Overview of Process Safety,

Green Engineering, and

Inherently Safer Design

Harry J. Toups LSU Department of Chemical Engineering with

significant material from SACHE 2003 Workshop presentation
entitled: Inherently Safer Design, by
Dennis Hendershot
Rohm and Haas Company

1/63
Three Elements of Process Safety

Behavior

Process
Safety
Systems Process

2/63
Process Safety Milestone Practices

Pre-1930s Identify who caused the loss

Behavior
and punish the guilty
Pre-1970s Find breakdown in, and fix
Process
man-machine interface
1970s, 80s Development of risk
Mgmt Systems
assessment techniques and
systematic approaches
1980s + Performance-, risk-based
Comprehensive
standards, regulations;
green and inherent designs
3/63
 Causes of Losses in Large Plant
Accidents
44

Process
Design
Accidents (%)

22

12 11

5 5
1

Mechanical Operator Unknown Process Natural Design Sabotage

Error Upsets Hazards and Arson

4/63
Green chemistry and engineering
A Definition
The design, commercialization, and
use of chemical processes and
products, which are feasible and
economical while minimizing:

1) generation of pollution at the source,

and

2) risk to human health and the

environment.
5/63
New paradigm for the environment

Traditional environmental approach

End of pipe waste treatment

Waste minimization an advance,
but we can go further

Green chemistry and engineering

Eliminate or dramatically reduce

hazards to the environment
6/63
Many of us learned this as children

Dr. Suess
The Cat in the Hat
Comes Back

Once you get something dirty, the

only way to get it clean is to make
something else dirty.

The best way to keep the world clean is

to not get it dirty to begin with.
7/63
Inherently Safer Design
A Definition

The design of chemical processes and

products with specific attention to
eliminating hazards from the
manufacturing process rather than
relying on the control of these hazards

Notice the common philosophy to

Green Engineering?

8/63
New paradigm for safety

Traditional safety approach

Add on safety features
Prevent - alarms, safety interlocks,
procedures, training
Mitigate sprinkler systems, water
curtains, emergency response
systems and procedures
Inherently safer design
Eliminate or significantly reduce
process hazards
9/63
Inherently safer design, green
chemistry, and green engineering

Inherently
Safer
Design

Green Chemistry
and Engineering

10/63
Why are we interested in
inherently safer design?

11/63
Flixborough, England (1974)

12/63
Flixborough, England (1974)

13/63
Henderson, Nevada, (1988)

14/63
What is inherently safer design?

Inherent - existing in something as a

permanent and inseparable element...
safety built in, not added on
Eliminate or minimize hazards rather
than control hazards
More a philosophy and way of thinking
than a specific set of tools and methods
Applicable at all levels of design and
operation from conceptual design to plant
operations
Safer, not Safe
15/63
Hazard

An inherent physical or chemical

characteristic that has the potential for
causing harm to people, the
environment, or property (CCPS, 1992).
Hazards are intrinsic to a material, or its
conditions of use.
Examples
Phosgene - toxic by inhalation
Acetone - flammable
High pressure steam - potential energy due
to pressure, high temperature
16/63
To eliminate hazards:

Eliminate the material

Change the material
Change the conditions of use

17/63
Chemical Process Safety
Strategies

18/63
Inherent

Eliminate or reduce the hazard by

changing to a process or materials which
are non-hazardous or less hazardous
Integral to the product, process, or plant -
cannot be easily defeated or changed
without fundamentally altering the
process or plant design
EXAMPLE
Substituting water for a flammable solvent
(latex paints compared to oil base paints)

19/63
Passive

Minimize hazard using process or

equipment design features which
reduce frequency or consequence
without the active functioning of
any device
EXAMPLE
Containment dike around a
hazardous material storage tank

20/63
Active

Controls, safety interlocks, automatic shut down

systems
Multiple active elements
Sensor - detect hazardous condition
Logic device - decide what to do
Control element - implement action
Prevent incidents, or mitigate the consequences
of incidents
EXAMPLE
High level alarm in a tank shuts automatic feed
valve
Caution: Even protective systems can cause
incidents! (See Hendershot et al handouts)

21/63
Procedural

Standard operating procedures,

safety rules and standard
procedures, emergency response
procedures, training
EXAMPLE
Confined space entry procedures

