Ilovepdf Merged

Lecture 2
Safety Practices in Chemical and

Nuclear Industries
Chemical Laboratory Safety
&
Personal Protective Equipments
Dr. Raghuram Chetty

Department of Chemical Engineering
Indian Institute of Technology Madras
Chennai- 600 036.
Planning for accidents
Murphy’s Law: “If there are two or more ways to do

something, and one of those ways can result in a
catastrophe, then someone will do it.”
Introduction
 Significant technological advances have been made in

chemical plant safety.
 Today, safety is equal in importance to production and has
developed in to a scientific discipline that includes many
highly technical and complex theories and practices.
 Recent advances emphasize the use of appropriate
technological tools to provide information for making
safety decisions with respect to plant design and
operation.
Introduction
 The word “safety” used to mean the older strategy of

accident prevention through the use of hard hats,
safety shoes, and a variety of rules and regulations.
The main emphasis was on worker safety.
 More recently “safety” has been replaced by loss

prevention. This term includes hazard identification,
technical evaluation, and the design of new
engineering features to prevent loss.
Safety Programs
A successful safety program requires several elements:

 System
 Attitude
 Fundamental
 Experience
 Time
 You
Most effective means of implementing a safety program is to make
it everyone responsibility in a chemical plant.
We'll explore safety issues from lab safety to personal protective
equipment to chemical plants.
Safety
Image courtesy: Google Images

Risk and Hazard
 A hazard is any source of

potential damage, harm or
adverse health effects on
something or someone under
certain conditions at work.
Hazard can cause harm or
adverse effects (to individuals
as health effects or to
organizations as property or
Risk = Hazard x Exposure
equipment losses).

Risk and Hazard
 Risk is the chance or

probability that a person
will be harmed or
experience an adverse
health effect if exposed to
a hazard. It may also apply
to situations with property
or equipment loss.
Danger & Accident
 Danger: Relative exposure to

hazard
 Accident: An undesirable or
unfortunate happening that
occurs unintentionally and
usually results in harm, injury,
damage, or loss, casualty,
mishap. Risk = Hazard x Exposure
Hazard
Workplace hazards can come from a wide range of sources.
General examples include any substance, material, process,
practice, etc. that has the ability to cause harm or adverse
health effect to a person under certain conditions is given
below.
Examples of Hazards and Their Effects
Workplace Hazard Example of Hazard Example of Harm Caused

Thing Knife Cut
Substance Benzene Leukemia
Material Asbestos Mesothelioma
Source of Energy Electricity Shock, electrocution
Process Welding Metal fume fever
Hazard
Workplace hazards also include practices or conditions that

release uncontrolled energy like:
 an object that could fall from a height (potential or
gravitational energy)
 a run-away chemical reaction (chemical energy)
 the release of compressed gas or steam (pressure;
high temperature)
 entanglement of hair or clothing in rotating equipment
(kinetic energy)
 contact with electrodes of a battery or capacitor
(electrical energy).
Risk
 Risk is the chance or probability that a person will be

harmed or experience an adverse health effect if
exposed to a hazard. Factors that influence the degree
of risk include:
 how much a person is exposed to a hazardous thing
or condition,
 how the person is exposed (e.g., breathing in a
vapour, skin contact), and
 how severe are the effects under the conditions of
exposure.
Risk
 For example:
 The risk of developing cancer from smoking cigarettes
could be expressed as "cigarette smokers are 10 times
more likely to die of lung cancer than non-smokers or
‘X’ number of smokers are likely develop lung cancer.
 Whereas, hazard refers to lung cancer, heart disease,

etc. from cigarette smoking.
How do I know if it is hazardous?
 Many commonly used chemicals are hazardous
(potentially dangerous).
 Hazard information is usually provided on the label in

the form of a symbol, a letter or a standard wording.
 Hazards are related to the properties (or activity) of the

compound.
 Further information is found in the suppliers catalogue

(Risk/Safety factors), chemical safety indexes, MSDS.
Chemical Hazard Symbols
Oxidising Agent
Corrosive
Explosive
Harmful
Toxic
Dangerous for the
environment
Flammable
Radioactive
Biohazard
Flammable
Examples of safe work

Hazard Class Class description Hazards practices
Flammable and Keep away from heat,

Combustible material sparks, and open flames.
Solids, liquids, and May readily burn or
gases capable explode if placed Post no smoking signs in
of catching fire or near heat, sparks, work or storage areas.
exploding in the or open flames.
presence of an ignition Keep the minimum quantity
source. in the work area.
Store away from oxidizers.

Examples:
white phosphorus, Label containers
acetone, propane FLAMMABLE.
Make sure fire

extinguishers are available
and working.
Oxidising agent
Hazard Class Class Hazards Examples of safe work

description practices
Oxidizing May cause fire if in contact Use only the minimum

material with flammable and amount necessary.
Materials that combustible materials,
provide oxygen even without a source of Keep only the minimum
or similar ignition or oxygen. amounts needed in the
substance work area.
May increase the speed
and intensity of a fire. Keep the work area
clear of unneeded
May cause materials materials that could
normally considered non- react with the oxidizers.
Examples: combustible to burn
organic rapidly. Store away from
peroxides, flammable materials,
nitrates, May react with other organic materials, and
perchlorates chemicals to produce toxic reducing agents.
gases.
Corrosive
Corrosive material Use corrosion-resistant

equipment and containers.
Caustic or acid Burns eyes and
materials that skin on contact. Always use eye protection
can destroy skin and gloves; use other
or eat through Burns tissues of personal protective
metals. respiratory equipment as appropriate.
system if vapours
are inhaled. Add acid slowly to water;
never add water to acid.
Store acids and bases
separately from each other.
Examples:
hydrochloric acid, In case of skin or eye contact
sodium hydroxide with corrosives, flush area
with cool water for 15
minutes, remove affected
clothing, and get medical
help.
Toxic
Poisonous materials Use appropriate control

causing immediate measures (e.g., fume
and serious toxic Materials that May cause hood, personal protective
effect. can cause the immediate and equipment).
death of a serious toxic
person exposed effects. Use engineering controls
to and personal protective
small amounts. May cause death equipment to eliminate or
or serious injury ifminimize exposure.
inhaled, swallowed,
or absorbed Establish wash-up and
through the skin. clean-up procedures to
prevent contamination.
Examples:
sodium cyanide, Ensure that workers
hydrogen sulfide understand the health
hazards and the primary
routes of exposure before
using chemicals.
Symbols in Chemicals Supply List
 Toxic (T)
 Very toxic (T+)
 Harmful (X)
 Irritant (Xi)
 Corrosive (C)
Label Information
 A chemical hazard label is a

pictogram applied to containers of
dangerous chemical compounds to
indicate the specific risk, and thus
the required precautions. There
are several systems of labels.
 The US based National Fire
Protection Association use a
diamond with four colored sections
each with a number indicating
severity 0-4 (0 for no hazard, 4
indicates a severe hazard).
Label Information
 The blue section denotes

health risks.
 Yellow represents reactivity
(tendency to explode).
 The red section denotes
flammability.
 The white section denotes
special hazard information.
 This label is used primarily in
the USA.
Image courtesy:
Google Images
Incompatible chemicals
Chemical Incompatible with the following common chemicals
Acetone Concentrated nitric and sulfuric acid mixtures, and strong bases
Ammonia (anhydrous) Mercury, chlorine, calcium hypochlorite, iodine, bromine, HF
Carbon tetrachloride Diborane, fluorine, sodium
Dimethyl sulfoxide Perchloric acid, silver fluoride, potassium permanganate, acetylchloride,

benzene sulfonyl chloride
Hydrogen peroxide Copper, chromium, iron, most metals or their salts, alcohols, acetone,
organic materials, aniline, nitromethane, flammable liquids,
combustible materials
Nitric acid (concentrated) Acetic acid, aniline, chromic acid, hydrocyanic acid, hydrogen sulfide,
flammable liquids, flammable gases, copper, brass, any heavy metals
Oxalic acid Silver, mercury
Potassium permanganate Glycerol, ethylene glycol, benzaldehyde, sulfuric acid
Sodium Carbon tetrachloride, carbon dioxide, water
Sulfuric acid Potassium chlorate, potassium perchlorate, potassium permanganate

(and similar compounds of light metals such as sodium, lithium)
Incompatible chemicals

Classes of Toxicity
All chemicals are toxic at sufficiently high concentrations.
Toxicologists determine safe levels. Toxic may be immediate or
may require an incubation time.
Poisons
 In our bodies, various organs (liver, kidney, digestive tract,
heart and so on) perform specific aspects of necessary
body function. These contains a variety of cells containing
proteins, enzymes.
 A foreign chemical may reach a concentration in the body at
which its presence begins to interfere with one or more of
these normal enzyme-catalyzed cell processes. The cell
then alters its functions, reduces its contribution to the
organism, or dies. E.g. cyanides, CCl4, Pb, Hg, Cd.
Classes of Toxicity
Mutagens
 A mutagen is a substance that cause damage to the
DNA. The most important mutagens are either specific
chemicals or radiation such as X-rays, radioactive
emissions, and ultraviolet light.
Carcinogens
 Carcinogens increase the likelihood of cancer
occurring. Most carcinogens are mutagens.
Teratogens
 Teratogens damage a fetus during development,
producing birth defects.
Chemical Accident
 Depending upon the toxicity of the material involved, the
most common kinds of problems that might be caused due
to a chemical leak or accident might include:
 Irritation to eyes, throats, difficulty in breathing, etc.

 Pollution and/or poisoning of air, water-bodies etc.
 Impact on vegetation and animals (including species in
water-bodies)
 Fumes
 Fire and explosion
Fire Classification
Fires are identified according to one or more fire

classes for firefighting purpose.
Each class designates the fuel involved in the fire,

and the classifications allow selection of
extinguishing agents along lines of effectiveness at
putting the type of fire out, as well as avoiding
unwanted side-effects. For example, non-conductive
extinguishing agents are rated for electrical fires, so
to avoid electrocuting the firefighter
Fire Classification
American European Australian/Asian Fuel/Heat source

Ordinary
Class A Class A Class A
combustibles
Class B Class B Flammable liquids
Class B
Class C Class C Flammable gases
Electrical
Class C UNCLASSIFIED Class E
equipment
Class D Class D Class D Combustible metals
Class K Class F Class F Cooking oil or fat

Fire Classification in US
Class Source Examples
Ordinary
A Wood, paper, cloth
combustibles
B Liquid fuels Solvents, oil, gasoline
C Electrical Fuse boxes, motors
Combustible Sodium, potassium,

D
metals phosphorous
K Cooking Media Oils, fats

Fire Classification in India
India - Classification of fires as per ISI 2190/1979
Class 'A' Fires

Fire involving combustible material such as wood,
paper, cloth, rubber, plastic requiring the heat
absorbing effects of water, water solutions.
Class 'B' Fires
This type of fire involves flammable or combustible
liquids greases, petroleum products and similar
materials for extinction, a blanketing effect is essential.
Fire Classification in India
India - Classification of fires as per ISI 2190/1979

Class 'C' Fires
Which involves flammable gases, substance under
pressure including liquified gasses. Here it is
necessary to dilute the burning gasses at very fast rate
with an inert gas, Dry chemical powder or CO2 .
Class 'D' Fires
Fire involving combustible metals such as sodium,
magnesium, zinc, potassium. These burning metal
react with water and water containing agent. These
fire requires special media to extinguish such as
carbon dioxide or special dry chemical powder.
Fire Extinguisher
Class of
Extinguisher characteristics
fire
Dissipates so quickly that hot fuel may
Carbon dioxide B, C
reignite. Ineffective on class A fires
A-B-C Most versatile, but leaves mildly
A, B, C
Dry chemical corrosive powder that must be cleaned
Dangerous if used in many laboratory
Water A situations, such as around equipment
or water-reactive chemicals
Class D
D Designed for metal fires only
Dry chemical
Reduces the fire’s temperature with
Class K extinguishing the flames by reacting
K
Wet Chemical with cooking oils. Designed for
commercial kitchens.
Fire Extinguisher
Type A: Water
extinguisher
Type BC extinguishers:
Sodium or potassium
bicarbonate.
Type ABC extinguishers:
Ammonium phosphate
Type D: Metal/Sand
Extinguishers

Fire Extinguisher
Image courtesy:
Google Images
Fire Extinguisher
 Dry chemical extinguishers can be quite corrosive to

metals such as aluminum and are also potentially abrasive.
 ABC extinguishers are much more corrosive than BC
extinguishers because the ammonium phosphate agent
can undergo hydrolysis to form phosphoric acid and
because the molten agent flows into minute cracks
 For this reason, dry chemical ABC extinguishers are not
recommended for use on aircraft or electronics such as
computers and scientific instruments.
Fire Extinguisher
 CO2 (carbon dioxide) extinguishers are for class B and C

fires. They don't work very well on class A fires because
the material usually reignites. CO2 extinguishers have an
advantage over dry chemical in that they leave behind
no harmful residue. That makes carbon dioxide a good
choice for an electrical fire involving a computer or other
delicate instrument.
 CO2 is a bad choice for a flammable metal fires such as
Grignard reagents, alkyllithiums and sodium metal
because CO2 reacts with these materials. CO2
extinguishers are not approved for class D fire.
Fire Extinguisher
 Metal/Sand Extinguishers are for flammable metals (class

D fires) and work by simply smothering the fire. The most
common extinguishing agent in this class are sodium
chloride, powder Cu metal, graphite powder.
Occupational Health and Safety Administration
 OSHA, created within the Department of Labor, U.S.

Govt. in 1970, to bring uniformity to health and safety
standards.
 The OSH Act intends to prevent injury or illness among

workers.
Occupational Health and Safety Administration
The power and responsibilities of OSHA include the
following:
 To establish safety and health standards.
 To conduct workplace inspections and issue citations
for health and safety violations.
 To require records of safety and health to be kept by
employers, and in conjunction with the Department of
Health, keep occupational health and safety statistics.
 To train employers, employees and personnel
employed to enforce the act.
 OSHA and the EPA share information.
International Labour Organization (ILO)
 International Labour Organization (since 1919) has

maintained and developed a system of international labour
standards aimed at promoting opportunities for women
and men to obtain decent and productive work, in
conditions of freedom, equity, security and dignity.
International Labour Organization (ILO)
 In today's globalized economy, international labour

standards are an essential component in the international
framework for ensuring that the growth of the global
economy provides benefits to all.
 The ILO Constitution sets forth the principle that workers

should be protected from sickness, disease and injury
arising from their employment.
The Factories Act, 1948
In India the first Factories Act was basically designed to protect

children and to provide few measures for health and safety of
the workers.
“Factory” is defined in Section 2(m) of the Act. It means any
premises including the precincts thereof-
 Whereon ten or more workers are working, or were working
on any day of the preceding twelve months, and in any part
of which a manufacturing process is being carried on with
the aid of power, or is ordinarily so carried on; or
 But does not include a mine subject to the operation of the
Mines Act,1952 or a mobile unit belonging to the Armed
forces of the Union, a railway running shed or a hotel,
restaurant or eating place.
 The following have held to be a factory:
 Salt works
 A shed for ginning and pressing of cotton
 A Bidi making shed
 A Railway Workshop
 Composing work for Letter Press Printing
 Saw Mills
 Place for preparation of foodstuff and other eatables
The Factories Act, 1948 came into force on the 1st day of
April, 1949 and extends to the whole of India.
The Factories Act was amended in 1949, 1950, 1954, 1956,
1976 and 1989.
The Act has been enacted primarily with the object of
protecting workers employed in factories against
industrial and occupational hazards. For that purpose, it
seeks to impose upon the owner or the occupier certain
obligations to protect the workers and to secure for them
employment in conditions conducive to their health and
safety.
 Employer to ensure health of workers pertaining to
 Cleanliness, disposal of wastes and effluents - Sec 12

 Ventilation and temperature dust and fume - Sec 13
 Overcrowding artificial humidification Lighting – Sec. 14
 Drinking water spittoons - Sec. 18
Safety Measures
 Fencing of machinery – Sec. 21
 Work on near machinery in motion – Sec 22
 Employment prohibition of young persons on dangerous
machines – Sec 23
 Striking gear and devices for cutting off power – Sec 2
 Self-acting machines - Sec 25
 Casing of new machinery- Sec 26
 Prohibition of employment of women and children near
cotton-openers - Sec 27
 Hoists and lifts - Sec 28.
OFFENCE PENALTIES
 For contravention of the Provisions  Imprisonment upto 2 years or fine upto
of the Act or Rules Rs.1,00,000 or both
 On contravention of Chapter IV
 Not less than Rs.25000 in case of
pertaining to safety or dangerous
death.
operations.
 Obstructing Inspectors  Imprisonment upto 6 months or fine
upto Rs.10,000 or both.
 Wrongful disclosing result pertaining
to results of analysis.  Imprisonment upto 6 months or fine
 For contravention of the provisions upto Rs.10, 000 or both.
of Sec.41B, 41C and 41H pertaining  Imprisonment upto 7 years with fine
to compulsory disclosure of upto Rs.2,00,000 and on continuation
information by occupier, specific fine @ Rs.5,000 per day.
responsibility of occupier or right of
workers to work imminent danger.  Imprisonment of 10 years when
contravention continues for one year.
Frequent/Common Industrial Hazards
1. Power Tools
2. Flying/Falling Objects
3. Moving machinery
4. Eye Injuries
5. Electrical hazards
6. Minor Cuts/Bruises/Abrasions/Slips
7. Dust Inhalation
8. Burns and/or frostbite
9. Chemical Spills/Caustic Chemicals
10. Ergonometric injuries
Personal Protective Equipment (PPE)
What is PPE?
Equipment that employers/workers wear to protect
themselves from hazards in their work environment.
Examples
lab coats/ aprons
safety goggles
hard hats
gloves
safety shoes
hearing protection
respirators
When is PPE Necessary?
Hazard Example Common related tasks

Impact Flying objects such as large Chipping, grinding, machining, masonry
chips, fragments, particles, work, wood working, sawing, drilling,
sand and dirt. riveting, etc.
Heat Anything emitting extreme Furnace operations, pouring, casting, hot
heat. dipping, welding, etc.
Chemicals Splash, fumes, vapors, and Acid and chemical handling, degreasing,
irritating mists. plating, etc.
Dust Harmful dust. Woodworking, buffing, and general dusty
conditions.
Optical Radiant energy, glare, and Welding, torch-cutting, -brazing,
intense light -soldering and laser work.
Radiation
 Safety goggles are intended to
shield the wearer's eyes from
impact hazards such as flying
fragments, objects, large chips,
and particles.
 Goggles fit the face immediately
surrounding the eyes and form a
protective seal around the eyes.
This prevents objects from
entering under or around the
goggles.
 Impact hazards
 Falling objects or potential for dropping
objects.
 Penetration Hazards
 Objects or machinery that may cause
punctures, cuts, or abrasions.
 Compression Hazards
 Machinery/heavy objects that may roll
over and crush or pinch feet.
 Chemical Hazards
 Chemical exposures from inhalation or
contact with the skin and eyes.
 Harmful Dust
 Dust from sandblasting, sawing,
grinding, or other generation of airborne
dust.
 Heat/Cold Hazards
 Hot/cold work areas and sources of
high/low temperature that could result in
burns.
 Noise Hazards
 Excessive noise (louder than a hair
dryer).
 Electrical Hazards
 Optical Radiation: Lasers

 Workers with exposure to laser beams
must be furnished with suitable laser
safety goggles which will protect for
specific wavelength of the laser.
Prevention of the Frequent Hazards
1. Power Tools – Training (Limited Access)
2. Falls/Falling Objects – Training (PPE-hardhats)
3. Moving machinery – Training (Lockout)
4. Eye Injuries – (PPE- safety goggles)
5. Electrical hazards – (Trained Staff)
Prevention of the Frequent Hazards
6. Minor Cuts/Bruises/Abrasions/Slips – Safety Awareness,
Housekeeping
7. Dust Inhalation – (PPE - dust masks)
8. Burns and/or frostbite – (Training & Awareness, PPE)
9. Chemical Spills/Caustic Chemicals – Training &
Awareness, PPE)
10. Ergonometric injuries (strains, sprains) - Awareness
Lockout Tag & Hot Work Permit

Summary
 Hazards are related to the properties of the compound

(or activity)
 Risk is related to the chance of an accident happening
and the hazard involved
 Chemical Hazard Symbols
 Incompatible chemicals
 Fire classification and fire extinguisher
 OSHA and Factories Act
 Personal Protective Equipment
Lecture 4

Nuclear Industries
Fire and Explosion
Dr. Raghuram Chetty

Chennai- 600 036.
Chemical Industries
 Chemicals have become a part of our life for sustaining
many of our day-to-day activities, preventing and
controlling diseases, and increasing agricultural productivity
etc.
 An estimation of one thousand new chemicals enter the

market every year, and about 100,000 chemical
substances are used on a global scale. These chemicals
are mostly found as mixtures in commercial products. Over
one million such products or trade names are available.
Chemical Industries
 The chemical industrial sector is highly heterogeneous
encompassing many sectors like organic, inorganic
chemicals, dyestuffs, paints, pesticides, specialty
chemicals, etc. Some of the prominent individual chemical
industries are caustic soda, soda ash, carbon black,
phenol, acetic acid, methanol and azo dyes.
 The risks associated with the chemical industry are
commensurate with their rapid growth and development.
Apart from their utility, chemicals have their own inherent
properties and hazards. Some of them can be flammable,
explosive, toxic or corrosive etc, and also have the
potential to affect the nearby environment.
Why do organizations have to bother about Safety
 In the present global industrial
scenario, for any industry to be
successful, it is essential to
inculcate safety culture,
consciousness in health and
environment aspects in each
personnel of an organisation.
 The significance of Safety &
Health in chemical industries
has been a vital issue in
achieving productivity and an
edge in the competitive world.
Why do organizations have to bother about Safety
 Finance, Human Resources.
 Manufacturing and operating

policy.
 Societal concerns.
Hazard & Safety
Can cause:
 Injury
 Death
 Damage to equipment/ property
It is practically impossible to completely eliminate all

hazards. Safety is therefore a matter of relative protection
from exposure to hazards.
Hazard & Safety
Safety = freedom from hazards

 Maintain a safe work environment
 Control unsafe acts and conditions
 Ensure operational efficiency
Work Place Hazard
 Physical Hazards
 falling objects, slips & trips, dangerous machinery, …
 Physical agents
 noise, vibration, electricity, radiation, …
 Chemical Hazard
 solvents, metals, …
Work Place Hazard
 Biological Hazard
 micro-organisms and toxins
 Psychosocial issues
 ergonomics (design of work place environment)
 work stress, violence, bullying
Major Concern in a Chemical Industry
Areas of Concern
1. Dangerous Materials
2. Flammable Gases, Vapours and Dust Hazards
3. Hazardous Chemical Reactions
4. Hazards of Pressure Vessels
5. Hazards due to Instrument Failures
6. Hazardous of Unit Operations
7. Entry in to Confined Spaces
8. Hazards due to Corrosion
9. Working with Pipelines
10. Plant Alteration and Modification
Dangerous Substances
1. Explosives
2. Gases
3. Flammable Liquids/Solids
4. Oxidizing Substances
5. Miscellaneous Dangerous Substances
Dangerous substance
 What is a dangerous substance?

 Dangerous substance includes any substance or
preparation, which because of its properties or the way
it is used could cause harm to people from fires and
explosions.
 Dangerous substances include: petrol, liquefied
petroleum gas (LPG), paints, varnishes, solvents, and
dusts which when mixed with air could cause an
explosive atmosphere.
 Dangerous substances can be found, in varying
quantities, in most workplaces.
Dangerous substance
What is a dangerous substance?
 Dangerous Substances and Explosive Atmospheres

Regulations, 2002 (UK) usually known as DSEAR is a set
of regulations concerned with protection against risks
from fire, explosion and similar events arising from
dangerous substances used or present in the workplace.
Chemistry of Fire
 Chemically, fire is a type of oxidation, which is the

combination of oxygen with other substances to produce
new substances.
 The rapid oxidation of a fuel evolving heat, particulates,

gases and non-ionizing radiation.
 To start fire, the minimum temperature needed to

spontaneously ignite fuel, known as ignition
temperature, must be reached.
Chemistry of Fire
 The heat evolved when a substance burns is known as

heat of combustion.
 An additional factor, besides the liberation of energy,

needed to explain fire is the rate or speed at which the
oxidation reaction takes place.
Fire
In order to have a fire, two components are
required fuel and an oxidant.
for e.g. CH4 + 2O2 → CO2 + 2H2O
However, the presence of fuel and oxidant is

not sufficient to start combustion; the mixture
must be raised to a high enough
temperature to start the reaction, usually by
a spark or a flame.
Fire
 It is possible to have a fuel and an oxidant, but in
proportions such that the process cannot occur
continuously. If the fuel is a small amount of gas
mixed with air and we initiate combustion with a
spark, the small amount of heat produced by
burning might be insufficient to ignite fuel and
continuous combustion fails to happen.
 Too much fuel is insufficient oxygen, and once
again the heat produced when a spark ignites
some fuel is not enough to ignite adjacent fuel.
 e.g. think of the last time you tried to light
charcoal… charcoal was stubborn until... you blew
on it, increasing the oxygen supply.
Fire
 Fire or burning, is the rapid exothermic oxidation of an
ignited fuel. The fuel can be in solid, liquid, or vapor form,
but vapor and liquid fuels are generally easier to ignite.
 The combustion always occurs in the vapor phase;
liquids are volatized and solids are decomposed into
vapor before combustion.
 When fuel, oxidizer, and an ignition source are present
at the necessary levels, burning will occur.
Fire
 A fire will not occur if

 Fuel is not present or is not present in sufficient
quantities.
 An oxidizer is not present or is not present in sufficient
quantities.
 The ignition source is not energetic enough to initiate
the fire.
The Fire Triangle
Oxidizers
 Liquids
 hydrogen peroxide, nitric acid,

perchloric acid Ignition sources
 Solids  Sparks, flames,
 Metal peroxides, ammonium static electricity,

nitrate heat
 Gases
 Oxygen, fluorine, chlorine
Fuels
 Liquids
 gasoline, acetone, ether, pentane
 Solids
 metal particles, wood dust, fibers, plastics,
 Gases
 acetylene, propane, hydrogen

Other fuels
 Solvents
 Paper, boxes, etc.
 Plastics
 Carpets
 Furniture
 Waste materials
Common Sources of Ignition
 Smoking
 Electrical equipment
 Heaters
 Contractors tools and equipment
 Arson
Effective Ignition Source
 Open flames: this varies from a lit cigarette to welding
activity.
 Mechanically generated impact sparks: for example, a
hammer blow on a rusty steel surface compared to a
hammer blow on a flint stone. The speed and impact angle
(between surface and hammer) are important; a 90 degree
blow on a surface is relatively harmless.
 Electric sparks. For example a bad electrical connection or
a faulty pressure transmitter. The electric energy content of
the spark determines the effectiveness of the ignition
source.
Effective Ignition Source
 High surface temperature. This can be the result of

milling, grinding, rubbing, mechanical friction in a stuffing
box or bearing, or a hot liquid pumped into a vessel.
 Electrostatic discharge. Static electricity can be generated

by air sliding over a wing.
 Adiabatic compression. Air is pumped into a vessel and

the vessel surface heats up.
 Radiation, Lightning strikes.
Static Electricity
Piping Systems - In piping systems
 Static electricity is a major
the generation rate and the subsequent
cause of fires and explosions
accumulation of static charge are a
in many industries. function of the flow rate, liquid velocity,
 Generated when a fluid flows pipe diameter, and pipe length.
through a pipe or from an Filling Operations - The turbulence
opening into a tank. experienced in filling operations,
caused by large flow rates, splashing
 Main hazards are fire and
or free-falling liquids, greatly increases
explosion from sparks
the charge accumulation above the
containing enough energy to level generated in piping systems.
ignite flammable vapors. Filtration - Filters, because of their
large surface area, can generate as
much as 200 times the electrostatic
charge generated in the same piping
system without filtration.
Control of Static Electricity
Bonding
 Physically connect two conductive objects together with a
bond wire to eliminate a difference in static charge potential
between them.
 Must provide a bond wire between containers during
flammable liquid filling operations, unless a metallic path
between them is otherwise present.
Grounding
 Eliminates a difference in static charge potential
between conductive objects and ground
 Although bonding will eliminate a difference in potential
between objects, it will not eliminate a difference in
potential between these objects and earth unless one
of the objects is connected to earth with a ground wire.
Ventilation
Solvent Transfer
Safety pump Self closing safety Faucet

Types of Fire
Jet Fire
Pool fire
Flash fire
Fire ball
Definitions
 Flash point (FP) of a volatile liquid is the lowest

temperature at which it can vaporize to form an ignitable
mixture in air.
 Defined only for liquids at 1 atm. pressure. The flash
point increases with increasing pressure.
 Measuring a liquid's flashpoint requires an ignition
source.
 At the flash point, the vapor may cease to burn when
the source of ignition is removed.
Definitions
 Fire point is the lowest temperature at which liquid gives

enough vapor to maintain a continuous flame; the fire
point temperature is higher than the flash point.
Flammability/Explosive Limit
 For each flammable chemical we can
determine limits, concentration of gas or
vapor in air that are at the low or high
extremes of ability to sustain continuous
combustion.
*
 There is a lower flammability limit
*
(combustion-lean limit mixture), a
concentration in air, usually expressed as
volume percent (vol%), below which the fuel-
air mixture dose not sustain continuous
combustion. *Upper Explosive Limit
*Lower Explosive Limit
 .
Flammability/Explosive Limit
 The upper flammability limit (combustible-
rich limit mixture) is the highest concentration
of fuel in air that burns continuously.
 Such values should not be treated as
absolute physical constant such as melting
*
point or density of a pure substance, but
*
rather as guidelines when establishing criteria
for safe conditions.
 For example, flammability limits vary
with temperature, pressure, and
conditions of combustion. *Upper Explosive Limit
*Lower Explosive Limit
Flammability Limit
 Lower flammability limit (LFL):

is the lower end of the
concentration (%) range of a
flammable solvent at a given
temperature and pressure for
which air/vapor mixtures can
ignite.
 Outside this range of
air/vapor mixtures, the
mixture will not ignite (unless
heated).
Flammability Limit
 Upper flammability Limit

(UFL): is the highest
concentration (%) of a gas or a
vapor in air capable of
producing a flash of fire in
presence of an ignition source.
 Concentration higher than
UFL are "too rich" to burn.
Autoignition Temperature
 The autoignition temperature of

a substance is the lowest Autoignition point of selected
substances in °C
temperature at which it will
spontaneously ignite without Silane >21
an external source of ignition. White phosphorus 34
Carbon disulfide 90
Diethyl ether 160
Diesel or Jet fuel 210
 This temperature is required to Gasoline (Petrol) 250
Magnesium 473
supply the activation energy Hydrogen 536
needed for combustion.
Autoignition Temperature
 The temperature at which a Autoignition point of selected

substances in °C
chemical will ignite decreases as
the pressure increases or Silane >21
White phosphorus 34
oxygen concentration increases. Carbon disulfide 90
It is usually applied to a Diethyl ether 160
Diesel or Jet fuel 210
combustible fuel mixture. Gasoline (Petrol) 250
Magnesium 473
Hydrogen 536
(not to be confused with the
flashpoint, which requires an
ignition source)
Flammability Limit for hydrocarbons
Hydrocarbon Formula LEL in UEL in Ignition

air air Temperature,
(%) (%) oC
Methane CH4 5.0 15.0 650

Ethane C2H 6 3.0 12.4 515
Propane C 3H 8 2.1 9.5 466
n-Butane C4H10 1.8 8.4 480
n-Hexane C6H14 1.2 7.4 275
Dimethyl ether C 2H 6O 3.4 27 350
Hydrogen H2 4.0 75 536
Ethylene oxide C 2H 4O 3.6 100 429
Acetylene C2H 2 2.5 100 305
Vapor/air mixture Concentration Vs. Temperature
A plot of concentration versus temperature shows how several definitions
are related
Boiling Point
Non-flammable region •
Upper flammable limit (UFL)
•
Vapor Conc. in air
Vapor
pressure curve
Lower flammable limit (LFL) Flammable region

•
Non-Flammable
region
• Flash Point
Temperature
Vapor pressure, temperature diagram shows the relationship among upper

and lower flammable (explosive) limits, flammable and non- flammable
regions, boiling point, flash point and vapor pressure curve.
Explosion
 Fire and explosion may be two sides of the same coin

where both are based on a strongly exothermic (heat-
producing) chemical reaction, usually combustion in air.
 An explosion as opposed to a fire, occurs when the rapid
expansion of gases produces high pressures.
 Rapid progression of high pressure and heat result in
explosion.
 An explosion is more likely when the fuel-oxygen
mixture is midway between the flammability limits.
Distinction between Fire and Explosion
 The major distinction between fires and explosions is the

rate of energy release.
 Fires release energy slowly, whereas explosion

release energy rapidly, typically on the order of
microseconds.
 Fires can also result from explosions, and explosions

can result from fires.
Distinction between Fire and Explosion
 A good example of how the energy release rate affects

the consequences of an accident is a standard
automobile tyre.
 The compressed air within the tyre contains energy. If
the energy is released slowly through the nozzle, the
tyre is harmlessly deflated.
 If the tyre ruptures suddenly and all the energy within

the compressed tire release rapidly, the result is a
dangerous explosion.
Fire and explosion
FIRE exothermic, oxidation, with flame
EXPLOSION higher energy release rate } may trigger

each other
pressure or shock wave
injuries / casualties Thermal radiation,

EFFECTS
property losses
process interruption
} asphyxiation, toxic products,
blast, fragments
Required knowledge for prevention

material properties
nature of fire and explosion process
procedures to reduce hazards
Explosion
Explosion is a rapid expansion of gases resulting in a

rapidly moving pressure or shock wave.
 The expansion can be mechanical (by means of a
sudden rupture of a pressurized vessel), or it can be the
result of a rapid chemical reaction.
 Explosion damage is caused by the pressure or shock
wave.
Explosion
 BLEVE (Boiling Liquid Expanding Vapor Explosion): This
is a type of explosion that can occur when a vessel
containing a pressurized liquid is ruptured. Such
explosions can be extremely hazardous.
 Vapor cloud explosion: Overpressure caused when a

gas cloud detonates or deflagrates in open air rather than
simply burn, i.e. extremely rapid flame front propagation.
 Detonation and Deflagration

Explosion
 BLEVE (Boiling Liquid Expanding Vapor Explosion) occurs if a vessel
that contains a liquid at a temperature above its atmospheric pressure
boiling point ruptures.
 BLEVE may occur when a pressurized tank, e.g. LPG (as in Mexico
disaster) or partially filled flammable liquid container, is exposed to an
external heat/fire.
 If the tank/container cannot resist the increasing pressure it will burst
and the content will be thrown around, mix with air and ignite in a storm
of fire.
Deflagration/ Detonation
Deflagration: An explosion in which Detonation: An explosion in which
the reaction front moves at subsonic the reaction front moves at
speed (speed less than the speed of supersonic speed (speed greater than
sound) in the unreacted medium. the speed of sound) in the unreacted
medium. Flame propagation
Flame propagation velocity, typically
velocities, up to 2000 m/s, and
far below 100 m/s, and relatively
substantial overpressures, up to 20
modest overpressures, <0.5 bar. bars.
Substantial
Reaction front
Reaction front
overpressure
Shock front
modest
Shock front
overpressure
The reaction front moves at a speed Reaction front moves at a speed

less than sound, while the pressure greater than sound, driving shock
front moves away from the reaction front immediately preceding it. Both
front at the speed of sound. front move almost same speed
Explosive atmosphere
 An explosive atmosphere is an accumulation of gas, mist,

dust or vapor, mixed with air, which has the potential to
catch fire or explode.
 An explosive atmosphere does not always result in an

explosion, but if it caught fire the flames would quickly
travel through it and if this happened in a confined space
(e.g. in plant or equipment) the rapid spread of the flames
or rise in pressure could cause an explosion.
Explosive atmosphere
 Knowing the flammability limit and other characteristics of a

chemical allows us to predict the potential for a fire starting.
 Check MSDS or the standard diamond shaped hazard code
placed on containers of chemicals (from US), the red upper
quadrant warns of the combustion hazards.
 Most organic liquids are flammable, exception being chlorinated
or halogenated hydrocarbon. Industry has been strongly
induced to use chlorinated hydrocarbons as solvents because of
their inability to burn. C-H bond is replaced by more stable C-Cl
bond. CCl4 was commonly used as a fire extinguisher fluid
before its toxic characteristics were recognised.
Definitions
 Confined explosion: An explosion occurring within a
vessel or a building. These are most common and usually
result in injury to the building inhabitants and extensive
damage.
 Unconfined explosion: Unconfined explosions occur in
the open. This type of explosion is usually the result of a
flammable gas spill. The gas is dispersed and mixed with
air until it comes in contact with an ignition source.
 Unconfined explosions are rarer than confined
explosions because the explosive material is frequently
diluted below the LFL by wind dispersion.
Definitions
 Dust explosion: This explosion results from the rapid

combustion of fine solid particles. Many solid materials
(including metals such as iron and aluminum) become
flammable when reduced to a fine power.
 Shock wave: An abrupt pressure wave moving through a

gas. A shock wave in open air is followed by a strong wind;
the combined shock wave and wind is called a blast wave.
Damage estimation based on Overpressure
Overpressure, Damage
~ kPa
0.5 Loud noise (143 dB)
2 “Safe distance” (probability of 0.95 of no serious

damage below this value)
4 Windows usually shatter, occasional damage to frame
5 Minor damage to house structure
6-14 Significant damage to structures (wood and asbestos)
15 Destruction of brickwork house
25 Cladding of light industrial building ruptures, oil tank

ruptures, 50% probability of human fatality
35-50 Nearly complete destruction of houses

Flash point device
 The flash point temperature is one of the major quantities
used to characterize the fire and explosion hazard of liquids.
 Flash point temperatures are determined using an apparatus

shown below.
Cleveland Open Cup Flash Point Tester

Experimental Determination - Flashpoint
Cleveland Open
Cup Method.
Closed cup
produces a better
result - reduces
drafts across cup.
An open-cup flash point determination
 The liquid to be tested is placed in the open cup. The liquid

temperature is measured with a thermometer while a
Bunsen burner is used to heat the liquid.
 A small flame is established on the end of a moveable

wand.
 During heating, the wand is slowly moved back and forth

over the open liquid pool.
 Eventually a temperature is reached at which the liquid is

volatile enough to produce a flammable vapor, and a
momentary flashing flame occurs.
 The temperature at which this first occurs is called the

flash point temperature.
 Note that at the flash point temperature only momentary

flame occurs; a higher temperature, called the fire point
temperature, is required to produce a continuous
flame.
 The problem with open-cup flash point procedures is that
air movements over the open cup may change the vapor
concentrations and increase the experimentally
determined flash point.
 To prevent this, most modern flash point methods employ
a closed-cup procedure.
 For this apparatus a small, manually opened shutter
provided at the top of the cup. The liquid is placed in a
preheated cup and allowed to sit for a fixed time period.
 The shutter is then opened and the liquid is exposed to
the flame. Closed-cup methods typically result in lower
flash points.
Examples of flash points
 Gasoline (petrol) is designed for use in an engine which is
driven by a spark.
 The fuel should be premixed with air within its
flammable limits and heated above its flash point, then
ignited by the spark plug.
 The fuel should not preignite in the hot engine. Therefore,
gasoline is required to have a low flash point and a high
Fuel Flash Autoignition
autoignition temperature. point temperature
Ethanol 12.8 °C 365 °C
Gasoline <−40 °C 246 °C

(petrol)
Diesel >62 °C 210 °C
Jet fuel >60 °C 210 °C

Theoretical flash point
Mathematically flash point can be calculated using boiling

point relationship:
2 − c/Tb
b(c/Tb ) e
Tf = a +
(1 − e− c/Tb )2
where, Tf is flash point in K,

a, b, and c are constants
(provided in Table, next slide),
Tb is boiling point in K
Constants for Tf equation
Constants used in the equation for predicting flash point
Chemical group a b
c
Hydrocarbons 225.1 537.6 2217
Alcohols 230.8 390.5 1780
Amines 222.4 416.6 1900
Acids 323.2 600.1 2970
Ethers 275.9 700.0 2879
Sulfur 238.0 577.9 2297
Esters 260.5 449.2 2217
Halogens 262.1 414.0 2154
Aldehydes 264.5 293.0 1970
Temperature and Pressure dependencies
0.75
LFLT =LFL25 − (T − 25)
ΔH c
0.75
UFLT =UFL25 + (T − 25)
ΔH c
 Where ∆Hc is the net heat of combustion (kcal/mole), and T is temperature in oC.
As temperature increases: UFL increases, LFL decreases
Flammability range increases
 Pressure has little effect on LFL where as UFL change as follows:
UFL p =
UFL + 20.6(logP + 1)
where P is absolute pressure in Mega Pascal
As pressure increases: UFL increases, LFL mostly unaffected

Calculating LFL/UFL of Mixtures
1
LFL =
yi
∑ LFL
i
1
UFL =
yi
∑ UFL
i
yi = mole fraction of i on combustable basis

Experimental Determination - LFL, UFL
Run experiment at different fuel compositions with air:

10
Pressure (bar-gauge)
Maximum Explosion
LFL UFL
0
0 2 4 6 8 10
Fuel Concentration in air (vol%)
Flammability limits are an empirical artifact of experiment!

Test apparatus for accruing vapor explosion data
10
Pressure (bar-abs)
Pmax
8
TI PI
6
Igniter 0
0 50 100 150 200 250
Time (ms)
Typical pressure vs. time data
obtained from gas explosion
apparatus shown in the left.
Experimental Apparatus

Estimation of Flammability limits
 Using stoichiometric balance for general combustion
reaction
x
CmHxOy + zO2 → mCO2 + H2O
2
z=m+¼x-½y
where z has units of moles O2/mole fuel.
Stoichiometric Conc. [vol%] = Cst
Cst = 21% / (0.21 + z)
 LFL = 0.55⋅Cst Approximate!

 UFL = 3.50⋅Cst
Limiting Oxygen Conc. (LOC)
 LFL is based on fuel in air. However, oxygen is the key

ingredient and there is a minimum oxygen concentration
required to propagate a flame. This is especially useful
because explosion and fire can be prevented by reduction
the oxygen concentration regardless of the conc. of fuel.
 Below the LOC (Limiting or lowest oxygen concentration
in vol% O2) the reaction cannot generate enough energy
to heat the entire mixture of gases to the extend required
for the self propagation of the flame.
Fuel + z. oxygen → Products
LOC ≅ z ⋅ LFL (Typically 8 - 12%)
Estimate the LOC of butane
The stoichiometry for this reaction is
C4H10 + 6.5 O2 → 4CO2 + 5 H2O
The LFL for butane is 1.9 % by volume (from literature). From the stoichiometry
LOC = (moles fuel/total moles) x (moles O2/ moles fuel)

= LFL (moles O2/ moles fuel)
By substitution, we obtain
LOC = (1.9) * (6.5 moles O2/ 1.0 moles fuel)
LOC = 12.4 vol. % O2
The combustion of butane is preventable by adding N2, CO2, or even

water vapour until the oxygen conc. O2 below 12.4%. The addition of
water is not recommended because any condition that condenses water
would move the oxygen concentration back into the flammable region.
Flammability Diagram
A general way to represent
the flammability of a gas or
vapour is by the triangle
diagram as shown in the
figure below.
Concentration of fuel,
oxygen and inert material
are plotted on the three
axes. Each apex of the
triangle represents either
100% fuel, oxygen or
nitrogen.
Flammability Diagram
The tick marks on the scales

show the direction in which the
scale moves across the figure.
Thus point ‘A’ represents a

mixture composed of 60%
methane, 20% oxygen, and
20% nitrogen. The zone
enclosed by the dashed line
represents all mixtures that are
flammable.
Methane Flammability Diagram
 Combustion requires fuel and
oxygen in the proper
concentration. Under normal
conditions, air contains
approximately 21% oxygen and
79% nitrogen and trace amounts
of other gases. Nitrogen
 The diagram shows all possible The triangle represents the

relationship between fuel,
mixtures of methane, oxygen,
oxygen, and passive agents
and passive agents with the total concentration
(predominantly nitrogen in the equals 100%.
air).
 The blue (air) line indicates
oxygen concentration from
normal 21% (by volume) to 0%.
 The red (stoichiometric) line
indicates the ideal mixture of
oxygen and fuel for complete
combustion.
Nitrogen
 The gray shaded area indicates
The triangle represents the
the mixtures of methane, oxygen,
relationship between fuel,
and passive agents that will be oxygen, and passive agents
flammable. with the total concentration
equals 100%.
Constructing Flammability Diagram
Oxygen Fuel
Nitrogen
40% Nitrogen
40% Fuel
20% Oxygen
Oxygen Fuel
Nitrogen
1. Draw Air Line Air line represents all
2. Enter LFL & UFL possible combinations of
3. Determine z fuel plus air. The air line
extends from point where
4. LOC = z LFL
fuel is 0% to oxygen 21%
Oxygen and nitrogen is 79% to a
point where fuel is 100%,
oxygen 0% and nitrogen
0%. The equation for this
line is
Fuel% = -(100/79) x N2%
Nitrogen + 100
Stoichiometric line represents all
5. Add Stoichiometric Line
stoichiometric combinations of fuel &
oxygen
Fuel + zO2  combustion products
where z is the stoichiometric coefficient

for oxygen
Oxygen Equation for the stoichiometric line is
Fuel% = 100 –N2(%) / (1+z)

The intersection of
stoichiometric line with the
oxygen axis (in volume %
oxygen is given by)
𝒛𝒛
Nitrogen 100
𝟏𝟏+𝒛𝒛
6. Get Pure Oxygen LFL
and UFL (if available)
LOC
7. Construct curve
UFL
Oxygen Fuel
LFL
Nitrogen
Diagram
6. Get Pure Oxygen LFL
and UFL (if available)
LOC
7. Construct curve
UFL(O2)
Oxygen Fuel
LFL(O2)
UFL
LFL
Nitrogen
 The LOC is also shown in the

figure. Clearly any gas mixture
containing oxygen below the
LOC is not flammable.
 The shaded area indicates the
A UFL
mixtures of methane, oxygen,
and passive agents that will be
flammable. Whereas, point A
represents a mixture composed
of 60% methane, 20% oxygen,
and 20% nitrogen, which lies
LOC = 12 vol% O2
outside the flammable zone, a
mixture of this composition is not
flammable. LFL
The shape and size of the

flammability zone on a
flammability diagram A UFL
change with number of
parameters, including fuel
type, temperature, pressure
and other inert species.
LOC = 12 vol% O2
LFL
Hydrogen Flammability Diagram
Hydrogen Explosion
Deflagration (slow flame;

starting at about 4%)
Deflagration to detonation
transition (DDT)
Detonation (rapid flame,
starting at about 13%)
Total energy maybe same
in detonation but time
scale is smaller
Flammability Diagram for Styrene
Solvents
 Organic solvents are the most common source of fires

and explosions in the chemical industry.
 To prevent accidents resulting from fires and explosions,

engineers must be familiar with
 The fire and explosion properties of materials.

