You are on page 1of 72

‘Seven Habits of Highly Effective People’

by Stephen Covey
#1 – Be Proactive
#2 – Begin with the End in Mind
#3 – Put First Things First
#4 – Think Win-Win
#5 – Seek First to Understand, Then to
be Understood
#6 – Synergize
#7 – Sharpen the Saw

#2 – Begin With the End in Mind
- Why are Purdue Chem Engs required to take a class in process safety?
- Do other Chem Eng Depts require this?
- Where are we headed with this topic?
- We can fill in the details of what we will cover in the course once we
know where we are going, desired end point … and, why?
Habit #2 on Personal Level:
- What matters most to you? What do you value?
- Vision of one’s life as a whole, your script, own uniqueness
- What do you want said about you at your funeral, by your family, co-workers…
- Is your ladder of ‘success’ leaning against the right wall?
- All things are created twice: (1) mentally and (2) physically
- Required of Leaders to be effective vs. Managers who focus on efficiency
- Is your script written by you or by others …?
- Development of personal mission statement 2
Film – ‘Spiral to Disaster’; Piper Alpha
Platform, North Sea
- When & where did this happen?
- How many lives were lost?
- How long did it take to destroy the platform?
- What was the role of a ‘permit to work’ in the disaster … and how many work
permits were there for the key valve?
- If only 2 were killed by initial oil fire, what led to the subsequent explosions,
fire and +100 fatalities?
- What were some of the design shortcomings that exasperated the incident /
- What types of hazard or risk analyses might have reduced the magnitude of
the incident?
- How would you rate the decision making ability of the Offshore Installation
Manager (OIM) on the Claymore platform?
- To what extent did Emergency Response training help the survivors?
- Did the incident have any significant impacts on industry as a whole?

Chapter # 1 –
Introduction to Process Safety

CHE 420 / 597 – Fall 2018

Dr. Ray A. Mentzer

Purdue University

Questions to be Addressed
• How is Process Safety different from Personnel Safety?
• How is process safety relevant to different types of operations
/ businesses?
• What is Safety Culture and why is leadership important?
• How can one measure the safety of one’s operation and
monitor performance over time?
• Can I benchmark our safety performance with other
operators & other industries?
• What factors should one consider to reduce hazards and
improve safety?
• What is ISD – Inherently Safer Design?
• How does ethics factor into this? How do I stay out of jail?



BP Deepwater Horizon Incident, April 20, 2010
Explosion and subsequent fire in GOM on the Deepwater Horizon
semi-submersible Mobile Offshore Drilling Unit (MODU), with 11
fatalities, 16 injuries, ~ 4.9 million barrels of oil spilled & ~$62B.
5th victim passes away after Didion Corn Milling explosion
in Cambria, Wisc
The May 31, 2017 explosion sent 11 of 16 plant employees working at the time to
hospitals. The cause remains unknown and under investigation by OSHA & CSB. The
explosion destroyed much of the facility, with demolition and debris removal on-going.

The plant, which processes corn for ethanol and other uses, was cited in January 2011
for exposing its workers to dust explosion hazards and that plant filters lacked an
explosion protective system, according to OSHA records. The federal safety agency
ordered the mill to correct the problem by April 2011. The records show Didion paid a
$3,465 fine and the case was closed in
September 2013. OSHA hasn't cited the
plant for anything since.

Dust explosions can occur when high

concentrations of dust particles are
suspended in the air in a confined space
during grain handling. A spark from
something like a cigarette butt can ignite it.
Mexico hit by major chemical spill
State of Sonora suffers the worst mining disaster as about 40,000
cubic meters of sulfuric acid leaks into local rivers.; Aug 28, 2014

Mexican officials say a chemical spill in the northern state of

Sonora is the worst mining disaster in recent history.
About 40,000 cubic meters of sulfuric acid has leaked into local
rivers affecting thousands of residents.
The copper mine is facing huge fines and accusations that it tried
to hide the accident. 9
Tianjin, China – chemical storage facility
August 2015; fire & explosion; 173 fatalities & +800 injured

Texas fertilizer plant that exploded failed to report it was
storing volatile chemical used in the Oklahoma City
bombing at 1,350 times the safety levels; 2013
15 dead after horrific blast. Company failed to mention storing
up to 270 tons of ammonium nitrate in its risk management plan
with the EPA.

