Mary Kay O’Connor Process Safety Center
Practical Risk Reduction
in the Petroleum Industry
May 2006
Mary Kay O’Connor Process Safety Center
Artie McFerrin Department of Chemical Engineering
Texas Engineering Experiment Station
Texas A&M University System
3122 TAMU
College Station, TX 77843-3122
(979) 845-3489
http://process-safety.tamu.edu
Practical Risk Reduction in the Petroleum Industry
The research presented in this report was conducted by the Mary Kay O’Connor Process
Safety Center at Texas A&M University. The opinions and analysis expressed in this report
are solely the responsibility of the Mary Kay O’Connor Process Safety Center. Partial
funding provided by the American Petroleum Institute is appreciated.
© Copyright 2006. Mary Kay O’Connor Process Safety Center. All rights reserved.
College Station, Texas, USA, May 2006
2
Table of Contents
Introduction & Scope......................................................................................................................................3
Practical Risk Management in the Petroleum Industry...................................................................................3
Widely-Used Methods for Process Hazard and Safety Analysis .............................................................5
Safety Audit/Checklist Analysis....................................................................................................6
What-If Analysis ...........................................................................................................................6
Dow Fire and Explosion Index (F&EI).........................................................................................6
Mond Fire and Explosion and Toxicity Index...............................................................................7
Failure Mode and Effects Analysis (FMEA).................................................................................7
Hazard and Operability Study (HAZOP) ......................................................................................7
Quantitative Risk Assessment (QRA) and Layer of Protection Analysis (LOPA) ........................8
Fault Tree Analysis (FTA).............................................................................................................9
Hazard Identification and Risk Assessment Programs in the Petroleum Industry...................................9
API’s Risk Based Inspection (RBI).............................................................................................10
Reliability Centered Maintenance (RCM) ..................................................................................10
Inherent Safety, Health and Environment (ISHE) Review..........................................................11
SHE Non-Process Quality Control (NPQC) ...............................................................................11
Major Accident / Higher Level Risk Assessment........................................................................11
Security and Safeguards Risk Assessment ..................................................................................12
Scenario-Based Operating Area Risk Assessment ......................................................................12
Fire Protection Survey.................................................................................................................12
Marine Terminal Survey..............................................................................................................13
Safety Relief Valve and Flare Header Review ............................................................................13
Facility Siting/Building Study.....................................................................................................13
Exposure Assessment Strategy....................................................................................................14
Security & Safeguards Qualitative Risk Assessment (SSQRA)..................................................14
Hazards Analysis for Machinery Safety (HAZAMS) .................................................................14
Other Lesser-Known Methods for Process Hazard and Safety Analysis ...............................................15
Risk Management Program...........................................................................................................................16
Risk Acceptance and Risk Criteria ...............................................................................................................18
Inherent Safety Principles .............................................................................................................................23
Intensification ........................................................................................................................................24
Substitution............................................................................................................................................26
Attenuation ............................................................................................................................................27
Simplification ........................................................................................................................................29
Summary.......................................................................................................................................................30
Appendix.......................................................................................................................................................31
Concepts of Risk and Associated Terms .......................................................................................................31
References.....................................................................................................................................................34
1
Figures & Tables
Figure 1. Risk Management Program Elements ......................................................................16
Figure 2. Level of Risks and ALARP ......................................................................................20
Figure 3. An Example of Risk Acceptance Criteria Based on Risk Matrix.............................21
Figure 4. Two Designs for Liquefied Petroleum Gas Separation Unit ....................................25
Figure 5. LNG storage tank .....................................................................................................28
Figure 6. Pumped Acid Reactor Technology ...........................................................................29
Figure 7. Gravity Flow Reactor Technology ...........................................................................30
Table 1. Published Acceptable Values of Risk .........................................................................22
2
Practical Risk Reduction in the Petroleum Industry
Introduction & Scope
The purpose of this document is to present the fundamental concepts of practical risk
management within the U. S. petroleum industry and explore the application of inherently
safer design concepts within this context. This document begins with a discussion on the
comprehensive risk management programs that are currently being used at many petroleum
sites to assist in managing risk. There also is a discussion on hazards, inherently safer
design and risk acceptance criteria.
This is followed by recommended practices and
guidelines for hazard analysis and management that are published by some industrial
organizations, e.g., the American Petroleum Institute and the Center for Chemical Process
Safety (CCPS).
Practical Risk Management in the Petroleum Industry
The objective of the risk management process is to ensure that all operating hazards are
properly identified and prioritized based on their potential consequences and likelihood of
failure. Practical risk management includes the elements of cost and technical feasibility.
While it may be desirable to eliminate all hazards and their associated risk from the operating
environment, it some cases this ultimate goal may not be practical due to financial and
technical limitations. Therefore, an effective risk management process provides management
a tool to help identify hazards that present the highest risk to the company, its workers and the
surrounding community. With this information, management can effectively allocate
resources based on risk and focus efforts to continue operating safely.
The risk management process involves identifying, analyzing, and assessing the significance
of potential risks, and determining whether cost-effective prevention and mitigation measures
are available to reduce their consequences and / or their likelihood of occurrence as low as is
practical. Risk management is an ongoing activity with technology, equipment design and
3
operating practices continuously evolving. What may not be practical today may be
achievable in the future.
This process of risk management has served the industry and its workers well over the course
of history. Safety statistics collected by the Government and others shows a history of
relatively safe operations, proving that the overall pool of risk can be managed effectively.
Risk assessment is the application of policies and practices to identify, assess, and control risk
in order to protect human life, the environment, physical assets and company reputation in a
cost-effective manner.
It is a multi-faceted activity encompassing business strategy,
economics, resource allocation and public affairs considerations.
Well-defined work
processes, trained and qualified personnel, and well balanced, cross functional teams with a
wide spectrum of experience including safety, design, operations and maintenance experience
are essential for successful risk assessment activities.
Decision analysis is another part of risk management, which considers the significance of the
risk under study, evaluates the attractiveness of potential risk reduction measures, and decides
the course of further action. Once a risk assessment has been conducted and possible risk
reduction measures identified, implementation plans are developed considering prioritization
of effort and allocation of resources. In some cases, there may be only one practical risk
reduction or risk elimination measure. The potential benefits of risk reduction measures must
be evaluated against potential implementation risks that are introduced. Considerable
judgment is involved in this activity, since the benefits and cost effectiveness of potential risk
reduction measures may be difficult to quantify and must be balanced against other
operational drivers.
To evaluate existing risk and compare risks of potential alternatives, practical risk reduction
must assess the processes in terms of the holistic impact to the greater system.
includes two elements.
Holistic risk
First, all major hazards (flammability, toxicity, corrosion resistance,
reactivity, transportation and risk migration) must be considered when evaluating the impact
4
of practical risk reduction measures.
