QUANTITATIVE RISK ASSESSMENT: A CASE STUDY

OF POLYMERIZATION REACTOR

A DISSERTATION
Submitted in partial fulfillment of the
requirements for the award of the degree
of
MASTER OF TECHNOLOGY
in
CHEMICAL ENGINEERING
(With Specialization in Industrialr'Safety, and Hazards Management)

AHLUWALIA ATUL SHRIKRISHNA

of TccH,,jo~
49

DEPARTMENT OF CHEMICAL ENGINEERING

INDIAN INSTITUTE OF TECHNOLOGY ROORKEE
ROORKEE - 247 667 (INDIA)
JUNE, 2007
 CANDIDATE'S DECLARATION

I hereby declare that the work which is being presented in this dissertation titled
"QUANTITATIVE RISK ASSESSMENT: A CASE STUDY OF POLYMERIZATION
REACTOR", in partial fulfillment of the requirements for the award of the degree of
Master of technology in Chemical Engineering with specialization in "Industrial Safety
and Hazards Management", and submitted to the Department of Chemical Engineering,
Indian Institute of Technology, Roorkee, is an authentic record of the work carried out by
me during the period from June 2006 to June 2007, under the guidance of Prof. I.M
Mishra. The matter embodied in this work has not been submitted for the award of any
other degree.

Date: -06-a0 o4

Place: IIT, Roorkee (Atul luwalia)

CERTIFICATE

This is to certify that the above statement made by the candidate is correct to the best of
my knowledge.

Prof. I.M Mishra

Department of Chemical Engineering,
Indian Institute of Technology, Roorkee

i
 ACKNOWLEDGEMENT

I am greatly indebted to my guide Prof. I.M Mishra for his guidance and support during
the entire course of the work without which this dissertation would not have been
possible.

I would like to thank Dr. Shri Chand, Head of the Department and Chairman, DRC, for
providing various facilities during the course of my work.

A special thanks to Dr. B. Prasad who has constantly encouraged me throughout the
course of my work.

I would like to thank Mr VK Bhargav, Mr P.0 Rath, Mr Satya Prakash Singh, Mr Sachin
Malave, Mr R R Biyani, Ms Shweta Nim for all the help extended to me during my case
study.

I sincerely acknowledge the support and guidance of my parents for their encouragement
and moral support.

I also thank my friends for their help and support all along the course of my work.

(Atul Ahluwalia)

11
 ABSTRACT

Chemicals have become a part of our life for sustaining many of our day-to-day
activities. Polymers and plastics, especially polyethylene, polypropylene, polyvinyl
chloride, polyethylene terephthalate, polystyrene and polycarbonate comprise about 80%
of the Chemical process industry's (CPI's) output worldwide. The magnitude and the
diversification of the types of risk have increased concurrently with industrial
development. At the same time, the threshold of risk acceptability of the population has
decreased. In response to the above preoccupation, CPI and regulatory agencies have
developed various methodologies and tools for risk analysis and assessment.

In this report a comprehensive literature review along with a general risk assessment
methodology is presented. As a case study a Vinyl chloride monomer (VCM)
polymerization reactor which produces Poly-vinyl chloride (PVC) has been considered to
assess the risks involved. The PVC plant is located on the western coast of India and uses
BF Goodrich (Now Oxy Vinyl) technology. Qualitative as well as quantitative studies are
carried out. Dow's Fire and Explosion Index has been calculated. A brief hazard and
operability study (HAZOP) for the reactor along with a complete QRA for the worst case
scenario as obtained from qualitative studies has been done. This includes a fault tree
analysis (FTA) for finding minimal cut sets and the probability of the top event.

Layer of protection analysis has been carried out for the reactor taking into account
various categories of hazardous scenarios. The concept of independent protection layer
(IPL) is explained and it is shown that a plant that may be safe but many a time it is only
after a combination of independent and non independent protection layers. Individual risk
contours have been plotted. The F-A curve is drawn and values like fatal accident rate
and average death rate are calculated. For the case study it can be seen that risk targets
are met overall but in some scenarios independent layer protection may alone not be
enough. Finally a methodology which suggests simultaneous use of FTA and LOPA is
suggested which may reduce resource usage and overcome drawbacks of traditional QRA
in many cases.

iii


CONTENTS

Candidate's declaration...................................................... i
Acknowledgement..............................................:............. u
Abstract.........................................................................
Contents................ . . . . . ••• • • •• • iv
Listof figures................................. ........................•..•... vi
Abbreviations. .. . . .. . ..................... . . ........ ..................

Chapter 1 Introduction 01
1.1 The Concept of Risk and Risk Assessment ..................... 03
1.2 Acceptable risk ...................................................... 04
1.3 Safety aspects of industrial polymerisation ..................... 05
1.4 Aim and Objectives .............. .................... 07

Chapter 2 Literature Review 08

2.1 Conclusions from literature review.... ............................. 26

Chapter 3 A General Risk Assessment Methodology 27

Chapter 4 Definition of Problem 32

Chapter 5 Results and Discussion 37

5.1 Preliminary studies .................................................. 37
5.2 Qualitative studies ................................................... 40
5.3 Fault tree analysis ................................................... 43
5.4 Layer of protection analysis ....................................... 45
5.5 Consequence analysis ............................................... 52
5.6 Summary of results .................................................. 67

iv


CONTENTS

Chapter 6 LOPA Streamlined FTA For Efficient QRA 70

Chapter 7 Conclusion 73

References 75

Appendix I Site map 80

Hazardous Materials Used in Plant and Their

Appendix II 82
Properties

Appendix III Dow's Fire and Explosion Index 84

Appendix IV Brief HAZOP Study 86

Appendix V Basic Event Probabilities and MCS 92

Appendix VI LOPA Sheets 97

Appendix VII Consequence Categorization for LOPA 103

V
 LIST OF FIGURES AND TABLES

Figure/ Page
Title
Table No. no.
Fig 2.1 Batch plant setup ............................................................... 12

Table 3.1 Summary of literature review ............................................. 20

Fig 3.1 General Steps of Risk Assessment ....................................... 29

Fig 3.2 A Typical Risk Matrix.......... ............................................ 31

Fig 4.1 Manufacture of PVC ......................................................... 33

Fig 4.2 A simplified PID of the polymerization reactor ........................ 36

Fig 5.1 Year wise distribution of accidents per year in the plant ............... 37

Table 5.1 General classification of the type of accidents taking place in the
plant........................................................................... 3 8
Fig 5.2 Various types of accidents in the plant from 1999 to 2005 .............. 39

Table 5.2 Summary of hazards and Risks from qualitative studies ............. 41

Table 5.3 Significant cut sets ........................................................ 44

Fig 5.3a Simplified Fault tree ....................................:...... .......... Plate I

Fig 5.3b Simplified fault tree ......................................................... Plate II

vi
 LIST OF FIGURES AND TABLES

Figure/ Page
Title
Table No. no.
Fig 5.4 Various Layers of Protection ............................................. 48

Fig 5.5 Protection Layer and Independent Protection Layer .................. 50

Table 5.4 LOPA summary ............................................................ 51

Table 5.5 Distance required to reach 4 % LFL (40000 ppm) under various
conditions using Gaussian models ....................................... 55
Table 5.6 Distance required to reach 100000 ppm under various conditions
using Gaussian models .................................................... 55
Table 5.7 Distance required to reach 10000 ppm under various conditions
using Gaussian models .................................................... 56
Table 5.8 Distance required to reach 1000 ppm under various conditions
using Gaussian models .................................................... 56
Fig 5.5 Time vs Distance for various concentrations using Gaussian
dispersion............................................. .................... 57
Fig 5.6 Isopleth according to Pasquill Gifford Model for 100000
ppm.......................................................................... 57
Fig 5.7 Isopleth according to Pasquill- Gifford Model for 10000 58
Ppm............... ........................................................

Fig 5.8 Isopleth according to Pasquill Gifford Model for 5000 ppm........ 58

Fig 5.9 Isopleth according to Pasquill Gifford Model for 1000 ppm........ 59

vii
 LIST OF FIGURES AND TABLES

Figure/ Title Page no.

Table No.
Fig 5.10 Isopleths for various concentrations of puffs ........................... 60

Table 5.9 Overpressure ,Time of arrival of shock wave and Damage .......... 61

Fig 5.10 Distance vs Overpressure ................................................. 62

Table 5.10 Range for a 25 % fragment at various lift to Drag Ratios ............. 63

Table 5.11 Range for 10 kg and 100 kg fragments at various lift to Drag 64
Ratios....................................................................... .

Fig 5.12 Risk Contours showing individual risk ................................. 68

Fig 5.13 The F-A Curve showing Societal Risk ................................. 69

Fig 6.1 Simplified fault tree after FTA + LOPA ............................... Plate III

Fig A.2.1 Plant Site ...................................................................... 84

Fig A.2.2 Site location relative to populated areas ..:............................ 85

viii
 ABBREVIATIONS' USED

Acronym Full title

BDK Benzyl dimethyl Ketal

CCPS Center for Chemical Process Safety of the
American Institute of Chemical Engineers

CPI Chemical process industry

CRA Comparative risk assessment

ETA Event Tree Analysis

FMEA Failure mode and effect analysis

FTA Fault tree analysis

HAZOP Hazard and operability study

HSE Health, Safety and Environment

HSE Health and Safety Executive

HTA Hierarchical task analysis

IPL Independent Protection Layer

LEL Lower explosive limit

LOPA Layer of Protection Analysis

LOPA Layer of Protection analysis

OSHA Occupational safety and health

administration
PHA Preliminary hazard analysis

PrHA Process hazards Analysis

PVC Poly Vinyl Chloride

VCM Vinyl Chloride Monomer

ix
 CHAPTER I

INTRODUCTION
CHAPTER 1
INTRODUCTION

Chemicals have become a part of our life for sustaining many of our day-to-day
activities. The chemical industry comprises the companies that produce industrial
chemicals. Polymers and plastics, especially polyethylene, polypropylene, polyvinyl
chloride, polyethylene terephthalate, polystyrene and polycarbonate comprise about 80%
of the industry's output worldwide (McCoy, 2006). Chemicals are used to make a wide
variety of consumer goods, as well as inputs to agriculture, manufacturing, construction,
and service sectors. However some of these chemicals have hazardous physio-chemical
and thermal properties and their manufacturing processes are carried out under severe
conditions from point- of view of safety. These chemicals therefore pose a danger to
human life, environment and property.

Industrial development has bought in its wake a high level of risk and at the same time,
the threshold of risk acceptability of the population has decreased. Large chemical
companies may own and operate facilities, containing an enormous number of pressure
vessels, operating equipments like pumps, compressors, valves, and a maze of piping.
Complex modern chemical plants which operate at optimal levels, also pose major
challenges for the systematic analysis and assessment of the various, process hazards and
risks. Usually, larger the plant capacity, greater the number of hazards.

Chemical plants are often operated at extreme of pressures and temperatures to achieve
optimal performance, making them more vulnerable to equipment failures. Unwanted
chemical reactions are especially dangerous if a toxic release or a sudden release of
energy occurs. Control mechanisms are mostly digitized but even a small failure can
potentially cause monstrous disasters. The consequences to humans, environment and
equipment of such failures and atmospheric releases are unimaginable. It is therefore
necessary to have multi-layered protection measures and mitigative measures for disaster
management.

1
The way chemical industry has looked at safety has undergone a sea of change in recent
times especially after Bhopal gas tragedy in 1984. Safety studies in chemical industry
did exist in pre Bhopal era, for example Cave (1974) whose work on risk assessment
methods for vapor-cloud explosions included identification of potential sources of
hazard, determination of consequence distance relationships for internal explosions, toxic
and explosive releases, estimation of accident probabilities using the Failure Effects and
Modes (F.E.M.) analysis and discussion on acceptance of risk. It was concluded that the
methods then used by the industry to assess the consequences of vapor-cloud explosions
were of an empirical nature and to carry out a detailed risk assessment in which the
complete spectrum of possible initiating events and possible consequences , were
considered using existing practices, would have been extremely expensive and time-
consuming. He suggested a development of a more fundamental approach in order to
improve the accuracy of assessment of the hazard to the public.

Earlier studies were based mainly with an aim of preventing equipment failures. How
ever with betterment of technology and realization that industry was a low frequency
high impact accident industry scope of risk assessment was widened to cover risks
hazards to the workers and property in and around the plant. This led to risk assessment
becoming a powerful tool in loss prevention

Risk assessment is a very useful tool in analyzing the systems and proposing cost
effective mitigation measures thus making industries safer and more reliable. There is no
single way of assessing risks as there is no single way to conduct any of the steps such as
identification, hierarchisation and analysis which constitute risk assessment. Broadly on
basis of the way the constituent steps are performed risk assessment can either be
qualitative and the other quantitative. And further each can be deterministic, probabilistic
or a combination of two. The most widely used is quantitative risk analysis which is
probabilistic in nature. Quantitative methods allow one to have an idea of risk one is
exposed to and helps industry to compare their results with other activities and justify
their actions. Since a number or a probability is assigned decision making becomes a lot
less subjective. Risk assessment and its management are becoming increasingly

2
important to the process industry to meet its process safety objectives. The practice of
risk assessment has steadily increased in prominence during the past several decades as
risk managers in government and industry have sought to develop more effective ways to
meet public demands for a safer and healthier environment (Slovic, 1987).

1.1 The concept of risk and risk assessment

The evolution of risk is closely related to the evolution of science of probability. In his
book "Against the Odds", Bernstein (1996) describes how thinking about risk evolved
over the period because of changes in mathematical numbering systems, an
understanding of the statistical basis of probability, and the rise in popularity of
gambling. Money and financial interests drove early thinking on the topic of risk.
Industrial development fuelled the concern about safety of the industry itself and the
environment around it.

Risk in present day life is defined in many diverse ways. Risk in general is defined as
probability of loss from a hazard. Simply put it is a measure of potential economic loss,
human injury, or environmental damage (cost) in terms of the probability of occurrence
of a particular event in industry.

According to USEPA in context to human health it is defined as "The probability of

adverse effects resulting from exposure to an environmental agent or mixture of agents"..
According to IEC 61508 (Redmill, 1998) risk is a combination of the probability of
occurrence of harm and the severity of that harm. Occupational safety and health
administration (OSHA) defines risk as the probability of hazard resulting in an accident
(Crowl and Louvar 1999).

Mathematically risk is defined by the given formula (Crowl and Louvar ,1999; Lees,
1996)

Risk = E probability of event x consequence of event (1.1)

3
For chemical process industries (CPI) risk assessment can be defined as the identification
and quantification of the risk resulting from a specific use or occurrence of a chemical or
the process, taking into account the possible harmful effects on individual people or
society of using the chemical in the amount and manner proposed and all the possible
routes of exposure.

A risk with a large potential loss but with a low probability of occurrence must be treated
differently than one with a low potential loss but a high likelihood of occurring. In theory
both are of nearly equal priority in dealing with first, but in practice it can be very
difficult to manage such an event when faced with the scarcity of resources, especially
time in which to respond , in which to conduct the risk mitigation and management
process.

