known. Soft issues cannot be easily assigned a mathematical
probability, will rely heavily on the Tops Down judgment of the
experienced members of the study team. Typically, large, new
plants will rely on a mix of techniques appropriate for the specific
situations. Management must decide what is appropriate and
typically does this through standards (guides) with input and
challenge from line managers and staff.
Bottom-up approach
What is FMEA?
Failure modes and effects analysis (FMEA) is a methodical analysis
of a design, a manufacturing or assembly process, or a product or
Link: http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis
RPN threshold should not be used as the prime prompt for definition
of recommended actions as the practice of prioritizing work on the
basis of RPN has no theoretical basis.
The FMEA has to be done for the entire process and/or design. Once
this is done it is easy to determine the areas of greatest concern.
The failure modes that have the highest RPN should be given the
highest priority for corrective action. This means it is not always the
failure modes with the highest severity numbers that should be
treated first. There could be less severe failures, but which occur
more often and are less detectable.
Recommended Actions
The RPN is used to identify items that require attention and assign a
priority to them. It is necessary for all critical or significant failures
to have recommended actions associated with them.
Recommended actions should be focused on design, and directed
toward mitigating the cause of failure, or eliminating the failure
mode.
Once recommended actions are determined, the next step is to
include targets, assign responsibility for completion of the action to
a specific person, and note dates of implementation. These actions
could be specific inspection, testing or quality procedures, redesign
(such as selection of new components), adding more redundancy
and limiting environmental stresses or operating range.
Once the actions have been applied to the design/process, the new
RPN should be checked to confirm the improvements. Whenever a
design or a process changes, an FMEA should be updated.
Recommended Actions (examples)
Meaning
Rating
1
No effect
2/ 3
4/ 5/ 6
7/ 8
10
9/ 10
***
Meaning
Rating
1
No effect
4/ 5/ 6
7/ 8
9/ 10
dissatisfied)
11
Meaning
Rating
1
Almost certain
High
Moderate
4/ 5/ 6
12
7/ 8
Low
9/ 10
Summary
You should understand the basics of Failure Mode and Effect
Analysis.
You should be able to apply FMEA to a suitable problem.
You should be able to understand when this method is not
applicable and recommend an appropriate alternative.
13
***
Homework
Fill out the matrix for the Nitrogen Tank Vacuum Mitigation.
Here is a spreadsheet that you can fill out!
14
http://en.wikipedia.org/wiki/Fault_tree_analysis)
***
Objective
An introduction to a more complex method of failure analysis
typically used in safety engineering.
The objective of any root cause analysis is to get to the
ROOT cause not just the superficialcause of failure.
***
Symbol
Logic
OR gate
AND
gate
Exclusive
OR gate
Priority
AND
gate
***
Logic gates
These are the various types of logic gates that can be used.
***
***
Much more complex example just so you can see that these can
become quite complex and time consuming to construct.
***
Summary
FTA is the analysis of a single fault in a system or a small portion or
sub-system.
By its nature, it is very detailed and time consuming and the results
apply only to the one single fault being examined.
***
10
Homework
When starting a car, you turn the key, but the car does not
start (Top Event). Generate a Fault Tree Analysis.
First row below Top Event (fails to start)
o Engine does not turn over.
o Engine cranks but fails to start.
o Engine tries to start but dies immediately.
Fill in the AND/OR boxes below these.
11
Analyzing Hazards
Analyzing Hazards
Simple Tank Problem
Tough Homework Problem
In this lesson we will learn Risk Analysis for a Simple Tank
***
Objective
The objective of this lesson is to illustrate from a simple piece of
equipment (a tank) how complicated the systems may need to be.
Heighten awareness that items that appear superficially simple may
require a more in depth, complex analysis.
***
Tanks:
Industry uses a variety of tanks such as storage tanks, feed tanks,
mixing tanks, etc. Tanks are thus a basic part of the industry.
Basic Tank
In the another similar case is where the tank is not pumping out
fast enough and the level is rising quickly, still between the low and
high level alarms, the tank could overpressure and rupture a seam.
This would lead to product spilling out around the tank. The
engineers decided to add an over pressure blow out hatch to
prevent rupture of the tank.
***
Summary
We should have learned something about tanks simple but with
some complexity.
We should recognize that every element on a plants P&IDs MUST
be examined no matter how simple they appear at first glance.
***
Homework
The tank is continuing to fill since production is exceeding shipping
capacity. The nitrogen blank system has closed since the pressure
setting has been exceeded. In this case, the manufacturer reliability
for the blow out hatch was not quite good enough to meet company
standards. The engineers COULD have added a secondary hatch but
conditions that cause one hatch to fail (say, freezing weather)
would also affect the second hatch. The Blow Out Hatch FAILS!
What is the next level of protection the design engineer (YOU) has
incorporated to avoid a catastrophic release due to tank rupture
along the vertical seams?
Answer:
An alternative safety system has to be incorporated to avoid spilling
product through rupture of a lower or vertical seam. What the
design team came up with was to make the welded seam between
the tank walls and the tank roof weaker so that during over
pressure, the highest seam would open first and relieve pressure
without spilling product. This is called a Frangible Roof Seam and
is common practice in the industry.
Due to filling and draining of the tanks, the vapor above the liquid
surface inside the tank may be within its flammability limits. Overpressurization could occur due to the ignition of this vapor and
could exceed the capability of the pressure relief vents specified in
storage tank design.
Emergency venting addresses the effects of an external fire in the
vicinity of the tank. Heat from fire exposure causes an increase in
the internal pressure of the tank that may not be adequately
relieved by normal venting. API 2000 (4.4.3) specifies that
Todays Roadmap
Hazards in the Lab/Pilot plant
Example & Discussion UCLA lab death
Summary
Homework
Combustibles in Labs
Another source of potential fires in labs can be the presence of
relatively large quantities of combustible materials. If combustibles
are required in the lab for daily usage, maintaining them in an
organized and tidy manner will help to reduce the associated risk.
State regulations for storage and handling of flammable and
combustible liquids must be scrupulously followed.
Good Laboratory Practices should be in operation in all research
labs. These good practices include the following:
Good housekeeping and tidiness.
Keep all aisles and exits clear of obstacles.
Reduce all tripping, slipping, and fall hazards.
All tools must have a designated/labeled storage space.
Label ALL equipment, materials, bottles, etc. with chemical
content and responsible persons name.
Material Safety Data Sheets (MSDS) must be available for all
chemicals in use in the pilot plant.
For all materials learn about:
o Flash points
o Auto ignition temperatures
o Explosive limits
Know evacuation routes.
Know where emergency contact numbers are posted.
Have reactive chemicals properly stored and well labeled.
Have appropriate personal protection equipment (PPE)
available and in good condition.
Hood airflows been checked within last year?
Some guidelines:
Use appropriate personal protective equipment at all times
Use laboratory equipment for its designed purpose
Confine long hair and loose clothing
Use a proper pipetting device, never directly by mouth
Avoid exposure to gases, vapors, aerosols and particulates
by using a properly functioning laboratory fume-hood.
Know the location and correct use of all available safety
equipment.
Determine potential hazards and appropriate safety
precautions before beginning new operations and confirm
that existing safety equipment is sufficient for this new
procedure.
Be certain all hazardous agents are stored correctly and
labeled correctly according to Workplace
Consult the material safety data sheet prior to using an
unfamiliar chemical and follow the proper procedures when
handling or manipulating all hazardous agents.
Follow proper waste disposal procedures.
10
But the required corrective action was not taken, records show, and
on Dec. 29 all that stood between Sangji's torso and the fire that
engulfed her was a highly flammable, synthetic sweater that fueled
the flames.
Summary
No matter where you work, Process Safety applies
Two key elements of PS in a lab are:
A. Flammability & toxicity
B. Cylinder and Equipment use/storage
11
Todays Roadmap
What is a capital project and why do companies invest?
Chemical process safety strategies
Capital project phases and PSM
Summary
Homework
Capital Investments
The first and the foremost part of thecapital investment process is
generating new ideas. Such ideas can emerge anywhere in the
company. From bottoms up, top down and from R&D. A new
product idea can come from either a new technology(discovered by
the technical side of the enterprise) or a new customer need
(discovered by thebusiness side). In either case, the technologists
and business people work together to come upwith technical
solutions and goals.
The bottoms up process might start from plant managers or even
operators. Many times a plant manager can see the potential of a
new project or of operating on a different scale or by a more
efficient method. Even plant operators could suggest using better
types of equipment for more efficient operation. After screening out
undesirable ideas, managers send the ones that appear to be
attractive to the divisional level, with supporting documentation.
Division management reviews such proposals and adds ideas of its
own. For example, division management may propose the
introduction of a new product line. Alternatively, management may
want to combine two plants and eliminate the less efficient one.
Such ideas are less likely to come from the plant managers!
Budget Phase
Capital budgeting decisions relate to decisions on whether or not a
long-term project should be undertaken, capital facilities and/or
capital equipment/machinery. Capital budget decisions have a
major effect on a firm's operations for years to come. It is a
complex process and there are five broad phases. These are
planning, analysis, selection, implementation and overview.
Budget phase is when a project has been selected and the
schematic design is proposed.
The primary goal of this phase is to develop a clearly defined design
based upon the projects requirements, as defined by the facility
program developed during Predesign. Project quality, scope,
budget, and schedule will also be confirmed and refined.
Process and technology is reviewed and developed and screening
done.
Preliminary process data is developed such as process flow
diagrams, heat and material balances, and simplified equipment
specifications.
Preliminary cost estimates (+/- 30%) and simple project
economicsare developed and suitable financial arrangements made.
Preliminary Process Hazards Analysis (PHA) completed and
environmental impact (including permitting) assessed for screening
alternatives. Risks are best mitigated by recognizing them upfront
and managing them throughout the entire project life cycle.
This is the phase when an early design PHA is scheduled. Various
safetystrategies are explored. At this stage inherently safer design
for building systems, site utilities, and components that will form
the basis for the projects Construction Documents. A final set of
comprehensive documents provides specifications and drawings
sufficiently complete to support the Contractors GMP, obtain
necessary permits, and construct the project.
Vendor quotations for major equipment and machinery arereceived.
Vendors and contractors must be thoroughly scrutinized in order to
ensure that they will be compliant with the expectations of the
owner organization, especially as it pertains to safety, health and
the environment.
Preliminary Process Hazards Analysis (PHA) completed and
environmental impact (including permitting) assessed. The typical
and common PHA methodology at this stage in the project is a
Hazard and Operability (HAZOP) study. The HAZOP type depends on
what is being analyzed. A procedural methodology can be used
when applying HAZOP methodology to operating procedures as well
as modes of operation.
PSM elements include applicable codes and standards, process flow
diagram, thermal/kinetic chemistry information, material and
energy balances, and materials of construction. Here facility siting
basis is set. Emergency response plans and procedures are begun.
The project schedule developed. Project monitoring and
management of costs and schedules are extremely important. A
detailed project execution timeline is set up.
Further budgetary cost estimate (+/- 10%) and project economics
are developed. The cost estimate has a single total value and may
have identifiable component values. A problem with a cost overrun
can be avoided with a credible, reliable, and accurate budgetary
cost estimate.Budget has two sides: income and expenditure; it
10
shows how funds would be raised and used. On the other hand,
estimate shows only the expenditure side.
Safety strategies (typical): ISD, passive, active are developed.
Including initial list of actions to resolve as design project
progresses and initial list of inherently safer design considerations
available for incorporation into the design
PSM concerns/deliverables: design conditions and materials of
construction; preliminary PHA and associated issues; preliminary
spare parts; accurate estimates for safety devices and equipment;
sufficient time in project schedule for safety reviews, calculations
and follow-up; tie-in points; neighbors; country and local codes;
complete documentation.
Authorization Phase
Once the process and technical requirements are established and
the PHAs developed and strategies finalized, it is time to prepare
and submit project authorization documents. In a large organisation
there are probably written procedures for the analysis and approval
of capital projects. There are forms for a particular kind of projects,
state requirements.
At this stage it may be possible to secure initial/partial funding to
commence project execution
12
13
14
***
16
17
18
19
20
Summary
In this lesson we have defined capital investment.
We have looked at safety strategies for addressing hazards in
chemical processes.
