Plant Design For Safety PDF
Plant Design For Safety PDF
Plant Design For Safety PDF
COMMONWEALTH OF A U S T R A L I A
Copyright Regulations 1969
WARNING
*
This material has been reproduced and communicated to you by or on behalf of Central Queensland University pursuant to Part VB ofthe Copyright Act 1968 (the Act). The material in this communication may be subject to copyright under the Act. Any further reproduction or co.munication of this material by YOU may be the subject of copyright protection under the Act.
Trevor Kletz
University of Technology Loughborough, United Kingdom
Tavlor &Francis
This book was set in Times Roman by Hemisphere Publishing Corporation. The editors were Lisa J . McCullough and Deena Williams Newman; the production supervisor was Peggy M. Rote; and the typesetter was Anahid Alvandian. Printing and binding by Braun-Brumfield, Inc.
On rhe cover. Safety thinking. Graphic used by permission of the Institute of Chemical Engineers.
A CIP catalog record for this book is available from the British Library.
I. Kletz, Trevor A.
90-4727 CIP
Chapter 1
This is all that I have learnt: God made us plain and simple but we have made ourselves very complicated. Ecclesiastes 7:29
In all industries errors by operators and maintenance workers and equipment failures are recognized as major causes of accidents, and much thought has been given to ways of reducing them or minimizing their consequences. Nevertheless, it is difficult for operators and maintenance workers to keep up an error-free performance all day, every day. We may keep up a tip-top performance for an hour or so while playing a game or a piece of music, but we cannot keep it up continuously. Designers have a second chance, opportunities to go over their designs again, but not operators and maintenance workers. Plants should therefore be designed, whenever possible, so that they are user friendly, to borrow a computer term, so that they can tolerate departures from ideal performance by operators or maintenance workers without serious effects on safety, output, or efficiency.
1
CHAPTER 1
Similarly, while much attention has been paid to the improvement of equipment reliability 100 percent reliability is unattainable, and compromises have to be made between reliability and cost, Plants should therefore be designed, whenever possible, so that equipment failure does not seriously affect safety, output, and efficiency. These arguments apply to all industry but particularly to the chemical and nuclear industries, where hazardous materials are handled and the consequences of failure, by people or equipment, are serious. The levels of reliability required are high and may be beyond the capabilities of people or materials. (A joint leaked after a shutdown; 2,000 joints were broken and remade during the shutdown. Only one was remade wrong, but it was the only one that anyone heard about. Nevertheless, the fiber gaskets in most of the joints-those exposed to liquid-were replaced by friendlier spiral-wound gaskets.) The characteristics of friendly plants are summarized below and are discussed in detail in later chapters. The characteristics are not sharply defined and merge into each other.
1 Zntensijication Friendly plants contain low inventories of hazardous materials; the amount is so little that it does not matter if it all leaks out. What you dont have, cant leak. This may seem obvious, but until the explosion at Flixborough, U.K.in 1974 little thought was given to ways of reducing the amount of hazardous material in a plant. Engineers simply designed a plant and accepted whatever inventory the design required. At Bhopal in 1984 the material that leaked, killing more than 2,000 people, was an intermediate that was convenient, but not essential, to store. Inventories can often be reduced in almost all unit operations as well as storage (see Chapter 3). 2 Substitution If intensification is not possible, then an alternative is substitution: using a safer material in place of a hazardous one. Thus it may be possible to replace flammable refrigerants and heat transfer media with nonflammable ones, hazardous products with safer ones, and processes that use hazardous raw materials or intermediates with processes that do not (see Chapter 4). Intensification, when it is practicable, is better than substitution because it brings about greater reductions in cost. If less material is present we need smaller pipes and vessels, smaller structures and foundations. Much of the pressure for intensification has come from those who are primarily concerned with cost reduction. In fact, friendless in plant design is not just an isolated but desirable concept but part of a total package of measures, including cost reduction, lower energy usage, and simplification, that the chemical industry needs to adopt in the years ahead (see Section 2.4). 3 Attenuation Another alternative to intensification is attenuation: using a hazardous material under the least hazardous conditions. Thus liquefied chlorine and ammonia can be stored as refrigerated liquids at atmospheric pressure instead of under pressure at ambient temperature. Dyestuffs that form explosive dusts can be handled as slurries (see Chapter 5 ) .