Risk assessment includes both risk estimation (identifying hazards and estimating their
outcomes and probabilities) and risk evaluation (determining the significance or value of
risks to those concerned with or affected by the decision). Risk estimation is about
contexts, and risk evaluation about the effect on people. Since complete elimination of
risks associated with a process not possible acceptable risk probability is the key for
designing processes and plants. This puts the onus on the management to decide what
acceptable probability of risk level shall be the decision making factor.

1.2 Acceptable Risk

There is no such thing as zero risk in CPI. The design basis is often ALARP, which
stands for `As Low As Reasonably Practicable', and is a term often used in the milieu of
safety-critical and high-integrity systems.

The ALARP principle is that the residual risk shall be as low as reasonably practicable. It
means that a risk is low enough that attempting to make it lower would actually be more
costly than any cost likely to come from the risk itself. This is called a tolerable risk.
Risk reduction involves cost which increases exponentially with the reduction measures
implemented and thus, infinite time, effort and money will be required to reduce a risk to

n
zero. It should not be understood as simply a quantitative measure of benefit against
detriment. It is more to do with evolving a 'best common practice of judgment of the
balance of risk and societal benefit.

A major factor that comes into the ALARP principle, is the cost of assessing the
improvement gained in an attempted risk reduction. In extremely complex systems, this
can be very high, and could be the limiting factor in practicability of risk reduction (Lees,
1996).

1.3 Safety Aspects of Industrial Polymerisation

Polymerisation is an important and widely used unit process. Various components of
industrial polymerization processes need a careful safety analysis through out their life
cycle. Polymerization reactor design is very complex. It has to integrate the reactor with
controls, cooling devices, pressure relief systems, fire and explosion prevention and toxic
release prevention systems.

There is always a possibility for runaway of reactions. These uncontrolled reactions

cannot be stopped by merely turning off the feeds. Precautions should be taken to assure
that the mixture of gases and vapors in this space is not explosive, particularly during
preparation for start-up. Otherwise, potential ignition sources, such as worn agitator
bearings, pyrophoric catalyst residues, or condensed and reacting monomer may cause
temperature rise, combustion, overpressure leading to explosion.

The flow of inert gas must be carefully controlled. If it is excessive, asphyxiant gas
possibly accompanied by toxic vapors may be ejected from the port and into the
environment. The control systems provide an optimum environment of temperature,
pressure, flow, level, and reactant ratio for the production of the desired materials. Close
control of these parameters may be .essential to safe operation (particularly explosion
prevention).

5
At higher temperatures, runaway reaction and dangerous pressures may be attained.
Because production rates and product quality are frequently improved by increasing
temperature, good controls are essential. Controls and emergency-control systems must
be carefully examined to ensure that failure of any one component will not cause loss of
control and simultaneously defeat alarms or interfere with override circuits or interlock
systems (common mode failure). All components should be calibrated and tested at fre-
quent intervals. A good maintenance and house-keeping schedule needs to be designed
and rigorously implemented. Catalysts are frequently characterized by instability and
toxicity. Unstable or pyrophoric catalysts typically are dissolved or suspended in a stable
liquid or solvent. Special packaging may reduce personnel exposures to materials fed to
batch reactors manually or mechanically, and closed-loop transfer systems may be
needed for continuous-feed reactors. The atmosphere over catalyst solutions may need
close control, if oxygen affects stability (Kroschwitz et al., 1998).

Most of the polymerization reactions are exothermic. Runaway reactions may occur if the
rate of heat removal by cooling is lower than the rate of heat generation through
polymerization. The reactor control systems terminate operation and stop polymerization
at conditions outside the normal range of operation. Inadequate cooling can occur
through fouling or coating of heat-transfer surfaces on internal coils or the inside walls of
external jackets, or by failure of the cooling medium or of agitation. Control of losses in
cooling capability, from fouling or coating, can be aided by frequent inspection of
surfaces. Product handling from polymerization reactors may create mechanical,
chemical, and hot-surface hazards. Releases of toxic or flammable materials can create
hazards to nearby employees or the general population.

The final product of polymerization processes is usually in the form of pellets, powder, or
flakes, although some products are handled molten state or as slurries or solutions. The
polymer is fabricated into industrial or consumer products by mixing, blending,
compounding, and molding in a wide variety of equipment. These operations may be
accompanied by hazards of moving equipment, hot surfaces, electrical shock, and fire
and explosion (Kroschwitz et al., 1998).
Kao and Hu (2001) have described the destructive consequences of accidents in polymer
manufacturing (acrylic resin) plants situated in the northern part of Taiwan. More than
100 people were injured and in total 46 plants including 16 high-tech companies nearby
were severely damaged. The immediate cause turned out to be a vapor cloud explosion
and the blast mass was estimated to be equivalent to 1000 kg of TNT. However, the
origin was found to be in the 6 ton reactor, where a runaway reaction between methyl
acrylate, methyl alcohol, acrylonitrile, isopropyl alcohol, acrylic acid, methacrylic acid,
and benzoyl peroxide occurred. Various other references of accidents in polymerization
plants are available Chiba (1973), Fukuoka (1996), Ibaragi (1999), etc.

1.4 Aim and objectives

India has a large number of petrochemical and polymer manufacturing plants. It is,
therefore, desirable to critically analyze the risks that are to be associated with such
plants and to assess the loss due to likely accidents. With this background, the following
aims and objectives have been set for the present work:
• To present a comprehensive literature review on risk assessment in CPI.
• To assess the risk posed by a polymerisation plant with focus on the
•a
polymerisation reactor.
• To carry out a Layer of Protection Analysis (LOPA) for the polymerisation
reactor.
• Critically examine the results obtained and suggest risk reduction measures if
needed.
• To identify the shortcomings in the methodologies used and suggest
improvements and alternatives.
• To present recommendations based on the results obtained and conclusions drawn

7
 CHAPTER 2

LITERATURE REVIEW
CHAPTER 2
LITERATURE RIVIEW

Bhopal gas tragedy (1984) which was preceded by Flixborough (1974), Beek (1975) and
shortly followed by Mexico (1984) (Lees, 1996) shook the CPI and forced it towards a
massive revamp with focus on safety and loss prevention. With increasing public concern
and awareness and government pressure risk reduction gained prominence. This led to
development of techniques and extensive studies about hazards and risk posed by the CPI
Some of the early studies on quantitative methods such as Rasmussen (1974), Gibson
(1976) , Kaplan and Garrick (1981) , Cornell (1987) , etc. laid the foundation for further
studies on risk assessment

Kharbanda and Stallworthy (1989) discussed planning for emergencies and showed how
risk assessment was paramount in planning for emergency situations in process plants.
Also they emphasized that safety was everyone's business and not only management's
headache. Further, they discussed on subjectivity of risk perception and suggested ways
to plan for emergencies using . risk analysis and assessment and involving company
management, operators, local authorities and the community.

Lave (1990) discussed the importance of risk assessment to quantify the benefits of
solutions being given for environmental problems in order to make them effective and
efficient and also to meet statutory regulations. He presented Risk assessment as a means
of finding what the most important issues were and which uncertainties have to be
analyzed and resolved. It was concluded that though a powerful tool the methods of risk
assessment and analysis were still in infancy and highly uncertain.

He predicted that the greatest progress would result not from somewhat arbitrary
characterizations of the risks of compounds, but from greater understanding that serves to
reduce uncertainty and make the risk assessment methods more powerful.
Ziegler (1992) presented chemical risk assessment as a tool for disaster prevention and
also stressed on presence of database of hazardous materials and assessment of risks by
them as an important step in risk assessment process.

Demichela et al. (2004) analyzed ethylene oxide plant and showed explicitly the links
between risk assessment and safety management systems. They selected a process of
synthesis of poly-addition of ethylene oxide (gas phase) with phenol and used fault tree
analyses of hazards due to reactor failure, accumulation, etc. The quantitative solutions of
fault tree are shown in the study.

For example results for the Top Event (TB) "Reactor collapse" of the polymerization
reactor under consideration they showed:
number of minimal cut sets (MCS): 18
• unavailability of TOP event, QTOP: 2.56 x 10-8

They suggest the procedures belonging to the operational control section and suggest
measures to be taken, e.g.:
• Critical safety devices: All the critical devices must be identified. Their functions
must be checked and there must be clearly defined their maintenance intervals.
Obviously maintenance operations must be reported.
• Maintenance: For assuring development, updating and use of maintenance
practices and standards in order to perform an effective maintenance, according to
the major accident prevention policy.
• Equipment inspection: This group of procedures has the aim of assuring the
preparation and periodical updating of equipment inspection planning.

The paper has shown, with a practical application, how the hazard identification and
evaluation section of the Safety Management System (SMS) in a major risk installation
are the sizing criteria for the whole SMS, with its procedures.

I
Arendt (1990) discussed growing concern about the risk of major chemical accidents. It
was pointed out that as new process technologies are developed and deployed, less of the
historical experience base remained pertinent to safety assurance giving example of space
industry and novel processes in CPI. Focus was on differentiating it from other methods
which were deterministic where as quantitative risk assessment (QRA) for CPI was
mainly probabilistic in nature. Further there is a discussion on risk management and risk
perspective. A number of misconceptions relating to data acquisition, accuracy, etc. were
discussed. It is concluded that QRA is an important tool for the CPI and when used
judiciously, the advantages of QRA can outweigh the associated problems and costs.

Kirchsteiger (1999) discussed the characteristic features and differences of the two main
types of risk analysis techniques used to estimate the risks to man and the environment
from engineered constructions: probabilistic and deterministic methodologies. A
comparison of the methods along with advantages, shortfalls and examples is presented.
According to him in a deterministic risk assessment of a plant the capabilities of the
safety systems within the existing design would be compared with the overall safety
goals of the plant (reactivity control, adequate reactor cooling, and proper mixing of
reactants). Such deterministic prescriptions on the systems' design can be characterized
as pre-defined rules whose fulfillment provides sufficient confidence that the safety goals
are met. Thus, it is assumed that the risk related behavior of the plant can sufficiently
well be described by showing compliance with these rules in a "checklist format" based
on "yes" and "no" answers. The analysis results in the determination of divergences of
the design and system states in the plant compared with the requirements set in the
current regulations. The final result is a "safe" or "not safe" statement specific for a plant.
Whereas the probabilistic approach results in numbers, i.e. probabilities of undesired
consequences (e.g. rupture due overpressure, thermal runaway, etc.), and can thus be used
as an input to decision-making concerning safety improving measures in the plant as well
as cross-comparison of the safety performance with other technologies achieving the
same goal . The generation of probability numbers for undesired plant states is based on
the results of an extensive research process for failure possibilities in the behavior of the
system under investigation and its components. The conclusion reached is that it is the

10
type of ideas one has on problems of risk that determines their character and thus the
approach to analyze them and the ideas are mainly determined by the data that are
available. If there are many events of the same type in the observable physical reality
"available", we can get sufficient information from the observations on them to consider
a particular event of interest as being generated by a deterministic "mechanism". If there
are too few observations for us to construct a deterministic model, we will resort to
assuming a random "mechanism" behind and treat the analysis of the event with
probabilistic methods. Each probabilistic approach to risk analysis involves deterministic
arguments; each deterministic approach includes quantitative arguments which decide
how the likelihood of events is going to be addressed. Probabilistic approaches seem to
be more cost-effective and the results are, at least in principle, easier to communicate to
decision-makers and the public.

Demichela et al. (2003) described a case study in which (QRA) was used as the
background for lay-out modifications to improve the reliability, and thus the productivity,
of a batch plant for distilling the production residues of a photo initiator for ecological
paints. QRA identified the plant's critical features. The case study included a plant setup
in 1980's which suffered an abnormal series of breakdowns and the loss of production
due to unscheduled maintenance operations. In view of the intrinsic dangers involved, a
(QRA) was undertaken to determine the quality and priority of the measures required.

The plant was divided into four sub-systems:

1. Reactor
2. Vacuum pump
3. Solvent condensation and handling
4. Storage

11
 ;ttlers

Subsystem 1 Subsystem 2 Subsystem 3 Subsystem 4

Fig 2.1 Batch Plant setup

The analysis, however, was confined to sub-system 3 "Solvent condensation and

handling" and sub-system 4 "Storage". Sub-system 1 was omitted because examination
of the past breakdowns showed that reactor and associated devices were very reliable.
Sub-system 2 was omitted for the opposite reason. The fact that as many as twenty-three
unwanted stoppages of the vacuum pump had occurred in the past six months much
greater than that indicated by the probability data in the literature and hence made it
desirable to redesign the plant rather than rely on maintenance operations. A number of
changes like installation of an integrated system to indicate and control the flow of
cooling water into condensers, installation of a duplicated low level alarm, Replacement
of valves with a lower failure rate and alteration of the solvent flow route. However,
companies should resist the indiscriminate use of QRA as a means to solve all problems
since this strategy could waste safety improvement resources, diverting attention from
other essential safety activities.

12
However, QRA has some severe limitations and studies such as those of Gruhn (1991),
Lipton et al. (1992), Epstien and Rauzy (2005), etc. highlighted presence of uncertainty
of probabilistic data used for QRA and various other pitfalls in the process of QRA.

Tweedale (2002) suggests maintaining a balance between quantitative and qualitative

methods since only a part of risk can be quantified accurately enough for acceptance and
they themselves may depend on unquantifiable factors.

This does not mean that existing QRA studies based on Fault and Event-Trees must be
discarded. It only emphasizes QRA be judiciously used often in conjunction with
qualitative techniques.

Similar observations have been made by Apostolakis (2004) who discussed the use of
(QRA) in decision making with respect to the safety of complex technological systems.
He compared the insights gained by QRA with those from traditional safety methods and
argued that the two approaches complement each other. The importance of review is an
essential part of the QRA process was underlined along with the importance of risk-
informed rather than risk-based decision making. Engineering insights derived from
QRA's are always used in combination with traditional safety requirements and it is in
this context that they should be reviewed and critiqued. Examples from applications in
nuclear power, space systems, and an incinerator of chemical agents are given to
demonstrate the practical benefits of QRA.

Researchers continuously stress on the fact that maintenance and reference of accident
databases is crucial in risk management. Meel et al. (2007) stated the usefulness of
accident databases like NRC, RMP, and others which contain records of incidents (e.g.,
releases and spills) that have occurred in the chemical plants of USA during recent years.
Similar efforts are required made in all countries. Classical statistical approaches are
ineffective for low frequency, high consequence events because of their rarity. Given this
information limitation, they recommend theories to forecast incident frequencies, their
relevant causes, equipment involved, and their consequences, in specific chemical plants.

13
Systematic analyses of the databases also help to avoid future accidents, thereby reducing
the risk.

Early (2006) discussed the recent implementation of a database management system at a

chemical plant and chronicled the improvements accomplished through the introduction
of a customized system. The programming techniques although a bit complex and
cumbersome, allow practitioners familiar with the workflow to model the workflow in
software. This is a major change from the historical systems where the software designers
had no knowledge of the workflow requirements.

