3/2/2020 Process Safe Limits – suttonbooks

Process Safe Limits

Defining safe limits quantitatively
June 21, 2011

Authors
Sutton Ian

Abstract
Many Process Safety Management (PSM) activities require that quantified safe limits be known. This knol provides a
description of safe limits, and shows how they can be determined.

Introduction
Many aspects of Process Safety Management require knowledge of safe limit values for process variables. For
example, a HAZOP team needs to know the quantified meaning for terms such as ‘High Temperature’, an
inspector needs to know the corrosion allowance for vessels and pipes, an operator needs to know the maximum
and minimum levels in tanks, and a Management of Change review team needs quantified information about the
parameters that are being changed. If the value of a variable moves outside its safe range then, by definition, a hazardous situation
has been created.

Figure 1 shows a simple process sketch; it is taken from the a standard example.

Figure 1
Standard Example

Table 1 provides some examples of safe limit values for the equipment items in Figure 1. Table 1 also provides some
discussion to do with each of the values, showing where they came from, and what the impact of exceeding that variable
would be.

Table 1
Examples of Safe Limits

Item Parameter Units Safe Upper Limit Safe Lower Limit

T-100 Level % 95 10

The high limit is based on operating experience; it has been found that upsets rarely cause
the level to deviate more than 2 or 3%. Therefore, keeping the level at 95% or less should
minimize the chance of tank overflow.

Minimum flow protection for the pumps is not provided so a minimum level in the tank must
be maintained to prevent pump cavitation leading seal leaks.

P-101 Flow kg/h N/A 500

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 1/6
3/2/2020 Process Safe Limits – suttonbooks

The upper limit for flow is set by the capacity of the pumps. Even when they are pumping at
maximum rates, no hazardous condition is created. Therefore no meaningful value for a
safe upper limit of flow exists.

Below the prescribed minimum flow rate, the pumps may cavitate.

V-101 Pressure bar(g) 12 (at 250C) 0

The upper pressure limit is set by code.

V-101 is not vacuum-rated, and there is uncertainty about lower pressure limit, so 0 barg
(1 bar abs) has arbitrarily been set as the lower limit.

V-101 Temperature °C 250 -10

The upper temperature limit is defined by code.

Stress cracking may occur below the lower safe limit value.

Figure 2 provides another illustration of the safe limit concept (the values shown in Figure 2 could be for any process parameter such
as pressure, temperature, level or flow).

Figure 2
Example of Safe Limit Range

Figure 2 shows three ranges for the process parameter in question. The first is the normal operating range; it lies between 235 and
245 (in the appropriate units of measurement). Normal operations are carried out within this envelope. If the value is allowed to go
outside the range it is likely that production or quality problems will crop up. If an operating value goes outside the operating range,
but stays within safe limits, then the facility is in ‘trouble’. There is no perceived safety or environmental problem during this phase of
the operation, but the facility may be losing money. Examples of ‘trouble’ in this context include:

Excessive steam consumption;

Product quality problems;
Unusually high use of spare parts; and
Production flow limitation problems.

The second range lies between the safe upper limit and the safe lower limit (210 – 275 in Figure 2). These parameters are
sometimes referred to as “Not to Exceed” limits. If the value of the parameter goes outside this range then the process is, by
definition, unsafe, and action must be taken. The option of doing nothing is not an option. It is likely that, once these safe limits are
breached, safety devices — particularly instrumentation systems — will be activated. Operations personnel should understand the

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 2/6
3/2/2020 Process Safe Limits – suttonbooks

consequence of exceeding the limits; they should also be provided with procedures and training as to what actions to take to bring
the variable back into the safe range. If the operations team wishes to operate outside the safe range, say to increase production
rates, they can only do so after implementing the Management of Change process.

The third range shown in Figure 2 defines emergency conditions. If a variable value goes outside the emergency limit range, urgent
action is required. It is probable that an excursion outside the safe limits will lead to activation of emergency instrumentation and
mechanical safety devices (such as pressure relief valves).

Some safe limits may have no meaningful value. For example, if a pressure vessel is designed for full vacuum operation then that
vessel has no safe lower limit for pressure. Similarly, in Table 1 no value for a safe upper limit for high flow is provided because the
system is safe even when the pumps are running flat-out with all control valves wide open.

Maximum Allowable Working Pressure (MAWP)

One particularly important safe limit value to understand is that of Maximum Allowable Working Pressure (MAWP) for pressure
vessels. Since the concept of MAWP is so important, and since it is not always well understood, the following guidance, based on
ASME [1] terminology using V-101 as an example is provided.