We have learnt about Capital project phases and associated PSM
concerns and deliverables.
We have understood electrical hazards in construction activity.
21
Introduction:
What is Process Safety Engineering?
Process Safety Engineering implies applying a thorough knowledge
about process safety including PHA to your engineering techniques,
and mechanical and process design. It involves identifying hazards,
evaluating risks (qualitatively and quantitatively), and helping to
zero in on identifying and evaluating cost-effective engineering
solutions to avoid or reduce the risks. These jobs must be
performed with complete knowledge of engineering standards,
human involvement, and most important a thorough understanding
of process safety and all its concerned elements as per OSHA.
Process Engineering Design Management is critical to delivering a
final capital asset that will meet the business objectives, cost
targets (capital, fixed and variable costs), operability,
maintainability and, MOST IMPORTANTLY, Health, Safety and
Environmental performance standards. While the discussion in this
section will focus on major capital projects, the basic concepts apply
to projects of all sizes including location specific minor capital
projects.
Technology Selection:
Technology selection is a crucial step in determining the long-term
performance of an operating unit. Performance is measured by
several factors costs, yields, capacity and HS&E performance.
The focus of this section will be on overall PSM Performance.
has been performed as needed. High risk items in the risk matrix
have been addressed to the satisfaction of senior management.
A NO CHANGE mindset is critical from this point on.
Management of Change:
It is recognized that all circumstances could not have been foreseen
during the PHA. Given there will be some changes, a rigorous
Management of Change system MUST be instituted. The goal is for
changes to be small in size and few in number. Never the less, ALL
changes must go through MOC. Typically, all changes must be
signed off by:
Project Manager Cost & Schedule
Engineering Discipline Technical correctness
Process Design Engineer Operability & PSM Issues (can
trigger mini-PHA)
Location Representative Maintainability & Operability
This MOC is typically reviewed monthly by the key stakeholders to
ensure proper project controls are functioning. During the PSSR,
the PHA and the MOC Log are reviewed together to ensure key PSM
principles have been retained.
Integration with existing facilities:
Most projects will have interfaces with existing facilities. This may
be as simple as a tie-in to the biotreater or as complex as feed,
product and heat integration with existing units. These interfaces
must be specifically addressed during the PHA. This can include
taking into account the impact of a process upset in one unit on the
interconnected unit. Once the interface connections and interactions
are properly accounted for in the PHA, the MOC procedure must
Management of Change
Objective
To understand what management of change really means and how
it fits into the overall PSM requirements
***
component
of
all
Process
Safety
Management
(PSM)
employer
Will
establish
and
implement
written
Management of Change
Employees (operating, maintenance, and contract employees)
affected by a change in the process shall be informed of, and
trained in, the change prior to start-up of the process or
affected part of the process.
Figure 1
***
Figure 2
***
Figure 3
***
Figure 4
***
Management of Change
This picture was taken after the fire that was a result of a failed
MOC situation. The incident occurred in a Delayed Coker unit at a
west coast refinery. A delayed Coker processes the 1000+ material
from a crude unit, it heats it up to around 600 deg. F, runs it
through a combination tower that flashes any residual light ends
and sends the remaining material to a furnace that heats the
material up to 950+ deg. F and then sends the material to a very
large vessel that provides residence time for the material to cook
and
dehydrogenate.
In
essence
delayed
Coker
is
Management of Change
The
employer
Will
establish
and
implement
written
process
safety
effort.
Timely
communication
of
the
That
***
Management of Change
Temporary
Duration of time when valid
Permanent
Necessary time period to implement the change
MOCs can be done for a permanent change or for a temporary
change; both need specific procedures and time frames. Temporary
MOCs are needed when say a portion of an auto shutdown system
needs to have on-line maintenance. During the time of maintenance,
alternative mechanisms must be in place to perform the shutdown
duties of the original system. To do so requires a plan in place,
operators being trained and informed, and appropriate levels of
supervision being informed of the temporary state of the system.
It should be clear that temporary MOCs are just that, temporary. A
specific time period must be a part of the process to ensure that the
temporary MOC does not become a permanent change. If that time
period is exceeded appropriate management must be informed and
approval given to continue operation.
Permanent MOCs need a time period for implementation. During
that time adequate controls must be in place to ensure that the
corrective actions that the MOC was intended to implement are
covered by an alternative means.
***
MOCs are not created equal, nor should they be treated as equals.
Simple changes should require simple review and documentation.
For example on a unit, the night shift finds that one of their
procedures for putting on a pump will not work. The operators who
know the process well propose a modification to the existing
procedure. The shift supervisor reviews the proposal and agrees it
makes sense and approves the change. The change in procedure is
then followed and the pump is put on line. The next day the
superintendent of the unit is informed of the change and agrees it
makes sense, and then he ensures that the changed procedure is
documented, the other crews are informed of the change and each
of the unit operators signs off that they have been informed of the
change.
More complex issues for a unit modification require that an
appropriate technical support review provide a solution, and
approve that solution. The local superintendent then should agree
that the change is valid and contains all technical support that is
needed for a complete solution. Once that is satisfied the approval
of the change should be reviewed and agreed upon by the area
manager.
Finally the most complex changes should include all of the previous
steps, but also be reviewed by the engineering department for
completeness. Approval for these types of MOC then should be
given by at least the plant manager if not someone higher in the
organization. This is to ensure that should the proposed change
have
similar
impact
on
other
facilities
then
the
central
Class Exercise
Read Chemical Safety Board Report on the Coker incident.
List your observations of the report
Management of Change
Process Chemicals
Controls/Critical Alarms/Instrumentation
Equipment/Piping
Operating Limits
Operating Procedures
Relief/Safety Systems
Technology
This list shows areas that will require a formal MOC when a change
is contemplated.
***
of
Change
procedure
applies
to
process
of
the
Examples
of
OSHA
"Process
additives
are
Safety
Management"
corrosion
inhibitors,
regulation.
antifoulants,
Management
of
Change
Controls/Critical
Alarms/Instrumentation
MOC is required for:
Changing/modifying software or hardware, including control
program logic
(except
for
planned
startups
and
shutdowns
or
Safe
Off
process,
changes
to
normal
operations,
***
changes
which
could
affect
the
activation
of
safety/shutdown system
Changes which could affect the capacity or design basis of a
safety system
Adding or removing a safety or shutdown system
Bypassing or disabling a relief, safety, or shutdown system
(except when addressed by a routine procedure for startup,
shutdown, or maintenance)
Replacing/changing system components (except for "in-kind"
replacements
Management of Change applies to safety systems which are
designed to protect equipment, facilities, and the process such as
those used for shutdown, safe-off, deluge, mitigation, chemical or
hydrocarbon detection, fixed fire protection/suppression systems,
emergency dump systems (deinventory), relief system equipment
or relief systems which are intended to contain/control/mitigate
releases of flammable or toxic material, and building pressurization
equipment.
http://www.icis.com/Articles/1994/11/14/39086/belpre+
blast+alarm+ignored+says+shell.html
***
***
Homework
1. Replace a valve in the unit that has failed with one from the
warehouse.
Who would you discuss this with?
What questions would you ask?
Who would be the person you would expect to
approve or decide to escalate further?
Explain your logic for these decisions.
***
Homework
2. An existing Gas Turbine is due for a Major overhaul. The
simple cost of replacing the turbine with an electric drive is
less than the overhaul.
carried out and what parties would have to sign off on it?
Complex problem probably requires a HAZOP analysis.
***
the unit supervision, with all involved agreeing, could change the
point. If significant, the operating manager must be involved; hence
during a startup a manager must be assigned 24/7 until stable
operation.
All industrial plants require an extensive set of operating procedures
which define the steps required - for example - to start the plant up,
to shut the plant down, to isolate pieces of equipment for
maintenance or to deal with emergency situations.
Thus written operating procedures are meant for all the operators
and workers.
***
Steps to include
Procedures should be detailed, written as check off points for
date, time, and initials of the operators at each step with an
area for comments
Include a brief unit status report at the beginning of each
major step to help tie multiple, parallel steps together.
Include acceptable limits before moving forward
Check the repair list to verify that all work is complete
Check that all safety related Pre-Startup Safety Review (PSSR)
items and Management of Change (MOC) items have been
resolved and are in place, including operator-training
requirements
The first point is probably a concern for the initials of the operator
The reason for this requirementis to have a specific individual to go
to if any corrections were needed or any problems occurred.
***
Steps - continued
Verify that all blinds have been removed or are in proper
startup locations. A master list needs to be maintained
Determine that the vessels are clean and free of debris
immediately prior to closing them. Operators should witness
and verify
Check operability of alarms, trips, MOVs (motor operated
valves), deluge systems, control valves, and the fail safe
position of the control valves
Give notice of startup to Utilities, Oil Movements, and other
units that may be affected. (Advance notice several or more
hours before startup, then notice at the actual time that
startup begins, or when startup will begin affecting other
units)
***
Steps - continued
Put utility systems in service
Check all isolation block valves for relief valves to positively
verify an open path (Do this before the tightness test.)
Check to be sure all water coolers and condensers are drained
and vented before steaming to oxygen free the shell side.
Check for tube leaks when the shell side is pressured (List all
coolers and condensers.)
The relief valve (RV) is a type of valve used to control or limit the
pressure in a system or vessel, which can build up, by a process
upset, instrument or equipment failure, or fire.
The idea behind a pressure relief valve is that it provides an outlet
for dangerous buildups of pressure. Pressurized gases and liquids
Steps - continued
Meg all electric motors as per existing guidelines in sufficient
time so as not to delay startup (List and check off each
motor.)
Check all fire monitors, fire extinguishers, Self contained
breathing apparatus (or other respiratory equipment), safety
showers, eye bubblers and other safety equipment.
Steps - continued
When referring to temperatures, pressures, flows, and levels, give
the equipment number as well as name or function (e.g., TRC 4
depropanizer reboiler control). If it is important not to exceed a
certain temperature, pressure, etc., specify with a short explanation
the reason for the maximum value. Such as:
What is the Process Parameter?(It is the current status of a
process under control.Measurement of process parameters
Steps - continued
Have specific oxygen freeing procedures for each system and
provide purge diagrams. Specify where the purge is to enter
the system and where to check for oxygen
Specify the maximum oxygen content (not more than 1
percent) allowable after purging to be considered
oxygen free
Record oxygen test results (point tested, time and date of
test, oxygen reading, and operator initials)
Use arrow diagrams, shown earlier, that you can color code with
markers to indicate when the procedure is complete.
Just to refresh your knowledge about the fire triangle and
flammability limits.
Fire triangle:There must be something to burna fuel; a source of
oxygen (an oxidizer); AND an ignition source. These three factors
are each at the corners of an equilateral triangle, the fire triangle,
whose overlap is a chain reaction that results in the rapid oxidation
of a fuelfire.
A fire will not always start when the three legs of the fire triangle
meet, unless all three elements are present in the required amounts.
For instance, vapors from a flammable liquid must be mixed with a
certain amount of air in order to ignite and propagate a flame.
Flammability limits are the proportion of combustible gases in a
mixture;within theseboundariesamixture is flammable. Gas
mixtures consisting of combustible, oxidizing, and inert gases are
only flammable under certain conditions. The lower flammable limit
(LFL) describes the mixture with the smallest fraction of
combustible gas, while the upper flammable limit (UFL) gives the
richest flammable mixture.
"Purging" for personnel entry involves removing contaminants
inside the confined space by displacement with first inerts and then
with air to achieve acceptable atmospheric levels. (Remember the
fire triangle). An acceptable oxygen concentration is required to
provide protection in case of accidental release of chemicals, to
remove contaminants generated by the work performed, or to cool
the enclosure.
***
Steps - continued
Ensure that all vents and drains are free of pluggage and
ready for use
When steaming, keep all condensate drained (List vents and
low point drains.)
