Process Safety Fundamentals

Safe Operational Principles

to avoid incidents with hazardous chemicals
Origin
Process safety and technical integrity management is about the capability to operate an asset so that it safeguards life and
environment whilst meeting production objectives during the operational phase of its lifecycle. The key activities to achieve
this ambition are explained below:
To stimulate leadership
of managers and raise
collective awareness to To design our facilities in
accomplish all of the the best possible way
To enforce practices using available design
above
to ensure that the specifications and
facilities are operated verification of the
according to their Operating prevention and mitigation
design intent Design barriers using risk analysis
Integrity techniques
Integrity

Integrity
Leadership

To implement adequate Collective

inspection, testing and
preventive maintenance Commitment To ensure that the
anticipated design is
programs to constructed using
continuously established project
follow up on the health Technical Construction specifications and
of the design ensuring & controlling
Integrity Integrity the quality of
construction materials
Origin : Shell Process Safety Fundamentals
After review of Process Safety Events by Shell, a set of safe operating principles called “Process Safety
Fundamentals” was developed.
Context of Process Safety Fundamentals
o No new requirements. Formulation of operational principles.
o An upgrade in behaviors. Operational Excellence of Process Safety
execution.
o Emphasis on front line critical tasks, fully understood and supported by
all operational leaders.
o Understanding of the dilemmas that frontline may face to comply with
Process Safety Fundamentals.
o Makes Process Safety an everyday frontline conversation with an
involved leadership.
o Attention on risk normalization and substandard practices.
o Sanction management not emphasized, open culture driving Process
Safety Excellence.
Process Safety Fundamentals and Safety Leadership
Leaders are expected to leverage the Process Safety Fundamentals as a tool to
o Drive safety from a position of care
o Be visible in the field
o Have a regular dialogue on the PSFs. Help front line staff to comfortably surface dilemmas, operational
issues, and weak signals
o Show their commitment to safety. Once dilemmas are brought forward, work with the front line to resolve
the issue.
o Show curiosity. Seek to understand and comply with the PSFs before allowing deviations.
o Recognize risk normalization in many of our daily activities and address it.
Process Safety Fundamentals and Life Saving Rules
Aspect Life Saving Rules: Occupational Safety Fundamentals: Process Safety

Avoid loss of chemicals with potentially serious

Objective Reduce number of injuries/fatalities consequences for people, environment and
Business

HSE Domain Behaviors in occupational safety Behaviors on operations involving hazardous

chemicals

Operation teams on hazardous sites (process

Target All operators, process engineers, maintenance
technicians, operational management)

Nature and In principle simple rules that are easy to More complex principles that cannot always be
applicability understand and apply in all circumstances fully applied (e.g. in case of design issues)

Identify situations that are not in line with the

Implementation Non-negotiable set of requirements “Life Process Safety Fundamentals and start a
method saving Rules” or “ Golden rules” discussion on how to proceed, avoiding
uncontrolled initiatives “to get the job done”
Process Safety Fundamentals and Life Saving Rules

Life Saving Rules

All employees

Process Safety Fundamentals

Operators Supervisors Op. Managers

o Walk the line o Preparation of o Work planning
o Check of isolation, procedures o Maintenance &
absence of energy o Preparation of PTW inspection scopes
o … o Management of o Signature of PTW
isolation/inhibition o Competence
o … assurance
o …
IOGP Process Safety Fundamentals
o An analysis by IOGP has shown that nearly all (91%) fatal process safety events are linked to one or more of
the core set of IOGP PSFs.
We stay
within
We respect We apply We sustain operating We maintain
hazards procedures barriers limits safe isolation

We walk the We control We recognize We stop if We watch for

line ignition change the weak signals
sources unexpected
occurs
 PSF Title of PSF
Logo
Hazards: Options to get it right
Description of specific hazards related to Suggestions for efficient application of this Process Safety
this Process Safety Fundamental Fundamental

When important:
Description of situations in which the
application of this Process Safety
Fundamental is important

Challenges in the field:

Description of possible difficulties
encountered in the field when applying this
Process Safety Fundamental
 Process Safety Fundamentals – 18 Titles
Apply Double Isolation Control utility systems connected to a process
Empty and De-energise before line-breaking Report deficiencies on Safety Critical Equipment
Monitor an open drain Unplugging of equipment
Manage overrides of safety critical systems Stay out of the Line of Fire
Walk the Line Control (Un)loading
Verify leak tightness after maintenance work Check atmosphere in fire box before igniting the burners
Avoid working behind a single valve Avoid splash loading
Verify the condition of flexible hoses Avoid run-away reaction
Operate within safe limits Report process safety incidents
 EPSC Pictograms

Double Isolation First Line Break Flexible Hoses Furnace Burners Leak Tightness Unloading

Open Drain Operating Limits Overrides Plugged Equipment Critical Equipment Reporting

Run Away Reaction Splash Loading Line of Fire Utility Connections Walk the Line Single valve
 Walk the Line

Hazards: Options to get it right

Spills or inadvertent mixing might occur when the ➢ Validate a correct line-up (all valves, tanks, pumps), before
transfer line is not ready for operation due to open starting the pump / transfer
ended lines or drains, wrong valve or tank line-up. ➢ Perform a check, after pump start, to detect leaking drains,
When important: hoses, flanges or pump seals
After each change in set-up of a transfer line, e.g. ➢ Use P&IDs or better isometrics during line check
start-up after shut-down, isolating equipment, ➢ Label equipment in the field, like valves, pipelines and
change of equipment, maintenance work, draining pumps to help with the field check
➢ Tag all the bleeds and drains
Challenges in the field: ➢ Validate the transfer regularly by checking the levels of the
➢ Transfers occurring around shift change-over tanks versus the calculated level from the pump flow
➢ Long transfer lines, not fully accessible speed. Take actions upon deviation
➢ Distracted by other things
➢ Bad weather, low visibility at night
➢ Pipelines or valve position that are not easily to see
Video on “Walk the Line”
Guidance on Implementing the Process Safety Fundamentals (PSF)
o Select a limited number of PSF relevant for your operation to start. Eventually expand in next steps with
additional more specific PSF.
o Use the PSF slide to start the discussion. It is the discussion that provides the understanding of where
you really are and what can be improved!
o Establish clear agreement & procedures on the discussed PSF.
o The following activities can be used to initiate the Process Safety Fundamentals
Practice Purpose
Employee orientation (all levels) Explain PSFs and why they are important
Setting behavioral expectations Emphasize behaviors expected in relation to the PSFs
HSE days Communication of PSFs to workforce during themed HSE days / events
Toolbox talks Explanation of PSFs to workforce by supervisors
Posters Examples of types of posters used as part of a communication campaign about PSFs

o Other activities can be envisaged after launch of the PSFs (integration in existing practices and systems
– auditing, reward/recognition, post-incident review,….).

To get in the positive process safety mood, feel free to use this video made by Shell: https://www.youtube.com/watch?v=l9Fu4ydckGg
 Apply Double Isolation

Hazards: Options to get it right:

Spill of (hazardous) material can occur when a ➢ Do not rely on a single valve for positive isolation
barrier (like a valve) fails and no second barrier is in ➢ Execute regular audits to check that drains are having an
place end-cap (blind flange or screw cap) conform pipe-spec
➢ Do not accept missing blind flanges or missing bolts on
When important:
blind flanges
During routine and special operations: draining &
➢ Report and investigate all incidents from leaking drains
sampling, (un-)loading activities, utility connections
➢ Valve handles can be locked to avoid accidentally opening
Challenges in the field:
➢ Older plant design often do not provide a double barrier
➢ Blind flanges not put back after maintenance work
➢ Blind flanges not installed with bolts & missing end-caps
➢ Importance of “primary containment” not understood
➢ Valve handles that can be opened accidentally
 Empty and De-energize
before Line-breaking

Options to get it right

Hazard: ➢ Have a validated isolation plan available, that indicates numbered
Uncontrolled release of energy or a hazardous isolation points in the right sequence on a P&ID
material during the opening of piping or equipment ➢ Apply LOTO to avoid that equipment can be re-energised: that is
providing locks and labels
When important: ➢ Empty and clean equipment properly
When unbolting, unscrewing, drilling or cutting of ➢ Check the completion of the isolation plan by an independent
process equipment operator, before signing the permit to work
While working on live equipment ➢ Wear selected PPE for residual chemicals that might not be purged
or drained and provide absorbents for leaking fluids
Challenges in the field:
➢ Perform a Last Minute Risk Assessment by the mechanic or
➢ Working at the wrong location
contractor, before opening, to validate that the pressure indicator is
➢ Complexity of piping or break points arrangements
zero, the drain is open, the system is at ambient temperature, there
➢ Double block and bleed not possible
is no flow and assure you are at the right equipment
➢ Plugging of vents or drains / leaking valves
➢ Use blinds according pipe spec, that is indicated on the isolation list
➢ Installing blinds
➢ Upon changes, validate that isolation remains intact
➢ Drains at the wrong location
 Monitor an Open Drain