 The nature of the fire and explosion process.
 Procedures to reduce fire and explosion hazards.
Flammable and combustible liquids
 Flammable and combustible
liquids are liquids that can burn.
Flash Autoignition
 They are classified, or grouped Fuel
point temperature
as either flammable or
combustible, by their
Gasoline
flashpoints. <−40 °C 246 °C
(petrol)
 Generally, flammable liquids Diesel >62 °C 210 °C
will ignite (catch on fire) and Jet fuel >60 °C 210 °C
burn easily usually at normal Kerosene >38–72 °C 220 °C
working temperatures. Vegetable oil 327 °C
Combustible liquids have the Biodiesel >130 °C
ability to burn at temperatures
that are usually above working
temperatures.
Flammable and combustible liquids
 Under the Workplace Flash Autoignition

Fuel temperature
Hazardous Materials point
Information System
Gasoline
(WHMIS): flammable <−40 °C 246 °C
(petrol)
liquids have a flashpoint Diesel >62 °C 210 °C
below 37°C (100°F). Jet fuel >60 °C 210 °C
Kerosene >38–72 °C 220 °C
Combustible liquids have
Vegetable oil 327 °C
a flashpoint at or above Biodiesel >130 °C
37°C (100°F) and below
93°C (200°F).
Classification of Flammable Liquids
 Flammable liquid refers to any liquid having a flash point below 100 F
(37oC). Such flammables are Class I liquids.
These liquids are subdivided into three classes. The following is an
illustrative list of common flammable liquids:
 Class IA
Flash point below 73 F (22°C), boiling point below 100 F (37°C).
e.g. acetaldehyde ethyl chloride petroleum ether

ethyl ether propylene oxide pentane
Classification of Flammable Liquids
 Class IB
Flash point below 73 F (22°C), boiling point at or above 100 F (37°C)
e.g. acetone ethyl acetate methyl alcohol
benzene ethyl alcohol methylcyclohexane
butyl alcohol gasoline toluene
 Class IC
Flash point at or above 73 F (22°C), and boiling point below 100 F
(37°C).
e.g. amyl acetate isopropanol turpentine

amyl alcohol xylene
Classification of Combustible Liquids
 Combustible liquid refers to any liquid having a flash point at or above

100 F.
Combustible liquids are subdivided as follows:
 Class II Flash point at or above 100 F (37°C) and below 140 F (60°C)
e.g. acetic acid camphor oil
methyl lactate cyclohexane
hydrazine kerosene
 Class III Flash point at or above 140 F and below 200 F (93°C)
e.g. aniline furfuryl alcohol
phenol carbolic acid
naphthalenes pine oil
Classes of Flammable and Combustible Liquids
Hazard
 At normal room temperatures, flammable liquids can give
off enough vapor to form burnable mixtures with air. As a
result, they can be a serious fire hazard. Flammable liquid
fires burn very fast. They also give off a lot of heat and
often clouds of thick, black, toxic smoke.
 Combustible liquids at temperatures above their

flashpoint also release enough vapor to form burnable
mixtures with air. Hot combustible liquids can be as
serious a fire hazard as flammable liquids.
Hazard
 Spray mists of flammable and combustible liquids in air
may burn at any temperature if an ignition source is
present. The vapors of flammable and combustible liquids
are usually invisible, and hard to detect unless special
instruments are used.
 Most flammable and combustible liquids flow easily. A
small spill can cover a large area of workbench or floor.
Burning liquids can flow under doors, down stairs
spreading fire widely. Materials like wood, cardboard and
cloth can easily absorb flammable and combustible
liquids.
Fire Flashback
 Vapors can flow from open liquid containers. The vapors

from nearly all flammable and combustible liquids are
heavier than air.
 If ventilation is inadequate, these vapors can settle and
collect in low areas like sumps, drains, pits and
basements. The vapor trail can spread far from the liquid.
 If this vapor trail contacts an ignition source, the fire
produced can flash back (or travel back) to the liquid.
 Flashback and fire can happen even if the liquid giving off
the vapor and the ignition source are hundreds of feet or
several floors apart.
TNT equivalent
 TNT equivalent is a simple method for quantifying the energy
released in explosions. A typical value for the energy explosion of
TNT is 1120 cal/g = 4686 kJ/kg.
 An equivalent mass of TNT is estimated using the following equation:

η 𝑚𝑚 ∆𝐻𝐻𝐻𝐻
mTNT =
𝐸𝐸𝑇𝑇𝑇𝑇𝑇𝑇
mTNTis the equivalent mass of TNT
η is the empirical explosion efficiency
m is the mass of hydrocarbon
∆Hc is the energy of explosion of the flammable gas
ETNT is the energy of explosion of TNT
ATEX Directive
 ATmosphères EXplosibles
 Employers must classify areas where dangerous
explosive atmospheres may occur into zones.
 The classification given to a particular zone, and its
size and location, depends on the likelihood of an
explosive atmosphere occurring and its persistence if it
does.
 Areas classified into zones (0, 1, 2 for gas-vapor-mist and
20, 21, 22 for dust) must be protected from effective
sources of ignition.
ATEX Directive
 Zone 0 and 20 are the zones with the highest risk of an

explosive atmosphere being present.
 Equipment and protective systems intended to be used in
zoned areas must meet the requirements of the directive.
 Zone 0 and 20 require Category 1 marked equipment,
zone 1 and 21 required Category 2 marked equipment
and zone 2 and 22 required Category 3 marked
equipment.
 Where employees work in zoned areas are provided with
appropriate clothing that does not create a risk of an
electrostatic discharge igniting the explosive atmosphere.
Summary
 Dangerous substance
 Fire triangle: Conditions where fires and /or explosions
can occur.
 Explosion: BLEVE, VCE, Detonation and Deflagration
 Theoretical and experimental determination of
upper/lower flammability limits, flash point
 Flammability diagram
 Utilization of inerting to prevent fires/explosions.
 Flammable and combustible liquids.
Lecture 12

Nuclear Industries
Hazard Evaluation
Dr. Raghuram Chetty

Chennai- 600 036.
Introduction
 A hazard is defined to be a characteristic of a system,
process and plant, that represent a potential for an
accident.
Introduction  An accident is defined as an unplanned event or
sequence of events that has undesirable
Safety
Reviews
consequences.
 The consequence could be a fire or explosion or
Procedure release of toxic material that could lead to health
Application
effects, economic losses and public relation losses.
 Effective hazard control requires analysis that is
Petrochemic systematic, comprehensive, and sufficiently easy to
al Plant
carry out that it may be done by engineers associated
with design and operation of a plant.
 These procedures should amongst other things be used
to identify accidents that could occur infrequently but
result in serious injury or loss when they do.
Introduction
Process / System
Hazard Evaluation
Hazard identification
- Safety Review/Audit/Inspection & evaluation
- Process/ System Checklists
Introduction
- Dow & Mond Indices Scenario
- Hazard Analysis (HAZAN) identification
Safety
Reviews - HAZOP
Accident
Risk Assessment probability Accident
Procedure
consequences
- What can go wrong & how?
Application - What are the chances?
Risk determination
Petrochemical - Consequences?
Plant
Extremes
- Low probability risk &
hazard N
- Minimal consequences Modify design
acceptable
?
Y
Accept system
Safety Layers of Protection
Focus on hazard
identification and
control
Introduction
Safety
Reviews
Hazard still exist
Procedure Reduce the risk
Application
Petrochemical
Plant Layers of protection
increase the complexity of
the process, and hence the
capital and operating cost.
Introduction
 Centre for Chemical Process Safety (CCPS) of the
American Institute of Chemical Engineers under
Introduction ‘Guidelines for Hazard Evaluation Procedures’
Safety considers the following as most favor evaluation
Reviews
procedures:
Procedure
Application
1. Safety Review Methods
Petrochemical
Plant 2. Process/ System Checklists
3. Relative Ranking Techniques (Dow & Mond
Indices)
Introduction
3. Preliminary Hazard Analysis (PHA)
4. “What if” Analysis
Introduction
5. Hazard and Operability studies (HAZOP)
Safety
Reviews 6. Failure Modes Effects Analysis (FMEA)
Procedure 7. Fault Tree Analysis (FTA)
Application 8. Event Tree Analysis (ETA)
Petrochemical 9. Cause-Consequence Analysis (CCA)
Plant
10. Human Reliability Analysis (HRA)
Qualitative methods
 The DOW and MOND methods provide a quick
and simple way of estimating risks in process
Introduction plants.
Safety
Reviews
 The procedure employed assigns penalties for
those processes or operations that can
Procedure
contribute to an accident and assigns credits to
Application
the safety features of the plant that can mitigate
Petrochemical
Plant the effects of an accident.
 The penalties and credits are combined into an
index that indicates the relative ranking of the
plant risk.
Qualitative methods
 Preliminary Hazard Analysis (PHA) is a general,
qualitative study that yields a rough assessment of
Introduction the potential hazards and means of their
Safety rectification within a system.
Reviews
 It is called ‘preliminary’ because it is usually
Procedure
refined through additional studies. PHA
Application
contains a brief description of potential hazards
Petrochemical in system development, operation or disposal.
Plant
 This method focuses on special attention on
sources of energy for the system and on
hazardous materials that might adversely affect
the system or environment.
Qualitative methods
 HAZOP (HAzard and OPerability studies) is a
procedural tool designed to highlight the deficiency
Introduction
and shortcomings in the design and operation of
industrial plants.
Safety
Reviews  Benefits: The HAZOP technique is a powerful
Procedure tool for hazard analysis. Its methodical approach

Application ensures that deviations from design intent are
Petrochemical
detected and acted upon.
Plant  Limitations: HAZOP utilises a team approach
and hence can not be conducted by a single

analyst. The team should be skilled and
multidisciplinary with good knowledge of the plant,
its intended design and operation.
• Qualitative methods
 Failure Modes and Effects Analysis (FMEA) is
methodology for analyzing potential reliability
Introduction problems early in the development cycle where it
Safety is easier to take actions to overcome these issues,
Reviews
thereby enhancing reliability through design.
Procedure
Application
 FMEA is a useful qualitative tool for failure
Petrochemical analysis and identification and can be used
Plant
extensively with other hazard identification
techniques such as HAZOP and fault tree
analysis.
Quantitative methods
 Fault Tree Analysis (FTA) is a reliability and logic-
based methodology. It is used for identifying and
Introduction
analysing the events that could lead to an accident
or an undesirable event.
Safety
 Benefits and Limitations: FTA is a very useful
Reviews
tool for studying the routes by which a hazard
Procedure
can occur, although its implementation requires
Application skilled analysts. Furthermore, the quantification
Petrochemical
of the fault tree depends on the accuracy of the
Plant failure data and its availability.
 Event Tree Analysis (ETA) is one of the logic tree
methods for hazard identification. Unlike fault tree
analysis, event tree analysis is a "forward thinking"
process.
Qualitative vs. Quantitative
Qualitative Quantitative
The aim is a complete, detailed The aim is to classify features, count

description. them, and construct statistical models in
Introduction an attempt to explain what is observed.
Safety Researcher may only know roughly in Researcher knows clearly in advance
Reviews advance what he/she is looking for. what he/she is looking for.
Recommended during earlier phases

Procedure of research projects. Recommended during latter phases of
research projects.
Application The design emerges as the study
unfolds. All aspects of the study are carefully
Petrochemical designed before data is collected.
Plant Researcher is the data gathering
instrument. Researcher uses tools, such as
questionnaires or equipment to collect
numerical data.
Data is in the form of words, pictures
or objects. Data is in the form of numbers and
statistics.
Hazard Evaluation
 The Hazard Evaluation (HE) techniques can be
used to identify different types of hazards within
Introduction the system components and to propose possible
Safety
solutions to eliminate the hazards. These
Reviews procedures are extremely useful in identifying
Procedure system modes and failures that can contribute to
Application the occurrence of accidents; they should be an
Petrochemical integral part of different phases of process
Plant
development from conceptual design to
Summary installation, operation and maintenance.
 The HE techniques vary in sophistication and
scope, and no single one will always be the best.
Hazard Evaluation
 Qualitative methods (finds scenario)
 These methods help a multi-disciplinary team
Introduction
(1) identify potential accident scenarios and (2)
Safety evaluate the scenario in sufficient detail to
Reviews
make a reasonable judgment of risk.
Procedure
 If the team is not satisfied on the risk
Application
assessment, a scenario identified in a
Petrochemical
Plant qualitative hazard review may be further
Summary analyzed using one or more of the quantitative
techniques.
Hazard Evaluation
 Quantitative methods (can help to decide, how
best to lower risk for selected scenario)
Introduction
 These do not identify possible accident
Safety scenarios, but they instead aid in risk judgment
Reviews
by providing more detailed, statistical
Procedure
evaluations of the risk of a specific scenario.
Application
Petrochemical
Plant
Summary
Hazard Evaluation
 Different techniques are used at different stages in

the development, design, construction, operation
Introduction and decommissioning of a process.
Safety
Reviews
 It goes without saying that the outcome of a hazard
evaluation depends on the experience, knowledge
Procedure
and intelligence of the team conducting it.
Application
 The procedures, of themselves, only provide a
Petrochemical
Plant logical framework that may be used to uncover
hidden system failure modes and indicate how they
can be rectified.
Hazard Evaluation
 The team must have a clear understanding of a

system being considered, including its intended
Introduction function, interactions with personnel, other
Safety components and the environment, sources of
Reviews
energy, and materials used and produced.
Procedure
 Information regarding operating conditions,
Application
materials used, processed (toxic, flammable,
Petrochemical
Plant explosive) moving parts, electrical aspects should
be know to the team.
 Preparation, modelling, evaluation and
documentation.
Typical Uses for HE Techniques
Relative Ranking
Safety Review
Checklist
HAZOP
What-If
FMEA
CCA
HRA
PHA
ETA
FTA
Introduction
R&D
Safety
Reviews Conceptual Design
Procedure Pilot Plant Operation
Application Detailed Engineering
PetrochemicalConstruction/Start-up
Plant
Routine Operation
Expansion or Modification
Incident Investigation
Decommissioning
Add-on Safety
Knowledge of process
Introduction
Opportunities for installing
Safety add-on safety features
Reviews
inherently safer features
Procedure
Constrution
Detailed eng.
Operation
Conceptual
Start up
Flowsheet
Research
P ID
Application
Petrochemical As a process goes through the phases of lifecycle, such as

Plant research and development, design, construction, operation,
modification, and finally decommissioning, inherent and added
on safety have a varying emphasis.
The process development and conceptual design phases give
the best opportunities of implementing inherent safety.
Add-on Safety
Knowledge of process
Introduction
Safety add-on safety features
Reviews
inherently safer features
Procedure
Constrution
Detailed eng.
Operation
Conceptual
Start up
Flowsheet
Research
P ID
Application
Petrochemical
Plant
The possibility of implementing inherent safety
decreases as the design proceeds. Thus the inherent
safety characteristics should be evaluated as early as
possible to gain benefit.
Material Property Data Required for
Hazard Identification
Acute /Chronic toxicity Physical properties
• Inhalation • Vapour pressure
• Oral • Density/ Specific volume
• Dermal • Corrosivity / erosivity
• Heat capacity
Introduction Carcinogenicity
• Specific heat
Mutagenicity
Reactivity
Safety Teratogenicity • Process materials
Reviews Exposure limits • Desired /side/decomposed reactions
• TLV • Kinetics
• PEL • Materials of construction
Procedure
• STEL • Raw material impurity/contaminants
• IDLH • Decomposition products
Application • ERPG • Incompatible chemicals
Biodegradability Stability
• Shock
Petrochemical Aquatic toxicity • Temperature
Plant Persistence in the environment • Light
• Polymerisation
Odour threshold
Flammability/ Explosivity
Physical properties
• LEL/ LEF
• Freezing point
• UEL /UFL
• Coefficients of expansion • Dust explosion parameters
• Boiling point • Minimum ignition energy
• Solubility • Flash point Boiling point
• Solubility
SAFETY REVIEWS
 A Safety Review typically involves an inspection

often performed by a team, that is meant to identify
Introduction
and evaluate plant hazards.
Safety
Reviews  The Review is usually a cooperative effort between
Procedure
plant personnel and the inspection team, and the
results usually address major risk situation rather
Application
than routine housekeeping and morale problems.
Petrochemical
Plant
SAFETY REVIEWS
 The Safety Review is usually initiated with a

preparatory phase in which a detailed description
Introduction
of the plant and operating procedures is
Safety
Reviews
assembled, together with information regarding
materials processed and stored, as well as
Procedure
available records regarding accidents and injuries
Application
that have occurred.
Petrochemical
Plant  This may be followed by discussions with plant
engineers and operators to clarify problems and fill
in missing information.
SAFETY REVIEWS
 Procedure for periodic testing safety-related

equipment, and ensuring proper maintenance,
Introduction
should receive particular attention, as should
Safety
Reviews
emergency response plan.
Procedure
 The second phase is to identity deficiencies and
problem areas, and to develop recommendations
Application
for remedial action.
Petrochemical
Plant  The final phase consisting of documenting the
results and following up with reviews to ensure that
the problems have been dealt with.
Application to a Petrochemical Plant
 A petrochemical plant has been operating for 30
years and from a financial viewpoint it is desirable
that operation continues for another 15 years.
Introduction
 A Safety Review is initiated by management to
Safety
Reviews determine whether plant safety considerations
would allow this.
Procedure
 The Safety Review team assembles all the
Application available information regarding the original plant,
Petrochemical modifications in the last 30 years and plant
Plant inspections, interviews with personnel and review
of specific safety equipment design, maintenance
and inspection procedures.
 Three major deficiencies are identified.
Three major deficiencies were identified by Safety
Review team:
Introduction
1. Though the plant has been modified
Safety substantially to increase capacity and allow
Reviews
more flexibility in operation, the emergency relief
Application
systems, and systems to treat the relieved fluids
have not been re-evaluated.
 The Safety Review therefore recommends
that all emergency relief and treatment
systems be re-evaluated and modifications
made as required.
2. The control systems and interlocks date back to

Introduction the origins of the plant and do not meet current
Safety standards.
Reviews
 The Review therefore recommends that
Application
modern control and interlock systems be
designed and installed.
3. Equipment layout and spacing do not meet currently
accepted industry standards. While some of the
Introduction problems relate to the propagation of plant fires can
Safety
be addressed by installing heat-activated sprinkler
Reviews systems, the most serious arise from the location of
the control room- it is too exposed to fire and
Application
explosion.
 The Review therefore recommends some
modifications to feedstock storage systems,
additional sprinkler systems in certain locations,
and construction of a new control room at an
appropriate distance from hazardous areas.
Having said this the Review finds the plant in good

Introduction
condition from the viewpoint of maintenance,
Safety corrosion, and general wear and tear. It is concluded
Reviews
that the plant could be operated for another 15 years
Application if the deficiency noted were corrected.
PROCESS / SYSTEM CHECKLISTS
 Checklists are generally used to indicate
compliance with standard procedures and identify
Introduction common hazards.
Safety  They are easy to use and can be applied at
Reviews
various stages of a project including
Application
commissioning and operation.
Checklist
 It is a systematic means of communicating what is
required and controlling the development of a
project from initial design to plant shutdown.
 The checklist are usually prepared from prior
experience using standard procedures, manuals
and a knowledge of the system plant.
Process/System Checklists
 Design
 Construction
Introduction
Safety Reviews
 Startups
 Operation
Application
 Shutdown
Checklist
- Design
- Construction
- Startups
- Operation
- Shutdown
RELATIVE RANKING TECHNIQUES
 Methods that may be used to quickly estimate
risks in process plants can be useful in identifying
Safety process areas, conditions, and materials, that
Reviews
contribute most to the overall hazards of a facility.
Relative
ranking
technique Alternative can be rapidly explored and the impact
of remedial actions evaluated.
RELATIVE RANKING TECHNIQUES
 Because process areas can be ranked in terms of
the hazards they present, methods which allow
Safety this to be done without a detailed risk analysis are
Reviews
called Relative Ranking Techniques.
Relative
ranking
technique 1. Dow Fire and Explosion Index
2. Mond Index
3. Substance Hazard Index
4. Material Hazard Index
5. Chemical Exposure Index
6. Threshold Planning Index
Relative Ranking Techniques
 Dow Fire and Explosion Index
Considers factors involving material properties,
Safety
process conditions, operating characteristics,
Reviews
safety and fire protection systems and other
Relative
ranking aspects, in arriving at an index, for each process
technique
unit, that characterizes the fire and explosion risk,
 Mond Index
An extension of the DOW F&EI to enable a wider
range of processes and properties, as well as
aspects of toxicity to be covered.
 Substance Hazard Index
This index addresses the risks associated with
toxic vapour releases.
Relative Ranking Techniques
 Material Hazard Index
An index based on material vapour pressure and a
Safety
level of concern related to toxicity, flammability,
Reviews
explosivity etc., used to determine threshold
Relative
ranking quantities of materials above which a risk
technique
management program is required.
 Chemical Exposure Index
An index, developed by Dow Chemicals, that
defines the risk of material releases, based on
toxicity, volatility, molecular weight, various
process parameters and distance to area of
concern.
Dow Fire and Explosion Index (FEI)
 FEI is a leading hazard index methodology
recognized by the chemical industry.
Safety
Reviews  The Dow FEI is a ranking system that gives a
Relative
ranking
relative index to the risk of individual process units
technique
due to potential fires and explosions.
Fire and
Explosion
Index
 It serves as a guide for the selection of fire and
explosion protection methods.
Dow Fire and Explosion Index (FEI)
 It assists in determining the spacing between
adjacent unit process.
Safety
Reviews  It is a guide for insurance agencies to set insurance
Relative
ranking
rates.
technique
Fire and  It ranks individual process units where special safety

Explosion
Index
attention can be focused.
What Does the FEI Consider?
1. Six general process hazards.

2. Twelve special process hazards.
Safety
Reviews
3. Nine process control credit factors.
Relative
ranking
technique 4. Four material isolation credit factors.
Fire and
Explosion 5. Nine fire protection credit factors.
Index
1. General process hazards
 Exothermic reactions.
 Endothermic processes.
Safety
Reviews
 Material handling and transfer.
Relative
ranking
 Enclosed or indoor process units.
technique
Fire and
 Access.
Explosion
Index
 Drainage and spill control.
2. Special process hazards
 Toxic materials.
 Sub-atmospheric pressure (<500 mmHg).
Safety
 Operating in or near flammable range.
Reviews
 Dust explosion.
Relative
ranking
technique
 Pressure.
Fire and
Explosion
 Low temperature.
Index
 Quantity of flammable/unstable material.
 Liquids or gases in process.
 Liquids or gases in storage.
 Combustible solids in storage.

2. Special process hazards
 Corrosion and erosion.
 Leakage – joints and packing.
 Use of fired equipment.
Safety
Reviews
 Hot oil heat exchanger system.
Relative
ranking
technique
 Rotating equipment.
Fire and
Explosion
Index
3. Process Control Credit Factors
 Emergency power.
 Cooling.
Safety
Reviews  Explosion control.
Relative
ranking  Emergency shutdown.
technique
Fire and  Computer control.

Explosion
Index
 Inert gas.
 Operating instruction procedures.
 Reactive chemical review.
 Process hazard analysis.
4. Material Isolation Credit Factors
 Remote control valves.
 Dump or blow down control.
Safety
Reviews
 Drainage.
Relative
ranking
 Interlocks.
technique
Fire and
Explosion
Index
5. Fire Protection Credit Factors
 Leak detection.
 Structural steel .
Safety
Reviews
 Fire water supply.
Relative
ranking
 Special systems.
technique
Fire and
 Sprinkler systems.
Explosion
Index
 Water curtains.
 Foam.
 Hand extinguishers.
 Cable protection.
What-If Analysis
 What-If analysis identifies: hazards, possible
accidents, qualitatively evaluates the
Safety consequences and determines the adequacy of
Reviews
safety levels.
Relative
ranking
technique
 Systematic, but loosely structured, assessment:
Fire and
Explosion
Index  team of experts brainstorming
What-If
Analysis  generate a comprehensive review
 typically performed by one or more teams with
diverse backgrounds and experience
 Applicable to any activity or system
What-If Analysis
 generates qualitative descriptions of potential
problems
Safety  in the form of questions and responses
Reviews
Relative  lists of recommendations for preventing

ranking
technique
problems
Fire and
Explosion
Index
What-If
Analysis
What-If Analysis
Example of What-If analysis: Line/Vessel of hydrogen fluoride
supply system
What If Consequences Safety Level Scenario Comments
Safety
Reviews
Possible rupture
Relative
ranking of HF cylinder with Add pressure
technique …the pressure
personnel alarm on
relief valve None 1
Fire and exposure to HF operator
Explosion
fails ?
and blast effect, console
Index
possible fatalities.
What-If
Analysis
Review training
…the operator records to make
HF release with
does not valve sure all staff
personnel
off the empty None 2 have been
exposure,
cylinder before trained in
possible fatalities.
removing it? current
procedures.
Summary
 Hazard Evaluation Techniques
 Quantitative
 Qualitative
 Safety Review
 Process / System Checklists
 Dow Fire and Explosion Index
 What-If Analysis.
Lecture 11

Nuclear Industries
Hazard Identification & Risk Assessment
Dr. Raghuram Chetty

Chennai- 600 036.
Introduction
 For any industry to be successful, it has become
essential to identify the Hazards, to assess the
associated Risks and to bring the risks to tolerable
level.
 Occupational Safety and Health Legislation usually

requires that a risk assessment be carried out prior to
making an intervention. The risk management requires
risk to be managed to a level which is as low as
reasonably achievable (ALARA).
Introduction
 A risk assessment is simply a careful examination of

what, in your work, could cause harm to people, so that
you can weigh up whether you have taken enough
precautions or should do more to prevent harm.
 Workers and others have a right to be protected from

harm caused by a failure to take reasonable control
measures.
The Process of Risk Management
The following five step are taken:
1. Identify types of Hazard in the work area

2. Decide who might be harmed and how
3. Evaluate the risk (Risk Assessment)
4. Implementing Risk Controls
5. Review risk controls and update if necessary.
Hazard Identification, Risk Assessment and Control(HIRAC)

Risk and Hazard
 A hazard is any source of potential
damage, harm or adverse health
effects on something or someone
under certain conditions at work.
Hazard can cause harm or
adverse effects (to individuals as
health effects or to organizations
as property or equipment losses).
 Risk is the chance or probability
that a person will be harmed or
experience an adverse health
effect if exposed to a hazard. It
may also apply to situations with
property or equipment loss. Risk = Hazard x Exposure
Risk and Hazard
 Danger: Relative exposure to

hazard
 Accident: An undesirable or
unfortunate happening that
occurs unintentionally and
usually results in harm, injury,
damage, or loss, casualty,
mishap.

Definitions
 Risk Tolerance: The acceptable of level of risk selected
for all hazards.
 Mitigation: An action taken or a feature adopted to reduce
the risk for a hazard. For example, safety devices,
guarding, warning devices, procedures, and training.
 Hazard Identification: A process of identifying and
analyzing sources of danger.
 Risk Analysis: A process of evaluating the severity of
consequences and frequency of exposure to hazards, and
evaluating of risk tolerance and mitigation.
 Risk Management: Activities related to monitoring and
evaluating hazards to maintain a given level of risk.
Work Place Hazard
Chemical hazards Physical hazards

Acids/Bases/Heavy metals Electricity
Radiation
Solvents /Fumes
Noise
Particulates
Vibration
Fire and explosion
Lighting
Thermodynamic
Hazard
Over pressure
Under pressure
Over temperature
Under temperature
Biological hazards
Psychosocial issues Bacteria
Virus
Work-related stress
Fungi
Violence/ Bullying/
Blood-borne pathogens
Harassment
Ergonomic design
Hazard Identification
 To keep workplace safe and healthy.
 Employers should make sure there are no hazards to

which employees could be exposed.
 Employers should look for hazards in advance as part of

their risk management plan to prevent potential
accidents.
Spot the Hazard
 Exit blocked
 Fire extinguisher not on
wall and a tripping
hazard
 Wet mop/ wet floor
 Fire alarm blocked
 Compost stored indoors
 Water hose draped over
electrical panel
 Light switch blocked
Steam Reforming Plant for Ammonia Synthesis
In a chemical industry
e.g. Ammonia Synthesis
 Methane is reacted with steam over
nickel oxide catalyst (steam
reforming)
CH4 + H2O → CO + 3 H2
 Water gas shift reaction yields more

hydrogen from CO and steam.
CO + H2O → CO2 + H2
 Gas mixture is now passed into a

methanator, which converts most of
the remaining CO into methane for
recycling:
CO + 3 H2 → CH4 + H2O
In a chemical industry
e.g. Ammonia Synthesis
 Ammonia is synthesized using hydrogen
and nitrogen (from air) on iron oxide
catalyst
N2(g) + 3 H2(g) → 2 NH3(g) (ΔH = -92.4 kJ·mol−1)
 This is done at 15–25 MPa (150–250

bar) and between 300 and 550 °C,
passing the gases over four beds of
catalyst, with cooling between each pass
to maintain a reasonable equilibrium
constant. On each pass only about 15%
conversion occurs, but any unreacted
gases are recycled, so that eventually an
overall conversion of 98% can be
achieved.
Hazards in Ammonia Plant
 The manufacture of anhydrous liquid ammonia involves

processing of hydrocarbons under high temperature, high
pressure conditions in the presence of various catalysts,
chemicals, etc.
Typical risks are as follows
 Fire /Explosion
 Glands/seal leaks in valves, pumps, compressors
handling hydrogen, natural gas, naphtha, synthesis gas
etc.
 Hose/pipe failure, leakage from flanged joints carrying
combustible gases, vapors, liquids.
 High/Low Temperature Exposure

 Burns due to contact with hot surfaces of pipelines,
equipments or leaking steam lines, process fluids at
high temperature.
 Frost bite due to contact with anhydrous liquid ammonia
at -33oC.
 Burns due to contact with pyrophoric catalyst.
 Toxic Chemicals Exposure

 Asphyxia due to inhalation of simple asphyxiants like
CO2, N2, H2, CH4, etc. and chemical asphyxiants like
CO, NH3, Nickel carbonyl, V2O5, Hydrazine, NOx, SOx,
H2S etc.
 Acute toxicity due to inhalation of catalyst dusts
containing heavy metals like Ni, Cr, CO, Mo, Fe, Zn,
Alumina etc. and silica gel molecular sieves, insulation
fibers/dusts.
Research on ammonia production shows the following:

 The raw materials, intermediates, and final products are
chemically stable substances and are not subject to
spontaneous exothermic changes in composition even at
very high temperatures and pressures.
 Neutral (noncombustible) gases such as nitrogen, carbon

dioxide, and air are mainly at high pressures in large
volumes.
 An explosion in equipment containing these gases involves
the formation and dispersal of fragments. However, in world
practice of operating ammonia plants, there have been no
cases where the pressure in the equipment has risen above
the yield point of the steel from which it is made.
 There are two groups of equipment in making ammonia (see
next slide)
 Failure of or damage to the equipment leads to unplanned
shutdown by the automatic systems (Group 1), and
 Equipment failure leads to some form of accident (Group
2).
Group 1 Equipment Group 2 Equipment
 Natural gas heater
 Natural gas compressor
 Natural gas compressor
 Shaft reactor
 Primary reforming unit
 Nitrogen hydrogen mixture
 High-temperature convector
compressor
 Low-temperature convector
 Synthesis column
 CO2 absorber
 Tube oven
 Methanator
 Synthesis gas separator
 Nitrogen-hydrogen mixture Group 1 includes equipment
compressor
from group 2 because the
 Synthesis column
probability of a potential
 Ammonia refrigerator accident with such equipment is
 Liquid ammonia collector envisaged only when the
 Ammonia compressor automatic shutdown equipment
fails.
Sulfuric Acid Plant Image courtesy: Google Images
Sulfuric acid is produced from sulfur, oxygen and water via the conventional
contact process or the wet sulfuric acid process.
The main steps in contact process consist of burning sulfur (S) in air to form
sulfur dioxide (SO2), converting SO2 to sulfur trioxide (SO3) using oxygen
(O2) from air, and absorbing SO3 in water (H2O) or a diluted solution of
sulfuric acid (H2SO4) to form a concentrated solution of acid (>96%).
Hazard in Sulfuric acid plant
 Flammability
 Sulphur is a flammable substance and its vapours and
dust may be explosive.
 Ignition temperatures for molten pure sulphur in still air
vary from 230-260°C. The minimum reported value for
the flash point of dark crude sulphur is 168°C.
 Sulphur dust suspended in air is readily ignited by flame,
static electricity or friction spark. The dust is
characterized by a very low ignition point of 190°C
compared to other combustible dusts. Dust containing
25% or more elemental sulphur may be almost
explosive as pure sulphur.
 Burn Hazard
 Molten sulphur is typically maintained at a temperature of
140°C so improper handling of molten sulphur may result
in burns to personnel. First degree burns can result from
splashes of liquid sulphur on skin or clothing.
 High temperature hazard. Exothermic reaction: 400-
450°C, High pressure: 1.2 – 2 atm.
 Toxic
 When solid sulphur is melted, a small amount of hydrogen
sulphide gas (H2S). may be released. H2S is a toxic, as
well as flammable gas.
 Sulfuric acid is very toxic. It may be fatal if inhaled or
swallowed and it is corrosive to the eyes, skin and
respiratory tract.
 Catalyst: vanadium pentoxide.
Decide who might be harmed and how
 For each hazard you need to be clear about who might be

harmed; it will help you identify the best way of managing
the risk. That doesn’t mean listing everyone by name, but
rather identifying groups of people (e.g. people working
with in compressor or heater or in the storeroom).
 In each case, identify how they might be harmed, i.e. what
type of injury or ill health might occur.
 some workers have particular requirements, e.g. new
and young workers, and people with disabilities may be
at particular risk. Extra thought will be needed for some
hazards.
Decide who might be harmed and how
 Cleaners, visitors, contractors, maintenance workers
etc, who may not be in the workplace all the time.
 Members of the public, if they could be hurt by your
activities.
 If the workplace is shared, you will need to think about
how your work affects others present, as well as how
their work affects your staff.
 Ask your staff if they can think of anyone you may
have missed.
Evaluating the risk (Risk assessment)
 Having spotted the hazards, you then have to decide
what to do about them. The law requires you to do
everything ‘reasonably practicable’ to protect people
from harm.
 Think about what controls you have in place and how the
work is organised. Then compare this with the good
practice and see if there’s more you should be doing to
bring yourself up to standard.
Evaluating the risk (Risk assessment)
 Consider
 Can I get rid of the hazard altogether?
 If not, how can I control the risks so that harm is unlikely?
 When controlling risks, apply the principles below:
 try a less risky option (e.g. switch to using a less hazardous
chemical)
 prevent access to the hazard (e.g. by guarding)
 organise work to reduce exposure to the hazard
 issue personal protective equipment (e.g. clothing, footwear,
goggles etc.)
 provide welfare facilities (e.g. first aid and washing facilities
for removal of contamination).
Who should identify the hazards?
The Team….
…or the
Individual?
 The Individual
 Positive Aspects
 Likely to produce quicker results
 Less likely to be swayed by ‘peer pressure’
 Negative Aspects
 Vast technical competence required
 Implementing Manager required to take ‘leap of faith’ in
individual
 Unlikely to be as comprehensive as team approach
therefore questionable sufficiency
 Output suffers from ‘Not invented here’ attitudes
 Personal perception may influence judgement
 The Team Approach
 Positive Aspects
 Knowledge required to assess is likely to be available
across the variety of positions

 Judgments and decisions can be made to satisfy a
variety of organizational interests

 Promotes consultation with employees
 More likely to reflect actual working practices
 Negative Aspects
 Committee approach can be too slow to react to
changes
 Resource hungry in terms of total hours
 Each situation is unique
 Each will require a different approach
 Each is dependent upon process complexity
Obvious low hazard Obvious high hazard or

or simple process complicated process
Increasing Expertise Required
Individual Expert Team

How are risks expressed?
 Risk to the public are measured by direct observation or
by applying mathematical models.
 Risks are usually expressed as a probability of effects
associated with a particular activity. Risk/probability is
expressed as a fraction, without units, from 0 to 1.0.
 A probability of 1.0 indicates an absolute certainty that an
event or outcome will occur. Scientific notation is generally
used to present quantitative risk information
How are risks expressed?
Actual Scientific
Read As
Number Notation
1/10 1x10-1 1E-01 One in ten
1/100 1x10-2 1E-02 One in a hundred
1/1,000 1x10-3 1E-03 One in a thousand
1/10,000 1x10-4 1E-04 One in ten thousand
One in a hundred
1/100,000 1x10-5 1E-05
thousand
1/1,000,000 1x10-6 1E-06 One in a million
1/10,000,000 1x10-7 1E-07 One in ten million
Risk Assessment
Simple, subjective, low resolution,
 Types high uncertainty, low cost.
 Qualitative
 Semi-quantitative Detailed, objective, high resolution,

low uncertainty, increasing cost.
 Quantitative
 Likelihood (based on
 Severity statistic)
 Frequent
 Fatality
 Probable
 Major injuries
 Occasional
 Minor injuries
 Remote
 Near misses
 Improbable
Likelihood Scale Definitions
 Frequent Likely to occur often.
 Probable Will occur several times.
 Occasional Likely to occur some time.
 Remote Unlikely to occur, but possible.
 Improbable So unlikely, it can be assumed it will not

occur.
Likelihood Scale Definitions
 Hazards can be allocated a qualitative risk ranking in
terms of estimated likelihood and consequence and then
displayed on a risk matrix.
 Conducted in consultation with the people performing

the activity or sharing the work area.
 Use a simple matrix to record the results.

