Net Zero by 2050

Share this post

The One-Legged Stool

netzero2050.substack.com

The One-Legged Stool

Ian Sutton
Dec 16, 2022
Share

Reproduced with permission

The following post is taken from Safety Moment #83: The One-Legged Stool. (Trevor Kletz wrote the first article on this topic.)

Although this post is written somewhat tongue-in-cheek, it does contain some useful lessons for process safety professionals. For example,

  • Safety is not necessarily expensive. Indeed, in this case safety actually reduced costs — a one-legged stool is cheaper than one with three legs.

  • Simple is good. The one-legged stool is much simpler to operate and maintain than complex instrumentation.

  • Inherent safety requires imagination — in this case, making the reactor much, much smaller.

A Very Simple Safety System

Early in the 20th century a factory in the town of Pitsea in England manufactured the explosive nitro-glycerine. 

Making nitro-glycerine was very dangerous. Concentrated acids were mixed with glycerine in huge vats. If too much glycerine was added too quickly to the mixture, it would become unstable, and a large valve would have to be opened to quickly dump the whole batch into a large vat of water. Failure to do this quickly could have led to a catastrophic explosion.

Mostly, though it was very dull. The operator would sit at the mixing machine for long hours just looking at the dials to make sure the machine was working OK, and there was a good chance they could fall asleep on the job. A one-legged stool made sure they had to perch to stay awake . . . in all the years the factory operated they never once had to dump the Nitro-Glycerine mixture.

In other words, the worker in charge of this process (the rather stout gentleman shown in the picture) was allowed to sit down, but only on a one-legged stool. Hence if he dozed off, he would fall and wake up.

Let’s consider this situation using process safety management thinking. 

  • The hazard is “wrong composition”, i.e., too much glycerine.

  • The consequence is a devastating explosion.

  • The predicted frequency of the event is very low.

Such a situation is what process safety professionals face all the time. 

The difference between then and now lies in the safeguards. In the Pitsea factory, the safeguard was a one-legged stool — that was all. It was cheap, easy to maintain and repair, and effective.

Were we to build a process such as this now we would probably install multiple layers of protection, involving sophisticated instrumentation and backup safety devices. Such systems are expensive, require considerable maintenance and are difficult to understand. Yet they would not necessarily be more effective than the one-legged stool. After all, the process at Pitsea never experienced an explosion.

Simple Level Measurement

It might be thought that the time and place of this example is so distant as to be not pertinent to modern industry. But I recall, early in my career, working at two chemical plants, one in south-east Texas and the other in Europe, where the clients made large quantities of ethylene oxide (EO) — a chemical that is both toxic and highly flammable. 

EO was stored in a large tanks. The tanks had no instrumentation at all. The only way of measuring the level was with a manual strapping gauge. To modern ears this situation sounds extraordinarily hazardous. Yet it worked — in many years of operation neither facility had a spill or any other type of incident to do with tanks.

The modern process safety expert could not live with either of the above examples. He or she would not accept that the level in both the nitro-glycerine vat and the EO tanks could be monitored without any type of instrumentation. He would insist on conducting elaborate studies that generate recommendations for the installation of expensive level control systems, backed up with a high-integrity Safety Instrumentation System. Indeed, an industry regulation or standard may require that such a system be installed.

This new system may or may not make the operation of the tank more safe, but it will most certainly increase capital and maintenance costs substantially. Moreover, a complex system such as this is vulnerable to the Law of Unintended Consequences. If something can break it will. But with the one-legged stool, all that can break is the leg of the stool itself, and that can be fixed in no time flat (and while it is being fixed, the operator will have to stand, which is a safe condition).

The following Table compares the two approaches to controlling the level in the nitro-glycerine reactor using process safety management terms.

Although the above analysis is written somewhat tongue-in-cheek, it is actually an example of the application of Inherent Safety, specifically the value of Simplicity. The modern, highly instrumented approach, could be considered as an example of, “We’ve found the solution, now where’s the problem?”

Postlude

In later years industry developed a tubular based reactor for making nitro-glycerine. The residence time was just a few seconds so the worst case scenario was not all that bad. In other words, they implemented true Inherent Safety.

Net Zero by 2050 is a reader-supported publication. To receive new posts consider becoming a free or paid subscriber.

Share

No posts

Ready for more?

© 2024 Ian Sutton
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share