Prevention through design: adopting inherently safer approaches
15 August 2014
Graeme Ellis, principal safety consultant at ABB Consulting, has been responsible for developing new Inherent Safety in Design (ISD) guidance on behalf of the Energy Institute. Here, he outlines the benefits this method brings compared to traditional safety approaches, as presented at the unveiling of the new guidance at Hazards 24, IChemE’s leading process safety conference which took place in Edinburgh in May 2014.
Process safety accidents normally involve the failure of several protective barriers, leading to the tightening of management controls to assure performance. But what about the alternative? The ‘inherently safe approach’ involves removing hazards or minimising their consequences through initial design rather than relying on ‘bolt-on’ protection that can, and does, fail.
The Health and Safety Executive (HSE) defines this ‘inherently safe’ approach to hazard management as “one that tries to avoid or eliminate hazards, or reduce their magnitude, severity, or likelihood of occurrence, by careful attention to the fundamental design and layout.”
Whilst there are good examples of inherently safe designs in a range of industries from process to energy industry, there is a noticeable lack of design methods to ensure opportunities are systematically identified and exploited. What is required is a change of approach amongst project leaders in the upstream and downstream energy industry, away from a design culture that currently favours ‘bolt-on’ safety features.
The first issue of the Energy Institute (EI) guidance on Inherent Safety was published in 2005 and aimed to reduce the occurrences of unnecessary risks in design safety cases for the UK offshore oil and gas sector. Now, nine years later in 2014, it is necessary to bring the guidance up-to-date to meet new regulations and be more widely applied throughout the energy sector. The scope of this new guidance has been broadened to large and small organisations covering offshore production platforms, onshore refineries, fuel storage facilities, and power generation stations.
The guidance proposes that companies should develop procedures to ensure that options to improve inherent safety are systematically reviewed throughout the design lifecycle. This should mean that all opportunities to eliminate or minimize hazards at source have been assessed.
It is recognised that implementing improvements will in practice be subject to cost, schedule and technology constraints. Assessments should consider total project and lifecycle costs, as inherent safety options may require more expensive major equipment items whilst reducing the overall capital and operating expenditure.
Traditional approach versus inherently safer approach
If we take an example of a common hazard we can compare and contrast the traditional approach taken by design teams with an alternative inherently safer approach that could be adopted. A common hazard is the overpressure and rupture of a vessel due to a loss of temperature control.
A traditional safety approach would involve designing a vessel for normal operating pressures and then adding a high temperature trip, isolating the heating system and a pressure relief system designed for the maximum rate of vaporisation. Incorporating these protective features will require additional costs as well as maintenance costs which need to be factored in. With an inherent safety approach the key is elimination - this means a vessel with its design pressure above the maximum credible pressure – with the costlier vessel offset by savings in providing and maintaining the add-on systems.
For major projects in the energy industry, an inherent safety workshop at the concept selection stage is recommended, before HAZID (Hazard Identification) studies required during the subsequent front-end engineering design (FEED) stage.
The concept stage workshop should ensure that:
• project objectives and processes are fully understood;
• project impact on existing facilities are fully considered;
• learnings are taken from relavant process safety incidents;
• the introduction of news hazardous substances are taken into consideration;
• new process technologies and conditions are taken into consideration;
• new updates to regulatory process safety documentation are reviewed and applied;
• Increased hazards to people, transportation methods and external hazards such as earthquakes are fully considered;
• suitable Design Guidelines, Codes of Practice, and Standards are factored into plans; and
• existing emergency facilities are adequate to meet increased demands.
An inherent safety workshop will not be appropriate for all projects particularly where existing technology is required. When it is suitable, the workshop team identifies potential hazardous events based on a process block diagram and applies inherent safety principles to identify improvement options, following the inherent safety principles hierarchy: elimination, substitution, minimisation, moderation, segregation and simplification.
| Principle |
| Meaning |
| Elimination |
| Avoid the hazard completely |
| Substitution |
| Reduce the hazard severity by changing nature of hazard |
| Minimisation |
| Reduce the hazard severity by changing scale of hazard |
| Moderation |
| Reduce the hazard severity by minimising the impact of a release or hazardous event |
| Segregation |
| Limitation of effects reducing potential for hazard to cause harm |
| Simplification |
| Reduce the hazard likelihood by inherent features of the design |
: A Table outlining the principles of inherent safety
For every process option there should be a process block diagram, which should be carefully considered and prepared in advance. For example a new offshore production may well include options for subsea facilities, a normally unmanned installation, or a fully occupied platform. Each block should represent a process system, e.g. storage, heating, separation, or transfer. The blocks and connecting lines should show basic process parameters such as pressure, temperature and fluid composition.
The inherent safety workshop team firstly ‘brainstorms’ potential hazardous events at each process block based on its knowledge and experience. The inherent safety principles will then be applied to assess process design options, focussing on elimination or reduction of the hazard, rather than reducing the likelihood by providing ‘bolt-on’ risk reduction measures. Cost-benefit analysis
Following the inherent safety workshop several design options may need to be assessed for either a process system or an entire process route. Some form of cost-benefit analysis will often be required to choose between options, although in many cases a simple qualitative judgement by an experienced study team should be sufficient.