As the process is being developed, the process engineers require that V-101 be designed for a maximum pressure of 95.0 psig.
This is the Design Pressure or pressure rating of the vessel (it is measured at the top of the vessel).
The process engineer’s target values are transmitted to the vessel engineer. He or she designs the vessel using standard sizes
for wall thickness and flange size, thus generating the Maximum Allowable Working Pressure (MAWP), which is the maximum
pressure at which the vessel can be operated. Generally MAWP is higher than the design pressure because wall thicknesses
are in discrete sizes, and the designer will always choose the standard value greater than that called for. In the example, since it
is unlikely that he can design for exactly 95.0 psig, the designer selects the next highest level, which turns out to give a
maximum allowable pressure (MAWP) of 120.0 psig. Once the vessel is in operation, the vessel can be operated at up to 120
psig without exceeding its safe limits. MAWP is the pressure that will be used for setting relief and interlock values.
The Test Pressure for the vessel is 1.5 times design pressure. Anytime the vessel is opened (say for inspection), it will be tested
to that pressure before the process is restarted.
If the pressure goes above test pressure, the vessel walls are close to their yield point. Up to twice the MAWP value the vessel
or associated piping may be slightly distorted, but any leaks are most likely to occur at gaskets. At 2 to 4 times MAWP, there will
probably be distortion of the vessel, and it can be assumed that gaskets will blow out.
The vessel’s burst pressure will typically be in the range of 3.5 to 4 times MAWP. Therefore, for this example, therefore, the burst
pressure would be between 400 and 500 psig. (It is difficult to predict this value accurately because so few vessels actually fail,
so there is not much field data.)

Because temperature affects the strength of a vessel (higher temperatures make the metal yield more easily), the MAWP has an
associated temperature. The effect of high temperature on equipment strength can be very deleterious. For example, the MAWP for a
certain vessel may be 150 psig at a temperature of 600°F. At 1000°F, the same piece of equipment will fail at just 20 psig. On the
other hand, at 100°F, it may be able to handle nearly 300 psig. Hence, when temperatures are changing, the nominal pressure rating
can be very misleading. (In this context, metal temperature refers to the average metal temperature through its entire depth.)

Although the MAWP should never be exceeded during normal operation, it may be acceptable for the operating pressure to go above
the MAWP for brief periods of time, say during an emergency situation. However, following such an excursion, the vessel should be
checked by qualified vessel expert before being put back into service.

If equipment and piping are designed by rigorous analytical methods, such as finite element analysis, it is possible to operate with a
lower safety margin than is required by the use of MAWP.

Unsafe Mixing Scenarios

Serious accidents can result from the mixing of incompatible chemicals. Therefore, the safe limit values should include information on
the mixing of the chemicals found in the process under consideration, and information as to what concentrations are allowable.
Mixing tables such as that shown in Table 5 are commonly used to address this requirement.

Table 2 lists five chemicals: A —E. It shows which chemicals can and cannot be mixed with one another safely.

Table 2
Mixing Scenarios

A B C D E

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 3/6
3/2/2020 Process Safe Limits – suttonbooks

A —

B ‡ —

C √ √ —

D X X ‡ —

E N/A √ √ √ —

The symbols in Table 2 have the following meanings:

√ No known problems with the mixing of these two chemicals in any range
‡ Problems in certain mixing ranges
X Mixing creates unsafe conditions in any range of concentration
N/A Information not available

Mixing Tables usually consider only binary mixtures. The consequences associated with simultaneously mixing three or more
materials are not usually known.

For those mixing scenarios where only certain ranges are hazardous, a safe mixing envelope such as that shown in Figure 3 can be
used. The shaded area represents the predicted unsafe mixing range of the chemicals X and Y at a given temperature. (In practice, it
is often very difficult to obtain sufficient data to construct an envelope such as that shown in Figure 3.)

Figure 3
UnSafe Mixing Range for a Given Temperature

Not much publicly available information to do with safe mixing values is available. However, some information is available from the
United States Coastguard Chemical Hazards Response Information System (CHRIS).

Materials of Construction Table

Many accidents result from the use of incorrect materials of construction, particularly when corrosive chemicals are being used. A
Materials of Construction table such as that shown in Table 3 shows how various materials of construction can be used for containing
chemicals A — E.

Table 3
Materials of Construction Matrix
Carbon Steel Stainless Stainless Gasket Gasket
Steel 304 Steel 316 Material A Material B

A √ √ √ √ √

B ‡ √ √ X X

C ‡ N/A N/A N/A N/A

D X X ‡ √ √

E N/A √ √ √ N/A

The symbols in Table 3 have the following meanings:

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 4/6
3/2/2020 Process Safe Limits – suttonbooks

√ No known problems with the mixing of these two chemicals in any range

‡ Potential problems – further information may be needed

X Not allowed
N/A Information not available

Defining and Changing the Limits

The existence of properly defined upper and lower limits for all key variables is fundamental to successful Management of Change. In
practice, however, these values are often not known, and can be difficult to ascertain. It can be even more difficult to predict what will
happen if the limits are exceeded.