Second, practical risk reduction must include a
lifecycle analysis from a holistic viewpoint that evaluates each stage on criteria such as
economy, quality, productivity, energy conservation and pollution prevention (Bollinger, et al.,
1996).
The petroleum industry uses a variety of risk assessment methods. The applicability and
feasibility of a particular method depends on the nature of the process under study as well as
a company’s particular preference.
a holistic risk analysis.
Many processes may require several methods to perform
The resultant holistic risk can be qualitative or quantitative
depending on the information available and the method employed.
Some companies
employ enterprise-specific programs that are adapted and tailored for their particular facilities
and activities.
The existing methodologies can be separated into three classes: widely-used methods,
company-tailored specific programs and lesser-known methods and are discussed below.
Widely-Used Methods for Process Hazard and Safety Analysis
Process hazard identification and risk assessment methods can be categorized into two main
categories based on their complexity. The higher the complexity, the more knowledge or
experience the team must have and the more data and resources that are needed.
Some
simple methodologies require only basic process data and include Safety Audit, Checklist
Analysis, What-If Analysis, Dow Fire and Explosion Index (F&EI), Mond Index and Failure
Mode and Effects Analysis (FMEA). Other methodologies, such as Hazard and Operability
Study (HAZOP), Quantitative Risk Analysis (QRA), Layer of Protection Analysis (LOPA)
and Fault Tree Analysis (FTA) are considered more complex.
These methods are briefly
described below in order of increasing complexity.
5
Safety Audit/Checklist Analysis
Safety Audit or Checklist Analysis is one of the first methods applied for hazard identification
and management. It is a list of possible problems and areas to be checked based on the
nature of and experience with the system.
A checklist is often used for identifying potential
hazards during process design or before process operation.
What-If Analysis
The What-If Analysis is a brainstorming method frequently used by industry at almost every
stage of a process. A multidisciplinary team with personnel who are familiar with the
process brainstorm questions about possible undesired events due to hazards. There is no
inherent structure as with HAZOP or FMEA.
Dow Fire and Explosion Index (F&EI)
The Dow F&EI was developed by the Dow Chemical Company in 1964 and is one of the
most widely-used hazard evaluation indices (AIChE, 1994; Scheffler, 1994; Brasie, 1976).
It divides the plant into units and then calculates the hazards of chemical substances in terms
of a material factor that is then modified by penalty factors for general and special process
hazards and credit factors for loss control measures and devices.
Expert knowledge and
empirical experience are applied to the penalty and credit factors of this method. Although
the Dow F&EI is an easy method to apply, it has some limitations.
It may lead to
oversimplification when applied mechanically without considering the specific situation of
the plant (King, 1999). Specific adjustments are needed according to the characteristics of
the plant.
For example, Gupta (1997) suggested increasing some penalty factors for plants
located in developing countries.
Kletz (1980) cautioned that some of the numbers are
arbitrary. The values of the weighting factors for combining the sub-indices are subject to
controversy as well.
6
Mond Fire and Explosion and Toxicity Index
The Mond Fire and Explosion and Toxicity Index was developed by ICI in 1979. It is based
on the Dow F&EI, but introduces toxicity as an additional factor.
The overall index is
calculated by combining indices for general and special process hazards, quantity hazards,
layout hazards, acute health hazards, and cost of equipment and pipework (King, 1999; Khan
and Abbasi, 1998a; Lewis, 1980).
Failure Mode and Effects Analysis (FMEA)
The objective of FMEA is to analyze failure modes of each item of equipment and their
effects on a system or plant. The failure mode describes how equipment fails (e.g., open,
closed, on, off, leaks) and the effects of the failure modes. Human operator errors are
usually not included in FMEA, but the effects of an operational mishap are often indicated by
an equipment failure mode. The FMEA method requires a system or plant equipment list or
knowledge of equipment functions, failure modes and knowledge of system or plant
responses to equipment failure. FMEA is not efficient for systems where complex logic
exists in the equipment failures.
Normally it cannot handle interactions among several
components (CCPS, 1992).
Hazard and Operability Study (HAZOP)
The HAZOP method was developed by ICI in 1963 and published in 1974 by Lawley (Kletz,
1999).
It is the most commonly used method to identify and evaluate potential hazards in a
process plant and to identify operability problems that could compromise the plant’s ability to
achieve design intent (Lees, 1996; Kletz, 1999; CCPS, 1992; Crowl and Louvar, 2002).
This systematic analysis technique requires a detailed source of information for the design
and operation of a process, such as current process flow diagrams (PFDs), process and
instrumentation diagrams (P&IDs), detailed equipment specifications, materials of
7
construction and mass and energy balances. It is most often used during or after the detailed
design stage, and it is applied to each individual piece of equipment or system of the unit or
plant analyzed.
For each assumed deviation based on guide words (e.g., more, less, no)
associated with process variables (e.g., flow, temperature, pressure, concentration, pH,
viscosity, state), the resultant conditions are assessed in terms of potential negative safety
consequences and existing safeguards.
Quantitative Risk Assessment (QRA) and Layer of Protection Analysis (LOPA)
QRA and LOPA are two other risk assessment methods used by the petroleum industry. The
frequency of a release is calculated using a combination of event trees, fault trees or an
appropriate adaptation from both methods.
QRA is a method that systematically identifies where operations, engineering or management
systems can be modified to reduce risk, based on a quantitative estimate of incident
frequency and consequence. QRA can help managers evaluate the overall risk of a process
(Crowl and Louvar, 2002; CCPS, 2000).
LOPA is a semi-quantitative method based on a system of protection layers that includes
simplified approaches to characterize the consequences and estimate the frequencies for risk
determinations. The protection layers include inherently safer concepts, process control
systems, safety instrumented functions, passive and active protection devices and procedural
intervention.
The combined effects of the protection layers are compared with certain risk
tolerance criteria, such as frequencies of fatalities and fires, a maximum frequency for a
specific category of consequence, and a required number of independent layers of protection
for a specific consequence category (Crowl and Louvar, 2002; CCPS, 2001). Normally
LOPA yields more conservative results than QRA because the effectiveness of each
protection layer is conservatively estimated. Both QRA and LOPA methods are especially
effective for evaluating alternative risk reduction strategies.
8
Fault Tree Analysis (FTA)
Fault Tree Analysis (FTA) originated in the aerospace industry and has been used extensively
in the nuclear power industry.
This method, which was introduced into the chemical
industry in the late 1970s by Lapp and Powers, provides a deductive method for determining
causes of the focused event (top event). By using Boolean logic gates (AND, OR) to relate
equipment failure and human error, a FTA generates system failure logic models.
FTA is
suited for analyzing highly redundant systems compared to single-failure-oriented techniques
(e.g., FMEA, HAZOP).
