Process safety management CCPS Risk Based Approach

Ensuring Process Safety Management: Protecting Lives and Assets


Process safety management (PSM) is a critical framework that safeguards industrial operations, protecting lives, the environment, and valuable assets. It encompasses a comprehensive set of practices and guidelines to identify, understand, and manage the risks associated with chemical processes and equipment in industries such as oil and gas, chemical manufacturing, and pharmaceuticals.

In this article, I will delve into the importance of PSM, its key elements, and how organizations can implement and enhance their process safety management systems.

The Significance of Process Safety Management

In industrial environments, process safety is of paramount importance. It ensures that operations involving hazardous materials are conducted in a manner that minimizes the risk of accidents, releases, and incidents. The significance of PSM can be summarized as follows:

  1. Human Safety: The primary objective of PSM is to protect the safety and well-being of workers, nearby communities, and the general public. Ensuring that processes and equipment are operated safely reduces the likelihood of accidents, injuries, and fatalities.
  2. Environmental Protection: PSM also plays a crucial role in preventing environmental disasters, such as chemical spills, leaks, or emissions that could harm ecosystems and natural resources.
  3. Asset Protection: Process safety management safeguards valuable assets, including equipment, facilities, and the company’s reputation. By minimizing incidents, it helps avoid costly damage and downtime.

Key Elements of Process Safety Management (PSM)

Effective process safety management involves a combination of key elements designed to identify, assess, and mitigate risks.
There are two guidelines that are frequently referred to and used for implementing a PSM system:

  1. OSHA
  2. CCPS risk-based approach

Both approaches are grounded in four key foundational pillars, often referred to as the foundational blocks or pillars. Each of these pillars encompasses several crucial elements, serving as integral topics to meticulously monitor.

This ensures that safety within a business is thoroughly considered, consistently maintained, diligently followed up, documented and those documents are regularly updated.
The foundation pillars are:

  1. Commitment to process safety.
  2. Understanding hazards and risk.
  3. Managing the risk.
  4. Learning from experience.

Note that terminology in literature may vary, but the underlying concept behind the naming remains consistent.

The number of elements varies depending on the approach:

  1. The OSHA approach consists of 14 elements.
  2. The CCPS risk-based approach includes 20 elements.

The OSHA approach:

The OSHA approach has 14 elements, commonly known as the “14 elements”, include the following:

  1. Process Safety Information: Gathering and maintaining data on equipment, materials, and processes is fundamental to understanding the potential hazards.
  2. Process Hazard Analysis: Identifying and assessing potential hazards and their potential consequences, including conducting risk assessments.
  3. Operating Procedures: Developing and maintaining clear and comprehensive operating procedures to ensure safe and consistent operations.
  4. Training and Competency: Ensuring that personnel are adequately trained and competent to perform their roles safely and effectively.
  5. Mechanical Integrity: Implementing a program to maintain equipment integrity, including inspections and maintenance routines.
  6. Management of Change: Evaluating and managing any changes to processes, equipment, or materials to avoid unintended consequences.
  7. Pre-Startup Safety Review: Conducting safety reviews before starting up or modifying processes.
  8. Emergency Planning and Response: Developing plans and procedures to respond to emergencies and mitigate their impact.
  9. Compliance Audits: Regularly conducting audits and inspections to ensure ongoing compliance and identify potential issues. Adhering to industry standards and regulations related to process safety.
  10. Hot work permit: This system is designed to document and monitor necessary maintenance tasks for the smooth operation of the plant. It ensures a comprehensive examination of job-related risks, promotes awareness among maintenance personnel carrying the job, and implements measures to mitigate and combat hazards, such as fire. Additionally, it guarantees that maintenance activities are conducted without disrupting live plant operations, preventing the creation of potentially dangerous situations.
  11. Incident Investigation: Investigating and analysing incidents to prevent their recurrence.
  12. Trade secrets: Ensuring the confidentiality of process safety information classified as a trade secret is imperative. Various strategies can be employed to safeguard trade secrets, encompassing physical security measures, electronic safeguards, and the implementation of non-disclosure agreements.
  13. Employee Participation: Encouraging and involving employees in the PSM process, as they are often the first to identify potential issues.
  14. Contractor Management: Managing and assessing the safety performance of contractors who work on-site.

This approach is visually depicted through a graphic representation, illustrated as follows:

Process Safety Management OSHA approach

The CCPS risk-based approach:

The CCPS approach has 20 elements, commonly known as the “Risk based PSM – CCPS approach”, include the following:

  1. Process safety Culture
  2. Standards, code, regulations and laws
  3. Process safety competency
  4. Workforce involvement
  5. Stakeholder outreach
  6. Process knowledge management
  7. Hazard identification and risk analysis
  8. Operating procedure
  9. Safe work practices
  10. Asset integrity and reliability
  11. Contractor management
  12. Training and performance assurance
  13. Management of change
  14. Operational readiness
  15. Conduct of operations
  16. Emergency management
  17. Incident investigation
  18. Measurement and metrics
  19. Auditing
  20. Management review and continuous improvement

This approach is visually depicted through a graphic representation, illustrated as follows:

Process Safety Management CCPS risk-based approach

Comparison between the two approaches:

A comparison between the two approachs reveals that the CCPS approach is more comprehensive, encompassing an additional six elements compared to the OSHA approach:

  1. Process safety culture
    Process safety culture is defined as the amalgamation of collective values and behaviours that are essential to the management of process safety, basically they are: way of working, responsibility of employees towards safety and reporting and investigating the incidents. This means that management has a big role in establishing a good safety culture and maintaining it by leading as an example.
  2. Process safety competency
    This element promotes the collection and dissemination of information, along with ongoing training in the realm of process safety. The aim is to ensure the competency of individuals, keeping their knowledge, and consequently, the organization’s knowledge, current.
  3. Stakeholder outreach
    Stakeholder outreach involves exchanging pertinent information among similar facilities within the company or with other companies in the industry group. It also entails cultivating relationships with the communities surrounding the facility and engaging them in safety initiatives. Transparency is integral to this pillar, encouraging the sharing of information about the company and facility’s products, processes, plans, hazards, and risks with both the local communities and authorities.
  4. Measurement and metrics
    The metrics element defines performance and efficiency indicators, enabling the near-real-time monitoring of the effectiveness of the risk-based process safety management system (RBPS), its constituent elements, and associated work activities. This component guides the selection of indicators, determines the frequency of data collection, and outlines actions to be taken based on the information gathered, ensuring a responsive and effective operation of the RBPS management system. 
  5. Management review and continuous improvement
    Management review entails the regular assessment of whether management systems are operating as intended, delivering the desired results efficiently. It represents management’s efforts to monitor the effectiveness of Risk-based management system. This needs an improvement plans or corrective actions as well.

In contrast, the OSHA approach includes an element that is not present in the CCPS approach:

  1. Trade secrets

As defined in OSHA 3132 – Reprinted 2000:

“Employers must make available all information necessary to comply with PSM to those persons responsible for compiling the process safety information, those developing the process hazard analysis, those responsible for developing the operating procedures, and those performing incident investigations, emergency planning and response, and compliance audits, without regard to the possible trade secret status of such information. Nothing in PSM, however, precludes the employer from requiring those persons to enter into confidentiality agreements not to disclose the information.”

The table below provides a quick overview of the distinctions between the two approachs:

ItemCCPS Risk Based approach (20 Elements)OSHA approach (14 Elements)
1Process safety cultureDoesn’t apply
2Compliance with StandardsProcess safety information (PSI)
3Process safety competencyDoesn’t apply
4Workforce involvementEmployee participation
5Stakeholder OutreachDoesn’t apply
6Process knowledge managementProcess safety information (PSI)
7Hazard Identification & Risk AnalysisProcess hazard analysis
8Operating ProceduresOperating Procedures
9Safe Work PracticesOperating Procedures
Hot work permit
10Asset Integrity & ReliabilityMechanical Integrity
11Contractor managementContractors
12Training & Performance AssuranceTraining
13Management of ChangeManagement of Change (MOC)
14Operational ReadinessPre-Startup Safety review
15Conduct of OperationsDoesn’t apply
16Emergency ManagementEmergency Planning and Response
17Incident InvestigationIncident Investigation
18Measurements and MetricsDoesn’t apply
19AuditingCompliance Audits
20Management Review and Continuous ImprovementDoesn’t apply
Doesn’t applyTrade Secrets
CCPS Risk Based approach vs OSHA approach

Implementing and Enhancing PSM

As evident from the preceding section, understanding the geographical location of the plant or company targeted for PSM implementation is crucial. This necessitates familiarity with the applicable requirements, codes, and standards. For a deeper exploration of the variances and hierarchical structure of standards, please refer to this article.

To implement and enhance process safety management, organizations should consider the following steps:

  1. Leadership Commitment: Senior management must demonstrate a strong commitment to process safety, allocate resources, and set a safety culture tone.
  2. Risk Assessment: Conduct thorough risk assessments to identify potential hazards and prioritize risk reduction measures.
  3. Employee Training: Invest in ongoing training and development programs to ensure employees are well-prepared and informed about safety protocols.
  4. Continuous Improvement: Implement a culture of continuous improvement, regularly evaluating and enhancing PSM practices.
  5. Documentation and Reporting: Maintain clear and accessible records of all PSM elements and incidents for reference and compliance purposes.


Process safety management is a critical framework that protects human lives, the environment, and valuable assets in industrial operations. By adhering to the 14 elements and fostering a culture of safety, organizations can mitigate risks and minimize the potential for accidents and incidents. Implementing and enhancing PSM is not just a regulatory requirement but a moral and financial imperative, ensuring that industries operate safely and responsibly. It is a commitment to safety that should be at the core of every industrial organization’s mission.

Contact us

For more information, help on your PSM system or even a tailor-made training for you or your organization please don’t hesitate to contact us!

Please share this content.

Read More

Hazard Identification and Risk Assessment

Best Practices for Effective Hazard Identification and Risk Assessment in Process Safety


Hazard identification and risk assessment are the cornerstones of any robust process safety management program. Ensuring the safety of your industrial operations begins with systematically recognizing potential hazards and evaluating the associated risks. In this article, we explore best practices for conducting effective hazard identification and risk assessment in process safety.

    1. Multidisciplinary Approach:
      One of the key best practices in hazard identification and risk assessment is to involve a multidisciplinary team. Different experts from various fields, including process engineers, safety professionals, and operations personnel, bring diverse perspectives and knowledge to the process. This collaborative approach enhances the identification of potential hazards and improves the quality of risk assessments.
    2. Use of Advanced Technology:
      Leveraging advanced technologies such as process simulation, data analytics, and modeling tools can greatly enhance hazard identification and risk assessment. These tools enable a more comprehensive and data-driven understanding of your processes, making it easier to pinpoint potential hazards and assess risks accurately.
    3. Hazard Identification:
      Hazard identification is the foundational step in the risk management process. It involves systematically recognizing potential sources of harm within an industrial process. Hazards can be categorized into various types, including chemical, physical, mechanical, biological, and ergonomic. Here are some key methods for identifying hazards:
        • Process Flow Diagrams (PFDs): Analyzing PFDs can help identify potential hazards, such as the presence of flammable or toxic materials and high-pressure systems. This is usually called HAZID study, which is performed on the PFD level.
        • Hazard and Operability Study (HAZOP): HAZOP is a structured and systematic technique that examines each element of a process to identify deviations from the intended design.
        • What-If Analysis: A What-If analysis involves brainstorming sessions with experts to explore hypothetical scenarios and their associated hazards.
        • Checklists: Using standardized checklists can help identify common hazards in specific industries or processes.
    4. Risk Assessment:
      Once hazards are identified, the next step is to assess the risks associated with these hazards. Risk assessment quantifies the likelihood and consequences of specific hazards and aids in prioritizing them for further management. Common risk assessment methodologies include:
        • Qualitative Risk Assessment: In qualitative assessments, hazards are categorized into risk levels, such as low, medium, or high, based on expert judgment.
        • Semi-Quantitative Risk Assessment: This approach uses a numerical scale to rank hazards and assess the potential consequences.
    5. Risk Mitigation:
      After identifying and assessing hazards, it’s crucial to implement risk mitigation measures. These may include:
        • Engineering Controls: Modify the process design or install safety systems to reduce risks.
        • Administrative Controls: Implement safety procedures, training, and emergency response plans.
        • Personal Protective Equipment (PPE): Ensure that workers have the appropriate PPE to minimize the impact of hazards.
    6.  Root Cause Analysis:
      After an accident happens, there is always investigation necessary both by the organization in which the accident has happend and by authorities that try to safeguard the public. These investigations use different accident investigation and reporting techniwues, one of them is root cause analysis. Incorporating root cause analysis into your hazard identification process is essential.

