Process Safety Management

Process Safety Management

Process Safety Management (PSM) is a regulation promulgated by the U.S. Occupational Safety and Health Administration (OSHA) in February 1992. This promulgation was motivated by the Bhopal incident occurred in 1984, where 3,800 people died and several thousand suffered permanent injured or partial disabilities because of the release of methyl isocyanate.

The objective of PSM is to prevent or minimize the frequency and consequences of catastrophic releases of toxic, reactive, flammable, or explosive chemicals. The PSM regulation applies to processes which involve certain specified chemicals at or above the threshold quantities or involve flammable liquids or gases on-site in one location, in quantities of 10,000 lbs. or more, and processes which involve the manufacture of explosives and pyrotechnics. It is important recognize that PSM is a process that requires the help of many division of the company.

Process Safety Management consists of 14 elements to be addressed as shown in Table 1. Each of the elements listed in Table 1 are explained in more detail in the following sections.

Table 1. 14 Elements of PSM and OSHA standard number Element OSHA standard

PSM Element OSHA Standard

Employee Involvement1910.119(c)

Process Safety Information1910.119(d)

Process Hazard Analysis1910.119(e)

Operating Procedures1910.119(f)

Training1910.119(g)

Contractors1910.119(h)

Pre-Startup Safety Review1910.119(i)

Mechanical Integrity1910.119(j)

Hot Work permit1910.119(k)

Management of Change1910.119(l)

Incident Investigation1910.119(m)

Emergency Planning and Response1910.119(n)

Compliance Audits1910.119(o)

Trade Secret1910.119(p)

Employee InvolvementSafe operation and maintenance requires the involvement of both employers and employees. Therefore, OSHA requires employee participation to address all the major elements of Process Safety Management program. Employees will have the opportunity to actively participate through voluntary direct participation, through consultation, and through methods such as anonymous communication and employee representation.

Input from employees with the understanding of chemical processes will be continuously solicited as source of information in the development of chemical process incident prevention plans, the performance of Process Hazards Analysis (PHA), and the conduct of incident investigations and audits and other activity. Employees may be expected to participate different areas in PSM is shown in Table 2.

Table 2. Area of where employees can participate in PSM

Development and gathering of process safety information Safety meetings

Process Hazard Analysis Mechanical integrity procedure development

Training Audits

Management of change Incident investigation

Developing and evaluating operating procedures Emergency preparedness

Evaluating contractor safety performance Pre-startup safety review

It is a responsibility of the group or individual leading that activity to ascertain whether the employees have the necessary expertise to successfully carry out the work. The employer is required to provide ready access to all information required to develop the PSM standard. Also, the employer should ensure that information on what is being done to complete PSM is provided to the employee. The employer must prepare a written Employee Participation Plan. This plan should contain a clear purpose statement and statement that employees at all levels within the plant will be directly involved with the activities related to the PSM. The next step is to explain this employee involvement. The written employee participation statement should be posted in a location easily accessible to employees and the employees must be kept informed on matters regarding PSM.

Process safety informationProcess safety information (PSI) is compilation of written process safety information and made available to all employees to facilitate the understanding and identification of hazards. Process safety information is needed before training, process hazard analysis, management of change, and incident investigations. In general PSI would encompass information on the following area:

Chemicals information

Chemical hazards

Toxicity

Permissible exposure limit

Physical, thermal, reactivity and chemical stability data

Hazardous effects of inadvertent of different materials that could foresee ably occur

Effect of mixing

Material and energy balances

Technology information

Process flow diagram or block flow diagram

Process chemistry

Process limitation: safe upper and lower operating conditions (pressure, temperature, composition, flows)

Maximum intended inventory

Consequence of process deviation

Equipment information used on the covered processes

Design codes employed

Materials of construction

Piping and Instrumentation Diagrams (P&ID)

Electrical classification

Relief system design & design basis

Ventilation system design

Material and energy balance

Safety system: interlocks, detection, monitoring and suppression system

Process hazard analysisProcess Hazard Analysis (PHA) is a proactive process of identification, evaluation and mitigation of hazards. This process should be conducted by a team of experts, which includes at least one employee with experience and knowledge in the specific process being evaluated, one person knowledgeable in the analysis methodology being used and process operations expertise, chemist, industrial hygienist and other relevant specialists.

