During HazOp we consider what could go wrong with the process, and the safeguards we have in place to prevent that. We also consider the consequences if our safeguards don’t act to provide protection. But what about when they do operate? Could the correct operation of a safeguard cause an incident?
You’ve done your HazOp and are confident that you have all the right safeguards in place. However, is it possible that those safeguards could also be causing risks in their own right?
It is as important to consider safeguard activation as it is to consider their failure, and to take appropriate action to ensure your process remains safe under all circumstances.
“Are there any more causes of overpressure?” asked the HazOp leader. The team’s silence was gratifying – all of the causes so far identified were well protected by the dual redundant relief system installed. Whilst there was always the chance of a runaway reaction on this process, if the worst did happen, the solvent vapours would be relieved to a safe place – after all, that’s what you’d written on the P&ID, right?
“OK, so we have assessed the likelihood of the relief valves not working, and we have good protection against vessel rupture” said the facilitator, “but what happens when the relief valves do lift? Won’t the vapours released be both toxic and flammable?”.
Oh no, that sinking feeling – you never even thought about that!
Recently, the =Method team have come across several incidences of vents and relief valves discharging to unsafe locations, including:
We also came across a bursting disc which discharged through the roof of the plant, and at high level. The original plant designers had assumed that this was safe. However, modelling showed that because the vapours released were heavier than air, on a still day they would fall to ground rapidly. This had the potential for both on-site and off-site medical treatment cases.
Another example of this issue was a control system (BPCS) interlock which prevented an actuated valve from being opened under certain circumstances. When the plant malfunctioned, the right response was for the operators to open the valve, but the control system would not allow them to.
Whilst control system interlocks can be very useful, it is important to make sure they won’t cause any unintended consequences, particularly during startup, shutdown and abnormal operations.
It is not uncommon for equipment installed for environmental reasons to cause safety issues. Often this equipment is bought from specialist vendors who know their equipment well. However, they may not be told the full details of the process, and that can cause a hazard. Some examples:
The tendency here is for HazOp teams to only be thinking about the environmental consequences if abatement equipment fails, and to therefore miss the safety consequences if something abnormal happens upstream which puts the abatement equipment outside its safe operating envelope. This is a classic example of where the team as a whole have all the knowledge they need, but unless there is effective communication between the different team members, hazards can be missed:
Although the team as a whole should have the information needed to keep the plant safe, everybody has knowledge gaps. Good communication is key to gaining a shared understanding and hence producing a good HazOp.
It’s just as important to assess if there is a hazard when safeguards do work as it is to assess the risk of them not working.
Author: Method Process Safety
Title: Could the correct operation of a safeguard cause a new risk?
Date: 2022-03-15
Published by: Method Process Safety
Address: Method Process Safety Ltd, Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313
Email: support@methodprosafe.com
Website: www.methodprosafe.com
Terms and Conditions
Privacy Policy
Registered In England 11410637
VAT No. GB 302 4333 56
Site © Copyright Method Process Safety Ltd 2024