      Understanding the underlying causes of hazards allows you to develop effective preventive measures. Techniques like the “5 Whys” or “Fishbone Diagrams” can help dig deeper into the root causes of issues.

    7. Near-Miss Reporting:
      Encourage a culture of near-miss reporting within your organization. Near-miss incidents often hold valuable lessons for hazard identification and risk assessment. When employees report near-misses, it provides an opportunity to identify underlying hazards and proactively address them before they lead to accidents.
    8. Historical Data Analysis:
      Reviewing historical incident data and near-miss reports can uncover patterns and trends that may indicate recurring hazards. Analyzing past incidents provides insights that can inform your risk assessment process and help you target specific areas for improvement. For example see an accident report/analysis of Bhopal-disaster.
    9. Scenario-Based Analysis:
      Consider conducting scenario-based risk assessments. This approach involves creating scenarios or hypothetical situations in which hazards can manifest. By analyzing these scenarios, you can gain a better understanding of the potential risks and their consequences.
    10. Continuous Improvement:
      Hazard identification and risk assessment are not one-time activities. It’s crucial to establish a process of continuous improvement. Regularly review and update your assessments to account for changes in technology, regulations, or process modifications.
    11. Training and Education:
      Invest in training and education for your workforce. Ensure that all employees understand the importance of hazard identification and risk assessment and how they can actively participate in the process. Well-informed personnel are more likely to contribute to a safer workplace.


Hazard identification and risk assessment are vital components of process safety management. By following best practices, involving a multidisciplinary team, using advanced technology, analyzing historical data, and fostering a culture of continuous improvement, you can enhance the effectiveness of your hazard identification and risk assessment processes.

These practices contribute to a safer work environment and reduce the likelihood of accidents, protecting both people and assets.

Contact us

For more in-depth guidance on hazard identification and risk assessment, or to explore case studies and success stories, please don’t hesitate to contact our team of process safety experts.

Please share this content.



Read More

Partial stroke testing of A SIF

Partial Stroke Testing of Safety Instrumented Functions (SIFs)

Safety engineers often grapple with the decision of whether to perform a full test or a partial stroke test on a valve, which serves as the final element of a Safety Instrumented Function (SIF) when determining Safety Integrity Levels (SIL). This article explores the essential considerations and guidelines for making this crucial choice.

Basic Requirements

In accordance with IEC 61511 – Part 1 section A.16.3, a comprehensive discussion of proof testing and inspection of a SIF is provided. This section outlines specific requirements for these procedures, emphasizing the importance of achieving the average Probability of Failure on Demand (PFD) of the SIF and conducting proof testing in real operational conditions. The following key points are highlighted:

    • Proof test intervals should align with the target average PFD for the SIF.
    • Proof testing should simulate actual operating scenarios and should occur prior to any routine maintenance that may impact or distort the test results.
    • Integral tests are preferred, encompassing all components, or they should overlap, such as the Sensor Element/Logic Solver (SE/LS) and Logic Solver/Final Element (LS/FE).
    • When a full loop test cannot be conducted due to safety or operational concerns, partial testing is allowed for devices and systems/subsystems of a SIF.
    • If opting for partial testing, the procedure must be documented in the test procedures (safety-loop validation report) and should include:
        • Full testing of the final element during shutdown.
        • Testing the SIF during normal operation, as far as possible, including the output trip relay, shutdown solenoid, and partial valve movement.

Impact of Testing Period on PFD

It is essential to recognize that any limitations on the testing period of the final elements directly affect the PFD of the SIF. These limitations must be factored into the calculation of the average PFD of the SIF. Consequently, a complete SIF loop test should be conducted at predetermined intervals.

Partial Stroke Test vs. Full Test

Partial stroke tests cover only a portion of possible failures and do not offer the same level of diagnostic coverage as full tests. For further insights into this subject, the “Instrument Engineers’ Handbook, Process Control and Optimization, Volume II” (ISBN: 0-8493-1081-4) serves as a valuable resource. In Section 6 of the book titled “Emergency Partial-Stroke Testing of Block Valves,” various block valve component failures are explored, and tables are provided to determine the contribution of failures that could potentially lead to a dangerous valve failure (PFD).