It is at this point that a HAZID study at the subsequent FEED stage further identifies credible hazard scenarios and assesses whether further measures are required to reduce risks to a tolerable level. HAZID study teams often default to providing additional ‘add-on’ risk reduction measures to reduce the event likelihood, rather than first looking for inherently safer options. It is recommended that procedures for HAZID studies are reviewed, to ensure that the team is encouraged to fully explore inherently safer design options. The focus for improvement is elimination
Throughout the energy industry there is an acceptance of the importance of inherent safety principles, however the application of structured reviews during the design stage of projects has not gained general acceptance in a similar way to traditional approaches such as HAZID and Hazard and Operability (HAZOP) studies. The main difference is that the ISD focus for improvement is elimination and reduction of hazards rather than provision of ‘add on’ risk reduction measures.
Whilst process designers will point to examples of inherent safety features considered to be good practice, I believe that opportunities for applying inherent safety in design are not being systematically assessed. This is potentially due to a lack of awareness of this topic or lack of tools to be applied during normal projects to encourage inherent safety thinking. Design teams may also believe there is a lack of opportunity to apply inherent safety in design for established technology, particularly when the basic design is ’standardised’ or provided under license.
Inherent safety in design can however be applied to all stages of the design lifecycle, although it is generally agreed that the greatest benefits will be obtained during the early concept stage. Legislative drivers
There is an increasing expectation from US and EU regulators that inherent safety is assessed during the early stages of design. The EU Offshore Safety directive 2013 related to offshore oil and gas operations requires “a description of the design process for the production operations and systems, from an initial concept to the submitted design or selection of an existing installation, the relevant standards used, and the design concepts included in the process”, and later requires the Competent Authority to ensure “how the design decisions described in the design notification have taken account of risk management so as to ensure inherent safety and environmental principles are incorporated.”
Failure to comply with requirements such as those stated in the EU Safety Offshore Directive (2013) or guidance on the EU onshore ‘Seveso III’ Directive, could result in significant delays and costs at later stages of the project.
On the other hand there is the US OSHA PSM standard, a standard which requires companies handling hazardous substances to carry out Process Hazard Analysis to identify and assess hazards, but has no specific requirement for inherent safety in design. However, there is an increasing awareness of the importance of ISD in the US, and some States are starting to mandate inherent safety assessments for new process designs.
Aside from these legislative drivers, there are many benefits from applying inherent safety early in the project before decisions have been made on the choice of equipment. At this early stage, the design only appears ‘on paper’, allowing significant changes to be made, achieving substantial reduction in risks, and potentially reducing the overall lifecycle costs. As the design progresses and the process is increasingly fixed, it becomes more difficult and costly to make changes and the benefits in terms of hazard and risk reduction on the overall process become limited.
The new ISD guidance (Energy Institute, 2014) outlines how the effective application of inherent safety in design can provide the following benefits:
• unlike traditional approaches to process safety that require expensive 'add-on' risk reduction measures, inherent safety in design provides an opportunity to identify improvements that can reduce overall capital and operating expenditure;
• the principle of 'minimisation' challenges large inventories of dangerous substances and promotes smaller equipment with reduced cost and weight, particularly beneficial for offshore platforms;
• eliminating or reducing hazards early in the design will avoid potential delays caused by re-design to meet risk criteria;
• reduction in process equipment and 'add-on' safety systems reducing the time for design, procurement, construction and installation;
• less reliance on 'add-on' safety systems decreases maintenance, repair and inspection costs during facility lifecycle; and
• reducing the number of hazardous activities and hence number of personnel exposed to risks and the likelihood for human failure.
In many cases the benefits of an inherent safety improvement option will be clear, whereas in other cases there may be conflicts between options that need detailed assessment to resolve. There may also be conflicting pressures on the project team, including factors such as cost implications, operational flexibility, personal preferences, available information or pressures due to project schedule. Conclusions
Inherent safety is not a new topic but the process industry has often failed to maximise the hazard reduction potential from this approach and reap the benefits including reduced lifecycle costs. Whilst international codes of practice often fail to promote inherent safety and can perpetuate risk reduction using ‘bolt-on’ safety systems, global regulators are now requiring demonstrations that inherent safety improvement options have been effectively assessed using structured techniques.
The main additional requirement for design teams is to carry out structured inherent safety workshops during the concept stage when the greatest opportunity exists to benefit from applying inherent safety. The inherent safety approach has reduced benefits during the latter stages of design, but should nevertheless be actively encouraged during HAZID and HAZOP studies as a preferred option in place of traditional ‘bolt-on’ safety systems.
The most inherently safe process will not always be the most attractive economically and the technology may be unproven. Design teams should be aware that technology continues to evolve, and inherent safety options that are not economically attractive for a current project should be retained for consideration on future projects. The design stage presents the greatest opportunity to reduce risks from process facilities that pose the potential for significant harm to both people and the environment. The Energy Institute’s Inherent Safety in Design (ISD) guidance was unveiled at Hazards 24, IChemE’s process safety conference which took place in Edinburgh in May 2014.
Contact Details and Archive...