Safety in Design

Introduction

This short article is identifies some safety issues that I have become aware of during my career, focusing on cryogenic processes.
Also, it introduces a new approach to the Hazop procedure aimed at participants (mainly process and control engineers). The intent here is to reduce fatigue of participants by looking at potential root causes of upsets, instead of symptoms, considering larger segments (‘nodes’) and minimising the inevitable repetition. The result should be saving in time and money but more importantly achieving a higher quality result.

Safety in design requires a good understanding of the conditions in all the interconnected elements of a plant.  These conditions do not vary significantly with time in a continuous process plant – except during start-up or shutdown, or serious upset.

Any new project design or proposed modification to an existing one must be first systematically and critically reviewed for all possible changes to that could lead to a hazard. This is called a Hazard and Operability (or HAZOP) review.

A new approach to Hazop looks systematically at all potential fundamental factors that can disrupt the steady state condition.  It aims to avoid the repetition that typically can arise with the traditional Hazop approach and guidewords. This repetition can sap the energy and attention of the participants and therefore the quality of the Hazop review. The method cannot claim to identify every hazardous situation, but should speed the identification of root causes of hazards and upsets on a continuous process plant.

A brief summary of the method is found via the link below.

Hazop Studies – A New Approach

Further details are available on request.

Other methodologies frequently used to identify and manage hazards in the chemical and process industries include: HAZID (hazard identification); QRA (Quantitative Risk Analysis); SIL assessment (Safety Integrity Level), LOPA (Layers of Protection analysis).

NP Hazop method – an update March 2022
To extend the published NP Hazop approach from continuous processes to include batch processes or to planned non-steady state operations such as startup and shutdown, the following definitions and methodology is proposed:

a) Continuous Process (CP)

Hazard = any change in the steady state material or energy balance. Procedure is to identify all potential causes of this in each plant segment (often termed ‘node’ )

For a continuous process, the plant start-up and shutdown (or changes in operating capacity) are planned non-steady state operating modes, where there is additional risk. This merits special attention in Hazop studies.

b) Batch Process or Startup / shutdown (BP)

Hazard = any deviation from the normal or target trajectory of the batch – such as temperature-time profile. By their nature batch processes require adequate reliable (tested) instrumentation.

Procedure for a BP study can follow that for a CP except that the basic study looks for potential causes of deviations from the start conditions, the trajectory versus time and the end condition of the batch progress.

Multi-product batch processing equipment can introduce additional hazards, and require corresponding safeguards to eliminate these risks.

SAFETY IN CRYOGENICS

Cryogenic processes can include many of the same hazards as ambient temperature processes where flammable materials are present. Processing includes separation, purification, liquefaction or vaporisation and storage and shipment. The hazards may arise from the fluids being processed eg natural gas, carbon dioxide or oxygen or from auxiliary fluids such as propane or ammonia which may provide refrigeration for the process.

Some cryogenic risks are generally recognised:

• Cold burns from touching very cold equiment or piping.

• Ice on poorly or un-insulated overhead piping can detach and fall on personnel or equipment underneath.

• Asphixiation risk from entry to vessels or cold boxes where low oxygen content may arise (<19%).
  The need to enter cold boxes should be very carfully regulated. If in operation they have been purged with inert gas such as N2 they must be ventilated and tested before entry and or breathing apparatus used.

• Brittle fracture failure of carbon steel piping at temperatures below the safe limit for the material. If a cryogenic process loses its feed stream but the products continue to flow, they will quickly exit at temperatures low enough to fracture carbon steel piping without protective measures.

• Fire risk in high oxygen atmospheres where even steel can burn. Oxygen venting appears hamless but can be adsorbed onto clothing and later catch fire.

• Hydrogen has a wide flammable range (4-75 vol%) and is explosive when mixed with air. Fortunately, unless confined, its very low molecular weight and density causes it to disperse more quickly than most other gases.

• Ammonia is gaining interest as a transportable energy ‘vector’ as a liquid. It is combustible (flammable range approx 15 - 30% in air) and mixtures are potentially explosive. It is also very toxic, being potentially dangerous at 35ppm ppm if exposure is longer than 15 minutes (US National Institute of Occupational Safety and Health (NIOSH) . Fortunately it is detectable by most people at about 5 ppm.

Sources of information

The European Industrial Gas Association EIGA provides extensive guidelines on proper management of the processing and storage and safe handling of many cryogenic fluids.

Standards of the Brazed Aluminium Plate-Fin Heat Exchanger Manufacturers' Association (ALPEMA) is a valuable reference for all aspects of this type of equipment very widely used in cryogenics.

Some other risks might be less widely known and are worth summarising.

Catastrophic failure of either high pressure gas or liquid carbon dioxide (CO2) from pipeline or storage. A large leak of HP gas or liquid will form a heavier than air blanket of dry ice and cold CO2 vapour that hugs the ground until it is dispersed. Apart from being a non-life supporting asphyxiant at high concentrations, CO2 is also toxic at just a few percent in air.

Very small traces of combustible material such as hydrocarbons or microscopic particles in smoke if present in the air fed to a cryogenic air separation plant (ASU) may tend to accumulate dissolved in the liquid oxygen bath of the low pressure column. If deposited as solid on the surface of the reboiler a violent combustion can occur.

LNG containing other species either less volatile such as ethane or propane or more volatile such as nitrogen, will ‘weather’ over time. The normal vapourisation of stored LNG can lead to potentilly unstable stratified layers or cells that eventually mix and cause a sudden increased boiloff. The phenomenon termed ‘Rollover’ is widely recognised but has to be managed, for example by limiting the N2 content of fresh LNG fed to the storage to 1% or less.

Startups and shutdowns.

For cryogenic processes, the rate of cooldown or warming-up of some equipment may need to be constrained to avoid generation of excessive local stresses due to unequal expansion or contraction. Such transient stresses can cause failure and loss of containment. This risk is easy to understand when the temperature difference between ambient and operation can often be 200 deg C or more.