PHA requires updates every 5 years to assure that the PHA is consistent with the current process. It also requires operating locations to retain the analysis, updates, or revalidations for each process covered, as well as the documented resolution of recommendation, for the life of the process. PHA must be performed by one or more of the following methods or any other equivalent methods:

What-If analysis

Checklist method

What-If or checklist

Hazard and Operability (HAZOP) Study

Failure modes and effects analysis (FMEA)

Fault-tree analysis

What-If analysis is an unstructured method for considering results of unexpected events. This analysis method uses questions beginning with what if and do not take into account on how the failures occur. The expected outcome of this analysis would be a list of potential problem areas and suggested mitigation methods. Example of a What-If analysis is shown in Table 3.

Table 3. Example of What-If work sheet on an LNG Vaporizer system.What-IfConsequence/ HazardRecommendation

Water flow is stopped?Water in shell freezes and may rupture shell; natural gas temperature too low.Automatic interlock to stop LNG flow if water flow is stopped.

LNG flow is stopped?Not HazardousNone

Natural gas temperature is too low?Downstream piping may become brittle.Monitor gas temperature; low temperature alarm.

Water flow is too low?Natural gas temperature may be too low; water may freeze on outside of tubes.Monitor flow rate; low flow alarm.

Checklist analysis aims to identify common hazards and ensure compliance with standard procedures. The expected result of this analysis method is the identification of existing and lurking common hazards and means to compliance with standard procedures.

What-If/Checklist analysis method combines the creative and brainstorming features of the What-If with the systematic features of Checklist method.

Failure modes and effects analysis (FMEA) is a systematic tabulation of plant equipment, failure modes (cause of the equipment failure) and the effect of the failures. FMEA only identifies single mode failure and because of that is not useful for identifying combination of failures. This method also does not examine operator errors. Example of FMEA is shown in Figure 1.

Figure 1. Example of FMEA table on phosphoric acid line.Fault tree analysis is a deductive technique that focuses on one incident and then constructs a logic diagram of all conceivable event sequences that could lead to that particular incident. As other logic diagrams, FTA uses basic components such as shown in Figure 2. These basic components need to occur accordingly in order for the top event to occur. From the logic diagram, identification of pathways, both mechanical and human error to the final top event can be structurally analyzed. The rupture of hot water tank is given as an example of FTA and shown in Figure 3.

Figure 2. Basic component for constructing fault tree analysis.

Figure 3. Example of fault tree analysis of the rupture of hot water tank.Hazard and Operability (HAZOP) method is a rigorous method that identifies, analyzes and controls hazards and operability problems of a process. A HAZOP study is delivered through a systematic team approach to identify hazards and inefficiencies in a system. HAZOP employs scenario development and brainstorming analysis method to determine the consequences of deviations from the intended operation. A team of HAZOP review comprises of multidisciplinary personnel from different section of the plant.

This method traces flow of materials through the system operation. To ease the tracing process, the system operation is divided into nodes or sections. Figure 4 shows an example of node or section from a batch reactor system used for polymerization. Different guide words that characterize deviation of normal operation condition are used to direct the scenario development on each node. Variety of HAZOP guide words and the process parameter subject to these guide words for deviation are shown in Table 4 and Table 5 respectively.Table 4. HAZOP Guide Words.Guideword MeaningMeaning