Summary of Table 6.10e: Failures, Failure Modes, and Test Strategy

FailuresFailure Modes Full Stroke Test Partial Stroke Test
Actuator sizing is insufficient to actuate valve in emergency conditionsValve fails to close (or open)Can’t be testedCan’t be tested
Valve packing is seizedValve fails to close (or open)SuitableSuitable
Valve packing is tightValve is slow to move to closed or open positionSuitableSuitable
Air line to actuator crimpedValve is slow to move to closed or open positionSuitableSuitable
Air line to actuator blockedValve fails to move to closed or open positionSuitableSuitable
Valve stem sticksValve fails to close (or open)SuitableSuitable
Valve seat is scarredValve fails to seal offSuitableNot Suitable
Valve seat contains debrisValve fails to seal offSuitableNot Suitable
Valve seat plugged due to deposition or polymerizationValve fails to seal offSuitableNot Suitable
Table of failures

Partial Test Suitability

Partial testing is suitable in the following situations:

    • When final elements (valves) are normally open or in an open position.
    • When conducting a functional test of the SIF could lead to a full plant shutdown, potentially causing delays in restarting the plant and additional risks.


Based on experience and interactions with various clients, the following recommendations are made:

    1. All SIFs should undergo full testing during commissioning and startup to ensure comprehensive testing.
    2. Consult with a process engineer or plant operator to determine whether partial testing or a full test is necessary and assess its impact on normal operations, with reference to the provided table.
    3. If partial testing is required, revisit the SIL verification calculations. The new PFD will be a combination of PFD(AVG)(PST) and PFD(AVG)(FT), with different proof test coverage and test intervals for each part.

Contact Us

For further information, assistance with your Layer of Protection Analysis (LOPA) calculations, SIF verification, or customized training for you or your organization, please do not hesitate to reach out to us. We are here to help you!


Read More

Electrostatic charge accumulation hazard

As a process safety engineer/specialist, from time to time, I get questions from colleagues at work or ex-colleagues to help or asking my opinion on a topic/design or a regulation issue.

During studying at the university, I learned the habit of looking for information, gathering and keeping them for later use. In fact, my experience is that a good engineer (irrelevant to her/his field of study) is the one who can look for information, where to find them, read it and could summarize it.

When I was studying, there was no internet and having reference books and going to library to search for data and information was normal. These days there are many internet sites that offer information. So, bookmarking will be a good idea.

Recently, I was asked about electrostatic electricity hazard and connection to earth system to avoid electrostatic discharge and hazards associated with it.

Electrostatic electricity hazard

The principal hazard of electrostatic electricity is a spark discharge which can ignite a flammable mixture. Electrostatic electricity accumulates in liquids as they move in a pipeline. They accumulate proportional to their electric conductivity constant. The less conductive a liquid is, the less they can discharge the electrical charge gathered to a ground system.  

In other words, the more conductive a liquid, the more they generate electrostatic charges and because they are good conductive, the faster they release the electrostatic charge to the ground and less hazard can arise.

Most of the time, the static electricity generated in a liquid will instantaneously release to the ground because it is a good conductor liquid.

The high refined substances like kerosene or jet fuels, they are good accumulator of static electricity (least conductivity), and it means that they can catch fire if they generate a mist upon entering a tank or leaking from a flange because the accumulated charge will discharge through a connection to the ground.

This highlights the fact that the less conductive a liquid is, the greatest danger they bring.

Exploring the Hazards of Electrostatic Electricity and the Importance of Conductivity

The primary risk associated with electrostatic electricity is the potential for spark discharges, which can ignite flammable mixtures. As liquids flow through pipelines, they accumulate electrostatic charges in proportion to their electric conductivity. Less conductive liquids have a lower ability to discharge the accumulated electrical charge to a ground system.

In contrast, highly conductive liquids generate more electrostatic charges and can rapidly release them to the ground, resulting in reduced hazards. Generally, static electricity in liquids tends to promptly discharge to the ground due to their good conductivity.

However, highly refined substances like kerosene or jet fuels, which have low conductivity, serve as significant accumulators of static electricity. If these liquids form a mist when entering a tank or leaking from a flange, the accumulated charge can discharge through a connection to the ground, posing a fire hazard.

Understanding Conductivity and its Role in Electrostatic Safety

Conductivity refers to the capacity of a liquid to generate, conduct, and discharge static electricity to the ground. It is a physical characteristic inherent to the liquid. Conductivity is typically measured in Pico siemens per meter (pS/m).

According to a rule of thumb, if the conductivity of a liquid surpasses 50 pS/m (with a resistivity lower than 2x10E12 Ohm-cm), the accumulation of electrostatic charge is considered insignificant. Similarly, when equipment or containers are properly earthed or grounded, the impact of electrostatic charge becomes negligible as well.

This emphasizes that liquids with lower conductivity pose a greater danger in terms of electrostatic hazards.

Guidelines for Equipment Earthing and Bonding in Relation to Conductive Materials

To ensure safety when dealing with conductive materials like kerosene, it is important to establish certain guidelines, particularly concerning the velocity of the liquid flowing through pipes. The following list provides minimum examples of equipment within the industry that should be earthed or bonded. However, it is essential to prioritize local/national regulations or client standards, which take precedence:

  • Conductive tanks should be earthed, with a maximum earth resistance of 10 Ω.
  • External and internal floating roofs of tanks should be earthed.
  • Pumps, filter housings, and other relevant equipment should be earthed.
  • Above-ground pipes must be conductive or dissipative, ensuring electrical continuity and proper earthing.
  • When plastic pipes rely on inner linings for conductivity, the design and installation should ensure reliable electrical connections across joints.
  • Below-ground pipes may be insulative, but short sections should protrude above the ground to facilitate connections to conductive pipes. All conductive fittings must be properly earthed, and caution should be exercised to prevent isolation of sections of conductive pipe or hose connected to insulative pipes.
  • Road tankers and rail cars during loading or unloading should be bonded to the loading/unloading structure.
  • Rail tracks in the loading/unloading area should be isolated from the main track and bonded to the loading/unloading structure.
  • Loading arms, hoses, and probes should be bonded to the loading structure.
  • All loading/unloading structures and facilities should be earthed.
  • Ship and barge loading/unloading gantries should be earthed, while incorporating an insulative flange in the pipework or a single section of insulated hose in each hose string to isolate the ships and protect against galvanic currents.

It is common practice to adhere to the model code of safe practice EI(IP)21 when implementing these guidelines.


