IMPLEMENTING INHERENT SAFETY THROUGHOUT PROCESS LIFECYCLE Markku Hurme, Mostafizur Rahman

Helsinki University of Technology, Laboratory of Plant Design, P.O. Box 6100, FIN-02015 HUT, Finland markku.hurme@hut.fi Abstract Inherent safety should be implemented as early as possible in the design life cycle, since the changes in process design are easier and cheaper the earlier they are done. The problem is, how to evaluate process alternatives in the terms of inherent safety in the early design phases, when much of the information is missing. In this paper the process life cycle phases, the inherent safety analysis techniques used in them and the accuracy of methods is discussed. 1. Introduction The aim of process design is to create a process that is economic, safe, and environmentally benign throughout the whole lifetime of the plant. It is required that the safety of a process plant fulfils certain level because of general society requirements, company image and economic reasons. An unsafe plant cannot be profitable due to potential losses of production and capital. The safety of a chemical process can be achieved through inherent (internal) and external means. The inherent safety is related to the intrinsic properties of the inherent safety to remove hazards rather than to controlling them by added-on protective systems, whic is the principle of external safety. As a process goes through the phases of lifecycle, such as research and development, design, construction, operation, modification, and finally decommissioning, inherent and added on safety have a varying emphasis. The major decisions on process principle are done in the process development and conceptual design phases. Therefore the process development and conceptual design phases give the best opportunities of implementing inherent safety, whereas added on safety has its applications in detailed process and plant engineering. In fact the possibility of implementing inherent safety decreases as the design proceeds (Fig.1). Thus the inherent safety characteristics should be evaluated systematically as early as possible to gain larges benefit. However, the lack of detailed information especially in early design phases complicates safety evaluations and decision making. At this point, much of the detailed information - on which the decisions should be based - is still missing, because the process is not yet designed. Once the process is designed, one would have all the information, but not the freedom to make conceptual changes. This design paradox makes it necessary to implement a dedicated methodology for estimating inherent safety in the early design phases to allow its early adoption. This paper will discuss the principles of inherent safety implementation and evaluation throughout the process lifecycle.

Knowledge of process

Opportunities for installing add-on safety features Opportunities for installing inherently safer features

Detailed eng.

Constrution

Conceptual

Flowsheet

Research

Figure 1. The design paradox and inherently safer design 2. Evaluation of inherent safety Most of the existing safety analysis methods have been focussed on existing plants or design phases where all documents are already available, because they require detailed information about equipment and plant layout. Safety aspects are however most effectively being considered early in chemical process development. This is hindered by lack of knowledge of the process. At the early stages, only quite limited information on equipment and plant layout exists. Thus, most common methods intended for analysing full designs or plants in operation cannot be used. For this purpose in inherent safety indices have been developed. They are based on the information available in the early design phases. The first index published for evaluating the inherent safety was the Prototype Index for Inherent Safety (PIIS) by Edwards and Lawrence (1993). The Inherent Safety Index (ISI) by Heikkil and Hurme (1996 and 1999) was developed to include more aspects than PIIS. The iSafe Index was developed by Palaniappan et al. (2002 and 2004). The indices use somewhat different criteria to evaluate inherent safety and therefore have to some extent different data requirements (Rahman et al. 2004a,b). In this paper the problems of implementing inherent safety evaluations and their accuracies in process lifecycle are discussed. For this purpose we have to look more closely, what are the lifecycle phases and how the amount of the knowledge on the process will increase in design. 3. Process lifecycle phases A process goes through various stages of evolution. Progression through these stages is typically referred to as the process life cycle: 1. 2. 3. 4. Idea Research and development Preliminary process design Basic engineering

P ID

Operation

Start up

5. Detailed engineering (Plant engineering) 6. Procurement, fabrication, construction, installation 7. Start up 8. Operations, maintenance 9. Modifications, retrofitting 10. Decommissioning Many of the phases are separated by decision phases as shown in Figure 2.
Action Product development Process development Process design Plant concept Detailed engineering Construction Aims and decisions Research decision Design decision Investment decision Plant is ready for operation

