Introduction To Inherently Safer Design: Prepared For Safety and Chemical Engineering Education (SACHE) by

Introduction to
Inherently Safer Design

Prepared for Safety and Chemical
Engineering Education (SACHE) by:
Dennis C. Hendershot
Rohm and Haas Company, retired
American Institute of Chemical Engineers, 2006 1

Introduction to Inherently Safer Design
What is inherently safer

design?
Inherent - existing in something as a
permanent and inseparable element...
Eliminate or minimize hazards rather
than control hazards
Safety based on physical and chemical
properties of the system, not add-on
safety devices and systems
Safer not Safe
2
Why Inherently Safer Design?

Flixborough, UK, 1974
Bhopal, India,
1984
3
Pasadena, TX, 1989
A subset of Green Engineering
Inherently
Safer
Design
Green Chemistry
and Engineering
4
History of inherently safer

design
Not really a new concept elimination of
hazards has a long history
Second half of 20th Century chemical
industry increased hazards from huge,
world scale petrochemical plants
Concern about cost and reliability of
traditional add on safety systems
Trevor Kletz ICI (1977) Is there a better
way?
Eliminate or dramatically reduce hazards
5
Hazard
An inherent physical or chemical
characteristic that has the potential for
causing harm to people, the environment, or
property (CCPS, 1992).
Hazards are intrinsic to a material, or its
conditions of use.
Examples
Phosgene - toxic by inhalation
Acetone - flammable
High pressure steam - potential energy due to
pressure, high temperature
6
To eliminate hazards:
Eliminatethe material
Change the material
Change the conditions of use
7
Chemical Process Safety

Strategies
Inherent
Passive
Active
Procedural
8
Inherent
Eliminate or reduce the hazard by changing
the process or materials which are non-
hazardous or less hazardous
Integral to the product, process, or plant -
cannot be easily defeated or changed without
fundamentally altering the process or plant
design
EXAMPLE
Substituting water for a flammable solvent (latex
paints compared to oil base paints)
9
Passive
Minimize hazard using process or
equipment design features which reduce
frequency or consequence without the
active functioning of any device
EXAMPLE
Containment dike around a hazardous
material storage tank
10
Active
Controls, safety interlocks, automatic shut
down systems
Multiple active elements
Sensor - detect hazardous condition
Logic device - decide what to do
Control element - implement action
Prevent incidents, or mitigate the
consequences of incidents
EXAMPLES
High level alarm in a tank shuts automatic feed
valve
A sprinkler system which extinguishes a fire 11
Procedural
Standard operating procedures, safety
rules and standard procedures,
emergency response procedures,
training
EXAMPLE
Confined space entry procedures
12
Human Reliability
Available Response Probability of
Time (minutes) incorrect diagnosis
single control room
1 event
10 ~1.0
20 0.5
30 0.1
60 0.01
0.001
Source: Swain, A.D., Handbook of Human Reliability Analysis, August 1983,
NUREG/CR-1278-F, U.S. Nuclear Regulatory Commission 13
Batch Chemical Reactor

