https://www.engstack.

com/blog/inherently-safer-chemical-process/

Minimize

☐  Have all in-process inventories of hazardous materials in storage tanks

been minimized?

☐  Are all of the proposed in-process tanks really needed?

☐  Has all processing equipment handling hazardous materials been designed

to minimize inventory?

☐  Is process equipment located to minimize length of hazardous material

piping?

☐  Can piping sizes be reduced to minimize inventory?

☐  Can other type of unit operations or equipment reduce material

inventories? For example:

o Wiped film stills in place of continuous still pots

o Centrifugal extractors in place of extraction columns
o Flash dryers in place of tray dryers
o Continuous reactors in place of batch
o Plug flow reactors in place of CFSTRs
o Continuous in-line mixers in place of mixing vessels

☐  Is it possible to feed hazardous materials (for example, chlorine) as a gas

instead of liquid, to reduce pipeline inventories?

☐  Is it possible to generate hazardous reactants “in-situ_ from less hazardous

raw materials?
☐  Is it possible to generate hazardous reactants on site from less hazardous
materials, minimizing the need to store or transport large quantities of
hazardous materials?

Substitution/Elimination

☐  Is it possible to completely eliminate hazardous raw materials, process

intermediates, or by-products by using an alternative process or chemistry?

☐  Is it possible to eliminate in-process solvents by changing chemistry or

process conditions?

☐  Is it possible to substitute less hazardous raw materials?

o Noncombustible rather than flammable solvents

o Less volatile raw materials
o Less toxic raw materials
o Less reactive raw materials
o More stable raw materials

☐  Is it possible to substitute less hazardous final product solvents?

☐  For equipment containing materials which become unstable at elevated

temperature or freeze at low temperature, is it possible to use heating and
cooling media which limit the maximum and minimum temperature
attainable?

Moderate

☐  Can the supply of pressure of raw materials be limited to less than the
working pressure of the vessels they are delivered to?

☐  Can reaction conditions (temperature, pressure) be made less severe by

using a catalyst, or by using a better catalyst?

☐  Can the process be operated at less severe conditions? If this results in

lower yield or conversion, can raw materials recycle compensate for this loss?
☐  Is it possible to dilute hazardous raw materials to reduce the hazard
potential? For example:

o Aqueous Ammonia instead of Anhydrous

o Aqueous HCL instead of Anhydrous
o Sulfuric Acid instead of Oleum
o Dilute Nitric Acid instead of concentrated fuming Nitric Acid
o Wet Benzoyl Peroxide instead of dry

Simplify

☐  Can equipment be designed sufficiently strong to totally contain the

maximum pressure generated, even if the “worst credible event” occur?

☐  Is all equipment designed to totally contain the materials which might be
present inside at temperature or the maximum attainable process temperature
(i.e. don’t rely on the proper functioning of external systems such as
refrigeration systems to control temperature such that vapor pressure is less
than equipment design pressure)?

☐  Can several process steps be carried out in separate processing vessels

rather than a single multipurpose vessel? This reduces complexity and the
number of raw materials, utilities, and auxiliary equipment connected to a
specific vessel, thereby reducing the potential for hazardous interactions.

☐  Can equipment be designed such that it is difficult or impossible to create

a potential hazardous situation due to an operating error (for example, by
opening an improper combination of valves)?

Location/Siting/Transportation

☐  Can process unit be located to reduce or eliminate adverse impacts from

other adjacent hazardous installations?

☐  Can process units be located to eliminate or minimize:

o Off-site impacts?
o Impacts to employees on-site?
 o Impacts on other process or plant facilities?

☐  Can the facility be chosen to minimize the need for transportation of

hazardous materials and to use safer transport methods and routes?

☐  Can a multi-step process, where the steps are done at separate sites, be
divided up differently o eliminate the need to transport hazardous materials?

https://www.engstack.com/blog/role-inherently-safer-design-concepts-process-risk-management/

See Introduction to Inherently Safer Chemical Process for more information

relating to The Role of Inherently Safer Design Concepts in Process Risk
Management.