Figure 2. Life cycle phases of a process in a development and design project 3.1 Idea phase New ideas often deal with new or improved products and processes. The first check of the viability of a new idea is often done quite quickly. If the idea looks promising in economic, safety and environmental terms, preliminary research and development can be started by a research decision (see Fig. 2). In idea phase information is collected on competing processes, patent situation, legal aspects and environmental and safety considerations, as well as raw materials, reaction chemistry and product specifications. Typical information available in this phase on a new process is the main reaction chemistry and the basic physical, chemical and toxicity properties of the compounds present (Figure 3). The methods used in safety analyzes have to be based on these basic properties. The result of inherent safety estimation by index methods is very rough and does not give a right ranking of process routes (Table 2). 3.2. Research and development phase As a new project is started, the chemical synthesis route is selected. The main goals are yield, product quality and safety. To apply inherent safety, research chemists must make an in-depth investigation on the process chemistry. Reaction hazards have to be investigated by reaction calorimeter to find out the conditions, where possible side reactions take place and to find out the possibilities of a runaway reaction. After the definition of the chemistry, reaction conditions the basic concept of the future process is defined. Research engineers have now many opportunities to incorporate inherent safety principles in the choice of chemical synthesis route for example by: 1) implementing catalysts leading to less severe operating conditions 2) eliminating a hazardous solvent by using a safer one such as water 3) reducing reaction temperature, pressure and concentration 4) using a more volatile solvent that refluxes and provides efficient cooling of reaction.

After the process chemistry has been established, which defines the hazards of the materials, process development personnel needs to focus primarily on process synthesis and unit operations used. This includes the process scheme with reaction and separation steps. In this phase bench and pilot experiments may be necessary for scale-up. Nowadays also mini plants are used to allow continuous process testing in small scale. In R&D phase, which includes also conceptual phase, the designer has the greatest opportunity to implement inherent safety principles, since most major decisions are done in this phase. Also most inherent safety principles can be considered in conceptual design as shown by Kletz (1991) in Table 1. Table 1. Inherent safety principles considered in first project stages (Kletz, 1991)
Feature
Intensification Substitution Attenuation Limitation of effects: - By equipment design - By changing reaction conditions Avoiding knock-on effects: -By layout -In other ways Making incorrect assembly impossible Making status clear Simplification Tolerance Ease of control Software

Conceptual stage Flowsheet stage PI-diagram stage

X X X X X X X X X X X X X X X X X X X

Because many fundamental decisions are made, creative thinking is important in new process development and in looking opportunities to make the process more inherently safer. New principles, such as process intensification, can systematically be implemented to reach the goal (Rong et al., 2004). In R&D phase inherent safety can be estimated quite well by using the Inherent Safety Index, since most of the information needed is already available (Fig. 3). The accuracy of evaluation is nearly as good as in the process predesign phase coming next. The ISI index can give a quite reliable inherent safety ranking of the process alternatives as presented in the MMA process case study (Table 2). In some cases ranking gave however same ranks to some quite similar alternatives. 3.3 Preliminary process design Preliminary engineering (or process predesign) is often done only for one process concept based on a pre-feasibility study done earlier. Material and heat balances for the process concept are calculated and flowsheet diagrams generated. For this purpose the type of unit operations have to be decided, if not already done in process development. Preliminary sizing of main equipment and a preliminary layout is also done. More accurate estimations of cost and profitability, safety and environmental aspects are made in a feasibility study to find out, if the project is still promising. In process predesign the decisions are related to process dimensioning and unit operation types. Even the operating conditions of key equipment are partly determined already in process development, there are still good opportunities to implement inherent safety principles; see Table 1: Intensification and simplification can be done further by using process intensification methodologies (Rong et al., 2004). It may also be possible to substitute some chemicals with