Purge air to the atmosphere not to the flare. Install plugs or
caps in vents after purging is complete and before
hydrocarbons are introduced. All vents and other connections
to the flare system should remain blinded until the process
unit is oxygen free
Specify a vessel tightness test pressure and PRV (pressure
relief valves) settings to avoid popping relief valves
A relief valve is a mechanical device that contains an internal spring
that applies force to a metal seat or piston. This seat seals the
pressure vessel from the atmosphere. If the internal pressure of the
vessel increases to certain limits, the spring force in the valve is
overcome and the pressure is released. The set pressure of the
valve is determined by the vessel's maximum allowable working
pressure. This is based on vessel materials, wall thicknesses, design
Steps - continued
If using steam to oxygen free and then tightness testing the
unit, be sure to bring in nitrogen or gas (fuel gas or natural
gas) at a sufficient rate to displace condensing steam to avoid
pulling a vacuum (remember that fuel gas contains hydrogen
sulfide, and the IDLH of hydrogen sulfide is 100 ppm)
Specify in the procedures when to commission any on-stream
analyzers and other instruments
Specify when to install all running blinds. Have a check off
list of all running blinds (steamouts, water connections, etc.)
Specify how to back gas into each system
Immediately Dangerous to Life or Health IDLH
An atmosphere that poses an immediate threat to life, would cause
irreversible adverse health effects, or would impair an individual's
ability to escape from a dangerous atmosphere.
Steps - continued
Check all low point drains for water; specify frequency (List.)
Compliance
Process in place to verify accuracy of procedures
Process in place to verify use of procedures
An audit process
Procedures are only good if they are appropriate and correct. To
ensure that each time they are to be used they should be verified
before use that they are right. The author liked to gundrill the
operators that means the whole procedure was run as if it where
the real thing. This gave operators a time to walk through each step
and ensure that they knew where and why.
Procedures are only good if they are used, so a process needs to be
in place to verify that they are actually used EVERY TIME!!! The
author knows of several instances where loss of lives took place
because the procedures were not used or not used correctly.
Finally an audit process needs to be in place to provide a separate
set of eyes that the previous two steps were done properly.
***
Summary
In this lesson we have looked at:
Preliminary preparations, units
Elimination of air
Tightness testing
Backing in natural gas or fuel gas
Elimination of water
Bringing the unit on stream
Compliance with all company and regulatory requirements for
process safety
Compliance with environmental laws and restrictions
Audit
***
Conduct of Operations
Safe Ups and Downs
Objective
To get an overview of operational moves to shutdown and startup
units and how these mesh with PSM requirements.
***
Trade Secrets
***
First line breaking means the initial opening of process and utility
lines, hoses, fittings and vessels to the atmosphere. It is subject to
all safety procedures.It is an important process that is needed to
clean, repair, and properly maintain the pipes and lines at a facility.
Designing and implementing a First line Breaking Policy is essential
to ensure health and safety, and reduce potential hazards.
A first line break needs to have absolute assurance that the line is
ready to be opened to the atmosphere, depressured, at the zero
energy state, neutered as it were, to ensure worker and facility
safety. Then, why should you be concerned about mechanical
personnel entering your facility? Do they know the hazards, do they
know escape routes, do they know what not to touch or open?
These are very salient points to remember. Do they know what a
confined space is and where they are on the unit? Again, these
points must be a part of the consciousness of all personnel on the
unit.
A confined space has limited or restricted means for entry or exit,
and it is not designed for continuous employee occupancy. Confined
spaces include, but are not limited to underground vaults, tanks,
storage bins, manholes, pits, silos, process vessels, and pipelines.
***
Shutting down
- Hazards frequently encountered
Mixing air with hydrocarbons
Contacting water with hot oil
Freezing of residual water
Exposure to toxic gases and liquids
Pyrophoric iron sulfide
Review shut down procedure with crew, if time dry run critical
elements
Print out current shut down procedure should be logical order,
detailed as a check off with date/time, signed off by operators
and (only one copy please)
Rate reduction, cool-down rate, minimum flow rates, trip points
incorporated into the steps remember cooling metal contracts
watch expansion areas
Each shift should summarize unit status (use arrow diagram
and words)
Ensure all fire monitors, fire extinguishers, SCBA, etc. are in
working order
Block off access roads as necessary
These points should all be pretty clear. Arrow diagrams are very
useful communication tools to ensure all on the unit are on the
same page. Color highlighting the segments as completed, helps
avoid confusion. More details later.
SCBA means self contained breathing apparatus
***
machines are properly shut off and not started up again prior to the
completion of maintenance or servicing work. LOTO includes the
practices and procedures necessary to disable machinery or
equipment, to prevent the release of hazardous energy sources
during servicing and maintenance activities. The procedure requires
that a tag be affixed to the locked device indicating that it should
not be turned on.
LOTO is a big deal! All energy sources MUST be isolated before
they can be worked on. This is usually thought of as electrical
energy but pressurized systems contain energy and must be
properly isolated or relieved before working on these systems.
***
TAR - Turnaround
Ever vigilant to personnel on unit
Special procedures for first line break
Ensure that the confined space entry procedures are followed
to the letter
o https://www.osha.gov/SLTC/confinedspaces/
Ensure that proper lock out / tag out procedures are followed
isolate all hazardous energy potential
o https://www.osha.gov/SLTC/controlhazardousenergy/
Ensure hot work procedures are followed
o https://www.osha.gov/SLTC/etools/oilandgas/general_s
afety/hot_work_welding.html
Turnarounds or TARs are planned, periodic shut down (total or
partial) of a process unit or plant to perform maintenance, overhaul
and repair operations and to inspect, test and replace process
materials and equipment.Turnarounds allow for necessary
maintenance and upkeep of operating units and are needed to
maintain safe and efficient operations.
Safety incidents are more likely to occur during these occasions, so
extreme vigilance and care is essential. All the required safety
precautions have to be followed with great care.
***
Starting up - Safely
In lecture 18-A we covered normal start up procedures and
what to include in that
Today we will learn only from abnormal Shutdown
Startups are when incidents are likely to occur do them by
the book no short cuts follow procedures
Starting up - Safely
What should you check before SU?
Table top the SU
Notify affected units
Slow methodical heat up of equipment why?
If nitrogen is purge medium wear Oxygen monitors
Starting up - Safely
During SU most control valves will be in manual the board
operator must constantly adjust settings until reaching steady
state operations
During this time the unit is vulnerable!!
The operators should move to automatic as soon as possible
Once up and running re-verify all process variables to be within
normal operating range
This includes levels, pressures, temperatures, control valves; all in
automatic mode (no manual overrides permitted without a
temporary MOC in place). During this period when control valves
are in manual the unit conditions must be monitored and controlled
by unit personnel very carefully and according to strict, measured
constraints. As temperatures are increased it must be verified that
areas that could accumulate water are controlled. Any sudden
increase in temperature could cause an explosive increase in
volume (remember water increases 1600 times as it becomes
steam) and that uncontrolled increase could be a disaster.
Once up to the appropriate conditions the control valves must be
systematically put into the auto positions. A checklist should be
used to ensure no lapses.
***
***
Homework
You are a new process engineer at a small refiner one week
on the job, no other training available
Assigned to the light distillate Desulflurizer unit (1200 psig
reactor)
An unscheduled SD has just occurred
The control panel shows that the reactor pressure is slowly
decreasing, then suddenly starts to rise
What do you check (in order)?
What does this mean? Give the logic
How do you correct and get ready for startup?
Chapter 19
Objective
To show you:
Why do we do them?
What is a PSSR?
What is included?
Who is included?
What is the desired outcome?
***
Why do we do PSSRs?
It is an OSHA requirement!
It is also good business
o Safe startups save lives
o No unplanned events saves equipment
o Orderly startup makes product quicker
***
Trade Secrets
We also do PSSR because it is a PSM requirement!
***
***
Verify ALL MOCs since final design have been reviewed and
completed
P&IDs As Built are in the Control Room
Arrow diagrams current & verified
Verify all equipment and utilities systems have been pressure
tested
Verify all PHA and HAZOP recommendations been completed
An effective way of conducting a PSSR is to work through the
elements of the facilitys PSM program. Different companies,
professional bodies and regulators have different element lists.
The major components:
Ensure that all action items and recommendations from
Hazards Analyses and ALL other reviews such as Management
of Change have been completed as required.
Ensure that no changes that could affect safety or operability
have crept into the system during the construction phase.
The Piping and Instrumentation Diagrams - P&IDs that is the
schematic illustration of functional relationship of piping,
instrumentation and system equipment components
represent the actual schema as built and are in the Control
Room
***
The PSSR Team should do a complete unit walk through to ensure
the facility is ready for Startup
Housekeeping should be excellent
Only essential scaffolding in place
No un-insulated burn hazard piping/vessels
10
Operations Representatives:
o A veteran Operations and a veteran Maintenance
Supervisor on the team
o All operators that are part of process
o Operations Manager
Leadership of affected units
Leadership of Utilities needed
PSM Coordinator
Final step is for all appropriate leadership to sign off on final
PSSR
***
Summary
Pre-startup and Restart Safety Reviews are an important part
of any process safety management program, yet are not
always given the attention that they deserve.
They provide a last chance for everyone associated with a
project to make sure that no unsafe acts or conditions have
slipped through before operations actually start.
Everyone involved in operating the modified facility must have
an opportunity to make sure that conditions are safe, that
11
Homework
You did an MOC on a change of function of a distillation column
from taking C-16= alpha olefins overhead to taking C-16/18= alpha
olefins overhead.
Who should participate in the PSSR before startup and why?
What are the key issues you MUST ensure are addressed and
why?
12
Chapter 20
initialed and signed. This includes action items from the PSSR and
any MOC documents.
Review
The above discussion is one example of how Prestart-up Safety
Review and Operational Readiness/ Operational Discipline activities
can mesh together to put a start-up team in the best position for a
successful start-up. Different companies deal with these items
using their own systems / work processes. Never the less, the
fundamental concepts of PSSR and OR/OD must be addressed in a
thorough manner to ensure the best possible start-up outcome.
Reasons Theory
Objective
This lesson will introduce James Reasons Theory of how incidents
happen, what are the kinds of barriers that can be put into place to
prevent the incidents, and to review one well known failure
Todays Roadmap
Reasons Theory of the Cheese
Example & Discussion
Summary
Homework
Reasons Theory
To mitigate serious incidents, barriers must be in place
All it takes to stop a serious incident is one barrier
Usually, incidents are caused by multiple barrier
weaknesses, sometimes called precursors.
Identified hazards helps us put the right barriers into place
Safety described safety as a dynamic non-event. If there are no
incidents or near misses then safety tends to be taken for granted.
This happens especially because the production demands are ever
present. If people see nothing, they presume that nothing is wrong,
Types of Barriers
Policies, Standards, Guidelines
People and their behaviors
Equipment and controls
Work instructions and procedures
Physical barriers
Space and distance
PPE
In any best practice organization, many layers of defensive barriers
and protective measures are put up against the likelihood of an
accident.
These are invariably a mixture of 'hard' and 'soft' defences. The
former include engineered safety features-such as automatic
controls, warning systems and shutdowns-together with various
physical barriers and containments, while the latter comprise a
combination of paper and people--rules and procedures, training,
drills, administrative controls and, most particularly, front-line
operators such as pilots and control room personnel. The result of
these many layers of defence is to make these systems largely
proof against single failures, either human or technical. For an
accident to occur in such a system, it requires the unlikely
combination of several different factors to penetrate the many
protective layers and to allow hazards to come into damaging
contact with plant, personnel and the environment.
The first one is policies, standards and guidelines. These would be
written safety policies, safety standards based on OSHA standards
and guidelines on following elements of the standard.
Administrative controls will promote safe practice through policies,
processes, training and signage.
3
Reasons Theory
Hazards are contained by multiple protective barriers
Barriers may have weaknesses or holes
When holes align hazard energy is released, resulting in the
potential for harm
Barriers may be physical engineered containment or
behavioral controls dependent on people
Holes can be latent/incipient, or actively opened by people
10
11
control loops are suited to task. Fire safety engineers are also
sometimes involved. Note that most of these subjects listed are not
taught at universities, but are learned on the job. Many of the skills
of the process engineer are introduced in the 4-year university
study of chemical engineering.
12
13
Summary
Reasons Model
Improved understanding of barriers/weaknesses
Reviewed the Texas City Incident using Reasons method
Learned hierarchy of how incidents are reviewed
In this lesson we have seen James Reasons Swiss cheese model for
accident occurrence. We have seen that multiple barriers can
prevent incidents. However each defensive barrier can have
inherent weaknesses, which are gaps in the proper defence. Even
one barrier can prevent an accident. Nevertheless when a chance
aligns holes/ gaps in all the barriers, then a hazard can result and
harm ensue.