Hazards: Options to get it right

Unintended product release can occur during ➢ Identify the critical draining operations on site
draining from a storage tank or other
➢ Limit drain size (typical to 1 inch) to limit the release rate of
equipment to atmosphere
the hazardous chemical
When important: ➢ Spring Loaded valves can help to assure that an operator
When draining water from a tank that contains
remains present when drain time is short
hydrocarbons to a sewer.
When removing liquid from process equipment
➢ Understand the draining time necessary when starting the
draining process
Challenges in the field: ➢ Ensure the drain-valve can be closed from a safe location
➢ Distracted by other things that need attention ➢ Avoid doing something else while monitoring a draining task
➢ Long draining time ➢ In a critical situation, first stop the draining process before
➢ Bad weather leaving the drain
➢ Under estimation of the potential consequence of the
➢ Stop draining during shift handover
product being released
➢ Drain valve does not fully close
 Manage Overrides of
Safety Critical Systems

Options to get things right:

Hazard: ➢ Understand the safety critical systems and identify them in the field
Insufficient safeguards are in place when ➢ Every bypass/override needs a formal authorization based on a risk
a safety critical system is not working assessment (a special permit to work for bypass can help)
properly or is bypassed. ➢ Define the criticality of the system to bypass like the SIL level
➢ Authorisation level needs to be inline with criticality
When important: ➢ Identify solid interim protection measures and put them in action
Failure of or unreliable safety systems ➢ The bypasses must be registered in a bypass log accessible in the
Testing of interlocks control room
Turnaround or maintenance work ➢ Discuss active bypasses during shift handover
Commissioning, start-up & shutdown ➢ Determine process units that require shutdown when safety critical
systems are unavailable
Challenges in the field:
➢ Limit bypass duration, initiate a formal MOC for long term bypasses
➢ Consequences are unknown
➢ Protect safety interlocks against easy bypassing in the field
➢ Safety systems that prevent start-up
➢ Review bypassed functions daily (typically in the morning meeting)
➢ Lack of knowledge of procedure
➢ Review statistics on bypassed equipment
➢ Absence of authorizers
 Walk the Line

Hazards: Options to get it right

Spills or inadvertent mixing might occur when the ➢ Validate a correct line-up (all valves, tanks, pumps), before
transfer line is not ready for operation due to open starting the pump / transfer
ended lines or drains, wrong valve or tank line-up. ➢ Perform a check, after pump start, to detect leaking drains,
When important: hoses, flanges or pump seals
After each change in set-up of a transfer line, e.g. ➢ Use P&IDs or better isometrics during line check
start-up after shut-down, isolating equipment, ➢ Label equipment in the field, like valves, pipelines and
change of equipment, maintenance work, draining pumps to help with the field check
➢ Tag all the bleeds and drains
Challenges in the field: ➢ Validate the transfer regularly by checking the levels of the
➢ Transfers occurring around shift change-over tanks versus the calculated level from the pump flow
➢ Long transfer lines, not fully accessible speed. Take actions upon deviation
➢ Distracted by other things
➢ Bad weather, low visibility at night
➢ Pipelines or valve position that are not easily to see
 Verify Leak Tightness after
Maintenance Work

Hazard: Options to get it right:

When a flange or other equipment is ➢ Perform a leak test before introducing hazardous chemicals
closed, it can still leak, when hazardous ➢ Leak test can be done
chemicals are introduced o by introducing a less hazardous gas and perform a pressure
hold test
When important:
After work where equipment and flanges
o put soap bubbles on all flanges that have been opened
have been opened o Ultrasound measurements can detect leakages
Temperature change can influence bolt ➢ Develop criteria for acceptance of leak test results
tension and create leakages ➢ Develop a special procedure for the flange that was used in the
leak-tightness test (the flange to be closed after the leak test)
Challenges in the field:
➢ Competent people when bolting ➢ Verify proper torqueing
➢ Verification competency or procedures ➢ Validate and adjust bolt tension after heating-up the equipment
are missing ➢ Record Leak Test results
 Avoid working behind
a Single Valve