Start within your project to see what materials you are handling or using within your facility. Investigate and gather the conductivity data of these materials, decide if they are conductive or not. You may consult the MSDS and if you could not find it on MSDS, contact the vendor.

It is always a good idea to discuss with the client and see what codes and standards they follow on the issue of earthing and electrostatic electricity. Make a list of equipment that needs earthing and clearly document it with fluid handled and their conductivity.

Contact us

For more information, help on electrostatic electricity or even a tailor-made training for you or your organization please don’t hesitate to contact us!

Read More

Acceptable Risk Criteria


Risk is commonly defined as a result of multiplication of likelihood (frequency of an event happening) and undesired consequence.

In mathematical language:

Risk = Frequency X Undesired consequences.

Acceptable risk criteria

People active in process safety business are familiar with the risk triangle depiction and borders showing the intolerable region, tolerable region and broadly acceptable region (picture below):

Figure 1: Risk triangle/categories

This picture simply shows our effort to minimize the risk and more importantly shows that we can’t eliminate risk completely. Human activities are risk related; however, we need to draw a line (border) where the risk acceptable is.

One might think that the tolerable risk border line shall be not greater than normal daily life activities risk.

This means that we try to design a plant as safe as daily activities. It is very difficult if not impossible to design a plant to have such a low risk comparable to risk of daily life activities.

If we set the acceptable risk level very low, it will be difficult to reach it and moreover fulfill the required safety aspects of the design. However, as an engineer, it is our moral and legal obligations to design a safe plant, protecting people, environment as well as assets.

Are you aware of how these border’s values are defined?

Fatality Rates

A good start for defining the borders is to find out what are the day-to-day activities risks:

There are a number of sources like Frank P. Lees, Loss Prevention in the Process Industries that provides such a list.

We can divide the activities into two categories: voluntarily and involuntarily. Examples of voluntary activities are staying at home, traveling by car or bicycle or airplane or train, or sports activity such as climbing.

Examples of involuntarily activities are struck by lightening or run over by a vehicle.

Below table is a general fatality rates per activities, of course these numbers might be slightly different from source to source, based on the geographical area and the data that was gathered. Such a table shall be used to have the magnitude of fatality rates.

Voluntary activityFatality rate (deaths per person per year)
Staying at home2,63E-04
Traveling by: 
Rock climbing4,0E-05
Table 1: Voluntary activity’s risk
Involuntary activityFatality rate (deaths per person per year)
Earthquake, California2,0E-06
Struck by lightening1,0E-07
Run over by vehicle6,0E-05
Natural disasters (general)2,0E-06
All accidents5,0E-04
Table 2: Involuntary activity’s risk

Normally selected acceptable risk level

In general, the lower limit of intolerable risk per year for public is considered as (1E-4) and for workers (1E-3). The lower limit of tolerable region is considered as (1E-6).  These limits are shown in the figure 1 above.

The risk equal or greater than 1E-04 is intolerable. (Risk≥1E-4)

The risk higher than 1E-6 and less than 1E-4 is considered as tolerable. (1E-6<Risk<1E-4)

The risk less than 1E-6 is broadly acceptable region. As you can see the limit of acceptable risk or broadly acceptable risk is similar to the risk of fatalities because of natural disasters (general), one might say that it is 1/100 of fatality rate of staying at home.

A risk in tolerable region must be reduced to arrive at the tolerable region, provided that cost is reasonably low compared to risk reduction achieved (ALARP).

Suggestion for people involved in Risk assessment

As someone active in risk assessment, one needs to assess the risk without barrier and compare it to the acceptable risk level. This is done via hazard analysis methods like (LOPA). For information on LOPA see here.

Then it is always a good idea to discuss with the client and define the limits for unacceptable and acceptable risk.  After that any kind of risk assessment studies can be carried out.

Contact us

For more information, help on identifying applicable standard in your project or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Standards and lessons learned from Incidents

Standards can be considered as collective experience and knowledge of human being to do a certain work or making an equipment. In fact the International Organization for Standardization (ISO) defines a standard as:

Think of them as a formula that describes the best way of doing something. 

It could be about making a product, managing a process, delivering a service or supplying materials – standards cover a huge range of activities.

Standards are the distilled wisdom of people with expertise in their subject matter and who know the needs of the organizations they represent – people such as manufacturers, sellers, buyers, customers, trade associations, users or regulators. International Organization for Standardization (ISO).

In my last project for a relatively young organization, I prepared a list of standards that based on experience is relevant to Process and Process Safety. Part of my list was to explain between different levels of standards and which one has the priority over the other standards (Standard’s hierarchy).

Standard’s Hierarchy

Followings are a list of standards and guidelines available to any engineer in an descending order:

  • Local Codes (Highest level)
    Think of a municipality or county that your organization is located in and has specific requirements
  • Regional/Provincial Codes
    Think of a region or province/state in a country that has its own legislative or enforcement organization and requires specific requirements.
  • National Standards
    Think of it as each country standard organizations or if a code/instruction is required within national laws passed by parliament of that country.
  • Company standards
    Most of times, operating or engineering companies have standards, guidelines based on their cumulative experiences and might be even more stringent that other levels a good example is SHELL’s DEPs.
  • International/Industry Organizations
    Many organization or associations that are non-governmental and they gather their knowledge and guides. One best known example is American Petroleum Institute (API).
  • Best Practices (Lowest level)
    A best practice is a set of rules, recommendations, technique that is generally accepted as superior to other alternatives e.g., size of a tank’s drain connection (minimum 2 inch).

As a person involved in a project, one has to get familiar with the standards used in her/his field of expertise. Of course talking to your client or authorities that will review and approve your work is helpful.

Lessons learned from incidents

Many of standards and guidelines naturally are lessons that we as human beings have learned from incidents or our trial and errors.