Risk Assessment - Risk Matrix
A “Likelihood” is an expression of the chance of something
happening in the future.
Severity
Likelihood
Near Minor Major Fatality
misses Injuries Injuries
Frequent Medium Serious High High

Probable Medium Serious High High
Occasional Low Medium Serious High
Remote Low Medium Medium Serious
Improbable Low Medium Medium Medium

 Results can be easily presented in tabular format within a risk
matrix.
 Such processes can illustrate major risk contributors, aid the risk
assessment and demonstration of adequacy.
Advantages
If used well, a risk matrix will

 Identify event outcomes that should be prioritised or grouped for
further investigation
 Provides a good graphical portrayal of risks across a facility
 Help to identify areas for risk reduction
 Provide a quick and relatively inexpensive risk analysis
 Enable more detailed analysis to be focused on high risk areas.
Disadvantages
 Does not provide an accurate reduction ranking.
 Collective issues and evaluations are difficult to show in
a transparent manner.
Example for minor/major frequent injuries
 A wide variety of mechanical motions and actions may
present hazards to the worker.
 These can include the movement of rotating members,
moving belts, meshing gears, cutting teeth, and any parts
that impact or shear.
Machine Safeguarding
Image courtesy:
Google Images
Accident Ratio Pyramid
1
FATAL
30
LOST-TIME
If we can find ways to
INJURIES
reduce the number of
300 incidents at the bottom
INJURIES REQUIRING MEDICAL
ATTENTION of the pyramid, the
3,000
number of accidents
NEAR-MISSES OR FIRST AID will be reduced.
30,000
HAZARDS
Unsafe Acts
Unsafe Conditions
Implementing Risk Controls
 Writing down the results and the risk assessment should be

able to show:
 a proper check was made
 who might be affected
 dealt with all the significant hazards, taking into account
the number of people who could be involved
 the precautions are reasonable, and the remaining risk
is low.
 Make a plan of action to deal with the most important things

first.
Implementing Risk Controls
 A good plan of action often includes a mixture of different
things such as:
 a few cheap or easy improvements that can be done
quickly, perhaps as a temporary solution until more
reliable controls are in place
 long-term solutions to those risks most likely to cause
accidents or ill health
 arrangements for training employees on the main risks
that remain and how they are to be controlled
 regular checks to make sure that the control measures
stay in place; and clear responsibilities – who will lead on
what action, and by when.
Action and Recommendation
 Eliminate
 stop work, cover hazard…
 Substitute
 use other route, other material..
 Isolation
 put up temporary barrier,…
 Engineering Control
 construct permanent wall,..
 Administration Control
 put up notice, job rotation,…
 Personal Protection Equipment
 gloves, respirator,……
Review and update
 Few workplaces stay the same. In many places, sooner or
later, new equipments may be brought in, substances and
procedures could lead to new hazards. It makes sense,
therefore, to review what you are doing on an ongoing
basis.
 Every year or so formally review to make sure you are still
improving, or at least not sliding back.
 Look at your risk assessment again. Have there been any
changes? Are there improvements you still need to make?
Have your workers spotted a problem?
Review and update
 Have you learnt anything from accidents or near

misses? Make sure your risk assessment stays up to
date.
 When running a business it’s all too easy to forget

about reviewing risk assessment – until something has
gone wrong and it’s too late. So it is wise to set a
review date for this risk assessment.
Five Steps to Risk Assessment
Hazard Identification Tools
 There will always be a need to identify hazards with
complex situations and scenarios. Many tools have
been developed to assist, the simple ones we have
already looked at. The complex ones are:
 Hazard and Operability studies (HAZOP)
 Failure Modes Effects Criticality Analysis (FMECA)
 Fault Tree Analysis (FTA)
 Event Tree Analysis (ETA)
 Cause-Consequence Analysis (CCA)
 Human Reliability Analysis (HRA)
Lecture 13

Nuclear Industries
Hazard and Operability Studies (HAZOP)
Dr. Raghuram Chetty

Chennai- 600 036.
Hazard and Operability Studies
 Originated as a hazard identification technique for process
plants
 commonly applied in petrochemical, nuclear and food

processing industries
 Described as a system of imaginative anticipation of

hazards
Hazard and Operability Studies
 HAZOP
 always a team activity
 concentrates on deviations in flows between

components
 uses well-defined guide words to steer analysis
 considers both plausible causes and possible

consequences of deviations.
Hazard Evaluation Techniques
1960 - 2001 1960 - 2001 1965 - 2001 1970 - 2001 1972 - 1974 1974 - 2001
Safety Check Lists Relative PHA What if HAZOP
Review Ranking
Walk Historical ICI Mond Preliminary Brainstorming Hazards

Through Lists Index Hazard Operability
Inspection Analysis Analysis
Yes / No Dow FEI
Hazardous Mtls Line by Line
Hazardous Opns Deviation
Analysis
This presentation only considers the HAZOP technique.
HAZOP is a technique which provides opportunities for people to let their

imaginations go free and think of all possible ways in which hazards or
operating problems might arise, but to reduce the chance that something is
missed it is done in a systematic way.
HAZOP – technical approach
 Before HAZOP study is started, detailed information on the
process must be available. This includes process flow diagrams
(PFD), piping and instrumentation diagrams (P&IDs), detailed
equipment specification, materials of construction, mass and
energy balances
 Scope of study explicitly extends to cover unusual circumstances

such as startup, shutdown and plant maintenance
 Scope of study does not include making detailed design changes,

although recommendations and follow-up questions should be
produced
 HAZOP results are recorded in a tabular format
 HAZOP procedures are adopted fully or partly by many

companies around the world.
HAZOP
 Identifying potential hazards and operability problems
caused by deviations from the design intent of both new
and existing process plants
 HAZOP studies are carried out by an experienced,
multidisciplinary team.
 Review all physical aspects of a process (lines,
equipment, instrumentation) to discover potential hazards.
 HAZOP will identify hazards: do not give insight into the
probability that they will occur or cause harm.
HAZOP Team Members
 Leader  User(s)
 planning and preparation  may be site representative, operator,
maintenance crew
 act as chairman for meeting
 supply information about the context
 ensure follow-up work is in which the system will be used,
completed e.g. site facilities
 Recorder  ask questions, and help decide
which issues affect safety
 document the analysis
 Expert(s)
 Designer(s), process / project
engineers  key function is to explore
suggest deviations / causes /
 understand and explain the
effects
plant design
 need good knowledge of process
 answer questions about the chemistry, or experience of similar
plant and process plant
 technical specialist
HAZOP - Procedure
A HAZOP Guideword is combined with a Process
Parameter to Identify
 Deviation from intended design / operation
 Causes of those deviation
 Consequences of those deviations
 Safeguard to prevent causes and mitigate
 Actions ( recommendations ) for design or operation

changes to avoid deviation
HAZOP – Procedure in Detail
 Begin with a detailed flow sheet. Break the flow sheet into a
number of process units. e.g. reactor area might be one,
storage tank another. Select a unit for study
 Choose a study node (vessel, line, operating instruction)
 Describe the design intent of the study node. e.g. vessel V-
1 is designed to store benzene feedstock and provide to
the reactor on demand
HAZOP – Procedure in Detail
 Pick a process parameter: flow, level, temperature, etc.
 Apply a guide word to the process parameter to suggest
possible deviation
 If the deviation is applicable, determine possible cause and
note any protective systems
 Evaluation of consequences of the deviation (if any)
 Recommend action (what? by whom? by when?)
 Record all information.
Common HAZOP Analysis Terminology
Term Definition
Sections of equipment with definite boundaries (e.g.,

Process a line between two vessels) within which process
Sections (or parameters are investigated for deviations. The
Study locations on P&IDs at which the process parameters
Nodes) are investigated for deviations (e.g., reactor)
Definition of how the plant is expected to operate in

the absence of deviations. Takes a number of forms
Intention and can be either descriptive or diagrammatic (e.g.,
process description, flow-sheets, line diagrams,
P&IDs)
Simple words that are used to qualify or quantify

Guide Words the design intention and to guide and simulate the
brainstorming process for identifying process
hazards
Physical or chemical property associated with the

Process process. Includes general items such as reaction,
Parameter mixing, concentration, pH, and specific items such
as temperature, pressure, phase, and flow
Departures from the design intention that are discovered

by systematically applying the guidewords to process
parameters (flow, pressure, etc.) resulting in a list for the
Deviations
team to review (no flow, high pressure, etc.) for each
process section. Teams often supplement their list of
deviations with ad hoc items
Reasons why deviations might occur. Once a deviation

has been shown to have a credible cause, it can be
treated as a meaningful deviation. These causes can be
Causes
hardware failures, unanticipated process states (e.g.,
change of composition), external disruptions (e.g., loss
of power), etc.
HAZOP - Procedure
Start Finish
YES
Select a component NO All components analysed?
YES
NO
Select a flow All flows analysed?
YES
Suggest a deviation NO
All guide words considered?
using a guide word
Record as non-hazardous Record as hazard. Make

Investigate and
deviation, with a recommendations for
document causes
justification action if necessary
Investigate and
Does deviation have plausible
document effects
NO causes and hazardous effects? YES
HAZOP Guidewords
No or Not No part of the intention is achieved
e.g. No flow to the reactor
More Quantitative increase in the intent
e.g. More flow to the reactor
Less Quantitative decrease in the intent
e.g. Less flow to the reactor
As well as All intentions achieved, but with additional
effects e.g. Impurities in flow (air, water)
Part of Only some of the intention is achieved
e.g. Part of the reactants to the reactor
Reverse Exact opposite of the intention
e.g. Reverse flow into the reactor
Other than Complete substitution
e.g. Another material besides reactants
in the reactor
Common HAZOP Parameters
Flow Frequency
Pressure Viscosity
Temperature Voltage
Level Information
Time Mixing
Composition Addition
pH Separation
Speed Reaction
Guide word and process parameter combination
Process No, More Less As Part Reverse Other

parameter None well of than
as
Flow x x x x x x x
Temperature x x
Pressure x x x
Concentration x x x x x x
pH x x
Viscosity x x
x represent valid combination

HAZOP Example – a P&ID
Valve (normally closed during
Manually operated valve Pump
operation of the plant)
Valve (normally open during Automation (level

operation of the plant)
Non-return valve LC controller)
LC
Hydrocarbon PG
from storage
Drain PG
Settling tank
Transfer pumps To reactor

Drain (one working, one spare) Drain
HAZOP Example – output
Guide Deviation Possible Causes Consequences Action Required
Word
No hydrocarbon available Loss of feed to reactor. 1) Ensure good
from storage communication with storage
NO No flow area
2) Install low level alarm on
settling tank
Transfer pump fails (motor
fault, loss of power, impeller As above Covered by 2)
corroded etc.)
Level control valve (LCV) 3) Install high level alarm

fails to open, or LCV Settling tank overfills 4) Check size of overflow
5) Establish locking-off
MORE More flow bypassed in error
procedure for LCV bypass
when not in use
Isolation valve or LCV Line subjected to full 6) Install kickback on pumps

More
closed when pump running pump pressure
pressure
High intermediate storage Higher pressure in 7) Install warning of high
More temperature transfer line and settling temperature at intermediate
temperature storage
tank
HAZOP Example – Reactor
An exothermic reaction controlled by cooling water

HAZOP study is performed on this unit to improve the safety of the
process. Using study nodes as the cooling coil (process parameter: flow
and temperature) and the stirrer (Process parameter: agitation)
Item Study node Process Deviati- Possible causes Possible Action required
paramet- ons consequences
ers (guide
words)
1. 1A 1. Cooling 1. Flow 1. No 1. Control valve fails 1. Loss of cooling, 1. Select valve to fail open
coils closed possible 2. Install filter with
2. Plugged cooling coils runaway maintenance procedure
3. Cooling water 2. –do- Install cooling water
service failure 3. –do- flow meter and low flow
4. Controller fails and 4. –do- alarm. Install high
closes valve 5. –do- temperature alarm to
5. Air pressure fails, alert operator
closing valve 3. Check and monitor
reliability of water
service
4. Place controller on
critical instrumentation
list
5. See 1A.1
1. 1B 1. High 1. Control valve fails 1. Reactor cools, 1. Instruct operators and

open reactant conc. update procedures
2. Controller fails and builds, possible 2. See 1A-4
opens valve runaway on
heating
2. – do -
1. 1C 1. Low 1. Partially 1. Diminished 1. See 1A.2
plugged cooling, possible 2. See 1A.2
cooling line runaway 3. Place valve on critical
2. Partial water 2. –do- instrumentation list
source failure 3. –do-
3. Control valve
fails to
respond
1D As well 1. Contamination of water 1. Not possible here 1. None
as supply
1E Part of 1. Covered under 1C
1F Reverse 1. Failure on water source 1. Loss of cooling, 1. See1A.2
resulting in backflow possible runaway 2. Install check calve
2. Backflow due to high 2. –do-
backpressure
1G Other 1. Not considered possible
than,
1K Tempera Low 1 Low water supply 1. None; controller 1. None
ture temperature handles
1L High 1. High water supply 1. Cooling system 1. Install high flow
temperature capacity limited alarm and/or cooling
temp. increases water high temp. alarm
2A Stirre Agitatio No 1. Stirrer motor malfunction 1. No mixing, 1. Interlock with feed
r n 2. Power failure possible line
accumulation of 2. Monomer feed valve
unreacted materials must fail closed on
2. Monomer feed power loss
continues, possible
accumulation of
unreacted materials
2B More 1. Stirrer motor controller 1. None
fails, resulting in high motor
speed
Hazard and operability study report
Project title: Sheet of
Project number: Date:
P&ID number: Chairman:
Line number: Study team:
Guide Deviation Cause Conseque Safeguards Action

word nces
Num By Details Reply
ber accepted
HAZOP Action Sheet
Project: Project no: Action no:
P&ID no: Date: Tape ref:
Action no: Date for reply:
Description:
Reply:
Signed: Date:
Issued Returned Complete
Return completed form to:

HAZOP Advantages
 Meets regulatory requirements
 Plant operates better
 Less down time
 Product quality improved
 Employees are happier

HAZOP Weakness
 HAZOP is very time consuming and can be laborious
with a tendency for boredom for analysts.
 It tends to be hardware-oriented and process-oriented,
although the technique should be amenable to human
error application.
 It tends to generate many failure events with
insignificance consequences and generate many failure
events which have the same consequences.
 It stifles brainstorming although this is not required at
the late stage of design when it is normally applied.
 HAZOP does not identify all causes of deviations and
therefore omits many scenarios.
HAZOP Weakness
 It takes little account of the probabilities of events or
consequences, although quantitative assessment are
sometime added. The group generally let their collective
experiences decide whether deviations are meaningful.
 HAZOP is poor where multiple-combination events can
have severe effects.
 It tends to assume defects or deterioration of materials of
construction will not arise.
 When identifying consequences, HAZOP tends to
encourage listing these as resulting in action by
emergency control measures without considering that
such action might fail. It tends to ignore the contribution
which can be made by operator interventions.
HAZOP Purpose
 It emphasizes upon the operating integrity of a system,
thereby leading methodically to most potential and
detectable deviations which could conceivably arise in
the course of normal operating routine
 including "start-up " and "shut-down" procedures
 as well as steady-state operations.
 It is important to remember at all times that HAZOP is
an identifying technique and not intended as a means
of solving problems nor is the method intended to be
used solely as an undisciplined means of searching for
hazardous scenarios.
Lecture 3

Nuclear Industries
Toxic Substance and Confined Spaces
Dr. Raghuram Chetty

Chennai- 600 036.
Contents
 Toxic substances Definition

 Entry Points for Toxic Agents
 Effects of Toxic Substance
 Relationship of Doses and Responses

 Threshold Limiting Values
 Exposure Thresholds
 Airborne Contaminants
 Confined Spaces Hazards
 Prevention and Control

Toxicology
 Because of the quantity and variety of chemicals used by

the chemical process industries, we must have knowledge
on
 The way toxicants enter biological organism

 The way toxicants are eliminated from biological
organisms
 The effects of toxicants on biological organisms
 Method to prevent or reduce entry of toxicants
Toxicology
 Long ago, toxicology was defined as the science of

poisons. Paracelsus, an early investigator of toxicology
during 1500s stated the problem: “All substances are
poisons; there is none which is not a poison. The right
dose differentiates a poison and a remedy”. Harmless
substance, such as water, can become fatal if delivered to
the biological organisms in large enough doses.
 A fundamental principle of toxicology is

‘There are no harmless substances, only harmless
ways of using substances’.
Toxicology
 Toxicology can be defined as the qualitative and
quantitative study of the adverse effects of toxicants on
biological organisms. A toxicant can be a chemical or
physical agents, including dusts, fibres, noise and
radiation.
 The toxicity of a chemical or physical agent is a
property of the agent describing its effect on biological
organisms. Toxic hazard is the likelihood of damage to
biological organisms based on exposure of usage.
 The toxic hazard of a substances can be reduced by
appropriate industrial techniques. The toxicity,
however, cannot be changed.
Toxic Substance
 A toxic substance is one that has a negative effect on
the health of a person or animal.
 Toxic effects are a function of several factors, including:
 Properties of the substances
 Amount of the dose
 Level of exposure
 Route of entry
 Resistance of the individual to the substance
 Response can vary widely and might be as little as a
cough or mild respiratory irritation or as serious as
unconsciousness and death.
Entry Points for Toxic Agents
 The development of preventive measures to protect
against the hazards associated with industrial hygiene
requires first knowing how toxic agents enter the body.
 The most common routes of entry for toxic agents are:
 Inhalation
 Entry organ: Mouth or nose
 Adsorption
 Entry organ: Skin
 Ingestion
 Entry organ: Mouth or stomach (not a major industrial concern)
 Injection
 Entry organ: Cuts in skin
Inhalation
 Airborne toxic substances such as
gases, vapors, dust, smoke fume,
aerosols, and mists can be inhaled
and pass through the nose, throat,
bronchial tubes, and lungs to enter
the bloodstream.
 The amount of a toxic substance
that can be inhaled depends on the
 Concentration of the substances
 Duration of the exposure
 Breathing volume.
Adsorption
 Passage through the skin and into the
bloodstream
 Organic lead compounds, nitro compounds,
organic phosphate pesticides, TNT, cyanides,
aromatic amines, amides, and phenols.
 With many substances, the rate of absorption
and in turn, the hazard levels increase in a warm
environment.
 Factors affecting absorption rate
 Molecular size
 Degree of ionization
 Lipid solubility
 Aqueous solubility
Entry Routes & Method for Control
Entry Route Entry Organ Method of Control

Enforcement of
Ingestion Mouth rules on eating and
drinking
Ventilation,
Inhalation Mouth or nose respirators, hoods,
and other PPE
Proper protective
Injection Cuts in skin clothing
Absorption Proper protective

Skin
(dermal) clothing
Effects of Toxic Substance
 The effects of toxic substance vary widely, as do the

substances themselves. However, all of the various
effects and exposure times can be categorised as being
either acute or chronic.
 Acute effects/exposure involves a sudden dose of a

highly concentrated substance. They are usually the
result of an accident (a spill or damage to a pipe line) that
results in an immediate health problem ranging from
irritation to death.
 Acute effect/exposure are

 Sudden
 Severe
 Typically involve just one incident
 Causes immediate health problems
 Chronic effects/exposures involve limited continual

exposure over time. Consequently, the associated
health problems develop slowly.
 The characteristics of chronic effects/exposure are:

 Continual exposure over time
 Limited concentrations of toxic substances
 Progressive accumulation of toxic substance in
body
 Little of no awareness of exposures.
 When a toxic substance enters the body, It eventually

affects one or more body organs. Part of the liver’s
function is to collect such substances, convert them to
non-toxics and send them to the kidneys for elimination
in the urine
Chronic effects/exposures…
 However when the dose is more than the liver can

handle, toxics move on to the organs, producing a
variety of different effects.
 The organs that are effected by toxic substances are

the blood, kidneys, heart, brain, central nervous
system, skin, liver, lungs and eyes.
Various responses to Toxicants
 Effects that are irreversible

 Carcinogen causes cancer
 Mutagen causes chromosome damage
 Reproductive hazard causes damage to
reproductive system
 Teratogen causes birth defects
Various responses to Toxicants
 Effects that may or may not be reversible

 Dermatotoxic affects skin
 Hemotoxic affects blood
 Hepatotoxic affects liver
 Nephrotoxic affects kidney
 Neurotoxic affects nervous system
 Pulmonotoxic affect lungs
Carcinogens
 A carcinogens is any substance, that can cause a
malignant tumour or a neoplastic growth.
 Medical researchers are not sure exactly how certain
chemicals cause cancer. However, there are a number
of toxic substances that are either known or, are
strongly suspected to be carcinogens.
 Examples: coal tar, pitch, anthracene oil, soot, lamp
black, lignite, asphalt, bitumen waxes, paraffin oils,
arsenic, chromium, nickel compounds, berylium,
cobalt, benzene, and various paints, dyes, pesticides
and enamels.
Asbestos Hazards
 More than 70% of the commercial buildings in use

today contain asbestos in some form -because of its
useful characteristics such as fire resistance, heat
resistance, mechanical strength and flexibility.
 In mid-1970’s medical research tied asbestos to

respiratory cancer, scarring of lungs, etc and it was
finally banned by EPA in 1989.
Asbestos Hazards
 When asbestos becomes crumbly, it releases fibers into

the air that are dangerous when inhaled. Asbestos can
be released into the air if it is disturbed during
renovation or as a result of vandalism.
 Permissible exposure limit (PEL) is 0.2 fibers per cm3 of

air for an 8 hour time weighted average.
Toxic substances & the organs they endanger
Blood Kidneys Heart Brain

Benzene Mercury Aniline Lead
Carbon monoxide Chloroform Mercury
Arsenic Benzene
Aniline Manganese
Toluene Acetaldehyde
Eyes Skin Lungs Liver

Cresol Nickel Asbestos Chloroform
Acrolein Phenol Chromium Carbon-
Benzyl chloride Trichloroethylene Hydrogen sulfide tetrachloride
Butyl alcohol Mica Toluene
Nitrogen dioxide
Some of the widely used toxic substances and the

organs they endanger
How toxicants are eliminated?
 Toxicants are eliminated or rendered inactive by the
following routes:
 Excretion: through the kidney, liver, lungs or other

organs.
 Detoxification: by changing the chemical into
something less harmful by biotransformation.
 Storage: in the fatty tissue.
How toxicants are eliminated?
 Toxicants that are ingested into the digestive tract are
frequently excreted by the liver. In general, chemical
compounds with molecular weights >300 are excreted
by the liver into bile. Compounds with lower molecular
weights enter the bloodstream and are excreted by the
kidneys.
Animal Testing
 How is toxicity tested?
 Most toxicological data is collected using small rodents

e.g. rats, mice, Guinea pigs, as surrogates for human
beings.
 There are numerous advantages to using such animals.

They are small and relatively easy to maintain in good
health in the laboratory. With a life expectancy of
typically 2 years, one can see the effect of a lifetime of
exposure in a relatively short time.
Designing toxicological experiments
 Manner of dosing
 There are several pathways for dosing. Most
commonly, the test substance is added to the
food or water, placed directly into the stomach by
gavage, injected into a vein, coated onto the skin,
or added to the atmosphere the animal breathes.
 The final toxicity values obtained usually differ

according to the path of entry into the body.
 The chosen path reflects the following concerns.
 What will be the manner of exposure of workers in the
plant? It should be replicated as nearly as possible in
the testing. For e.g. a solvent to be used for degreasing
parts may make contact with the skin of the worker or
its vapors may be inhaled, but it is highly unlikely that
the worker would ever swallow any. Testing should
concentrate on exposure to the skin and lungs.
 The actual design of the experiment depends on

how the dose is to be administered and what
responses are to be studied.
 Length of testing time
 When the dosing is for a limited time - acute
 The animal’s lifetime study - chronic
 Variability among animals

 The toxicity of a compound is not a constant term
for all animals. Differences are sometimes
displayed between animals of even very closely
related species.
Relationship of doses and responses
 Safety and health professionals are

interested in predictability, when it
comes to toxic substances.
 How much of a given substance is

too much?
 What effect will a given does of a

given substance produce?
Relationship of doses and responses
 These types of question concern

dose-response relationships.
 A dose of a toxic substance can be

expressed in a number of different
ways depending on the
characteristics of the substance, e.g.
 amount per unit of body weight

 amount per body surface area
Extrapolating Animal Data to Humans
 In spite of all the advantages, using mice or rats to

predict toxicity to human involves many risks.
 The difference in size between human and small

rodents is a major problem. The observation that 1 mg
of a compound makes a white rat ill dose not mean that
the same amount of would make a human ill.
Extrapolating Animal Data to Humans
 Most commonly doses are listed in milligrams of

compound given the animal per kilogram of animal
body weight. Thus the dose of 1mg per 250-g rat is a
dose rate of 4mg/kg.
 One assumes that the same dose rate should affect the
human, and that 280 mg would have roughly the same
effect on a 70-kg human. Because of difference
between rats and humans this is almost certainly not
exactly true, but it does provide a useful first
approximation of toxicity to humans.
Example
 25 mg of a narcotic substance under study causes a

200 g rat to sleep for 1 hour. What is this dose rate in
mg/kg?
25 mg 1000 g 125 mg
x =
200 g 1 kg 1 kg
Example
 As a first approximation, what dose would be needed to

produce the same effect on an 80-kg human?
125 mg 1g
x 80 kg = 10,000 mg x = 10.0 g
1 kg 1000 mg
Example
 What dose would be predicted to put a 32 kg dog to

sleep?
125 mg 1g
x 32 kg = 4,000 mg x = 4.0 g
1 kg 1000 mg
Doses
 Three important concepts to understand relating to

doses are:
 Dose Threshold
 Lethal Dose
 Lethal Concentration
Dose Threshold
 The minimum dose required to produce a measurable

effect.
 Of course, the threshold is different for different substances.
 In animal tests, thresholds are established using methods
such as:
 Observing pathological changes in body tissues
 Observing growth rates (are they normal or retard)
 Measuring the level of food intake (has there been a
loss of appetite)
 Weighing organs to establish body weight to organ
weight ratios
Lethal Dose
 Lethal dose of a given substance is the dose that is highly
likely to cause death. Such doses are established through
experiments on animals
 When lethal doses of a given substance are established, they
are typically accompanied by information that is of value to
medical professionals and industrial hygienists.
 Such information includes:
 the type of animal used in establishing the lethal dose
 how was the dose administered
 the duration of the dose.
 Lethal doses do not apply to inhaled substances.
Lethal Dose
 That all animals, no matter how carefully
selected, do not respond identically to a
given dosage now becomes a problem
in communications of the findings.
 Do we select the lowest dose that
caused a susceptible animal to die, the
highest necessary to kill the most
resistant animal, or an average dose?
 To resolve this, the fist step is to prepare
a dose-response curve from the data.
 Percentage mortality is plotted against
Log dose in mg/kg. This is also called as
Probit Analysis (Probit = Probability
unit).
Lethal Dose
 At the centre of this curve is found the dose that is estimated to be

fatal to half the recipient animals. This dose, the acute LD50 is
predicted to be lethal to 50% of the animals, and is the most
common value used to describe the relative toxicity of a compound.
 Once the curve is established it is possible to describe other
measures of toxicity such as LD5 (dose lethal to 5% of animal
sample) or LD95.
Toxicity class and LD50 values
Toxicity Descriptive LD50 wt/kg 4-hr inhalation Extrapolated Dose
Rating Term (single oral LC50 in Rats (g) for 70-kg
dose in Rats) (ppm) Human
1 Extremely toxic <1 mg <10 <0.07

2 Highly toxic 1-50 mg 10-100 0.07-3.5
3 Moderately toxic 50-500 mg 100-1,000 3.5-35
4 Slightly toxic 0.5-5 g 1,000- 10,000 35-350
5 Practically nontoxic 5-15 g 10,000-100,000 350-1000
6 Relatively harmless >15g >100,000 >1,000
Compounds LD50
(mg/kg, rats, oral)
Glycerol 25,200
Ethanol 10,300
Ethylene glycol 8,500
Acrylic acid 2,600
Hydroquinone 320
Acrylamide 170
Acrylonitrile 93
Nicotine 1
Dioxin 0.001 Dose-response curve for ethyl
alcohol
Lethal Concentration
 A lethal concentration of an inhaled substance is the
concentration that is highly likely to result in death.
 With inhaled substances, the duration of exposure is critical
because the amount inhaled increases with every unprotected
breath.
 In this case, the dose taken by the animal dose not have to be
adjusted to the size of the animal (e.g. when intake is through
lungs), the standards are based on the concentrations of the
substance in the environment of the animal. The toxicity is
expressed as the LC50, or concentration lethal to 50% of the
test group.
 The units in this case are usually either parts per million (ppm)
or mg/m³ of air.
Threshold Limiting Value
 The Threshold Limit Values (TLV) for chemical substances is
defined as a concentration in air, typically for inhalation or skin
exposure.
 TLV refer to airborne concentrations of substances and
represent conditions under which it is believed that nearly all
workers may be repeatedly exposed day after day without
adverse health effect.
 Its units are in parts per million parts of air (ppm) for gases and
mg/m³ for particulates such as dust, smoke and mist.
 Threshold limits are based on the best available information
from industrial experience, form experimental human and
animal studies, and when possible from a combination of the
three.
Substance TLV (ppm) TLV (mg/m3)

Acetic Acid 10 25
Acetone 750 1188
Ammonia 25 17
Benzene 1 1.6
Carbon Dioxide 5000 9000
Chloroform 10 49
Ethyl Alcohol 1000 1880
Formic Acid 5 9.4
Nitric Acid 2 5.2
Toluene 50 188
TLV’s of Some Common Chemicals
 TLV (also called exposure threshold) is a specified limit on
the concentration of selected chemicals. Exposure to
these chemicals that exceed the threshold may be
hazardous to a worker’s health.
 Three types of TLVs for chemical substances are (1) time-
weighted average, (2) short-term exposure limit, and (3)
exposure ceiling.
 The Time Weighted Average (TLV-TWA) is the average
concentration of a given substance to which employees
may be safely exposed over an 8 hour work day or a 40
hour work week. Workers can be exposed without adverse
effect.
 Short-Term Exposure Limit (TLV-STEL) is the maximum
concentration of a given substance to which employees
may be safely exposed for up to 15 minutes without
suffering irritation, chronic tissue change, or narcosis to a
degree sufficient to increase the potential for accidental
injury.
 The exposure Ceiling (TLV-C) refers to the concentration

level of a given substance that should not be exceeded at
any point during an exposure period.
TLV-Time Weighted Average
 Recommended maximum
exposures are expressed on
the basis of time-weight
averaged (TLV-TWA).
 Calculations of a TLV-TWA
assumes an 8-hr day and 40-
hr week. The exposure levels
of the compounds are
measured in regular
intervals.
TLV-Time Weighted Average
 The TWA exposure is

calculated by multiplying the
concentration of compound
in each analysis by the
length of time of exposure to
that level. These are
summed and divided by the
total time to produce an
average exposure level.
Evaluating Exposure to Volatile Toxicants
 A direct method for determining worker exposure is by

continuously monitoring the air concentration of toxicants
on-line in a work environment. For continuous
concentration data C(t) the TWA (time-weighted
averaged) concentration is computed using the equation:
tw
∫ C(t) dt
1
TWA =
8
0
where C(t) is the concentration (in ppm or mg/m3) of

the chemical in air
tw is the worker shift time in hours
 The integral is always divided by 8 hrs, independent of

the length of time actually worked in the shift. Thus, if a
worker is exposed for 12 hrs to a concentration of
chemical equal to the TLV-TWA, then the TLV-TWA has
been exceeded, because the computation is normalised
to 8 hrs.
 Continuous monitoring is not the usual situation because

most facilities do not have the necessary equipment
available.
 The more usual case is for intermittent samples to be
obtained, representing worker exposures at fixed points
in time. If we assume that the concentration Ci is fixed (or
averaged) over the period of time Ti, the TWA
concentration is computed by
TWA = C1T1 + C2T2 +… CnTn / 8 hrs

 If more than one chemical is present in the workplace,
the combined exposures from multiple toxicants with
different TLV-TWA is determined from the equation
n Ci
∑ =
i=1 (TLV-TWA)i
where n is the total number of toxicants

Ci is the concentration of chemical i with respect to
the other toxicants
(TLV-TWA) is the TLV-TWA for chemical species i.
Gas monitors & detectors
Gas Chromatogram

Sample Problem
 Given an exposure level of 2 ppm for 10 hr per week, 3
ppm for 20 hr per week and 4 ppm for 10 hr per week,
what is the TWA for this exposure?
Exposure (ppm) Time (hr) Product (ppm x hr)

2 10 20
3 20 60
4 10 40
40 120
TWA = 120 ppm x hr /40 hr = 3 ppm

Sample Problem
Determine the 8 hrs TWA worker exposure if the worker is
exposed to toluene vapour as follows:
Duration of Measured
exposure (hr) concentration
(ppm)
2 110
1 330
3 90
TWA = C1T1 + C2T2 + C3T3 / 8

= 110(2) + 330(1) + 90(3) / 8
= 102.5 ppm
Sample Problem
Because the TLV of toluene is 50 ppm, the worker is

overexposed. So additional control measure needs to be
developed. On a temporary and immediate basis all
employees working in this environment need to wear the
appropriate respirators.
Sample Problem
Air contains 5 ppm of diethylamine (TLV-TWA of 10 ppm), 20
ppm of cyclohexanol (TLV-TWA of 50 ppm) and 10 ppm of
propylene oxide (TLV-TWA of 20 ppm). Has the TLV-TWA level
been exceeded? n Ci
∑ =
i=1 (TLV-TWA)i
= 5/10 + 20/50 + 10/20

= 1.40
The sum of the fraction for the various components of the mixture are
added, and if the total is more than 1, exposure goes beyond acceptable
limit.
Because the quantity is greater than 1, the TLV-TWA has been
exceeded.
Permitted Exposure Level (PEL)
 The difference between TLV and PEL is the agencies
from which they come. TLVs are developed by the
American Conference of Governmental Industrial
Hygienists (ACGIH). PELs are developed by the
Occupational Safety and Health Administration (OSHA).
They both serve the same purpose and their values are
very similar or even identical in many cases
 The level of the chemical in the workplace should be

monitored, and the level found should be no higher than
the permitted exposure level.
Permitted Exposure Level (PEL)
 Simple formulas can be used to calculate compliance and

safety when PELs are known for all components of the
mixture.
 A fraction is made of the actual level of a chemical divided

by the PEL, where both values must be in the same units.
The sum of the fraction for the various components of the
mixture are added, and if the total is more than 1,
exposure goes beyond acceptable limit.
Airborne Contaminants
 It is important to understand the different types of

airborne contaminants that may be present in the
workplace.
 Each type of contaminants has a specific definition that

must be understood in order to develop effective safety
and health measures to protect against it.
 The most common types of airborne contaminates are:
 Dusts
 Fumes
 Smoke
 Aerosols
 Mists
 Gases
 Vapours
 Dusts
 Dusts are various types of solid particles that are
produced when a given type of organic or inorganic
material is scraped, sawed, ground, drilled, handled,
heated, crushed, or otherwise deformed.
 The degree of hazard represented by dust depends

on the toxicity of the parent material and the size and
level of concentration of the particles.
 Fumes
 The most common causes of fumes in the workplace
are such manufacturing processes as welding, heat
treating, and metalizing, all of which involve the
interaction of intense heat with a parent material.
 The heat volatizes portions of the parent material,
which then condenses as it comes in contact with
cool air. The result of this reaction is the formation of
tiny particles that can be inhaled.
 Smoke
 It is the result of the incomplete combustion of
carbonaceous materials. Because combustion is
incomplete, tiny soot and/ or carbon particles remain
and can be inhaled.
 Aerosols
 Aerosols are liquid or solid particles that are so small
they can remain suspended in air long enough to be
transported over a distance. They can be inhaled.
 Mists
 Mists are tiny liquid droplets suspended in air. Mists
are formed in two ways:
 when vapours return to a liquid state through
condensation,
 when the application of sudden force or pressure
turns a liquid into particles.
 Gases
 Unlike other airborne contaminants that take the form
of either tiny particles or droplets, gases are formless.
 Gasses are actually formless fluids. Gases become
particularly hazardous when they fill a confined
unventilated space.
 The most common sources of gases in an industrial
setting are from welding and the exhaust from internal
combustion engines.
 Vapours
 Certain materials that are solid or liquid at room
temperature and at normal pressure turn to vapour
when heated or exposed to abnormal pressure.
Evaporation is the most common process by which a
liquid is transformed into a vapour.
Effects of airborne toxics
 Airborne toxic substances are also classified according to the
type of effect they have on the body. The primary
classifications are:
 Irritants
 Asphyxiant
 Narcotics/Anesthetic
 For reporting the toxicity of airborne toxicants, no adjustment
is necessary for the ratio of animal to human size. One
assumes that the rat and human each breath an amount of air
that is in proportion to the size. The dose is therefore listed in
terms of the concentration in the air, with no reference to
animal size.
 Irritants
 Irritants are substances that cause irritation to the
skin, eye and the inner lining of the nose, mouth,
throat and upper respiratory tract.
 Asphyxiants
 Asphyxiants are substances that can disrupt breathing
so severely that suffocation results.
 Asphyxiants may be simple or chemical in nature.

 Simple asphyxiant
 is an inert gas that dilutes oxygen in the air to the point
that the body cannot take in enough air to satisfy its
need for oxygen.
 CO2, ethane, helium, hydrogen, methane and nitrogen.
 Chemical asphyxiant
 by chemical interfere with the passage of oxygen into
the blood or the movement of oxygen from lungs to
body tissues.
 CO, hydrogen cyanide, hydrogen sulfide.
 Either way, the end result is suffocation due to insufficient
or no oxygenation.
 Narcotics/Anesthetic
 Are similar in the meaning carefully controlled dosages
can inhibit the normal operation of the central nervous
system without causing serious or irreversible effects.
 This make them particularly valuable in a medical setting.
 However if the concentration of the dose is too high,
narcotics and anesthetics can cause unconsciousness
and even death.
 Examples: methyl-ethyl-ketone, acetylene, ether,
hydrocarbons and chloroform.
Confined Space Hazards
 Confined space means a space that has any of the

following characteristics:
 limited openings for entry and exit;
 unfavorable natural ventilation;
 not designed for continuous worker occupancy.
 It includes, but is not limited to, boilers, manholes,
furnace, pressure vessels, cargo tanks, ballast tanks,
sewage-tanks, bins, pits, tunnels, pipes, pump-rooms,
compressor rooms, cofferdams, void spaces, duct
keels, inter-barrier spaces and engine crankcases.
Confined space e.g. cargo tanks

Confined Space

Confined Spaces Hazards
 Atmospheric hazards
 Oxygen Deficiency
 Oxygen Enriched
 Flammable atmosphere
 Toxic or Irritating Atmosphere
 Physical hazards
 Fixed & portable mechanical equipment
 Electrically energized conductors
 Fluids: Liquids, powders & gases
 Thermal Condition : Hot or Cold
 Engulfment by finely divided material
 Ionizing and non-ionizing radiation
 Contact with corrosive substances
 To evaluate the confined spaces, the following limit values
should be used.
 Testing for oxygen
 Any atmosphere with less than 20.8% (± 0.2%) oxygen
by volume should not be entered. Oxygen
measurements should be carried out immediately
before entry into the confined space.
 Testing for flammable atmosphere
 A space with an atmosphere with more than 5% of the
“Lower Flammable Limit” (LFL) or “Lower Explosive
Limit” (LEL), on a combustible gas indicator should not
be entered.
 Toxic gases/ vapours must be less than the
Permitted Exposure Level (PEL).
 carbon monoxide (PEL <35 ppm)
 or any other hazardous materials as determined by
the use of the space.

Test the Atmosphere
Always test the

air at various levels Good Air
to be sure that the
entire space is safe.
Good air near the

opening does Poor Air
NOT mean there

is good air at the
bottom! Deadly Air
Oxygen Scale
Toxic atmosphere: Toxins
Oxygen Enriched are measured in parts per
21 % million (ppm). Under no
Minimum for circumstances should
19.5%
safe entry
anyone enter a confined
16% Impaired judgment space exceeding the limits
& breathing specified below.
14% Faulty judgment
Rapid Fatigue
Difficult breathing
6%
Death in minutes
Oxygen Scale
 An oxygen deficient atmosphere has less than 19.5%
available oxygen (O2). Any atmosphere with less than
19.5% O2 should not be entered without an approved
self-contained breathing apparatus (SCBA).
 The oxygen level in a confined space can decrease

because of work being done, such as welding, cutting or
brazing, or even corrosion.
 The O2 level is decreased if oxygen is displaced by

another gas, such as CO2 or N2. Total displacement of O2
will result in unconsciousness, followed by death.
Oxygen toxicity
 Oxygen toxicity is caused by exposure to oxygen at
partial pressures greater than those to which the body is
normally exposed.
 Exposures to partial pressures of oxygen above 1.6 bars

(160 kPa) are usually associated with central nervous
system oxygen toxicity. Since atmospheric pressure is
about 1 bar (100 kPa), central nervous system toxicity
can occur where ambient pressure is above normal.
 Severe cases can result in cell damage and death.

Vessel Entry Requirement
Entry permit system
 Permit elements
 Identification & job description
 Description of the hazard
 Precautions already taken while preparation
 Isolations
 Gas test results
 Communications
 Special equipment or precautions
 Identify entrants and stand by rescue
 Hot-work permit involved
 Any other relevant information
 Issue, authorization and acceptance
 Competing the permit procedure
Respiratory Protection
When effective engineering controls are not feasible to control
breathing contaminated air, appropriate respirators shall be used.
 Air-Purifying Respirator (APR)  Supplied Air

 Dust Mask Respirator (SAR)
 Half Face  Air-line
 Full Face
 Hood style
 Powered Air-Purifying Respirators
(PAPR)  Facepiece style
 Self Contained
Breathing
Apparatus (SCBA)
Dust Mask
Tight -Fitting Coverings
Quarter Mask Half Mask
Mouthpiece/Nose Clamp
Full Facepiece
Loose-Fitting Coverings
Hood Helmet
Loose-Fitting
Full Body Suit
Facepiece
Self-Contained Breathing Apparatus (SCBA)
 An atmosphere-supplying respirator for which the

breathing air source is designed to be carried by the
user.

Positive & Negative Pressure SCBA
An action conducted by the respirator user to determine if the respirator is

properly seated to the face.
Negative Pressure Check
SCBA will be either "positive pressure" or "negative pressure" operation.

In negative pressure SCBA air is delivered to the wearer when he
breathes in, or in other words, reduces the pressure in the mask to less
than outside pressure, hence the name "negative pressure". Any leaks in
the device or the interface between the mask and the face of the wearer
would reduce the protection offered.
Positive & Negative Pressure SCBA
Positive Pressure Check
Positive pressure SCBA addresses this limitation. By careful design, the

device is set to maintain a small pressure inside the facepiece. Although
the pressure drops when the wearer breathes in, the device always
maintains a higher pressure inside the mask than outside of the mask.
Thus, even if the mask leaks slightly, there is a flow of clean air out of the
device, automatically preventing inward leakage under most
circumstances.
Prevention and Control
 Most preventive and control strategies can be placed in

one of the following four categories:
 Personal protective equipment (PPE)

 PPE imposes a barrier between the worker and the
hazard but dose nothing to eliminated or reduce the
hazard, e.g. safely goggles, face shields, gloves,
boots, full-body clothing, respirators.
 Engineering controls
 Strategies for replacing a toxic material with one that
is less hazardous or redesigning a process to make it
less stressful. Isolating a hazardous process to
reduce the number of people exposed & introducing
moisture to reduce dust.
 Ventilation
 Exhaust ventilation involves trapping and removing
contaminated air. Typically used in processes such as
abrasive blasting, grinding, polishing, buffing, and
spray painting/finishing.
 Administrative controls
 Involves limiting the exposure of the employees to
hazardous conditions using strategies such as,
rotating schedules, required breaks, work shifts.
Summary
 Definition of toxic substances
 Entry Points (Inhalation/ Adsorption/ Ingestion/
Injection
 Effects (acute / chronic)
 Relationship of Doses and Responses

 Dose Threshold/ Lethal Dose/Concentration
 Threshold Limiting Value
 Airborne Contaminants (Dusts/ Fumes /Smoke /
Aerosols/ Gases/ Vapours)
Summary
 Confined Spaces Hazards

 Oxygen scale
 Respiratory protection
 Prevention and Control

 Engineering controls/ ventilation/ PPE/
administrative.
References & Further Reading
 David.L. Goetsch, “The Safety and Health Handbook”

Prentice Hall, 2000.
 D.A. Crowl and J.F. Louvar, Chemical Process Safety:

Fundamentals with Applications, 2001 (2nd Edition).
 R.G. Smith and J.B. Olishifski, “Industrial Hygiene”

Chicago National Safety Council, 1988.
Lecture 5

Nuclear Industries
Electrical Safety Hazard
Dr. Raghuram Chetty

Chennai- 600 036.
Basic Electrical Safety
Objectives
 To familiarize with the fundamental concepts of electricity.
 To familiarize with the effects of electricity on the human
body.
 Be able to recognize common electrical hazards.
 Be familiar with electrical protective devices.
Basic Electrical Safety
Not designed
 Lecture is not designed to teach you to work on electrical
equipment.
 You will not be qualified to work with electrical devices.
 If you spot problems with electrical equipment you

should report it to the management/ electrician.
Electrical Accidents-Statistics
 In India
 Almost 12 people die due to electrocution every day
 42 % of total fires occur due to electrical sources
 8% deaths that occur in factories are due to electricity
 In US
 25% of all fires occur due to electricity
 400 deaths from job related electrical accidents per
year
 Electrocution - the fifth leading cause of death
Fundamentals of Electrical Hazards
 Electricity must have a complete path to flow. Electricity

flows through conductors.
 Electricity flows more easily through some materials than
others. Some substances such as metals generally offer
very little resistance to the flow of electric current and are
called “conductors” .
 Glass, plastic, porcelain, clay, pottery, dry wood, and
similar substances generally slow or stop the flow of
electricity. They are called “insulators.”
 Even air, normally an insulator, can become a
conductor, as occurs during an arc or lightning stroke.
Water and electricity
 Pure water is a poor conductor. But small amounts of
impurities in water like salt, acid, solvents, or other
materials can turn water itself and substances that
generally act as insulators into conductors or better
conductors.
 Dry wood, for example, generally slows or stops the flow

of electricity. But when saturated with water, wood turns
into a conductor.
Water and electricity
 The same is true of human skin. Dry skin has a fairly
high resistance to electric current. But when skin is moist
or wet, it acts as a conductor.
 This means that anyone working with electricity in a

damp or wet environment needs to exercise extra
caution to prevent electrical hazards.
Fundamentals of Electricity
 Operating an electric switch is like turning on a water
tap. Behind the tap or switch there must be a source of
water or electricity with something to transport it, and
with a force to make it flow.
 In the case of water the source is a pump, and the force

to make it flow through the pipes is provided by the
pump.
 For electricity, the source is the power generator.
Current travels through electrical conductors (wires) and
the force to make it flow, measured in volts, is provided
by a generator.
 Voltage
 electrical pressure (water pressure)
 Ampere
 electrical flow rate (liter/min)
 Impedance
 restriction to electrical flow (pipe friction)
 Circuit
 path of flow of electricity
 Circuit Element
 objects which are part of a circuit and through which
current flows.
 Fault
 current flow through an unintended path.
 Grounding
 Protection from electric shock
 normally a secondary protection measure
 Taking Ohm's Law for voltage, current, and resistance,
and expressing it in terms of current for a given voltage
and resistance, we have:
I = V/ R, Current = Voltage/Resistance
 It is the electric current that burns tissue, freezes
muscles, and fibrillates hearts. However, electric current
doesn't just occur on its own, there must be voltage
available to motivate flow of electrons. A person's body
also presents resistance to current, which must be taken
into account.
 The amount of current through a body is equal to the

amount of voltage applied between two points on that
body, divided by the electrical resistance offered by the
body between those two points.
 Obviously, the more voltage available to cause

electrons to flow, the easier they will flow through any
given amount of resistance. The more resistance a
body offers to current, the slower electrons will flow for
any given amount of voltage.
Electrical Current
 Basically, electrical hazards can be

categorized into three types.
 The first and most commonly
recognized hazard is electrical
shock.
 The second type of hazard is
electrical arc burns.
 The third is the effects of blasts
which include pressure impact,
flying particles from vaporized
conductors.
What causes shocks?
 Electricity travels in closed
circuits, normally through a
conductor.
 But sometimes a person’s body -

an efficient conductor of electricity
-mistakenly becomes part of the
electric circuit. This can cause an
electrical shock.
What causes shocks?
 Shocks occur when a person’s
body completes the current path
with:
 both wires of an electric circuit
 one wire of an energized circuit
and the ground
 another ‘conductor’ that is
carrying a current
 When a person receives a shock,
electricity flows between parts of
the body or through the body to a
ground or the earth.
What effect do shocks have on the body?
 An electric shock can result in anything from a slight

tingling sensation to immediate cardiac arrest.
 A severe shock can stop the heart or the breathing
muscles.
 The heating effects of the current can cause severe
burns, especially at points where the electricity enters
and leaves the body.
 Other effects include severe bleeding, breathing
difficulty, and ventricular fibrillation.
What effect do shocks have on the body?
 The severity depends on the following:

 the amount of current flowing through the body,
 the current’s path through the body,
 the length of time the body remains in the circuit,
 the current’s frequency.
Relationship between the amount of current and the
reaction for 1 second.
Current Reaction
Below 1 milliampere Generally not perceptible
1 mA Faint tingle
5 mA Slight shock felt; not painful but disturbing. Average individual can let
go. Strong involuntary reactions can lead to other injuries.
6–25 mA (women) Painful shock, loss of muscular control

9–30 mA (men) The freezing current or “let-go” range. Individual cannot let go, but can
be thrown away from the circuit if extensor muscles are stimulated.
50–150 mA Extreme pain, respiratory arrest, severe muscular contractions. Death

is possible.
1,000–4,300 mA Rhythmic pumping action of the heart ceases. Muscular contraction

and nerve damage occur; death likely.
10,000 mA Cardiac arrest, severe burns; death probable

