Net Zero by 2050

Share this post

Net Zero by 2050
Net Zero by 2050
OSHA's PSM Update: What's Not There — PSM Updates
Copy link
Facebook
Email
Notes
More

OSHA's PSM Update: What's Not There — PSM Updates

Ian Sutton
Nov 29, 2022
Share
OSHA PSM Updates PHA shutterstock_352390967

We have been working our way through OSHA’s proposed changes to its process safety standard. Our reviews to date have focused on what the agency said in its 24 change items. What can be equally interesting is discussing those topics that seem to be relevant, but that were not mentioned.

Inherent safety is an example of such a non-change.

The Dog That Did Nothing

In the story Silver Blaze, published in the year 1892 (exactly 100 years before OSHA’s process safety standard) the detective Sherlock Holmes is investigating an apparent murder. This story is famous for the dog that did not bark.

Gregory (Scotland Yard detective): “Is there any other point to which you would wish to draw my attention?”

Sherlock Holmes: “To the curious incident of the dog in the night-time.”

Gregory: “The dog did nothing in the night-time.”

Sherlock Holmes: “That was the curious incident.”

When it comes to OSHA’s proposed changes, the fact that Inherent Safety is not mentioned is a “curious incident”.

Inherent Safety

Inherent Safety is a topic that has rightly received considerable attention since OSHA introduced its standard in the year 1992. It has been the focus of many papers and articles. Moreover, even though OSHA does not use the term in its proposed changes, it seems as if that this is what they are driving toward. with many of their statements — for example, to do with RAGAGEP. (Other agencies, such as the UK Health and Safety Executive, have explicitly incorporated inherent safety into their regulations.)

The importance of inherent safety is that it is the most effective way of improving a facility’s safety.

There are three ways of reducing risk: (1) Remove the hazard, (2) Reduce the consequences of the hazard, (3) Reduce the likelihood of occurrence. Of these, the only one that can reduce risk to zero is the first of these options: remove the hazard. Inherent safety focuses on ways of removing hazards altogether — not on reducing the risk associated with a situation that already exists.

Five Categories

Trevor Kletz was one of the first people to write on this topic in his 1978 paper What you don't have, can't leak.

He and others developed the following five categories of inherent safety. They are generally addressed in the order shown, i.e., those at the top of the list provide greater security than those at the bottom.

  • Eliminate

  • Minimize (Intensify)

  • Substitute (Attenuate)

  • Moderate (Limit Effects)

  • Simplify (Error Tolerance)

Strictly speaking, the ‘Eliminate’ option is the only one that provides true inherent safety; all the others reduce risk, but do not eliminate it.

Eliminate

The only way of reducing risk to zero is to remove the hazard that creates that risk. (Safety can also be made perfect if no one is present.) Therefore inherent safety can best be achieved by totally removing the items that creates the hazard. (“If a tank’s not there, it can’t leak.”) For example, if a pump is being used to transfer a liquid from one tank to another it may be found that there are other means of effecting the transfer that don't need a pump. Options may include gravity flow or the use of air at high pressure. (But the use of compressed air may create greater risk than that associated with having a pump. One always has to be aware of the Law of Unintended Consequences.)

Minimize

Where possible, smaller quantities of hazardous materials should be used. This philosophy derives in part from the Bhopal tragedy. That facility stored large quantities of the intermediate compound methyl isocyanate that created the toxic cloud. Had the facility been designed so as to greatly reduce this inventory — a technically feasible solution — then the consequences of the event would have been much less severe.

There is one situation where minimization may not be appropriate, and that is to do with adding over-capacity to equipment. Although design engineers are under constant pressure to reduce the size of equipment so as to save costs, some over-design can help take care of operational upsets and changes in performance. For example, adding extra tubes to a heat exchanger may help handle temperature surges and they may reduce the intervals between exchanger cleanings, thus reducing the exposure of maintenance personnel.