safer ones. Attenuation can be practised on temperature and pressure. Knock-on effects can be limited by layout. Using smaller vessels and reducing need for intermediate storages can change process inventories. This may however have a negative effect on controllability. Plant location is analysed. It may be possible to reduce or eliminate transportation risk by locating the plant, where hazardous raw materials or intermediates are produced, if the risk from transporting the raw materials or intermediates outweights the risk of transporting the final product. Locating plants at the same site will provide additional opportunities for risk reduction by inventory reduction. In inherent safety evaluation there are some new data is available for the ISI index; equipment types, process structure and a more exact inventory. The accuracy of estimation is however not much increased compared to conceptual phase in the MMA case study shown in Table 2. Other methods available are a pre Hazop, which can be done by the designer as a simplified form, and Dow F&I index, which can be applied to large extent even some information is missing. 3.4 Basic engineering A plant construction project starts with basic engineering. The main task is to make the PIdiagrams to AFD (accepted for design) phase and to complete all equipment process datasheets. This means all process data for equipment is defined. Automation designers make the basic definition of the automation system, which includes the number of instruments and controllers. Facility designers make only a layout in this phase. Some companies require also that a Hazop (hazard and operability study) is done already in this phase. Also a cost estimate and a project plan for the design and construction project is done. In basic engineering no pipeline or instrumentation design is made, neither equipment diagrams. In basic engineering phase the normal operating conditions and the limits for safe operation are defined. The key equipment is the chemical reactor. All their possible hazardous situations should be covered and possibilities of them minimized. Means to deal with these situations should be taken into account. The information defined in process design phase determines the values for mechanical design. For example, the materials of construction of equipment should be in accordance with process materials and also with all possible impurities and trace elements. Because over half of the hazardous incidents are associated with start-ups, shut-downs, maintenance work and abnormal operations, all the abnormal situations, including start-ups and shut-downs, should be considered. Assessments can be done in different ways. A commonly used method is a critical examination, especially the Hazop study. In process design it is important to get the fundamentals right from the start. As the design project proceeds, it becomes more and more expensive and difficult to change process fundamentals. Earlier decisions may limit the options in the later design stages, but inherently safer principles can still be applied. Basic design is the last step when changes can be made at moderate cost. Once the facility is constructed the cost of modification usually increases notably. The situation of implementing inherent safety principles is somewhat changed from the previous design steps (see Table 1). The inherent safety aspects are now related to process components such as process design aspects of equipment, piping and instrumentation. Inherent safety indices cannot any more be applied to measure safety level but more detailed methods such as Dow F&I index and Hazop studies can be applied. 3.5 Detailed engineering The detailed design includes mechanical design of the equipment, piping, structural, civil engineering and electric design and specification and a design of ancillary services. Also a detailed layout is done. The key objective of the detailed design phase is to make documents and drawings for construction, procurement and commissioning. However the plant cannot always be engineered as the process engineers have designed. Therefore checking of piping, equipment

and instrument design documentation has to be done by the process engineer. The differences between process and detailed engineering documents have to be analysed and the effect on safety studied. Small changes may change the process behaviour and ruin the inherently safer design principles adopted. As an analysis method a complete Hazop study can now be done, since all engineering documents are now available. However, making changes is expensive and can cause delays and further errors. So no changes are welcomed in this phase. 3.6 Construction and start-up The construction phase starts with preparation of foundations and buildings. When equipment is installed, work continues with the installation of pipes, steel structures, electric devices and instrumentation. From safety point of view the proper installations of equipment is necessary. This is checked by inspection. The start-up phase begins with the testing of the facility. The testing of the facility starts with water drives when all utility systems are operational and instruments and control system are tested. It should be also ensured that process sequences operate as they are planned. When the water drives have been fully completed, testing is carried out with processing materials. A key point in safety is the training given to operators. The training of workforce should be started early before the start-up of the plant. They should understand the operation principle of the process and automation system to be able to operate the plant in an inherently safer way. 3.7 Operations, maintenance and modifications In addition to the safe operation and maintenance principles, which include proper training and a work permit system, it is necessary that the inherently safer features, which are built into the installation, must be documented and maintained. Often in process modifications these are not understood or appreciated and changes are made, which change also the operation principle of the process. Therefore the inherently safer aspects may be lost. In fact when making changes, we should look for opportunities to make the system inherently safer and to reduce the risk level of the process. This can be done based on the experience gained, i.e. there is a learning process taking place during the plant operation. In operation there are possibilities to human operating errors. Therefore the design should be operating error tolerant. From this perspective, the chemistry of the process should be made inherently safer by selecting materials that can better tolerate error in handling and charging. Making systems easier to understand, operate, repair and assemble correctly can make the process more inherently safer and more human error tolerant. 3.8 Decommissioning Decommissioning means activities that take place after the normal production cycle and result from recognition that a process has reached the end of its useful life time. The design and implementation of inherently safer chemical processes includes also a consideration on the safety of dismantling of process equipment, reusing the site, and which impact chemicals left behind in the plant or left in the soil or groundwater have at the plant site or nearby. The process equipment and ancillary equipment must be removed or at least left in a safe condition. There is a temptation to delay the cleanup of decommissioned plants as long as possible. However, it is less expensive to do all the plant closure related activities immediately after the plant is closed. This is also inherently safer. A summary of tasks, information produced and safety tools available in various process lifecycle phases is given as Appendix 1.