If the extensor muscles are excited by the shock, the person may be thrown away from the power
source.
The "let-go" current is the highest amperage at which you will still be able to pull your
hand away when you receive a shock.
Electrical shock
 Even though there may be no external signs from some
of the electrical shock, internal tissue or organ damage
may have occurred.
 Signs of internal damage may not surface immediately;
and when it does, it may be too late.
 Using the correct personal protective equipment (PPE)
and following safe work practices will minimize risk of
electrical shock hazards. Any person experiencing any
kind of electrical shock should seek immediate medical
attention.
Path of current through the body
 There are three basic pathways electric current travels
through the body
 In a touch potential contact, current travels from one

hand through the heart and out through the other hand.
Because the heart and lungs are in the path of current,
ventricular fibrillation, difficulty in breathing,
unconsciousness, or death may occur.
 In a step potential contact, current travels from one foot
through the legs, and out of the other foot. The heart is
not in the direct path of current but the leg muscles may
contract, causing the victim to collapse or be momentarily
paralyzed.
 In a touch/step potential contact, current travels from
one hand, through the heart, down the leg, and out of the
foot. The heart and lungs are in the direct path of current
so ventricular fibrillation, difficulty in breathing, collapse,
unconsciousness, or death may occur.
Three basic pathways by which electric current travels

through the body
Electrical Arc-Flash and Arc-Blasts
 An Arc-Flash is an unexpected sudden release of heat

and light energy produced by electricity traveling through
air, usually caused by accidental contact between live
conductors.
 Temperatures at the arc terminals can reach or exceed

35,000°F,or four times the temperature of the sun’s
surface. The air and gases surrounding the arc are
instantly heated and the conductors are vaporized
causing a pressure wave called an Arc Blast.
Electrical Arc-Flash and Arc-Blasts
 Personnel directly exposed to an Arc-Flash and Arc-

Blast events are subject to third degree burns, possible
blindness, shock, blast effects and hearing loss.
 The high temperatures of the arc and the molten and

vaporized metals quickly ignite any flammable materials.
Arc-Flash Metrics
 In order to determine the potential effects of an Arc-Flash,

we need to understand some basic terms. An Arc-Flash
produces intense heat at the point of the arc. Heat energy
is measured in units such as BTU, joules or calories.
 The following data provides a basis for measuring heat

energy: A Calorie is the amount of heat energy needed to
raise the temperature of one gram of water by one degree
Celsius.
Arc-Flash Metrics
 Since Energy = Power x Time

Power (W) = Volts x Amps
Calories = Volts x Amps x Time
1 Calorie = 4.1868 watt-seconds
1 Joule = 1 watt-second
The higher the current, voltage and time, the more
calories produced.
 The amount of instantaneous heat energy released by an
Arc-Flash is generally called incident energy. It is usually
expressed in calories per square centimeter (cal/cm2).
Incident energy
An incident energy of only 1.2
cal/cm2 will cause a second- Incident Result / Example
Energy
degree burn to unprotected skin. A (cal/cm2)
second-degree burn can be 1 Equivalent to a finger tip
defined as “just” curable. exposed to a cigarette lighter
flame for one second.
Incident Energy Hazard Risk
1.2 Amount of energy that will
(cal/cm2) Category instantly cause 2nd degree
0 - 1.2 0 burns to bare skin.
1.21 - 4 1
4 .1 - 8 2 4 Amount of energy that will
instantly ignite a cotton shirt.
8.1 - 25 3
25.1 - 40 4 8 Amount of energy that will
instantly cause incurable 3rd
degree burns to bare skin.
Electrical Circuit
 Current Flow Short Circuit

Accidental
LOAD
LOAD
connection
GEN creates fault
GEN
(red lines indicate increased current)

System voltage During a short circuit, only
and load the resistance of the fualt
resistance path limits current. Current
determine the may increase to many times
flow of current the load current.
Major causes of electrical shock
 Contact with a bare wire carrying current. The bare wire

may have deteriorated insulation or normally bare.
 Working with electrical equipment that lacks the label of

safety inspection.
 Electrical equipment that has not been properly

grounded. Failure of the equipment can lead to short
circuits.
Major causes of electrical shock
 Working with electrical equipment on damp floors or

other sources of wetness.
 Using metal ladders to work on electrical equipment.
These ladders can provide a direct line from the power
source to the ground, again causing a shock.
 Working on electrical equipment without ensuring that
the power has been shut off.
 Static electricity discharge, and lighting strikes.
Electrical Hazards
Improper insulation
Outlet overload Extension cords

Extension cords
 Extension cords are only approved for temporary use.
 When using extension cords check for defaults such as

frays, brittleness, or broken wires.
 Never place extension cords in high traffic areas where

they can be damaged by being stepped on or run over
by equipment.
Extension cords
 Should only be used for office equipment such as

computers, printers, and fax machines.
 Other common items such as microwaves, refrigerators,

and copy machines must be plugged directly into wall
outlets.
 Multi-plug strips should have a approved fuse or circuit

breaker.
What kind of burns can a shock cause?
 Burns are the most common shock-related injury. An
electrical accident can result in an electrical burn, arc burn,
thermal contact burn, or a combination of burns.
 Electrical burns are among the most serious burns and
require immediate medical attention. They occur when
electric current flows through tissues or bone, generating
heat that causes tissue damage.
 Arc or flash burns result from high temperatures caused by
an electric arc or explosion near the body. These burns
should be treated promptly.
What kind of burns can a shock cause?
 Thermal contact burns are caused when the skin touches
hot surfaces of overheated electric conductors, conduits, or
other energized equipment. Thermal burns also can be
caused when clothing catches on fire, as may occur when
an electric arc is produced.
 In addition to shock and burn hazards, electricity poses
other dangers. For example, arcs that result from short
circuits can cause injury or start a fire. Extremely high-
energy arcs can damage equipment, causing fragmented
metal to fly in all directions. Even low-energy arcs can
cause violent explosions in atmospheres that contain
flammable gases, vapors, or combustible dusts.
Electrical Burns
 Most common shock-related,
nonfatal injury
 Occurs when you touch
electrical wiring or equipment
that is improperly used or
maintained
 Typically occurs on the hands
 Very serious injury that needs
immediate attention

Freezing by shock
 When a person receives an electrical shock, sometimes
the electrical stimulation causes the muscles to contract.
This “freezing” effect makes the person unable to pull
free of the circuit. It is extremely dangerous because it
increases the length of exposure to electricity and
because the current causes blisters, which reduce the
body’s resistance and increases the current.
Freezing by shock
 The longer the exposure, the greater the risk of serious

injury. Longer exposures at even relatively low voltages
can be just as dangerous as short exposures at higher
voltages. Low voltage does not imply low hazard.
 In addition to muscle contractions that cause “freezing,”

electrical shocks also can cause involuntary muscle
reactions. These reactions can result in a wide range of
other injuries from collisions or falls, including bruises,
bone fractures, and even death.
If Electrocution Occurs
 Call for help

 DO NOT touch the victim or the conductor
 Shut off the current at the control box
 If the shutoff is not immediately available, use a non-
conducting material to free the victim
 If necessary and you know how, begin CPR
(cardiopulmonary resuscitation) when current is stopped
 In dealing with electricity, never exceed your expertise.
What is the danger of static electricity?
 Static electricity also can cause a shock, though in a

different way and generally not as potentially severe as
the type of shock described previously. Static electricity
can build up on the surface of an object and, under the
right conditions, can discharge to a person, causing a
shock. The most familiar example of this is when a
person reaches for a door knob or other metal object on
a cold, relatively dry day and receives a shock.
What is the danger of static electricity?
 However, static electricity also can cause shocks or can just
discharge to an object with much more serious consequences,
as when friction causes a high level of static electricity to build
up at a specific spot on an object. This can happen simply
through handling plastic pipes and materials or during normal
operation of rubberized drive or machine belts found in many
worksites. In these cases, for example,
 Static electricity can potentially discharge when sufficient
amounts of flammable or combustible substances are
located nearby and cause an explosion.
 Grounding or other measures may be necessary to
prevent this static electricity buildup and the results.
Sources of Electrostatic Discharge
 Briskly rubbing a nonconductive material over a

stationary surface. One common example of this is
scuffing shoes across a wool or nylon carpet.
Multilayered clothing may also cause static sparks.
 Moving large sheets of plastic, which may discharge
sparks.
 The explosion of organic and metallic dusts, which have
occurred from static buildup in farm grain silos and mine
shafts.
Sources of Electrostatic Discharge
 Conveyor belts. Depending on their constituent material,

they can run the materials being transported and cause
static sparks.
 Vehicle tires rolling across a road surface.
 Friction between a flowing liquid and a solid surface.

Bonding
 Physically connect two conductive objects together
with a bond wire to eliminate a difference in static
charge potential between them.
 Must provide a bond wire between containers during
flammable liquid filling operations, unless a metallic
path between them is otherwise present.
Grounding
 Eliminates a difference in static charge potential between
conductive objects and ground
 Although bonding will eliminate a difference in potential
between objects, it will not eliminate a difference in
potential between these objects and earth unless one of
the objects is connected to earth with a ground wire.
Ventilation
Solvent Transfer
Self closing safety Faucet

Safety pump
Protection against electrical hazards
 Most electrical accidents result from one of the following

three factors:
 unsafe equipment or installation,

 unsafe environment, or
 unsafe work practices.
Protection against electrical hazards
 Some ways to prevent these accidents are through the

use of insulation, guarding, grounding, electrical
protective devices, and safe work practices.
 Inspect All Electrical Tools and Equipment

 Frayed, cut, broken wires
 Grounding prong missing
 Improperly applied or missing strain relief
Controlling Electrical Hazards
 Most electrical mishaps are
caused by one or a
combination of the following
three factors:
 Unsafe equipment and/or

installation
 Workplaces made unsafe
by the environment
 Unsafe work practices

Common types of equipment failure
 Wet insulations can become a conductor
and cause an electrical shock.
 Portable tool defects can result in the
device’s housing carrying an electric current.
Workers do not expect tool housing to be
charged and may be shocked when they
touch charged tool housing.
 Broken power lines carry great amperage
and voltage and can cause severe disability.
 When equipment is not properly grounded
or insulated, an unshielded worker may
Image courtesy:
Google Images receive a substantial electrical shock.
What protection does insulation provide?
 Insulators such as glass, mica, rubber, or plastic used to
coat metals and other conductors help stop or reduce the
flow of electrical current.
 This helps prevent shock, fires, and short circuits.
 To be effective, the insulation must be suitable for the

voltage used and conditions such as temperature and
other environmental factors like moisture, oil, gasoline,
corrosive fumes, or other substances that could cause the
insulator to fail.
Environment toxic to insulation
 Direct sunlight or other sources of ultraviolet light, which
can induce gradual breakdown of plastic insulation
material.
 Sparks or arcs from discharging static electricity, which

can result in burned through holes in insulation.
 Repeated exposure to elevated temperatures, which can

produce slow but progressive degradation of insulation
material.
Environment toxic to insulation
 Animals such as rodents or insects chewing or eating the
insulation material, leading to exposure of the circuit.
Insects can also pack an enclosed area with their bodies
so tightly that a short circuit occurs. This is a common
occurrence with electrical systems near water, such as
pump housings and television satellite dishes.
 Moisture and humidity being absorbed by the insulation

material, which may result in the moisture on the
insulation carrying a current.
Electrical grounding
 The main reason why grounding is used in electrical
distribution network is for the safety.
 Electrical grounding is important because it provides a
reference voltage level (called zero potential or ground
potential) against which all other voltages in a system
are established and measured.
 An effective electrical ground connection also minimizes
the susceptibility of equipment to interference, reduces
the risk of equipment damage due to lightning,
eliminates electrostatic buildup that can damage system
components, and helps protect personnel who service
and repair electrical and electronic systems.
Electrical grounding
 In effect, an electrical ground drains away any unwanted

buildup of electrical charge. When a point is connected
to a good ground, that point tends to stay at a constant
voltage, regardless of what happens elsewhere in the
circuit or system.
 The earth, which forms the ultimate ground, has the

ability to absorb or dissipate an unlimited amount of
electrical charge.
Grounding
All AC appliances should work fine with just two wires, but what happens if a wire
comes loose inside and touches the case?
If you touch this defective appliance, Grounding the case of the
you will complete the circuit to ground. defective appliance with a 3-wire
The fuse may or may not blow plug should protect you by
depending on where the short is in the completing the circuit and blowing
appliance and how much flows through the fuse.
you.
Electrical Protection
Circuit Breakers
 Provided to protect EQUIPMENT not
people
 Do not reset breakers with a line voltage
higher than 120V and only reset if you
know why it tripped.
 Anytime a circuit has been de-energized
by the operation of an over current
protective device by a short circuit or
ground-fault, the circuit must be checked
by a qualified person to determine if it
can be reenergized safely.
Electrical Protection
 Ground fault circuit
interrupters (GFCI)
 The GFCI is designed to
protect people from severe
or fatal electric shocks
Because a GFCI detects
ground faults, it can also
prevent some electrical
fires and reduce the
severity of others by
interrupting the flow of
electric current.
What is guarding and what protection does
it offer?
 Guarding involves locating or enclosing electric
equipment to make sure people don’t
accidentally come into contact with its live parts.
 Effective guarding requires equipment with
HIGH
exposed parts operating at 50 volts or more to VOLTAGE
be placed where it is accessible only to

authorized people qualified to work with it.
 Recommended locations are a room, vault, or
similar enclosure; a balcony, gallery, or
elevated platform; or a site elevated 8 feet or
more above the floor.
What is guarding and what protection does
it offer?
 Conspicuous signs must be posted at the
entrances to electrical rooms and similarly
guarded locations to alert people to the
electrical hazard and to forbid entry to HIGH
VOLTAGE
unauthorized people.
 Signs may contain the word “Danger,”

“Warning,” or “Caution,” and beneath that,
appropriate concise wording that alerts
people to the hazard or gives an instruction,
such as “Danger/High Voltage/Keep Out.”
What are circuit protection devices and
how do they work?
 Circuit protection devices limit or stop the flow of current
automatically in the event of a ground fault, overload, or
short circuit in the wiring system. Well-known examples
of these devices are fuses, circuit breakers, ground-fault
circuit interrupters, and arc-fault circuit interrupters.
 Fuses and circuit breakers open or break the circuit
automatically when too much current flows through them.
When that happens, fuses melt and circuit breakers trip
the circuit open. Fuses and circuit breakers are designed
to protect conductors and equipment. They prevent wires
and other components from overheating and open the
circuit when there is a risk of a ground fault.
What are circuit protection devices and
how do they work?
 Ground-fault circuit interrupters, or GFCIs, are used in
wet locations, construction sites, and other high-risk
areas. These devices interrupt the flow of electricity within
as little as 1/40 of a second to prevent electrocution.
GFCIs compare the amount of current going into electric
equipment with the amount of current returning from it
along the circuit conductors. If the difference exceeds 5
mA, the device automatically shuts off the electric power.
 Arc-fault devices provide protection from the effects of
arc-faults by recognizing characteristics unique to arcing
and by functioning to de-energize the circuit when an arc-
fault is detected.
What work practices help protect you
against electrical hazards?
 Electrical accidents are largely preventable through safe
work practices. Examples of these practices include the
following:
 de-energizing electric equipment
before inspection or repair,

 keeping electric tools properly
maintained,
 exercising caution when working
near energized lines, and basis document for
 using appropriate protective electrical safety
equipment.
Protecting against metal parts that become
energized?
 A break in an electric tool’s or machine’s insulation can
cause its metal parts to become “hot” or energized,
meaning that they conduct electricity. Touching these
energized parts can result in an electrical shock, burn, or
electrocution.
energized?
 The best way to protect yourself when using electrical tools
or machines is to establish a low-resistance path from the
device’s metallic case to the ground.
 This requires an equipment grounding conductor, a low-
resistance wire that directs unwanted current directly to
the ground. A properly installed grounding conductor
has a low resistance to ground and greatly reduces the
amount of current that passes through your body.
 Cord and plug equipment with a three-prong plug is a
common example of equipment incorporating this
ground conductor.
energized?
 Another form of protection is to use listed or labeled

portable tools and appliances protected by an approved
system of double insulation or its equivalent. Where such
a system is employed, it must be marked distinctively to
indicate that the tool or appliance uses an approved
double insulation system.
Precautions for reducing electrical
hazards (1/4)
 Ensure the power has been disconnected from the system
before working with it. Test the system for de-energizing.
Capacitors can store current after power has been shut off.
 Allow only fully authorized and trained people to work on
electrical systems.
 Do not wear conductive material such as metal jewelry
when working with electricity.
hazards (2/4)
 Periodically inspect insulation.

 If working on a hot circuit, use the buddy system
(arrangement whereby two persons watch out for each
other) and wear protective clothing.
 Do not use a fuse with a greater capacity than was
prescribed for the circuit.
 Verify circuit voltages before performing work.
hazards (3/4)
 Do not use water to put out an electrical fire.

 Check the entire length of electrical cord before using it.
 Use only explosion-proof devices and non-sparking
switches in flammable liquid storage areas.
 Enclose un-insulated conductors in protective areas.
hazards (4/4)
 Enclose un-insulated conductors in protective areas.
 Discharge capacitors before working on the equipment.
 Use fuses and circuit breakers for protection against
excessive current.
 Train people working with electrical equipment on a
routine basis in first aid and cardiopulmonary
resuscitation (CPR).
Reducing lighting hazards
 Place lighting rods so that the upper end is higher than
nearby structures.
 Avoid standing in high places or near tall objects. Be
aware that tress in a open field may be that tallest object
nearby.
 Do not work with flammable liquids or gases during
electrical storms.
 If in a metal building, stay in the building and do not
touch the walls of the building.
Reducing lighting hazards
 Wear rubber clothing of outdoors.
 Do not work touching or near conducting materials,
especially those in contact with earth such as fences.
 Avoid using the telephone during an electrical storm.
 Do not use electrical equipment during the storm.
 Avoid standing near open doors or windows where
lighting may enter the building directly.
Summary
 Electric power does a tremendous amount of work. But
because it’s such a powerful force, we need to be very
careful with it.
 People are injured or killed every year by electricity. The
reasons are almost always carelessness, a faulty
appliance or tool, or a lack of knowledge about how
electricity works. You can reduce electrical injuries and
death by doing three things:
 Understanding how electricity works
 Recognizing potential electrical hazards
 Learning about safety devices that prevent shock.
Lecture 6

Nuclear Industries
Chemical Process Safety
Dr. Raghuram Chetty

Chennai- 600 036.
Chemical Process Industry
 The chemical process industry is vast and varied, and
the following is a list of major process industry.
 Inorganic chemicals
 Fertilizers
 Organic chemicals
 Soap, detergents, dyes, pharmaceuticals
 Explosives
 Plastics, resins, rubber, paper
 Paints
 Petrochemical processing
Requirements
 Industry and society are continuing to focus on reducing

personnel and environmental damage resulting from
accidents.
 Business requirement
 Uninterrupted supply of regular products.
 Scale-up, new process and new products.
Requirements
 Government regulations
 Laws and regulation are major tools for protecting
people and the environment.
 If the requirement of legislation is ignored then
prosecution is to be expected.
 An employer who does not take due care of his or her
employees is liable.
Requirements
A mishap on a process plant may have a variety of
commercial implications:
 Loss of profit from production lost due to plant
downtime.
 The cost of damage to equipment, comprising
replacements costs of spares, etc. and labour.
 The costs resulting from injury or loss of life.
 The cost of environmental damage, including cleanup
costs.
 The cost of damaged public image, including public
opposition to further developments.
Accident Statistics
 Fire and explosion contribute substantially to the

risk associated with the chemical plants.
Vapour
cloud explosion
Fire 36%
31%
3% Others
30%
Explosion
Evaluation of the largest chemical plant accidents

Chemical reactions
 Endowed with inherent hazards (associated with a process)
 Fire
 Explosion
 BLEVE (Boiling Liquid Expanding Vapor Explosion): This is a
type of explosion that can occur when a vessel containing a
pressurized liquid is ruptured. Such explosions can be
extremely hazardous.
 Vapor cloud explosion: Overpressure caused when a gas
cloud detonates or deflagrates in open air rather than simply
burn, i.e. extremely rapid flame front propagation.
 Detonation and Deflagration
 Toxic Chemicals Release
 Governed by system thermodynamics and kinetics of thermal
process.
Decomposition & Runaway Reactions
 There are many reasons for explosions during chemical

processing
 Decomposition and runaway chemical reactions are
the most common
 Often these are either exothermic and/or gas
producing reactions that go out of control
 Can be avoided if reactions are understood and
reactive chemicals are identified.
Decomposition & Runaway Reactions
 Identification of reactive chemicals

 Chemical structure promoting either instability or
susceptibility to other reactions
 Decomposition energy
 Affinity between different compounds.
Runaway Reaction
 In chemical engineering, runaway is a process by which

an exothermic reaction goes out of control, often resulting
in an explosion.
 Exothermic chemical reactions can lead to a thermal
runaway if the heat generation rate exceeds the heat
removal rate.
Runaway Reaction
 when the reaction rate increases due to an increase in

temperature, causing a further increase in temperature
and hence a further increase in the reaction rate.
 Thermal runaway may result from exothermic side

reaction(s), and is characterised by an exponential
increase in the rate of heat generation, temperature and
pressure.
Initiating factors
Incorrect charging and inadequate cooling are the most

important initiating factors for the runaway reactions
followed by unknown exotherm/ decomposition, impurities
and incorrect agitation/mixing resulting in hotspots.
 Incorrect charging
 Inadequate cooling
Initiating factors
Unknown exotherm/decompostion: In the manufacture
of tetrachloro-ethane excess chlorine was reacted with
acetylene at 100°C in the presence of ferric chloride
catalyst. On one occasion, the temperature of the mix
dropped to 60oC and an explosion ruptured the bursting
disc and also cracked the reactor. It was suggested that
monochloroacetylene had decomposed, initiating the
explosion.
Initiating factors
 Impurity exotherm: An initiating mix of ether, butyl

chloride, cyclohexane and butyl bromide for the
preparation of a Grignard reagent was added to a reactor
containing magnesium. Cyclohexane was added and
immediately vapours emerged from the condenser vent
and the bursting disc ruptured. The investigation revealed
that the cyclohexane transfer line was wet and the
Grignard reagent had reacted with the water to produce
hydrogen and ethane.
Initiating factors
 Incorrect agitation: Monoethanolamine was added slowly
with stirring to 98% H2SO4 which was maintained at 110°C
in a glass-lined reactor. The monoethanolamine and H2SO4
were immiscible. When the reaction was complete the mix
was cooled and isopropyl alcohol was added to precipitate
the product. On the day of the incident, the reactor was
charged with H2SO4 and then there was a shift change. The
oncoming shift did not realize that the stirrer had not been
switched on and proceeded to add the monoethanolamine.
When they realised the temperature was not rising and
switched on the stirrer. The two liquids were mixed causing
an instantaneous chemical reaction and explosion.
Batch Reactor
Reactor
Pressure
gauge
Stirrer
Relief device

Rupture disk
Energy loss by
vaporization of
liquid
Energy generated
by reaction
Energy accumulation
by heating of liquid
beyond set
temperature
Reaction system showing the important energy terms

Fault Tree
Reactor
Over Pressure
Failure of
Potential Mitigation
Pressure Rise Features
Incorrect Inadequate Excessive Incorrect Undesired Impurity

Decomposition
Charging Cooling Heating Agitation Catalyst Exotherm
Causes that may lead to reactor overpressure in a generic fault tree

Reactive Chemical Hazard
 Specific types of Chemical Structure lead to instability or

high levels of reactive under appropriate conditions.
Example of reactive functional groups are: Diazo,
Diazonium, Nitroso, Nitrate, Nitrite, Chlorates, Ozonide.
 Self Reaction
 Nitro, Nitramino, Peroxide, Azide
 Auto oxidation
 Ethers (-O-), Isopropyl (-Cme2-H), Allyl (-C=C-C-H),
Vinyl (-C=C-H), Styrene (PhCH=C-H).
 Mutually Reacting
 Metallic Sodium, Aluminium, Magnesium, Hydrazine,
Hydrides, Propellants.
 Pyrophoric & spontaneously combustible

 e.g. aluminium alkyl, Grignard reagent,
 Peroxide forming
 e.g. alkali metal, ethers
 Water-reactive chemicals
 Na, acetic anhydride
 Oxidizers
 Chlorine, hydrogen peroxide, nitric acid
 Self-reactive
 Polymerizing e.g. acrolein, ethylene
 Shock-sensitive e.g. picric acid, NI3, nitroglycerin,
acetone peroxide
 Thermally decomposing
 Rearranging
 Incompatible materials
Decomposition energy
 Chemical compounds release energy by

decomposition or combustion.
 Rapid energy release occurs when reacts with
stoichiometric amount of oxygen.
 Reactive chemicals such as explosives contain
enough of their own oxygen to give zero oxygen
balance on decomposition. e.g. TNT.
Decomposition energy
Chemical Compounds Characteristic Heat of

bond decomposition
(KJ/mol)
 Aromatic nitro R-NO2 220-410
 Peroxides C-O-O- 200-340
 Aromatic Diazonium R-N2 130-165
 Oximes C=N-OH 110-170
 Aromatic azo R-N=N-C 100-180
 Aromatic nitroso R-N=O 90-290
 Epoxides -CH-CH2-O 65-100
Organic nitro compounds
 Pure organic nitro compounds, i.e., aromatic or

aliphatic nitro compounds, decompose at high
temperatures. Their decomposition is rapid and highly
exothermic. The thermal stability and decomposition
exotherm are influenced by the type, position, and
number of substituents.
 The decomposition of pure nitro compounds is rapid or
explosive is due to the following factors:
 The decomposition occurs at high temperatures
(250−350 °C), where chemical reactions are fast
anyway.
Organic nitro compounds
 The decomposition activation energy is very high (above

1050 kJ kg-1). Consequently the thermal acceleration of
the decomposition is large, due to a fast increase of the
temperature in process situations.
 Consequently the decomposition reaction, once
initiated, becomes very fast even for a limited increase
in temperature.
 The decomposition may exhibit a chemical acceleration
phenomenon.
 The decomposition reaction of nitro compounds may be
autocatalytic, i.e., exhibit a chemical acceleration under
constant temperature conditions.
Hazardous Unit Processes
Process Energy
 Oxidation Highly exothermic
 Nitration Highly exothermic
 Reduction Low
 Halogenation Highly exothermic
 Sulphonation Moderately exothermic
 Hydrolysis Mildly exothermic
 Polymerization Exothermic/highly exothermic
 Condensation Moderately exothermic
 Hydrogenation Mild to moderately exothermic
 Alkylation Mildly exothermic side reactions
 Organometallics Highly exothermic
 Amination Moderately exothermic
Thermal profile of exothermic reaction
 The following three cases can
normally arise for the chemical
Heat Rate / °C min-1

reactions.
 The heat production is less
than the heat lost. TNR
 The heat production is same Runaway
as the heat lost. Stable

Unstable
 The heat production is Temperature / °C

greater than the heat lost.
Thermal profile of an
exothermic reaction system
Example 1: T2 Laboratories, Florida
 On 19 December 2007, an explosion occurred at T2

Laboratories Inc. Jacksonville, Florida.
 The explosion killed four T2 workers and resulted in

hospitalizing 14 other people. The blast was felt several
miles away. Over 100 firefighters fought the ensuing
blaze.
Example 1: T2 Laboratories, Florida
 T2 Laboratories is a small company employing about 12

people, and their facility in Jacksonville is their only
production site.
 T2 Laboratories manufactured methylcyclopentadienyl
manganese tricarbonyl (MMT) under the trade name
Ecotane.
 This chemical is used as a gasoline additive to boost
octane rating of gasoline. It is also used in refinery
processing to reduce emissions of nitrous oxide and
increase the output of gasoline from crude oil. Over one
million pounds per year are produced annually in the
United States.
T2 Laboratories, Florida
The manufacturing process entails the following:
 Under a nitrogen atmosphere, methylcyclopentadienyl

dimer is added to a dispersion of sodium metal in
diethylene glycol dimethyl ether.
 A constant elevated reaction temperature is maintained to

yield sodium-methylcyclopentadienyl, which is an
intermediate in the reaction process. Manganese chloride
is then added to the stirred mixture containing the sodium
– methylcyclopendienyl intermediate.
T2 Laboratories, Florida
 An elevated temperature is maintained during the

addition. Upon completion, the reaction gives bis
(methylcyclopentadienyl) manganese, the second
intermediate of the reaction process.
 The reaction vessel is then pressurized with carbon

monoxide. The addition of CO results in MMT which is
separated from the reaction mixture via vacuum
distillation.
T2 Laboratories after the blast

U.S. Chemical Safety Board
An independent federal agency investigating
chemical accidents to protect workers, the public,
and the environment.
Safety videos @ www.csb.gov

Example 2. Synthron, North Carolina
 On 31 January 2006, a runaway chemical reaction and

subsequent vapor cloud explosion killed one worker and
injured 14 people at the Synthron, LLC facility in
Morganton, NC.
 The explosion destroyed the facility and damaged

structures in the nearby community.
 The acrylic polymer products produced by Synthron are

used for various coatings and paints.
Polymerization
 The runaway chemical reaction at
Synthron occurred in their reactor
M1, which had a capacity of 1500
gallons.
 The reactor is used to produce
acrylic polymers. In a typical
operation, an acrylic monomer
(purchased from a chemical supplier)
is mixed with various flammable
solvents in the reactor, and then
steam is injected to heat the reaction
mixture to a specified temperature
(usually near the mixture boiling
point).
Polymerization
 Then the steam is turned off, and
a polymer initiating solution
metered into the reactor. The
heat given off by the reaction
boils off the solvent which is
condensed in the overhead
watercooled condenser. Liquid
solvent from the condenser is
drained back to the reactor. The
system operates near
atmospheric pressure controlled
by a vent on the condenser
Synthron, North Carolina
 The company had received an order for their product,

liquid acrylic polymer, and the order was for a slightly
greater amount of product than what the reactor was
designed to produce in a single batch.
 Operators began preparing for the 6080 pound acrylic
polymer batch the previous day which was 12 percent
greater than normal.
 The chemical ingredients were scaled up to take care of
the increased polymer product, but because there was
insufficient aliphatic solvent on hand in storage the
operator actually scaled back on the aliphatic solvent.
 On the day of the explosion, operations appeared normal

until after the steam was turned off and the polymer
initiating solution was pumped into the reactor. The
operator in charge noted that initially the reaction did not
proceed as vigorously as expected, but later the solvent
evaporated and the condensed solvent flow returning to
the reactor appeared within normal range. A few minutes
later, the operator heard a loud hissing and saw vapor
venting from the reactor manway.
 A little latter the building exploded killing one and injuring
many.
The explosion occurred on the following combination of

circumstances:
 Because there was a shortage of the aliphatic solvent in

storage, the operator actually decreased the amount
charged to the reactor by 12% compared with the standard
recipe, and increased the acrylic monomer by 12%. With
the adjustments made to the reactants to manufacture
everything in one batch but with different proportions of
chemicals, the heat release was at least 2.3 times that of
the standard recipe.
 The waterside of the condenser had apparently never been

cleaned and was fouled and could not remove the excess
heat release as the solvents boiled. Once the heating rate
exceeded the condenser cooling capacity, control of the
reaction was lost resulting in a runaway reaction.
 Only 4 of the 18 clamps specified by the manufacturer were
tightened for the manway cover. This was a labor-saving
step as it was long-standing practice to open and clean
reactor tank after every batch. The manway began to leak
vapors (the hissing sound reported) when the pressure
reached approximately 23 psig. The flammable vapors
filled the room and ignited.
Synthron
site
after the blast

Example 3: Phenol-formaldehyde reactions
 Phenol-formaldehyde reactions are common industrial
processes. The reaction of phenol or substituted phenol
with an aldehyde, such as formaldehyde, in the
presence of an acidic or basic catalyst is used to
prepare phenolic resins.
 Phenolic resins are used in adhesives, coatings, and
molding compounds.
 Typically, phenol-formaldehyde reactions are highly
exothermic. Once a reaction is initiated, heat generated
by the reaction increases the reaction rate generating
more heat. Because the reaction rate is typically an
exponential function of temperature, the rate of heat
generation will accelerate. Without intervention, a
thermal runaway will occur, producing a large amount
of heat in a very short time.
 Once the reaction begins to accelerate, the pressure of the
system will typically increase suddenly due to gas production
and/or the vigorous evaporation of liquid. If the reaction
continues to accelerate, the pressure buildup may reach and
exceed the ultimate strength of the reactor and cause it to
explode.
 The heat of reaction is removed by the evaporation of water
or other liquid from the process, condensation of the liquid in
the overhead condensation system, and return of the liquid
to the reactor vessel. Emergency relief on the reactor is
usually provided by rupture disks. For safety reasons, slow
continuous or stepwise addition of formaldehyde is preferred.
Phenol-Formaldehyde Reaction Incidents
Phenol-Formaldehyde Reaction Incidents at Various Companies in USA.
Date of State, Description Effects
incident USA
September OH A 8,000 gallon reactor exploded 1 worker fatality, 4
10, 1997 during production of a phenol- employees injured, 3
formaldehyde resin. firefighters treated for
chemical burns.
Evacuation of residents
for several hours.
August 18, OH Pressure buildup during Residents evacuated for

1994 manufacture of phenolic resin, 5 hours.
pressure increased, rupture disks
popped. Product was released
through emergency vent. The cause
of accident was reported as failure
to open condensate return line.
February 29, GA A 13,000 gallon reactor exploded 4 employees injured, 1

1992 during production of a phenol- seriously. 1 firefighter
formaldehyde resin. Explosion treated for chemical
occurred during initial stages of burns. Evacuation of 200
catalyst addition. residents for 3 hours.
Georgia-Pacific, 1997.
 Georgia-Pacific was manufacturing a phenolic resin in an

8,000-gallon batch reactor when the incident occurred.
 An operator charged raw materials and catalyst to the

reactor and turned on steam to heat the contents. A high
temperature alarm sounded and the operator turned off
the steam. Shortly after, there was a large, highly
energetic explosion.
Georgia-Pacific, 1997.
 The investigation revealed that the reactor explosion was
caused by excessive pressure generated by a runaway
reaction. The runaway was triggered when, contrary to
standard operating procedures (SOP), all the raw
materials and catalyst were charged to the reactor at once
followed by the addition of heat.
 Under the runaway conditions, heat generated exceeded
the cooling capacity of the system and the pressure
generated could not be vented through the emergency
relief system causing the reactor to explode
Fault tree for reactor overpressure
Vessel overflow
Leakage
Accidental
Manhole etc not Release
fastened
Operation to drain Release of
valve toxic
materials
Vented material not Venting
controlled
DEATH or
serious
injury
Thermal expansion
Vapour explosion Excess

Pressure
Uncontrolled exotherm
Reactor bursts
No vent fitted
Vent too small Reactor vent

Vent blocked/ valve off inadequate
Wrong pressure rating

disc fitted
Chemical Reactivity Hazard
 A chemical reactivity hazard is a situation with the potential

for an uncontrolled chemical reaction that can result
directly or indirectly in serious harm to people, property, or
the environment.
 The resulting reaction may be violent, releasing heat, large

quantities of toxic, or flammable gases or solids.
Chemical Reactivity Hazard
 If the reaction is confined in a container, the pressure

within the container may increase resulting in an explosion.
 Common materials that we use routinely by themselves

with negligible hazard may react violently when mixed with
other common materials, or react violently when the
temperature or pressure is changed.
Components of intrinsic safety
 The basic parameters that have to be considered for

assessing the chemical reaction systems are
Thermodynamics Kinetics Physical
 Reaction energy  Activation energy  Heat capacity

 Adiabatic  Reaction rate  Thermal conductivity
temperature and  Rate of heat
pressure rise generation
 Quantum of gas  Rate of pressure rise
generated  Time to maximum
rate
 In addition to the above parameters the safe limits of

temperature, feed rate and concentration have to be
defined as a function of operating conditions.
Reaction Hazard
 Analysis indicates that incidents occur due to:
 Lack of proper understanding of the thermo-chemistry
and chemistry
 Inadequate engineering design for heat transfer
 Inadequate control systems and safety back-up

systems
 Including venting arrangements
 Inadequate operational procedures, including training.

Assessing Reaction Hazard
 Controlling an exothermic reaction depends on the

interaction among:
 the kinetics and reaction chemistry
 the plant equipment design
 the operating environment.
 Chemical process industry must consider the following

factors to better understand and address the potential
hazards and consequences of reactive systems:
 Thorough hazard assessment: The chemical & process

hazards and the consequences of deviations must be
thoroughly understood, evaluated, and appropriately
addressed through preventive measures. Several layers of
safety systems, whether complementary or redundant
should be considered to enhance reliability.
 Complete identification of reaction chemistry and
thermochemistry: For some exothermic reactions, the
time to runaway is very short. Over-pressurization can
occur when gas or vapor is produced as a byproduct of the
reaction or any decomposition reactions. The kinetics of the
runaway reaction will be reaction specific and may differ in
various runaway situations. The characteristics of the
particular reactions must be determined experimentally.
Experimental data should be used to define process
boundaries in terms of the pressure, temperature,
concentration, and other parameters as well as the
consequences of operating outside of these boundaries.
 Addition of raw materials: Frequently, the reaction rate
is controlled by the addition rate of one reactant or the
catalyst and should be determined based on chemistry
studies. Process industries must pay attention to the order
of ingredients, the addition rates, under- or over-charging,
and loss of agitation.
 Emergency relief: Runaway reactions may lead to the

rapid generation of gas or vapor. Under certain conditions,
the vapor generation rate may be large enough to cause
the vapor-liquid mixture to swell to the top of the vessel,
resulting in two-phase flow in the relief venting system.
Relief system capacity should be evaluated in conjunction
with the hazard analysis to ensure that sizing is based on
an appropriate worst case scenario.
 Administrative controls: If administrative controls, such

as training and standard operating procedures (SOP), are
used as a safeguard against process deviation and
accidental release, consideration must be given to human
factors to ensure reliability.
Characterization using Calorimeters
 Chemical plants produce products using a variety of

complex reactive chemistries.
 It is essential that the behavior of these reactions be well
characterized prior to using these chemicals in large
commercial reactors.
 Calorimeter analysis is important to understand both the
desired reactions and also undesired reactions.
Characterization using Calorimeters
Important questions that must be asked for the
characterization of reactive chemicals:
 At what temperature does the reaction rate become large
enough
 What is the maximum temperature increase
 What is the maximum pressure during the reaction.
 At what time and temperature does the maximum self-heat
rate or pressure rate occurs
 Are there any side reactions
 Can the heat generated by chemical reactions (desired or
undesired) exceed the capability of the vessel/process to
remove heat
Tools for evaluating thermal explosion
 Calorimetric techniques are excellent tools for evaluating

thermal explosion hazards of chemicals/chemical
process.
 They measure the thermal instability of a compound

which is the root cause for runaway and decomposition
reactions.
Tools for evaluating thermal explosion
 The following techniques have attained scientific

importance due to their novelty in determining the
instability and thermal runaway potential of a chemical
compound.
 Thermal analysis
 Differential Scanning Calorimeter (DSC),
 Thermo Gravimetric Analyzer (TGA),
 Differential Thermal Analyzer (DTA).
 Advanced Reactive Systems Screening Tool
(ARSST).
Advanced Reactive Systems Screening Tool
(ARSST)
 ARSST is a low thermal inertia
calorimeter used to obtain
critical upset process design
data.
 ARSST tests are used to model
such upset scenarios as loss of
cooling, loss of stirring,
mischarge of reagents, batch
contamination and fire
exposure heating.
(www.fauske.com)
Advanced Reactive Systems Screening Tool
(ARSST)
 This can quickly and safely
identify potential reactive
chemical hazards in the
process industry.
 ARSST data yields critical
experimental knowledge of the
rates of temperature and
pressure rise during a runaway
reaction, thereby providing
energy and gas release rates
which can be applied to full (www.fauske.com)
scale process conditions.

Calorimeter
 Calorimetry is the science of

measuring the heat of chemical
reactions or physical changes as
well as heat capacity.
 Adiabatic calorimeters
 Accelerated Rate Calorimeter
(ARC)
 Reaction calorimeters
 Heat flow calorimetry
 Bomb calorimeters Bomb calorimeter
Reaction Calorimeter (RC)
A computer
controlled batch
reactor to monitor the
course of chemical or
physical reactions at
process-like
conditions

Carius Tube
 The test is designed to

provide a relatively low cost
screening of thermal stability
and pressure generation
capacity. With an appropriate
safety margin, the maximum
safe exposure temperature of
a material can be specified.
Decomposition rate of DNT

Carius Tube
 The test is a form of

Differential Thermal Analysis
(DTA). This is a high heat
loss thermal screening
technique. The test measures
the onset temperature and
magnitude of thermal activity
and any pressure events
when a material is exposed to
elevated temperatures.
Carius Tube
 Typical temperature and
pressure plot for the
decomposition of dinitrotoluene
(DNT) is shown in the figure.
DNT is not normally considered
as an explosive material but it
can undergo very high rate
decomposition. The high rate
occurs above its atmospheric
boiling point ~300°C, therefore
confinement is necessary before
propagative deflagration will
occur.
Calorimeter
 Measuring Procedure
 Heat Production rate
 Reaction enthalpy
 Specific heat
 Heat of dissolution & crystallization  Control
 Heat of mixing  Temperature, stirrer
 Enthalpy of phase changes speed,
 Dosing, pressure, pH,
 Measuring
etc.
 Process variables, e.g. temperature,
stirrer speed, mass, pH, pressure,
etc.
 Heat transfer coefficient
 Heat production rate
Steps to Reduce Reactive Hazards
 The consequences of a runaway reaction can be severe.