Attenuation is sometimes the reverse of intensification because if we make reaction conditions less extreme we may need a longer residence time. 4 Limitation of Eflects If friendly equipment does leak, it does so at a low rate that is easy to stop or control. Spiral-wound gaskets, as already mentioned, are friendlier than fiber gaskets because if the bolts work loose, or are not tightened correctly, the leak rate is lower. A tubular reactor is friendlier than a pot reactor. The leak rate is limited by the cross-section of the pipe and can be stopped by closing a valve in the pipe. Vapor-phase reactors are friendlier than liquid-phase reactors because the mass flow rate through a hole of a given size is less. By changing reaction conditions (for example, the temperature or the order of operations), it is often possible to prevent runaways or to make them less likely. By carrying out different stages of a batch process in different vessels, it may be possible to tailor the equipment to fit more closely the needs of each step. By using steam or oil as a heating medium and limiting its temperature, it may be possible to prevent overheating (see Chapter 6 ) . Intensification, substitution, attenuation, and limitation of effects are often referred to as inherently safer design because, instead of making plants safer by adding on protective equipment to control the hazards (the usual procedure), we try to avoid the hazards. 5 SimpZiJication Simpler plants are friendlier than complex plants because they provide fewer opportunities for error and contain less equipment that can go wrong. They are usually also cheaper. The main reason for complexity in plant design is the need to add on equipment to control hazards. Inherently safer plants are therefore also simpler plants. Other reasons for complexity are: design procedures that result in a failure to identify hazards or operating problems until late in design. By this time it is impossible to avoid the hazard, and all we can do is add on complex equipment to control it (see Chapter 7). a desire for flexibility. Multistream plants with numerous crossovers and valves, so that any item can be used on any stream, have numerous leakage points, and errors in valve settings are easy to make. lavish provision of installed spares with their accompanying isolation and change-over valves. continuing to follow rules or practices that are no longer necessary (see Chapter 8). our intolerance of risk. Do we go too far? (See Chapter 12.) Equipment can, of course, combine more than one of the features of friendly plants, and these features are interlinked. Thus intensification and substitution often result in a simpler plant because there is less need for added-on safety equipment. At other times we have to choose between, say, substituting a hazardous chemical with a safer one plus a reaction that is more likely to run away (see Section 4.2.3).
CHAPTER 1
6 Avoiding Knock-on Efects Friendly plants are designed so that those incidents that do occur do not produce knock-on or domino effects. For example, they are provided with fire breaks between sections, like those in a forest, to restrict the spread of fire, or, if flammable materials are handled, they are built out-of-doors so that leaks can be dispersed by natural ventilation (see Section 9.1). 7 Making Incorrect Assembly Impossible Friendly plants are designed so that incorrect assembly is difficult or impossible. For example, compressor valves should be designed so that inlet and exit valves cannot be interchanged (see Section 9.2). 8 Making Status Clear With friendly equipment it is possible to see at a glance whether it has been assembled or installed incorrectly or whether it is in the open or shut position. For example, check (nonreturn) valves should be marked so that installation the wrong way round is obvious; it should not be necessary to look for a faint arrow hardly visible beneath the dirt. Gate valves with rising spindles are friendlier than valves with nonrising spindles because it is easy to see whether they are open or shut. Ball valves are friendly if the handles cannot be replaced in the wrong position (see Section 9.3). 9 Tolerance Friendly equipment will tolerate poor installation or operation without failure. Thus, as mentioned, spiral-wound gaskets are friendlier than fiber gaskets because if the bolts work loose, or are not tightened correctly, the leak rate is much less. Expansion loops in pipework are more tolerant of poor installation than bellows. Fixed pipes or articulated arms (if flexibility is necessary) are friendlier than hoses. For most applications, metal is friendlier than glass or plastic (see Section 9.4). 10 Ease o f Control When possible, we should control by the use of physical principles rather than added-on control equipment. Thus one flow can be made proportional to another by using flow ratio controllers (which may fail or be neglected) or, a better way, by letting one fluid flow through an orifice and suck in the other through a side arm. Processes with a slow or flat response to change are obviously friendlier than those with a fast or steep response. Processes in which a rise of temperature decreases the rate of reaction are friendlier than those with a positive temperature coefficient, but this is difficult to achieve in the chemical industry. Nevertheless, there are a few examples of processes in which a rise in temperature reduces the rate of reaction (see Section 9.5). 11 Software Errors are much easier to detect and correct in some programmable electronic systems (PES) than in others. If the term software is used in the wide sense to cover all procedures (as distinct from hardware or equipment), then some software is much friendlier than others. Training and instructions are obvious examples. If many types of gaskets or nuts and bolts are stocked, sooner or later the wrong type will be installed. It is better, and cheaper in the long run, to keep the number of types stocked to a minimum even though more expensive types than are strictly necessary are used for some applications (see Section 9.6).
It is the theme of this book that, instead of designing plants, identifying haz-
Table 1.1
Intensification Reactors
Nitroglycerin manufacture Distillation Heat transfer Intermediate storage Substitution Heat transfer media Solvents Chlorine manufacture Carbaryl production Attenuation Liquefied gases Explosive powders Runaway reactants Any material Limitation of effects Gasket Rupture disk Tank dikes Batch reactions Available energy Simplification (fewer leakage points or opportunities for error)
Well mixed High conversion Internally cooled Vapor phase Tubular NAB process Higee Miniaturized Small or nil Nonflammable Nonflammable Membrane cells Alternative process Refrigerated Slurried Diluted Vapor Spiral wound Normal Small and deep Several vessels Energy level limited Hazards avoided
Poorly mixed Low conversion Externally cooled Liquid phase Pot Batch process Conventional Conventional Large Flammable Flammable Mercury and asbestos cells Bhopal process Under pressure DrY Neat Liquid Fiber Reverse buckling Large and shallow One vessel Energy level high Hazards controlled by added equipment Multistream with many cross-overs Multipurpose plant Many small plants Installed Always followed Protected by relief values, etc. One vessel, t w o jobs Pumped (Table continues on next page)
Single stream Dedicated plant One big plant Uninstalled Flexible Able to withstand pressure and temperature One vessel, one job Gravity
Flow
CHAPTER 1
Open sided Fire breaks Weak seam Pointing away from other equipment
Enclosed
No fire breaks
Strong seam Pointing a t other equipment
Noninterchangeable Cannot point upstream Rising spindle or ball valve with fixed handle Figure 8 plate Continuous plant Spiral-wound gasket Expansion loop Fixed pipe Articulated arm Bolted joint Metal Flat Slow Processes in which rise in temperature produces reaction stopper Some programmable electronic systems Some Few types stocked
Nonrising spindle
Spade Batch plant Fiber gasket Bellows Hose Hose Quick-release coupling Glass, plastic Steep Fast Most processes
Software Errors easy to detect and correct Training and instructions Gaskets, nuts, bolts, etc.
