NED UNIVERSITY OF

ENGINEERING & TECHNOLOGY

DEPARTMENT OF
POLYMER & PETROCHEMICAL ENGINEERING

PP-403 Plant Utilities and Safety

by
Prof. Dr. Shazia F. Ali
Lecture no. 12 (SAFETY - ACCIDENTS)

Overview
1. Safety Program
2. Engineering Ethics
3. Accident And Loss Statistics
4. Acceptable Risk
5. Public Perceptions
6. The Nature Of Accident Process
7. Inherent Safety
8. Significant Disasters in
chemical industry

Terms ..
Safety, hazard, and risk are frequently used terms in
chemical process safety.
Their definitions are:
Safety or loss prevention: the prevention of accidents
through the use of appropriate technologies to identify the
hazards of a chemical plant and eliminate them before an
accident occurs.
Hazard: a chemical or physical condition that has the
potential to cause damage to people, environment, private
and public property and infrastructure, and businesses.
Risk: a measure of human injury, environmental damage,
or economic loss in terms of both the incident likelihood
and the magnitude of the loss or injury.
3

Ingredients Safety Program

Safety - record what needs to be done, to do what
needs to be done, to records that required tasks are
done.

Attitude - positive attitude and willingness.

Fundamentals - aware of fundamentals of chemical
process safety in design, construction & operation of
plants.

Experience - take advantage of history (learn from

previous cases), ask for help and advice.

Time - recognize that implementation of good safety

program takes time.

You everyone including (you) should take

responsibility to contribute to the safety program.
4

Good Safety vs. Outstanding Safety

Good Safety Program .
identifies and eliminates existing safety
hazards.
Outstanding Safety Program
possess management systems that prevent
the existence of safety hazard.
5

Engineering ethics
Most engineers are hired by companies who earn profits for
their shareholders.
While as an employee, an engineer must provide a service to
the company by maintaining and improving the profits, the
engineer also has the responsible for minimizing losses and to
provide a safe and secure environment for fellow workers,
family and the community.
According to AICHE . Engineers shall uphold and advance the
integrity, honor, and dignity of the engineering profession by using
their knowledge and skill for the enhancement of human welfare .
being honest and impartial and serving with fidelity the public, their
employers, and clients .. striving to increase the competence 6and
prestige of the engineering profession.

Incident or Accidents?
An incident is an unexpected event that may
result (potential for) in property change
damage but does not result in an injury or
illness. Incident are often called near misses
or near hits.
An accident is an unexpected event that has
result in property damage and in an injury or
illness to a personnel.
7

Accidents ..
An accident may be described as a result of a
chain of events in which something has gone
wrong, resulting in an undesired conclusion.
It has been shown that human intervention
may prevent the injury or damage to which
such a chain of events would otherwise lead.
However, given the fact of human
intervention, the potential exists for far more
dangerous possible chains of events than
those actually leading to injury or damage.
8

Accident and Loss Statistics

Accident and loss statistics are important measures of the
effectiveness of safety programs.
These statistics are valuable for determining whether a
process is safe or whether a safety procedure is working
effectively.
Many statistical methods are available to characterize
accident and loss performance.
These statistics must be used carefully. Like most statistics
they are only averages and do not reflect the potential for
single episodes involving substantial losses.
Unfortunately, no single method is capable of measuring all
required aspects.
9

Accident and Loss Statistics

HOW DO WE MEASUERE HOW SAFE ARE WE
HOW EFFECTIVE THE SAFETY PROGRAM AT THE
WORK PLACE IS?

The three systems considered here are:

1. OSHA incidence rate,
2. Fatal accident rate (FAR), and
3. Fatality rate, or deaths per person per year
All three methods report the number of accidents
and/or fatalities for a fixed number of workers during
a specified period.

10

Occupational Safety and Health Administration

OSHA work for the United States government.
OSHA is responsible for ensuring that workers are provided
with a safe working environment.
The OSHA incidence rate is based on cases per 100 worker
years.
A worker year is assumed to contain 2000 hours (50 work
weeks/year 40 hours/week).
The OSHA incidence rate is therefore based on 200,000 hours
of worker exposure to a hazard.
The OSHA incidence rate is calculated from the number of
occupational injuries and illnesses and the total number of
employee hours worked during the applicable period.