Therefore, facilities must focus on prevention of conditions
favorable to a reaction excursion through process design
control, instrumentation, and interlocks to prevent
recurrence of similar events.
Steps to Reduce Reactive Hazards
 Facilities should take the following steps to prevent

runaway reactions:
 Modify processes to improve inherent safety.
 Minimize the potential for human error.
 Understand events that may lead to an overpressure
and eventually to vessel rupture.
 Use lessons learned.
 Evaluate Safe Operating Procedures.
 Evaluate the effectiveness of the emergency relief
system.
 Evaluate employee training and oversight.
Controlling Reactive Hazards
Through Inherent Safety

 Use a reaction pathway that uses less hazardous
chemicals
 Use reaction pathway that is less energetic, slower or
easier to control
 Use smaller inventories of reactive chemicals both in
process and in storage
Controlling Reactive Hazards
Through Inherent Safety

 Reduce shipping of reactive chemicals – produce on site
on demand.
 Design equipments or procedures to prevent an incident
in the event of a human error.
 Control reactor stoichiometry and charge mass so that in
the event of a runaway reaction the pressure rating of the
vessel will not be exceeded.
Runaway Preventive Measures
Runaway Preventive Measures
Off-line On-line
• Calorimetric studies • Instrumentation

• Improvement of plant design • Control improvements
• Modeling & simulation • Simulation
• New routes of synthesis • Detection of Runaway reaction
Safety Aspects in Process Plant Design
Process plant safety
Process plant
 Receive, store, process chemicals in controlled manner
 Most chemical are flammable, toxic
 Unsafe conditions will result in uncontrolled release of
materials.
Process plant safety is ensured by
 Design of inherent safe plant
 Constructional facility as designed
 Operational controls.
Chemical Plant Design
 In plant design, normally less than 1% of ideas for new
designs become commercialized.
 During this process, typically, cost studies are used as an
initial screening to eliminate unprofitable designs.
 If a process appears profitable, then other factors such as
safety, environmental constraints, controllability, etc. are
considered.
Chemical Plant Design
 Generally, small chemical plant called a pilot plant is built to
provide design and operating information before
construction of a large plant.
 From data and operational experience obtained from the
pilot plant, a scaled-up plant can be designed for higher or
full capacity.
Design
 Design of the facility shall be
 To meet & withstand external & internal conditions
 Provide passive and active protections
Design
 External conditions
 Site selections, environment
 Metrological data
 Site elevation
 Max, Min temperature
 Seismic data
 Wind speed
 Tide, Tsumani
 All these factors are taken into account for P & ID.
Flow Diagrams
 The units, streams, and fluid systems of chemical plants or
processes can be represented by Block Flow Diagrams
which are very simplified diagrams, or Process Flow
Diagrams which are somewhat more detailed.
 Block Flow Diagrams (BFD) is a schematic illustration of
the major process. Shows overall processing picture, flow
of raw materials and products may be included. Unit
operations such as mixers, separators, reactors, distillation
columns, etc. are usually denoted by a simple block or
rectangle.
Flow Diagrams
 Process Flow Diagrams (PFD) use more detailed
symbols and show pumps, compressors, and major valves.
Likely ranges of material flow rates for the various streams
are determined based on desired plant capacity using
material balance calculations.
 Energy balances are also done based on heats of reaction,
heat capacities, expected temperatures and pressures at
various points to calculate amounts of heating and cooling
needed in various places and to size heat exchangers.
e.g. Biodiesel Process Block Diagram

Block Diagram for H2SO4 Production
Plant block diagram and overall material balance

e.g. Process flow diagram
P&I D
 Chemical plant design can be shown in full detail in a
Piping and Instrumentation Diagram/Drawing (P&ID)
which shows all piping, tubing, valves, and
instrumentation, typically with special symbols.
 It is a pictorial representation of
 Key piping and instrument details
 Control and shutdown schemes
 Safety and regulatory requirements
e.g. Piping and Instrumentation Diagram
P & ID Symbols
P & ID Symbols
Sketch of a simple vs. complex design
Controls: Block and Bleed
 A block and bleed manifold is a hydraulic manifold that
combines one or more block/isolate valves, for interface with
other components. The purpose of the block and bleed
manifold is to isolate or block the flow of fluid in the system.
Control System
 Control systems monitor, record and log plant status and
process parameters.
 Provides provision for operator to control changes to the
plant status.
 Detect onset of hazard and automatic hazard termination
(i.e. control within safe operating limits).
 Prevent automatic or manual control actions which might
initiate a hazard.
Control System
 Control system may be independent, or share elements

such as plant interface and human interface.
 The plant interface comprises inputs (sensors), outputs
(actuators), and communications (wiring, fibre optic,
analogue/digital signals).
 The human interface may comprise a number of input
and output components, such as controls, keyboard,
mouse, indicators, audible alarms and charts.
Alarms in Processes
 Alarms are implemented in a process design to aid in the
control of the process.
 In all processes, disturbances occur that can shift a plant's
operation away from normal. When this happens,
measures are usually taken by computers, with the use of
P&ID control loops, to keep the process under control.
 With the control systems, processes are designed to fall
within a range of acceptable normal operating limits. When
a process deviates beyond these normal limits, an alarm
should be triggered.
Alarms in Processes
 For most processes, the minimum for safe operation is two
levels of alarms: Warning and Critical.
 The warning alarm tells plant operators that the process
has deviated beyond the acceptable limits and provides
them with the time and ability to take corrective action so
that the product quality is not affected and environmental
and safety regulations are not exceeded.
 If the right actions are not taken quickly enough to correct
the problem, a critical alarm may then be triggered. The
critical alarm tells the plant operators that conditions are
dangerously close to breaching what is allowed. In many
cases, the critical alarm will call for a systematic shut-down
of the operation.
Visual representation of alarm ranges
Problem: Alarms in P&ID
 A P&ID appears below for the production of a chemical compound. The

reaction taking place in the CSTR is highly exothermic.
 After examining the P&ID for this part of the process, describe a possible
alarm and control system.
Answer
The CSTR for the exothermic reaction is jacketed with a

cooling water stream. An alarm should be in place to monitor
the reactor temperature.
A warning alarm can notify the operator that the temperature
is too high and corrective action needs to be taken.
A critical alarm should be in place to warn that the reactor is
nearing runaway conditions and an immediate response is
needed.
.
Answer
Flow controller and valve for the liquid feed and gas feed can
be placed.
If the necessary action is not taken for warming/critical alarm,
systematic shutdown of the reactor need to occur. This would
involve closing the valves, flooding the jacket with cooling
water.
Another possibility for an alarm, is in a composition
measurement of the product containing chemical compound.
As, too high a concentration could be dangerous if no other
concentration-altering steps occur before the finished product
goes out to consumers.
Equipment and Piping
 Material of construction is selected based on process
parameter
 Equipment and piping are designed

 For maximum operational pressure plus 10%
 Operational temperature -5oC (for temperature below
0oC) or +30oC (for temperature above 0oC)
Equipment and Piping
 Engineering Materials - Types and Properties
 Metals - Ferrous and non-ferrous
 Carbon steel
 Alloying elements added to iron base - carbon,
manganese, and silicon
 Impurities and their effect - sulfur, phosphorus
 Alloy steel
 Stainless steels
 Corrosion resistant alloys
 High temperature alloys
Passive protection
 First and foremost is a good layout
 There are guidelines which specify the distance between
units, buildings and roads.
 Plant is designed to
 Minimize involvement of adjacent facility in fire
 To permit access for fire fighting
 Ensure emergency facility will be accessible for operators to
perform emergency shutdown in event of fire or explosion
 To segregate high risk facility or equipment from less
hazardous operation and equipment.
 To permit access to plant personnel for normal operation &
maintenance of equipment.
Chemical Plant Layout
Flare
Sub-Station Effluent Collection
Main Pipe Rack

Control Room
Office Buildings Storage Area
Main Road
Chemical Plant Layout
Active Protection
 Active fire protection Image courtesy: Google Images
 Fire water storage and supply

 Hydrants and monitors
 Deluge system
 Foam systems Fire Hydrants
 Fire and smoke detectors

 Manual call point
Foam systems
Emergency Shutdown System
 During the development of P&ID, emergency shutdown
system are identified.
 Emergency Shutdown System (EDS) are segregated

from normal shutdown system.
 Heat inputs are stopped
 Equipments are stopped
 Depressurization done.
Early Warning Detection System (EWDS)
 EWDS was intended to

improve the quality, safety
and reliability of production
operations and reduce
accidents in chemical plant by
developing new devise for
early warning of runaway
events..
Early Warning Detection System (EWDS)
 EWDS interface with the

process to acquire data
(monitoring); criteria to
distinguish between dangerous
situations and non-dangerous
ones (detection); procedure for
triggering off the alarms
(diagnosis and evaluation).
 EWDS should allow counter
measures to be taken for the
runaway events, whilst
protecting the environment.
Safety Integrity
 Safety Integrity = Ability of a safety function to continue to
be effective in spite of deterioration of its implementation.
 Things can go wrong, so we need additional functionality
 Safety functions to reduce the risks
 Safety functions can have varied implementation measures
 active functionality
 design properties
 administrative measures
 any combination of the above
 Safety Integrity Level (SIL) is a relative level of risk-
reduction provided by a safety function.
Safety Integrity Level (SIL)
 Degree of Safety Integrity is determined by
 number of implementation measures
 how effective they are
 how vulnerable they are
 how independent they are
Safety Integrity Level (SIL)
 Many different degrees of safety integrity, grouped into 5
levels:
SIL 0 = no safety integrity at all
…
…
SIL 4 = highest possible level
 For "important" safety functions, a high SIL will be
demanded
 Safety Integrity Levels depend on Risk Acceptability

Inherent Safety Techniques
1. Minimize
 Change from large batch reactor to a smaller continuous
reactor
 Reduce storage inventory of raw materials
 Improve control to reduced inventory of hazardous
intermediate chemicals
 Reduce process hold-up
2. Substitute
 Use solvents that are less toxic
 Use mechanical gauges vs. mercury
 Use chemicals with higher flash points, boiling points,
and other less hazardous properties
 Use water as a heat transfer fluid instead of hot oil.
3. Moderate
 Use vacuum to reduce boiling point
 Reduce process temperatures and pressures
 Refrigerate storage vessel
 Dissolve hazardous materials in safe solvents
 Operate at conditions where reactor runaway is
not possible
 Place control rooms away from operations
 Barricade control rooms and tanks
4. Simplify
 Keep piping system neat and visually easy to
follow
 Design Plant for easy & safe maintenance
 Pick equipment with low failure rates
 Add fire and explosion resistant barricade
 Label vessels and controls to enhance
understanding
References
 Daniel Crowl and Joseph Louvar
“Chemical Process Safety: Fundamentals with
Applications”, Prentice Hall, 2001.
 U.S Chemical Safety Board

www.csb.gov
Lecture 7

Nuclear Industries
Introduction to Nuclear Energy
Dr. Raghuram Chetty

Chennai- 600 036.
World Energy Scenario
 The world is facing considerable energy and

environmental challenges, and about one-third of the
world’s population still does not have access to electricity.
 In a recently published* international energy projections
through 2035, an assessment was given on the outlook for
energy (including electricity) demand and supply.
*International Energy Outlook 2010. U.S. Energy Information Administration, Office of Integrated
Analysis and Forecasting, Department of Energy, DOE/EIA-0484; July 2010.
World Energy Scenario
 Based on this study, the world net electricity generation

will increase by 87 percent from 18.8 trillion kWh (18.8
x1012 kWh) in 2007 to 25.0 trillion kWh in 2020 and to 35.2
trillion kWh in 2035.
 While the renewable energy use for electricity generation
will increase from 18% in 2007 to 23% in 2035 (an
average of 3.0% per year).
 The coal-fired generation will increase by an average of
2.3%, and nuclear power by 2.0% per year.
*International Energy Outlook 2010. U.S. Energy Information Administration, Office of Integrated
Analysis and Forecasting, Department of Energy, DOE/EIA-0484; July 2010.
World Net Electricity Generation by Fuel
Net Electricity Generation by Fuel (trillion kWh)

Nuclear Power
 Electricity generation from nuclear power is predicted to
increase from about 2.6 trillion kWh in 2007 to 3.6 trillion
kWh in 2020 and to 4.5 trillion kWh in 2035.
 However, there is considerable uncertainty with the

predictions for nuclear power growth, related to
radioactive waste disposal, safety, non-proliferation
issues, as well as rising construction cost and investment
risk.
Electricity consumption
 Per capita electricity consumption is an important measure
of development in a developing country.
 If the developing countries of Asia want to aim for a quality

of life comparable to that of the developed countries, their
electricity production must go up substantially.
Electricity consumption
“The energy scene in the 21st century is going to see a major
shift. Very soon, oil and gas will see its finiteness. It is high
time that we realize this factor and work towards the fuel of
the future.
(Dr. A P J Abdul Kalam)
“In general, the perspective of a country on nuclear energy -
and degree of public acceptance – could depend on where
you are on the HDI curves, on the availability of fossil and
hydro resources, and on technological development
capacity.”
(R. Chidambaram)
Electricity Production Ranking
Country GDP Electricity Per Capita % Nuclear Nuclear
Rank Prodn. Rank Elec. Gen. Reactors under
(kWh/yr) constn.
USA 01 01 12824 20 0
China 02 02 1104 1.4 3
Japan 03 03 8152 39 3
Germany 04 07 6616 30 0
France 05 08 8642 78 0
UK 06 09 6006 22 0
Brazil 07 10 1765 4.0 0
Italy 08 12 4462 0 0
India 09 05 610 3.7 9
Russia 10 04 5858 16 6
Canada 11 06 17581 12 0
WORLD 2356 16 29
Nuclear share of electricity generation
Courtesy: Google Images

Inferences from the data for the top rankers
 GDP and electricity generation ranks more or less match - a

strong correlation.
 With few exceptions
 All 10 countries have (or have had) a significant nuclear
power programme..
Inferences from the data for the top rankers
 Countries with no active nuclear construction programmes

today have either high per capita electricity generation or
access to alternative (cheaper) energy options .
 Italy: Shutdown its existing four Nuclear Power Plants,
but imports 20% of its electricity from neighboring
France, which produces 80% of its electricity using
Nuclear.
 Brazil: Low Per Capita Elec. Gen. but large hydro
resources – dormant programme.
 Japan : High Per Capita Elec. Gen. but no domestic fuel
resources – active programme.
World Energy
Renewable energy from all
sources and hydropower
accounts for about 7-8% of
global energy production.
Nuclear makes up another
5-6% of global energy
production.
This leaves about 86% of
global energy coming from
fossil fuels, which are both
non-renewable, and also the
major cause of global
climate change. Data from National Geographic
World Marketed Energy Use by Fuel Type
Energy Use by Fuel Type (quadrillion Btu)

World Electricity
Data from BP Statistical Review

Why Nuclear Power?
 Nuclear power alone won’t get us to where we need to
be, but we won’t get there without it.
 Despite its controversial reputation, nuclear power is
efficient and reliable
 Nuclear power is economically feasible and meets 14%
of the world’s demand for electricity.
 CO2 emissions from a nuclear power plant are by two
orders of magnitude lower than those of fossil-fuelled
power plants.
Why Nuclear Power?
 Nuclear energy is the only electricity source that can
generate electricity 24/7 reliably, efficiently and with no
greenhouse-gas emissions.
 Concerns about rising electricity demand and clean air
are among the factors driving interest in new nuclear
plants.
 The first commercial nuclear power stations started
operation in the 1950s.
Nuclear Plants
 There are now over 440 commercial nuclear power
reactors operating in 30 countries, with 377,000 MWe of
total capacity.
Nuclear Plants
 They provide about 14% of the world's electricity as
continuous, reliable base-load power, and their efficiency is
increasing.
Nuclear Electricity Production
Primary energy used in the world

Indian Scenario
 In the recent years, India’s energy consumption has been
increasing at one of the fastest rates in the world due to
population growth and economic development.
 China and India together will account for 45% of the increase in
global primary energy demand by 2030.
 India’s primary commercial energy demand grew at the rate of

6% between 1981 and 2001.
 Electricity consumption in India, currently at around 600 TWh

annually, is set to double by next decade.
 Long term energy plan for India therefore should aim at
 Exploring the possibilities for alternative sources

 Suggesting measures for energy efficient uses
Indian Scenario
 India ranks fifth in the world in terms of primary energy
consumption, accounting for about 3.5% of the world
commercial energy demand.
 Despite the overall increase in energy demand, per capita
energy consumption in India is very low compared to other
developing countries.
Total consumption per year
Country
(Trillions of BTU)
United States 101,553.86
China 77,807.73
Russia 30,354.82
Japan 22,473.19
India 19,093.68
Electricity Primary Factor
Statistics generally show

energy use in the end use
sectors in final energy terms.
However final energy does
not account for the full energy
consumption.
One should keep in mind that
electricity production requires
on average three times its
final energy content. Electricity Primary Factor in PJ
In the case of India, the factor
that converts final electricity Hence, consuming one unit of
consumption to primary energy from electricity is equal to
energy is relatively high and consuming more than four units of
was equal to 4.2 in 2005. energy at the source of generation.
Energy Sector Overview

Total Energy Consumption
Coal Consumption
India Oil/Gas Production & Consumption
According to Oil & Gas Journal report, India had approximately 5.7 billion
barrels of proven oil reserves as of January 2011, the second-largest
amount in the Asia-Pacific region after China.
India produced roughly 950 thousand barrels per day (bbl/d) of total
liquids in 2010, of which 750 bbl/d was crude oil. The country consumed
3.2 million barrels per day in 2010.
India Oil Import by Source
India Electricity Generation
India - Electricity Production: 835 billion kWh (2009)

India Energy Mix
 Coal is the largest constituent of India’s energy basket accounting for
50% of India’s energy needs whereas oil & natural gas satisfy ~45%.
 By 2030, India’s dependence on oil is set to fall, while dependence on
Gas and Nuclear Energy will increase.
 India’s expected dependence at 6% on Nuclear Energy in 2030 is
higher than the global average of 5%.
Source: Indian Energy Conference, 2007

Comparison for Coal vs. Nuclear
Source Coal Nuclear
Fuel is inexpensive
Energy generation is the most
concentrated source
Inexpensive Waste is more compact than any
Advantages
Relatively easy to recover source
Easy to transport as new fuel
No greenhouse or acid rain
effects
Requires expensive air
pollution controls (e.g. Hg,
Requires larger capital cost
SO2)
because of emergency,
Disadvantages Significant contributor to acid
containment, radioactive waste
rain and global warming
and storage systems
Requires extensive
transportation system
Requirement of coal for a
Requirement of natural uranium
Comparison 1000 MWe Coal fired plant:
for a 1000 MWe Nuclear Power
~2.6 million t / Year (i.e. 5
Plant: ~ 160 t /Year
trains of 1400 t /Day)
Energy vision 2020
Dr. APJ Abdul Kalam quoted that
“No nation can aspire to be modern and developed without
the availability of quality power for all. No modern
machinery can run without uninterrupted and quality power
systems. The whole magic wand of Indian information
technology will be at naught if there is no electric power.
Imagine New York or London or Tokyo having just one day
without power or a week of interrupted power supply. It just
cannot happen. If it did, it could bring down the
government. When we look at the power situation in India,
“depressing” or “gloomy” appear to be mild words to
describe it. Hundreds of thousands of precious human
hours are lost because of lack of quality electric power.”
India 2020 - A Vision for the New Millennium
Indian Nuclear Development
 Homi Jehangir Bhabha colloquially
known as "father of Indian nuclear
programme“.
 In 1945, he established the Tata
Institute of Fundamental Research
(TIFR) in Bombay, and Trombay
Atomic Energy Establishment
(BARC). In 1948, served as first
chairman in the Atomic Energy
Commission.
 In the 1950s, Bhabha represented
India in (International Atomic Energy
Agency) IAEA conferences, and Homi Bhabha (1909-1966)
served as President of the United
Nations Conference on the Peaceful
Uses of Atomic Energy in Geneva,
Switzerland in 1955.
Three Stage Approach
Bhabha paraphrased the three stage approach as follows:

 “The total reserves of thorium in India amount to over
500,000 tons in the readily extractable form, while the
known reserves of uranium are less than a tenth of this.
 The aim of long range atomic power programme in India
must therefore be to base the nuclear power generation as
soon as possible on thorium rather than uranium…
 The first generation of atomic power stations based on
natural uranium can only be used to start off an atomic
power programme…
Three Stage Approach
 The plutonium produced by the first generation power

stations can be used in a second generation of power
stations designed to produce electric power and convert
thorium into U-233, or depleted uranium into more
plutonium with breeding gain…
 The second generation of power stations may be regarded
as an intermediate step for the breeder power stations of
the third generation all of which would produce more U-233
than they burn in the course of producing power.
Uranium
Uranium has an atomic number of 92 which
means there are 92 protons and 92 electrons in
the atomic structure.
U-238 has 146 neutrons in the nucleus, but the
number of neutrons can vary from 141 to 146.
U-238 and U-235 (which has 143 neutrons) are
the most common isotopes of uranium.
Uranium naturally contains three isotopes: U-238,
U-235 and U-234.
Because uranium is
radioactive, it is constantly
emitting particles and
changing into other
elements. Uranium has a
well-established
radioactive decay series.
Plutonium
Isotopes of Pu
Pu-238, (half-life 88 years, alpha decay to U-234)
Pu-239, fissile (half-life 24,000 years, alpha decay to U-235)
Pu-240, fertile (half-life 6,560 years, alpha decay to U-236)
Pu-241, fissile (half-life 14.4 years, beta decay to Am-241)
Pu-242, (half-life 374,000 years, alpha decay to U-238)
Thorium Fuel Cycle
By itself, thorium-232 is not fissile, but if a neutron source is provided

(such as uranium-233), it can "jumpstart" thorium-232 into a fission chain
reaction by causing it to absorb a neutron and become thorium-233.
Thorium-233 has a half-life of twenty two minutes at the end of which it
emits an electron, causing it to decay into proactinum-233.
After 27 days, proactinum releases a second electron and becomes
uranium-233.
Thorium
 Thorium, is much more abundant than uranium and emits only low-
level alpha particles. It has one isotope and therefore, does not require
an enrichment cycle to be used as fuel. It is many times more energy
efficient than uranium.
Indian Nuclear Programme
3 Stage Indian Nuclear Programme
Stage – I PHWRs Stage - II Stage – III and Beyond

• 15 - Operating Fast Breeder Reactors
Thorium Based Reactors
• 3 - Under construction • 40 MWt FBTR Operating
• Several others planned since 1985 • 30 kWt KAMINI- Operating
• Scaling to 700 MWe • Technology Objectives realised • 300 MWe AHWR-Being
• POWER POTENTIAL ≅ Launched
320 GWe/Y • 500 MWe PFBR-
Under Construction • POWER POTENTIAL IS
155,000 GWe/Y
LWRs • Technology development for
• 2 BWRs Operating closing the fuel cycle
• Participation in ITER for
• 2 VVERs under • POWER POTENTIAL ≅ fusion energy
construction 42,000 GWe/Y
Kalpakkam - unique nuclear site in the world housing all three

stages & closed fuel cycle facilities
Nuclear Power Plants in India
India Earthquake Zone Map
Nuclear Power Plants in India
Total capacity
Power station Operator State Type Units
(MW)
Kaiga
NPCIL Karnataka PHWR 220 x 4 880
NPCIL
Kakrapar Gujarat PHWR 220 x 2 440
Kalpakkam NPCIL Tamil Nadu PHWR 220 x 2 440
NPCIL
Narora Uttar Pradesh PHWR 220 x 2 440
100 x 1
Rawatbhata NPCIL Rajasthan PHWR 200 x 1 1180
220 x 4
BWR 160 x 2
Tarapur NPCIL Maharashtra 1400
(PHWR) 540 x 2
Total 20 4780
Nuclear Plants Under Construction
Total
Power
Operator State Type Units capacity
station
(MW)
Kudankulam NPCIL Tamil Nadu VVER-1000 1000 x 2 2000
Kalpakkam BHAVINI Tamil Nadu PFBR 500 x 1 500
Kakrapar NPCIL Gujarat PHWR 700 x 2 1400
Rawatbhata NPCIL Rajasthan PHWR 700 x 2 1400
Banswara NPCIL Rajasthan PHWR 700 x 2 1400
Total 9 6700
Fission Reaction
A chain reaction occurs when neutrons from a fission strike
another uranium nucleus and create another fission.

Uranium
 In the reactors common today, only
about 0.7 % of the uranium delivered
from the mine is actually used
(fissioned).
 So, for every kilogram of natural
uranium, 993 grams is left over as
depleted uranium and highly
radioactive spent fuel. (This is shown
in the image right where the used
fuel is blue and the waste is red).
 When the fissile content of the fuel in
the reactor falls below a given value,
the fuel has to be replaced by fresh
fuel.
Types of Nuclear Fuel
Fissile
• U235, a very small fraction 0.7% of natural uranium,
produces power by fission.
Fertile
• U238, major fraction of uranium, cannot make a
sustain a chain reaction on its own. On interacting with
neutrons gets converted into fuel (Pu239).
• Th232, cannot sustain a chain reaction on its own. On
interacting with neutrons gets converted into fuel
(U233)
Fissile Material
U235 the only “fissile”

material in nature
Natural Uranium :
99.3 % U238 + 0.7 % U235
Natural Thorium :
100 % Th232
(man –made
fissile
materials)
Types of Nuclear Fuel
0.7% U235
2 to 5% U235
Pu 239 or U 233
Piecing Together a Reactor
1. Fuel
2. Moderator
3. Control Rods
4. Coolant
5. Steam Generator
6. Turbine/Generator
7. Pumps
8. Heat Exchanger
Moderator, Coolant & Control Rods
 When a uranium-235 atom absorbs a neutron and splits --

the fission process -- it releases energy, fission fragments
and two or more neutrons from the nucleus (see slide 41) .
These released neutrons can then hit other uranium atom
nuclei causing them to fission. These released neutrons
keep a chain reaction going.
 The radioactivity from the uranium generates heat which is
transferred to a substance such as water known as the
coolant. For safety, the heat is then transferred from this
"primary coolant" to a "secondary coolant" which spins
turbines to generate electricity.
 a material that slows down ("moderates") neutrons. The

moderator is also water (some types of plants use graphite
instead of water). Water slows down the neutrons, allowing
enough neutrons to be captured by the uranium to permit a
chain reaction to occur. It is generally the different forms of
coolant and moderator that classify reactor types.
 The control rods, another important part of the reactor,

regulate or control the speed of the nuclear chain reaction,
by sliding up and down between the fuel rods or fuel
assemblies in the reactor core. The control rods contain
material such as cadmium and boron. Because of their
atomic structure cadmium and boron absorb neutrons, but
do not fission or split. Therefore, the control rods act like
sponges that absorb extra neutrons.
Working of a Nuclear Power Plant
Reactor Power Terms
 Availability – Fraction of time over a reporting period that
the plant is operational
 If a reactor is down for maintenance 1 week and
refueling 2 weeks every year, the availability factor of

the reactor would be (365-3 * 7) / 365 = 0.94
 Capacity – Fraction of total electric power that could be
produced
 If reactor with a maximum thermal power rating of
1000 MWt only operates at 900 MWt, the capacity

factor would be 0.90
 Efficiency – Electrical energy output per thermal energy
output of the reactor
Eff=W/QR (MWe/MWt)
Types of Nuclear Reactor
 Reactor types vary according to the moderator used to control the
speed of neutrons, the coolant employed to transfer heat to the
generating cycle, and by the degree of U-235 enrichment in the
nuclear fuel. These characteristics are inter-related: natural uranium
fuel without enrichment needs a more effective moderator that can
slow neutrons to a speed where more fission events can take place.
 The reactors can be classified into the following broad categories:
 The Pressurized Water Reactor (PWR) – approximately 60% of

reactors world-wide. This reactor type uses ordinary ‘light’ water as a
moderator and also as the coolant. It has two separate coolant loops,
one to remove heat from the reactor and the other to provide steam to
a turbine that drives an electrical generator. The primary loop (which is
in closest contact with the reactor core) is maintained under high
pressure to keep it from boiling.
Types of Nuclear Reactor (cont’d)
 The Boiling Water Reactor (BWR) – approximately 20% of reactors
world-wide. This type also uses light water as a moderator and
coolant, but has a single coolant loop in which the water is allowed to
reach boiling temperature and produce steam.
 The Pressurized Heavy Water Reactor (PHWR) – approximately
11% of reactors world-wide. This type is predominantly based upon
the CANDU reactor developed in Canada. It uses heavy water as a
moderator and coolant, and natural uranium fuel. Like the PWR it
uses two separate coolant circuits, one to remove heat from the
reactor and the other to provide steam to a turbine that drives an
electrical generator. The primary loop cooling the reactor is
maintained at high pressure to limit the amount of boiling.
 Fast Breeder Reactor (FBR) – A breeder reactor is capable of
generating more fissile material than it consumes. FBR use liquid
metal as primary coolant, to transfer heat from the core to steam to
power the electricity generating turbines.
Reactor Design
The nuclear fission reactor produces heat through a
controlled nuclear chain reaction in a critical mass of
fissile material. They are classified as follows:
A. Pressurized Water Reactors (PWR)
B. Boiling Water Reactors (BWR)
C. Pressurized Heavy Water Reactor (PHWR)
D. High-Power Channel Reactor (RBMK)
E. Gas-Cooled Reactor (GCR) and Advanced Gas-Cooled
Reactor (AGCR)
F. Liquid Metal Fast Breeder Reactor (LMFBR)
G. Aqueous Homogeneous Reactor.
Types of Nuclear Power Plants in Commercial
Operation
Advanced Reactor Designs
Advanced reactor designs are under investigation and
development. Some of these reactors are:
A. The Integral Fast Reactor with a recycling spent fuel.

B. The Pebble Bed Reactor, a High Temperature Gas-Cooled
Reactor.
C. SSTAR, Small, Sealed, Transportable, Autonomous Reactor.
D. The Clean and Environmentally Safe Advanced Reactor
(CAESAR).
E. Subcritical reactors.
F. Thorium-based reactors.
G. Advanced Heavy Water Reactor.
H. KAMINI, a unique reactor using Uranium-233 isotope for fuel.
Nuclear Reactor Types
Reactor Generations

Reactor Generations
 Generation I: Gen I refers to the prototype and power
reactors that launched civil nuclear power. This generation
consists of early prototype reactors from the 1950s and
1960s. This kind of reactor typically ran at power levels that
were “proof-of-concept.”
 Generation II: Gen II refers to a class of commercial
reactors designed to be economical and reliable. Designed
for a typical operational lifetime of 40 years, prototypical Gen
II reactors include pressurized water reactors (PWR),
CANada Deuterium Uranium reactors (CANDU), boiling
water reactors (BWR), advanced gas-cooled reactors (AGR),
and Vodo-Vodyanoi Energetichesky Reactors (VVER).
Reactor Generations
 Gen II systems began operation in the late 1960s and
comprise the bulk of the world’s 400+ commercial PWRs
and BWRs. These reactors, typically referred to as light
water reactors (LWRs), use traditional active safety features
involving electrical or mechanical operations that are
initiated automatically in many cases, can be initiated by the
operators of the nuclear reactors.
 Most of the Gen II plants still in operation in the West were
manufactured by one of three companies: Westinghouse,
Framatome (now AREVA), and General Electric (GE).
Reactor Generations (cont’d)
 Generation III: Gen III nuclear reactors are essentially
Gen II reactors with evolutionary, state-of-the-art design
improvements. These improvements are in the areas of
fuel technology, thermal efficiency, modularized
construction, safety systems (especially the use of
passive rather than active systems), and standardized
design.
 Improvements in Gen III reactor technology have aimed
at a longer operational life, typically 60 years of
operation, potentially to greatly exceed 60 years, prior to
complete overhaul and reactor pressure vessel
replacement.
 Generation III+: Gen III+ reactor designs are an
evolutionary development of Gen III reactors, offering
significant improvements in safety over Gen III reactor
designs.
 Examples of Gen III+ designs include:
 VVER Reactor of AES-2006 type
 Advanced CANDU Reactor (ACR-1000)
 European Pressurized Reactor (EPR)
 Economic Simplified Boiling Water Reactor (ESBWR):
based on the ABWR
Open/Close Fuel Cycle
 The vast majority of today’s fission reactors operate in an
open fuel cycle, in which uranium is mined, eventually
enriched in 235U, partially fissioned in the reactor and stored
after that.
 In such a cycle, a generic 1.0 GWe Light Water Reactor

(LWR) producing 6.6 TWh per year requires about 150 tons
of natural uranium, which is transformed into 27 tons of
enriched uranium, out of which approximately only 1 ton
will be fissioned.
Open/Close Fuel Cycle
 Two basic measures can be taken to increase the time
span of uranium resources:
 Closure of the nuclear fuel cycle, through reprocessing
of spent fuel and introduction of recovered uranium and
plutonium into new fuel.
 Introduction of reactors using fast neutrons (so called
fast reactors) which can effectively use 238U, the most
abundant uranium isotope.
 The closure of the fuel cycle is a reality in several
countries, notably France, where more than 1600 Mt of
spent fuel are reprocessed every year. Recycled uranium
can be brought back into the UO2 fuel fabrication chain.
Fast neutron reactors have the ability to use 238U.
 Generation IV: While third generation designs have a strong
emphasis on improved safety and more stringent safety
objectives and requirements, fourth generation systems are
expected to show significant progress in economy, safety,
environmental performance, and proliferation resistance.
Generation IV systems under development are:
Reactor Fuel cycle Temp. (°C)
Sodium-cooled Fast Reactor
Closed ∼550
(SFR)
Lead Alloy Cooled Reactor (LFR) Closed 550–800
Gas-cooled Fast Reactor (GFR) Closed ∼850

Very High Temperature Reactor
Open >900
(VHTR)
Supercritical Water Cooled
Open and closed 350–620
Reactor (SCWR)
Molten Salt Reactor (MSR) Closed 700–800

Pressurized Water Reactor

Pressurized Heavy Water Reactor
Image courtesy:
Google Images
PHWR (Pressurized Heavy Water Reactor) is Canadian heavy water cooled and
moderated reactor, commonly named as CANDU.
VVER – Russian PWR (Water-Cooled, Water-
Moderated, Energy Reactor)

Boiling Water Reactor

Environmental aspects of nuclear power
Spent Fuel
 The management and disposal of radioactive waste
arising from the nuclear power industry is a delicate
problem. After more than five decades of nuclear
energy, no country has yet succeeded in disposing
of its high-level nuclear waste. The preferred
technological solution is the use of repositories
constructed in deep stable rock formations.
 The relative radiotoxicity of unprocessed spent fuel

only becomes equivalent to the one of natural
uranium after a decay period of 0.2 million years.
Environmental aspects of nuclear power
Air
 Nuclear power has attracted renewed interest
recently because it does not emit carbon dioxide
(CO2) or other air pollutants during operation, unlike
fossil fuel-based forms of electricity generation.
 Processing, uranium enrichment, fuel fabrication
and transport, the emission of CO2 from nuclear
power generation is similar in magnitude to the life-
cycle emissions from renewable energy sources
such as wind power.
Water/Cooling Requirement
The volumes of water required by various cooling systems and
the environmental impacts are similar to those for fossil-fuelled
plants. Cooling water is not in contact with nuclear fuel and so
cannot release radioactivity into the environment.
 Once-through cooling extracts water from a river, lake or
ocean: The amount of water extracted in a year for a 800-
MW nuclear plant would be in the range of 600 to 1400
million cm3. Of this, about 10 million cm3 would be lost to
evaporation while the rest is returned to the body of water.
Water/Cooling Requirement
 Heat release to the atmosphere by evaporative cooling
towers: For a 800-MW plant would require 20 to 30 million
cm3 of water for cooling, of which about 17 million cm3 would
be lost to evaporation.
 Heat release to the atmosphere by dry air fan cooling.
Although less efficient than direct water cooling or
evaporative cooling, this is a good option for areas where
there is limited water supply.
Lecture 8

Nuclear Industries
Nuclear Safety
Dr. Raghuram Chetty

Chennai- 600 036.
Why concerned about nuclear safety?
 The fission products and their radiation effects are too
dangerous and it can be considered as poisons,
carcinogens, mutagens, teratogens.
 Nobody wants any more Chernobyl accident or

Hiroshima/Nagasaki nuclear weapons explosions.
 The fission products have half lives from a fraction of

second to millions of years. So, engineers are also worried
about storage of these radioactive wastages until they
reach at a safe level of decay.
 So, nuclear industries strongly believe in “Safety first and

foremost” slogan.
Operation vs. Nuclear Accidents
Major Nuclear Accidents
The three significant accidents in the 50-year history of
nuclear power generation are:
 Three Mile Island (USA 1979) where the reactor was
severely damaged but radiation was contained and there
were no adverse health or environmental consequences.
 Chernobyl (Ukraine 1986) where the destruction of the

reactor by steam explosion and fire killed 31 people and
had significant health and environmental consequences.
Major Nuclear Accidents
 Fukushima (Japan 2011) where three old reactors
(together with a fourth) were written off and the effects of
loss of cooling due to a huge tsunami were inadequately
contained.
These are the only major accidents to have occurred in over
14,500 cumulative reactor-years of commercial nuclear
power operation in 32 countries.
Safety
 It should be noted that a commercial nuclear power

reactor simply cannot under any circumstances explode
like a nuclear bomb - the fuel is not enriched beyond
~5%.
 The International Atomic Energy Agency (IAEA) was set
up by the United Nations in 1957. One of its functions
was to act as an auditor of world nuclear safety. It
prescribes safety procedures and the reporting of even
minor incidents. Every country which operates nuclear
power plants (NPP) has a nuclear safety inspectorate
and all of these work closely with the IAEA.
Safety
 While nuclear power plants are designed to be safe in

their operation and safe in the event of any malfunction
or accident, no industrial activity can be represented as
entirely risk-free. Incidents and accidents may happen,
and as in other industries, will lead to progressive
improvement in safety.
Basic Safety
Protect public health and safety
 Reduce the risk from releases of radioactivity to acceptable
levels.
Protect plant worker health and safety
 Provide a safe working environment and reduce risk of injury.
Protect the environment
 Provide a design that complies with all federal, state, and local
requirements.
 Build, operate, and decommission the plant in a way that
preserves environmental quality.
Protect the plant investment
 Provide plant designs, equipment, and operating/maintenance
practices to preserve investor equity and return reward.
Associated Risks
The risks associated with nuclear power plants derive from

the following:
1) The production of energy occurs by fission of fissile
material. Radioactive fission products represent an
inventory of hazardous material which remains in the
core. The activity of the amount left in the core at
equilibrium is of the order of thousands of millions of
curies (1019-1020 Bq); some of the fission products are
hazardous at a level of microcuries or less (104-105 Bq).
Associated Risks
2. During normal operation, energy is produced continuously
in the core of the reactor. A mismatch between power
production and cooling of the core liberates energy which
can disrupt the barriers retaining the hazardous fission
products.
3. After shutdown, fission products continue to undergo
radioactive decay and to release energy at a gradually
declining rate. This energy, too, if not appropriately
transferred to a heat sink, can damage the barriers.
Objective of Nuclear Safety
(1) Fundamental Nuclear Safety:
 To protect individuals, the members of the general

public and natural environment from harm resulting
from the commissioning, operation or
decommissioning of a nuclear facility by establishing
and maintaining in all nuclear facilities effective
defenses against radiological hazards.
Objective of Nuclear Safety (cont’d)
(2) Radiation Protection:
 To ensure that during all operations states of a

nuclear facility the radiation exposure of persons
working within the facility as well as living in the
environs of the facility due to any planed or
unplanned release of radioactive material, in either
waterborne or airborne effluents, are controlled
below prescribed limits and are as low as
reasonably achievable (ALARA).
Objective of Nuclear Safety (cont’d)
(3) Technical Safety:
 To take all reasonably practicable measures and to

mitigate their consequences should they occur; to
ensure with a high level of confidence that, for all
possible accidents taken into account in the design
of the installation including those of very low
probability.
Plant core-damage frequency
 One mandated safety indicator is the calculated probable
frequency of degraded core or core melt accidents.
 The US Nuclear Regulatory Commission specifies that reactor
designs must meet a 1 in 10,000 year core damage frequency,
but modern designs exceed this.
 US utility requirements are 1 in 100,000 years, the best
currently operating plants are about 1 in 1 million and those
likely to be built in the next decade are almost 1 in 10 million.
 While the calculated core damage frequency has been one of
the main metrics to assess reactor safety, European safety
authorities prefer a deterministic approach, focusing on actual
provision of back-up hardware, though they also undertake
probabilistic safety analysis for core damage frequency.
Philosophy & analytical approach to nuclear
safety:
The comprehensive safety analysis and evolution
involve, examination of:
a) All planned normal operational modes of the
facility.
b) Expected plant performance during normal
operation and in response to abnormal operation
occurrences.
c) Design basis failure.
d) Failure sequences that may lead to
consequences beyond prescribed limits.
Defense in Depth
 Defense in Depth is a safety philosophy that multiple
methods of high quality assurance are required in nuclear
plant design, construction, operation and maintenance.
 The central tenet of Defense in Depth is to protect the health

and safety of the public and plant workers.
 Other objectives include protecting the environment and

ensuring the operational readiness of the facility.
 Successful Defense in Depth requires creating, maintaining,

and updating multiple independent and redundant layers of
protection to compensate for potential human and mechanical
failures so that no single layer, no matter how robust, is
exclusively relied upon.
Defense in Depth
Key aspects of the approach are:
 High-quality design & construction,
 Equipment which prevents operational disturbances or human

failures and errors developing into problems,
 Comprehensive monitoring and regular testing to detect

equipment or operator failures,
 Redundant and diverse systems to control damage to the fuel

and prevent significant radioactive releases,
 Provision to confine the effects of severe fuel damage (or any

other problem) to the plant itself.
These above can be summed up as: Prevention, Monitoring,

and Action (to mitigate consequences of failures).
Defense in Depth
Defense in Depth
 Nuclear safety must be ensured with five protective barriers
(levels) as a safe philosophy:
a) The first protective barrier is to prevent occurrence of an
anomaly or failure by providing a nuclear power plant with
high quality and reliability and verified facilities.
b) The second protective barrier is to provide facilities to early

detect an occurring anomaly or failure and shutdown the
reactor in order to prevent it from escalating to an accident.
c) The third protective barrier is to provide facilities such as

emergency core cooling systems etc. to mitigate the
consequence of an accident in case of a trouble escalation.
Defense in Depth (cont’d)
d) The fourth protective barrier is establishment of the

severe accident management such as installation of
a containment to contain radioactivity, preparation of
alternative methods with diversities in response to a
multiple-failure event, preparation of the operation
procedure, and training of operators.
e) The fifth protective barrier is off-site emergency
measures for protection of residents in the vicinity
from radiation exposure when the fourth protective
barrier is broken.
Multiple Barriers to Prevent Radioactivity
 Multiple Barriers Facility designers
include multiple, successive physical
barriers to prevent the release of
radioactive material.
 The primary barriers are the fuel (1) and
cladding (2), which is designed to
contain radioactive material under the
extreme conditions inside the reactor
core.
 The secondary barrier is the reactor
vessel (3), which contains the coolant
used to carry away heat for generating
electricity.
Multiple Barriers to Prevent Radioactivity
 The final barrier is the primary
containment building (4,5), which is
designed to mitigate the release of
radioactive material in the event that
both the primary and secondary
barriers are compromised.
 The primary containment is designed
to withstand the most severe,
credible event -- either internal or
external -- for the location of the
plant.
Fuel Pellet and Fuel Assembely
The smallest unit of the reactor is Fuel assemblies are bundles of fuel
the fuel pellet. These are typically rods. Fuel is put in and taken out of
uranium-oxide (UO2). They are the reactor in assemblies. The
often surrounded by a metal tube assemblies have some structural
(called the cladding) to keep material to keep the pins close but not
fission products from escaping touching, so that there’s room for
into the coolant. coolant
Barriers to Prevent Radioactivity
As the nuclear plants are more concerned about radioactivity
protection, the following five barriers are built into the station design to
prevent radioactivity as a part of defense-in-depth concept as
prevention of the radio activities.
1. Ceramic Fuel - The ceramic uranium dioxide fuel pellets entrap
most of the fission products. These fission products would be
released if the fuel were to melt. Fortunately, the fuel has a high
melting point, but continuous cooling is nevertheless required,
whether the reactor is at power or not, to prevent fuel failures.
Another safety feature of the ceramic fuel is that it is relatively
chemically inert with the heavy water coolant. Therefore, dispersion
of fission products via corrosion and erosion when a sheath defect
permits contact between the fuel pellets and the coolant is a
relatively slow process.
Barriers to Prevent Radioactivity
2. Fuel Rod & Cladding - The fuel pellets are enclosed in a
high integrity, welded zircaloy sheath. This sheath contains
the gaseous and volatile fission products which escape from
the pellets. It also prevents corrosion and erosion of the
pellets by the coolant, and hence dispersion of fission
products from the pellets which would result from these
processes. The sheath is designed to withstand the stresses
resulting from pellet thermal expansion, gaseous fission
product build-up, external hydraulic pressure, and forces
imposed by fire.
Barriers to Prevent Radioactivity (cont’d)
3. Heat Transport System Boundary - The high integrity pressure
tubes, piping, and reactor vessel contain most fission products
escaping via sheath defects.
4. Containment Boundary -This is designed to withstand the

pressure surge of a worst case ‘loss of coolant accident’ (LOCA),
with a small ‘puff release’ during the overpressure transient.
Post LOCA containment venting via a filtered, monitored
pathway minimizes the environmental radioactive release.
5. Exclusion/Sterlized Zone - No permanent residence is allowed

within a 5 km radius from any reactor. This ensures significant
dilution of an airborne radioactive release before it reaches any
public habitation, thus reducing further effect.
Major Failures
Complexity: Nuclear power plants are some of the most
sophisticated and complex energy systems ever designed.
Any complex system, no matter how well it is designed and
engineered, cannot be deemed failure-proof.
In nuclear power plant, there are two major failures to be
considered in a broad sense.
 Design Basis Accidents
 Single Failure Criterion

Design Basis Accident/Failures
 Nuclear power plants are designed to maintain their integrity
and performance of safety functions for a bounding set of
normal operational events as well as abnormal events that are
expected to occur or might occur during the lifetime of the plant.
 Design basis accidents (DBA) are postulated accidents to which
a nuclear plant, its systems, structures and components must
be designed and built to withstand loads during accident
conditions without releasing the harmful amounts of radioactive
materials to the outside environment. Any DBA is controlled by
the reactor safety systems with insignificant off-site
consequences, but may require long shutdown for correction or
repair.
Design Basis Accident/Failures
 They are very unlikely events. DBA are mainly the
following:
a) Reactivity control
b) Positive void coefficient
c) Loss of coolant accident
d) Core melting
Design Basis Accidents
(a) Reactivity Control: The power output of the reactor is adjusted by
controlling how many neutrons are able to create more fissions. The
effective neutron multiplication factor, keff, is the average number of
neutrons from one fission that cause another fission.
 Reactivity ρ = (keff -1 )/ keff
 Reactor power P = exp(ρ/l)
where l=average life time of neutrons in the reactor.
 As one can easily see that if reactivity increases, power will increase
at an exponential rate. And reactor will become over critical. To
maintain just criticality, keff should be one. So, control rods should be
designed accurately.
(b) Positive void coefficient: As the temperature of the coolant rises,

reactivity must come down as the part of negative feedback control
system. But in some reactors, the reverse is there due to faulty design.
Design Basis Accidents (Cont’d)
(c) Loss of coolant accident (LOCA):
A loss-of-coolant accident (LOCA) is a mode of failure for a
nuclear reactor. If not managed properly and effectively, the
results of a LOCA could result in reactor core damage. If sufficient
amount of the coolant is not there in the core, temperature of the
core will rise dramatically which in turn result in core melting.
(d) Core melting: It is considered as the worst scenario as
radioactive fission products directly expose to the environment if
sufficient provisions are not there.
Once the fuel elements of a reactor begin to melt, the primary
containment has been breached, and the nuclear fuel (such as
uranium, plutonium, or thorium) and fission products (such as
cesium-137, krypton-88, or iodine-131) within the fuel elements
can leach out into the coolant.
Loss Of Coolant Accident (LOCA)
 The heat generated by fission reaction is removed by a
coolant system to produce steam and is converted into
useful electrical power.
 If this coolant flow is reduced or lost, the nuclear reactor's
emergency shutdown system is designed to stop the
fission chain reaction automatically.
 Moreover, even after reactor shut down, due to radioactive
decay of the fission products, the nuclear fuel will continue
to generate a significant amount of heat. This decay heat
needs to be taken out through secondary cooling system
to maintain integrity of the fuel.
Loss Of Coolant Accident (LOCA)
 In every nuclear reactor, a separate Emergency Core
Cooling System (ECCS) exists specifically to deal with the
situation like LOCA.
 If all of the independent cooling systems of the ECCS fail
to operate as designed due to some reason such as failure
of the pumps, this heat can increase the fuel temperature
to the point of damaging the fuel and the reactor.
Initiating Events
 Design Basis Events (DBE), which form the basis of design of
Nuclear Power Plant (NPP), include normal operations,
operational transients and Postulated Initiating Events (PIE).
 Various initiating events are as follows.
 Decrease in heat removal
 Increase in system pressure
 Decrease in coolant flow
 Reactivity anomalies
 Multiple failure events
 Station blackout (SBO)
Beyond Design Basis Events
 DBE can be classified on the basis of their consequence
and expected frequency of occurrence.
 Consequences of a rare event can be permitted to be
severe while those of a frequent event can be accepted
only at very low severity.
 Acceptance criteria for consequences of a DBE, thus,
also depend on frequency of their occurrence.
 Events of very low probability of occurrence which are
considered only for offsite emergency plan or site
selection issues, are called as Beyond Design Basis
Events (BDBE).
Design Basis Safety
Nuclear reactor safety includes control of reactor,
removal of heat generated in the core and containing
the radioactivity. The design basic safety principles
are:
1. Fail safe philosophy
2. Redundancy, diversity and independency
3. Two out of three logic
4. Physical separation
5. Reliability and quality assurance.
(1)Fail safe philosophy:
 Fail safe philosophy: Components or systems are

designed to bring them to safe conditions automatically,
if they fail.
 Fail-safe reactors do not rely on human judgment to shut

them down but on the laws of nature.
(2) Redundancy, diversity and independency
 Redundancy: It is a concept to provide more numbers of
equipment/subsystems in safety system than that are
needed so that if one equipment/subsystem fails, the
other can do the function.
 Thus "Redundancy" is a concept that important-to-safety
facilities are composed from independent multiple trains
with sufficient capability, and a failure of one train does
not cause loss of their safety functions.
 For example, design is such that multiple trains of power
source required in an emergency are provided, and even
if one of them failed, other power source would be
available.
 Diversity: It is a concept to have two or more systems
based on different design or functional principle to does
a particular safety function.
 Thus "Diversity” is a design concept to prevent the
function loss of multiple facilities simultaneously due to
one common cause by providing different types of
facilities.
 For example, two driving sources of cooling-water
injection pump systems are to be different types such
that one is electric drive and another is steam-turbine
drive, so injection of a required amount of cooling water
is ensured.
 Independency: Independency means to maintain each
independency of multiple trains so that facilities formed
in multiple do not loose their function simultaneously
due to a single failure.
 For example, power sources, control circuits etc. of
cooling-water injection pumps in multiple systems to
cool a reactor core in an emergency are designed such
that they consist of a power source, detectors and
control devices independent from each other, and even
if one of them were lost, the other independent cooling-
water injection pump could be operable.
(3) Two out of three logic
 Two out of three logic: In order to reduce the
number of unnecessary firings, a two out of
three logic is used by each of the shutdown
systems.
 Each shutdown parameter is related to three
measuring devices, and each of these devices is
associated to one of three electrical chains of
the shutdown system.
 Another advantage of the two out of three logic
is to permit the verification, by frequent tests, of
the availability of different parts of the system,
from transmitters up to the last relays of the
shutdown system.
Physical separation & Reliability
4) Physical separation: Components or systems
intended to perform the same function can be
separated physically, so that they are protected
against simultaneous failures due to extraneous
events like fire.
5) Reliability & quality assurance: This ensures the

availability of equipment or system to perform the
function.
Multiple safety systems
 Serious accidents such as reactor failure, a meltdown of
the reactor core, and a jet aircraft crashing into the site are
all being taken into account in the design of new nuclear
reactors.
 Quadruple redundancy – featuring four parallel, physically
separated sub-systems, each capable of handling safety
operations independently – supports all aspects of the
design. Quadruple redundancy covers components,
equipment, and electrical and control systems.
Multiple safety systems
 The containment will be completely pressure-proof,
ensuring safety in the event of a failure in the reactor's
main circulation or steam pipes. The containment will be
automatically isolated should an accident occur.
 In the very unlikely event of a severe reactor accident and
the failure of associated safety systems, the melted core
will be led into a “core catcher”, which will carry it to the
lower part of the reactor building.
State-of-the-art safety systems
European Pressurized
Water Reactor (EPR),
Olkiluoto 3: Finland’s
Nuclear Reactor
The safety system consists of four redundant trains, each capable of

handling safety requirements independently. They are located in different
parts of the reactor building to eliminate the possibility of simultaneous
failure.
Single Failure Criterion
 A single failure means an occurrence which results in the
loss of capability of a component to perform its intended
safety functions.
 Fluid and electric systems are to be designed against an
assumed single failure if neither a single failure of any
active component nor a single failure of a passive
component, results in a loss of the capability of the
system to perform its safety functions.
 The intent is to achieve high reliability (probability of
success) without quantifying it. Human errors are not
considered to be single failures.
Severe Accident in Nuclear Plant
Schematic representation of the major physical phenomena that may occur during
severe accident, and the safety systems involved.
Hydrogen Control and Mitigation
Main counter measures are:
 Inertization of the atmosphere (pre or post inertization)
 Dilution of burnable gases
 Removal of hydrogen by burning or recombination

 Inertization
 Containment atmosphere is filled with nitrogen
 Dilution of Containment atmosphere by CO2
 Some plants can inert/dilute Containment atmosphere
by venting
 Venting is a process in which Containment is vented
deliberately when the pressure of the Containment

atmosphere exceeds design pressure.
Passive Autocatalytic Recombiner (PAR)
• Catalytic recombiners use catalysts to recombine hydrogen and oxygen
• Passive Autocatalytic Recombiners (PAR) do not need external power or
operator action

Safety facilities
 To prevent any of the above Design Basis Accident
situation(s), and/or in case of a certain trouble in a nuclear
power plant, in order to prevent it from developing to a big
accident, safety facilities to safely shutdown the reactor,
cool the reactor core, contain radioactive materials and
the equipment that supplies electricity and cooling water to
those safety facilities are provided as
(1) facilities to control and shutdown a reactor,
(2) facilities to cool a reactor,
(3) facilities to contain radioactive materials.