Following is a list of topics (accidents) and lessons learned from them that you may consider them in your operating plant or your design and see if they are considered and well thought of:

  1. Safe siting of occupied portable buildings. This is based on BP Texas city isomerization unit explosion in USA on March 23, 2005. During this incidents contractors working inside portable buildings located next to the isomerization unit lost their lives
  2. ESD valves on production platform risers. This is based on Piper Alpha platform incidents in North Sea, UK on July 6, 1988. During this incidents there was no possibility to shut off the flow of flammable to the platform already on fire.
    For the other installation on shore, think of means to safely isolate process units from each other in case of an emergency.
  3. Temporary refuges. This is another point based on Piper Alpha platform incidents in North Sea, UK on July 6, 1988. Although this incidents applies for offshore installations mainly, however on an on shore installation, the design needs to be checked for incidents like explosion, fire or gas release in relation to the buildings locations and specifically control rooms. With this check, there is assurance that in case of need, a process can be safely bring back to stop and safe state.
  4. Permit to work. During incidents investigation of at least following incidents:
    • Piper Alpha Platform, UK, North Sea, July 6, 1988
    • Motiva Enterprises LLC, Delware, USA, July 17, 2001
    • Shell Port Edouard Herriot Depot, Lyon, France, June 2, 1987
    • BP Grangemouth Flare Line Fire, Scotland, UK, March 13, 1987. It is concluded that a permit to work and permit to work verification process was not followed that lead to hazardous situation and incident.
  1. Management of change is a direct lessons learned from numerous incidents. To name a few:
    • Flixborough, UK, June 1, 1974.
    • Chernobyl, USSR, April 26, 1986.
    • Bhopal, India, December 3, 1984.

During these incidents, a change was made to process that either was not reviewed within a team for making sure that the new situation is safe and operable (Flixborough incident) or the change was not communicated with other personnel (Bhopal).

Therefore make sure that changes are communicated in your project or plant effectively and they are reviewed for hazard by a hazard identification review tools like HAZOP to make sure that remaining risk is acceptable.

  1. Avoiding liquid release/relief to atmosphere. This is based on BP Texas city isomerization unit explosion in USA on March 23, 2005. During this incidents flammable material was released via a high point vent that caught fire and exploded.
  2. Avoiding tank overfill that might be followed by vapor cloud explosion (VCE). This is based on Buncefield storage terminal explosion, UK, December 11, 2005.For a tankage area, it is not only important to provide means of containing the releases of liquid to atmosphere, but also means to avoid it or mitigate the consequences of release for example adequate firefighting means and drainage system.
  3. Avoid brittle fracture of metallic materials. This is based on Esso Longford Gas Plant Explosion, Australia, September 25, 1998. This point aims to identify the minimum possible achievable temperature in a process and make sure that the design temperature is covered.
  4. Alarm management has been identified as contributing cause in many accidents even in air crashes. At least following examples are good ones to explain this point:
    • Three Mile Island Nuclear Reactor Core Meltdown, Pennsylvania, March 28, 1979.
    • Esso Longford Gas Plant Explosion, Australia, September 25, 1998.

Review the alarms in your design and plant and make sure that operator has adequate set of warnings for excursions of process parameters beyond safe limit and make sure that there is enough Process Safety Time (PST) available. See our previous article on process safety time (PST).

  1. Avoiding toxic material release (e.g. Ammonia, H2S). This is based on many incidents like:
  • Anhydrous ammonia release at Millard Refrigerated Services plant in August 23, 2010, in Theodore, Alabama, 2010.
  • Chuandongbei gas well blow-out, Gao Qiao, China, December 23, 2003

This point aims to manage the risk of harm to people and the environment by exposure to hazardous material.

  1. Avoiding reactive material mixing (e.g. water entering a storage tank). This is based on incident like Bhopal, India, December 3, 1984.

During this incident, 500 kg of water entered the Methyl Isocyanate (MIC) storage tank that caused a runaway reaction.

Make sure that MSDS of materials stored in your facility or produced by your facility are read and understood by everyone and there is no risk of reactive material mixing. Make sure that fire fighters are aware of means to put out a fire if an emergency arises. Water is not always a good mean to put out a fire.

Way forward

It is very important to identify and agree with your client what standards are applicable. Try to follow and understand the codes and if there is explanation required contact your client or organization responsible for that code/standards.

It is always a good idea to issue a document and every discipline in a project indicates which standards will be used during the project and agree with your client.

Contact us

For more information, help on identifying applicable standard in your project or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) Part 8 / PST Calculation Reporting

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 6 and part 7 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

In the previous parts (See part 1, 2, 3, 4, 5, 6 and 7), I tried to define PST and calculation methodology, how to assess and explain the results and a sample calculation as well as notes and thoughts on for a terms of reference.

PST Calculation report contents
This part suggests contents of a typical PST calculation report.
At this stage, we have gathered lots of information and fata, and calculating the PST(s) for different SIFs in the project. For reporting of your findings try to cover the followings subjects as a minimum:

  • Present a summary of SIFs with relevant PST that you did calculation for.
  • If possible, summarize in the previous bullet’s table which method you used: qualitative, quantitative simplified or quantitative dynamic analysis (See part 3).
  • A simplified sketch of the system and SIF that is protecting it. You need to provide one sketch per SIF.
  • Define your terms and abbreviations for SIF response time, Safe design limits, etc.
  • Clearly write down your assumptions and give reference to the document that you took the data from.
  • Write down in detail how you calculated the PST, including formulas and input data. It is worth to note that using Excel program makes it easier if PST calculation is done by hand and not using a simulation program. For the result from a simulation program, print the report out, highlight the relevant sections and attach it.
  • Capture the SIF response time and SIF PST in a table, this makes it easier for the reader to see in a glance and conclude.
  • Write a conclusion if based on agreed criteria with your client, the PST calculated is acceptable or not.
  • Attach all documents that you used as reference to your report and list it. If you are attaching a pdf file, it would be great help for the reader to highlight where the data are taken from.
  • Of course your report might have several revision, make sure that you indicate the differences between two consecutive revisions.
  • Important point is to make sure that your report and calculation is checked internally inside your organization or by others, before you discuss it with your client.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) part 7 / PST Terms Of Reference (TOR)

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 6, and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

In the previous parts (See part 1, 2, 3, 4, 5 and 6), I tried to define PST and calculation methodology, how to assess and explain the results and a sample calculation.