Example
Hazard of concern runaway reaction
causing high temperature and pressure
and potential reactor rupture
Example Morton
International,
Paterson, NJ
runaway reaction in
1998, injured 9
people
14
Inherent
Develop chemistry which is not
exothermic, or mildly exothermic
Maximum adiabatic reactor temperature
< boiling point of all ingredients and onset
temperature of any decomposition or other
reactions, and no gaseous products are
generated by the reaction
The reaction does not generate any
pressure, either from confined gas products
or from boiling of the reactor contents
15
Inherent
VENT
REACTANT FEEDS
PI
COOLING
TI
16
Passive
Maximum adiabatic pressure for
reaction determined to be 150 psig
From vapor pressure of reactor contents or
generation of gaseous products
Run reaction in a 250 psig design
reactor
Hazard (pressure) still exists, but
passively contained by the pressure
vessel
17
Passive
VENT
REACTANT FEEDS
PRV
PI
TI
COOLING
18
Active
Maximum adiabatic pressure for 100%
reaction is 150 psig, reactor design pressure
is 50 psig
Gradually add limiting reactant with
temperature control to limit potential energy
from reaction
Use high temperature and pressure interlocks
to stop feed and apply emergency cooling
Provide emergency relief system
19
Active
RUPTURE DISK WITH DISCHARGE
VENT TO SAFE PLACE
REACTANT FEEDS
PA
H SAFETY SYSTEM
LOGIC ELEMENT
TA
H
COOLING
20
Procedural
Maximum adiabatic pressure for 100%
reaction is 150 psig, reactor design
pressure is 50 psig
Gradually add limiting reactant with
temperature control to limit potential
energy from reaction
Train operator to observe temperature,
stop feeds and apply cooling if
temperature exceeds critical operating
limit
21
Procedural
RUPTURE DISK WITH DISCHARGE
VENT TO SAFE PLACE
REACTANT FEEDS
PA
H
TA
H
COOLING
22
Which strategy should we

use?
Generally, in order of robustness and
reliability:
Inherent
Passive
Active
Procedural
But - there is a place and need for ALL
of these strategies in a complete safety
program
23
Layers of Protection
COMM UNITY EM ERGENCY REPSONSE
PLANT EM ERGENCY REPSONSE
PHYSICAL PROTECTION (DIKES)
PHYSICAL PROTECTION (RELIEF DEVICES)
AUTOMATIC ACTION SIS OR ESD
CRITICAL ALARMS, OPERATOR

SUPERVISION, AND MANUAL INTERVENTION
BASIC CONTROLS, PROCESS ALARMS,

AND OPERATOR SUPERVISION
PROCESS
DESIGN
I
LAH
1
24
Multiple Layers of Protection

Potential Incidents
25
Actual Risk
Degraded Layers of Protection

Potential Incidents
Degraded
Degraded
26
Higher Actual Risk
Inherently Safe Process

No additional layers of protection
needed
Probably not possible if you consider
ALL potential hazards
But, we can be Inherently Safer
PROCESS
DESIGN
I
LAH
1
27
Inherently Safer Process Risk

Potential Incidents
No Layers of Protection
Needed
Actual Risk 28
Managing multiple hazards Process Option No. 1

Toxicity Explosion Fire ..
COMMUNITY EMERGENCY REPSONSE
PLANT EMERGENCY REPSONSE
PHYSICAL PROTECTION (RELIEF DEVICES) AUTOMATIC ACTION SIS OR ESD
AUTOMATIC ACTION SIS OR ESD

PROCESS SUPERVISION, AND MANUAL INTERVENTION BASIC CONTROLS, PROCESS ALARMS,
DESIGN AND OPERATOR SUPERVISION
I BASIC CONTROLS, PROCESS ALARMS,
PROCESS
LAH
1 PROCESS DESIGN
DESIGN I
I
LAH
LAH
1 1
Hazard 2 Hazard 3 Hazard n

Hazard 1 - Passive, Passive, ????
Inherent Active, Active,
Procedures Procedures
29
Managing multiple hazards Process Option No. 2

Toxicity Explosion Fire ..
COMMUNITY EMERGENCY REPSONSE
PLANT EMERGENCY REPSONSE
AUTOMATIC ACTION SIS OR ESD PHYSICAL PROTECTION (RELIEF DEVICES)
CRITICAL ALARMS, OPERATOR AUTOMATIC ACTION SIS OR ESD

BASIC CONTROLS, PROCESS ALARMS, SUPERVISION, AND MANUAL INTERVENTION
BASIC CONTROLS, PROCESS ALARMS, PROCESS
AND OPERATOR SUPERVISION DESIGN
PROCESS I
DESIGN PROCESS
I DESIGN LAH
1
I
LAH
LAH
1 1
Hazard 3 Hazard 2 Hazard n