The methodology is powerful and comprehensive, but very demanding because it requires a
detailed understanding of how the plant or system functions, detailed process drawings and
procedures and knowledge of component failure modes and their effects (CCPS, 1992). It is
especially time-consuming to generate the tree of events leading to the top event. Normally
only experts who know the methodology and are familiar with the process can perform it.
Automatic generation of the tree is still under research (Wang et al., 2001). Moreover,
incident probabilities and failure frequencies are used in the FTA. These data are not always
available and sometimes must be estimated with significant uncertainty (CCPS, 1993).
Hazard Identification and Risk Assessment Programs in the Petroleum Industry
The methodologies mentioned above have been adapted in the petroleum industry according
to individual needs and applications. The petroleum industry often exceeds the regulatory
requirements for OSHA Process Safety Management (PMS) and EPA Risk Management
Program (RMP) by adopting additional safety and management systems.
An example is the
implementation of structured reliability centered maintenance (RCM) techniques for planning
maintenance functions, together with Risk Based Inspection (RBI).
In this approach,
reductions in operational risk are achieved through optimization of inspection by analyzing
9
those components considered most critical.
There are several risk assessment/management programs employed by the petroleum industry
including:
API’s Risk Based Inspection (RBI)
Risk Based Inspection (RBI) is the methodology that factors risk into inspection and
maintenance decision-making (Reynolds, 1998). RBI is both a quantitative and qualitative
process for systematically combining the failure probabilities and consequences to establish a
prioritized list of equipment based on their associated risk. This prioritized list guides the
RBI user in the development of an inspection and maintenance program that manages the risk
of equipment failures.
It also combines engineering knowledge in the area of corrosion
mechanisms and integrates it with the inspection program.
RBI categorizes analysis
outcomes into four basic risks: flammable events, toxic releases, major environmental
damages and business interruption losses.
It covers only pressurized equipment, such as
vessels, columns, heat exchangers, piping, furnace tubes, and tanks and does not cover
non-pressurized equipment, such as instrument systems, controllers and electrical gears.
Reliability Centered Maintenance (RCM)
RCM aims to determine the most cost-effective maintenance strategy with the active support
and cooperation of all people involved for each type of failure process. This strategy is
accomplished by answering a series of questions about equipment functions, failures,
performance standards and impact of failures. From these questions, a predictive
maintenance strategy is developed to mitigate the consequences of a failure based on the
criticality of the failure mode.
Based on the answers to the questions, RCM provides a flow
diagram that indicates the type of maintenance to use.
10
Inherent Safety, Health and Environment (ISHE) Review
ISHE is a formal and systematic critical review of process and key operation steps, critical
process information and raw materials/products distribution used to identify, reduce or
eliminate significant safety and health hazards/environmental risks.
This program also
identifies key hazard controls and provides inputs to develop a strategy for subsequent ISHE
reviews.
SHE Non-Process Quality Control (NPQC)
The NPQC program assesses engineering details of controls for key hazards and exposures of
personnel, reviews deviations from approved SHE practices and job specifications and helps to
ensure that human factors are incorporated into detailed engineering.
Major Accident / Higher Level Risk Assessment
This program uses corporate risk matrices to construct and review risk scenarios and in-place
risk controls. A baseline risk assessment study is conducted and maintained to manage major
accident hazards. The risk assessment is completed on an operating area basis so that a
facility can characterize the hazards with the highest potential consequences. Identified
hazards are evaluated through a scenario-based risk assessment process. For evaluation of
loss of containment hazards, inventories can be risk ranked to determine the higher risk release
scenarios. This assessment is not intended, however, to be a substitute for the unit-by-unit,
line-by-line HAZOP process.
11
Security and Safeguards Risk Assessment
This program assesses the probabilities and severities of undesired security events, when
significant changes occur to facility operations and prior to new construction. These security
risk assessments are used to identify and develop countermeasure recommendations that
mitigate the identified risks in a cost-effective manner.
Scenario-Based Operating Area Risk Assessment
This assessment focuses on identifying operating events that are not identified through other
risk assessments.
It includes a focus on operating practices, conditions, tasks and
procedures that can result in significant incidents that might include:
•
Operating practices that may introduce hazards to personnel and facilities
•
Infrastructure concerns that can result in a loss of containment at process units or in
offsite areas including flares, electrical, sewers and/or other utilities
•
Impacts on site facilities from outside operations (e.g., power outage, release/fire at
neighboring site, public services)
•
Impact of severe weather and natural hazards on site facilities (e.g., hurricane,
typhoons, flooding, earthquake)
This assessment is conducted on a unit-by-unit basis and includes reviews of process units
and off site facilities (e.g., docks, laboratories, mechanical shops).
Fire Protection Survey
The Fire Protection Survey is a comprehensive review of fire fighting systems at a facility to
assess their adequacy of design, system management and operational readiness. The review
focuses on active and passive fire fighting systems.
It also focuses on related loss
prevention systems, such as fire and gas detection, emergency isolation, layout and spacing,
drainage and electrical area classification.
12
Marine Terminal Survey
The focus of the Marine Terminal Survey is to improve safety, protect the environment and
reduce risks at marine terminals.
This program assesses how effectively risks that affect
personnel safety, plant assets and the community are being managed.
It also assesses how
well prepared and responsive the terminal is to emergencies, such as oil spills.
The Marine Terminal Survey scope includes leadership, commitment and organization, risk
assessment, safety, training, pre-arrival screening and communication, port passage, berth
approach, maneuvering, berthing/mooring, vessel/shore access, mooring management,
ship-shore interface, inert gas and crude oil washing, ship-shore transfer equipment, cargo
transfer, pollution prevention and response, fire and explosion, emergency preparedness and
response, in-port lightering, maintenance and inspection and single/multi-point mooring.
Safety Relief Valve and Flare Header Review
This assessment is used to confirm the adequacy of safety relief devices based on credible
design contingencies and to validate that the safety relief device design and flare design meet
appropriate requirements. This review includes verification of design contingencies for the
relief device sizing, inlet piping losses and the downstream piping connections.
Flare
system analysis is performed using computer modeling.
Facility Siting/Building Study
The objective of a facility siting study is to facilitate the management of toxic and flammable
hazards within the manufacturing sites through optimization of the location and design of
hazards, equipment, ignition sources and plant buildings. Facility siting includes two
components: spacing requirements and the proximity of processes to concentration centers of
13
workers. The focus is on worker protection, through isolation from toxic chemicals, fires
and explosions, and maintaining the functional integrity of the control center so emergencies
can be mitigated quickly even when the environment at the facility is too hazardous for
people to enter.
Exposure Assessment Strategy
The primary objective of an exposure assessment program is to minimize potential
exposures to health hazards and to prevent occupational illnesses and injuries. The
Exposure Assessment Strategy (EAS) ensures the systematic identification, assessment and
documentation of potential exposure hazards and controls in an operating site.