Moosemiller (2006) described use of failure rate data and the need to be cautious in their
interpretation as they exhibit a number of pitfalls.. He quantifying the risks of releases of
hazardous materials depends heavily on data acquisition. He lamented that inadequate
effort has been made to assess the frequency side of the "risk equation" has been very,
with inconsistent or non-existent definitions of "failure", mixing of incompatible data,
application of data from one industry to a completely different industry, and a host of
other problems.

QRA is a lengthy process involving a number of resources. Many simplifications have

been suggested over the period. One of the powerful methodologies is Layer of protection
analysis. Layers of protection analysis (LOPA) is a semi-quantitative methodology that
can be used to identify safeguards that meet the independent protection layer (IPL)
criteria established by Centre of chemical Process Safety (CCPS) of American Institute of
Chemical engineers (AIChE) (CCPS,1993).

Summers (2004) provided an excellent introduction of LOPA in his paper titled

"Introduction to Layer of Protection Analysis". A (LOPA) is a powerful analytical tool
for assessing the adequacy of protection layers used to mitigate process risk. LOPA
builds upon well-known process hazards analysis techniques, applying semi-quantitative
measures to the evaluation of the frequency of potential incidents and the probability of
failure of the protection layers. It is an engineering tool used to ensure that process risk is
successfully mitigated to an acceptable level. LOPA is a rational, defensible methodology

14
that allows a rapid, cost effective means for identifying the IPL's that lower the
frequency and/or the consequence of specific hazardous incidents. LOPA can be used at
any point in the lifecycle of a project or process. For existing processes, LOPA should be
used during or after the HAZOP review or revalidation. LOPA is typically applied after a
qualitative hazard analysis has been completed, which provides the LOPA team with a
listing of hazard scenarios with associated consequence description and potential
safeguards for consideration.

Variations of LOPA have been devised for hazard and scenario specific studies reent
example being exLOPA for explosion risk assessment.

Markowski (2007) proposed explosion layer of protection analysis (exLOPA), which

allows for semi-quantitative explosion risk assessment for process plants where explosive
atmospheres occur. He presented the application of Layer of Protection Analysis, called
exLOPA, for fast realization of the statutory directives concerning risk assessment„of
workers employed in potentially explosive atmospheres. The simplified method, which
may be considered as semi-quantitative, takes into account some typical factors
appropriate for explosion, like the probability that an explosive atmosphere will occur,
the probability that sources of ignition will be present and become effective, as well as
the probability of failure on demand of appropriate explosion prevention and mitigation
means. The exLOPA is applied to particular explosion scenarios. The hazardous area
classification scheme which identifies location where a flammable atmosphere can exist
on the process plant is extended to determine the likelihood of explosive atmospheres,
and an expert's opinion is taken to select the existing ignition source. The reliability of
layers of protection as a barrier to prevent undesired explosion event and protect workers
is also taken into account. The proposed methodology allows for a fast estimation of the
risk of explosion to workers employed in hazardous explosive atmospheres.

As has been seen risk assessment is a collection of methodologies. It consists of various

steps which can be executed in a number of ways. Guidelines like those from CCPS,
OSHA, British HSE, etc. are present and these too set only minimum requirements giving

15
considerable freedom as to how risk assessment can be performed. Hence a number of
variations have cropped up over the years with different researches suggesting tweaking
of different steps to suit a particular context.

Khan & Abbasi (2001) suggested a technique which they called Optimum risk analysis
(ORA) and applied it on a chemical plant sulfolane manufacturing unit and enumerated
the advantages of this technique. ORA aims to identify and assess hazards and to estimate
the risk factors due to any mishap/accident in the chemical process industry. The ORA
framework enables modeling of probable accidents based on the chemical and process
characteristics, evaluation of mode of occurrence of these accidents, estimation of
detailed consequences and finally prediction of risk factors. This has normal steps like
risk identification, ranking, estimation and assessment. After assessing the risks to
sulfolane unit under consideration, the authors made a number of suggestions like instead
of one or two large-capacity vessels, smaller capacity vessels should be used for storage,
adequate space should be kept between the storage vessels and buffers provided between
them so that adverse consequences of failure in one of them do not cause second or
higher order; a thorough emergency preparedness strategy should always be kept in
operation, fortified by periodic drills or `dry runs' so that the damage is contained if an
accident does occur. They opined that the methodology optimal risk analysis is swift, less
expensive to implement, less time-consuming, and is as (or possibly more) accurate and
precise in comparison with methodologies.

In the last two decades there has been a dramatic increase of human contribution to
accident development, reaching as high as 70%-80%, independently of the technological
domain of application. There are two main reasons for such an increase, namely:
• The very high reliability and refinement of mechanical and electronic
components; and
• The complexity of the system and the role assigned to human operator in the
control loop

16
Realisation of this has also led to various changes and additions in the way a risk
assessment is performed. Various modules like task analysis, Hierarchal task analysis,
Technique for human error prediction (THERP), Systematic human error reduction and
prediction (SHERPA), etc. have been developed.

Cacciabue (2000) focused on the consideration of human factors in risk analysis and
discussed the methods and techniques that can be applied for human reliability analysis.
Automation of plant operations and the application of new control design principles have
greatly reduced the role of operators, who have progressively become supervisors of
automatically performed procedures and decision makers in the context of shared
management processes. This implies that cognitive functions and organizational factors
affect risk analysis much more than behavioral and physical performances. Another
crucial issue he discusses is of human reliability assessment concerns the dynamic nature
of human–machine interaction.

Risk assessment methodology has a number of variations and the guidelines prescribed
make it a little confusing. Since the aim of all regulations and guidelines is the same
namely to understand, reduce and mitigate risks to humans, property and environment
various efforts are being made suggest a unified approach.

Kirchsteiger (2005) discussed one such effort made by the European Commission's Joint
Research Centre (JRC), and especially its Nuclear Safety Unit and the Technological
Risks Unit. From various discussions of risk assessment practices across different
industries and countries, he concluded that there are many similarities in risk assessment
at a generic technical level. The process of risk-based decision making can be broken
down into a few basic steps, a sequence which could—although there are differences in
terminology—widely be accepted across industries. However, the fulfillment of each
step is heavily dependent on the specific cultural and regulatory context. It was agreed
that comparative risk assessment along harmonized procedures could significantly help in
understanding the decisions made in other countries or sectors and promote a transparent
decision making process in which all stakeholders can be involved.

17
Aven and Kristensen (2005) stated that there exist many perspectives on risk, including
safety engineering, social scientist perspectives, risk perception research and economic
decision analysis. Traditionally, some of the different perspectives have been viewed to
represent completely different frameworks, and the exchange of ideas and results has
been difficult. According to them much of the existing discussions on risk perspectives
have lacked a sufficient level of precision on the fundamental ideas of risk assessments
and management. Citing for example, there being more than one line of thinking in risk
analysis and assessment and mixing all approaches into one, which gives a rather
meaningless discussion. They present a review some of the most common perspectives
on risk showing that it is possible to establish a common basis for the different
perspectives, by looking at risk as the full spectrum of the dimensions
• Possible consequences
a Associated uncertainties.
Examples from the offshore oil and gas industry are included to illustrate ideas. It is their
view that the concept of risk, risk assessment and risk management has not yet been
sufficiently developed to meet the many challenges facing us in present day and those
expected in the future. A common platform is needed that can give a unifying set-up for
dealing with risk and uncertainty for the many application areas. A common structure,
and philosophy is searched for, not a strait jacket for the various disciplines and
application areas.

Gowland et al. (2006) have shown the possibility of using different methodologies to
augment each other. They used LOPA and the European Commission funded project
Accidental Risk Assessment Methodology for Industries in the context of the Seveso 2
Directive (ARAMIS) as examples. According to them ARAMIS has several modules
which give a consistent simplified approach to risk assessment which does not approach
the complexity or expense of full QRA. LOPA potentially as a means of carrying out the
assessment of barriers required in ARAMIS is discussed. It offers an assessment method
by addressing a wider range of issues in addition to process control. Initiating events such
as human error, procedural failures, barrier performance such as operator response,
management systems, etc. are also discussed. The scope of the ARAMIS is wider than
LOPA and offers the LOPA user an opportunity to "close the loop" by assessing
uncertainty, sensitivity and carrying out risk mapping. Both LOPA and ARAMIS are able
to reveal gaps in the systems and provide answers on effective and economical ways to
close them. It concludes that certainly, the two approaches are compatible and each has
the potential to enhance the other. A mature LOPA process can be incorporated without
difficulty into an ARAMIS approach.

The success of applying artificial intelligence (AI) techniques to expert systems in

medical diagnosis, aerospace risk management has prompted industries, such as the CPI,
to experiment with potential applications of Al.

Applications to chemical plant on-line real-time or off-line emergency diagnosis and

accident management are among the most promising and demanding areas presently
under consideration. Both cases require a large amount of knowledge regarding plant
response during and after an abnormal condition. Studies on intelligent systems are not
new. Raafat and Abdouni (1989) , Wang and Modarres (1996), Sutton (1997) , etc. have
discussed the use of computers and intelligent systems.

144,
Tools like REX, An Intelligent Decision and Analysis Aid for Reliability and Risk
and SUPER-NET, a Multi-Purpose Tool for Reliability and Risk Assessment were
developed. As the modern plants get more and more complex and strive towards
automation, newer hazards are introduced which were absent in yesteryears.

Tools like optimal risk assessment (ORA), HAZDIG (Khan and Abbasi, 1999), etc.
developed recently show promise for further reduction in amount of time and resources
required for risk assessment.

19
 „O U N s.
cd cl O N w
- y V O

a) o l N o
a Ts a) C a
a) C o b c ~ E
w U

a a ;, m
CL
o
r
Ii
•J o 0 0 3 a) C
.)

- -
ID au ° 3 °.:
o Cd ~p vi N V tO
bA

4- 00
H
b
a >> vi a) '
`n Q
A
a) O w N d -
c) O

U 3 Q~+

c N ° o Ǹ
° Cd C - o o rn
U r+ p. U — - 1 H

a)
o ) o ) U
0 >,
p O bA bA ti p O
z ~
rx
o~
Uw
c
a w w
o va

z o 0 0
 o ~ ~
'.o
3 o U 41)~ a

~ O N
C*o O

4- O
0
N U 0 0
3
i.~ y cd ... O y a)
~ o o 0
.-
O j, •
O U
C c U U U U
C> O C/] E c) `a O

O. W
O c '
ON ' U N
Cd C O - v ~,, cd

4-4 o '"
(13

~' ° N

E
DO d p. °
E I
00
rn
c
o N b O1
o rn
4-
—
a.)
;;4. U)
V > U . N~ U
(13 ~Ur M 4- 4-
w V
-
o ~, E o
O y~ G)
am O~ v) % O\
C'
N /
ti .. Q G~. CD + ti 4-

03 ~-7' v (13
_ U b x
n
.~ •su•e
w c O
~.. E „ U

a .~ ao o
cn
41)

~" cts v~ N U O °
4- .~
Z a o ~. b U U
(13

z o 0 0
 a b ~
w a
o Cl)
a)

G
N C E
..
'~. cad
C c~

A o o
o

Cd) a) a.)

L) ON ~~ CL

y U
U N a)
a
O O a)

0 a) cn
U Cl)

O N C +'

O
O O N

N +,
V ~ I-I
U ~ U C

o~ N ?
o
Cl)
'
x
o v~

0 b 0 3
° .° 00 H ° a" w ° w °
Cl)
hI
a.) °'
p
.~ > c~ o
V ., a.)
- >- a) . O
C4
O a) 4

a. o a b x C Cl)
S.

z m

o 00 0
 o °
U ~
N
(ID
UU

•'~"
L O U
f4

°
ID ~•
0
-d
.°

(I) .
U
co 0
o a
b O
o u °
o .d N o

0 _ iUi
O
N
r~ a

vi

a)
O
N L1r 'cn
0 II

O
C7 w U v~
cn

o 0 oo ° o o w
N O- •N
-+ v]
N ~i N C/J

H i ° aUU+
a 4"
• O — N — C O
` C's o a
NCC i
vi cC V w
a~ b a ro C a o a
(ID
~" m x

z p N
 CHAPTER 3

A GENERAL RISK
ASSESSMENT
METHODOLOGY
CHAPTER 3
A GENERAL RISK ASSESSMENT METHODOLOGY

Risk assessment is a careful examination of the job steps and the work place to identify
hazards and how it could cause in terms of fatality, injury, property, etc. The risk
assessment allows one to anticipate the risks involved in the job execution and provides
framework to bring down the risk to tolerable level. No fixed rules can be prescribed for
undertaking a risk assessment as it will depend on the nature of the CPI and the type and
extent of the hazards and risks which may be involved. Above all the process needs to be
practical and it should involve management, whether or not advisers or consultants to
assist in it are present. A general risk assessment procedure is outlined now. It has the
following steps: ,
1. Assemble a team
2. Define the scope
3. Conduct hazard identification
4. Carry out Risk analysis
5. Suggest controls
6.. Document the results

A risk assessment team generally consists of (CCPS, 1992):

• Plant safety representative (PSR), the concerned activity supervisors and operator or
the technician or contractor's representative as the case may be shall be the team
member for risk assessment.
• If a new chemical is used or new equipment is used for the first time or any activity
which is one time job and which will continue for more than one day safety officer
shall also be involved in the risk assessment.
• External experts shall also be involved based on the job requirement e.g. material
handling of heavy equipment.
• Contractor's supervisor (in charge of the activity) shall also be a team member, if
the job is to be done involving contractors employees

27
The next step should involve a discussion about the system, project or topic being
reviewed through risk assessment process. The purpose of this step is to ensure that all
team members have an adequate understanding of the system and the boundaries of the
system before starting to identify hazards.

Depending on the Risk Identification tool and the exercise complexity this step may
involve one or more of the following
• Reviewing existing system drawing (map, P & ID), etc.

• Detailed techniques like FTA, FMEA, etc.

Identification of hazards is the next step and an extremely important one. The Scope may
provide a Hazard Inventory Table to the team. This table would outline the hazard types
and clarify any uncertainties about any specific hazard. If any hazard is unclear that
uncertainty must either be clarified or the facilitator must define the uncertainty and
gather information from the team to document the assumptions made about the hazard.
Failure to clarify assumptions about the nature or magnitude of a hazard can lead to
inadequate controls and the assumption of unacceptable risk.

Next potential unwanted events are identified. Methods like PHA, HAZOP, FTA, FMEA,
ETA, LOPA are used in a combination for as complete evaluation as possible (Lees,
1996; CCPS, 1992). Each example method is intended to address different desired
deliverables and each method varies in the way it prompts the identification of unwanted
events.

Risk analysis is the next step though sometimes this is not a part of the exercise. For
example, Job Safety Analysis (JSA) and HAZOP do not usually involve formal Risk
Analysis. In JSA and HAZOP, unwanted events are identified and then controls or
barriers are discussed. If this applies, the analyzer should skip the next two steps. In most
cases some form of risk analysis, whether it is qualitative, semi-quantitative or
quantitative is applied.