22/63
Batch Chemical Reactor Example

Hazard of concern

Runaway reaction causing high

temperature and pressure and
potential reactor rupture

23/63
Passive

Maximum adiabatic pressure for

reaction determined to be 150 psig

Run reaction in a 250 psig design

reactor

Hazard (pressure) still exists, but

passively contained by the
pressure vessel
24/63
Active
Maximum adiabatic pressure for
100% reaction is 150 psig, reactor
design pressure is 50 psig
Gradually add limiting reactant with
temperature control to limit
potential energy from reaction
Use high temperature and pressure
interlocks to stop feed and apply
emergency cooling
Provide emergency relief system
25/63
Procedural

Maximum adiabatic pressure for

100% reaction is 150 psig, reactor
design pressure is 50 psig
Gradually add limiting reactant with
temperature control to limit
potential energy from reaction
Train operator to observe
temperature, stop feeds and apply
cooling if temperature exceeds
critical operating limit
26/63
Inherent

Develop chemistry which is not

exothermic, or mildly exothermic
Maximum adiabatic exotherm
temperature < boiling point of all
ingredients and onset temperature of
any decomposition or other
reactions

27/63
Which strategy should we use?

Generally, in order of robustness

and reliability:
Inherent
Passive
Active
Procedural
But - there is a place and need for
ALL of these strategies in a
complete safety program
28/63
Inherently Safer Design
Strategies

29/63
Inherently Safer Design Strategies

Minimize
Moderate
Substitute
Simplify

30/63
Minimize

Use small quantities of hazardous

substances or energy
Storage
Intermediate storage
Piping
Process equipment
Process Intensification

31/63
Benefits

Reduced consequence of incident

(explosion, fire, toxic material
release)
Improved effectiveness and
feasibility of other protective
systems for example:
Secondary containment
Reactor dump or quench systems

32/63
Semi-batch nitration process
Catalyst (usually
sulfuric acid) feed
or pre-charge

Organic Substrate and Nitric acid gradual

solvents pre-charge addition

Batch Reactor
~6000 gallons

33/63
How can Process Intensification
be used in this reaction?
Mixing bringing reactants into
contact with each other

Mass transfer from aqueous

phase (nitric acid) to organic phase
(organic substrate)

Heat removal

34/63
CSTR Nitration Process

Raw
Material
Feeds
Organic substrate
Catalyst
Nitric Acid

Reactor ~ 100 gallons

Product
35/63
One step further:
Do this reaction in a pipe reactor?

Raw
Cooled continuous
Material
mixer/reactor
Feeds
Organic substrate
Catalyst
Nitric Acid

36/63
Scale up

37/63
Scale out

38/63
On-demand phosgene generation

Continuous process to produce phosgene

Phosgene consumers are batch processes
No phosgene storage
Engineering challenges
Rapid startup and shutdown
Quality control
Instrumentation and dynamic process
control
Disposal of tail gas and inerts

39/63
Moderate

Dilution
Refrigeration
Less severe processing conditions
Physical characteristics
Containment
Better described as passive rather
than inherent

40/63
Dilution

Aqueous ammonia instead of

anhydrous
Aqueous HCl in place of anhydrous
HCl
Sulfuric acid in place of oleum
Wet benzoyl peroxide in place of dry
Dynamite instead of nitroglycerine

41/63
 0
Effect of dilution
0 5
Distance, Miles

Concentration, mole ppm 20,000

(B) - Release Scenario:
Centerline Ammonia

2 inch transfer pipe failure

10,000 Anhydrous
Ammonia

28%
Aqueous
Ammonia

0
0 Distance, Miles 1

42/63
Less severe processing conditions

Ammonia manufacture
1930s - pressures up to 600 bar
1950s - typically 300-350 bar
1980s - plants operating at pressures
of 100-150 bar were being built
Result of understanding and
improving the process
Lower pressure plants are cheaper,
more efficient, as well as safer

43/63
Substitute

Substitute a less hazardous

reaction chemistry

Replace a hazardous material with

a less hazardous alternative

44/63
Substitute materials

Water based coatings and paints in

place of solvent based alternatives
Reduce fire hazard
Less toxic
Less odor
More environmentally friendly
Reduce hazards for end user and
also for the manufacturer

45/63
Simplify

Eliminate unnecessary complexity

to reduce risk of human error
QUESTION ALL COMPLEXITY! Is it
really necessary?

46/63
Simplify - eliminate equipment

Reactive distillation methyl acetate

process (Eastman Chemical)
Which is simpler?
Acetic Acid
Methanol
Catalyst
Methyl
Methyl Acetate
Acetate

Acetic Acid
Reactor Methanol
Recovery
Solvent
Recovery
Sulfuric
Splitter
Acid
Extractive
Distillaton
Water
Methanol

Reactor
Decanter Column
Extractor Impurity
Removal
Columns Heavies
Color
Column

Flash
Azeo Column
Column
Water
Heavies

Flash
Column

Water
Water

47/63
Modified methyl acetate process

Fewer vessels
Fewer pumps
Fewer flanges
Fewer instruments
Fewer valves
Less piping
......