Security & Safeguards Qualitative Risk Assessment (SSQRA)
The objective of this program is to mitigate the actions of threats by reducing the probability
of event occurrence, reducing impacts of undesirable events or transferring risk in terms of
recovery planning or insurance. Vulnerabilities are identified that suggest the possibility of
undesired events, their possible causes and effects and safeguards identified, so that credible
scenarios can be developed to describe how "most likely worst-case" events might occur and
make qualitative estimates of the consequence and probability of each scenario.
The scope of this review is established by the owner/operator using qualitative risk
assessment through risk scenario analysis. The review can be applied to address levels of
protection for operations, special activities, sensitive information, and changes in threat levels
and to evaluate security following major security incidents.
Hazards Analysis for Machinery Safety (HAZAMS)
The objective of HAZAMS is to reduce the frequency and consequence severity of
human/machinery incidents by recognizing and mitigating hazards. HAZAMS program is a
14
systematic approach to identify, evaluate and control hazards involved in the
human/machinery interface.
This methodology may be applied to any human/machine
interface where direct contact with machinery is far more frequent than in the typical
petrochemical process unit. HAZAMS is designed especially for applications in polymers
and film finishing operations.
Other Lesser-Known Methods for Process Hazard and Safety Analysis
A large number of other methods have been published in the open literature but have not been
widely used in the petroleum industry.
Tixier et al. (2002) reviewed 62 methods and
classified them based on the type of input and output, data required, type of method
(deterministic, probabilistic, qualitative, quantitative), relation between input and output data
and risk hierarchy. Some examples are listed below:
•
Quantitative multi-attribute approach for risk analysis (Christen et al., 1994)
•
Generalized model of hazard systems (Marshall and Ruhemann, 1997)
•
Hazard Identification and Ranking (HIRA) (Khan and Abbasi, 1998b)
•
Computer-based Hazard Identification (HAZID) (McCoy et al., 2000)
•
Optimum risk analysis (Khan and Abbasi, 2001)
•
Safety Weighted Hazard Index (SWeHI) (Khan et al., 2002)
•
Hybrid Hazard identification (Viswanathan et al., 2002)
•
Tool for Rapid Risk Assessment in Petroleum Refinery and Petrochemical Industries
(TORAP) (Khan & Abassi, 1999)
•
Risk-Based Corrective Action (RBCA) for chemical releases (Chen, Wu, Kao, Yang,
2004)
•
North Carolina Risk Analysis Framework (Chen, Wu, Kao, Yang, 2004)
•
Illinois Tiered Approach to Correction Objectives (TACO) (Chen, Wu, Kao, Yang,
2004)
•
Exposure and Risk Assessment Decision Support System (Chen, Wu, Kao, Yang,
2004)
15
Risk Management Program
Risk management is the identification of risks, the implementation of measures aimed at
reducing the likelihood of those risks, and decision making to implement risk reduction
measures.
Risk management must cover the entire lifecycle of a project and all activities at
a facility. Key elements in a risk management program are shown in Figure 1 and include
hazard and risk identification; consequence analysis; control or treatment responses
(management); procedures, training; emergency planning; incident investigation and audits
(Greenberg & Cramer, 1991).
Figure 1. Risk Management Program Elements
(Greenberg and Cramer, 1991)
In the United States, comprehensive risk management programs have been promulgated by
relevant regulatory agencies such as the Occupational Safety and Health Administration
(OSHA) and the Environmental Protection Agency (EPA).
In addition, the American
Petroleum Institute (API) publishes recommended practices on many topics including safety,
risk management and other engineering practices.
Similarly, the Center for Chemical
16
Process Safety (CCPS) of the American Institute of Chemical Engineers (AIChE) publishes
Guidelines on safe processing and operations.
Risk management practices in the petroleum
industry cover the wide spectrum of programs and activities included in these regulations,
recommended practices and Guidelines.
In response to industry needs, API published Recommended Practices 750, “Management of
Process Hazards.” This API document provided recommended practices for the management
of process hazards during design, construction, start-up, operation, inspection, maintenance
and modification of facilities in eleven specific managerial areas.
These areas include
process safety information, process hazards analysis, management of change, operating
procedures, safe work practices, training, assurance of the quality and mechanical integrity of
critical equipment, pre start-up review, emergency response and control, investigation of
process-related incidents, and audit of process hazards management systems.
The
petroleum industry started implementing the recommended practices embodied in API
RP-750 prior to the promulgation of the OSHA PSM regulation. It should be noted that all
the practices recommended in API RP-750 are included in the OSHA PSM regulation.
As a
result, the petroleum industry has mature programs in place that ensure the implementation of
all elements of the PSM regulation.
Other publications, programs and services from API for the petroleum industry cover the
exploration and production, petroleum measurement, marine transportation, marketing,
pipeline, refining, safety and fire protection, storage tanks, valves, industry training, health
and environmental issues, and policy and economic studies. In particular, API with other
petroleum industry practitioners has developed Risk Based Inspection (RBI) as one of the
methodologies that are widely used in industrial practice.
The Clean Air Act Amendments of 1990 contained specific mandates requiring OSHA and
EPA to establish regulations to protect workplace employees, the public and the environment.
OSHA fulfilled its mandate in 1992 by promulgating the Process Safety Management (PSM)
regulation. EPA, on the other hand, promulgated the Risk Management Program (RMP)
17
regulation in 1996. The Clear Air Act Amendments of 1990 also established the Chemical
Safety and Hazard Investigation Board.
The objective of OSHA’s PSM regulation is to prevent or minimize the consequences of
catastrophic releases of toxic, reactive, flammable, or explosive chemicals. PSM defines
fourteen elements of a comprehensive safety management system integrating technologies,
procedures and management practices. As discussed earlier, the petroleum industry had
already started implementation of most of the practices required under the PSM regulation
because of API Recommended Practices 750.
EPA’s RMP regulation requires regulated facilities to develop and implement appropriate risk
management programs to minimize the frequency and severity of chemical plant incidents.
It aims at protecting the public and the environment. Regulated facilities are required to
register with the EPA and to develop and implement a program that has three elements:
hazard assessment, a prevention program and an emergency response plan.
Information
about the risk management program must be submitted to the EPA in a document known as
the Risk Management Plan. EPA shares the information in the Risk Management Plan with
federal, state, local authorities and the community.
The Center for Chemical Process Safety (CCPS) of the American Institute of Chemical
Engineers (AIChE) presented a comprehensive risk management program with twelve
elements (Greenberg and Cramer, 1991).
Risk Acceptance and Risk Criteria
As the statement “one can only manage what one measures” illustrates, to manage the risk of
an industrial installation, one must first identify, estimate, rank and compare the risk with
generally accepted risk criteria.