I:
Next question is to decide on the risk acceptability criteria. The selected risk Analysis
method for the team exercise may indicate risk acceptability levels as part of design.
Often risk analysis methods are included corporate procedures for risk management or
risk assessment. Therefore, the facilitator should know the relevant risk acceptability
criteria before the exercise and, subsequently, ensure that the team understands these
criteria.

0
U

Implementation of a
Conduct Hazard Studies Recommendations
Recommendations K

Fig 3.1 General Steps of Risk management (qwest consultants)

In qualitative and semi-quantitative Risk Analysis methods the intent usually involves
ordering the unwanted events by level of risk. In brief:
• Qualitative Risk Analysis (Qual RA) is used to very roughly discuss and group.
risks

• Semi — Quantitative Risk Analysis (SQRA) is used to identify rough priorities for
the profile, often where exposure is a key factor to focus on priorities, further
study and analysis

• Quantitative Risk Analysis (QRA) is used to more accurately establish the

probability of unwanted events to mathematically manipulate and/or consider
acceptability

Acceptability criteria may be illustrated in the method by a "green" or specific low risk
rank level. In this case the acceptability criteria simply identify the lowest priority risks.

29
Normally, qualitative and semi-qualitative methods are not used to determine
acceptability but rather to focus discussion on higher priority risks.
A general overview of quantitative method of risk assessment methodology is as follows
• A set of adverse consequences are defined, e.g., in terms of risk to the public,
fatalities, and property damage, etc.
• For each end state, a set of disturbances to normal operation is developed which,
if uncontained or unmitigated, can lead to the end state which are called initiating
events (IE's).
• Event and fault trees or other logic diagrams are employed to identify sequences
of events that start with an IE and end at an end state.
• Accident scenarios are generated.
• These scenarios include hardware failures, human errors, fires, and natural
phenomena.
• The probabilities of these scenarios are evaluated using all available evidence,
primarily past experience and expert judgment.
• The accident scenarios are ranked according to their expected frequency of
Occurrence and represented on a risk matrix.

Should the risk assessment require quantitative consideration of different events,

consequences can be quantified by establishing a common unit for all of the potential
losses, such as rupees. Depending on the circumstances, this may require establishing the
value of human life.

The accuracy of probabilistic data is sometimes challenged, especially when the numbers
are multiplied, potentially exacerbating any inaccuracies. Obviously the accuracy of the
data is determined by the validity of the source.

Finally after risks have been identified and analyzed output is presented in various forms.
A popular format for qualitative analysis is a risk matrix based on severity and frequency
of risk scenarios. Here the risks are rated according to analysis results on basis of
guidelines adopted by the CPI.

30
A typical risk matrix is shown below:

UKELvHOOo

Ir k it Ha ~ Hampers
CON QUENCES NmerHeard Hawd m .. In
aaafredmar Several times
Q on .. h i i nd Several tines
W oonpany in alocation
W
VORM REONATI
N PEOPLE ASSET A B C D E

0 No health
Nod No effect No Impact ON
effect/ Injwy

1 Slight Health Slight

slight effect slight lmpaa FISK
effect/ moray Darrege

Minor
Limited
2 Health Minor effect i
erect/ injury t

jor
Localised Localised Cbiuide~able M9) UM
3 Health
Dranaged effect impact
effect/ injury

4 NDor 1 to Mir National

oreffect t~( i Fti9c
3 fatalities t
Multiple Exdensive Massive iit matk>cal
Fatalities tnege effect inpat

Fig 3.2 A Typical Risk Matrix (Cowling, Leeds university)

Quantitative results are shown with help of cut sets, plots, contours, frequencies and
probabilities (CCPS, 1992). On basis of results of above steps the management takes
decisions related to risks and decides whether risk is acceptable or not and what further
steps need to be taken.

31
CHAPTER 4
DEFINITION OF THE PROBLEM

For the present study, a PVC manufacturing plant has been chosen for QRA. The plant is
located on western coast of India and PVC is manufactured using BF Goodrich (Now
Oxy Vinyl) technology. The plant was commissioned in 1991 and it has an installed
capacity of 1,60,000 MTA which has been increased to 3,30,000 MTA. The most
economical of all plastic materials, PVC finds application in the manufacture of pipes,
roofing sheets, containers for industrial and consumable items, electrical cables, etc.

PVC is produced by suspension polymerization of Vinyl Chloride Monomer(VCM), in a

semi - batch process. There are two lines .of four polymerizers each of 70 m3 capacity
with bottom mounted agitator, cooling jacket and baffles. Approximately 24 MT of PVC
is produced per batch with a batch time of 260 to 280 min. The polymerization process
of VCM consists of the following:

1. Coating
2. Charging
3. Polymerization
4. Blow down & Recovery
5. Slurry Stripping Column
6. Dewatering, Drying & Storage

The focus of the risk assessment study is the polymerization reactor system. Fig 4.1
represents a schematic flow sheet of the PVC manufacture in the plant.

32
 CHAPTER 4

DEFINITION OF
PROBLEM
Suspension polymerisation takes place in system under study. The main raw materials
used in the manufacturing process are:
• Vinyl chloride monomer (VCM)
• Demineralized water (DMW)
• Tri calcium phosphate (TCP)
• Poly vinyl alcohol (PVA)
• Proprietary Catalyst
• Acetone semi-carbazone (ATSC) as Short stop

In the process vinyl chloride is dispersed in water with continuous stirring. Monomer
soluble organic peroxides are used as initiators. Catalyst is used in the reaction for VCM
polymerisation.

Catalyst decomposes to give activated molecules, which react, with VCM molecule and
form activated monomer, which then progresses through chain propagation.

Catalysts used are organic peroxides being highly inflammable at higher temperatures. To
prevent loss of activity, they are 'stored at sub-zero temperatures in catalyst storage area
and brought to plant whenever catalyst solution is required to be prepared.

The polymerization reaction is exothermic in nature and to maintain the isothermal

conditions in the reactor heat is recovered by a cooling system consisting of a cooling
jacket and chilled water flowing through the baffle. The working temperature is.
maintained at 70 degree Celsius with a pressure range of 8 -12 kg/cm2 .

The polymerization lasts for 215 - 240 min. The reaction is terminated at roughly 80%
conversion. The end point is detected by drop in pressure of the reactor of about 6 to 10
kpa according to grade being produced.

The polymerization reaction is terminated by using of a reaction killing agent ATSC

which instantaneously stops the reaction.

34
The process of polymerization is described in this section. VCM forms droplets in DMW
media due to mixing effect. Suspending agents form a thin membrane around the droplets
to make these droplets stable and protects the droplets from aggregation. The catalyst
penetrates the membrane and reaches the reaction is taking place within each of these
droplets.

The polymerization reaction proceeds according to following steps:

a) Initiation:

O O
II II
R-O-C-O-O-C-O-R -----------> 2R-O +2CO2
R-O* + H2C = CHCI -----------------> ROCH2-CHCI*

b) Propagation:

---CH2-CHCI + H2C=CHC1-------> CH2CHCl-CH2CHC1*

The termination of reactions occurs due to joining of two free radicals. The overall
reaction is a highly exothermic reaction with heat of reaction being about 1.6 MJ/Kg.
Molecular weight of the polymer is directly dependent on the reaction temperature.

After 80-85% conversion, VCM is only in droplets and vapor phase pressure start
dropping. After a particular pressure decrease the reaction is terminated with shortstop.

It is proposed to carry out the risk assessment of the VCM polymerization system which
comprises of cooling as well as agitation systems.

35
 4)

C
0

0
rn
C

00 w`
U
 CHAPTER 5

RESULTS AND
DISCUSSION
CHAPTER 5
RESULTS AND DISCUSSION

5.1 Preliminary studies

The results of risk assessment done are described in this section. To get the feel of the
problem and collect necessary data a field study on site was undertaken.

The assessment began with study of the process and hazardous materials used in the
process. From the plant log sheets accident history of plant was prepared. Fig 5.1 shows
the year wise records of number of accidents occurring in the plant. It can be seen that
they are decreasing in number every year.

Fig 5.1 Year wise distribution of accidents in the plant

During the study the PVC plant then under consideration had remained fatal accident free
for 2851 days. Only one fatal accident occurred in the plant since the inception of the
plant and that was in May 1999 due to a contract worker falling of a ladder.

37
 F
O
V

Cd
bA
1

G
O
iiiiiiiii
- O O - .-i O O O O

~ U

U
O ~
- O r O O O O O O

U
w©
~ u
3
w C'i
O N O O O O - O -

• O

en
m c
M
U en o 0 0 0 0 0 0 0
U

+• u
,C" O

3 U

c o
o
U o 0 0 0 © r. o o .-+

y O O - - O O O -
0
CL C
U
u ~
E
. .. o 0 o - o 0 0 0
U E0
U
CC 00 O\ tfl 'G
ON ON O\

- - ti
The fig 5.2 shows the data of table 5.1 in a graphical form. The graph shows that most of
the accidents were when the workers came into contact with heat or were caught between
the equipments.

Types of Accidents

Fall From Height Chemical Exposure

(3) (5)

Stuck Against
(5)
Heat Contact
(13)

Caught in Between
(7)

Fig 5.2 Various types of accidents in the plant from 1999 to 2005

Based on the data from log-sheet and taking into account total employees (company and
contract manpower) a lost man-hours calculation was done.

• No. of company Employees: 60

• No. of Contractor Employees in Mechanical / Electrical sections: 16
• No. of Contractor Employees in Bagging section: 66
• No. of Contractor Employees working during shutdowns : 300
• No. of Houskeeping Personnel : 4
• No. of Shutdowns: 6
• Days Working Without Lost Time Accident: 2851
• Man Hours Without Lost Time Accident: 3454736
• Injury Rate based on 200,000 employee hours' : 0.09

39
Various hazardous materials are used in the plant. The materials used and their properties
are listed in appendix II.

The plant location and setting were obtained during the visit. Detailed layout with respect
to population was taken from Google earth. This figure, giving the details of the plant
location is given in appendix I.

Dow fire and explosion index was calculated. The results were as follows:
• General Process Hazard Factor = 2.8
• Special Process Hazard Factor = 2.91
• Unit Hazard Factor = 8.15
• Fire and Explosion Index = 171 (168)
• Credit Factor = 0.60
• Radius of Exposure = 46.6 m
• Area of Exposure = 6823 m2
• Base MPPD = 153.5 Crores
• Actual MPPD = 91.1 Crores

* Maximum allowed is 168

** Assuming cost of the plant to be 2.25 Lakhs/m2 (Dow, 2001; Gupta, 2001)
The complete calculations for above are shown in appendix III.

5.2 Qualitative studies

HAZOP is almost universally used for hazard identification when conducting
modifications during operations. It is very popular at the PID stage as well and helps list
as many deviations from normal operations as one can imagine and control measures. It
often forms an important stepping stone for quantitative risk analysis. A general HAZOP
for the polymerization reactor carried out and is given in appendix IV. Further from
qualitative studies the risks from the plant can be summarized as in table. It shows the
types of risks involved and existing control measures provided in the plant.

40
 4
.3 a
c~ O ❑ ue.

O
°ra, o a~ o •~
~i. U ~ °n 4-
- o C° C
o chi

°
.. o a °
y oq - CO o -•° ao
o .b (ID
a)
v°
Q() ~t a v v, o °" + 4-
c a)
C)U
a)
W o E - o a) O E O b v o
o
E-

4-
a.)

a)
4-
a."N

vi
c
(N f~

inn a

d a
V G".

a) . Uw a
°"
o o oai >
w (/D
N on n °n
OU N o o o

4-

° F

W ~

cz .-
 o ~

cC cC
a.)
r -/~

A, o, o.
o o `4 '~
U U
cC cd
U O
N ~n
~ U
t.
U U~. O • C)
U U
bA U
bA U
,~ 'U O
s•r
bA

W f~l (sl
b b (~ b
Cl'
O O p
W
. .

N
1-4
L7
N U

O ^U w x w
o
O a)

~+ b U
G w 7
O i O
U a.) U
V o o `~
a
W O C,
U > O

O
D cz b
y
oz
Q

aj r~ N Rai x H Qr Q

O
O
bA O
w+ A N O >,
a O U
.M
Using the preliminary hazard assessment, HAZOP and summary in Table 5.2 it is seen
that the main catastrophic scenario in case of reactor is release of instantaneous release of
24 MT VCM from the reactor which may be mainly due to following reasons:
1. External Factors (natural hazards, Sabotage, Terrorist activity etc)
2. Spurious opening of relief valves
3. Overpressure due to Runaway reaction
4. Hydrofull condition where there is a pressure rise without a rise in temperature

External factors such as natural hazards are unpredictable and hence are left out of
analysis. It is also assumed that other external factors are taken care of by respective
authorities like administration, police, etc

5.3 Fault tree analysis

A top event of VCM release to atmosphere is considered and a hypothetical hazardous
scenario builds upon it. A basic fault tree is developed and fault tree analysis using
following important assumptions (CCPS, 1992; Lees, 1996) is carried out. These
assumptions are as follows:
• Equipments are properly designed and hence vessel design failures are not
considered. Also catastrophic failure rates for them due to design failure are
generally in range of 10-8 per year and hence can be safely neglected during FTA.
.

• Proper preventive maintenance is carried out with regular testing of control

systems, pipelines for leakages, corrosion, etc.
• Basic process control system (BPCS) failure may consist of sensor failure,
electronic failure, utility failure if involved, logic failure. A general value for
failure on demand in order of 10-1 per year is taken.
• The reasons for operator not responding despite getting notification are varied and
many and cannot be incorporated in the analysis. How ever for operator errors a
general value in order of 10-2 per calculation was taken into consideration.
• A general value in order of 10 2 per year was taken for power failure.

43
A number of other assumptions and approximations were made during calculations as
deemed fit on basis of literature available. A general key for basic event failure rate
probability along with all minimum cut sets is listed in appendix V. It can be seen that
many of the cut sets have frequencies in order of 102 to 105 times less than actual top
event. In view of these values several cut sets are considered to be of little value.

Table 5.3 Significant cut sets

Sr Cut Sets Frequency (/h)
no.
1 Y 7x10-
2 G7U 0.06 x 10-
3 G7V 0.02 x 10-
4 G6ST 1.61 x 10-

These are taken to be significant as the probability of occurrence is either near the top
event probability or only about one order of magnitude less. As seen in appendix IV rest
of the other cut sets have frequencies in the range of several orders (up to 10 -1 5) lower
than acceptable limits.

This is mainly due to various component redundancies and safety measures taken in the
plant. Also most of significant cut sets consist of components, which cannot have
redundant parts and are necessary. For e.g. cut set Y, having gasket failure as its primary
cause. Following were the main results from FTA:
• Probability of Top event (Release of VCM to atmosphere) : 8.7 x 10 -9 / h approx
• No of Minimum cut sets: 95

A simplified fault tree diagram is shown in fig 5.3.A and 5.3.B.