4. Accuracy of inherent safety evaluations in process lifecycle phases of MMA processes The Inherent Safety Index (ISI) developed by Heikkil and Hurme (1996, 1999) was tested in three stages of process design lifecycle; in idea phase, R&D phase and predesign phase. The information requirements of the ISI index for evaluating inherent safety are presented in Figure 3. In the idea phase there is typically available information on reactivity, flammability, explosiveness and toxicity of chemicals. In R&D phase there is available in addition to the previously mentioned information also: heats of reaction, chemical interaction, corrosiveness, yield, temperature, pressure. In process predesign phase in addition to the previous ones also: inventory, type of equipment and process structure. Part of this information becomes gradually more exact as shown in Figure 3 by dotted lines. Idea phase Heat of reaction Heat of side reaction Chemical interaction Flammability Explosiveness Toxicity Corrosiveness Inventory Temperature Pressure Type of equipment Process structure Figure 3. Criteria used in the Inherent Safety Index and their availability in the test case The testing was done by calculating the ISI index values for methyl methacrylate (MMA) subprocesses and process routes in these three design steps by supposing the availability of information described above. The process and index calculation principles are discussed by Rahman et al. (2004a,b). The results were compared to expert evaluations presented by Lawrence (1996). The results are shown in Table 2. It can be seen that the information available in idea phase is not enough to rank process routes properly even the difference of subprocess evaluations is quite small compared to expert evaluations. One explanation is that the experts may have based their evaluations on component safety properties to a large extent, since they were given only reaction equations, temperatures, pressures and the properties of chemicals involved as the back ground information. R & D phase Predesign