Safety facilities in the nuclear plant

(1) Facilities to control and shutdown a reactor
 A reactor shall not go out of control (an excessive power
by an abnormal-rate nuclear fission reaction) during
operation.
 Moreover, in case of a trouble, it is required to

immediately stop nuclear fission reaction. Therefore,
reactor control systems to maintain the nuclear fission
reaction rate at a constant level, and if necessary,
facilities to shutdown the reactor by immediately
inserting control rods are provided.
SCRAM
 SCRAM is an emergency
shutdown of a nuclear reactor.
 This emergency shutdown is
often referred to as a "SCRAM"
at boiling water reactors
(BWR), and as a "reactor trip"
at pressurized water reactors
(PWR).
 SCRAM is achieved by a large
insertion of negative reactivity.
This is achieved by inserting
neutron-absorbing control rods
into the core. Courtesy: Google Images
(2) Facilities to cool a reactor
 In a reactor core, decay heat (7% of rated power) is
generated even after shutdown of the reactor in the decay
process for radioactive materials to become more stable
nuclei. Therefore, it is necessary to continue cooling of the
reactor core not only during power operation but also after
shutdown.
 Especially, if a break of reactor cooling system piping, etc.
causing loss of cooling water occurred, the reactor core
would become dry-out and reach a high temperature,
probably resulting in core damage. In preparation for such
a case, facilities to immediately inject cooling water into the
reactor core in an emergency are provided.
(2) Facilities to cool a reactor
 ECCS (Emergency core cooling systems) are provided
to prevent melting of fuel cladding tubes containing
radioactive materials due to residual heat even in case of
an accident and the resulted emergency reactor shutdown.
The ECCSs immediately inject cooling water into the
reactor pressure vessel and to cool the fuel by flooding the
core when the water cooling the fuel has flowed out of the
core due to the accident. When the cooling water in the
reactor core decreases, this is detected and ECCSs are
actuated automatically.
ECCS
 An emergency core cooling system (ECCS) comprises a
series of systems that are designed to safely shut down a
nuclear reactor during accident conditions.
 These systems allow the plant to respond to a variety of
accident conditions, and additionally introduce redundancy
so that the plant can be shut down even with one or more
subsystem failures.
In most plants, ECCS is composed of the following systems:
 Coolant injection system: This system consists of pumps
that inject coolant in high-pressure and low-pressure
modes into the reactor vessel .
ECCS
 Core-spray system: This system uses special spray
nozzles within the reactor pressure vessel to spray water
directly onto the fuel rods, suppressing the generation of
steam. Reactor designs can include core-spray in high-
pressure and low-pressure modes.
 Containment spray system: This system consists of a
series of pumps and nozzles which spray coolant into the
primary containment structure. It is designed to condense
the steam into liquid water within the primary containment
structure to prevent overpressure, which could lead to
involuntary depressurization.
Emergency core cooling system
Emergency core cooling systems for PWR

(3) Facilities to contain radioactive materials
 A core catcher is a device
provided to catch the molten
core material (Corium) of a
nuclear reactor in case of a
nuclear meltdown and prevent
it from escaping the
containment building.
 A core catcher is made from a
special concrete ceramic to
prevent material from dripping
through; it also uses material
of cooler construction to cool
down the core material.
Core catcher

Core catcher
Construction in China
(3) Facilities to contain radioactive materials
 Nuclear power plants are provided with the barriers
such as a containment etc. in preparation for an
accident releasing radioactive materials from their
reactor cores. These barriers will close immediately
in an abnormal event, and constitute an airtight
container. Moreover, in order to avoid the damage
by internal pressure rise due to decay heat etc., it is
designed to be cooled appropriately as needed.
Monitoring
Fukushima Daiichi Nuclear Russian Nuclear Power Plant

Power Station Control Room Control Room
Provide two control rooms from either of which:
 the plant can be shut down
 decay heat can be removed
 barriers to release of radioactivity can be maintained
 the plant state is known Courtesy: Google Images
Computer Simulation/Code
fully integrated real time desktop systems thermal
hydraulic simulation package
RELSIM-
RELAP/
SCDAPSIM
desktop
simulator
Computer Code Development
Various
organizations
collaborate on
the development
and assessment
of codes to
describe the
complete
evolution of a
nuclear reactor

International Nuclear and Radiological Event
Scale (INES)
The International Nuclear and Radiological Event Scale
(INES) is a scale of nuclear incident and accidents to report to
the public like earthquake scales.
 Level 1: Anomaly. This level is when minor problems with
safety components, breach of operating limits at a nuclear
facility, loss or theft of low activity radioactive sources.
 Level 2: Incident. 10 times higher than Level-1. Exposure

rate more than 50 mSv/hour with significant contamination
within the facility.
Scale (INES)
 Level 3: Serious Incident. 10 times higher than Level-2.
Exposure rate is more than 1 Sv/hour in an operating area
with severe contamination. Low probability of significant
public exposure.
 Level 4: Accident with local consequences. 10 times higher

than level-3. Fuel melt or damaged and release of
significant quantities of radioactive material within an
installation with high probability of public exposure. Level-4
is called for if at least one death from radiation and minor
release of radioactive material so only local controls are
necessary.
Scale (INES)
 Level 5: Accident with Wider Consequences. This level is
10 times higher than level-4 and is called for when the
reactor core is severely damaged and large amount of
radioactive materials are released with a high probability
of significant radiation exposure to the public. And also
when several deaths from radiation exposure and planned
radiation control is needed.
Scale (INES)
 Level 6: Serious Accident. 10 times higher than level-5.
This level is declared when significant amount of
radioactive material is released in the environment and
planned controlling procedures need to be taken.
 Level 7: Major Accident. This is 10 times higher than
level-6 and the highest level of accident. This is declared
when significant amount of radioactive material is released
into the environment which can affect public health.
Implementation of planned and extended radiation safety
programs are needed at this level.
INES Scale
The purpose of INES Scale is to facilitate communication and understanding

between the technical community, the media and the public on the safety
significance of events. The aim is to keep the public, as well as nuclear authorities,
accurately informed on the occurrence and potential consequences of reported
events.
Licensing of nuclear power plant
 The regulatory process for nuclear power plant
evolved into following specific stages of licensing:
 Site evaluation
 Design
 Construction (Construction License)
 Commissioning
 Operation (Operating License)
 Decommissioning
 Release from Regulatory Control

Licensing
Two major players in Licensing
 Regulatory Body defines the safety criteria,

requirements, guidelines and documents to be provided
by the applicant (operating organization) and establish a
mechanism to solve safety issues with the applicant.
 Operating Organization: Prepare and submit the

required documentation and also be prepared to respond
to the requests of the regulatory body.
 The public will be given an opportunity to provide their

views during certain steps of the licensing process.
Licensing of nuclear power plant
Site evaluation
 To verify the acceptability of the site, whether the selected
site is suitable to host a nuclear installation. The following
parameters are very important:
 Characteristics of the site, including surrounding
population, seismology, meteorology, geology and
hydrology, distance from airports, water bodies;
 Design of the nuclear plant;
 Anticipated response of the plant to hypothetical
accidents;
 Discharges from the plant into the environment (i.e.,
radiological effluents);
 Emergency plans.
Dose Limits
Courtesy:
Google
Images
Serious accident: accident possible to occur in worst case.

Hypothetical accident: The accident beyond serious accident. There is no
possibility to occur in terms of technical commonsense.
Site Elevation at Kudankulam
Fukushima Daiichi Nuclear Plant
In the basements of turbine and reactor buildings, diesel generators

shuddered to a halt as the floodwaters drowned them. Other generators cut
out when their power distribution panels were drenched leading to station
blackout (SBO).
Design
The following important considerations must be made at the

design stage:
 Design should be developed according to the “defense in
depth” approach
 Be in accordance with the design basis (conditions,
events manageable by the installation)
 Be in compliance with relevant standards, codes and
regulatory requirements
Design
 Consider the replacement of heavy and large components

during its life (steam generator, reactor pressure vessel
heads, etc.) by taking into account: buried pipes and
conduits, openings in structures for equipment access,
obstructions.
 Consider the access of components important to safety
for maintenance, inspection and testing, replacement
occupational exposure, decommissioning consider
transport of radioactive materials
 Based on site characteristics.
Construction
 Before granting an authorization for the construction,
followings should be reviewed, assessed and inspected
by the Regulatory Body (AERB):
 Site evaluation.
 Demonstration of the selected design meets safety
objectives and criteria.
 Appropriate organizational and financial arrangements
for mid/long-term issues (decommissioning, radioactive
waste and spent fuel management).
 Management system of licensee and vendors as
necessary in place covering all aspects of construction.
Commissioning & Operation
Commissioning can be divided into main stages:
 Non nuclear testing: Before introducing nuclear/radioactive
material to ensure, to the extent possible, the installation has been
constructed and equipment manufactured and installed properly.
 To prove the design performances should be put into service after
being inspected, tested and approved by the licensee in
accordance with the requirements set out in the design as agreed
by the AERB.
 Nuclear testing: after introducing of nuclear or radioactive
material to confirm the nuclear installation is safe before
proceeding to routine operation, may require an authorization from
the RB.
Commissioning & Operation
Operation
 Based on the results of commissioning tests and
arrangements the following two things to be considered:
 To operate safely (Management of installation
modifications –Significant or not).
 To face an emergency situation (Long-term shutdown).
Decommissioning
 Decommissioning: Preparation and approval of an
updated decommissioning plan, which may comprise
several sub-stages. Installation remains licensed
throughout the decommissioning period.
 Release from Regulatory Control: After completion of
the decontamination and dismantling and/or removal of
radioactive material, including waste and contaminated
components and structures. Before delicensing the
nuclear installation, a radiological survey should be
carried out to guarantee regulatory criteria and
decommissioning objectives have been fulfilled.
Uranium Fuel Cycle
PHWR Fuel
Bundle
Disposal
Natural
Uranium
LWR Fuel
Assembly
The Nuclear Fuel Cycle
Waste management and storage
 The nuclear waste management (NWM) plays a key role
in the nuclear power industry. The NWM strategy involves
short-term management which deals with immediate
treatment of the waste and long-term management which
involves storage, disposal or transformation of the waste
into a non-toxic form.
Waste management and storage
 The immediate nuclear waste treatment methods are as
follows
 Vitrification – where high-level waste is mixed with

sugar and then calcined to evaporate the water from
the waste and denitrate the fission products to assist
the stability of the glass produced.
 Ion exchange – used for medium active wastes in the

nuclear industry to concentrate the radioactivity into a
small volume. For example, it is possible to use a ferric
hydroxide flocculation to remove radioactive metals
from aqueous mixtures.
Long-term nuclear waste management
The long-term nuclear waste management has the
following options:
 Storage: high-level radioactive waste is stored
temporarily in spent fuel pools and in dry cask storage
facilities. This allows the shorter-lived isotopes to decay
before further handling.
 Geological disposal: it is a process of selecting
appropriate deep final repositories. There are other
options such as: sea-based options and filling empty
uranium mines.
Long-term nuclear waste management
 Transmutation: there are possible nuclear reactor
designs that consume nuclear waste and transmute it to
other, less-harmful nuclear waste.
 Reuse of waste: there are isotopes in nuclear waste
that can be reused, such as cesium-137 and strontium-
90 in the food irradiation and radioisotope thermoelectric
generators.
Nuclear Safety: 3Cs
 Control
 Cool
 Contain
Absolute safety??
Zero risk is unattainable: There is no such thing as

absolute safety, only relative safety.
Lecture 9

Nuclear Industries
CANDU Safety Functions and

Shutdown Systems
Dr. Raghuram Chetty

Chennai- 600 036.
Indian Reactors
 With the exception of the two Boiling Water Reactor (BWR)

units at Tarapur (which is India's first Nuclear Power
Plant), all other operating nuclear power plants in India are
based on Pressurized Heavy Water Reactor (PHWR).
 CANada Deuterium Uranium) reactor is a Canadian-
invented PHWR.
 Heavy water reactors are pressurized units that operate on
the same basic conventions as PWR. The main difference
is the use of deuterium as both:
 Moderator and
 Coolant
Rationale for selection of PHWR for India
The features of PHWR that favored this choice to India are:
 Use of natural uranium as fuel, which obviates the need for
developing fuel enrichment facilities.
 High neutron economy made possible by use of heavy water as
moderator, which means low requirements of natural uranium
both for initial core as well as for subsequent refueling. Also fissile
plutonium production (required for Stage 2 of the program) is
high, compared to Light Water Reactors.
 Being a pressure-tube reactor, with no high pressure reactor
vessel, the required fabrication technologies were within the
capability of indigenous industry.
 The technology for production of heavy water, required as
moderator and coolant in PHWR, was available in the country.
Pressurized Heavy Water Reactor
Fission reactions in the

reactor core heat pressurized
heavy water in a primary
cooling loop.
A heat exchanger, also known
as a steam generator,
transfers the heat to a light-
water secondary cooling loop,
which powers a steam turbine
with an electrical generator
attached to it.
The exhaust steam from the
turbines is then condensed
Courtesy: Google Images and returned as feedwater to
the steam generator, often
PHWR (Pressurized Heavy Water Reactor) is using cooling water from a
Canadian heavy water cooled and moderated lake or river.
reactor, commonly named as CANDU.
CANDU Reactor
CANDU is a PHWR
Heavy-water moderator
Natural-uranium dioxide fuel
Pressure-tube reactor

Advanced CANDU Reactor (ACR)

What is Heavy Water?
 Heavy water (D2O) is a compound of an isotope of
hydrogen called heavy hydrogen or deuterium (D) and
oxygen.
 The deuterium makes D2O about 10% heavier than
ordinary water.
 Heavy water has great similarity in its physical and
chemical properties to ordinary/light water (H2O).
 Heavy water is an excellent neutron moderator
 Heavy water is used as primary coolant to transport heat
generated by the fission reaction to secondary coolant,
light water.
7
CANDU and PWR
Courtesy:
Google Images
Differences in Reactor-Core Design
CANDU PWR
 Natural-uranium fuel  Enriched-uranium fuel
 Heavy-water moderator &  Light-water moderator &
coolant coolant
 Pressure tubes; calandria not  Pressure vessel
a pressure vessel  No separation of coolant from
 Coolant physically separated moderator
from moderator  Large fuel assembly
 Small/Simple fuel bundle  Batch (off-power) refuelling
 On-power refuelling  Boron/chemical reactor control
 No boron/chemical reactor in coolant system.
control in coolant system.
Refuelling & Excess Core Reactivity
In CANDU, a little bit of fuel is replaced daily. The reactivity change is

small. The excess reactivity of the core is always small (except at the
very beginning of life, when all the fuel is fresh). This small excess
reactivity is continuously compensated by varying the amount of light
water in liquid zone-control compartments. The low excess reactivity is
a safety feature of the CANDU lattice.
CANDU On-Power Refuelling
On-power refuelling is one of the unique features of the
CANDU system. Due to the low excess reactivity of a natural-
uranium fuel cycle, the core is designed to be continuously
stoked with new fuel, rather than completely changed in a
batch process (as in LWR and BWR).

Refueling PHWR
 PHWR’s reactors can be

refueled on-line. This
photo shows the refueling
machine.
 New fuel assemblies are

added horizontally and
the spent fuel assemblies
are pushed out to the
spent fuel storage area.

Fuel-Cycle Safety
 Natural uranium or other low-fissile-content fuel ensures
that there is no potential for criticality of new or used fuel
in air or light water.
 No need to ship new fuel in borated steel containers.
 No need to borate the Emergency Core Cooling

System (ECCS) water.
 No need to borate the fuel-bay water.
 Simplified irradiated-fuel dry storage.

Fuel Assembly
 The fuel assemblies used in the reactor are 0.5 m long,
consisting of individual rods
 Zircaloy cladding
 Fuel pellets consist of uranium dioxide
 Fuel burnup in a CANDU is ~20% less than that obtained by
many PWR and BWR reactors

Example of CANDU Fuel Assembly
Fuel rods
 Outer diameter: 13 mm
 Wall thickness: 0.42 mm
 Diameter pellet: 12.15 mm
 Fuel: Natural uranium, sintered to ceramic UO2 pellets
 Uranium pellets per rod: 29
 Cladding material: Zircaloy 4 (99% Zr, Sn, Fe, Ni)
Example of CANDU Fuel Assembly
Fuel bundle
 Length: 495 mm
 Diameter: 102.4 mm
 Fuel rods per bundle: 28
 Weight of bundle: 23 kg
 Weight of uranium: 18.5 kg
 Fuel bundles per channel: 12
 Total number of fuel bundles in core: 4680
CANDU Calandria
Fuel channels
 CANDU 6: 380 (CANDU 9: 480)
 Fuel bundles: 28 fuel rods
 Coolant pressure: 9.9 MPa
 Number of primary pumps: 4
 Number of steam generators: 4
CANDU Calandria
Calandria: Two concentric, horizontal stainless steel
cylinders
 Inner cylinder: core tank, diameter 8.04 m, length
5.94 m, heavy water moderator and coolant with 380
channels in CANDU 6
 Outer cylinder: shield tank diameter: 8.5 m, length: 6
m holding light water as radiation shield.
Fuel Bundles & Calandria

CANDU Internal Structure & Outer Shell
CANDU Shutdown Systems
 The shutdown systems are designed to shut down the reactor to
prevent a potentially hazardous situation from occurring.
 CANDU reactors are controlled by two independent digital

computers, both monitoring plant status continuously but only
one in control at any time (the other as backup).
 To ensure high shutdown reliability two completely independent

and diverse Shutdown Systems (SDS) are provided:
ShutDown System 1 (SDS1)
ShutDown System 2 (SDS2)
 Different physical arrangement including reactivity control

device and separated from control systems
Shutdown Systems
 Both shutdown systems are designed to quickly insert
sufficient negative reactivity into the core and reduce the
reactor power output to a safe, subcritical, low level.
 These special shutdown systems are physically and
functionally separate from the process control systems
and from each other. Each reactor shutdown system is
designed to be fully capable of independently shutting
down the reactor when called upon to do so.
 The special shutdown systems are designed, built and
maintained to a very high quality assurance standard.
 These systems are designed to fail-safe so that safety
action will always be provided.
Reactor Vessel Assembly
 The CANDU reactor
consists of the horizontal
cylinder called the
Calandria
 Fuel and coolant tubes run
horizontally
 Moderator inlet and outlet
tubes direct the moderator
through the calandria, then
to the external heat
exchanger for cooling.

Shutdown Systems
 Reactor shutdown occurs by two
independent, fast-acting systems:
 SDS 1 consists of cadmium rods
(28 in the CANDU-6 design) that
drop by gravity into the core
 SDS 2 works by high-pressure
injection of a liquid poison
(gadolinium nitrate or lithium
pentaborate solution) into the low-
pressure moderator.
 Each shutdown system is
independently capable of shutting
down the reactor safely, based on
trip signals received through
independent triplicated-logic
detector systems.
Shutdown System One (SDS1)
 This system consists of multiple, stainless steel encased,

hollow cadmium rods which drop, under gravity, into the
reactor core in the event of a trip.
 The rods are an effective and distributed neutron absorber
which quickly reduce the reactor power to a safe,
subcritical, low level.
 These rods are retracted on cables which are connected to
a winch via an electromagnetic clutch and are normally
suspended out of core in the poised state.
 Each individual trip channel can be triggered if any trip
parameter for that channel is exceeded.
Shutdown System One (SDS1)
 The system must be fail safe so that in the event of an

equipment or power failure, the shutdown system will
activate and the reactor will be shut down. The general
method of achieving this fail-safe condition is to ensure
that the shutdown system operates when constituent
devices are de-energized. This clutch, when energized,
holds the shutdown rod, suspended on its cable, out of the
reactor core. This arrangement of relay contacts is known
as a triplicated contact set. It ensures that the two out of
three requirement for tripping is maintained (2/3 Logic).
Shutdown System Two (SDS2)
SDS2 is similar to SDS1 with the following differences:
 Higher trip set points.
 The final negative reactivity device.
 Operates by injecting a suitable neutron absorbing liquid
(poison) into the reactor. The poison chosen is Gadolinium
Nitrate.
 The system has a two out of three trip circuit using control
valves to apply the high pressure injection gas instead of
relay contacts.
Shutdown System Two (SDS2)
 The valves used are ‘air to close style’ so that following a
loss of instrument air, the valves will fail open and a reactor
shutdown (fail safe) will occur.
 In the event of a trip, the air supply to the valves is dumped
via electrically operated solenoid valves.
 If any two of the three pairs of valves open, a flow path will
be established allowing the high pressure cover gas to
inject the poison into the moderator.
Poison Injection System
 The triplicated channels can be activated manually or by

such trip parameters as rate log, high neutron power, or
high primary heat transport pressure.
 The helium storage tank is maintained at approximately 8
MPa.
 Trip action requires at least two of the three channels to
initiate poison injection.
 The poison injection valves will open and apply the
stored helium pressure to the gadolinium nitrate in the
seven storage tanks.
Poison Injection System
 The poison is forced through the seven injection nozzles

by the helium pressure so that it is sprayed into the
centre of the reactor core.
 The poison tanks each contain a polyethylene ball which
floats on the surface of the poison. Once the poison is
injected, the ball will be forced onto the lower seat in the
poison tank which prevents the helium gas from
overpressurizing the calandria.
Shutdown systems
 Each of the two shutdown systems has sufficient
capacity to perform its safety function, i.e. to provide
the required negative reactivity rate and depth,
assuming a specified number of elements (one or two
shutoff rods in Shutdown System-1 or one poison
tube/bank of tubes in Shutdown System-2) is
inoperable.
 The system actuation is fail-safe with respect to power

or air failure.
CANDU Reactivity Control
 Stainless steel clad cadmium tubes
 Cobalt adjuster rods
 Boric acid into moderator for fresh fuel only, later on

Gadolinium Nitrate used
 Moderator dump: The heavy water (D2O) moderator
can be dumped by gravity into a storage tank under the
reactor vessel. This will stop the fission reaction because
the neutrons won’t be slowed down.
CANDU Shutdown Systems
SDS1 SDS2
Physical
Vertical Horizontal
Arrangement
Trip Mechanism Control Rods Liquid Poison
Diving Hydraulic
Gravity Force
Mechanism Pressure
2/3 Parameter
Logic 2/3 Chanel Trip
Trip
Triplicated Tripping Logic (or 2/3 Logic)
 Any 2 tripped channels will actuate the associated
shutdown system.
 The triplicated tripping logic reduces the chance of a
spurious trip, and allows the testing of the system on-line.
Channel D Channel E Channel F
Individual Detectors
in Each Channel
Pair D-E Pair E-F Pair D-F
SDS*1 Actuation
SDS Design
 In order to meet the requirement of continuous
availability, each SDS should be designed, operated and
maintained as closely to 100% reliable. The equipment
chosen should therefore be of the highest quality with key
items triplicated.
 Each system, SDS1 and SDS2, consists of three
separate and independent channels (Channels D, E and
F for SDS1 and Channels G, H and J for SDS2) with a
requirement that two of the three channels must exceed
the setpoints before a reactor trip is initiated. This
removes the possibility of spurious trips causing a reactor
shutdown.
SDS Design
 The equipment used on shutdown systems is allocated
exclusively to reactor shutdown protection and for no
other purposes.
 In addition, interlocks are provided such that if a
shutdown system has been operated, it is not possible to
insert any positive reactivity into the reactor core, for
example, removal of adjuster rods. This eliminates the
possibility of the reactor power increasing while the
original fault condition still exists.
Abnormal Operating Conditions
 If a single channel trip, the operator must first establish,
by instrumentation inspection, whether the trip was
genuine or due to equipment malfunction or noise.
 In the event of a genuine trip due to a transient condition
occurring on just one channel (e.g., during refuelling) the
channel may be reset after the transient has subsided.
 If the trip was the result of equipment failure, the channel
must be rejected, the necessary approval for
maintenance must be obtained, and the work carried
out.
Abnormal Operating Conditions
 In the event of a complete reactor trip, it is first
necessary for the operator to establish, from the
instrumentation and read-out devices, the cause of the
trip.
 The operator must then decide whether it is possible to
diagnose and clear the fault within thirty minutes and
thus be able to restore criticality before poisoning out.
Abnormal Operating Conditions (cont’d)
 If a shutdown rod become trapped in the core (say
faulty marginal drop test), this condition will be
indicated by the appropriate shutdown rod position
meter. Severe local flux distortions will result. These
local negative reactivity excursions may be partially
corrected by other reactivity devices, (e.g., adjuster
rods and liquid zone level adjustment). However, the
reactor power output must be reduced to avoid local
fuel overheating and possible fuel failure.
Abnormal Operating Conditions (cont’d)
 When operating with the heat transport system at
reduced pressure, the heat transport system could
boil if the pressure is allowed to fall too low. This will
result in cavitation of the main coolant pumps and a
low flow condition may develop which could cause a
conditional trip.
 If boiling were allowed to persist, voiding in the fuel
channels could occur. This condition would cause
the reactivity to increase which could also trigger a
neutron trip.
Typical Trip System Parameters
The trip parameter and trip level is selected by safety analysis
to ensure that the fuel temperature limits are not exceeded.
The parameters will trip with an adequate margin to the
analyzed safety limit to ensure continual safe performance.
Neutronics
1. Neutron Flux Level High - reactor power level is too high
2. Neutron Rate Log (Rate of Change of Logarithmic Power
High) - rate of change in power is too fast.
Typical Trip System Parameters
Process
3. Steam Generator Level Low - impending loss of principle
heat sink
4. Feedwater Line Pressure Low - impending loss of principle
heat sink
5. Pressurizer Level Low - unexpected low heat transport
inventory
6. Heat Transport Pressure High - energy mismatch, reactor
power too high
Typical Trip System Parameters (cont’d)
7. Heat Transport Pressure Low - impending heat transfer
problems, boiling & cavitation
8. Heat Transport System Gross Flow Low - impending heat
transfer problems
9. Reactor Building Pressure High - possible hot fluid leak in
containment or loss of vacuum
10. Moderator Level Low - possible overrating of those channels
still moderated
11. Moderator Temperature High - lower sub-cooling margin for
moderator.
Manual
12. Manual Channelized (i.e. D, E & F) Trip Pushbuttons (with
common or individual capability).
Shutdown System
 The complete loss of electrical power to either
shutdown system will result in a reactor trip.
 Loss of air to the control valves for shutdown system2

will result in a reactor trip.
 Operation of SDS2 will automatically result in a

poisoning out of the reactor.
 Both shutdown systems are meant for FAIL-SAFE.
 If the plant is to be in an operational state, the reactor

protective system must be in a poised state in order to
provide safety action at all times.
Safety Functions and Associated Systems
Other safety features
1 Manual Backup
2. Identification and Tagging
 Safety systems equipment and its interconnections shall be
suitably identified e.g., by tagging or color-coding, to differentiate
this system from other plant systems.
 In addition, within safety systems, redundant channels/devices
shall be suitably identified to reduce the likelihood or inadvertent
maintenance, test, repair or calibration on an incorrect channel.
3. Control of Access to Safety Systems Equipment
 Access to equipment of the safety systems shall be appropriately
limited, bearing in mind the need to prevent both unauthorised
access and the possibility of error by authorised personnel.
Auxiliary Power Supply
 The auxiliary power supply (both electrical and controls) is
divided into two redundant groups. Each of these groups are
divided into safety related and non-safety related.
 Redundant groups of safety related equipments are separated
from one another by fire barriers of appropriate rating.
 Physical and electrical isolation is provided between safety
related and non-safety related systems.
 A supplementary control room in addition to the main control
room, is provided which can be used to perform essential safety
functions in case of main control room becoming unavailable.
 The sensors, power supply and controls of the supplementary
control room are independent of the main control room.
Lecture 10

Nuclear Industries
Fast Breeder Reactor (FBR) &

Sodium-Water Reaction (SWR)
Dr. Raghuram Chetty

Chennai- 600 036.
Fast Breeder Reactor (FBR)
 Liquid metal cooled reactor or Liquid Metal Fast
Breeder Reactor (LMFBR) is an advanced type of
nuclear reactor where the primary coolant is a liquid
metal
 FBR can produce nuclear fuel more than consumption.
Uses the fast neutrons from 235U fission on surrounding
238U to produce 239Pu
 In 10-20 years, enough Pu is produced to power

another reactor
 No moderators
 No water coolant
 U must be at 15%-30% enrichment to generate power
with fast neutrons while breeding Pu.
Fission in Light Water Reactor (LWR)
Control
Moderator Moderation
Water, Graphite
Fast neutron
10,000 km/s
(1/30 of light
speed)
2.2 km/s
10,000 km/s
Some fast neutrons are absorbed in 238U and produce 239Pu.

Comparison Between FBR and LWR
Fast Breeder Reactor Light Water Reactor

Pu (~20％) + 238U (~80％): Slightly enriched uranium
Fuel
MOX （ 3～4％ 235U）
Liquid sodium Coolant Water
None Moderator Water
Fast neutron Fission Thermal neutron
Core is small Large core

Temp. is more than 500oC Reactor Temp: ~300℃
Atmospheric pressure High-pressure
FBR around the world
DFR, PFR (Therso)

Super Phénix BN-600, 800(Belouarsk)
(Crays-Malville)
BOR-60(Dimitrovgrad)
CEFR(Beijing) FFTF (Hanford)
BN-350(Aktau) EBR (Idaho falles)
Phénix (Marcoule) Monju (Tsuruga)
Joyo (O-arai)
FBTR, PFBR (Kalpakkam)
:Closed
：in operation

FBR Programme in India
Future FBR
1000 MWe
Pool Type
Indegenous
Beyond 2025
CFBR 07 08
10 09
500 MWe
Pool Type 06
UO2-PuO2 Ø11950
Indigenous
From 2023… 04 05 11
03
02 01
12
FBTR PFBR
40 MWt 1250 MWt
13.5 MWe 500 MWe
Loop type Pool Type
PuC – UC UO2-PuO2
Since 1985 Indigenous
From 2013..
• MFTR 120 MWe
• From 2025
Fast Breeder Reactor at Kalpakkam
The 500 MWe Prototype Fast Breeder Reactor

(PFBR) under construction at Kalpakkam.
Schematic of PFBR at Kalpakkam
Further details at www.neimagazine.com

Liquid Metal Cooled Reactor
 The liquid metals used typically need good heat
transfer characteristics.
 Fast neutron reactor core tend to generate a lot of

heat in a small space when compared to other types
of reactor.
 A low neutron absorption is desirable in any reactor

coolant, and very important for a fast reactor.
 It has safety advantages because the reactor is not

kept under pressure, and they allow much higher
power density than traditional coolants.
Liquid Metal Fast Breeder Reactor
 Sodium is used as coolant in LMFBR because of the

following properties
 High heat capacity
 Boiling point (882 °C) is much higher than the reactor's
operating temperature
 Sodium does not corrode steel reactor parts
 It requires low pumping power compared to water.
Liquid Metal Fast Breeder Reactor
 A disadvantage of sodium is its chemical reactivity, which

requires special precautions to prevent and suppress fires.
 If sodium comes into contact with water it explodes, and
it burns when in contact with air
 In addition, neutrons cause it to become radioactive.
Hence the study of sodium-water reactions is important
concern to LMFBR operations.
LMFBR
Overview of Liquid Metal Fast Breeder (LMFBR)

LMFBR
supe
rhea
ter
Second Sodium loop

(non-radioactive)
The heat from the reactor is transferred through the primary and
secondary cooling system to the evaporator and superheater which
generates steam to drive the turbine generator. In this plant, liquid
metal sodium is used as the coolant of the primary and secondary
cooling system. Courtesy: Google Images
Fuel Arrangement in FBR
 238U + Pu (~20%)
 Blanket fuel of 238U is placed in
the peripheral, upper and lower
region of the core in order to
breed effectively.
 Enrichment is high in the outer
region of the core in order to
flatten the power distribution.
Driver fuel Small core

Short fuel
Small diameter
fuel in comparison
to LWR

Safety Criteria
Category of
Event frequency Plant criteria Safety criteria
conditions
1 Radiological release
> 1 /year High availability
Normal ALARA
Able to return to power Radiological release

2
> 10-2 /year at short term after lower than the limit
Incidental
rectification (50 µSv/y)
Able to restart after Radiological release

3
> 10-4 /year inspection, repair, lower than the limit
Accidental
requalification (1 mSv/y)
To maintain core
4 Plant restart not coolability, limited
> 10-6 /year
Hypothetical required change of core geometry
(< 50 mSv/y)
Releases lower than the

Design Extension Loss of plant
> 10-7 /year targets (no need off-site
Condition (DEC) investment
provisions)
LMFBR Reactor Safety Features
 Does not induce increased reactivity upon LOCA
 Negative core reactivity
 Secondary sodium isolation loop (non-radioactivity)
 Failure of one module causes reactor shutdown (loss of

criticality)
 Two independent reactor shutdown systems
 Forced and natural convection safety grade decay heat

removal system (SGDHRS) through three or four
independent loops.
Safety Features
Control & Safety Rod Drive Mechanism

Diverse Safety Rod Drive Mechanism
Shutdown System & Decay Heat Removal Systems
Passive Shutdown System
Diverse Safety Rod Drive Mechanism Liquid Poisson Injection System

Temperature Sensitive Electro Magnet in Diverse Safety Rod Drive
Mechanism (DSRDM) to minimize failure of shutdown system due to
instrumentation failure
Additional Liquid Poisson Injection System
Potential Failure Events from FBR
 Na leakage (primary/secondary Na, fuel storage Na)
 Na fouling/clogging, mixture of foreign materials in Na
 Sodium-water reaction (small scale, medium/large scale)
 failure of instrument/control systems
 failure or malfunction of equipment
 leakage of vapor, water, chemicals or oil
 structural deformation (vessels, piping, fuel assembly,
heat exchanger)
 radiation leakage (gas, liquid, solid)
 fire (electricity, turbine oil, controlled area, welding)
 failure of electrical system (diesel, power-generating
facility, electric motor)
Severe Accident Scenarios
Initiating Events Consequences

Total Instantaneous • Melt propagation from
Blockage (TIB) of a one SA to neighboring
subassembly (SA) SAs
Unprotected Loss of Flow • Bulk core melting
(ULOF) or • Criticality events
Unprotected Transient • Mechanical energy
Over Power (UTOP) release
Failure of Post Accident • Recriticality
Heat Removal Systems • Vessel integrity
Core Disruptive Accident Scenario
Fuel attains gradual transition Transient response from initiation

from solid to liquid phase, to neutronic shutdown with
resulting in core boiling. essentially intact geometry and a
Criticality condition can recur. gradual core melt down
Vapour explosion, Recriticality, Post accident heat removal

Sodium Reactivity with Water:
Sodium-water chemical interactions take place in two stages.
 In the first stage, the reaction proceeds at a high rate with
release of gaseous hydrogen:
Na + H2O = NaOH + ½ H2 + 140 kJ/mole
 In the second stage, chemical interaction takes place between

the products of the first stage and excess sodium:
2 Na + NaOH = Na2O + NaH
Na + ½H2 = NaH
 In steam generator, sodium and water are separated by thin
tube. A single crack or hole in tube can lead to sodium-water
interaction. NaOH and Na2O is corrosive agent and can
further increase the water leak rate.
Na-H2O Reaction
 The pressure of sodium side remains low (around 2-3
bars), while the water (steam) side pressure is high
(around 150 bars). The sodium and water are
separated by the heat transfer tube walls. Therefore if
there is a hole, weld defect or crack by thermal vibration
in the heat transfer tube, the high-pressure water/steam
leaks into the sodium part, resulting in a sodium-water
reaction.
 This reaction is so rapid and violent that the safety
system of the steam generator and secondary heat
transfer system is confronted with a dangerous state.
Types of Sodium Water Reaction
Na-H2O reaction can be classified according to water
leak rate as:
 Micro Leak
 Small Leak
 Intermediate Leak
 Large Leak
Micro Leak
 Leak rate is less than 0.1 gm/sec
and the diameter is less than 0.7
mm.
 Leak rate is so small that no
wastage of adjacent tubes is
occurred.
 As the hole becomes enlarge due to
corrosion, self wastage of tube
occurs.
 Self Wastage - a micro leak may
enlarge quite suddenly after a
period of time at a constant leak
rate. The enlargement of the leak
may be enough to cause an
increase in leak rate of several
orders of magnitude.
Small Leak
 Leak rate is in the range of 0.1
gm/sec to 10 gm/sec, leak
size can between 0.7 mm to 1
mm.
 As leak rate and size of leak is
large enough, it can damage
the tube opposite to it.
 Impingement wastage occurs
due to erosion and corrosion.
The secondary tube can be
failed within few minutes.
Intermediate Leak
 Leak rate is more than small
leak (10 gm/sec < leak rate
< 2 kg/sec). Where leak hole
diameter can vary from 1
mm to 7 mm.
 Due to Na-Water reaction

heat and hydrogen is
produced, and this
overheating can lead to
multiple tube failure
Large Leak
 Here leak rate is greater than 2 kg/sec and hole
diameter is more than 7 mm, as leak rate is too high,
pressure increases rapidly and multiple tube wastage
is occurred.
 To reduce pressure Surge tank and Rupture disc are

provided in heat exchanger.
Leak Detection System
 In the steam generator of a fast reactor, the high pressure
steam and hot sodium are separated by a steel wall.
 Any defect in the tube walls can cause steam to leak into
sodium.
 Since the sodium water reaction is highly exothermic and

caustic producing, the leaks can expand rapidly and lead to
explosions.
 The best means of detecting these leaks at the very

inception is to monitor the sodium at the steam generator
outlet for hydrogen/oxygen concentration.
 The leak detection system must be sensitive to small leaks
that may occur in the sodium to steam/water tube boundary,
and provide a reliable and responsive signal to the plant
operator.
 Additionally, provisions are required for prompt plant
corrective action to minimize potential damage that may
occur as a result of a steam/water to sodium leak.
 The device currently in use in fast reactors, measure
hydrogen flux. The hydrogen detector senses a change in
hydrogen concentration in sodium by measuring a change in
the rate of hydrogen diffusion through a nickel membrane
which is immersed in the sodium. An ion pump continuously
pulls a vacuum on the back side of the membrane and
hydrogen flux through the membrane is determined by
measurement of the ion pump current.
 The oxygen meter is an electrochemical cell for measuring
oxygen activity. This device has an electrical output which is
proportional to the difference in the oxygen activity between an air
reference electrode and the activity of oxygen in the sodium.
 Two oxygen meters / hydrogen sensors are provided in a single

module so that if one malfunctions, the leak detector continues to
operate until a convenient replacement time occurs.
 The leak detector can be utilized to detect steam/water to sodium

leaks by two methods:
(1) detecting a strong signal in a single pass
(2) detecting a gradual buildup of hydrogen and oxygen
concentration with loop circulation time or a rate of rise (ROR) of
concentration.
Strong Signal Detection
 Strong Signal Detection - The detector has a sensitivity

sufficient to resolve a signal from approximately 3 ppb
change in concentration in a hydrogen background of
100 ppb. A sensitivity of 6 ppb in the sodium stream is
chosen as the basis for detectability of an assured leak
signal.
 The water leak rate can be related as follows:
∆ Conc. of H2 = Leak rate/ Na flow rate
 The shortest time the detector can detect a leak (first
pass) is about one minute and the longest is about five
minutes.
Rate of Rise Detection
 Rate of Rise (ROR) Detection - A lower level of detection is
possible when the concentration is building up in each pass.
 The rate of rise (ROR) of hydrogen build up would also
indicate a leak when the concentration reached a detectable
level. The ROR technique can identify a leak on the order of
0.9 x 10-5 kg/sec, with a detection time of about 10 minutes.
 The time for a leak signal to be translated into a control
room signal depends on sodium flow rate, leak rate,
location, time constant of the detector module, and the
hydrogen background in the sodium stream.
 The time available for corrective action depends on the
wastage rate of the Steam Generator tube resulting from the
leak.
Plant Operator Actions
 Time available for corrective action depends on how

damaging a leak is in terms of self wastage and wastage
on the adjacent tube.
 By considering the combined factors of detector capability
and wastage damage potential, plant corrective measures
can be formulated. At the present, the approach to
establishing plant operator actions is in the formative
stages.
Plant Operator Actions
The reference approach is as follows:

 A leak signal should be confirmed by at least one other
detection device before corrective action is taken.
 Corrective action should be initiated promptly upon
receipt of a confirmed leak signal.
 Shutdown procedures should be based upon the
objective of minimizing damage to the steam generator
and intermediate loop.
 Shutdown procedures should provide for more rapid
actions if leakage rate increases during shutdown
process.
Current Plant Operator Action Plan
Leak Diameter Hole / m Detection Method Action
Micro Leak 0.025 x 10-3 Not detectable Continue operation
Initiate orderly system shutdown,

Rate of rise depressurize steam side; about 4
Small Leak ~0.050 x 10-3
h for evaporator, 2 h for
superheater.
Initiate orderly system shutdown,

Intermediate
First pass depressurize steam side; about 1
Leak ~0.10 x 10-3
h for evaporator, 12 min for
superheater.
Initiate rapid loop shutdown,

Large Leak depressurize steam side; about
~0.18 x 10-3 First pass
ten min. for evaporator, 2 min for
superheater.
Sodium Fire Protection
Na Leak
 Liquid sodium is used as a coolant in Fast Breeder

Reactor (FBR) systems.
 In the rare case of failure of a sodium bearing
component, sodium can leak out and react with
oxygen in the air and catches fire, when oxygen
concentration in the air is more than 5% and the
sodium temperature is more than 200 oC.
 Design provisions to defend against such sodium
leaks and the resultant fires play an important role in
the safe operation of a fast reactor.
Characteristics of Sodium
 Sodium is alkali metal which is soft and has metallic color.
 Weight of sodium is 0.97 times of water at 20 ºC.
 Melting point is 98ºC.
 Boiling point is 882ºC at atmospheric pressure.
Sodium is lighter
Soft & can cut by a knife Liquid sodium
than water
Sodium Fire
 When sodium reacts with water, hydrogen gas, NaOH
(which is corrosive) and heat are produced.
 Leak speed of sodium is generally slow due to
atmospheric system pressure. However, sodium reacts
with air as shown below, and produces lot of white
alkali aerosol.
Sodium Inventory
 Primary Na system ~ 1150 t
 Secondary sodium system ~ 430 t,
 Safety grade decay heat removal (SGDHR) system ~

120 t
 Reserve sodium 50 t (Non– Radioactive)
 Total sodium inventory ~ 1750 t

Design Consideration
 Na is Radioactive or Non - Radioactive
 Location of system / component
 Quantity of Na leak
 Accessibility for intervention
 Type of sodium fire
 Sodium reacts with water in the concrete and

produces heat. Which can lead to damage of
concrete structure.
Design Strategies
 Make Na leak improbable
 Minimise Na leak by:
 Early Na leak detection
 Safety actions
 Minimise contact with air / concrete
 Dealing with sodium fire by:
 Fire fighting
 Controlled ventilation of Na aerosols
 Cleaning and disposal
Dealing with Sodium Fire
 Major systems in well separated buildings
 Use of partition walls / barriers to prevent spread of sodium fire.
 If sodium is radioactive, only passive system is required to avoid Na
fire (No direct fighting)
 For non–radioactive Na passive & active system of fire fighting
 Well defined approach route for fire fighting persons
 Direct Na fire fighting using dry chemical powder (DCP) e.g. sodium
bicarbonate or lithium carbonate . Inert gas such as nitrogen or argon
could be injected to extinguish Na fire.
 Storage of adequate quantity of dry chemical powder at strategic
locations (3 times more)
 Application of DCP by shovel for small fires, portable/ mobile
extinguishers for medium and large fires.
Example of a leak location
Leak location IHX
Reactor
Evaporator
Super heater
Air cooler
Pump for secondary system
Design basis to prevent Sodium fire
 To reduce the quantity of sodium coming out
 Double envelope and
 Leak collection tray are used.
 To prevent the spreading of sodium fire well barriers or
partition walls are used (which can withstand for three
hours).
 To prevent sodium – concrete interaction, a thin metal
liner on concrete wall is used.
 Sodium circuit is protected from accidental dropping of
objects and other missile object by suitable design.
Na Leak Collection Tray
 The leak collection tray (LCT)
mainly consists of two sloping
plates (angle 20oC) forming a funnel
like structure supported on the
sodium hold-up vessel.
 These sloping plates with V-shape
orientation rapidly guide the leaked
sodium to a central drainpipe, which
ends at 20 mm above the bottom
surface of the hold-up vessel.
 The drained sodium is accumulated
in the hold-up vessel with limited
exposure to air. A vent pipe of
smaller diameter is provided on the
slopping plates to facilitate the easy
draining of the leaked sodium.
Details of Prototype of LCT

Research on FBR
 The fire risks of liquid sodium have been, and continue to
be, investigated, as the new generation of FBR systems is
designed and developed.
 Safety remains at the forefront of nuclear industry thinking,

and it is all too aware of the radioactive and safety risks
posed by reactor leaks and fires at nuclear sites.
 Drawing on past experience, a range of new experimental

and numerical simulations and research projects are being
undertaken, in order to design and enhance reactor safety
systems and accident management procedures.
Lecture 14

Nuclear Industries
Probabilistic Hazard Evaluation
Dr. Raghuram Chetty

Chennai- 600 036.
Introduction
 The previous chapters focused on the identification of
hazards and qualitative evaluation of their likelihood and
consequences.
 This chapter deals with the probabilistic treatment of
hazards.
 Probability: The chance or the likelihood of occurrence of
an event.
 Reliability: The probability that an item will perform a
required function under stated conditions for a stated
period of time.
The probability of survival, R(t), plus the probability of
failure, F(t), is always unity.
Reliability
 The definition given brings out several important points
about reliability:
• it is a probability,
• it is a function of time, and
• it is a function of the definition of failure.
 Some definitions of failure are (1) failure in operation, (2)
failure to operate on demand, (3) operation before demand,
and (4) operation after demand to cease.
 The first of these definitions is applicable to equipment
which operates continuously, while the other definitions are
applicable to one which operates intermittently.
Aim of Reliability
 To find reasons for mistakes and try to eliminate these
reasons, i.e. to increase the reliability of the product that no
mistakes occur.
 To find consequences of mistakes and if possible diminish or
eliminate them, i.e. to increase the products safety against
occurred mistakes.
• Find
Performance • Estimate
• Reduce Causes
Durability • Eliminate
Reliability
Experience
Safety Fault
Feed-back
Faultless • Find
• Estimate
• Reduce Consequences
• Eliminate
Description
 Reliability is heavily dependent on Probability and
Statistics for measuring and describing its characteristics.
 Hazard rate (Failure rate): is the number of failure per
unit time, λ(t).
 Failure Distribution: this is a representation of the
occurrence failures over time usually called the Probability
Density Function, PDF or f(t).
 Cumulative Failure Distribution: it is the cumulative
version of the PDF. It's called the CDF or F(t).
 Reliability: If we can call the CDF the unreliability of a
product, then 1-F(t) must be the reliability, R(t).
Description
For a piece of equipment:
 f(t)dt = probability of failure in time dt about time t

after start of operation.
 λ(t)dt = probability of failure in time dt about time t,

given that the equipment has survived to time t.
 F(t) = probability that the equipment fails prior to

time t after start of operation.
Description
 Reliability, R(t) = 1- F(t)
 Mean Time Between Failures (MTBF) is the

expected time between two successive failures of a
system. Therefore, MTBF is a key reliability metric
for systems that can be repaired or restored.
 MTTF (mean time to failure) is the expected time to

failure of a system. Non-repairable systems can fail
only once.
Failure rate
 Failure rate is the frequency with
which an engineered system or
component fails, expressed for
example in failures per hour. The
failure rate of a system usually
depends on time, with the rate
varying over the life cycle of the
system.
Failure rate
 Failures do not generally occur at a
uniform rate, but follow a distribution
in time commonly described as a
"bathtub curve." The life of a device
can be divided into three regions:
 The first part is a decreasing
failure rate, known as early
failures.
 The second part is a constant
failure rate, known as random
failures.
 The third part is an increasing
failure rate, known as wear-out
failures.
Reliability
 If a number of components are in working order at time t =
0 in the useful life phase, and if the failure rate is constant
at f (e.g. f failures per year) then the probability of failure
by time t will be:
 Reliability over time t = e–ft
For example, a component of failure rate of 0.05 per year
would have a reliability over a period of 10 years of:
R(t) = e–ft = e-0.05 x 10 = 1/e0.05 x 10 = 0.606 (i.e. 61%
and the probability of failure in 10 years is
1-R(t) = 0.394 (or 39 %)
Calculation of Reliability - Example
 Consider two identical pumps. Examination of records

provides the following information:
There have been 20 failures of one or other of the pump
in 10 years, and there is no reason to believe that one
pump has had significantly more failures than the other.
On average, when a pump breakdown occurs, and the
other pump is put on-line, the pump which has failed is
out of service for 5 days for repair.
 How often will there be no pump available, because the
operating pump has failed before the other pump has been
repaired.
Solution:
The frequency of failure of the operating pump is 2 /year.
The average duration per year for which a pump is repaired
is thus
2 x 5 = 10 days /year
Therefore the probability that there is only pump in operable
condition is
10/365 = 0.0274
Solution:
The operating pump fails with a frequency of 2/year. The
probability that it will fail when there is no operable spare is
0.0274. Therefore the frequency of operating pump failing
when there is no operable spare is:
2 x 0.0274 = 0.0547 /year
That is, around once per 18 years on average.

Probability Distribution for Describing Failures
An important part of reliability is identifying,
understanding, and optimizing the type of statistical
distribution that represents the product. The following are
a few common examples, and different distributions fit
different types of failure data.
 Normal Distribution: the most common distribution
usually representing wearout situations (2 parameter).
 Exponential Distribution: a one parameter distribution
usually used for electronic products, or products where
there are all sorts of distributions tending to combine to a
constant hazard rate.
 Weibull Distribution: can be used to represent a number
of other distributions such as the Normal, the Exponential,
and others (usually 2 parameter but can be 3 parameter).
The Weibull can be used to represent the three regions of
the classic reliability "Bathtub" curve: (Region 1) the
decreasing failure rate associated with infant mortality,
(Region 2) the constant failure rate of useful life, and
(Region 3) the wearout period of increasing failure rate.
 Binomial Distribution: used to represent situations
where there are two possible outcomes, success or
failure and the probability of one of the types of outcomes
is known.
 Poisson Distribution: used to determine the likelihood of

a number of events occurring in a set of trials if the
likelihood of an individual event is known.
Demand and Failure
 There are two concepts which are important for
construction of fault/event trees and especially for
calculating the frequency of incidents or failures. They are
demand and protection failure.
 In the case of a boiler for generating steam, the pressure
may be controlled by a pressure sensor sending a signal
to an automatic controller, which in turn sends a signal to
a control valve in the fuel line, such that if the pressure
starts to fall below the set point then the valve increases
the fuel flow; and if the pressure starts to rise above the
set point then the valve closes partly to reduce the fuel
flow.
Demand and Failure
 The control system is needed continually for normal
operation. Any failure of any component of the control
system causes a problem.
 This can be contrasted with the pressure relief valves fitted
to the boiler. They are designed to release excess pressure
to prevent the boiler from bursting if the pressure control
system fails. It is important to note that the pressure relief
valves are not needed continually, since they are inactive
as long as the pressure control system is operating
correctly. But the moment that the pressure control system
fails and the pressure starts to rise to an excessive level,
then the pressure relief valve are needed, and only then.
Distinguishing “Demands” from “Failure”
 A failure of the normal method of operation (e.g., a
failure of the boiler pressure control system, or failure of an
operator to perform a routine operation correctly) is called
a demand.
 A failure of the response to a demand (e.g., a failure of
the pressure relief valves) is called a protection failure.
 A protection system is one that is needed only when the
normal means of operation fails, that is, when a demand
occurs.
Distinguishing “Demands” from “Failure”
This distinction is important for two reasons:
 When constructing a fault/event tree, it is helpful to show the
undesired hazardous incident resulting from a combination of a
demand AND a protection failure; and
 When assessing the frequency of hazardous incidents, it is
essential for demands to be shown as frequencies, and for
protection failures to be shown as probabilities.
An alternative example of demands and protection failures is as
follows:
 If car breaks down on a freeway, and the nearest telephone has
been damaged by vandals, then the breakdown is the demand,
and the telephone being in a vandalized condition is the
protection failure.
Fault Tree Analysis
 In order to proceed with quantitative analyses of the
probability that a hazard will occur, it is necessary to have
access to failure rate data.
 In many - component systems like chemical plants, it is
important to analyze possible failure sequences and to
perform probabilistic analysis so that quantitative
comparisons can be made of the failures associated with
various design routes.
 Fault tree analysis (FTA) is a technique by which many
events that interact to produce other events can be
related in a logical hierarchy that represents the ways in
which a particular failure of a system can occur.
Fault Tree Elements
Top event
Boolean operators
Intermediate event
House event
Transfer to
Primary event Incompletely another
developed fault tree
event
Events Symbol
Primary or base event –

Conditioning event –
basic fault event requiring
specific conditions which
no further development. applies to a logic gate (used
mainly with PRIORITY and
INHIBIT gates).
Undeveloped or diamond
event – fault event which
has not been further
development. External or house event –
event which is normally
expected to occur.
Intermediate event –fault
event which occurs due to
antecedent causes acting
through logic gate.
Logic Gates Symbol
AND gate – output PRIORITY-AND gate –
exists only if all output exists if all inputs
inputs exist occur in a specific
sequence
OR gate – output EXCLUSIVE OR gate –

exists if one or more output exists if one, and
inputs exist only one, input exist
INHIBIT gate – output exists if input

occurs in presence of the specific
enabling conditions
TRANSFER OUT– symbol
indicating that the portion of
TRANSFER IN– symbol the tree below the symbol is to
indicating that the tree is be attached to the main tree at
developed further at the the corresponding
corresponding TRANSFER TRANSFER IN symbol
OUT symbol
Fault Tree Logic Symbols
Operation, OR Operation, AND
Event A occurs when either Event A occurs when

event B or C occurs both event B and C
occur
Fault Tree Construction
 FTA is an approach to the identification and control of
high risk areas using a formalized deductive process for
identifying the possible modes of occurrence of a
specified undesired event (the top event).
 The tree my be thought of as a graphic model that

reveals various parallel sequential combinations of
components states that can result in the top (fault) event.
 The objectives of fault tree analysis are
To systematically identify possible modes of
occurrence of a given undesired event
To provide a clear and demonstrable record of the
analytical process
To provide bases for evaluation of design and
procedural alternatives.
 Fault tree is structured so that the undesired event
appears at the top. The sequences of events that lead to
the undesired event are predicted below the top of event
and are logically linked by branches to the undesired
event by OR and AND gates. Those events that have a
more basic cause are developed further until the
sequences finally lead to the primary causes for which
there are failure rate data available.
Rules and Definition
 Rule 1: For a fault event, describe

 a. What the fault state of that system or component is
 b. When that system or component is in fault state.
 Rule 2: There are two basic types of fault statements,
state-of-system and state-of- component.
 a. If the fault statement is a state of system, use Rule 3
 b. If the fault statement is a state of component, use
Rule 4
 Rule 3: A state-of-system fault may use an AND, OR or
INHIBIT gate or no gate at all. To determine which gate to
use, the fault must be the
 a. Minimum necessary and sufficient fault events
 b. Immediate fault events
 Rule 4: A state-of-component fault always uses an OR gate.
 a. Primary failure- failure within the design envelop or
environment.
 b. Secondary failure- failure due to excessive
environments exceeding the design environment.
 Rule 5: No gate-to-gate relationship
 Rule 6: Things that would normally occur as the result of a

fault will occur.
 Rule 7: In an OR gate, the input dose not cause the
output. If an input exists, so does the output.
 Rule 8: An AND gate defines a casual relationship. If the
input events coexist, the output is produced.
 Rule 9: An INHIBIT gate describes a casual relationship
between one fault and another, but the indicated condition
must be present. Inhibit conditions may be faults or
situations, which is why AND and INHIBIT gates differ.
Simple fault tree example
For a cooling a reactor
Running pump
Normal Power
P1 supply
Emergency Power
supply (DG)
P2
Standby pump P1
P2
Simple fault tree example
No water supply
TOP
No water supply No water supply

from running pump from standby pump
G1 G2
Working Normal power Power supply

pump Standby pump
supply failure failure
failure failure
NP G3
P1 P2
Normal power Emergency

supply failure power
supply failure
NP EP
Minimal cut set identification
Minimal cut set is a smallest combination of component
failures which, if all occur, will cause the top event to occur.
TOP = G1 * G2
G1 = P1 + NP
G2 = P2 + G3
G3 = NP * EP
TOP = (P1+NP) * (P2+NP*EP)

= P1*P2 + P1*NP*EP + NP*P2 + NP*EP
= P1*P2 + NP*P2 + NP*EP
(Minimal cut sets)
Pressure Tank System
 Figure shows a pressure tank- pump-motor device
and the associated control system.
K1
S1 K2 R
T
Pressure Tank System
 The function of the control system is to regulate operation of
the pump, which pumps fluid from a large reservoir into the
tank.
 It takes 60 seconds to pressurize the tank. The pressure
switch has contacts which are closed when the tank is empty.
 When the appropriate pressure has been reached, the
pressure switch contacts open, de-energize the coil of relay
K2 so that relay K2 contacts open, removing power form the
pump. This causes the pump motor to stop.
 The outlet valve is not a pressure relief valve. When the tank
is empty and the pressure switch contacts close, and the
cycle is repeated.
Pressure Tank Rupture Fault Tree
(Continued next page)

Pressure Tank Rupture Fault Tree
(Continued from previous page)
Basic (reduced) fault tree for pressure tank
E1 Top Event
E2, E3, E4, E5 Intermediate fault events
R Primary failure of timer relay
S Primary failure of pressure switch
S1 Primary failure of switch S1
K1 Primary failure of relay K1
K2 Primary failure of relay K2
T Primary failure of pressure tank
Minimal Cut Sets
 The top event may be related to lower level events and

ultimately to the primary input events as follows:
E1 = T + E2
= T + (K2 + E3)
= T + K2 +(S. E4)
= T + K2 + S. (S1 + E5)
= T + K2 + (S. S1) + (S. E5)
= T + K2 + (S. S1) + S. (K1. R)
= T + K2 + (S. S1) + (S. K1)+ (S. R)
Minimal Cut Sets
 There are five minimal cut sets, 2 singles and 3 doubles, viz:
T
K2
S. S1
S. K1
S. R
Each defines an event or combination of events that could
initiate the top event. The leading contributor is the single
relay K2 because it represents a primary failure of an active
component.
Probability
 Because a minimal cut is an intersection of events, the
probabilities associated with the five minimal cut sets are
then obtained by multiplying the appropriate component
failure probabilities.
P [T] = 5 x 10-6
P [K2] = 3 x 10-5
P [S. K1] = (1 x 10-4) (3 x 10-5) = 3 x 10-9
P [S. R] = (1 x 10-4) (1 x 10-4) = 1 x 10-8
P [S. S1] = (1 x 10-4) (3 x 10-5) = 3 x 10-9
and P (E1) ≅ 3.4 x 10-5
Probability
 The relative quantitative importance of the various cut sets can be
obtain by taking the ratio of the minimal cut set probability to the total
system probability.
Cut Set Importance
T 14 %
K2 86%
S. S1 Less than 0.1%
S. K1 Less than 0.1%
S. R Less than 0.1%
 This example illustrates the importance of systematic development in
dealing with fault trees. On superficial assessment, it might appear
that failure of the pressure switch is the most serious fault in the
control system-but the developments shows it is the K2 relay.
Fault Tree of a Runaway Reaction
runaway reaction within reactor
Excess heat
Insufficient cooling
wrong addition of too much heat reactants

agitator temperature
cooling reactants applied accumulated
failure indicator
failure
failure
temperature operator
cooling cooling cooling indicator error
supply not applied failure
mixing
failure started too late
incomplete
low process
temperature
over under over incorrect
charge of charge of charge of charge
reactants solvent initiator rate
agitator agitator
not failure
started
preheat not temperature operator
started indicator failure error
FTA Benefits and Considerations
Benefits
 Provides a visual description of system functions that lead to
undesired outcomes.
 Identifies failure potentials which may otherwise be overlooked.
 Identifies design features that preclude occurrence of a top
level fault event.
 Identifies manufacturing and processing faults.
 Determines where to place emphasis for further testing and
analysis.
 Directs the analyst deductively to accident-related events.
 Useful in investigating accidents or problems resulting from
use of a complex system.
Considerations
 FTA addresses only one undesirable condition or event at
a time. Many FTA might be needed for a particular
system.
 FTA is time/resource intensive.
 In general, design oriented FTA require much more time
than failure investigation FTA.
Summary of Fault Tree Analysis
 FTA is used as a Reliability and a Safety tool
 Simple to use
 Graphics make it easy to understand
 Each event is displayed by a unique shape
 Helps to prevent and correct errors in the system.
ETA
Event Tree Analysis

Event Tree Analysis
 An event tree analysis (ETA) is an inductive procedure that
shows all possible outcomes resulting from an accidental
(initiating) event, taking into account whether installed
safety barriers are functioning or not, and additional events
and factors.
 By studying all relevant accidental events (that have been
identified by a preliminary hazard analysis), the ETA can be
used to identify all potential accident scenarios and
sequences in a complex system.
 Design and procedural weaknesses can be identified, and
probabilities of the various outcomes from an accidental
event can be determined.
Introduction
 An event tree is a visual representation of all the events
which can occur in a system.
 The event tree displays the sequences of events involving
success and/or failure of the system components.
 As the number of events increases, the picture flow out like
the branches of a tree.
 Event trees can be used to analyze systems in which all

components are continuously operating, or for systems in
which some or all of the components are in standby mode,
which involve sequential operational logic and switching.
Illustration of ETA
Accident
Event System System 2
Sequence
I
Success
IS1S2
(S2)
Success
State
(S1) Failure
IS1F2
Initiating event (F2)
(I) Success
(S2) IF1S2
Failure State
(F1) Failure
IF1F2
(F2)
ETA Example
A simple example of an event tree is shown below.
Sprinkler Call to
Out come Consequence
System Fire Service
Success
OK 1
Success
Failure
Partial 2
Damage
Fire Success
Partial 2
Failure Damage
Failure System 3
Destroyed
ETA Example Description
 This event tree was constructed to analyze the possible
outcomes of a system fire.
 The system has 2 components designed to handle this

event: a sprinkler system and an automated call to the fire
department.
 If the fire department is not notified, the fire will be mostly

contained by the sprinkler system. If the sprinkler system
fails as well, the system will be destroyed.
ETA Example Description
 The goal of an event tree is to determine the probability of
an event based on the outcomes of each event in the
chronological sequence of events leading up to it.
 By analyzing all possible outcomes, you can determine the

percentage of outcomes which lead to the desired result.
ETA Example
Sprinkler
Initiating Start of Fire alarm is Frequency
system does Outcomes
event fire not activated (per year)
not function
True Uncontrolled
fire with 8.0 . 10-
0.001 no alarm
8
True
0.01 False Uncontrolled
7.9 . 10-
0.999 fire with alarm 6
True
0.80 True Controlled fire

8.0 . 10-
0.001 with no alarm 5
False
Fire 0.99 False Controlled fire
10-2 per year 7.9 . 10-
with alarm 3
0.999
False
No fire 2.0 . 10-
0.20 3
ETA Main Steps
 Identify (and define) a relevant accidental (initial) event
that may give rise to unwanted consequences
 Identify the barriers that are designed to deal with the

accidental event
 Construct the event tree
 Describe the (potential) resulting accident sequences

ETA Main Steps
 Determine the frequency of the accidental event and the
(conditional) probabilities of the branches in the event
tree
 Calculate the probabilities/frequencies for the identified

consequences (outcomes)
 Compile and present the results from the analysis.

Chemical Reactor
TIC
Temperature
Controller
TIA
Alarm at High Temperature

T > TA Alarm
ETA for loss of coolant
 Consider the reactor system as shown in the
previous slide. The reaction is exothermic so a
cooling system is provided to remove the excess
energy of reaction. A high temperature alarm has
been installed to warn operator of a high
temperature within the reactor. The event tree for a
loss of coolant initiating event is shown the next
slide.
 Four safety functions are identified.
The first is the high temperature alarm.
The second is the operator noticing the high reactor
temperature during normal inspection
The third is the operator re-establishing the coolant
flow by correcting the problem in time.
The final safety function is invoked by the operator
performing an emergency shutdown of the reactor.
 The event tree can be used quantitatively if data are

available on the failure rates of the safety functions and the
occurrence rate of the initiating event.
 For e.g. assume that a loss of cooling event occurs once a
year. Lets us also assume that the hardware safety
functions fail 1% of the time they are placed in demand. This
is a failure rate of 0.01 failure/demand. Also assume that the
operator will notice the high temperature 3 out of 4 times
and that 3 out of 4 times the operator will be successful
(0.75) at re-establishing the coolant flow. Both of these
cases represent a failure rate of 1 time out of 4, or 0.25
failure /demand
 Finally, it is estimated that the operator successfully shuts

down the system 9 out of 10 times. This is a failure rate of
0.10 failure/demand.
 Failure rates for the safety functions are written below the
column headings. The occurrence frequency for the initiating
event is written below the line originating from the initiating
event.
ETA Computational Sequence
The computational sequence performed at each junction is
shown in the Figure below. The upper branch, by
convention, represents a successful safety function and
the lower branch represents a failure. The frequency
associated with the lower branch is computed by
multiplying the failure rate of the safety function times the
frequency of the incoming batch. The frequency
associated with the upper branch is computed by
subtracting the failure rate of safety function from 1 (giving
the success rate of the safety function) and then
multiplying by the frequency of the incoming batch.
ETA Computational Sequence
Safety Function
0.01 Failure/ Demand
Success of Safety Function

(1-0.01)* 1 = 0.99 Occurrence
/yr.
Initiating Event
(Loss of Cooling)
1 Occurrence per Failure of Safety Function
year 0.01* 1 = 0.01 Occurrence /yr.
The computational sequence across a safety function in an event tree.
High Temp Operator Operator
Safety Re-starts Operator
Alarm Alerts Notices Shuts Down Result
Function operator High Temp Cooling
Reactor
Identifiers: B C D E
Failure /Demand 0.01 0.25 0.25 0.01
A
0.7425 Continue Operation
AD
0.99 Shut Down
0.2227
0.2475 ADE
Runaway
A 0.02475
1 AB
Continue Operation
0.005625
Initiating Event:
Loss of Cooling ABD
1 Occurrence 0.0075 Shut Down
0.001688
per year
0.001875 ABDE
Runaway
0.0001875
0.01
ABC
Continue Operation
0.001875
ABCD
0.0025 Shut Down
0.0005625
0.000625 ABCDE
Runaway
0.0000625
ETA for loss of coolant accident
Therefore,
Shutdown: 0.2227 + 0.001688 + 0.0005625

= 0.2250 occurrence/ year
Runaway: 0.02475 + 0.0001875 + 0.0000625

= 0.02500 occurrence/ year
 The event tree analysis shows that a dangerous runaway
reaction will occur on a average 0.025 times per year, or once
every 40 years.
 This is consider too high for this installation.
 A possible solution is the inclusion of a high-temperature reactor
shutdown system. This system would automatically shut down
the reactor in the event that the reactor temperature exceeds a
fixed value.
ETA for a runaway reaction
Runaway Vent Contained
reaction Reactor through within
Immediate Delayed
catastrophic disposal
within relief Ignition Ignition Outcome
rupture system
reactor system
Yes
fireball
Yes Yes
fireball & VCE
No safe
Yes No dispersion
safe
Yes containment
Yes
jet fire
Yes
flash fire & VCE
No
No safe
No No dispersion
Yes fire & confined
explosions
Yes
fire & confined
No explosions
No
safe
No dispersion
Positive
 Visualize event chains following an accidental event
 Visualize barriers and sequence of activation
 Good basis for evaluating the need for new /
improved procedures and safety functions.
Negative
 No standard for the graphical representation of the
event tree.
 Only one initiating event can be studied in each
analysis.
 Easy to overlook subtle system dependencies.
 Not well suited for handling common cause failures
in the quantitative analyses.
 The event tree does not show acts of omission.
References
 S. Banerjee “Industrial Hazards and Plant Safety”, Taylor
& Francis, NY, 2003.
 W.E. Veseley et al. “Fault Tree Handbook” NUREG 0492,
US Nuclear Regulatory Commission, Washington DC,
1981.
 D. Crowl and J. Louvar “Chemical Process Safety:
Fundamentals with Applications”, 2nd Edition, Prentice
Hall, 2001.
 C.S. Kao, K.H. Hu, “Acrylic reactor runaway and explosion
accident analysis”, Journal of Loss Prevention in the
Process Industries, 15 (2002) 213–222.
Lecture 1

Nuclear Industries
Review of Industrial Accidents
Dr. Raghuram Chetty

Chennai- 600 036.
Definitions
Safety
The condition of being safe; freedom from danger, risk or
injury.
Reliability
The probability that a component part, equipment, or system
will satisfactorily perform its intended function under the
given circumstances for a specified period of time.
Major Oil Industry Accidents
 July 6, 1988: Piper Alpha disaster. An explosion and

resulting fire on a North Sea oil production platform.
 Total insured loss is about US$ 3.4 billion. Rated as the

world's worst offshore oil disaster in terms both of lives
lost and impact to industry.
 167 men were confirmed dead.

 March 23, 2005: Texas City Refinery explosion. An
explosion occurred at a British Petroleum refinery in
Texas.
 It is the third largest refinery in the United States and one
of the largest in the world, processing 433,000 barrels of
crude oil per day and accounting for 3% of that nation's
gasoline supply.
 Over 100 were injured, and 15 were confirmed dead.
 Several level indicators failed, leading to overfilling of a
drum, and light hydrocarbons concentrated at ground
level throughout the area. A nearby running diesel truck
set off the explosion.
 December 11, 2005: Hertfordshire Oil Storage Terminal

fire.
 A series of explosions at the Buncefield oil storage depot,
described as the largest peacetime explosion in Europe,
devastated the terminal and many surrounding
properties.
 There were no fatalities. Total damages have been
forecast as £750 million.
 April 20, 2010: The Deepwater Horizon oil spill (BP oil
spill) in the Gulf of Mexico flowed for three months.
 It is the largest accidental marine oil spill in the history of

the petroleum industry.
 The explosion killed 11 men working on the platform and

injured 17 others. About 4.9 million barrels of crude oil
was released into the sea.
BP Oil Spill Gulf Mexico

12 Killed in IOCL October 29, 2009.
The Burning Indian Oil Corporation depot

IOCL fire due to negligence
Major Chemical Industry Accidents
 June 1, 1974: Flixborough disaster, England. An

explosion at a chemical plant near the village of
Flixborough kills 28 people and seriously injures another
36.
 July 10, 1976: Seveso disaster, in Seveso, Italy, in a

small chemical manufacturing plant, due to the release of
dioxins into the atmosphere, 3,000 pets and farm animals
died and, later, 70,000 animals were slaughtered to
prevent dioxins from entering the food chain.
 In addition, 193 people in the affected areas suffered from
chloracne and other symptoms. The disaster lead to the
Seveso directive, which was issued by the European
Community and imposed much harsher industrial
regulations.
 November 19, 1984: San Juanico, Mexico LPG Disaster,
a gas leak in stored LPG set off a gas cloud which drifted
towards houses, ignited and caused BLEVE, rupturing
large spheres and many cylinders 500 deaths, unknown
number of burn victims
 December 3, 1984: The Bhopal disaster in India is the

Worst and Largest industrial disaster on record. A faulty
tank containing poisonous methyl isocyanate leaked at a
Union Carbide plant and left nearly 4,000 people dead on
the first night of the gas leak and at least 15,000 later from
related illnesses. The disaster caused the region's human
and animal populations severe health problems to the
present.
 October 23, 1989: Phillips Disaster. Explosion and fire
killed 23 and injured 314 in Pasadena, Texas. Capital
losses over $715 million.
Bhopal - India
 Bhopal is the capital of a less developed
Madhya Pradesh
 70’s period of green revolution – large scale

use of fertilizers & pesticides
 Import of pesticides costly, indigenous

production encouraged
 Incentives for industrial development
 1969 - UCIL subsidiary of UCC set up

pesticide plant to make Carbaryl in using
imported raw materials
 1979 – granted licence to make MIC based

pesticides
 1980 – production started

Union Carbide
Refrigeration Unit
Vent Gas Scrubber
Flare Tower
Water Curtain
Alarm Siren
Methyl Isocyanate Storage Tank
Bhopal - the World's Worst Industrial Disaster
 The Bhopal disaster, also known as the Union Carbide

disaster or the Bhopal gas tragedy, was an industrial
catastrophe that took place at a Union Carbide pesticide
plant in Bhopal on December 3, 1984.
 Around 12 a.m. the plant released 40 tons of methyl

isocyanate (MIC) gas and other toxins, resulting in the
exposure of over 500,000 people.
 Estimates vary on the death toll. The government has
confirmed a total of 4000 deaths related to the gas
release.
 Other government agencies estimate 15,000 deaths.

Others estimate 8000 to 10,000 died within 72 hours
and 25,000 have since died from gas-related diseases.
 25 years after the gas leak, 390 tonnes of toxic chemicals
abandoned at the Union Carbide plant continue to leak
and pollute the groundwater.
 There are currently civil and criminal cases related to the

disaster ongoing in the United States District Court, the
District Court of Bhopal, against Union Carbide, now
owned by Dow Chemical Company, with an Indian arrest
warrant pending against Warren Anderson, CEO of Union
Carbide at the time of the disaster.
Lethal Dose Comparison
Lethal Dose, ppm Chemical
50.0 Carbon Monoxide
25.0 Chloroform
10.0 Methyl amine
10.0 Benzene
10.0 Acetic acid
10.0 Cyanogen
0.10 Phosgene
0.02 MIC
Bhopal Industrial Disaster

Bhopal Disaster
Areas affected by MIC release
A vast stock of MIC provoked by ingress
of water unleashed a furious gas cloud on
unsuspecting people, at midnight
“A Sleeping community outside
as the gas began its spread. Bodies
roused, coughing, crying out, eyes
burning and watering. Thousands
running, staggering through alleys, many
clutching their babies, not knowing where
to run, which way to escape. Death by the
thousands, injuries by the tens of
thousands. Pandemonium in the hospital.
By daybreak the scene of silence around
those left behind: Fathers, mothers,
children, cows, bulls, goats, dogs – all in
final repose. A peace in its eeriness never
before more heart wrenching. Mass
cremations, mass burials”.
-Wil Lepkowski, C & EN News,1985.
Flixborough Disaster, England
 The chemical plant in operation since 1967, produced

caprolactam, a precursor chemical used in the
manufacture of nylon.
 The process involved oxidation of cyclohexane with air in
a series of six reactors to produce a mixture of
cyclohexanol and cyclohexanone.
 Two months prior to the explosion, a crack was
discovered in the number 5 reactor. It was decided to
install a temporary 50 cm diameter pipe to bypass the
leaking reactor to allow continued operation of the plant
while repairs were made.
 At 17:00 hrs on Saturday 1 June 1974, the temporary
bypass pipe (containing cyclohexane at 150°C and 1 MPa
(10 Bar)) ruptured, possibly as a result of a fire on a
nearby pipe which had been burning for nearly an hour.
Within a minute, about 40 tons of the plant's 400 tons
store of cyclohexane leaked from the pipe and formed a
vapour cloud 100–200 meters in diameter. The cloud, on
coming in contact with an ignition source (probably a
furnace at a nearby hydrogen production plant) exploded,
completely destroying the plant.
 Around 1,800 buildings within a mile radius of the site
were damaged.
 Observers have said that had the explosion occurred on

a weekday, more than 500 plant employees would likely
have been killed. Resulting fires raged in the area for
over 10 days.
A failure of a temporary pipe section replacing reactor 5 caused

the Flixborough accident
Flixborough Disaster
Image courtesy:
Google Images
Seveso disaster, Italy
 The Seveso disaster was an industrial accident that

occurred on July 10, 1976, in a small chemical
manufacturing plant (ICMESA) near Milan in Italy. It
resulted in the highest known exposure to 2,3,7,8-
tetrachlorodibenzo-p-dioxin (TCDD) in residential
populations.
 Trichlorophenol was intended as an intermediate for the
herbicide 2,4,5-T (2,4,5-trichlorophenoxyacetic acid).
 This reaction must be carried at a temperature above that

of the normal process utilities that were available, so the
exhaust steam from onsite the electricity turbine was
passed around an external heating coil of the reactor. The
exhaust steam was at 12 bar and 190°C, resulting in a
reaction mixture at 158°C.
 The plant was supposed to shutdown over the weekend,

and parts of the site started to close down as batches
finished. This caused the load on the turbine to fall
dramatically, resulting in the exhaust steam temperature
rising to around 300°C, heating the reactor wall to the same
temperature.
 The relief valve eventually opened, and about 6 tonnes of

chemicals were released into the air. The accident was not
immediately noticed. No one was at the plant when it
happened.
 The first sign of health problems, burn-like skin lesions,
appeared on children a few hours after the accident.
Latter a severe skin disorder usually associated with
dioxin, broke out on some of the people most exposed to
the cloud.
 Authorities began an investigation five days after the

accident, when animals such as rabbits began to die en
masse. Roughly 70,000 animals -- were killed to prevent
contamination from filtering up the food chain.
Zone A: >50 µg/m2

Zone B: 5-50 µg/m2
Zone R: <5 µg/m2

The Mexico LPG Disaster
 LPG disaster in San Juanico, Mexico city
 19 Nov 1984 (2 weeks before the Bhopal tragedy)
Image courtesy:
Google Images
Storage Tanks

CISRA
Image courtesy: GoogleCISRA
Images
CISRA
Damage Contours of Mexico
100m
Sphere
Fragments
200m
300m
Bullets
Phillips Disaster, Texas
 The facility produced high-density polyethylene (HDPE), a
plastic material used to make milk bottles and other
containers.
 The Houston Chemical Complex (HCC) facility employed
905 company employees and approximately 600 daily
contract employees, who were engaged primarily in
regular maintenance activities and new plant construction.
 The incident started at approximately 1:00 PM local time
on October 23, 1989, at Pasadena, Texas. A massive and
devastating explosion and fire ripped through the Phillips
HCC, killing 23 persons and injuring 314.
 The explosion affected all facilities within the complex,
causing $715.5 million worth of damage plus an
additional business disruption loss estimated at $700
million.
 The initial explosion was equivalent to an earthquake

registering 3.5 on the Richter Scale and threw debris as
far away as six miles.
 The accident resulted from a release of extremely
flammable process gases that occurred during regular
maintenance operations on one of the plant's
polyethylene reactors.
 More than 85,000 pounds of highly flammable gases
were released through an open valve. A vapor cloud
formed and traveled rapidly through the polyethylene
plant. Within 90-120 seconds, the vapor cloud came into
contact with an ignition source and exploded with the
force of 2.4 tons of TNT.
Phillips Disaster, 1989

SAFETY
ISO 14000 ENVIRONMENTAL
MANAGEMENT SYSTEM
Table of Contents
1. Basic Concepts of Environmental Management………..……1
2. ISO 14000 Family of Standards ……………………….…………2
3. Benefits of Implementing ISO 14000 EMS………….………….3
4. Keys to Success in Implementing ISO 14000 EMS…………..6
5. Gap Analysis……………………………………………….……….9
1 BASIC CONCEPTS OF ENVIRONMENTAL MANAGEMENT
Basic Concepts of Environmental Management
Man-made changes in the environment have continued through most historical epochs.
However, the last two centuries following the industrial revolution have witnessed
accelerated environmental changes due to the exploitation of natural resources on an
unprecedented scale. Extensive burning of fossil fuels, release of various chemical
pollutants into the air, the water and soil, clearing of forests for agriculture and extensive
exploitation of all natural resources are now threatening to destroy the very environment
on which human existence depends.
Fortunately, awareness of environmental problems is growing in most countries of the

world. It is felt by many people that to continue development patterns that cannot be
sustained in the long term is a recipe for disaster. Governments are now listening more to
the advice of environmentalists and increasingly enacting legislation aiming at protecting
the environment from the negative impacts of economic activities. However, the
enforcement of environmental legislation is proving to be difficult in most cases.
A new approach to environmental protection is now available thanks to the development

of new international standards on environmental management, in particular, ISO 14001.
This approach relies less on command-and-control dictates from the Government and
more on proactive efforts by all workers in the company.
The implementation of the environmental management system prescribed by ISO 14001

can lead to good compliance with environmental legislation and tangible, continual
improvement in the environmental performance of enterprises thanks to the commitment
and evolvement of top management and all workers. Widespread implementation of these
standards can go a long way toward improving the environmental performance of industry
and promoting sustainable development in the countries of the world.
2 ISO 14000 Family of Standards
ISO 14000 is a group of standards covering the following areas:
Environmental Management Systems (14001,14002, 14004)

Environmental Auditing (14010, 14011, 14012)
Evaluation of Environmental Performance (14031)
Environmental Labeling (14020, 14021, 14022, 14023, 14024, 14025)
Life-Cycle Assessment (14040, 14041,14042, 14043)
ISO 14001 is the only standard intended for registration by third parties. All the others are
for guidance. ISO 14001 is a management standard, it is not a performance or product
standard. The underlying purpose of ISO 14001 is that companies will improve their
environmental performance by implementing ISO 14001, but there are no standards for
performance or the level of improvement. It is a process for managing company activities
that impact the environment.
Some unique and important characteristics of ISO 14001 are:
It is comprehensive: all members of the Organization participate in environmental

protection, the environmental management system considers all stakeholders, and
there are processes to identify all environmental impacts.
It is proactive: it focuses on forward thinking and action instead of reacting to

command and control policies.
It is a systems approach: it stresses improving environmental protection by using a

single environmental management system across all functions of the Organization.
2
The Environmental Management System contains the following elements:
An environmental policy supported by top management.