 ~ a

v ~a
7T N W
w$ soP ~ a
o OLL a gu m

'~4 r
~ 9
C ~

x
o ~~ a

G+ tl x 20°
S
c

Nn ' mo + A
CU aU D`"K

7u 0h. & pw wW

I I I a o~
W H

.Da U W
q$ aw a 9

~ ~^m 4
A ~

N ti 0
ma4
D OR W~

`V U U 7 L00 6
Nu
UFi 7~ Nb r:
fi

vm
UI

9p ~ N
; ri;

yp; yC
III

0~ Q4
The probability of triggering of top event due to a particular minimal cut set can be
calculated as follows:

Since all the events of a minimum cut set have to occur for the top event to occur the
probability of top event P(t) is given by,

P(t) = P(MCS) (53.1)

Considering the minimum cut set G6ST we get:

P(t) = P(G6ST) = P(G6 and S and T) (5.3.2)
P(t) = P(G6) x P(S) x P(T) (5.3.3)

Therefore, P(t) = 0.01 x 4.02 x 10-4 x 4.02 x 10-4

= 1.61 x 10-9/h

Similarly, for P(t) = P(G7V) (5.3.4)

P(t) = P(G7) x P (V) (5.3.5)

Therefore P(t) = 0.01 x 2.78 x 10-9 = 2.78 x 10-11/h

Similar calculations were done for all cut sets and the results are shown in appendix TV.

5.4 Layer of Protection Analysis (LOPA)

A layer of protection analysis was also carried out keeping in mind various scenarios.
Thousands of scenarios can be thought of and be analyzed for protection layers. Here
eight scenarios were analyzed. These scenarios were classified as category 5 and category 3
(CCPS, 2001). These scenarios are as follows loss of cooling due to cooling water failure,
agitation failure due to gearbox failure, agitation failure due to motor drive failure, excess
VCM charge, hydrofull condition, leakage due to mechanical seal failure, injection water

45
failure due to pumping failure, injection water failure due to BPCS failure. Sample of
LOPA sheets are shown as LOPA sheet I and LOPA sheet II.

LOPA Sample Sheet No 1

Scenario No Loss of Cooling Due to cooling water failure

Date: Description Probability of Frequency

Failure
Consequence Runaway Reaction with potential for
overpressure, Leakage, Rupture, injuries and
fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating Non Availability of Cooling Water 0.1
Event
Condition for Reactor in condition where runaway 0.5
Event possible due to lack of cooling
Frequency of 0.05
Unmitigated
Consequence
IPL's

Control Activates Emergency provisions like I x 10

System shortstop

Pressure Relieve pressure in case of temperature 1 x 10

Relief System runaway include pressure relief valve and
rupture discs and dump valve
SIF/Interlocks Opens relief valves/Alarms 1x10 3

Non IPL Operator intervention

Safeguards Emergency Cooling water System
Emergency NO Shortstop
Total PFD 1 x 10

Frequency of Consequence 10-

Risk Criteria met: Yes/No: Yes

Action to be taken/Notes: None

LOPA Sample Sheet No.2

Scenario No Agitation Failure

Date: Description Probability of Frequency

Failure

Consequence Runaway Reaction with potential for

overpressure, Leakage, Rupture, injuries and
fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating Gearbox Failure 0.33
Event/Events
Condition for Reactor in condition where runaway 0.5
Event possible

Frequency of 0.165
Unmitigated
Consequence
IPL's

Pressure Relieve pressure in case of temperature 1 10 "

Relief System runaway include pressure relief valves,
rupture discs, dump valves
SIF/Interlocks Opens emergency Valves/Alarms 1 x 10

Non IPL Operator intervention

Safeguards Shortstop Failure
Emergency Cooling water System
Total PFD 10"

Frequency of Consequence 1.65 x 10

Risk Criteria met: Yes/No: No

Action to be taken/Notes: Proper upkeep of Non IPL Measures like Emergency shortstop, SOP, Operator
training.

47
Other scenario analyses are given in appendix VI. It can be seen that LOPA gives a good
idea about how well the system is protected and can be used as a simplified QRA. Using
corporate risk standards, one can determine the total amount of risk reduction required
and analyze the risk reduction that can be achieved from various layers of protection. If
additional risk reduction is required after the reduction provided by process design, the
basic process control system (BPCS), alarms and associated operator actions, pressure
relief valves etc., a Safety Instrumented Function (SIF) may be required.

The diagram below shows various possible layers of protection.

❑ Community Emergency Response

❑ Plant Emergency .Response
❑ Physical Protection (Dikes)
❑ Physical Protection (Relief Devices)
❑ Automatic tion SIS or ESa
❑ Critical (arms, Operator Supervision and
I annual Intervention
❑ Basic Controls, Process PIarms,
and Operator Supervision
❑ Process Design

Fig 5.4 Various Layers of Protection (Qwest Consultants)

LOPA requires considerably less resources though it is not as rigorous as QRA. The
crucial step is identification of independent protection layers. Multiple Protection Layers
(PL's) are normally provided in the process industry. Each protection layer consists of a
grouping of equipment and/or administrative controls that function in concert with the
other layers. Protection layers that perform their function with a high degree of reliability
may qualify as Independent Protection Layers (IPL). An IPL is a device, system, or
action that is capable of preventing a scenario from proceeding to its undesired
consequence independent of the initiating event or the action of any other layer of
protection associated with the scenario. The effectiveness and independence of an IPL
must be auditable. All IPL's are safeguards, but not all safeguards are IPL's. Each
safeguard identified for a scenario must be tested for conformance with this definition.
Summarily an IPL has the following important characteristics (Summers, 2001):

• Specificity: An IPL is designed solely to prevent or to mitigate the consequences

of one potentially hazardous event (e.g., a runaway reaction, release of toxic
material, a loss of containment, or a fire). Multiple causes may lead to the same
hazardous event; and, therefore, multiple event scenarios may initiate action of
one IPL.
• Independence: An IPL is independent of the other protection layers associated
with the identified danger.
• Dependability: It can be counted on to do what it was designed to do. Both
random and systematic failure modes are addressed in the design.
• Auditability: It is designed to facilitate regular validation of the protective
functions. Proof testing and maintenance of the safety system is necessary.

It is seen from the analysis that for different scenarios independent layers are obtained
and some Non IPL's are always present. A protection layer which is independent for one
scenario my not be for other scenario.

49
Consider a protection layer in form of BPCS. It acts as independent protection layer in
most of the scenarios. But in case of complete loss of power it is not a independent
protective layers. Also consider the following example as given in figure below

Initiating event Protection Layer

IPL
Mischarging I High Temperature Pump cool water
(High Catalyst)
) I

Not IPL

Complete
High Temperature Pump cool water
Power Failure

Fig 5.5 Protection Layer and Independent Protection Layer

The above figure shows a scenario in which a protection layers can be considered IPL in
one case but not in another. Here it is seen that for the case of catalyst mis-charging the
pump will be able to deliver cooling water and hence control the scenario. However, in
case of reaction runaway due to complete power failure the pump will not be able to
pump water and hence cannot be considered an independent layer.

50
From the LOPA analyses of the reactor it can be seen that for the considered scenarios
the layers of protection that exist are as follows

Table 5.4 LOPA summary

Sr. Case Category No of IPL's Risk
No. target
Achieved
with IPL
(YIN)
1 Loss of Cooling Due to cooling water 5 3 Y
failure
2 Agitation Failure due to gearbox failure 5 2
3 Agitation Failure due to motor drive 5 2 Y
failure
4 Excess VCM charge 5 2. Y
5 Hydrofull Condition 5 2 Y
6 Leakage due to Mechanical Seal failure .3 2
7 Injection water failure due to BPCS 5 3 Y
Failure
8 Injection water failure due to pumping 5 2 Y
failure

As seen in this case, like scenario 2 and scenario 7, some scenarios may not meet the
required risk targets with independent protection layers alone taken into consideration but
when considered with non IPL's risk targets are assumed to be achieved. Most of these
non IPL protection layers involve operator action and hence human reliability is an
important factor in this case. Also the possibility that the operator might be unable to
respond either due to lack of access and other factors like loss of consciousness, panic etc
has to be considered.

51
5.5 Consequence analysis
Finally consequences of the main scenario that is release of VCM to the atmosphere is
considered. VCM release may occur either from
1. the header tank (VCM header tank)
2. the reactor

The inventory of VCM in the reactor can vary from 12 to 24 MT. An instantaneous
release of 24 MT provides the release scenario.

Parameters Considered:

Temperature 53-70 °C

Pressure 8-12 kg/cm2 (g)

Vessel volume 70 m3
VCM Inventory 24 MT

In coastal areas the wind vector is the main contributor to atmospheric dispersion and
diffusion. In the daytime the wind blows from land to sea whereas, usually, during night
time the wind blows from sea to land (sea-breeze). The tendency of the atmosphere to
resist or enhance vertical motion and thus turbulence is termed stability. Stability is
related to both the change of temperature with height (the lapse rate) and wind speed. A
neutral atmosphere neither enhances nor inhibits mechanical turbulence. An unstable
atmosphere enhances turbulence, whereas a stable atmosphere inhibits mechanical
turbulence.

The turbulence of the atmosphere is by far the most important parameter affecting the
diffusion and the dispersion of a pollutant. The more unstable the atmosphere, the greater
the dilution. There are 6 main classes of atmospheric stability namely A,B,C,D,E,F. Class
A, B represent very unstable atmosphere, class C, D represent very slightly unstable to
neutral atmosphere, E represents a stable atmosphere whereas F is representative of
extremely stable atmosphere.

52
In case of VCM release from the reactor ignition upon release would result in a vapor
cloud explosion. This could lead to release of other flammable inventories and affect the
toxic inventories in the nearby areas in case of domino effects. Using the procedure
outlined in the Guidelines for Consequence Analysis for Chemical releases by CCPS,
AIChE, (1999) the distance for LFL (4 % ) was found to be 267 m. Using Pasquill
Gifford Model the same distance was found to be 4030 m. A sample calculation using
Gaussian dispersion model is shown considering the following inputs:

• Release (Q) : 24000 kg (instantaneous)

• Isopleth concentration required ( C) : 40000 ppm
• Ambient temperature: 30 °C
• Release height (h) : 8 m
• Wind speed (u) : 3 m/s
• Atmospheric stability: F

C = Q/(7.874 x 6X x 6y x 6Z) exp { -0.5[ (x- ut)2/ 6X 2+ y2/ o2 + Z2/ 6Z2]) (5.5.1)

Where, o, 6y , aZ are the dispersion coefficients.

Maximum ground level concentration will be given at (ut, 0, 0 ) Therefore ,

C (ut,0,0) = Q/7. 874 x a,, x ay x 6Z (5.5.2)

C (GPM) _ (RT/PM) x 106 (Cmgim3) (5.5.3)

Where,
P= Pressure
M=Moleular weight
T= temperature
R= universal gas constant
Therefore C (mg/m3) = 1 x 62.5 x 103 x 40000/(0.00008206 x 301 x 106)

53
Putting C(ut, 0 , 0) = 101,214 mg/m3 and a,,= ay

We get,
101,214 = 24000 x 106/7. 874 x o,2 x 6Z (5.5.4)

The equation 5.5.3 is solved using trial and error, guessing the downwind distance, and
substituting the corresponding values of ax , 6y and o (CCPS, 1999).
This leads to a solution of downwind distance X = 4030 m approx, with,
ay =55m
6Z = 10 m

Similarly using Pasquill Gifford Models for results various concentrations are shown in
Table 5.6-5.9

When same inputs are used with Britter-Mcquaid dense gas models we get:

5.4

where,
X= downwind distance, m
Vo= initial of volume dense gas released m3
u= wind speed, m/s
go= initial buoyancy factor, m2/s

Using the Britter-Mcquaid dimensional correlation for dispersion of dense cloud puffs
(CCPS,1999) we get

(01/3)
= 85

Therefore, Downwind distance (X) = 267 m approx.

54
 M

O O
M M
"4 - O O

O V~

II!ii
O O O
C rn c
000000
— — — ,

o ~ ~
'NI"
O O O
Q O O O
!uII

i I i M N r+ 111010
N N NN
U to

— .D M N — i
M M q1 M
N N N N N
W M M M M (M
F'!"

LI)
oo ~h N I I
M M M M
N N N N i I P'O'
II
CID
 O N Vn

O O
M M
I

PUIUUEIIU C ~?
M
i v1 M N i

__II!!!I
liii!!
L~l
000

!uuI
NNN
II

kn

I!"!' U -

V N
i
N N N
N N
N N N

00

NNNNN
M M M M M

I.
E!I!II T...M

—~
N N N
0000
kn
00 ~O i i

!I!!lI! O N M v1 N
Following plots gives an idea regarding the relation between distance and stability classes
for particular concentrations when Gaussian models are used.

30000

25000

20000
~-100000 ppm
15000 10000 ppm
----1000 ppm
0 10000

5000

0
a b c d e f
Stability Class

Fig 5.5 Time vs Distance for various concentrations using Gaussian dispersion

From the above figure it can be seen that no matter what the workers at the site would be
exposed to VCM vapors in case of atmospheric release. Also from the 4 % LFL
Calculation it can be stated that the danger of vapor cloud explosion lies within a radius
of 267 m. This lies outside the reach of petrochemical complex and plants like Naphtha
cracker plant which handle extremely flammable and explosive materials. It can be seen
from dispersion calculations that the time to respond to the scenario considered is
extremely less (4 — 6 min) to reach lower explosion limits) Hence it is extremely
necessary to have a well coordinated disaster management plan. Constant drills should be
carried out time to time taking into account various such scenarios throughout the site.
Isopleth plots using Gaussian models are plotted. The plots are based on F stability and
wind velocity of 3 m/s.