11

Predictive Safety Management

12

Occupational Safety and Health Administration

The OSHA incidence rate provides information on all types of

work-related injuries and illnesses, including fatalities. This
provides a better representation of worker accidents than systems
based on fatalities alone.
For instance, a plant might experience many small accidents with
resulting injuries but no fatalities.
On the other hand, fatality data cannot be extracted from the
OSHA incidence rate without additional information.
13

Fatal accident rate

Fatality Accident Report (or FAR) is used mostly by the
British chemical industry.
This statistic is used here because there are some useful
and interesting FAR data available in the open literature.
The FAR reports the number of fatalities based on 1000
employees working their entire lifetime.
The employees are assumed to work a total of 50 years.
Thus the FAR is based on 108 working hours.
The resulting equation is

14

OSHA & FAR

15

OSHA & FAR

Both the OSHA incidence rate and the FAR depend on the
number of exposed hours.
An employee working a ten-hour shift is at greater total risk
than one working an eight-hour shift.
A FAR can be converted to a fatality rate (or vice versa) if the
number of exposed hours is known.
The OSHA incidence rate cannot be readily converted to a
FAR or fatality rate because it contains both injury and
fatality information.

16

Fatality Rate
The Fatality Rate FR (or deaths per person per
year).
This system is independent of the number of hours
actually worked and reports only the number of
fatalities expected per person per year.
This approach is useful for performing calculations
on the general population, where the number of
exposed hours is poorly defined.
The applicable equation is

17

Fatality Rate

18

19

Acceptable risk
Risk is a measure of human injury, environmental
damage, or economic loss in terms of both the
incident likelihood and the magnitude of the loss or
injury.
Risk cannot be eliminated.
Everything, be it driving a car or running a chemical
plant, has a certain risk associated with it.
At some point in a design (or in operation),
someone will have to decide if the risks are
acceptable.
20

Acceptable risk

21

Public Perceptions
The general public has great difficulty agreeing to the
involuntary nature of acceptable risk.
The chemical plant designers assumes that the risks are
satisfactory to the people living near the plant, but frequently
the civilians are not aware what the risks are.
A survey conducted on Would you say chemicals do more
good than harm, more harm than good or about the same
amount of eacgh showed that almost even three way split
28% more good than harm
29% more harm than good
38% same amount of good than harm
22

The Nature of Accident Process

Chemical plant accidents
follow typical patterns.
fires (most common)
explosion and

Fatalities follow reverse i.e.

greatest potential for Fatalities

toxic release.
Economic loss is consistently
high for accidents involving
explosions.

23

The Nature of Accident Process

24

The Nature of Accident Process

25

Controlling Accident/ Prevention

Safety control techniques
Accidents in general involve a three-step sequence:
1. Initiation (the event that starts the accident)
2. Propagation of events (the event or events that maintain or
expand the accident),
3. Termination (the event or events that stop the accident or
diminish it in size)
Safety engineering involves eliminating the initiating step
and terminating the propagation steps.
The general idea is to work on all three steps to insure that
accidents, even if initiated, do not propagate and will
26
terminate quickly.

Controlling Accident/ Prevention

27

Predictive Safety Management

Accidents follow a three-step process.
The following chemical plant accident illustrates these steps.
1. Initiation - A worker walking across a high walkway in a process
plant stumbles and falls toward the edge. (TRIPPING)
2. Propagation of events - To prevent the fall, he grabs a nearby
valve stem. Unfortunately, the valve stem shears off and
flammable liquid begins to spew out. A cloud of flammable vapor
rapidly forms and is ignited by a nearby truck. The explosion and
fire quickly spread to nearby equipment. (PROPAGATION)
3. Termination The resulting fire lasts for six days until all flammable
materials in the plant are consumed, and the plant is completely
destroyed. (TERMINATED BY CONSUMPTION OF ALL FLAMMABLE
MATERIALS )

NOTE: This disaster occurred in 1969 and led to an economic loss

of $4,161,000. It demonstrates an important point: Even the
28
simplest accident can result in a major catastrophe.