Passive, Passive, Hazard 1 - ????
Active, Active, Inherent
Procedures Procedures
30
Inherently Safer Design
Strategies
31
Inherently Safer Design Strategies
Minimize
Moderate
Substitute
Simplify
32
Minimize
Use small quantities of hazardous
substances or energy
Storage
Intermediate storage
Piping
Process equipment
Process Intensification
33
Benefits
Reduced consequence of incident
(explosion, fire, toxic material release)
Improved effectiveness and feasibility of
other protective systems for example:
Secondary containment
Reactor dump or quench systems
34
Opportunities for process

intensification in reactors
Understand what controls chemical
reaction to design equipment to
optimize the reaction
Heat removal
Mass transfer
Mixing
Between phases/across surfaces
Chemical equilibrium
Molecular processes
35
Generic Nitration Reaction

H2SO4
Organic substrate (X-H) + HNO3 Solvent
Nitrated Product (X-NO2) + H2O
Reaction is highly exothermic

Usually 2 liquid phases an
aqueous/acid phase and an
organic/solvent phase
36
Semi-batch nitration process

Catalyst (usually
sulfuric acid) feed
or pre-charge
Organic Substrate and Nitric acid gradual

solvents pre-charge addition
Batch Reactor
~6000 gallons
37
What controls the rate of this

reaction?
Mixing bringing reactants into contact
with each other
Mass transfer from acid/aqueous
phase (nitric acid) to organic phase
(organic substrate)
Heat removal
38
CSTR Nitration Process

Raw
Material
Feeds
Organic substrate
Catalyst
Nitric Acid
Reactor ~ 100 gallons

Product
39
Can you do this reaction in a

tubular reactor?
Raw
Cooled continuous
Material
mixer/reactor
Feeds
Organic substrate
Catalyst
Nitric Acid
40
Semi-Batch solution
polymerization
Solvent
Additives
Initial Monomer "Heel"
Monomer and
Initiator gradually
added to minimize
inventory of
Large (several
unreacted material
thousand gallons)
batch reactor
41
What controls this reaction

Contacting of monomer reactants and
polymerization initiators
Heat removal
Temperature control important for
molecular weight control
42
Tubular Reactor
Initiator Static mixer pipe reactor (several
inches diameter, several feet long,
cooling water jacket)
Monomer, solvent, additives
Product Storage Tank
43
Substitute
Replace a hazardous material with a less
hazardous alternative
Substitute a less hazardous reaction
chemistry
44
Substitute materials
Water based coatings and paints in
place of solvent based alternatives
Reduce fire hazard
Less toxic
Less odor
More environmentally friendly
Reduce hazards for end user and also for
the manufacturer
45
Substitute Reaction Chemistry

Acrylic Esters
Reppe Process
Ni(CO )4
CH CH + CO + ROH CH 2 = CHCO2 R
HCl
Acetylene - flammable, reactive
Carbon monoxide - toxic, flammable
Nickel carbonyl - toxic, environmental hazard
(heavy metals), carcinogenic
Anhydrous HCl - toxic, corrosive
Product - a monomer with reactivity
(polymerization) hazards
46
Alternate chemistry
Propylene Oxidation Process
3 Catalyst
CH 2 = CHCH 3 + O2 CH 2 = CHCO2 H + H 2 O
2
H+
CH 2 = CHCO2 H + ROH CH 2 = CHCO2 R + H 2 O
Inherently safe?
No, but inherently safer. Hazards are primarily
flammability, corrosivity from sulfuric acid
catalyst for the esterification step, small
amounts of acrolein as a transient
intermediate in the oxidation step, reactivity
hazard for the monomer product. 47
Moderate
Dilution
Refrigeration
Less severe processing conditions
48
Dilution
Aqueous ammonia instead of anhydrous
Aqueous HCl in place of anhydrous HCl
Sulfuric acid in place of oleum
Wet benzoyl peroxide in place of dry
Dynamite instead of nitroglycerine
49
Conc
Ce
28%
Aqueous
Ammonia
0
0 5
Effect of dilution
Distance, Miles
20,000
Concentration, mole ppm
(B) - Release Scenario:

Centerline Ammonia
2 inch transfer pipe failure
10,000 Anhydrous
Ammonia
28%
Aqueous
Ammonia
0
0 Distance, Miles 1
50
Impact of refrigeration
Monomethylamine Distance to
Storage ERPG-3 (500 ppm)
Temperature Concentration,
(C) km
10 1.9
3 1.1
-6 0.6
51
Less severe processing

conditions
Ammonia manufacture
1930s - pressures up to 600 bar
1950s - typically 300-350 bar
1980s - plants operating at pressures of 100-150
bar were being built
Result of understanding and improving the
process
Lower pressure plants are cheaper, more
efficient, as well as safer
52
Simplify
Eliminate unnecessary complexity to
reduce risk of human error
QUESTION ALL COMPLEXITY! Is it really
necessary?
53
Simplify - eliminate equipment

Reactive distillation methyl acetate
process (Eastman Chemical)
Which is simpler?
Acetic Acid
Methanol Methyl
Catalyst Acetate
Methyl
Acetate Acetic Acid
Reactor Methanol
Recovery Sulfuric
Solvent
Recovery Acid
Splitter
Extractive Methanol
Distillaton
Water
Reactor
Column
Decanter
Impurity
Removal
Extractor
Columns Heavies
Color
Column
Flash
Column
Water
Azeo
Column
Heavies
Flash
Column
54
Water
Water
Modified methyl acetate

process
Fewer vessels
Fewer pumps
Fewer flanges
Fewer instruments
Fewer valves
Less piping
......
55
But, it isnt simpler in every

way
Reactive distillation column itself is
more complex
Multiple unit operations occur within
one vessel
More complex to design
More difficult to control and operate
56
Single, complex batch reactor

Large
Rupture
Disk
A
B
C Condenser
D
E
Distillate
Receiver
Steam
Refrigerated
Brine
Water Return
Water Supply
57
Condensate
A sequence of simpler batch

reactors for the same process
A Large Rupture
B Disk
C
Refrigerated
Brine
Water Return
Water Supply
Condenser
E
Distillate
Receiver
Steam
Condensate 58
Inherent Safety Considerations
through the Process Life Cycle
(Use manufacture of acrylate

esters as an example)
59
Research
Basic technology
Reppe process
Propylene oxidation followed by
esterification
Other alternatives
propane based
Others - ????
60
Process Development
Implementation of selected technology
Oxidation catalyst options
Temperature
Pressure
Selectivity
Impurities
Catalyst hazards
Esterification catalyst options
Sulfuric acid
Ion exchange resins or other immobilized acid
functionality catalysts
61
Preliminary Plant Design

Plant location
Plant site options
Plant layout on selected site
Consider
People
Property
Environmentally sensitive locations
62
Detailed Plant Design

Equipment size
Inventory of raw materials
Inventory of process intermediates
One large train vs. multiple smaller
trains
Specific equipment location

63
Detailed Equipment Design

Inventory of hazardous material in each
equipment item
Heat transfer media (temperature,
pressure, fluid)
Pipe size, length, construction (flanged,
welded, screwed pipe)

64
Operation
Userfriendly operating procedures
Management of change
Consider inherently safer options when
making modifications
Identify opportunities for improving
inherent safety based on operating
experience, improvements in technology
and knowledge
65
When to consider Inherent

Safety?
Start early in process research and
development
NEVER STOP looking for inherently
safer design and operating
improvements
66
Questions designers should ask

when they have identified a hazard
Ask, in this order:
1. Can I eliminate this hazard?
2. If not, can I reduce the magnitude of the hazard?
3. Do the alternatives identified in questions 1 and 2
increase the magnitude of any other hazards, or
create new hazards?
(If so, consider all hazards in selecting the best alternative.)
4. At this point, what technical and management
systems are required to manage the hazards which
inevitably will remain?
67
Inherently Safer Design and