57
Fig 5.6 Isopleth according to Pasquill Gifford Model for 100000 ppm

Fig 5.7 Isopleth according to Pasquill Gifford Model for 10000 ppm
 150

100
E
50

CD
2 0
U
11 00 11720 11740 11760 11780 11800 11820 11840 11860 11880
c
-50

100•

-150
Distance Downwind, m

Fig 5.8 Isopleth according to Pasquill Gifford Model for 5000 ppm

500.0
400.0
300.0
E
200.0
N 100.0
v
U)
0.0 —I-
100.@4200 24220 24240 24260 24280 24300 24320 24340 24360 24380 24400
Ca
-200.0
b
-300.0
-400.0
-500.0
Distance Downwind, m

Fig 5.9 Isopleth according to Pasquill Gifford Model for 1000 ppm

59


E E
o.
Q EE
a
Q °-
oo
o °
o 0
o

I j

O
O
O
T

a
O
O
O

C)
C
N_

O N
O
C _.~ _

O
O
O

C3
O O O O O 00 O O 0
O O O O O O O 0 O
O U) O In U) O LO 0
N T r I - T

(w) aouejsic pU!MssO13

TNT equivalency calculations have been done to calculate overpressures resulting from
explosions. Taking:
• explosion efficiency of the Vapor cloud explosion is taken to be 10 %; and
• energy of explosion of trinitrotoluene (TNT) is taken to be 1120 cal/gm (Crowl &
Louvar, 1999), the results for overpressures are shown in Table 5.7

Table 5.9 Overpressure, Time'of arrival of shock wave and Damage caused
Arrival
Sr. Overpressure Distance
time Damage
no. (psig) (m)
(milli sec)
1. 0.3 700 7.38 Safe distance with 95 %
probability of no serious damage.
Usual projectile limit
2. 0.5 485 6.64 Glass windows shattered
3. 0.7 380 6.23 Minor structural damage to houses
4. 1 285 5.75 Partial house demolition
5. 1.3 232 5.40 Steel frames distorted
6. 1.45 213 5.26 Partial wall collapse
7. 2 167 4.87 Non reinforced concrete shatters
8. 2.3 151 4.71 Lower limit of serious structural
damage
9. 3 125 4.43 Heavy machines damage.
10. 4 104 4.17 Wooden poles snap
11. 5 90 3.97 Rupture of tanks
12. 7 74 3.68 Loaded wagons overturn
13. 9 65 3.46 Loaded wagons demolished
14. 10 61.5 3.36 Total building and machine
destruction possible
15. 300 12.9 0.86 Crater
The total explosive energy of the vapor cloud has been found to be equivalent to 4070 kg
of TNT. Following plot shows the relation between overpressure and distance. It is
obvious that as the distance from epicenter of explosion increases overpressure decreases
and time for shock wave to reach the target increases.

800

700

600

500

400 Distance
300

200

100 -

0
C3~ c~ 01 'I N", h ~L ~3 R 1 ~o ee

Overpressure(psig)

Fig 5.11 Distance vs Overpressure

It can be seen from the consequence analysis that the Gaussian models tend to be
conservative when modeling for dispersion of dense gases. An alternate calculation done
using Britter-McQuaid model for explosive concentrations (Since VCM is more of an
explosion hazard than toxic where it produces usually chronic effects rather than acute)
gives a better picture.

Flammable releases are almost always denser that air and hence Gaussian models tend to
over predict the hazard zones. As the puff continues to mix Gaussian models will
eventually apply but then the chances of explosion are very much reduced. Hence it can

62
be seen that initially application of Gaussian models for dense releases are too
conservative.
Fatal Overpressure was taken according to the following (Lees, 1996):
• 1 psig : 1 % Fatal
• 5 psig : 50 % Fatal
• 10 psig : 95 %Fatal

Now considering the case where catastrophic rupture of the vessel is caused by
overpressure due to runaway reaction and using the following assumptions (CCPS,
1999):
No of fragments : 2
Fragment Fraction : 0.25

We get the following actual initial fragment velocity to be 20.94 m/s. For case where
fragment flies with surface area parallel to direction of travel for fragment the range
would be as shown in table below.

Table 5.10 Range for a 25 % fragment at various lift to drag ratios

Sr
no Lift to drag ratio Range
(m)
1 0.5 42.18
3 1 42.10
4 3 43.63
5 5 43.34
6 10 43.63
7 30 42.95
8 50 43.21
9 100 47.35

However it is often seen vessel ruptures at its weakest spot like joints, manholes, fittings,
etc. Therefore it may be possible that instead of a catastrophic rupture, the VCM may be
released either by manhole cover blowing away or failure at joints which may result n
smaller fractions.

r,i
Assuming that a small fragment mass of 10 kg and 100 kg may result from blowing of
manhole cover or partial reactor failure, we get the results as shown in Table 5.9

Table 5.9 Range for 10 kg and 100 kg fragments at various lift to drag ratios
Sr Range for 100 Kg Range for 10 Kg
no Lift to drag ratio fragment fragment
(m) (m)
1 0.5 45.26 93.01
3 1 48.11 310.30
4 3 48.17 944.25
5 5 48.68 1911.791
6 10 47.25 3077.33
7 30 48.89 6587.17
8 50 128.49 15823.36
9 100 111.30 17414.78

A software package called CHEMS-PLUS version 2, by Arthur d. Little, inc. released in

1991 was used with the same inputs. CHEMS-PLUS is a simplified consequence
modeling program for toxic, vapor, fire and explosion events. Using the same inputs
VCE modeling was done and the following results were obtained:
1. peak overpressure distance for 5 psig : 125 m
2. peak overpressure distance for 1.45 psig : 330 m

The results when checked against the actual values obtained from the company (name
undisclosed for obvious reasons) were found to be too conservative. From the company
data:
1. peak overpressure distance for 5 psig :105 m
2. peak overpressure distance for 1.45 psig : 220 m

These values closely match with those calculated using VCE models (CCPS, 1999).
The Britter-Mcquaid model uses a number of assumptions like flat terrain, no obstruction
and constant roughness and often is found unsuitable in cases of two-phase releases
(CCPS, 1999). Nowadays a number of advanced dense gas models are available such as
BREEZE, DEGADIS, HEDGAS, etc. which have eliminated the drawbacks of older
models and incorporate the use of sophisticated software's for extremely accurate and
quick results.

Risk Contour plots are showing individual risk are plotted as in fig 5.12. As VCM is not
acutely fatal the risk contour for toxic affects shows the affected area and not fatalities. A
value of 0.1 ppm (TLV=lppm) is taken as the lowest permissible exposure value, for
which using dense gas models the distance is 121.3 Km approx. It can be concluded that
any of the events considered are unlikely to have immediate offsite fatality consequences
except missile damage unless escalation leads to domino effects including other plants in
the vicinity which handle flammable and explosive materials like the naphtha cracker
plant which is about 700 m away and complete failure of the emergency plan including
failure of fire fighting measures. This is because the VCM clouds will no longer be
within explosive limits before they reach significant human population beyond the
industrial estate as seen from calculations. Also the overpressure effects will last well
within the site area itself. How ever since VCM is a known carcinogen, the health effects
have to be taken into consideration while formulation of emergency plan for any
eventuality.

Therefore presence of an emergency action plan along with a disaster management

program is extremely necessary. A well planned disaster management program exists in

the company. It helps establish & define roles of coordinators, plant key personnel and
other emergency response personnel. Detailed guidelines for effective response to any
emergency are provided. Workers are prevented from getting complacent by constant
mock drills. Constant internal and external audits are also held.

65
The emergency action plan for release of VCM from the reactor includes the following:
• Means of detection: LEL's , heat/flame detector's, patrolling personnel.

• Persons to be informed: Fire Dept., shift incharge, area operator, Plant H.O.D,
Security officer.

• Measures: Deluge valves start spraying water, shortstop immediately kills

reaction, all input valves close.
• Initial fire fighting measures: DV to be operated, recovery to be done of VCM, all
persons in downwind direction to be alarmed to move out of the area.
The fire dept has well trained personnel and state of art equipment to face any
consequence.

Societal risk is given by various methods most common of which are F-N and F-A
curves. The F-A cure for the VCM release is given in fig 5.13. Some other quantitative
results, which were also derived, are as follows:

• Average rate of Death : 0.009/yr

• Average Individual Risk : 3.9 x 10.6

• FAR: 0.044

Average Individual risk can be deceptive as it considers whole of population base within
facility which may be relatively unaffected by the event. All of these results are
indicative of risks related to one reactor only. A complex plant has to consider hundreds
of scenarios. (only two are considered here since main concern is the polymerization
reactor).
5.6 Summary of Results

1. Using Dow Index calculations it can be seen that plant lies in critical" hazard
classification with an index of 168.
2. The top event "Release of VCM into atmosphere from the reactor" has a
probability of 8.7 x 10-9/h.
3. Total 95 minimum cut sets are identified.
4. Only 4 of the cut sets are significant (order of magnitude within 10 2 of top event)
5. Using LOPA we can see that though the over all criteria is met, in some scenarios
its due to a combination of LPL's and non IPL's.
6. The range for 50 % fatal pressure of 5 psig is found to be 90 m.
7. Using CHEMS-PLUS ver 2. software for same input parameters the results in a 5
psig overpressure range of 125 m, 1.45 psig range of 330 m, and distance to reach
4 % LFL concentration of 40000 ppm to be 179 m.
8. The average rate of death is found to be 0.009/yr.
9. The average individual Risk is 3.9 x 10-6 /yr.
10. A FAR of 0.044 is calculated.
11. Overall the risk criterion is met by the plant as seen by FTA and subsequent
calculation of individual and societal risk

As we can see QRA is an extremely detailed and long drawn out process which cannot be
applied everywhere. LOPA can be used to significantly streamline and enhance the
efficiency of QRA. The author recommends a novel strategy to combine certain aspects
of QRA and LOPA which would enable considerable saving of time and resources in
many cases. Details of recommended strategy are given in the next chapter.
 O
O
O
O
O
O
O
~ T
T
N
0
o O
o O
o O
Cl
o O
R
(
O

O
O
O
O
O
O r
0
0
0
0
0
co
co
O
O
O
T 0

0
00
a
o

0 C
0 0
N

O
O
r

0
o r
O
C

r T r r r

O O O O
O O O O O
O
O

Sauanba.i3
 CHAPTER 6

LOPA STREAMLINED
FTA FOR
EFFICIENT QRA
CHAPTER 6
LOPA STREAMLINED FTA FOR EFFICIENT QRA

QRA is a combination of steps which is used in the analysis of various risks and hazards.
The outputs from such an analysis may take the form of frequency versus magnitude,
graphs and contours of constant risk or overall average rates of death or injury. The
applications of the technique include layout studies, comparison of alternative designs,
ordering priorities for remedial action and setting insurance rates.

Criticisms of the method include inaccuracy (mainly in the probabilities);

incompleteness, difficulty of checking final results, inadequate criteria for evaluating the
results, and complexity and laboriousness of the method (Epstien and Rauzy, 2005;
Apostolakis, 2004). QRA is extremely time consuming, tedious and includes techniques
like HAZOP, FTA, ETA, etc.

Many simplifications have been attempted of late, These include the LOPA, ORA, etc.
All these simplified techniques have one thing in common i.e. they take significantly less
time and resources than a comprehensive QRA. However there is always a possibility
that something important might get overlooked. Therefore these simplified techniques are
used only when stakes are not too high. For extremely critical decisions a comprehensive
QRA is still required.

But how does one decide which decision is critical. How does one streamline priorities
for risk assessment? It is proposed that LOPA be used simultaneously while conducting
a QRA as it will be an effective way of prioritizing risks. LOPA can be used in
conjunction with tree techniques to significantly streamline the risk assessment

Though an extra step is introduced it may well be worth it since it will lead to a better
picture of risks, lower the chances of oversight and also prevent wastage of resources and

70
time used for quantitatively analyzing some scenarios which may otherwise be low
priority.
The basic modules of the proposed risk assessment methodology are thus:
1. Qualitative studies
2. LOPA to prioritize risks
3. Quantitative analysis
4. Risk assessment

Thus LOPA is included as an extra step before quantitative analysis. The LOPA equation
based on probability of failure on demand (PFD) for a given scenario takes the following
form:

Frequency consequence = Frequency Cause X PFD safeguard(1) X PFD safeguard(2) X ... PFD

safeguard(N) (6.1)

One limitation is that the failure rate data required for a LOPA are generally available
only for component failure and human error, although many failures are compound
events that consist of combinations of these basic failures. Another limitation is that the
safeguards must be independent of each other and of the initiating event for the LOPA
to accurately evaluate the failure frequency.

Interdependence may be apparent, such as failure of a shared component. At other times,

the shared dependency may be less obvious, and common-cause failure could result from
conditions such as loss of installment air. a process upset, or even from Hawed
maintenance practices.

Fault tree analysis (FTA) can be used when the above limitations restrict the applicability
of a LOPA. Unlike LOPA, FTA can evaluate interdependent and compound failure
events. FTA provides an additional benefit by producing a failure step chart that visually
assists the analyst in identifying the strengths and weaknesses of the entire system.

71
Although FTA is a more robust technique than LOPA, it also has its limitations. Whereas
LOPA is intuitive and can be quickly learned unlike specialized methodology requiring
significant training and often specialized and expensive software. It also takes
considerably more time to develop a fault tree than it does to complete a LOPA. Because
both LOPA and FTA have their strengths and weaknesses, it is often advantageous to
combine the analytical strength of an FTA with the speed and simplicity of a LOPA to
give a relatively quick, yet meaningful analysis (Rothschild, 2005).

Thus the two can be used simultaneously often aiding each other or with LOPA being
used to streamline failure scenarios as the situation requires. In the present case study it
can be seen that after LOPA out of eight likely hazardous scenarios two were found to be
exceeding the acceptable risk criteria. These scenarios can be concentrated upon during
quantitative studies. Also while conducting fault tree analysis some of the possibilities
can be reduced. However this should be done when one is confident about LOPA results.

Thus the suggested methodology would have following steps:

1. Define the scope and start with a preliminary qualitative study
2. Take a top event and initiate Fault Tree development
3. As one moves down the fault tree stop where the scenarios are sufficiently
developed so that they can be checked by LOPA
4. If risk targets are found satisfied using LOPA further development is not
necessary and time that would have been spent on development of that branch is
saved.
5. If risk targets are not met satisfactorily the tree can be further developed

A reduced Fault tree using LOPA would look like figure on Plate III. Though it does not
show all the failures shown in original Fault tree it significantly reduces the time required
for risk assessment. Therefore we would not get an intimate understanding of faults
possible as we get through FTA but we would be able to know if risk targets have been
achieved or not. This back draw means the methodology would be primarily useful only
for less complex systems and where time and resources are short

72
 0

a.

0 o z

N N
g
a. 1
\

yaw a

r~ I

~ H
3 ~
c~3
a y ^
y8w ~ w

lV

.Ew
 CHAPTER 7

CONCL USION
CHAPTER 7
CONCLUSION

From the work carried out the following conclusions can be derived:
1. Risk assessment is simply a way to organize and use scientific information to
support decisions.
2. Risk for CPI can never be zero.
3. In the present case study the risk assessment of polymerization shows that the unit
is operating within the risk targets. The top event "Release of VCM into
atmosphere from the reactor" has a probability of 8.7 x 10-9/h. Total 95 minimum
cut sets are identified of which only 4 of the cut sets are significant (order of
magnitude within 10-2 of top event).
4. The range for 50 % fatal pressure of 5 psig is found to be 90 m.
5. The results point to a fatality rate (0.009) and injury rate (0.09) which are, well
within industry average and also individual and societal risks to be within
acceptable limits.
6. Using LOPA we can see that though the over all criteria is met, in some scenarios
its due to a combination of IPL's and non IPL's.
7. It should however be kept in mind that the results portray risks by a single unit i.e.
the polymerization reactor and not the whole plant. For complete risk
representation hundreds of such scenarios would be analyzed through out the 17
plants present on the site. The PVC plant itself would have 5 Major scenarios
namely VCM release from reactor (analyzed as case study), VCM release from
storage header, ATSC spillage from storage, pipeline leaks, bagging area dust
explosion possibility. Similar views have been expressed in a report on risk
assessment of the plant by a Dutch consultant firm.
8. The hybrid technique suggested reduces the time spent on fault tree analysis and
hence the overall QRA by reducing the number of minimum cut sets from 95 to
22 without affecting the significant cut sets.