No, not, noneNone of the design intent is achieved

More, more of, higherQuantitative increase in a parameter

Less, less of, lowerQuantitative decrease in a parameter

As well as, more thanAn additional activity occurs

Part ofOnly some of the design intention is achieved

ReverseLogical opposite of the design intention occurs

Other than, otherComplete substitution another activity occurs

Where elseFor flows, transfers, sources, destination

Before, afterStep occurs out of sequence

Early, lateTiming is different than the intention

Faster, slowerStep is/is not with the right timing

Table 5. Process Parameter Examples.Flow LevelViscosity

Pressure TimepH

TemperatureSequenceSignal

CompositionParticle sizeStart/stop

AdditionReactionOperate

SeparationPhaseMaintain

MixingSpeedServices

StirringMeasureCommunication

TransferControl

An example of HAZOP study in shown in Figure 4 using batch reactor system used in polymerization process. The format that may be used as a guide in HAZOP study is shown in Table 6.

Figure 4. Process and Instrumentation Diagram of Polymerization batch reactor. Table 6. HAZOP study applied to the feed line (Intent: Feed reactants into the reactor)ParameterGuide WordDeviationCausesConsequenceRecommendation

FlowNoNo FlowV-1 to V-5 closed.

V-6 closed.

Plugged line.

No monomers, solvent, initiator, and transfer agent in storage tanks.

Fracture of line.

Over-pressurization of the lines with potential fracture.

No contents in the reactor. Potential damage of equipment in other sections of the process.

Fire hazard. Spill of flammable materials.

Flow indicators after valves.

Level indicators in storage tanks.

Periodic maintenance of lines. Include dikes and appropriate fire control equipment.

MoreMore FlowV-1 to V-5 fails open.

V-6 is accidentally left open. Increase released heat. Cooling could be not enough. Runaway reaction.

Increase of level in the reactor. Training.

Updated operating procedure. Checklist.

Interlocks to automatically stop reactants feed.

Level indicator with alarms for high levels.

Implement semi-batch process.

LessLess FlowLeak in the pipes.

V-1, V-2, V-3, V-4, V-5 or V-6 partially closed. Incomplete reactions. Accumulation of reactants.

Potential hazard for the product. Flow indicators with alarms for low flow.

Level indicator in the reactor.

Temperature

Higher

Higher Temperature

Summer season.

High temperature when loading. Boiling of reactant causing overpressure in the lines. Temperature indicators and alarms in storage tanks and lines. Set temperatures before boiling points.

Lower

Lower Temperature

Winter season.No hazard.

Temperature indicators in storage tanks and lines.

Isolate pipes. Heaters in the storage tank to maintain the desired temperature.

The result of PHA is used to determine proper safety measures that need to be added to the process or values of process variables might be changed if they are set too high or too low. Other advantage of PHA result is that it can be used to define critical equipment that requires preventive maintenance, inspection, and testing programs, and also help the plant develops a focused emergency response programs that suits the plant needs and conditions. There are several publications that provide detail guidance on completing PHA such as Guidelines for Hazard Evaluation Procedures by CCPS.Operating procedures

Operating procedure that addresses the safe operation of the plant must be documented and available to personnel that require it. Besides normal operation steps, operating procedures for upset conditions, temporary operations, start-up, and shutdown should also be properly documented and make readily available. These operating procedures have to be clearly written instruction and consistent with the process safety information.

The procedures have to take into account general and special hazards of the chemical involved in the process, hazards of exceeding operational limits, appropriate response to upset conditions, safety and health information, and emergency operations. Up to date and reliability of the operating procedures must be performed frequently. This element of PSM also serves as a critical element in training of personnel.

Training

Training serves as a way of communicating knowledge of the process, communicating skills in performing operating and emergency procedures, communicating hazards related to the process and many other aspects of process operation and maintenance to plants personnel. An effective and properly scheduled training are very important because they determine the end result of the training. Industry codes and government regulations recommend, and, in some cases, require specific trainings for plants workers. Consequently, PSM programs need to identify and document training requirements covering all levels of management and employees, including contractor personnel, who manage, operate, maintain, and support the process units.

Contractors

Contractors who are considered under the PSM program are those who are involved in the installation or maintenance of equipment and systems at a facility that has one of the following processes:

Involves a chemical at or above the specified threshold quantities.