PST Calculation Terms of Reference (TOR)

This part suggests contents of a typical PST calculation terms of reference (TOR) to help setup the way forward for a process safety calculation.

In a typical TOR, one shall define roles and responsibilities of the PST calculation team member, what is expected as final result, calculation method, how to capture recommendation and possible follow up actions or extra steps/calculation still to do.

The PST calculation terms of reference is important as it defines and makes it clear how an specific PST is calculated, hence minimizing the need for extra meetings and discussions after the work is finished.

Try to cover following subjects as minimum:

  • What the scope of work is.
  • Roles and responsibilities.
  • How and where to gather data.
  • PST Calculation method for different SIFs.
  • Criteria for PST and SIF response time (SIFRT) comparison.
  • How the calculation will be checked and assessed.
  • Reporting of result, if a separate report is required.
  • How to capture recommendations and actions list.
  • Declines and calculation schedule.

Scope of work
It is very important to identify and agree which SIFs need PST calculation? Could you use PST of similar SIFs in other client’s asset? Which calculation you might delegate to the vendor.

Roles and responsibilities
Clearly identify who does what and the deadlines. In this way, you make sure that your target date could also met.
Important point is to make sure that your report or calculation is checked internally inside your organization or by others, before you discuss it with your client.

Approval of PST calculation TOR
Before starting your calculation and after PST TOR is drafted, it is wise to have a meeting with your client and agree on the PST calculation TOR. Then everything is set for starting the real work and calculation!
Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More
Proces safety time example diagram

Process Safety Time (PST) part 6 / A worked out example

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 7 and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

This part contains a sample calculation to show a simple calculation with assumptions, available data and calculation procedure.

Definition of SIF loop
In the previous parts (See part 1, 2, 3, 4 and 5), I tried to define PST and calculation methodology and at the end how to assess and explain the results.
In this part, I will try to define and explain a sample calculation.

Consider a temperature switch after a gas heater) and after a knock-out drum, as shown in figure below that is providing the gas to the final consumer. This temperature switch protects the downstream heater #2 piping and stop flow to the final user (e.g. a compressor seal system).

Proces safety time example diagram
Figure 1 LTSD downstream heater #2 protects downstream users from condensation

One of the causes of low temperature is failure of heater #2. In this case the gas may condense in the downstream heater’s piping and may damage the end user (e.g. a compressor seals) leading to loss of containment and gas flow to the environment with risk of fire and explosion.

In other words, the intention of LTSD after heater #2 is to prevent the temperature reaching the gas dew point after knockout vessel/heater #2.

Assumptions and known data

Followings are assumptions and data are valid for the system described/shown in the Figure 1:

  1. Minimum gas temperature before the heater #2 is assumed to be 40 °C. Minimum backup gas temperature before PDCV is 3°C (trip setting of LTSD-1).
  2. Maximum flow through PDCV is 417.8 kg/h equal to 7.286 m3/h, based on Heat and Mass Balance.
  3. The outlet pressure of PDCV is 75 barg.
  4. Using a simulation software, one can calculate gas physical properties at 75 barg and 50°C, Molecular weight of gas us 18.25 kg/kmole.
  5. Gas molecular weight is 18.25 kg/kmole, Gas Cp/Cv=1.49 and Cp= 2441 J/kg K.
  6. Gas kinematic viscosity is 0.000014 kg/m.s (N.s/m2). Gas density is 57.4 kg/m3. Gas thermal conductivity is 0.042 W/m K.
  7. The temperature sensing element is a thermowell that measures the fluid (gas temperature).
  8. The pipe wall temperature and thermowell temperature are at equilibrium.
  9. The pipe wall and fluid form an adiabatic system with no heat transfer to surroundings.
  10. Complete instantaneous failure of the upstream heater #2 is allowed for.
  11. The gas will lose a negligible amount of energy and will not change temperature in traversing the pipe segment.
  12. Fouling has no effect on heat transfer.
  13. The conduction within the pipe wall is instantaneous therefore the pipe will be of uniform temperature.
  14. Calculation of a simplistic process safety time well above the expected system response time is sufficient.
  15. Gas dew point is assumed as design temperature to prevent condensation in the downstream system. The dew point of the gas after heater #2 is assumed as 40 °C (worst case).
  16. There is also a backup gas to the system. The dew point of the backup gas is assumed (-10 °C) worst case.
  17. LTSD-2 has a trip set point of +50°C.
  18. Outlet of Heater #2 is traced, however no credits have been taken for the electrical heat tracing of the line downstream of the Heater #2.
  19. Downstream pipe has initial the trip temperature.
  20. Downstream pipe (designated by D, in formulas) is 1″-Stainless steel, Schedule 40S and piping length between the gas heater and the user is assumed to be 3m.
  21. Pipe thermal conductivity (Kn) is taken from and is 14.4 W/m K.
  22. Initial pipe wall temperature is 50°C.
  23. Using the gas volumetric flow and pipe diameter, gas velocity v is 3.63 m/s. This velocity will be used in Re number calculation.
  24. Cold gas scenario PST is more severe than cold back-up gas PST, as the trip set point has the lowest margin for the cold gas scenario. Only the cold gas scenario after Heater #2 is calculated.
  25. Heat transfer coefficient for forced convection of gases is typically in the region of 10 – 1000 W/m².K. Later on we need this range to see if our calculated h is within the range.
  26. Stopping end user takes 10 seconds (e.g. closing a valve or stopping a motor).
  27. A thermowell/Temperature transmitter will detect a temperature within 1 seconds.
  28. Logic solver (ESD system) is assumed to react within 0.3 seconds).