73
Based on conclusions following points are recommended:

1. More work in needed in development of hybrid techniques which integrate the

advantages of each other and eliminate the drawbacks similar to the one suggested
in this work. It is required to integrate the use of multi-criteria decision making
(MCDM) techniques for making critical decisions (Basnyat & Chozos, 2006).

2. CPI should be encouraged to maintain a failure and accident database and publish
the results from time to time which would aid in research and hence make risk
studies industrially relevant. Formation and analysis of databases will continue to
be heavily influenced by interactive systems based on computers

3. It is important to integrate the use of computers and artificial intelligence (Al)

into risk analysis and assessment to make techniques quicker and more accurate.
Given the enormous amounts of time, effort and money' involved in performing
the QRA as, there exists considerable incentive for automating the process
hazards analysis of chemical process plants.

4. Expert knowledge based systems integrating the techniques with reliable

computer software's should be at forefront of research and implementation of
process safety programs and of process risk identification, analysis and
assessment.

5. All work on risk assessment in CPI should keep in mind the role of human
workers and focus on man machine interactions as most of the errors are found to
originate there (Caccibue, 2000).

74
REFERENCES
 REFERENCES

1. Apostolakis, G. E. (2004). How Useful Is Quantitative Risk Assessment. Risk

Analysis, 24, 515 -525.

2. Arendt, J.S. (1990). Using Quantitative Risk Assessment in the Chemical Process
Industry. Reliability Engineering and System Safety, 29, 133-149.

3. Aven, T., & Kristensen, V. (2005). Perspectives on risk: review and discussion of
the basis for establishing a unified and holistic approach. Reliability Engineering
and System Safety ,90, 1-14.

4. Bernstien, P,L. (1996). Against the Odds; The Remarkable Story of Risk. John
Wiley & Sons

5. Cacciabue, P.C. (2000). Human Factors On Risks Analysis Of Complex Systems.

Journal of Hazardous Materials,71,101-116 .

6. Cave, L. (1974). Risk Assessment Methods for Vapour-Cloud Explosions.

Progress in. Energy and Combust Science,6, 167-176.

7. Center for Chemical Process Safety (CCPS).(1992). Guidelines for Hazard

Evaluation Procedures, Second Edition with Worked Examples; Publication G18;
AIChE, New York.

8. Center for Chemical Process Safety (CCPS).(1999). Guidelines for Consequence

Analysis of Chemical Releases, Wiley-AIChE.

9. Center for Chemical Process Safety (CCPS). (2001). Layer of Protection

Analysis: Simplified Process Risk Assessment. Concept Book, AIChE,New York

10. Cornell, E. P. (1987). Probabilistic Risk Analysis and Safety Regulation In The

Chemical Industry. Journal of Hazardous Materials, 15, 97-122.

75
11. Crow! D, & Louvar J. (1999) Chemical process safety fundamentals with
applications. Prentice Hall.

12. Demichela, M., Pellegrin., R., & Piccinini,N. (2003). Productivity improvement
of a BDK process plant via QRA techniques. Journal of Loss Prevention in the
Process Industries , 16,381-387.

13. Demichela, M. (2004). Risk analysis as a basis for safety management system.
Journal of Loss Prevention in the Process Industries, 17,179-185.

14. http://dgfasli.nic.in/

15. American Institute of Chemical Engineers. (1994). Dow's Fire & Explosion Index
Hazard Classification Guide. (5`h ed.). Wiley-AIChE.

16. Early, W.F. (2006). Database management systems for process safety. Journal of
Hazardous Materials, 130 ,53-57.

17. Epstein, S., & Rauzy, A. (2005). Can We Trust PRA", Reliability Engineering
and System Safety, 88,195-205.

18. Gibson, S.B, (1976). The Use Of Quantitative Risk Criteria In Hazard Analysis.

Journal of Occupational Accidents. 1,85-94.

19. Gowland, R. (2006). The accidental risk assessment methodology for industries

(ARAMIS)/layer of protection analysis (LOPA) methodology: A step forward

towards convergent practices in risk assessment?. Journal of Hazardous Materials
,130, 307-310.

20. Gruhn, P. (1991). The Pros and Cons of Qualitative & Quantitative Analysis of
Safety Systems. In ISA Transactions,30, 79-80.

21. Gupta, J.P., Khemani, G., & Mannan M.S. (2003). Calculation of Fire and

Explosion Index (F&EI) value for the Dow Guide taking credit for the loss

76
 control measures. Journal of Loss Prevention in the Process Industries, 16( 4),

235-241.

22. Hirschberg, S., et al. (1990). SUPER-NET, A Multi-Purpose Tool for Reliability
and Risk Assessment. Reliability Engineering and System Safety, 30, 271-291.

23. http://www.leeds.ac.uk/rps/riskassess/matrix.htm.

24. Kao, C., & Kwan-Hua H. (2002). Acrylic reactor runaway and explosion accident
analysis. Journal of Loss Prevention in the Process Industries, 15, 213-222.

25. Kaplan, S, & Garrick, B.J. (1981). On The Quantitative Definition of Risk. Risk
Analysis, 1, 1-27.

26. Kasperson, R.E. (1992). The social amplification of risk: progress in developing
an integrative framework. Social theories of risk,153-78.

27. Khan, F.I, & Abbasi S.I. (2001). Risk analysis of a typical chemical industry
using ORA procedure. Journal of Loss Prevention in the Process Industries, 14,

43-59.

28. Khan, F.I., & Abbasi, S.A. (1999). HAZDIG: a new software package for
assessing the risks of accidental. release . of toxic chemicals. Journal of Loss
Prevention in the Process Industries, 12, 167-181.

29. Khan, F.I., & Abbasi, S.A. (1999). TORAP—a new tool for conducting rapid risk
assessment in petroleum refineries and petrochemical industries. Journal of Loss

Prevention in the Process Industries ,12,, 299-313 .

30. Kharbanda, O.M., & Stallworthy E.A. (1989). Planning for Emergencies-Lessons
From the Chemical Industry. Long Range Planning, 22, 83-89.

31. Kirchsteiger, C. (1999). On the use of probabilistic and deterministic methods in

risk analysis. Journal of Loss Prevention in the Process Industries,12, 399-419.
32. Kirchsteiger, C. (2004). Technical communication on status in developing a
compass for risk assessment, Safety Science, 42,159-165.

33. Last, J.M. (1995). A dictionary of epidemiology. (3rd ed.). New York: Oxford
University Press.

34. Lave, F.B. (1990). Risk Analysis and Management. The Science of the Total
Environment, 99, 235-242.

35. Lees, F.P. (1996). Loss Prevention in The Process Industries, Volume 1.
Butterworth & Co. Ltd.

36. Lipton, J., & Gillett, J.W. (1992). Uncertainty in Risk Assessment: Excedence
Frequencies, Acceptable Risk, and Risk-Based Decision Making. Regulatory
Toxicology And Pharmacology ,15, 51-61.

37. Mark, H.F., Bikales N., Overberger, C.G., Menges, G, & Kroschwitz, J.I. (1998).
Encyclopedia of Polymer Science and Engineering. Volume 14, Radiopaque
Polymers to Safety. (2°d Ed). Wiley.

38. Markowski, A.S. (2007). exLOPA for explosion risks assessment. Journal of
Hazardous Materials, Article in Press.

39. McCoy, M. (2006). Facts & Figures of the Chemical Industry. Chemical &
Engineering News, 84(29), 35-72.

40. Meel, A., Neill, L.,M., Levin J.,H., & Sieder,W.,D. (2007). Operational risk
assessment of chemical industries by exploiting accident databases. Journal of
Loss Prevention in the Process Industries 20 ,13-127.

41. Moosemiller, M. (2006). Avoiding pitfalls in assembling an equipment failure

rate database for risk assessments. Journal of Hazardous Materials, 130, 128-132.

42. Raafat H.M.N., & Abdouni, A.H. (1987). Development of an expert system for
human reliability analysis. Journal of Occupational Accidents,9, 137-152.

78
 43. Redmill, F. (1998). IEC 61508-principles and use in the management of safety,
.Computing & Control Engineering Journal. 6,13-22.

44. Renn, 0., & Klinke, A. (2002). A New approach to risk evaluation and
management: risk-based precaution-based and discourse-based strategies. Risk
Analysis,22, 1071-94.

45. Slovic, P. (1987). Perception of risk. Safety Science. 23(6), 280-285.

46. Summers, A.E. (2002). Introduction to Layer of Protection Analysis. In Mary

Kay O'Conner Process Safety Center Symposium, Texas A&M University.

47. Sutton, I.S. (1990). The Use of PC-Based Risk Management Software in the
Process Industries. Reliability Engineering and System Safety, 30, 467-475.

48. Tweedale, H.M. (2005). Balancing Quantitative and Non-Quantitative Risk

- Assessment. Institute of Chemical Engineers, 70-76.

49. USAEC. (1974). Reactor safety study; An Assessment of Accident Risks in U.S.
Commercial Nuclear Power Plants, Draft, Wash-1400.

50. Wang, J., & Moddarres, M. (1990). REX: An Intelligent Decision and Analysis
Aid for Reliability and Risk Studies. Reliability Engineering and System Safety
,30, 195- 218.

51. Wang, J., Modarres, M., & Hunt, R. N. H. (1988). Probabilistic risk assessment: a
Look at the Role of Artifical Intelligence. Nuclear. Engineering design, 106,
375-87.

52. www.epa.gov/iris/gloss8.htm.

53. www.qwestconsult.com.

54. Ziegler, A. (1992). Chemical risk assessment - A tool for disaster Prevention.
Journal of Hazardous Materials, 31, 233-239.

79
APPENDIX
 0
-5

'H
IL

1 •' , 2

ji

V~ IL

z
 ~ c

~a r
' "

r '

41C9 ro

i r _o Q

r • ~r ,~.,

/'

_• •

t } W

•
I •
~ • C N

I, s

1 •Y P Q
 4-4

~ o

zo
ate, vn Uo

z
a a

z w a~
a
00
I — z z
A
W
z z z
W~ M z z z
N
Fil 00
R
U 7 O
C., C 00
O
CA w ~
-, z z z

~. N
N
z
d v
z
~ A d

•N ~+ V~~ d , C N
a~ ~•oV

O
O
z m — d.

Q N Pr •
~R I Qi M Gr
a ~0 ~N x~ ~, 0
► '~'-'O
A
z o 4 o
.
C)

za z
 N 0
O

pG

O rID
o 0 o y
rID
~ •3

o ~^ Q

7R

06

°`
Of
4
v •~ O vi
o 0
CID

o «Lj
~
x.~
N
z
O II bA n

t.
oo a
„ IVt gU
av N Z
~ w

o V cri Z

z
CID

riD.
~ o w ¢ 0
APPENDIX III
DOW's FIRE AND EXPLOSION INDEX

Plant: PVC Plant Process Unit: Polymerization Evaluated By: Reviewed by:
reactor Mr. Atul Walia
Materials : 24000 tons of VCM, water, catalyst mixture
Material Factor : 21
Base Factor: 1
General Process Hazards (GPH) Penalty Base Penalty Used
1. Exothermic reaction 0.3-1.25 0.75
2. Endothermic reaction 0.2-0.4 N
3. Material Handling and Transfer 0.25-1.05 0.6
4. Indoor Process unit 0.25-0.90 N
5. Access 0.20-0.35 0.2
6. Drainage 0.25-0.5 0.25

General Process Hazards Factor (GPHF) 2.8

Special Process Hazards (SPH) Penalty Base Penalty Used
1. Toxic materials (Nh=2) 0.2-0.8 0.4 (0.2 x Nh)
2. Sub atmospheric pressure 0.5 N
3. Operation near flammable range
0.3
Nf=4
4. Relief explosion
N
5. Relief set pressure of 16.6 kg/cm2 0.31
6. Quantity of flammable material: 0.2
24000 tons; Heat of combustion =
1.6 MJ/kg
0.1
7. Corrosion 0.10-0.75
0.1
8. Leakage N
9. Fired heaters N N
10. Hot oil exchange N N
11. rotating equipment 0.2-0.6
0.5
Special Process Hazards Factor (GPHF) 2.9
Unti Hazard Factor 8.15
• Dow fire and Explosion index = GPHF x SPHF x MF = 171 (168)*
* maximum possible Dow fire and Explosion Index is 168

Loss Control Credit Factors

Process control Cl
Emergency power: 0.98 Cooling system: 0.98
Explosion control: 0.96 Emergency Shutdown: 0.97
Computer control:0.96

Cl = 0.86

Material isolation C2
Remote controlled valves: 0.97 Dump Valve: 0.97
Drainage: 0.97 Interlocks: 0.98

C2 = 0.89

Fire protection C3
Leak Detectors: 0.96 Sprinkler system: 0.98
Water Supply: 0.96 Hand Extinguishers: 0.96
Foam: 0.95

C3 = 0.78

Credit Factor: 0.8 x 0.89 x 0.78 = 0.60

Radius of Exposure: 0.84 x FEU3.028 = 46.6 m
Area of Exposure: 6823 m2
Base Maximum Probable Property Damage (MPPD):
Loss control Credit Factor: 0.60
Actual MPPD:
 ~:z z

•Q °Q o
it 'b p
Q
0 3 0
a) .ti

0 v o a ° a c wm

~ one a
R

o.
U3?~°

°n c uw

0 0 Co

oz
o4
a.)
 0

z z z 0
0

o
v o ~
• 'tj M a o b
„ 2 u 'c
dD
~"
a~ ate)
> w - M ate
) C b
~' ~+c0+ > oA " v, a> •
O

a p o o E
o
zo x x ~. -c

ID CID

o > o .~~

U o dj
oa man
LID

Cr o
LID

a a
A > o on

o
z.
 °
''pp.0 > .b ~3
" ^~ 'a"
0 b
o o U s a
a)
n~ -a~ ao
o 0c
p a)
o

x n Q° °° o- o Q° °

•
a) Cl) .° -
0 o ea a U U
N c~ O O b O .O
CC v~ 'i > m m y p
p w . cC

00
b y) p N E
' p
o
U co
d
U °
U ~p
U
w x U .S.' - U 0
W a U ►
~1"i o U U L ✓
> U,
x x +~

a)

o 3 c a
lj

°~ ° ~~ ~~ ~i °~, o e•
U o ic, o 3 a `n o a)

0
.4 UL)

0
z
0
CO
rw
A x o
0

z o °a °
 b ti a ao (u °
— 0
C
E? a)
a
° `"° z z z
0

a) ao
0 ° p 0 0
~. .~ --
y) y .b w

. ago
U c.)