Involves a flammable liquid or gas on site in one location, above a quantity of 10,000 pounds except for:

1. Hydrocarbon fuels used solely for workplace consumption as a fuel, if such fuels are not a part of a process containing another highly hazardous chemical covered by this standard;

2. Flammable liquids stored in atmospheric tanks or transferred which are kept below their normal boiling point without benefit of chilling or refrigeration.

Employer is responsible to obtain and evaluate information regarding the contract employer's safety performance, and inform contract employers of the known potential fire, explosion, or toxic release hazards related to the contractor's work.

Pre-Startup Safety Review

Pre-Startup safety review mandates a safety review for new facilities and significantly modified work sites with objectives as follows:

To confirm that the construction and equipment of a process are in accordance with design specifications.

To assure that adequate safety, operating, maintenance and emergency procedures are in place.

To assure process operator training has been completed. Also, especially for new facilities.

To assure that the PHA must be performed and recommendations resolved and implemented before start up. Modified facilities must meet management of change requirement.

Mechanical Integrity

Mechanical Integrity (MI) is committed to provide the benefits of the most up-to-date inspection technologies to support chemical plants operating efficiently and in an environmentally safe condition, and provide the benefits to the petrochemical industries. The objective of MI is to ensure equipment does not fail in a way that causes a release of chemicals. Equipment means hardware that helps contain the chemicals in the process. MI covers the proper design, fabrication, construction/installation and operation of equipment throughout the entire process life cycle.

In detail, it includes management system, codes and standards, equipment maintenance, MI training and procedure, inspection and testing, controlling and managing deficiencies and so on. It is not just maintenance, although maintenance is a major part of an MI program. Information is required to identify the code or standard for the design and construction of the vessel or tank and the specific design values, materials, fabrication and inspection methods. Most of the vessels in service in the US will be designed and constructed in accordance with one of the following design codes:

The ASME Code, or Section VIII of the ASME (American Society of Mechanical Engineers)

The API Standard 620 or the American Petroleum Institute Code provides rules for lower pressure vessels not covered by the ASME Code.

Hot work permit

Hot Work Permit is required for any operation involving open flames or producing heat and/or sparks. It includes brazing, torch cutting, grinding, soldering, welding and others. The purpose of this element is to assure that the employer is aware of the hot work being performed and that appropriate safety precautions have been taken prior to beginning the work. The permit requires date authorized for hot work, equipment involved in the work, a system to maintain and document certification, identification of openings where sparks may drop, the types and number of fire extinguishers, identification of fire watches, an inspection before the work, authorization signatures, identification of flammable materials in the area, verification that the surrounding area is not explosive, verification that combustible materials are isolated properly, identification and closure of open vessels or ducts, and verification that the welded walls are not flammable. Figure 5 shows an example of the form that is required to complete before a hot work is performed.

Figure 5. Example of Hot Work Permit form.Management of change

PSM requires employee to develop and implement documented procedures to manage changes in the process chemistry, process equipment and operating procedures through Management of Change (MOC). MOC is a tool that can be effectively used to ensure the continued integrity of the other PSM elements. However, MOC also requires other elements (e.g. process knowledge and mechanical integrity) be in place and functioning; otherwise MOC will not be effective. For example, process hazard analysis (PHA) can be used to assess the safety of the current design and operating procedures; this establishes a baseline against which the significance of future changes can be assessed. The objective of MOC is to provide a system of administrative controls that ensures:

The proper consideration of direct and indirect hazard potential before the change is implemented; That procedures are modified and retraining, where relevant, occurs before the modification is put into service; Enhanced emphasis on the preparation and retention of records of each change; and

The ability to audit the changes.