Most
Chernobyl
Pressurized water reactor Advanced gas-cooled (PWR) reactor (AGR) AGR, Fast breeder reactor, PWR High-temperature gas-reactor, Processinherent ultimate safety reactor Rotating engine Cannot touch Reverse connection possible Lamb Bungalow Tricycle Concave up Pointed end up Hard boiled Medieval eggcup Reciprocating engine Can touch Reverse connection impossible Lion Staircase Bicycle Convex up Blunt end up Soft boiled Standard eggcup
Other industries Continuous movement * Helicopters with t w o rotors Chloroform inhaler Analogies
*In practice reciprocating internal combustion engines are not less friendly than rotating engines, although one might expect that equipment that continually starts and stops would be less reliable.
ards, and adding on equipment to control the hazards or expecting operators to control them, we should make more effort to choose basic designs and design details that are user friendly. The chapters that follow give examples of what has been or might be done and discuss the action required. They also discuss the reasons why progress has not been more rapid than it has been and suggest that friendliness in plant design should be included in the training of chemical engineers (see Chapter 10). A few examples from some other industries besides the chemical industry are included, particularly examples pertaining to nuclear power (see Section 9.7 and Chapter 11). Table 1.1 summarizes the ways in which plants can be made user friendly, and the Appendix illustrates the principal ways in a more striking form. Although this book is primarily concerned with safety, most of what is said applies also to the prevention of pollution and the avoidance of those small continuous leaks into the atmosphere of the workplace that are the subject of
'
INTRODUCTION-WHAT
I S A FRIENDLY PLANT?
industrial hygiene. Simpler plants, for example, contain fewer joints and valve glands through which leaks can occur, and whenever possible we should substitute safer solvents for toxic ones such as benzene, As already stated, friendly plants are often cheaper than hostile ones. To quote a misprint in an English newspaper, we can have Wealth and Safety at Work.2 Table 1.2 lists the ways in which friendliness can be achieved and their effects on costs. It may be interesting to outline the history of the ideas described in this book. There are many scattered references in the literature to the avoidance of hazards rather than their control, and I was particularly influenced by some of the papers presented at the conference on loss prevention held in Newcastle, U.K.in 197 1 . 3 Inherently safer design as a general concept was, so far as I am aware, first advocated in a 1976 paper on the wider lessons of Flixboro~gh.~ The first paper devoted entirely to inherently safer design was titled What You Dont Have, Cant Leak (1978). The subject was discussed in more detail in a short book,6 published in 1984, on which this book is based. At first interest in the subject was limited, but Bhopal (1984) produced a number of paperse7 Other papers are referenced in the chapters that follow. The extension of inherently safer design to the wider subject of friendlier design was first advocated in a paper presented to Wayne State University in 1987 and published in 1989. The development of inherently safer nuclear reactors has been advocated for many years by Alvin Weinberg.
REFERENCES AND NOTES
Kletz, T. A. 1985. An engineers view of human error. Rugby, U.K.: Institution of Chemical Engineers. Daily Telegraph. 1983. F. Hearfield, ed. 1971. Loss prevention in the process industries. Symposium Series no. 34. Rugby, U.K.: Institution of Chemical Engineers. Kletz, T. A. 1976. Preventing catastrophic accidents. Chem. Eng. (US). 83(8):124128. Kletz, T. A. 1978. What you dont have, cant leak. Chem. Znd. 9:287-292. Kletz, T. A. 1985. Cheaper, safer plants or wealth and safety at work-Notes on inherently safer and simpler plants. Rubgy, U.K.: Institution of Chemical Engineers. See papers by Wade, D. E.; Hendershot, D. C.; Caputo, R. J.; and Dale, S. E.; Proceedings of the international symposium on preventing major chemical accidents, ed. J. L. Woodward. New York: American Institute of Chemical Engineers. Kletz, T. A. 1989. Friendly plants. Chem. Eng. Prog. 85(7):18-26. Weinberg, A. M. 198 1. In The Three Mile Island nuclear accident, ed. H. T. Moss and D. L. Sills. New York: New York Academy of Sciences.