O N pp N a)

p, o ,a o
• • • • • • U cL > U v°
an ~
is 0 U
c~ O w w
y N 04-: a
O O
s~y

u z z

°n °
•

ti p cc1
r p a3 ~; > o
o o ~ 3 ~ cl
o a~i 0 a
CID •

a
rn o o°

p o C
• w C

U
z&
 b o a~i o 4° `~ >'
a)
o o U o
o, p a

oo 0
VD O

' Lf 'd U U '~

E
v o 3 m ~ -d

UU ai > .
U 3Q U

bU O
..0 O
w Oo O j
> i
vi b cNC
. - ~ .0
O O
z
- 4-
• •
o ~P4
o
m U U

°
o a E,

0
o z00 °d'
a.)

a)
3 ~
 a)

0 0
zs > •

z0 z0 z0
ao~

U ~

a)'fan o $

o
o c G° o.o oV b
a 0
emu' ID °. as U o aU o

a)
'I N ¢ N N N

W ~r O C 0

CID a "
Q) a
s c n ~~
V
x fw -
ow Z

a) y
ID

•c~ a'- Fes

~-' H
a)
a
A a x a

z
APPENDIX V
BASIC EVENT PROBABILITIES AND MCS

Frequency Probability of some common basic events

Sr.
Basic Events 1Frequency/h
No.
1 Gasket Failure 5 x 10-8
2 Relief valve blockage 2 x 10-6
3 Relief valve choking 0.5 x 10-6
4 Gearbox failure 1.65 x 10-5
5 Power failure 0.01
7 Pump failure 10- — 10-3
8 Controller 2 x 10
9 Controller valve 8 x 10--
10 Temperature measurement (Thermocouple) 2 x 10 6
11 Pressure measurement 1.94 x 10
12 Level measurement 9.58 x 10

A 10 % credit is taken for good maintenance program.

The fault tree was solved and a A total of 95 minimum cut sets were identified. These
minimum cut sets are those events which when enabled will result in the top event no
mater what. Thus if any of the set of event occurs the top event will definitely occur. The
minimum cut sets along with calculated order of magnitude of the frequency of each cut
set are listed in this section.

92
Minimum Cut Sets
Sr Cut Sets Order of Frequency
1 Y 10
2 G7U 10
3 G7V 10"
4 G6ST 10
ir wx
- 1012

6 ABJDEG5ZA'B'C' 10"
7 ABJFG G5ZA'B'C' 10
8 ABJFH G5ZA' B' C' i0 19
9 ABJFI G5ZA'B'C' 10-
10 CJDE G5ZA'B'C' 10
11 CJFG G5ZA'B'C' 10-
12 CJFH G5ZA'B'C' 10
13 CJFI G5ZA'B'C' 10
14 H'G"R'G' G5ZA'B'C' 10-
15 G"R" G5ZA'B'C' 10-
16 S'T'G" G5ZA'B'C' 1ff15

17 KLH G5ZA' B' C' 10"

18 MH G5ZA'B'C' 10
19 NH G5ZA'B'C' 10
20 OH G5ZA'B'C' 1ff19

PQH G5ZA' B' C' 10"

22 RH G5ZA'B'C' 10
23 KLG8 G5ZA'B'C' if 19
24 MG8 G5ZA'B'C' 10"
25 NG8 G5ZA'B'C' 10"
26 PQG8 GSZA'B'C' i06

27 RG8 G5ZA'B'C' 10

93
Sr Cut Sets Order of Frequency
28 OG8 G5ZA'B'C' 10"
29 ABJDE G5ZA'B'H 10
30 ABJFG GSZA'B'H 10"
31 ABJFH G5ZA'B'H 10
32 ABJFI G5ZA'B'H 10
33 CJDE G5ZA'B'H 10
34 CJFG G5ZA'B'H 10"
35 CJFH G5ZA'B'H 10"
36 CJFI G5ZA'B'H 10
37 H'G"R'G' G5ZA'B'H 10 18
38 G"R` G5ZA'B'H 10
39 S'T'G" G5ZA'B'H 10
40 KLH G5ZA' B' H 10
41 MH G5ZA'B'H 10
42 NH G5ZA'B'H 10
43 OH G5ZA'B'H 10
44 PQH G5ZA'B'H 10
45 RH G5ZA'B'H 10
46 KLG8 G5ZA' B' H 10"
47 MG8 G5ZA'B'H 10
48 NG8 G5ZA'B'H 10
49 OG8 G5ZA'B'H 10
50 PQG8 G5ZA'B'H 10
51 RG8 G5ZA'B'H 10-
Sr Cut Sets Frequency
52 ABJFG E'ZA'B'H i0 19
53 ABJFH E'ZA'B'H 10
54 ABJFI E'ZA'B'H 10
55 CJDE E'ZA'B'H 10
56 CJFG E' ZA' B' H 10
57 CJFH E' ZA' B'H 10
58 CJFI E'ZA'B'H 10"
59 H'G"R'G' E'ZA'B'H 10"
60 G"R" E'ZA'B'H 10"
61 S'T'G" E'ZA'B'H 10"
62 KLH E' ZA' B' H 10
63 MH E'ZA'B'H 1018
64 NH E'ZA' B' H 10"
65 OH E'ZA'B'H 10
66 PQH E' ZA' B' H 1019

67 RH E' ZA' B' H 10

68 KLG8 E'ZA'B'H 10 19
69 MG8 E'ZA'B'H 10"
70 NG8 E' ZA' B' H 10
71 OG8 E'ZA'B'H 10
72 PQG8 E'ZA'B'H 10"
73 RG8 E'ZA'B'H 1012

95
Sr Cut Sets Order of Frequency
74 ABJFG E' ZA' B' C' 10
75 ABJFH E'ZA'B'C' 10
76 ABJFI E'ZA'B'C' 10
77 CJDE E'ZA'B'C' 1019

78 CJFG E'ZA'B'C' 10
79 CJFH E'ZA'B'C' iOd9

80 CJFI E' ZA' B' C' 10"

81 H' G"R' G' E'ZA'B'C' 10
82 G"R" E'ZA'B'C' 10
83 S'T'G" E'ZA'B'C' 10
84 KLH E' ZA' B' C' 10
85 MH E'ZA'B'C' 10
86 NH E'ZA'B'C' 10
87 OH E'ZA'B'C' 1019

88 PQH E' ZA' B' C' 10

89 RH E'ZA'B'C' 10
90 KLG8 E' ZA' B' C' i0 9
91 MG8 E'ZA'B'C' 10
92 NG8 E'ZA'B'C' 1019

92 OG8 E'ZA'B'C' 10
93 PQG8 E'ZA'B'C' 10
95 RG8 E'ZA'B'C' 10
APPENDIX VI
LOPA SHEETS

LOPA Sheet III

Scenario Agitation Failure

Date: Description Probability of Frequency

Failure
Consequence Runaway Reaction with potential for
overpressure, Leakage, Rupture, injuries and
fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating Motor drive failure 10
Event/Events
Condition for Reactor in condition where runaway 0.5
Event possible
Frequency of 5 x 10"
Unmitigated
Consequence
IPL's

Pressure Relieve pressure in case of temperature 1 x 10

Relief System runaway include pressure relief valves,
rupture discs, dump valves
SIF/Interlocks Opens emergency vents/Valves/Alarms 1x10

Non IPL Operator intervention

Safeguards Emergency shortstop
Emergency Cooling water System
Total PFD for IPL 1 x 10

Frequency of Consequence 5 x iO 7

Risk Criteria met: Yes/No Yes

Action to be taken/Notes: None

97
LOPA Sheet IV

Scenario Excess Charge of VCM

Date: Description Probability of Frequency

Failure
Consequence Runaway Reaction with potential for
overpressure, Leakage, Rupture, injuries and
fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating BPCS Failure 101
Event
Condition for Reactor in condition where runaway 0.5
Event possible
Frequency of 5 x 10"
Unmitigated
Consequence
IPL's

Pressure Relieve pressure in case of temperature 1 x 10 2

Relief System runaway include pressure relief valves,
rupture discs, dump valves
SIF/Interlocks Opens emergency vents 1 x 10

Non JPL Operator intervention

Safeguards

Total PFD 1 x i0 5

Frequency of Consequence 5 x 10

Risk Criteria met: Yes/No Yes

Action to be taken/Notes: None

LOPA Sheet V

Scenario Hydrofull condition

Date: Description Probability of Frequency

Failure
Consequence Potential for overpressure, Leakage,
Rupture, injuries and fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating BPCS failure 10'
Event
Condition for Reactor in condition where runaway 0.5
Event possible
Frequency of 5 x 10"
Unmitigated
Consequence
IPL's

Pressure Relieve pressure in case of temperature 1 x 102

Relief System runaway include pressure relief valves,
rupture discs, dump valves
SIF/Interlocks Opens emergency vents 1 x 10"

Non IPL Operator intervention

Safeguards
Total PFD I x 0 6

Frequency of Consequence 5 x 10"

Risk Criteria met: Yes/No Yes

Action to be taken/Notes: None

LOPA Sheet VI

Scenario Leakage due to mechanical seal failure

Date: Description Probability of Frequency

Failure
Consequence Leakage of VCM with possible
injuries/fatalities, potential for fire and
explosion
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating Seal Failure 0.53
Event
Condition for Reactor in condition where runaway 0.5
Event possible
Frequency of 2.65 x 10
Unmitigated
Consequence
IPL's

Control Alarms 10
System
SIF/Interlocks Alarm/operator kills reaction 10

Non IPL Operator intervention

Safeguards Fire fighting equipment
Total PFD 1 x 10

Frequency of Consequence 2.65 x 10

Risk Criteria met: Yes/No No

Action to be taken/Notes: Regular maintenance and checking of non IPL's like fire fighting equipment

100
 topA Sheet VII

Scena
o
Injection water failure

Description Probability of Frequency

Failure
Runaway Reaction with potential for
overpressure, Leakage, Rupture, injuries and
RISk - fatalities
Tolera%ce Unacceptable Limit Policy/Regulations
Assume I x 10'6

Pumping failure due to electric failure 10-1

Eveat

_vent `ion for Reactor in condition where runaway 0.5

possible
U e9uency of
r~ Ntigated
5x10"

Reaction killed 10'

ure Relieve pressure.- in case of temperature I x 10-

Relief System runaway include pressure relief valves,
pp re discs, dump valves
slp 'Interlocks Alarm for operator to kill reaction I x 10"

Nan IPL Operator intervention

Safeguards
Total PFD 1x10"

'requency of Cc >nsequence 5 x l0

Risk Criteria me t: Yes/No Yes

Action to be tak e n/Notes; None

101
LOPA Sheet VIII

Scenario Injection water failure

Date: Description Probability of Frequency

Failure

Consequence Runaway Reaction with potential for

overpressure, Leakage, Rupture, injuries and
fatalities
Risk Unacceptable Limit Policy/Regulations
Tolerance Assume 1 x 10-6
Criteria
Initiating BPCS Failure
Event
Condition for Reactor in condition where runaway 0.5
Event possible
Frequency of 5 x 10
Unmitigated
Consequence
IPL's

Pressure Relieve pressure in case of temperature 1 x 10 "2

Relief System runaway include pressure relief valves,
rupture discs, dump valves
SIF/Interlocks Alarm for operator to kill reaction 10-

Non IPL Operator intervention

Safeguards
Total PFD 1 x 10

Frequency of Consequence 5 x 10

Risk Criteria met: Yes/No Yes

Action to be taken/Notes: None

102
APPENDIX VII
CONSEQUENCE CATEGORIZATION FOR LOPA

Category 1/2
Personal Minor or no injury or lost time
Community No injury or hazard to public
Environment Recordable event without violating any permit
Facility Minimal equipment damage with estimated cost
below $ 100,000 and no loss of production
Category 3
Personal Slight injury with possible lost time
Community Little annoyance with possible public complaint
Environment Permit violation
Facility Equipment damage greater than $ 100,000 and
minimal production time lost
Category 4
Personal One or more severe injuries
Community One or more minor injures
Environment Significant release and offsite impact
Facility Major damage with loss up to $ 1,000,000
Category 5
Personal Fatality or permanent disabling injury
Community Severe injuries or fatalities
Environment Significant release and offsite impact with long
term effects
Facility Severe or total destruction with damage above $
10,000,000

103
 a)
CdD

C °
U
U

~ U N
-n C N
r' s a

i
c.e G O
U 4-
C o

E
C .,-

~ o ''
o C a

O V O
`D
V - O
4J
U

O M
a
4.4 N

a)
o
4
y N A. v
I
04
° -
G~
N Cl 4-
C x cn ¢ o
O
° M
N O
4-4
U
`d U
O C y~

N ti -4 ¢ N GY t%1 NN

4o ° v

O cy
N U O
0
C '}

O O vi
i O p (ID 44
.
a'

— N
 E

C
U
O

O ~

6)

p C O
c~
q O

U by

U ~

U i O

w o o
(ID N U to
cs

' U 0
W-o o
O U -~' /D v 0 n
N çi. ue
p w O SC O s.
a ° a` bU .
C O
SC U
A~
D{ v~ O O
z DC

i
" M Vl
 c a) O a)
a

o
u~ C
su.e b 3 v
r a). U 3 a)
O C y cd +~
a) a) b

•° ° .

O a p p p v

°' Ln

U E N

a M a)
4-1
N
Cli
.ti N
V m 0 N
_M
V i > N
v O O
N vi 41

x ~ a
w
Cl.,
ct
a `- 3
o w 0 o 3 0 o
N x & Cd N -- C.) N ti G.

C C
it 0 b E
a) a) ca cl

A. a) - °? p
sue
-
O V cct . N

< O p .4 c~
d w
', '~
ca 0 3 '- -a o - -°
Q CL p V
2.1 Conclusions from the literature review

Following conclusions can be derived from the above literature survey:

• Risk is a subjective concept which varies with respect to the context.
• Guidelines for risk assessment are available from such sources as CCPS, British
HSE, SEVESO Directive, NUREG etc which provide a structure to be adopted for
risk assessment but leave choice of methods and steps to assessors.
• Risk assessment can be qualitative as well as quantitative. Quantitative methods
are being given more stress since they allow for a better comparison of risk levels
and reduce subjectivity in decision making process.
• Probabilistic risk assessment is perhaps the best methodology available at present
for application of low probability high impact systems like CPI.
• In actual industry a number of variations are applied and sometimes steps are
completed simultaneously done or given a miss according to need and resources
present The risk assessment methodology used by companies today is no longer
confined to the ideas and practices of one group or even one company. It is
reflective of the practice of many companies, as well as the ideas and expertise of
academia and government regulators.
• Cost benefit analysis is a crucial factor in risk assessment.
• A unified -approach taking into account different perspectives is difficult to
present though where common goals are present it can be tried.
• Intelligent systems hold the key to reduction in resource utilization and increasing
accuracy of risk analysis and hence risk assessment.
• The main problem in probabilistic risk assessment (PRA) is presence of
trustworthy data. QRA too has shortcomings and hence a balance of quantitative
and qualitative methods is necessary.
• There is no possibility of eliminating all hazards completely and the concept of
allowable risk as a perception is important.

26
 CHAPTER 4

DEFINITION OF
PROBLEM
0

M
M

tSt

nl

w1