Japanese Tsunami
Nuclear Power Plant
Incident - 2012

Pipeline Incident – Sept 2010 … Notable incidents







Safety Culture
• Varies across industries and companies within an industry
• UK Health & Safety Executive defines as: ‘the product of individual &
group values, attitudes and perceptions, competencies, and patterns
of behavior that determine the commitment to, and the style and
proficiency of an organization’s health & safety management.’
• Some known characteristics:
– Top management is actively & visibly engaged in safety
– Open communication at all levels of the organization
– Consistency in placing safety before production
– Everyone’s responsibilities and accountabilities regarding safety
are clearly defined and understood
– Workers are not only concerned with their work behaviors but are
empowered to intervene in co-workers unsafe acts
– Safety is second nature; zero tolerance for disregard of safety
related management systems, procedures, etc
ExxonMobil’s Views
• ‘Safety of our workforce is a moral imperative,’ Lee Raymond former CEO,

• “…A commitment to safety therefore should not be a priority, but a value — a

value that shapes decision-making all the time, at every level. Every company
desires safe operations — but the challenge is to translate this desire into
action. The answer is not found only in written rules, standards and procedures.
While these are important and necessary, they alone are not enough. The
answer is ultimately found in a company's culture — the unwritten standards
and norms that shape mindsets, attitudes and behaviors. Companies must
develop a culture in which the value of safety is embedded in every level of the
workforce, reinforced at every turn and upheld above all other considerations.
…. In closing, there are three points that I hope the Commission will consider in
its deliberations: First, a culture of safety has to be born within the
organization. You cannot buy culture. You have to make it yourself. Second,
make no mistake: creating a strong, sustainable safety culture is a long process.
… Finally, leadership by example and without thoughtful, honest and objective
self-assessment, no system is sustainable.”

-Rex W. Tillerson’s, Chairman and CEO, Exxon Mobil

Corporation, testimony to the National Commission on the BP
Deep-water Oil Spill and Offshore Drilling, on November 9,222010.
Why is Safety Culture Important?

• Root Cause of 70% of the most significant operating

incidents are due to:
- insufficient appreciation of risks
- recognized / observed risks, but didn’t intervene
- lack of focus / attention toward safety

• Recognize that to be effective, safety isn’t ‘owned’

and administered by the safety group, but by local
‘line / operations’
- safety group provides support / expertise

CSB Investigative Report Vol 3; Drilling Rig
Explosion and Fire at Macondo … , April 2010

‘Best-in-Class’ Safety Culture Attributes
1. Leadership
2. Culture & values
3. Goals, policies & initiatives
4. Organization & structure
5. Employee engagement and behaviors
6. Resource allocation & performance management
7. Systems, standards & processes
8. Metrics & reporting
9. A continually learning organization
10. Verification and audit
‘Framework For Creating a Best-in-Class Safety Culture’, Mannan, M. S., Mentzer, R.A., and
Zhang, J., J. of Loss Prevention in the Process Industries; 26 (6), pp 1423-1432, 2013 25
Measurement of Safety
• How to measure safety? Important factors?
• Metrics are needed to assess the effectiveness of
safety programs
• Hazards – physical or chemical condition having
potential to cause damage to people, property or
• Risk – a function of likelihood & magnitude
• Understanding of risk, real & perceived, is needed
for assessment of alternative designs, modifications
Safety Pyramid
1-2 Fatalities

10-20 Serious Injuries

100 – 200 Minor Injuries

1,000-2,000 Near Misses

• Underlying causes of incidents at each level are similar

• More serious incidents can be reduced by focusing on lower
levels of pyramid, where one generally has more data for
analysis and corrective actions 27
Why count & analyze
near misses?

Just outside Flagstaff, AZ, on

U.S. Hwy 100

• Look at the picture above and you can see where this driver broke through the guardrail,
on the right side of the culvert, where the people are standing on the road, pointing.
• The pick-up was traveling about 75 mph from right to left when it crashed through the
• It flipped end-over-end, bounced off and across the culvert outlet, and landed right side
up on the left side of the culvert, facing the opposite direction from which the driver was
• The 22-year-old driver and his 18-year-old passenger were unhurt except for minor cuts
and bruises.
• Now look at the second picture below...