How does inherently safer design fit into an overall process risk management
program? To answer this question, it is first necessary to understand the
definition of risk. Risk is defined as a measure of economic loss, human injury,
or environmental damage in terms of both the incident likelihood and the
magnitude of the loss, injury, or damage. Any effort to reduce the risk arising
from the operation of a chemical processing facility can be directed toward
reducing the likelihood of incidents (incident frequency); reducing the
magnitude of the loss, injury or damage should an incident occur (incident
consequences), or some combination of both. In general, the strategy for
reducing risk, whether directed toward reducing frequency or consequence of
potential accidents, can be classified into four categories. These categories, in
decreasing order of reliability, are:

 Inherent: Eliminating the hazard by using materials and process

conditions which are nonhazardous; e.g., substituting water for a
flammable solvent.
 Passive: Minimizing the hazard by process and equipment design
features which reduce either the frequency or consequence of the
 hazard without the active functioning of any device; e.g., the use of
equipment rated for higher pressure.
 Active: Using controls, safety interlocks, and emergency shutdown
systems to detect and correct process deviations; e.g., a pump that is
shut off by a high level switch in the downstream tank when the tank is
90% full. These systems are commonly referred to as engineering
controls.
 Procedural: Using operating procedures, administrative checks,
emergency response, and other management approaches to prevent
incidents, or to minimize the effects of an incident; e.g., hot-work
procedures and permits. These approaches are commonly referred to as
administrative controls.

Risk control strategies in the first two categories, inherent and passive, are
more reliable because they depend on the physical and chemical properties of
the system rather than the successful operation of instruments, devices,
procedures, and people. Inherent and passive strategies differ, but are often
confused. A truly inherently safer process will reduce or completely eliminate
the hazard, rather than simply reducing its impact. Table below gives examples
of the four risk management strategy categories. These categories are not
rigidly defined, and some strategies may include aspects of more than one
category.

Risk Management Strategy Example Comment

Category
An atmospheric pressure reaction There is no potential for
using nonvolatile solvents which overpressure of the reactor
Inherent is incapable of generating any because of the chemistry and
pressure in the event of a physical properties of the
runaway reaction. materials.
The reactor can contain the
A reaction capable of generating runaway reaction. However, if
150 psig pressure in case of a 150 psig pressure is generated,
runaway, done in a 250 psig the reactor could fail due to a
Passive
reactor. defect, corrosion, physical
damage or other cause.
A reaction capable of generating The interlock could fail to stop
150 psig pressure in case of a the reaction in time, and the
Active runaway, done in a 15 psig rupture disk could be plugged or
reactor with a 5 psig high improperly installed, resulting in
 pressure interlock to stop reactant reactor failure in case of a
feeds and a properly sized 15 psig runaway reaction. The effluent
rupture disk discharging to an treatment system could fail to
effluent treatment system. prevent a hazardous release.
The same reactor described in
There is a potential for human
Example 3 above, but without the
error, the operator failing to
5 psig high pressure interlock.
monitor the reactor pressure, or
Procedural Instead, the operator is instructed
failing to stop the reactant feeds
to monitor the reactor pressure
in time to prevent a runaway
and stop the reactant feeds if the
reaction.
pressure exceeds 5 psig.
Note: These examples refer only to the categorization of the risk management strategy with
respect to the hazard of high pressure due to a runaway reaction. The processes described may
involve trade-offs with other risks arising from other hazards. For example, the nonvolatile
solvent in the first example may be extremely toxic, and the solvent in the remaining examples
may be water. Decisions on process design must be based on a thorough evaluation of all of the
hazards involved.
There are also opportunities for making active and procedural risk
management systems inherently safer. For example, consider two alternative
designs for a high pressure interlock for a vessel:

1. A pressure sensor giving a continuous indication which is displayed on

the control panel and can be observed by the operator. The sensor has a
high pressure safety interlock set at a predetermined pressure that
activates an emergency shutdown system.
2. The same system, but with an on-off pressure switch set to activate the
emergency shutdown system if the pressure reaches the predetermined
point. The pressure switch remains inactive as long as the pressure is
below its trip point.