The intention of calculation is to calculate the heat loss required to reach gas dew point (40 °C)
For this calculation we can use the simple heat transfer formula: q=m X Cp X dT.

Heat loss required to reach fuel gas dew point (40 °C)
Pipe is 1 inch, schedule 40S and 3m length. It has a nominal diameter of 0.03 m, with a weight of 2.54 kg/m (Pipe data from
Pipe mass is then 3 m x 2.54 kg/m = 7.6 kg
Cp of stainless steel (data from: is 0.49 kJ/kg.K
Starting Temperature T1= 50 °C and Trip set point is 40°C.
Heat loss required to reach 40°C will then be -37 kJ (=7.6 kg x . 0.49 kJ/kg.K x (50-40) K)

Heat transfer coefficient hci
For this part of calculation, we must calculate heat transfer coefficient inside the pipe because of forced convection.
Heat transfer between the gas and the steel body is determined by the Dittus-Boelter equation:

The Dittus-Boelter correlation is valid for turbulent flow where Re > 10,000 and 0.6 < Pr < 160.
The Reynolds number is calculated as follows:

The Prandtl number is calculated as follows:

ν is momentum diffusivity
α is thermal diffusivity
μ is Viscosity
kg is Thermal conductivity
ρ is Gas density @ P and T
v is Gas velocity through pipe
D is pipe diameter
Cp is gas specific heat capacity

Using the information in assumption section above:
Re=385,242 and Pr=0.84. Then the Nu number will be 631.9 and hence hci=989.1 W/m².K.
This value is within the range of expected convective heat transfer coefficient (assumption 24).

Heat transfer from pipe to gas
Now that the forced convection heat transfer coefficient is calculated, we need to calculate how much heat is taken away by gas flow.
Initial pipe wall temperature is 50°C. Gas flows at a temperature of 40°C.

Overall heat transfer coefficient comprises of two parts: forced convection heat transfer (hci) inside pipe and pipe conduction heat transfer (Sn/Kn).

Using the formula:

Then U is 803 W/m2 K.

The heat taken away by flowing gas can be calculated by general heat transfer formula:

Pipe diameter is 0.03 m with a length of 3m then:
A (heat transfer area) is A= 3.14 x D x L = (3.14 x 3 x 0.03) = 0.3 m2
From assumption section: t1 = 40 °C and t2=50 °C
Then heat carried away by gas flow equals to:
803 W/m2 K x 0.3 m2 x (- 10) °C= – 2409 W = – 2409 J/s = – 2.4 kJ/s

Time to cool down the piping

We have calculated the heat required to be taken away from pipe to reach to 40 °C, as well as heat that gas is taking away while flowing in the 1” pipe.
If we divide these two values then the time that it takes to cool down the piping after heater #2 from 50°C to 40°C is calsulated.

Process Safety Time (PST) = (- 37 kJ) / (-2.4 kJ/s) = 18.5 seconds = 0.3 minutes

SIF response time
Using assumption for SIF components, SIF response is:
Thermowell response time + logic solver response time + final element response time equals to:
1+0.3+10 = 11.4 seconds

Comparison of SIF response time with PST
SIF response time is 11.4 seconds and PST calculated is 18.5 seconds. This means the SIF will react fast enough to bring the process to a safe state.
This is (11.4/18.5=0.6) or 60% of the PST available which is another check to see if calculated PST is acceptable (Refer to part 4).
Response time is less than PST and hence the SIF can act within time to prevent reaching the lower temperature (dangerous temperature) downstream heater #2.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) part 5 / calculation methodology

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4, part 6, part 7 and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.
This is the part contains notes on gathering data and calculation procedure for a PST calculation.

Calculation procedures

In the previous parts (See part 1, part 2, part 3 and part 4), I tried to define PST and calculation methodology and at the end how to assess and explain the results.
In this part, I will try to summarize how to make a calculation procedure for yourself or your company.

It is very important that you make a uniform calculation procedure/calculation sheet for yourself or your company. My advice is to make excel calculation sheet for PST calculations that are straightforward and could be made using simple heat and mass balance equations.

For the other calculations that need dynamic simulation, an agreement with the client or authority that will review and finally approve these calculation is a better option.

When making your calculation in Excel program sheet, one must take care that following points are taken into account:

1. Set a clear approach on the calculation.
2. Establish and define the safe design limit.
3. Define key variables in a PST scenario calculation.
4. Suggest possible opportunities for refining the PST estimate.

Define key variables

It is very important before starting any PST calculation to prepare a heat and mass balance. This heat and mass balance will be used to get physical data like operating conditions, physical properties, and flowrates.

If the flowrate or heat flow is estimated, it is very important to write down any basis, assumption and source of data used in the flow or heat flow estimation. This way your PST calculation is clear and easier to check.

A very important point to remember is when a PST calculation is being carried out for an existing plant, then Heat and Mass balance document shall be checked against actual data from the plant. This is because through the years, existing plants might often operate in a different conditions.

For instrumentation like control valve care must be taken to obtain the correct Cv of control valve. This is to specify the fail open scenario flow rate. For the case of existing plant, a control valve might have been replaced or its internals might have been changed over the years.

Even contacting the vendor for latest data seems to be a good idea, if the valve was modified between start-up of plant and the PST calculation is taking place.

When looking for the operating parameters of a system, after finding the H&MB, a chat with the operating personnel is a great idea. Many times the plant might be operating at a different condition that it is designed for. For example, the normal liquid level in the vessel was designed to be 50% of the total volume, but at the time of PST calculation, the level is maintained at 40% of total volume. This has a direct impact on your PST calculation.

Contact us

For more information, help on your PST calculations or even a tailor-made training for you or your organization please don’t hesitate to contact us!

Read More