Hazard: Options to get it right:

Single valves can leak because they are ➢ Realize when it is not possible to work behind double isolation
not fully closed, are fouled or just leak ➢ Try to remove the substance or energy in the system before start working
During working behind a single valve the behind a single valve
valve might be accidentally opened or ➢ If isolation by a single valve cannot be avoided:
start leaking, releasing chemicals ▪ Validate that the single valve is not leaking e.g. at a drain point
downstream of the isolation, or by a pressure gauge
When important:
▪ Mechanically lock the isolation valve handle to avoid accidental
During and after line breaking due to a
knocking open during the task, deactivate the actuator for automated
repair or maintenance activity
valves after checking the valve fail-safe position
When the plant is not fully de-energized
▪ Mount a spade or blind flange after the single valve directly after the
Challenges in the field: line break
➢ Older plant design often might not ▪ Consider if emergency responders should be in place during the line
provide a second barrier or full block and break, until the blind-flange is placed
bleed option to isolate equipment ▪ Wear appropriate personal protective equipment (PPE) during the task
➢ Placing a blind, turning a spectacle flange ▪ Keep working time short and avoid critical process conditions during
 Verify the Condition of
Flexible Hoses

Options to get it right:

Hazard: ➢ Make sure you use the correct hose: correct material of construction and
Hazardous fluid release due to hoses temperature & pressure rating
failures ➢ Visually inspect hoses before using them and check for defects like
Wildly moving hoses at pressure release corrosion, wear or mechanical damage
when coupling gets loose ➢ Hoses (including the connections) with hazardous fluids should be
inspected periodically by an approved body and certified
When important:
➢ Avoid hoses for very toxic chemicals (like phosgene)
When using flexible hoses
➢ Hoses should be tagged and included in the maintenance schedule
When disconnecting hoses that still
➢ When not in use, hoses must be properly stored, with the appropriate
contain pressure or toxic material
bend radius, hanging straight down, or laying straight
Challenges in the field: ➢ Hoses must not be twisted or forced when connected
➢ Connections are not properly made, ➢ Connect hoses well, follow-up on possible vibrations
requiring bended or stretched hoses ➢ If required replace hoses preventively and remove old hoses from the site
➢ No good storage location available ➢ Check correct depressurization of hoses before disconnecting
 Operate within Safe Limits

Hazard: Options to get it right :

Hazardous reactions and releases or ➢ Establish safe operating limits for key process variables and for all
equipment damage can be caused when operating phases, and make them visible for operators
safe operating limits are exceeded ➢ Validate that instruments are working well
➢ Understand the critical process parameters that can result in
When important:
equipment damage and loss of containment due to deviations
Deviations from normal operation
➢ Install alarms and interlocks for critical process variables
Transient operations, batch process , start-
➢ Define actions to bring the process variable back within the operation
up / shut-down
limit
At design changes
➢ Report and discuss the cause when operating limits are exceeded
Challenges in the field: ➢ Understand the chemical hazards at non-standard conditions and
➢ Limits not well known or identified have a chemical compatibility matrix available
➢ MOC process not followed
➢ Pushing production
 Control Utility Systems
connected to a Process

Hazard: Options to get it right

When utility systems are temporarily ➢ Awareness of the hazard that utilities can be contaminated with
connected with a flexible hose to a process, process gasses or liquids
hazardous substances can flow back into the ➢ Understand the pressures in the systems and how they can
utility system deviate during operation
When important: ➢ Define suitable safeguards against backflow, at least one non-
During inerting, cleaning and unplugging return valve must be present
operational equipment using utilities ➢ Remove the utility hoses from the process directly when the task
When taking a sample a utility is needed to is completed
purge a system ➢ Ensure that the hoses applied have the same pressure rating and
chemical compatibility as the process when used in normal
Challenges in the field: operation
➢ Lack of knowledge ➢ Evaluate backflow during MoC and HAZOP studies when fixed
➢ Easy availability of utility stations & hoses connections exist between utilities and process units
➢ Hazard studies did not identify the hazard
 Report Deficiencies on
Safety Critical Equipment