14
Homework
Using Reason's Model, map out how you were able to safely get
from Forney back to your residence without incident.
Include hazard identification for each hazard incurred, barriers that
are in place, precursors, and failures that did not occur. If a failure
did occur, note it and list what barriers presented a serious travel
incident or your injury. List the hierarchy level for each barrier,
who owns it and who is responsible for improving it.
More detailed maps will get a higher grade/extra credit.
15
Compliance Audits
Trade Secrets
***
Mechanical Integrity
It is important to maintain the mechanical integrity of critical
process equipment to ensure it is designed and installed correctly
and that it operates properly. PSM mechanical integrity
requirements apply to the following process equipment:
Pressure vessels and storage tanks
Piping systems
Relief and vent systems
Emergency shutdown systems
Control systems, including monitoring devices and sensors,
alarms, interlocks
Pumps
***
Mechanical Integrity
Written procedures:
o Establish and implement to maintain on- going integrity
of process equipment
Maintenance procedures:
o Train in an overview of the process, its hazards, and
safe work practices
The employer must establish and implement written procedures to
maintain the ongoing integrity of process equipment. Employees
involved in maintaining the ongoing integrity of process equipment
Mechanical Integrity
Inspection and testing:
Inspection and testing must be performed on process equipment,
using procedures that follow recognized and generally accepted
good engineering practices (RAGAGEP). The frequency of
inspections and tests of process equipment must conform to
manufacturers recommendations and good engineering practices,
or more frequently if determined to be necessary by prior operating
experience. Each inspection and test on process equipment must be
documented, identifying the date of the inspection or test, the name
of the person who performed the inspection or test, the serial
number or other identifier of the equipment on which the inspection
or test was performed, a description of the inspection or test
performed, and the results of the inspection or test.
***
Mechanical Integrity
Equipment deficiencies:
Equipment deficiencies outside the acceptable limits defined bythe
process safety information must be corrected before further use.In
some cases, it may not be necessary that deficiencies be
correctedbefore further use, as long as deficiencies are corrected in
a safe andtimely manner, when other necessary engineering
controlsare put in placeto ensure safeoperation.
***
Mechanical Integrity
Quality Assurance:
Assure the equipment fabricated is suitable for the process
intended
Assure equipment properly installed and consistent with
design specifications and manufacturers instructions
Assure maintenance materials, spare parts, and equipment
are suitable for the process intended
***
Mechanical Integrity
Process
o Routine maintenance
o Planned maintenance
o Predictive maintenance
o Reactive maintenance
People
Performance
To maintain the mechanical integrity of any plant it requires a
systematic process to perform maintenance. There are many
different kinds of maintenance, which may or may not be obvious.
The routine maintenance is performed on a prescribed periodicbasis,
such as withdrawing and adding a bit of oil to the rotating
equipment regularly. This ensures that the oil is not overused and
gives the operator a chance to see first hand what it looks like,
what it feels like, and what it smells like. This simple task has
avoided many failures.
In the authors area they had probably 200 pumps alone. Unless
there was a systematic process in place it was likely that just one of
those many pumps could have failed. If that one pump failure did
not have a reliable spare pump, the unit could have crashed down.
That was and is unacceptable and easily avoidable.
Another example of routine maintenance is keeping the unit
spotless. So what does cleanliness have to do with reliability?
Simple, if the unit is spotless and the machinery is spotless then
any deviation, say a leaking seal, can be spotted immediately;
hence the fix can be done immediately. This would be reactive
maintenance and means that your other types of maintenance have
failed.
Planned maintenance is what is termed as turnarounds (TAR).
Prior to a TAR, a list of required maintenance is compiled as the
need becomes evident. Many items are done every TAR and are on
the permanent list. Other items come up based on their history
(predictive) and are also put on the list. Examples of predictive
maintenance would be when relief valves are pulled and
reconditioned. For many years relief valves would not have had
block valves to isolate on-stream, so they had to be maintained
when the whole unit was down. The reason the isolation valves
were not there is the difficulty in knowing if the flow path to and
from the RV was open. Better procedures have been developed such
as x-raying the block valves to verify open path, have led to many
RVs now having isolation block valves which also means that
maintenance can be done on line.
Can you think of a reason to NOT maintain an RV while the unit is
on-line? The answer is that if the RV is needed due to an
overpressure event and the RV is unavailable, the vessel could fail.
The solution would be to have spare RVs. Students may not know
this, but should be able to think it out.
Another example of predictive maintenance would be when the
vibration monitoring on rotating equipment exceeds the normal
range. The vibrations may still be in the acceptable range but they
tell you to put on the spare machine and fix the problem prior to
failure. Failure to do so could cause significantly more damage
including total destruction of the piece of equipment.
Weve talked about a few of the processes in place for maintenance,
but the most important part of the equation is the people. The
author learned the importance of people (all people on the unit)
quite a few years ago when he inherited an individual from another
part of the company. He had been with the company for quite some
time and was transferred into the authors area. On this complex
there were eight operator jobs per shift. The pay was the same for
the operators, but if you learned more jobs that meant you were
eligible for more overtime pay. (The overtime lists were by
definition always balanced among qualified operators. So, it was in
the financial interest of the operators to learn as many jobs as
possible to increase their annual take home pay.)
Well, this gentleman only learned and was qualified on one job. He
didnt seem to be very interested in that job, and certainly didnt
want to learn more. Maybe he wasnt very bright and didnt offer
much to the unit, but with so much time in the company there was
no other alternative. He showed up to work and did the minimum to
keep the job.
Then one day he came in to see the author and complained that the
block valves of the gas to the furnace burners were very stiff and he
thought he might get a strain if he had to work them suddenly.
(Each gas burner had two valves, one to the pilot was natural gas,
6
and the fuel gas to the burner was the other). In this complex
there were about 20 individual furnaces with on average 12 burners
or more. So, the number of gas valves approached 500. So, the
worker was asked to describe the gas valves, to see if he really
understood what they were. He did so, and also mentioned there
appeared to be a zerkgrease fitting on each valve. Yes, he was told,
and asked what he thought would happen if those fitting were
greased on a monthly basis. He understood exactly what was
meant. So he was given one additional responsibility: to make a
complete list of gas valves that needed to be greased on a monthly
basis. Within a short time he made the list. He became the gas
valve king and kept them absolutely workable. He began to shine.
Finally he had something he could do and excel in.
There is avaluable lesson in this. Everyone wants to do well and
excel in something. A good leader finds their niche and lets them
excel. When that happens, the sound processes and motivated
people yield superior performance.
The key element is the people!
***
Mechanical Integrity
Pressure vessels and storage tanks
There are industry standards for pressure vessel and storage tank
design and inspection (API 650 and API 653).
http://www.chempute.com/Software.aspx?id=TAN1
However these are the minimum standards. Generally any standard
you see is the minimum expectation. This calls for tank inspections
at least once every ten years.For very benign service that may be
just fine, but the conscientious company will use its own inspection
data to determine the optimal frequency.
An example of what could cause accelerated deterioration of a tank
would be if water separated out in the tank and caused a corrosion
cell to form at the water interface. Of course, to prevent damage an
epoxy liner could be installed at the expected interface area. But,
then you would need to inspect that epoxy liner on a periodic basis
to ensure its integrity. So, you can see although there are standards
to follow, the key element is the human factor to observe the data
and adjust as necessary.
***
However when you see the rest of the vessel you can see that this
vessel is history. It was probably never put in service judging by the
condition of the paint, and attachments.
The lesson here is that any steel is subject to brittle fracture if
stressed when it is below the transition temperature.
***
10
11
Yet another perspective! You really dont want something like this to
happen on your watch. It can be really avoided by using sound PSM
principles.
***
Mechanical Integrity
Piping systems
Piping systems are really crucial. To understand piping systems you
have to clearly understand the fluid mechanics of the system.
Some things you should worry about are the obvious ones, such as
erosion, corrosion, and so on. Howeverthere was a failure of a
piping elbow in a reflux drum circuit of a depropanizer. So, first you
know that this was highly flammable and if you had a loss of
containment you would have a big problem. At the time of the
incident a rigorous inspection program was in place, in fact this
reflux circuit was inspected just one month before the incident. The
inspection team carefully measured the wall thickness of the lines at
the outside radius (where you might expect erosion to be the
13
highest). Seems appropriate? Well, in this case atwo phase flow was
occurring, the phases separated and the liquid migrated to one side
by centrifugal force and stayed at that same part of the line, the
vapor was on the other portion. Down the line the outside radius
had become the inside of the line at the next bend in the line and
the liquid was flung off the line much like cavitation occurs in a
pump with insufficient net positive suction head. The result was that
the line was chewed away just like an impellor looks in a cavitating
pump. The line failed, the propylene/propane found an ignition
source and a huge fire ensued destroying significant parts of two
units. Both units were down for many months, but the good news
was that there were no fatalities.
The learning here is that if you are responsible for piping system
integrity, know the fluid dynamics that takes place and validate with
the inspection data that your assumptions of fluid flow are correct.
Any anomalies? Find out why and adjust your process accordingly.
***
Mechanical Integrity
Relief and vent systems
Relief and vent systems can easily go under the radar, but are the
escape of last resort and they MUST work when needed. There is no
second chance here. So, what do you routinely do? Look at the lines
leading to the relief header, are they what you expect them to be.
Are they warm? If so, what do you think that might mean?
(Probably a leaking RV!) How do you trace back to the source?
Then what do you do if you find it? If the RV is spared (not very
likely) you isolate the leaking RV, have it pulled, have it serviced,
then verify open path. This last step is VITAL and never to be
ignored. What are other issues? Check on the drains to the systems,
14
do they contain liquid? If so, drain and find the source. If winter, is
the system protected by heat tracing, like steam or electric? Is it
working? And so on. Many mundane issues but need to be
verifiedto maintain functionality.
What is the periodic maintenance? The RV must be periodically
pulled and serviced. Usually this happens during a TAR. The existing
condition of the RV must be documented to determine if the
frequency of checking the RV is appropriate or does it need to be
changed? The as is condition tells you that.
***
Mechanical Integrity
Emergency shutdown systems
Emergency shutdown systems are the last resort before the RVs.
These systems are designed to make an orderly, but rapid
shutdown of the system. To ensure operability it must be
maintained and tested at a frequency that assures 100% reliability.
To do so online is tricky, but doable, if the system is designed
properly. Thats where we Chemical Engineers come into play with
the computer and instrument folks. We think of the various
scenarios where we want the shut down to occur. We think of how
torecognize the systems (remember false shut downs are really
frowned upon). Then we think of the sequence that makes the most
sense and causes least harm to the system. Then,after we build it,
we test it. The frequency is really dependent on the reliability of the
individual components. To test each component, it must be isolated
from the blow down system, then the false signals must be
generated, then the actions of the ESD must be observed and
documented to ensure they are correct. Modern Programable Logic
Systems (PLC) offer options to logically test shut down systems.
15
Mechanical Integrity
Control systems, including monitoring devices and sensors,
alarms, interlocks
Similar to the Emergency Shutdown Systems (ESDs), the control
systems, monitoring devices, sensors, alarms, etc. all must be
tested and monitored in a similar fashion to the ESDs. Isolation of
the device, false signal, observe actions. Itmay be tedious but a
very necessary process to ensure the health and well being of your
facility. These tests are typically undertaken when there is an
identified problem or when a unit is being operated for an extended
time between shutdowns.
***
Mechanical Integrity
Written procedures - Establish and implement to maintain
on- going integrity of process equipment
Written procedures are required for operating start-ups, shut downs,
as we have already seen in a previous lecture, but the mechanical
integrity aspect of maintenance also requires detailed procedures to
ensure that the OEM (original equipment manufacturers) guidelines
are met. This makes the presumption (and a good one at that) that
the folks who make the equipment know best how to maintain it.
Much like the car you drive has some minimum guidelines for oil
changes, air cleaner replacements, etc., so does the maker of all
the equipment used in industry. A good idea is to have an audit
16
Mechanical Integrity
Maintenance procedures - Train in an overview of the
process, its hazards, and safe work practices
In addition to the requirement to have maintenance procedures, the
maintenance staff also is required to be given knowledge of the
processes they work on.