A risk assessment or evaluation result must be judged
against a “level of goodness,” which is an evaluation criterion or an acceptable level of risk.
18
This section provides an overview of risk acceptance and risk criteria.
First of all, there are no general risk criteria applicable to each and every technology under
any regulatory program.
Criteria are relative and involve consideration of various factors.
Considerations in these judgments may include the uncertainty and severity of the risk, the
reversibility of the health effect, the knowledge or familiarity with the risk, whether the risk
is voluntarily accepted or involuntarily imposed, whether individuals are compensated for
their exposure to the risk, advantages of the risk activity, and the risks and advantages for
alternatives (Baruch, 1988).
Some general guidelines for developing risk criteria are (Fischhoff, 1988):
•
Acceptance criteria must be based on measures of total risks that express the
probabilities and consequences of the incidents.
The criteria must also account for
regulatory requirements, accepted norms and the company’s own experiences and
value system.
•
The result of risk evaluation must be assessed in relation to the risk acceptance criteria.
Also, the risk evaluation results and the risk acceptance criteria must express the risk
on the same scale of measurement.
•
The scale of measurement must be in ordinal type or higher since the decision could
be in terms of “better than/worse than” criteria.
•
The risk analysis must be sensitive to differences in the risks among alternative
designs and solutions.
The ALARP (as low as reasonably practicable) technique is one method used in the
establishment of risk criteria. The general framework for this technique is represented by
the three-tier system in Figure 2 (Wells, 1996). The risk level boundaries vary along with
the number of people at risk.
The values vary depending on the industry sector, safety
philosophy implemented by the industry and the practicality of applying risk reduction
techniques.
19
Figure 2. Level of Risks and ALARP
(Adapted from Wells, 1996, Source: Health and Safety Executive, 1992, the tolerability of
risk from nuclear power stations)
The ALARP principle is applied to the intermediate region between the unacceptable and
acceptable bounds where further individual and societal risk reductions are required to
achieve a level considered “as low as reasonably practicable”. The ALARP techniques can
be converted into a risk matrix as a guide to decision-making, as shown in Figure 3.
20
Unacceptable risk
ALARP region
Acceptable risk
Figure 3. An Example of Risk Acceptance Criteria Based on Risk Matrix
(Adapted from Kjellen & Sklet, 1995)
The boundary values for the ALARP are case-specific and depend on compliance
requirements and company policy. These values usually depend on risk-benefit analysis.
Examples of acceptable values of risk available in the public domain are compiled in Table 3.
21
Table 1. Published Acceptable Values of Risk
Risk Criteria (death/year)
Canvey Island report, UK (1978) (Wells, 1996)
35 x 10-6 / y
Netherland (Wells, 1996)
1 x 10-5 /y unacceptable
N = 10
1 x 10-7 /y acceptable
Netherland (Wells, 1996)
1 x 10-7 /y unacceptable
N = 100
1 x 10-9 /y acceptable
Health and Safety Executive, Royal Society, UK 1 x 10-5 /y upper limit
(1983)* (Wells, 1996)
1 x 10-6 /y acceptable
1 x 10-7 /y for sensitive population
Du Pont (Wells, 1996)
1 x 10-5 / y
BNFL (Thorp reprocessing plant, UK) (Wells, 1996)
1 x 10-5 / y
UK Central Electricity Generating Board, Nuclear 1 x 10-5 / y upper limit
Power (Wells, 1996)
Sizewall B, UK (1987) (Wells, 1996)
1 x 10-5 /y design
1 x 10-5 /y normal
Russia (Yelokhin & Tshovrebov, 2004)
> 10-4 /y inadmissible level
10-4 to 10-5 /y risk control
< 10-5 / y acceptable
Russia (Societal risk) (Yelokhin & Tshovrebov, 2004)
10-4 /y unacceptable for 25 or more
adults exposed to fatal danger
10-5 deaths/y unacceptable for 25 or
more children, old men, patients to
build hospital, pre-school and
children’s establishment.
Norwegian Petroleum Directorate (Hobbs, 1999)
10-4 /y for each accident type
* Adopted by USA’s National Census of Fatal Occupational Injuries (Hobbs, 1999)
22
Inherent Safety Principles
The basic concepts of inherent safety were formalized by Kletz (1984, 1991) and include
intensification, substitution, attenuation and simplification.
Application of inherently safer
design (ISD) concepts is more efficient and cost effective for new design and construction;
however, the challenges for existing facilities are quite different. Most importantly, however,
for new as well as existing plants, the application of inherently safer design concepts must be
considered with a holistic assessment of risk.
Finally, unintended consequences such as risk
migration/transfer, risk accumulation and overall risk must also be addressed during the
consideration of inherently safer design concepts.
Modern petroleum/petrochemical plants usually have multiple layers of protection. The
layers of protection for loss prevention are classified into four categories in a decreasing
order of reliability: inherent, passive, active and procedural (Bollinger et al., 1996).
Inherent protection eliminates or reduces a hazard by using materials and process conditions
that are non-hazardous or less hazardous. Passive protection minimizes a hazard by process
and equipment design features that reduce either frequency or consequence of the hazard
without the active intervention of any person or device.
Active protection refers to
engineering controls used to detect and correct process deviations, such as process controls,
safety interlocks and emergency shutdown systems.
Procedural protection refers to
administrative controls to minimize the effects of an incident, such as operating procedures,
administrative checks and emergency response.
Inherent safety has actually been embedded into process hazard identification and analysis in
existing regulatory programs and recommended practices.
The petroleum industry routinely
explores and considers opportunities for inherently safer design in material and equipment
selection, process development and design, plant layout and management of change.
However, as discussed earlier, in considering inherently safer options, appropriate
consideration must also be given to other issues such as available resources, unique aspects of
23
the process, configuration of equipment and piping, local laws and regulations and the entire
lifecycle of the process.
Intensification
Intensification attempts to reduce the amount of hazardous material inventory and this
principle is applied to many processes in the petroleum industry. For example, hazardous
conditions in a distillation column can be reduced by minimizing the size of reflux
accumulators and reboilers; using internal reflux condensers and reboilers where practical;
using column internals that minimize hold-up without sacrificing the operating performance;
reducing the amount of material in the column base by reducing the diameter of the column
base; and preventing the toxic, corrosive or otherwise hazardous material from spreading as
early as possible in the distillation sequence.
An example of the intensification implementation into well-known technology without the
necessity of new technology is shown in Figure 4, which displays two designs for a
distillation unit to separate liquefied petroleum gases (LPG).
In the alternative design (b) in Figure 4, the applied intensification actions include:
•
The reflux drum is removed, and hence the reflux pump takes the liquid directly from
the condenser.