Hazard: Options to get it right:

Safety Critical Equipment provides a ➢ Determine which equipment is safety critical
barrier to prevent or limit the effect of a ➢ Ensure workers know what equipment is Safety Critical, and
major incident understand the potential hazard
When important: ➢ Safety Critical Equipment must have a testing protocol and
When Safety Critical Equipment is not frequency
working properly ➢ Report failures or deviations on safety critical systems (also from
testing)
Challenges in the field ➢ Decide what action is appropriate, if necessary stop the operation
➢ A shutdown might be needed to repair the ➢ Implement interim mitigating measures that are approved, in case
broken equipment of continuing operation
➢ Not aware of the criticality ➢ Repair or replace safety critical equipment with highest priority
➢ Unawareness of the failure – no testing ➢ Analyse why equipment failed
➢ Unreadable equipment, like a fouled side glass ➢ Keeping a log on critical equipment out of service
 Unplugging of Equipment

Hazard: Options to get it right :

Unplugging might requires opening of ➢ Consider to stop production before unplugging
installations that can unexpectedly result in a ➢ Do not start unplugging without an approved plan that includes a
release of hazardous substances hazard analysis
➢ Understand the source and reason of plugging
When important: ➢ Understand the hazards while unplugged and have a mitigation
When process equipment is blocked, eg by plan for unexpected releases
fouling, polymer, corrosion, objects after ➢ Understand that instrumentation might give misreading or that
maintenance etc. safety valves do not operate properly
➢ Understand that opened equipment can still have pressurized
Challenges in the field: hazardous material inside behind the plug
➢ Unexpected severe flow restrictions ➢ Apply isolation and First Line Break principles in the unplugging
➢ No unplugging procedure or good options procedure
➢ Not wanting to stop production ➢ Do not use hazardous gas to blow out pipelines / equipment
 Stay Out of the Line of Fire

Hazard: Options to get it right :

Exposure in case of unexpected release ➢ Identify hazardous location around release points or below
of energy or chemicals or unexpected hoisted objects in the field, e.g. by lines or colours on the floor
movement of objects like a manhole, ➢ Understand release locations and remove yourself from the
also vacuum can form a hazard potential energy discharge path from release points like PSV’s,
explosion panels and plugs under pressure
When important: ➢ Keep people out of the heat radiation zone around a flare
When being in processing units that do ➢ Protect yourself (location of your body) when opening
not work at ambient pressure installations
➢ Add physical barriers to prevent people from accidentally entering
Challenges in the field: the paths
➢ Release points not designed well: e.g. PSV ➢ Verify that PSV’s are designed to always vent to a safe location
release points that end in a pathway ➢ At flange opening, first untighten the bolts that are far away from
➢ Manholes (or manway) that are stuck you
➢ Heat releases from flare
 Control (Un)loading

Options to get it right :

Hazard:
➢ Validate that the right chemical is loaded by a positive identification:
Unexpected run away reaction
analysis of a sample, inline analysis (density), certificate, barcode,
Formation of toxic chemicals
clear label
Overfilling or loss of containment
➢ Have a good procedure in place with check points
When important: ➢ Provide unique coupling for hazardous chemicals (e.g. Chlorine,
Receiving of chemicals at your site Ammonium, Ethylene oxide) to avoid wrong line-up
Loading chemicals to a tank or reactor ➢ Use colour codes (or bar codes that can be scanned) on pipelines,
Waste handling operation tubing and connection point
➢ Use professional firms for transporting the chemicals (that are ADR,
Challenges in the field: ADN & RID compliant)
➢ Lack of knowledge & guidance of the ➢ Guide contractors well that are involved in (un)loading
contractor or operator involved ➢ Assure that receiving equipment has sufficient volume available
➢ Line up ➢ Have a compatibility matrix available to understand the hazards
➢ Chemical identification
 Check Atmosphere in Fire Box
before Igniting the Burners

Options to get it right :