Identification of environmental aspects and significant impacts.
Identification of legal and other requirements.
Environmental goals, objectives, and targets that support the policy.
An environmental management program.
Definition of roles, responsibilities, and authorities.
Training and awareness procedures.
Process for communication of the EMS to all interested parties.
Document and operational control procedures.
Procedures for emergency response.
Procedures for monitoring and measuring operations that can have a significant
impact on the environment.
Procedures to correct nonconformance.
Record management procedures.
A program for auditing and corrective action.
Procedures for management review.
3 Benefits of Implementing ISO 14000 EMS
Environmental Management Systems (EMS) are the foundation of the ISO 14000 group
of international environmental management standards. An EMS can be registered as
meeting the ISO 14001 EMS standard.
Since the ISO 14001 EMS includes everyone in the Organization and all aspects of the
Organization that affect the environment, it can improve an organization's environmental
performance in many ways. This improved performance comes at a cost to the
Organization, a cost that can be recovered by aggressively seeking benefits.
The benefits of an EMS and registration of the EMS to ISO 14000 are organized into the
following categories:
Increased Profits
Operations
Marketing
Regulatory Compliance
Social
3
The benefits gained in each category are briefly described below.
Increased Profits
Implementing ISO 14001 today can provide a basis for implementing the other
standards in the ISO 14000 series. This incremental approach can reduce overall
costs to implement ISO 14000 because of lessons learned in each phase.
The quantity of materials and energy required for manufacturing a product may be
reduced, thereby reducing the cost of the product, material handling costs, and waste
disposal costs.
Some companies have found that it costs more to run a compliance-driven system
than an EMS
An EMS can help reduce incidents of pollution and the associated expense of
recovery.
Recycling manufacturing waste and unused inputs could increase revenues.
Recycling need not be within the same facility, but with another one that can use the
waste as input to their production.
Employee health and safety can be improved, thereby improving productivity,
decreasing sick days, and reducing insurable risk.
Insurance claims may be reduced, thus reducing the costs of coverage and
settlements.
Meeting the standards of different countries can be expensive. ISO 14000 can reduce
this effort by providing one standard
Operations
The EMS standards can define "best practices" and create a foundation for the next
level of improvement.
An EMS integrated with all other business systems improves management's ability to
understand what is going on in their Organization, determine the effect on the
company, and provide leadership.
The standards build consensus throughout the world that a common terminology for
environmental management systems is needed.
A common terminology for all locations of a multinational Organization will increase
efficiency of communication and improve results. An EMS can identify instances of
redundancy in day-to-day efforts for regulatory compliance. These can be eliminated,
thus making the Organization more efficient. An EMS includes procedures and metrics
for measuring and evaluating wastes and the costs of environmental emissions. This
information can help organizations implement the best practices and determine their
results.
The environmental staff can help employees and management understand and use
environmental systems to improve organizational performance and benefits.
A management system can lead to more reliable and predictable environmental
performance, which can reduce or limit the severity of incidents. ISO 14000 requires a
common terminology, which improves the communication of goals, procedures,
impacts, and solutions.
4
Improved communications can mean greater efficiency in decision making. For
example, the severity of an environmental impact can increase with time, so an
efficient notification system can reduce the time it takes to respond, and thus the
impact, risk and liability to the Organization.
ISO 14000 provides feedback on the operations of the Organization that can be used
for daily action and to determine the appropriateness of pollution prevention
strategies. Problems that could be expensive to resolve and damaging to the
environment can be identified earlier.
Early management awareness of problems would offer the best opportunity for
efficient resolution.
Management awareness of environmental impacts provides the opportunity for
planning to reduce negative impacts. As ISO 14000 is accepted internationally,
organizations will need to meet only one standard, thus simplifying environmental
management.
A unified approach to environmental management provides the opportunity for sharing
ideas among facilities. This can increase the efficiency and benefits of an EMS.
Spreading environmental responsibility throughout the Organization places it with
those directly associated with environmental impacts and pollution prevention. This
improves the effectiveness and efficiency of pollution prevention programs
Marketing
When environmental risks are reduced, the company becomes a more attractive
investment to potential and current stockholders. Three factors contribute; corporate
environmental management, environmental performance, and environmental
communications. Establishing a strong environmental image can help attract
environmentally conscious customers and create pressure on competitors. This image
must be carefully marketed to receive these benefits.
Employees see ISO 14000 as good for their Organization and for them personally.
Companies can receive credit for existing systems and accomplishments.
Customers might favor companies with an EMS. These customers could be the
ultimate consumer or industrial customers.
As large, multinational manufacturers register to ISO 14000, they may favor suppliers
with ISO 14000 registration.
Community support for a facility could be increased by demonstrating concern for the
local environment through an EMS.
• Workers may be attracted to a company with a plan to protect the immediate work
environment and the surrounding community.
A company's products may appeal to customers seeking green products.
ISO 14000 registration demonstrates that the EMS meets international standards.
Since registration requires third party auditing, it validates the EMS and the claims
made by the Organization.
Regulatory Compliance
ISO 14000 requires evidence of working processes to maintain compliance with laws and
regulations. These processes can help companies identify where they are out of
5
compliance and take action. Regulators may favor organizations with a ISO 14000
registered EMS. Improved compliance with legislative and regulatory requirements could
reduce penalties and redemption costs. An ISO 14000 EMS demonstrates to regulatory
agencies that the organization is proactive about reducing pollution and committed to
continual improvement.
Social
ISO 14000 helps create:
A common language and way of thinking about environmental aspects which can help
companies, communities, governments, and organizations communicate and work
together.
Cleaner air, waters, and soils.
Longer resource life through reduced usage.
Progress toward a sustainable culture.
Less waste in land fills.
In conclusion: Protecting the environment by coming into compliance or, ideally, going
beyond compliance reduces waste and reduces costs and inefficiencies. It preserves
natural resources and reduces the cost of finding new and more resources. It makes
greater use of materials already purchased and reduces purchasing costs. It makes for
cleaner emissions and reduces the severity of spills, leaks, and other accidents. Reducing
these events reduces permitting costs, remediation costs, worker comp costs, insurance
costs, lawsuit costs and fines, and many other costs and fees. Protecting the environment
involves purchasing smaller amounts of materials or purchasing less toxic materials.
These choices improve worker safety and morale, leading to more productive workers.
Purchasing less hazardous materials reduces the need for and the costs associated with
the need for special equipment, special training, and specially designed storage areas.
These purchasing practices also reduce the cost of disposal. Protecting the environment
by going beyond compliance helps keep regulators and inspectors out of the plant.
4 Keys to Success in Implementing ISO 14000 EMS
How do you define success?
Is actual achievement of progress toward sustainability or an appearance that meets

public and "standards" requirements? Are you producing practical, measurable,
demonstrable results? Measurements include reducing the amount or severity of needed
permits, producing less waste, and reducing emissions. In the long run, pursuing
measurable, actual success provides real information for real decisions, which can result
in real savings.
6
The following are keys to success with ISO 14000 EMS:
Setting objectives, defining success, and determining how to measure success are
very important. As the saying goes, if you don't know where you are going, you can
end up anywhere. I
Targets and objectives: tying environmental effects to targets gives a company (and
the people who work there) something to work towards and be proud of when they
achieve their targets. It helps create "champions" who will do a great deal of work on
their own, without cattle prodding from the management. IS
In the policy statement, use words that can be audited and connect to significant
aspects and impacts. Words such as "not", "never", always, and " empowered" are
inappropriate
000
Middle management and operations employees can have important input to the value
of EMS and ISO 14000, but they may see it as an additional burden. So, look for ways
that it benefits them to gain their support and creative input.
Focus in the early stages on identifying win-win initiatives in order to reinforce and
deliver the bottom line opportunities for your Organization. Self-certification may be
the best first step for many companies.
When performing a preregistration audit or gap analysis, if there are many issues of
nonconformance, look at the next level up for the cause. I
The ISO 14000 EMS is a system where each part is related to and integrated with the
others. Environmental aspects, those elements of a company's activities, products, or
services that can interact with the environment, are the keys to the whole system.
Impacts, policy, objectives, training, emergency preparedness, procedures, and
documentation must all relate to the aspects.
10
Many companies are moving easily into ISO 14000 because they were already doing
many of the things it requires. So, even if a company is uncertain about its timing and
commitment for ISO 14000, it can identify those aspects of the standard that can
benefit it now and begin phasing them in over time. This "cherry picking" can bring
immediate benefits and the phased approach will minimize disruption. If the market or
regulators encourage registration, progress will be faster because of this foundation.
Setting high standards can help a company achieve more than it thought possible.
Many companies are setting a standard of "zero waste." This may not be realistic for
some. It is important that goals be a stretch and achievable. The bar can always be
raised later. Achievement of goals builds confidence and momentum.
An employee suggestion program is a good first step to getting people involved and
harnessing the power of local knowledge. Two things that can add to the power of this
7
program are giving employees the ability to implement their own suggestions and
rewarding them for their efforts. Follow-up is also important; give timely feedback. ISO
Companies can turn their wastes into profits when their wastes can be input to the
processes of other companies, and companies can reduce their materials costs when
they use the wastes of another company as their input. This requires coordination
among purchasing, product design, and waste management. ISO Communication by
top management is critical. The intent of the project, its benefits to company and
individual, the overall vision, and the plan for accomplishment must be clearly
communicated.
Potential problem areas that need consideration in implementing EMS includes:
According to SGS, an international certification Organization, the following have been the
major areas of nonconformance to the standard found in audits:
Establishing procedures for identifying environmental aspect (4.3.1),

Integrating the EMS into existing management system elements (4.4.1, 4.4.3, and
4.4.4),
Identifying appropriate operational controls (4.4.6), and procedures for identifying
problems and taking action to eliminate them (4.5.2).
Extra attention to these areas during EMS development and gap analysis can speed the
registration process.
The biggest challenge and opportunity for success is to change the way a company thinks
about the environment. It must be seen as a business issue: what benefits does the
environment bring to the company and its customers? This is a change from reactive,
command and control thinking. This change in thinking leads to protection of the sources
of business prosperity. ISO
There will be conflicts between environmental management and business operations.

Management must truly consider all sides with an eye to win-win solutions. Since most
people can sense when a "spin" is being given to a situation, rigorous honesty is required
in the communication of problems and solutions. ISO
Top management's commitment to ISO 14000 must include visible concern over
environmental issues and high standards for which people are held accountable. Most
important is the commitment of adequate financial, organizational, and technological
resources. If the "walk" doesn't match the "talk", credibility will be lost along with individual
effort and results.
4000
8
5 Gap Analysis
It is critical to compare the organization's existing environmental management systems, if

there is one - with the requirements of the standard (ISO 14001) to see where you start
the implementation process by filling the gap. To do so it is necessary to device a
questioner such as the statements given below that address the requirement of the
standard. By answering to each of the statements in number (0=none 1=some 2=about
half 3=most 4=all) to represent the degree your company has accomplished each
statement.
Statement 1: Environmental Policy
An environmental policy has been defined by top management that includes the following:
• It is appropriate for the nature, scale and environmental impacts of the company's
activities, products, and services.
• It includes a commitment to continual improvement in the prevention of pollution.
• It includes a commitment to comply with relevant environmental legislation,
regulations, and requirements.
• It provides a framework for setting and reviewing environmental objectives and
targets.
• It is documented, implemented, and maintained.
• It has been communicated to all employees.
• It is available to the public.
Statement 2: Environmental Aspects
• A procedure exists to identify environmental aspects and determine which have

significant impacts on the environment.
• Significant aspects are considered when setting environmental objectives.
• This information is kept up-to-date.
Statement 3: Legal and Other Requirements
• A procedure exists to identify and have access to legal and other requirements
pertaining to the environmental aspects.
Statement 4: Objectives and Targets
• These have been established at each relevant function and level.

• Legal and other requirements were considered in establishing them.
• Significant environmental impacts were considered in establishing them.
• Technological options were considered in establishing them.
• Financial, operational and business requirements were considered in
establishing them.
• The views of interested parties were considered in establishing them.
9
• They are consistent with the environmental policy.
Statement 5: Environmental Management Programs
An environmental management program for achieving objectives and targets has been
established and includes:
• Designation of responsibility for achieving objectives and targets at each relevant
function and level of the company.
• The means and time-frame for accomplishment.
• The program applies to new developments, new or modified activities, products,
and services.
Statement 6: Structure and Responsibility
• Roles, responsibilities, and authorities are defined, documented, and

communicated.
• Resources are provided that are essential to the implementation and operation of
the environmental management system.
• A specific management representative (one or more) has been appointed by top
management with defined roles, responsibility, and authority for:
• Establishing, implementing, and maintaining the EMS.
• Reporting on the performance of the EMS to top management.
Statement 7: Training, Awareness, and Competence
• Training needs are identified and all personnel whose work may create a
significant impact upon the environment have received appropriate training.
• Procedures are established and maintained to make appropriate employees aware
of:
• The importance of conformance with environmental policy and procedures
and the requirements of the EMS.
• The significant environmental impacts of their work activities and
environmental benefits of improved personal performance.
• Their roles and responsibilities in achieving: conformance with
environmental policy, procedures, and EMS.
• The potential consequences of departure from specified operating
procedures.
• Personnel performing tasks which can cause significant environmental impacts are
competent.
Statement 8: Communication
The company has established and maintains procedures for:

• Internal communications among levels and functions.
10
• Receiving, documenting, and responding to relevant communication from external
interested parties.
The company has considered processes for external communication on its significant
environmental aspects and recorded its decision.
Statement 9: EMS Documentation
• Information describing the core elements of the EMS and their interaction has
been established and maintained.
• Information providing directions to related documentation has been established
and maintained.
Statement 10: Document Control
A procedure has been established and maintained for controlling documents to ensure
that:
• They can be located.
• They are periodically reviewed, revised, and approved by authorized personnel.
• Current versions are available at all appropriate locations.
• Obsolete documents are promptly removed.
• Obsolete documents retained for preservation purposes are identified as such.
• Documents are legible, dated, readily identifiable, maintained, and retained.
• Procedures exist and are maintained for creation and modification of documents.
Statement 11: Emergency Preparedness and Response
• There are procedures for identifying the potential for and response to accidents
and emergency situations.
• There are procedures for preventing and mitigating the environmental impacts
that may be associated with emergencies.
• These are reviewed and revised as necessary.
• Procedures are periodically tested where practicable.
Statement 12: Monitoring and Measurement
• Procedures exist and are documented to regularly monitor and measure the key
characteristics of operations having a significant impact on the environment.
• This includes recording information to track performance, relevant operations
controls, and conformance with objectives and targets.
• Monitoring equipment is calibrated and maintained and records of the process
retained.
• A procedure exists for periodically evaluating compliance with legislation and
regulations.
11
Statement 13: Nonconformance and Corrective and Preventive Action
• Procedures exist and are maintained for defining responsibility and authority for
handling and investigating nonconformance and taking appropriate action.
• Corrective or preventive action is appropriate.
• Changes in procedures resulting from corrective and preventive action are
documented.
Statement 14: Records
• Procedures are established and maintained for the identification, maintenance,

and disposition of environmental records. These include training and audit results.
• Records are legible, identifiable, and traceable to the activity, product, or service
involved.
• Records are easily retrievable and protected from damage, deterioration, or loss.
• Retention times are established and recorded.
• Records demonstrate conformance to the standard.
Statement 14: EMS Audit
• A program and procedures for periodic EMS audits is established and

maintained.
• The audits determine:
• Whether the EMS conforms to the ISO 14001 standard.
• Whether it has been properly implemented and maintained.
• The program provides information on the results of audits to management.
• Procedures cover the audit scope, frequency, and methods, and responsibilities
and requirements for conducting audits and reporting results.
Statement 15: Management Review
• Top management regularly reviews the EMS to ensure its suitability, adequacy,
and effectiveness. The review is documented.
• Information necessary for management to do this is collected.
• The review shall consider the need for changes to policy, objectives, and other
elements of the EMS resulting from audit results, changing conditions, and the
commitment to continual improvement.
12
Unit 7: Environmental Management System Standards
Lecture 7
Environmental Management
System Standards
STRUCTURE
Overview
Learning Objectives
7.1 Environmental Management Systems (EMS)
7.1.1 Core elements o f EMS
7.1.2 Benefits of EMS
7.1.3 Certification body assessments of EMS
7.1.4 Documentation for EMS
7.2 EMS Standards: ISO 14000
7.2.1 Evolution
7.2.2 Princip les and structure
7.2.3 ISO 14000 supporting systems
7.2.4 EMS spec ification standards: ISO 14001
7.3 Implementation of EMS Conforming to ISO 14001
7.4 Benefits of Imp lementing ISO 14001: An Ind ian
Scenario
7.5 OHSAS 18001 and its comparison with ISO 14001 and
ISO 9001
7.6 BS 18004:2008
Summary
Suggested Readings
Model Answers to Learning Activities
OVERVIEW
In Unit 5, we discussed how to plan and conduct various types of

environmental audits and then in Unit 6, we explained how to use
life cycle assessment (LCA) as a tool for minimisation of
environmental impacts associated with manufacturing processes
and products. However, use of these tools assumes that an
environmental manager is someone external to the industry,
studying the system with an objective that the industry complies
311
Environment Management
with the regulations and, on the basis of which, recommends

measures for implementation. Establishing an organisational
system conforming to environmental management system (EMS)
standards, however, represent a paradigm shift away from the
traditional approach based on command and control regulations,
which set levels for pollutants. EMS standards focus on
management practices, which help companies assess the level of
their efficiency in meeting their environmental responsibilities. In
other words, EMS is more of a foundation or template for
environmental performance, allowing companies to put systems in
place to address environmental concerns on many levels, and
motivating, "to go beyond compliance". It also helps manage
pollutants in unison as a whole, rather than in isolation.
Against this backdrop, in Unit 7, we will discuss the concept of

EMS. We will also introduce you to EMS standards ISO 14000
and ISO 14001.
LEARNING OBJECTIVES
After completing this Unit, you should be able to:
explain the benefits of establishing EMS;
plan the process for establishing EMS;
discuss ISO 14000 and ISO 14001;
work as a co-ordinator for getting ISO certification for your

organisation.
7.1 ENVIRONMENTAL MANAGEMENT SYSTEMS

(EMS)
312
The growing public interest in environmental issues and concern

for environmental quality has led to the emergence of strict
pollution control regimes. This has brought about the development
and implementation of various voluntary schemes and standards
for environmental management and pollution control. Notable
examples are BS 7750, the European Union’s Eco-Management
and Audit Scheme (EMAS) and the ISO 14000 series. In this
context, putting in place systems to meet with these standards
assume significance. An environmental management system
(EMS) of an organisation is a system designed to:
meet the regulatory and legislative system requirements;
improve the control of the environmental impact;
provide confidence to the customers that the products and

services are manufactured with the aim of reducing the
negative impact on the environment;
suitably accommodate changing market trends and gain

competitive edge;
reduce the costs associated with environmental liabilities and

insurance;
gain public and media support.
EMS involves preparing a list of all environmental legislation,

making a register of all environmental effects associated with the
company’s activities, setting targets (such as reducing waste
production by a quantifiable amount), keeping appropriate records
and undertaking regular reviews of the system. The whole system,
in essence, forms the basis for sound environmental performance.
Most EMSs are built on the notational model illustrated in Figure

7.1. This ‘plan-do-check-act’ model leads to continuous
313
improvement based upon:

(http://www.epa.gov/ems/info/index.htm)
planning, including identifying environmental aspects and

establishing goals (plan);
implementing, including training and operational controls (do);
checking, including monitoring and corrective action (check);
reviewing, including progress reviews and acting to

incorporate required changes in the EMS (act).
Figure 7.1
The Plan – Do – Check – Act Model
PLAN
ACT DO
CHECK
To reiterate, this model ensures that environmental matters are

systematically identified, controlled and monitored. It also helps
ensure that performance of the EMS is improved over time.
7.1.1 Core elements of EMS
There is no single best approach to the development and

implementation of EMS, since it depends on the nature, size and
complexity of the activities, products and services within the
organisation. All environmental management systems, however,
314
have a number of core elements in common and these include the

following:
Environmental policy: An environmental policy is usually

published as a written statement, expressing the commitment
of the senior management to improving appropriate
environmental performance. It is most often understood as a
public statement of the intentions and principles of action for
the organisation regarding the environment. The policy
statement should define the broad environmental goals the
organisation has decided to achieve. These are most clear if
they are quantified, e.g., to reduce emissions of pollutants by
95% within 5 years, to provide sewerage and biological
treatment of sludge for 60% of the population within 3 years,
etc.
Environment action plan: An environment programme or

action plan describes the measures the organisation will take
over the coming year(s). The action plan essentially translates
the environmental policies of the organisation into objectives
and targets and identifies the activities to achieve them,
defines responsibilities and commits the necessary human and
financial resources for implementation. This includes
committing the necessary funds and staff to meet each goal
and providing for monitoring and co-ordination of the progress
made towards achieving these separate goals and the overall
policy goals that have to be fulfilled.
Environment related organisational structures: The

structures establish assignments, delegate authority and
assign responsibility for actions. In the case of organisations
with multiple sites or different activities, structures for the
organisation as a whole as well as for the separate operating
units are necessary. The senior staff member responsible for
the environment, typically, has a direct reporting relationship to
315
the head of the organisation. Individuals holding strategic or

main environmental responsibilities should be adequately
supported with human and financial resources.
Integration of environmental concerns: The integration of

environmental management into regular operation means the
establishment of procedures for incorporating environmental
measures into other operational aspects such as the
protection of workers, purchasing, R&D, product development
and acquisitions, marketing, finance, etc., in the case of
companies and the safety, health and welfare of the
community in the case of a local government. This
encompasses the development of specific environmental
procedures, usually detailed in operating manuals and other
operating instructions describing measures and actions to take
in the implementation of the environmental programme or
action plan.
Figure 7.2 gives a schematic representation of these core

elements:
316
Figure 7.2
EMS Model
Because of the cyclic nature of the model, EMS is very dynamic in

that a change or revision in any of the core elements of the
system will have a chain/cascading effect on other elements.
317
Note that while there are several EMS models available, the
model presented in Figure 7.2 uses the standards set by ISO
14001 as a starting point for describing EMS elements. This is so,
mainly, due to the fact that:
ISO 14001 is a widely accepted international standard for EMS
that focuses on continual improvement.
Companies may be asked to demonstrate conformance with

ISO 14001 as a condition of doing business in some markets.
7.1.2 Benefits of EMS
A number of benefits are associated with adoption of EMS. For

example, insurance companies are beginning to exclude pollution
incidents from their insurance cover, and when they are included,
the insurance companies place a surcharge on the policies. In
order to improve or reduce any increases in the insurance
premiums, companies can carry out an environmental audit and
implement a EMS.
From a managerial point of view, a EMS enables a company to

develop and maintain a well-organised management structure that
ensures compliance with environmental legislation. By keeping the
working place cleaner and safer, and the production more
efficient, staff interest can be aroused and morale improved.
Another incentive is the potential financial gains, which can be
achieved. Reducing wastes and emissions and improving their
treatment helps many companies to save a considerable sum of
money in the long term. Adopting a EMS will also facilitate trade,
as major trading blocs are more likely to accept members with a
certain level of environmental performance. In other words, the
benefits of a EMS include:
Improved environmental performance.
Enhanced compliance.
318
Prevention of pollution/resource conservation.
New customers/markets.
Increased efficiency/reduced costs.
Enhanced employee morale.
Enhanced image with public, regulators, lenders, investors.
Employee awareness of environmental issues and

responsibilities.
7.1.3 Certification body assessments of EMS
To be certified, an organisation has to demonstrate that the EMS

functions and the various control mechanisms are properly
operational. In practice, this means that the EMS has been
operational for a minimum of 3 months, the internal audit system
is fully operational and that one management review has been
conducted (Tech Monitor, Vol. 12. No. 5 Sept-Oct 1995).
Based on the following conditions, certificates are issued:
Non-conformities identified have been addressed and

eliminated.
The certification body has justified confidence that all

provisions in the EMS standard have been met, and, in
particular, that provision for compliance with the organisation’s
policy and objectives is effective.
The principle of continuous improvement of environmental

performance has been stated within an environmental
programme and is being adhered to play in the EMS.
All key staff (i.e., those involved in managing significant

effects) have undergone a training need analysis and have
received training.
319
Regulatory compliance
An organisation with a certified EMS has a system that should

achieve continuing compliance with regulatory requirements
applicable to the environmental aspects of its activities, products
and services. The certification body confirms that a system
designed to achieve the necessary compliance is operating
effectively. In situations where authorities issue licenses or
permits, it will often be a requirement that the organisation notifies
the authority of any breaches. The certification body should
ensure that the organisation’s EMS records any infringement of
regulations and that the appropriate corrective action has been
taken.
An organisation with a certified EMS is responsible for continuing

compliance with all the regulatory requirements and, therefore,
must maintain a record of incidents of non-compliance and the
remedial action.
Surveillance audits
At each surveillance, the certification body should pay attention to

the following:
the effectiveness of the EMS with regard to achieving the

objectives of the organisation’s environmental policy;
an interview with management responsible for the EMS;
the functioning of procedures for notifying the authorities of

any breaches;
progress of planned activities aimed at continuous

improvement of environmental performance, where applicable;
320
follow up conclusions resulting from internal audits;
action taken on non-conformities identified during the previous

audit.
The certification body should be able to adapt its surveillance

programme to the environmental issues related to the activities of
the organisation and justify this arrangement. The surveillance
audit of the certification body should be agreed with the
organisation, taking into account the internal audit programme and
the reliability that can be attributed to this work.
7.1.4 Documentation for EMS
While data relates to fact, information refers to a series of data

analysed to provide a decision. Information is an answer to a
question. All information comes from data, but not all data come
from information (Tech Monitor, Vol. 12. No. 5 Sept-Oct 1995). In
other words, executives making decisions often receive excessive
amounts of data, but they do not always get the information they
need, presented clearly and adequately for use in decision-
making.
Decisions are usually related to solving problems. In order to solve

a problem, one needs information to decide. A EMS, therefore,
requires a proper documentation system in order to collect,
analyse, register and retrieve information.
The documentation should describe the EMS and make clear the
relationship to any other management system in operation within
the organisation, or as having an influence on the operations of
the entity, subject to certification. It is acceptable to combine the
documentation for environmental and other management systems
(such as for quality of health and safety), as long as the EMS can
be clearly identified, together with the appropriate interfaces
321
between different EMS documentations and the order of

precedence.
Environmental effects may have been considered within safety

reviews, hazard and operability studies and risk/consequence
analysis, etc. In such cases, the EMS documentation should refer
to the critical areas where significant effects are covered by other
management systems. The EMS documentation should be
available to all appropriate staff and should be kept up-to-date.
Environmental management manual
A key EMS document is a company’s environment manual. This is

a document that establishes the general policy of a company on
this issue. It usually contains an environmental policy and a clear
statement on the person who is in charge of verification of
activities in the organisational structure pertaining to the
maintenance of the environmental system. It lays down how each
requirement of the policy will be handled in the organisation and
includes a list of all procedures.
The manual also contains a description of the system, which was

or is being implemented. There are considerable benefits in
preparing a manual:
clarifies responsibilities;
is useful for audit purposes;
can be highly effective for training of new employees;
makes easier the process of obtaining approval of licenses

from protection agencies;
is useful for marketing purposes.
322
The highest executive in the company must sign the document. It

should contain the vision of the organisation about environment
and its commitment to continuous improvement. The document
should detail targets to be reached and explain how they will be
reached, with what resources and under whose responsibility. The
company must also realise that it is necessary to measure results
in order to evaluate how correctly the policy is being applied. The
company should, therefore, have a programme for achieving its
objectives and targets.
To prepare the manual, it is necessary first to identify all

mandatory regulations, standards and codes to be complied with.
In addition, the company needs to identify other requirements,
such as headquarters’ policies, top management’s strategic vision,
market demands, etc.
The discussions that we have had so far provide you with a basic
knowledge of EMS. Now, we will next discuss the importance of
ISO 14000 and its supporting systems. Before we do so, let us
first do Learning Activity 7.1.
323
LEARNING ACTIVITY 7.1

Can you predict the advantages of EMS over an environmental audit as an
environmental management tool?
Note:
a) Write your answer in the space given below.
b) Check your answer with the one given at the end of this Unit.
7.2 EMS STANDARD: ISO 14000 SERIES
Companies throughout the world have begun to understand the

requirements of an environmental management system (EMS) as
well as the benefits such a system can provide. However, given
the nature of company dynamics, changes to business priorities,
personnel and work patterns, it is imperative to introduce a proper
management system which maintains the focus on environmental
improvement through the changing landscape of corporate
activity. It is against this background that ISO 14000 Series are
324
being developed and implemented. In Subsections 7.2.1 to 7.2.3,

we will discuss the various aspects of ISO 14000 series.
7.2.1 Evolution
The International Organisation for Standardisation (ISO) was

formed in 1947 and has since become the premier international
standards organisation. Since its inception, ISO’s mission has
been to promote worldwide standardisation in order to facilitate
international commerce. The organisation began by developing
international agreements and in 1951 published its first standard,
Standard Reference Temperature for Industrial Length
Measurement. Since that time, ISO has developed more than
9,000 standards for a variety of subjects ranging from screw
threads and fasteners to high-tech clean rooms. ISO also
developed the widely used quality management system (QMS)
standards, i.e., the ISO 9000 series. The ISO standards are
published for voluntary acceptance, but they are often
incorporated into national standards of individual countries.
The membership of ISO includes over 100 countries. Each

Member Country is represented by one standards organisation.
For example, the American National Standards Institute (ANSI)
represent the U.S and Great Britain by the British Standards
Institute (BSI).
ISO considers the following three key principles in developing

international standards:
(i) Consensus: The views of all interested parties are taken

into account, including manufacturers, vendors, consumer
groups, testing laboratories, governments, engineering
professionals and research organisations.
325
(ii) Industry-wide applicability: The goal is to draft standards

that satisfy industries and customers worldwide (ISO has no
authority to impose its standards on any government or
organisation).
(iii) Voluntary nature: All of the international standards

developed are voluntary. Thus, their acceptance by industry
is market-driven and based on voluntary involvement of all
interests in the marketplace.
A review of historical developments reveals that standardisation

on a worldwide basis was accelerated with quality and occurred
generally independent of environmental management. Attempts to
standardise quality requirements were made by many
organisations. However, it wasn’t until the 1990s that a significant
level of agreement was reached.
In 1990, Business Charter for Sustainable Development (BCSD),

an organisation of fifty business leaders with interest in
environment and development issues, was created for
environment protection with the premise that economic
development can take place only in a healthy environment. Partly
in response to the proliferation of differing environmental
standards, such as EMAS worldwide, the ISO formed a Strategic
Action Group on the Environment (SAGE) in 1991.The purpose of
SAGE was to investigate the usefulness of drafting international
standards for environmental management. SAGE focused its
attention on the following three areas:
(i) Promoting a common worldwide approach to environmental

management in business and industry.
326
(ii) Increasing the ability of incentives for organisations to

measure and attain improvements in environmental
performance.
(iii) Facilitating world trade and removing potential environmental

trade barriers.
As a result of the findings of SAGE, the ISO formed Technical

Committee 207 (TC 207) in 1993. TC 207 became responsible for
drafting the ISO 14000 series of standards. At early meetings of
TC 207, more than thirty countries and 200 representatives
expressed a desire to develop new EMS standards. TC 207 itself
had members representing some sixty-nine countries and was
divided into six sub-committees. These members included
representatives from various industries, standards organisations,
governments, environmental organisations, and other interest
groups.
For some, the motivation for the development of these standards

was due to the fear that the increased number of inconsistent
national and regional EMS standards would create trade barriers.
There was also the concern that the EMAS programme already in
practice in Europe would influence the ISO 14000 standards to
make them comparable to EMAS. This concern was in part fueled
by the fact that the ISO 14000 standards were being developed in
conjunction with CEN, i.e., the European standards-setting body.
In fact, the ISO set the standards drafting timetable at 30 months,
in part because CEN had agreed to accept ISO 14000, if they
were finalised quickly enough. There were also fears that the
standards were a reflection of European not American technology.
Nevertheless, the standards were developed with each
participating member having equal say in the process.
327
A sub-committee of TC 207 prepared the draft EMS Standard,

based on BS 7750. It was presented at the Earth Summit in Rio
de Janeiro, and the draft of the standard was agreed in Oslo (June
1995).
7.2.2 Principles and structure
The aim of the ISO 14000 series of standards is to help

organisations implement and improve their EMS.
Some of the principles governing ISO 14000 series are (Tech

Monitor, Vol. 12. No. 5 Sept-Oct 1995):
(i) Understand all activities and processes being undertaken by

the organisation.
(ii) Identify potential aspects associated with the activities of the

unit at all stages and determine their impact on the
environment.
(iii) Determine processes/procedures/operation steps that can

be controlled to eliminate or minimise the likelihood of an
occurrence of the adverse impact.
(iv) Identify the regulatory requirements relating to them and

establish target level and tolerances, which must be met to
ensure that operations affecting the environment are under
control.
(v) Establish a monitoring mechanism to ensure control of these

aspects.
(vi) Establish corrective actions to be taken when monitoring

indicates that a particular aspect is not under control.
328
(vii) Establish a system of emergency preparation and for

meeting such exigencies.
(viii) Establish procedures for verification to confirm that the

environmental management system is working effectively in
compliance with regulations and recording continuous
improvement.
(ix) Establish documentation concerning all procedures and

records appropriate to these principles and their application.
Given the importance of the stakes involved and the generic

nature of the international requirements covered, high
expectations have been placed on the ISO 14000 series
standards (Tech Monitor, Vol.12. No. 5 Sept-Oct 1995). The
standards can be classified into the following two categories
based on their focus:
(i) Organisation or process standards: These include

environmental management system (EMS), environmental
auditing (EA) and environmental performance evaluation
(EPE).
(ii) Product-oriented standards: These include life-cycle

assessment (LCA), environmental labelling (EL) and
environmental aspects in product standards (EAPS).
329
LEARNING ACTIVITY 7.2

List the basic principles of ISO standards.
Note:
a) Write your answer in the space given below.
b) Check your answer with the one given at the end of this Unit.
The ISO 14000 series standards are of two types, and these are:
(i) Normative standards: These indicate the requirements

that must be met and can be audited for certification.
(ii) Informative standards: These provide guidance and the

requirements need not be audited for certification.
In the 14000 series of standards, ISO 14001, (i.e., Environmental

Management Systems-specification with guidance for use) is the
only normative standard and all other standards are informative
standards intended to support the implementation of EMS.
As regards the structure of the Series, ISO 14001, i.e., the

requirements for EMS, forms the nucleus, and in the first orbit is
ISO 14004, i.e., the guideline standard. (Note that we will discuss
ISO 14001 standards in detail in Section 7.3.) The other
330
standards in the series are supporting systems as shown in Figure

7.3.
Figure 7.3
Structure of ISO Series and Inter-relationships
7.2.3 Supporting systems
The supporting systems of ISO 14000 consist of ISO 14010, ISO

14020, ISO 14030, ISO 14040, ISO 14050 and ISO 14060.
(TechMonitor, Vol. 15 No. 5 Sept-Oct 1998). In what follows in
this Subsection, we will discuss some of these supporting
systems.
Consider Table 7.1, which gives a list of 150 14000 Series

standards with their respective publication dates.
Table 7.1
ISO 14000 Series Standards
ISO No. Title of International Publication

Standard/Guideline/Technical Date
Report
ISO 14001 Environmental management September
331

Report
systems – Specification with 1996
guidance for use.
ISO 14004 Environmental management September
systems – General guidelines on 1996
principles, systems and supporting
techniques.
ISO/AWI Revision of ISO 14004:1996. To be
14004 determined
ISO 14010 Guidelines for environmental October
auditing – General principles. 1996
auditing - Audit procedures – 1996
Auditing of environmental
management systems.
auditing – Qualification criteria for
1996
environmental auditors. Corrected
and reprinted
October
1998
ISO 14015 Environmental management – November
Environmental assessment of sites 2001
and organisations (EASO).
ISO/DIS Guidelines for quality and/or July
19011 environmental management 2001
systems auditing.
ISO 14020 Environmental labels and September
2nd Edition declarations – General principles. 2000
ISO 14020: Draft amendment 1 to ISO December
1998/DAM1 14020:1998. 1998
ISO 14021 Environmental labels and September
declarations - Self-declared 1999
environmental claims (Type II
environmental labelling).
ISO 14024 Environmental labels and April
declarations - Type I environmental 1999
labelling – Principles and
procedures.
ISO/TR Environmental labels and March
14025 declarations – Type III 2000
environmental declarations.
ISO 14031 Environmental management – November
Environmental performance 1999
evaluation – Guidelines.
ISO/TR Environmental management – 1999
14032 Examples of environmental
performance evaluation.
332

Report
ISO 14040 Environmental management – Life June
cycle assessment – Principles and 1997
framework.
ISO 14041 Environmental management – Life October
cycle assessment – Goal and 1998
scope definition and inventory
analysis.
ISO 14042 Environmental management – Life March
cycle assessment – Life cycle 2000
impact assessment.
ISO 14043 Environmental management – Life March
cycle assessment – Life cycle 2000
interpretation.
ISO/WD Environmental management – Life 1999
TR 14047 cycle assessment – Examples of
application of ISO 14042.
ISO/CD Environmental management – Life 1999
TR 14048 cycle assessment – Life cycle
assessment data documentation
format.
ISO/TR Environmental management – Life March
14049 cycle assessment – Examples of 2000
application of ISO 14041 to goal
and scope definition and inventory
analysis.
ISO 14050 Environmental management – May 1998
Vocabulary.
ISO 14050: Draft amendment 1 to ISO December
1998/DAM1 14050:1998. 1999
ISO/TR Information to assist forestry December
14061 organisations in the use of 1998
Environmental Management
System standards ISO 14001 and
ISO 14004.
ISO/AWI Guidelines for integrating To be
14062 environmental aspects into product determined
development.
ISO Guide Guide for the inclusion of March
64 environmental aspects in product 1997
standards.
333
Environmental auditing (ISO 14010, ISO 14011 and ISO 14012)
An environmental audit is defined as the systematic documented

verification process of objectively obtaining and evaluating audit
evidence to determine whether specified environmental activities,
processes, conditions, management systems, or information about
these matters conform with audit criteria, and communicating the
results of this process to the clients. The guiding principles of
environmental audits include:
basing the audit on defined objectives and drawing inferences

based on analysis, interpretation and documentation of
appropriate information;
utilising an audit team that is independent of the activities they

audit and utilising an auditor who meets the specifics of
qualification criteria;
exercising of due professional care by the auditor to maintain

confidentiality and adequate quality assurance;
using appropriate procedures for an objective audit;
developing audit criteria, evidence and findings;
ensuring that the process provides a desired level of

confidence in the reliability of the audit findings and
conclusions;
providing an adequate report of findings.
Note that while ISO 14010 provides guidance on general

principles for conducting environmental audits, ISO 14011
elaborates on the framework for the conduct of audit in order to
ascertain if the organisation is doing what it says it will do and
whether the EMS conforms to ISO 14001. ISO 14012 provides
guidance on auditor qualification criteria, including education,
334
training, work experience, personal attributes and skills,

maintenance of competence and due diligence.
Environmental labelling standards (ISO 14020)
ISO 14020 is based on a voluntary environmental labelling

standard that requires a third party verification and is designed to
reduce burdens arising from diverse multiple labelling. Existing
eco-labelling schemes, based on government initiatives, aim at
influencing customer decisions to select environmentally friendly
products, but they lack the application of uniform criteria. These
are, therefore, difficult to comply with and are potential trade
barriers. The coverage of ISO 14020 is broad and includes goods
or services for consumer, commercial and industrial purposes.
The guiding principles and practices for third-party environmental

labelling programmes include the following:
Standard and criteria applicable for environmental labels must

be developed through a consensus process, and the
programme must be voluntary.
A product can be considered for environmental regulations of

the country in which it is manufactured and marketed.
Environmental labelling programmers should be selective and

should distinguish leading product alternatives.
The product criteria developed by the certification agency

should be periodically reviewed to account for new
developments and technologies.
The process should be transparent with regard to criteria,

certification and award procedures. The criteria should be
revised periodically and clearly demonstrate that the funding
sources for the programme do not create conflicts of interest
or undue influence.
335
The labelling programme should use scientific and

reproducible methodologies to assess the environmental
impacts of products.
Labelling programmes should be accessible, objective and

affordable.
The requirements for awarding a label are divided into general

rules that apply to all products and applications, and specific
product criteria that set requirements for each product category.
The specific product criteria are the only criteria that may be
considered as a basis for awarding the label. The certification
agency awards the label when satisfied that the applicant has
complied with the specific product criteria for the category. It
maintains a publicly available list of products currently licensed to
carry the label.
After the label has been awarded, it is the responsibility of the

certification agency to take all necessary steps to ensure ongoing
compliance with the product criteria. The certification agency will
require the licensee to take corrective action, if monitoring
indicates that compliance is not being maintained.
Environmental performance standards (ISO 14030)
The environmental performance evaluation (EPE) is an important

ongoing internal management process. It uses environmental
indicators to compare an organisation’s past and present
environmental performance with it’s environmental objectives,
targets or other intended levels of environmental performance.
This process helps management to measure, analyse, assess,
report and communicate an organisation’s environmental
performance over time and to determine necessary actions.
336
The environmental performance evaluation standard is based on

Edward Deming’s PDCA cycle, i.e., Plan (P), Do (D), Check (C)
and Act (A). Planning a EPE involves considering management
priorities and selecting environmental indicators before evaluating
environmental performance (D) and reviewing and improving EPE
(C). The EPE process involves actions taken (A) to improve the
systems, operations, processes and environmental performance.
Note that we discussed the PDCA cycle in Section 7.1 (see Figure
7.1).
EPE standards provide guidelines on identification and selection

of environmental indicators. There are two types of environmental
indicators, and these are:
(i) Environmental performance indicators (EPI): These

include the following:
the people, practices and producers at all levels of the

organisation;
the design, operation and maintenance of, supply to, and

delivery from, an organisation’s facilities and equipment;
the materials, energy, products, services, waste and

emissions related to the organisation’s operations and
activities.
(ii) Environmental condition indicators (ECI): These are

used to describe the conditions of the environment in relation
to the organisation.
Life cycle assessment (ISO 14040)
ISO 14040 provides guidelines for incorporating life cycle

assessment (LCA) into environmental management programmes
(recall that in Unit 6 we discussed LCA in detail). An LCA is
337
defined as a compilation and evaluation of the inputs, outputs and

the potential environmental impacts of a product system
throughout its life cycle. It is, thus, a systematic set of procedures
for compiling and examining the inputs and outputs of materials
and energy and the associated environmental impacts directly
attributable to the functioning of a product or service system
throughout its life cycle from the acquisition of raw materials
through final disposal. An LCA is done in order to get the whole
picture of the environmental impacts throughout the lifetime of
products and services. In other words, an LCA provides
significantly more information than does evaluating the impact
from the manufacturing process alone. It also provides a
systematic way to evaluate the costs and benefits associated with
products or service changes at various points in the life cycle.
ISO 14040 covers the following three phases of LCA:
establishing the goals and the scope of the assessment;
conducting inventory analysis.
conducting impact and improvement assessment.
The goals of the LCA study should include the reasons for
carrying out the study, the intended applications, the intended
audience, the initial data, quality objectives and the type of critical
review that will be conducted for the LCA. The scope should
include background information for the product or service being
evaluated, boundaries of the study, method of impact assessment,
data requirements, assumptions and limitations of the study.
Environmental terms and definitions (ISO 14050)
The successful operation of the environmental management

system requires a correct understanding of the meaning of terms
used by all stakeholders in a similar manner. Put differently,
338
communication is important in implementation and in the operation

of the environmental management system. This communication
will be most effective, if there is a common understanding of the
terms used. Many environmental terms and definitions are the
result of a recently developed process. The gradual evolution of
these environmental concepts invariably means that
environmental terminology will continue to develop.
Environmental aspect in product standard (ISO 14060)
The environmental impacts of products are receiving more

attention worldwide. They are, therefore, being addressed in the
product standards prepared by the international, regional and
national standard bodies. ISO 14060 provides general guidelines
that should be taken into account when developing standards to
reduce environmental effects associated without sacrificing the
intended performance of the product or service. While
recognising the complexity of identifying and establishing
environmental effects from products and services throughout their
life cycles, ISO 14060 provides that environmental effects should
be balanced against factors that include product function,
performance, safety and health, cost, marketability and quality.
The guide also recognises that environmental provisions in
product standards must be reviewed and changed to reflect
innovation and technology, but not so frequently that innovation,
productivity and environmental improvements are jeopardised.
The provisions of a product standard should be no more stringent
than necessary to avoid excessive or inefficient material or energy
use.
The environmental provisions in product standards can

incorporate considerations including material and energy inputs;
wastes and emissions; impacts from transportation, packaging,
339

Ilovepdf Merged

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ilovepdf Merged

Uploaded by

Copyright:

Available Formats

Lecture 2

Safety Practices in Chemical and

Dr. Raghuram Chetty

Murphy’s Law: “If there are two or more ways to do

 Significant technological advances have been made in

 The word “safety” used to mean the older strategy of

 More recently “safety” has been replaced by loss

A successful safety program requires several elements:

Image courtesy: Google Images

 A hazard is any source of

Image courtesy: Google Images

 Risk is the chance or

 Danger: Relative exposure to

Workplace Hazard Example of Hazard Example of Harm Caused

Workplace hazards also include practices or conditions that

 Risk is the chance or probability that a person will be

 Whereas, hazard refers to lung cancer, heart disease,

 Hazard information is usually provided on the label in

 Hazards are related to the properties (or activity) of the

 Further information is found in the suppliers catalogue

Examples of safe work

Flammable and Keep away from heat,

Store away from oxidizers.

Make sure fire

Hazard Class Class Hazards Examples of safe work

Oxidizing May cause fire if in contact Use only the minimum

Corrosive material Use corrosion-resistant

Poisonous materials Use appropriate control

 Very toxic (T+)

 A chemical hazard label is a

 The blue section denotes

Ammonia (anhydrous) Mercury, chlorine, calcium hypochlorite, iodine, bromine, HF

Carbon tetrachloride Diborane, fluorine, sodium

Dimethyl sulfoxide Perchloric acid, silver fluoride, potassium permanganate, acetylchloride,

Oxalic acid Silver, mercury

Potassium permanganate Glycerol, ethylene glycol, benzaldehyde, sulfuric acid

Sodium Carbon tetrachloride, carbon dioxide, water

Sulfuric acid Potassium chlorate, potassium perchlorate, potassium permanganate

Image courtesy: Google Images

 Irritation to eyes, throats, difficulty in breathing, etc.

Fires are identified according to one or more fire

Each class designates the fuel involved in the fire,

American European Australian/Asian Fuel/Heat source

Class K Class F Class F Cooking oil or fat

B Liquid fuels Solvents, oil, gasoline

C Electrical Fuse boxes, motors

Combustible Sodium, potassium,

K Cooking Media Oils, fats

India - Classification of fires as per ISI 2190/1979

Class 'A' Fires

India - Classification of fires as per ISI 2190/1979

Image courtesy: Google Images

 Dry chemical extinguishers can be quite corrosive to

 CO2 (carbon dioxide) extinguishers are for class B and C

 Metal/Sand Extinguishers are for flammable metals (class

 OSHA, created within the Department of Labor, U.S.

 The OSH Act intends to prevent injury or illness among

 International Labour Organization (since 1919) has

 In today's globalized economy, international labour

 The ILO Constitution sets forth the principle that workers

In India the first Factories Act was basically designed to protect

 The following have held to be a factory:

 Employer to ensure health of workers pertaining to