The design of the condenser is reversed so that the LPG is in the
shell side while the refrigerant enters the tube side.
•
The buffer storage for the product is eliminated and the flow proceeds directly to the
storage areas from a small surge drum.
•
A low-hold-up packing is used in the column and is reduced to a 2-minute residence
time by narrowing the base while maintaining the liquid head.
24
Storage
Steam
ORIGINAL DESIGN
(a)
Surge
drum
Low
inventory
packing
Steam
Narrow section to
provide head but
reduced inventory
MODIFIED DESIGN
(b)
Figure 4. Two Designs for Liquefied Petroleum Gas Separation Unit
(Adapted from Kletz, 1991)
25
Substitution
The substitution principle attempts to use less hazardous materials and/or alternative
processes.
Some alternative chemicals may on the surface seem less acutely hazardous while
introducing or increasing other forms of hazards. When the substitution principle is applied,
hazards associated with the substituted materials must be considered and explored completely.
Risk migration/transfer might occur when regulation precedes science as in the substitution of
Tetra Ethyl Lead (TEL) with Methyl Tertiary-Butyl Ether (MTBE) as an additive for fuel to
increase the octane number.
The octane rating is one of the most important characteristics of gasoline and other fuels used
in spark-ignition internal combustion engines and are a measure of how resistant the fuel is to
premature detonation (knocking).
Higher octane ratings correlate with less likelihood that a
given compression ratio will cause knocking.
Typical "octane booster" additives include TEL and toluene.
TEL consists of a lead atom
bonded to a tetrahedral arrangement of an ethyl group with a weak carbon-lead bond. At a
certain temperature in an internal combustion engine, TEL decomposes into lead and ethyl
radicals and helps to propagate the combustion.
Studies have shown some problems
associated with using TEL as a fuel additive to increase the octane number.
Exposure to
even low levels of lead can cause permanent brain damage, yet, a catalytic converter that
helps remove environmentally unfriendly gases such as CO and NOx cannot be used on
leaded gasoline because the lead 'poisons' the catalyst. To avoid such problems caused by
TEL, the Clean Air Act banned the use of leaded fuel in 1996.
Another methodology to improve gasoline octane rating is Oxygenate Blending.
Toxic
gases such as CO and NOx are produced by incomplete combustion, and MTBE is a chemical
compound that is mandated by EPA as a fuel additive in gasoline to provide extra oxygen for
26
complete combustion.
The resulting fuel is known as reformulated gasoline (RFG) or
oxygenated gasoline.
Refiners have added MTBE to gasoline to meet the Clean Air Act
(CAA) requirements.
While the use of MTBE as a fuel additive in gasoline has helped to reduce harmful air
emissions, it has also caused concern relating to the nation's drinking water supplies. A
valuable lesson that must be learned is that substitution or seemingly safer options are not
always as simple as they might appear on the surface. Unlike other components of gasoline,
MTBE dissolves and spreads readily in groundwater underlying a spill site, resists
biodegradation and is difficult and costly to remove from groundwater. Low levels of
MTBE can render drinking water supplies non-potable due to its offensive taste and odor.
At higher levels, MTBE may also pose a health hazard.
The United States Geological
Survey has found that the existence of MTBE in groundwater is strongly related to its use as
a fuel additive with detection of MTBE in 21% of ambient groundwater in areas using RFG
compared with 2% of ambient groundwater in areas using conventional gasoline.
EPA has
issued an advance notice of its intent to initiate a rulemaking to eliminate or limit the use of
MTBE as a fuel additive. Clearly the well-intentioned effort to eliminate the hazardous
effects of TEL resulted in the unintended consequences and adverse impacts from MTBE use.
Attenuation
Attenuation is to operate, store and transport materials under less hazardous conditions or
forms.
An attenuation practice in the petroleum industry is the refrigeration system for
LNG (liquefied natural gas) storage. Refrigeration can reduce hazards by reducing the
storage pressure and therefore the immediate vaporization and liquid aerosol formation upon
leaking.
In Figure 5, applied attenuation actions include:
•
Atmospheric pressure
Storage at atmospheric pressure reduces the driving force (pressure difference) for a
27
leak to the outside environment, thus reducing the immediate vaporization of leaking
LNG.
•
Cryogenic temperature, below –260oF
A flammable material should be stored below its boiling point whenever possible,
especially where the rate of liquid leak flow depends only on liquid head or pressure
with insignificant contribution from vapor pressure. Natural gas has an atmospheric
boiling point of -260oF. The flow through any hole on the vapor space will be
limited below this temperature.
•
Liquid phase
Natural gas in the form of liquid has 600 times less volume as in the form of gas.
Natural gas in the form of gas is very hard to handle in the event of leaks (forms
plume or puff vapor dispersion) and is easier to combust.
Figure 5. LNG storage tank
(Source: Center for Liquefied Natural Gas)
28
Simplification
The simplification principle applies in process design to minimization of components
vulnerable to failure or leak (e.g., welded pipe is preferable to flanged piping, threaded piping
should be avoided for flammable and toxic materials, and sight glasses and flexible
connectors, such as hoses and bellows should be eliminated wherever possible).
A liquid
transfer system that uses gravity, pressure or vacuum is usually preferable because it does not
require moving parts or seals that can lead to potential leaks and failures. An example of
simplification is the pumped acid reactor and gravity flow reactor designs for hydrofluoric
acid alkylation in Figure 6 and Figure 7. However, it must be noted that depending on the
circumstances, one or the other design may be more appropriate depending on the unique
aspects of the process, configuration of equipment and piping, and local laws and regulations.
Cooling
Water
Effluent to
Isostripper
Reactor
Feed and
Recycle
Isobutane
Pump for pumping
the acid from the
reactor
Figure 6. Pumped Acid Reactor Technology
(Chang, 1993)
29
Figure 7. Gravity Flow Reactor Technology
(Chang, 1993)
Summary
Lessons learned have shown that effective risk management is of fundamental importance,
not only for the lifecycle of the facilities but also for sustainable development.
This document discusses the petroleum industry in general, hazards present in this industry
and risk management programs to prevent incidents from occurring and to minimize the
consequences of incidents that do occur.
Comprehensive risk management programs
mandated under regulations and guidelines and practices recommended by industry
organizations are discussed as well.
Applications of inherently safer design principles are
presented with examples from the petroleum industry. However, to avoid unintended
consequences such as risk migration, risk accumulation and potential increase of risk,
inherently safer design options should be implemented only after a holistic risk analysis. To
manage risk, we must learn to identify and measure risk. With the acceptance of this
objective, hazard identification and risk assessment methodologies applied in the petroleum
industry are described including general risk assessment methods and specific risk
assessment programs tailored to meet the special needs of the petroleum industry.
30
Appendix
Concepts of Risk and Associated Terms
It is important to establish an understanding of some terms associated with these concepts.
