Method Process Safety
support@methodprosafe.com
+44 (0)1462 713313

Could the correct operation of a safeguard cause a new risk?

Could the correct operation of a safeguard cause a new risk?

During HazOp we consider what could go wrong with the process, and the safeguards we have in place to prevent that. We also consider the consequences if our safeguards don’t act to provide protection. But what about when they do operate? Could the correct operation of a safeguard cause an incident?

You’ve done your HazOp and are confident that you have all the right safeguards in place. However, is it possible that those safeguards could also be causing risks in their own right?

It is as important to consider safeguard activation as it is to consider their failure, and to take appropriate action to ensure your process remains safe under all circumstances.

Based on a true story

“Are there any more causes of overpressure?” asked the HazOp leader. The team’s silence was gratifying – all of the causes so far identified were well protected by the dual redundant relief system installed. Whilst there was always the chance of a runaway reaction on this process, if the worst did happen, the solvent vapours would be relieved to a safe place – after all, that’s what you’d written on the P&ID, right?

“OK, so we have assessed the likelihood of the relief valves not working, and we have good protection against vessel rupture” said the facilitator, “but what happens when the relief valves do lift? Won’t the vapours released be both toxic and flammable?”.

Oh no, that sinking feeling – you never even thought about that!

Dishonourable Discharge

Recently, the =Method team have come across several incidences of vents and relief valves discharging to unsafe locations, including:

    • Flammable solvent vapours discharged at low level outdoors, capable of causing a vapour cloud explosion if ignited.
    • Toxic gases vented directly into an occupied plant area
    • Toxic gases released near to building ventilation air intake points
    • A steam relief valve discharging upwards, just below an outward-opening laboratory window
    • A relief valve on a thermal oil system discharging horizontally and at head height
    • Vents releasing flammable vapours at the rear of a smoking shelter (the vent was there long before the shelter)

We also came across a bursting disc which discharged through the roof of the plant, and at high level. The original plant designers had assumed that this was safe. However, modelling showed that because the vapours released were heavier than air, on a still day they would fall to ground rapidly. This had the potential for both on-site and off-site medical treatment cases.

Computer Says No

Another example of this issue was a control system (BPCS) interlock which prevented an actuated valve from being opened under certain circumstances. When the plant malfunctioned, the right response was for the operators to open the valve, but the control system would not allow them to.

Whilst control system interlocks can be very useful, it is important to make sure they won’t cause any unintended consequences, particularly during startup, shutdown and abnormal operations.

It’s Not Easy Being Green

It is not uncommon for equipment installed for environmental reasons to cause safety issues. Often this equipment is bought from specialist vendors who know their equipment well. However, they may not be told the full details of the process, and that can cause a hazard. Some examples:

  • When a company had a vent gas scrubber which could not meet new environmental targets, they replaced it with a thermal oxidiser (a type of vent gas incinerator). However, they were unaware that at certain points in their process, the vent gases reached flammable concentrations. Soon after installation, the flame from the thermal oxidiser flashed back to the plant, distorting the duct work and blowing flames out of a vessel manway which narrowly missed the plant operator.
  • An extraction fan which was not ATEX-rated caused an ignition when there was a release of solvent vapour inside the plant.
  • A carbon bed was installed downstream of an existing scrubber to meet new emission targets. One day the scrubber recirculation pump failed, resulting in more concentrated solvent vapours reaching the carbon bed. Because solvent adsorption onto the activated carbon was exothermic, the carbon bed overheated and caught fire.

The tendency here is for HazOp teams to only be thinking about the environmental consequences if abatement equipment fails, and to therefore miss the safety consequences if something abnormal happens upstream which puts the abatement equipment outside its safe operating envelope. This is a classic example of where the team as a whole have all the knowledge they need, but unless there is effective communication between the different team members, hazards can be missed:

Although the team as a whole should have the information needed to keep the plant safe, everybody has knowledge gaps. Good communication is key to gaining a shared understanding and hence producing a good HazOp.

The Lessons Learned

It’s just as important to assess if there is a hazard when safeguards do work as it is to assess the risk of them not working.

  • Relief valves and bursting discs must genuinely discharge “to a safe place”, and that is not the same as just writing that on the P&ID. Relief locations must be assessed to show there is no risk of either fire or toxic effects. This sometimes requires dispersion modelling etc.
  • Relief valve discharge manifolds must be sized for the worst-case credible demand from multiple vessels. One plant had a relief manifold to protect against external fire, but which was sized for only one relief valve discharging at once.
  • Interlock activation or control system (BPCS) failure must put the plant into a safe state under all operating conditions. (This is usually to close valves and turn off pumps, but not always!)
  • Pay particular attention to environmental abatement equipment. How might an issue with the plant push that equipment outside of its safe operating envelope?