Construction had the highest count of fatal injures in 2016, but the agriculture,
forestry, fishing and hunting sector had the highest fatal work injury rate.
Source: Bureau of Labor Statistics, 2018
Safety Metrics – Fatality Rate

- Number of fatalities in a job or group

# fatalities / year
- Fatality Rate (FR):
# population
Independent of exposure time. E.G.,
death from smoking, auto accidents ...
FR group
- Relative Risk Index (RRI):
FR all jobs
- Compare rate / risk to average job 31
Safety Metrics – Fatal Accident Rate
# fatalities/10 hr
10 (# fatalities)
hours worked
- Dependent on exposure time, unlike FR
- The FAR period of time, 108 hours, is based on
1,000 employees working for a lifetime
- Worker lifetime is approximated as 50 years
- One work year is 2,000 hr

1,000(2,000 hr/yr)(50 yr) = 108 hours 33

FAR for Different Activities
(Source: F.P. Lees, Loss Prevention in the Process Industries)

Industry or Activity FAR (deaths/108 hours)

Chemical 0.5
Paper 1.5
Staying at Home 3.0
Food 3.3
Construction 3.9
Trucking 7.3
Rock climbing 4,000
For Perspective: FAR for Typical Chemical Worker

• For 1000 workers during lifetime (50 years) in

chemical industry‡
• 2 work deaths (1 physical and 1 chemical)
• 20 non-work accidental deaths
• 370 non-work disease deaths
• Many common activities more dangerous than
chemical plant work (Crowl, Table 1-4, p 9)
• ‡ T.A. Kletz, Chem. Eng. (Apr. 1, 1985)

US OSHA Recordkeeping System
• Purpose:
• To require employers to record and report work-related injuries,
illnesses & fatalities.
– OSHA system
• Routine first-aid treatments are not counted, EG – BandAids, cleaning
wound, non-prescription medication, etc
• Based on cases requiring medical treatment, plus fatalities
• Scope of medical treatment specifically defined resulting in OSHA
‘recordable’ incidents
• ‘Lost-time’ incidents are those where injured person couldn’t return to
normal duties the following day
• Injuries are counted that result in loss of consciousness, days away from
work, restriction of work & temporary transfer to another job

*OSHA - Occupational Safety & Health Administration 36

OSHA Incident Rate (IR)

• Most common safety metric for US industry

• Based on work-related injuries, illnesses, and
fatalities or lost workdays for 100 workers
• 50 weeks/yr x 40 hr/wk = 2,000 hr/yr
• 100 workers x 2,000 hr/yr = 200,000 hr

OSHA Incident Rate (cont’d)

Deaths, injuries, and illnesses:

# incidents 5
OSHA IR  2 10
hours worked
Commonly given in terms of Total Recordable
medical treatment incidents and Lost Time
incidents, TRIR & LTIR:
# recordable cases
TRIR  2  10 5
hours worked
Dependent on exposure time, like FAR 38
ExxonMobil’s Safety Performance
- 2016 Corporate Citizenship Report -

Running With The Bulls
• Estimate OSHA injury rate
• Run lasts only a few minutes from start to stadium
for bull fight, but let’s assume each of the ~2,000
contestants is there for an hour
• Reportedly 50 – 100 are injured each year, with 50
being hospitalized in 2013, but let’s assume the
widely reported 2017 # of ten (mostly <dumb> Americans)
• 10 runners injured x 2 x 10**5 / (2,000 runners x 1 hr / runner)
= 10,000
• Within industry a good OSHA recordable rate < 1 40
Monitoring TRIR & LTIR Trends

OSHA Metric Calculations
• You work for a firm with 200 employees. Through
the first half of the year they had 2 first aid
incidents and one incident requiring medical
treatment. What is their OSHA TRIR? Should they
be satisfied?

Process Incident Definition
A process incident is the sudden unintended
release of or exposure to a hazardous substance,
which results in or might reasonably have resulted
in, deaths, injuries, significant property or
environmental damage, evacuation or sheltering in


T-2 Laboratories, FL – ’09; 4 fatalities

Companies Define Their Own
Meaningful Performance Measures
• Indicators become valuable when measured over a period
of time or as a trend, and at multiple operations / sites
• Trend analysis looks at an indicator over a period of time
to determine if there is a general sustained increase,
decrease, or no discernible pattern

Trailing or Lagging Indicators
• Measurement of incidents; with intent to analyze
and take steps to reduce risks and hazards
• Most safety indicators historically tend to be
• Limited usefulness since they apply after the
• Also, one obtains fewer data for use in improving safety
performance as safety improves
• Examples of lagging indicators:
• Number of safety related on the job incidents
• Trend in process safety incidents – loss of containment,
fires, $$ damage, vapor releases, etc
Leading Indicators
• A measure of activities to reduce risk prior to occurrence of
an incident
• Unfortunately, not as widely used as lagging indicators
• Examples of leading indicators:
- Number of near misses reported
- Trend in implementation of prevention programs,
employee safety training, etc
- Followup on items identified from risk
assessments (%)
- Deferred maintenance, % of items
- Faults detected by inspections and testing 46
Process vs. Personnel Safety Metrics
• Personnel Safety
– # injuries, illnesses & fatalities
– Processes well developed for lagging indicators; evolved over last ~20 yrs for
leading indicators