Where that might be a crucial requirement? Maintenance workers
on an HF alkylation unit, where contact with HF could be fatal, must
know the process and the dangers. Other examples would include
any process that deals with toxics, pyrophoric materials, or strong
acids or bases.
The overview should talk about the hazards, how to recognize that
you have been exposed to the hazard, and what are the best
practices for safely working with the hazards to prevent injury.
***
Mechanical Integrity
Inspection and testing
Perform on process equipment
o Follow recognized and generally acceptable good
engineering practices (RAGAGEP)
Frequency per manufacturers recommendations, good
engineering practices, and prior experience
Document for each inspection and test performed:
17
o Date
o Person who performed
o Equipment identification
o Description of inspection or test
o Results of inspection or test
Inspection is the window to what is happening on the unit. The units
are built with a lot of assumptions on where wear will occur and
how rapidly it will take place. However every unit is truly unique,
that is where a bulletproof inspection program comes in. Have
qualified inspectors, give them the right tools, and then listen to
them and follow-up accordingly.
Here is authors experience in his own words:
I still remember taking over a unit complex and having two TARs
within the first five months. On one of the units the inspection
program was less than robust, or the unit leadership did not listen
to the inspectors, or some other lame excuse, but the bottom line is
that once the unit was down we found that a very large line (main
transfer line ~ 36 diameter) was well below discard thickness. The
line was at elevation, was a normally long lead-time piece of
equipment and was a secret! I was not a real happy camper to find
this out. First, the thought of an on-line line failure that would have
led to a loss of containment and subsequent fire jumped out at me.
Happily that did not happen. But second, I would not start that unit
up until that line was completely replaced. If the TAR went beyond
its expected duration I would look like a chump and it would cost a
lot of money for the unscheduled downtime. Neither of which was
appealing to me. To make a long story short, we got the pipe, got it
installed, got it hydrostatically tested, and commissioned all within
the original time frame of the TAR, but not without a lot of blood,
sweat, and tears. AND, the worst part is - it was avoidable.
18
Mechanical Integrity
Equipment deficiencies:
Correct deficiencies outside acceptable limits before further use, or
in a safe and timely manner when necessary means are taken to
assure safe operation
This seems to be an obvious requirement, but you would be
surprised how many companies (or people within those companies),
if left to their own devices would cut corners to save money and
look good for the immediate timeframe. But, companies should not
be in business for the short run. If that is their plan, it will be selffulfilling. Go for the long-term solution and you will be in business
19
Mechanical Integrity
Quality Assurance:
Assure the equipment fabricated is suitable for the process
intended
Assure equipment properly installed and consistent with
design specifications and manufacturers instructions
Assure maintenance materials, spare parts, and equipment
are suitable for the process intended
Again, the bottom line here is: do it right the first time! Make sure
you have the appropriate process equipment in the appropriate
place. Do it according to the manufacturers specifications. No
compromises, ever! You can live with that. That however doesnt
mean you dont use your chemical engineering fundamentals to
evaluate the proposals to verify that what you are being told is
20
correct and makes good engineering sense. The author was once
told that an acoustic vibration damper was needed on the suction
side of a reciprocating pump to avoid damage to the pump. When
asked how the damper worked, he was told it utilized the
compressibility of water and the internals of the device to damp out
suction side vibrations. The ad showed spring water meaning that
water was a little springy!! Huh? What?? Water is and always has
been incompressible. This was simply a ploy to sell unneeded
equipment that would serve no purpose. Use your good engineering
judgment every day on the job.
***
Slide 27
So far we have assumed that all jobs would always be done. But in
the real world sometimes you have to evaluate what can wait until
the next opportunity for repair. So if all cannot be done, to do this
systematically you must risk rank the jobs. This shows a risk matrix
that the author used extensively. There is nothing magical about
21
Summary
Weve seen the extent of equipment covered
We now know how procedures are utilized both mechanically
as well as operationally
Weve seen how inspection is an integral part of managing
our business
We know how equipment deficiencies are handled and to
what standards
We understand how people fit into the equation
We understand how we can use risk ranking to better
manage our work.
22
Contractor Management
Objective:
The objective of this lesson is to understand how contractor
management fits into the overall PSM requirements
***
Contractor Safety
Contractor Selection
The first step in a meaningful contractor safety program is the
selection of the contractor.
Having defined selection and evaluation criteria is essential in hiring
and maintaining contractors with excellent safety performance.
Selection criteria need to be based on OSHA incident rates and
insurance experience modifier rate (EMR) that are consistent with
the safety objectives of your company. In addition, several absolute
criteria must be met to assure that a contractor has a safe work
history. A thorough review of a contractors safety program and
the others in their industry, the EMR, and the second, an absolute
number. Again, these are minimum requirements for consideration
of the contractor. A subtle aspect of getting these numbers from the
contractor is an independent verification that the numbers given are
accurate. Should that not prove to be the case the contractor under
consideration should be a very hot potato and dropped accordingly!
Even after this selection process an incident can occur. If so, an
immediate review of the specifics must be undertaken to determine
the root causes of the incident. If the root cause was a failure of the
safety systems in place, they must be identified and corrected. If
the incident was a result of lack of oversight by the contractor, then,
if warranted, the contractor must be discharged. A follow up
process may be undertaken to determine if the lack of oversight is
addressed and corrected by the contractor, then a re-admission
process may be undertaken, if subsequent metrics show that the
steps taken correct the problem.
***
Contractor Safety
Contract:
Financial terms and conditions
Job specifications including quality requirements
Safety
o Adherence to appropriate safety regulations
o Accident and near miss reporting requirements
o Employee safety training and certifications
o Safety representatives, safety meeting requirements,
and job safety assessments
o Plans and procedures requirements
8
Contractor Safety
Training:
Top performing contractors have extensive training programs.
Employees are trained on the safety policies and procedures. Job
skill training such as welding or pipe fitting is also provided by many
contractors. In addition, many companies are starting to train their
supervisors in root cause analysis and accident investigation
techniques. Process unit and facility specific training is a key area.
Contractor Safety
Contractor Safety Committee:
A joint contractor/owner safety committee is an essential element of
the safety program. Joint committees foster open communication
between parties resulting in enhanced safety performance.
Contractors are typically brought in to perform the most dangerous
work. Examples of such work are catalyst change outs in reactors,
hot taps, and a variety of work that is not regularly performed.
Changing catalyst in a desulfurization process means that the
catalyst (typically a nickel/molybdenum or cobalt/molybdenum)
becomes pyrophoric while on stream and must be removed under
IDLH (immediately dangerous to life and health) conditions. This in
other words is an oxygen deficient atmosphere that is essentially
100% nitrogen.
Since each location is unique the communication between the safety
committees and the workers is necessary to ensure all potential
problems are communicated. Once inside a reactor that is probably
quite warm and while wearing 100% breathing equipment (implies
limited visual abilities) any slip could mean problems. So, the
proper procedures must be in place and fully practiced. Both the
10
Contractor Safety
Pre-Job Safety Planning:
Careful planning of work assures that the work is performed
efciently and safely and safety planning is a critical part of work
planning. Work planning ensures the scope of work is understood,
appropriate materials are available, all hazards have been identied
and mitigating efforts established, and all affected employees
understand what is expected of them.
Pre-planning a job is necessary to performing the job safely. Big
construction projects and turnarounds need to be pre-planned with
safety in mind. Master safety plans that identify potential hazards
related to specific job tasks are essential. For smaller jobs or dayto-day tasks, job safety analysis or similar techniques are employed
to identify the hazards that can be encountered. Owner job
representative participation in safety pre-planning is required.
All personnel working for contractors must complete an appropriate
safety induction prior to starting work. The organization should
provide a site-specific induction and the contractor is responsible for
11
Contractor Safety
Case Management:
The top performing contractors and pacesetter organizations
aggressively manage all injury cases. Once an injury occurs a
trained person typically follows the case to the end. Top performers
work closely with their medical providers to train them on all
aspects of working in the specific industries. Informed medical
providers will be sensitive to the needs of their client and will have a
better understanding of requirements when it comes to the OSHA
record keeping.
It is required to establish rehabilitation goals and the steps to
achieve these objectives and return to work.
A practical injury management plan specific to the workplace could
be developed.
12
Contractor Safety
Reward and Recognition:
Most contractors believe that some type of reward and recognition
program is essential to maintain the focus on safety and achieve
good performance. These are considered powerful tools used by
contractors to motivate their employees.
Some of the contractors believe that monetary incentives are critical
to success as long as the program is structured to be separate from
regular pay and provides incentives to maintain good performance
over the long term of a given project. Other contractors prefer a
reward system that is based on non-monetary gifts such as gift
certificates, jackets or other small items. These rewards are
typically given for defined milestones such as safe days worked.
Reward and Recognition is a way in which contractors can influence
the major drivers of employee engagement of safety. On the job
you will see many different types of R&R programs, but the goal of
all is to heighten awareness and performance in on the job safety.
When reinforced by the owner the program gets enhanced results.
***
Contractor Safety
Promotability:
13
14
Contractor Safety
Drug Screening Policy:
The misuse of alcohol and other drugs is extremely dangerous
especially in chemical industry. The risks are plenty and safety
could be compromised by such employees. As contract employees
undertake jobs with high risks it is even more pertinent that they
are regularly tested for drugs and alcohol.
The top performing contractors rigorously screen their employees.
This includes 100% drug testing for pre-employment qualification.
Random drug testing programs that have severe penalties for
violations ensure that the intent to keep drugs out of the work place
is followed. A good drug testing policy will encourage early detection
of a substance abuse problem, facilitate early intervention, and,
when appropriate, provide support for the employee to deal with
the problem. It will also ensure safer work place.
***
Contractor Safety
Auditing:
A consistent audit program is a critical element to excellent safety
performance.Top performing contractors typically follow an audit
program regardless of the requirements of the owner. Audits that
address both site conditions and safe behaviors are most beneficial.
Periodic workplace safety audits prevent injuries and accidents.
Audits are important to effective safety management as a
continuous process of workplace safety planning, analysis, and
correction when needed.
15
16
Summary
In this lesson we have:
Reviewed the PSM regulation
Reviewed the responsibilities of the employer
Reviewed the responsibilities of the contractor employer
Reviewed an example of a management system that
proactively addresses contractor safety
17
Todays Roadmap
What could be an Emergency?
Who is involved in an Emergency?
Framework/Philosophy in Support of Emergency Response
(ER)
Key priorities that must be addressed
Typical Scope of ER Team
What is in the plan?
Role of ER Support Center
Summary and Homework
Group Exercise 1:
Generate a list of potential events that could activate a
corporate emergency response plan
List, from your perspective, who would be the key people
involved in managing each emergency, from both inside and
outside the company.
Keep your lists for further reference.
Any of the emergencies listed above can activate a corporate
emergency response plan.
The key people involved in managing emergencies will depend on
the nature and severity of the emergency. The EAP should also
state the degree of involvement of facility employees for various
types of emergencies. Local emergency response personnel may
handle some emergencies such as firesand explosions. This should
be clear in the written EAP. At such times the corporate the
emergency action plan will focus on evacuation and notification.
95%
4%*
Response
.7%*
Recovery
.3%*
***
Group Exercise 2:
Discuss the 4 philosophical concepts of EM&R and jot down what
your team thinks is a good definition of each of the 4 philosophies.
Be prepared to share. You have 5 minutes.
Levels of Crises
Local
Regional
International
10
11
12
13
***
14
15
16
***
Summary
ER is a system within PSM
An ER system has its own theories and thinking
Philosophy
Priorities
Organization
It must be practiced to be done well
ER extends beyond the walls of the company
May you NEVER have a real one
17
Incident Investigations
Todays roadmap Advanced Investigations
Corporate Policy
Theories of Incidents/Accidents
Typical Training
What gets investigated
Incident/Accident Causation
Investigating Process Safety Incidents
Action In Case of Incident/Accident
Reporting & Investigation
Recommend corrective actions (if warranted)
***
A good investigation is likely to reveal several contributing factors,
and it probably will recommend several preventive actions.
What is an accident?