Table 2. The difference between Inherent Safety Index -based and expert evaluations of MMA processes in different design phases Idea phase R&D phase Process predesign Sub-process values 13% 11% 10% Route values 7.0% 3.5% 3.4% Route ranking 67% 0% *) 0% *) *) in some cases close routes give similar rankings Conclusion The paper has discussed the implementation of inherently safer design principles and the evaluation of inherent safety in process lifecycle An inherently safer process development and design involves iterative application of chemical engineering and inherent safety principles at each decision point along the process life cycle. The key decision points from the inherent safety point of view are: (1) synthesis route selection; (2) conceptual design; (3) flowsheet development; (4) basic engineering and (5) later modifications. The major decisions on process principle are done in the process development and conceptual design phases. Therefore the first lifecycle phases give the best opportunities on implementing inherent safety principles. The most crucial thing in process design concerning safety is getting the fundamentals right as early as possible. As design project proceeds, it becomes more and more expensive and difficult to change process fundamentals. Therefore a dedicated methodology, such as inherent safety indices, to estimate inherent safety of conceptual alternatives is needed. It seems that inherent safety can be evaluated quite well in the R&D phase involving conceptual design of the process. A right inherent safety ranking of process alternatives was received in the MMA case study; even there was not enough accuracy to rank some closely similar alternatives. References
Edwards, D.W., Lawrence, D. (1993), Assessing The Inherent Safety of Chemical Process Routes: Is There a Relation Between Plant Costs and Inherent Safety?, Trans IChemE, 71 Part B 252-258. Heikkil, A.-M., Hurme, M., Jrvelinen, M. (1996), Safety Considerations in Process Synthesis, Computers chem. Engng, 20 S115-S120. Heikkil, A.-M. (1999), Inherent Safety in Process Plant Design, D.Tech. Thesis, VTT Publications 384, Technical Research Centre of Finland, Espoo; www.inf.vtt.fi/pdf/publications/1999/P384.pdf Kletz, T.A. (1991), Plant Design for Safety: A User-Friendly Approach, Hemisphere, New York. Lawrence, D. (1996), Quantifying Inherent Safety of Chemical Process Routes , Ph.D.Thesis, Loughborough University of Technology. Palaniappan, C., (2002) Expert System for Design of Inherently Safer Chemical Processes , M.Eng. Thesis, National University of Singapore. Palaniappan, C., Srinivasan, R., Tan, R. (2004), Selection of inherently safer process routes: a case study, Chemical Engineering and Processing 43 647-653. Rahman, M., Heikkil, A.-M., Hurme, M. (2004a, Application of Inherent Safety Index to Process Concept Evaluation, Loss Prevention and Safety Promotion in the Process Industries, Prague. Rahman, M., Heikkil, A.-M., Hurme, M. (2004b), Comparison of Inherent Safety Indices In Process Concept Evaluation, submitted to Journal of Loss Prevention in Process Industry Rong, B.-G., Kolehmainen, E., Turunen, I., Hurme, M., Phenomena-based methodology for process intensification, Proceedings of European Symposium on Computer Aided Process Engineering-14 , Elsevier, Amsterdam 2004.

Appendix 1. Tasks, information produced and safety tools available in process lifecycle phases
LC phase Idea phase Process R&D Tasks
First check of feasibility on economics, and SHE Reaction chemistry Examination of raw materials and reaction chemistry Process concept creation Examination competing processes, patent and license situation Market analysis Examination of legal aspects Laboratory & reaction calorimeter tests Bench and pilot scale tests Prefeasibility study (profitability , SHE) Process concept selection from alternatives Selection of unit operations Flowsheet simulation Preliminary sizing of equipment Analysis of logistics and material flows Rough ISBL layout Estimations of emissions Feasibility study (profitability, SHE) Process design of equipment Process design of pipes Basic automation and instrumentation engineering Layout design Project planning Piping design Instrumentation and automation design Mechanical design of the equipment Structural and civil engineering Electric design Design of OSBL services.

Information produced
- first evaluation of feasibility - basic data on chemicals - chemicals and their characteristics - chemical reactions and interactions - thermodynamics - physical properties - process concept - first version of flowsheet - prefeasibility study

Suitable safety analysis tools

Evaluation based on the basic properties of chemicals Laboratory screening and testing -for chemicals (toxicity, instability, explosives) -for reactions (explosiveness) -for impurities Pilot plant tests Inherent safety indices partly in simplified form.

Process predesign

- flowsheet - material balance - energy balance - process concept - operating conditions - layout sketch - feasibility study

Inherent safety indices. Dow F&E Index, Mond Index, Hazop in simplified form.

Basic engineering

Detailed engineering

- PI-diagram (AFD) - process data on equipment, piping and instruments - preliminary layout - project plan - detailed cost estimate - detailed engineering data for equipment, piping, controls, instruments, constructions - layout - operating, start-up and shut-down manuals - vendor data on equipment - as built data

Hazop, Dow Indices, Mond Index, Hazan, Fault tree, RISKAT

Hazop, Dow Indices, Mond Index, Fault tree

Procurement Fabrication Construction Start-up Operation

Vendor and fabrication documents Inspection reports Field change documents Start-up and test-run documents - Operation reports

What-If, Checklist

- data on process performance - first operation experience - operation data - operation experiences

What-If, Checklist Hazop, Dow Indices, Mond Index, Fault tree, Operation fault analysis