48/63
But, it isnt simpler in every way

Reactive distillation column itself is

more complex
Multiple unit operations occur
within one vessel
More complex to design
More difficult to control and
operate

49/63
Single, complex batch reactor
Large
Rupture
Disk

A
B
C Condenser
D
E
Distillate
Receiver

Steam
Refrigerated
Brine

Water Return

Water Supply

Condensate

50/63
A sequence of simpler batch reactors
for the same process
A Large Rupture
B Disk

C
Refrigerated
Brine

Water Return

Water Supply

Condenser
E
Distillate
Receiver

Steam

Condensate

51/63
Inherent safety conflicts

In the previous example

Each vessel is simpler
But
There are now three vessels, the
overall plant is more complex in some
ways
Compare to methyl acetate example
Need to understand specific hazards
for each situation to decide what is
best
52/63
Conflicts and Tradeoffs

53/63
Some problems

The properties of a technology which

make it hazardous may be the same as
the properties which make it useful:
Airplanes travel at 600 mph
Gasoline is flammable
Any replacement must have the ability to store
a large quantity of energy in a compact form
Chlorine is toxic
Control of the hazard is the critical issue
in safely getting the benefits of the
technology

54/63
Multiple hazards
Everything has multiple hazards
Automobile travel
velocity (energy), flammable fuel,
exhaust gas toxicity, hot surfaces,
pressurized cooling system,
electricity......
Chemical process or product
acute toxicity, flammability,
corrosiveness, chronic toxicity,
various environmental impacts,
reactivity.......
55/63
What does inherently safer mean?

Inherently safer is in the context of

one or more of the multiple hazards
There may be conflicts
Example - CFC refrigerants
low acute toxicity, not flammable
potential for environmental damage,
long term health impacts
Are they inherently safer than
alternatives such as propane
(flammable) or ammonia (flammable
and toxic)?
56/63
Inherently safer hydrocarbon
based refrigerators?
Can we redesign the refrigeration
machine to minimize the quantity of
refrigerant sufficiently that we
could still regard it as inherently
safer?
Home refrigerators perhaps (<120
grams)
Industrial scale applications
probably not, need to rely on
passive, active, procedural risk
management strategies
57/63
Multiple impacts

Different populations may perceive the

inherent safety of different technology
options differently
Example - chlorine handling - 1 ton
cylinders vs. a 90 ton rail car
A neighbor two miles away?
An operator who has to connect and
disconnect cylinders 90 times instead
of a rail car once?
Who is right?

58/63
Inherently safer = safer
Air travel Automobile travel
several hundred people a few people
5 miles up on the ground
control in 3 dimensions control in 2 dimensions
600 mph 60 mph
thousands of gallons of a few gallons of fuel
fuel
passengers in a might even be a
pressure vessel convertible
......... .........

Automobile travel is inherently safer

But, what is the safest way to travel from
Washington to Los Angeles?
Why?

59/63
At what level of design should
engineers consider inherently
safer design?
Selecting Technology? Plant Design?
Equipment Details? Operations?

Best answer? All levels!

Inherently safer design is not a meeting.

Inherently safer design is a way of

thinking, a way of approaching
technology design at every level of detail
part of the daily thought process.
60/63
Questions a designer should ask
when he has identified a hazard
In this order
1. Can I eliminate this hazard?
2. If not, can I reduce the magnitude of the
hazard?
3. Do the alternatives identified in questions 1
and 2 increase the magnitude of any other
hazards, or create new hazards?
4. At this point, what technical and management
systems are required to manage the hazards
which inevitably will remain?

61/63
The Future: Inherently safer design

Some hazardous materials and processes

can be eliminated or the hazards
dramatically reduced.

The useful characteristics of other

materials or processes make their
continued use essential to society for the
foreseeable future we will continue to
manage the risks.

E.g., Air travel

62/63
Is It Worth the Effort?
Number of US workplace injuries/illnesses
Total Recordable Injury/Illness Rate

12 per 100 employees continues to drop

10
8
6
4 due to comprehensive safety strategies,
including Inherently Safer Design
2
0
1973 1983 1993 2003

63/63
 END OF
PRESENTATION

64/63