Accident is an undesired event that results in a personal injury or
illness, or damage to or loss of property, process or environment.
What is an incident?
An incident is an event that disrupts the work process and has the
potential to cause injury, harm, or damage to persons, property or
environment.
Near-miss
Near misses describe incidents where no property was damaged
and no personal injury sustained, but where, given a slight shift in
time or position, damage and/or injury could have occurred.
Corporate Policy
Despite PSM, there are accidents and near-misses in all industries.
At such times corporate policy and written guidelines to promptly
address the issue and resolve the incident are essential. In addition
to immediate measures to contain the impact and support the
affected employees, it is essential that the policy includes detailed
instructions to report the findings and give recommendations for
identifying and remedying flaws in the system that can produce
catastrophic results.
It is the responsibility of the management that the strategic system
for incident investigation works as intended. Management is
responsible to establish a consistent means of recording accident/
incident investigation information and disseminating corrective
actions throughout the organization, which will be used to prevent a
recurrence of the same or similar accidents.
Management is also accountable for ensuring the organization takes
action and LEARNS! Management systems need to be developed
which will recognize operational weaknesses and implement
preventive measures. The incident investigation plan should be
developed before any such occurrence to be of any use. Who should
investigate, when, where, what and how; all issues should be
decided right in the beginning.
Theories of Incidents/Accidents
Reasons Theory (covered earlier)
ABC Antecedent, Behavior, Consequence
ABC Antecedent, Behavior, Consequence
ABC is a simple formulato know why a behavior occurs. It helps us
to understand the relationship between theAntecedent-BehaviorConsequence. The antecedent is something that comes before a
behavior (in this case the incident). The incident needs to be
described in a specific operational sense. The consequencethat
follows the incident (behavior) is the reinforcing outcome of the
event.
This is a tool that requires observing the event immediately prior to
the behavior (incident) to determine what triggers the incident. This
knowledge can be used to reduce or eliminate problem behaviors by
intervening beforeor after they occur.
***
Typical Training
An incident investigation process is crucial to prevent similar
incidents in the future. It is a learning tool. That is why proper
training is essential for the people doing the investigation. All the
people involved in investigation process should have clear
understanding of their part is in the process and how to perform
their assigned responsibilities during an investigation process. They
should know how to carry out the investigation and the tools used
to do this. They should be aware of the process and know how to
complete incident reports and provide analysis of information
For this purpose, all members who have the potential to become
involved in an investigation MUST be trained. It is only proper that
more training is required for more serious incidents. Also
considering the time element the training needs to be as per the
level of investigation. (E.g. If you have the potential to be in the
lowest level investigation, you only need to be trained to that level)
The training and technique must be consistent and should escalate
as sophistication increases.
E.G. ABS Consulting http://www.absconsulting.com/
***
Incident/Accident Causation
The immediate cause of a workplace accident is mostly easy to
determine. However, zeroing in on the system failure that led to the
cause of the accident is tougher. That is the root cause of the
incident.
Causal factorsare usually multiple. These can be divided into
immediate and system causes.
Immediate causes: actions, conditions man, machine, material.
System causes: human factors, job factors management systems,
methods or environment.
Root cause analysis (RCA) is a technique that aims to find out the
real cause of a problem and dealing with that, rather than just
dealing with its symptoms. Such a finding is important as it can be
corrected to prevent recurrence of this and similar occurrences.
Normally precursors or antecedents of an accident/ incident need to
be determined. During accident/incident investigation the state of
barriers should be assessed. Consider using WHY questions as
simple RCA.
***
Investigating an Incident
It is a good practice to establish your system and train people prior
to any incident.
Serious Incident
The seriousness of such an incident is due to inclusion of a fatality
or major offsite impact. It may impact the reputation of the
company, or could have such an impact.
The investigating team should include senior people from the
location as well as corporate. Team reflects the expertise (vis--vis
technical qualifications as well as human resource qualifications) to
understand the incident.
Team knows the right questions to ask andhas the wherewithal to
understand the true root cause. If conditions warrant, outside
experts should be brought in to ensure impartiality.
***
Final Thoughts
The investigation is to learn from mistakes and not to assign blame
for what happened. That is the most important aspect of any such
investigation. Such investigations also provide crucial information
that will help develop methods to prevent future incidents. So it is
important that you DO something concrete with what you have
learned!
Your procedures and standards should be written in the blood of
those hurt. Also keep your antennae up for any incidents in other
companies that could have happened in yours, and learn from their
mistakes; do not repeat an error! API has a committee called Best
Practices that reviews incidents to provide a forum to share
learnings. That, in and of itself is a best practice.
***
Slide 20
Chapter 26:
Understanding Audits
Any system in an organization cannot be declared successful unless
proved to be so. So PSM system too needs feedback to continuously
improve the process and achieve excellence. One of the most
important feedback methods is Audits!
Audits and assessments are standard pieces of work done in many
facilities to help assure that work is being done correctly and
completely. Audits do use metrics to evaluate but also use special
protocols that are normally different from standards.
There are different types of audits:
Fire
Occupational Health
PSM
Project Management
Safety Culture
Environmental
***
Outline
In this chapter we will study audits exhaustively on following points:
What is an audit?
Why audit?
Types of audits Four levels of audit
What is the Principle involved?
Purpose and objectives of an audit
Audit guidance
Link to TQM, Total Quality Management
Link to Business Excellence
***
Slide 5
What is an Audit?
Webster: A methodology to examine with intent to verify
Chemical company: Systemic approach to determine position
relative to goal
CCPS: Systematic, independent review to verify conformance
to established guidelines/standards Audit employs a welldefined process to ensure consistency. Auditors must be able
to reach defensible conclusions.
An audit is a technique used to gather sufficient facts and
information, including statistical information, to verify compliance
with standards.Field observations yield data for determining
performance against established standards.
A compliance audit is a comprehensive review of an organization's
adherence to regulatory guidelines.Audits provide a crucial
management control for Process Safety Management (PSM). Audits
Why Audit?
Why should audits be carried out?
Audits are critical to the implementation of any system. PSM too
profits from audits. Basically audits ensure that the metrics set by
an organization and the industry regulatory standards are being
met. That means people are kept safe.
Audits also are a learning tool, for the organization being audited
and the auditors too. Such detailed examinations help in continuous
improvements in the safety processes.
Audits are essential to satisfy regulatory requirements.
Audits assure that the organization is on the right path of progress.
They verify claims made about safety and systems and there is
guarantee that the claims are right!
Audits help improve processes and profitability.
***
Types of Audits
1st party you assess yourself and your team every day.
Findings are captured. Items to be corrected are placed on a
local list.
2nd party another site assesses your operation
3rd party some from external to your company assesses your
site/operation
4th party a management systems audit on a group of
managers to assess progress and effectiveness; real outcomes
vs. stated outcomes
Large organizations can perform both 1stparty audits as well as 3rd
party audits. That is because large organizations typically have
groups that are dedicated to the audit process for the corporation.
For informal first party audits leaders can ask a series of questions
to employees with respect to PSM, their knowledge, and their
degree of compliance.
The First Party Auditing can be conducted anytime and many times.
Also as the managers are directly involved they become fully
conversant with the PSM standards and can ensure high standards
in their area. Also as these audits are informal, they can check
deficiencies easily and correct them quickly.
A weakness of First Party Auditing is that it might not be rigorous. It
is human tendency to promote the positive and play down the faults
to the detriment of safety. Auditors need to be impartial and must
display strong leadership and commitment in order to conduct
meaningful First Party Audits.
It is sometimes better to conduct PSM audits across areas or units.
For this knowledgeable subject matter experts can perform audits
outside their own area. This will bring a new perspective to the
process.
Second Party audits are external audits. Theyre usually done by
customers or by others on their behalf. However, they can also be
done by regulators or any other external party that has a formal
interest in an organization.
Third Party audits are when a company invites outside organizations
such as registrars (certification bodies) or regulators to conduct
audit. These audits offer an outsiders view and are considered to be
less biased and more objective. Of course there may be
aggressiveness from outside auditors as they may be desperate to
find something to justify their presence, or make them or their
company look professional.
Fourth party audits are a management systems audit on a group of
managers to assess progress and effectiveness; real outcomes vs.
stated outcomes
***
Slide 10
Management System
***
***
Audit Objectives
Audits and assessments are standard pieces of work done in many
facilities to help assure that work is being correctly and completely.
Audits should be viewed as an opportunity for the organization to
learn and to improve. Improvement should be carried out where
there is scope to improve; otherwise only audits would have no
value.
How an organization responds to an audit is usually dependent on
how the leader thinks and talks about the audit and its results.
***
ISO 9002
TQC CCI
1. Management Leadership
Management Responsibility
2. Accountability
3. Performance Measurement
(4.16)
Human Resources
Strategic Quality Planning
Problem Solving
4. Incident Investigation
Corrective Action
(4.13)
(3)
(2)
(4e)
(1.2)
(4.5)
(5.5)
Compliance Audits
(o)
Problem Solving
(4e)
Process Management
(5.2)
Incident Investigation
(m)
5. Information Sharing
Non-conforming Material
(4d)
Trade Secrets
(p)
6. Community Input
(4c)
Public Responsibility
Customer Relationship Mgt.
(1.3)
(7.2)
(4a)
(4c)
(4c)
Operating Procedures
(f)
8. Hazards Documentation
9. Risk Assessment
10. Management of Change
Quality System
Document Control
Document Control
Quality Records
Statistical Techniques
(4.2)
(4.4.1)
(4.4.1)
(4.15)
(4.18)
Process Control
Document Control: Changes
(4.8)
(4.4.2)
(1)
OSHA PSM
(1.1)
(4.1.2.1)
Leadership
MBNQA
Senior Executive Leadership
7. Design Documentation
(4.1)
(4a)
(4c)
Public Responsibility
(d)
(e)
Management of Change
(I)
(1.3)
(d)
(I)
Mechanical Integrity
(j)
(e)
(4c)
Process Control
(4.8)
(4c)
Quality System
(4.2)
Human Resources
(3)
Quality System
(4.2)
Documentation
(4f)
19. Training
Training
(4.17)
Human Resources
(3)
Training
(4.17)
Contract Review
Purchasing
(4.3)
(4.5)
(4.3)
Training
(g)
(4.3)
(k)
(f)
(g)
Training
(g)
Contractors
(h)
Supplier Quality
(5.4)
***
Common thread
Sound & up-to-date technology
Trained personnel
Equipment - Maintained & reliable
Effective Management of Change
Audits - Control & feedback
Do the job the right way
***
Employee Safety
Environment
Fire Protection
Occupational Health
Process safety
Product Stewardship
Maintenance
Operations
***
Date
What observed
Learning
Site B
Date
Site C
Date
Etc.
Do you notice any patterns or common deficiencies?
Most likely
Exemplary Practices
Make sure that the good news is mentioned first as one reports out
on a management system audit.
***
Program Deficiencies
List deficiencies AFTER listing what is going well however, when
reporting deficiencies, be sure to be specific and use clear language
to assure understanding.
Straight talk helps to assure action!
***
or
Business
Unit
Policies
and
Procedures
for
PSM audit
PSM audit should have an evaluation of the design and effectiveness
of the process safety management system and a field inspection of
the safety and health conditions and practices to verify that the
employer's systems are effectively implemented and well
documented.
The essential elements of an audit program include review of PSM
program details, review of support documentation, conducting the
audit, interviews, evaluation and corrective action, follow-up and
documentation tracking recommendations to closure.
Link to TQM
TQM is Total Quality Management, which is a kind of quality
system
The Deming Cycle is the basis of continuous improvement in
any system
Deming Cycle consists of 4 key steps: Plan, Do, Check, Act
The Audit is the CHECK part of the Deming Cycle
Follow Up on Audit recommendations can be part of Act, Plan
and Do steps
***
Examples of audits
Foreign facility that did not run pollution abatement equipment
Domestic facility that the workers felt did not care about safety
Foreign facility with sulfur emissions
Were these bad situations?
On a very large and profitable foreign facility, the basis for fast
tracking expanding the facility hinged on installing the latest
pollution abatement equipment. The author was the lead auditor on
the project and indeed the pollution abatement equipment WAS
installed however it was not running. The management at the
facility tried to hide this fact from the team, but when confronted by
the fact that it was not running, the team was told Good Catch.