The following the terms used in
Risk
Risk is the product of the measured or estimated magnitude of the consequence of a failure
multiplied by the measured or estimated likelihood of an impact on the target (i.e., risk =
frequency × consequence severity or magnitude).
Risk Analysis
The development of a qualitative (textual) or quantitative (numerical) estimate of risk based
on engineering evaluation and mathematical techniques for combining estimates of incident
consequence and frequency.
Failure
The inability of a system or system component to perform a required function within a
specified time or performance limits.
Hazard
An inherent chemical or physical characteristic that has the potential to cause an incident.
Hazardous Material
Any substance or mixture of substances with the capability of producing adverse effects on
the health or safety of human beings or the environment.
Individual Risk
The frequency at which an individual may be expected to sustain a given level of harm from
31
the realization of specified hazards.
Inherent Safety
Where upon the occurrence of non-acceptable deviations from normal operating ranges, a
system maintains or moves to a non-hazardous status.
Inherently Safer Option
Process design that seeks to eliminate or reduce hazards at the source.
Practical Risk Reduction Measures
Methods to reduce the risk of an incident event by evaluating hazards and risks of a
process, evaluating the source(s) of the hazard(s), and acting on those sources in a
preventive or protective way based on the results of the hazard/risk evaluation.
Residual Risk
The remaining risk after all practicable improvements to a facility under study have been
made.
Probability
A number that expresses the likelihood of occurrence of a possible state of an uncertainty.
By definition, a probability must be a number between 0 and 1, and the sum of probabilities
for all possible states of an uncertainty must be 1 (CCPS, 1995b).
Frequency
The number of occurrences per unit time at which an observed event occurs or is predicted
to occur (CCPS, 1992).
Consequence
The direct, undesirable result of an incident sequence usually involving a fire, explosion, or
release of a toxic material. Consequence descriptions may be qualitative or quantitative
32
estimates of the effects of an incident in terms of factors such as health impacts, economic
loss and environmental damage (CCPS, 1992).
33
References
AIChE, Dow’s fire & explosion index hazard classification guide, 7th edition, New York
AMOCO, Process Safety Booklets
American Petroleum Institute, Recommended Practices 540, Electrical Installations in
Petroleum Refineries, 1st edition, 1959-2nd edition, 1974, API, Washington, DC.
American Petroleum Institute, Recommended Practices 580, Risk Based Inspection, 1st
edition, May 2002, Washington, DC.
American Petroleum Institute, Recommended Practices 750, Management of Process
Hazards, 1st edition, API, Washington, DC, 1990.
Aven, T., Vinnem, J.E., 2004, On the use of risk acceptance criteria in the offshore oil and
gas industry, Reliability Engineering and System Safety 90, 15-24
Bahr, N. J, 1997, System safety engineering and risk assessment: a practical approach,
Washington DC, USA: Taylor & Francis.
Bollinger, R.E., Clark, D.G., Dowell III, A.M., Ewbank, R.M., Hendershot, D.C., Lutz, W.K.,
Meszaros, S.I., Park, D.E., Wixom, E.D., 1996, Inherently safer chemical
processes—a life cycle approach, AIChE, New York
Bowen, P.J., Shirvill, L.C., 1994, Combustion hazards posed by the pressurized atomization
of high-flashpoint liquids, Journal of loss prevention in process industry, Vol.7 No.3:
233-241
Brown, D.F., Dunn, W.E., Policastro, A.J., 2000, a national risk assessment for selected
hazardous materials in transportation, Argonne National Laboratory, 9700 South Cass
Avenue, Argonne, Illinois 60439
CCPS, 1992, Guidelines for hazard evaluation procedures, 2nd edition with worked examples,
American Institute of Chemical Engineers (AIChE), New York
CCPS, 1993, Guidelines for engineering design for process safety, 1st edition, AIChE, New
York
CCPS, 1995a, Guidelines for chemical reactivity evaluation and application to process design,
AIChE, New York
34
CCPS, 1995b, Tools for making acute risk decisions with chemical process safety application,
AIChE, New York
CCPS, 1996, Inherently safer chemical processes: a life cycle approach. New York, USA:
AIChE, New York
CCPS, 2000, Guidelines for chemical process quantitative risk analysis, 2nd edition, AIChE,
New York
CCPS, 2001, Layer of protection analysis: simplified process risk assessment, AIChE, New
York
CCPS, 2003, Guidelines for fire protection in chemical, petrochemical, and hydrocarbon
processing facilities, AIChE, New York
Chang, E.J., 1993, Alkylation for motor fuels supplement A, SRI International, Menlo Park,
California 94025
Chen, K., Wu, L., Kao, C., Yang, C. (2004). Application of health risk assessment to derive
cleanup levels at a fuel-oil spill site, Practice Periodical of Hazardous, Toxic, and
Radioactive Waste Management. 8, 2, p 99-104
Christen, P., Bohenblust, Seitz, S., 1994, A methodology assessing catastrophic damage to the
population and environment: a quantitative multi-attribute approach for risk analysis
based on fuzzy set theory, Process Safety Progress, 13(4): 234
Crowl, D.A., Louvar, J., 2001, Chemical process safety fundamentals with applications, 2nd
edition, Prentice Hall PTR, Prentice Hall, Inc., USA
Deichmann, W.B., Gerarde, H.W., 1969, Hydrofluoric acid (hydrogen fluoride, HF)
Toxicology of drugs and chemicals. New York, NY: Academic Press, Inc., pp. 317318
Eckhoff, R.K., 2003, Dust explosions in the process industries, 3rd edition, Elsevier Science,
USA
Englande, A.G. Jr., Eckenfelder, W. W. Jr., Proceedings of the IAWPRC 2nd international
conference on waste management in chemical and petrochemical industries - toxics
management, V25, n3
Ermak, D.L., Chan, S.T., 1985, A study of heavy gas effects on the atmospheric dispersion on
dense gases, Lawrence Livermore National Laboratory, Livermore, California.