Safety Engineering
Safety engineering involves eliminating the initiating step
and replacing the propagation steps with termination
events.
In theory, accidents can be stopped by eliminating the
initiating step.
In practice this is not effective: It is unrealistic to expect
elimination of all initiations.
A much more effective approach is to work on all three
areas to ensure that accidents, once initiated, do not
propagate and will terminates quickly as possible.

29

Safety Levels

Prevention
Mechanical Integrity
Predictive preventive
Maintenance,
Inspection
Testing, Operator
training, Human
factors etc.

Control
Automatic
process
Control
systems
Manual
controls
O-line
systems
Backup
systems

Protection
Alarms
Operator
intervention
Interlocks, trips,
emergency
shutdown, last
resort
controls\emergency
relief
Ignition source
control

Mitigation
Emergency
response
Sprinkler,
deluge
trench
blast wall,
barricade, water
curtain,
personnel
protective
equipment.

30

Inherent Safety
An inherently safe plant relies on chemistry and
physics to prevent accidents rather than on control
systems, interlocks, redundancy, and special
operating to prevent accidents.
Example: A process that does not require complex
safety interlocks and elaborate procedures is
simpler, easier to operate, and more reliable.
Smaller equipment, operated at less severe
temperatures and pressures, has lower capital and
operating costs.

31

Inherent Safety
In general, the safety of a process relies on multiple
layers of protection.
The first layer of protection is the process design
features.
Subsequent layers include control systems, interlocks,
safety shutdown systems, protective systems, alarms,
and emergency response plans.
Inherent safety is a part of all layers of protection;
however, it is especially directed toward process design
features.
An inherently safer plant is more tolerant of operator
errors and abnormal conditions and is often the most cost
32
effective.

Inherent Safety
What to do - Example/Application - (what it does)

1. Minimize - Change from large batch reactor to a

smaller continuous reactor - (intensification)
2. Substitute - Use mechanical pump seals vs.
packing - (substitution)
3. Moderate - Use vacuum to reduce boiling point (attenuation and limitation of effects)
4. Simplify - Keep piping systems neat and visually
easy to follow - (simplification and error tolerance)
33

Inherent Safety

34

Significant Disasters
The four most cited accidents:
1. Flixborough, England
2. Bhopal, India
3. Seveso, Italy
4. Pasadena, Texas
All these accidents had a significant impact on
public perceptions and the chemical engineering
profession that added new emphasis and
standards in the practice of safety.
35

Case History - Examples

1974 Flixborough, England Explosion and
Fire (10 days)
Caprolactum (ingredient fro nylon) from cyclohexane
28 fatalities, 36 injured; damage ? (433850 gallons of
hydrocarbon whole facility leveled to ground + 1821
houses, 167 shops/factories)

HAZARD:
Flammable
Cyclohexane (30 tons)
Volatilized to from vapour cloud
36

Case History - Examples

1984 Bhopal, India 25 tons of toxic vapour

released (Methyl isocyanate-MIC, causes
exothermic reaction with water, requires
refrigerant cooling,).
Failure of Relief & Flare system
2,500 immediate fatalities; 20,000+ total
Many other offsite injuries

HAZARD:
Highly Toxic
Methyl
Isocyanate
37

Case History - Examples

1976 Seveso, Italy Explosion
2 kg toxic trichlorophenol (most toxic) release
through relief as vapour cloud as reactor went out
of control.
250 of chloracne, 600 evacuated, 2000 given blood test
Area fenced till this day

HAZARD:
Toxic trichlorophenol
vapour released
38

Case History - Examples

1984 Mexico City, Mexico Explosion
A BLEVE at an LPG Terminal near Mexico City resulted in
650 deaths and over 6,400 injuriesalong with $31.3 M
damages

HAZARD:
Flammable LPG
in tank

39

Case History - Examples

1988 Norco, LA Explosion
7 onsite fatalities, 42 injured
$400M+ damages

HAZARD:
Flammable
hydrocarbon vapors

40/49

Case History - Examples

1989 Pasadena, TX Explosion and Fire after
accidental release of 85000nflammable mixture
of ethylene, isobutane, hexane and hydrogen.
23 fatalities, 130 injured; damage $800M+

HAZARD:
Flammable
ethylene/isobutane
ethylene/
isobutane
vapors in a 10 line
41

Case History - Examples

42

Case History - Examples

October 4, 2010: Alumina plant accident, Ajka, Hungary.