Within 6 months that facility manager was retired, as it should be.
Good companies need to run good facilities. Period.
Point two is subtle, but important! The workers at a facility must
know that their safety and wellbeing is the top priority of the units
leadership. At one time an entire complex was shut down to safely
work on a small portion of the flare header the mechanical folks
being macho men said the could work on the section safety if no
discharges occurred to the flare line. However the author did not
agree with that and the entire complex was safety shutdown and
put in the safe off position. The mechanical and operational folks
understood clearly that the cost of daily operation was high and
worked non-stop to repair the line. The unit was then safety
restarted and no workers lives were ever in jeopardy. In the long
term, the unit operators knew that safe operation was expected.
The third example is from a very remote facility that emitted sulfur
emissions that the author thought were excessive. These were
within the operating permit, but quite high by the authors
experience. Conversations with the local staff said that the sulfur
emissions were actually good for the environment since the
surrounding soil was very basic; and the sulfur emissions actually
did two positive things. It added trace nutrients to the soil as well
as moved the pH of the soil more to neutral that would help the
crops being cultivated. The learning here is that pre-conceived
notions need to be either substantiated or the truth discovered.
***
Petroleum Refinery
Program (NEP)
Nov 2011: OSHA Chemical Facility NEP
o No expiration date
o PSM-covered facilities will be inspected.
NEP compliance should be the minimum PSM objective!
OSHA Enforcement website
http://www.osha.gov/dep/index.html
The chemical facility National Emphasis Program (NEP) issued by
OSHA is a focused inspection program that includes policies and
procedures to verify compliance with OSHA's Process Safety
Management (PSM) standard (29 CFR 1910.119) at covered
facilities.
program
should
be
well
documented
AND
more
importantly implemented!
The management and employees should be aware of NEP
PSM documents, files should be easily accessible
Ensure the earlier audit recommendations are fulfilled
Maintain proper schedule for closing such action issues
Arrange for an external audit/regulator and institute required
remedial measures
***
Role of regulator
Employers should necessarily select a PSM trained individual or
assemble a PSM trained team of people to audit the process safety
management system and program. An outsider may not be entirely
aware of the process.
The outside regulator/auditor does not know the process well
Learning Objectives
Incident findings and audits are great learning and improvement
tools. Incident findings can help change processes to avoid incidents
from recurring, and turning potential hazard into safe practice.
Audits help in checking actual practices vis--vis ideal or standard
practices. This helps in identifying process, equipment and training
problem areas and these can then be addressed straightaway.
Audit and investigation findings are essential to business
improvement. In todays world, if you cannot learn in an organized
way from your experience, your business will pass from the scene
quickly
***
What is Sustainability?
Todays corporates define sustainability as a business strategy that
directs long-term corporate growth and profitability, by including
environmental and social factors in the business model. Thereby
sustainability strives to change the way a company does business,
for the better.
The aim is to enhance company and employee value by managing
environmental and social risks and seize opportunities that emerge.
Corporations, universities and the government are all starting to
embrace and implement the concept of sustainability.
Sustainability is a path of continuous improvement, wherein
the products and services required by society are delivered
with progressively less negative impact upon the Earth.
***
Slide 8
Strategic Commitment
7
Environmental Performance
Safety Performance
4
3
2
1
0
Product Stewardship
Sustainability Innovation
Social Responsibility
Sustainable Firms
Sustainable firms manage their profits, people and the planet. Such
businesses have healthy financial, social and environmental systems
making them change compliant. They create value for themselves
and for their customers today without compromising the tomorrow
of generations to come.
As stated by Financial Times, for industrial development to be
sustainable, it must address important issues at the macro level,
such as: economic efficiency (innovation, prosperity, productivity),
social equity (poverty, community, health and wellness, human
rights) and environmental accountability (climate change, land use,
biodiversity).
Safety is essential to sustainability
People have to go home well and unhurt to have a
sustainable firm
Process safety and mechanical integrity must be supported
and operational for a firm to remain viable, as all firms
operate with the permission of those around them
***
Continuous Improvement
Continuous Improvement as the name suggests is a quality theory
that believes that more improvements are possible all the time by
reevaluating and improving processes and systems. That is the
Kaizen continuous improvement philosophy! It is an ongoing
Link to TQM
Total Quality Management (TQM) is also continuous improvement.
It applies to every facet of an organization right from management,
systems, and processes to the culture of the company! Such an
organization ensures that processes are done right with maximum
Summary
No matter what the audit learnings need to learn
Your Knowledge management system must work with your
PSM audit process in order to help maintain the lessons
Chapter 28
Learning Objectives
Learn the various roles that a regulator plays in the safe execution
of Process Safety Management
***
What is a Regulator?
A Regulator is a member of a Regulatory body mandated under the
terms of a legislative act (statute) to ensure compliance with the
provisions of the act, and in carrying out its purpose.
Their task is to codify and enforce rules and regulations and impose
supervision or oversight for the benefit of the public at large.
Chemical industry is a regulated industry and a Regulator will
secure compliance and enforcement of statuary requirements. The
regulatory agency promulgates benchmarks created to enforce the
provisions of a legislation.
Todays Roadmap
Regulator as part of a system
Different types of regulators
How regulators work
How to manage a visit
Common pitfalls
Making regulator visits work for you
Summary
***
Common Pitfalls
The most injurious action is to treat the regulator as an adversary
and deny due respect.
Summary
Regulators play many different roles
Respect your regulator
Get to know your regulator BEFORE they show up at your site!
Regulators are real people!
Todays Roadmap
What is a vision?
Impact of corporate commitment on PSM
Discussions on tone at the top
Proactive and reactive
Looking at key communications
Summary
***
Tone (at whatever level) is another word for the informal culture of
the organization the shared understanding of how things really
work around here irrespective of formal rules and policies
Such tone, ethical or otherwise is set at the top by the top
management and trickles down to all the levels to the last employee.
Tone at the Top is about creating a culture where everyone has
ownership and responsibility for doing the right thing, because it is
the right thing to do. Even if there are important rules and
regulations for safety, if the management is firm and walks the talk,
then the correct tone is set. That is what builds the integrity of the
organization.
Rules, written procedures do not build integrity. It comes from the
top, when the top people are seen to follow the rules and are seen
to be concerned about safety. Embedding systems and processes to
support the Tone from the Top will help shape the organizational
culture and measure the effectiveness of leadership actions and
behaviors over a period of time.
When the top managers uphold ethics and integrity so will
employees. However if they appear blas about ethics and more
concerned about production and profits, then the employees will
take their cue! So it is advisable to set the right tone at the top.
The Treadway Commission used that phrase for the first time vis-vis financial reporting. Its study concluded that a companys
culture is causally linked to a companys misbehavior and
emphasized that a companys leaders must create a culture that
promotes appropriate business conduct.
Consistent and frequent communications and oversight and
monitoring of decision making are the key drivers to the
implementation of safety culture.
***
What is Vision?
Vision is a picture of the future the company wishes to create. It is
what the company wants to become, where it wants to be. These
are the long-term goals of a company.
Creating a corporate culture that aligns with the values of all
stakeholders, employees, customers, shareholders and society is
the critical issue for business in the 21st century. Cultural capital is
rapidly becoming the new frontier of competitive advantage.
What is the culture of a company? It is best defined as, the way we
do things around here. It has a deeper connotation how we
behave when no one is looking
Culture Ladder
Achieving World-Class safety performance requires a culture shift
and the involvement and ownership of all employees.
Reactive Stage is the lowest maturity level. Here people do not take
responsibility. They believe that safety is more a matter of luck than
management, and that accidents happen. And over time, they do.
The second stage is the Dependent Stage where safety is just a
matter of following rules that someone else makes. Accident rates
decrease and management believes that safety could be managed
if only people would follow the rules.
The next is the Independent Stage. Individuals take responsibility
for themselves. People believe that safety is personal, and that they
can make a difference with their own actions. This reduces
accidents further.
10
actions and thinking into proactive? What will it take in your work
experience to do so?
***
11
Key communications
There should be communication of support to safety culture by top
management to their organizations supervisors and employees.
This support can be reiterated through including safety issues and
policy in the ongoing communications
Messages by the Head of the agency to all employees expressing
commitment to safety first in their organization
Incorporate safety first message in all agency publications such as
brochures, newsletters, posters, etc. Also talk about safety internal
presentations and trainings.
Expression of support by Program Directors at their supervisory and
staff meetings and messages to their employees. Ensure continuous
13
Summary
Culture Eats Strategy for Breakfast
Culture always wins
Managers MAKE the culture by how they behave and what
behaviors they TOLERATE!
Proactive behavior is more successful than reactive behavior
in solving problems, always!
***
Homework
Question: In the practice of process safety management,
does it ever pay to be reactive over being proactive, and why?
14
15
Chapter 30
Safety Culture
***
Objective
Understand the role that culture plays in the ability to safety
execute a PSM system
Understand the components and the various ways of
measuring culture
Culture eats strategy for breakfast
***
Todays Roadmap
What is culture?
Impact of culture on PSM
Examining two models of safety culture
Some key behaviors to look for
Maintaining a good Safety culture
Summary
Homework
***
What is Culture?
Culture is described in various ways. For an organization, it is how
they do things. It is an intrinsic quality that can be observed. It also
signifies the shared beliefs, symbols, behaviors of the people of the
organization, and written and unwritten rules that have been
developed over time and are considered valid. It can have a potent
effect on a companys wellbeing and success. It includes an
organization's expectations, experiences, philosophy, and values
that hold it together.
Culture is How we behave when no one is looking.
Culture usually trumps procedures. You may have immaculate
procedures and processes in place, but if the culture is laid back and
slack, finesse in processes wont make a difference. The leader may
be a visionary, the strategy may be brilliant but will it work if not
supported by a good culture? Why do people take short cuts?
A good culture is motivated, inspired and self-driven. The workforce
is creative and innovative. The culture is positive and sustainable.
The employees are engaged; that means they are emotionally
committed to the organization and its goals.
In bad cultures creativity is stifled, workforce is not motivated.
People are stuck in daily grind and demands of productivity stress
them out!
How does this happen? The management is ultimately responsible.
New ideas, change is not welcome. The people therefore are not
engaged and productivity suffers!
***
***
Slide 8
Culture Ladder
rung of the ladder they are on, where they have been and what the
next step looks like.
The range runs from the Pathological, through the Reactive to the
Calculative and then on to Proactive and the final stage, that we call
the Generative.
Pathological, is where people dont really care about Safety let
alone Health and the Environment, and are only driven by
regulatory compliance and or not getting caught. We probably all
recognize this from the past but is something we have hopefully
moved beyond.
Reactive, is where safety is taken seriously, but only when gets
sufficient attention after things have already gone wrong. People
say things like its a dangerous business, or you have to
understand it is different here, you have to look out for yourself,
or those who have the accidents are those who cause them.
At the reactive level managers take safety seriously, but feel
frustrated about how the workforce wont do what they are told. If
only they would do what they are supposed to, we need to force
compliance.
The next level, Calculative, is where an organization is comfortable
with systems and numbers. The HSE-MS has been implemented
successfully and because HSE is taken very seriously, there is a
major concentration upon the statistics bonuses are tied to them,
contractors are rated in terms of their safety record, not just
because they are the cheapest. Lots of data is collected and
analyzed, we are comfortable making process and system changes.
There is a plethora of audits and people begin to feel they have
cracked it. Nevertheless businesses at this level still have fatalities
and are surprised when these occur.
***
Slide 9
Measuring culture
Managers
Supervisors
Team Leaders
Trust and
Attitudes to Risk
Local Culture
Relationship
with
Attitudes
towards Rules
Compliance
Production vs
Safety
Learning Culture
Employees
Involvement
Two Way
communications
Workforce
Management
Commitment
Value
DuPont-Bradley Curve
Achieving World-Class safety performance requires a culture shift
and the involvement and ownership of all employees.
Slide 11
Summary
Culture Eats Strategy for Breakfast
Culture always wins
Current business climate makes having a good safety culture
more difficult, not impossible
Culture requires solid work processes, effective rewards
A healthy organizational culture is made of various factors such as
tradition, mission, committed workforce, due recognition of merit,
and continuous improvement. It is said that a great strategy keeps
people in the game, but a great culture helps an organization win.