Presented at the 15th, NATO/CCMS International Technical Meeting on Air Pollution
35
Modeling and Its Applications, St., Louis, Missouri
Ermak, D. L., Chan, S. T., 1986, Recent developments on the FEM3 and SLAB atmospheric
dispersion models, Lawrence Livermore National Laboratory, Livermore, California,
Presented at the IMA, Conference on Stably Stratified Flows and Dense Gas
Dispersion, Chester, England
Fischhoff,
B.,
1988,
Acceptable
Risk:
A
Conceptual
Proposal,
http://www.piercelaw.edu/risk/vol5/winter/Fischhof.htm
Gentile, M., 2004, Development of a hierarchical fuzzy model for the evaluation of inherent
safety, Ph.D. dissertation, Taxas A&M University
Greenberg, H., Cramer, J., 1991, Stone &Webster engineering corporation: risk assessment
and risk management for the chemical process industry. New York, New York: Van
Nostrand Reinhold
Hobbs, D. H., 1999, Developing screening risk evaluation criteria for facility siting vapor
cloud explosion hazards. Process Safety Progress, 18, 1, p 50-55
Kenney, W., 1993, Process risk management systems. Florham Park, New Jersey: VCH
Publishers, INC
Khan, F.I., Abbasi, S.A. (1999). TORAP a new tool for conducting rapid risk-assessments in
petroleum refineries and petrochemical industries, Applied Energy, 65, p 187-210
Khan, F.I., Abbasi, S.A., 1998a, Techniques and methodologies for risk analysis in chemical
process industries, Journal of Loss Prevention, 11: 261-277
Khan, F.I., Abbasi, S.A., 1998b, DOIFFECT (DOmIno eFFECT): user-friendly software for
domino effect analysis, Environmental modeling and software, 13: 163-177
Khan, F.I., Abbasi, S.A., 2001, Risk analysis of a typical chemical industry using ORA
procedure, Journal of Loss Prevention, 14: 43-59
Khan, F.I., Husain, T., Abbasi, S.A., 2002, SAFETY WEIGHTED HAZARD INDEX
(SWeHI), a new user-friendly tool for swift yet comprehensive hazard identification
and safety evaluation in chemical process industries, Trans. IchemE, Pt. B., Process
Safety and Environmental Progress, 79: 65
King, R., 1999, Safety in the process industry, 2nd edition, Butterworth-Heinemann Ltd,
London
36
Kjellen, U., Sklet, S., 1995, Integrating analyses of the risk of occupational accidents into the
design process part I: a review of types of acceptance criteria and risk analysis
methods. Safety Science, 8, p 215-227
Kletz, T.A., 1980, Plant layout and location: methods for taking hazardous occurrences into
account, Journal of Loss Prevention, 13: 147-152
Kletz, T.A., 1984, Cheaper, safer plants, or wealth and safety at work, Rugby, Warwickshire,
England, The Institution of Chemical Engineers
Kletz, T.A., 1991, Plant design for safety—a user-friendly approach, Hemisphere Publishing
Corporation
Kletz, T.A., 1999, The origins and history of loss prevention, Trans. IchemE, Pt. B., Process
Safety and Environmental Progress, 77: 109-116
Kohlbrand, H.T., 1987, The relationship between theory and testing in the evaluation of
reactive chemical hazards, Proceedings of the international symposium on prevention
of major chemical incidents, CCPS/AIChE, New York
Korol’chenko, A.Ya, Shebeko, Yu.N., Smolin, I.M., Alekhina, E.N., Malkin, V.L., 1990, Fire
hazard of high-temperature organic heat transfer agents, Chemistry and Technology of
Fuels and Oils, V25: 643-645
Largent, E.J., 1961, Fluorosis: the health aspects of fluorine compounds, Columbus, OH:
Ohio State University Press, pp. 3439, 4348
Lewis, D.J., 1980, The Mond fire, explosion and toxicity index applied to plant layout and
spacing, Journal of Loss Prevention, 13: 20-26
Lutz, W.K., 1997, Advancing inherently safety into methodology, Process Safety Progress,
16(2): 86
Machle, W., Thamann, F., Kitzmiller, K., Cholak, J., 1934, The effects of the inhalation of
hydrogen fluoride. I. The response following exposure to high concentrations, J Ind
Hyg Toxicol 16(2):129-145
Marshall V.C., Ruhemann S., 1997, An anatomy of hazard systems and its application to
acute process hazards, Trans. IchemE, Pt. B., Process Safety and Environmental
Progress 75: 65
McCoy, S.A., Wakeman, S.J., Larkin, F.D., Chung, P.W.H., Rushton, A.G., Lees, F.P., 2000,
37
HAZID a computer aid for hazard identification, future development topics and
conclusions, Trans. IchemE, Pt. B., Process Safety and Environmental Progress, 78:
120-142
MIS (The Materials Information Society), 1994, Corrosion in the petrochemical industry,
ASM international, Materials Park, OH, USA
Morgan, D. L., Morris, Jr., L. K., and Ermak, D. L., 1983, SLAB: A time-dependent computer
model for the dispersion of heavy gases released in the atmosphere, Lawrence
Livermore National Laboratory, Livermore, California
Nolan, D., 1994, Application of HAZOP and What-If safety reviews to the petroleum,
petrochemical and chemical industries, Noyes Publications, New Jersey
Owens, J.E., Schorn, B.E., 1980, Electrostatic ignition hazards with flammable liquids, IEEE
Transactions on Industry Applications, v. IA-16, no. 6: p. 743-748
Ozog, H., Stickles, R., 1991, Process hazard management documents, practices compared,
Oil and Gas Journal. 89, 4
Raghavan, K.V., Swaminathan, G., 1996, International reference on hazard assessment and
disaster mitigation in petroleum and chemical process industries, Central Leather
Research Institute, Madras.
Reynolds, J. T., 1998, API methodology for risk-based inspection (RBI) analysis for
petroleum and petrochemical industry, Journal of Pressure Vessels and Piping Codes
Standards, V 360, p 63-71
Sheppard, C., 2005 (word document)
Ururahy, A., Pereira, Jr. N., 2000, Application of biotechnology concepts in the treatment of
petroleum residues, Advances in Architecture Series: 171-183
Viswanathan, S., Shah, N., Venkatasubramanian, V., 2002, Hybrid framework for hazard
identification and assessment in batch processes, AIChE J., 48(8): 1765-1774
Wang, Y., West, H.H., Teague, T.L., Mannan, M.S., 2002, A new algorithm for
computer-aided fault tree synthesis, Journal of Loss Prevention in the Process
Industries 15 (4): 265-277
Wells, G. 1996, Hazard identification and risk assessment. Warwickshire, UK: Institution of
Chemical Engineers
38
Yelokhin, A.N., Sizov, Y. I., Tshovrebov, Y.V., 2004, The criteria of acceptable risk in
Russia. Journal of Risk Research, 7, 6, 609-612
Zwetsloot, G., Askounes-Ashford, N., 1999, Towards inherently safer production, A
feasibility study on implementation of an inherent safety opportunity audit and
technology options analysis in European firms, TNO Report R990341, The
Netherlands (June)
http://www.osha.gov/dts/osta/otm/otm_iv/otm_iv_2.html
http://www.netl.doe.gov
39
Contact:
Dr. M. Sam Mannan
Mary Kay O’Connor Process Safety Center
Texas A&M University
3122 TAMU
College Station, TX 77843-3122
Phone: 979/845-3489
Fax: 979/458-1493
http://process-safety.tamu.edu
40