Although the engineers who designed the plant should provide values for the safe operating range, in many cases they fail to do so.
They themselves usually do not know what the safe limits are, the best they can do is to provide a single, point value, not a range.
Furthermore, if the facility is more than a few years old, it is likely that the current operations differ significantly from the original
design. Hence, the original values may no longer be germane.

When design values are not provided, those running the facility need to have methods for determining the safe limit values and for
determining what needs to be done if those values are exceeded. Typically, they will use one of the five following techniques:

Industry Information
Operating experience
Extrapolation
Mathematical modeling
‘Nudging’

Industry Information

Information on Safe Limits can be provided by industry specialists – particularly equipment vendors and licensors of technology. This
information can be very valuable and authoritative because the company that makes a particular machine or that owns a process
technology will probably have an excellent idea as to what its safe limits are likely to be.

It is true that any information from sources such as these is likely to have a commercial bias. Nevertheless, when it comes to safety,
everyone wishes to do things right, regardless of commercial interests. Therefore the information provided by vendors and licensors
is likely to be as complete and accurate as they can make it.

Operating Experience
Operating experience is probably the most widely used method for determining safe operating limits in plants that have been running
for a few years. After a plant has been in operation for a few years, there have usually been enough upsets and operating excursions
to provide useful information as to what the Safe Limits might be and what happens if they are exceeded. This source of safe limit
information is one of the justifications for having a good Incident Investigation program, because such a program can be used to
collect information about all types of upset, even those that were just ‘near misses’.

When a number of facilities use similar process technology it is very helpful to set up a method whereby they can share this type of
information with one another. Sometimes the sharing of technology is restricted for competitive reasons. However, when it comes to
safety, most companies are willing to help one another. Indeed, in some areas of technology, such as ammonia manufacture, there
are regular conferences at which safety-related information is shared. Similarly, companies working with hydrogen cyanide and
chlorine share knowledge so as to improve everyone’s safety.

Extrapolation

Extrapolation from current conditions is another means of determining a safe limit value. For example, Figure 4 shows the reaction
rate for a particular chemical reaction as a function of temperature. Also shown is the maximum safe reaction rate. Above this point
the reactor could be over-pressured.

Points A and B represent the range of current, normal operation. By drawing a line through them, it is possible to predict the reaction
rate at Temperature C and to determine if the operation at that point is safe.

Figure 4
Interpolation and Extrapolation

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 5/6
3/2/2020 Process Safe Limits – suttonbooks

The problem with extrapolation is that the forecast may fail to predict the introduction of some new function that creates a non-linear
change in the dependent parameter. In Figure 4 it can be seen that the chemical reaction rate starts to rise quite rapidly between
temperatures B and C. Clearly some change in the reaction chemistry has taken place in this temperature range.

A straight line extrapolation of the reaction rate from point A to point B shows that, at temperature C, the reaction rate is still in the
safe range. However, because the reaction rate increases exponentially, the reaction ‘takes off’, and goes well above the safe limit at
point C.

Mathematical Models
Sometimes, it is possible to use mathematical models to predict the acceptable operating range. However, such models are usually
based on observed operating data that is obtained either from the plant or from laboratory experiments. Hence, the models have the
same problem as empirical extrapolation: they can only be used with confidence for interpolation, not extrapolation.

‘Nudging’
One of the ironies of having a successful process safety management program is that it is difficult to determine safe operating ranges
because the plant will have less experience of extreme operating conditions. A plant that is badly operated, however, will suffer many
upsets and excursions, thus providing a knowledge base as to what happens when conditions are abnormal.

For those plants that are well run and so do not have this experience, it may be possible to ‘nudge’ a value into a new operating
range. The basic idea is to change the value very gradually in small steps. At the end of each small change, the overall operation is
examined carefully to make sure that no unsafe conditions exist.

For example, if the operations management wants to increase the temperature in a reactor from say 210°C to 220°C but has no
experience of the operation over 210°C, they might increase the temperature 1°C per day for a period of ten days. During this period
a special watch will be kept on all variables that could indicate that the plant operations are unsafe. Also, additional readings and lab
samples will probably be taken so that as much information as possible is available. Once the final temperature of 220°C is reached,
continued special scrutiny will be maintained until everyone is satisfied that the new condition is safe and operable.

https://suttonbooks.wordpress.com/article/process-safe-limits-2vu500dgllb4m-4/# 6/6