 


Title: Could the correct operation of a safeguard cause a new risk?
Date: 2022-03-15
Published by: Method Process Safety



[More Process Safety news]


Introduction to Process Safety for Managers Training Course

Method Process Safety has launched a new training course specifically for managers who have been given responsibility for Process Safety in their organisation.

06.12.2024

The Fundamentals of Process Safety Management Free Seminar

As part of our 1-day Free Live Online CPD Seminar David Sparkes CEng FIChemE PPSE, our Process Safety Technical Director will deliver "The Fundamentals of Process Safety Management".

09.07.2024

Free Seminar: LOPA Pitfalls

Method will be talking about LOPA Pitfalls at its Free CPD Seminar in April 2024.

28.03.2024

Process Safety, Functional Safety and Cyber training courses go west

=Method are bringing our IChemE Approved training courses to the West of the UK in 2024.

08.08.2023

David Sparkes becomes a Fellow of the IChemE

​We are delighted that our Process Safety Technical Director David Sparkes has become a Fellow of the Institute of Chemical Engineers (IChemE).

04.08.2023

Why do =Method HazOp Training

If you are considering doing HazOp training, then watch our 3-minute video on why you should choose =Method's IChemE approved training courses.

21.06.2023

=Method HazOp Courses IChemE approved

​We are delighted that both of our HazOp training courses are now IChemE approved.

07.04.2023

IChemE have approved the =Method HazOp Training course for Leaders

We were delighted that our "HazOp for Leaders" course has been has been approved by the Institution of Chemical Engineers (IChemE).

26.01.2023

Every Team Member in a HazOp has an important role to play

Every Team Member in a hazard and operability study has an important role to play.

15.12.2022

Hazard Study for Leaders Training Course Testimonial

We were delighted with the kind words from OTECSA Consulting after attending our Hazard Study for Leaders training course.

15.03.2022


Definitions of Process Safety terms used in this article

Pressure Relief Valve (also called Safety Relief Valve)

A device which opens when the maximum safe pressure for a piece of equipment is in danger of being exceeded, and vents that pressure, to protect the equipment. Relief valves typically use a disc held closed by a spring under compression. When the pressure in the vessel overcomes the force exerted by the spring, the disc ‘lifts’, thus relieving the pressure.

Bursting / Rupture Disc

A bursting disc (sometimes also called a rupture disc) may be fitted to equipment as alternative to a relief valve. When the pressure in the equipment is in danger or exceeding the maximum safe pressure, the disc “busts” open, relieving the pressure.

HazOp

HazOp stands for HAZard and OPerability study. This is a systematic method for examining a process to understand both how it operates and how it might go wrong.

In a classic HazOp study a multi-disciplinary team is asked questions like “could anything cause high pressure in this vessel?”. If the team identify causes of high pressure, they are then examined to understand what the consequence of high pressure would be, if it is hazardous, and if so, what safeguards are required to prevent that from happening.

Basic Process Control System (BPCS)

Modern process plants are typically computer-controlled by a “BPCS”, or Basic Process Control System. Best practice is to keep the basic process control independent from any dedicated safety systems installed.

The operator is able to monitor the plant and control functions remotely by using an “HMI Panel” (human-machine-interface computer screen) of some kind.

Safeguard

“Safeguard” is a generic term used to describe the control measures in place to reduce the likelihood of an incident.

Examples of safeguards include:

  • Relief valves and bursting discs
  • Control system interlocks
  • Safety Instrumented Functions (SIFs). These are high-integrity trips and interlocks designed to protect the plant.
  • Procedural checks

    • ATEX / DSEAR

    ATEX is short for the French term, “Atmospheres Explosives”. This is the name commonly given to two European Directives for controlling explosive atmospheres and the equipment used within them.

    (An explosive atmosphere is defined as a mixture of dangerous substances with air, under atmospheric conditions, in the form of gases, vapours, mist or dust in which, after ignition has occurred, combustion spreads to the entire unburned mixture.)

    The European ATEX Directives were implemented in the UK under the “Dangerous Substances and Explosive Atmospheres Regulations” (also called DSEAR) issued in 2002 and updated in 2015.

    E: support@methodprosafe.com. T: 44 (0)1462 713313. W: www.methodprosafe.com

    Test your Functional Safety knowledge
    CPD Seminar
    Method Functional Safety

    Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

    Address: Method Process Safety Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
    Phone: +44 (0)1462 713313 Email: support@methodprosafe.com Website:

    Terms and Conditions | Privacy Policy. Registered In England 11410637 | VAT No. GB 302 4333 56. Site © Copyright Method Process Safety Ltd 2024

    LinkedinMethod Functional Safety member of InstMC