➢ Furnaces/boilers need to be purged well with air to remove all gasses and to
Hazard: avoid an explosive atmosphere, before igniting the burners
➢ Procedures for start of furnaces and boilers must be available, up-to-date.
When the firebox of a furnace or boiler
Management shall undertake a periodic verification of the correct execution of
has an explosive mixture by accumulation
these procedures.
of large amounts of flammable gases, this ➢ Report problems with fully automated systems (burner management systems)
will explode when igniting the burners or deviation from start-up procedure immediately
When important: ➢ Limit the number of attempts to ignite a furnace/boiler (and keep sufficient
time between attempts)
Upon start and restart
➢ Perform a leak test on the gas supply before igniting a furnace/boiler
Cold start
➢ Check atmosphere in the fire box before igniting the burners with a LEL meter
After a furnace trip ➢ Bypassing of safety instrumentation (flame eyes, gas detection,sensors) must
Challenges in the field: be managed carefully
➢ Reliability of instruments ➢ Limit the number of people in the vicinity when starting furnaces/boilers to
➢ No good procedure / practices those necessary for the start-up operation
➢ Fast restart required to avoid shut down ➢ Avoid time pressure when starting or restarting furnaces or boilers
 Avoid Splash Loading

Options to get it right:

Hazard: ➢ Assure that the loading speed in the drop-down pipe in the vessel
When loading non conductive flammable liquids, is below 1 m/s when start filling! This assures droplets are only
an explosive atmosphere will be created in the little loaded and can not form sparks.
tank, that can ignite when electrically charged ➢ When loading ships this is arranged in a ship-shore agreement,
droplets generate a spark that should include the pipe diameter and pump speed
➢ Ensure that pipelines, tanks, vessels are grounded
When important: ➢ When the filling pipe is submerged below the liquid level inside the
When transferring flammable liquids vessel or tank, the risk for splashing has gone and pump speed can
When liquids fall down and form droplets be increased
➢ Inertisation can eliminate an explosive atmosphere
Challenges in the field: ➢ Understand which chemicals are flammable liquids with low
➢ Lack of knowledge conductivity (like benzene, kerosene, butane – heptane). These are
➢ Design issues, e.g. on pump or loading dip-pipe highly hazardous as they form an explosive mixture with air and
➢ Communication (ship – shore) dissipate static electricity slowly
 Avoid Run-Away Reaction

Options to get it right :

➢ Understand the chemistry and side reactions at abnormal
Hazard:
conditions like elevated temperature
Bhopal & Seveso incidents occurred after
an exothermic exponential runaway
➢ Understand the point where cooling can not cope with the
reaction started exponential heat of the reaction (point of no return)
➢ Assure good design data is available on heat balance of all the
When important: reactions involved (like DSC curves)
Exothermic batch reactions
Storage of reactive chemicals
➢ Understand the effect of malfunctioning cooling
Unexpected Polymerization or Decomposition ➢ Have a reactivity matrix available & make sure operators know
the critical combinations of chemicals to avoid
Challenges in the field: ➢ Assure cooling is reliability and have back-up cooling available
➢ Chemistry at increased temperature can be
different or unknown to operators ➢ Validate inhibitors are present as applicable
➢ Cooling can malfunction or might not be able to ➢ Have a last line of defence like Interlocks, Breaker plates, Bunkers
cope with the exponential increase of the ➢ Have an emergency procedure: Run away in a runaway reaction!
reaction rate
 Report Process Safety Incidents

Hazard: Options to get things right:

Acceptance of small leakages, near ➢ Create a culture where reporting nasty items is considered valuable
misses or substandard practices feedback to improve safety. Have time available for that
➢ Report all spills: have an easy database to do so
When important: ➢ Follow-up on reported items and provide feed-back
When related to Safety Critical Equipment ➢ Classify LOPC according to a standard and have a KPI with a target
Small leakages & Activation of barriers ➢ Ensure workers recognise and report on TIER 3 & 4 incidents, that is
weak signals or leading indicators, that should include:
o Small leakages
Challenges in the field: o Failures of safety critical systems
➢ No open learning culture that stimulates o Activation of a last line of defence like a safety interlock
intervention by all on safety o Fires; liquid hammering; vibrations; corrosion
➢ Production pressure o Pressure or temperature outside design: like Auto-refrigeration
➢ Bad follow-up and feedback on reported o Locked or car-sealed valves not in the right position
items o Long standing or nuisance alarms
➢ Difficult reporting tools o Ignition sources in zoned area’s; Atex deficiencies
o Deviation of critical procedures
 Refernce
Pictograms
as
designed
by others