• Process Safety
– Businesses have historically measured volume of oil spilled, chemical releases, fires,
hazard loss $$, etc
– Industry standardization with API RP 754 ‘Process Safety Performance Indicators’
• Tiers 1 & 2 primarily provide lagging indicators; measure loss of primary
containment resulting in serious injuries, significant fire / explosion, community
evacuation, etc
• Tiers 3 & 4 leading indicators; % completion of process safety audit followup,
training, work permit compliance, etc

Process Safety Performance Indicators for the Refining and
Petrochemical Industries
• Tiers of the pyramid represent a
continuum of leading and lagging
process safety indicators

• Loss of primary containment (LOPC)

event results in a Tier 1 or 2

• Important to adopt appropriate

indicators to measure challenges to the
barrier system in Tier 3 (e.g.,
T, P, alarms per control systems)

• Precursor events and barrier system

weaknesses in Tier 4 (e.g., safety
training, hazard evaluation)
ANSI/API Recommended Practice 754, “Process Safety Performance Indicators for the
Refining and Petrochemical Industries,” Second Edition, 2016.
Process Safety Incidents - Chevron

Consequence of Using Wrong Indicator
- Process vs. Personnel Safety

Voluntary or Involuntary Risk

• Concept of risk not well understood by public

– Press tends to focus on consequence regardless of
• Individual choices / decisions based on perceived
• Some accept the risk of smoking
• Voluntarily drive a motorcycle (FAR ~ 660)
• Protest a plant with much smaller risk (FAR ~ 1)

Safety in the Chemical Industry
• Risk is generally less than perceived by public, and
often out of context with readily accepted everyday
voluntary risks
• Chemical industry is held to a higher than average
safety standard
• Continuous
improvement toward
an accident free
workplace is
necessary for
credibility and public
American Chemical Council – Responsible Care
Losses in Industry
• Transportation leading cause of workplace fatalities;
primarily motor-vehicle (Crowl, Figure 1-4, p.13)
• Most common chemical plant incidents: fires,
explosions and toxic releases
• Largest causes of chemical plant losses (Crowl,
Figure 1-7, p.16):
– mechanical failure – 53% (often maintenance related)
– operator error a distance 2nd @18%; on-site leading
directly to incident vs. mechanical error due to
improper maintenance
Historic Loss Trends for Refining and Upstream Oil & Gas
Consistent with trend of larger & more complex plants and processes

MARSH, ‘The 100 Largest Losses 1974-2015’, Large Property Damage

Losses in the Hydrocarbon-Chemical Industries – 24th edition 54
CSB* Incident Investigations ‘98 – `15
- 88 investigations / 171 fatalities -

Other – hazardous waste & wastewater treatment,

medical / pharmaceutical,
laboratories, gas pipeline, rail car loading,…

*US Chemical Safety Board

Incident Prevention
• Safe operations depend on many aspects: design,
management involvement, operator training, control
systems, detectors, alarms, shutdown systems, emergency
response procedures - see Table 5-10, p. 234
• For safer and more economical processes, it is much better
to eliminate rather than to control hazards
• Preference for mitigating hazards in priority order:
– Passive: reduce frequency or consequence with design
– Active: such as safety systems, control systems (high level, T, P, …),
automatic shutdown systems, interlocks, etc
– Procedural: operating procedures, work permits, emergency plan
• Use of ‘inherently safer design’ (ISD) to eliminate or reduce
hazards; next pages 56
Inherent Safer Design (ISD)
• Inherent safety involves prevention or reduction of hazards - see Crowl, p 22
• ISD: minimize, substitute, moderate or simplify
• Minimize - use small quantities of hazardous substances or energy
– Use technologies that result in a reduction of process equipment size, microreactors,
compact heat exchangers, smaller continuous reactor instead of large batch reactor, etc
– Minimize pipeline size and length
• Substitute - hazardous materials or process with a less hazardous alternative
– Reaction chemistry, solvent used, materials of construction, heat transfer media, etc
– Examples, use:
• solvents that are less toxic or flammable
• mechanical pump seals vs. packing
• welded pipe vs. flanged pipe
• chemicals with higher flash points, boiling points
• water as a heat transfer fluid instead of hot oil
– Must be considered in early stages of development 57
ISD – (2)
• Moderate - operate, store and transport materials under less hazardous
conditions or forms
– Limit the effects of a potential incident
• Inherently safer ways of limiting the consequences of failures of
equipment, control systems, or people
• Reduce the impact of a release of material and/or energy on
surrounding people and equipment
• Reduce the potential for one incident to initiate another incident
(domino effect)
– Examples,
• Reduce process temperature and pressure
• Use vacuum to reduce boiling point temperature
• Operating at conditions where reactor runaway is not possible
• Place control rooms away from operations
ISD – (3)
• Simplify
– Simplify process design to minimize components vulnerable to
failure or leak
– Complex equipment, process, procedure and instructions add
to costs and provide opportunities for error
– Examples:
• Keep piping systems neat and visually easy to follow
• Design control panels that are easy to comprehend
• Design plants for easy and safe maintenance
• Pick equipment that require less maintenance & with low
failure rates