Substitute

Another way of achieving inherent safety is to replace a hazardous material with one that is less hazardous. Thus, the consequences of a release are fundamentally less dangerous. For example, if it is possible to use a water-based solvent rather than a hydrocarbon solvent, the system becomes inherently safer.

A classic example of substitution concerns the use of hydrogen fluoride (HF) as an alkylation catalyst in oil refineries. The properties of HF that make it such an effective catalyst also make it a highly corrosive and toxic chemical in the event of a release. An alternative alkylation catalyst is sulfuric acid. Although sulfuric acid is also a hazardous material, it cannot cause a catastrophic accident when released in the way that HF can.

Another example of substitution includes the use of aqueous rather than anhydrous ammonia.

Moderate

Moderation accepts that a certain condition exists but aims to reduce its impact. Safety through modification is generally achieved either by changing equipment, or by increasing the spacing between equipment items, or by moving people away from the site of a potential incident. (Arguably, this approach is not truly inherent safety since the hazard is not removed.)

Equipment Modification

In the case of the pump that is transferring liquid from one tank to another the greatest risk may occur if the pump is blocked in while running and achieves dead-head pressure. In such a case the risk can be moderated by using a lower pressure pump curve.

Spacing

An important aspect of moderation concerns the use of space between equipment items. Blast overpressure and concentrations of toxic gas from releases fall off exponentially with distance. Inherent safety suggests that it is better to protect systems from the effects of an explosion by moving them apart from one another than by putting a blast wall between them.

If equipment items are spaced well apart from one another there is also less risk of a confined vapor cloud forming with its potential for a very destructive explosion.

Underground Location

For onshore facilities it is generally better to run utilities such as electrical cabling and instrument lines underground. This will protect them from fires and explosions (a particularly important consideration if some of the utility systems need to be kept in operation as part of the facility’s emergency response program). The protection of utilities is also important because it is often found that, following a major accident, large equipment items and piping are soon back in service, but it can take a long time to repair the damaged utility systems, particularly instrumentation runs.

Putting utilities underground does have drawbacks. There is an “out of sight, out of mind” problem — buried systems may not be inspected and checked as those above ground. They may also be more subject to corrosion than if they were above ground. A sensible compromise is to place utility lines below grade in open trenches.

Removing People

“If a man’s not there, he can’t be killed”. The risk associated with a system can be moderated by moving personnel away from the equipment. Ideally, people will not be present at all.

An excellent example of the effect of removing people occurs almost every year in the Gulf of Mexico. Typically, three or four destructive hurricanes enter the Gulf each year. These hurricanes can and do cause serious damage to offshore oil and gas platforms. Yet the number of people who are killed or injured is zero because the platforms are evacuated well before the hurricane arrives.

Simplify

The final step in achieving Inherent Safety is to make systems as simple as possible. Simplification can be achieved by making equipment and systems simpler, and/or by reducing the potential for human error (and making sure that the system fails safe if someone does make an error).

Equipment Simplicity

A simple system is easier for operations personnel to understand. The chance of operating and maintenance errors is reduced. And, if things do go awry, the operators will probably have a better grasp of the situation. (Once more, this approach is not truly to do with inherent safety; it is more to do with consequence reduction.)

Simple equipment is less likely to fail than equipment that is more complex. Referring to the pump example once more, it is possible that another vendor can provide the same piece of equipment but with many fewer moving parts - thus reducing both the chance of failure and the number of maintenance tasks to be carried out.

Error Tolerance

An important part of simplification concerns making systems error tolerant. The system should also be designed such that, if a person does make a mistake, operations fail into a safe condition. For example, different types of hose nozzles can be used for different chemicals. Therefore, if an operator tries to connect the wrong hose to a truck or rail car, the nozzle type will prevent him from doing so.

Index of Posts

For a list of the posts that we have published to do with OSHA’s proposed updates, please visit Update to OSHA’s Process Safety Management Regulation: An Index.

Thanks for reading Net Zero by 2050! Subscribe for free to receive new posts.

Share

No posts

Ready for more?

© 2025 Ian Sutton
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More