At plants with a strong PSM program, MOC can be expected to play a key role in maximizing the value of the PSM program. Older plants may present a greater challenge in implementing MOC since documentation of parts of their PSM program information may be out of date, or missing. As a result, it may be difficult to readily determine whether a change is safe to implement. In such situations, for a MOC program to be effective, priority attention should be given to updating documentation that supports the plant PSM program. Effective, up-to-date documentation is important to enable the facility to be operated safely and profitably.

Incident investigation

Under the incident investigation section of PSM, chemical industries are highly encouraged to perform a complete investigation of incidents to determine their causes and to seek ways of preventing their recurrence. The key to preventing disaster first lies in recognizing the leading indicators. These leading indicators exist in incidents that are less than catastrophic. They can even be seen in so-called near misses that may have no discernable impact on routine operation. By examining lower-consequence, higher-frequency occurrences, companies may avoid those rare incidents that cause major consequences.

The process of incident investigation generally utilizes a team-based approach involving: gathering and analyzing the evidence; drawing conclusions as to the causes of the incident; generating corrective or preventive actions; and summarizing, documenting, and disseminating the findings. Proper documentation of incident investigation results provides the basis for corrective actions leading to improvements in the organization's process safety management (PSM) program and, accordingly, should enhance plant safety.

Role of Incident Investigation

The Center for Chemical Process Safety (CCPS) of the American Institute of Chemical Engineers (AIChE) recognized the role of incident investigation and published the original Guidelines for Investigating Chemical Process Incidents in 1992. This book helps to define and refine the incident investigation systems to achieve positive results effectively and efficiently by presenting a timely treatment of incident investigation represented in four stages as follows: 1. The first step in conducting a successful incident investigation is to recognize when an incident has occurred so that it can be investigated appropriately. The heart of the issue is that members of an operating investigation team all share a common language that supports their investigation objectives efficiently and accurately. For this reason, in order to enhance effective recognition and communication during an investigation, the following definitions for key terms are applied.

Incidentan unusual or unexpected occurrence, which either resulted in, or had the potential to result in: serious injury to personnel, significant damage to property, adverse environmental impact, or a major interruption of process operations.

The definition implies three categories of incidents:

a. Incident is an occurrence in which property damage, material loss, detrimental environmental impact, or human loss (either injury or death) occurs. b. Near miss is an occurrence in which an accident (that is, property damage, material loss, environmental impact, or human loss) or an operational interruption could have plausibly resulted if circumstances had been slightly different. c. Operational interruption is an occurrence in which production rates or product quality is seriously impacted. 2. The second step in conducting a thorough investigation is to assemble a qualified team to determine and analyze the facts of the incident. This teams charter, using appropriate investigative techniques and methodologies, is to reveal the true underlying root causes. The terms causal factor and root cause help investigators analyze the facts and communicate with each other during the investigation phase.

Causal factor, also known as a critical factor or contributing cause, is a major unplanned, unintended contributor to the incident (a negative occurrence or undesirable condition), that if eliminated would have either prevented the occurrence, or reduced its severity or frequency.

Root cause is a fundamental, underlying, system-related reason why an incident occurred that identifies a correctable failure(s) in management systems. There is typically more than one root cause for every process safety incident.3. The third step in incident investigation is to generate a report detailing facts, findings, and recommendations. Typically, recommendations are written to reduce risk by:

Improving the process technology

Upgrading the operating or maintenance procedures or practices

Upgrading the management systems. (When indicated in a recommendation, this is often the most critical area.)

4. After the investigation is completed and the findings and recommendations are issued in the report, a system must be in place to implement those recommendations. This is not part of the investigation itself, but rather the follow-up related to it. It is not enough to put a technological, procedural, or administrative response into effect. The action should be monitored periodically for effectiveness and, where appropriate, modified to meet the intent of the original recommendation.