Design alternative 1 is inherently safer because the pressure sensor provides

continuous feedback to the operator. The operator has some confidence that
the pressure sensor is working (although not complete assurance as it could
be indicating incorrectly), and may observe that pressure is increasing before
it reaches the high pressure trip point. However, both design alternatives are
still classified as active systems. The first alternative is an inherently safer
implementation of an active safety system.

In general, strategic approaches are best implemented at an early stage in the

process or plant design. Tactical approaches include the active and procedural
risk management categories. Tactical approaches tend to be implemented
much later in the plant design process, or even after the plant is in operation,
and often involve much repetition, increasing the costs and potential for
failure.

See Consideration for Inherently Safer Options for more information relating

to The Role of Inherently Safer Design Concepts in Process Risk Management.

https://www.engstack.com/blog/definitions-mawp-map-mop-design-pressure-hydrotest-pressure-
burst-pressure-working-pressure-and-more/

Maximum Allowable Working Pressure (MAWP) - maximum gauge pressure

permissible at the top of the equipment in its operating position for a
designated temperature (e.g. maximum pressure that the weakest component
of the system can handle). Note: the maximum allowable working pressure is
the basis for the pressure setting of the pressure relief devices that protect the
equipment.

Maximum Allowable Pressure (MAP) or Maximum Allowable Operating

Pressure (MAOP) - maximum pressure at which the equipment may be
operated under; in another word, it is the maximum pressure in the new and
cold condition of the equipment.

Maximum Operating Pressure (MOP) - maximum operating pressure is the

maximum pressure that equipment can be operated at below its high pressure
alarm or shutdown, or 95% of MAWP, whichever is lower.

Burst Pressure - Burst pressure is the maximum internal pressure that a

pressurized component such as piping or joint or tube can withstand before
rupture or “burst”. When maximum internal pressure exceeds the burst
pressure, the pipe will crack, leak, explode.
Design Pressure - the maximum pressure that the system that can be
exposed to and sets the system relief valve at the same pressure. This should
be below MAWP and based on company standards can vary from 10% to 25%
above the maximum operating pressure of the system. Maximum operating
pressure is usually the high trip pressure of the system.

Hydrotest Pressure - hydrostest pressure is the required pressure that

pressurized systems such as vessels, pipelines, plumbing, gas cylinders, boilers,
tanks can be tested for strength and leak. Hydrotest pressure is 1.5 * (design
pressure) as a rule of thumb. ASME code gives detail guidance with formulas
for calculating hydrotest pressure based on stress ratio.

Proof Pressure (overpressure) - the maximum pressure that can be applied to

a pressurized component without changing quality from its original
specification. After the internal pressure is released, the pressurized
component will return to the original state if the pressure is under the proof
pressure limit.

Relief Pressure (typically in pressure relief valve, PRV, PSV) - A preset pressure

to protect or control a pressurized system/component during an overpressure
event from instrument or equipment failure, or fire.

Surge Pressure (pressure surge or fluid hammer) - happens when fluid

velocity in a piping system changes suddenly by a valve is opened or closed to
rapidly. This will result in sudden change in pressure that creates a shock wave
in the piping walls and fittings and can cause severe vibration, and piping
rupture.

Target Pressure - target pressure for any particular pressurized equipment

should be set to the project's operating pressure which is usually 10-25%
lower than the design pressure. See working pressure vs. design pressure.

Working Pressure (safe working pressure) - the internal pressure of the

pressurized component in the working conditions range, normally called
pressure range.