***
Slide 14
Homework
Review the following incidents, and document the key
elements of safety culture that were weak:
o Occidental - Piper Alpha, UK North Sea
o Nypro - Flixborough, UK
o NASA - Columbia Shuttle
o BP - Texas City
o BP Deepwater Horizon
Chapter 31
the facility, but with very simple, but specific steps turned that
worst standing into the best. After the presentation to the Board it
was hard to see any of the workers feet touch the ground. The
pride they took in their unit was palpable. The point here is that
management can encourage desired behavior, when done well it
drives PSM performance.
***
PSM Management Reviews in Safety oriented companies:
In each of the segments of the company, PSM management drives
expected behavior by regularly reviewing open action items found
during audits, assessments, PHAs, etc. When action items are open
longer than reasonable, management can intervene to see if
additional resources are needed and if so, get them where needed.
If the open action items are not complete due to inaction rather that
lack of necessary resources, then other steps may need to be taken
to show managements expectation of completion.
PSM management regularly reviews exceptions taken from
existing guidelines to see if trends exist in the various locations. If
more locations make exceptions it might mean that the guidelines
Chapter 32
Todays Roadmap
Improvement Processes
Basic Continuous Improvement (CI)
Statistical Process Control
Six Sigma
Lean Techniques
Summary
***
Improvement Processes
What is Continuous Improvement (CI)?
Continuous improvement means an ongoing effort to improve
products, services or processes. This is done by examining your
processes to discover and eliminate any shortcomings and faults.
This is generally done through small incremental changes or
sometimes through a breakthrough change. By focusing on making
Continuous Improvement
Organizations are making concerted and effective efforts to
implement PSM programs and procedures to comply with applicable
rules. Most have got the processes stabilized and the core
regulatory elements in place. Efforts now are primarily for
continuous quality improvement. So CI has become a part of PSM.
Out of the various different CI tools available, you should select the
right kind for the work you are doing and the process you are using.
Basically each tool can be used separately; but can also be used in
conjunction. It is like synergy; when used together the tools are
very powerful. All are totally compatible with the PSM system
***
ISO
A standard is a document that provides requirements,
specifications, guidelines or characteristics that can be used
consistently to ensure that materials, products, processes and
services are fit for their purpose.
ISO International Standards ensure that products and services are
safe, reliable and of good quality. For business, they are strategic
tools that reduce costs by minimizing waste and errors, and
increasing productivity. They help companies to access new
markets, level the playing field for developing countries and
facilitate free and fair global trade.
The Basic Standards of the International Standards Organization
(ISO) are below. ISO will certify your firm on these standards,
which means that you are following an ISO certified process, and
have achieved some minimum level of result.
Quality - 9000 Series
Environmental - 14000 Series
All of the DMAIC process steps are required and always proceed in
this order:
D Define a problem or improvement opportunity
M Measure process performance
A Analyze the process to determine the root causes of poor
performance; determine whether the process can be
improved or should be redesigned
I Improve the process by attacking root causes
C Control the improved process to hold the gains.
The most used Six Sigma (SS) Process expands the Deming cycle.
This method is used where the work process is known. SS requires
specific data to be obtained at each step of the process. DMAIC
methodology can be thought of as a roadmap for problem solving
and product/process improvement.
Good for overall PSM process analysis.
In the Improve phase you will develop a proposed solution, and you
will test, or pilot, that solution in a real business environment. This
piloted solution allows you to collect real-time process data to verify
statistically that you have fixed the sources of variation and your
solution will work on a larger scale.
***
Slide 11
D Define the goals of the project and that of the customers (both
internal and external).
M Measure and quantify the customer needs as well as the goals of
the management
A Analyze the options, existing process to determine the cause of
problem and evaluate corrective measures
D Design a new process or a corrective step to the existing one to
eliminate the error
V Verify, by simulation or otherwise, the performance of thus
developed design and its ability to meet the target needs
***
Kaizen
Kaizen is Japanese word for good change. The Kaizen method is
based on the philosophy of continually seeking ways to improve
operations. The basis of the continuous improvement philosophy is
the belief that no operation is perfect and there is always room for
improvement.
Kaizen is gradual, uses small steps, conventional know-how and a
lot of common sense. The focus can be on for example reducing the
length of time required for a process, or the waste generated in a
process or even wasted movement. Setting up tool stations so that
everything is within arm's reach is an easy way of cutting out
wasted steps, and iterated over the course of a day, or a month, for
two hundred workers, this means greatly increased productivity.
The concept is to review and look at physical workflow. Then focus
on removal of hard work or muri. The people most closely
associated with an operation are in the best position to identify the
Lean Techniques
"Lean", is a production practice that considers the expenditure of
resources for any goal other than the creation of value for the end
customer to be wasteful, and thus a target for
elimination.Essentially, lean is centered on preserving value with
less work.
The Lean technique is a workplace organization method that uses a
list of five Japanese words which when translated into English are as
follows:
Sort the necessary and the unnecessary, the essential and
non-essential items. Eliminate clutter.
Set The workplace in order. Decide the best location for
each item, and keep essential items in assigned locations.
Remove all non-essential items from the work area. Devise
effective storage for easy access and ensure proper labeling
for quick siting.
Shine The work area. Systematically clean the place and
tidy it up. Daily regular housekeeping activities and cleaning
is required as a follow up.
Lean Techniques
What is visual lean technique? These are visual manifestations of
the Lean process such as scoreboards, production control charts,
team communication boards, or other types of visual media. When
such visual media are right in front of you, you know where you
stand and what you need to do!
Lean technique is used a lot in process industries to discover waste.
Drives operational discipline, which underpins strong PSM.
***
Summary
Continuous improvement is an essential business process in
support of PSM
Good PSM processes include CI techniques
Use of more than one technique is better
Not using any CI technique signifies a very weak PSM
program
Chapter 33
Todays Roadmap
Let us see where you will choose to be in your first job.
Manufacturing
Capital project execution
Sales and Marketing support
Finance/MBA/Insurance/Risk Management
We will look at PSM vis--vis these jobs.
***
Finance/Risk Management
So, you are not on the manufacturing side, you are getting an MBA.
Even here your knowledge of PSM is of a great advantage. Reducing
Summary
PSM touches every job in many industries
Thank you for your attention over the past chapters
We hope this eBook has been of value
We are interested in your comments, and please send your
feedback to us: [email protected]
Follow us on Twitter @thePSMeBook
point being made here is that if the company you begin to work for
has a strong PSM program, make it stronger, and if it is a weak
one, you may want to consider another company.
Safety culture
Safety culture is a fairly nebulous term, but hopefully you get the
drift that the way the culture of a place really is, compared to how
it is portrayed makes a huge difference. Do they do what they say
they do, or is it simply for a good face to the world. Effective,
economically viable companies have a clear vision of operating that
must be a normal part of their everyday existence. Others have
listed the following as indicators of how a culture of safety can be
measured.A not all-inclusive list follows:
o Management Support for Safety
o Peer Support for Safety
o Personal Responsibility for Safety
o Incident Reporting and Analysis
o Safety Rules, Regulations, and Procedures
o Training, Safety Suggestions and Concerns
o Rewards and Recognition
o Safety Audits and Inspections
o Communication
o Employee Engagement
o Safety Meetings & Committees
o Discipline
As should be obvious from the list these are not subtle things. They
tell you how the leadership of a company views and supports
safety. Management support is essential for the commercial success
of any endeavor both from an economic point of view as well as the
PSM aspects.
So, how does this relate to the future of PSM? Only the companies
that embody a safety culture within their value system will survive
and thrive. Make sure you strengthen that safety culture by doing
the right things for the right reasons. Sounds simple and it is, just
do to.
Behavioral Safety
Continuing the theme of safety culture, the types of behavior that
are practiced by you and your co-workers are crucial to a safe
environment. You get what you give. Do you only behave in a safe
manner when you know you are under scrutiny or all the time? If
the former you are the problem, if the latter then you are part of
the solution. If you see unsafe behavior, you can help the offender
by offering your insight into a better, safer way. As hard as it is to
believe, some behave in an unsafe manner because they dont think
it is unsafe, merely a quicker way to get things done. The safer
way may be a slightly longer way to get to the end point, but
arriving safely is the preferred route.
Here is a simple, but clear example: When you bring eggs home
from the store and transfer them into your refrigerator,do you hold
the carton under the transfer point or not. To do so, takes just a bit
more time, but if you dont and you slip! Well, you get the idea.
This is clearly not an earth-shaking event either way, but is an
example of doing things in a manner you have thought out to be
the best and safest manner (and in this case the cleanest) is
obvious. How you approach your work and home similarly will make
your life safer. The key element is to anticipate what could go
wrong and take measures to minimize that possibility of unwanted
results.
That, in a nutshell, is behavioral safety!
Human Factors
Human factors and ergonomics are focused on the "fit" between the
user, their equipment, and their environments. It takes into account
the user's capabilities and limitations in seeking to ensure that task,
function, information, and environment suit the user.
To assess the fit between a person and the used technology, human
factors specialists or ergonomists consider the job (activity) being
done and the demands on the user; the equipment used (its size,
shape, and how appropriate it is for the task), and the information
used (how it is presented, accessed, and changed). Ergonomics
draws on many disciplines in its study of humans and their
environments, including anthropometry, biomechanics, mechanical
engineering, industrial engineering, industrial design, information
design, kinesiology, physiology, and psychology.
A very simple example of this is the keyboard you use on a laptop.
It is not at all suited to the function of typing, but rather to fit the
laptops design. A better alternative to use regularly is a split
keyboard that fits the general orientation of the hands when typing.
The author had been using a regular keyboard for many years when
challenged by an industrial hygienist to try a split keyboard. The IH
person insisted and took away the regular keyboard and promised
to bring it back in a week. Soreluctantly the author agreed. One
week later the author would not give up the unwanted split
keyboard.
Again, the above is a simple, yet clear example of human factors at
work and the possible impact on the potential for carpel tunnel
syndrome developing. A clear example from the workplace is the
location of valves. Are they located where the worker has easy
access or does a scaffold need to be put in place? If the latter, can
Call-outs
Exception process
Periodic review of the FRMS to achieve continuous
improvement
It should be clear from the above that a comprehensive approach to
the issue has been incorporated in RP 755 to help provide a
solution.
An individual must also take personal responsibility to ensure that
their own fatigue will not lead to a process safety incident.
Whatever rules or guidelines are in place it cannot be emphasized
too much how the individuals own sense of responsibly should
govern their actions.
Effects of Health on Safety
Not much has been written on the effects of ones health on their
safety in the workplace, but the converse is not true. So, we shall
think a bit about the topic of ones health.
An individual (YOU) should take the best care of your own health for
the obvious reasons. youll feel better. youll live better. those
around you will be better. you will work better and safer. When
you read this you will say, of course I understand this and it is
obvious. However, how many times did you go to work after a few
too many drinks the night before and never thought about it? More
than once, I would expect. And, how many times did you go to
work with a touch of the flu and did not think about how many of
your co-workers could become infected? Or, did you ever think
about the distraction of feeling ill and how it could cause your
judgment to possibly be affected that might lead to a process safety
incident?
data is the near miss data. Near miss data is that small voice
whispering in your ear that says.Pay Attention To This You, the
reader should be alert to these warning signs and ensure that your
company does so as well. If you do not have a management
system in place. you can and should make it happen.
Rememberyou control your destiny.
Use of BIG DATA Could Make PSM more Predictive
With the advent of more powerful computing platforms, we are
learning to harness the computer as a tool to provide almost
continuous analyses around micro-trends in how the data changes.
These trends can be used to predict serious process incidents with
enough lead time to be able to mitigate or avoid things like
emergency shutdowns, plant outages, reactor upsets and serious
mechanical failures
Summary
Much has been said about how you control your destiny.it cannot
be overemphasized. You do control your destiny and to some
extent that of your co-workers. Make sure you understand what
you are seeing in the workplace (and your home) and think thru
your actions to anticipate what could go wrong and adjust your
actions accordingly. If a procedure doesnt make senseask why
Do not proceed until you know that the path is correct. Just do it is
not the correct answer. You do control your destiny.
Now go forward and make PSM better than you found it!