These four steps will result in the greatest positive effect when they are performed in an atmosphere of openness and trust. Management must demonstrate by both word and deed that the primary objective is not to assign blame, but to understand what happened for the sake of preventing future incidents.Notification of Chemical Incidents

CSB and OSHA will be notified of chemical releases through the National Response Center (NRC) and other media. In addition, both agencies will notify each other of chemical incidents that meet one or more of the following criteria:

1. Result in one or more worker fatalities.

2. Result in the hospitalization of three or more workers.

3. Cause property damage of more than $500,000.

4. Present a serious threat to worker health or safety; or are events of significant public concern. It requires employers to investigate as soon as possible (but no later than 48 hours after).

The standard calls for an investigation team, including at least one person knowledgeable in the process involved, a contract employee when the incident involved contract work and others with knowledge and experience to investigate and analyze the incident, and to develop a written report on the incident. Reports must be retained for five years. Following link XX presents selected OSHA and EPA incident investigation regulations.

Emergency planning and response

Emergency planning and response requires employers to develop and implement an emergency action plan as a respond effectively to the release of hazardous chemicals. Regulation requires companies with more than 10 employees to prepare an emergency plan and response in case of hazardous chemical release but nevertheless, the smallest company should always be ready to handle hazardous chemicals. The emergency action plan must include procedures for handling small releases as well. This is done by taking into accounts several factors such as:

Facility siting, the location of the control room to the process, and indicate clearly identified area of refuge.

Indicate whether the plant is down-wind of a community

Community emergency action plans.

This element requires employers to develop and implement an emergency action plan according to the requirements of 29 CFR 1910.38(a) and 29 CFR 1910.120(a), (p), and (q). Another source of information on preparing emergency planning and response is the NFPA 471 Recommendation Practice for Responding to Hazardous Materials Incidents can be used as a guidance to develop safe emergency plan and response to an incident.

Compliance audit

Compliance audit is a tool to help contractors identify PSM weaknesses and develop recommendations. Each operating location that is required to utilize the PSM Performance Baseline shall be subject to an audit of the PSM systems. The audit is a technique used to gather sufficient facts and information to verify compliance with standards. The purpose of the audit is to ensure that the PSM program is operating in an integrated and effective manner. The performance baseline is based on industry standards and is designed to satisfy the regulatory requirements.

All the contractors must conduct internal audits or self assessments for compliance with the PSM Rule at least every 3 years to determine the degree to which plans and programs have been implemented. There are two major objectives of audits. The first is to assess whether the management system in place adequately addresses all elements of the PSM rule. The second objective is to assess whether the management system has been adequately implemented for every facility or process. Some types of audit are shown below:

Self-audit and independent audits

PSM system audit

Detailed PSM performance audit

Regulatory compliance audits (OSHA PSM and EPA RMP)

Trade secrets

The trade secrets provision of PSM requires that the employer provide all information necessary to comply with PSM to all persons who need it. This does not preclude the employer from taking steps necessary to safeguard the integrity of any information disclosed. It merely prohibits the employer from using trade secrets as an excuse not to provide information to either employees or contractors.

Mannan, M.S., J. Makris, and H.J. Overman. Process Safety and Risk Management regulations: Impact on Process Industry. Encyclopedia of Chemical Processing and Design. Ed. R.G. Anthony, vol. 69, Supplement 1, pp 168-193, Marcel Dekker, Inc., New York, 2002.

Spellman, Frank R. A Guide to compliance for Process Safety Management/ Risk Management Planning. United States Occupational Safety and Health Administration, United States Environmental Protection Agency. CRC Press: 1998.

Process Safety Management Report for OSHA and ISO Compliance Volume 1 No.1, June 1992.

Idem as 1

Center for Chemical Process Safety. Guidelines for Hazard Evaluation Procedures. American Institute of Chemical Engineers: New York, 1992.

Lees Loss Prevention in The Process Industries Vol.1, Vol.2 and Vol.3 Hazard Identification, Assessment and Control 3rd Edition, Elsevier, 2004.

http://www.saic.com/environment/psm/elements.html

Center for Chemical Process Safety. Guidelines for Process Safety Documentation. American Institute of Chemical Engineers.

Idem as 3

Idem as 1

Idem as 3

Idem as 7