Toxic Allyl Alcohol Release Dalton Georgia, April 2004
TEXAS CITY, TEXAS, US - March 23, 2005
JILIN CITY, CHINA - November 13, 2005
TOULOUSE, FRANCE - September 21, 2001
SCHWEIZERHALLE, SWITZERLAND - November 1, 1986
Phenol-Formaldehyde Runaway Reactions at different
industrial facilities between 1989 and 1997 in US
Thiokol-Woodbine Explosion, Georgia, February 3, 1971
BASF's Ludwigshafen Explosion, Germany in 1948
TEXAS CITY, TEXAS, US - April 16, 1947
OPPAU, GERMANY - September 21, 1921
1932-1968: The Minamata disaster

43

Other Cases- Chemical reactivity

1a. Chemical reactivity
A pesticides manufacturing plant in Bhopal, India, 1984.
A storage tank containing the intermediate methyl
isocyanate (MIC) was contaminated with water. (MIC reacts
exothermically with water.)
A chemical reaction heated the MIC to a temperature past
its boiling point. The vapors traveled past a non-functioning
scrubber and flare system.
An estimated 25-tons of toxic MIC vapor was released.
No plant equipment was damaged, but the MIC vapor killed
over 2,000 civilians and injured at least 20,000 more.
Problem: large inventory of
reactive intermediate; equipment failure; lack of emergency
response procedure.
44

Other Cases- Chemical reactivity

1b. Chemical reactivity
A reactor experienced a violent reaction resulting in the tank
being driven through the floor, out the wall and through the
roof of an adjoining building.
The reactor was designed to contain sulfuric acid &
nitrobenzene sulfonic acid which was known to decompose
at 200 C.
Steam had leaked into the heating jacket and brought the
temperature to 150 C.
Subsequent tests showed that decomposition occurs above
145 C.
Problem: lack of precise reaction decomposition data.
45

Other Cases- Static electricity

2. Static electricity
A slurry containing a solvent mixture of
methylcyclohexane and toluene was being fed
into a basket centrifuge.
When a foreman lifted the lid to take a look, a
flame was released and the mixture exploded.
The centrifuge was lined.
Problem: accident investigation indicated that a
flammable atmosphere was developed due to an
air leak.
The lined centrifuge was the source of ignition due
to static accumulation and discharge.
46

Other Cases- System design

3. System designs
A process storage tank containing 6,500 gallons of ethylene
oxide was accidentally contaminated with ammonia. The tank
ruptured and dispersed ethylene oxide into the air. A vapor
cloud was formed and immediately exploded with a force
equivalent to 18 tons of TNT. Problem: lack of design
protection to prevent the back-up ammonia into the storage
tank.
Vibration from a bad pump caused a pump seal to fail in a
cumene section of a phenol acetone unit. The released
flammable liquids and vapors ignited and an explosion
ruptured other process pipes adding fuel to the original fire.
Damage to the plant exceeded $23 million.
Problem: lack of inspection and maintenance program.
Potential design improvements include vibration detectors,
47
gas analyzers, block valves and deluge systems.

So, Why do the same

accidents and injuries
happen again and again?
Not Investigated and Documented.
Poor Quality.
Not Publicized.
Root Causes are not found and ELIMINATED!
No one is held accountable.
48

Review Questions
1. Define the following: Safety or loss prevention, Hazard,
Risk, OSHA incidence rate, Fatal accident rate (FAR),
Fatality rate, lost working days.
2. What is meant by Incident and Accident?
3. A process (coal mining industry) has OSHA incident rate of
2.22. If an employees work for standard 8-hr shift 300 days
per year, compute number of cases (injuries & illness) per
year.
4. A plant employs 1500 full-time workers in a process with a
FAR of 5. How many industrial related deaths are expected
each year?
5. What is meant by inherent safety?
6. Enlist the steps for defeating accident.
7. Explain the four levels of safety.
49

Review Questions
8.

50