Regulations
Contra Costa County, CA Industrial Safety Ordinance
(1999)
Requires evaluation of inherently safer technologies
Reviewed by enforcement agencies
Allows consideration of feasibility and economics
New Jersey Department of the Environment (2005)
Facilities covered by the New Jersey Toxic Catastrophe
Prevention Act (TCPA) must review the practicality of
adopting inherently safer technology as an approach to
reducing the potential impact of a terrorist attack
United States Federal requirements
Several chemical security bills which include requirements
for consideration of inherently safer design have been
introduced in Congress, but, as of June 2006 none of these
have been enacted.
68
Resources
Kletz,T. A., Process Plants - A
Handbook for Inherently Safer Design,
Taylor and Francis, London, 1998.
Inherently Safer Chemical Processes - A
Life Cycle Approach, American Institute
of Chemical Engineers, New York, 1996.
Note: A second edition is being written in 2006.
69
Resources
Guidelines for Engineering Design for
Process Safety, Chapter 2 Inherently
Safer Plants. American Institute of
Chemical Engineers, New York, 1993.
Guidelinesfor Design Solutions for Process
Equipment Failures, American Institute of
Chemical Engineers, New York, 1998.
70
Resources
INSIDEProject and INSET Toolkit,
Commission of the European
Community, 1997 - available for
download from:
http://www.aeat-safety-and-
risk.com/html/inset.html
Extensivejournal and conference
proceedings literature
71

Introduction To Inherently Safer Design: Prepared For Safety and Chemical Engineering Education (SACHE) by

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To Inherently Safer Design: Prepared For Safety and Chemical Engineering Education (SACHE) by

Uploaded by

Copyright:

Available Formats

Introduction to

Inherently Safer Design

American Institute of Chemical Engineers, 2006 1

What is inherently safer

Why Inherently Safer Design?

A subset of Green Engineering

History of inherently safer

Chemical Process Safety

Batch Chemical Reactor

Which strategy should we

PLANT EM ERGENCY REPSONSE

PHYSICAL PROTECTION (DIKES)

PHYSICAL PROTECTION (RELIEF DEVICES)

AUTOMATIC ACTION SIS OR ESD

CRITICAL ALARMS, OPERATOR

BASIC CONTROLS, PROCESS ALARMS,

Multiple Layers of Protection

Degraded Layers of Protection

Inherently Safe Process

Inherently Safer Process Risk

Managing multiple hazards Process Option No. 1

COMMUNITY EMERGENCY REPSONSE

PLANT EMERGENCY REPSONSE

PHYSICAL PROTECTION (DIKES)

PHYSICAL PROTECTION (RELIEF DEVICES) AUTOMATIC ACTION SIS OR ESD

AUTOMATIC ACTION SIS OR ESD

Hazard 2 Hazard 3 Hazard n

Managing multiple hazards Process Option No. 2

COMMUNITY EMERGENCY REPSONSE

PLANT EMERGENCY REPSONSE

PHYSICAL PROTECTION (DIKES)

AUTOMATIC ACTION SIS OR ESD PHYSICAL PROTECTION (RELIEF DEVICES)

CRITICAL ALARMS, OPERATOR AUTOMATIC ACTION SIS OR ESD

Hazard 3 Hazard 2 Hazard n

Inherently Safer Design Strategies

Opportunities for process

Generic Nitration Reaction

Nitrated Product (X-NO2) + H2O

Reaction is highly exothermic

Semi-batch nitration process

Organic Substrate and Nitric acid gradual

What controls the rate of this

CSTR Nitration Process

Reactor ~ 100 gallons

Can you do this reaction in a

What controls this reaction

Monomer, solvent, additives

Product Storage Tank

Substitute Reaction Chemistry

(B) - Release Scenario:

2 inch transfer pipe failure

Less severe processing

Simplify - eliminate equipment

Modified methyl acetate

But, it isnt simpler in every

Single, complex batch reactor

A sequence of simpler batch

(Use manufacture of acrylate

Preliminary Plant Design

Detailed Plant Design

Detailed Equipment Design

When to consider Inherent

Questions designers should ask