ISD In Practice
• Seek to minimize risk: ISD during the process lifecycle
- recognition of the hazards posed by
the process
- continual effort to analyze the risks and
to reduce or control them to the lowest
levels practical
- considering the balance of other
objectives of the business in doing so
• Involves such practical applications
- substituting more benign chemicals at
the development stage,
- minimizing risk in the transportation of
- using safer processing methods at the
manufacturing stage, and
- inherent safety during commissioning a
manufacturing plant 60
ETHICS - ‘Cobalt (car) owners died because
GM refused to replace a small, defective
part in its executives …’

Ethics – your most important attribute

Code of Engineering Ethics (Crowl, Table 1-1, p. 5)

• ‘Ethics’ – perhaps the most critical aspect of your future

employment; don’t lose sight of it
AIChE Code of Professional Ethics
• Principle # 1: Use knowledge and skill for the enhancement of human
• Principle #2: Be honest and impartial and serve with fidelity the
public, employers and clients.
• Canon # 1: Engineers shall hold paramount the safety, health, and
welfare of the public
• Canon #7: Continue professional development throughout career.

Terminology Overview
- Commonly Used Terms
• Gas treating – remove sulfur compounds & CO2 from gas stream
• Gas processing – to recover NGLs from gas stream
• Condensate – generally liquid condensed from produced gas, but can also
refer to water condensed from vapor
• NGL- natural gas liquids … ethane, propane, butanes, +C5
• LPG – liquefied petroleum gas … primarily propane & butane
• LNG – liquefied natural gas … primarily methane chilled to -260 F

• Upstream / Downstream / Midstream

How are Fuels Produced?


Exploration Development Production

Identify, pursue, Develop safe, cost- Oil and gas
capture, and evaluate effective facilities for fields
high-quality oil & gas fields in production
exploration identified by
opportunities Exploration

- ExxonMobil
How are Fuels Produced? - (2)


Refining & Supply Fuels Marketing Lubricants &

Efficient network to Products sold to Specialties
provide clean fuels, customers around
lubricants, and other the world
high-value products
Homework – 1a (due 8/31/18)
• When most people refer to ‘safety’ they often mean ‘personnel safety.’ What is the difference between personnel and
process safety? What were personnel at the BP TX City Refinery and Deepwater Macondo drilling rig celebrating
shortly before disaster struck? How is this possible?
• Explain the safety pyramid. What principle underlies the root causes of the incidents at each layer of the pyramid, and
thus plans for preventing more serious incidents?
• 1-4, 1-11, 1-25
• You work in a facility with 1,500 full-time employees. The total recordable incident rate (TRIR) for four months of the
year is 1.4.
– how many recordable incidents occurred?
– with a TRIR goal of 1.0 for the year, how many additional incidents can occur and still achieve the goal?
– your Notre Dame counterpart notes that with the planned upcoming turnaround at the facility and significant
increase in man-hours you should have no problem reaching the TRIR goal. Is their logic sound?
• The company you work for has recently acquired a refinery in a 3rd world country. There have been no reported
recordable employee or contractor injuries over the past three years. Unfortunately, during the last six months of
operations there have been several process safety incidents resulting in an explosion, two fires and several million
dollars in damage. You’ve been assigned to a team to suggest improvements to prevent future incidents. What
questions might you have regarding personnel vs. process safety at the site? Where might you begin based on typical
causes of historic incidents, hardware associated with significant losses, and inherent safety considerations?
• Locate the AICHE code of ethics in text book, choose one of the canons and elaborate on how you might be challenged
by an employer to downplay this aspect and how you will fulfill the expectation.

597 students also: 1-32 and - Later this semester we will discuss the Bhopal incident resulting from the release of large
quantities of a very toxic substance resulting in +2,000 fatalities, where they could have designed the process without it.
What two ISD principles should have been employed to prevent or mitigate the consequences of the incident?